diff options
46 files changed, 555 insertions, 247 deletions
diff --git a/ChangeLog b/ChangeLog index d6e4a4a25ae5..39e0ba45dd76 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,120 @@ -20100307 +20100410 + - (dtucker) [configure.ac] Put the check for the existence of getaddrinfo + back so we disable the IPv6 tests if we don't have it. + +20100409 + - (dtucker) [contrib/cygwin/Makefile] Don't overwrite files with the wrong + ones. Based on a patch from Roumen Petrov. + - (dtucker) [configure.ac] Bug #1744: use pkg-config for libedit flags if we + have it and the path is not provided to --with-libedit. Based on a patch + from Iain Morgan. + - (dtucker) [configure.ac defines.h loginrec.c logintest.c] Bug #1732: enable + utmpx support on FreeBSD where possible. Patch from Ed Schouten, ok djm@ + +20100326 + - (djm) [openbsd-compat/bsd-arc4random.c] Fix preprocessor detection + for arc4random_buf() and arc4random_uniform(); from Josh Gilkerson + - (dtucker) [configure.ac] Bug #1741: Add section for Haiku, patch originally + by Ingo Weinhold via Scott McCreary, ok djm@ + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2010/03/25 23:38:28 + [servconf.c] + from portable: getcwd(NULL, 0) doesn't work on all platforms, so + use a stack buffer; ok dtucker@ + - djm@cvs.openbsd.org 2010/03/26 00:26:58 + [ssh.1] + mention that -S none disables connection sharing; from Colin Watson + - (djm) [session.c] Allow ChrootDirectory to work on SELinux platforms - + set up SELinux execution context before chroot() call. From Russell + Coker via Colin watson; bz#1726 ok dtucker@ + - (djm) [channels.c] Check for EPFNOSUPPORT as a socket() errno; bz#1721 + ok dtucker@ + - (dtucker) Bug #1725: explicitly link libX11 into gnome-ssh-askpass2 using + pkg-config, patch from Colin Watson. Needed for newer linkers (ie gold). + - (djm) [contrib/ssh-copy-id] Don't blow up when the agent has no keys; + bz#1723 patch from Adeodato Simóvia Colin Watson; ok dtucker@ + - (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2010/03/26 01:06:13 + [ssh_config.5] + Reformat default value of PreferredAuthentications entry (current + formatting implies ", " is acceptable as a separator, which it's not. + ok djm@ + +20100324 + - (dtucker) [contrib/cygwin/ssh-host-config] Mount the Windows directory + containing the services file explicitely case-insensitive. This allows to + tweak the Windows services file reliably. Patch from vinschen at redhat. + +20100321 + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2010/03/08 09:41:27 + [ssh-keygen.1] + sort the list of constraints (to -O); ok djm + - jmc@cvs.openbsd.org 2010/03/10 07:40:35 + [ssh-keygen.1] + typos; from Ross Richardson + closes prs 6334 and 6335 + - djm@cvs.openbsd.org 2010/03/10 23:27:17 + [auth2-pubkey.c] + correct certificate logging and make it more consistent between + authorized_keys and TrustedCAKeys; ok markus@ + - djm@cvs.openbsd.org 2010/03/12 01:06:25 + [servconf.c] + unbreak AuthorizedKeys option with a $HOME-relative path; reported by + vinschen AT redhat.com, ok dtucker@ + - markus@cvs.openbsd.org 2010/03/12 11:37:40 + [servconf.c] + do not prepend AuthorizedKeysFile with getcwd(), unbreaks relative paths + free() (not xfree()) the buffer returned by getcwd() + - djm@cvs.openbsd.org 2010/03/13 21:10:38 + [clientloop.c] + protocol conformance fix: send language tag when disconnecting normally; + spotted by 1.41421 AT gmail.com, ok markus@ deraadt@ + - djm@cvs.openbsd.org 2010/03/13 21:45:46 + [ssh-keygen.1] + Certificates are named *-cert.pub, not *_cert.pub; committing a diff + from stevesk@ ok me + - jmc@cvs.openbsd.org 2010/03/13 23:38:13 + [ssh-keygen.1] + fix a formatting error (args need quoted); noted by stevesk + - stevesk@cvs.openbsd.org 2010/03/15 19:40:02 + [key.c key.h ssh-keygen.c] + also print certificate type (user or host) for ssh-keygen -L + ok djm kettenis + - stevesk@cvs.openbsd.org 2010/03/16 15:46:52 + [auth-options.c] + spelling in error message. ok djm kettenis + - djm@cvs.openbsd.org 2010/03/16 16:36:49 + [version.h] + crank version to openssh-5.5 since we have a few fixes since 5.4; + requested deraadt@ kettenis@ + - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] + [contrib/suse/openssh.spec] Crank version numbers + +20100314 + - (djm) [ssh-pkcs11-helper.c] Move #ifdef to after #defines to fix + compilation failure when !HAVE_DLOPEN. Reported by felix-mindrot + AT fefe.de + - (djm) [Makefile.in] Respecify -lssh after -lopenbsd-compat for + ssh-pkcs11-helper to repair static builds (we do the same for + ssh-keyscan). Reported by felix-mindrot AT fefe.de + +20100312 + - (tim) [Makefile.in] Now that scard is gone, no need to make $(datadir) + - (tim) [Makefile.in] Add missing $(EXEEXT) to install targets. + Patch from Corinna Vinschen. + - (tim) [contrib/cygwin/Makefile] Fix list of documentation files to install + on a Cygwin installation. Patch from Corinna Vinschen. + +20100311 + - (tim) [contrib/suse/openssh.spec] crank version number here too. + report by imorgan AT nas.nasa.gov + +20100309 + - (dtucker) [configure.ac] Use a proper AC_CHECK_DECL for BROKEN_GETADDRINFO + so setting it in CFLAGS correctly skips IPv6 tests. + +20100308 - (djm) OpenBSD CVS Sync - djm@cvs.openbsd.org 2010/03/07 22:16:01 [ssh-keygen.c] diff --git a/Makefile.in b/Makefile.in index 69e3567da2dc..476674b0e49f 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.306 2010/02/24 07:18:51 djm Exp $ +# $Id: Makefile.in,v 1.309 2010/03/13 21:41:34 djm Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -160,7 +160,7 @@ ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o roaming_dummy.o readco $(LD) -o $@ ssh-keysign.o readconf.