diff options
| -rw-r--r-- | crypto/openssh/ChangeLog | 177 | ||||
| -rw-r--r-- | crypto/openssh/INSTALL | 18 | ||||
| -rw-r--r-- | crypto/openssh/README | 2 | ||||
| -rw-r--r-- | crypto/openssh/auth-options.c | 8 | ||||
| -rw-r--r-- | crypto/openssh/auth-sia.c | 2 | ||||
| -rw-r--r-- | crypto/openssh/auth-sia.h | 1 | ||||
| -rw-r--r-- | crypto/openssh/bufaux.h | 4 | ||||
| -rw-r--r-- | crypto/openssh/buffer.c | 8 | ||||
| -rw-r--r-- | crypto/openssh/buffer.h | 5 | ||||
| -rw-r--r-- | crypto/openssh/buildpkg.sh.in | 8 | ||||
| -rw-r--r-- | crypto/openssh/clientloop.c | 4 | ||||
| -rwxr-xr-x | crypto/openssh/config.guess | 3 | ||||
| -rw-r--r-- | crypto/openssh/log.c | 1 | ||||
| -rw-r--r-- | crypto/openssh/misc.c | 8 | ||||
| -rw-r--r-- | crypto/openssh/openbsd-compat/bsd-cygwin_util.c | 7 | ||||
| -rw-r--r-- | crypto/openssh/openbsd-compat/port-aix.c | 4 | ||||
| -rw-r--r-- | crypto/openssh/openbsd-compat/port-aix.h | 4 | ||||
| -rw-r--r-- | crypto/openssh/openbsd-compat/readpassphrase.c | 7 | ||||
| -rw-r--r-- | crypto/openssh/regress/multiplex.sh | 6 | ||||
| -rw-r--r-- | crypto/openssh/regress/test-exec.sh | 2 | ||||
| -rw-r--r-- | crypto/openssh/sftp-client.c | 6 | ||||
| -rw-r--r-- | crypto/openssh/sftp.c | 4 | ||||
| -rw-r--r-- | crypto/openssh/ssh-keygen.1 | 8 | ||||
| -rw-r--r-- | crypto/openssh/ssh-keygen.c | 6 |
24 files changed, 246 insertions, 57 deletions
diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog index 046e32e..15ce35c 100644 --- a/crypto/openssh/ChangeLog +++ b/crypto/openssh/ChangeLog @@ -1,3 +1,178 @@ +20050524 + - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] + [contrib/suse/openssh.spec] Update spec file versions to 4.1p1 + - (dtucker) [auth-pam.c] Since people don't seem to be getting the message + that USE_POSIX_THREADS is unsupported, not recommended and generally a bad + idea, it is now known as UNSUPPORTED_POSIX_THREADS_HACK. Attempting to use + USE_POSIX_THREADS will now generate an error so we don't silently change + behaviour. ok djm@ + - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Ensure sufficient memory + allocation when retrieving core Windows environment. Add CYGWIN variable + to propagated variables. Patch from vinschen at redhat.com, ok djm@ + - (djm) Release 4.1p1 + +20050524 + - (djm) [openbsd-compat/readpassphrase.c] bz #950: Retry tcsetattr to ensure + terminal modes are reset correctly. Fix from peak AT argo.troja.mff.cuni.cz; + "looks ok" dtucker@ + +20050512 + - (tim) [buildpkg.sh.in] missing ${PKG_INSTALL_ROOT} in init script + hard link section. Bug 1038. + +20050509 + - (dtucker) [contrib/cygwin/ssh-host-config] Add a test and warning for a + user-mode mounts in Cygwin installation. Patch from vinschen at redhat.com. + +20050504 + - (djm) [ssh.c] some systems return EADDRINUSE on a bind to an already-used + unix domain socket, so catch that too; from jakob@ ok dtucker@ + +20050503 + - (dtucker) [canohost.c] normalise socket addresses returned by + get_remote_hostname(). This means that IPv4 addresses in log messages + on IPv6 enabled machines will no longer be prefixed by "::ffff:" and + AllowUsers, DenyUsers, AllowGroups, DenyGroups will match IPv4-style + addresses only for 4-in-6 mapped connections, regardless of whether + or not the machine is IPv6 enabled. ok djm@ + +20050425 + - (dtucker) [regress/multiplex.sh] Use "kill -0 $pid" to check for the + existence of a process since it's more portable. Found by jbasney at + ncsa.uiuc.edu; ok tim@ + - (dtucker) [regress/multiplex.sh] Remove cleanup call since test-exec.sh + will clean up anyway. From tim@ + - (dtucker) [regress/multiplex.sh] Put control socket in /tmp so running + "make tests" works even if you're building on a filesystem that doesn't + support sockets. From deengert at anl.gov, ok djm@ + +20050424 + - (dtucker) [INSTALL configure.ac] Make zlib version check test for 1.1.4 or + 1.2.1.2 or higher. With tim@, ok djm@ + +20050423 + - (tim) [config.guess] Add support for OpenServer 6. + +20050421 + - (dtucker) [session.c] Bug #1024: Don't check pam_session_is_open if + UseLogin is set as PAM is not used to establish credentials in that + case. Found by Michael Selvesteen, ok djm@ + +20050419 + - (dtucker) [INSTALL] Reference README.privsep for the privilege separation + requirements. Pointed out by Bengt Svensson. + - (dtucker) [INSTALL] Put the s/key text and URL back together. + - (dtucker) [INSTALL] Fix s/key text too. + +20050411 + - (tim) [configure.ac] UnixWare needs PASSWD_NEEDS_USERNAME + +20050405 + - (dtucker) [configure.ac] Define HAVE_SO_PEERCRED if we have it. ok djm@ + - (dtucker) [auth-sia.c] Constify sys_auth_passwd, fixes build error on + Tru64. Patch from cmadams at hiwaay.net. + - (dtucker) [auth-passwd.c auth-sia.h] Remove duplicate definitions of + sys_auth_passwd, pointed out by cmadams at hiwaay.net. + +20050403 + - (djm) OpenBSD CVS Sync + - deraadt@cvs.openbsd.org 2005/03/31 18:39:21 + [scp.c] + copy argv[] element instead of smashing the one that ps will see; ok otto + - djm@cvs.openbsd.org 2005/04/02 12:41:16 + [scp.c] + since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror + build + - (dtucker) [monitor.c] Don't free buffers in audit functions, monitor_read + will free as needed. ok tim@ djm@ + +20050331 + - (dtucker) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2005/03/16 11:10:38 + [ssh_config.5] + get the syntax right for {Local,Remote}Forward; + based on a diff from markus; + problem report from ponraj; + ok dtucker@ markus@ deraadt@ + - markus@cvs.openbsd.org 2005/03/16 21:17:39 + [version.h] + 4.1 + - jmc@cvs.openbsd.org 2005/03/18 17:05:00 + [sshd_config.5] + typo; + - (dtucker) [auth.h sshd.c openbsd-compat/port-aix.c] Bug #1006: fix bug in + handling of password expiry messages returned by AIX's authentication + routines, originally reported by robvdwal at sara.nl. + - (dtucker) [ssh.c] Prevent null pointer deref in port forwarding debug + message on some platforms. Patch from pete at seebeyond.com via djm. + - (dtucker) [monitor.c] Remaining part of fix for bug #1006. + +20050329 + - (dtucker) [contrib/aix/buildbff.sh] Bug #1005: Look up only the user we're + interested in which is much faster in large (eg LDAP or NIS) environments. + Patch from dleonard at vintela.com. + +20050321 + - (dtucker) [configure.ac] Prevent configure --with-zlib from adding -Iyes + and -Lyes to CFLAGS and LIBS. Pointed out by peter at slagheap.net, + with & ok tim@ + - (dtucker) [configure.ac] Make configure error out if the user specifies + --with-libedit but the required libs can't be found, rather than silently + ignoring and continuing. ok tim@ + - (dtucker) [configure.ac openbsd-compat/port-aix.h] Prevent redefinitions + of setauthdb on AIX 5.3, reported by anders.liljegren at its.uu.se. + +20050317 + - (tim) [configure.ac] Bug 998. Make path for --with-opensc optional. + Make --without-opensc work. + - (tim) [configure.ac] portability changes on test statements. Some shells + have problems with -a operator. + - (tim) [configure.ac] make some configure options a little more error proof. + - (tim) [configure.ac] remove trailing white space. + +20050314 + - (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2005/03/10 10:15:02 + [readconf.c] + Check listen addresses for null, prevents xfree from dying during + ClearAllForwardings (bz #996). From Craig Leres, ok markus@ + - deraadt@cvs.openbsd.org 2005/03/10 22:01:05 + [misc.c ssh-keygen.c servconf.c clientloop.c auth-options.c ssh-add.c + monitor.c sftp-client.c bufaux.h hostfile.c ssh.c sshconnect.c channels.c + readconf.c bufaux.c sftp.c] + spacing + - deraadt@cvs.openbsd.org 2005/03/10 22:40:38 + [auth-options.c] + spacing + - markus@cvs.openbsd.org 2005/03/11 14:59:06 + [ssh-keygen.c] + typo, missing \n; mpech + - jmc@cvs.openbsd.org 2005/03/12 11:55:03 + [ssh_config.5] + escape `.' at eol to avoid double spacing issues; + - dtucker@cvs.openbsd.org 2005/03/14 10:09:03 + [ssh-keygen.1] + Correct description of -H (bz #997); ok markus@, punctuation jmc@ + - dtucker@cvs.openbsd.org 2005/03/14 11:44:42 + [auth.c] + Populate host for log message for logins denied by AllowUsers and + DenyUsers (bz #999); ok markus@ (patch by tryponraj at gmail.com) + - markus@cvs.openbsd.org 2005/03/14 11:46:56 + [buffer.c buffer.h channels.c] + limit input buffer size for channels; bugzilla #896; with and ok dtucker@ + - (tim) [contrib/caldera/openssh.spec] links in rc?.d were getting trashed + with a rpm -F + +20050313 + - (dtucker) [contrib/cygwin/ssh-host-config] Makes the query for the + localized name of the local administrators group more reliable. From + vinschen at redhat.com. + +20050312 + - (dtucker) [regress/test-exec.sh] DEBUG can cause problems where debug + output ends up in the client's output, causing regress failures. Found + by Corinna Vinschen. + 20050309 - (dtucker) [regress/test-exec.sh] Set BIN_SH=xpg4 on OSF1/Digital Unix/Tru64 so that regress tests behave. From Chris Adams. @@ -2321,4 +2496,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3707.2.1 2005/03/09 04:52:09 djm Exp $ +$Id: ChangeLog,v 1.3758.2.2 2005/05/25 12:24:56 djm Exp $ diff --git a/crypto/openssh/INSTALL b/crypto/openssh/INSTALL index 4fc3744..753d2d0 100644 --- a/crypto/openssh/INSTALL +++ b/crypto/openssh/INSTALL @@ -3,7 +3,7 @@ You will need working installations of Zlib and OpenSSL. -Zlib 1.1.4 or greater: +Zlib 1.1.4 or 1.2.1.2 or greater (ealier 1.2.x versions have problems): http://www.gzip.org/zlib/ OpenSSL 0.9.6 or greater: @@ -50,20 +50,20 @@ lacks /dev/random and don't want to use OpenSSH's internal entropy collection. http://www.lothar.com/tech/crypto/ S/Key Libraries: + +If you wish to use --with-skey then you will need the library below +installed. No other S/Key library is currently known to be supported. + http://www.sparc.spb.su/solaris/skey/ LibEdit: - sftp now supports command-line editing via NetBSD's libedit. If your platform has it available natively you can use that, alternatively you might try these multi-platform ports: + http://www.thrysoee.dk/editline/ http://sourceforge.net/projects/libedit/ -If you wish to use --with-skey then you will need the above library -installed. No other current S/Key library is currently known to be -supported. - 2. Building / Installation -------------------------- @@ -91,6 +91,10 @@ make install This will install the binaries in /opt/{bin,lib,sbin}, but will place the configuration files in /etc/ssh. +If you are using Privilege Separation (which is enabled by default) +then you will also need to create the user, group and directory used by +sshd for privilege separation. See README.privsep for details. + If you are using PAM, you may need to manually install a PAM control file as "/etc/pam.d/sshd" (or wherever your system prefers to keep them). Note that the service name used to start PAM is __progname, @@ -221,4 +225,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.66 2005/01/18 01:05:18 dtucker Exp $ +$Id: INSTALL,v 1.70 2005/04/24 07:52:23 dtucker Exp $ diff --git a/crypto/openssh/README b/crypto/openssh/README index 0c5335f..93682c3 100644 --- a/crypto/openssh/README +++ b/crypto/openssh/README @@ -61,4 +61,4 @@ References - [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 [7] http://www.openssh.com/faq.html -$Id: README,v 1.56.4.1 2005/03/09 03:12:09 djm Exp $ +$Id: README,v 1.57 2005/03/09 03:32:28 dtucker Exp $ diff --git a/crypto/openssh/auth-options.c b/crypto/openssh/auth-options.c index 04d12d6..a85e408 100644 --- a/crypto/openssh/auth-options.c +++ b/crypto/openssh/auth-options.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-options.c,v 1.29 2005/03/01 10:09:52 djm Exp $"); +RCSID("$OpenBSD: auth-options.c,v 1.31 2005/03/10 22:40:38 deraadt Exp $"); #include "xmalloc.h" #include "match.h" @@ -247,7 +247,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) host = hpdelim(&p); if (host == NULL || strlen(host) >= NI_MAXHOST) { debug("%.100s, line %lu: Bad permitopen " - "specification <%.100s>", file, linenum, + "specification <%.100s>", file, linenum, patterns); auth_debug_add("%.100s, line %lu: " "Bad permitopen specification", file, @@ -255,8 +255,8 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) xfree(patterns); goto bad_option; } - host = cleanhostname(host); - if (p == NULL || (port = a2port(p)) == 0) { + host = cleanhostname(host); + if (p == NULL || (port = a2port(p)) == 0) { debug("%.100s, line %lu: Bad permitopen port " "<%.100s>", file, linenum, p ? p : ""); auth_debug_add("%.100s, line %lu: " diff --git a/crypto/openssh/auth-sia.c b/crypto/openssh/auth-sia.c index 63f55d0..af7182b 100644 --- a/crypto/openssh/auth-sia.c +++ b/crypto/openssh/auth-sia.c @@ -47,7 +47,7 @@ extern int saved_argc; extern char **saved_argv; int -sys_auth_passwd(Authctxt *authctxt, char *pass) +sys_auth_passwd(Authctxt *authctxt, const char *pass) { int ret; SIAENTITY *ent = NULL; diff --git a/crypto/openssh/auth-sia.h b/crypto/openssh/auth-sia.h index ca55e91..27cbb93 100644 --- a/crypto/openssh/auth-sia.h +++ b/crypto/openssh/auth-sia.h @@ -26,7 +26,6 @@ #ifdef HAVE_OSF_SIA -int sys_auth_passwd(Authctxt *, char *); void session_setup_sia(struct passwd *, char *); #endif /* HAVE_OSF_SIA */ diff --git a/crypto/openssh/bufaux.h b/crypto/openssh/bufaux.h index e30911d..f5efaed 100644 --- a/crypto/openssh/bufaux.h +++ b/crypto/openssh/bufaux.