| Commit message (Collapse) | Author | Files | Lines |
|---|
|
[bufaux.c buffer.h channels.c packet.c packet.h]
avoid extra malloc/copy/free when receiving data over the net;
~10% speedup for localhost-scp; ok djm@
|
|
[sshd_config.5]
sort;
|
|
[sshd_config]
push the sshd_config bits in, spotted by ajacoutot@
|
|
[servconf.c servconf.h session.c sshd_config.5]
Enable the AllowAgentForwarding option in sshd_config (global and match
context), to specify if agents should be permitted on the server.
As the man page states:
``Note that disabling Agent forwarding does not improve security
unless users are also denied shell access, as they can always install
their own forwarders.''
ok djm@, ok and a mild frown markus@
|
|
[ssh-keyscan.1 ssh-keyscan.c]
default to rsa (protocol 2) keys, instead of rsa1 keys; spotted by
larsnooden AT openoffice.org
|
|
[monitor_mm.h]
garbage collect two unused fields in struct mm_master; ok markus@
|
|
[session.c]
remove unneccessary parentheses
|
|
[sftp.1]
macro fixage;
|
|
[sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c sftp.h]
introduce sftp extension methods statvfs@openssh.com and
fstatvfs@openssh.com that implement statvfs(2)-like operations,
based on a patch from miklos AT szeredi.hu (bz#1399)
also add a "df" command to the sftp client that uses the
statvfs@openssh.com to produce a df(1)-like display of filesystem
space and inode utilisation
ok markus@
|
|
- djm@cvs.openbsd.org 2008/04/13 00:22:17
[dh.c sshd.c]
Use arc4random_buf() when requesting more than a single word of output
Use arc4random_uniform() when the desired random number upper bound
is not a power of two
ok deraadt@ millert@
|
|
[configure.ac] Implement arc4random_buf(), import implementation of
arc4random_uniform() from OpenBSD
|
|
[sshd_config.5]
HostbasedAuthentication is supported under Match too
|
|
[sshd_config.5]
oops, some unrelated stuff crept into that commit - backout.
spotted by jmc@
|
|
- djm@cvs.openbsd.org 2008/04/04 05:14:38
[sshd_config.5]
ChrootDirectory is supported in Match blocks (in fact, it is most useful
there). Spotted by Minstrel AT minstrel.org.uk
|
|
strnvis first. Ok dtucker@
|
|
time warnings on LynxOS. Patch from ops AT iki.fi
|
|
|
|
|
|
[contrib/suse/openssh.spec] Crank version numbers in RPM spec files
|
|
[version.h]
openssh-5.0
|
|
[sshd.8]
remove trailing whitespace;
|
|
[channels.c]
avoid possible hijacking of x11-forwarded connections (back out 1.183)
CVE-2008-1483; ok djm@
|
|
|
|
[contrib/suse/openssh.spec] Crank version numbers in RPM spec files
|
|
|
|
|
|
|
|
|
|
[regress/sftp-badcmds.sh]
disable no-replace rename test now that we prefer a POSIX rename; spotted
by dkrause@
|
|
[version.h]
openssh-4.9
|
|
[auth-options.c auth-options.h session.c sshd.8]
add no-user-rc authorized_keys option to disable execution of ~/.ssh/rc
|
|
[session.c]
last patch had backwards test; spotted by termim AT gmail.com
|
|
[session.c sshd_config.5]
ignore ~/.ssh/rc if a sshd_config ForceCommand is specified;
from dtucker@ ok deraadt@ djm@
|
|
[monitor_fdpass.c]
msg_controllen has to be CMSG_SPACE so that the kernel can account for
each cmsg_len (ie. msg_controllen = sum of CMSG_ALIGN(cmsg_len). This
works now that kernel fd passing has been fixed to accept a bit of
sloppiness because of this ABI repair.
lots of discussion with kettenis
|
|
[sftp-client.c]
prefer POSIX-style file renaming over filexfer rename behaviour if the
server supports the posix-rename@openssh.com extension.
Note that the old (filexfer) behaviour would refuse to clobber an
existing file. Users who depended on this should adjust their sftp(1)
usage.
ok deraadt@ markus@
|
|
[monitor_fdpass.c]
Repair the simple cases for msg_controllen where it should just be
CMSG_SIZE(sizeof(int)), not sizeof(buffer) which may be larger because
of alignment; ok kettenis hshoexer
|
|
[monitor_fdpass.c]
Correct CMSG_SPACE and CMSG_LEN usage everywhere in the tree. Due to
an extensive discussion with otto, kettenis, millert, and hshoexer
|
|
[ssh.1 sshd.8 sshd_config.5]
bump Mdocdate for pages committed in "febuary", necessary because
of a typo in rcs.c;
|
|
|
|
chroot. Allows ChrootDirectory to work with selinux support compiled in
but not enabled. Using it with selinux enabled will require some selinux
support inside the chroot. "looks sane" djm@
|
|
crashes when used with ChrootDirectory
|
|
empty; report and patch from Peter Stuge
- (djm) [regress/test-exec.sh] Silence noise from detection of putty
commands; report from Peter Stuge
|
|
nas.nasa.gov
|
|
vinschen at redhat.com. Add () to put echo commands in subshell for lls test
I mistakenly left out of last commit.
|
|
|
|
from imorgan at nas.nasa.gov
|
|
by vinschen at redhat.com.
|
|
puttygen(1) by $PATH
|
|
self: make changes to Makefile.in next time, not the generated Makefile).
|
|
[regress/Makefile regress/test-exec.sh regress/putty-ciphers.sh]
[regress/putty-kex.sh regress/putty-transfer.sh regress/ssh2putty.sh]
basic (crypto, kex and transfer) interop regression tests against putty
To run these, install putty and run "make interop-tests" from the build
directory - the tests aren't run by default yet.
|