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o - $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o $(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) @@ -249,26 +249,25 @@ install-files: $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir) $(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir) $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir) - $(srcdir)/mkinstalldirs $(DESTDIR)$(datadir) $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1 $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5 $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8 $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir) (umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH)) - $(INSTALL) -m 0755 $(STRIP_OPT) ssh $(DESTDIR)$(bindir)/ssh - $(INSTALL) -m 0755 $(STRIP_OPT) scp $(DESTDIR)$(bindir)/scp - $(INSTALL) -m 0755 $(STRIP_OPT) ssh-add $(DESTDIR)$(bindir)/ssh-add - $(INSTALL) -m 0755 $(STRIP_OPT) ssh-agent $(DESTDIR)$(bindir)/ssh-agent - $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen $(DESTDIR)$(bindir)/ssh-keygen - $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan $(DESTDIR)$(bindir)/ssh-keyscan - $(INSTALL) -m 0755 $(STRIP_OPT) sshd $(DESTDIR)$(sbindir)/sshd + $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT) + $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT) + $(INSTALL) -m 0755 $(STRIP_OPT) ssh-add$(EXEEXT) $(DESTDIR)$(bindir)/ssh-add$(EXEEXT) + $(INSTALL) -m 0755 $(STRIP_OPT) ssh-agent$(EXEEXT) $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT) + $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT) + $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT) + $(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT) if test ! -z "$(INSTALL_SSH_RAND_HELPER)" ; then \ - $(INSTALL) -m 0755 $(STRIP_OPT) ssh-rand-helper $(DESTDIR)$(libexecdir)/ssh-rand-helper ; \ + $(INSTALL) -m 0755 $(STRIP_OPT) ssh-rand-helper$(EXEEXT) $(DESTDIR)$(libexecdir)/ssh-rand-helper$(EXEEXT) ; \ fi - $(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign $(DESTDIR)$(SSH_KEYSIGN) - $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper $(DESTDIR)$(SSH_PKCS11_HELPER) - $(INSTALL) -m 0755 $(STRIP_OPT) sftp $(DESTDIR)$(bindir)/sftp - $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server $(DESTDIR)$(SFTP_SERVER) + $(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT) + $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT) + $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT) + $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 @@ -1,4 +1,4 @@ -See http://www.openssh.com/txt/release-5.4 for the release notes. +See http://www.openssh.com/txt/release-5.5 for the release notes. - A Japanese translation of this document and of the OpenSSH FAQ is - available at http://www.unixuser.org/~haruyama/security/openssh/index.html @@ -62,4 +62,4 @@ References - [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 [7] http://www.openssh.com/faq.html -$Id: README,v 1.72 2010/03/07 22:41:02 djm Exp $ +$Id: README,v 1.73 2010/03/21 19:11:55 djm Exp $ diff --git a/auth-options.c b/auth-options.c index 129301765b77..69b314fbd11a 100644 --- a/auth-options.c +++ b/auth-options.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.c,v 1.48 2010/03/07 11:57:13 dtucker Exp $ */ +/* $OpenBSD: auth-options.c,v 1.49 2010/03/16 15:46:52 stevesk Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -434,7 +434,7 @@ auth_cert_constraints(Buffer *c_orig, struct passwd *pw) goto out; } if (strlen(command) != clen) { - error("force-command constrain contains \\0"); + error("force-command constraint contains \\0"); goto out; } if (cert_forced_command != NULL) { @@ -454,7 +454,7 @@ auth_cert_constraints(Buffer *c_orig, struct passwd *pw) goto out; } if (strlen(allowed) != clen) { - error("source-address constrain contains \\0"); + error("source-address constraint contains \\0"); goto out; } if (cert_source_address_done++) { diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 51aa774872b3..c4cadf4e78c2 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.21 2010/03/04 10:36:03 djm Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.22 2010/03/10 23:27:17 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -240,22 +240,26 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file) continue; if (!key_equal(found, key->cert->signature_key)) continue; - debug("matching CA found: file %s, line %lu", - file, linenum); fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX); - verbose("Found matching %s CA: %s", - key_type(found), fp); - xfree(fp); + debug("matching CA found: file %s, line %lu, %s %s", + file, linenum, key_type(found), fp); if (key_cert_check_authority(key, 0, 0, pw->pw_name, &reason) != 0) { + xfree(fp); error("%s", reason); auth_debug_add("%s", reason); continue; } if (auth_cert_constraints(&key->cert->constraints, - pw) != 0) + pw) != 0) { + xfree(fp); continue; + } + verbose("Accepted certificate ID \"%s\" " + "signed by %s CA %s via %s", key->cert->key_id, + key_type(found), fp, file); + xfree(fp); found_key = 1; break; } else if (!key_is_cert_authority && key_equal(found, key)) { @@ -281,15 +285,15 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file) static int user_cert_trusted_ca(struct passwd *pw, Key *key) { - char *key_fp, *ca_fp; + char *ca_fp; const char *reason; int ret = 0; if (!key_is_cert(key) || options.trusted_user_ca_keys == NULL) return 0; - key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); - ca_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); + ca_fp = key_fingerprint(key->cert->signature_key, + SSH_FP_MD5, SSH_FP_HEX); if (key_in_file(key->cert->signature_key, options.trusted_user_ca_keys, 1) != 1) { @@ -306,13 +310,12 @@ user_cert_trusted_ca(struct passwd *pw, Key *key) if (auth_cert_constraints(&key->cert->constraints, pw) != 0) goto out; - verbose("%s certificate %s allowed by trusted %s key %s", - key_type(key), key_fp, key_type(key->cert->signature_key), ca_fp); + verbose("Accepted certificate ID \"%s\" signed by %s CA %s via %s", + key->cert->key_id, key_type(key->cert->signature_key), ca_fp, + options.trusted_user_ca_keys); ret = 1; out: - if (key_fp != NULL) - xfree(key_fp); if (ca_fp != NULL) xfree(ca_fp); return ret; diff --git a/channels.c b/channels.c index d8c53a4a8f2b..a55d27817573 100644 --- a/channels.c +++ b/channels.c @@ -3252,7 +3252,11 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); if (sock < 0) { - if ((errno != EINVAL) && (errno != EAFNOSUPPORT)) { + if ((errno != EINVAL) && (errno != EAFNOSUPPORT) +#ifdef EPFNOSUPPORT + && (errno != EPFNOSUPPORT) +#endif + ) { error("socket: %.100s", strerror(errno)); freeaddrinfo(aitop); return -1; diff --git a/clientloop.c b/clientloop.c index 6ffef95a2d77..9ab56b44c477 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.218 2010/01/28 00:21:18 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.219 2010/03/13 21:10:38 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1484,6 +1484,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) packet_start(SSH2_MSG_DISCONNECT); packet_put_int(SSH2_DISCONNECT_BY_APPLICATION); packet_put_cstring("disconnected by user"); + packet_put_cstring(""); /* language tag */ packet_send(); packet_write_wait(); } diff --git a/config.h.in b/config.h.in index a61dec6095d3..a43ad57115d6 100644 --- a/config.h.in +++ b/config.h.in @@ -80,9 +80,6 @@ /* Define if you want to specify the path to your lastlog file */ #undef CONF_LASTLOG_FILE -/* Define if you want to specify the path to your utmpx file */ -#undef CONF_UTMPX_FILE - /* Define if you want to specify the path to your utmp file */ #undef CONF_UTMP_FILE @@ -455,6 +452,9 @@ /* Define to 1 if you have the `getutxline' function. */ #undef HAVE_GETUTXLINE +/* Define to 1 if you have the `getutxuser' function. */ +#undef HAVE_GETUTXUSER + /* Define to 1 if you have the `get_default_context_with_level' function. */ #undef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL @@ -551,6 +551,9 @@ /* Define if system has libiaf that supports set_id */ #undef HAVE_LIBIAF +/* Define to 1 if you have the `network' library (-lnetwork). */ +#undef HAVE_LIBNETWORK + /* Define to 1 if you have the `nsl' library (-lnsl). */ #undef HAVE_LIBNSL @@ -804,6 +807,9 @@ /* Define to 1 if you have the `setutent' function. */ #undef HAVE_SETUTENT +/* Define to 1 if you have the `setutxdb' function. */ +#undef HAVE_SETUTXDB + /* Define to 1 if you have the `setutxent' function. */ #undef HAVE_SETUTXENT diff --git a/configure b/configure index 7c19fc204a5f..5ebdb15c610b 100755 --- a/configure +++ b/configure @@ -1,5 +1,5 @@ #! /bin/sh -# From configure.ac Revision: 1.444 . +# From configure.ac Revision: 1.449 . # Guess values for system-dependent variables and create Makefiles. # Generated by GNU Autoconf 2.61 for OpenSSH Portable. # @@ -693,6 +693,7 @@ LOGIN_PROGRAM_FALLBACK PATH_PASSWD_PROG LD SSHDLIBS +PKGCONFIG LIBEDIT INSTALL_SSH_RAND_HELPER SSH_PRIVSEP_USER @@ -7435,6 +7436,85 @@ fi *-*-dragonfly*) SSHDLIBS="$SSHDLIBS -lcrypt" ;; +*-*-haiku*) + LIBS="$LIBS -lbsd " + +{ echo "$as_me:$LINENO: checking for socket in -lnetwork" >&5 +echo $ECHO_N "checking for socket in -lnetwork... $ECHO_C" >&6; } +if test "${ac_cv_lib_network_socket+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lnetwork $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char socket (); +int +main () +{ +return socket (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + ac_cv_lib_network_socket=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_lib_network_socket=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ echo "$as_me:$LINENO: result: $ac_cv_lib_network_socket" >&5 +echo "${ECHO_T}$ac_cv_lib_network_socket" >&6; } +if test $ac_cv_lib_network_socket = yes; then + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBNETWORK 1 +_ACEOF + + LIBS="-lnetwork $LIBS" + +fi + + cat >>confdefs.h <<\_ACEOF +#define HAVE_U_INT64_T 1 +_ACEOF + + MANTYPE=man + ;; *-*-hpux*) # first we define all of the options common to all HP-UX releases CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" @@ -12326,7 +12406,61 @@ LIBEDIT_MSG="no" # Check whether --with-libedit was given. if test "${with_libedit+set}" = set; then withval=$with_libedit; if test "x$withval" != "xno" ; then - if test "x$withval" != "xyes"; then + if test "x$withval" = "xyes" ; then + # Extract the first word of "pkg-config", so it can be a program name with args. +set dummy pkg-config; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_path_PKGCONFIG+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + case $PKGCONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PKGCONFIG="$PKGCONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_path_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + + test -z "$ac_cv_path_PKGCONFIG" && ac_cv_path_PKGCONFIG="no" + ;; +esac +fi +PKGCONFIG=$ac_cv_path_PKGCONFIG +if test -n "$PKGCONFIG"; then + { echo "$as_me:$LINENO: result: $PKGCONFIG" >&5 +echo "${ECHO_T}$PKGCONFIG" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + + if test "x$PKGCONFIG" != "xno"; then + { echo "$as_me:$LINENO: checking if $PKGCONFIG knows about libedit" >&5 +echo $ECHO_N "checking if $PKGCONFIG knows about libedit... $ECHO_C" >&6; } + if "$PKGCONFIG" libedit; then + { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } + use_pkgconfig_for_libedit=yes + else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + fi + fi + else CPPFLAGS="$CPPFLAGS -I${withval}/include" if test -n "${need_dash_r}"; then LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" @@ -12334,13 +12468,20 @@ if test "${with_libedit+set}" = set; then LDFLAGS="-L${withval}/lib ${LDFLAGS}" fi fi + if test "x$use_pkgconfig_for_libedit" == "xyes"; then + LIBEDIT=`$PKGCONFIG --libs-only-l libedit` + CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" + else + LIBEDIT="-ledit -lcurses" + fi + OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` { echo "$as_me:$LINENO: checking for el_init in -ledit" >&5 echo $ECHO_N "checking for el_init in -ledit... $ECHO_C" >&6; } if test "${ac_cv_lib_edit_el_init+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS -LIBS="-ledit -lcurses +LIBS="-ledit $OTHERLIBS $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ @@ -12402,7 +12543,6 @@ cat >>confdefs.h <<\_ACEOF #define USE_LIBEDIT 1 _ACEOF - LIBEDIT="-ledit -lcurses" LIBEDIT_MSG="yes" @@ -14961,7 +15101,8 @@ done -for ac_func in endutxent getutxent getutxid getutxline pututxline + +for ac_func in endutxent getutxent getutxid getutxline getutxuser pututxline do as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` { echo "$as_me:$LINENO: checking for $ac_func" >&5 @@ -15056,7 +15197,8 @@ done -for ac_func in setutxent utmpxname + +for ac_func in setutxdb setutxent utmpxname do as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` { echo "$as_me:$LINENO: checking for $ac_func" >&5 @@ -29373,8 +29515,8 @@ _ACEOF fi -{ echo "$as_me:$LINENO: checking if your system defines UTMPX_FILE" >&5 -echo $ECHO_N "checking if your system defines UTMPX_FILE... $ECHO_C" >&6; } +{ echo "$as_me:$LINENO: checking if your system defines WTMPX_FILE" >&5 +echo $ECHO_N "checking if your system defines WTMPX_FILE... $ECHO_C" >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF @@ -29394,7 +29536,7 @@ cat >>conftest.$ac_ext <<_ACEOF int main () { - char *utmpx = UTMPX_FILE; + char *wtmpx = WTMPX_FILE; ; return 0; } @@ -29424,48 +29566,59 @@ sed 's/^/| /' conftest.