dtucker [Thu, 31 Mar 2005 11:31:10 +0000 (11:31 +0000)]
- jmc@cvs.openbsd.org 2005/03/16 11:10:38
[ssh_config.5]
get the syntax right for {Local,Remote}Forward;
based on a diff from markus;
problem report from ponraj;
ok dtucker@ markus@ deraadt@
dtucker [Tue, 29 Mar 2005 13:24:12 +0000 (13:24 +0000)]
- (dtucker) [contrib/aix/buildbff.sh] Bug #1005: Look up only the user we're
interested in which is much faster in large (eg LDAP or NIS) environments.
Patch from dleonard at vintela.com.
dtucker [Sun, 20 Mar 2005 22:58:07 +0000 (22:58 +0000)]
- (dtucker) [configure.ac] Make configure error out if the user specifies
--with-libedit but the required libs can't be found, rather than silently
ignoring and continuing. ok tim@
dtucker [Sun, 20 Mar 2005 22:55:17 +0000 (22:55 +0000)]
- (dtucker) [configure.ac] Prevent configure --with-zlib from adding -Iyes
and -Lyes to CFLAGS and LIBS. Pointed out by peter at slagheap.net,
with & ok tim@
dtucker [Mon, 14 Mar 2005 12:17:27 +0000 (12:17 +0000)]
- dtucker@cvs.openbsd.org 2005/03/14 11:44:42
[auth.c]
Populate host for log message for logins denied by AllowUsers and
DenyUsers (bz #999); ok markus@
dtucker [Mon, 14 Mar 2005 12:02:46 +0000 (12:02 +0000)]
20050312
- (dtucker) [regress/test-exec.sh] DEBUG can cause problems where debug
output ends up in the client's output, causing regress failures. Found
by Corinna Vinschen.
(got 4.0 branch and HEAD slightly askew, this is to resync)
dtucker [Mon, 14 Mar 2005 11:58:40 +0000 (11:58 +0000)]
- dtucker@cvs.openbsd.org 2005/03/10 10:15:02
[readconf.c]
Check listen addresses for null, prevents xfree from dying during
ClearAllForwardings (bz #996). From Craig Leres, ok markus@
dtucker [Sun, 13 Mar 2005 10:20:18 +0000 (10:20 +0000)]
- (dtucker) [contrib/cygwin/ssh-host-config] Makes the query for the
localized name of the local administrators group more reliable. From
vinschen at redhat.com.
dtucker [Mon, 7 Mar 2005 07:33:02 +0000 (07:33 +0000)]
- dtucker@cvs.openbsd.org 2005/02/27 11:33:30
[multiplex.sh test-exec.sh sshd-log-wrapper.sh]
Add optional capability to log output from regress commands; ok markus@
Use with: make TEST_SSH_LOGFILE=/tmp/regress.log
djm [Wed, 2 Mar 2005 01:05:06 +0000 (01:05 +0000)]
- jmc@cvs.openbsd.org 2005/03/01 18:15:56
[ssh-keygen.1]
sort options (no attempt made at synopsis clean up though);
spelling (occurance -> occurrence);
use prompt before examples;
grammar;
djm [Tue, 1 Mar 2005 10:48:35 +0000 (10:48 +0000)]
- djm@cvs.openbsd.org 2005/03/01 10:42:49
[ssh-keygen.1 ssh-keygen.c ssh_config.5]
add tools for managing known_hosts files with hashed hostnames, including
hashing existing files and deleting hosts by name; ok markus@ deraadt@
djm [Tue, 1 Mar 2005 10:47:37 +0000 (10:47 +0000)]
- djm@cvs.openbsd.org 2005/03/01 10:40:27
[hostfile.c hostfile.h readconf.c readconf.h ssh.1 ssh_config.5]
[sshconnect.c sshd.8]
add support for hashing host names and addresses added to known_hosts
files, to improve privacy of which hosts user have been visiting; ok
markus@ deraadt@
djm [Tue, 1 Mar 2005 10:24:33 +0000 (10:24 +0000)]
- djm@cvs.openbsd.org 2005/03/01 10:09:52
[auth-options.c channels.c channels.h clientloop.c compat.c compat.h]
[misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5]
[sshd_config.5]
bz#413: allow optional specification of bind address for port forwardings.
