]>
Commit | Line | Data |
---|---|---|
1 | 20081103 | |
2 | - OpenBSD CVS Sync | |
3 | - sthen@cvs.openbsd.org 2008/07/24 23:55:30 | |
4 | [ssh-keygen.1] | |
5 | Add "ssh-keygen -F -l" to synopsis (displays fingerprint from | |
6 | known_hosts). ok djm@ | |
7 | - grunk@cvs.openbsd.org 2008/07/25 06:56:35 | |
8 | [ssh_config] | |
9 | Add VisualHostKey to example file, ok djm@ | |
10 | - grunk@cvs.openbsd.org 2008/07/25 07:05:16 | |
11 | [key.c] | |
12 | In random art visualization, make sure to use the end marker only at the | |
13 | end. Initial diff by Dirk Loss, tweaks and ok djm@ | |
14 | - markus@cvs.openbsd.org 2008/07/31 14:48:28 | |
15 | [sshconnect2.c] | |
16 | don't allocate space for empty banners; report t8m at centrum.cz; | |
17 | ok deraadt | |
18 | - krw@cvs.openbsd.org 2008/08/02 04:29:51 | |
19 | [ssh_config.5] | |
20 | whitepsace -> whitespace. From Matthew Clarke via bugs@. | |
21 | - djm@cvs.openbsd.org 2008/08/21 04:09:57 | |
22 | [session.c] | |
23 | allow ForceCommand internal-sftp with arguments. based on patch from | |
24 | michael.barabanov AT gmail.com; ok markus@ | |
25 | - djm@cvs.openbsd.org 2008/09/06 12:24:13 | |
26 | [kex.c] | |
27 | OpenSSL 0.9.8h supplies a real EVP_sha256 so we do not need our | |
28 | replacement anymore | |
29 | (ID sync only for portable - we still need this) | |
30 | - markus@cvs.openbsd.org 2008/09/11 14:22:37 | |
31 | [compat.c compat.h nchan.c ssh.c] | |
32 | only send eow and no-more-sessions requests to openssh 5 and newer; | |
33 | fixes interop problems with broken ssh v2 implementations; ok djm@ | |
34 | - millert@cvs.openbsd.org 2008/10/02 14:39:35 | |
35 | [session.c] | |
36 | Convert an unchecked strdup to xstrdup. OK deraadt@ | |
37 | ||
38 | 20080906 | |
39 | - (dtucker) [config.guess config.sub] Update to latest versions from | |
40 | http://git.savannah.gnu.org/gitweb/ (2008-04-14 and 2008-06-16 | |
41 | respectively). | |
42 | ||
43 | 20080830 | |
44 | - (dtucker) [openbsd-compat/bsd-poll.c] correctly check for number of FDs | |
45 | larger than FD_SETSIZE (OpenSSH only ever uses poll with one fd). Patch | |
46 | from Nicholas Marriott. | |
47 | ||
48 | 20080721 | |
49 | - (djm) OpenBSD CVS Sync | |
50 | - djm@cvs.openbsd.org 2008/07/23 07:36:55 | |
51 | [servconf.c] | |
52 | do not try to print options that have been compile-time disabled | |
53 | in config test mode (sshd -T); report from nix-corp AT esperi.org.uk | |
54 | ok dtucker@ | |
55 | - (djm) [servconf.c] Print UsePAM option in config test mode (when it | |
56 | has been compiled in); report from nix-corp AT esperi.org.uk | |
57 | ok dtucker@ | |
58 | ||
59 | 20080721 | |
60 | - (djm) OpenBSD CVS Sync | |
61 | - jmc@cvs.openbsd.org 2008/07/18 22:51:01 | |
62 | [sftp-server.8] | |
63 | no need for .Pp before or after .Sh; | |
64 | - djm@cvs.openbsd.org 2008/07/21 08:19:07 | |
65 | [version.h] | |
66 | openssh-5.1 | |
67 | - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] | |
68 | [contrib/suse/openssh.spec] Update version number in README and RPM specs | |
69 | - (djm) Release OpenSSH-5.1 | |
70 | ||
71 | 20080717 | |
72 | - (djm) OpenBSD CVS Sync | |
73 | - djm@cvs.openbsd.org 2008/07/17 08:48:00 | |
74 | [sshconnect2.c] | |
75 | strnvis preauth banner; pointed out by mpf@ ok markus@ | |
76 | - djm@cvs.openbsd.org 2008/07/17 08:51:07 | |
77 | [auth2-hostbased.c] | |
78 | strip trailing '.' from hostname when HostbasedUsesNameFromPacketOnly=yes | |
79 | report and patch from res AT qoxp.net (bz#1200); ok markus@ | |
80 | - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Remove long-unneeded compat | |
81 | code, replace with equivalent cygwin library call. Patch from vinschen | |
82 | at redhat.com, ok djm@. | |
83 | - (djm) [sshconnect2.c] vis.h isn't available everywhere | |
84 | ||
85 | 20080716 | |
86 | - OpenBSD CVS Sync | |
87 | - djm@cvs.openbsd.org 2008/07/15 02:23:14 | |
88 | [sftp.1] | |
89 | number of pipelined requests is now 64; | |
90 | prodded by Iain.Morgan AT nasa.gov | |
91 | - djm@cvs.openbsd.org 2008/07/16 11:51:14 | |
92 | [clientloop.c] | |
93 | rename variable first_gc -> last_gc (since it is actually the last | |
94 | in the list). | |
95 | - djm@cvs.openbsd.org 2008/07/16 11:52:19 | |
96 | [channels.c] | |
97 | this loop index should be automatic, not static | |
98 | ||
99 | 20080714 | |
100 | - (djm) OpenBSD CVS Sync | |
101 | - sthen@cvs.openbsd.org 2008/07/13 21:22:52 | |
102 | [ssh-keygen.c] | |
103 | Change "ssh-keygen -F [host] -l" to not display random art unless | |
104 | -v is also specified, making it consistent with the manual and other | |
105 | uses of -l. | |
106 | ok grunk@ | |
107 | - djm@cvs.openbsd.org 2008/07/13 22:13:07 | |
108 | [channels.c] | |
109 | use struct sockaddr_storage instead of struct sockaddr for accept(2) | |
110 | address argument. from visibilis AT yahoo.com in bz#1485; ok markus@ | |
111 | - djm@cvs.openbsd.org 2008/07/13 22:16:03 | |
112 | [sftp.c] | |
113 | increase number of piplelined requests so they properly fill the | |
114 | (recently increased) channel window. prompted by rapier AT psc.edu; | |
115 | ok markus@ | |
116 | - djm@cvs.openbsd.org 2008/07/14 01:55:56 | |
117 | [sftp-server.8] | |
118 | mention requirement for /dev/log inside chroot when using sftp-server | |
119 | with ChrootDirectory | |
120 | - (djm) [openbsd-compat/bindresvport.c] Rename variables s/sin/in/ to | |
121 | avoid clash with sin(3) function; reported by | |
122 | cristian.ionescu-idbohrn AT axis.com | |
123 | - (djm) [openbsd-compat/rresvport.c] Add unistd.h for missing close() | |
124 | prototype; reported by cristian.ionescu-idbohrn AT axis.com | |
125 | - (djm) [umac.c] Rename variable s/buffer_ptr/bufp/ to avoid clash; | |
126 | reported by cristian.ionescu-idbohrn AT axis.com | |
127 | - (djm) [contrib/cygwin/Makefile contrib/cygwin/ssh-host-config] | |
128 | [contrib/cygwin/ssh-user-config contrib/cygwin/sshd-inetd] | |
129 | Revamped and simplified Cygwin ssh-host-config script that uses | |
130 | unified csih configuration tool. Requires recent Cygwin. | |
131 | Patch from vinschen AT redhat.com | |
132 | ||
133 | 20080712 | |
134 | - (djm) OpenBSD CVS Sync | |
135 | - djm@cvs.openbsd.org 2008/07/12 04:52:50 | |
136 | [channels.c] | |
137 | unbreak; move clearing of cctx struct to before first use | |
138 | reported by dkrause@ | |
139 | - djm@cvs.openbsd.org 2008/07/12 05:33:41 | |
140 | [scp.1] | |
141 | better description for -i flag: | |
142 | s/RSA authentication/public key authentication/ | |
143 | - (djm) [openbsd-compat/fake-rfc2553.c openbsd-compat/fake-rfc2553.h] | |
144 | return EAI_FAMILY when trying to lookup unsupported address family; | |
145 | from vinschen AT redhat.com | |
146 | ||
147 | 20080711 | |
148 | - (djm) OpenBSD CVS Sync | |
149 | - stevesk@cvs.openbsd.org 2008/07/07 00:31:41 | |
150 | [ttymodes.c] | |
151 | we don't need arg after the debug3() was removed. from lint. | |
152 | ok djm@ | |
153 | - stevesk@cvs.openbsd.org 2008/07/07 23:32:51 | |
154 | [key.c] | |
155 | /*NOTREACHED*/ for lint warning: | |
156 | warning: function key_equal falls off bottom without returning value | |
157 | ok djm@ | |
158 | - markus@cvs.openbsd.org 2008/07/10 18:05:58 | |
159 | [channels.c] | |
160 | missing bzero; from mickey; ok djm@ | |
161 | - markus@cvs.openbsd.org 2008/07/10 18:08:11 | |
162 | [clientloop.c monitor.c monitor_wrap.c packet.c packet.h sshd.c] | |
163 | sync v1 and v2 traffic accounting; add it to sshd, too; | |
164 | ok djm@, dtucker@ | |
165 | ||
166 | 20080709 | |
167 | - (djm) [Makefile.in] Print "all tests passed" when all regress tests pass | |
168 | - (djm) [auth1.c] Fix format string vulnerability in protocol 1 PAM | |
169 | account check failure path. The vulnerable format buffer is supplied | |
170 | from PAM and should not contain attacker-supplied data. | |
171 | - (djm) [auth.c] Missing unistd.h for close() | |
172 | - (djm) [configure.ac] Add -Wformat-security to CFLAGS for gcc 3.x and 4.x | |
173 | ||
174 | 20080705 | |
175 | - (djm) [auth.c] Fixed test for locked account on HP/UX with shadowed | |
176 | passwords disabled. bz#1083 report & patch from senthilkumar_sen AT | |
177 | hotpop.com, w/ dtucker@ | |
178 | - (djm) [atomicio.c configure.ac] Disable poll() fallback in atomiciov for | |
179 | Tru64. readv doesn't seem to be a comparable object there. | |
180 | bz#1386, patch from dtucker@ ok me | |
181 | - (djm) [Makefile.in] Pass though pass to conch for interop tests | |
182 | - (djm) [configure.ac] unbreak: remove extra closing brace | |
183 | - (djm) OpenBSD CVS Sync | |
184 | - djm@cvs.openbsd.org 2008/07/04 23:08:25 | |
185 | [packet.c] | |
186 | handle EINTR in packet_write_poll()l ok dtucker@ | |
187 | - djm@cvs.openbsd.org 2008/07/04 23:30:16 | |
188 | [auth1.c auth2.c] | |
189 | Make protocol 1 MaxAuthTries logic match protocol 2's. | |
190 | Do not treat the first protocol 2 authentication attempt as | |
191 | a failure IFF it is for method "none". | |
192 | Makes MaxAuthTries' user-visible behaviour identical for | |
193 | protocol 1 vs 2. | |
194 | ok dtucker@ | |
195 | - djm@cvs.openbsd.org 2008/07/05 05:16:01 | |
196 | [PROTOCOL] | |
197 | grammar | |
198 | ||
199 | 20080704 | |
200 | - (dtucker) OpenBSD CVS Sync | |
201 | - djm@cvs.openbsd.org 2008/07/02 13:30:34 | |
202 | [auth2.c] | |
203 | really really remove the freebie "none" auth try for protocol 2 | |
204 | - djm@cvs.openbsd.org 2008/07/02 13:47:39 | |
205 | [ssh.1 ssh.c] | |
206 | When forking after authentication ("ssh -f") with ExitOnForwardFailure | |
207 | enabled, delay the fork until after replies for any -R forwards have | |
208 | been seen. Allows for robust detection of -R forward failure when | |
209 | using -f (similar to bz#92); ok dtucker@ | |
210 | - otto@cvs.openbsd.org 2008/07/03 21:46:58 | |
211 | [auth2-pubkey.c] | |
212 | avoid nasty double free; ok dtucker@ djm@ | |
213 | - djm@cvs.openbsd.org 2008/07/04 03:44:59 | |
214 | [servconf.c groupaccess.h groupaccess.c] | |
215 | support negation of groups in "Match group" block (bz#1315); ok dtucker@ | |
216 | - dtucker@cvs.openbsd.org 2008/07/04 03:47:02 | |
217 | [monitor.c] | |
218 | Make debug a little clearer. ok djm@ | |
219 | - djm@cvs.openbsd.org 2008/06/30 08:07:34 | |
220 | [regress/key-options.sh] | |
221 | shell portability: use "=" instead of "==" in test(1) expressions, | |
222 | double-quote string with backslash escaped / | |
223 | - djm@cvs.openbsd.org 2008/06/30 10:31:11 | |
224 | [regress/{putty-transfer,putty-kex,putty-ciphers}.sh] | |
225 | remove "set -e" left over from debugging | |
226 | - djm@cvs.openbsd.org 2008/06/30 10:43:03 | |
227 | [regress/conch-ciphers.sh] | |
228 | explicitly disable conch options that could interfere with the test | |
229 | - (dtucker) [sftp-server.c] Bug #1447: fall back to racy rename if link | |
230 | returns EXDEV. Patch from Mike Garrison, ok djm@ | |
231 | - (djm) [atomicio.c channels.c clientloop.c defines.h includes.h] | |
232 | [packet.c scp.c serverloop.c sftp-client.c ssh-agent.c ssh-keyscan.c] | |
233 | [sshd.c] Explicitly handle EWOULDBLOCK wherever we handle EAGAIN, on | |
234 | some platforms (HP nonstop) it is a distinct errno; | |
235 | bz#1467 reported by sconeu AT yahoo.com; ok dtucker@ | |
236 | ||
237 | 20080702 | |
238 | - (dtucker) OpenBSD CVS Sync | |
239 | - djm@cvs.openbsd.org 2008/06/30 08:05:59 | |
240 | [PROTOCOL.agent] | |
241 | typo: s/constraint_date/constraint_data/ | |
242 | - djm@cvs.openbsd.org 2008/06/30 12:15:39 | |
243 | [serverloop.c] | |
244 | only pass channel requests on session channels through to the session | |
245 | channel handler, avoiding spurious log messages; ok! markus@ | |
246 | - djm@cvs.openbsd.org 2008/06/30 12:16:02 | |
247 | [nchan.c] | |
248 | only send eow@openssh.com notifications for session channels; ok! markus@ | |
249 | - djm@cvs.openbsd.org 2008/06/30 12:18:34 | |
250 | [PROTOCOL] | |
251 | clarify that eow@openssh.com is only sent on session channels | |
252 | - dtucker@cvs.openbsd.org 2008/07/01 07:20:52 | |
253 | [sshconnect.c] | |
254 | Check ExitOnForwardFailure if forwardings are disabled due to a failed | |
255 | host key check. ok djm@ | |
256 | - dtucker@cvs.openbsd.org 2008/07/01 07:24:22 | |
257 | [sshconnect.c sshd.c] | |
258 | Send CR LF during protocol banner exchanges, but only for Protocol 2 only, | |
259 | in order to comply with RFC 4253. bz #1443, ok djm@ | |
260 | - stevesk@cvs.openbsd.org 2008/07/01 23:12:47 | |
261 | [PROTOCOL.agent] | |
262 | fix some typos; ok djm@ | |
263 | - djm@cvs.openbsd.org 2008/07/02 02:24:18 | |
264 | [sshd_config sshd_config.5 sshd.8 servconf.c] | |
265 | increase default size of ssh protocol 1 ephemeral key from 768 to 1024 | |
266 | bits; prodded by & ok dtucker@ ok deraadt@ | |
267 | - dtucker@cvs.openbsd.org 2008/07/02 12:03:51 | |
268 | [auth-rsa.c auth.c auth2-pubkey.c auth.h] | |
269 | Merge duplicate host key file checks, based in part on a patch from Rob | |
270 | Holland via bz #1348 . Also checks for non-regular files during protocol | |
271 | 1 RSA auth. ok djm@ | |
272 | - djm@cvs.openbsd.org 2008/07/02 12:36:39 | |
273 | [auth2-none.c auth2.c] | |
274 | Make protocol 2 MaxAuthTries behaviour a little more sensible: | |
275 | Check whether client has exceeded MaxAuthTries before running | |
276 | an authentication method and skip it if they have, previously it | |
277 | would always allow one try (for "none" auth). | |
278 | Preincrement failure count before post-auth test - previously this | |
279 | checked and postincremented, also to allow one "none" try. | |
280 | Together, these two changes always count the "none" auth method | |
281 | which could be skipped by a malicious client (e.g. an SSH worm) | |
282 | to get an extra attempt at a real auth method. They also make | |
283 | MaxAuthTries=0 a useful way to block users entirely (esp. in a | |
284 | sshd_config Match block). | |
285 | Also, move sending of any preauth banner from "none" auth method | |
286 | to the first call to input_userauth_request(), so worms that skip | |
287 | the "none" method get to see it too. | |
288 | ||
289 | 20080630 | |
290 | - (djm) OpenBSD CVS Sync | |
291 | - dtucker@cvs.openbsd.org 2008/06/10 23:13:43 | |
292 | [regress/Makefile regress/key-options.sh] | |
293 | Add regress test for key options. ok djm@ | |
294 | - dtucker@cvs.openbsd.org 2008/06/11 23:11:40 | |
295 | [regress/Makefile] | |
296 | Don't run cipher-speed test by default; mistakenly enabled by me | |
297 | - djm@cvs.openbsd.org 2008/06/28 13:57:25 | |
298 | [regress/Makefile regress/test-exec.sh regress/conch-ciphers.sh] | |
299 | very basic regress test against Twisted Conch in "make interop" | |
300 | target (conch is available in ports/devel/py-twisted/conch); | |
301 | ok markus@ | |
302 | - (djm) [regress/Makefile] search for conch by path, like we do putty | |
303 | ||
304 | 20080629 | |
305 | - (djm) OpenBSD CVS Sync | |
306 | - martynas@cvs.openbsd.org 2008/06/21 07:46:46 | |
307 | [sftp.c] | |
308 | use optopt to get invalid flag, instead of return value of getopt, | |
309 | which is always '?'; ok djm@ | |
310 | - otto@cvs.openbsd.org 2008/06/25 11:13:43 | |
311 | [key.c] | |
312 | add key length to visual fingerprint; zap magical constants; | |
313 | ok grunk@ djm@ | |
314 | - djm@cvs.openbsd.org 2008/06/26 06:10:09 | |
315 | [sftp-client.c sftp-server.c] | |
316 | allow the sftp chmod(2)-equivalent operation to set set[ug]id/sticky | |
317 | bits. Note that this only affects explicit setting of modes (e.g. via | |
318 | sftp(1)'s chmod command) and not file transfers. (bz#1310) | |
319 | ok deraadt@ at c2k8 | |
320 | - djm@cvs.openbsd.org 2008/06/26 09:19:40 | |
321 | [dh.c dh.h moduli.c] | |
322 | when loading moduli from /etc/moduli in sshd(8), check that they | |
323 | are of the expected "safe prime" structure and have had | |
324 | appropriate primality tests performed; | |
325 | feedback and ok dtucker@ | |
326 | - grunk@cvs.openbsd.org 2008/06/26 11:46:31 | |
327 | [readconf.c readconf.h ssh.1 ssh_config.5 sshconnect.c] | |
328 | Move SSH Fingerprint Visualization away from sharing the config option | |
329 | CheckHostIP to an own config option named VisualHostKey. | |
330 | While there, fix the behaviour that ssh would draw a random art picture | |
331 | on every newly seen host even when the option was not enabled. | |
332 | prodded by deraadt@, discussions, | |
333 | help and ok markus@ djm@ dtucker@ | |
334 | - jmc@cvs.openbsd.org 2008/06/26 21:11:46 | |
335 | [ssh.1] | |
336 | add VisualHostKey to the list of options listed in -o; | |
337 | - djm@cvs.openbsd.org 2008/06/28 07:25:07 | |
338 | [PROTOCOL] | |
339 | spelling fixes | |
340 | - djm@cvs.openbsd.org 2008/06/28 13:58:23 | |
341 | [ssh-agent.c] | |
342 | refuse to add a key that has unknown constraints specified; | |
343 | ok markus | |
344 | - djm@cvs.openbsd.org 2008/06/28 14:05:15 | |
345 | [ssh-agent.c] | |
346 | reset global compat flag after processing a protocol 2 signature | |
347 | request with the legacy DSA encoding flag set; ok markus | |
348 | - djm@cvs.openbsd.org 2008/06/28 14:08:30 | |
349 | [PROTOCOL PROTOCOL.agent] | |
350 | document the protocol used by ssh-agent; "looks ok" markus@ | |
351 | ||
352 | 20080628 | |
353 | - (djm) [RFC.nroff contrib/cygwin/Makefile contrib/suse/openssh.spec] | |
354 | RFC.nroff lacks a license, remove it (it is long gone in OpenBSD). | |
355 | ||
356 | 20080626 | |
357 | - (djm) [Makefile.in moduli.5] Include moduli(5) manpage from OpenBSD. | |
358 | (bz#1372) | |
359 | - (djm) [ contrib/caldera/openssh.spec contrib/redhat/openssh.spec] | |
360 | [contrib/suse/openssh.spec] Include moduli.5 in RPM spec files. | |
361 | ||
362 | 20080616 | |
363 | - (dtucker) OpenBSD CVS Sync | |
364 | - dtucker@cvs.openbsd.org 2008/06/16 13:22:53 | |
365 | [session.c channels.c] | |
366 | Rename the isatty argument to is_tty so we don't shadow | |
367 | isatty(3). ok markus@ | |
368 | - (dtucker) [channels.c] isatty -> is_tty here too. | |
369 | ||
370 | 20080615 | |
371 | - (dtucker) [configure.ac] Enable -fno-builtin-memset when using gcc. | |
372 | - OpenBSD CVS Sync | |
373 | - dtucker@cvs.openbsd.org 2008/06/14 15:49:48 | |
374 | [sshd.c] | |
375 | wrap long line at 80 chars | |
376 | - dtucker@cvs.openbsd.org 2008/06/14 17:07:11 | |
377 | [sshd.c] | |
378 | ensure default umask disallows at least group and world write; ok djm@ | |
379 | - djm@cvs.openbsd.org 2008/06/14 18:33:43 | |
380 | [session.c] | |
381 | suppress the warning message from chdir(homedir) failures | |
382 | when chrooted (bz#1461); ok dtucker | |
383 | - dtucker@cvs.openbsd.org 2008/06/14 19:42:10 | |
384 | [scp.1] | |
385 | Mention that scp follows symlinks during -r. bz #1466, | |
386 | from nectar at apple | |
387 | - dtucker@cvs.openbsd.org 2008/06/15 16:55:38 | |
388 | [sshd_config.5] | |
389 | MaxSessions is allowed in a Match block too | |
390 | - dtucker@cvs.openbsd.org 2008/06/15 16:58:40 | |
391 | [servconf.c sshd_config.5] | |
392 | Allow MaxAuthTries within a Match block. ok djm@ | |
393 | - djm@cvs.openbsd.org 2008/06/15 20:06:26 | |
394 | [channels.c channels.h session.c] | |
395 | don't call isatty() on a pty master, instead pass a flag down to | |
396 | channel_set_fds() indicating that te fds refer to a tty. Fixes a | |
397 | hang on exit on Solaris (bz#1463) in portable but is actually | |
398 | a generic bug; ok dtucker deraadt markus | |
399 | ||
400 | 20080614 | |
401 | - (djm) [openbsd-compat/sigact.c] Avoid NULL derefs in ancient sigaction | |
402 | replacement code; patch from ighighi AT gmail.com in bz#1240; | |
403 | ok dtucker | |
404 | ||
405 | 20080613 | |
406 | - (dtucker) OpenBSD CVS Sync | |
407 | - deraadt@cvs.openbsd.org 2008/06/13 09:44:36 | |
408 | [packet.c] | |
409 | compile on older gcc; no decl after code | |
410 | - dtucker@cvs.openbsd.org 2008/06/13 13:56:59 | |
411 | [monitor.c] | |
412 | Clear key options in the monitor on failed authentication, prevents | |
413 | applying additional restrictions to non-pubkey authentications in | |
414 | the case where pubkey fails but another method subsequently succeeds. | |
415 | bz #1472, found by Colin Watson, ok markus@ djm@ | |
416 | - dtucker@cvs.openbsd.org 2008/06/13 14:18:51 | |
417 | [auth2-pubkey.c auth-rhosts.c] | |
418 | Include unistd.h for close(), prevents warnings in -portable | |
419 | - dtucker@cvs.openbsd.org 2008/06/13 17:21:20 | |
420 | [mux.c] | |
421 | Friendlier error messages for mux fallback. ok djm@ | |
422 | - dtucker@cvs.openbsd.org 2008/06/13 18:55:22 | |
423 | [scp.c] | |
424 | Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@ | |
425 | - grunk@cvs.openbsd.org 2008/06/13 20:13:26 | |
426 | [ssh.1] | |
427 | Explain the use of SSH fpr visualization using random art, and cite the | |
428 | original scientific paper inspiring that technique. | |
429 | Much help with English and nroff by jmc@, thanks. | |
430 | - (dtucker) [configure.ac] Bug #1276: avoid linking against libgssapi, which | |
431 | despite its name doesn't seem to implement all of GSSAPI. Patch from | |
432 | Jan Engelhardt, sanity checked by Simon Wilkinson. | |
433 | ||
434 | 20080612 | |
435 | - (dtucker) OpenBSD CVS Sync | |
436 | - jmc@cvs.openbsd.org 2008/06/11 07:30:37 | |
437 | [sshd.8] | |
438 | kill trailing whitespace; | |
439 | - grunk@cvs.openbsd.org 2008/06/11 21:01:35 | |
440 | [ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c | |
441 | sshconnect.c] | |
442 | Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the | |
443 | graphical hash visualization schemes known as "random art", and by | |
444 | Dan Kaminsky's musings on the subject during a BlackOp talk at the | |
445 | 23C3 in Berlin. | |
446 | Scientific publication (original paper): | |
447 | "Hash Visualization: a New Technique to improve Real-World Security", | |
448 | Perrig A. and Song D., 1999, International Workshop on Cryptographic | |
449 | Techniques and E-Commerce (CrypTEC '99) | |
450 | http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf | |
451 | The algorithm used here is a worm crawling over a discrete plane, | |
452 | leaving a trace (augmenting the field) everywhere it goes. | |
453 | Movement is taken from dgst_raw 2bit-wise. Bumping into walls | |
454 | makes the respective movement vector be ignored for this turn, | |
455 | thus switching to the other color of the chessboard. | |
456 | Graphs are not unambiguous for now, because circles in graphs can be | |
457 | walked in either direction. | |
458 | discussions with several people, | |
459 | help, corrections and ok markus@ djm@ | |
460 | - grunk@cvs.openbsd.org 2008/06/11 21:38:25 | |
461 | [ssh-keygen.c] | |
462 | ssh-keygen -lv -f /etc/ssh/ssh_host_rsa_key.pub | |
463 | would not display you the random art as intended, spotted by canacar@ | |
464 | - grunk@cvs.openbsd.org 2008/06/11 22:20:46 | |
465 | [ssh-keygen.c ssh-keygen.1] | |
466 | ssh-keygen would write fingerprints to STDOUT, and random art to STDERR, | |
467 | that is not how it was envisioned. | |
468 | Also correct manpage saying that -v is needed along with -l for it to work. | |
469 | spotted by naddy@ | |
470 | - otto@cvs.openbsd.org 2008/06/11 23:02:22 | |
471 | [key.c] | |
472 | simpler way of computing the augmentations; ok grunk@ | |
473 | - grunk@cvs.openbsd.org 2008/06/11 23:03:56 | |
474 | [ssh_config.5] | |
475 | CheckHostIP set to ``fingerprint'' will display both hex and random art | |
476 | spotted by naddy@ | |
477 | - grunk@cvs.openbsd.org 2008/06/11 23:51:57 | |
478 | [key.c] | |
479 | #define statements that are not atoms need braces around them, else they | |
480 | will cause trouble in some cases. | |
481 | Also do a computation of -1 once, and not in a loop several times. | |
482 | spotted by otto@ | |
483 | - dtucker@cvs.openbsd.org 2008/06/12 00:03:49 | |
484 | [dns.c canohost.c sshconnect.c] | |
485 | Do not pass "0" strings as ports to getaddrinfo because the lookups | |
486 | can slow things down and we never use the service info anyway. bz | |
487 | #859, patch from YOSHIFUJI Hideaki and John Devitofranceschi. ok | |
488 | deraadt@ djm@ | |
489 | djm belives that the reason for the "0" strings is to ensure that | |
490 | it's not possible to call getaddrinfo with both host and port being | |
491 | NULL. In the case of canohost.c host is a local array. In the | |
492 | case of sshconnect.c, it's checked for null immediately before use. | |
493 | In dns.c it ultimately comes from ssh.c:main() and is guaranteed to | |
494 | be non-null but it's not obvious, so I added a warning message in | |
495 | case it is ever passed a null. | |
496 | - grunk@cvs.openbsd.org 2008/06/12 00:13:55 | |
497 | [sshconnect.c] | |
498 | Make ssh print the random art also when ssh'ing to a host using IP only. | |
499 | spotted by naddy@, ok and help djm@ dtucker@ | |
500 | - otto@cvs.openbsd.org 2008/06/12 00:13:13 | |
501 | [key.c] | |
502 | use an odd number of rows and columns and a separate start marker, looks | |
503 | better; ok grunk@ | |
504 | - djm@cvs.openbsd.org 2008/06/12 03:40:52 | |
505 | [clientloop.h mux.c channels.c clientloop.c channels.h] | |
506 | Enable ~ escapes for multiplex slave sessions; give each channel | |
507 | its own escape state and hook the escape filters up to muxed | |
508 | channels. bz #1331 | |
509 | Mux slaves do not currently support the ~^Z and ~& escapes. | |
510 | NB. this change cranks the mux protocol version, so a new ssh | |
511 | mux client will not be able to connect to a running old ssh | |
512 | mux master. | |
513 | ok dtucker@ | |
514 | - djm@cvs.openbsd.org 2008/06/12 04:06:00 | |
515 | [clientloop.h ssh.c clientloop.c] | |
516 | maintain an ordered queue of outstanding global requests that we | |
517 | expect replies to, similar to the per-channel confirmation queue. | |
518 | Use this queue to verify success or failure for remote forward | |
519 | establishment in a race free way. | |
520 | ok dtucker@ | |
521 | - djm@cvs.openbsd.org 2008/06/12 04:17:47 | |
522 | [clientloop.c] | |
523 | thall shalt not code past the eightieth column | |
524 | - djm@cvs.openbsd.org 2008/06/12 04:24:06 | |
525 | [ssh.c] | |
526 | thal shalt not code past the eightieth column | |
527 | - djm@cvs.openbsd.org 2008/06/12 05:15:41 | |
528 | [PROTOCOL] | |
529 | document tun@openssh.com forwarding method | |
530 | - djm@cvs.openbsd.org 2008/06/12 05:32:30 | |
531 | [mux.c] | |
532 | some more TODO for me | |
533 | - grunk@cvs.openbsd.org 2008/06/12 05:42:46 | |
534 | [key.c] | |
535 | supply the key type (rsa1, rsa, dsa) as a caption in the frame of the | |
536 | random art. while there, stress the fact that the field base should at | |
537 | least be 8 characters for the pictures to make sense. | |
538 | comment and ok djm@ | |
539 | - grunk@cvs.openbsd.org 2008/06/12 06:32:59 | |
540 | [key.c] | |
541 | We already mark the start of the worm, now also mark the end of the worm | |
542 | in our random art drawings. | |
543 | ok djm@ | |
544 | - djm@cvs.openbsd.org 2008/06/12 15:19:17 | |
545 | [clientloop.h channels.h clientloop.c channels.c mux.c] | |
546 | The multiplexing escape char handler commit last night introduced a | |
547 | small memory leak per session; plug it. | |
548 | - dtucker@cvs.openbsd.org 2008/06/12 16:35:31 | |
549 | [ssh_config.5 ssh.c] | |
550 | keyword expansion for localcommand. ok djm@ | |
551 | - jmc@cvs.openbsd.org 2008/06/12 19:10:09 | |
552 | [ssh_config.5 ssh-keygen.1] | |
553 | tweak the ascii art text; ok grunk | |
554 | - dtucker@cvs.openbsd.org 2008/06/12 20:38:28 | |
555 | [sshd.c sshconnect.c packet.h misc.c misc.h packet.c] | |
556 | Make keepalive timeouts apply while waiting for a packet, particularly | |
557 | during key renegotiation (bz #1363). With djm and Matt Day, ok djm@ | |
558 | - djm@cvs.openbsd.org 2008/06/12 20:47:04 | |
559 | [sftp-client.c] | |
560 | print extension revisions for extensions that we understand | |
561 | - djm@cvs.openbsd.org 2008/06/12 21:06:25 | |
562 | [clientloop.c] | |
563 | I was coalescing expected global request confirmation replies at | |
564 | the wrong end of the queue - fix; prompted by markus@ | |
565 | - grunk@cvs.openbsd.org 2008/06/12 21:14:46 | |
566 | [ssh-keygen.c] | |
567 | make ssh-keygen -lf show the key type just as ssh-add -l would do it | |
568 | ok djm@ markus@ | |
569 | - grunk@cvs.openbsd.org 2008/06/12 22:03:36 | |
570 | [key.c] | |
571 | add my copyright, ok djm@ | |
572 | - ian@cvs.openbsd.org 2008/06/12 23:24:58 | |
573 | [sshconnect.c] | |
574 | tweak wording in message, ok deraadt@ jmc@ | |
575 | - dtucker@cvs.openbsd.org 2008/06/13 00:12:02 | |
576 | [sftp.h log.h] | |
577 | replace __dead with __attribute__((noreturn)), makes things | |
578 | a little easier to port. Also, add it to sigdie(). ok djm@ | |
579 | - djm@cvs.openbsd.org 2008/06/13 00:16:49 | |
580 | [mux.c] | |
581 | fall back to creating a new TCP connection on most multiplexing errors | |
582 | (socket connect fail, invalid version, refused permittion, corrupted | |
583 | messages, etc.); bz #1329 ok dtucker@ | |
584 | - dtucker@cvs.openbsd.org 2008/06/13 00:47:53 | |
585 | [mux.c] | |
586 | upcast size_t to u_long to match format arg; ok djm@ | |
587 | - dtucker@cvs.openbsd.org 2008/06/13 00:51:47 | |
588 | [mac.c] | |
589 | upcast another size_t to u_long to match format | |
590 | - dtucker@cvs.openbsd.org 2008/06/13 01:38:23 | |
591 | [misc.c] | |
592 | upcast uid to long with matching %ld, prevents warnings in portable | |
593 | - djm@cvs.openbsd.org 2008/06/13 04:40:22 | |
594 | [auth2-pubkey.c auth-rhosts.c] | |
595 | refuse to read ~/.shosts or ~/.ssh/authorized_keys that are not | |
596 | regular files; report from Solar Designer via Colin Watson in bz#1471 | |
597 | ok dtucker@ deraadt | |
598 | - (dtucker) [clientloop.c serverloop.c] channel_register_filter now | |
599 | takes 2 more args. with djm@ | |
600 | - (dtucker) [defines.h] Bug #1112: __dead is, well dead. Based on a patch | |
601 | from Todd Vierling. | |
602 | - (dtucker) [auth-sia.c] Bug #1241: support password expiry on Tru64 SIA | |
603 | systems. Patch from R. Scott Bailey. | |
604 | - (dtucker) [umac.c] STORE_UINT32_REVERSED and endian_convert are never used | |
605 | on big endian machines, so ifdef them for little-endian only to prevent | |
606 | unused function warnings on big-endians. | |
607 | - (dtucker) [openbsd-compat/setenv.c] Make offsets size_t to prevent | |
608 | compiler warnings on some platforms. Based on a discussion with otto@ | |
609 | ||
610 | 20080611 | |
611 | - (djm) [channels.c configure.ac] | |
612 | Do not set SO_REUSEADDR on wildcard X11 listeners (X11UseLocalhost=no) | |
613 | bz#1464; ok dtucker | |
614 | ||
615 | 20080610 | |
616 | - (dtucker) OpenBSD CVS Sync | |
617 | - djm@cvs.openbsd.org 2008/06/10 03:57:27 | |
618 | [servconf.c match.h sshd_config.5] | |
619 | support CIDR address matching in sshd_config "Match address" blocks, with | |
