dtucker [Sat, 12 Nov 2005 10:30:07 +0000 (10:30 +0000)]
- (dtucker) [regress/reconfigure.sh] Fix potential race in the reconfigure
test: if sshd takes too long to reconfigure the subsequent connection will
fail. Zap pidfile before HUPing sshd which will rewrite it when it's ready.
dtucker [Thu, 10 Nov 2005 05:18:56 +0000 (05:18 +0000)]
- (dtucker) [openbsd-compat/{LOTS}] Move the "OPENBSD ORIGINAL" markers to
after the copyright notices. Having them at the top next to the CVSIDs
guarantees a conflict for each and every sync.
dtucker [Wed, 9 Nov 2005 23:10:10 +0000 (23:10 +0000)]
- (dtucker) [openbsd-compat/getenv.c] Merge changes for __findenv from
OpenBSD getenv.c revs 1.4 - 1.8 (ANSIfication of arguments, removal of
"register").
djm [Sat, 5 Nov 2005 05:56:52 +0000 (05:56 +0000)]
- (djm) [openbsd-compat/getrrsetbyname.c] Sync to latest OpenBSD version,
resolving memory leak bz#1111 reported by kremenek AT cs.stanford.edu;
ok dtucker@
djm [Sat, 5 Nov 2005 04:16:12 +0000 (04:16 +0000)]
- djm@cvs.openbsd.org 2005/10/31 11:48:29
[serverloop.c]
make sure we clean up wtmp, etc. file when we receive a SIGTERM,
SIGINT or SIGQUIT when running without privilege separation (the
normal privsep case is already OK). Patch mainly by dtucker@ and
senthilkumar_sen AT hotpop.com; ok dtucker@
djm [Sat, 5 Nov 2005 04:14:59 +0000 (04:14 +0000)]
- djm@cvs.openbsd.org 2005/10/30 08:52:18
[clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c]
[ssh.c sshconnect.c sshconnect1.c sshd.c]
no need to escape single quotes in comments, no binary change
djm [Sat, 5 Nov 2005 04:12:28 +0000 (04:12 +0000)]
- djm@cvs.openbsd.org 2005/10/30 04:01:03
[ssh-keyscan.c]
make ssh-keygen discard junk from server before SSH- ident, spotted by
dave AT cirt.net; ok dtucker@
djm [Sat, 5 Nov 2005 03:53:39 +0000 (03:53 +0000)]
- djm@cvs.openbsd.org 2005/10/11 23:37:37
[channels.c]
bz #1076 set SO_REUSEADDR on X11 forwarding listner sockets, preventing
bind() failure when a previous connection's listeners are in TIME_WAIT,
reported by plattner AT inf.ethz.ch; ok dtucker@
djm [Sat, 5 Nov 2005 03:52:50 +0000 (03:52 +0000)]
- djm@cvs.openbsd.org 2005/10/10 10:23:08
[channels.c channels.h clientloop.c serverloop.c session.c]
fix regression I introduced in 4.2: X11 forwardings initiated after
a session has exited (e.g. "(sleep 5; xterm) &") would not start.
bz #1086 reported by t8m AT centrum.cz; ok markus@ dtucker@
djm [Sat, 5 Nov 2005 03:52:18 +0000 (03:52 +0000)]
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2005/10/07 11:13:57
[ssh-keygen.c]
change DSA default back to 1024, as it's defined for 1024 bits only
and this causes interop problems with other clients. moreover,
in order to improve the security of DSA you need to change more
components of DSA key generation (e.g. the internal SHA1 hash);
ok deraadt
dtucker [Tue, 1 Nov 2005 22:07:31 +0000 (22:07 +0000)]
- (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup().
Reported by olavi at ipunplugged.com and antoine.brodin at laposte.net
via FreeBSD.
dtucker [Sun, 30 Oct 2005 04:31:55 +0000 (04:31 +0000)]
- (dtucker) [session.c] Bug #1045do not check /etc/nologin when PAM is
enabled, instead allow PAM to handle it. Note that on platforms using PAM,
the pam_nologin module should be added to sshd's session stack in order to
maintain exising behaviour. Based on patch and discussion from t8m at
centrum.cz, ok djm@
dtucker [Tue, 25 Oct 2005 08:52:31 +0000 (08:52 +0000)]
- (dtucker) [configure.ac] Bug #1104: Tru64's printf family doesn't
understand "%lld", even though the compiler has "long long", so handle
it as a special case. Patch tested by mcaskill.scott at epa.gov.
dtucker [Mon, 17 Oct 2005 13:29:23 +0000 (13:29 +0000)]
- (dtucker) [configure.ac] Bug #1097: Fix configure for cross-compiling.
/etc/default/login report and testing from aabaker at iee.org, corrections
from tim@.
dtucker [Wed, 5 Oct 2005 13:02:16 +0000 (13:02 +0000)]
- (dtucker) [configure.ac sshd.8] Enable locked account check (a prepended
"*LOCKED*" string) for FreeBSD. Patch jeremie at le-hen.org and
senthilkumar_sen at hotpop.com.
dtucker [Mon, 3 Oct 2005 08:23:44 +0000 (08:23 +0000)]
- dtucker@cvs.openbsd.org 2005/10/03 07:44:42
[canohost.c]
Relocate check_ip_options call to prevent logging of garbage for
connections with IP options set. bz#1092 from David Leonard,
"looks good" deraadt@
dtucker [Mon, 3 Oct 2005 08:16:02 +0000 (08:16 +0000)]
- djm@cvs.openbsd.org 2005/09/19 11:47:09
[sshd.c]
stop connection abort on rekey with delayed compression enabled when
post-auth privsep is disabled (e.g. when root is logged in); ok dtucker@
- (dtucker) [monitor.c] Bug #1087: Send loginmsg to preauth privsep
child during PAM account check without clearing it. This restores the
post-login warnings such as LDAP password expiry. Patch from Tomas Mraz
with help from several others.