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bufaux.h,v 1.20 2004/10/29 23:56:17 djm Exp $ */ +/* $OpenBSD: bufaux.h,v 1.21 2005/03/10 22:01:05 deraadt Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -40,7 +40,7 @@ void buffer_put_string(Buffer *, const void *, u_int); void buffer_put_cstring(Buffer *, const char *); #define buffer_skip_string(b) \ - do { u_int l = buffer_get_int(b); buffer_consume(b, l); } while(0) + do { u_int l = buffer_get_int(b); buffer_consume(b, l); } while (0) int buffer_put_bignum_ret(Buffer *, const BIGNUM *); int buffer_get_bignum_ret(Buffer *, BIGNUM *); diff --git a/crypto/openssh/buffer.c b/crypto/openssh/buffer.c index 1a25004..487e081 100644 --- a/crypto/openssh/buffer.c +++ b/crypto/openssh/buffer.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: buffer.c,v 1.22 2004/10/29 23:56:17 djm Exp $"); +RCSID("$OpenBSD: buffer.c,v 1.23 2005/03/14 11:46:56 markus Exp $"); #include "xmalloc.h" #include "buffer.h" @@ -78,7 +78,7 @@ buffer_append_space(Buffer *buffer, u_int len) u_int newlen; void *p; - if (len > 0x100000) + if (len > BUFFER_MAX_CHUNK) fatal("buffer_append_space: len %u not supported", len); /* If the buffer is empty, start using it from the beginning. */ @@ -97,7 +97,7 @@ restart: * If the buffer is quite empty, but all data is at the end, move the * data to the beginning and retry. */ - if (buffer->offset > buffer->alloc / 2) { + if (buffer->offset > MIN(buffer->alloc, BUFFER_MAX_CHUNK)) { memmove(buffer->buf, buffer->buf + buffer->offset, buffer->end - buffer->offset); buffer->end -= buffer->offset; @@ -107,7 +107,7 @@ restart: /* Increase the size of the buffer and retry. */ newlen = buffer->alloc + len + 32768; - if (newlen > 0xa00000) + if (newlen > BUFFER_MAX_LEN) fatal("buffer_append_space: alloc %u not supported", newlen); buffer->buf = xrealloc(buffer->buf, newlen); diff --git a/crypto/openssh/buffer.h b/crypto/openssh/buffer.h index 9c09d4f..2b20eed 100644 --- a/crypto/openssh/buffer.h +++ b/crypto/openssh/buffer.h @@ -1,4 +1,4 @@ -/* $OpenBSD: buffer.h,v 1.12 2004/10/29 23:56:17 djm Exp $ */ +/* $OpenBSD: buffer.h,v 1.13 2005/03/14 11:46:56 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -23,6 +23,9 @@ typedef struct { u_int end; /* Offset of last byte containing data. */ } Buffer; +#define BUFFER_MAX_CHUNK 0x100000 +#define BUFFER_MAX_LEN 0xa00000 + void buffer_init(Buffer *); void buffer_clear(Buffer *); void buffer_free(Buffer *); diff --git a/crypto/openssh/buildpkg.sh.in b/crypto/openssh/buildpkg.sh.in index f243e90..f90ae6e 100644 --- a/crypto/openssh/buildpkg.sh.in +++ b/crypto/openssh/buildpkg.sh.in @@ -282,11 +282,11 @@ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SY installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s else [ "$RCS_D" = yes ] && \ -installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l - installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l +installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l + installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l [ "$RC1_D" = no ] || \ - installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l - installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l + installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l + installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l fi # If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh) diff --git