Darren Tucker [Sat, 19 May 2012 05:25:03 +0000 (15:25 +1000)]
- (dtucker) [configure.ac contrib/Makefile] bz#1996: use AC_PATH_TOOL to find
pkg-config so it does the right thing when cross-compiling. Patch from
cjwatson at debian org.
Darren Tucker [Fri, 4 May 2012 01:05:22 +0000 (11:05 +1000)]
- (dtucker) [configure.ac] Include <sys/param.h> rather than <sys/types.h>
to fix building on some plaforms. Fom bowman at math utah edu and
des at des no.
Darren Tucker [Fri, 27 Apr 2012 00:55:39 +0000 (10:55 +1000)]
- (dtucker) [regress/addrmatch.sh] skip tests when running on a non-ipv6
platform rather than exiting early, so that we still clean up and return
status to test-exec.sh
Damien Miller [Sun, 22 Apr 2012 01:24:43 +0000 (11:24 +1000)]
- djm@cvs.openbsd.org 2012/04/12 02:42:32
[servconf.c servconf.h sshd.c sshd_config sshd_config.5]
VersionAddendum option to allow server operators to append some arbitrary
text to the SSH-... banner; ok deraadt@ "don't care" markus@
Damien Miller [Sun, 22 Apr 2012 01:24:21 +0000 (11:24 +1000)]
- djm@cvs.openbsd.org 2012/04/11 13:34:17
[ssh-keyscan.1 ssh-keyscan.c]
now that sshd defaults to offering ECDSA keys, ssh-keyscan should also
look for them by default; bz#1971
Damien Miller [Sun, 22 Apr 2012 01:21:10 +0000 (11:21 +1000)]
- djm@cvs.openbsd.org 2012/04/11 13:16:19
[channels.c channels.h clientloop.c serverloop.c]
don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a
while; ok deraadt@ markus@
Damien Miller [Sun, 22 Apr 2012 01:08:30 +0000 (11:08 +1000)]
- djm@cvs.openbsd.org 2012/03/28 07:23:22
[PROTOCOL.certkeys]
explain certificate extensions/crit split rationale. Mention requirement
that each appear at most once per cert.
Damien Miller [Sun, 22 Apr 2012 01:08:10 +0000 (11:08 +1000)]
- guenther@cvs.openbsd.org 2012/03/15 03:10:27
[session.c]
root should always be excluded from the test for /etc/nologin instead
of having it always enforced even when marked as ignorenologin. This
regressed when the logic was incompletely flipped around in rev 1.251
ok halex@ millert@
Damien Miller [Wed, 4 Apr 2012 01:27:54 +0000 (11:27 +1000)]
- (djm) [Makefile.in configure.ac sandbox-seccomp-filter.c] Add sandbox
mode for Linux's new seccomp filter; patch from Will Drewry; feedback
and ok dtucker@
Damien Miller [Fri, 30 Mar 2012 00:34:27 +0000 (11:34 +1100)]
- (djm) [entropy.c] bz#1991: relax OpenSSL version test to allow running
openssh binaries on a newer fix release than they were compiled on.
with and ok dtucker@
Damien Miller [Thu, 8 Mar 2012 23:25:16 +0000 (10:25 +1100)]
- (djm) [openbsd-compat/port-linux.c] bz#1960: fix crash on SELinux
systems where sshd is run in te wrong context. Patch from Sven
Vermeulen; ok dtucker@
Tim Rice [Tue, 14 Feb 2012 18:03:30 +0000 (10:03 -0800)]
- (tim) [openbsd-compat/bsd-misc.h sshd.c] Fix conflicting return type for
unsetenv due to rev 1.14 change to setenv.c. Cast unsetenv to void in sshd.c
ok dtucker@
Damien Miller [Fri, 10 Feb 2012 21:18:17 +0000 (08:18 +1100)]
- dtucker@cvs.openbsd.org 2012/01/18 21:46:43
[clientloop.c]
Ensure that $DISPLAY contains only valid characters before using it to
extract xauth data so that it can't be used to play local shell
metacharacter games. Report from r00t_ati at ihteam.net, ok markus.