620 | full support for negation and fall-back to classic wildcard matching. | |
621 | For example: | |
622 | Match address 192.0.2.0/24,3ffe:ffff::/32,!10.* | |
623 | PasswordAuthentication yes | |
624 | addrmatch.c code mostly lifted from flowd's addr.c | |
625 | feedback and ok dtucker@ | |
626 | - djm@cvs.openbsd.org 2008/06/10 04:17:46 | |
627 | [sshd_config.5] | |
628 | better reference for pattern-list | |
629 | - dtucker@cvs.openbsd.org 2008/06/10 04:50:25 | |
630 | [sshd.c channels.h channels.c log.c servconf.c log.h servconf.h sshd.8] | |
631 | Add extended test mode (-T) and connection parameters for test mode (-C). | |
632 | -T causes sshd to write its effective configuration to stdout and exit. | |
633 | -C causes any relevant Match rules to be applied before output. The | |
634 | combination allows tesing of the parser and config files. ok deraadt djm | |
635 | - jmc@cvs.openbsd.org 2008/06/10 07:12:00 | |
636 | [sshd_config.5] | |
637 | tweak previous; | |
638 | - jmc@cvs.openbsd.org 2008/06/10 08:17:40 | |
639 | [sshd.8 sshd.c] | |
640 | - update usage() | |
641 | - fix SYNOPSIS, and sort options | |
642 | - some minor additional fixes | |
643 | - dtucker@cvs.openbsd.org 2008/06/09 18:06:32 | |
644 | [regress/test-exec.sh] | |
645 | Don't generate putty keys if we're not going to use them. ok djm | |
646 | - dtucker@cvs.openbsd.org 2008/06/10 05:23:32 | |
647 | [regress/addrmatch.sh regress/Makefile] | |
648 | Regress test for Match CIDR rules. ok djm@ | |
649 | - dtucker@cvs.openbsd.org 2008/06/10 15:21:41 | |
650 | [test-exec.sh] | |
651 | Use a more portable construct for checking if we're running a putty test | |
652 | - dtucker@cvs.openbsd.org 2008/06/10 15:28:49 | |
653 | [test-exec.sh] | |
654 | Add quotes | |
655 | - dtucker@cvs.openbsd.org 2008/06/10 18:21:24 | |
656 | [ssh_config.5] | |
657 | clarify that Host patterns are space-separated. ok deraadt | |
658 | - djm@cvs.openbsd.org 2008/06/10 22:15:23 | |
659 | [PROTOCOL ssh.c serverloop.c] | |
660 | Add a no-more-sessions@openssh.com global request extension that the | |
661 | client sends when it knows that it will never request another session | |
662 | (i.e. when session multiplexing is disabled). This allows a server to | |
663 | disallow further session requests and terminate the session. | |
664 | Why would a non-multiplexing client ever issue additional session | |
665 | requests? It could have been attacked with something like SSH'jack: | |
666 | http://www.storm.net.nz/projects/7 | |
667 | feedback & ok markus | |
668 | - djm@cvs.openbsd.org 2008/06/10 23:06:19 | |
669 | [auth-options.c match.c servconf.c addrmatch.c sshd.8] | |
670 | support CIDR address matching in .ssh/authorized_keys from="..." stanzas | |
671 | ok and extensive testing dtucker@ | |
672 | - dtucker@cvs.openbsd.org 2008/06/10 23:21:34 | |
673 | [bufaux.c] | |
674 | Use '\0' for a nul byte rather than unadorned 0. ok djm@ | |
675 | - dtucker@cvs.openbsd.org 2008/06/10 23:13:43 | |
676 | [Makefile regress/key-options.sh] | |
677 | Add regress test for key options. ok djm@ | |
678 | - (dtucker) [openbsd-compat/fake-rfc2553.h] Add sin6_scope_id to sockaddr_in6 | |
679 | since the new CIDR code in addmatch.c references it. | |
680 | - (dtucker) [Makefile.in configure.ac regress/addrmatch.sh] Skip IPv6 | |
681 | specific tests on platforms that don't do IPv6. | |
682 | - (dtucker) [Makefile.in] Define TEST_SSH_IPV6 in make's arguments as well | |
683 | as environment. | |
684 | - (dtucker) [Makefile.in] Move addrmatch.o to libssh.a where it's needed now. | |
685 | ||
686 | 20080609 | |
687 | - (dtucker) OpenBSD CVS Sync | |
688 | - dtucker@cvs.openbsd.org 2008/06/08 17:04:41 | |
689 | [sftp-server.c] | |
690 | Add case for ENOSYS in errno_to_portable; ok deraadt | |
691 | - dtucker@cvs.openbsd.org 2008/06/08 20:15:29 | |
692 | [sftp.c sftp-client.c sftp-client.h] | |
693 | Have the sftp client store the statvfs replies in wire format, | |
694 | which prevents problems when the server's native sizes exceed the | |
695 | client's. | |
696 | Also extends the sizes of the remaining 32bit wire format to 64bit, | |
697 | they're specified as unsigned long in the standard. | |
698 | - dtucker@cvs.openbsd.org 2008/06/09 13:02:39 | |
699 | [sftp-server.c] | |
700 | Extend 32bit -> 64bit values for statvfs extension missed in previous | |
701 | commit. | |
702 | - dtucker@cvs.openbsd.org 2008/06/09 13:38:46 | |
703 | [PROTOCOL] | |
704 | Use a $OpenBSD tag so our scripts will sync changes. | |
705 | ||
706 | 20080608 | |
707 | - (dtucker) [configure.ac defines.h sftp-client.c sftp-server.c sftp.c | |
708 | openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h | |
709 | openbsd-compat/bsd-statvfs.{c,h}] Add a null implementation of statvfs and | |
710 | fstatvfs and remove #defines around statvfs code. ok djm@ | |
711 | - (dtucker) [configure.ac defines.h sftp-client.c M sftp-server.c] Add a | |
712 | macro to convert fsid to unsigned long for platforms where fsid is a | |
713 | 2-member array. | |
714 | ||
715 | 20080607 | |
716 | - (dtucker) [mux.c] Include paths.h inside ifdef HAVE_PATHS_H. | |
717 | - (dtucker) [configure.ac defines.h sftp-client.c sftp-server.c sftp.c] | |
718 | Do not enable statvfs extensions on platforms that do not have statvfs. | |
719 | - (dtucker) OpenBSD CVS Sync | |
720 | - djm@cvs.openbsd.org 2008/05/19 06:14:02 | |
721 | [packet.c] unbreak protocol keepalive timeouts bz#1465; ok dtucker@ | |
722 | - djm@cvs.openbsd.org 2008/05/19 15:45:07 | |
723 | [sshtty.c ttymodes.c sshpty.h] | |
724 | Fix sending tty modes when stdin is not a tty (bz#1199). Previously | |
725 | we would send the modes corresponding to a zeroed struct termios, | |
726 | whereas we should have been sending an empty list of modes. | |
727 | Based on patch from daniel.ritz AT alcatel.ch; ok dtucker@ markus@ | |
728 | - djm@cvs.openbsd.org 2008/05/19 15:46:31 | |
729 | [ssh-keygen.c] | |
730 | support -l (print fingerprint) in combination with -F (find host) to | |
731 | search for a host in ~/.ssh/known_hosts and display its fingerprint; | |
732 | ok markus@ | |
733 | - djm@cvs.openbsd.org 2008/05/19 20:53:52 | |
734 | [clientloop.c] | |
735 | unbreak tree by committing this bit that I missed from: | |
736 | Fix sending tty modes when stdin is not a tty (bz#1199). Previously | |
737 | we would send the modes corresponding to a zeroed struct termios, | |
738 | whereas we should have been sending an empty list of modes. | |
739 | Based on patch from daniel.ritz AT alcatel.ch; ok dtucker@ markus@ | |
740 | ||
741 | 20080604 | |
742 | - (djm) [openbsd-compat/bsd-arc4random.c] Fix math bug that caused bias | |
743 | in arc4random_uniform with upper_bound in (2^30,2*31). Note that | |
744 | OpenSSH did not make requests with upper bounds in this range. | |
745 | ||
746 | 20080519 | |
747 | - (djm) [configure.ac mux.c sftp.c openbsd-compat/Makefile.in] | |
748 | [openbsd-compat/fmt_scaled.c openbsd-compat/openbsd-compat.h] | |
749 | Fix compilation on Linux, including pulling in fmt_scaled(3) | |
750 | implementation from OpenBSD's libutil. | |
751 | ||
752 | 20080518 | |
753 | - (djm) OpenBSD CVS Sync | |
754 | - djm@cvs.openbsd.org 2008/04/04 05:14:38 | |
755 | [sshd_config.5] | |
756 | ChrootDirectory is supported in Match blocks (in fact, it is most useful | |
757 | there). Spotted by Minstrel AT minstrel.org.uk | |
758 | - djm@cvs.openbsd.org 2008/04/04 06:44:26 | |
759 | [sshd_config.5] | |
760 | oops, some unrelated stuff crept into that commit - backout. | |
761 | spotted by jmc@ | |
762 | - djm@cvs.openbsd.org 2008/04/05 02:46:02 | |
763 | [sshd_config.5] | |
764 | HostbasedAuthentication is supported under Match too | |
765 | - (djm) [openbsd-compat/bsd-arc4random.c openbsd-compat/openbsd-compat.c] | |
766 | [configure.ac] Implement arc4random_buf(), import implementation of | |
767 | arc4random_uniform() from OpenBSD | |
768 | - (djm) [openbsd-compat/bsd-arc4random.c] Warning fixes | |
769 | - (djm) [openbsd-compat/port-tun.c] needs sys/queue.h | |
770 | - (djm) OpenBSD CVS Sync | |
771 | - djm@cvs.openbsd.org 2008/04/13 00:22:17 | |
772 | [dh.c sshd.c] | |
773 | Use arc4random_buf() when requesting more than a single word of output | |
774 | Use arc4random_uniform() when the desired random number upper bound | |
775 | is not a power of two | |
776 | ok deraadt@ millert@ | |
777 | - djm@cvs.openbsd.org 2008/04/18 12:32:11 | |
778 | [sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c sftp.h] | |
779 | introduce sftp extension methods statvfs@openssh.com and | |
780 | fstatvfs@openssh.com that implement statvfs(2)-like operations, | |
781 | based on a patch from miklos AT szeredi.hu (bz#1399) | |
782 | also add a "df" command to the sftp client that uses the | |
783 | statvfs@openssh.com to produce a df(1)-like display of filesystem | |
784 | space and inode utilisation | |
785 | ok markus@ | |
786 | - jmc@cvs.openbsd.org 2008/04/18 17:15:47 | |
787 | [sftp.1] | |
788 | macro fixage; | |
789 | - djm@cvs.openbsd.org 2008/04/18 22:01:33 | |
790 | [session.c] | |
791 | remove unneccessary parentheses | |
792 | - otto@cvs.openbsd.org 2008/04/29 11:20:31 | |
793 | [monitor_mm.h] | |
794 | garbage collect two unused fields in struct mm_master; ok markus@ | |
795 | - djm@cvs.openbsd.org 2008/04/30 10:14:03 | |
796 | [ssh-keyscan.1 ssh-keyscan.c] | |
797 | default to rsa (protocol 2) keys, instead of rsa1 keys; spotted by | |
798 | larsnooden AT openoffice.org | |
799 | - pyr@cvs.openbsd.org 2008/05/07 05:49:37 | |
800 | [servconf.c servconf.h session.c sshd_config.5] | |
801 | Enable the AllowAgentForwarding option in sshd_config (global and match | |
802 | context), to specify if agents should be permitted on the server. | |
803 | As the man page states: | |
804 | ``Note that disabling Agent forwarding does not improve security | |
805 | unless users are also denied shell access, as they can always install | |
806 | their own forwarders.'' | |
807 | ok djm@, ok and a mild frown markus@ | |
808 | - pyr@cvs.openbsd.org 2008/05/07 06:43:35 | |
809 | [sshd_config] | |
810 | push the sshd_config bits in, spotted by ajacoutot@ | |
811 | - jmc@cvs.openbsd.org 2008/05/07 08:00:14 | |
812 | [sshd_config.5] | |
813 | sort; | |
814 | - markus@cvs.openbsd.org 2008/05/08 06:59:01 | |
815 | [bufaux.c buffer.h channels.c packet.c packet.h] | |
816 | avoid extra malloc/copy/free when receiving data over the net; | |
817 | ~10% speedup for localhost-scp; ok djm@ | |
818 | - djm@cvs.openbsd.org 2008/05/08 12:02:23 | |
819 | [auth-options.c auth1.c channels.c channels.h clientloop.c gss-serv.c] | |
820 | [monitor.c monitor_wrap.c nchan.c servconf.c serverloop.c session.c] | |
821 | [ssh.c sshd.c] | |
822 | Implement a channel success/failure status confirmation callback | |
823 | mechanism. Each channel maintains a queue of callbacks, which will | |
824 | be drained in order (RFC4253 guarantees confirm messages are not | |
825 | reordered within an channel). | |
826 | Also includes a abandonment callback to clean up if a channel is | |
827 | closed without sending confirmation messages. This probably | |
828 | shouldn't happen in compliant implementations, but it could be | |
829 | abused to leak memory. | |
830 | ok markus@ (as part of a larger diff) | |
831 | - djm@cvs.openbsd.org 2008/05/08 12:21:16 | |
832 | [monitor.c monitor_wrap.c session.h servconf.c servconf.h session.c] | |
833 | [sshd_config sshd_config.5] | |
834 | Make the maximum number of sessions run-time controllable via | |
835 | a sshd_config MaxSessions knob. This is useful for disabling | |
836 | login/shell/subsystem access while leaving port-forwarding working | |
837 | (MaxSessions 0), disabling connection multiplexing (MaxSessions 1) or | |
838 | simply increasing the number of allows multiplexed sessions. | |
839 | Because some bozos are sure to configure MaxSessions in excess of the | |
840 | number of available file descriptors in sshd (which, at peak, might be | |
841 | as many as 9*MaxSessions), audit sshd to ensure that it doesn't leak fds | |
842 | on error paths, and make it fail gracefully on out-of-fd conditions - | |
843 | sending channel errors instead of than exiting with fatal(). | |
844 | bz#1090; MaxSessions config bits and manpage from junyer AT gmail.com | |
845 | ok markus@ | |
846 | - djm@cvs.openbsd.org 2008/05/08 13:06:11 | |
847 | [clientloop.c clientloop.h ssh.c] | |
848 | Use new channel status confirmation callback system to properly deal | |
849 | with "important" channel requests that fail, in particular command exec, | |
850 | shell and subsystem requests. Previously we would optimistically assume | |
851 | that the requests would always succeed, which could cause hangs if they | |
852 | did not (e.g. when the server runs out of fds) or were unimplemented by | |
853 | the server (bz #1384) | |
854 | Also, properly report failing multiplex channel requests via the mux | |
855 | client stderr (subject to LogLevel in the mux master) - better than | |
856 | silently failing. | |
857 | most bits ok markus@ (as part of a larger diff) | |
858 | - djm@cvs.openbsd.org 2008/05/09 04:55:56 | |
859 | [channels.c channels.h clientloop.c serverloop.c] | |
860 | Try additional addresses when connecting to a port forward destination | |
861 | whose DNS name resolves to more than one address. The previous behaviour | |
862 | was to try the first address and give up. | |
863 | Reported by stig AT venaas.com in bz#343 | |
864 | great feedback and ok markus@ | |
865 | - djm@cvs.openbsd.org 2008/05/09 14:18:44 | |
866 | [clientloop.c clientloop.h ssh.c mux.c] | |
867 | tidy up session multiplexing code, moving it into its own file and | |
868 | making the function names more consistent - making ssh.c and | |
869 | clientloop.c a fair bit more readable. | |
870 | ok markus@ | |
871 | - djm@cvs.openbsd.org 2008/05/09 14:26:08 | |
872 | [ssh.c] | |
873 | dingo stole my diff hunk | |
874 | - markus@cvs.openbsd.org 2008/05/09 16:16:06 | |
875 | [session.c] | |
876 | re-add the USE_PIPES code and enable it. | |
877 | without pipes shutdown-read from the sshd does not trigger | |
878 | a SIGPIPE when the forked program does a write. | |
879 | ok djm@ | |
880 | (Id sync only, USE_PIPES never left portable OpenSSH) | |
881 | - markus@cvs.openbsd.org 2008/05/09 16:17:51 | |
882 | [channels.c] | |
883 | error-fd race: don't enable the error fd in the select bitmask | |
884 | for channels with both in- and output closed, since the channel | |
885 | will go away before we call select(); | |
886 | report, lots of debugging help and ok djm@ | |
887 | - markus@cvs.openbsd.org 2008/05/09 16:21:13 | |
888 | [channels.h clientloop.c nchan.c serverloop.c] | |
889 | unbreak | |
890 | ssh -2 localhost od /bin/ls | true | |
891 | ignoring SIGPIPE by adding a new channel message (EOW) that signals | |
892 | the peer that we're not interested in any data it might send. | |
893 | fixes bz #85; discussion, debugging and ok djm@ | |
894 | - pvalchev@cvs.openbsd.org 2008/05/12 20:52:20 | |
895 | [umac.c] | |
896 | Ensure nh_result lies on a 64-bit boundary (fixes warnings observed | |
897 | on Itanium on Linux); from Dale Talcott (bug #1462); ok djm@ | |
898 | - djm@cvs.openbsd.org 2008/05/15 23:52:24 | |
899 | [nchan2.ms] | |
900 | document eow message in ssh protocol 2 channel state machine; | |
901 | feedback and ok markus@ | |
902 | - djm@cvs.openbsd.org 2008/05/18 21:29:05 | |
903 | [sftp-server.c] | |
904 | comment extension announcement | |
905 | - djm@cvs.openbsd.org 2008/05/16 08:30:42 | |
906 | [PROTOCOL] | |
907 | document our protocol extensions and deviations; ok markus@ | |
908 | - djm@cvs.openbsd.org 2008/05/17 01:31:56 | |
909 | [PROTOCOL] | |
910 | grammar and correctness fixes from stevesk@ | |
911 | ||
912 | 20080403 | |
913 | - (djm) [openbsd-compat/bsd-poll.c] Include stdlib.h to avoid compile- | |
914 | time warnings on LynxOS. Patch from ops AT iki.fi | |
915 | - (djm) Force string arguments to replacement setproctitle() though | |
916 | strnvis first. Ok dtucker@ | |
917 | ||
918 | 20080403 | |
919 | - (djm) OpenBSD CVS sync: | |
920 | - markus@cvs.openbsd.org 2008/04/02 15:36:51 | |
921 | [channels.c] | |
922 | avoid possible hijacking of x11-forwarded connections (back out 1.183) | |
923 | CVE-2008-1483; ok djm@ | |
924 | - jmc@cvs.openbsd.org 2008/03/27 22:37:57 | |
925 | [sshd.8] | |
926 | remove trailing whitespace; | |
927 | - djm@cvs.openbsd.org 2008/04/03 09:50:14 | |
928 | [version.h] | |
929 | openssh-5.0 | |
930 | - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] | |
931 | [contrib/suse/openssh.spec] Crank version numbers in RPM spec files | |
932 | - (djm) [README] Update link to release notes | |
933 | - (djm) Release 5.0p1 | |
934 | ||
935 | 20080315 | |
936 | - (djm) [regress/test-exec.sh] Quote putty-related variables in case they are | |
937 | empty; report and patch from Peter Stuge | |
938 | - (djm) [regress/test-exec.sh] Silence noise from detection of putty | |
939 | commands; report from Peter Stuge | |
940 | - (djm) [session.c] Relocate incorrectly-placed closefrom() that was causing | |
941 | crashes when used with ChrootDirectory | |
942 | ||
943 | ||
944 | 20080327 | |
945 | - (dtucker) Cache selinux status earlier so we know if it's enabled after a | |
946 | chroot. Allows ChrootDirectory to work with selinux support compiled in | |
947 | but not enabled. Using it with selinux enabled will require some selinux | |
948 | support inside the chroot. "looks sane" djm@ | |
949 | - (djm) Fix RCS ident in sftp-server-main.c | |
950 | - (djm) OpenBSD CVS sync: | |
951 | - jmc@cvs.openbsd.org 2008/02/11 07:58:28 | |
952 | [ssh.1 sshd.8 sshd_config.5] | |
953 | bump Mdocdate for pages committed in "febuary", necessary because | |
954 | of a typo in rcs.c; | |
955 | - deraadt@cvs.openbsd.org 2008/03/13 01:49:53 | |
956 | [monitor_fdpass.c] | |
957 | Correct CMSG_SPACE and CMSG_LEN usage everywhere in the tree. Due to | |
958 | an extensive discussion with otto, kettenis, millert, and hshoexer | |
959 | - deraadt@cvs.openbsd.org 2008/03/15 16:19:02 | |
960 | [monitor_fdpass.c] | |
961 | Repair the simple cases for msg_controllen where it should just be | |
962 | CMSG_SIZE(sizeof(int)), not sizeof(buffer) which may be larger because | |
963 | of alignment; ok kettenis hshoexer | |
964 | - djm@cvs.openbsd.org 2008/03/23 12:54:01 | |
965 | [sftp-client.c] | |
966 | prefer POSIX-style file renaming over filexfer rename behaviour if the | |
967 | server supports the posix-rename@openssh.com extension. | |
968 | Note that the old (filexfer) behaviour would refuse to clobber an | |
969 | existing file. Users who depended on this should adjust their sftp(1) | |
970 | usage. | |
971 | ok deraadt@ markus@ | |
972 | - deraadt@cvs.openbsd.org 2008/03/24 16:11:07 | |
973 | [monitor_fdpass.c] | |
974 | msg_controllen has to be CMSG_SPACE so that the kernel can account for | |
975 | each cmsg_len (ie. msg_controllen = sum of CMSG_ALIGN(cmsg_len). This | |
976 | works now that kernel fd passing has been fixed to accept a bit of | |
977 | sloppiness because of this ABI repair. | |
978 | lots of discussion with kettenis | |
979 | - djm@cvs.openbsd.org 2008/03/25 11:58:02 | |
980 | [session.c sshd_config.5] | |
981 | ignore ~/.ssh/rc if a sshd_config ForceCommand is specified; | |
982 | from dtucker@ ok deraadt@ djm@ | |
983 | - djm@cvs.openbsd.org 2008/03/25 23:01:41 | |
984 | [session.c] | |
985 | last patch had backwards test; spotted by termim AT gmail.com | |
986 | - djm@cvs.openbsd.org 2008/03/26 21:28:14 | |
987 | [auth-options.c auth-options.h session.c sshd.8] | |
988 | add no-user-rc authorized_keys option to disable execution of ~/.ssh/rc | |
989 | - djm@cvs.openbsd.org 2008/03/27 00:16:49 | |
990 | [version.h] | |
991 | openssh-4.9 | |
992 | - djm@cvs.openbsd.org 2008/03/24 21:46:54 | |
993 | [regress/sftp-badcmds.sh] | |
994 | disable no-replace rename test now that we prefer a POSIX rename; spotted | |
995 | by dkrause@ | |
996 | - (djm) [configure.ac] fix alignment of --without-stackprotect description | |
997 | - (djm) [configure.ac] --with-selinux too | |
998 | - (djm) [regress/Makefile] cleanup PuTTY interop test droppings | |
999 | - (djm) [README] Update link to release notes | |
1000 | - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] | |
1001 | [contrib/suse/openssh.spec] Crank version numbers in RPM spec files | |
1002 | - (djm) Release 4.9p1 | |
1003 | ||
1004 | 20080315 | |
1005 | - (djm) [regress/test-exec.sh] Quote putty-related variables in case they are | |
1006 | empty; report and patch from Peter Stuge | |
1007 | - (djm) [regress/test-exec.sh] Silence noise from detection of putty | |
1008 | commands; report from Peter Stuge | |
1009 | - (djm) [session.c] Relocate incorrectly-placed closefrom() that was causing | |
1010 | crashes when used with ChrootDirectory | |
1011 | ||
1012 | 20080314 | |
1013 | - (tim) [regress/sftp-cmds.sh] s/cd/lcd/ in lls test. Reported by | |
1014 | vinschen at redhat.com. Add () to put echo commands in subshell for lls test | |
1015 | I mistakenly left out of last commit. | |
1016 | - (tim) [regress/localcommand.sh] Shell portability fix. Reported by imorgan at | |
1017 | nas.nasa.gov | |
1018 | ||
1019 | 20080313 | |
1020 | - (djm) [Makefile.in regress/Makefile] Fix interop-tests target (note to | |
1021 | self: make changes to Makefile.in next time, not the generated Makefile). | |
1022 | - (djm) [Makefile.in regress/test-exec.sh] Find installed plink(1) and | |
1023 | puttygen(1) by $PATH | |
1024 | - (tim) [scp.c] Use poll.h if available, fall back to sys/poll.h if not. Patch | |
1025 | by vinschen at redhat.com. | |
1026 | - (tim) [regress/sftp-cmds.sh regress/ssh2putty.sh] Shell portability fixes | |
1027 | from vinschen at redhat.com and imorgan at nas.nasa.gov | |
1028 | ||
1029 | 20080312 | |
1030 | - (djm) OpenBSD CVS Sync | |
1031 | - dtucker@cvs.openbsd.org 2007/10/29 06:57:13 | |
1032 | [regress/Makefile regress/localcommand.sh] | |
1033 | Add simple regress test for LocalCommand; ok djm@ | |
1034 | - jmc@cvs.openbsd.org 2007/11/25 15:35:09 | |
1035 | [regress/agent-getpeereid.sh regress/agent.sh] | |
1036 | more existant -> existent, from Martynas Venckus; | |
1037 | pfctl changes: ok henning | |
1038 | ssh changes: ok deraadt | |
1039 | - djm@cvs.openbsd.org 2007/12/12 05:04:03 | |
1040 | [regress/sftp-cmds.sh] | |
1041 | unbreak lls command and add a regress test that would have caught the | |
1042 | breakage; spotted by mouring@ | |
1043 | NB. sftp code change already committed. | |
1044 | - djm@cvs.openbsd.org 2007/12/21 04:13:53 | |
1045 | [regress/Makefile regress/test-exec.sh regress/putty-ciphers.sh] | |
1046 | [regress/putty-kex.sh regress/putty-transfer.sh regress/ssh2putty.sh] | |
1047 | basic (crypto, kex and transfer) interop regression tests against putty | |
1048 | To run these, install putty and run "make interop-tests" from the build | |
1049 | directory - the tests aren't run by default yet. | |
1050 | ||
1051 | 20080311 | |
1052 | - (dtucker) [auth-pam.c monitor.c session.c sshd.c] Bug #926: Move | |
1053 | pam_open_session and pam_close_session into the privsep monitor, which | |
1054 | will ensure that pam_session_close is called as root. Patch from Tomas | |
1055 | Mraz. | |
1056 | ||
1057 | 20080309 | |
1058 | - (dtucker) [configure.ac] It turns out gcc's -fstack-protector-all doesn't | |
1059 | always work for all platforms and versions, so test what we can and | |
1060 | add a configure flag to turn it of if needed. ok djm@ | |
1061 | - (dtucker) [openbsd-compat/port-aix.{c,h}] Remove AIX specific initgroups | |
1062 | implementation. It's not needed to fix bug #1081 and breaks the build | |
1063 | on some AIX configurations. | |
1064 | - (dtucker) [openbsd-compat/regress/strtonumtest.c] Bug #1347: Use platform's | |
1065 | equivalent of LLONG_MAX for the compat regression tests, which makes them | |
1066 | run on AIX and HP-UX. Patch from David Leonard. | |
1067 | - (dtucker) [configure.ac] Run stack-protector tests with -Werror to catch | |
1068 | platforms where gcc understands the option but it's not supported (and | |
1069 | thus generates a warning). | |
1070 | ||
1071 | 20080307 | |
1072 | - (djm) OpenBSD CVS Sync | |
1073 | - jmc@cvs.openbsd.org 2008/02/11 07:58:28 | |
1074 | [ssh.1 sshd.8 sshd_config.5] | |
1075 | bump Mdocdate for pages committed in "febuary", necessary because | |
1076 | of a typo in rcs.c; | |
1077 | - djm@cvs.openbsd.org 2008/02/13 22:38:17 | |
1078 | [servconf.h session.c sshd.c] | |
1079 | rekey arc4random and OpenSSL RNG in postauth child | |
1080 | closefrom fds > 2 before shell/command execution | |
1081 | ok markus@ | |
1082 | - mbalmer@cvs.openbsd.org 2008/02/14 13:10:31 | |
1083 | [sshd.c] | |
1084 | When started in configuration test mode (-t) do not check that sshd is | |
1085 | being started with an absolute path. | |
1086 | ok djm | |
1087 | - markus@cvs.openbsd.org 2008/02/20 15:25:26 | |
1088 | [session.c] | |
1089 | correct boolean encoding for coredump; der Mouse via dugsong | |
1090 | - djm@cvs.openbsd.org 2008/02/22 05:58:56 | |
1091 | [session.c] | |
1092 | closefrom() call was too early, delay it until just before we execute | |
1093 | the user's rc files (if any). | |
1094 | - dtucker@cvs.openbsd.org 2008/02/22 20:44:02 | |
1095 | [clientloop.c packet.c packet.h serverloop.c] | |
1096 | Allow all SSH2 packet types, including UNIMPLEMENTED to reset the | |
1097 | keepalive timer (bz #1307). ok markus@ | |
1098 | - djm@cvs.openbsd.org 2008/02/27 20:21:15 | |
1099 | [sftp-server.c] | |
1100 | add an extension method "posix-rename@openssh.com" to perform POSIX atomic | |
1101 | rename() operations. based on patch from miklos AT szeredi.hu in bz#1400; | |
1102 | ok dtucker@ markus@ | |
1103 | - deraadt@cvs.openbsd.org 2008/03/02 18:19:35 | |
1104 | [monitor_fdpass.c] | |
1105 | use a union to ensure alignment of the cmsg (pay attention: various other | |
1106 | parts of the tree need this treatment too); ok djm | |
1107 | - deraadt@cvs.openbsd.org 2008/03/04 21:15:42 | |
1108 | [version.h] | |
1109 | crank version; from djm | |
1110 | - (tim) [regress/sftp-glob.sh] Shell portability fix. | |
1111 | ||
1112 | 20080302 | |
1113 | - (dtucker) [configure.ac] FreeBSD's glob() doesn't behave the way we expect | |
1114 | either, so use our own. | |
1115 | ||
1116 | 20080229 | |
1117 | - (dtucker) [openbsd-compat/bsd-poll.c] We don't check for select(2) in | |
1118 | configure (and there's not much point, as openssh won't work without it) | |
1119 | so HAVE_SELECT is not defined and the poll(2) compat code doesn't get | |
1120 | built in. Remove HAVE_SELECT so we can build on platforms without poll. | |
1121 | - (dtucker) [scp.c] Include sys/poll.h inside HAVE_SYS_POLL_H. | |
1122 | - (djm) [contrib/gnome-ssh-askpass2.h] Keep askpass windown on top. From | |
1123 | Debian patch via bernd AT openbsd.org | |
1124 | ||
1125 | 20080228 | |
1126 | - (dtucker) [configure.ac] Add -fstack-protector to LDFLAGS too, fixes | |
1127 | linking problems on AIX with gcc 4.1.x. | |
1128 | - (dtucker) [includes.h ssh-add.c ssh-agent.c ssh-keygen.c ssh.c sshd.c | |
1129 | openbsd-compat/openssl-compat.{c,h}] Bug #1437 Move the OpenSSL compat | |
1130 | header to after OpenSSL headers, since some versions of OpenSSL have | |
1131 | SSLeay_add_all_algorithms as a macro already. | |
1132 | - (dtucker) [key.c defines.h openbsd-compat/openssl-compat.h] Move old OpenSSL | |
1133 | compat glue into openssl-compat.h. | |
1134 | - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Bug #1081: Implement | |
1135 | getgrouplist via getgrset on AIX, rather than iterating over getgrent. | |
1136 | This allows, eg, Match and AllowGroups directives to work with NIS and | |
1137 | LDAP groups. | |
1138 | - (dtucker) [sshd.c] Bug #1042: make log messages for tcpwrappers use the | |
1139 | same SyslogFacility as the rest of sshd. Patch from William Knox, | |
1140 | ok djm@. | |
1141 | ||
1142 | 20080225 | |
1143 | - (dtucker) [openbsd-compat/fake-rfc2553.h] rename ssh_gai_strerror hack | |
1144 | since it now conflicts with the helper function in misc.c. From | |
1145 | vinschen AT redhat.com. | |
1146 | - (dtucker) [configure.ac audit-bsm.c] Bug #1420: Add a local implementation | |
1147 | of aug_get_machine for systems that don't have their own (eg OS X, FreeBSD). | |
1148 | Help and testing from csjp at FreeBSD org, vgiffin at apple com. ok djm@ | |
1149 | - (dtucker) [includes.h openbsd-compat/openssl-compat.c] Bug #1437: reshuffle | |
1150 | headers so ./configure --with-ssl-engine actually works. Patch from | |
1151 | Ian Lister. | |
1152 | ||
1153 | 20080224 | |
1154 | - (tim) [contrib/cygwin/ssh-host-config] | |
1155 | Grammar changes on SYSCONFDIR LOCALSTATEDIR messages. | |
1156 | Check more thoroughly that it's possible to create the /var/empty directory. | |
1157 | Patch by vinschen AT redhat.com | |
1158 | ||
1159 | 20080210 | |
1160 | - OpenBSD CVS Sync | |
1161 | - chl@cvs.openbsd.org 2008/01/11 07:22:28 | |
1162 | [sftp-client.c sftp-client.h] | |
1163 | disable unused functions | |
1164 | initially from tobias@, but disabled them by placing them in | |
1165 | "#ifdef notyet" which was asked by djm@ | |
1166 | ok djm@ tobias@ | |
1167 | - djm@cvs.openbsd.org 2008/01/19 19:13:28 | |
1168 | [ssh.1] | |
1169 | satisfy the pedants: -q does not suppress all diagnostic messages (e.g. | |
1170 | some commandline parsing warnings go unconditionally to stdout). | |
1171 | - djm@cvs.openbsd.org 2008/01/19 20:48:53 | |
1172 | [clientloop.c] | |
1173 | fd leak on session multiplexing error path. Report and patch from | |
1174 | gregory_shively AT fanniemae.com | |
1175 | - djm@cvs.openbsd.org 2008/01/19 20:51:26 | |
1176 | [ssh.c] | |
1177 | ignore SIGPIPE in multiplex client mode - we can receive this if the | |
1178 | server runs out of fds on us midway. Report and patch from | |
1179 | gregory_shively AT fanniemae.com | |
1180 | - djm@cvs.openbsd.org 2008/01/19 22:04:57 | |
1181 | [sftp-client.c] | |
1182 | fix remote handle leak in do_download() local file open error path; | |
1183 | report and fix from sworley AT chkno.net | |
1184 | - djm@cvs.openbsd.org 2008/01/19 22:22:58 | |
1185 | [ssh-keygen.c] | |
1186 | when hashing individual hosts (ssh-keygen -Hf hostname), make sure we | |
1187 | hash just the specified hostname and not the entire hostspec from the | |
1188 | keyfile. It may be of the form "hostname,ipaddr", which would lead to | |
1189 | a hash that never matches. report and fix from jp AT devnull.cz | |
1190 | - djm@cvs.openbsd.org 2008/01/19 22:37:19 | |
1191 | [ssh-keygen.c] | |
1192 | unbreak line numbering (broken in revision 1.164), fix error message | |
1193 | - djm@cvs.openbsd.org 2008/01/19 23:02:40 | |
1194 | [channels.c] | |
1195 | When we added support for specified bind addresses for port forwards, we | |
