Commit Graph

5091 Commits

Author SHA1 Message Date
Darren Tucker
aef5beef12 - (dtucker) [INSTALL] Update to autoconf-2.61. 2007-03-02 17:53:41 +11:00
Darren Tucker
573e3878b8 - (dtucker) [configure.ac] For Cygwin, read files in textmode (which allows
CRLF as well as LF lineendings) and write in binary mode.  Patch from
   vinschen at redhat.com.
2007-03-02 17:50:03 +11:00
Tim Rice
c3af6d4d13 - (tim) [buildpkg.sh.in openssh.xml.in] Clean up Solaris 10 smf(5) bits.
"Looks sane" dtucker@
2007-03-01 09:34:52 -08:00
Darren Tucker
1d75f22c5d - dtucker@cvs.openbsd.org 2007/03/01 10:28:02
[auth2.c sshd_config.5 servconf.c]
     Remove ChallengeResponseAuthentication support inside a Match
     block as its interaction with KbdInteractive makes it difficult to
     support.  Also, relocate the CR/kbdint option special-case code into
     servconf.  "please commit" djm@, ok markus@ for the relocation.
2007-03-01 21:31:28 +11:00
Darren Tucker
cf0d2db2fa - dtucker@cvs.openbsd.org 2007/02/28 00:55:30
[ssh-agent.c]
     Remove expired keys periodically so they don't remain in memory when
     the agent is entirely idle, as noted by David R. Piegdon.  This is the
     simple fix, a more efficient one will be done later.  With markus,
     deraadt, with & ok djm.
2007-02-28 21:19:58 +11:00
Darren Tucker
90aaed4397 - ray@cvs.openbsd.org 2007/02/24 03:30:11
[moduli.c]
     - strlen returns size_t, not int.
     - Pass full buffer size to fgets.
     OK djm@, millert@, and moritz@.
2007-02-25 20:38:55 +11:00
Darren Tucker
82347a8fd6 - dtucker@cvs.openbsd.org 2007/02/22 12:58:40
[servconf.c]
     Check activep so Match and GatewayPorts work together; ok markus@
2007-02-25 20:37:52 +11:00
Darren Tucker
ed623966e3 - dtucker@cvs.openbsd.org 2007/02/21 11:00:05
[sshd.c]
     Clear alarm() before restarting sshd on SIGHUP.  Without this, if there's
     a SIGALRM pending (for SSH1 key regeneration) when sshd is SIGHUP'ed, the
     newly exec'ed sshd will get the SIGALRM and not have a handler for it,
     and the default action will terminate the listening sshd.  Analysis and
     patch from andrew at gaul.org.
2007-02-25 20:37:21 +11:00
Darren Tucker
d04188e70e - djm@cvs.openbsd.org 2007/02/20 10:25:14
[clientloop.c]
     set maximum packet and window sizes the same for multiplexed clients
     as normal connections; ok markus@
2007-02-25 20:36:49 +11:00
Darren Tucker
89ee69e3c6 - (dtucker) [openbsd-compat/getrrsetbyname.c] Don't attempt to calloc
an array for signatures when there are none since "calloc(0, n) returns
   NULL on some platforms (eg Tru64), which is explicitly permitted by
   POSIX.  Diagnosis and patch by svallet genoscope.cns.fr.
2007-02-19 22:56:55 +11:00
Darren Tucker
53ced25d61 - (dtucker) [contrib/findssl.sh] Add "which" as a shell function since some
platforms don't have it.  Patch from dleonard at vintela.com.
2007-02-19 22:44:25 +11:00
Darren Tucker
1629c07c07 - dtucker@cvs.openbsd.org 2007/02/19 10:45:58
[monitor_wrap.c servconf.c servconf.h monitor.c sshd_config.5]
     Teach Match how handle config directives that are used before
     authentication.  This allows configurations such as permitting password
     authentication from the local net only while requiring pubkey from
     offsite.  ok djm@, man page bits ok jmc@
2007-02-19 22:25:37 +11:00
Darren Tucker
591322ae38 - stevesk@cvs.openbsd.org 2007/02/14 14:32:00
[bufbn.c]
     typos in comments; ok jmc@
2007-02-19 22:17:28 +11:00
Darren Tucker
6ec2fbec8b - djm@cvs.openbsd.org 2007/01/22 13:06:21
[scp.c]
     fix detection of whether we should show progress meter or not: scp
     tested isatty(stderr) but wrote the progress meter to stdout. This patch
     makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com;
     of dtucker@
2007-02-19 22:14:11 +11:00
Darren Tucker
0aa3dbb508 - djm@cvs.openbsd.org 2007/01/22 11:32:50
[sftp-client.c]
     return error from do_upload() when a write fails. fixes bz#1252: zero
     exit status from sftp when uploading to a full device. report from
     jirkat AT atlas.cz; ok dtucker@
2007-02-19 22:13:39 +11:00
Darren Tucker
cb0e1753c7 - stevesk@cvs.openbsd.org 2007/01/21 01:45:35
[readconf.c]
     spaces
2007-02-19 22:12:53 +11:00
Darren Tucker
c58b5b0742 ChangeLog entries for previous 2 commits 2007-02-19 22:12:23 +11:00
Darren Tucker
82a3d2bc6f - stevesk@cvs.openbsd.org 2007/01/21 01:41:54
[auth-skey.c kex.c ssh-keygen.c session.c clientloop.c]
     spaces
2007-02-19 22:10:25 +11:00
Darren Tucker
a52c5b6486 - dtucker@cvs.openbsd.org 2007/01/17 23:22:52
[readconf.c]
     Honour activep for times (eg ServerAliveInterval) while parsing
     ssh_config and ~/.ssh/config so they work properly with Host directives.
