dtucker [Sat, 18 Mar 2006 13:09:49 +0000 (13:09 +0000)]
- (dtucker) [openbsd-compat/bsd-snprintf.c] Bug #1173: make fmtint() take
a LLONG rather than a long. Fixes scp'ing of large files on platforms
with missing/broken snprintfs. Patch from e.borovac at bom.gov.au.
tim [Tue, 7 Feb 2006 23:18:54 +0000 (23:18 +0000)]
- (tim) [session.c] Logout records were not updated on systems with
post auth privsep disabled due to bug 1086 changes. Analysis and patch
by vinschen at redhat.com. OK tim@, dtucker@.
tim [Fri, 3 Feb 2006 03:16:11 +0000 (03:16 +0000)]
- (tim) [configure.ac] test for egrep (AC_PROG_EGREP) before first
AC_CHECK_HEADERS test. Without it, if AC_CHECK_HEADERS is first run
by a platform specific check, builtin standard includes tests will be
skipped on the other platforms.
Analysis and suggestion by vinschen at redhat.com, patch by dtucker@.
OK tim@, djm@.
djm [Wed, 1 Feb 2006 11:05:25 +0000 (11:05 +0000)]
- (djm) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2006/02/01 09:06:50
[sshd.8]
- merge sections on protocols 1 and 2 into a single section
- remove configuration file section
ok markus
djm [Wed, 1 Feb 2006 00:21:01 +0000 (00:21 +0000)]
- (djm) [regress/test-exec.sh] Try 'logname' as well as 'whoami' to
determine the user's login name - needed for regress tests on Solaris
10 and OpenSolaris
djm [Tue, 31 Jan 2006 11:03:11 +0000 (11:03 +0000)]
- dtucker@cvs.openbsd.org 2005/12/14 04:36:39
[regress/scp-ssh-wrapper.sh]
Fix assumption about how many args scp will pass; ok djm@
NB. ID sync only, we already had this
djm [Tue, 31 Jan 2006 11:02:16 +0000 (11:02 +0000)]
- grunk@cvs.openbsd.org 2005/11/14 21:25:56
[regress/agent-getpeereid.sh]
all other scripts in this dir use $SUDO, not 'sudo', so pull this even
ok markus@
djm [Tue, 31 Jan 2006 10:58:23 +0000 (10:58 +0000)]
- (djm) Sync regress tests to OpenBSD:
- dtucker@cvs.openbsd.org 2005/03/10 10:20:39
[regress/forwarding.sh]
Regress test for ClearAllForwardings (bz #994); ok markus@
djm [Tue, 31 Jan 2006 10:57:27 +0000 (10:57 +0000)]
- dtucker@cvs.openbsd.org 2005/04/25 09:54:09
[regress/multiplex.sh]
Don't call cleanup in multiplex as test-exec will cleanup anyway
found by tim@, ok djm@
NB. ID sync only, we already had this
djm [Tue, 31 Jan 2006 10:49:27 +0000 (10:49 +0000)]
- djm@cvs.openbsd.org 2006/01/31 10:19:02
[misc.c misc.h scp.c sftp.c]
fix local arbitrary command execution vulnerability on local/local and
remote/remote copies (CVE-2006-0225, bz #1094), patch by
t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
djm [Tue, 31 Jan 2006 10:47:15 +0000 (10:47 +0000)]
- reyk@cvs.openbsd.org 2006/01/30 12:22:22
[channels.c]
mark channel as write failed or dead instead of read failed on error
of the channel output filter.
ok markus@
djm [Tue, 31 Jan 2006 10:46:51 +0000 (10:46 +0000)]
- jmc@cvs.openbsd.org 2006/01/26 08:47:56
[ssh.1]
add a section on verifying host keys in dns;
written with a lot of help from jakob;
feedback dtucker/markus;
ok markus
dtucker [Fri, 20 Jan 2006 00:31:47 +0000 (00:31 +0000)]
- dtucker@cvs.openbsd.org 2006/01/20 00:14:55
[scp.1 ssh.1 ssh_config.5 sftp.1]
Document RekeyLimit. Based on patch from jan.iven at cern.ch from mindrot
#1056 with feedback from jmc, djm and markus; ok jmc@ djm@
djm [Fri, 13 Jan 2006 23:09:13 +0000 (23:09 +0000)]
- jmc@cvs.openbsd.org 2006/01/12 14:44:12
[ssh.1]
split sections on tcp and x11 forwarding into two sections.
