Commit Graph

294 Commits

Author SHA1 Message Date
itojun 880aff49c4 buffix from openbsd tree: users config should overwrite system config. 2001-10-02 00:39:14 +00:00
itojun ba613513e8 sync with openssh 2.9.9 around 9/27. 2001-09-27 03:24:01 +00:00
itojun bcdc367f57 OpenSSH 2.9.9 as of 2001/9/27 2001-09-27 02:00:33 +00:00
itojun 00489c2412 apply the following advisory. 2.9.9 will be imported soon.
Subject: OpenSSH Security Advisory (adv.option)
From: Markus Friedl <markus@openbsd.org>
Message-ID: <20010926231823.A15229@folly>
2001-09-27 00:12:42 +00:00
wiz 4c99916337 va_{start,end} audit:
Make sure that each va_start has one and only one matching va_end,
especially in error cases.
If the va_list is used multiple times, do multiple va_starts/va_ends.
If a function gets va_list as argument, don't let it use va_end (since
it's the callers responsibility).

Improved by comments from enami and christos -- thanks!

Heimdal/krb4/KAME changes already fed back, rest to follow.

Inspired by, but not not based on, OpenBSD.
2001-09-24 13:22:25 +00:00
wiz f6f3964e5e Remove formatted man pages. Ok'd by joda. 2001-09-24 12:37:41 +00:00
assar 7b980ee03e remove files that were not part of last import 2001-09-23 05:03:52 +00:00
assar ea130a2327 removed not-used files
noticed by Bernd Ernesti <netbsd@veego.de>
2001-09-21 14:40:30 +00:00
thorpej 123c0ecfea Printf formats on LP64. 2001-09-18 03:11:22 +00:00
assar c6cbe4853a fix merge-o's 2001-09-17 15:06:48 +00:00
assar 5b9616a3e3 merge heimdal 0.4e 2001-09-17 12:32:33 +00:00
assar e4d8a8f3dd import of heimdal 0.4e 2001-09-17 12:24:30 +00:00
assar d318b56bd0 merge krb4-1.1 2001-09-17 12:21:41 +00:00
assar 1877630d24 import krb4-1.1 2001-09-17 12:09:38 +00:00
cjs d814de63b5 For consistency, make permit_root_login default to PERMIT_NO if not specified
in the config file. Thanks to itojun for pointing this out.
2001-09-03 04:23:10 +00:00
simonb 8d327e93bf Include <string.h> for memcpy() prototype. 2001-09-02 08:45:22 +00:00
itojun ee42f09d5b upgrade to KAME 2001/8/31. 2001-08-31 10:36:08 +00:00
itojun 9e9f5f3086 KAME as of 2001/8/31 2001-08-31 09:59:03 +00:00
cjs da09d12c1e Document that PermitRootLogin's default is now "no". 2001-08-31 09:00:29 +00:00
cjs 894936aa50 Do not permit direct root logins. This makes ssh consistent with
NetBSD's default security policy in this area: if you are not on
a secure terminal, you must be able to authenticate as a user in
the "wheel" group before you may attempt to authenticate as root
using the root password.
2001-08-31 08:16:24 +00:00
itojun e99543f805 validate certs correctly. sync with kame 2001-08-06 08:17:40 +00:00
itojun 0f6cbd66d3 need string.h for alpha. from chuck 2001-08-06 05:48:50 +00:00
itojun d4d587fb31 (should) fix build on alpha. From: Chuck Silvers <chuq@chuq.com> 2001-08-05 18:52:13 +00:00
garbled 7c0934f7f5 While writing sushi's support for sshd.conf, I found out that the manpage
lies wrt to MaxStartups.  Make the manpage match the code.
2001-08-03 02:29:07 +00:00
itojun 5abda287b4 Get rid of "Os KAME". 2001-08-02 12:19:45 +00:00
itojun 366bd307b0 sync with 2001/8/2 KAME racoon/libipsec. 2001-08-02 12:15:00 +00:00
itojun 7295c743a4 bring in latest racoon/libipsec from KAME. lots of lots of stability fixes. 2001-08-02 12:06:08 +00:00
manu 3f1d5c2789 sshd is now able to log in an user if the filesystem is readonly and the tty
owned by root. Note that the tty still must be mode 620, and sshd does not
check which group owns the tty (more problems here?).
This closes NetBSD PR bin/13499
The fix has been commited to OpenSSH CVS. See OpenBSD's PR user/1946.
2001-07-27 23:34:27 +00:00
assar 76371341d1 remove a (potentially) double free 2001-07-18 21:54:56 +00:00
itojun 7fc834dc03 upgrade to 0.9.6b. no shlib major/minor bump is necessary. 2001-07-11 06:50:53 +00:00
itojun 0eb42056bd OpenSSL 0.9.6b 2001-07-11 03:54:20 +00:00
itojun a549080f85 OpenSSL 0.9.6b 2001-07-11 03:53:32 +00:00
wiz c1f85780da Remove another one, noted by Love <lha@stacken.kth.se>, confirmed by thorpej. 2001-07-10 21:52:46 +00:00
itojun 7d076b538c fix PRNG weakness. the workaround presented on bugtraq posting. 2001-07-10 14:01:26 +00:00
wiz eed063b542 Remove some items that have been done, and improve description on some
others.
2001-07-09 21:01:31 +00:00
wiz 7615e78c24 Remove formatted man pages. 2001-07-08 19:20:55 +00:00
hubertf f5bb393643 add missing .El 2001-07-05 20:47:31 +00:00
hubertf d8ec602681 Note: just because our macros/groff/whatever terminates .Bl internall for a
new .Sh doesn't mean the ending .El should be omitted
2001-06-26 00:52:59 +00:00
hubertf d91e447e6b PRevent one of these:
List open at EOF -- A .Bl directive has no matching .El
2001-06-25 23:37:27 +00:00
wiz 419e44fdc2 Mostly formatting fixes. 2001-06-24 17:44:11 +00:00
veego 7b726945ac There is no photurisd(8). 2001-06-24 17:29:43 +00:00
assar f9feddfb52 add string.h, noted by Staffan Thomen <duck@multi.fi> 2001-06-23 22:42:43 +00:00
itojun 69d60502fe upgrade to openssh 2.9, around 2001/6/24 (from openbsd usr.bin/ssh).
- authorized_keys2 and known_hosts2 are obsoleted, and integrated
  into those without "2".
- file name change, /etc/primes -> /etc/moduli
- cleanups
2001-06-23 19:37:38 +00:00
itojun 0d521994cf OpenBSD 2001/6/24 2001-06-23 19:09:44 +00:00
itojun 6cc43ed622 OpenSSH 2.9 as of 2001/6/24 2001-06-23 16:36:22 +00:00
itojun 5324608adc reject expired password/account. warn if interactive && about to expire.
ala login(1).  From: Brian Poole <raj@cerias.purdue.edu>

XXX code duplicate with login(1) - should be solved by BSD AUTH code integration
2001-06-23 08:08:04 +00:00
itojun fed4515da9 bump netbsd-local version number to identify X11 "cookies" fix 2001-06-20 07:49:45 +00:00
assar 4b1c7f1857 update generated heimdal include files for 0.3f
update Makefile infrastructure for 0.3f
bump shared library versions
fix some merge problems
2001-06-20 02:01:18 +00:00
assar df54fb31c9 merge in conflicts after 0.3f import 2001-06-19 22:39:52 +00:00
assar c6c55d41cd import of heimdal 0.3f 2001-06-19 22:08:08 +00:00