Darren Tucker [Fri, 11 Sep 2009 04:56:08 +0000 (14:56 +1000)]
- (dtucker) [configure.ac] Change the -lresolv check so it works on Mac OS X
10.6 (which doesn't have BIND8_COMPAT and thus uses res_9_query). Patch
from jbasney at ncsa uiuc edu.
Darren Tucker [Tue, 1 Sep 2009 08:26:00 +0000 (18:26 +1000)]
- (dtucker) [configure.ac] Bug #1639: use AC_PATH_PROG to search the path for
krb5-config if it's not in the location specified by --with-kerberos5.
Patch from jchadima at redhat.
Darren Tucker [Fri, 28 Aug 2009 01:21:06 +0000 (11:21 +1000)]
- (dtucker) [clientloop.c configure.ac defines.h] Make the client's IO buffer
size a compile-time option and set it to 64k on Cygwin, since Corinna
reports that it makes a significant difference to performance. ok djm@
Darren Tucker [Fri, 28 Aug 2009 01:02:37 +0000 (11:02 +1000)]
- (dtucker) [channels.c configure.ac] Bug #1528: skip the tcgetattr call on
the pty master on Solaris, since it never succeeds and can hang if large
amounts of data is sent to the slave (eg a copy-paste). Based on a patch
originally from Doke Scott, ok djm@
Damien Miller [Fri, 28 Aug 2009 00:40:30 +0000 (10:40 +1000)]
- (djm) [sshd_config.5] downgrade mention of login.conf to be an example
and mention PAM as another provider for ChallengeResponseAuthentication;
bz#1408; ok dtucker@
Darren Tucker [Thu, 20 Aug 2009 06:20:50 +0000 (16:20 +1000)]
- (dtucker) [session.c openbsd-compat/port-aix.h] Bugs #1249 and #1567: move
the setpcred call on AIX to immediately before the permanently_set_uid().
Ensures that we still have privileges when we call chroot and
pam_open_sesson. Based on a patch from David Leonard.
Darren Tucker [Thu, 20 Aug 2009 06:16:01 +0000 (16:16 +1000)]
- (dtucker) [includes.h] Bug #1634: do not include system glob.h if we're not
using it since the type conflicts can cause problems on FreeBSD. Patch
from Jonathan Chen.
Darren Tucker [Sun, 16 Aug 2009 23:35:22 +0000 (09:35 +1000)]
- (dtucker) [configure.ac] Check for headers before libraries for openssl an
zlib, which should make the errors slightly more meaningful on platforms
where there's separate "-devel" packages for those.
Darren Tucker [Mon, 13 Jul 2009 01:38:23 +0000 (11:38 +1000)]
- (dtucker) [openbsd-compat/getrrsetbyname.c] Reduce answer buffer size so it
fits into 16 bits to work around a bug in glibc's resolver where it masks
off the buffer size at 16 bits. Patch from Hauke Lampe, ok djm jakob.
Darren Tucker [Sun, 5 Jul 2009 21:16:56 +0000 (07:16 +1000)]
- dtucker@cvs.openbsd.org 2009/07/02 02:11:47
[ssh.c]
allow for long home dir paths (bz #1615). ok deraadt
(based in part on a patch from jchadima at redhat)
Darren Tucker [Sun, 5 Jul 2009 21:12:27 +0000 (07:12 +1000)]
- andreas@cvs.openbsd.org 2009/06/27 09:35:06
[readconf.h readconf.c]
Add client option UseRoaming. It doesn't do anything yet but will
control whether the client tries to use roaming if enabled on the
server. From Martin Forssen.
ok markus@
Darren Tucker [Sun, 5 Jul 2009 21:11:52 +0000 (07:11 +1000)]
- andreas@cvs.openbsd.org 2009/06/27 09:32:43
[roaming_common.c roaming.h]
It may be necessary to retransmit some data when resuming, so add it
to a buffer when roaming is enabled.