Patch originally by Dan Astorian, but worked on by several people
Adds GatewayPorts=clientspecified option on server to allow remote
forwards to bind to client-specified ports.
djm [Tue, 1 Mar 2005 10:17:31 +0000 (10:17 +0000)]
- djm@cvs.openbsd.org 2005/02/28 00:54:10
[ssh_config.5]
bz#849: document timeout on untrusted x11 forwarding sessions. Reported by
orion AT cora.nwra.com; ok markus@
dtucker [Fri, 25 Feb 2005 23:12:38 +0000 (23:12 +0000)]
- (dtucker) [Makefile.in] Add a install-nosysconf target for installing the
binaries without the config files. Primarily useful for packaging.
Patch from phil at usc.edu. ok djm@
dtucker [Fri, 25 Feb 2005 23:07:37 +0000 (23:07 +0000)]
- (dtucker) [acconfig.h configure.ac openbsd-compat/bsd-misc.{c,h}]
Remove SETGROUPS_NOOP, was only used by Cygwin, which doesn't need it any
more. Patch from vinschen at redhat.com.
dtucker [Sun, 20 Feb 2005 10:01:48 +0000 (10:01 +0000)]
- (dtucker) [LICENCE Makefile.in README.platform audit-bsm.c configure.ac
defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support. Configure
--with-audit=bsm to enable. Patch originally from Sun Microsystems,
parts by John R. Jackson. ok djm@
dtucker [Wed, 16 Feb 2005 05:47:37 +0000 (05:47 +0000)]
- (dtucker) [session.c] Bug #918: store credentials from gssapi-with-mic
authentication early enough to be available to PAM session modules when
privsep=yes. Patch from deengert at anl.gov, ok'ed in principle by Sam
Hartman and similar to Debian's ssh-krb5 package.
dtucker [Wed, 16 Feb 2005 05:19:17 +0000 (05:19 +0000)]
- (dtucker) [configure.ac] Bug #893: check for libresolv early on Reliant
Unix; prevents problems relating to the location of -lresolv in the
link order.
dtucker [Tue, 15 Feb 2005 10:45:57 +0000 (10:45 +0000)]
- (dtucker) [README.platform auth.c configure.ac loginrec.c
openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835: enable IPv6
on AIX where possible (see README.platform for details) and work around
a misfeature of AIX's getnameinfo. ok djm@
dtucker [Wed, 9 Feb 2005 11:17:28 +0000 (11:17 +0000)]
- (dtucker) [configure.ac session.c] Some platforms (eg some SCO) require
the username to be passed to the passwd command when changing expired
passwords. ok djm@
dtucker [Wed, 9 Feb 2005 06:08:23 +0000 (06:08 +0000)]
- (dtucker) [auth-passwd.c openbsd-compat/port-aix.c] Don't call
disable_forwarding() from compat library. Prevent linker errrors trying
to resolve it for binaries other than sshd. ok djm@
dtucker [Tue, 8 Feb 2005 22:46:47 +0000 (22:46 +0000)]
- dtucker@cvs.openbsd.org 2005/01/28 09:45:53
[ssh_config]
Make it clear that the example entries in ssh_config are only some of the
commonly-used options and refer the user to ssh_config(5) for more
details; ok djm@
dtucker [Tue, 8 Feb 2005 10:52:47 +0000 (10:52 +0000)]
- (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c
monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit
defines and enums with SSH_ to prevent namespace collisions on some
platforms (eg AIX).
dtucker [Tue, 8 Feb 2005 09:17:17 +0000 (09:17 +0000)]
- (dtucker) [regress/test-exec.sh] Bug #912: Set _POSIX2_VERSION for the
regress tests so newer versions of GNU head(1) behave themselves. Patch
by djm, so ok me.