     From mario.lorenz@wincor-nixdorf.com via bz #1275.  ok markus@
2007-02-19 22:09:45 +11:00
Darren Tucker
26dc3e656a - jmc@cvs.openbsd.org 2007/01/12 20:20:41
[ssh-keygen.1 ssh-keygen.c]
     more secsh -> rfc 4716 updates;
     spotted by wiz@netbsd
     ok markus
2007-02-19 22:09:06 +11:00
Darren Tucker
bf6b328f27 - jmc@cvs.openbsd.org 2007/01/10 13:23:22
[ssh_config.5]
     do not use a list for SYNOPSIS;
     this is actually part of a larger report sent by eric s. raymond
     and forwarded by brad, but i only read half of it. spotted by brad.
2007-02-19 22:08:17 +11:00
Damien Miller
e42bd24b22 - (djm) [channels.c serverloop.c] Fix so-called "hang on exit" (bz #52)
when closing a tty session when a background process still holds tty
   fds open. Great detective work and patch by Marc Aurele La France,
   slightly tweaked by me; ok dtucker@
2007-01-29 10:16:28 +11:00
Darren Tucker
07877ca680 - (dtucker) [openbsd-compat/bsd-snprintf.c] Static declarations for public
library interfaces aren't very helpful. Fix up the DOPR_OUTCH macro
   so it works properly and modify its callers so that they don't pre or
   post decrement arguments that are conditionally evaluated. While there,
   put SNPRINTF_CONST back as it prevents build failures in some
   configurations.  ok djm@ (for most of it)
2007-01-24 00:07:29 +11:00
Damien Miller
9f74105289 - (djm) [ssh-rand-helper.8] manpage nits;
from dleonard AT vintela.com (bz#1529)
2007-01-22 12:44:53 +11:00
Darren Tucker
eae5fa1b58 - (dtucker) [packet.c] Re-remove in_systm.h since it's already in includes.h
and multiple including it causes problems on old IRIXes.  (It snuck back
   in during a sync.)  Found (again) by Georg Schwarz.
2007-01-17 11:00:13 +11:00
Damien Miller
742cc1c194 - (djm) [openbsd-compat/bsd-snprintf.c] Fix integer overflow in return
value of snprintf replacement, similar to bugs in various libc
   implementations. This overflow is not exploitable in OpenSSH.
   While I'm fiddling with it, make it a fair bit faster by inlining the
   append-char routine; ok dtucker@
2007-01-14 21:20:30 +11:00
Darren Tucker
e67ac00b9b typo 2007-01-14 10:26:25 +11:00
Darren Tucker
9ac56e945b - (dtucker) [ssh-keygen.c] ac -> argv to match earlier sync. 2007-01-14 10:19:59 +11:00
Damien Miller
e2334d600b - stevesk@cvs.openbsd.org 2007/01/03 07:22:36
[sftp-server.c]
     spaces
2007-01-05 16:31:02 +11:00
Damien Miller
b6c85fcf37 - stevesk@cvs.openbsd.org 2007/01/03 04:09:15
[sftp.c]
     ARGSUSED for lint
2007-01-05 16:30:41 +11:00
Damien Miller
80163907ed - stevesk@cvs.openbsd.org 2007/01/03 03:01:40
[auth2-chall.c channels.c dns.c sftp.c ssh-keygen.c ssh.c]
     spaces
2007-01-05 16:30:16 +11:00
Damien Miller
6c7439f963 - stevesk@cvs.openbsd.org 2007/01/03 00:53:38
[ssh-keygen.c]
     remove small dead code; arnaud.lacombe.1@ulaval.ca via Coverity scan
2007-01-05 16:29:55 +11:00
Damien Miller
d94fc72bcd - jmc@cvs.openbsd.org 2007/01/02 09:57:25
[sshd_config.5]
     do not use lists for SYNOPSIS;
     from eric s. raymond via brad
2007-01-05 16:29:30 +11:00
Damien Miller
9fc6a56204 - dtucker@cvs.openbsd.org 2006/12/14 10:01:14
[servconf.c]
     Make "PermitOpen all" first-match within a block to match the way other
     options work.  ok markus@ djm@
2007-01-05 16:29:02 +11:00
Damien Miller
a29b95ec3a - dtucker@cvs.openbsd.org 2006/12/13 08:34:39
[servconf.c]
     Make PermitOpen work with multiple values like the man pages says.
