| Age | Commit message (Collapse) | Author |
|---|
|
incorrectly fatal() on errors. patch from cjwatson AT debian.org;
ok dtucker
(backport from current)
|
|
[ssh.c]
when waiting for the multiplex exit status, read until the master end
writes an entire int of data *and* closes the client_fd; fixes mux
regression spotted by dtucker, ok dtucker@
|
|
[ssh.c]
handle EINTR when waiting for mux exit status properly
|
|
[ssh.c]
handle EINTR when waiting for mux exit status properly
|
|
[scp.c]
don't ftruncate() non-regular files; bz#1236 reported by wood AT
xmission.com; ok dtucker@
|
|
[ssh.c]
fix slave exit value when a control master goes away without passing the
full exit status by ensuring that the slave reads a full int. bz#1261
reported by frekko AT gmail.com; ok markus@ dtucker@
|
|
[gss-genr.c]
Pass GSS OID to gss_display_status to provide better information in
error messages. Patch from Simon Wilkinson via bz 1220. ok djm@
|
|
prevent warnings about redefinitions of various things in paths.h.
Spotted by cartmanltd at hotmail.com.
|
|
fix; tested by dtucker@ and jochen.kirn AT gmail.com (backport from HEAD)
|
|
support used for RFCs.
|
|
[servconf.c]
Remove debug() left over from development. ok deraadt@
(This fixes a null pointer deref on startup with Match+debug on some
platforms).
|
|
platform's _res if it has one. Should fix problem of DNSSEC record lookups
on NetBSD as reported by Curt Sampson.
|
|
openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] Rework libiaf test/defines
to account for IRIX having libiaf but not set_id(). Patch with & ok dtucker@
(backport from -HEAD)
|
|
[servconf.c sshd.c]
Move C/R -> kbdint special case to after the defaults have been
loaded, which makes ChallengeResponse default to yes again. This
was broken by the Match changes and not fixed properly subsequently.
Found by okan at demirmen.com, ok djm@ "please do it" deraadt@
|
|
bug #1291 also affects Protocol 1 3des. While at it, use compat-openssl.h
in cipher-bf1.c. Patch from Juan Gallego.
|
|
string.h to prevent warnings, from vapier at gentoo.org.
|
|
|
|
|
|
[contrib/suse/openssh.spec] crank spec files for release
|
|
[version.h]
openssh-4.6; "please" deraadt@
|
|
- jmc@cvs.openbsd.org 2007/03/01 16:19:33
[sshd_config.5]
sort the `match' keywords;
|
|
bug in OpenSSL 0.9.8e that prevents aes256-ctr, aes192-ctr and arcfour256
ciphers from working correctly (disconnects with "Bad packet length"
errors) as found by Ben Harris. ok djm@
|
|
configure, as some platforms (OS X) ship OpenSSL headers whose version
does not match that of the shipping library. ok dtucker@
|
|
general to cover newer gdb versions on HP-UX.
|
|
|
|
CRLF as well as LF lineendings) and write in binary mode. Patch from
vinschen at redhat.com.
|
|
"Looks sane" dtucker@
|
|
[auth2.c sshd_config.5 servconf.c]
Remove ChallengeResponseAuthentication support inside a Match
block as its interaction with KbdInteractive makes it difficult to
support. Also, relocate the CR/kbdint option special-case code into
servconf. "please commit" djm@, ok markus@ for the relocation.
|
|
[ssh-agent.c]
Remove expired keys periodically so they don't remain in memory when
the agent is entirely idle, as noted by David R. Piegdon. This is the
simple fix, a more efficient one will be done later. With markus,
deraadt, with & ok djm.
|
|
[moduli.c]
- strlen returns size_t, not int.
- Pass full buffer size to fgets.
OK djm@, millert@, and moritz@.
|
|
[servconf.c]
Check activep so Match and GatewayPorts work together; ok markus@
|
|
[sshd.c]
Clear alarm() before restarting sshd on SIGHUP. Without this, if there's
a SIGALRM pending (for SSH1 key regeneration) when sshd is SIGHUP'ed, the
newly exec'ed sshd will get the SIGALRM and not have a handler for it,
and the default action will terminate the listening sshd. Analysis and
patch from andrew at gaul.org.
|
|
[clientloop.c]
set maximum packet and window sizes the same for multiplexed clients
as normal connections; ok markus@
|
|
an array for signatures when there are none since "calloc(0, n) returns
NULL on some platforms (eg Tru64), which is explicitly permitted by
POSIX. Diagnosis and patch by svallet genoscope.cns.fr.
|
|
platforms don't have it. Patch from dleonard at vintela.com.
|
|
[monitor_wrap.c servconf.c servconf.h monitor.c sshd_config.5]
Teach Match how handle config directives that are used before
authentication. This allows configurations such as permitting password
authentication from the local net only while requiring pubkey from
offsite. ok djm@, man page bits ok jmc@
|
|
[bufbn.c]
typos in comments; ok jmc@
|
|
[scp.c]
fix detection of whether we should show progress meter or not: scp
tested isatty(stderr) but wrote the progress meter to stdout. This patch
makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com;
of dtucker@
|
|
[sftp-client.c]
return error from do_upload() when a write fails. fixes bz#1252: zero
exit status from sftp when uploading to a full device. report from
jirkat AT atlas.cz; ok dtucker@
|
|
[readconf.c]
spaces
|
|
|
|
[auth-skey.c kex.c ssh-keygen.c session.c clientloop.c]
spaces
|
|
[readconf.c]
Honour activep for times (eg ServerAliveInterval) while parsing
ssh_config and ~/.ssh/config so they work properly with Host directives.
From mario.lorenz@wincor-nixdorf.com via bz #1275. ok markus@
|
|
[ssh-keygen.1 ssh-keygen.c]
more secsh -> rfc 4716 updates;
spotted by wiz@netbsd
ok markus
|
|
[ssh_config.5]
do not use a list for SYNOPSIS;
this is actually part of a larger report sent by eric s. raymond
and forwarded by brad, but i only read half of it. spotted by brad.
|
|
when closing a tty session when a background process still holds tty
fds open. Great detective work and patch by Marc Aurele La France,
slightly tweaked by me; ok dtucker@
|
|
library interfaces aren't very helpful. Fix up the DOPR_OUTCH macro
so it works properly and modify its callers so that they don't pre or
post decrement arguments that are conditionally evaluated. While there,
put SNPRINTF_CONST back as it prevents build failures in some
configurations. ok djm@ (for most of it)
|
|
from dleonard AT vintela.com (bz#1529)
|
|
and multiple including it causes problems on old IRIXes. (It snuck back
in during a sync.) Found (again) by Georg Schwarz.
|
|
value of snprintf replacement, similar to bugs in various libc
implementations. This overflow is not exploitable in OpenSSH.
While I'm fiddling with it, make it a fair bit faster by inlining the
append-char routine; ok dtucker@
|