Most of this code was written by Martin Forssen, maf at appgate dot com.
ok markus@
Darren Tucker [Sun, 5 Jul 2009 21:11:13 +0000 (07:11 +1000)]
- andreas@cvs.openbsd.org 2009/06/27 09:29:06
[packet.h packet.c]
packet_bacup_state() and packet_restore_state() will be used to
temporarily save the current state ren resuming a suspended connection.
ok markus@
Darren Tucker [Mon, 22 Jun 2009 06:11:06 +0000 (16:11 +1000)]
- dtucker@cvs.openbsd.org 2009/06/22 05:39:28
[monitor_wrap.c monitor_mm.c ssh-keygen.c auth2.c gss-genr.c sftp-client.c]
alphabetize includes; reduces diff vs portable and style(9).
ok stevesk djm
(Id sync only; these were already in order in -portable)
Darren Tucker [Sun, 21 Jun 2009 09:08:48 +0000 (19:08 +1000)]
- dtucker@cvs.openbsd.org 2009/06/21 09:04:03
[roaming.h roaming_common.c roaming_dummy.c]
Add tags for the benefit of the sync scripts
Also: pull in the changes for 1.1->1.2 missed in the previous sync.
Darren Tucker [Sun, 21 Jun 2009 09:00:20 +0000 (19:00 +1000)]
- dtucker@cvs.openbsd.org 2009/06/21 07:37:15
[kexdhs.c kexgexs.c]
abort if key_sign fails, preventing possible null deref. Based on report
from Paolo Ganci, ok markus@ djm@
Darren Tucker [Sun, 21 Jun 2009 08:58:46 +0000 (18:58 +1000)]
- andreas@cvs.openbsd.org 2009/06/12 20:43:22
[monitor.c packet.c]
Fix warnings found by chl@ and djm@ and change roaming_atomicio's
return type to match atomicio's
Diff from djm@, ok markus@
Darren Tucker [Sun, 21 Jun 2009 08:53:53 +0000 (18:53 +1000)]
- andreas@cvs.openbsd.org 2009/05/28 16:50:16
[sshd.c packet.c serverloop.c monitor_wrap.c clientloop.c sshconnect.c
monitor.c Added roaming.h roaming_common.c roaming_dummy.c]
Keep track of number of bytes read and written. Needed for upcoming
changes. Most code from Martin Forssen, maf at appgate dot com.
ok markus@
Also, applied appropriate changes to Makefile.in
Darren Tucker [Sun, 21 Jun 2009 08:17:19 +0000 (18:17 +1000)]
- andreas@cvs.openbsd.org 2009/05/28 16:50:16
[sshd.c packet.c serverloop.c monitor_wrap.c clientloop.c sshconnect.c
monitor.c]
Keep track of number of bytes read and written. Needed for upcoming
changes. Most code from Martin Forssen, maf at appgate dot com.
ok markus@
Darren Tucker [Sun, 21 Jun 2009 08:16:26 +0000 (18:16 +1000)]
- andreas@cvs.openbsd.org 2009/05/27 06:38:16
[sshconnect.h sshconnect.c]
Un-static ssh_exchange_identification(), part of a larger change from
Martin Forssen and needed for upcoming changes.
ok markus@
Darren Tucker [Sun, 21 Jun 2009 08:15:25 +0000 (18:15 +1000)]
- andreas@cvs.openbsd.org 2009/05/27 06:36:07
[packet.h packet.c]
Add packet_put_int64() and packet_get_int64(), part of a larger change
from Martin Forssen.
Darren Tucker [Sun, 21 Jun 2009 08:13:57 +0000 (18:13 +1000)]
- andreas@cvs.openbsd.org 2009/05/27 06:33:39
[clientloop.c]
Send SSH2_MSG_DISCONNECT when the client disconnects. From a larger
change from Martin Forssen, maf at appgate dot com.
ok markus@
Darren Tucker [Sun, 21 Jun 2009 08:12:20 +0000 (18:12 +1000)]
- andreas@cvs.openbsd.org 2009/05/27 06:31:25
[canohost.h canohost.c]
Add clear_cached_addr(), needed for upcoming changes allowing the peer
address to change.