$ac_ext >&5 { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } - system_utmpx_path=no + system_wtmpx_path=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -if test -z "$conf_utmpx_location"; then - if test x"$system_utmpx_path" = x"no" ; then +if test -z "$conf_wtmpx_location"; then + if test x"$system_wtmpx_path" = x"no" ; then cat >>confdefs.h <<\_ACEOF -#define DISABLE_UTMPX 1 +#define DISABLE_WTMPX 1 _ACEOF fi else cat >>confdefs.h <<_ACEOF -#define CONF_UTMPX_FILE "$conf_utmpx_location" +#define CONF_WTMPX_FILE "$conf_wtmpx_location" _ACEOF fi -{ echo "$as_me:$LINENO: checking if your system defines WTMPX_FILE" >&5 -echo $ECHO_N "checking if your system defines WTMPX_FILE... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF + +if test ! -z "$blibpath" ; then + LDFLAGS="$LDFLAGS $blibflags$blibpath" + { echo "$as_me:$LINENO: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&5 +echo "$as_me: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&2;} +fi + +CFLAGS="$CFLAGS $werror_flags" + +if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then + TEST_SSH_IPV6=no +else + TEST_SSH_IPV6=yes +fi +{ echo "$as_me:$LINENO: checking whether BROKEN_GETADDRINFO is declared" >&5 +echo $ECHO_N "checking whether BROKEN_GETADDRINFO is declared... $ECHO_C" >&6; } +if test "${ac_cv_have_decl_BROKEN_GETADDRINFO+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ - -#include <sys/types.h> -#include <utmp.h> -#ifdef HAVE_UTMPX_H -#include <utmpx.h> -#endif -#ifdef HAVE_PATHS_H -# include <paths.h> -#endif - +$ac_includes_default int main () { - char *wtmpx = WTMPX_FILE; +#ifndef BROKEN_GETADDRINFO + (void) BROKEN_GETADDRINFO; +#endif + ; return 0; } @@ -29487,51 +29640,24 @@ eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + ac_cv_have_decl_BROKEN_GETADDRINFO=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - system_wtmpx_path=no - + ac_cv_have_decl_BROKEN_GETADDRINFO=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -if test -z "$conf_wtmpx_location"; then - if test x"$system_wtmpx_path" = x"no" ; then - cat >>confdefs.h <<\_ACEOF -#define DISABLE_WTMPX 1 -_ACEOF - - fi -else - -cat >>confdefs.h <<_ACEOF -#define CONF_WTMPX_FILE "$conf_wtmpx_location" -_ACEOF - fi - - -if test ! -z "$blibpath" ; then - LDFLAGS="$LDFLAGS $blibflags$blibpath" - { echo "$as_me:$LINENO: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&5 -echo "$as_me: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&2;} +{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_BROKEN_GETADDRINFO" >&5 +echo "${ECHO_T}$ac_cv_have_decl_BROKEN_GETADDRINFO" >&6; } +if test $ac_cv_have_decl_BROKEN_GETADDRINFO = yes; then + TEST_SSH_IPV6=no fi -CFLAGS="$CFLAGS $werror_flags" +TEST_SSH_IPV6=$TEST_SSH_IPV6 -if grep "#define BROKEN_GETADDRINFO 1" confdefs.h >/dev/null || \ - test "x$ac_cv_func_getaddrinfo" != "xyes" ; then - TEST_SSH_IPV6=no - -else - TEST_SSH_IPV6=yes - -fi ac_config_files="$ac_config_files Makefile buildpkg.sh opensshd.init openssh.xml openbsd-compat/Makefile openbsd-compat/regress/Makefile ssh_prng_cmds survey.sh" @@ -30236,6 +30362,7 @@ LOGIN_PROGRAM_FALLBACK!$LOGIN_PROGRAM_FALLBACK$ac_delim PATH_PASSWD_PROG!$PATH_PASSWD_PROG$ac_delim LD!$LD$ac_delim SSHDLIBS!$SSHDLIBS$ac_delim +PKGCONFIG!$PKGCONFIG$ac_delim LIBEDIT!$LIBEDIT$ac_delim INSTALL_SSH_RAND_HELPER!$INSTALL_SSH_RAND_HELPER$ac_delim SSH_PRIVSEP_USER!$SSH_PRIVSEP_USER$ac_delim @@ -30255,7 +30382,6 @@ PROG_VMSTAT!$PROG_VMSTAT$ac_delim PROG_UPTIME!$PROG_UPTIME$ac_delim PROG_IPCS!$PROG_IPCS$ac_delim PROG_TAIL!$PROG_TAIL$ac_delim -INSTALL_SSH_PRNG_CMDS!$INSTALL_SSH_PRNG_CMDS$ac_delim _ACEOF if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then @@ -30297,6 +30423,7 @@ _ACEOF ac_delim='%!_!# ' for ac_last_try in false false false false false :; do cat >conf$$subs.sed <<_ACEOF +INSTALL_SSH_PRNG_CMDS!$INSTALL_SSH_PRNG_CMDS$ac_delim KRB5CONF!$KRB5CONF$ac_delim PRIVSEP_PATH!$PRIVSEP_PATH$ac_delim xauth_path!$xauth_path$ac_delim @@ -30312,7 +30439,7 @@ LIBOBJS!$LIBOBJS$ac_delim LTLIBOBJS!$LTLIBOBJS$ac_delim _ACEOF - if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 13; then + if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 14; then break elif $ac_last_try; then { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 diff --git a/configure.ac b/configure.ac index a9960a7baff4..0a0e2ea15d0c 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.444 2010/03/05 04:04:35 djm Exp $ +# $Id: configure.ac,v 1.449 2010/04/10 12:58:01 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.444 $) +AC_REVISION($Revision: 1.449 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -488,6 +488,12 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) *-*-dragonfly*) SSHDLIBS="$SSHDLIBS -lcrypt" ;; +*-*-haiku*) + LIBS="$LIBS -lbsd " + AC_CHECK_LIB(network, socket) + AC_DEFINE(HAVE_U_INT64_T) + MANTYPE=man + ;; *-*-hpux*) # first we define all of the options common to all HP-UX releases CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" @@ -1248,7 +1254,18 @@ LIBEDIT_MSG="no" AC_ARG_WITH(libedit, [ --with-libedit[[=PATH]] Enable libedit support for sftp], [ if test "x$withval" != "xno" ; then - if test "x$withval" != "xyes"; then + if test "x$withval" = "xyes" ; then + AC_PATH_PROG(PKGCONFIG, pkg-config, no) + if test "x$PKGCONFIG" != "xno"; then + AC_MSG_CHECKING(if $PKGCONFIG knows about libedit) + if "$PKGCONFIG" libedit; then + AC_MSG_RESULT(yes) + use_pkgconfig_for_libedit=yes + else + AC_MSG_RESULT(no) + fi + fi + else CPPFLAGS="$CPPFLAGS -I${withval}/include" if test -n "${need_dash_r}"; then LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" @@ -1256,14 +1273,20 @@ AC_ARG_WITH(libedit, LDFLAGS="-L${withval}/lib ${LDFLAGS}" fi fi + if test "x$use_pkgconfig_for_libedit" == "xyes"; then + LIBEDIT=`$PKGCONFIG --libs-only-l libedit` + CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" + else + LIBEDIT="-ledit -lcurses" + fi + OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` AC_CHECK_LIB(edit, el_init, [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp]) - LIBEDIT="-ledit -lcurses" LIBEDIT_MSG="yes" AC_SUBST(LIBEDIT) ], [ AC_MSG_ERROR(libedit not found) ], - [ -lcurses ] + [ $OTHERLIBS ] ) AC_MSG_CHECKING(if libedit version is compatible) AC_COMPILE_IFELSE( @@ -1534,8 +1557,8 @@ dnl Checks for utmp functions AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent) AC_CHECK_FUNCS(utmpname) dnl Checks for utmpx functions -AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline ) -AC_CHECK_FUNCS(setutxent utmpxname) +AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline getutxuser pututxline) +AC_CHECK_FUNCS(setutxdb setutxent utmpxname) dnl Checks for lastlog functions AC_CHECK_FUNCS(getlastlogxbyname) @@ -4064,34 +4087,6 @@ if test -n "$conf_wtmp_location"; then fi -dnl utmpx detection - I don't know any system so perverse as to require -dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out -dnl there, though. -AC_MSG_CHECKING([if your system defines UTMPX_FILE]) -AC_TRY_COMPILE([ -#include <sys/types.h> -#include <utmp.h> -#ifdef HAVE_UTMPX_H -#include <utmpx.h> -#endif -#ifdef HAVE_PATHS_H -# include <paths.h> -#endif - ], - [ char *utmpx = UTMPX_FILE; ], - [ AC_MSG_RESULT(yes) ], - [ AC_MSG_RESULT(no) - system_utmpx_path=no ] -) -if test -z "$conf_utmpx_location"; then - if test x"$system_utmpx_path" = x"no" ; then - AC_DEFINE(DISABLE_UTMPX) - fi -else - AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location", - [Define if you want to specify the path to your utmpx file]) -fi - dnl wtmpx detection AC_MSG_CHECKING([if your system defines WTMPX_FILE]) AC_TRY_COMPILE([ @@ -4128,12 +4123,13 @@ dnl Adding -Werror to CFLAGS early prevents configure tests from running. dnl Add now. CFLAGS="$CFLAGS $werror_flags" -if grep "#define BROKEN_GETADDRINFO 1" confdefs.h >/dev/null || \ - test "x$ac_cv_func_getaddrinfo" != "xyes" ; then - AC_SUBST(TEST_SSH_IPV6, no) +if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then + TEST_SSH_IPV6=no else - AC_SUBST(TEST_SSH_IPV6, yes) + TEST_SSH_IPV6=yes fi +AC_CHECK_DECL(BROKEN_GETADDRINFO, TEST_SSH_IPV6=no) +AC_SUBST(TEST_SSH_IPV6, $TEST_SSH_IPV6) AC_EXEEXT AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ diff --git a/contrib/Makefile b/contrib/Makefile index 2cef46f6c6d3..8b34eb221ceb 100644 --- a/contrib/Makefile +++ b/contrib/Makefile @@ -9,7 +9,7 @@ gnome-ssh-askpass1: gnome-ssh-askpass1.c gnome-ssh-askpass2: gnome-ssh-askpass2.c $(CC) `pkg-config --cflags gtk+-2.0` \ gnome-ssh-askpass2.c -o gnome-ssh-askpass2 \ - `pkg-config --libs gtk+-2.0` + `pkg-config --libs gtk+-2.0 x11` clean: rm -f *.o gnome-ssh-askpass1 gnome-ssh-askpass2 gnome-ssh-askpass diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec index 7c291a0ebe1f..6bea9a40fdfb 100644 --- a/contrib/caldera/openssh.spec +++ b/contrib/caldera/openssh.spec @@ -17,11 +17,11 @@ #old cvs stuff. please update before use. may be deprecated. %define use_stable 1 %if %{use_stable} - %define version 5.4p1 + %define version 5.5p1 %define cvs %{nil} %define release 1 %else - %define version 5.4p1 + %define version 5.5p1 %define cvs cvs20050315 %define release 0r1 %endif @@ -360,4 +360,4 @@ fi * Mon Jan 01 1998 ... Template Version: 1.31 -$Id: openssh.spec,v 1.69 2010/03/07 22:41:03 djm Exp $ +$Id: openssh.spec,v 1.70 2010/03/21 19:11:58 djm Exp $ diff --git a/contrib/cygwin/Makefile b/contrib/cygwin/Makefile index 9f680c16cc24..dc857f2edb6b 100644 --- a/contrib/cygwin/Makefile +++ b/contrib/cygwin/Makefile @@ -42,11 +42,13 @@ install-sshdoc: $(INSTALL) -m 644 $(srcdir)/OVERVIEW $(DESTDIR)$(sshdocdir)/OVERVIEW $(INSTALL) -m 644 $(srcdir)/PROTOCOL $(DESTDIR)$(sshdocdir)/PROTOCOL $(INSTALL) -m 644 $(srcdir)/PROTOCOL.agent $(DESTDIR)$(sshdocdir)/PROTOCOL.agent + $(INSTALL) -m 644 $(srcdir)/PROTOCOL.certkeys $(DESTDIR)$(sshdocdir)/PROTOCOL.certkeys + $(INSTALL) -m 644 $(srcdir)/PROTOCOL.mux $(DESTDIR)$(sshdocdir)/PROTOCOL.mux $(INSTALL) -m 644 $(srcdir)/README $(DESTDIR)$(sshdocdir)/README $(INSTALL) -m 644 $(srcdir)/README.dns $(DESTDIR)$(sshdocdir)/README.dns $(INSTALL) -m 644 $(srcdir)/README.platform $(DESTDIR)$(sshdocdir)/README.platform $(INSTALL) -m 644 $(srcdir)/README.privsep $(DESTDIR)$(sshdocdir)/README.privsep - $(INSTALL) -m 644 $(srcdir)/README.smartcard $(DESTDIR)$(sshdocdir)/README.smartcard + $(INSTALL) -m 644 $(srcdir)/README.tun $(DESTDIR)$(sshdocdir)/README.tun $(INSTALL) -m 644 $(srcdir)/TODO $(DESTDIR)$(sshdocdir)/TODO $(INSTALL) -m 644 $(srcdir)/WARNING.RNG $(DESTDIR)$(sshdocdir)/WARNING.RNG diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config index b6f9511e2d01..d968d4619d54 100644 --- a/contrib/cygwin/ssh-host-config +++ b/contrib/cygwin/ssh-host-config @@ -90,7 +90,7 @@ update_services_file() { fi _serv_tmp="${_my_etcdir}/srv.out.$$" - mount -o text -f "${_win_etcdir}" "${_my_etcdir}" + mount -o text,posix=0,noacl -f "${_win_etcdir}" "${_my_etcdir}" # Depends on the above mount _wservices=`cygpath -w "${_services}"` diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index de24f1c5d7e9..c13cfe60d324 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -1,4 +1,4 @@ -%define ver 5.4p1 +%define ver 5.5p1 %define rel 1 # OpenSSH privilege separation requires a user & group ID diff --git a/contrib/ssh-copy-id b/contrib/ssh-copy-id index df74d25c8c0d..65c0a8cd8635 100644 --- a/contrib/ssh-copy-id +++ b/contrib/ssh-copy-id @@ -19,7 +19,7 @@ if [ "-i" = "$1" ]; then shift # and this should leave $1 as the target name fi else - if [ x$SSH_AUTH_SOCK != x ] ; then + if [ x$SSH_AUTH_SOCK != x ] && ssh-add -L >/dev/null 2>&1; then GET_ID="$GET_ID ssh-add -L" fi fi diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index c09246d1ff04..52ed915dc822 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec @@ -13,7 +13,7 @@ Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation Name: openssh -Version: 5.3p1 +Version: 5.5p1 URL: http://www.openssh.com/ Release: 1 Source0: openssh-%{version}.tar.gz diff --git a/defines.h b/defines.h index c9b93bf7139b..fe25170e6188 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.159 2010/01/13 23:44:34 tim Exp $ */ +/* $Id: defines.h,v 1.160 2010/04/09 08:13:27 dtucker Exp $ */ /* Constants */ @@ -674,7 +674,7 @@ struct winsize { #else /* Simply select your favourite login types. */ /* Can't do if-else because some systems use several... <sigh> */ -# if defined(UTMPX_FILE) && !defined(DISABLE_UTMPX) +# if !defined(DISABLE_UTMPX) # define USE_UTMPX # endif # if defined(UTMP_FILE) && !defined(DISABLE_UTMP) @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.85 2010/03/04 01:44:57 djm Exp $ */ +/* $OpenBSD: key.c,v 1.86 2010/03/15 19:40:02 stevesk Exp $ */ /* * read_bignum(): * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -802,6 +802,19 @@ key_type(const Key *k) } const char * +key_cert_type(const Key *k) +{ + switch (k->cert->type) { + case SSH2_CERT_TYPE_USER: + return "user"; + case SSH2_CERT_TYPE_HOST: + return "host"; + default: + return "unknown"; + } +} + +const char * key_ssh_name(const Key *k) { switch (k->type) { @@ -1,4 +1,4 @@ -/* $OpenBSD: key.h,v 1.28 2010/02/26 20:29:54 djm Exp $ */ +/* $OpenBSD: key.h,v 1.29 2010/03/15 19:40:02 stevesk Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -82,6 +82,7 @@ int key_equal(const Key *, const Key *); char *key_fingerprint(Key *, enum fp_type, enum fp_rep); u_char *key_fingerprint_raw(Key *, enum fp_type, u_int *); const char *key_type(const Key *); +const char *key_cert_type(const Key *); int key_write(const Key *, FILE *); int key_read(Key *, char **); u_int key_size(const Key *); diff --git a/loginrec.c b/loginrec.c index bca95970711e..6f655cb16cd5 100644 --- a/loginrec.c +++ b/loginrec.c @@ -207,6 +207,7 @@ int syslogin_write_entry(struct logininfo *li); int getlast_entry(struct logininfo *li); int lastlog_get_entry(struct logininfo *li); +int utmpx_get_entry(struct logininfo *li); int wtmp_get_entry(struct logininfo *li); int wtmpx_get_entry(struct logininfo *li); @@ -508,6 +509,10 @@ getlast_entry(struct logininfo *li) #ifdef USE_LASTLOG return(lastlog_get_entry(li)); #else /* !USE_LASTLOG */ +#if defined(USE_UTMPX) && defined(HAVE_SETUTXDB) && \ + defined(UTXDB_LASTLOGIN) && defined(HAVE_GETUTXUSER) + return (utmpx_get_entry(li)); +#endif #if defined(DISABLE_LASTLOG) /* On some systems we shouldn't even try to obtain last login @@ -1608,6 +1613,32 @@ lastlog_get_entry(struct logininfo *li) #endif /* HAVE_GETLASTLOGXBYNAME */ #endif /* USE_LASTLOG */ +#if defined(USE_UTMPX) && defined(HAVE_SETUTXDB) && \ + defined(UTXDB_LASTLOGIN) && defined(HAVE_GETUTXUSER) +int +utmpx_get_entry(struct logininfo *li) +{ + struct utmpx *utx; + + if (setutxdb(UTXDB_LASTLOGIN, NULL) != 0) + return (0); + utx = getutxuser(li->username); + if (utx == NULL) { + endutxent(); + return (0); + } + + line_fullname(li->line, utx->ut_line, + MIN_SIZEOF(li->line, utx->ut_line)); + strlcpy(li->hostname, utx->ut_host, + MIN_SIZEOF(li->hostname, utx->ut_host)); + li->tv_sec = utx->ut_tv.tv_sec; + li->tv_usec = utx->ut_tv.tv_usec; + endutxent(); + return (1); +} +#endif /* USE_UTMPX && HAVE_SETUTXDB && UTXDB_LASTLOGIN && HAVE_GETUTXUSER */ + #ifdef USE_BTMP /* * Logs failed login attempts in _PATH_BTMP if that exists. diff --git a/logintest.c b/logintest.c index 7e9fbbfbbdc1..4897ae0f9e11 100644 --- a/logintest.c +++ b/logintest.c @@ -264,7 +264,7 @@ showOptions(void) printf("\tUSE_UTMP (UTMP_FILE=%s)\n", UTMP_FILE); #endif #ifdef USE_UTMPX - printf("\tUSE_UTMPX (UTMPX_FILE=%s)\n", UTMPX_FILE); + printf("\tUSE_UTMPX\n"); #endif #ifdef USE_WTMP printf("\tUSE_WTMP (WTMP_FILE=%s)\n", WTMP_FILE); @@ -69,4 +69,4 @@ SEE ALSO Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, 2006. -OpenBSD 4.6 June 26, 2008 2 +OpenBSD 4.7 June 26, 2008 2 diff --git a/openbsd-compat/bsd-arc4random.c b/openbsd-compat/bsd-arc4random.c index 9d4c8690eb18..d7c5862534f4 100644 --- a/openbsd-compat/bsd-arc4random.c +++ b/openbsd-compat/bsd-arc4random.c @@ -84,7 +84,7 @@ arc4random_stir(void) } #endif /* !HAVE_ARC4RANDOM */ -#ifndef ARC4RANDOM_BUF +#ifndef HAVE_ARC4RANDOM_BUF void arc4random_buf(void *_buf, size_t n) { @@ -102,7 +102,7 @@ arc4random_buf(void *_buf, size_t n) } #endif /* !HAVE_ARC4RANDOM_BUF */ -#ifndef ARC4RANDOM_UNIFORM +#ifndef HAVE_ARC4RANDOM_UNIFORM /* * Calculate a uniformly distributed random number less than upper_bound * avoiding "modulo bias". @@ -145,4 +145,4 @@ AUTHORS Timo Rinne <tri@iki.fi> Tatu Ylonen <ylo@cs.hut.fi> -OpenBSD 4.6 February 8, 2010 3 +OpenBSD 4.7 February 8, 2010 3 diff --git a/servconf.c b/servconf.c index f9e2f2dfd4c4..7d027ddb990a 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.204 2010/03/04 10:36:03 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.207 2010/03/25 23:38:28 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -470,15 +470,14 @@ parse_token(const char *cp, const char *filename, char * derelativise_path(const char *path) { - char *expanded, *ret, *cwd; + char *expanded, *ret, cwd[MAXPATHLEN]; expanded = tilde_expand_filename(path, getuid()); if (*expanded == '/') return expanded; - if ((cwd = getcwd(NULL, 0)) == NULL) + if (getcwd(cwd, sizeof(cwd)) == NULL) fatal("%s: getcwd: %s", __func__, strerror(errno)); xasprintf(&ret, "%s/%s", cwd, expanded); - xfree(cwd); xfree(expanded); return ret; } @@ -1223,7 +1222,17 @@ process_server_config_line(ServerOptions *options, char *line, charptr = (opcode == sAuthorizedKeysFile) ? &options->authorized_keys_file : &options->authorized_keys_file2; - goto parse_filename; + arg = strdelim(&cp); + if (!arg || *arg == '\0') + fatal("%s line %d: missing file name.", + filename, linenum); + if (*activep && *charptr == NULL) { + *charptr = tilde_expand_filename(arg, getuid()); + /* increase optional counter */ + if (intptr != NULL) + *intptr = *intptr + 1; + } + break; case sClientAliveInterval: intptr = &options->client_alive_interval; diff --git a/session.c b/session.c index 639405fec304..e032de6926f5 100644 --- a/session.c +++ b/session.c @@ -1551,6 +1551,10 @@ do_setusercontext(struct passwd *pw) } #endif /* HAVE_SETPCRED */ +#ifdef WITH_SELINUX + ssh_selinux_setup_exec_context(pw->pw_name); +#endif + if (options.chroot_directory != NULL && strcasecmp(options.chroot_directory, "none") != 0) { tmp = tilde_expand_filename(options.chroot_directory, @@ -1575,10 +1579,6 @@ do_setusercontext(struct passwd *pw) if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); - -#ifdef WITH_SELINUX - ssh_selinux_setup_exec_context(pw->pw_name); -#endif } static void diff --git a/sftp-server.0 b/sftp-server.0 index 6628dcfca17d..0c2654c8d2a0 100644 --- a/sftp-server.0 +++ b/sftp-server.0 @@ -60,4 +60,4 @@ HISTORY AUTHORS Markus Friedl <markus@openbsd.org> -OpenBSD 4.6 January 9, 2010 1 +OpenBSD 4.7 January 9, 2010 1 @@ -316,4 +316,4 @@ SEE ALSO T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- filexfer-00.txt, January 2001, work in progress material. -OpenBSD 4.6 February 8, 2010 5 +OpenBSD 4.7 February 8, 2010 5 diff --git a/ssh-add.0 b/ssh-add.0 index 8fbd1e1009fb..0d49c5ea34eb 100644 --- a/ssh-add.0 +++ b/ssh-add.0 @@ -106,4 +106,4 @@ AUTHORS ated OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -OpenBSD 4.6 March 5, 2010 2 +OpenBSD 4.7 March 5, 2010 2 diff --git a/ssh-agent.0 b/ssh-agent.0 index c178dcd01775..536eac756acb 100644 --- a/ssh-agent.0 +++ b/ssh-agent.0 @@ -115,4 +115,4 @@ AUTHORS ated OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -OpenBSD 4.6 January 17, 2010 2 +OpenBSD 4.7 January 17, 2010 2 diff --git a/ssh-keygen.0 b/ssh-keygen.0 index c9877300e7f6..aed4a14ad917 100644 --- a/ssh-keygen.0 +++ b/ssh-keygen.0 @@ -165,8 +165,14 @@ DESCRIPTION section for details. The constraints that are valid for user certificates are: - no-x11-forwarding - Disable X11 forwarding (permitted by default). + clear Clear all enabled permissions. This is useful for clear- + ing the default set of permissions so permissions may be + added individually. + + force-command=command + Forces the execution of command instead of any shell or + command specified by the user when the certificate is + used for authentication. no-agent-forwarding Disable ssh-agent(1) forwarding (permitted by default). @@ -180,12 +186,8 @@ DESCRIPTION Disable execution of ~/.ssh/rc by sshd(8) (permitted by default). - clear Clear all enabled permissions. This is useful for clear- - ing the default set of permissions so permissions may be - added individually. - - permit-x11-forwarding - Allows X11 forwarding. + no-x11-forwarding + Disable X11 forwarding (permitted by default). permit-agent-forwarding Allows ssh-agent(1) forwarding. @@ -199,16 +201,14 @@ DESCRIPTION permit-user-rc Allows execution of ~/.ssh/rc by sshd(8). - force-command=command - Forces the execution of command instead of any shell or - command specified by the user when the certificate is - used for authentication. + permit-x11-forwarding + Allows X11 forwarding. source-address=address_list Restrict the source addresses from which the certificate - is considered valid from. The address_list is a comma- - separated list of one or more address/netmask pairs in - CIDR format. + is considered valid. The address_list is a comma-sepa- + rated list of one or more address/netmask pairs in CIDR + format. At present, no constraints are valid for host keys. @@ -257,9 +257,9 @@ DESCRIPTION in YYYYMMDD format, a time in YYYYMMDDHHMMSS format or a relative time (to the current time) consisting of a minus sign followed by a relative time in the format described in the TIME FORMATS sec- - tion of ssh_config(5). The end time may be specified as a YYYYM- - MDD date, a YYYYMMDDHHMMSS time or a relative time starting with - a plus character. + tion of sshd_config(5). The end time may be specified as a + YYYYMMDD date, a YYYYMMDDHHMMSS time or a relative time starting + with a plus character. For example: ``+52w1d'' (valid from now to 52 weeks and one day from now), ``-4w:+4w'' (valid from four weeks ago to four weeks @@ -329,12 +329,12 @@ CERTIFICATES $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub - The resultant certificate will be placed in /path/to/user_key_cert.pub. + The resultant certificate will be placed in /path/to/user_key-cert.pub. A host certificate requires the -h option: $ ssh-keygen -s /path/to/ca_key -I key_id -h /path/to/host_key.pub - The host certificate will be output to /path/to/host_key_cert.pub. In + The host certificate will be output to /path/to/host_key-cert.pub. In both cases, key_id is a "key identifier" that is logged by the server when the certificate is used for authentication. @@ -344,7 +344,7 @@ CERTIFICATES pals: $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub - $ ssh-keygen -s ca_key -I key_id -h -n host.domain $0 + $ ssh-keygen -s ca_key -I key_id -h -n host.domain user_key.pub Additional limitations on the validity and use of user certificates may be specified through certificate constraints. A constrained certificate @@ -431,4 +431,4 @@ AUTHORS created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -OpenBSD 4.6 March 8, 2010 7 +OpenBSD 4.7 March 13, 2010 7 diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 6557f9336c07..3e03a9bd0cd9 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.88 2010/03/08 00:28:55 djm Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.92 2010/03/13 23:38:13 jmc Exp $ .\" .\" -*- nroff -*- .\" @@ -37,7 +37,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 8 2010 $ +.Dd $Mdocdate: March 13 2010 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -307,8 +307,15 @@ Please see the section for details. The constraints that are valid for user certificates are: .Bl -tag -width Ds -.It Ic no-x11-forwarding -Disable X11 forwarding (permitted by default). +.It Ic clear +Clear all enabled permissions. +This is useful for clearing the default set of permissions so permissions may +be added individually. +.It Ic force-command Ns = Ns Ar command +Forces the execution of +.Ar command +instead of any shell or command specified by the user when +the certificate is used for authentication. .It Ic no-agent-forwarding Disable .Xr ssh-agent 1 @@ -323,12 +330,8 @@ Disable execution of by .Xr sshd 8 (permitted by default). -.It Ic clear -Clear all enabled permissions. -This is useful for clearing the default set of permissions so permissions may -be added individually. -.It Ic permit-x11-forwarding -Allows X11 forwarding. +.It Ic no-x11-forwarding +Disable X11 forwarding (permitted by default). .It Ic permit-agent-forwarding Allows .Xr ssh-agent 1 @@ -342,14 +345,10 @@ Allows execution of .Pa ~/.ssh/rc by .Xr sshd 8 . -.It Ic force-command=command -Forces the execution of -.Ar command -instead of any shell or command specified by the user when -the certificate is used for authentication. -.It Ic source-address=address_list -Restrict the source addresses from which the certificate is considered valid -from. +.It Ic permit-x11-forwarding +Allows X11 forwarding. +.It Ic source-address Ns = Ns Ar address_list +Restrict the source addresses from which the certificate is considered valid. The .Ar address_list is a comma-separated list of one or more address/netmask pairs in CIDR @@ -414,7 +413,7 @@ in YYYYMMDDHHMMSS format or a relative time (to the current time) consisting of a minus sign followed by a relative time in the format described in the .Sx TIME FORMATS section of -.Xr ssh_config 5 . +.Xr sshd_config 5 . The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMMSS