dtucker [Mon, 28 Nov 2005 06:05:40 +0000 (06:05 +0000)]
- dtucker@cvs.openbsd.org 2005/11/28 06:02:56
[ssh-agent.1]
Update agent socket path templates to reflect reality, correct xref for
time formats. bz#1121, patch from openssh at roumenpetrov.info, ok djm@
dtucker [Mon, 28 Nov 2005 05:41:46 +0000 (05:41 +0000)]
[ssh-keygen.1 ssh-keygen.c]
Enforce DSA key length of exactly 1024 bits to comply with FIPS-186-2,
increase minumum RSA key size to 768 bits and update man page to reflect
these. Patch originally bz#1119 (senthilkumar_sen at hotpop.com),
ok djm@, grudging ok deraadt@.
dtucker [Sat, 26 Nov 2005 11:24:09 +0000 (11:24 +0000)]
- (dtucker) [configure.ac] Bug #1126: AIX 5.2 and 5.3 (and presumably newer,
when they're available) need the real UID set otherwise pam_chauthtok will
set ADMCHG after changing the password, forcing the user to change it
again immediately.
dtucker [Fri, 25 Nov 2005 03:44:55 +0000 (03:44 +0000)]
- (dtucker) [progressmeter.c scp.c sftp-server.c] Use correct casts for
snprintf formats, fixes warnings on some 64 bit platforms. Patch from
shaw at vranix.com, ok djm@
dtucker [Fri, 25 Nov 2005 02:14:58 +0000 (02:14 +0000)]
- (dtucker) [configure.ac] Apply tim's fix for older systems where the
resolver state in resolv.h is "state" not "__res_state". With slight
modification by me to also work on old AIXes. ok djm@
djm [Thu, 24 Nov 2005 08:58:19 +0000 (08:58 +0000)]
- (djm) [configure.ac openbsd-compat/Makefile.in openbsd-compat/bsd-asprintf.c
openbsd-compat/bsd-snprintf.c openbsd-compat/openbsd-compat.h] Add an
asprintf() implementation, after syncing our {v,}snprintf() implementation
with some extra fixes from Samba's version. With help and debugging from
dtucker and tim; ok dtucker@
dtucker [Tue, 22 Nov 2005 08:42:42 +0000 (08:42 +0000)]
- dtucker@cvs.openbsd.org 2005/11/21 09:42:10
[auth-krb5.c]
Perform Kerberos calls even for invalid users to prevent leaking
information about account validity. bz #975, patch originally from
Senthil Kumar, sanity checked by Simon Wilkinson, tested by djm@, biorn@,
ok markus@
dtucker [Tue, 22 Nov 2005 08:41:33 +0000 (08:41 +0000)]
- millert@cvs.openbsd.org 2005/11/15 11:59:54
[includes.h]
Include sys/queue.h explicitly instead of assuming some other header
will pull it in. At the moment it gets pulled in by sys/select.h
(which ssh has no business including) via event.h. OK markus@
(ID sync only in -portable)
dtucker [Sat, 12 Nov 2005 10:30:07 +0000 (10:30 +0000)]
- (dtucker) [regress/reconfigure.sh] Fix potential race in the reconfigure
test: if sshd takes too long to reconfigure the subsequent connection will
fail. Zap pidfile before HUPing sshd which will rewrite it when it's ready.
dtucker [Thu, 10 Nov 2005 05:18:56 +0000 (05:18 +0000)]
- (dtucker) [openbsd-compat/{LOTS}] Move the "OPENBSD ORIGINAL" markers to
after the copyright notices. Having them at the top next to the CVSIDs
guarantees a conflict for each and every sync.
dtucker [Wed, 9 Nov 2005 23:10:10 +0000 (23:10 +0000)]
- (dtucker) [openbsd-compat/getenv.c] Merge changes for __findenv from
OpenBSD getenv.c revs 1.4 - 1.8 (ANSIfication of arguments, removal of
"register").
djm [Sat, 5 Nov 2005 05:56:52 +0000 (05:56 +0000)]
- (djm) [openbsd-compat/getrrsetbyname.c] Sync to latest OpenBSD version,
resolving memory leak bz#1111 reported by kremenek AT cs.stanford.edu;
ok dtucker@
djm [Sat, 5 Nov 2005 04:16:12 +0000 (04:16 +0000)]
- djm@cvs.openbsd.org 2005/10/31 11:48:29
[serverloop.c]
make sure we clean up wtmp, etc. file when we receive a SIGTERM,
SIGINT or SIGQUIT when running without privilege separation (the
normal privsep case is already OK). Patch mainly by dtucker@ and
senthilkumar_sen AT hotpop.com; ok dtucker@
djm [Sat, 5 Nov 2005 04:14:59 +0000 (04:14 +0000)]
- djm@cvs.openbsd.org 2005/10/30 08:52:18
[clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c]
[ssh.c sshconnect.c sshconnect1.c sshd.c]
no need to escape single quotes in comments, no binary change
djm [Sat, 5 Nov 2005 04:12:28 +0000 (04:12 +0000)]
- djm@cvs.openbsd.org 2005/10/30 04:01:03
[ssh-keyscan.c]
make ssh-keygen discard junk from server before SSH- ident, spotted by
dave AT cirt.net; ok dtucker@
djm [Sat, 5 Nov 2005 03:53:39 +0000 (03:53 +0000)]
- djm@cvs.openbsd.org 2005/10/11 23:37:37
[channels.c]
bz #1076 set SO_REUSEADDR on X11 forwarding listner sockets, preventing
bind() failure when a previous connection's listeners are in TIME_WAIT,
reported by plattner AT inf.ethz.ch; ok dtucker@
djm [Sat, 5 Nov 2005 03:52:50 +0000 (03:52 +0000)]
- djm@cvs.openbsd.org 2005/10/10 10:23:08
[channels.c channels.h clientloop.c serverloop.c session.c]
fix regression I introduced in 4.2: X11 forwardings initiated after
a session has exited (e.g. "(sleep 5; xterm) &") would not start.
bz #1086 reported by t8m AT centrum.cz; ok markus@ dtucker@
djm [Sat, 5 Nov 2005 03:52:18 +0000 (03:52 +0000)]
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2005/10/07 11:13:57
[ssh-keygen.c]
change DSA default back to 1024, as it's defined for 1024 bits only
and this causes interop problems with other clients. moreover,
in order to improve the security of DSA you need to change more
components of DSA key generation (e.g. the internal SHA1 hash);
ok deraadt
dtucker [Tue, 1 Nov 2005 22:07:31 +0000 (22:07 +0000)]
- (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup().
Reported by olavi at ipunplugged.com and antoine.brodin at laposte.net
via FreeBSD.
dtucker [Sun, 30 Oct 2005 04:31:55 +0000 (04:31 +0000)]
- (dtucker) [session.c] Bug #1045do not check /etc/nologin when PAM is
enabled, instead allow PAM to handle it. Note that on platforms using PAM,
the pam_nologin module should be added to sshd's session stack in order to
maintain exising behaviour. Based on patch and discussion from t8m at
centrum.cz, ok djm@
dtucker [Tue, 25 Oct 2005 08:52:31 +0000 (08:52 +0000)]
- (dtucker) [configure.ac] Bug #1104: Tru64's printf family doesn't
understand "%lld", even though the compiler has "long long", so handle
it as a special case. Patch tested by mcaskill.scott at epa.gov.