     bz #1267 with details from peter at dmtz.com, with & ok djm@
2007-01-05 16:28:36 +11:00
Damien Miller
1ec462658e - djm@cvs.openbsd.org 2006/12/12 03:58:42
[channels.c compat.c compat.h]
     bz #1019: some ssh.com versions apparently can't cope with the
     remote port forwarding bind_address being a hostname, so send
     them an address for cases where they are not explicitly
     specified (wildcard or localhost bind).  reported by daveroth AT
     acm.org; ok dtucker@ deraadt@
2007-01-05 16:26:45 +11:00
Damien Miller
c0367fb0d2 - markus@cvs.openbsd.org 2006/12/11 21:25:46
[ssh-keygen.1 ssh.1]
     add rfc 4716 (public key format); ok jmc
2007-01-05 16:25:46 +11:00
Damien Miller
3ca8b77179 - ray@cvs.openbsd.org 2006/11/23 01:35:11
[misc.c sftp.c]
     Don't access buf[strlen(buf) - 1] for zero-length strings.
     ``ok by me'' djm@.
2007-01-05 16:24:47 +11:00
Damien Miller
df8b7db16e - (djm) OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2006/11/14 19:41:04
     [ssh-keygen.c]
     use argc and argv not some made up short form
2007-01-05 16:22:57 +11:00
Damien Miller
be6db83462 - (djm) [bsd-asprintf.c] Better test for bad vsnprintf lengths; ok dtucker@ 2006-12-05 22:58:09 +11:00
Damien Miller
143c2ef1ce - (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would
occur if the server did not have the privsep user and an invalid user
   tried to login and both privsep and krb5 auth are disabled.
2006-12-05 09:08:54 +11:00
Darren Tucker
b0781f79db - markus@cvs.openbsd.org 2006/11/07 13:02:07
[dh.c]
     BN_hex2bn returns int; from dtucker@
2006-11-08 10:01:36 +11:00
Darren Tucker
14ea86391b - (dtucker) Release 4.5p1. 2006-11-07 23:27:34 +11:00
Darren Tucker
c2820c5822 - (dtucker) [README contrib/{caldera,redhat,contrib}/openssh.spec] Bump
versions.
2006-11-07 23:25:45 +11:00
Darren Tucker
fbba735aa3 - markus@cvs.openbsd.org 2006/11/07 10:31:31
[monitor.c version.h]
     correctly check for bad signatures in the monitor, otherwise the monitor
     and the unpriv process can get out of sync. with dtucker@, ok djm@,
     dtucker@
2006-11-07 23:16:08 +11:00
Darren Tucker
0bc85579a9 - markus@cvs.openbsd.org 2006/11/06 21:25:28
[auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c
     ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c]
     add missing checks for openssl return codes; with & ok djm@
2006-11-07 23:14:41 +11:00
Darren Tucker
df0e438a2e - (dtucker) [sshd.c] Use privsep_pw if we have it, but only require it
if we absolutely need it.  Pointed out by Corinna, ok djm@
2006-11-07 11:28:40 +11:00
Damien Miller
570c2ab1b6 - markus@cvs.openbsd.org 2006/10/31 16:33:12
[kexdhc.c kexdhs.c kexgexc.c kexgexs.c]
     check DH_compute_key() for -1 even if it should not happen because of
     earlier calls to dh_pub_is_valid(); report krahmer at suse.de; ok djm
2006-11-05 05:32:02 +11:00
Damien Miller
3975ee2c3c - (djm) OpenBSD CVS Sync
- otto@cvs.openbsd.org 2006/10/28 18:08:10
     [ssh.1]
     correct/expand example of usage of -w; ok jmc@ stevesk@
2006-11-05 05:31:33 +11:00
Darren Tucker
4d13ecea54 - (dtucker) [openbsd-compat/port-solaris.c] Bug #1255: Make only hwerr
events fatal in Solaris process contract support and tell it to signal
   only processes in the same process group when something happens.
   Based on information from andrew.benham at thus.net and similar to
   a patch from Chad Mynhier.  ok djm@
2006-11-01 10:28:49 +11:00