Commit Graph

5130 Commits

Author SHA1 Message Date
Darren Tucker
7fa339bb7c - djm@cvs.openbsd.org 2007/05/17 20:52:13
[monitor.c]
     pass received SIGINT from monitor to postauth child so it can clean
     up properly. bz#1196, patch from senthilkumar_sen AT hotpop.com;
     ok markus@
2007-05-20 15:10:16 +10:00
Darren Tucker
26c6662834 - djm@cvs.openbsd.org 2007/05/17 20:48:13
[sshconnect2.c]
     fall back to gethostname() when the outgoing connection is not
     on a socket, such as is the case when ProxyCommand is used.
     Gives hostbased auth an opportunity to work; bz#616, report
     and feedback stuart AT kaloram.com; ok markus@
2007-05-20 15:09:42 +10:00
Darren Tucker
e9405983dc - djm@cvs.openbsd.org 2007/05/17 07:55:29
[sftp-server.c]
     bz#1286 stop reading and processing commands when input or output buffer
     is nearly full, otherwise sftp-server would happily try to grow the
     input/output buffers past the maximum supported by the buffer API and
     promptly fatal()
     based on patch from Thue Janus Kristensen; feedback & ok dtucker@
2007-05-20 15:09:04 +10:00
Darren Tucker
36b78000a7 - djm@cvs.openbsd.org 2007/05/17 07:50:31
[log.c]
     save and restore errno when logging; ok deraadt@
2007-05-20 15:08:15 +10:00
Darren Tucker
f78bb41772 - dtucker@cvs.openbsd.org 2007/04/23 10:15:39
[servconf.c]
     Remove debug() left over from development.  ok deraadt@
2007-05-20 15:03:15 +10:00
Darren Tucker
86473c57a8 - stevesk@cvs.openbsd.org 2007/04/18 01:12:43
[sftp-server.c]
     cast "%llu" format spec to (unsigned long long); do not assume a
     u_int64_t arg is the same as 'unsigned long long'.
     from Dmitry V. Levin <ldv@altlinux.org>
     ok markus@ 'Yes, that looks correct' millert@
2007-05-20 14:59:32 +10:00
Darren Tucker
208ac57c30 - stevesk@cvs.openbsd.org 2007/04/14 22:01:58
[auth2.c]
     remove unused macro; from Dmitry V. Levin <ldv@altlinux.org>
2007-05-20 14:58:41 +10:00
Tim Rice
aa8954f1d9 20070509
- (tim) [configure.ac] Bug #1287: Add missing test for ucred.h.
2007-05-09 15:57:43 -07:00
Darren Tucker
d0adab5a12 trim pasto 2007-04-29 17:14:48 +10:00
Darren Tucker
dca0edff2f - (dtucker) [configure.ac defines.h] Have configure check for offsetof
to prevent redefinition warnings.
2007-04-29 15:06:44 +10:00
Darren Tucker
391de5c023 - (dtucker) [configure.ac defines.h] Prevent warnings about __attribute__
__nonnull__ for versions of GCC that don't support it.
2007-04-29 14:49:21 +10:00
Darren Tucker
6d862a50db - (dtucker) [configure.ac defines.h] Have configure check for MAXSYMLINKS
so we don't get redefinition warnings.
2007-04-29 14:39:02 +10:00
Darren Tucker
2ac529b505 - (dtucker) [openbsd-compat/xmmap.c] Include stdlib.h for mkstemp prototype. 2007-04-29 14:02:43 +10:00
Darren Tucker
cc40d5ecdf - (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Bug #1299: Use the
platform's _res if it has one.  Should fix problem of DNSSEC record lookups
   on NetBSD as reported by Curt Sampson.
2007-04-29 13:58:06 +10:00
Darren Tucker
d757e69cda - (dtucker) [auth-shadow.c loginrec.c] Include time.h for time(2) prototype. 2007-04-29 12:10:57 +10:00
Darren Tucker
781e7a28d0 - (dtucker) [openbsd-compat/bsd-misc.c] Include unistd.h and sys/types.h
for select(2) prototype.
2007-04-29 12:06:55 +10:00
Darren Tucker
2a3868589b - (dtucker) [INSTALL] prngd lives at sourceforge these days. 2007-04-06 12:25:08 +10:00
Darren Tucker
62995c1f1e - (dtucker) [INSTALL] Update the systems that have PAM as standard. Link
to OpenPAM too.
