Commit Graph

5118 Commits

Author SHA1 Message Date
Darren Tucker
2ac529b505 - (dtucker) [openbsd-compat/xmmap.c] Include stdlib.h for mkstemp prototype. 2007-04-29 14:02:43 +10:00
Darren Tucker
cc40d5ecdf - (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Bug #1299: Use the
platform's _res if it has one.  Should fix problem of DNSSEC record lookups
   on NetBSD as reported by Curt Sampson.
2007-04-29 13:58:06 +10:00
Darren Tucker
d757e69cda - (dtucker) [auth-shadow.c loginrec.c] Include time.h for time(2) prototype. 2007-04-29 12:10:57 +10:00
Darren Tucker
781e7a28d0 - (dtucker) [openbsd-compat/bsd-misc.c] Include unistd.h and sys/types.h
for select(2) prototype.
2007-04-29 12:06:55 +10:00
Darren Tucker
2a3868589b - (dtucker) [INSTALL] prngd lives at sourceforge these days. 2007-04-06 12:25:08 +10:00
Darren Tucker
62995c1f1e - (dtucker) [INSTALL] Update the systems that have PAM as standard. Link
to OpenPAM too.
2007-04-06 12:21:47 +10:00
Tim Rice
99203ec48b 20070326
- (tim) [auth.c configure.ac defines.h session.c openbsd-compat/port-uw.c
   openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] Rework libiaf test/defines
   to account for IRIX having libiaf but not set_id(). Patch with & ok dtucker@
2007-03-26 09:35:28 -07:00
Darren Tucker
20e9f976c1 - (dtucker) [Makefile.in configure.ac] Replace single-purpose LIBSELINUX,
LIBWRAP and LIBPAM variables in Makefile with the general-purpose
   SSHDLIBS.  "I like" djm@
2007-03-25 18:26:01 +10:00
Darren Tucker
9869ab3557 - (dtucker) [regress/agent-getpeereid.sh] Do peereid test if we have
HAVE_GETPEERUCRED too.  Also from Jan Pechanec.
2007-03-21 21:45:48 +11:00
Darren Tucker
164aa30e46 - (dtucker) [configure.ac openbsd-compat/bsd-getpeereid.c] Bug #1287: Use
getpeerucred to implement getpeereid (currently only Solaris 10 and up).
   Patch by Jan.Pechanec at Sun.
2007-03-21 21:39:57 +11:00
Darren Tucker
04354b97dc - jmc@cvs.openbsd.org 2007/03/20 15:57:15
[sshd.8]
     - let synopsis and description agree for -f
     - sort FILES
     - +.Xr ssh-keyscan 1 ,
     from Igor Sobrado
2007-03-21 20:46:54 +11:00
Darren Tucker
03b1cdbb44 - tedu@cvs.openbsd.org 2007/03/20 03:56:12
[readconf.c clientloop.c]
     remove some bogus *p tests from charles longeau
     ok deraadt millert
2007-03-21 20:46:03 +11:00
Darren Tucker
2812dc9285 - dtucker@cvs.openbsd.org 2007/03/19 12:16:42
[ssh-agent.c]
     Remove the signal handler that checks if the agent's parent process
     has gone away, instead check when the select loop returns.  Record when
     the next key will expire when scanning for expired keys.  Set the select
     timeout to whichever of these two things happens next.  With djm@, with &
     ok deraadt@ markus@
2007-03-21 20:45:06 +11:00
Darren Tucker
506ed88cef - djm@cvs.openbsd.org 2007/03/19 01:01:29
[sshd_config]
     Disable the legacy SSH protocol 1 for new installations via
     a configuration override. In the future, we will change the
     server's default itself so users who need the legacy protocol
     will need to turn it on explicitly
2007-03-21 20:42:24 +11:00
Darren Tucker
97b1bb568c - dtucker@cvs.openbsd.org 2007/03/09 05:20:06
[servconf.c sshd.c]
     Move C/R -> kbdint special case to after the defaults have been
     loaded, which makes ChallengeResponse default to yes again.  This
     was broken by the Match changes and not fixed properly subsequently.
     Found by okan at demirmen.com, ok djm@ "please do it" deraadt@
2007-03-21 20:38:53 +11:00
Darren Tucker
5548e8cf2e - (dtucker) [README.platform] Info about blibpath on AIX. 2007-03-13 21:00:45 +11:00
Darren Tucker
da05f48739 - (dtucker) [cipher-3des1.c cipher-bf1.c] The OpenSSL 0.9.8e problem in
bug #1291 also affects Protocol 1 3des.  While at it, use compat-openssl.h
   in cipher-bf1.c.  Patch from Juan Gallego.