1196 | added a quirk SSH_OLD_FORWARD_ADDR. There is a bug in our handling of | |
1197 | this for -L port forwards that causes the client to listen on both v4 | |
1198 | and v6 addresses when connected to a server with this quirk, despite | |
1199 | having set 0.0.0.0 as a bind_address. | |
1200 | report and patch from Jan.Pechanec AT Sun.COM; ok dtucker@ | |
1201 | - djm@cvs.openbsd.org 2008/01/19 23:09:49 | |
1202 | [readconf.c readconf.h sshconnect2.c] | |
1203 | promote rekeylimit to a int64 so it can hold the maximum useful limit | |
1204 | of 2^32; report and patch from Jan.Pechanec AT Sun.COM, ok dtucker@ | |
1205 | - djm@cvs.openbsd.org 2008/01/20 00:38:30 | |
1206 | [sftp.c] | |
1207 | When uploading, correctly handle the case of an unquoted filename with | |
1208 | glob metacharacters that match a file exactly but not as a glob, e.g. a | |
1209 | file called "[abcd]". report and test cases from duncan2nd AT gmx.de | |
1210 | - djm@cvs.openbsd.org 2008/01/21 17:24:30 | |
1211 | [sftp-server.c] | |
1212 | Remove the fixed 100 handle limit in sftp-server and allocate as many | |
1213 | as we have available file descriptors. Patch from miklos AT szeredi.hu; | |
1214 | ok dtucker@ markus@ | |
1215 | - djm@cvs.openbsd.org 2008/01/21 19:20:17 | |
1216 | [sftp-client.c] | |
1217 | when a remote write error occurs during an upload, ensure that ACKs for | |
1218 | all issued requests are properly drained. patch from t8m AT centrum.cz | |
1219 | - dtucker@cvs.openbsd.org 2008/01/23 01:56:54 | |
1220 | [clientloop.c packet.c serverloop.c] | |
1221 | Revert the change for bz #1307 as it causes connection aborts if an IGNORE | |
1222 | packet arrives while we're waiting in packet_read_expect (and possibly | |
1223 | elsewhere). | |
1224 | - jmc@cvs.openbsd.org 2008/01/31 20:06:50 | |
1225 | [scp.1] | |
1226 | explain how to handle local file names containing colons; | |
1227 | requested by Tamas TEVESZ | |
1228 | ok dtucker | |
1229 | - markus@cvs.openbsd.org 2008/02/04 21:53:00 | |
1230 | [session.c sftp-server.c sftp.h] | |
1231 | link sftp-server into sshd; feedback and ok djm@ | |
1232 | - mcbride@cvs.openbsd.org 2008/02/09 12:15:43 | |
1233 | [ssh.1 sshd.8] | |
1234 | Document the correct permissions for the ~/.ssh/ directory. | |
1235 | ok jmc | |
1236 | - djm@cvs.openbsd.org 2008/02/10 09:55:37 | |
1237 | [sshd_config.5] | |
1238 | mantion that "internal-sftp" is useful with ForceCommand too | |
1239 | - djm@cvs.openbsd.org 2008/02/10 10:54:29 | |
1240 | [servconf.c session.c] | |
1241 | delay ~ expansion for ChrootDirectory so it expands to the logged-in user's | |
1242 | home, rather than the user who starts sshd (probably root) | |
1243 | ||
1244 | 20080119 | |
1245 | - (djm) Silence noice from expr in ssh-copy-id; patch from | |
1246 | mikel AT mikelward.com | |
1247 | - (djm) Only listen for IPv6 connections on AF_INET6 sockets; patch from | |
1248 | tsr2600 AT gmail.com | |
1249 | ||
1250 | 20080102 | |
1251 | - (dtucker) [configure.ac] Fix message for -fstack-protector-all test. | |
1252 | ||
1253 | 20080101 | |
1254 | - (dtucker) OpenBSD CVS Sync | |
1255 | - dtucker@cvs.openbsd.org 2007/12/31 10:41:31 | |
1256 | [readconf.c servconf.c] | |
1257 | Prevent strict-aliasing warnings on newer gcc versions. bz #1355, patch | |
1258 | from Dmitry V. Levin, ok djm@ | |
1259 | - dtucker@cvs.openbsd.org 2007/12/31 15:27:04 | |
1260 | [sshd.c] | |
1261 | When in inetd mode, have sshd generate a Protocol 1 ephemeral server | |
1262 | key only for connections where the client chooses Protocol 1 as opposed | |
1263 | to when it's enabled in the server's config. Speeds up Protocol 2 | |
1264 | connections to inetd-mode servers that also allow Protocol 1. bz #440, | |
1265 | based on a patch from bruno at wolff.to, ok markus@ | |
1266 | - dtucker@cvs.openbsd.org 2008/01/01 08:47:04 | |
1267 | [misc.c] | |
1268 | spaces -> tabs from my previous commit | |
1269 | - dtucker@cvs.openbsd.org 2008/01/01 09:06:39 | |
1270 | [scp.c] | |
1271 | If scp -p encounters a pre-epoch timestamp, use the epoch which is | |
1272 | as close as we can get given that it's used unsigned. Add a little | |
1273 | debugging while there. bz #828, ok djm@ | |
1274 | - dtucker@cvs.openbsd.org 2008/01/01 09:27:33 | |
1275 | [sshd_config.5 servconf.c] | |
1276 | Allow PermitRootLogin in a Match block. Allows for, eg, permitting root | |
1277 | only from the local network. ok markus@, man page bit ok jmc@ | |
1278 | - dtucker@cvs.openbsd.org 2008/01/01 08:51:20 | |
1279 | [moduli] | |
1280 | Updated moduli file; ok djm@ | |
1281 | ||
1282 | 20071231 | |
1283 | - (dtucker) [configure.ac openbsd-compat/glob.{c,h}] Bug #1407: force use of | |
1284 | builtin glob implementation on Mac OS X. Based on a patch from | |
1285 | vgiffin at apple. | |
1286 | ||
1287 | 20071229 | |
1288 | - (dtucker) OpenBSD CVS Sync | |
1289 | - djm@cvs.openbsd.org 2007/12/12 05:04:03 | |
1290 | [sftp.c] | |
1291 | unbreak lls command and add a regress test that would have caught the | |
1292 | breakage; spotted by mouring@ | |
1293 | - dtucker@cvs.openbsd.org 2007/12/27 14:22:08 | |
1294 | [servconf.c canohost.c misc.c channels.c sshconnect.c misc.h ssh-keyscan.c | |
1295 | sshd.c] | |
1296 | Add a small helper function to consistently handle the EAI_SYSTEM error | |
1297 | code of getaddrinfo. Prompted by vgiffin at apple com via bz #1417. | |
1298 | ok markus@ stevesk@ | |
1299 | - dtucker@cvs.openbsd.org 2007/12/28 15:32:24 | |
1300 | [clientloop.c serverloop.c packet.c] | |
1301 | Make SSH2_MSG_UNIMPLEMENTED and SSH2_MSG_IGNORE messages reset the | |
1302 | ServerAlive and ClientAlive timers. Prevents dropping a connection | |
1303 | when these are enabled but the peer does not support our keepalives. | |
1304 | bz #1307, ok djm@. | |
1305 | - dtucker@cvs.openbsd.org 2007/12/28 22:34:47 | |
1306 | [clientloop.c] | |
1307 | Use the correct packet maximum sizes for remote port and agent forwarding. | |
1308 | Prevents the server from killing the connection if too much data is queued | |
1309 | and an excessively large packet gets sent. bz #1360, ok djm@. | |
1310 | ||
1311 | 20071202 | |
1312 | - (dtucker) [configure.ac] Enable -fstack-protector-all on systems where | |
1313 | gcc supports it. ok djm@ | |
1314 | - (dtucker) [scp.c] Update $OpenBSD tag missing from rev 1.175 and remove | |
1315 | leftover debug code. | |
1316 | - (dtucker) OpenBSD CVS Sync | |
1317 | - dtucker@cvs.openbsd.org 2007/10/29 00:52:45 | |
1318 | [auth2-gss.c] | |
1319 | Allow build without -DGSSAPI; ok deraadt@ | |
1320 | (Id sync only, Portable already has the ifdefs) | |
1321 | - dtucker@cvs.openbsd.org 2007/10/29 01:55:04 | |
1322 | [ssh.c] | |
1323 | Plug tiny mem leaks in ControlPath and ProxyCommand option processing; | |
1324 | ok djm@ | |
1325 | - dtucker@cvs.openbsd.org 2007/10/29 04:08:08 | |
1326 | [monitor_wrap.c monitor.c] | |
1327 | Send config block back to slave for invalid users too so options | |
1328 | set by a Match block (eg Banner) behave the same for non-existent | |
1329 | users. Found by and ok djm@ | |
1330 | - dtucker@cvs.openbsd.org 2007/10/29 06:51:59 | |
1331 | [ssh_config.5] | |
1332 | ProxyCommand and LocalCommand use the user's shell, not /bin/sh; ok djm@ | |
1333 | - dtucker@cvs.openbsd.org 2007/10/29 06:54:50 | |
1334 | [ssh.c] | |
1335 | Make LocalCommand work for Protocol 1 too; ok djm@ | |
1336 | - jmc@cvs.openbsd.org 2007/10/29 07:48:19 | |
1337 | [ssh_config.5] | |
1338 | clean up after previous macro removal; | |
1339 | - djm@cvs.openbsd.org 2007/11/03 00:36:14 | |
1340 | [clientloop.c] | |
1341 | fix memory leak in process_cmdline(), patch from Jan.Pechanec AT Sun.COM; | |
1342 | ok dtucker@ | |
1343 | - deraadt@cvs.openbsd.org 2007/11/03 01:24:06 | |
1344 | [ssh.c] | |
1345 | bz #1377: getpwuid results were being clobbered by another getpw* call | |
1346 | inside tilde_expand_filename(); save the data we need carefully | |
1347 | ok djm | |
1348 | - dtucker@cvs.openbsd.org 2007/11/03 02:00:32 | |
1349 | [ssh.c] | |
1350 | Use xstrdup/xfree when saving pwname and pwdir; ok deraadt@ | |
1351 | - deraadt@cvs.openbsd.org 2007/11/03 02:03:49 | |
1352 | [ssh.c] | |
1353 | avoid errno trashing in signal handler; ok dtucker | |
1354 | ||
1355 | 20071030 | |
1356 | - (djm) OpenBSD CVS Sync | |
1357 | - djm@cvs.openbsd.org 2007/10/29 23:49:41 | |
1358 | [openbsd-compat/sys-tree.h] | |
1359 | remove extra backslash at the end of RB_PROTOTYPE, report from | |
1360 | Jan.Pechanec AT Sun.COM; ok deraadt@ | |
1361 | ||
1362 | 20071026 | |
1363 | - (djm) OpenBSD CVS Sync | |
1364 | - stevesk@cvs.openbsd.org 2007/09/11 23:49:09 | |
1365 | [sshpty.c] | |
1366 | remove #if defined block not needed; ok markus@ dtucker@ | |
1367 | (NB. RCD ID sync only for portable) | |
1368 | - djm@cvs.openbsd.org 2007/09/21 03:05:23 | |
1369 | [ssh_config.5] | |
1370 | document KbdInteractiveAuthentication in ssh_config.5; | |
1371 | patch from dkg AT fifthhorseman.net | |
1372 | - djm@cvs.openbsd.org 2007/09/21 08:15:29 | |
1373 | [auth-bsdauth.c auth-passwd.c auth.c auth.h auth1.c auth2-chall.c] | |
1374 | [monitor.c monitor_wrap.c] | |
1375 | unifdef -DBSD_AUTH | |
1376 | unifdef -USKEY | |
1377 | These options have been in use for some years; | |
1378 | ok markus@ "no objection" millert@ | |
1379 | (NB. RCD ID sync only for portable) | |
1380 | - canacar@cvs.openbsd.org 2007/09/25 23:48:57 | |
1381 | [ssh-agent.c] | |
1382 | When adding a key that already exists, update the properties | |
1383 | (time, confirm, comment) instead of discarding them. ok djm@ markus@ | |
1384 | - ray@cvs.openbsd.org 2007/09/27 00:15:57 | |
1385 | [dh.c] | |
1386 | Don't return -1 on error in dh_pub_is_valid(), since it evaluates | |
1387 | to true. | |
1388 | Also fix a typo. | |
1389 | Initial diff from Matthew Dempsky, input from djm. | |
1390 | OK djm, markus. | |
1391 | - dtucker@cvs.openbsd.org 2007/09/29 00:25:51 | |
1392 | [auth2.c] | |
1393 | Remove unused prototype. ok djm@ | |
1394 | - chl@cvs.openbsd.org 2007/10/02 17:49:58 | |
1395 | [ssh-keygen.c] | |
1396 | handles zero-sized strings that fgets can return | |
1397 | properly removes trailing newline | |
1398 | removes an unused variable | |
1399 | correctly counts line number | |
1400 | "looks ok" ray@ markus@ | |
1401 | - markus@cvs.openbsd.org 2007/10/22 19:10:24 | |
1402 | [readconf.c] | |
1403 | make sure that both the local and remote port are correct when | |
1404 | parsing -L; Jan Pechanec (bz #1378) | |
1405 | - djm@cvs.openbsd.org 2007/10/24 03:30:02 | |
1406 | [sftp.c] | |
1407 | rework argument splitting and parsing to cope correctly with common | |
1408 | shell escapes and make handling of escaped characters consistent | |
1409 | with sh(1) and between sftp commands (especially between ones that | |
1410 | glob their arguments and ones that don't). | |
1411 | parse command flags using getopt(3) rather than hand-rolled parsers. | |
1412 | ok dtucker@ | |
1413 | - djm@cvs.openbsd.org 2007/10/24 03:44:02 | |
1414 | [scp.c] | |
1415 | factor out network read/write into an atomicio()-like function, and | |
1416 | use it to handle short reads, apply bandwidth limits and update | |
1417 | counters. make network IO non-blocking, so a small trickle of | |
1418 | reads/writes has a chance of updating the progress meter; bz #799 | |
1419 | ok dtucker@ | |
1420 | - djm@cvs.openbsd.org 2006/08/29 09:44:00 | |
1421 | [regress/sftp-cmds.sh] | |
1422 | clean up our mess | |
1423 | - markus@cvs.openbsd.org 2006/11/06 09:27:43 | |
1424 | [regress/cfgmatch.sh] | |
1425 | fix quoting for non-(c)sh login shells. | |
1426 | - dtucker@cvs.openbsd.org 2006/12/13 08:36:36 | |
1427 | [regress/cfgmatch.sh] | |
1428 | Additional test for multiple PermitOpen entries. ok djm@ | |
1429 | - pvalchev@cvs.openbsd.org 2007/06/07 19:41:46 | |
1430 | [regress/cipher-speed.sh regress/try-ciphers.sh] | |
1431 | test umac-64@openssh.com | |
1432 | ok djm@ | |
1433 | - djm@cvs.openbsd.org 2007/10/24 03:32:35 | |
1434 | [regress/sftp-cmds.sh regress/sftp-glob.sh regress/test-exec.sh] | |
1435 | comprehensive tests for sftp escaping its interaction with globbing; | |
1436 | ok dtucker@ | |
1437 | - djm@cvs.openbsd.org 2007/10/26 05:30:01 | |
1438 | [regress/sftp-glob.sh regress/test-exec.sh] | |
1439 | remove "echo -E" crap that I added in last commit and use printf(1) for | |
1440 | cases where we strictly require echo not to reprocess escape characters. | |
1441 | - deraadt@cvs.openbsd.org 2005/11/28 17:50:12 | |
1442 | [openbsd-compat/glob.c] | |
1443 | unused arg in internal static API | |
1444 | - jakob@cvs.openbsd.org 2007/10/11 18:36:41 | |
1445 | [openbsd-compat/getrrsetbyname.c openbsd-compat/getrrsetbyname.h] | |
1446 | use RRSIG instead of SIG for DNSSEC. ok djm@ | |
1447 | - otto@cvs.openbsd.org 2006/10/21 09:55:03 | |
1448 | [openbsd-compat/base64.c] | |
1449 | remove calls to abort(3) that can't happen anyway; from | |
1450 | <bret dot lambert at gmail.com>; ok millert@ deraadt@ | |
1451 | - frantzen@cvs.openbsd.org 2004/04/24 18:11:46 | |
1452 | [openbsd-compat/sys-tree.h] | |
1453 | sync to Niels Provos' version. avoid unused variable warning in | |
1454 | RB_NEXT() | |
1455 | - tdeval@cvs.openbsd.org 2004/11/24 18:10:42 | |
1456 | [openbsd-compat/sys-tree.h] | |
1457 | typo | |
1458 | - grange@cvs.openbsd.org 2004/05/04 16:59:32 | |
1459 | [openbsd-compat/sys-queue.h] | |
1460 | Remove useless ``elm'' argument from the SIMPLEQ_REMOVE_HEAD macro. | |
1461 | This matches our SLIST behaviour and NetBSD's SIMPLEQ as well. | |
1462 | ok millert krw deraadt | |
1463 | - deraadt@cvs.openbsd.org 2005/02/25 13:29:30 | |
1464 | [openbsd-compat/sys-queue.h] | |
1465 | minor white spacing | |
1466 | - otto@cvs.openbsd.org 2005/10/17 20:19:42 | |
1467 | [openbsd-compat/sys-queue.h] | |
1468 | Performing certain operations on queue.h data structurs produced | |
1469 | funny results. An example is calling LIST_REMOVE on the same | |
1470 | element twice. This will not fail, but result in a data structure | |
1471 | referencing who knows what. Prevent these accidents by NULLing some | |
1472 | fields on remove and replace. This way, either a panic or segfault | |
1473 | will be produced on the faulty operation. | |
1474 | - otto@cvs.openbsd.org 2005/10/24 20:25:14 | |
1475 | [openbsd-compat/sys-queue.h] | |
1476 | Partly backout. NOLIST, used in LISTs is probably interfering. | |
1477 | requested by deraadt@ | |
1478 | - otto@cvs.openbsd.org 2005/10/25 06:37:47 | |
1479 | [openbsd-compat/sys-queue.h] | |
1480 | Some uvm problem is being exposed with the more strict macros. | |
1481 | Revert until we've found out what's causing the panics. | |
1482 | - otto@cvs.openbsd.org 2005/11/25 08:06:25 | |
1483 | [openbsd-compat/sys-queue.h] | |
1484 | Introduce debugging aid for queue macros. Disabled by default; but | |
1485 | developers are encouraged to run with this enabled. | |
1486 | ok krw@ fgsch@ deraadt@ | |
1487 | - otto@cvs.openbsd.org 2007/04/30 18:42:34 | |
1488 | [openbsd-compat/sys-queue.h] | |
1489 | Enable QUEUE_MACRO_DEBUG on DIAGNOSTIC kernels. | |
1490 | Input and okays from krw@, millert@, otto@, deraadt@, miod@. | |
1491 | - millert@cvs.openbsd.org 2004/10/07 16:56:11 | |
1492 | GLOB_NOESCAPE is POSIX so move it out of the #ifndef _POSIX_SOURCE | |
1493 | block. | |
1494 | (NB. mostly an RCS ID sync, as portable strips out the conditionals) | |
1495 | - (djm) [regress/sftp-cmds.sh] | |
1496 | Use more restrictive glob to pick up test files from /bin - some platforms | |
1497 | ship broken symlinks there which could spoil the test. | |
1498 | - (djm) [openbsd-compat/bindresvport.c] | |
1499 | Sync RCS ID after irrelevant (for portable OpenSSH) header shuffling | |
1500 | ||
1501 | 20070927 | |
1502 | - (dtucker) [configure.ac atomicio.c] Fall back to including <sys/poll.h> if | |
1503 | we don't have <poll.h> (eq QNX). From bacon at cs nyu edu. | |
1504 | - (dtucker) [configure.ac defines.h] Shadow expiry does not work on QNX6 | |
1505 | so disable it for that platform. From bacon at cs nyu edu. | |
1506 | ||
1507 | 20070921 | |
1508 | - (djm) [atomicio.c] Fix spin avoidance for platforms that define | |
1509 | EWOULDBLOCK; patch from ben AT psc.edu | |
1510 | ||
1511 | 20070917 | |
1512 | - (djm) OpenBSD CVS Sync | |
1513 | - djm@cvs.openbsd.org 2007/08/23 02:49:43 | |
1514 | [auth-passwd.c auth.c session.c] | |
1515 | unifdef HAVE_LOGIN_CAP; ok deraadt@ millert@ | |
1516 | NB. RCS ID sync only for portable | |
1517 | - djm@cvs.openbsd.org 2007/08/23 02:55:51 | |
1518 | [auth-passwd.c auth.c session.c] | |
1519 | missed include bits from last commit | |
1520 | NB. RCS ID sync only for portable | |
1521 | - djm@cvs.openbsd.org 2007/08/23 03:06:10 | |
1522 | [auth.h] | |
1523 | login_cap.h doesn't belong here | |
1524 | NB. RCS ID sync only for portable | |
1525 | - djm@cvs.openbsd.org 2007/08/23 03:22:16 | |
1526 | [auth2-none.c sshd_config sshd_config.5] | |
1527 | Support "Banner=none" to disable displaying of the pre-login banner; | |
1528 | ok dtucker@ deraadt@ | |
1529 | - djm@cvs.openbsd.org 2007/08/23 03:23:26 | |
1530 | [sshconnect.c] | |
1531 | Execute ProxyCommands with $SHELL rather than /bin/sh unconditionally | |
1532 | - djm@cvs.openbsd.org 2007/09/04 03:21:03 | |
1533 | [clientloop.c monitor.c monitor_fdpass.c monitor_fdpass.h] | |
1534 | [monitor_wrap.c ssh.c] | |
1535 | make file descriptor passing code return an error rather than call fatal() | |
1536 | when it encounters problems, and use this to make session multiplexing | |
1537 | masters survive slaves failing to pass all stdio FDs; ok markus@ | |
1538 | - djm@cvs.openbsd.org 2007/09/04 11:15:56 | |
1539 | [ssh.c sshconnect.c sshconnect.h] | |
1540 | make ssh(1)'s ConnectTimeout option apply to both the TCP connection and | |
1541 | SSH banner exchange (previously it just covered the TCP connection). | |
1542 | This allows callers of ssh(1) to better detect and deal with stuck servers | |
1543 | that accept a TCP connection but don't progress the protocol, and also | |
1544 | makes ConnectTimeout useful for connections via a ProxyCommand; | |
1545 | feedback and "looks ok" markus@ | |
1546 | - sobrado@cvs.openbsd.org 2007/09/09 11:38:01 | |
1547 | [ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.c] | |
1548 | sort synopsis and options in ssh-agent(1); usage is lowercase | |
1549 | ok jmc@ | |
1550 | - stevesk@cvs.openbsd.org 2007/09/11 04:36:29 | |
1551 | [sshpty.c] | |
1552 | sort #include | |
1553 | NB. RCS ID sync only | |
1554 | - gilles@cvs.openbsd.org 2007/09/11 15:47:17 | |
1555 | [session.c ssh-keygen.c sshlogin.c] | |
1556 | use strcspn to properly overwrite '\n' in fgets returned buffer | |
1557 | ok pyr@, ray@, millert@, moritz@, chl@ | |
1558 | - stevesk@cvs.openbsd.org 2007/09/11 23:49:09 | |
1559 | [sshpty.c] | |
1560 | remove #if defined block not needed; ok markus@ dtucker@ | |
1561 | NB. RCS ID sync only | |
1562 | - stevesk@cvs.openbsd.org 2007/09/12 19:39:19 | |
1563 | [umac.c] | |
1564 | use xmalloc() and xfree(); ok markus@ pvalchev@ | |
1565 | - djm@cvs.openbsd.org 2007/09/13 04:39:04 | |
1566 | [sftp-server.c] | |
1567 | fix incorrect test when setting syslog facility; from Jan Pechanec | |
1568 | - djm@cvs.openbsd.org 2007/09/16 00:55:52 | |
1569 | [sftp-client.c] | |
1570 | use off_t instead of u_int64_t for file offsets, matching what the | |
1571 | progressmeter code expects; bz #842 | |
1572 | - (tim) [defines.h] Fix regression in long password support on OpenServer 6. | |
1573 | Problem report and additional testing rac AT tenzing.org. | |
1574 | ||
1575 | 20070914 | |
1576 | - (dtucker) [openbsd-compat/bsd-asprintf.c] Plug mem leak in error path. | |
1577 | Patch from Jan.Pechanec at sun com. | |
1578 | ||
1579 | 20070910 | |
1580 | - (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1358: Always | |
1581 | return 0 on successful test. From David.Leonard at quest com. | |
1582 | - (tim) [configure.ac] Autoconf didn't define HAVE_LIBIAF because we | |
1583 | did a AC_CHECK_FUNCS within the AC_CHECK_LIB test. | |
1584 | ||
1585 | 20070817 | |
1586 | - (dtucker) [sshd.8] Many Linux variants use a single "!" to denote locked | |
1587 | accounts and that's what the code looks for, so make man page and code | |
1588 | agree. Pointed out by Roumen Petrov. | |
1589 | - (dtucker) [INSTALL] Group the parts describing random options and PAM | |
1590 | implementations together which is hopefully more coherent. | |
1591 | - (dtucker) [INSTALL] the pid file is sshd.pid not ssh.pid. | |
1592 | - (dtucker) [INSTALL] Give PAM its own heading. | |
1593 | - (dtucker) [INSTALL] Link to tcpwrappers. | |
1594 | ||
1595 | 20070816 | |
1596 | - (dtucker) [session.c] Call PAM cleanup functions for unauthenticated | |
1597 | connections too. Based on a patch from Sandro Wefel, with & ok djm@ | |
1598 | ||
1599 | 20070815 | |
1600 | - (dtucker) OpenBSD CVS Sync | |
1601 | - markus@cvs.openbsd.org 2007/08/15 08:14:46 | |
1602 | [clientloop.c] | |
1603 | do NOT fall back to the trused x11 cookie if generation of an untrusted | |
1604 | cookie fails; from Jan Pechanec, via security-alert at sun.com; | |
1605 | ok dtucker | |
1606 | - markus@cvs.openbsd.org 2007/08/15 08:16:49 | |
1607 | [version.h] | |
1608 | openssh 4.7 | |
1609 | - stevesk@cvs.openbsd.org 2007/08/15 12:13:41 | |
1610 | [ssh_config.5] | |
1611 | tun device forwarding now honours ExitOnForwardFailure; ok markus@ | |
1612 | - (dtucker) [openbsd-compat/bsd-cray.c] Remove debug from signal handler. | |
1613 | ok djm@ | |
1614 | - (dtucker) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec | |
1615 | contrib/suse/openssh.spec] Crank version. | |
1616 | ||
1617 | 20070813 | |
1618 | - (dtucker) [session.c] Bug #1339: ensure that pam_setcred() is always | |
1619 | called with PAM_ESTABLISH_CRED at least once, which resolves a problem | |
1620 | with pam_dhkeys. Patch from David Leonard, ok djm@ | |
1621 | ||
1622 | 20070810 | |
1623 | - (dtucker) [auth-pam.c] Use sigdie here too. ok djm@ | |
1624 | - (dtucker) [configure.ac] Bug #1343: Set DISABLE_FD_PASSING for QNX6. From | |
1625 | Matt Kraai, ok djm@ | |
1626 | ||
1627 | 20070809 | |
1628 | - (dtucker) [openbsd-compat/port-aix.c] Comment typo. | |
1629 | - (dtucker) [README.platform] Document the interaction between PermitRootLogin | |
1630 | and the AIX native login restrictions. | |
1631 | - (dtucker) [defines.h] Remove _PATH_{CSHELL,SHELLS} which aren't | |
1632 | used anywhere and are a potential source of warnings. | |
1633 | ||
1634 | 20070808 | |
1635 | - (djm) OpenBSD CVS Sync | |
1636 | - ray@cvs.openbsd.org 2007/07/12 05:48:05 | |
1637 | [key.c] | |
1638 | Delint: remove some unreachable statements, from Bret Lambert. | |
1639 | OK markus@ and dtucker@. | |
1640 | - sobrado@cvs.openbsd.org 2007/08/06 19:16:06 | |
1641 | [scp.1 scp.c] | |
1642 | the ellipsis is not an optional argument; while here, sync the usage | |
1643 | and synopsis of commands | |
1644 | lots of good ideas by jmc@ | |
1645 | ok jmc@ | |
1646 | - djm@cvs.openbsd.org 2007/08/07 07:32:53 | |
1647 | [clientloop.c clientloop.h ssh.c] | |
1648 | bz#1232: ensure that any specified LocalCommand is executed after the | |
1649 | tunnel device is opened. Also, make failures to open a tunnel device | |
1650 | fatal when ExitOnForwardFailure is active. | |
1651 | Reported by h.goebel AT goebel-consult.de; ok dtucker markus reyk deraadt | |
1652 | ||
1653 | 20070724 | |
1654 | - (tim) [openssh.xml.in] make FMRI match what package scripts use. | |
1655 | - (tim) [openbsd-compat/regress/closefromtest.c] Bug 1345: fix open() call. | |
1656 | Report/patch by David.Leonard AT quest.com (and Bernhard Simon) | |
1657 | - (tim) [buildpkg.sh.in openssh.xml.in] Allow more flexibility where smf(5) | |
1658 | - (tim) [buildpkg.sh.in] s|$FAKE_ROOT/${sysconfdir}|$FAKE_ROOT${sysconfdir}| | |
1659 | ||
1660 | 20070628 | |
1661 | - (djm) bz#1325: Fix SELinux in permissive mode where it would | |
1662 | incorrectly fatal() on errors. patch from cjwatson AT debian.org; | |
1663 | ok dtucker | |
1664 | ||
1665 | 20070625 | |
1666 | - (dtucker) OpenBSD CVS Sync | |
1667 | - djm@cvs.openbsd.org 2007/06/13 00:21:27 | |
1668 | [scp.c] | |
1669 | don't ftruncate() non-regular files; bz#1236 reported by wood AT | |
1670 | xmission.com; ok dtucker@ | |
1671 | - djm@cvs.openbsd.org 2007/06/14 21:43:25 | |
1672 | [ssh.c] | |
1673 | handle EINTR when waiting for mux exit status properly | |
1674 | - djm@cvs.openbsd.org 2007/06/14 22:48:05 | |
1675 | [ssh.c] | |
1676 | when waiting for the multiplex exit status, read until the master end | |
1677 | writes an entire int of data *and* closes the client_fd; fixes mux | |
1678 | regression spotted by dtucker, ok dtucker@ | |
1679 | - djm@cvs.openbsd.org 2007/06/19 02:04:43 | |
1680 | [atomicio.c] | |
1681 | if the fd passed to atomicio/atomiciov() is non blocking, then poll() to | |
1682 | avoid a spin if it is not yet ready for reading/writing; ok dtucker@ | |
1683 | - dtucker@cvs.openbsd.org 2007/06/25 08:20:03 | |
1684 | [channels.c] | |
1685 | Correct test for window updates every three packets; prevents sending | |
1686 | window updates for every single packet. ok markus@ | |
1687 | - dtucker@cvs.openbsd.org 2007/06/25 12:02:27 | |
1688 | [atomicio.c] | |
1689 | Include <poll.h> like the man page says rather than <sys/poll.h>. ok djm@ | |
1690 | - (dtucker) [atomicio.c] Test for EWOULDBLOCK in atomiciov to match | |
1691 | atomicio. | |
1692 | - (dtucker) [atomicio.c configure.ac openbsd-compat/Makefile.in | |
1693 | openbsd-compat/bsd-poll.{c,h} openbsd-compat/openbsd-compat.h] | |
1694 | Add an implementation of poll() built on top of select(2). Code from | |
1695 | OpenNTPD with changes suggested by djm. ok djm@ | |
1696 | ||
1697 | 20070614 | |
1698 | - (dtucker) [cipher-ctr.c umac.c openbsd-compat/openssl-compat.h] Move the | |
1699 | USE_BUILTIN_RIJNDAEL compat goop to openssl-compat.h so it can be | |
1700 | shared with umac.c. Allows building with OpenSSL 0.9.5 again including | |
1701 | umac support. With tim@ djm@, ok djm. | |
1702 | - (dtucker) [openbsd-compat/openssl-compat.h] Merge USE_BUILTIN_RIJNDAEL | |
1703 | sections. Fixes builds with early OpenSSL 0.9.6 versions. | |
1704 | - (dtucker) [openbsd-compat/openssl-compat.h] Remove redundant definition | |
1705 | of USE_BUILTIN_RIJNDAEL since the <0.9.6 test is covered by the | |
1706 | subsequent <0.9.7 test. | |
1707 | ||
1708 | 20070612 | |
1709 | - (dtucker) OpenBSD CVS Sync | |
1710 | - markus@cvs.openbsd.org 2007/06/11 09:14:00 | |
1711 | [channels.h] | |
1712 | increase default channel windows; ok djm | |
1713 | - djm@cvs.openbsd.org 2007/06/12 07:41:00 | |
1714 | [ssh-add.1] | |
1715 | better document ssh-add's -d option (delete identies from agent), bz#1224 | |
1716 | new text based on some provided by andrewmc-debian AT celt.dias.ie; | |
1717 | ok dtucker@ | |
1718 | - djm@cvs.openbsd.org 2007/06/12 08:20:00 | |
1719 | [ssh-gss.h gss-serv.c gss-genr.c] | |
1720 | relocate server-only GSSAPI code from libssh to server; bz #1225 | |
1721 | patch from simon AT sxw.org.uk; ok markus@ dtucker@ | |
1722 | - djm@cvs.openbsd.org 2007/06/12 08:24:20 | |
1723 | [scp.c] | |
1724 | make scp try to skip FIFOs rather than blocking when nothing is listening. | |
1725 | depends on the platform supporting sane O_NONBLOCK semantics for open | |
1726 | on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. | |
1727 | bz #856; report by cjwatson AT debian.org; ok markus@ | |
1728 | - djm@cvs.openbsd.org 2007/06/12 11:11:08 | |
1729 | [ssh.c] | |
1730 | fix slave exit value when a control master goes away without passing the | |
1731 | full exit status by ensuring that the slave reads a full int. bz#1261 | |
1732 | reported by frekko AT gmail.com; ok markus@ dtucker@ | |
1733 | - djm@cvs.openbsd.org 2007/06/12 11:15:17 | |
1734 | [ssh.c ssh.1] | |
1735 | Add "-K" flag for ssh to set GSSAPIAuthentication=yes and | |
1736 | GSSAPIDelegateCredentials=yes. This is symmetric with -k (disable GSSAPI) | |
1737 | and is useful for hosts with /home on Kerberised NFS; bz #1312 | |
1738 | patch from Markus.Kuhn AT cl.cam.ac.uk; ok dtucker@ markus@ | |
1739 | - djm@cvs.openbsd.org 2007/06/12 11:45:27 | |
1740 | [ssh.c] | |
1741 | improved exit message from multiplex slave sessions; bz #1262 | |
1742 | reported by alexandre.nunes AT gmail.com; ok dtucker@ | |
1743 | - dtucker@cvs.openbsd.org 2007/06/12 11:56:15 | |
1744 | [gss-genr.c] | |
1745 | Pass GSS OID to gss_display_status to provide better information in | |
1746 | error messages. Patch from Simon Wilkinson via bz 1220. ok djm@ | |
1747 | - jmc@cvs.openbsd.org 2007/06/12 13:41:03 | |
1748 | [ssh-add.1] | |
1749 | identies -> identities; | |
1750 | - jmc@cvs.openbsd.org 2007/06/12 13:43:55 | |
1751 | [ssh.1] | |
1752 | add -K to SYNOPSIS; | |
1753 | - dtucker@cvs.openbsd.org 2007/06/12 13:54:28 | |
1754 | [scp.c] | |
1755 | Encode filename with strnvis if the name contains a newline (which can't | |
1756 | be represented in the scp protocol), from bz #891. ok markus@ | |
1757 | ||
1758 | 20070611 | |
1759 | - (djm) Bugzilla #1306: silence spurious error messages from hang-on-exit | |
1760 | fix; tested by dtucker@ and jochen.kirn AT gmail.com | |
1761 | - pvalchev@cvs.openbsd.org 2007/06/07 19:37:34 | |
1762 | [kex.h mac.c mac.h monitor_wrap.c myproposal.h packet.c ssh.1] | |
1763 | [ssh_config.5 sshd.8 sshd_config.5] | |
1764 | Add a new MAC algorithm for data integrity, UMAC-64 (not default yet, | |
1765 | must specify umac-64@openssh.com). Provides about 20% end-to-end speedup | |
1766 | compared to hmac-md5. Represents a different approach to message | |
1767 | authentication to that of HMAC that may be beneficial if HMAC based on | |
1768 | one of its underlying hash algorithms is found to be vulnerable to a | |
1769 | new attack. http://www.ietf.org/rfc/rfc4418.txt | |
1770 | in conjunction with and OK djm@ | |
1771 | - pvalchev@cvs.openbsd.org 2007/06/08 04:40:40 | |
1772 | [ssh_config] | |
1773 | Add a "MACs" line after "Ciphers" with the default MAC algorithms, | |
1774 | to ease people who want to tweak both (eg. for performance reasons). | |
1775 | ok deraadt@ djm@ dtucker@ | |
1776 | - jmc@cvs.openbsd.org 2007/06/08 07:43:46 | |
1777 | [ssh_config.5] | |
1778 | put the MAC list into a display, like we do for ciphers, | |
1779 | since groff has trouble handling wide lines; | |
1780 | - jmc@cvs.openbsd.org 2007/06/08 07:48:09 | |
1781 | [sshd_config.5] | |
1782 | oops, here too: put the MAC list into a display, like we do for | |
1783 | ciphers, since groff has trouble with wide lines; | |
1784 | - markus@cvs.openbsd.org 2007/06/11 08:04:44 | |
1785 | [channels.c] | |
1786 | send 'window adjust' messages every tree packets and do not wait | |
1787 | until 50% of the window is consumed. ok djm dtucker | |
1788 | - (djm) [configure.ac umac.c] If platform doesn't provide swap32(3), then | |
1789 | fallback to provided bit-swizzing functions | |