2007-04-06 12:21:47 +10:00
Tim Rice
99203ec48b 20070326
- (tim) [auth.c configure.ac defines.h session.c openbsd-compat/port-uw.c
   openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] Rework libiaf test/defines
   to account for IRIX having libiaf but not set_id(). Patch with & ok dtucker@
2007-03-26 09:35:28 -07:00
Darren Tucker
20e9f976c1 - (dtucker) [Makefile.in configure.ac] Replace single-purpose LIBSELINUX,
LIBWRAP and LIBPAM variables in Makefile with the general-purpose
   SSHDLIBS.  "I like" djm@
2007-03-25 18:26:01 +10:00
Darren Tucker
9869ab3557 - (dtucker) [regress/agent-getpeereid.sh] Do peereid test if we have
HAVE_GETPEERUCRED too.  Also from Jan Pechanec.
2007-03-21 21:45:48 +11:00
Darren Tucker
164aa30e46 - (dtucker) [configure.ac openbsd-compat/bsd-getpeereid.c] Bug #1287: Use
getpeerucred to implement getpeereid (currently only Solaris 10 and up).
   Patch by Jan.Pechanec at Sun.
2007-03-21 21:39:57 +11:00
Darren Tucker
04354b97dc - jmc@cvs.openbsd.org 2007/03/20 15:57:15
[sshd.8]
     - let synopsis and description agree for -f
     - sort FILES
     - +.Xr ssh-keyscan 1 ,
     from Igor Sobrado
2007-03-21 20:46:54 +11:00
Darren Tucker
03b1cdbb44 - tedu@cvs.openbsd.org 2007/03/20 03:56:12
[readconf.c clientloop.c]
     remove some bogus *p tests from charles longeau
     ok deraadt millert
2007-03-21 20:46:03 +11:00
Darren Tucker
2812dc9285 - dtucker@cvs.openbsd.org 2007/03/19 12:16:42
[ssh-agent.c]
     Remove the signal handler that checks if the agent's parent process
     has gone away, instead check when the select loop returns.  Record when
     the next key will expire when scanning for expired keys.  Set the select
     timeout to whichever of these two things happens next.  With djm@, with &
     ok deraadt@ markus@
2007-03-21 20:45:06 +11:00
Darren Tucker
506ed88cef - djm@cvs.openbsd.org 2007/03/19 01:01:29
[sshd_config]
     Disable the legacy SSH protocol 1 for new installations via
     a configuration override. In the future, we will change the
     server's default itself so users who need the legacy protocol
     will need to turn it on explicitly
2007-03-21 20:42:24 +11:00
Darren Tucker
97b1bb568c - dtucker@cvs.openbsd.org 2007/03/09 05:20:06
[servconf.c sshd.c]
     Move C/R -> kbdint special case to after the defaults have been
     loaded, which makes ChallengeResponse default to yes again.  This
     was broken by the Match changes and not fixed properly subsequently.
     Found by okan at demirmen.com, ok djm@ "please do it" deraadt@
2007-03-21 20:38:53 +11:00
Darren Tucker
5548e8cf2e - (dtucker) [README.platform] Info about blibpath on AIX. 2007-03-13 21:00:45 +11:00
Darren Tucker
da05f48739 - (dtucker) [cipher-3des1.c cipher-bf1.c] The OpenSSL 0.9.8e problem in
bug #1291 also affects Protocol 1 3des.  While at it, use compat-openssl.h
   in cipher-bf1.c.  Patch from Juan Gallego.
2007-03-13 18:50:04 +11:00
Darren Tucker
b9fe6a337a - (dtucker) [LICENCE] Add Daniel Walsh as a copyright holder for the
selinux bits in -portable.
2007-03-13 07:37:49 +11:00
Darren Tucker
a8d51ee307 - (dtucker) [entropy.c scard-opensc.c ssh-rand-helper.c] Bug #1294: include
string.h to prevent warnings, from vapier at gentoo.org.