ok markus@
Darren Tucker [Sun, 21 Jun 2009 07:56:51 +0000 (17:56 +1000)]
- stevesk@cvs.openbsd.org 2009/04/21 15:13:17
[sshd_config.5]
clarify we cd to user's home after chroot; ok markus@ on
earlier version; tweaks and ok jmc@
Darren Tucker [Sun, 21 Jun 2009 07:50:15 +0000 (17:50 +1000)]
- tobias@cvs.openbsd.org 2009/03/23 19:38:04
[ssh-agent.c]
My previous commit didn't fix the problem at all, so stick at my first
version of the fix presented to dtucker.
Issue notified by Matthias Barkhoff (matthias dot barkhoff at gmx dot de).
ok dtucker
Darren Tucker [Sun, 21 Jun 2009 07:49:36 +0000 (17:49 +1000)]
- tobias@cvs.openbsd.org 2009/03/23 08:31:19
[ssh-agent.c]
Fixed a possible out-of-bounds memory access if the environment variable
SHELL is shorter than 3 characters.
with input by and ok dtucker
Darren Tucker [Sun, 21 Jun 2009 07:48:52 +0000 (17:48 +1000)]
- jmc@cvs.openbsd.org 2009/03/19 15:15:09
[ssh.1]
for "Ciphers", just point the reader to the keyword in ssh_config(5), just
as we do for "MACs": this stops us getting out of sync when the lists
change;
fixes documentation/6102, submitted by Peter J. Philipp
alternative fix proposed by djm
ok markus
Darren Tucker [Mon, 4 May 2009 02:52:47 +0000 (12:52 +1000)]
- (dtucker) [sshlogin.c] Move the NO_SSH_LASTLOG #ifndef line to include
variable declarations. Should prevent unused warnings anywhere it's set
(only Crays as far as I can tell) and be a no-op everywhere else.
Tim Rice [Wed, 18 Mar 2009 18:25:02 +0000 (11:25 -0700)]
- (tim) [configure.ac] Remove setting IP_TOS_IS_BROKEN for Cygwin. The problem
that setsockopt(IP_TOS) doesn't work on Cygwin has been fixed since 2005.
Based on patch from vinschen at redhat com.
Darren Tucker [Sun, 8 Mar 2009 00:40:27 +0000 (11:40 +1100)]
- (dtucker) [auth-passwd.c auth1.c auth2-kbdint.c auth2-none.c auth2-passwd.c
auth2-pubkey.c session.c openbsd-compat/bsd-cygwin_util.{c,h}
openbsd-compat/daemon.c] Remove support for Windows 95/98/ME and very old
version of Cygwin. Patch from vinschen at redhat com.
Darren Tucker [Sat, 7 Mar 2009 11:22:35 +0000 (22:22 +1100)]
- (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}]
EVP_DigestUpdate does not exactly match the other OLD_EVP functions (eg
in openssl 0.9.6) so add an explicit test for it.
Darren Tucker [Sat, 7 Mar 2009 01:01:47 +0000 (12:01 +1100)]
- (dtucker) [schnorr.c openbsd-compat/openssl-compat.{c,h}] Add
EVP_DigestUpdate to the OLD_EVP compatibility functions and tell schnorr.c
to use them. Allows building with older OpenSSL versions.
Darren Tucker [Fri, 6 Mar 2009 23:22:10 +0000 (10:22 +1100)]
- (dtucker) [contrib/aix/buildbff.sh] Only try to rename ssh_prng_cmds if it
exists (it's not created if OpenSSL's PRNG is self-seeded, eg if the OS
has a /dev/random).
