b6c10a6fe5
avoid using free_func as an argument because it is already a typedef.
2008-05-10 16:52:05 +00:00
33d34d249c
fix version string
2008-05-09 22:10:19 +00:00
2149db96e3
resolve conflicts
2008-05-09 21:49:39 +00:00
b69a53abf2
import today's snapshot! Hi <tls>
2008-05-09 21:34:04 +00:00
2a499f37b6
From Christian Hohnstaedt: allow out of tree building
2008-05-08 12:24:50 +00:00
11a6dbe728
Convert TNF licenses to new 2 clause variant
2008-04-30 13:10:46 +00:00
ce099b4099
Remove clause 3 and 4 from TNF licenses
2008-04-28 20:22:51 +00:00
098f566eb9
Do as in revision 1.26 of sshd_config: add a sample, commented-out line
...
for X.org's xauth.
2008-04-25 15:01:45 +00:00
ed9bfcd9c2
From Timo Teras: extract port numbers from SADB_X_EXT_NAT_T[SD]PORT if present in purge_ipsec_spi().
2008-04-25 14:41:18 +00:00
c6898eabf6
extract ports information from SADB_X_EXT_NAT_T_[SD]PORT if present in purge_ipsec_spi()
2008-04-25 14:41:17 +00:00
795befa36d
namespace police to make it buildable (no, it still does not work),
...
add rcsid.
2008-04-20 15:01:14 +00:00
41de77d985
Sync SCM_RIGHTS passing code with the version used in racoon (i.e.
...
set message header and controll message size to the same value again)
2008-04-19 22:15:30 +00:00
57a7ea54be
for symmetry set controllen the same way we set it on the receiving side.
2008-04-13 21:45:19 +00:00
03409c55d7
Don't use variable size allocation on the stack.
2008-04-13 21:44:14 +00:00
c09e4a3a8c
Fix for CVE-2007-3108
...
The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and
earlier does not properly perform Montgomery multiplication, which might
allow local users to conduct a side-channel attack and retrieve RSA
private keys.
2008-04-10 14:19:59 +00:00
1d2009704e
fix another build breaker
2008-04-07 07:37:07 +00:00
1f7a577d0e
re-add removed files.
2008-04-06 23:39:05 +00:00
cbdb6c7a40
resolve conflicts.
2008-04-06 23:38:19 +00:00
49d015609b
Import 5.0
2008-04-06 21:18:28 +00:00
fe2ff28dc6
Add no-user-rc option which disables execution of ~/.ssh/rc
...
(backport from OpenSSH 4.9)
2008-04-05 17:20:53 +00:00
11a00dfcb8
Fix two vulnerabilities in OpenSSH:
...
- X11 forwarding information disclosure (CVE-2008-1483)
- ForceCommand bypass vulnerability
2008-04-03 13:09:14 +00:00
1c3bd4b930
fix Linux build
2008-04-02 19:02:50 +00:00
5ae92982aa
properly fix the variable stack allocation code.
2008-03-28 21:18:45 +00:00
fe6642740b
Still from Cyrus Rahman: fix file descriptor leak introduced by previous
...
commit.
2008-03-28 20:28:14 +00:00
1d223a6207
From Cyrus Rahman: Allow interface reconfiguration when running in privilege separation mode, document privilege separation
2008-03-28 04:18:52 +00:00
182dbe8881
From Cyrus Rahman <crahman@gmail.com>
...
Allow interface reconfiguration when running in privilege separation mode,
document privilege separation
2008-03-28 04:18:51 +00:00
eaec738d10
align cast with heimdal source
...
http://loka.it.su.se/fisheye/changelog/heimdal/?cs=22773
2008-03-24 20:05:57 +00:00
0b9b01afa9
Heimdal cannot easily detect wether the system uses kerberos or not
...
on a client. For now, turn on the hack, that causes heimdal to fail
when there is no config file. ok'd by lha.
2008-03-24 13:56:41 +00:00
d0bda29ecc
fix compilation on alpha.
2008-03-24 08:27:23 +00:00
b2156dc123
The sig_atomic_t type isn't necessarily compatible with %d printf format;
...
cast to int before printing.
2008-03-23 23:09:04 +00:00
7ae544fc2d
Remove computed source files that may confuse mkdep.
2008-03-22 19:15:21 +00:00
fcf1d7cd15
Remove computed source files that may confuse mkdep.
2008-03-22 16:17:50 +00:00
e160244ccb
match whitespace after RCSID
2008-03-22 13:08:21 +00:00
1ea66c56df
NetBSD uses __RCSID
2008-03-22 13:03:05 +00:00
5d9c8e15e0
Import Heimdal-1.1
...
one more missing file
2008-03-22 10:35:47 +00:00
d5be9e9c1d
Import Heimdal-1.1
...
more files
2008-03-22 09:39:22 +00:00
2370a334ab
Import Heimdal-1.1
...
more missing files
2008-03-22 09:29:55 +00:00
b0f88a0388
Import Heimdal-1.1
2008-03-22 08:36:48 +00:00
b5ae261d16
Generates a log if cert validation has been disabled by configuration
2008-03-06 17:00:03 +00:00
b6b6316484
From Cyrus Rahman <crahman@gmail.com>
...
privilegied instance exit when unprivilegied one terminates. Save PID in real root, not in chroot
2008-03-06 04:29:20 +00:00
1e1f81eb1d
Add the ability to initiate IPsec SA negotiations using the admin socket.
...
Submitted by Timo Teras.
2008-03-06 00:46:04 +00:00
3fd729ad89
Refactor admin socket event protocol to be less error prone. Backwards compatibility is provided. Submitted by Timo Teras.
2008-03-06 00:34:11 +00:00
089a95fdcd
Refactor admin socket event protocol to be less error prone. Backwards
...
compatibility is provided. Submitted by Timmo Teras.
2008-03-06 00:34:10 +00:00
5e5c5d5011
Properly initialize the unity network struct to prevent erroneous protocol
...
and port info from being transmitted.
2008-03-05 22:27:50 +00:00
f771df75b3
Reload SPD on SIGHUP or adminport reload. Also provide better handling for
...
pfkey socket read errors. Submitted by Timo Teras.
2008-03-05 22:09:44 +00:00
5ae99b01fd
Missing entries for last changes
2008-02-25 20:14:05 +00:00
6ee9ace370
From Brian Haley <brian.haley@hp.com>
...
There's a cut/paste error in cmp_aproppair_i(), it's supposed to be
checking spi_size but it's not. I'm not sure this patch is correct, but
what's there isn't either.
2008-02-25 20:06:55 +00:00
ebc590d76a
Fix address length, from Brian Haley
2008-02-22 18:50:03 +00:00
2bbccfb905
yyparse returns int, not void.
2008-02-16 18:29:39 +00:00
a91c432416
closes PR bin/37644
...
did not meet violent opposition ( :) ) on ipsec-tools-devel
2008-02-10 12:11:08 +00:00
christos