2007-03-13 18:50:04 +11:00
Darren Tucker
b9fe6a337a - (dtucker) [LICENCE] Add Daniel Walsh as a copyright holder for the
selinux bits in -portable.
2007-03-13 07:37:49 +11:00
Darren Tucker
a8d51ee307 - (dtucker) [entropy.c scard-opensc.c ssh-rand-helper.c] Bug #1294: include
string.h to prevent warnings, from vapier at gentoo.org.
2007-03-13 07:35:38 +11:00
Damien Miller
c49dd34a3e - (djm) [README] correct link to release notes 2007-03-08 20:13:39 +11:00
Damien Miller
f0ffec906c - (djm) Release 4.6p1 2007-03-06 21:24:00 +11:00
Damien Miller
d91cfab088 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
[contrib/suse/openssh.spec] crank spec files for release
2007-03-06 21:23:24 +11:00
Damien Miller
2dbab87386 - djm@cvs.openbsd.org 2007/03/06 10:13:14
[version.h]
     openssh-4.6; "please" deraadt@
2007-03-06 21:21:37 +11:00
Damien Miller
5737e363c5 - OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2007/03/01 16:19:33
     [sshd_config.5]
     sort the `match' keywords;
2007-03-06 21:21:18 +11:00
Darren Tucker
fd30986c92 - (dtucker) [openbsd-compat/openssl-compat.h] Bug #1291: Work around a
bug in OpenSSL 0.9.8e that prevents aes256-ctr, aes192-ctr and arcfour256
   ciphers from working correctly (disconnects with "Bad packet length"
   errors) as found by Ben Harris.  ok djm@
2007-03-05 18:25:20 +11:00
Damien Miller
9975e48349 - (djm) [configure.ac] add a --without-openssl-header-check option to
configure, as some platforms (OS X) ship OpenSSL headers whose version
   does not match that of the shipping library. ok dtucker@
2007-03-05 11:51:27 +11:00
Darren Tucker
90a58fdf22 - (dtucker) [regress/agent-ptrace.sh] Make ttrace gdb error a little more
general to cover newer gdb versions on HP-UX.
2007-03-03 09:42:23 +11:00
Darren Tucker
aef5beef12 - (dtucker) [INSTALL] Update to autoconf-2.61. 2007-03-02 17:53:41 +11:00
Darren Tucker
573e3878b8 - (dtucker) [configure.ac] For Cygwin, read files in textmode (which allows
CRLF as well as LF lineendings) and write in binary mode.  Patch from
   vinschen at redhat.com.
2007-03-02 17:50:03 +11:00
Tim Rice
c3af6d4d13 - (tim) [buildpkg.sh.in openssh.xml.in] Clean up Solaris 10 smf(5) bits.
"Looks sane" dtucker@
2007-03-01 09:34:52 -08:00
Darren Tucker
1d75f22c5d - dtucker@cvs.openbsd.org 2007/03/01 10:28:02
[auth2.c sshd_config.5 servconf.c]
     Remove ChallengeResponseAuthentication support inside a Match
     block as its interaction with KbdInteractive makes it difficult to
     support.  Also, relocate the CR/kbdint option special-case code into
     servconf.  "please commit" djm@, ok markus@ for the relocation.
2007-03-01 21:31:28 +11:00
Darren Tucker
cf0d2db2fa - dtucker@cvs.openbsd.org 2007/02/28 00:55:30
[ssh-agent.c]
     Remove expired keys periodically so they don't remain in memory when
     the agent is entirely idle, as noted by David R. Piegdon.  This is the
     simple fix, a more efficient one will be done later.  With markus,
     deraadt, with & ok djm.
2007-02-28 21:19:58 +11:00
Darren Tucker
90aaed4397 - ray@cvs.openbsd.org 2007/02/24 03:30:11
[moduli.c]
     - strlen returns size_t, not int.
     - Pass full buffer size to fgets.
     OK djm@, millert@, and moritz@.
2007-02-25 20:38:55 +11:00
Darren Tucker
82347a8fd6 - dtucker@cvs.openbsd.org 2007/02/22 12:58:40
[servconf.c]
     Check activep so Match and GatewayPorts work together; ok markus@
2007-02-25 20:37:52 +11:00
Darren Tucker
ed623966e3 - dtucker@cvs.openbsd.org 2007/02/21 11:00:05
[sshd.c]
     Clear alarm() before restarting sshd on SIGHUP.  Without this, if there's
     a SIGALRM pending (for SSH1 key regeneration) when sshd is SIGHUP'ed, the
     newly exec'ed sshd will get the SIGALRM and not have a handler for it,
     and the default action will terminate the listening sshd.  Analysis and
     patch from andrew at gaul.org.
