Age | Commit message (Collapse) | Author |
|
[auth-rsa.c auth.h auth2-hostbased.c auth2-pubkey.c monitor.c]
for hostbased authentication, print the client host and user on
the auth success/failure line; bz#2064, ok dtucker@
|
|
[krl.c]
don't leak the rdata blob on errors; ok djm@
|
|
[scp.c]
Handle time_t values as long long's when formatting them and when
parsing them from remote servers.
Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
|
[readconf.c]
revert 1.203 while we investigate crashes reported by okan@
|
|
contrib/cygwin/ssh-user-config] Modernizes and improve readability of
the Cygwin README file (which hasn't been updated for ages), drop
unsupported OSes from the ssh-host-config help text, and drop an
unneeded option from ssh-user-config. Patch from vinschen at redhat com.
|
|
and add some comments so it's clear what goes where.
|
|
the required OpenSSL support. Patch from naddy at freebsd.
|
|
algorithms (Ciphers, MACs and HostKeyAlgorithms) from man pages.
|
|
[channels.c channels.h clientloop.c]
Add an "ABANDONED" channel state and use for mux sessions that are
disconnected via the ~. escape sequence. Channels in this state will
be able to close if the server responds, but do not count as active channels.
This means that if you ~. all of the mux clients when using ControlPersist
on a broken network, the backgrounded mux master will exit when the
Control Persist time expires rather than hanging around indefinitely.
bz#1917, also reported and tested by tedu@. ok djm@ markus@.
|
|
platforms that don't have multibyte character support (specifically,
mblen).
|
|
[readconf.c]
plug another memleak. bz#1967, from Zhenbo Xu, detected by Melton, ok djm
|
|
[sshconnect2.c]
Fix memory leaks found by Zhenbo Xu and the Melton tool. bz#1967, ok djm
|
|
[sshd.c]
When running sshd -D, close stderr unless we have explicitly requesting
logging to stderr. From james.hunt at ubuntu.com via bz#1976, djm's patch
so, err, ok dtucker.
|
|
[mux.c]
fix leaks in mux error paths, from Zhenbo Xu, found by Melton. bz#1967,
ok djm
|
|
[sftp.c]
Make sftp's libedit interface marginally multibyte aware by building up
the quoted string by character instead of by byte. Prevents failures
when linked against a libedit built with wide character support (bz#1990).
"looks ok" djm
|
|
[scp.c]
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
|
[mac.c]
force the MAC output to be 64-bit aligned so umac won't see unaligned
accesses on strict-alignment architectures. bz#2101, patch from
tomas.kuthan at oracle.com, ok djm@
|
|
[clientloop.h clientloop.c mux.c]
No need for the mux cleanup callback to be visible so restore it to static
and call it through the detach_user function pointer. ok djm@
|
|
[channels.h]
typo in comment
|
|
modpipe in case there's anything in there we need.
|
|
forwarding test is extremely slow copying data on some machines so switch
back to copying the much smaller ls binary until we can figure out why
this is.
|
|
Patch from cjwatson at debian.
|
|
functions, not from the openssl version.
|
|
sys/socket.h.
|
|
|
|
|
|
feedback and ok dtucker
|
|
need a shell that can handle "[ file1 -nt file2 ]". Rather than keep
dealing with shell portability issues in regression tests, we let
configure find us a capable shell on those platforms with an old /bin/sh.
|
|
Patch from Nathan Osman.
|
|
to prevent noise from configure. Patch from Nathan Osman.
|
|
[ssh-agent.c]
Make parent_alive_interval time_t to avoid signed/unsigned comparison
|
|
[progressmeter.c]
Add misc.h for monotime prototype. (id sync only)
|
|
- (tim) [Makefile.in] Make Solaris, UnixWare, & OpenServer linkers happy
linking regress/modpipe.
|
|
|
|
|
|
[sftp-client.c]
Update progressmeter when data is acked, not when it's sent. bz#2108, from
Debian via Colin Watson, ok djm@
|
|
back to time(NULL) if we can't find it anywhere.
|
|
groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c
sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c
openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c
openbsd-compat/port-linux.c] Replace portable-specific instances of xfree
with the equivalent calls to free.
|
|
[scp.c sftp-client.c]
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch
from Nathan Osman via bz#2113. ok deraadt.
(note: corrected bug number from 2085)
|
|
[ssh-agent.c clientloop.c misc.h packet.c progressmeter.c misc.c
channels.c sandbox-systrace.c]
Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like
keepalives and rekeying will work properly over clock steps. Suggested by
markus@, "looks good" djm@.
|
|
[ssh-agent.c]
Use time_t where appropriate. ok djm
|
|
[auth.h auth.c key.c monitor.c auth-rsa.c auth2.c auth1.c key.h]
Standardise logging of supplemental information during userauth. Keys
and ruser is now logged in the auth success/failure message alongside
the local username, remote host/port and protocol in use. Certificates
contents and CA are logged too.
Pushing all logging onto a single line simplifies log analysis as it is
no longer necessary to relate information scattered across multiple log
entries. "I like it" markus@
|
|
[auth2-pubkey.c]
fix failure to recognise cert-authority keys if a key of a different type
appeared in authorized_keys before it; ok markus@
|
|
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
dns.c packet.c readpass.c authfd.c moduli.c]
bye, bye xfree(); ok markus@
|
|
rather than trying to enumerate the plaforms that don't have them.
Based on a patch from Nathan Osman, with help from tim@.
|
|
using openssl's DES_crpyt function on platorms that don't have a native
one, eg Android. Based on a patch from Nathan Osman.
|
|
implementation of endgrent for platforms that don't have it (eg Android).
Loosely based on a patch from Nathan Osman, ok djm
|
|
[regress/scp.sh]
use a file extention that's not special on some platforms. from portable
(id sync only)
|
|
[regress/portnum.sh]
use a more portable negated if structure. from portable (id sync only)
|
|
[regress/agent-getpeereid.sh]
don't redirect stdout from sudo. from portable (id sync only)
|