tim [Mon, 31 May 2004 04:38:51 +0000 (04:38 +0000)]
- (tim) [configure.ac Makefile.in] Add support for "make package" ok djm@
- (tim) [buildpkg.sh.in] New file. A more flexible version of
contrib/solaris/buildpkg.sh used for "make package".
dtucker [Sun, 30 May 2004 12:04:56 +0000 (12:04 +0000)]
- (dtucker) [auth-pam.c] Use an invalid password for root if
PermitRootLogin != yes or the login is invalid, to prevent leaking
information. Based on Openwall's owl-always-auth patch. ok djm@
dtucker [Wed, 26 May 2004 23:59:31 +0000 (23:59 +0000)]
- (dtucker) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec
contrib/README CREDITS INSTALL] Bug #873: Correct URLs for x11-ssh-askpass
and Jim Knoble's email address , from Jim himself.
dtucker [Mon, 24 May 2004 01:55:36 +0000 (01:55 +0000)]
- (dtucker) [auth-pam.c] Bug #839: Ensure that pam authentication "thread"
is terminated if the privsep slave exits during keyboard-interactive
authentication. ok djm@
dtucker [Mon, 24 May 2004 00:18:05 +0000 (00:18 +0000)]
- djm@cvs.openbsd.org 2004/05/21 11:33:11
[channels.c channels.h clientloop.c serverloop.c ssh.1]
bz #756: add support for the cancel-tcpip-forward request for the server and
the client (through the ~C commandline). reported by z3p AT twistedmatrix.com;
ok markus@
dtucker [Mon, 24 May 2004 00:12:19 +0000 (00:12 +0000)]
- djm@cvs.openbsd.org 2004/05/19 12:17:33
[sftp-client.c sftp.c]
gracefully abort transfers on receipt of SIGINT, also ignore SIGINT while
waiting for a command; ok markus@
dtucker [Thu, 13 May 2004 01:56:16 +0000 (01:56 +0000)]
- (dtucker) [configure.ac] Bug #867: Additional tests for res_query in
libresolv, fixes problems detecting it on some platforms
(eg Linux/x86-64). From Kurt Roeckx via Debian, ok mouring@
dtucker [Sun, 2 May 2004 12:11:30 +0000 (12:11 +0000)]
- djm@cvs.openbsd.org 2004/04/27 09:46:37
[readconf.c readconf.h servconf.c servconf.h session.c session.h ssh.c
ssh_config.5 sshd_config.5]
bz #815: implement ability to pass specified environment variables from
the client to the server; ok markus@
dtucker [Sun, 2 May 2004 12:09:00 +0000 (12:09 +0000)]
- djm@cvs.openbsd.org 2004/04/22 11:56:57
[moduli.c]
Bugzilla #850: Sophie Germain is the correct name of the French
mathematician, "Sophie Germaine" isn't; from Luc.Maisonobe@c-s.fr
- (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Declare h_errno
as extern int if not already declared. Fixes compile errors on old SCO
platforms. ok tim@
- djm@cvs.openbsd.org 2004/04/18 23:10:26
[readconf.c readconf.h ssh-keysign.c ssh.c]
perform strict ownership and modes checks for ~/.ssh/config files,
as these can be used to execute arbitrary programs; ok markus@
NB. ssh will now exit when it detects a config with poor permissions
- (djm) OpenBSD CVS Sync
- henning@cvs.openbsd.org 2004/04/08 16:08:21
[sshconnect2.c]
swap the last two parameters to TAILQ_FOREACH_REVERSE. matches what FreeBSD and NetBSD do.
ok millert@ mcbride@ markus@ ho@, checked to not affect ports by naddy@
- (djm) [openbsd-compat/bsd-cygwin_util.c] Recent versions of Cygwin allow
change of user context without a password, so relax auth method
restrictions; from vinschen AT redhat.com; ok dtucker@
- (djm) [auth-krb5.c auth.h session.c] Explicitly refer to Kerberos ccache
file using FILE: method, fixes problems on Mac OSX.
Patch from simon@sxw.org.uk; ok dtucker@
- (bal) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] Check to see
if Krb5 library exports krb5_init_etc() since some OSes (like MacOS/X)
are starting to restrict it as internal since it is not needed by
developers any more. (Patch based on Apple tree)
- (bal) [monitor.c monitor_wrap.c] monitor_wrap.c] moved zlib.h higher since
krb5 on MacOS/X conflicts. There may be a better solution, but this will
work for now.
djm [Mon, 8 Mar 2004 12:12:02 +0000 (12:12 +0000)]
- djm@cvs.openbsd.org 2004/03/03 09:30:42
[sftp-client.c]
Don't print duplicate messages when progressmeter is off
Spotted by job317 AT mailvault.com; ok markus@
dtucker [Mon, 8 Mar 2004 12:04:06 +0000 (12:04 +0000)]
- (dtucker) [auth-pam.c auth-pam.h auth1.c auth2.c monitor.c monitor_wrap.c
monitor_wrap.h] Bug #808: Ensure force_pwchange is correctly initialized
even if keyboard-interactive is not used by the client. Prevents segfaults
in some cases where the user's password is expired (note this is not
considered a security exposure). ok djm@
dtucker [Mon, 8 Mar 2004 11:59:03 +0000 (11:59 +0000)]
- (dtucker) [configure.ac sshd.c openbsd-compat/bsd-misc.h
openbsd-compat/setenv.c] Unset KRB5CCNAME on AIX to prevent it from being
inherited by the child. ok djm@