2007-03-13 07:35:38 +11:00
Damien Miller
c49dd34a3e - (djm) [README] correct link to release notes 2007-03-08 20:13:39 +11:00
Damien Miller
f0ffec906c - (djm) Release 4.6p1 2007-03-06 21:24:00 +11:00
Damien Miller
d91cfab088 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
[contrib/suse/openssh.spec] crank spec files for release
2007-03-06 21:23:24 +11:00
Damien Miller
2dbab87386 - djm@cvs.openbsd.org 2007/03/06 10:13:14
[version.h]
     openssh-4.6; "please" deraadt@
2007-03-06 21:21:37 +11:00
Damien Miller
5737e363c5 - OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2007/03/01 16:19:33
     [sshd_config.5]
     sort the `match' keywords;
2007-03-06 21:21:18 +11:00
Darren Tucker
fd30986c92 - (dtucker) [openbsd-compat/openssl-compat.h] Bug #1291: Work around a
bug in OpenSSL 0.9.8e that prevents aes256-ctr, aes192-ctr and arcfour256
   ciphers from working correctly (disconnects with "Bad packet length"
   errors) as found by Ben Harris.  ok djm@
2007-03-05 18:25:20 +11:00
Damien Miller
9975e48349 - (djm) [configure.ac] add a --without-openssl-header-check option to
configure, as some platforms (OS X) ship OpenSSL headers whose version
   does not match that of the shipping library. ok dtucker@
2007-03-05 11:51:27 +11:00
Darren Tucker
90a58fdf22 - (dtucker) [regress/agent-ptrace.sh] Make ttrace gdb error a little more
general to cover newer gdb versions on HP-UX.
2007-03-03 09:42:23 +11:00
Darren Tucker
aef5beef12 - (dtucker) [INSTALL] Update to autoconf-2.61. 2007-03-02 17:53:41 +11:00
Darren Tucker
573e3878b8 - (dtucker) [configure.ac] For Cygwin, read files in textmode (which allows
CRLF as well as LF lineendings) and write in binary mode.  Patch from
   vinschen at redhat.com.
2007-03-02 17:50:03 +11:00
Tim Rice
c3af6d4d13 - (tim) [buildpkg.sh.in openssh.xml.in] Clean up Solaris 10 smf(5) bits.
"Looks sane" dtucker@
2007-03-01 09:34:52 -08:00
Darren Tucker
1d75f22c5d - dtucker@cvs.openbsd.org 2007/03/01 10:28:02
[auth2.c sshd_config.5 servconf.c]
     Remove ChallengeResponseAuthentication support inside a Match
     block as its interaction with KbdInteractive makes it difficult to
     support.  Also, relocate the CR/kbdint option special-case code into
     servconf.  "please commit" djm@, ok markus@ for the relocation.
2007-03-01 21:31:28 +11:00
Darren Tucker
cf0d2db2fa - dtucker@cvs.openbsd.org 2007/02/28 00:55:30
[ssh-agent.c]
     Remove expired keys periodically so they don't remain in memory when
     the agent is entirely idle, as noted by David R. Piegdon.  This is the
     simple fix, a more efficient one will be done later.  With markus,
     deraadt, with & ok djm.
2007-02-28 21:19:58 +11:00
Darren Tucker
90aaed4397 - ray@cvs.openbsd.org 2007/02/24 03:30:11
[moduli.c]
     - strlen returns size_t, not int.
     - Pass full buffer size to fgets.
     OK djm@, millert@, and moritz@.
2007-02-25 20:38:55 +11:00
Darren Tucker
82347a8fd6 - dtucker@cvs.openbsd.org 2007/02/22 12:58:40
[servconf.c]
     Check activep so Match and GatewayPorts work together; ok markus@
2007-02-25 20:37:52 +11:00
Darren Tucker
ed623966e3 - dtucker@cvs.openbsd.org 2007/02/21 11:00:05
[sshd.c]
     Clear alarm() before restarting sshd on SIGHUP.  Without this, if there's
     a SIGALRM pending (for SSH1 key regeneration) when sshd is SIGHUP'ed, the
     newly exec'ed sshd will get the SIGALRM and not have a handler for it,
     and the default action will terminate the listening sshd.  Analysis and
     patch from andrew at gaul.org.
2007-02-25 20:37:21 +11:00
Darren Tucker
d04188e70e - djm@cvs.openbsd.org 2007/02/20 10:25:14
[clientloop.c]
     set maximum packet and window sizes the same for multiplexed clients
     as normal connections; ok markus@
2007-02-25 20:36:49 +11:00
Darren Tucker
89ee69e3c6 - (dtucker) [openbsd-compat/getrrsetbyname.c] Don't attempt to calloc
an array for signatures when there are none since "calloc(0, n) returns
   NULL on some platforms (eg Tru64), which is explicitly permitted by
   POSIX.  Diagnosis and patch by svallet genoscope.cns.fr.
2007-02-19 22:56:55 +11:00
Darren Tucker
53ced25d61 - (dtucker) [contrib/findssl.sh] Add "which" as a shell function since some
platforms don't have it.  Patch from dleonard at vintela.com.
2007-02-19 22:44:25 +11:00