add an example in the tcp section, based on sth i wrote for ssh faq;
help + ok: djm markus dtucker
dtucker [Mon, 9 Jan 2006 13:02:44 +0000 (13:02 +0000)]
- (dtucker) [contrib/cygwin/ssh-host-config] Make sshd service depend on
tcpip service so it's always started after IP is up. Patch from
vinschen at redhat.com.
djm [Fri, 6 Jan 2006 03:50:44 +0000 (03:50 +0000)]
- djm@cvs.openbsd.org 2006/01/05 23:43:53
[misc.c]
check that stdio file descriptors are actually closed before clobbering
them in sanitise_stdfd(). problems occurred when a lower numbered fd was
closed, but higher ones weren't. spotted by, and patch tested by
Frédéric Olivié
djm [Fri, 6 Jan 2006 03:48:18 +0000 (03:48 +0000)]
- jmc@cvs.openbsd.org 2006/01/03 16:31:10
[ssh.1]
move FILES to a -compact list, and make each files an item in that list.
this avoids nastly line wrap when we have long pathnames, and treats
each file as a separate item;
remove the .Pa too, since it is useless.
djm [Mon, 2 Jan 2006 12:41:21 +0000 (12:41 +0000)]
- reyk@cvs.openbsd.org 2006/01/02 07:53:44
[misc.c]
clarify tun(4) opening - set the mode and bring the interface up. also
(re)sets the tun(4) layer 2 LINK0 flag for existing tunnel interfaces.
suggested and ok by djm@
djm [Mon, 2 Jan 2006 12:38:00 +0000 (12:38 +0000)]
- (djm) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2005/12/31 10:46:17
[ssh.1]
merge the "LOGIN SESSION AND REMOTE EXECUTION" and "SERVER
AUTHENTICATION" sections into "AUTHENTICATION";
some rewording done to make the text read better, plus some
improvements from djm;
ok djm
djm [Sun, 1 Jan 2006 08:47:05 +0000 (08:47 +0000)]
- (djm) [Makefile.in configure.ac includes.h misc.c]
[openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Add support
for tunnel forwarding for FreeBSD and NetBSD. NetBSD's support is
limited to IPv4 tunnels only, and most versions don't support the
tap(4) device at all.
djm [Sat, 31 Dec 2005 05:22:55 +0000 (05:22 +0000)]
- jmc@cvs.openbsd.org 2005/12/30 16:59:00
[sftp.1]
do not suggest that interactive authentication will work
with the -b flag;
based on a diff from john l. scarfone;
ok djm
djm [Sat, 31 Dec 2005 05:19:53 +0000 (05:19 +0000)]
- (djm) OpenBSD CVS Sync
- stevesk@cvs.openbsd.org 2005/12/28 22:46:06
[canohost.c channels.c clientloop.c]
use 'break-in' for consistency; ok deraadt@ ok and input jmc@
djm [Sat, 24 Dec 2005 03:56:29 +0000 (03:56 +0000)]
- jmc@cvs.openbsd.org 2005/12/23 14:55:53
[ssh.1]
- sync the description of -e w/ synopsis
- simplify the description of -I
- note that -I is only available if support compiled in, and that it
isn't by default
feedback/ok djm@
djm [Sat, 24 Dec 2005 03:52:13 +0000 (03:52 +0000)]
- jmc@cvs.openbsd.org 2005/12/20 21:59:43
[ssh.1]
merge the sections on protocols 1 and 2 into one section on
authentication;
feedback djm dtucker
ok deraadt markus dtucker