1790 | - (dtucker) [openbsd-compat/bsd-misc.c] According to the spec the "remainder" | |
1791 | argument to nanosleep may be NULL. Currently this never happens in OpenSSH, | |
1792 | but check anyway in case this changes or the code gets used elsewhere. | |
1793 | - (dtucker) [includes.h] Bug #1243: HAVE_PATHS -> HAVE_PATHS_H. Should | |
1794 | prevent warnings about redefinitions of various things in paths.h. | |
1795 | Spotted by cartmanltd at hotmail.com. | |
1796 | ||
1797 | 20070605 | |
1798 | - (dtucker) OpenBSD CVS Sync | |
1799 | - djm@cvs.openbsd.org 2007/05/22 10:18:52 | |
1800 | [sshd.c] | |
1801 | zap double include; from p_nowaczyk AT o2.pl | |
1802 | (not required in -portable, Id sync only) | |
1803 | - djm@cvs.openbsd.org 2007/05/30 05:58:13 | |
1804 | [kex.c] | |
1805 | tidy: KNF, ARGSUSED and u_int | |
1806 | - jmc@cvs.openbsd.org 2007/05/31 19:20:16 | |
1807 | [scp.1 ssh_config.5 sftp-server.8 ssh-agent.1 sshd_config.5 sftp.1 | |
1808 | ssh-keygen.1 ssh-keyscan.1 ssh-add.1 sshd.8 ssh.1 ssh-keysign.8] | |
1809 | convert to new .Dd format; | |
1810 | (We will need to teach mdoc2man.awk to understand this too.) | |
1811 | - djm@cvs.openbsd.org 2007/05/31 23:34:29 | |
1812 | [packet.c] | |
1813 | gc unreachable code; spotted by Tavis Ormandy | |
1814 | - djm@cvs.openbsd.org 2007/06/02 09:04:58 | |
1815 | [bufbn.c] | |
1816 | memory leak on error path; from arnaud.lacombe.1 AT ulaval.ca | |
1817 | - djm@cvs.openbsd.org 2007/06/05 06:52:37 | |
1818 | [kex.c monitor_wrap.c packet.c mac.h kex.h mac.c] | |
1819 | Preserve MAC ctx between packets, saving 2xhash calls per-packet. | |
1820 | Yields around a 12-16% end-to-end speedup for arcfour256/hmac-md5 | |
1821 | patch from markus@ tested dtucker@ and myself, ok markus@ and me (I'm | |
1822 | committing at his request) | |
1823 | - (dtucker) [mdoc2man.awk] Teach it to deal with $Mdocdate tags that | |
1824 | OpenBSD's cvs now adds. | |
1825 | - (dtucker) [mdoc2man.awk] Remove trailing "$" from Mdocdate regex so | |
1826 | mindrot's cvs doesn't expand it on us. | |
1827 | - (dtucker) [mdoc2man.awk] Add support for %R references, used for RFCs. | |
1828 | ||
1829 | 20070520 | |
1830 | - (dtucker) OpenBSD CVS Sync | |
1831 | - stevesk@cvs.openbsd.org 2007/04/14 22:01:58 | |
1832 | [auth2.c] | |
1833 | remove unused macro; from Dmitry V. Levin <ldv@altlinux.org> | |
1834 | - stevesk@cvs.openbsd.org 2007/04/18 01:12:43 | |
1835 | [sftp-server.c] | |
1836 | cast "%llu" format spec to (unsigned long long); do not assume a | |
1837 | u_int64_t arg is the same as 'unsigned long long'. | |
1838 | from Dmitry V. Levin <ldv@altlinux.org> | |
1839 | ok markus@ 'Yes, that looks correct' millert@ | |
1840 | - dtucker@cvs.openbsd.org 2007/04/23 10:15:39 | |
1841 | [servconf.c] | |
1842 | Remove debug() left over from development. ok deraadt@ | |
1843 | - djm@cvs.openbsd.org 2007/05/17 07:50:31 | |
1844 | [log.c] | |
1845 | save and restore errno when logging; ok deraadt@ | |
1846 | - djm@cvs.openbsd.org 2007/05/17 07:55:29 | |
1847 | [sftp-server.c] | |
1848 | bz#1286 stop reading and processing commands when input or output buffer | |
1849 | is nearly full, otherwise sftp-server would happily try to grow the | |
1850 | input/output buffers past the maximum supported by the buffer API and | |
1851 | promptly fatal() | |
1852 | based on patch from Thue Janus Kristensen; feedback & ok dtucker@ | |
1853 | - djm@cvs.openbsd.org 2007/05/17 20:48:13 | |
1854 | [sshconnect2.c] | |
1855 | fall back to gethostname() when the outgoing connection is not | |
1856 | on a socket, such as is the case when ProxyCommand is used. | |
1857 | Gives hostbased auth an opportunity to work; bz#616, report | |
1858 | and feedback stuart AT kaloram.com; ok markus@ | |
1859 | - djm@cvs.openbsd.org 2007/05/17 20:52:13 | |
1860 | [monitor.c] | |
1861 | pass received SIGINT from monitor to postauth child so it can clean | |
1862 | up properly. bz#1196, patch from senthilkumar_sen AT hotpop.com; | |
1863 | ok markus@ | |
1864 | - jolan@cvs.openbsd.org 2007/05/17 23:53:41 | |
1865 | [sshconnect2.c] | |
1866 | djm owes me a vb and a tism cd for breaking ssh compilation | |
1867 | - (dtucker) [auth-pam.c] malloc+memset -> calloc. Patch from | |
1868 | ldv at altlinux.org. | |
1869 | - (dtucker) [auth-pam.c] Return empty string if fgets fails in | |
1870 | sshpam_tty_conv. Patch from ldv at altlinux.org. | |
1871 | ||
1872 | 20070509 | |
1873 | - (tim) [configure.ac] Bug #1287: Add missing test for ucred.h. | |
1874 | ||
1875 | 20070429 | |
1876 | - (dtucker) [openbsd-compat/bsd-misc.c] Include unistd.h and sys/types.h | |
1877 | for select(2) prototype. | |
1878 | - (dtucker) [auth-shadow.c loginrec.c] Include time.h for time(2) prototype. | |
1879 | - (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Bug #1299: Use the | |
1880 | platform's _res if it has one. Should fix problem of DNSSEC record lookups | |
1881 | on NetBSD as reported by Curt Sampson. | |
1882 | - (dtucker) [openbsd-compat/xmmap.c] Include stdlib.h for mkstemp prototype. | |
1883 | - (dtucker) [configure.ac defines.h] Have configure check for MAXSYMLINKS | |
1884 | so we don't get redefinition warnings. | |
1885 | - (dtucker) [openbsd-compat/xmmap.c] Include stdlib.h for mkstemp prototype. | |
1886 | - (dtucker) [configure.ac defines.h] Prevent warnings about __attribute__ | |
1887 | __nonnull__ for versions of GCC that don't support it. | |
1888 | - (dtucker) [configure.ac defines.h] Have configure check for offsetof | |
1889 | to prevent redefinition warnings. | |
1890 | ||
1891 | 20070406 | |
1892 | - (dtucker) [INSTALL] Update the systems that have PAM as standard. Link | |
1893 | to OpenPAM too. | |
1894 | - (dtucker) [INSTALL] prngd lives at sourceforge these days. | |
1895 | ||
1896 | 20070326 | |
1897 | - (tim) [auth.c configure.ac defines.h session.c openbsd-compat/port-uw.c | |
1898 | openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] Rework libiaf test/defines | |
1899 | to account for IRIX having libiaf but not set_id(). Patch with & ok dtucker@ | |
1900 | ||
1901 | 20070325 | |
1902 | - (dtucker) [Makefile.in configure.ac] Replace single-purpose LIBSELINUX, | |
1903 | LIBWRAP and LIBPAM variables in Makefile with the general-purpose | |
1904 | SSHDLIBS. "I like" djm@ | |
1905 | ||
1906 | 20070321 | |
1907 | - (dtucker) OpenBSD CVS Sync | |
1908 | - dtucker@cvs.openbsd.org 2007/03/09 05:20:06 | |
1909 | [servconf.c sshd.c] | |
1910 | Move C/R -> kbdint special case to after the defaults have been | |
1911 | loaded, which makes ChallengeResponse default to yes again. This | |
1912 | was broken by the Match changes and not fixed properly subsequently. | |
1913 | Found by okan at demirmen.com, ok djm@ "please do it" deraadt@ | |
1914 | - djm@cvs.openbsd.org 2007/03/19 01:01:29 | |
1915 | [sshd_config] | |
1916 | Disable the legacy SSH protocol 1 for new installations via | |
1917 | a configuration override. In the future, we will change the | |
1918 | server's default itself so users who need the legacy protocol | |
1919 | will need to turn it on explicitly | |
1920 | - dtucker@cvs.openbsd.org 2007/03/19 12:16:42 | |
1921 | [ssh-agent.c] | |
1922 | Remove the signal handler that checks if the agent's parent process | |
1923 | has gone away, instead check when the select loop returns. Record when | |
1924 | the next key will expire when scanning for expired keys. Set the select | |
1925 | timeout to whichever of these two things happens next. With djm@, with & | |
1926 | ok deraadt@ markus@ | |
1927 | - tedu@cvs.openbsd.org 2007/03/20 03:56:12 | |
1928 | [readconf.c clientloop.c] | |
1929 | remove some bogus *p tests from charles longeau | |
1930 | ok deraadt millert | |
1931 | - jmc@cvs.openbsd.org 2007/03/20 15:57:15 | |
1932 | [sshd.8] | |
1933 | - let synopsis and description agree for -f | |
1934 | - sort FILES | |
1935 | - +.Xr ssh-keyscan 1 , | |
1936 | from Igor Sobrado | |
1937 | - (dtucker) [configure.ac openbsd-compat/bsd-getpeereid.c] Bug #1287: Use | |
1938 | getpeerucred to implement getpeereid (currently only Solaris 10 and up). | |
1939 | Patch by Jan.Pechanec at Sun. | |
1940 | - (dtucker) [regress/agent-getpeereid.sh] Do peereid test if we have | |
1941 | HAVE_GETPEERUCRED too. Also from Jan Pechanec. | |
1942 | ||
1943 | 20070313 | |
1944 | - (dtucker) [entropy.c scard-opensc.c ssh-rand-helper.c] Bug #1294: include | |
1945 | string.h to prevent warnings, from vapier at gentoo.org. | |
1946 | - (dtucker) [LICENCE] Add Daniel Walsh as a copyright holder for the | |
1947 | selinux bits in -portable. | |
1948 | - (dtucker) [cipher-3des1.c cipher-bf1.c] The OpenSSL 0.9.8e problem in | |
1949 | bug #1291 also affects Protocol 1 3des. While at it, use compat-openssl.h | |
1950 | in cipher-bf1.c. Patch from Juan Gallego. | |
1951 | - (dtucker) [README.platform] Info about blibpath on AIX. | |
1952 | ||
1953 | 20070306 | |
1954 | - (djm) OpenBSD CVS Sync | |
1955 | - jmc@cvs.openbsd.org 2007/03/01 16:19:33 | |
1956 | [sshd_config.5] | |
1957 | sort the `match' keywords; | |
1958 | - djm@cvs.openbsd.org 2007/03/06 10:13:14 | |
1959 | [version.h] | |
1960 | openssh-4.6; "please" deraadt@ | |
1961 | - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] | |
1962 | [contrib/suse/openssh.spec] crank spec files for release | |
1963 | - (djm) [README] correct link to release notes | |
1964 | - (djm) Release 4.6p1 | |
1965 | ||
1966 | 20070304 | |
1967 | - (djm) [configure.ac] add a --without-openssl-header-check option to | |
1968 | configure, as some platforms (OS X) ship OpenSSL headers whose version | |
1969 | does not match that of the shipping library. ok dtucker@ | |
1970 | - (dtucker) [openbsd-compat/openssl-compat.h] Bug #1291: Work around a | |
1971 | bug in OpenSSL 0.9.8e that prevents aes256-ctr, aes192-ctr and arcfour256 | |
1972 | ciphers from working correctly (disconnects with "Bad packet length" | |
1973 | errors) as found by Ben Harris. ok djm@ | |
1974 | ||
1975 | 20070303 | |
1976 | - (dtucker) [regress/agent-ptrace.sh] Make ttrace gdb error a little more | |
1977 | general to cover newer gdb versions on HP-UX. | |
1978 | ||
1979 | 20070302 | |
1980 | - (dtucker) [configure.ac] For Cygwin, read files in textmode (which allows | |
1981 | CRLF as well as LF lineendings) and write in binary mode. Patch from | |
1982 | vinschen at redhat.com. | |
1983 | - (dtucker) [INSTALL] Update to autoconf-2.61. | |
1984 | ||
1985 | 20070301 | |
1986 | - (dtucker) OpenBSD CVS Sync | |
1987 | - dtucker@cvs.openbsd.org 2007/03/01 10:28:02 | |
1988 | [auth2.c sshd_config.5 servconf.c] | |
1989 | Remove ChallengeResponseAuthentication support inside a Match | |
1990 | block as its interaction with KbdInteractive makes it difficult to | |
1991 | support. Also, relocate the CR/kbdint option special-case code into | |
1992 | servconf. "please commit" djm@, ok markus@ for the relocation. | |
1993 | - (tim) [buildpkg.sh.in openssh.xml.in] Clean up Solaris 10 smf(5) bits. | |
1994 | "Looks sane" dtucker@ | |
1995 | ||
1996 | 20070228 | |
1997 | - (dtucker) OpenBSD CVS Sync | |
1998 | - dtucker@cvs.openbsd.org 2007/02/28 00:55:30 | |
1999 | [ssh-agent.c] | |
2000 | Remove expired keys periodically so they don't remain in memory when | |
2001 | the agent is entirely idle, as noted by David R. Piegdon. This is the | |
2002 | simple fix, a more efficient one will be done later. With markus, | |
2003 | deraadt, with & ok djm. | |
2004 | ||
2005 | 20070225 | |
2006 | - (dtucker) OpenBSD CVS Sync | |
2007 | - djm@cvs.openbsd.org 2007/02/20 10:25:14 | |
2008 | [clientloop.c] | |
2009 | set maximum packet and window sizes the same for multiplexed clients | |
2010 | as normal connections; ok markus@ | |
2011 | - dtucker@cvs.openbsd.org 2007/02/21 11:00:05 | |
2012 | [sshd.c] | |
2013 | Clear alarm() before restarting sshd on SIGHUP. Without this, if there's | |
2014 | a SIGALRM pending (for SSH1 key regeneration) when sshd is SIGHUP'ed, the | |
2015 | newly exec'ed sshd will get the SIGALRM and not have a handler for it, | |
2016 | and the default action will terminate the listening sshd. Analysis and | |
2017 | patch from andrew at gaul.org. | |
2018 | - dtucker@cvs.openbsd.org 2007/02/22 12:58:40 | |
2019 | [servconf.c] | |
2020 | Check activep so Match and GatewayPorts work together; ok markus@ | |
2021 | - ray@cvs.openbsd.org 2007/02/24 03:30:11 | |
2022 | [moduli.c] | |
2023 | - strlen returns size_t, not int. | |
2024 | - Pass full buffer size to fgets. | |
2025 | OK djm@, millert@, and moritz@. | |
2026 | ||
2027 | 20070219 | |
2028 | - (dtucker) OpenBSD CVS Sync | |
2029 | - jmc@cvs.openbsd.org 2007/01/10 13:23:22 | |
2030 | [ssh_config.5] | |
2031 | do not use a list for SYNOPSIS; | |
2032 | this is actually part of a larger report sent by eric s. raymond | |
2033 | and forwarded by brad, but i only read half of it. spotted by brad. | |
2034 | - jmc@cvs.openbsd.org 2007/01/12 20:20:41 | |
2035 | [ssh-keygen.1 ssh-keygen.c] | |
2036 | more secsh -> rfc 4716 updates; | |
2037 | spotted by wiz@netbsd | |
2038 | ok markus | |
2039 | - dtucker@cvs.openbsd.org 2007/01/17 23:22:52 | |
2040 | [readconf.c] | |
2041 | Honour activep for times (eg ServerAliveInterval) while parsing | |
2042 | ssh_config and ~/.ssh/config so they work properly with Host directives. | |
2043 | From mario.lorenz@wincor-nixdorf.com via bz #1275. ok markus@ | |
2044 | - stevesk@cvs.openbsd.org 2007/01/21 01:41:54 | |
2045 | [auth-skey.c kex.c ssh-keygen.c session.c clientloop.c] | |
2046 | spaces | |
2047 | - stevesk@cvs.openbsd.org 2007/01/21 01:45:35 | |
2048 | [readconf.c] | |
2049 | spaces | |
2050 | - djm@cvs.openbsd.org 2007/01/22 11:32:50 | |
2051 | [sftp-client.c] | |
2052 | return error from do_upload() when a write fails. fixes bz#1252: zero | |
2053 | exit status from sftp when uploading to a full device. report from | |
2054 | jirkat AT atlas.cz; ok dtucker@ | |
2055 | - djm@cvs.openbsd.org 2007/01/22 13:06:21 | |
2056 | [scp.c] | |
2057 | fix detection of whether we should show progress meter or not: scp | |
2058 | tested isatty(stderr) but wrote the progress meter to stdout. This patch | |
2059 | makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; | |
2060 | of dtucker@ | |
2061 | - stevesk@cvs.openbsd.org 2007/02/14 14:32:00 | |
2062 | [bufbn.c] | |
2063 | typos in comments; ok jmc@ | |
2064 | - dtucker@cvs.openbsd.org 2007/02/19 10:45:58 | |
2065 | [monitor_wrap.c servconf.c servconf.h monitor.c sshd_config.5] | |
2066 | Teach Match how handle config directives that are used before | |
2067 | authentication. This allows configurations such as permitting password | |
2068 | authentication from the local net only while requiring pubkey from | |
2069 | offsite. ok djm@, man page bits ok jmc@ | |
2070 | - (dtucker) [contrib/findssl.sh] Add "which" as a shell function since some | |
2071 | platforms don't have it. Patch from dleonard at vintela.com. | |
2072 | - (dtucker) [openbsd-compat/getrrsetbyname.c] Don't attempt to calloc | |
2073 | an array for signatures when there are none since "calloc(0, n) returns | |
2074 | NULL on some platforms (eg Tru64), which is explicitly permitted by | |
2075 | POSIX. Diagnosis and patch by svallet genoscope.cns.fr. | |
2076 | ||
2077 | 20070128 | |
2078 | - (djm) [channels.c serverloop.c] Fix so-called "hang on exit" (bz #52) | |
2079 | when closing a tty session when a background process still holds tty | |
2080 | fds open. Great detective work and patch by Marc Aurele La France, | |
2081 | slightly tweaked by me; ok dtucker@ | |
2082 | ||
2083 | 20070123 | |
2084 | - (dtucker) [openbsd-compat/bsd-snprintf.c] Static declarations for public | |
2085 | library interfaces aren't very helpful. Fix up the DOPR_OUTCH macro | |
2086 | so it works properly and modify its callers so that they don't pre or | |
2087 | post decrement arguments that are conditionally evaluated. While there, | |
2088 | put SNPRINTF_CONST back as it prevents build failures in some | |
2089 | configurations. ok djm@ (for most of it) | |
2090 | ||
2091 | 20070122 | |
2092 | - (djm) [ssh-rand-helper.8] manpage nits; | |
2093 | from dleonard AT vintela.com (bz#1529) | |
2094 | ||
2095 | 20070117 | |
2096 | - (dtucker) [packet.c] Re-remove in_systm.h since it's already in includes.h | |
2097 | and multiple including it causes problems on old IRIXes. (It snuck back | |
2098 | in during a sync.) Found (again) by Georg Schwarz. | |
2099 | ||
2100 | 20070114 | |
2101 | - (dtucker) [ssh-keygen.c] av -> argv to match earlier sync. | |
2102 | - (djm) [openbsd-compat/bsd-snprintf.c] Fix integer overflow in return | |
2103 | value of snprintf replacement, similar to bugs in various libc | |
2104 | implementations. This overflow is not exploitable in OpenSSH. | |
2105 | While I'm fiddling with it, make it a fair bit faster by inlining the | |
2106 | append-char routine; ok dtucker@ | |
2107 | ||
2108 | 20070105 | |
2109 | - (djm) OpenBSD CVS Sync | |
2110 | - deraadt@cvs.openbsd.org 2006/11/14 19:41:04 | |
2111 | [ssh-keygen.c] | |
2112 | use argc and argv not some made up short form | |
2113 | - ray@cvs.openbsd.org 2006/11/23 01:35:11 | |
2114 | [misc.c sftp.c] | |
2115 | Don't access buf[strlen(buf) - 1] for zero-length strings. | |
2116 | ``ok by me'' djm@. | |
2117 | - markus@cvs.openbsd.org 2006/12/11 21:25:46 | |
2118 | [ssh-keygen.1 ssh.1] | |
2119 | add rfc 4716 (public key format); ok jmc | |
2120 | - djm@cvs.openbsd.org 2006/12/12 03:58:42 | |
2121 | [channels.c compat.c compat.h] | |
2122 | bz #1019: some ssh.com versions apparently can't cope with the | |
2123 | remote port forwarding bind_address being a hostname, so send | |
2124 | them an address for cases where they are not explicitly | |
2125 | specified (wildcard or localhost bind). reported by daveroth AT | |
2126 | acm.org; ok dtucker@ deraadt@ | |
2127 | - dtucker@cvs.openbsd.org 2006/12/13 08:34:39 | |
2128 | [servconf.c] | |
2129 | Make PermitOpen work with multiple values like the man pages says. | |
2130 | bz #1267 with details from peter at dmtz.com, with & ok djm@ | |
2131 | - dtucker@cvs.openbsd.org 2006/12/14 10:01:14 | |
2132 | [servconf.c] | |
2133 | Make "PermitOpen all" first-match within a block to match the way other | |
2134 | options work. ok markus@ djm@ | |
2135 | - jmc@cvs.openbsd.org 2007/01/02 09:57:25 | |
2136 | [sshd_config.5] | |
2137 | do not use lists for SYNOPSIS; | |
2138 | from eric s. raymond via brad | |
2139 | - stevesk@cvs.openbsd.org 2007/01/03 00:53:38 | |
2140 | [ssh-keygen.c] | |
2141 | remove small dead code; arnaud.lacombe.1@ulaval.ca via Coverity scan | |
2142 | - stevesk@cvs.openbsd.org 2007/01/03 03:01:40 | |
2143 | [auth2-chall.c channels.c dns.c sftp.c ssh-keygen.c ssh.c] | |
2144 | spaces | |
2145 | - stevesk@cvs.openbsd.org 2007/01/03 04:09:15 | |
2146 | [sftp.c] | |
2147 | ARGSUSED for lint | |
2148 | - stevesk@cvs.openbsd.org 2007/01/03 07:22:36 | |
2149 | [sftp-server.c] | |
2150 | spaces | |
2151 | ||
2152 | 20061205 | |
2153 | - (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would | |
2154 | occur if the server did not have the privsep user and an invalid user | |
2155 | tried to login and both privsep and krb5 auth are disabled; ok dtucker@ | |
2156 | - (djm) [bsd-asprintf.c] Better test for bad vsnprintf lengths; ok dtucker@ | |
2157 | ||
2158 | 20061108 | |
2159 | - (dtucker) OpenBSD CVS Sync | |
2160 | - markus@cvs.openbsd.org 2006/11/07 13:02:07 | |
2161 | [dh.c] | |
2162 | BN_hex2bn returns int; from dtucker@ | |
2163 | ||
2164 | 20061107 | |
2165 | - (dtucker) [sshd.c] Use privsep_pw if we have it, but only require it | |
2166 | if we absolutely need it. Pointed out by Corinna, ok djm@ | |
2167 | - (dtucker) OpenBSD CVS Sync | |
2168 | - markus@cvs.openbsd.org 2006/11/06 21:25:28 | |
2169 | [auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c | |
2170 | ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c] | |
2171 | add missing checks for openssl return codes; with & ok djm@ | |
2172 | - markus@cvs.openbsd.org 2006/11/07 10:31:31 | |
2173 | [monitor.c version.h] | |
2174 | correctly check for bad signatures in the monitor, otherwise the monitor | |
2175 | and the unpriv process can get out of sync. with dtucker@, ok djm@, | |
2176 | dtucker@ | |
2177 | - (dtucker) [README contrib/{caldera,redhat,contrib}/openssh.spec] Bump | |
2178 | versions. | |
2179 | - (dtucker) Release 4.5p1. | |
2180 | ||
2181 | 20061105 | |
2182 | - (djm) OpenBSD CVS Sync | |
2183 | - otto@cvs.openbsd.org 2006/10/28 18:08:10 | |
2184 | [ssh.1] | |
2185 | correct/expand example of usage of -w; ok jmc@ stevesk@ | |
2186 | - markus@cvs.openbsd.org 2006/10/31 16:33:12 | |
2187 | [kexdhc.c kexdhs.c kexgexc.c kexgexs.c] | |
2188 | check DH_compute_key() for -1 even if it should not happen because of | |
2189 | earlier calls to dh_pub_is_valid(); report krahmer at suse.de; ok djm | |
2190 | ||
2191 | 20061101 | |
2192 | - (dtucker) [openbsd-compat/port-solaris.c] Bug #1255: Make only hwerr | |
2193 | events fatal in Solaris process contract support and tell it to signal | |
2194 | only processes in the same process group when something happens. | |
2195 | Based on information from andrew.benham at thus.net and similar to | |
2196 | a patch from Chad Mynhier. ok djm@ | |
2197 | ||
2198 | 20061027 | |
2199 | - (djm) [auth.c] gc some dead code | |
2200 | ||
2201 | 20061023 | |
2202 | - (djm) OpenBSD CVS Sync | |
2203 | - ray@cvs.openbsd.org 2006/09/30 17:48:22 | |
2204 | [sftp.c] | |
2205 | Clear errno before calling the strtol functions. | |
2206 | From Paul Stoeber <x0001 at x dot de1 dot cc>. | |
2207 | OK deraadt@. | |
2208 | - djm@cvs.openbsd.org 2006/10/06 02:29:19 | |
2209 | [ssh-agent.c ssh-keyscan.c ssh.c] | |
2210 | sys/resource.h needs sys/time.h; prompted by brad@ | |
2211 | (NB. Id sync only for portable) | |
2212 | - djm@cvs.openbsd.org 2006/10/09 23:36:11 | |
2213 | [session.c] | |
2214 | xmalloc -> xcalloc that was missed previously, from portable | |
2215 | (NB. Id sync only for portable, obviously) | |
2216 | - markus@cvs.openbsd.org 2006/10/10 10:12:45 | |
2217 | [sshconnect.c] | |
2218 | sleep before retrying (not after) since sleep changes errno; fixes | |
2219 | pr 5250; rad@twig.com; ok dtucker djm | |
2220 | - markus@cvs.openbsd.org 2006/10/11 12:38:03 | |
2221 | [clientloop.c serverloop.c] | |
2222 | exit instead of doing a blocking tcp send if we detect a client/server | |
2223 | timeout, since the tcp sendqueue might be already full (of alive | |
2224 | requests); ok dtucker, report mpf | |
2225 | - djm@cvs.openbsd.org 2006/10/22 02:25:50 | |
2226 | [sftp-client.c] | |
2227 | cancel progress meter when upload write fails; ok deraadt@ | |
2228 | - (tim) [Makefile.in scard/Makefile.in] Add datarootdir= lines to keep | |
2229 | autoconf 2.60 from complaining. | |
2230 | ||
2231 | 20061018 | |
2232 | - (dtucker) OpenBSD CVS Sync | |
2233 | - ray@cvs.openbsd.org 2006/09/25 04:55:38 | |
2234 | [ssh-keyscan.1 ssh.1] | |
2235 | Change "a SSH" to "an SSH". Hurray, I'm not the only one who | |
2236 | pronounces "SSH" as "ess-ess-aich". | |
2237 | OK jmc@ and stevesk@. | |
2238 | - (dtucker) [sshd.c] Reshuffle storing of pw struct; prevents warnings | |
2239 | on older versions of OS X. ok djm@ | |
2240 | ||
2241 | 20061016 | |
2242 | - (dtucker) [monitor_fdpass.c] Include sys/in.h, required for cmsg macros | |
2243 | on older (2.0) Linuxes. Based on patch from thmo-13 at gmx de. | |
2244 | ||
2245 | 20061006 | |
2246 | - (tim) [buildpkg.sh.in] Use uname -r instead of -v in OS_VER for Solaris. | |
2247 | Differentiate between OpenServer 5 and OpenServer 6 | |
2248 | - (dtucker) [configure.ac] Set put -lselinux into $LIBS while testing for | |
2249 | SELinux functions so they're detected correctly. Patch from pebenito at | |
2250 | gentoo.org. | |
2251 | - (tim) [buildpkg.sh.in] Some systems have really limited nawk (OpenServer). | |
2252 | Allow setting alternate awk in openssh-config.local. | |
2253 | ||
2254 | 20061003 | |
2255 | - (tim) [configure.ac] Move CHECK_HEADERS test before platform specific | |
2256 | section so additional platform specific CHECK_HEADER tests will work | |
2257 | correctly. Fixes "<net/if_tap.h> on FreeBSD" problem report by des AT des.no | |
2258 | Feedback and "seems like a good idea" dtucker@ | |
2259 | ||
2260 | 20061001 | |
2261 | - (dtucker) [audit-bsm.c] Include errno.h. Pointed out by des at des.no. | |
2262 | ||
2263 | 20060929 | |
2264 | - (dtucker) [configure.ac] Bug #1239: Fix configure test for OpenSSH engine | |
2265 | support. Patch from andrew.benham at thus net. | |
2266 | ||
2267 | 20060928 | |
2268 | - (dtucker) [entropy.c] Bug #1238: include signal.h to fix compilation error | |
2269 | on Solaris 8 w/out /dev/random or prngd. Patch from rl at | |
2270 | math.technion.ac.il. | |
2271 | ||
2272 | 20060926 | |
2273 | - (dtucker) [bufaux.h] nuke bufaux.h; it's already gone from OpenBSD and not | |
2274 | referenced any more. ok djm@ | |
2275 | - (dtucker) [sftp-server.8] Resync; spotted by djm@ | |
2276 | - (dtucker) Release 4.4p1. | |
2277 | ||
2278 | 20060924 | |
2279 | - (tim) [configure.ac] Remove CFLAGS hack for UnixWare 1.x/2.x (added | |
2280 | to rev 1.308) to work around broken gcc 2.x header file. | |
2281 | ||
2282 | 20060923 | |
2283 | - (dtucker) [configure.ac] Bug #1234: Put opensc libs into $LIBS rather than | |
2284 | $LDFLAGS. Patch from vapier at gentoo org. | |
2285 | ||
2286 | 20060922 | |
2287 | - (dtucker) [packet.c canohost.c] Include arpa/inet.h for htonl macros on | |
2288 | some platforms (eg HP-UX 11.00). From santhi.amirta at gmail com. | |
2289 | ||
2290 | 20060921 | |
2291 | - (dtucker) OpenBSD CVS Sync | |
2292 | - otto@cvs.openbsd.org 2006/09/19 05:52:23 | |
2293 | [sftp.c] | |
2294 | Use S_IS* macros insted of masking with S_IF* flags. The latter may | |
2295 | have multiple bits set, which lead to surprising results. Spotted by | |
2296 | Paul Stoeber, more to come. ok millert@ pedro@ jaredy@ djm@ | |
2297 | - markus@cvs.openbsd.org 2006/09/19 21:14:08 | |
2298 | [packet.c] | |
2299 | client NULL deref on protocol error; Tavis Ormandy, Google Security Team | |
2300 | - (dtucker) [defines.h] Include unistd.h before defining getpgrp; fixes | |
2301 | build error on Ultrix. From Bernhard Simon. | |
2302 | ||
2303 | 20060918 | |
2304 | - (dtucker) [configure.ac] On AIX, check to see if the compiler will allow | |
2305 | macro redefinitions, and if not, remove "-qlanglvl=ansi" from the flags. | |
2306 | Allows build out of the box with older VAC and XLC compilers. Found by | |
2307 | David Bronder and Bernhard Simon. | |
2308 | - (dtucker) [openbsd-compat/port-aix.{c,h}] Reduce scope of includes. | |
2309 | Prevents macro redefinition warnings of "RDONLY". | |
2310 | ||
2311 | 20060916 | |
2312 | - OpenBSD CVS Sync | |
2313 | - djm@cvs.openbsd.org 2006/09/16 19:53:37 | |
2314 | [deattack.c deattack.h packet.c] | |
2315 | limit maximum work performed by the CRC compensation attack detector, | |
2316 | problem reported by Tavis Ormandy, Google Security Team; | |
2317 | ok markus@ deraadt@ | |
2318 | - (djm) Add openssh.xml to .cvsignore and sort it | |
2319 | - (dtucker) [auth-pam.c] Propogate TZ environment variable to PAM auth | |
2320 | process so that any logging it does is with the right timezone. From | |
2321 | Scott Strickler, ok djm@. | |
2322 | - (dtucker) [monitor.c] Correctly handle auditing of single commands when | |
2323 | using Protocol 1. From jhb at freebsd. | |
2324 | - (djm) [sshd.c] Fix warning/API abuse; ok dtucker@ | |
2325 | - (dtucker) [INSTALL] Add info about audit support. | |
2326 | ||
2327 | 20060912 | |
2328 | - (djm) [Makefile.in buildpkg.sh.in configure.ac openssh.xml.in] | |
2329 | Support SMF in Solaris Packages if enabled by configure. Patch from | |
2330 | Chad Mynhier, tested by dtucker@ | |
2331 | ||
2332 | 20060911 | |
2333 | - (dtucker) [cipher-aes.c] Include string.h for memcpy and friends. Noted | |
2334 | by Pekka Savola. | |
2335 | ||
2336 | 20060910 | |
2337 | - (dtucker) [contrib/aix/buildbff.sh] Ensure that perl is available. | |
2338 | - (dtucker) [configure.ac] Add -lcrypt to let DragonFly build OOTB. | |
2339 | ||
2340 | 20060909 | |
2341 | - (dtucker) [openbsd-compat/bsd-snprintf.c] Add stdarg.h. | |
2342 | - (dtucker) [contrib/aix/buildbff.sh] Always create privsep user. | |
2343 | - (dtucker) [buildpkg.sh.in] Always create privsep user. ok djm@ | |
2344 | ||
2345 | 20060908 | |
2346 | - (dtucker) [auth-sia.c] Add includes required for build on Tru64. Patch | |
2347 | from Chris Adams. | |
2348 | - (dtucker) [configure.ac] The BSM header test needs time.h in some cases. | |
2349 | ||
2350 | 20060907 | |
2351 | - (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can | |
2352 | be used to drop privilege to; fixes Solaris GSSAPI crash reported by | |
2353 | Magnus Abrante; suggestion and feedback dtucker@ | |
2354 | NB. this change will require that the privilege separation user must | |
2355 | exist on all the time, not just when UsePrivilegeSeparation=yes | |
2356 | - (tim) [configure.ac] s/BROKEN_UPDWTMP/BROKEN_UPDWTMPX/ on SCO OSR6 | |
2357 | - (dtucker) [loginrec.c] Wrap paths.h in HAVE_PATHS_H. | |
2358 | - (dtucker) [regress/cfgmatch.sh] stop_client is racy, so give us a better | |
2359 | chance of winning. | |
2360 | ||
2361 | 20060905 | |
2362 | - (dtucker) [configure.ac] s/AC_DEFINES/AC_DEFINE/ spotted by Roumen Petrov. | |
2363 | - (dtucker) [loginrec.c] Include paths.h for _PATH_BTMP. | |
2364 | ||
2365 | 20060904 | |
2366 | - (dtucker) [configure.ac] Define BROKEN_UPDWTMP on SCO OSR6 as the native | |
2367 | updwdtmp seems to generate invalid wtmp entries. From Roger Cornelius, | |
2368 | ok djm@ | |
2369 | ||
2370 | 20060903 | |
2371 | - (dtucker) [configure.ac openbsd-compat/openbsd-compat.h] Check for | |
2372 | declaration of writev(2) and declare it ourselves if necessary. Makes | |
2373 | the atomiciov() calls build on really old systems. ok djm@ | |
2374 | ||
2375 | 20060902 | |
2376 | - (dtucker) [openbsd-compat/port-irix.c] Add errno.h, found by Iain Morgan. | |
2377 | - (dtucker) [ssh-keyscan.c ssh-rand-helper.c ssh.c sshconnect.c | |
2378 | openbsd-compat/bindresvport.c openbsd-compat/getrrsetbyname.c | |
2379 | openbsd-compat/port-tun.c openbsd-compat/rresvport.c] Include <arpa/inet.h> | |
2380 | for hton* and ntoh* macros. Required on (at least) HP-UX since we define | |
2381 | _XOPEN_SOURCE_EXTENDED. Found by santhi.amirta at gmail com. | |
2382 | ||
2383 | 20060901 | |
2384 | - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c] | |
2385 | [auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c] | |
2386 | [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c] | |
2387 | [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c] | |
2388 | [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] | |
2389 | [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c] | |
2390 | [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c] | |