a/crypto/openssh/clientloop.c b/crypto/openssh/clientloop.c index 1e25088..1591215 100644 --- a/crypto/openssh/clientloop.c +++ b/crypto/openssh/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.135 2005/03/01 10:09:52 djm Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.136 2005/03/10 22:01:05 deraadt Exp $"); #include "ssh.h" #include "ssh1.h" @@ -627,7 +627,7 @@ client_process_control(fd_set * readset) "to %s? ", host); if (allowed) quit_pending = 1; - /* FALLTHROUGH */ + /* FALLTHROUGH */ case SSHMUX_COMMAND_ALIVE_CHECK: /* Reply for SSHMUX_COMMAND_TERMINATE and ALIVE_CHECK */ buffer_clear(&m); diff --git a/crypto/openssh/config.guess b/crypto/openssh/config.guess index 500ee74..5adbef1 100755 --- a/crypto/openssh/config.guess +++ b/crypto/openssh/config.guess @@ -995,7 +995,8 @@ EOF echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} fi exit 0 ;; - i*86:*:5:[78]*) + i*86:*:5:[678]*) + # Unixware 7.x, OpenUNIX 8, & OpenServer 6 case `/bin/uname -X | grep "^Machine"` in *486*) UNAME_MACHINE=i486 ;; *Pentium) UNAME_MACHINE=i586 ;; diff --git a/crypto/openssh/log.c b/crypto/openssh/log.c index e55a54f..96ab24b 100644 --- a/crypto/openssh/log.c +++ b/crypto/openssh/log.c @@ -196,6 +196,7 @@ log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr) #if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) struct syslog_data sdata = SYSLOG_DATA_INIT; #endif + argv0 = av0; switch (level) { diff --git a/crypto/openssh/misc.c b/crypto/openssh/misc.c index 2e366f8..7adbcea 100644 --- a/crypto/openssh/misc.c +++ b/crypto/openssh/misc.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.28 2005/03/01 10:09:52 djm Exp $"); +RCSID("$OpenBSD: misc.c,v 1.29 2005/03/10 22:01:05 deraadt Exp $"); #include "misc.h" #include "log.h" @@ -303,13 +303,13 @@ hpdelim(char **cp) case '\0': *cp = NULL; /* no more fields*/ break; - + case ':': case '/': *s = '\0'; /* terminate */ *cp = s + 1; break; - + default: return NULL; } @@ -391,7 +391,7 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz, debug("%s: %s line %lu exceeds size limit", __func__, filename, *lineno); /* discard remainder of line */ - while(fgetc(f) != '\n' && !feof(f)) + while (fgetc(f) != '\n' && !feof(f)) ; /* nothing */ } } diff --git a/crypto/openssh/openbsd-compat/bsd-cygwin_util.c b/crypto/openssh/openbsd-compat/bsd-cygwin_util.c index f53abb6..ff394ec 100644 --- a/crypto/openssh/openbsd-compat/bsd-cygwin_util.c +++ b/crypto/openssh/openbsd-compat/bsd-cygwin_util.c @@ -29,7 +29,7 @@ #include "includes.h" -RCSID("$Id: bsd-cygwin_util.c,v 1.13 2004/08/30 10:42:08 dtucker Exp $"); +RCSID("$Id: bsd-cygwin_util.c,v 1.13.4.1 2005/05/25 09:42:40 dtucker Exp $"); #ifdef HAVE_CYGWIN @@ -247,6 +247,7 @@ static struct wenv { { NL("COMMONPROGRAMFILES=") }, { NL("COMPUTERNAME=") }, { NL("COMSPEC=") }, + { NL("CYGWIN=") }, { NL("NUMBER_OF_PROCESSORS=") }, { NL("OS=") }, { NL("PATH=") }, @@ -260,7 +261,7 @@ static struct wenv { { NL("SYSTEMROOT=") }, { NL("TMP=") }, { NL("TEMP=") }, - { NL("WINDIR=") }, + { NL("WINDIR=") } }; char ** @@ -269,7 +270,7 @@ fetch_windows_environment(void) char **e, **p; int i, idx = 0; - p = xmalloc(WENV_SIZ * sizeof(char *)); + p = xmalloc((WENV_SIZ + 1) * sizeof(char *)); for (e = environ; *e != NULL; ++e) { for (i = 0; i < WENV_SIZ; ++i) { if (!strncmp(*e, wenv_arr[i].name, wenv_arr[i].namelen)) diff --git