20031103
- (dtucker) [contrib/cygwin/ssh-host-config] Ensure entries in /etc/services
are created correctly with CRLF line terminations. Patch from vinschen at
redhat.com.
- (dtucker) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/10/15 09:48:45
[monitor_wrap.c]
check pmonitor != NULL
- markus@cvs.openbsd.org 2003/10/21 09:50:06
[auth2-gss.c]
make sure the doid is larger than 2
- avsm@cvs.openbsd.org 2003/10/26 16:57:43
[sshconnect2.c]
rename 'supported' static var in userauth_gssapi() to 'gss_supported'
to avoid shadowing the global version. markus@ ok
- markus@cvs.openbsd.org 2003/10/28 09:08:06
[misc.c]
error->debug for getsockopt+TCP_NODELAY; several requests
20031021
- (dtucker) [INSTALL] Some system crypt() functions support MD5 passwords
directly. Noted by Darren.Moffat at sun.com.
- (dtucker) [regress/agent-ptrace.sh] Skip agent-test unless SUDO is set,
make agent setgid during test.
20031017
- (dtucker) [INSTALL] Note that --with-md5 is now required on platforms with
MD5 passwords even if PAM support is enabled. From steev at detritus.net.
20031015
- (dtucker) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2003/10/08 08:27:36
[scp.1 scp.c sftp-server.8 sftp.1 sftp.c ssh.1 sshd.8]
scp and sftp: add options list and sort options. options list requested
by deraadt@
sshd: use same format as ssh
ssh: remove wrong option from list
sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
- markus@cvs.openbsd.org 2003/10/08 15:21:24
[readconf.c ssh_config.5]
default GSS API to no in client, too; ok jakob, deraadt@
- markus@cvs.openbsd.org 2003/10/11 08:24:08
[readconf.c readconf.h ssh.1 ssh.c ssh_config.5]
remote x11 clients are now untrusted by default, uses xauth(8) to generate
untrusted cookies; ForwardX11Trusted=yes restores old behaviour.
ok deraadt; feedback and ok djm/fries
- markus@cvs.openbsd.org 2003/10/11 08:26:43
[sshconnect2.c]
search keys in reverse order; fixes #684
- markus@cvs.openbsd.org 2003/10/11 11:36:23
[monitor_wrap.c]
return NULL for missing banner; ok djm@
- jmc@cvs.openbsd.org 2003/10/12 13:12:13
[ssh_config.5]
note that EnableSSHKeySign should be in the non-hostspecific section;
remove unnecessary .Pp;
ok markus@
- markus@cvs.openbsd.org 2003/10/13 08:22:25
[scp.1 sftp.1]
don't refer to options related to forwarding; ok jmc@
- jakob@cvs.openbsd.org 2003/10/14 19:42:10
[dns.c dns.h readconf.c ssh-keygen.c sshconnect.c]
include SSHFP lookup code (not enabled by default). ok markus@
- jakob@cvs.openbsd.org 2003/10/14 19:43:23
[README.dns]
update
- markus@cvs.openbsd.org 2003/10/14 19:54:39
[session.c ssh-agent.c]
10X for mkdtemp; djm@
- (dtucker) [acconfig.h configure.ac dns.c openbsd-compat/getrrsetbyname.c
openbsd-compat/getrrsetbyname.h] DNS fingerprint support is now always
compiled in but disabled in config.
- (dtucker) [auth.c] Check for disabled password expiry on HP-UX Trusted Mode.
- (tim) [regress/banner.sh] portability fix.
20031009
- (dtucker) [sshd_config.5] UsePAM defaults to "no". ok djm@
20031008
- (dtucker) OpenBSD CVS Sync
- dtucker@cvs.openbsd.org 2003/10/07 01:47:27
[sshconnect2.c]
Don't use logit for banner, since it truncates to MSGBUFSIZ; bz #668 &
#707. ok markus@
- djm@cvs.openbsd.org 2003/10/07 07:04:16
[sftp-int.c]
sftp quoting fix from admorten AT umich.edu; ok markus@
- deraadt@cvs.openbsd.org 2003/10/07 21:58:28
[sshconnect2.c]
set ptr to NULL after free
- dtucker@cvs.openbsd.org 2003/10/07 01:52:13
[regress/Makefile regress/banner.sh]
Test SSH2 banner. ok markus@
- djm@cvs.openbsd.org 2003/10/07 07:04:52
[regress/sftp-cmds.sh]
more sftp quoting regress tests; ok markus
20031007
- (djm) Delete autom4te.cache after autoreconf
- (dtucker) [auth-pam.c auth-pam.h session.c] Make PAM use the new static
cleanup functions. With & ok djm@
- (dtucker) [contrib/redhat/openssh.spec] Bug #714: Now that UsePAM is a
run-time switch, always build --with-md5-passwords.
- (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoul.c]
Bug #670: add strtoul() to openbsd-compat for platforms lacking it. ok djm@
- (dtucker) [configure.ac] Bug #715: Set BROKEN_SETREUID and BROKEN_SETREGID
on Reliant Unix. Patch from Robert.Dahlem at siemens.com.
- (dtucker) [configure.ac] Bug #710: Check for dlsym() in libdl on
Reliant Unix. Based on patch from Robert.Dahlem at siemens.com.
20031003
- (dtucker) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/10/02 10:41:59
[sshd.c]
print openssl version, too, several requests; ok henning/djm.
- markus@cvs.openbsd.org 2003/10/02 08:26:53
[ssh-gss.h]
missing $OpenBSD:; dtucker
- (tim) [contrib/caldera/openssh.spec] Remove obsolete --with-ipv4-default
option.
20031002
- (dtucker) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/09/23 20:17:11
[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c
cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h
monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h
ssh-agent.c sshd.c]
replace fatal_cleanup() and linked list of fatal callbacks with static
cleanup_exit() function. re-refine cleanup_exit() where appropriate,
allocate sshd's authctxt eary to allow simpler cleanup in sshd.
tested by many, ok deraadt@
- markus@cvs.openbsd.org 2003/09/23 20:18:52
[progressmeter.c]
don't print trailing \0; bug #709; Robert.Dahlem@siemens.com
ok millert/deraadt@
- markus@cvs.openbsd.org 2003/09/23 20:41:11
[channels.c channels.h clientloop.c]
move client only agent code to clientloop.c
- markus@cvs.openbsd.org 2003/09/26 08:19:29
[sshd.c]
no need to set the listen sockets to non-block; ok deraadt@
- j