2391 | [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c] | |
2392 | [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c] | |
2393 | [sshconnect1.c sshconnect2.c sshd.c] | |
2394 | [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c] | |
2395 | [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c] | |
2396 | [openbsd-compat/port-uw.c] | |
2397 | Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h; | |
2398 | compile problems reported by rac AT tenzing.org | |
2399 | - (djm) [includes.h monitor.c openbsd-compat/bindresvport.c] | |
2400 | [openbsd-compat/rresvport.c] Some more headers: netinet/in.h | |
2401 | sys/socket.h and unistd.h in various places | |
2402 | - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Fix implict declaration | |
2403 | warnings for binary_open and binary_close. Patch from Corinna Vinschen. | |
2404 | - (dtucker) [configure.ac includes.h openbsd-compat/glob.{c,h}] Explicitly | |
2405 | test for GLOB_NOMATCH and use our glob functions if it's not found. | |
2406 | Stops sftp from segfaulting when attempting to get a nonexistent file on | |
2407 | Cygwin (previous versions of OpenSSH didn't use the native glob). Partly | |
2408 | from and tested by Corinna Vinschen. | |
2409 | - (dtucker) [README contrib/{caldera,redhat,suse}/openssh.spec] Crank | |
2410 | versions. | |
2411 | ||
2412 | 20060831 | |
2413 | - (djm) [CREDITS LICENCE Makefile.in auth.c configure.ac includes.h ] | |
2414 | [platform.c platform.h sshd.c openbsd-compat/Makefile.in] | |
2415 | [openbsd-compat/openbsd-compat.h openbsd-compat/port-solaris.c] | |
2416 | [openbsd-compat/port-solaris.h] Add support for Solaris process | |
2417 | contracts, enabled with --use-solaris-contracts. Patch from Chad | |
2418 | Mynhier, tweaked by dtucker@ and myself; ok dtucker@ | |
2419 | - (dtucker) [contrib/cygwin/ssh-host-config] Add SeTcbPrivilege privilege | |
2420 | while setting up the ssh service account. Patch from Corinna Vinschen. | |
2421 | ||
2422 | 20060830 | |
2423 | - (djm) OpenBSD CVS Sync | |
2424 | - dtucker@cvs.openbsd.org 2006/08/21 08:14:01 | |
2425 | [sshd_config.5] | |
2426 | Document HostbasedUsesNameFromPacketOnly. Corrections from jmc@, | |
2427 | ok jmc@ djm@ | |
2428 | - dtucker@cvs.openbsd.org 2006/08/21 08:15:57 | |
2429 | [sshd.8] | |
2430 | Add more detail about what permissions are and aren't accepted for | |
2431 | authorized_keys files. Corrections jmc@, ok djm@, "looks good" jmc@ | |
2432 | - djm@cvs.openbsd.org 2006/08/29 10:40:19 | |
2433 | [channels.c session.c] | |
2434 | normalise some inconsistent (but harmless) NULL pointer checks | |
2435 | spotted by the Stanford SATURN tool, via Isil Dillig; | |
2436 | ok markus@ deraadt@ | |
2437 | - dtucker@cvs.openbsd.org 2006/08/29 12:02:30 | |
2438 | [gss-genr.c] | |
2439 | Work around a problem in Heimdal that occurs when KRB5CCNAME file is | |
2440 | missing, by checking whether or not kerberos allocated us a context | |
2441 | before attempting to free it. Patch from Simon Wilkinson, tested by | |
2442 | biorn@, ok djm@ | |
2443 | - dtucker@cvs.openbsd.org 2006/08/30 00:06:51 | |
2444 | [sshconnect2.c] | |
2445 | Fix regression where SSH2 banner is printed at loglevels ERROR and FATAL | |
2446 | where previously it weren't. bz #1221, found by Dean Kopesky, ok djm@ | |
2447 | - djm@cvs.openbsd.org 2006/08/30 00:14:37 | |
2448 | [version.h] | |
2449 | crank to 4.4 | |
2450 | - (djm) [openbsd-compat/xcrypt.c] needs unistd.h | |
2451 | - (dtucker) [auth.c openbsd-compat/port-aix.c] Bug #1207: always call | |
2452 | loginsuccess on AIX immediately after authentication to clear the failed | |
2453 | login count. Previously this would only happen when an interactive | |
2454 | session starts (ie when a pty is allocated) but this means that accounts | |
2455 | that have primarily non-interactive sessions (eg scp's) may gradually | |
2456 | accumulate enough failures to lock out an account. This change may have | |
2457 | a side effect of creating two audit records, one with a tty of "ssh" | |
2458 | corresponding to the authentication and one with the allocated pty per | |
2459 | interactive session. | |
2460 | ||
2461 | 20060824 | |
2462 | - (dtucker) [openbsd-compat/basename.c] Include errno.h. | |
2463 | - (dtucker) [openbsd-compat/bsd-misc.c] Add includes needed for select(2) on | |
2464 | older systems. | |
2465 | - (dtucker) [openbsd-compat/bsd-misc.c] Include <sys/select.h> for select(2) | |
2466 | on POSIX systems. | |
2467 | - (dtucker) [openbsd-compat/bsd-openpty.c] Include for ioctl(2). | |
2468 | - (dtucker) [openbsd-compat/rresvport.c] Include <stdlib.h> for malloc. | |
2469 | - (dtucker) [openbsd-compat/xmmap.c] Move #define HAVE_MMAP to prevent | |
2470 | unused variable warning when we have a broken or missing mmap(2). | |
2471 | ||
2472 | 20060822 | |
2473 | - (dtucker) [Makefile.in] Bug #1177: fix incorrect path for sshrc in | |
2474 | Makefile. Patch from santhi.amirta at gmail, ok djm. | |
2475 | ||
2476 | 20060820 | |
2477 | - (dtucker) [log.c] Move ifdef to prevent unused variable warning. | |
2478 | - (dtucker) [configure.ac] Save $LIBS during PAM library tests and restore | |
2479 | afterward. Removes the need to mangle $LIBS later to remove -lpam and -ldl. | |
2480 | - (dtucker) [configure.ac] Relocate --with-pam parts in preparation for | |
2481 | fixing bug #1181. No changes yet. | |
2482 | - (dtucker) [configure.ac] Bug #1181: Explicitly test to see if OpenSSL | |
2483 | (0.9.8a and presumably newer) requires -ldl to successfully link. | |
2484 | - (dtucker) [configure.ac] Remove errant "-". | |
2485 | ||
2486 | 20060819 | |
2487 | - (djm) OpenBSD CVS Sync | |
2488 | - djm@cvs.openbsd.org 2006/08/18 22:41:29 | |
2489 | [gss-genr.c] | |
2490 | GSSAPI error code should be 0 and not -1; from simon@sxw.org.uk | |
2491 | - (dtucker) [openbsd-compat/regress/Makefile.in] Add $(EXEEXT) and add a | |
2492 | single rule for the test progs. | |
2493 | ||
2494 | 20060818 | |
2495 | - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Resync with | |
2496 | closefrom.c from sudo. | |
2497 | - (dtucker) [openbsd-compat/bsd-closefrom.c] Comment out rcsid. | |
2498 | - (dtucker) [openbsd-compat/regress/snprintftest.c] Newline on error. | |
2499 | - (dtucker) [openbsd-compat/regress/Makefile.in] Use implicit rules for the | |
2500 | test progs instead; they work better than what we have. | |
2501 | - (djm) OpenBSD CVS Sync | |
2502 | - stevesk@cvs.openbsd.org 2006/08/06 01:13:32 | |
2503 | [compress.c monitor.c monitor_wrap.c] | |
2504 | "zlib.h" can be <zlib.h>; ok djm@ markus@ | |
2505 | - miod@cvs.openbsd.org 2006/08/12 20:46:46 | |
2506 | [monitor.c monitor_wrap.c] | |
2507 | Revert previous include file ordering change, for ssh to compile under | |
2508 | gcc2 (or until openssl include files are cleaned of parameter names | |
2509 | in function prototypes) | |
2510 | - dtucker@cvs.openbsd.org 2006/08/14 12:40:25 | |
2511 | [servconf.c servconf.h sshd_config.5] | |
2512 | Add ability to match groups to Match keyword in sshd_config. Feedback | |
2513 | djm@, stevesk@, ok stevesk@. | |
2514 | - djm@cvs.openbsd.org 2006/08/16 11:47:15 | |
2515 | [sshd.c] | |
2516 | factor inetd connection, TCP listen and main TCP accept loop out of | |
2517 | main() into separate functions to improve readability; ok markus@ | |
2518 | - deraadt@cvs.openbsd.org 2006/08/18 09:13:26 | |
2519 | [log.c log.h sshd.c] | |
2520 | make signal handler termination path shorter; risky code pointed out by | |
2521 | mark dowd; ok djm markus | |
2522 | - markus@cvs.openbsd.org 2006/08/18 09:15:20 | |
2523 | [auth.h session.c sshd.c] | |
2524 | delay authentication related cleanups until we're authenticated and | |
2525 | all alarms have been cancelled; ok deraadt | |
2526 | - djm@cvs.openbsd.org 2006/08/18 10:27:16 | |
2527 | [misc.h] | |
2528 | reorder so prototypes are sorted by the files they refer to; no | |
2529 | binary change | |
2530 | - djm@cvs.openbsd.org 2006/08/18 13:54:54 | |
2531 | [gss-genr.c ssh-gss.h sshconnect2.c] | |
2532 | bz #1218 - disable SPNEGO as per RFC4462; diff from simon AT sxw.org.uk | |
2533 | ok markus@ | |
2534 | - djm@cvs.openbsd.org 2006/08/18 14:40:34 | |
2535 | [gss-genr.c ssh-gss.h] | |
2536 | constify host argument to match the rest of the GSSAPI functions and | |
2537 | unbreak compilation with -Werror | |
2538 | - (djm) Disable sigdie() for platforms that cannot safely syslog inside | |
2539 | a signal handler (basically all of them, excepting OpenBSD); | |
2540 | ok dtucker@ | |
2541 | ||
2542 | 20060817 | |
2543 | - (dtucker) [openbsd-compat/fake-rfc2553.c openbsd-compat/setproctitle.c] | |
2544 | Include stdlib.h for malloc and friends. | |
2545 | - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Use F_CLOSEM fcntl | |
2546 | for closefrom() on AIX. Pointed out by William Ahern. | |
2547 | - (dtucker) [openbsd-compat/regress/{Makefile.in,closefromtest.c}] Regress | |
2548 | test for closefrom() in compat code. | |
2549 | ||
2550 | 20060816 | |
2551 | - (djm) [audit-bsm.c] Sprinkle in some headers | |
2552 | ||
2553 | 20060815 | |
2554 | - (dtucker) [LICENCE] Add Reyk to the list for the compat dir. | |
2555 | ||
2556 | 20060806 | |
2557 | - (djm) [openbsd-compat/bsd-getpeereid.c] Add some headers to quiet warnings | |
2558 | on Solaris 10 | |
2559 | ||
2560 | 20060806 | |
2561 | - (dtucker) [defines.h] With the includes.h changes we no longer get the | |
2562 | name clash on "YES" so we can remove the workaround for it. | |
2563 | - (dtucker) [openbsd-compat/{bsd-asprintf.c,bsd-openpty.c,bsd-snprintf.c, | |
2564 | glob.c}] Include stdlib.h for malloc and friends in compat code. | |
2565 | ||
2566 | 20060805 | |
2567 | - (djm) OpenBSD CVS Sync | |
2568 | - stevesk@cvs.openbsd.org 2006/07/24 13:58:22 | |
2569 | [sshconnect.c] | |
2570 | disable tunnel forwarding when no strict host key checking | |
2571 | and key changed; ok djm@ markus@ dtucker@ | |
2572 | - stevesk@cvs.openbsd.org 2006/07/25 02:01:34 | |
2573 | [scard.c] | |
2574 | need #include <string.h> | |
2575 | - stevesk@cvs.openbsd.org 2006/07/25 02:59:21 | |
2576 | [channels.c clientloop.c packet.c scp.c serverloop.c sftp-client.c] | |
2577 | [sftp-server.c ssh-agent.c ssh-keyscan.c sshconnect.c sshd.c] | |
2578 | move #include <sys/time.h> out of includes.h | |
2579 | - stevesk@cvs.openbsd.org 2006/07/26 02:35:17 | |
2580 | [atomicio.c auth.c dh.c authfile.c buffer.c clientloop.c kex.c] | |
2581 | [groupaccess.c gss-genr.c kexgexs.c misc.c monitor.c monitor_mm.c] | |
2582 | [packet.c scp.c serverloop.c session.c sftp-client.c sftp-common.c] | |
2583 | [sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-keygen.c sshlogin.c] | |
2584 | [uidswap.c xmalloc.c] | |
2585 | move #include <sys/param.h> out of includes.h | |
2586 | - stevesk@cvs.openbsd.org 2006/07/26 13:57:17 | |
2587 | [authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c] | |
2588 | [hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c] | |
2589 | [scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] | |
2590 | [ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c] | |
2591 | [sshconnect1.c sshd.c xmalloc.c] | |
2592 | move #include <stdlib.h> out of includes.h | |
2593 | - jmc@cvs.openbsd.org 2006/07/27 08:00:50 | |
2594 | [ssh_config.5] | |
2595 | avoid confusing wording in HashKnownHosts: | |
2596 | originally spotted by alan amesbury; | |
2597 | ok deraadt | |
2598 | - jmc@cvs.openbsd.org 2006/07/27 08:00:50 | |
2599 | [ssh_config.5] | |
2600 | avoid confusing wording in HashKnownHosts: | |
2601 | originally spotted by alan amesbury; | |
2602 | ok deraadt | |
2603 | - dtucker@cvs.openbsd.org 2006/08/01 11:34:36 | |
2604 | [sshconnect.c] | |
2605 | Allow fallback to known_hosts entries without port qualifiers for | |
2606 | non-standard ports too, so that all existing known_hosts entries will be | |
2607 | recognised. Requested by, feedback and ok markus@ | |
2608 | - stevesk@cvs.openbsd.org 2006/08/01 23:22:48 | |
2609 | [auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c] | |
2610 | [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c] | |
2611 | [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c] | |
2612 | [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c] | |
2613 | [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c] | |
2614 | [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c] | |
2615 | [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c] | |
2616 | [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c] | |
2617 | [uuencode.h xmalloc.c] | |
2618 | move #include <stdio.h> out of includes.h | |
2619 | - stevesk@cvs.openbsd.org 2006/08/01 23:36:12 | |
2620 | [authfile.c channels.c progressmeter.c scard.c servconf.c ssh.c] | |
2621 | clean extra spaces | |
2622 | - deraadt@cvs.openbsd.org 2006/08/03 03:34:42 | |
2623 | [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c] | |
2624 | [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c] | |
2625 | [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c] | |
2626 | [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ] | |
2627 | [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c] | |
2628 | [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c] | |
2629 | [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] | |
2630 | [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c] | |
2631 | [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] | |
2632 | [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c] | |
2633 | [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c] | |
2634 | [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c] | |
2635 | [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c] | |
2636 | [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h] | |
2637 | [serverloop.c session.c session.h sftp-client.c sftp-common.c] | |
2638 | [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] | |
2639 | [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c] | |
2640 | [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c] | |
2641 | [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c] | |
2642 | [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h] | |
2643 | [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h] | |
2644 | almost entirely get rid of the culture of ".h files that include .h files" | |
2645 | ok djm, sort of ok stevesk | |
2646 | makes the pain stop in one easy step | |
2647 | NB. portable commit contains everything *except* removing includes.h, as | |
2648 | that will take a fair bit more work as we move headers that are required | |
2649 | for portability workarounds to defines.h. (also, this step wasn't "easy") | |
2650 | - stevesk@cvs.openbsd.org 2006/08/04 20:46:05 | |
2651 | [monitor.c session.c ssh-agent.c] | |
2652 | spaces | |
2653 | - (djm) [auth-pam.c defines.h] Move PAM related bits to auth-pam.c | |
2654 | - (djm) [auth-pam.c auth.c bufaux.h entropy.c openbsd-compat/port-tun.c] | |
2655 | remove last traces of bufaux.h - it was merged into buffer.h in the big | |
2656 | includes.h commit | |
2657 | - (djm) [auth.c loginrec.c] Missing netinet/in.h for loginrec | |
2658 | - (djm) [openbsd-compat/regress/snprintftest.c] | |
2659 | [openbsd-compat/regress/strduptest.c] Add missing includes so they pass | |
2660 | compilation with "-Wall -Werror" | |
2661 | - (djm) [auth-pam.c auth-shadow.c auth2-none.c cleanup.c sshd.c] | |
2662 | [openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Sprinkle more | |
2663 | includes for Linux in | |
2664 | - (dtucker) [cleanup.c] Need defines.h for __dead. | |
2665 | - (dtucker) [auth2-gss.c] We still need the #ifdef GSSAPI in -portable. | |
2666 | - (dtucker) [openbsd-compat/{bsd-arc4random.c,port-tun.c,xmmap.c}] Lots of | |
2667 | #include stdarg.h, needed for log.h. | |
2668 | - (dtucker) [entropy.c] Needs unistd.h too. | |
2669 | - (dtucker) [ssh-rand-helper.c] Needs stdarg.h for log.h. | |
2670 | - (dtucker) [openbsd-compat/getrrsetbyname.c] Nees stdlib.h for malloc. | |
2671 | - (dtucker) [openbsd-compat/strtonum.c] Include stdlib.h for strtoll, | |
2672 | otherwise it is implicitly declared as returning an int. | |
2673 | - (dtucker) OpenBSD CVS Sync | |
2674 | - dtucker@cvs.openbsd.org 2006/08/05 07:52:52 | |
2675 | [auth2-none.c sshd.c monitor_wrap.c] | |
2676 | Add headers required to build with KERBEROS5=no. ok djm@ | |
2677 | - dtucker@cvs.openbsd.org 2006/08/05 08:00:33 | |
2678 | [auth-skey.c] | |
2679 | Add headers required to build with -DSKEY. ok djm@ | |
2680 | - dtucker@cvs.openbsd.org 2006/08/05 08:28:24 | |
2681 | [monitor_wrap.c auth-skey.c auth2-chall.c] | |
2682 | Zap unused variables in -DSKEY code. ok djm@ | |
2683 | - dtucker@cvs.openbsd.org 2006/08/05 08:34:04 | |
2684 | [packet.c] | |
2685 | Typo in comment | |
2686 | - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Add headers required to compile | |
2687 | on Cygwin. | |
2688 | - (dtucker) [openbsd-compat/fake-rfc2553.c] Add headers needed for inet_ntoa. | |
2689 | - (dtucker) [auth-skey.c] monitor_wrap.h needs ssh-gss.h. | |
2690 | - (dtucker) [audit.c audit.h] Repair headers. | |
2691 | - (dtucker) [audit-bsm.c] Add additional headers now required. | |
2692 | ||
2693 | 20060804 | |
2694 | - (dtucker) [configure.ac] The "crippled AES" test does not work on recent | |
2695 | versions of Solaris, so use AC_LINK_IFELSE to actually link the test program | |
2696 | rather than just compiling it. Spotted by dlg@. | |
2697 | ||
2698 | 20060802 | |
2699 | - (dtucker) [openbsd-compat/daemon.c] Add unistd.h for fork() prototype. | |
2700 | ||
2701 | 20060725 | |
2702 | - (dtucker) [openbsd-compat/xmmap.c] Need fcntl.h for O_RDRW. | |
2703 | ||
2704 | 20060724 | |
2705 | - (djm) OpenBSD CVS Sync | |
2706 | - jmc@cvs.openbsd.org 2006/07/12 13:39:55 | |
2707 | [sshd_config.5] | |
2708 | - new sentence, new line | |
2709 | - s/The the/The/ | |
2710 | - kill a bad comma | |
2711 | - stevesk@cvs.openbsd.org 2006/07/12 22:28:52 | |
2712 | [auth-options.c canohost.c channels.c includes.h readconf.c] | |
2713 | [servconf.c ssh-keyscan.c ssh.c sshconnect.c sshd.c] | |
2714 | move #include <netdb.h> out of includes.h; ok djm@ | |
2715 | - stevesk@cvs.openbsd.org 2006/07/12 22:42:32 | |
2716 | [includes.h ssh.c ssh-rand-helper.c] | |
2717 | move #include <stddef.h> out of includes.h | |
2718 | - stevesk@cvs.openbsd.org 2006/07/14 01:15:28 | |
2719 | [monitor_wrap.h] | |
2720 | don't need incompletely-typed 'struct passwd' now with | |
2721 | #include <pwd.h>; ok markus@ | |
2722 | - stevesk@cvs.openbsd.org 2006/07/17 01:31:10 | |
2723 | [authfd.c authfile.c channels.c cleanup.c clientloop.c groupaccess.c] | |
2724 | [includes.h log.c misc.c msg.c packet.c progressmeter.c readconf.c] | |
2725 | [readpass.c scp.c servconf.c sftp-client.c sftp-server.c sftp.c] | |
2726 | [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c] | |
2727 | [sshconnect.c sshlogin.c sshpty.c uidswap.c] | |
2728 | move #include <unistd.h> out of includes.h | |
2729 | - dtucker@cvs.openbsd.org 2006/07/17 12:02:24 | |
2730 | [auth-options.c] | |
2731 | Use '\0' rather than 0 to terminates strings; ok djm@ | |
2732 | - dtucker@cvs.openbsd.org 2006/07/17 12:06:00 | |
2733 | [channels.c channels.h servconf.c sshd_config.5] | |
2734 | Add PermitOpen directive to sshd_config which is equivalent to the | |
2735 | "permitopen" key option. Allows server admin to allow TCP port | |
2736 | forwarding only two specific host/port pairs. Useful when combined | |
2737 | with Match. | |
2738 | If permitopen is used in both sshd_config and a key option, both | |
2739 | must allow a given connection before it will be permitted. | |
2740 | Note that users can still use external forwarders such as netcat, | |
2741 | so to be those must be controlled too for the limits to be effective. | |
2742 | Feedback & ok djm@, man page corrections & ok jmc@. | |
2743 | - jmc@cvs.openbsd.org 2006/07/18 07:50:40 | |
2744 | [sshd_config.5] | |
2745 | tweak; ok dtucker | |
2746 | - jmc@cvs.openbsd.org 2006/07/18 07:56:28 | |
2747 | [scp.1] | |
2748 | replace DIAGNOSTICS with .Ex; | |
2749 | - jmc@cvs.openbsd.org 2006/07/18 08:03:09 | |
2750 | [ssh-agent.1 sshd_config.5] | |
2751 | mark up angle brackets; | |
2752 | - dtucker@cvs.openbsd.org 2006/07/18 08:22:23 | |
2753 | [sshd_config.5] | |
2754 | Clarify description of Match, with minor correction from jmc@ | |
2755 | - stevesk@cvs.openbsd.org 2006/07/18 22:27:55 | |
2756 | [dh.c] | |
2757 | remove unneeded includes; ok djm@ | |
2758 | - dtucker@cvs.openbsd.org 2006/07/19 08:56:41 | |
2759 | [servconf.c sshd_config.5] | |
2760 | Add support for X11Forwaring, X11DisplayOffset and X11UseLocalhost to | |
2761 | Match. ok djm@ | |
2762 | - dtucker@cvs.openbsd.org 2006/07/19 13:07:10 | |
2763 | [servconf.c servconf.h session.c sshd.8 sshd_config sshd_config.5] | |
2764 | Add ForceCommand keyword to sshd_config, equivalent to the "command=" | |
2765 | key option, man page entry and example in sshd_config. | |
2766 | Feedback & ok djm@, man page corrections & ok jmc@ | |
2767 | - stevesk@cvs.openbsd.org 2006/07/20 15:26:15 | |
2768 | [auth1.c serverloop.c session.c sshconnect2.c] | |
2769 | missed some needed #include <unistd.h> when KERBEROS5=no; issue from | |
2770 | massimo@cedoc.mo.it | |
2771 | - dtucker@cvs.openbsd.org 2006/07/21 12:43:36 | |
2772 | [channels.c channels.h servconf.c servconf.h sshd_config.5] | |
2773 | Make PermitOpen take a list of permitted ports and act more like most | |
2774 | other keywords (ie the first match is the effective setting). This | |
2775 | also makes it easier to override a previously set PermitOpen. ok djm@ | |
2776 | - stevesk@cvs.openbsd.org 2006/07/21 21:13:30 | |
2777 | [channels.c] | |
2778 | more ARGSUSED (lint) for dispatch table-driven functions; ok djm@ | |
2779 | - stevesk@cvs.openbsd.org 2006/07/21 21:26:55 | |
2780 | [progressmeter.c] | |
2781 | ARGSUSED for signal handler | |
2782 | - stevesk@cvs.openbsd.org 2006/07/22 19:08:54 | |
2783 | [includes.h moduli.c progressmeter.c scp.c sftp-common.c] | |
2784 | [sftp-server.c ssh-agent.c sshlogin.c] | |
2785 | move #include <time.h> out of includes.h | |
2786 | - stevesk@cvs.openbsd.org 2006/07/22 20:48:23 | |
2787 | [atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c] | |
2788 | [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c] | |
2789 | [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c] | |
2790 | [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c] | |
2791 | [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c] | |
2792 | [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c] | |
2793 | [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c] | |
2794 | [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c] | |
2795 | [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c] | |
2796 | [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c] | |
2797 | [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] | |
2798 | [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c] | |
2799 | [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c] | |
2800 | move #include <string.h> out of includes.h | |
2801 | - stevesk@cvs.openbsd.org 2006/07/23 01:11:05 | |
2802 | [auth.h dispatch.c kex.h sftp-client.c] | |
2803 | #include <signal.h> for sig_atomic_t; need this prior to <sys/param.h> | |
2804 | move | |
2805 | - (djm) [acss.c auth-krb5.c auth-options.c auth-pam.c auth-shadow.c] | |
2806 | [canohost.c channels.c cipher-acss.c defines.h dns.c gss-genr.c] | |
2807 | [gss-serv-krb5.c gss-serv.c log.h loginrec.c logintest.c readconf.c] | |
2808 | [servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c] | |
2809 | [ssh.c sshconnect.c sshd.c openbsd-compat/bindresvport.c] | |
2810 | [openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-misc.c] | |
2811 | [openbsd-compat/getrrsetbyname.c openbsd-compat/glob.c] | |
2812 | [openbsd-compat/mktemp.c openbsd-compat/port-linux.c] | |
2813 | [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c] | |
2814 | [openbsd-compat/setproctitle.c openbsd-compat/xmmap.c] | |
2815 | make the portable tree compile again - sprinkle unistd.h and string.h | |
2816 | back in. Don't redefine __unused, as it turned out to be used in | |
2817 | headers on Linux, and replace its use in auth-pam.c with ARGSUSED | |
2818 | - (djm) [openbsd-compat/glob.c] | |
2819 | Move get_arg_max() into the ifdef HAVE_GLOB block so that it compiles | |
2820 | on OpenBSD (or other platforms with a decent glob implementation) with | |
2821 | -Werror | |
2822 | - (djm) [uuencode.c] | |
2823 | Add resolv.h, is it contains the prototypes for __b64_ntop/__b64_pton on | |
2824 | some platforms | |
2825 | - (djm) [session.c] | |
2826 | fix compile error with -Werror -Wall: 'path' is only used in | |
2827 | do_setup_env() if HAVE_LOGIN_CAP is not defined | |
2828 | - (djm) [openbsd-compat/basename.c openbsd-compat/bsd-closefrom.c] | |
2829 | [openbsd-compat/bsd-cray.c openbsd-compat/bsd-openpty.c] | |
2830 | [openbsd-compat/bsd-snprintf.c openbsd-compat/fake-rfc2553.c] | |
2831 | [openbsd-compat/port-aix.c openbsd-compat/port-irix.c] | |
2832 | [openbsd-compat/rresvport.c] | |
2833 | These look to need string.h and/or unistd.h (based on a grep for function | |
2834 | names) | |
2835 | - (djm) [Makefile.in] | |
2836 | Remove generated openbsd-compat/regress/Makefile in distclean target | |
2837 | - (djm) [regress/Makefile regress/agent-getpeereid.sh regress/cfgmatch.sh] | |
2838 | [regress/cipher-speed.sh regress/forcecommand.sh regress/forwarding.sh] | |
2839 | Sync regress tests to -current; include dtucker@'s new cfgmatch and | |
2840 | forcecommand tests. Add cipher-speed.sh test (not linked in yet) | |
2841 | - (dtucker) [cleanup.c] Since config.h defines _LARGE_FILES on AIX, including | |
2842 | system headers before defines.h will cause conflicting definitions. | |
2843 | - (dtucker) [regress/forcecommand.sh] Portablize. | |
2844 | ||
2845 | 20060713 | |
2846 | - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h | |
2847 | ||
2848 | 20060712 | |
2849 | - (dtucker) [configure.ac defines.h] Only define SHUT_RD (and friends) and | |
2850 | O_NONBLOCK if they're really needed. Fixes build errors on HP-UX, old | |
2851 | Linuxes and probably more. | |
2852 | - (dtucker) [configure.ac] OpenBSD needs <sys/types.h> before <sys/socket.h> | |
2853 | for SHUT_RD. | |
2854 | - (dtucker) [openbsd-compat/port-tun.c] OpenBSD needs <netinet/in.h> before | |
2855 | <netinet/ip.h>. | |
2856 | - (dtucker) OpenBSD CVS Sync | |
2857 | - stevesk@cvs.openbsd.org 2006/07/10 16:01:57 | |
2858 | [sftp-glob.c sftp-common.h sftp.c] | |
2859 | buffer.h only needed in sftp-common.h and remove some unneeded | |
2860 | user includes; ok djm@ | |
2861 | - jmc@cvs.openbsd.org 2006/07/10 16:04:21 | |
2862 | [sshd.8] | |
2863 | s/and and/and/ | |
2864 | - stevesk@cvs.openbsd.org 2006/07/10 16:37:36 | |
2865 | [readpass.c log.h scp.c fatal.c xmalloc.c includes.h ssh-keyscan.c misc.c | |
2866 | auth.c packet.c log.c] | |
2867 | move #include <stdarg.h> out of includes.h; ok markus@ | |
2868 | - dtucker@cvs.openbsd.org 2006/07/11 10:12:07 | |
2869 | [ssh.c] | |
2870 | Only copy the part of environment variable that we actually use. Prevents | |
2871 | ssh bailing when SendEnv is used and an environment variable with a really | |
2872 | long value exists. ok djm@ | |
2873 | - markus@cvs.openbsd.org 2006/07/11 18:50:48 | |
2874 | [clientloop.c ssh.1 ssh.c channels.c ssh_config.5 readconf.h session.c | |
2875 | channels.h readconf.c] | |
2876 | add ExitOnForwardFailure: terminate the connection if ssh(1) | |
2877 | cannot set up all requested dynamic, local, and remote port | |
2878 | forwardings. ok djm, dtucker, stevesk, jmc | |
2879 | - stevesk@cvs.openbsd.org 2006/07/11 20:07:25 | |
2880 | [scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c | |
2881 | sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c | |
2882 | includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c | |
2883 | sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c | |
2884 | ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c] | |
2885 | move #include <errno.h> out of includes.h; ok markus@ | |
2886 | - stevesk@cvs.openbsd.org 2006/07/11 20:16:43 | |
2887 | [ssh.c] | |
2888 | cast asterisk field precision argument to int to remove warning; | |
2889 | ok markus@ | |
2890 | - stevesk@cvs.openbsd.org 2006/07/11 20:27:56 | |
2891 | [authfile.c ssh.c] | |
2892 | need <errno.h> here also (it's also included in <openssl/err.h>) | |
2893 | - dtucker@cvs.openbsd.org 2006/07/12 11:34:58 | |
2894 | [sshd.c servconf.h servconf.c sshd_config.5 auth.c] | |
2895 | Add support for conditional directives to sshd_config via a "Match" | |
2896 | keyword, which works similarly to the "Host" directive in ssh_config. | |
2897 | Lines after a Match line override the default set in the main section | |
2898 | if the condition on the Match line is true, eg | |
2899 | AllowTcpForwarding yes | |
2900 | Match User anoncvs | |
2901 | AllowTcpForwarding no | |
2902 | will allow port forwarding by all users except "anoncvs". | |
2903 | Currently only a very small subset of directives are supported. | |
2904 | ok djm@ | |
2905 | - (dtucker) [loginrec.c openbsd-compat/xmmap.c openbsd-compat/bindresvport.c | |
2906 | openbsd-compat/glob.c openbsd-compat/mktemp.c openbsd-compat/port-tun.c | |
2907 | openbsd-compat/readpassphrase.c openbsd-compat/strtonum.c] Include <errno.h>. | |
2908 | - (dtucker) [openbsd-compat/setproctitle.c] Include stdarg.h. | |
2909 | - (dtucker) [ssh-keyscan.c ssh-rand-helper.c] More errno.h here too. | |
2910 | - (dtucker) [openbsd-compat/openbsd-compat.h] v*printf needs stdarg.h. | |
2911 | - (dtucker) [openbsd-compat/bsd-asprintf.c openbsd-compat/port-aix.c | |
2912 | openbsd-compat/rresvport.c] More errno.h. | |
2913 | ||
2914 | 20060711 | |
2915 | - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c | |
2916 | openbsd-compat/daemon.c] Add includes needed by open(2). Conditionally | |
2917 | include paths.h. Fixes build error on Solaris. | |
2918 | - (dtucker) [entropy.c] More fcntl.h, this time on AIX (and probably | |
2919 | others). | |
2920 | ||
2921 | 20060710 | |
2922 | - (dtucker) [INSTALL] New autoconf version: 2.60. | |
2923 | - OpenBSD CVS Sync | |
2924 | - djm@cvs.openbsd.org 2006/06/14 10:50:42 | |
2925 | [sshconnect.c] | |
2926 | limit the number of pre-banner characters we will accept; ok markus@ | |
2927 | - djm@cvs.openbsd.org 2006/06/26 10:36:15 | |
2928 | [clientloop.c] | |
2929 | mention optional bind_address in runtime port forwarding setup | |
2930 | command-line help. patch from santhi.amirta AT gmail.com | |
2931 | - stevesk@cvs.openbsd.org 2006/07/02 17:12:58 | |
2932 | [ssh.1 ssh.c ssh_config.5 sshd_config.5] | |
2933 | more details and clarity for tun(4) device forwarding; ok and help | |
2934 | jmc@ | |
2935 | - stevesk@cvs.openbsd.org 2006/07/02 18:36:47 | |