a/crypto/openssh/openbsd-compat/port-aix.c b/crypto/openssh/openbsd-compat/port-aix.c index fa6a4ff..cf5d4b9 100644 --- a/crypto/openssh/openbsd-compat/port-aix.c +++ b/crypto/openssh/openbsd-compat/port-aix.c @@ -151,7 +151,7 @@ aix_valid_authentications(const char *user) * returns 0. */ int -sys_auth_passwd(Authctxt *ctxt, const char *password, Buffer *loginmsg) +sys_auth_passwd(Authctxt *ctxt, const char *password) { char *authmsg = NULL, *msg, *name = ctxt->pw->pw_name; int authsuccess = 0, expired, reenter, result; @@ -181,7 +181,7 @@ sys_auth_passwd(Authctxt *ctxt, const char *password, Buffer *loginmsg) */ expired = passwdexpired(name, &msg); if (msg && *msg) { - buffer_append(loginmsg, msg, strlen(msg)); + buffer_append(ctxt->loginmsg, msg, strlen(msg)); aix_remove_embedded_newlines(msg); } debug3("AIX/passwdexpired returned %d msg %.100s", expired, msg); diff --git a/crypto/openssh/openbsd-compat/port-aix.h b/crypto/openssh/openbsd-compat/port-aix.h index a05ce970..9e3dce4 100644 --- a/crypto/openssh/openbsd-compat/port-aix.h +++ b/crypto/openssh/openbsd-compat/port-aix.h @@ -1,4 +1,4 @@ -/* $Id: port-aix.h,v 1.24 2005/02/16 11:49:31 dtucker Exp $ */ +/* $Id: port-aix.h,v 1.25 2005/03/21 11:46:34 dtucker Exp $ */ /* * @@ -47,7 +47,9 @@ /* These should be in the system headers but are not. */ int usrinfo(int, char *, int); +#if (HAVE_DECL_SETAUTHDB == 0) int setauthdb(const char *, char *); +#endif /* these may or may not be in the headers depending on the version */ #if (HAVE_DECL_AUTHENTICATE == 0) int authenticate(char *, char *, int *, char **); diff --git a/crypto/openssh/openbsd-compat/readpassphrase.c b/crypto/openssh/openbsd-compat/readpassphrase.c index 4ee1be5..eb060bd 100644 --- a/crypto/openssh/openbsd-compat/readpassphrase.c +++ b/crypto/openssh/openbsd-compat/readpassphrase.c @@ -137,8 +137,11 @@ restart: (void)write(output, "\n", 1); /* Restore old terminal settings and signals. */ - if (memcmp(&term, &oterm, sizeof(term)) != 0) - (void)tcsetattr(input, _T_FLUSH, &oterm); + if (memcmp(&term, &oterm, sizeof(term)) != 0) { + while (tcsetattr(input, _T_FLUSH, &oterm) == -1 && + errno == EINTR) + continue; + } (void)sigaction(SIGALRM, &savealrm, NULL); (void)sigaction(SIGHUP, &savehup, NULL); (void)sigaction(SIGINT, &saveint, NULL); diff --git a/crypto/openssh/regress/multiplex.sh b/crypto/openssh/regress/multiplex.sh index e8cc1ac..a172e57 100644 --- a/crypto/openssh/regress/multiplex.sh +++ b/crypto/openssh/regress/multiplex.sh @@ -1,7 +1,7 @@ # $OpenBSD: multiplex.sh,v 1.10 2005/02/27 11:33:30 dtucker Exp $ # Placed in the Public Domain. -CTL=$OBJ/ctl-sock +CTL=/tmp/openssh.regress.ctl-sock.$$ tid="connection multiplexing" @@ -89,6 +89,4 @@ ${SSH} -S $CTL -Oexit otherhost || fail "send exit command failed" # Wait for master to exit sleep 2 -ps -p $MASTER_PID >/dev/null && fail "exit command failed" - -cleanup +kill -0 $MASTER_PID >/dev/null 2>&1 && fail "exit command failed" diff --git a/crypto/openssh/regress/test-exec.sh b/crypto/openssh/regress/test-exec.sh index 4e53449..bd0c025 100644 --- a/crypto/openssh/regress/test-exec.sh +++ b/crypto/openssh/regress/test-exec.sh @@ -197,7 +197,7 @@ cat << EOF > $OBJ/sshd_config #ListenAddress ::1 PidFile $PIDFILE AuthorizedKeysFile $OBJ/authorized_keys_%u - LogLevel DEBUG + LogLevel VERBOSE AcceptEnv _XXX_TEST_* AcceptEnv _XXX_TEST