2007-02-25 20:37:21 +11:00
Darren Tucker
d04188e70e - djm@cvs.openbsd.org 2007/02/20 10:25:14
[clientloop.c]
     set maximum packet and window sizes the same for multiplexed clients
     as normal connections; ok markus@
2007-02-25 20:36:49 +11:00
Darren Tucker
89ee69e3c6 - (dtucker) [openbsd-compat/getrrsetbyname.c] Don't attempt to calloc
an array for signatures when there are none since "calloc(0, n) returns
   NULL on some platforms (eg Tru64), which is explicitly permitted by
   POSIX.  Diagnosis and patch by svallet genoscope.cns.fr.
2007-02-19 22:56:55 +11:00
Darren Tucker
53ced25d61 - (dtucker) [contrib/findssl.sh] Add "which" as a shell function since some
platforms don't have it.  Patch from dleonard at vintela.com.
2007-02-19 22:44:25 +11:00
Darren Tucker
1629c07c07 - dtucker@cvs.openbsd.org 2007/02/19 10:45:58
[monitor_wrap.c servconf.c servconf.h monitor.c sshd_config.5]
     Teach Match how handle config directives that are used before
     authentication.  This allows configurations such as permitting password
     authentication from the local net only while requiring pubkey from
     offsite.  ok djm@, man page bits ok jmc@
2007-02-19 22:25:37 +11:00
Darren Tucker
591322ae38 - stevesk@cvs.openbsd.org 2007/02/14 14:32:00
[bufbn.c]
     typos in comments; ok jmc@
2007-02-19 22:17:28 +11:00
Darren Tucker
6ec2fbec8b - djm@cvs.openbsd.org 2007/01/22 13:06:21
[scp.c]
     fix detection of whether we should show progress meter or not: scp
     tested isatty(stderr) but wrote the progress meter to stdout. This patch
     makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com;
     of dtucker@
2007-02-19 22:14:11 +11:00
Darren Tucker
0aa3dbb508 - djm@cvs.openbsd.org 2007/01/22 11:32:50
[sftp-client.c]
     return error from do_upload() when a write fails. fixes bz#1252: zero
     exit status from sftp when uploading to a full device. report from
     jirkat AT atlas.cz; ok dtucker@
2007-02-19 22:13:39 +11:00
Darren Tucker
cb0e1753c7 - stevesk@cvs.openbsd.org 2007/01/21 01:45:35
[readconf.c]
     spaces
2007-02-19 22:12:53 +11:00
Darren Tucker
c58b5b0742 ChangeLog entries for previous 2 commits 2007-02-19 22:12:23 +11:00
Darren Tucker
82a3d2bc6f - stevesk@cvs.openbsd.org 2007/01/21 01:41:54
[auth-skey.c kex.c ssh-keygen.c session.c clientloop.c]
     spaces
2007-02-19 22:10:25 +11:00
Darren Tucker
a52c5b6486 - dtucker@cvs.openbsd.org 2007/01/17 23:22:52
[readconf.c]
     Honour activep for times (eg ServerAliveInterval) while parsing
     ssh_config and ~/.ssh/config so they work properly with Host directives.
     From mario.lorenz@wincor-nixdorf.com via bz #1275.  ok markus@
2007-02-19 22:09:45 +11:00
Darren Tucker
26dc3e656a - jmc@cvs.openbsd.org 2007/01/12 20:20:41
[ssh-keygen.1 ssh-keygen.c]
     more secsh -> rfc 4716 updates;
     spotted by wiz@netbsd
     ok markus
2007-02-19 22:09:06 +11:00
Darren Tucker
bf6b328f27 - jmc@cvs.openbsd.org 2007/01/10 13:23:22
[ssh_config.5]
     do not use a list for SYNOPSIS;
     this is actually part of a larger report sent by eric s. raymond
     and forwarded by brad, but i only read half of it. spotted by brad.
2007-02-19 22:08:17 +11:00
Damien Miller
e42bd24b22 - (djm) [channels.c serverloop.c] Fix so-called "hang on exit" (bz #52)
when closing a tty session when a background process still holds tty
   fds open. Great detective work and patch by Marc Aurele La France,
   slightly tweaked by me; ok dtucker@
2007-01-29 10:16:28 +11:00
Darren Tucker
07877ca680 - (dtucker) [openbsd-compat/bsd-snprintf.c] Static declarations for public
library interfaces aren't very helpful. Fix up the DOPR_OUTCH macro
   so it works properly and modify its callers so that they don't pre or
   post decrement arguments that are conditionally evaluated. While there,
   put SNPRINTF_CONST back as it prevents build failures in some
   configurations.  ok djm@ (for most of it)
2007-01-24 00:07:29 +11:00