2936 | [gss-serv-krb5.c gss-serv.c] | |
2937 | no "servconf.h" needed here | |
2938 | (gss-serv-krb5.c change not applied, portable needs the server options) | |
2939 | - stevesk@cvs.openbsd.org 2006/07/02 22:45:59 | |
2940 | [groupaccess.c groupaccess.h includes.h session.c sftp-common.c sshpty.c] | |
2941 | move #include <grp.h> out of includes.h | |
2942 | (portable needed uidswap.c too) | |
2943 | - stevesk@cvs.openbsd.org 2006/07/02 23:01:55 | |
2944 | [clientloop.c ssh.1] | |
2945 | use -KR[bind_address:]port here; ok djm@ | |
2946 | - stevesk@cvs.openbsd.org 2006/07/03 08:54:20 | |
2947 | [includes.h ssh.c sshconnect.c sshd.c] | |
2948 | move #include "version.h" out of includes.h; ok markus@ | |
2949 | - stevesk@cvs.openbsd.org 2006/07/03 17:59:32 | |
2950 | [channels.c includes.h] | |
2951 | move #include <arpa/inet.h> out of includes.h; old ok djm@ | |
2952 | (portable needed session.c too) | |
2953 | - stevesk@cvs.openbsd.org 2006/07/05 02:42:09 | |
2954 | [canohost.c hostfile.c includes.h misc.c packet.c readconf.c] | |
2955 | [serverloop.c sshconnect.c uuencode.c] | |
2956 | move #include <netinet/in.h> out of includes.h; ok deraadt@ | |
2957 | (also ssh-rand-helper.c logintest.c loginrec.c) | |
2958 | - djm@cvs.openbsd.org 2006/07/06 10:47:05 | |
2959 | [servconf.c servconf.h session.c sshd_config.5] | |
2960 | support arguments to Subsystem commands; ok markus@ | |
2961 | - djm@cvs.openbsd.org 2006/07/06 10:47:57 | |
2962 | [sftp-server.8 sftp-server.c] | |
2963 | add commandline options to enable logging of transactions; ok markus@ | |
2964 | - stevesk@cvs.openbsd.org 2006/07/06 16:03:53 | |
2965 | [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c] | |
2966 | [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c] | |
2967 | [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c] | |
2968 | [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c] | |
2969 | [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c] | |
2970 | [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c] | |
2971 | [uidswap.h] | |
2972 | move #include <pwd.h> out of includes.h; ok markus@ | |
2973 | - stevesk@cvs.openbsd.org 2006/07/06 16:22:39 | |
2974 | [ssh-keygen.c] | |
2975 | move #include "dns.h" up | |
2976 | - stevesk@cvs.openbsd.org 2006/07/06 17:36:37 | |
2977 | [monitor_wrap.h] | |
2978 | typo in comment | |
2979 | - stevesk@cvs.openbsd.org 2006/07/08 21:47:12 | |
2980 | [authfd.c canohost.c clientloop.c dns.c dns.h includes.h] | |
2981 | [monitor_fdpass.c nchan.c packet.c servconf.c sftp.c ssh-agent.c] | |
2982 | [ssh-keyscan.c ssh.c sshconnect.h sshd.c sshlogin.h] | |
2983 | move #include <sys/socket.h> out of includes.h | |
2984 | - stevesk@cvs.openbsd.org 2006/07/08 21:48:53 | |
2985 | [monitor.c session.c] | |
2986 | missed these from last commit: | |
2987 | move #include <sys/socket.h> out of includes.h | |
2988 | - stevesk@cvs.openbsd.org 2006/07/08 23:30:06 | |
2989 | [log.c] | |
2990 | move user includes after /usr/include files | |
2991 | - stevesk@cvs.openbsd.org 2006/07/09 15:15:11 | |
2992 | [auth2-none.c authfd.c authfile.c includes.h misc.c monitor.c] | |
2993 | [readpass.c scp.c serverloop.c sftp-client.c sftp-server.c] | |
2994 | [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] | |
2995 | [sshlogin.c sshpty.c] | |
2996 | move #include <fcntl.h> out of includes.h | |
2997 | - stevesk@cvs.openbsd.org 2006/07/09 15:27:59 | |
2998 | [ssh-add.c] | |
2999 | use O_RDONLY vs. 0 in open(); no binary change | |
3000 | - djm@cvs.openbsd.org 2006/07/10 11:24:54 | |
3001 | [sftp-server.c] | |
3002 | remove optind - it isn't used here | |
3003 | - djm@cvs.openbsd.org 2006/07/10 11:25:53 | |
3004 | [sftp-server.c] | |
3005 | don't log variables that aren't yet set | |
3006 | - (djm) [loginrec.c ssh-rand-helper.c sshd.c openbsd-compat/glob.c] | |
3007 | [openbsd-compat/mktemp.c openbsd-compat/openbsd-compat.h] | |
3008 | [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c] | |
3009 | [openbsd-compat/xcrypt.c] Fix includes.h fallout, mainly fcntl.h | |
3010 | - OpenBSD CVS Sync | |
3011 | - djm@cvs.openbsd.org 2006/07/10 12:03:20 | |
3012 | [scp.c] | |
3013 | duplicate argv at the start of main() because it gets modified later; | |
3014 | pointed out by deraadt@ ok markus@ | |
3015 | - djm@cvs.openbsd.org 2006/07/10 12:08:08 | |
3016 | [channels.c] | |
3017 | fix misparsing of SOCKS 5 packets that could result in a crash; | |
3018 | reported by mk@ ok markus@ | |
3019 | - dtucker@cvs.openbsd.org 2006/07/10 12:46:51 | |
3020 | [misc.c misc.h sshd.8 sshconnect.c] | |
3021 | Add port identifier to known_hosts for non-default ports, based originally | |
3022 | on a patch from Devin Nate in bz#910. | |
3023 | For any connection using the default port or using a HostKeyAlias the | |
3024 | format is unchanged, otherwise the host name or address is enclosed | |
3025 | within square brackets in the same format as sshd's ListenAddress. | |
3026 | Tested by many, ok markus@. | |
3027 | - (dtucker) [openbsd-compat/openbsd-compat.h] Need to include <sys/socket.h> | |
3028 | for struct sockaddr on platforms that use the fake-rfc stuff. | |
3029 | ||
3030 | 20060706 | |
3031 | - (dtucker) [configure.ac] Try AIX blibpath test in different order when | |
3032 | compiling with gcc. gcc 4.1.x will accept (but ignore) -b flags so | |
3033 | configure would not select the correct libpath linker flags. | |
3034 | - (dtucker) [INSTALL] A bit more info on autoconf. | |
3035 | ||
3036 | 20060705 | |
3037 | - (dtucker) [ssh-rand-helper.c] Don't exit if mkdir fails because the | |
3038 | target already exists. | |
3039 | ||
3040 | 20060630 | |
3041 | - (dtucker) [openbsd-compat/openbsd-compat.h] SNPRINTF_CONST for snprintf | |
3042 | declaration too. Patch from russ at sludge.net. | |
3043 | - (dtucker) [openbsd-compat/getrrsetbyname.c] Undef _res before defining it, | |
3044 | prevents warnings on platforms where _res is in the system headers. | |
3045 | - (dtucker) [INSTALL] Bug #1202: Note when autoconf is required and which | |
3046 | version. | |
3047 | ||
3048 | 20060627 | |
3049 | - (dtucker) [configure.ac] Bug #1203: Add missing '[', which causes problems | |
3050 | with autoconf 2.60. Patch from vapier at gentoo.org. | |
3051 | ||
3052 | 20060625 | |
3053 | - (dtucker) [channels.c serverloop.c] Apply the bug #1102 workaround to ptys | |
3054 | only, otherwise sshd can hang exiting non-interactive sessions. | |
3055 | ||
3056 | 20060624 | |
3057 | - (dtucker) [configure.ac] Bug #1193: Define PASSWD_NEEDS_USERNAME on Solaris. | |
3058 | Works around limitation in Solaris' passwd program for changing passwords | |
3059 | where the username is longer than 8 characters. ok djm@ | |
3060 | - (dtucker) [serverloop.c] Get ifdef/ifndef the right way around for the bug | |
3061 | #1102 workaround. | |
3062 | ||
3063 | 20060623 | |
3064 | - (dtucker) [README.platform configure.ac openbsd-compat/port-tun.c] Add | |
3065 | tunnel support for Mac OS X/Darwin via a third-party tun driver. Patch | |
3066 | from reyk@, tested by anil@ | |
3067 | - (dtucker) [channels.c configure.ac serverloop.c] Bug #1102: Around AIX | |
3068 | 4.3.3 ML3 or so, the AIX pty layer starting passing zero-length writes | |
3069 | on the pty slave as zero-length reads on the pty master, which sshd | |
3070 | interprets as the descriptor closing. Since most things don't do zero | |
3071 | length writes this rarely matters, but occasionally it happens, and when | |
3072 | it does the SSH pty session appears to hang, so we add a special case for | |
3073 | this condition. ok djm@ | |
3074 | ||
3075 | 20060613 | |
3076 | - (djm) [getput.h] This file has been replaced by functions in misc.c | |
3077 | - OpenBSD CVS Sync | |
3078 | - djm@cvs.openbsd.org 2006/05/08 10:49:48 | |
3079 | [sshconnect2.c] | |
3080 | uint32_t -> u_int32_t (which we use everywhere else) | |
3081 | (Id sync only - portable already had this) | |
3082 | - markus@cvs.openbsd.org 2006/05/16 09:00:00 | |
3083 | [clientloop.c] | |
3084 | missing free; from Kylene Hall | |
3085 | - markus@cvs.openbsd.org 2006/05/17 12:43:34 | |
3086 | [scp.c sftp.c ssh-agent.c ssh-keygen.c sshconnect.c] | |
3087 | fix leak; coverity via Kylene Jo Hall | |
3088 | - miod@cvs.openbsd.org 2006/05/18 21:27:25 | |
3089 | [kexdhc.c kexgexc.c] | |
3090 | paramter -> parameter | |
3091 | - dtucker@cvs.openbsd.org 2006/05/29 12:54:08 | |
3092 | [ssh_config.5] | |
3093 | Add gssapi-with-mic to PreferredAuthentications default list; ok jmc | |
3094 | - dtucker@cvs.openbsd.org 2006/05/29 12:56:33 | |
3095 | [ssh_config] | |
3096 | Add GSSAPIAuthentication and GSSAPIDelegateCredentials to examples in | |
3097 | sample ssh_config. ok markus@ | |
3098 | - jmc@cvs.openbsd.org 2006/05/29 16:10:03 | |
3099 | [ssh_config.5] | |
3100 | oops - previous was too long; split the list of auths up | |
3101 | - mk@cvs.openbsd.org 2006/05/30 11:46:38 | |
3102 | [ssh-add.c] | |
3103 | Sync usage() with man page and reality. | |
3104 | ok deraadt dtucker | |
3105 | - jmc@cvs.openbsd.org 2006/05/29 16:13:23 | |
3106 | [ssh.1] | |
3107 | add GSSAPI to the list of authentication methods supported; | |
3108 | - mk@cvs.openbsd.org 2006/05/30 11:46:38 | |
3109 | [ssh-add.c] | |
3110 | Sync usage() with man page and reality. | |
3111 | ok deraadt dtucker | |
3112 | - markus@cvs.openbsd.org 2006/06/01 09:21:48 | |
3113 | [sshd.c] | |
3114 | call get_remote_ipaddr() early; fixes logging after client disconnects; | |
3115 | report mpf@; ok dtucker@ | |
3116 | - markus@cvs.openbsd.org 2006/06/06 10:20:20 | |
3117 | [readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c] | |
3118 | replace remaining setuid() calls with permanently_set_uid() and | |
3119 | check seteuid() return values; report Marcus Meissner; ok dtucker djm | |
3120 | - markus@cvs.openbsd.org 2006/06/08 14:45:49 | |
3121 | [readpass.c sshconnect.c sshconnect2.c uidswap.c uidswap.h] | |
3122 | do not set the gid, noted by solar; ok djm | |
3123 | - djm@cvs.openbsd.org 2006/06/13 01:18:36 | |
3124 | [ssh-agent.c] | |
3125 | always use a format string, even when printing a constant | |
3126 | - djm@cvs.openbsd.org 2006/06/13 02:17:07 | |
3127 | [ssh-agent.c] | |
3128 | revert; i am on drugs. spotted by alexander AT beard.se | |
3129 | ||
3130 | 20060521 | |
3131 | - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor | |
3132 | and slave, we can remove the special-case handling in the audit hook in | |
3133 | auth_log. | |
3134 | ||
3135 | 20060517 | |
3136 | - (dtucker) [ssh-rand-helper.c] Check return code of mkdir and fix file | |
3137 | pointer leak. From kjhall at us.ibm.com, found by coverity. | |
3138 | ||
3139 | 20060515 | |
3140 | - (dtucker) [openbsd-compat/getrrsetbyname.c] Use _compat_res instead of | |
3141 | _res, prevents problems on some platforms that have _res as a global but | |
3142 | don't have getrrsetbyname(), eg IRIX 5.3. Found and tested by | |
3143 | georg.schwarz at freenet.de, ok djm@. | |
3144 | - (dtucker) [defines.h] Find a value for IOV_MAX or use a conservative | |
3145 | default. Patch originally from tim@, ok djm | |
3146 | - (dtucker) [auth-pam.c] Bug #1188: pass result of do_pam_account back and | |
3147 | do not allow kbdint again after the PAM account check fails. ok djm@ | |
3148 | ||
3149 | 20060506 | |
3150 | - (dtucker) OpenBSD CVS Sync | |
3151 | - dtucker@cvs.openbsd.org 2006/04/25 08:02:27 | |
3152 | [authfile.c authfile.h sshconnect2.c ssh.c sshconnect1.c] | |
3153 | Prevent ssh from trying to open private keys with bad permissions more than | |
3154 | once or prompting for their passphrases (which it subsequently ignores | |
3155 | anyway), similar to a previous change in ssh-add. bz #1186, ok djm@ | |
3156 | - djm@cvs.openbsd.org 2006/05/04 14:55:23 | |
3157 | [dh.c] | |
3158 | tighter DH exponent checks here too; feedback and ok markus@ | |
3159 | - djm@cvs.openbsd.org 2006/04/01 05:37:46 | |
3160 | [OVERVIEW] | |
3161 | $OpenBSD$ in here too | |
3162 | - dtucker@cvs.openbsd.org 2006/05/06 08:35:40 | |
3163 | [auth-krb5.c] | |
3164 | Add $OpenBSD$ in comment here too | |
3165 | ||
3166 | 20060504 | |
3167 | - (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.c | |
3168 | session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c | |
3169 | openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar) | |
3170 | in Portable-only code; since calloc zeros, remove now-redundant memsets. | |
3171 | Also add a couple of sanity checks. With & ok djm@ | |
3172 | ||
3173 | 20060503 | |
3174 | - (dtucker) [packet.c] Remove in_systm.h since it's also in includes.h | |
3175 | and double including it on IRIX 5.3 causes problems. From Georg Schwarz, | |
3176 | "no objections" tim@ | |
3177 | ||
3178 | 20060423 | |
3179 | - (djm) OpenBSD CVS Sync | |
3180 | - deraadt@cvs.openbsd.org 2006/04/01 05:42:20 | |
3181 | [scp.c] | |
3182 | minimal lint cleanup (unused crud, and some size_t); ok djm | |
3183 | - djm@cvs.openbsd.org 2006/04/01 05:50:29 | |
3184 | [scp.c] | |
3185 | xasprintification; ok deraadt@ | |
3186 | - djm@cvs.openbsd.org 2006/04/01 05:51:34 | |
3187 | [atomicio.c] | |
3188 | ANSIfy; requested deraadt@ | |
3189 | - dtucker@cvs.openbsd.org 2006/04/02 08:34:52 | |
3190 | [ssh-keysign.c] | |
3191 | sessionid can be 32 bytes now too when sha256 kex is used; ok djm@ | |
3192 | - djm@cvs.openbsd.org 2006/04/03 07:10:38 | |
3193 | [gss-genr.c] | |
3194 | GSSAPI buffers shouldn't be nul-terminated, spotted in bugzilla #1066 | |
3195 | by dleonard AT vintela.com. use xasprintf() to simplify code while in | |
3196 | there; "looks right" deraadt@ | |
3197 | - djm@cvs.openbsd.org 2006/04/16 00:48:52 | |
3198 | [buffer.c buffer.h channels.c] | |
3199 | Fix condition where we could exit with a fatal error when an input | |
3200 | buffer became too large and the remote end had advertised a big window. | |
3201 | The problem was a mismatch in the backoff math between the channels code | |
3202 | and the buffer code, so make a buffer_check_alloc() function that the | |
3203 | channels code can use to propsectivly check whether an incremental | |
3204 | allocation will succeed. bz #1131, debugged with the assistance of | |
3205 | cove AT wildpackets.com; ok dtucker@ deraadt@ | |
3206 | - djm@cvs.openbsd.org 2006/04/16 00:52:55 | |
3207 | [atomicio.c atomicio.h] | |
3208 | introduce atomiciov() function that wraps readv/writev to retry | |
3209 | interrupted transfers like atomicio() does for read/write; | |
3210 | feedback deraadt@ dtucker@ stevesk@ ok deraadt@ | |
3211 | - djm@cvs.openbsd.org 2006/04/16 00:54:10 | |
3212 | [sftp-client.c] | |
3213 | avoid making a tiny 4-byte write to send the packet length of sftp | |
3214 | commands, which would result in a separate tiny packet on the wire by | |
3215 | using atomiciov(writev, ...) to write the length and the command in one | |
3216 | pass; ok deraadt@ | |
3217 | - djm@cvs.openbsd.org 2006/04/16 07:59:00 | |
3218 | [atomicio.c] | |
3219 | reorder sanity test so that it cannot dereference past the end of the | |
3220 | iov array; well spotted canacar@! | |
3221 | - dtucker@cvs.openbsd.org 2006/04/18 10:44:28 | |
3222 | [bufaux.c bufbn.c Makefile.in] | |
3223 | Move Buffer bignum functions into their own file, bufbn.c. This means | |
3224 | that sftp and sftp-server (which use the Buffer functions in bufaux.c | |
3225 | but not the bignum ones) no longer need to be linked with libcrypto. | |
3226 | ok markus@ | |
3227 | - djm@cvs.openbsd.org 2006/04/20 09:27:09 | |
3228 | [auth.h clientloop.c dispatch.c dispatch.h kex.h] | |
3229 | replace the last non-sig_atomic_t flag used in a signal handler with a | |
3230 | sig_atomic_t, unfortunately with some knock-on effects in other (non- | |
3231 | signal) contexts in which it is used; ok markus@ | |
3232 | - markus@cvs.openbsd.org 2006/04/20 09:47:59 | |
3233 | [sshconnect.c] | |
3234 | simplify; ok djm@ | |
3235 | - djm@cvs.openbsd.org 2006/04/20 21:53:44 | |
3236 | [includes.h session.c sftp.c] | |
3237 | Switch from using pipes to socketpairs for communication between | |
3238 | sftp/scp and ssh, and between sshd and its subprocesses. This saves | |
3239 | a file descriptor per session and apparently makes userland ppp over | |
3240 | ssh work; ok markus@ deraadt@ (ID Sync only - portable makes this | |
3241 | decision on a per-platform basis) | |
3242 | - djm@cvs.openbsd.org 2006/04/22 04:06:51 | |
3243 | [uidswap.c] | |
3244 | use setres[ug]id() to permanently revoke privileges; ok deraadt@ | |
3245 | (ID Sync only - portable already uses setres[ug]id() whenever possible) | |
3246 | - stevesk@cvs.openbsd.org 2006/04/22 18:29:33 | |
3247 | [crc32.c] | |
3248 | remove extra spaces | |
3249 | - (djm) [auth.h dispatch.h kex.h] sprinkle in signal.h to get | |
3250 | sig_atomic_t | |
3251 | ||
3252 | 20060421 | |
3253 | - (djm) [Makefile.in configure.ac session.c sshpty.c] | |
3254 | [contrib/redhat/sshd.init openbsd-compat/Makefile.in] | |
3255 | [openbsd-compat/openbsd-compat.h openbsd-compat/port-linux.c] | |
3256 | [openbsd-compat/port-linux.h] Add support for SELinux, setting | |
3257 | the execution and TTY contexts. based on patch from Daniel Walsh, | |
3258 | bz #880; ok dtucker@ | |
3259 | ||
3260 | 20060418 | |
3261 | - (djm) [canohost.c] Reorder IP options check so that it isn't broken | |
3262 | by mapped addresses; bz #1179 reported by markw wtech-llc.com; | |
3263 | ok dtucker@ | |
3264 | ||
3265 | 20060331 | |
3266 | - OpenBSD CVS Sync | |
3267 | - deraadt@cvs.openbsd.org 2006/03/27 01:21:18 | |
3268 | [xmalloc.c] | |
3269 | we can do the size & nmemb check before the integer overflow check; | |
3270 | evol | |
3271 | - deraadt@cvs.openbsd.org 2006/03/27 13:03:54 | |
3272 | [dh.c] | |
3273 | use strtonum() instead of atoi(), limit dhg size to 64k; ok djm | |
3274 | - djm@cvs.openbsd.org 2006/03/27 23:15:46 | |
3275 | [sftp.c] | |
3276 | always use a format string for addargs; spotted by mouring@ | |
3277 | - deraadt@cvs.openbsd.org 2006/03/28 00:12:31 | |
3278 | [README.tun ssh.c] | |
3279 | spacing | |
3280 | - deraadt@cvs.openbsd.org 2006/03/28 01:52:28 | |
3281 | [channels.c] | |
3282 | do not accept unreasonable X ports numbers; ok djm | |
3283 | - deraadt@cvs.openbsd.org 2006/03/28 01:53:43 | |
3284 | [ssh-agent.c] | |
3285 | use strtonum() to parse the pid from the file, and range check it | |
3286 | better; ok djm | |
3287 | - djm@cvs.openbsd.org 2006/03/30 09:41:25 | |
3288 | [channels.c] | |
3289 | ARGSUSED for dispatch table-driven functions | |
3290 | - djm@cvs.openbsd.org 2006/03/30 09:58:16 | |
3291 | [authfd.c bufaux.c deattack.c gss-serv.c mac.c misc.c misc.h] | |
3292 | [monitor_wrap.c msg.c packet.c sftp-client.c sftp-server.c ssh-agent.c] | |
3293 | replace {GET,PUT}_XXBIT macros with functionally similar functions, | |
3294 | silencing a heap of lint warnings. also allows them to use | |
3295 | __bounded__ checking which can't be applied to macros; requested | |
3296 | by and feedback from deraadt@ | |
3297 | - djm@cvs.openbsd.org 2006/03/30 10:41:25 | |
3298 | [ssh.c ssh_config.5] | |
3299 | add percent escape chars to the IdentityFile option, bz #1159 based | |
3300 | on a patch by imaging AT math.ualberta.ca; feedback and ok dtucker@ | |
3301 | - dtucker@cvs.openbsd.org 2006/03/30 11:05:17 | |
3302 | [ssh-keygen.c] | |
3303 | Correctly handle truncated files while converting keys; ok djm@ | |
3304 | - dtucker@cvs.openbsd.org 2006/03/30 11:40:21 | |
3305 | [auth.c monitor.c] | |
3306 | Prevent duplicate log messages when privsep=yes; ok djm@ | |
3307 | - jmc@cvs.openbsd.org 2006/03/31 09:09:30 | |
3308 | [ssh_config.5] | |
3309 | kill trailing whitespace; | |
3310 | - djm@cvs.openbsd.org 2006/03/31 09:13:56 | |
3311 | [ssh_config.5] | |
3312 | remote user escape is %r not %h; spotted by jmc@ | |
3313 | ||
3314 | 20060326 | |
3315 | - OpenBSD CVS Sync | |
3316 | - jakob@cvs.openbsd.org 2006/03/15 08:46:44 | |
3317 | [ssh-keygen.c] | |
3318 | if no key file are given when printing the DNS host record, use the | |
3319 | host key file(s) as default. ok djm@ | |
3320 | - biorn@cvs.openbsd.org 2006/03/16 10:31:45 | |
3321 | [scp.c] | |
3322 | Try to display errormessage even if remout == -1 | |
3323 | ok djm@, markus@ | |
3324 | - djm@cvs.openbsd.org 2006/03/17 22:31:50 | |
3325 | [authfd.c] | |
3326 | another unreachable found by lint | |
3327 | - djm@cvs.openbsd.org 2006/03/17 22:31:11 | |
3328 | [authfd.c] | |
3329 | unreachanble statement, found by lint | |
3330 | - djm@cvs.openbsd.org 2006/03/19 02:22:32 | |
3331 | [serverloop.c] | |
3332 | memory leaks detected by Coverity via elad AT netbsd.org; | |
3333 | ok deraadt@ dtucker@ | |
3334 | - djm@cvs.openbsd.org 2006/03/19 02:22:56 | |
3335 | [sftp.c] | |
3336 | more memory leaks detected by Coverity via elad AT netbsd.org; | |
3337 | deraadt@ ok | |
3338 | - djm@cvs.openbsd.org 2006/03/19 02:23:26 | |
3339 | [hostfile.c] | |
3340 | FILE* leak detected by Coverity via elad AT netbsd.org; | |
3341 | ok deraadt@ | |
3342 | - djm@cvs.openbsd.org 2006/03/19 02:24:05 | |
3343 | [dh.c readconf.c servconf.c] | |
3344 | potential NULL pointer dereferences detected by Coverity | |
3345 | via elad AT netbsd.org; ok deraadt@ | |
3346 | - djm@cvs.openbsd.org 2006/03/19 07:41:30 | |
3347 | [sshconnect2.c] | |
3348 | memory leaks detected by Coverity via elad AT netbsd.org; | |
3349 | deraadt@ ok | |
3350 | - dtucker@cvs.openbsd.org 2006/03/19 11:51:52 | |
3351 | [servconf.c] | |
3352 | Correct strdelim null test; ok djm@ | |
3353 | - deraadt@cvs.openbsd.org 2006/03/19 18:52:11 | |
3354 | [auth1.c authfd.c channels.c] | |
3355 | spacing | |
3356 | - deraadt@cvs.openbsd.org 2006/03/19 18:53:12 | |
3357 | [kex.c kex.h monitor.c myproposal.h session.c] | |
3358 | spacing | |
3359 | - deraadt@cvs.openbsd.org 2006/03/19 18:56:41 | |
3360 | [clientloop.c progressmeter.c serverloop.c sshd.c] | |
3361 | ARGSUSED for signal handlers | |
3362 | - deraadt@cvs.openbsd.org 2006/03/19 18:59:49 | |
3363 | [ssh-keyscan.c] | |
3364 | please lint | |
3365 | - deraadt@cvs.openbsd.org 2006/03/19 18:59:30 | |
3366 | [ssh.c] | |
3367 | spacing | |
3368 | - deraadt@cvs.openbsd.org 2006/03/19 18:59:09 | |
3369 | [authfile.c] | |
3370 | whoever thought that break after return was a good idea needs to | |
3371 | get their head examimed | |
3372 | - djm@cvs.openbsd.org 2006/03/20 04:09:44 | |
3373 | [monitor.c] | |
3374 | memory leaks detected by Coverity via elad AT netbsd.org; | |
3375 | deraadt@ ok | |
3376 | that should be all of them now | |
3377 | - djm@cvs.openbsd.org 2006/03/20 11:38:46 | |
3378 | [key.c] | |
3379 | (really) last of the Coverity diffs: avoid possible NULL deref in | |
3380 | key_free. via elad AT netbsd.org; markus@ ok | |
3381 | - deraadt@cvs.openbsd.org 2006/03/20 17:10:19 | |
3382 | [auth.c key.c misc.c packet.c ssh-add.c] | |
3383 | in a switch (), break after return or goto is stupid | |
3384 | - deraadt@cvs.openbsd.org 2006/03/20 17:13:16 | |
3385 | [key.c] | |
3386 | djm did a typo | |
3387 | - deraadt@cvs.openbsd.org 2006/03/20 17:17:23 | |
3388 | [ssh-rsa.c] | |
3389 | in a switch (), break after return or goto is stupid | |
3390 | - deraadt@cvs.openbsd.org 2006/03/20 18:14:02 | |
3391 | [channels.c clientloop.c monitor_wrap.c monitor_wrap.h serverloop.c] | |
3392 | [ssh.c sshpty.c sshpty.h] | |
3393 | sprinkle u_int throughout pty subsystem, ok markus | |
3394 | - deraadt@cvs.openbsd.org 2006/03/20 18:17:20 | |
3395 | [auth1.c auth2.c sshd.c] | |
3396 | sprinkle some ARGSUSED for table driven functions (which sometimes | |
3397 | must ignore their args) | |
3398 | - deraadt@cvs.openbsd.org 2006/03/20 18:26:55 | |
3399 | [channels.c monitor.c session.c session.h ssh-agent.c ssh-keygen.c] | |
3400 | [ssh-rsa.c ssh.c sshlogin.c] | |
3401 | annoying spacing fixes getting in the way of real diffs | |
3402 | - deraadt@cvs.openbsd.org 2006/03/20 18:27:50 | |
3403 | [monitor.c] | |
3404 | spacing | |
3405 | - deraadt@cvs.openbsd.org 2006/03/20 18:35:12 | |
3406 | [channels.c] | |
3407 | x11_fake_data is only ever used as u_char * | |
3408 | - deraadt@cvs.openbsd.org 2006/03/20 18:41:43 | |
3409 | [dns.c] | |
3410 | cast xstrdup to propert u_char * | |
3411 | - deraadt@cvs.openbsd.org 2006/03/20 18:42:27 | |
3412 | [canohost.c match.c ssh.c sshconnect.c] | |
3413 | be strict with tolower() casting | |
3414 | - deraadt@cvs.openbsd.org 2006/03/20 18:48:34 | |
3415 | [channels.c fatal.c kex.c packet.c serverloop.c] | |
3416 | spacing | |
3417 | - deraadt@cvs.openbsd.org 2006/03/20 21:11:53 | |
3418 | [ttymodes.c] | |
3419 | spacing | |
3420 | - djm@cvs.openbsd.org 2006/03/25 00:05:41 | |
3421 | [auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c] | |
3422 | [clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c] | |
3423 | [monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c] | |
3424 | [ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c] | |
3425 | [xmalloc.c xmalloc.h] | |
3426 | introduce xcalloc() and xasprintf() failure-checked allocations | |
3427 | functions and use them throughout openssh | |
3428 | ||
3429 | xcalloc is particularly important because malloc(nmemb * size) is a | |
3430 | dangerous idiom (subject to integer overflow) and it is time for it | |
3431 | to die | |
3432 | ||
3433 | feedback and ok deraadt@ | |
3434 | - djm@cvs.openbsd.org 2006/03/25 01:13:23 | |
3435 | [buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c] | |
3436 | [sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c] | |
3437 | [uidswap.c] | |
3438 | change OpenSSH's xrealloc() function from being xrealloc(p, new_size) | |
3439 | to xrealloc(p, new_nmemb, new_itemsize). | |
3440 | ||
3441 | realloc is particularly prone to integer overflows because it is | |
3442 | almost always allocating "n * size" bytes, so this is a far safer | |
3443 | API; ok deraadt@ | |
3444 | - djm@cvs.openbsd.org 2006/03/25 01:30:23 | |
3445 | [sftp.c] | |
3446 | "abormally" is a perfectly cromulent word, but "abnormally" is better | |
3447 | - djm@cvs.openbsd.org 2006/03/25 13:17:03 | |
3448 | [atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c] | |
3449 | [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c] | |
3450 | [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] | |
3451 | [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c] | |
3452 | [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c] | |
3453 | [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c] | |
3454 | [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c] | |
3455 | [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c] | |
3456 | [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c] | |
3457 | [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c] | |
3458 | [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c] | |
3459 | [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c] | |
3460 | [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] | |
3461 | [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] | |
3462 | [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] | |
3463 | [uidswap.c uuencode.c xmalloc.c] | |
3464 | Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that | |
3465 | Theo nuked - our scripts to sync -portable need them in the files | |
3466 | - deraadt@cvs.openbsd.org 2006/03/25 18:29:35 | |
3467 | [auth-rsa.c authfd.c packet.c] | |
3468 | needed casts (always will be needed) | |
3469 | - deraadt@cvs.openbsd.org 2006/03/25 18:30:55 | |
3470 | [clientloop.c serverloop.c] | |
3471 | spacing | |
3472 | - deraadt@cvs.openbsd.org 2006/03/25 18:36:15 | |
3473 | [sshlogin.c sshlogin.h] | |
3474 | nicer size_t and time_t types | |
3475 | - deraadt@cvs.openbsd.org 2006/03/25 18:40:14 | |
3476 | [ssh-keygen.c] | |
3477 | cast strtonum() result to right type | |
3478 | - deraadt@cvs.openbsd.org 2006/03/25 18:41:45 | |
3479 | [ssh-agent.c] | |
3480 | mark two more signal handlers ARGSUSED | |
3481 | - deraadt@cvs.openbsd.org 2006/03/25 18:43:30 | |
3482 | [channels.c] | |
3483 | use strtonum() instead of atoi() [limit X screens to 400, sorry] | |
3484 | - deraadt@cvs.openbsd.org 2006/03/25 18:56:55 | |
3485 | [bufaux.c channels.c packet.c] | |
3486 | remove (char *) casts to a function that accepts void * for the arg | |
3487 | - deraadt@cvs.openbsd.org 2006/03/25 18:58:10 | |
3488 | [channels.c] | |
3489 | delete cast not required | |
3490 | - djm@cvs.openbsd.org 2006/03/25 22:22:43 | |
3491 | [atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h] | |
3492 | [bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h] | |
3493 | [compat.h compress.h crc32.c crc32.h deattack.h dh.h dispatch.h] | |
3494 | [dns.c dns.h getput.h groupaccess.h gss-genr.c gss-serv-krb5.c] | |
3495 | [gss-serv.c hostfile.h includes.h kex.h key.h log.h mac.h match.h] | |
3496 | [misc.h monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h msg.h] | |
3497 | [myproposal.h packet.h pathnames.h progressmeter.h readconf.h rsa.h] | |
3498 | [scard.h servconf.h serverloop.h session.h sftp-common.h sftp.h] | |
3499 | [ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h] | |
3500 | [ttymodes.h uidswap.h uuencode.h xmalloc.h] | |
3501 | standardise spacing in $OpenBSD$ tags; requested by deraadt@ | |
3502 | - deraadt@cvs.openbsd.org 2006/03/26 01:31:48 | |
3503 | [uuencode.c] | |
3504 | typo | |
3505 | ||
3506 | 20060325 | |
3507 | - OpenBSD CVS Sync | |
3508 | - djm@cvs.openbsd.org 2006/03/16 04:24:42 | |
3509 | [ssh.1] | |
3510 | Add RFC4419 (Diffie-Hellman group exchange KEX) to the list of SSH RFCs | |
3511 | that OpenSSH supports | |
3512 | - deraadt@cvs.openbsd.org 2006/03/19 18:51:18 | |
3513 | [atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c] | |
3514 | [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c] | |
3515 | [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c] | |
3516 | [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c] | |
3517 | [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c] | |
3518 | [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c] | |
3519 | [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] | |
3520 | [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c] | |
3521 | [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c] | |
3522 | [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c] | |
3523 | [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c] | |
3524 | [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c] | |
3525 | [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c] | |
3526 | [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c] | |
3527 | [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c] | |
3528 | [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] | |
3529 | [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] | |
3530 | [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] | |
3531 | [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c] | |
3532 | [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c] | |