Damien Miller [Thu, 5 Mar 2009 14:03:30 +0000 (01:03 +1100)]
- djm@cvs.openbsd.org 2009/03/05 07:18:19
[auth2-jpake.c jpake.c jpake.h monitor_wrap.c monitor_wrap.h schnorr.c]
[sshconnect2.c]
refactor the (disabled) Schnorr proof code to make it a little more
generally useful
Damien Miller [Thu, 5 Mar 2009 13:58:39 +0000 (00:58 +1100)]
- djm@cvs.openbsd.org 2009/03/05 11:30:50
[uuencode.c]
document what these functions do so I don't ever have to recuse into
b64_pton/ntop to remember their return values
Damien Miller [Thu, 5 Mar 2009 13:58:22 +0000 (00:58 +1100)]
- djm@cvs.openbsd.org 2009/03/05 07:18:19
[auth2-jpake.c jpake.c jpake.h monitor_wrap.c monitor_wrap.h schnorr.c]
[sshconnect2.c]
refactor the (disabled) Schnorr proof code to make it a little more
generally useful
Damien Miller [Sat, 21 Feb 2009 01:45:18 +0000 (12:45 +1100)]
- djm@cvs.openbsd.org 2009/02/18 04:31:21
[schnorr.c]
signature should hash over the entire group, not just the generator
(this is still disabled code)
Damien Miller [Mon, 16 Feb 2009 04:21:39 +0000 (15:21 +1100)]
- (djm) [regress/conch-ciphers.sh regress/putty-ciphers.sh]
[regress/putty-kex.sh regress/putty-transfer.sh] Downgrade disabled
interop tests from FATAL error to a warning. Allows some interop
tests to proceed if others are missing necessary prerequisites.
Damien Miller [Sat, 14 Feb 2009 05:33:09 +0000 (16:33 +1100)]
- djm@cvs.openbsd.org 2009/02/12 03:16:01
[serverloop.c]
tighten check for -R0:... forwarding: only allow dynamic allocation
if want_reply is set in the packet
Damien Miller [Sat, 14 Feb 2009 05:28:21 +0000 (16:28 +1100)]
- djm@cvs.openbsd.org 2009/02/12 03:00:56
[canohost.c canohost.h channels.c channels.h clientloop.c readconf.c]
[readconf.h serverloop.c ssh.c]
support remote port forwarding with a zero listen port (-R0:...) to
dyamically allocate a listen port at runtime (this is actually
specified in rfc4254); bz#1003 ok markus@
Damien Miller [Sat, 14 Feb 2009 05:26:19 +0000 (16:26 +1100)]
- dtucker@cvs.openbsd.org 2009/02/02 11:15:14
[sftp.c]
Initialize a few variables to prevent spurious "may be used
uninitialized" warnings from newer gcc's. ok djm@
Damien Miller [Thu, 12 Feb 2009 02:12:21 +0000 (13:12 +1100)]
- (djm) [configure.ac loginrec.c] bz#1421: fix lastlog support for OSX.
OSX provides a getlastlogxbyname function that automates the reading of
a lastlog file. Also, the pututxline function will update lastlog so
there is no need for loginrec.c to do it explicitly. Collapse some
overly verbose code while I'm in there.
Darren Tucker [Sun, 1 Feb 2009 11:19:54 +0000 (22:19 +1100)]
- (dtucker) [defines.h sshconnect.c] INET6_ADDRSTRLEN is now needed in
channels.c too, so move the definition for non-IP6 platforms to defines.h
where it can be shared.
Tim Rice [Thu, 29 Jan 2009 20:30:01 +0000 (12:30 -0800)]
- (tim) [contrib/cygwin/ssh-host-config] Patch from Corinna Vinschen.
If the CYGWIN environment variable is empty, the installer script
should not install the service with an empty CYGWIN variable, but
rather without setting CYGWNI entirely.
Tim Rice [Wed, 28 Jan 2009 20:50:04 +0000 (12:50 -0800)]
- (tim) [contrib/cygwin/ssh-host-config] Patch from Corinna Vinschen.
Changes to work on Cygwin 1.5.x as well as on the new Cygwin 1.7.x.
The information given for the setting of the CYGWIN environment variable
is wrong for both releases so I just removed it, together with the
unnecessary (Cygwin 1.5.x) or wrong (Cygwin 1.7.x) default setting.
projects / thirdparty / openssh-portable.git / log