Subsystem sftp $SFTPSERVER diff --git a/crypto/openssh/sftp-client.c b/crypto/openssh/sftp-client.c index d894a11..92df427 100644 --- a/crypto/openssh/sftp-client.c +++ b/crypto/openssh/sftp-client.c @@ -20,7 +20,7 @@ /* XXX: copy between two remote sites */ #include "includes.h" -RCSID("$OpenBSD: sftp-client.c,v 1.52 2004/11/25 22:22:14 markus Exp $"); +RCSID("$OpenBSD: sftp-client.c,v 1.53 2005/03/10 22:01:05 deraadt Exp $"); #include "openbsd-compat/sys-queue.h" @@ -856,7 +856,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, debug3("Received reply T:%u I:%u R:%d", type, id, max_req); /* Find the request in our queue */ - for(req = TAILQ_FIRST(&requests); + for (req = TAILQ_FIRST(&requests); req != NULL && req->id != id; req = TAILQ_NEXT(req, tq)) ; @@ -1109,7 +1109,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, debug3("SSH2_FXP_STATUS %d", status); /* Find the request in our queue */ - for(ack = TAILQ_FIRST(&acks); + for (ack = TAILQ_FIRST(&acks); ack != NULL && ack->id != r_id; ack = TAILQ_NEXT(ack, tq)) ; diff --git a/crypto/openssh/sftp.c b/crypto/openssh/sftp.c index f8553ed..16a6cf0 100644 --- a/crypto/openssh/sftp.c +++ b/crypto/openssh/sftp.c @@ -16,7 +16,7 @@ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.62 2005/02/20 22:59:06 djm Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.63 2005/03/10 22:01:05 deraadt Exp $"); #ifdef USE_LIBEDIT #include <histedit.h> @@ -357,7 +357,7 @@ parse_ls_flags(const char **cpp, int *lflag) /* Check for flags */ if (cp++[0] == '-') { - for(; strchr(WHITESPACE, *cp) == NULL; cp++) { + for (; strchr(WHITESPACE, *cp) == NULL; cp++) { switch (*cp) { case 'l': *lflag &= ~VIEW_FLAGS; diff --git a/crypto/openssh/ssh-keygen.1 b/crypto/openssh/ssh-keygen.1 index 3987b1e..c14eed1 100644 --- a/crypto/openssh/ssh-keygen.1 +++ b/crypto/openssh/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.66 2005/03/01 18:15:56 jmc Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.67 2005/03/14 10:09:03 dtucker Exp $ .\" .\" -*- nroff -*- .\" @@ -232,8 +232,10 @@ command. .It Fl H Hash a .Pa known_hosts -file, printing the result to standard output. -This replaces all hostnames and addresses with hashed representations. +file. +This replaces all hostnames and addresses with hashed representations +within the specified file; the original content is moved to a file with +a .old suffix. These hashes may be used normally by .Nm ssh and diff --git a/crypto/openssh/ssh-keygen.c b/crypto/openssh/ssh-keygen.c index a9931d4..9288550 100644 --- a/crypto/openssh/ssh-keygen.c +++ b/crypto/openssh/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.120 2005/03/02 01:27:41 djm Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.122 2005/03/11 14:59:06 markus Exp $"); #include <openssl/evp.h> #include <openssl/pem.h> @@ -684,7 +684,7 @@ do_known_hosts(struct passwd *pw, const char *name) if (delete_host && !c) print_host(out, cp, public, 0); } else if (hash_hosts) { - for(cp2 = strsep(&cp, ","); + for (cp2 = strsep(&cp, ","); cp2 != NULL && *cp2 != '\0'; cp2 = strsep(&cp, ",")) { if (strcspn(cp2, "*?!") != strlen(cp2)) @@ -707,7 +707,7 @@ do_known_hosts(struct passwd *pw, const char *name) identity_file); if (inplace) { fprintf(stderr, "Not replacing existing known_hosts " - "file beacuse of errors"); + "file because of errors\n"); fclose(out); unlink(tmp); } |