3533 | [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c] | |
3534 | [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c] | |
3535 | [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c] | |
3536 | RCSID() can die | |
3537 | - deraadt@cvs.openbsd.org 2006/03/19 18:53:12 | |
3538 | [kex.h myproposal.h] | |
3539 | spacing | |
3540 | - djm@cvs.openbsd.org 2006/03/20 04:07:22 | |
3541 | [auth2-gss.c] | |
3542 | GSSAPI related leaks detected by Coverity via elad AT netbsd.org; | |
3543 | reviewed by simon AT sxw.org.uk; deraadt@ ok | |
3544 | - djm@cvs.openbsd.org 2006/03/20 04:07:49 | |
3545 | [gss-genr.c] | |
3546 | more GSSAPI related leaks detected by Coverity via elad AT netbsd.org; | |
3547 | reviewed by simon AT sxw.org.uk; deraadt@ ok | |
3548 | - djm@cvs.openbsd.org 2006/03/20 04:08:18 | |
3549 | [gss-serv.c] | |
3550 | last lot of GSSAPI related leaks detected by Coverity via | |
3551 | elad AT netbsd.org; reviewed by simon AT sxw.org.uk; deraadt@ ok | |
3552 | - deraadt@cvs.openbsd.org 2006/03/20 18:14:02 | |
3553 | [monitor_wrap.h sshpty.h] | |
3554 | sprinkle u_int throughout pty subsystem, ok markus | |
3555 | - deraadt@cvs.openbsd.org 2006/03/20 18:26:55 | |
3556 | [session.h] | |
3557 | annoying spacing fixes getting in the way of real diffs | |
3558 | - deraadt@cvs.openbsd.org 2006/03/20 18:41:43 | |
3559 | [dns.c] | |
3560 | cast xstrdup to propert u_char * | |
3561 | - jakob@cvs.openbsd.org 2006/03/22 21:16:24 | |
3562 | [ssh.1] | |
3563 | simplify SSHFP example; ok jmc@ | |
3564 | - djm@cvs.openbsd.org 2006/03/22 21:27:15 | |
3565 | [deattack.c deattack.h] | |
3566 | remove IV support from the CRC attack detector, OpenSSH has never used | |
3567 | it - it only applied to IDEA-CFB, which we don't support. | |
3568 | prompted by NetBSD Coverity report via elad AT netbsd.org; | |
3569 | feedback markus@ "nuke it" deraadt@ | |
3570 | ||
3571 | 20060318 | |
3572 | - (djm) [auth-pam.c] Fix memleak in error path, from Coverity via | |
3573 | elad AT NetBSD.org | |
3574 | - (dtucker) [openbsd-compat/bsd-snprintf.c] Bug #1173: make fmtint() take | |
3575 | a LLONG rather than a long. Fixes scp'ing of large files on platforms | |
3576 | with missing/broken snprintfs. Patch from e.borovac at bom.gov.au. | |
3577 | ||
3578 | 20060316 | |
3579 | - (dtucker) [entropy.c] Add headers for WIFEXITED and friends. | |
3580 | - (dtucker) [configure.ac md-sha256.c] NetBSD has sha2.h in | |
3581 | /usr/include/crypto. Hint from djm@. | |
3582 | - (tim) [kex.c myproposal.h md-sha256.c openbsd-compat/sha2.c,h] | |
3583 | Disable sha256 when openssl < 0.9.7. Patch from djm@. | |
3584 | - (djm) [kex.c] Slightly more clean deactivation of dhgex-sha256 on old | |
3585 | OpenSSL; ok tim | |
3586 | ||
3587 | 20060315 | |
3588 | - (djm) OpenBSD CVS Sync: | |
3589 | - msf@cvs.openbsd.org 2006/02/06 15:54:07 | |
3590 | [ssh.1] | |
3591 | - typo fix | |
3592 | ok jmc@ | |
3593 | - jmc@cvs.openbsd.org 2006/02/06 21:44:47 | |
3594 | [ssh.1] | |
3595 | make this a little less ambiguous... | |
3596 | - stevesk@cvs.openbsd.org 2006/02/07 01:08:04 | |
3597 | [auth-rhosts.c includes.h] | |
3598 | move #include <netgroup.h> out of includes.h; ok markus@ | |
3599 | - stevesk@cvs.openbsd.org 2006/02/07 01:18:09 | |
3600 | [includes.h ssh-agent.c ssh-keyscan.c sshconnect2.c] | |
3601 | move #include <sys/queue.h> out of includes.h; ok markus@ | |
3602 | - stevesk@cvs.openbsd.org 2006/02/07 01:42:00 | |
3603 | [channels.c clientloop.c clientloop.h includes.h packet.h] | |
3604 | [serverloop.c sshpty.c sshpty.h sshtty.c ttymodes.c] | |
3605 | move #include <termios.h> out of includes.h; ok markus@ | |
3606 | - stevesk@cvs.openbsd.org 2006/02/07 01:52:50 | |
3607 | [sshtty.c] | |
3608 | "log.h" not needed | |
3609 | - stevesk@cvs.openbsd.org 2006/02/07 03:47:05 | |
3610 | [hostfile.c] | |
3611 | "packet.h" not needed | |
3612 | - stevesk@cvs.openbsd.org 2006/02/07 03:59:20 | |
3613 | [deattack.c] | |
3614 | duplicate #include | |
3615 | - stevesk@cvs.openbsd.org 2006/02/08 12:15:27 | |
3616 | [auth.c clientloop.c includes.h misc.c monitor.c readpass.c] | |
3617 | [session.c sftp.c ssh-agent.c ssh-keysign.c ssh.c sshconnect.c] | |
3618 | [sshd.c sshpty.c] | |
3619 | move #include <paths.h> out of includes.h; ok markus@ | |
3620 | - stevesk@cvs.openbsd.org 2006/02/08 12:32:49 | |
3621 | [includes.h misc.c] | |
3622 | move #include <netinet/tcp.h> out of includes.h; ok markus@ | |
3623 | - stevesk@cvs.openbsd.org 2006/02/08 13:15:44 | |
3624 | [gss-serv.c monitor.c] | |
3625 | small KNF | |
3626 | - stevesk@cvs.openbsd.org 2006/02/08 14:16:59 | |
3627 | [sshconnect.c] | |
3628 | <openssl/bn.h> not needed | |
3629 | - stevesk@cvs.openbsd.org 2006/02/08 14:31:30 | |
3630 | [includes.h ssh-agent.c ssh-keyscan.c ssh.c] | |
3631 | move #include <sys/resource.h> out of includes.h; ok markus@ | |
3632 | - stevesk@cvs.openbsd.org 2006/02/08 14:38:18 | |
3633 | [includes.h packet.c] | |
3634 | move #include <netinet/in_systm.h> and <netinet/ip.h> out of | |
3635 | includes.h; ok markus@ | |
3636 | - stevesk@cvs.openbsd.org 2006/02/08 23:51:24 | |
3637 | [includes.h scp.c sftp-glob.c sftp-server.c] | |
3638 | move #include <dirent.h> out of includes.h; ok markus@ | |
3639 | - stevesk@cvs.openbsd.org 2006/02/09 00:32:07 | |
3640 | [includes.h] | |
3641 | #include <sys/endian.h> not needed; ok djm@ | |
3642 | NB. ID Sync only - we still need this (but it may move later) | |
3643 | - jmc@cvs.openbsd.org 2006/02/09 10:10:47 | |
3644 | [sshd.8] | |
3645 | - move some text into a CAVEATS section | |
3646 | - merge the COMMAND EXECUTION... section into AUTHENTICATION | |
3647 | - stevesk@cvs.openbsd.org 2006/02/10 00:27:13 | |
3648 | [channels.c clientloop.c includes.h misc.c progressmeter.c sftp.c] | |
3649 | [ssh.c sshd.c sshpty.c] | |
3650 | move #include <sys/ioctl.h> out of includes.h; ok markus@ | |
3651 | - stevesk@cvs.openbsd.org 2006/02/10 01:44:27 | |
3652 | [includes.h monitor.c readpass.c scp.c serverloop.c session.c\7f] | |
3653 | [sftp.c sshconnect.c sshconnect2.c sshd.c] | |
3654 | move #include <sys/wait.h> out of includes.h; ok markus@ | |
3655 | - otto@cvs.openbsd.org 2006/02/11 19:31:18 | |
3656 | [atomicio.c] | |
3657 | type correctness; from Ray Lai in PR 5011; ok millert@ | |
3658 | - djm@cvs.openbsd.org 2006/02/12 06:45:34 | |
3659 | [ssh.c ssh_config.5] | |
3660 | add a %l expansion code to the ControlPath, which is filled in with the | |
3661 | local hostname at runtime. Requested by henning@ to avoid some problems | |
3662 | with /home on NFS; ok dtucker@ | |
3663 | - djm@cvs.openbsd.org 2006/02/12 10:44:18 | |
3664 | [readconf.c] | |
3665 | raise error when the user specifies a RekeyLimit that is smaller than 16 | |
3666 | (the smallest of our cipher's blocksize) or big enough to cause integer | |
3667 | wraparound; ok & feedback dtucker@ | |
3668 | - jmc@cvs.openbsd.org 2006/02/12 10:49:44 | |
3669 | [ssh_config.5] | |
3670 | slight rewording; ok djm | |
3671 | - jmc@cvs.openbsd.org 2006/02/12 10:52:41 | |
3672 | [sshd.8] | |
3673 | rework the description of authorized_keys a little; | |
3674 | - jmc@cvs.openbsd.org 2006/02/12 17:57:19 | |
3675 | [sshd.8] | |
3676 | sort the list of options permissable w/ authorized_keys; | |
3677 | ok djm dtucker | |
3678 | - jmc@cvs.openbsd.org 2006/02/13 10:16:39 | |
3679 | [sshd.8] | |
3680 | no need to subsection the authorized_keys examples - instead, convert | |
3681 | this to look like an actual file. also use proto 2 keys, and use IETF | |
3682 | example addresses; | |
3683 | - jmc@cvs.openbsd.org 2006/02/13 10:21:25 | |
3684 | [sshd.8] | |
3685 | small tweaks for the ssh_known_hosts section; | |
3686 | - jmc@cvs.openbsd.org 2006/02/13 11:02:26 | |
3687 | [sshd.8] | |
3688 | turn this into an example ssh_known_hosts file; ok djm | |
3689 | - jmc@cvs.openbsd.org 2006/02/13 11:08:43 | |
3690 | [sshd.8] | |
3691 | - avoid nasty line split | |
3692 | - `*' does not need to be escaped | |
3693 | - jmc@cvs.openbsd.org 2006/02/13 11:27:25 | |
3694 | [sshd.8] | |
3695 | sort FILES and use a -compact list; | |
3696 | - david@cvs.openbsd.org 2006/02/15 05:08:24 | |
3697 | [sftp-client.c] | |
3698 | typo in comment; ok djm@ | |
3699 | - jmc@cvs.openbsd.org 2006/02/15 16:53:20 | |
3700 | [ssh.1] | |
3701 | remove the IETF draft references and replace them with some updated RFCs; | |
3702 | - jmc@cvs.openbsd.org 2006/02/15 16:55:33 | |
3703 | [sshd.8] | |
3704 | remove ietf draft references; RFC list now maintained in ssh.1; | |
3705 | - jmc@cvs.openbsd.org 2006/02/16 09:05:34 | |
3706 | [sshd.8] | |
3707 | sync some of the FILES entries w/ ssh.1; | |
3708 | - jmc@cvs.openbsd.org 2006/02/19 19:52:10 | |
3709 | [sshd.8] | |
3710 | move the sshrc stuff out of FILES, and into its own section: | |
3711 | FILES is not a good place to document how stuff works; | |
3712 | - jmc@cvs.openbsd.org 2006/02/19 20:02:17 | |
3713 | [sshd.8] | |
3714 | sync the (s)hosts.equiv FILES entries w/ those from ssh.1; | |
3715 | - jmc@cvs.openbsd.org 2006/02/19 20:05:00 | |
3716 | [sshd.8] | |
3717 | grammar; | |
3718 | - jmc@cvs.openbsd.org 2006/02/19 20:12:25 | |
3719 | [ssh_config.5] | |
3720 | add some vertical space; | |
3721 | - stevesk@cvs.openbsd.org 2006/02/20 16:36:15 | |
3722 | [authfd.c channels.c includes.h session.c ssh-agent.c ssh.c] | |
3723 | move #include <sys/un.h> out of includes.h; ok djm@ | |
3724 | - stevesk@cvs.openbsd.org 2006/02/20 17:02:44 | |
3725 | [clientloop.c includes.h monitor.c progressmeter.c scp.c] | |
3726 | [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c] | |
3727 | move #include <signal.h> out of includes.h; ok markus@ | |
3728 | - stevesk@cvs.openbsd.org 2006/02/20 17:19:54 | |
3729 | [auth-rhosts.c auth-rsa.c auth.c auth2-none.c auth2-pubkey.c] | |
3730 | [authfile.c clientloop.c includes.h readconf.c scp.c session.c] | |
3731 | [sftp-client.c sftp-common.c sftp-common.h sftp-glob.c] | |
3732 | [sftp-server.c sftp.c ssh-add.c ssh-keygen.c ssh.c sshconnect.c] | |
3733 | [sshconnect2.c sshd.c sshpty.c] | |
3734 | move #include <sys/stat.h> out of includes.h; ok markus@ | |
3735 | - stevesk@cvs.openbsd.org 2006/02/22 00:04:45 | |
3736 | [canohost.c clientloop.c includes.h match.c readconf.c scp.c ssh.c] | |
3737 | [sshconnect.c] | |
3738 | move #include <ctype.h> out of includes.h; ok djm@ | |
3739 | - jmc@cvs.openbsd.org 2006/02/24 10:25:14 | |
3740 | [ssh_config.5] | |
3741 | add section on patterns; | |
3742 | from dtucker + myself | |
3743 | - jmc@cvs.openbsd.org 2006/02/24 10:33:54 | |
3744 | [sshd_config.5] | |
3745 | signpost to PATTERNS; | |
3746 | - jmc@cvs.openbsd.org 2006/02/24 10:37:07 | |
3747 | [ssh_config.5] | |
3748 | tidy up the refs to PATTERNS; | |
3749 | - jmc@cvs.openbsd.org 2006/02/24 10:39:52 | |
3750 | [sshd.8] | |
3751 | signpost to PATTERNS section; | |
3752 | - jmc@cvs.openbsd.org 2006/02/24 20:22:16 | |
3753 | [ssh-keysign.8 ssh_config.5 sshd_config.5] | |
3754 | some consistency fixes; | |
3755 | - jmc@cvs.openbsd.org 2006/02/24 20:31:31 | |
3756 | [ssh.1 ssh_config.5 sshd.8 sshd_config.5] | |
3757 | more consistency fixes; | |
3758 | - jmc@cvs.openbsd.org 2006/02/24 23:20:07 | |
3759 | [ssh_config.5] | |
3760 | some grammar/wording fixes; | |
3761 | - jmc@cvs.openbsd.org 2006/02/24 23:43:57 | |
3762 | [sshd_config.5] | |
3763 | some grammar/wording fixes; | |
3764 | - jmc@cvs.openbsd.org 2006/02/24 23:51:17 | |
3765 | [sshd_config.5] | |
3766 | oops - bits i missed; | |
3767 | - jmc@cvs.openbsd.org 2006/02/25 12:26:17 | |
3768 | [ssh_config.5] | |
3769 | document the possible values for KbdInteractiveDevices; | |
3770 | help/ok dtucker | |
3771 | - jmc@cvs.openbsd.org 2006/02/25 12:28:34 | |
3772 | [sshd_config.5] | |
3773 | document the order in which allow/deny directives are processed; | |
3774 | help/ok dtucker | |
3775 | - jmc@cvs.openbsd.org 2006/02/26 17:17:18 | |
3776 | [ssh_config.5] | |
3777 | move PATTERNS to the end of the main body; requested by dtucker | |
3778 | - jmc@cvs.openbsd.org 2006/02/26 18:01:13 | |
3779 | [sshd_config.5] | |
3780 | subsection is pointless here; | |
3781 | - jmc@cvs.openbsd.org 2006/02/26 18:03:10 | |
3782 | [ssh_config.5] | |
3783 | comma; | |
3784 | - djm@cvs.openbsd.org 2006/02/28 01:10:21 | |
3785 | [session.c] | |
3786 | fix logout recording when privilege separation is disabled, analysis and | |
3787 | patch from vinschen at redhat.com; tested by dtucker@ ok deraadt@ | |
3788 | NB. ID sync only - patch already in portable | |
3789 | - djm@cvs.openbsd.org 2006/03/04 04:12:58 | |
3790 | [serverloop.c] | |
3791 | move a debug() outside of a signal handler; ok markus@ a little while back | |
3792 | - djm@cvs.openbsd.org 2006/03/12 04:23:07 | |
3793 | [ssh.c] | |
3794 | knf nit | |
3795 | - djm@cvs.openbsd.org 2006/03/13 08:16:00 | |
3796 | [sshd.c] | |
3797 | don't log that we are listening on a socket before the listen() call | |
3798 | actually succeeds, bz #1162 reported by Senthil Kumar; ok dtucker@ | |
3799 | - dtucker@cvs.openbsd.org 2006/03/13 08:33:00 | |
3800 | [packet.c] | |
3801 | Set TCP_NODELAY for all connections not just "interactive" ones. Fixes | |
3802 | poor performance and protocol stalls under some network conditions (mindrot | |
3803 | bugs #556 and #981). Patch originally from markus@, ok djm@ | |
3804 | - dtucker@cvs.openbsd.org 2006/03/13 08:43:16 | |
3805 | [ssh-keygen.c] | |
3806 | Make ssh-keygen handle CR and CRLF line termination when converting IETF | |
3807 | format keys, in adition to vanilla LF. mindrot #1157, tested by Chris | |
3808 | Pepper, ok djm@ | |
3809 | - dtucker@cvs.openbsd.org 2006/03/13 10:14:29 | |
3810 | [misc.c ssh_config.5 sshd_config.5] | |
3811 | Allow config directives to contain whitespace by surrounding them by double | |
3812 | quotes. mindrot #482, man page help from jmc@, ok djm@ | |
3813 | - dtucker@cvs.openbsd.org 2006/03/13 10:26:52 | |
3814 | [authfile.c authfile.h ssh-add.c] | |
3815 | Make ssh-add check file permissions before attempting to load private | |
3816 | key files multiple times; it will fail anyway and this prevents confusing | |
3817 | multiple prompts and warnings. mindrot #1138, ok djm@ | |
3818 | - djm@cvs.openbsd.org 2006/03/14 00:15:39 | |
3819 | [canohost.c] | |
3820 | log the originating address and not just the name when a reverse | |
3821 | mapping check fails, requested by linux AT linuon.com | |
3822 | - markus@cvs.openbsd.org 2006/03/14 16:32:48 | |
3823 | [ssh_config.5 sshd_config.5] | |
3824 | *AliveCountMax applies to protcol v2 only; ok dtucker, djm | |
3825 | - djm@cvs.openbsd.org 2006/03/07 09:07:40 | |
3826 | [kex.c kex.h monitor.c myproposal.h ssh-keyscan.c sshconnect2.c sshd.c] | |
3827 | Implement the diffie-hellman-group-exchange-sha256 key exchange method | |
3828 | using the SHA256 code in libc (and wrapper to make it into an OpenSSL | |
3829 | EVP), interop tested against CVS PuTTY | |
3830 | NB. no portability bits committed yet | |
3831 | - (djm) [configure.ac defines.h kex.c md-sha256.c] | |
3832 | [openbsd-compat/sha2.h openbsd-compat/openbsd-compat.h] | |
3833 | [openbsd-compat/sha2.c] First stab at portability glue for SHA256 | |
3834 | KEX support, should work with libc SHA256 support or OpenSSL | |
3835 | EVP_sha256 if present | |
3836 | - (djm) [includes.h] Restore accidentally dropped netinet/in.h | |
3837 | - (djm) [Makefile.in openbsd-compat/Makefile.in] Add added files | |
3838 | - (djm) [md-sha256.c configure.ac] md-sha256.c needs sha2.h if present | |
3839 | - (djm) [regress/.cvsignore] Ignore Makefile here | |
3840 | - (djm) [loginrec.c] Need stat.h | |
3841 | - (djm) [openbsd-compat/sha2.h] Avoid include macro clash with | |
3842 | system sha2.h | |
3843 | - (djm) [ssh-rand-helper.c] Needs a bunch of headers | |
3844 | - (djm) [ssh-agent.c] Restore dropped stat.h | |
3845 | - (djm) [openbsd-compat/sha2.h openbsd-compat/sha2.c] Comment out | |
3846 | SHA384, which we don't need and doesn't compile without tweaks | |
3847 | - (djm) [auth-pam.c clientloop.c includes.h monitor.c session.c] | |
3848 | [sftp-client.c ssh-keysign.c ssh.c sshconnect.c sshconnect2.c] | |
3849 | [sshd.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-openpty.c] | |
3850 | [openbsd-compat/glob.c openbsd-compat/mktemp.c] | |
3851 | [openbsd-compat/readpassphrase.c] Lots of include fixes for | |
3852 | OpenSolaris | |
3853 | - (tim) [includes.h] put sys/stat.h back in to quiet some "macro redefined:" | |
3854 | - (tim) [openssh/sshpty.c openssh/openbsd-compat/port-tun.c] put in some | |
3855 | includes removed from includes.h | |
3856 | - (dtucker) [configure.ac] Fix glob test conversion to AC_TRY_COMPILE | |
3857 | - (djm) [includes.h] Put back paths.h, it is needed in defines.h | |
3858 | - (dtucker) [openbsd-compat/openbsd-compat.h] AIX (at least) needs | |
3859 | sys/ioctl.h for struct winsize. | |
3860 | - (dtucker) [configure.ac] login_cap.h requires sys/types.h on NetBSD. | |
3861 | ||
3862 | 20060313 | |
3863 | - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) | |
3864 | since not all platforms support it. Instead, use internal equivalent while | |
3865 | computing LLONG_MIN and LLONG_MAX. Remove special case for alpha-dec-osf* | |
3866 | as it's no longer required. Tested by Bernhard Simon, ok djm@ | |
3867 | ||
3868 | 20060304 | |
3869 | - (dtucker) [contrib/cygwin/ssh-host-config] Require use of lastlog as a | |
3870 | file rather than directory, required as Cygwin will be importing lastlog(1). | |
3871 | Also tightens up permissions on the file. Patch from vinschen@redhat.com. | |
3872 | - (dtucker) [gss-serv-krb5.c] Bug #1166: Correct #ifdefs for gssapi_krb5.h | |
3873 | includes. Patch from gentoo.riverrat at gmail.com. | |
3874 | ||
3875 | 20060226 | |
3876 | - (dtucker) [configure.ac] Bug #1156: QNX apparently needs SSHD_ACQUIRES_CTTY | |
3877 | patch from kraai at ftbfs.org. | |
3878 | ||
3879 | 20060223 | |
3880 | - (dtucker) [sshd_config sshd_config.5] Update UsePAM to reflect current | |
3881 | reality. Pointed out by tryponraj at gmail.com. | |
3882 | ||
3883 | 20060222 | |
3884 | - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Minor tidy up: only | |
3885 | compile in compat code if required. | |
3886 | ||
3887 | 20060221 | |
3888 | - (dtucker) [openbsd-compat/openssl-compat.h] Prevent warning about | |
3889 | redefinition of SSLeay_add_all_algorithms. | |
3890 | ||
3891 | 20060220 | |
3892 | - (dtucker) [INSTALL configure.ac openbsd-compat/openssl-compat.{c,h}] | |
3893 | Add optional enabling of OpenSSL's (hardware) Engine support, via | |
3894 | configure --with-ssl-engine. Based in part on a diff by michal at | |
3895 | logix.cz. | |
3896 | ||
3897 | 20060219 | |
3898 | - (dtucker) [Makefile.in configure.ac, added openbsd-compat/regress/] | |
3899 | Add first attempt at regress tests for compat library. ok djm@ | |
3900 | ||
3901 | 20060214 | |
3902 | - (tim) [buildpkg.sh.in] Make the names consistent. | |
3903 | s/pkg_post_make_install_fixes.sh/pkg-post-make-install-fixes.sh/ OK dtucker@ | |
3904 | ||
3905 | 20060212 | |
3906 | - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Make loop counter unsigned | |
3907 | to silence compiler warning, from vinschen at redhat.com. | |
3908 | - (tim) [configure.ac] Bug #1149. Disable /etc/default/login check for QNX. | |
3909 | - (dtucker) [README version.h contrib/caldera/openssh.spec | |
3910 | contrib/redhat/openssh.spec contrib/suse/openssh.spec] Bump version | |
3911 | strings to match 4.3p2 release. | |
3912 | ||
3913 | 20060208 | |
3914 | - (tim) [session.c] Logout records were not updated on systems with | |
3915 | post auth privsep disabled due to bug 1086 changes. Analysis and patch | |
3916 | by vinschen at redhat.com. OK tim@, dtucker@. | |
3917 | - (dtucker) [configure.ac] Typo in Ultrix and NewsOS sections (NEED_SETPRGP | |
3918 | -> NEED_SETPGRP), reported by Bernhard Simon. ok tim@ | |
3919 | ||
3920 | 20060206 | |
3921 | - (tim) [configure.ac] Remove unnecessary tests for net/if.h and | |
3922 | netinet/in_systm.h. OK dtucker@. | |
3923 | ||
3924 | 20060205 | |
3925 | - (tim) [configure.ac] Add AC_REVISION. Add sys/time.h to lastlog.h test | |
3926 | for Solaris. OK dtucker@. | |
3927 | - (tim) [configure.ac] Bug #1149. Changes in QNX section only. Patch by | |
3928 | kraai at ftbfs.org. | |
3929 | ||
3930 | 20060203 | |
3931 | - (tim) [configure.ac] test for egrep (AC_PROG_EGREP) before first | |
3932 | AC_CHECK_HEADERS test. Without it, if AC_CHECK_HEADERS is first run | |
3933 | by a platform specific check, builtin standard includes tests will be | |
3934 | skipped on the other platforms. | |
3935 | Analysis and suggestion by vinschen at redhat.com, patch by dtucker@. | |
3936 | OK tim@, djm@. | |
3937 | ||
3938 | 20060202 | |
3939 | - (dtucker) [configure.ac] Bug #1148: Fix "crippled AES" test so that it | |
3940 | works with picky compilers. Patch from alex.kiernan at thus.net. | |
3941 | ||
3942 | 20060201 | |
3943 | - (djm) [regress/test-exec.sh] Try 'logname' as well as 'whoami' to | |
3944 | determine the user's login name - needed for regress tests on Solaris | |
3945 | 10 and OpenSolaris | |
3946 | - (djm) OpenBSD CVS Sync | |
3947 | - jmc@cvs.openbsd.org 2006/02/01 09:06:50 | |
3948 | [sshd.8] | |
3949 | - merge sections on protocols 1 and 2 into a single section | |
3950 | - remove configuration file section | |
3951 | ok markus | |
3952 | - jmc@cvs.openbsd.org 2006/02/01 09:11:41 | |
3953 | [sshd.8] | |
3954 | small tweak; | |
3955 | - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] | |
3956 | [contrib/suse/openssh.spec] Update versions ahead of release | |
3957 | - markus@cvs.openbsd.org 2006/02/01 11:27:22 | |
3958 | [version.h] | |
3959 | openssh 4.3 | |
3960 | - (djm) Release OpenSSH 4.3p1 | |
3961 | ||
3962 | 20060131 | |
3963 | - (djm) OpenBSD CVS Sync | |
3964 | - jmc@cvs.openbsd.org 2006/01/20 11:21:45 | |
3965 | [ssh_config.5] | |
3966 | - word change, agreed w/ markus | |
3967 | - consistency fixes | |
3968 | - jmc@cvs.openbsd.org 2006/01/25 09:04:34 | |
3969 | [sshd.8] | |
3970 | move the options description up the page, and a few additional tweaks | |
3971 | whilst in here; | |
3972 | ok markus | |
3973 | - jmc@cvs.openbsd.org 2006/01/25 09:07:22 | |
3974 | [sshd.8] | |
3975 | move subsections to full sections; | |
3976 | - jmc@cvs.openbsd.org 2006/01/26 08:47:56 | |
3977 | [ssh.1] | |
3978 | add a section on verifying host keys in dns; | |
3979 | written with a lot of help from jakob; | |
3980 | feedback dtucker/markus; | |
3981 | ok markus | |
3982 | - reyk@cvs.openbsd.org 2006/01/30 12:22:22 | |
3983 | [channels.c] | |
3984 | mark channel as write failed or dead instead of read failed on error | |
3985 | of the channel output filter. | |
3986 | ok markus@ | |
3987 | - jmc@cvs.openbsd.org 2006/01/30 13:37:49 | |
3988 | [ssh.1] | |
3989 | remove an incorrect sentence; | |
3990 | reported by roumen petrov; | |
3991 | ok djm markus | |
3992 | - djm@cvs.openbsd.org 2006/01/31 10:19:02 | |
3993 | [misc.c misc.h scp.c sftp.c] | |
3994 | fix local arbitrary command execution vulnerability on local/local and | |
3995 | remote/remote copies (CVE-2006-0225, bz #1094), patch by | |
3996 | t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@ | |
3997 | - djm@cvs.openbsd.org 2006/01/31 10:35:43 | |
3998 | [scp.c] | |
3999 | "scp a b c" shouldn't clobber "c" when it is not a directory, report and | |
4000 | fix from biorn@; ok markus@ | |
4001 | - (djm) Sync regress tests to OpenBSD: | |
4002 | - dtucker@cvs.openbsd.org 2005/03/10 10:20:39 | |
4003 | [regress/forwarding.sh] | |
4004 | Regress test for ClearAllForwardings (bz #994); ok markus@ | |
4005 | - dtucker@cvs.openbsd.org 2005/04/25 09:54:09 | |
4006 | [regress/multiplex.sh] | |
4007 | Don't call cleanup in multiplex as test-exec will cleanup anyway | |
4008 | found by tim@, ok djm@ | |
4009 | NB. ID sync only, we already had this | |
4010 | - djm@cvs.openbsd.org 2005/05/20 23:14:15 | |
4011 | [regress/test-exec.sh] | |
4012 | force addressfamily=inet for tests, unbreaking dynamic-forward regress for | |
4013 | recently committed nc SOCKS5 changes | |
4014 | - djm@cvs.openbsd.org 2005/05/24 04:10:54 | |
4015 | [regress/try-ciphers.sh] | |
4016 | oops, new arcfour modes here too | |
4017 | - markus@cvs.openbsd.org 2005/06/30 11:02:37 | |
4018 | [regress/scp.sh] | |
4019 | allow SUDO=sudo; from Alexander Bluhm | |
4020 | - grunk@cvs.openbsd.org 2005/11/14 21:25:56 | |
4021 | [regress/agent-getpeereid.sh] | |
4022 | all other scripts in this dir use $SUDO, not 'sudo', so pull this even | |
4023 | ok markus@ | |
4024 | - dtucker@cvs.openbsd.org 2005/12/14 04:36:39 | |
4025 | [regress/scp-ssh-wrapper.sh] | |
4026 | Fix assumption about how many args scp will pass; ok djm@ | |
4027 | NB. ID sync only, we already had this | |
4028 | - djm@cvs.openbsd.org 2006/01/27 06:49:21 | |
4029 | [scp.sh] | |
4030 | regress test for local to local scp copies; ok dtucker@ | |
4031 | - djm@cvs.openbsd.org 2006/01/31 10:23:23 | |
4032 | [scp.sh] | |
4033 | regression test for CVE-2006-0225 written by dtucker@ | |
4034 | - djm@cvs.openbsd.org 2006/01/31 10:36:33 | |
4035 | [scp.sh] | |
4036 | regress test for "scp a b c" where "c" is not a directory | |
4037 | ||
4038 | 20060129 | |
4039 | - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the | |
4040 | opensshd.init script interpretter if /sbin/sh does not exist. ok tim@ | |
4041 | ||
4042 | 20060120 | |
4043 | - (dtucker) OpenBSD CVS Sync | |
4044 | - jmc@cvs.openbsd.org 2006/01/15 17:37:05 | |
4045 | [ssh.1] | |
4046 | correction from deraadt | |
4047 | - jmc@cvs.openbsd.org 2006/01/18 10:53:29 | |
4048 | [ssh.1] | |
4049 | add a section on ssh-based vpn, based on reyk's README.tun; | |
4050 | - dtucker@cvs.openbsd.org 2006/01/20 00:14:55 | |
4051 | [scp.1 ssh.1 ssh_config.5 sftp.1] | |
4052 | Document RekeyLimit. Based on patch from jan.iven at cern.ch from mindrot | |
4053 | #1056 with feedback from jmc, djm and markus; ok jmc@ djm@ | |
4054 | ||
4055 | 20060114 | |
4056 | - (djm) OpenBSD CVS Sync | |
4057 | - jmc@cvs.openbsd.org 2006/01/06 13:27:32 | |
4058 | [ssh.1] | |
4059 | weed out some duplicate info in the known_hosts FILES entries; | |
4060 | ok djm | |
4061 | - jmc@cvs.openbsd.org 2006/01/06 13:29:10 | |
4062 | [ssh.1] | |
4063 | final round of whacking FILES for duplicate info, and some consistency | |
4064 | fixes; | |
4065 | ok djm | |
4066 | - jmc@cvs.openbsd.org 2006/01/12 14:44:12 | |
4067 | [ssh.1] | |
4068 | split sections on tcp and x11 forwarding into two sections. | |
4069 | add an example in the tcp section, based on sth i wrote for ssh faq; | |
4070 | help + ok: djm markus dtucker | |
4071 | - jmc@cvs.openbsd.org 2006/01/12 18:48:48 | |
4072 | [ssh.1] | |
4073 | refer to `TCP' rather than `TCP/IP' in the context of connection | |
4074 | forwarding; | |
4075 | ok markus | |
4076 | - jmc@cvs.openbsd.org 2006/01/12 22:20:00 | |
4077 | [sshd.8] | |
4078 | refer to TCP forwarding, rather than TCP/IP forwarding; | |
4079 | - jmc@cvs.openbsd.org 2006/01/12 22:26:02 | |
4080 | [ssh_config.5] | |
4081 | refer to TCP forwarding, rather than TCP/IP forwarding; | |
4082 | - jmc@cvs.openbsd.org 2006/01/12 22:34:12 | |
4083 | [ssh.1] | |
4084 | back out a sentence - AUTHENTICATION already documents this; | |
4085 | ||
4086 | 20060109 | |
4087 | - (dtucker) [contrib/cygwin/ssh-host-config] Make sshd service depend on | |
4088 | tcpip service so it's always started after IP is up. Patch from | |
4089 | vinschen at redhat.com. | |
4090 | ||
4091 | 20060106 | |
4092 | - (djm) OpenBSD CVS Sync | |
4093 | - jmc@cvs.openbsd.org 2006/01/03 16:31:10 | |
4094 | [ssh.1] | |
4095 | move FILES to a -compact list, and make each files an item in that list. | |
4096 | this avoids nastly line wrap when we have long pathnames, and treats | |
4097 | each file as a separate item; | |
4098 | remove the .Pa too, since it is useless. | |
4099 | - jmc@cvs.openbsd.org 2006/01/03 16:35:30 | |
4100 | [ssh.1] | |
4101 | use a larger width for the ENVIRONMENT list; | |
4102 | - jmc@cvs.openbsd.org 2006/01/03 16:52:36 | |
4103 | [ssh.1] | |
4104 | put FILES in some sort of order: sort by pathname | |
4105 | - jmc@cvs.openbsd.org 2006/01/03 16:55:18 | |
4106 | [ssh.1] | |
4107 | tweak the description of ~/.ssh/environment | |
4108 | - jmc@cvs.openbsd.org 2006/01/04 18:42:46 | |
4109 | [ssh.1] | |
4110 | chop out some duplication in the .{r,s}hosts/{h,sh}osts.equiv FILES | |
4111 | entries; | |
4112 | ok markus | |
4113 | - jmc@cvs.openbsd.org 2006/01/04 18:45:01 | |
4114 | [ssh.1] | |
4115 | remove .Xr's to rsh(1) and telnet(1): they are hardly needed; | |
4116 | - jmc@cvs.openbsd.org 2006/01/04 19:40:24 | |
4117 | [ssh.1] | |
4118 | +.Xr ssh-keyscan 1 , | |
4119 | - jmc@cvs.openbsd.org 2006/01/04 19:50:09 | |
4120 | [ssh.1] | |
4121 | -.Xr gzip 1 , | |
4122 | - djm@cvs.openbsd.org 2006/01/05 23:43:53 | |
4123 | [misc.c] | |
4124 | check that stdio file descriptors are actually closed before clobbering | |
4125 | them in sanitise_stdfd(). problems occurred when a lower numbered fd was | |
4126 | closed, but higher ones weren't. spotted by, and patch tested by | |
4127 | Frédéric Olivié | |
4128 | ||
4129 | 20060103 | |
4130 | - (djm) [channels.c] clean up harmless merge error, from reyk@ | |
4131 | ||
4132 | 20060103 | |
4133 | - (djm) OpenBSD CVS Sync | |
4134 | - jmc@cvs.openbsd.org 2006/01/02 17:09:49 | |
4135 | [ssh_config.5 sshd_config.5] | |
4136 | some corrections from michael knudsen; | |
4137 | ||
4138 | 20060102 | |
4139 | - (djm) [README.tun] Add README.tun, missed during sync of tun(4) support | |
4140 | - (djm) OpenBSD CVS Sync | |
4141 | - jmc@cvs.openbsd.org 2005/12/31 10:46:17 | |
4142 | [ssh.1] | |
4143 | merge the "LOGIN SESSION AND REMOTE EXECUTION" and "SERVER | |
4144 | AUTHENTICATION" sections into "AUTHENTICATION"; | |
4145 | some rewording done to make the text read better, plus some | |
4146 | improvements from djm; | |
4147 | ok djm | |
4148 | - jmc@cvs.openbsd.org 2005/12/31 13:44:04 | |
4149 | [ssh.1] | |
4150 | clean up ENVIRONMENT a little; | |
4151 | - jmc@cvs.openbsd.org 2005/12/31 13:45:19 | |
4152 | [ssh.1] | |
4153 | .Nm does not require an argument; | |
4154 | - stevesk@cvs.openbsd.org 2006/01/01 08:59:27 | |
4155 | [includes.h misc.c] | |
4156 | move <net/if.h>; ok djm@ | |
4157 | - stevesk@cvs.openbsd.org 2006/01/01 10:08:48 | |
4158 | [misc.c] | |
4159 | no trailing "\n" for debug() | |
4160 | - djm@cvs.openbsd.org 2006/01/02 01:20:31 | |
4161 | [sftp-client.c sftp-common.h sftp-server.c] | |
4162 | use a common max. packet length, no binary change | |
4163 | - reyk@cvs.openbsd.org 2006/01/02 07:53:44 | |
4164 | [misc.c] | |
4165 | clarify tun(4) opening - set the mode and bring the interface up. also | |
4166 | (re)sets the tun(4) layer 2 LINK0 flag for existing tunnel interfaces. | |
4167 | suggested and ok by djm@ | |
4168 | - jmc@cvs.openbsd.org 2006/01/02 12:31:06 | |
4169 | [ssh.1] | |
4170 | start to cut some duplicate info from FILES; | |