Damien Miller [Fri, 10 Feb 2012 21:17:52 +0000 (08:17 +1100)]
- miod@cvs.openbsd.org 2012/01/16 20:34:09
[ssh-pkcs11-client.c]
Fix a memory leak in pkcs11_rsa_private_encrypt(), reported by Jan Klemkow.
While there, be sure to buffer_clear() between send_msg() and recv_msg().
ok markus@
Darren Tucker [Tue, 17 Jan 2012 03:03:34 +0000 (14:03 +1100)]
- (dtucker) [configure.ac mac.c openbsd-compat/openssl-compat.h] Add
null implementation of HMAC_CTX_init for the benefit of old versions
of OpenSSL that don't have it.
Damien Miller [Sun, 18 Dec 2011 23:51:39 +0000 (10:51 +1100)]
- djm@cvs.openbsd.org 2011/12/02 00:43:57
[mac.c]
fix bz#1934: newer OpenSSL versions will require HMAC_CTX_Init before
HMAC_init (this change in policy seems insane to me)
ok dtucker@
Damien Miller [Fri, 25 Nov 2011 02:53:48 +0000 (13:53 +1100)]
- oga@cvs.openbsd.org 2011/11/16 12:24:28
[sftp.c]
Don't leak list in complete_cmd_parse if there are no commands found.
Discovered when I was ``borrowing'' this code for something else.
ok djm@
Darren Tucker [Fri, 4 Nov 2011 00:25:24 +0000 (11:25 +1100)]
- (dtucker) [INSTALL LICENCE configure.ac openbsd-compat/Makefile.in
openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/getrrsetbyname.c]
bz 1320: Add optional support for LDNS, a BSD licensed DNS resolver library
which supports DNSSEC. Patch from Simon Vallet (svallet at genoscope cns fr)
with some rework from myself and djm. ok djm.
Darren Tucker [Thu, 3 Nov 2011 23:54:22 +0000 (10:54 +1100)]
- djm@cvs.openbsd.org 2011/10/24 02:10:46
[ssh.c]
bz#1943: unbreak stdio forwarding when ControlPersist is in user - ssh
was incorrectly requesting the forward in both the control master and
slave. skip requesting it in the master to fix. ok markus@
Damien Miller [Tue, 18 Oct 2011 05:06:14 +0000 (16:06 +1100)]
- djm@cvs.openbsd.org 2011/10/18 04:58:26
[auth-options.c key.c]
remove explict search for \0 in packet strings, this job is now done
implicitly by buffer_get_cstring; ok markus
Darren Tucker [Sun, 2 Oct 2011 07:59:03 +0000 (18:59 +1100)]
- markus@cvs.openbsd.org 2011/09/23 07:45:05
[mux.c readconf.h channels.h compat.h compat.c ssh.c readconf.c channels.c version.h]
unbreak remote portforwarding with dynamic allocated listen ports:
1) send the actual listen port in the open message (instead of 0).
this allows multiple forwardings with a dynamic listen port
2) update the matching permit-open entry, so we can identify where
to connect to
report: den at skbkontur.ru and P. Szczygielski
feedback and ok djm@
Darren Tucker [Sun, 2 Oct 2011 07:57:35 +0000 (18:57 +1100)]
- dtucker@cvs.openbsd.org 2011/09/23 00:22:04
[channels.c auth-options.c servconf.c channels.h sshd.8]
Add wildcard support to PermitOpen, allowing things like "PermitOpen
localhost:*". bz #1857, ok djm markus.
Damien Miller [Fri, 23 Sep 2011 01:13:00 +0000 (11:13 +1000)]
- (djm) [openbsd-compat/sha2.c openbsd-compat/sha2.h] Remove OpenBSD rcsid
marker. The upstream API has changed (function and structure names)
enough to put it out of sync with other providers of this interface.
