[auth2.c sshd_config.5 servconf.c]
Remove ChallengeResponseAuthentication support inside a Match
block as its interaction with KbdInteractive makes it difficult to
support. Also, relocate the CR/kbdint option special-case code into
servconf. "please commit" djm@, ok markus@ for the relocation.
[ssh-agent.c]
Remove expired keys periodically so they don't remain in memory when
the agent is entirely idle, as noted by David R. Piegdon. This is the
simple fix, a more efficient one will be done later. With markus,
deraadt, with & ok djm.
[sshd.c]
Clear alarm() before restarting sshd on SIGHUP. Without this, if there's
a SIGALRM pending (for SSH1 key regeneration) when sshd is SIGHUP'ed, the
newly exec'ed sshd will get the SIGALRM and not have a handler for it,
and the default action will terminate the listening sshd. Analysis and
patch from andrew at gaul.org.
an array for signatures when there are none since "calloc(0, n) returns
NULL on some platforms (eg Tru64), which is explicitly permitted by
POSIX. Diagnosis and patch by svallet genoscope.cns.fr.
[monitor_wrap.c servconf.c servconf.h monitor.c sshd_config.5]
Teach Match how handle config directives that are used before
authentication. This allows configurations such as permitting password
authentication from the local net only while requiring pubkey from
offsite. ok djm@, man page bits ok jmc@
[scp.c]
fix detection of whether we should show progress meter or not: scp
tested isatty(stderr) but wrote the progress meter to stdout. This patch
makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com;
of dtucker@
[sftp-client.c]
return error from do_upload() when a write fails. fixes bz#1252: zero
exit status from sftp when uploading to a full device. report from
jirkat AT atlas.cz; ok dtucker@
[readconf.c]
Honour activep for times (eg ServerAliveInterval) while parsing
ssh_config and ~/.ssh/config so they work properly with Host directives.
From mario.lorenz@wincor-nixdorf.com via bz #1275. ok markus@
[ssh_config.5]
do not use a list for SYNOPSIS;
this is actually part of a larger report sent by eric s. raymond
and forwarded by brad, but i only read half of it. spotted by brad.
when closing a tty session when a background process still holds tty
fds open. Great detective work and patch by Marc Aurele La France,
slightly tweaked by me; ok dtucker@
library interfaces aren't very helpful. Fix up the DOPR_OUTCH macro
so it works properly and modify its callers so that they don't pre or
post decrement arguments that are conditionally evaluated. While there,
put SNPRINTF_CONST back as it prevents build failures in some
configurations. ok djm@ (for most of it)
value of snprintf replacement, similar to bugs in various libc
implementations. This overflow is not exploitable in OpenSSH.
While I'm fiddling with it, make it a fair bit faster by inlining the
append-char routine; ok dtucker@
[channels.c compat.c compat.h]
bz #1019: some ssh.com versions apparently can't cope with the
remote port forwarding bind_address being a hostname, so send
them an address for cases where they are not explicitly
specified (wildcard or localhost bind). reported by daveroth AT
acm.org; ok dtucker@ deraadt@
[monitor.c version.h]
correctly check for bad signatures in the monitor, otherwise the monitor
and the unpriv process can get out of sync. with dtucker@, ok djm@,
dtucker@
[kexdhc.c kexdhs.c kexgexc.c kexgexs.c]
check DH_compute_key() for -1 even if it should not happen because of
earlier calls to dh_pub_is_valid(); report krahmer at suse.de; ok djm
events fatal in Solaris process contract support and tell it to signal
only processes in the same process group when something happens.
Based on information from andrew.benham at thus.net and similar to
a patch from Chad Mynhier. ok djm@