4171 | help/ok djm | |
4172 | ||
4173 | 20060101 | |
4174 | - (djm) [Makefile.in configure.ac includes.h misc.c] | |
4175 | [openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Add support | |
4176 | for tunnel forwarding for FreeBSD and NetBSD. NetBSD's support is | |
4177 | limited to IPv4 tunnels only, and most versions don't support the | |
4178 | tap(4) device at all. | |
4179 | - (djm) [configure.ac] Fix linux/if_tun.h test | |
4180 | - (djm) [openbsd-compat/port-tun.c] Linux needs linux/if.h too | |
4181 | ||
4182 | 20051229 | |
4183 | - (djm) OpenBSD CVS Sync | |
4184 | - stevesk@cvs.openbsd.org 2005/12/28 22:46:06 | |
4185 | [canohost.c channels.c clientloop.c] | |
4186 | use 'break-in' for consistency; ok deraadt@ ok and input jmc@ | |
4187 | - reyk@cvs.openbsd.org 2005/12/30 15:56:37 | |
4188 | [channels.c channels.h clientloop.c] | |
4189 | add channel output filter interface. | |
4190 | ok djm@, suggested by markus@ | |
4191 | - jmc@cvs.openbsd.org 2005/12/30 16:59:00 | |
4192 | [sftp.1] | |
4193 | do not suggest that interactive authentication will work | |
4194 | with the -b flag; | |
4195 | based on a diff from john l. scarfone; | |
4196 | ok djm | |
4197 | - stevesk@cvs.openbsd.org 2005/12/31 01:38:45 | |
4198 | [ssh.1] | |
4199 | document -MM; ok djm@ | |
4200 | - (djm) [openbsd-compat/port-tun.c openbsd-compat/port-tun.h configure.ac] | |
4201 | [serverloop.c ssh.c openbsd-compat/Makefile.in] | |
4202 | [openbsd-compat/openbsd-compat.h] Implement tun(4) forwarding | |
4203 | compatability support for Linux, diff from reyk@ | |
4204 | - (djm) [configure.ac] Disable Linux tun(4) compat code if linux/tun.h does | |
4205 | not exist | |
4206 | - (djm) [configure.ac] oops, make that linux/if_tun.h | |
4207 | ||
4208 | 20051229 | |
4209 | - (tim) [buildpkg.sh.in] grep for $SSHDUID instead of $SSHDGID on /etc/passwd | |
4210 | ||
4211 | 20051224 | |
4212 | - (djm) OpenBSD CVS Sync | |
4213 | - jmc@cvs.openbsd.org 2005/12/20 21:59:43 | |
4214 | [ssh.1] | |
4215 | merge the sections on protocols 1 and 2 into one section on | |
4216 | authentication; | |
4217 | feedback djm dtucker | |
4218 | ok deraadt markus dtucker | |
4219 | - jmc@cvs.openbsd.org 2005/12/20 22:02:50 | |
4220 | [ssh.1] | |
4221 | .Ss -> .Sh: subsections have not made this page more readable | |
4222 | - jmc@cvs.openbsd.org 2005/12/20 22:09:41 | |
4223 | [ssh.1] | |
4224 | move info on ssh return values and config files up into the main | |
4225 | description; | |
4226 | - jmc@cvs.openbsd.org 2005/12/21 11:48:16 | |
4227 | [ssh.1] | |
4228 | -L and -R descriptions are now above, not below, ~C description; | |
4229 | - jmc@cvs.openbsd.org 2005/12/21 11:57:25 | |
4230 | [ssh.1] | |
4231 | options now described `above', rather than `later'; | |
4232 | - jmc@cvs.openbsd.org 2005/12/21 12:53:31 | |
4233 | [ssh.1] | |
4234 | -Y does X11 forwarding too; | |
4235 | ok markus | |
4236 | - stevesk@cvs.openbsd.org 2005/12/21 22:44:26 | |
4237 | [sshd.8] | |
4238 | clarify precedence of -p, Port, ListenAddress; ok and help jmc@ | |
4239 | - jmc@cvs.openbsd.org 2005/12/22 10:31:40 | |
4240 | [ssh_config.5] | |
4241 | put the description of "UsePrivilegedPort" in the correct place; | |
4242 | - jmc@cvs.openbsd.org 2005/12/22 11:23:42 | |
4243 | [ssh.1] | |
4244 | expand the description of -w somewhat; | |
4245 | help/ok reyk | |
4246 | - jmc@cvs.openbsd.org 2005/12/23 14:55:53 | |
4247 | [ssh.1] | |
4248 | - sync the description of -e w/ synopsis | |
4249 | - simplify the description of -I | |
4250 | - note that -I is only available if support compiled in, and that it | |
4251 | isn't by default | |
4252 | feedback/ok djm@ | |
4253 | - jmc@cvs.openbsd.org 2005/12/23 23:46:23 | |
4254 | [ssh.1] | |
4255 | less mark up for -c; | |
4256 | - djm@cvs.openbsd.org 2005/12/24 02:27:41 | |
4257 | [session.c sshd.c] | |
4258 | eliminate some code duplicated in privsep and non-privsep paths, and | |
4259 | explicitly clear SIGALRM handler; "groovy" deraadt@ | |
4260 | ||
4261 | 20051220 | |
4262 | - (dtucker) OpenBSD CVS Sync | |
4263 | - reyk@cvs.openbsd.org 2005/12/13 15:03:02 | |
4264 | [serverloop.c] | |
4265 | if forced_tun_device is not set, it is -1 and not SSH_TUNID_ANY | |
4266 | - jmc@cvs.openbsd.org 2005/12/16 18:07:08 | |
4267 | [ssh.1] | |
4268 | move the option descriptions up the page: start of a restructure; | |
4269 | ok markus deraadt | |
4270 | - jmc@cvs.openbsd.org 2005/12/16 18:08:53 | |
4271 | [ssh.1] | |
4272 | simplify a sentence; | |
4273 | - jmc@cvs.openbsd.org 2005/12/16 18:12:22 | |
4274 | [ssh.1] | |
4275 | make the description of -c a little nicer; | |
4276 | - jmc@cvs.openbsd.org 2005/12/16 18:14:40 | |
4277 | [ssh.1] | |
4278 | signpost the protocol sections; | |
4279 | - stevesk@cvs.openbsd.org 2005/12/17 21:13:05 | |
4280 | [ssh_config.5 session.c] | |
4281 | spelling: fowarding, fowarded | |
4282 | - stevesk@cvs.openbsd.org 2005/12/17 21:36:42 | |
4283 | [ssh_config.5] | |
4284 | spelling: intented -> intended | |
4285 | - dtucker@cvs.openbsd.org 2005/12/20 04:41:07 | |
4286 | [ssh.c] | |
4287 | exit(255) on error to match description in ssh(1); bz #1137; ok deraadt@ | |
4288 | ||
4289 | 20051219 | |
4290 | - (dtucker) [cipher-aes.c cipher-ctr.c cipher.c configure.ac | |
4291 | openbsd-compat/openssl-compat.h] Check for and work around broken AES | |
4292 | ciphers >128bit on (some) Solaris 10 systems. ok djm@ | |
4293 | ||
4294 | 20051217 | |
4295 | - (dtucker) [defines.h] HP-UX system headers define "YES" and "NO" which | |
4296 | scp.c also uses, so undef them here. | |
4297 | - (dtucker) [configure.ac openbsd-compat/bsd-snprintf.c] Bug #1133: Our | |
4298 | snprintf replacement can have a conflicting declaration in HP-UX's system | |
4299 | headers (const vs. no const) so we now check for and work around it. Patch | |
4300 | from the dynamic duo of David Leonard and Ted Percival. | |
4301 | ||
4302 | 20051214 | |
4303 | - (dtucker) OpenBSD CVS Sync (regress/) | |
4304 | - dtucker@cvs.openbsd.org 2005/12/30 04:36:39 | |
4305 | [regress/scp-ssh-wrapper.sh] | |
4306 | Fix assumption about how many args scp will pass; ok djm@ | |
4307 | ||
4308 | 20051213 | |
4309 | - (djm) OpenBSD CVS Sync | |
4310 | - jmc@cvs.openbsd.org 2005/11/30 11:18:27 | |
4311 | [ssh.1] | |
4312 | timezone -> time zone | |
4313 | - jmc@cvs.openbsd.org 2005/11/30 11:45:20 | |
4314 | [ssh.1] | |
4315 | avoid ambiguities in describing TZ; | |
4316 | ok djm@ | |
4317 | - reyk@cvs.openbsd.org 2005/12/06 22:38:28 | |
4318 | [auth-options.c auth-options.h channels.c channels.h clientloop.c] | |
4319 | [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h] | |
4320 | [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c] | |
4321 | [sshconnect.h sshd.8 sshd_config sshd_config.5] | |
4322 | Add support for tun(4) forwarding over OpenSSH, based on an idea and | |
4323 | initial channel code bits by markus@. This is a simple and easy way to | |
4324 | use OpenSSH for ad hoc virtual private network connections, e.g. | |
4325 | administrative tunnels or secure wireless access. It's based on a new | |
4326 | ssh channel and works similar to the existing TCP forwarding support, | |
4327 | except that it depends on the tun(4) network interface on both ends of | |
4328 | the connection for layer 2 or layer 3 tunneling. This diff also adds | |
4329 | support for LocalCommand in the ssh(1) client. | |
4330 | ok djm@, markus@, jmc@ (manpages), tested and discussed with others | |
4331 | - djm@cvs.openbsd.org 2005/12/07 03:52:22 | |
4332 | [clientloop.c] | |
4333 | reyk forgot to compile with -Werror (missing header) | |
4334 | - jmc@cvs.openbsd.org 2005/12/07 10:52:13 | |
4335 | [ssh.1] | |
4336 | - avoid line split in SYNOPSIS | |
4337 | - add args to -w | |
4338 | - kill trailing whitespace | |
4339 | - jmc@cvs.openbsd.org 2005/12/08 14:59:44 | |
4340 | [ssh.1 ssh_config.5] | |
4341 | make `!command' a little clearer; | |
4342 | ok reyk | |
4343 | - jmc@cvs.openbsd.org 2005/12/08 15:06:29 | |
4344 | [ssh_config.5] | |
4345 | keep options in order; | |
4346 | - reyk@cvs.openbsd.org 2005/12/08 18:34:11 | |
4347 | [auth-options.c includes.h misc.c misc.h readconf.c servconf.c] | |
4348 | [serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac] | |
4349 | two changes to the new ssh tunnel support. this breaks compatibility | |
4350 | with the initial commit but is required for a portable approach. | |
4351 | - make the tunnel id u_int and platform friendly, use predefined types. | |
4352 | - support configuration of layer 2 (ethernet) or layer 3 | |
4353 | (point-to-point, default) modes. configuration is done using the | |
4354 | Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and | |
4355 | restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option | |
4356 | in sshd_config(5). | |
4357 | ok djm@, man page bits by jmc@ | |
4358 | - jmc@cvs.openbsd.org 2005/12/08 21:37:50 | |
4359 | [ssh_config.5] | |
4360 | new sentence, new line; | |
4361 | - markus@cvs.openbsd.org 2005/12/12 13:46:18 | |
4362 | [channels.c channels.h session.c] | |
4363 | make sure protocol messages for internal channels are ignored. | |
4364 | allow adjust messages for non-open channels; with and ok djm@ | |
4365 | - (djm) [misc.c] Disable tunnel code for non-OpenBSD (for now), enable | |
4366 | again by providing a sys_tun_open() function for your platform and | |
4367 | setting the CUSTOM_SYS_TUN_OPEN define. More work is required to match | |
4368 | OpenBSD's tunnel protocol, which prepends the address family to the | |
4369 | packet | |
4370 | ||
4371 | 20051201 | |
4372 | - (djm) [envpass.sh] Remove regress script that was accidentally committed | |
4373 | in top level directory and not noticed for over a year :) | |
4374 | ||
4375 | 20051129 | |
4376 | - (tim) [ssh-keygen.c] Move DSA length test after setting default when | |
4377 | bits == 0. | |
4378 | - (dtucker) OpenBSD CVS Sync | |
4379 | - dtucker@cvs.openbsd.org 2005/11/29 02:04:55 | |
4380 | [ssh-keygen.c] | |
4381 | Populate default key sizes before checking them; from & ok tim@ | |
4382 | - (tim) [configure.ac sshd.8] Enable locked account check (a "*LK*" string) | |
4383 | for UnixWare. | |
4384 | ||
4385 | 20051128 | |
4386 | - (dtucker) [regress/yes-head.sh] Work around breakage caused by some | |
4387 | versions of GNU head. Based on patch from zappaman at buraphalinux.org | |
4388 | - (dtucker) [includes.h] Bug #1122: __USE_GNU is a glibc internal macro, use | |
4389 | _GNU_SOURCE instead. Patch from t8m at centrum.cz. | |
4390 | - (dtucker) OpenBSD CVS Sync | |
4391 | - dtucker@cvs.openbsd.org 2005/11/28 05:16:53 | |
4392 | [ssh-keygen.1 ssh-keygen.c] | |
4393 | Enforce DSA key length of exactly 1024 bits to comply with FIPS-186-2, | |
4394 | increase minumum RSA key size to 768 bits and update man page to reflect | |
4395 | these. Patch originally bz#1119 (senthilkumar_sen at hotpop.com), | |
4396 | ok djm@, grudging ok deraadt@. | |
4397 | - dtucker@cvs.openbsd.org 2005/11/28 06:02:56 | |
4398 | [ssh-agent.1] | |
4399 | Update agent socket path templates to reflect reality, correct xref for | |
4400 | time formats. bz#1121, patch from openssh at roumenpetrov.info, ok djm@ | |
4401 | ||
4402 | 20051126 | |
4403 | - (dtucker) [configure.ac] Bug #1126: AIX 5.2 and 5.3 (and presumably newer, | |
4404 | when they're available) need the real UID set otherwise pam_chauthtok will | |
4405 | set ADMCHG after changing the password, forcing the user to change it | |
4406 | again immediately. | |
4407 | ||
4408 | 20051125 | |
4409 | - (dtucker) [configure.ac] Apply tim's fix for older systems where the | |
4410 | resolver state in resolv.h is "state" not "__res_state". With slight | |
4411 | modification by me to also work on old AIXes. ok djm@ | |
4412 | - (dtucker) [progressmeter.c scp.c sftp-server.c] Use correct casts for | |
4413 | snprintf formats, fixes warnings on some 64 bit platforms. Patch from | |
4414 | shaw at vranix.com, ok djm@ | |
4415 | ||
4416 | 20051124 | |
4417 | - (djm) [configure.ac openbsd-compat/Makefile.in openbsd-compat/bsd-asprintf.c | |
4418 | openbsd-compat/bsd-snprintf.c openbsd-compat/openbsd-compat.h] Add an | |
4419 | asprintf() implementation, after syncing our {v,}snprintf() implementation | |
4420 | with some extra fixes from Samba's version. With help and debugging from | |
4421 | dtucker and tim; ok dtucker@ | |
4422 | - (dtucker) [configure.ac] Fix typos in comments and AC_SEARCH_LIB argument | |
4423 | order in Reliant Unix block. Patch from johane at lysator.liu.se. | |
4424 | - (dtucker) [regress/test-exec.sh] Use 1024 bit keys since we generate so | |
4425 | many and use them only once. Speeds up testing on older/slower hardware. | |
4426 | ||
4427 | 20051122 | |
4428 | - (dtucker) OpenBSD CVS Sync | |
4429 | - deraadt@cvs.openbsd.org 2005/11/12 18:37:59 | |
4430 | [ssh-add.c] | |
4431 | space | |
4432 | - deraadt@cvs.openbsd.org 2005/11/12 18:38:15 | |
4433 | [scp.c] | |
4434 | avoid close(-1), as in rcp; ok cloder | |
4435 | - millert@cvs.openbsd.org 2005/11/15 11:59:54 | |
4436 | [includes.h] | |
4437 | Include sys/queue.h explicitly instead of assuming some other header | |
4438 | will pull it in. At the moment it gets pulled in by sys/select.h | |
4439 | (which ssh has no business including) via event.h. OK markus@ | |
4440 | (ID sync only in -portable) | |
4441 | - dtucker@cvs.openbsd.org 2005/11/21 09:42:10 | |
4442 | [auth-krb5.c] | |
4443 | Perform Kerberos calls even for invalid users to prevent leaking | |
4444 | information about account validity. bz #975, patch originally from | |
4445 | Senthil Kumar, sanity checked by Simon Wilkinson, tested by djm@, biorn@, | |
4446 | ok markus@ | |
4447 | - dtucker@cvs.openbsd.org 2005/11/22 03:36:03 | |
4448 | [hostfile.c] | |
4449 | Correct format/arguments to debug call; spotted by shaw at vranix.com | |
4450 | ok djm@ | |
4451 | - (dtucker) [loginrec.c] Add casts to prevent compiler warnings, patch | |
4452 | from shaw at vranix.com. | |
4453 | ||
4454 | 20051120 | |
4455 | - (dtucker) [openbsd-compat/openssl-compat.h] Add comment explaining what | |
4456 | is going on. | |
4457 | ||
4458 | 20051112 | |
4459 | - (dtucker) [openbsd-compat/getrrsetbyname.c] Restore Portable-specific | |
4460 | ifdef lost during sync. Spotted by tim@. | |
4461 | - (dtucker) [openbsd-compat/{realpath.c,stroll.c,rresvport.c}] $OpenBSD tag. | |
4462 | - (dtucker) [configure.ac] Use "$AWK" instead of "awk" in gcc version test. | |
4463 | - (dtucker) [configure.ac] Remove duplicate utimes() check. ok djm@ | |
4464 | - (dtucker) [regress/reconfigure.sh] Fix potential race in the reconfigure | |
4465 | test: if sshd takes too long to reconfigure the subsequent connection will | |
4466 | fail. Zap pidfile before HUPing sshd which will rewrite it when it's ready. | |
4467 | ||
4468 | 20051110 | |
4469 | - (dtucker) [openbsd-compat/setenv.c] Merge changes for __findenv from | |
4470 | OpenBSD getenv.c revs 1.4 - 1.8 (ANSIfication of arguments, removal of | |
4471 | "register"). | |
4472 | - (dtucker) [openbsd-compat/setenv.c] Make __findenv static, remove | |
4473 | unnecessary prototype. | |
4474 | - (dtucker) [openbsd-compat/setenv.c] Sync changes from OpenBSD setenv.c | |
4475 | revs 1.7 - 1.9. | |
4476 | - (dtucker) [auth-krb5.c] Fix -Wsign-compare warning in non-Heimdal path. | |
4477 | Patch from djm@. | |
4478 | - (dtucker) [configure.ac] Disable pointer-sign warnings on gcc 4.0+ | |
4479 | since they're not useful right now. Patch from djm@. | |
4480 | - (dtucker) [openbsd-compat/getgrouplist.c] Sync OpenBSD revs 1.10 - 1.2 (ANSI | |
4481 | prototypes, removal of "register"). | |
4482 | - (dtucker) [openbsd-compat/strlcat.c] Sync OpenBSD revs 1.11 - 1.12 (removal | |
4483 | of "register"). | |
4484 | - (dtucker) [openbsd-compat/{LOTS}] Move the "OPENBSD ORIGINAL" markers to | |
4485 | after the copyright notices. Having them at the top next to the CVSIDs | |
4486 | guarantees a conflict for each and every sync. | |
4487 | - (dtucker) [openbsd-compat/strlcpy.c] Update from OpenBSD 1.8 -> 1.10. | |
4488 | - (dtucker) [openbsd-compat/sigact.h] Add "OPENBSD ORIGINAL" marker. | |
4489 | - (dtucker) [openbsd-compat/strmode.c] Update from OpenBSD 1.5 -> 1.7. | |
4490 | Removal of rcsid, "whiteout" inode type. | |
4491 | - (dtucker) [openbsd-compat/basename.c] Update from OpenBSD 1.11 -> 1.14. | |
4492 | Removal of rcsid, will no longer strlcpy parts of the string. | |
4493 | - (dtucker) [openbsd-compat/strtoll.c] Update from OpenBSD 1.4 -> 1.5. | |
4494 | - (dtucker) [openbsd-compat/strtoul.c] Update from OpenBSD 1.5 -> 1.7. | |
4495 | - (dtucker) [openbsd-compat/readpassphrase.c] Update from OpenBSD 1.16 -> 1.18. | |
4496 | - (dtucker) [openbsd-compat/readpassphrase.h] Update from OpenBSD 1.3 -> 1.5. | |
4497 | - (dtucker) [openbsd-compat/glob.c] Update from OpenBSD 1.22 -> 1.25. | |
4498 | - (dtucker) [openbsd-compat/glob.h] Update from OpenBSD 1.8 -> 1.9. | |
4499 | - (dtucker) [openbsd-compat/getcwd.c] Update from OpenBSD 1.9 -> 1.14. | |
4500 | - (dtucker) [openbsd-compat/getcwd.c] Replace lstat with fstat to match up | |
4501 | with OpenBSD code since we don't support platforms without fstat any more. | |
4502 | - (dtucker) [openbsd-compat/inet_aton.c] Update from OpenBSD 1.7 -> 1.9. | |
4503 | - (dtucker) [openbsd-compat/inet_ntoa.c] Update from OpenBSD 1.4 -> 1.6. | |
4504 | - (dtucker) [openbsd-compat/inet_ntop.c] Update from OpenBSD 1.5 -> 1.7. | |
4505 | - (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.5 -> 1.6. | |
4506 | - (dtucker) [openbsd-compat/strsep.c] Update from OpenBSD 1.5 -> 1.6. | |
4507 | - (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.10 -> 1.13. | |
4508 | - (dtucker) [openbsd-compat/mktemp.c] Update from OpenBSD 1.17 -> 1.19. | |
4509 | - (dtucker) [openbsd-compat/rresvport.c] Update from OpenBSD 1.6 -> 1.8. | |
4510 | - (dtucker) [openbsd-compat/bindresvport.c] Add "OPENBSD ORIGINAL" marker. | |
4511 | - (dtucker) [openbsd-compat/bindresvport.c] Update from OpenBSD 1.16 -> 1.17. | |
4512 | - (dtucker) [openbsd-compat/sigact.c] Update from OpenBSD 1.3 -> 1.4. | |
4513 | Id and copyright sync only, there were no substantial changes we need. | |
4514 | - (dtucker) [openbsd-compat/bsd-closefrom.c openbsd-compat/base64.c] | |
4515 | -Wsign-compare fixes from djm. | |
4516 | - (dtucker) [openbsd-compat/sigact.h] Update from OpenBSD 1.2 -> 1.3. | |
4517 | Id and copyright sync only, there were no substantial changes we need. | |
4518 | - (dtucker) [configure.ac] Try to get the gcc version number in a way that | |
4519 | doesn't change between versions, and use a safer default. | |
4520 | ||
4521 | 20051105 | |
4522 | - (djm) OpenBSD CVS Sync | |
4523 | - markus@cvs.openbsd.org 2005/10/07 11:13:57 | |
4524 | [ssh-keygen.c] | |
4525 | change DSA default back to 1024, as it's defined for 1024 bits only | |
4526 | and this causes interop problems with other clients. moreover, | |
4527 | in order to improve the security of DSA you need to change more | |
4528 | components of DSA key generation (e.g. the internal SHA1 hash); | |
4529 | ok deraadt | |
4530 | - djm@cvs.openbsd.org 2005/10/10 10:23:08 | |
4531 | [channels.c channels.h clientloop.c serverloop.c session.c] | |
4532 | fix regression I introduced in 4.2: X11 forwardings initiated after | |
4533 | a session has exited (e.g. "(sleep 5; xterm) &") would not start. | |
4534 | bz #1086 reported by t8m AT centrum.cz; ok markus@ dtucker@ | |
4535 | - djm@cvs.openbsd.org 2005/10/11 23:37:37 | |
4536 | [channels.c] | |
4537 | bz #1076 set SO_REUSEADDR on X11 forwarding listner sockets, preventing | |
4538 | bind() failure when a previous connection's listeners are in TIME_WAIT, | |
4539 | reported by plattner AT inf.ethz.ch; ok dtucker@ | |
4540 | - stevesk@cvs.openbsd.org 2005/10/13 14:03:01 | |
4541 | [auth2-gss.c gss-genr.c gss-serv.c] | |
4542 | remove unneeded #includes; ok markus@ | |
4543 | - stevesk@cvs.openbsd.org 2005/10/13 14:20:37 | |
4544 | [gss-serv.c] | |
4545 | spelling in comments | |
4546 | - stevesk@cvs.openbsd.org 2005/10/13 19:08:08 | |
4547 | [gss-serv-krb5.c gss-serv.c] | |
4548 | unused declarations; ok deraadt@ | |
4549 | (id sync only for gss-serv-krb5.c) | |
4550 | - stevesk@cvs.openbsd.org 2005/10/13 19:13:41 | |
4551 | [dns.c] | |
4552 | unneeded #include, unused declaration, little knf; ok deraadt@ | |
4553 | - stevesk@cvs.openbsd.org 2005/10/13 22:24:31 | |
4554 | [auth2-gss.c gss-genr.c gss-serv.c monitor.c] | |
4555 | KNF; ok djm@ | |
4556 | - stevesk@cvs.openbsd.org 2005/10/14 02:17:59 | |
4557 | [ssh-keygen.c ssh.c sshconnect2.c] | |
4558 | no trailing "\n" for log functions; ok djm@ | |
4559 | - stevesk@cvs.openbsd.org 2005/10/14 02:29:37 | |
4560 | [channels.c clientloop.c] | |
4561 | free()->xfree(); ok djm@ | |
4562 | - stevesk@cvs.openbsd.org 2005/10/15 15:28:12 | |
4563 | [sshconnect.c] | |
4564 | make external definition static; ok deraadt@ | |
4565 | - stevesk@cvs.openbsd.org 2005/10/17 13:45:05 | |
4566 | [dns.c] | |
4567 | fix memory leaks from 2 sources: | |
4568 | 1) key_fingerprint_raw() | |
4569 | 2) malloc in dns_read_rdata() | |
4570 | ok jakob@ | |
4571 | - stevesk@cvs.openbsd.org 2005/10/17 14:01:28 | |
4572 | [dns.c] | |
4573 | remove #ifdef LWRES; ok jakob@ | |
4574 | - stevesk@cvs.openbsd.org 2005/10/17 14:13:35 | |
4575 | [dns.c dns.h] | |
4576 | more cleanups; ok jakob@ | |
4577 | - djm@cvs.openbsd.org 2005/10/30 01:23:19 | |
4578 | [ssh_config.5] | |
4579 | mention control socket fallback behaviour, reported by | |
4580 | tryponraj AT gmail.com | |
4581 | - djm@cvs.openbsd.org 2005/10/30 04:01:03 | |
4582 | [ssh-keyscan.c] | |
4583 | make ssh-keygen discard junk from server before SSH- ident, spotted by | |
4584 | dave AT cirt.net; ok dtucker@ | |
4585 | - djm@cvs.openbsd.org 2005/10/30 04:03:24 | |
4586 | [ssh.c] | |
4587 | fix misleading debug message; ok dtucker@ | |
4588 | - dtucker@cvs.openbsd.org 2005/10/30 08:29:29 | |
4589 | [canohost.c sshd.c] | |
4590 | Check for connections with IP options earlier and drop silently. ok djm@ | |
4591 | - jmc@cvs.openbsd.org 2005/10/30 08:43:47 | |
4592 | [ssh_config.5] | |
4593 | remove trailing whitespace; | |
4594 | - djm@cvs.openbsd.org 2005/10/30 08:52:18 | |
4595 | [clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c] | |
4596 | [ssh.c sshconnect.c sshconnect1.c sshd.c] | |
4597 | no need to escape single quotes in comments, no binary change | |
4598 | - dtucker@cvs.openbsd.org 2005/10/31 06:15:04 | |
4599 | [sftp.c] | |
4600 | Fix sorting with "ls -1" command. From Robert Tsai, "looks right" deraadt@ | |
4601 | - djm@cvs.openbsd.org 2005/10/31 11:12:49 | |
4602 | [ssh-keygen.1 ssh-keygen.c] | |
4603 | generate a protocol 2 RSA key by default | |
4604 | - djm@cvs.openbsd.org 2005/10/31 11:48:29 | |
4605 | [serverloop.c] | |
4606 | make sure we clean up wtmp, etc. file when we receive a SIGTERM, | |
4607 | SIGINT or SIGQUIT when running without privilege separation (the | |
4608 | normal privsep case is already OK). Patch mainly by dtucker@ and | |
4609 | senthilkumar_sen AT hotpop.com; ok dtucker@ | |
4610 | - jmc@cvs.openbsd.org 2005/10/31 19:55:25 | |
4611 | [ssh-keygen.1] | |
4612 | grammar; | |
4613 | - dtucker@cvs.openbsd.org 2005/11/03 13:38:29 | |
4614 | [canohost.c] | |
4615 | Cache reverse lookups with and without DNS separately; ok markus@ | |
4616 | - djm@cvs.openbsd.org 2005/11/04 05:15:59 | |
4617 | [kex.c kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c] | |
4618 | remove hardcoded hash lengths in key exchange code, allowing | |
4619 | implementation of KEX methods with different hashes (e.g. SHA-256); | |
4620 | ok markus@ dtucker@ stevesk@ | |
4621 | - djm@cvs.openbsd.org 2005/11/05 05:01:15 | |
4622 | [bufaux.c] | |
4623 | Fix leaks in error paths, bz #1109 and #1110 reported by kremenek AT | |
4624 | cs.stanford.edu; ok dtucker@ | |
4625 | - (dtucker) [README.platform] Add PAM section. | |
4626 | - (djm) [openbsd-compat/getrrsetbyname.c] Sync to latest OpenBSD version, | |
4627 | resolving memory leak bz#1111 reported by kremenek AT cs.stanford.edu; | |
4628 | ok dtucker@ | |
4629 | ||
4630 | 20051102 | |
4631 | - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). | |
4632 | Reported by olavi at ipunplugged.com and antoine.brodin at laposte.net | |
4633 | via FreeBSD. | |
4634 | ||
4635 | 20051030 | |
4636 | - (djm) [contrib/suse/openssh.spec contrib/suse/rc. | |
4637 | sshd contrib/suse/sysconfig.ssh] Bug #1106: Updated SuSE spec and init | |
4638 | files from imorgan AT nas.nasa.gov | |
4639 | - (dtucker) [session.c] Bug #1045do not check /etc/nologin when PAM is | |
4640 | enabled, instead allow PAM to handle it. Note that on platforms using PAM, | |
4641 | the pam_nologin module should be added to sshd's session stack in order to | |
4642 | maintain exising behaviour. Based on patch and discussion from t8m at | |
4643 | centrum.cz, ok djm@ | |
4644 | ||
4645 | 20051025 | |
4646 | - (dtucker) [configure.ac] Relocate LLONG_MAX calculation to after the | |
4647 | sizeof(long long) checks, to make fixing bug #1104 easier (no changes | |
4648 | yet). | |
4649 | - (dtucker) [configure.ac] Bug #1104: Tru64's printf family doesn't | |
4650 | understand "%lld", even though the compiler has "long long", so handle | |
4651 | it as a special case. Patch tested by mcaskill.scott at epa.gov. | |
4652 | - (dtucker) [contrib/cygwin/ssh-user-config] Remove duplicate yes/no | |
4653 | prompt. Patch from vinschen at redhat.com. | |
4654 | ||
4655 | 20051017 | |
4656 | - (dtucker) [configure.ac] Bug #1097: Fix configure for cross-compiling. | |
4657 | /etc/default/login report and testing from aabaker at iee.org, corrections | |
4658 | from tim@. | |
4659 | ||
4660 | 20051009 | |
4661 | - (dtucker) [configure.ac defines.h openbsd-compat/vis.{c,h}] Sync current | |
4662 | versions from OpenBSD. ok djm@ | |
4663 | ||
4664 | 20051008 | |
4665 | - (dtucker) [configure.ac] Bug #1098: define $MAIL for HP-UX; report from | |
4666 | brian.smith at agilent com. | |
4667 | - (djm) [configure.ac] missing 'test' call for -with-Werror test | |
4668 | ||
4669 | 20051005 | |
4670 | - (dtucker) [configure.ac sshd.8] Enable locked account check (a prepended | |
4671 | "*LOCKED*" string) for FreeBSD. Patch jeremie at le-hen.org and | |
4672 | senthilkumar_sen at hotpop.com. | |
4673 | ||
4674 | 20051003 | |
4675 | - (dtucker) OpenBSD CVS Sync | |
4676 | - markus@cvs.openbsd.org 2005/09/07 08:53:53 | |
4677 | [channels.c] | |
4678 | enforce chanid != NULL; ok djm | |
4679 | - markus@cvs.openbsd.org 2005/09/09 19:18:05 | |
4680 | [clientloop.c] | |
4681 | typo; from mark at mcs.vuw.ac.nz, bug #1082 | |
4682 | - djm@cvs.openbsd.org 2005/09/13 23:40:07 | |
4683 | [sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c | |
4684 | scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c] | |
4685 | ensure that stdio fds are attached; ok deraadt@ | |
4686 | - djm@cvs.openbsd.org 2005/09/19 11:37:34 | |
4687 | [ssh_config.5 ssh.1] | |
4688 | mention ability to specify bind_address for DynamicForward and -D options; | |
4689 | bz#1077 spotted by Haruyama Seigo | |
4690 | - djm@cvs.openbsd.org 2005/09/19 11:47:09 | |
4691 | [sshd.c] | |
4692 | stop connection abort on rekey with delayed compression enabled when | |
4693 | post-auth privsep is disabled (e.g. when root is logged in); ok dtucker@ | |
4694 | - djm@cvs.openbsd.org 2005/09/19 11:48:10 | |
4695 | [gss-serv.c] | |
4696 | typo | |
4697 | - jmc@cvs.openbsd.org 2005/09/19 15:38:27 | |
4698 | [ssh.1] | |
4699 | some more .Bk/.Ek to avoid ugly line split; | |
4700 | - jmc@cvs.openbsd.org 2005/09/19 15:42:44 | |
4701 | [ssh.c] | |
4702 | update -D usage here too; | |
4703 | - djm@cvs.openbsd.org 2005/09/19 23:31:31 | |
4704 | [ssh.1] | |
4705 | spelling nit from stevesk@ | |
4706 | - djm@cvs.openbsd.org 2005/09/21 23:36:54 | |
4707 | [sshd_config.5] | |
4708 | aquire -> acquire, from stevesk@ | |
4709 | - djm@cvs.openbsd.org 2005/09/21 23:37:11 | |
4710 | [sshd.c] | |
4711 | change label at markus@'s request | |
4712 | - jaredy@cvs.openbsd.org 2005/09/30 20:34:26 | |
4713 | [ssh-keyscan.1] | |
4714 | deploy .An -nosplit; ok jmc | |
4715 | - dtucker@cvs.openbsd.org 2005/10/03 07:44:42 | |
4716 | [canohost.c] | |
4717 | Relocate check_ip_options call to prevent logging of garbage for | |
4718 | connections with IP options set. bz#1092 from David Leonard, | |
4719 | "looks good" deraadt@ | |
4720 | - (dtucker) [regress/README.regress] Bug #989: Document limitation that scp | |
4721 | is required in the system path for the multiplex test to work. | |
4722 | ||
4723 | 20050930 | |
4724 | - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype | |
4725 | for strtoll. Patch from o.flebbe at science-computing.de. | |
4726 | - (dtucker) [monitor.c] Bug #1087: Send loginmsg to preauth privsep | |
4727 | child during PAM account check without clearing it. This restores the | |
4728 | post-login warnings such as LDAP password expiry. Patch from Tomas Mraz | |
4729 | with help from several others. | |
4730 | ||
4731 | 20050929 | |
4732 | - (dtucker) [monitor_wrap.c] Remove duplicate definition of loginmsg | |
4733 | introduced during sync. | |
4734 | ||
4735 | 20050928 | |
4736 | - (dtucker) [entropy.c] Use u_char for receiving RNG seed for consistency. | |
4737 | - (dtucker) [auth-pam.c] Bug #1028: send final non-query messages from | |
4738 | PAM via keyboard-interactive. Patch tested by the folks at Vintela. | |
4739 | ||
4740 | 20050927 | |
4741 | - (dtucker) [entropy.c] Remove unnecessary tests for getuid and geteuid | |
4742 | calls, since they can't possibly fail. ok djm@ | |
4743 | - (dtucker) [entropy.c entropy.h sshd.c] Pass RNG seed to the reexec'ed | |
4744 | process when sshd relies on ssh-random-helper. Should result in faster | |
4745 | logins on systems without a real random device or prngd. ok djm@ | |
4746 | ||
4747 | 20050924 | |
4748 | - (dtucker) [auth2.c] Move start_pam() calls out of if-else block to remove | |
4749 | duplicate call. ok djm@ | |
4750 | ||
4751 | 20050922 | |
4752 | - (dtucker) [configure.ac] Use -R linker flag for libedit too; patch from | |
4753 | skeleten at shillest.net. | |
4754 | - (dtucker) [configure.ac] Fix help for --with-opensc; patch from skeleten at | |
4755 | shillest.net. | |
4756 | ||
4757 | 20050919 | |
4758 | - (tim) [aclocal.m4 configure.ac] Delete acconfig.h and add templates to | |
4759 | AC_DEFINE and AC_DEFINE_UNQUOTED to quiet autoconf 2.59 warning messages. | |
4760 | ok dtucker@ | |
4761 | ||
4762 | 20050912 | |
4763 | - (tim) [configure.ac] Bug 1078. Fix --without-kerberos5. Reported by | |
4764 | Mike Frysinger. | |
4765 | ||
4766 | 20050908 | |
4767 | - (tim) [defines.h openbsd-compat/port-uw.c] Add long password support to | |
4768 | OpenServer 6 and add osr5bigcrypt support so when someone migrates | |
4769 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ | |
4770 | ||
4771 | $Id$ |