Damien Miller [Fri, 23 Sep 2011 00:47:29 +0000 (10:47 +1000)]
- millert@cvs.openbsd.org 2008/08/21 16:54:44
[mktemp.c]
Remove useless code, the kernel will set errno appropriately if an
element in the path does not exist. OK deraadt@ pvalchev@
Damien Miller [Fri, 23 Sep 2011 00:42:02 +0000 (10:42 +1000)]
- tobias@cvs.openbsd.org 2007/10/21 11:09:30
[mktemp.c]
Comment fix about time consumption of _gettemp.
FreeBSD did this in revision 1.20.
OK deraadt@, krw@
Damien Miller [Fri, 23 Sep 2011 00:40:50 +0000 (10:40 +1000)]
- (djm) [openbsd-compat/getcwd.c] Remove OpenBSD rcsid marker since we no
longer want to sync this file (OpenBSD uses a __getcwd syscall now, we
want this longhand version)
Damien Miller [Fri, 23 Sep 2011 00:38:11 +0000 (10:38 +1000)]
- millert@cvs.openbsd.org 2006/05/05 15:27:38
[openbsd-compat/strlcpy.c]
Convert do {} while loop -> while {} for clarity. No binary change
on most architectures. From Oliver Smith. OK deraadt@ and henning@
Damien Miller [Fri, 23 Sep 2011 00:38:01 +0000 (10:38 +1000)]
- millert@cvs.openbsd.org 2006/05/05 15:27:38
[strlcpy.c]
Convert do {} while loop -> while {} for clarity. No binary change
on most architectures. From Oliver Smith. OK deraadt@ and henning@
Damien Miller [Thu, 22 Sep 2011 11:43:06 +0000 (21:43 +1000)]
- djm@cvs.openbsd.org 2011/09/22 06:29:03
[sftp.c]
don't let remote_glob() implicitly sort its results in do_globbed_ls() -
in all likelihood, they will be resorted anyway
Damien Miller [Thu, 22 Sep 2011 11:39:48 +0000 (21:39 +1000)]
- markus@cvs.openbsd.org 2011/09/10 22:26:34
[channels.c channels.h clientloop.c ssh.1]
support cancellation of local/dynamic forwardings from ~C commandline;
ok & feedback djm@
Damien Miller [Thu, 22 Sep 2011 11:38:52 +0000 (21:38 +1000)]
- djm@cvs.openbsd.org 2011/09/09 22:46:44
[channels.c channels.h clientloop.h mux.c ssh.c]
support for cancelling local and remote port forwards via the multiplex
socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request
the cancellation of the specified forwardings; ok markus@
Damien Miller [Thu, 22 Sep 2011 11:38:00 +0000 (21:38 +1000)]
- djm@cvs.openbsd.org 2011/09/09 22:37:01
[scp.c]
suppress adding '--' to remote commandlines when the first argument
does not start with '-'. saves breakage on some difficult-to-upgrade
embedded/router platforms; feedback & ok dtucker ok markus
Damien Miller [Thu, 22 Sep 2011 11:37:13 +0000 (21:37 +1000)]
- djm@cvs.openbsd.org 2011/09/09 00:43:00
[ssh_config.5 sshd_config.5]
fix typo in IPQoS parsing: there is no "AF14" class, but there is
an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk
Damien Miller [Thu, 22 Sep 2011 11:34:35 +0000 (21:34 +1000)]
- djm@cvs.openbsd.org 2011/09/05 05:59:08
[misc.c]
fix typo in IPQoS parsing: there is no "AF14" class, but there is
an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk
Damien Miller [Thu, 22 Sep 2011 11:34:15 +0000 (21:34 +1000)]
- djm@cvs.openbsd.org 2011/09/05 05:56:13
[scp.1 sftp.1]
mention ControlPersist and KbdInteractiveAuthentication in the -o
verbiage in these pages too (prompted by jmc@)
projects / thirdparty / openssh-portable.git / log