time or a relative time starting with a plus character. .Pp @@ -519,7 +518,7 @@ To generate a user certificate: .Dl $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub .Pp The resultant certificate will be placed in -.Pa /path/to/user_key_cert.pub . +.Pa /path/to/user_key-cert.pub . A host certificate requires the .Fl h option: @@ -527,7 +526,7 @@ option: .Dl $ ssh-keygen -s /path/to/ca_key -I key_id -h /path/to/host_key.pub .Pp The host certificate will be output to -.Pa /path/to/host_key_cert.pub . +.Pa /path/to/host_key-cert.pub . In both cases, .Ar key_id is a "key identifier" that is logged by the server when the certificate @@ -539,7 +538,7 @@ By default, generated certificates are valid for all users or hosts. To generate a certificate for a specified set of principals: .Pp .Dl $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub -.Dl $ ssh-keygen -s ca_key -I key_id -h -n host.domain user_key.pub +.Dl "$ ssh-keygen -s ca_key -I key_id -h -n host.domain user_key.pub" .Pp Additional limitations on the validity and use of user certificates may be specified through certificate constraints. diff --git a/ssh-keygen.c b/ssh-keygen.c index dd662c907602..37e516ff2f1a 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.184 2010/03/07 22:16:01 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.185 2010/03/15 19:40:02 stevesk Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1393,7 +1393,8 @@ do_show_cert(struct passwd *pw) SSH_FP_MD5, SSH_FP_HEX); printf("%s:\n", identity_file); - printf(" %s certificate %s\n", key_type(key), key_fp); + printf(" %s %s certificate %s\n", key_type(key), + key_cert_type(key), key_fp); printf(" Signed by %s CA %s\n", key_type(key->cert->signature_key), ca_fp); printf(" Key ID \"%s\"\n", key->cert->key_id); diff --git a/ssh-keyscan.0 b/ssh-keyscan.0 index 1100a69b64b3..8a0ef60e4859 100644 --- a/ssh-keyscan.0 +++ b/ssh-keyscan.0 @@ -104,4 +104,4 @@ BUGS This is because it opens a connection to the ssh port, reads the public key, and drops the connection as soon as it gets the key. -OpenBSD 4.6 January 9, 2010 2 +OpenBSD 4.7 January 9, 2010 2 diff --git a/ssh-keysign.0 b/ssh-keysign.0 index ab15e88bc7ee..20a8eaa87943 100644 --- a/ssh-keysign.0 +++ b/ssh-keysign.0 @@ -39,4 +39,4 @@ HISTORY AUTHORS Markus Friedl <markus@openbsd.org> -OpenBSD 4.6 May 31, 2007 1 +OpenBSD 4.7 May 31, 2007 1 diff --git a/ssh-pkcs11-helper.0 b/ssh-pkcs11-helper.0 index 2760cad94d47..9eb2bc96a33d 100644 --- a/ssh-pkcs11-helper.0 +++ b/ssh-pkcs11-helper.0 @@ -22,4 +22,4 @@ HISTORY AUTHORS Markus Friedl <markus@openbsd.org> -OpenBSD 4.6 February 10, 2010 1 +OpenBSD 4.7 February 10, 2010 1 diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c index d3bfb98384e1..8e3f57acef95 100644 --- a/ssh-pkcs11-helper.c +++ b/ssh-pkcs11-helper.c @@ -17,8 +17,6 @@ #include "includes.h" -#ifdef ENABLE_PKCS11 - #include <sys/types.h> #ifdef HAVE_SYS_TIME_H # include <sys/time.h> @@ -39,6 +37,8 @@ #include "authfd.h" #include "ssh-pkcs11.h" +#ifdef ENABLE_PKCS11 + /* borrows code from sftp-server and ssh-agent */ struct pkcs11_keyinfo { diff --git a/ssh-rand-helper.0 b/ssh-rand-helper.0 index 72bfcdf64048..51b6f557158e 100644 --- a/ssh-rand-helper.0 +++ b/ssh-rand-helper.0 @@ -48,4 +48,4 @@ AUTHORS SEE ALSO ssh(1), ssh-add(1), ssh-keygen(1), sshd(8) -OpenBSD 4.6 April 14, 2002 1 +OpenBSD 4.7 April 14, 2002 1 @@ -308,9 +308,10 @@ DESCRIPTION allocated on the server and reported to the client at run time. -S ctl_path - Specifies the location of a control socket for connection shar- - ing. Refer to the description of ControlPath and ControlMaster - in ssh_config(5) for details. + Specifies the location of a control socket for connection sharing + or the string ``none'' to disable connection sharing. Refer to + the description of ControlPath and ControlMaster in ssh_config(5) + for details. -s May be used to request invocation of a subsystem on the remote system. Subsystems are a feature of the SSH2 protocol which fa- @@ -876,4 +877,4 @@ AUTHORS created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -OpenBSD 4.6 March 5, 2010 14 +OpenBSD 4.7 March 26, 2010 14 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.302 2010/03/05 10:28:21 djm Exp $ -.Dd $Mdocdate: March 5 2010 $ +.\" $OpenBSD: ssh.1,v 1.303 2010/03/26 00:26:58 djm Exp $ +.Dd $Mdocdate: March 26 2010 $ .Dt SSH 1 .Os .Sh NAME @@ -558,7 +558,10 @@ argument is the listen port will be dynamically allocated on the server and reported to the client at run time. .It Fl S Ar ctl_path -Specifies the location of a control socket for connection sharing. +Specifies the location of a control socket for connection sharing +or the string +.Dq none +to disable connection sharing. Refer to the description of .Cm ControlPath and diff --git a/ssh_config.0 b/ssh_config.0 index 48969a22a48e..1a2c64ce1523 100644 --- a/ssh_config.0 +++ b/ssh_config.0 @@ -425,8 +425,8 @@ DESCRIPTION Specifies the order in which the client should try protocol 2 au- thentication methods. This allows a client to prefer one method (e.g. keyboard-interactive) over another method (e.g. password) - The default for this option is: ``gssapi-with-mic,hostbased, - publickey, keyboard-interactive, password''. + The default for this option is: ``gssapi-with- + mic,hostbased,publickey,keyboard-interactive,password''. Protocol Specifies the protocol versions ssh(1) should support in order of @@ -673,4 +673,4 @@ AUTHORS ated OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -OpenBSD 4.6 March 5, 2010 11 +OpenBSD 4.7 March 26, 2010 11 diff --git a/ssh_config.5 b/ssh_config.5 index 8cf02597d063..410853560401 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.129 2010/03/05 10:28:21 djm Exp $ -.Dd $Mdocdate: March 5 2010 $ +.\" $OpenBSD: ssh_config.5,v 1.130 2010/03/26 01:06:13 dtucker Exp $ +.Dd $Mdocdate: March 26 2010 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -734,11 +734,7 @@ This allows a client to prefer one method (e.g.\& over another method (e.g.\& .Cm password ) The default for this option is: -.Do gssapi-with-mic , -hostbased, -publickey, -keyboard-interactive, -password +.Do gssapi-with-mic,hostbased,publickey,keyboard-interactive,password .Dc . .It Cm Protocol Specifies the protocol versions @@ -614,4 +614,4 @@ CAVEATS System security is not improved unless rshd, rlogind, and rexecd are dis- abled (thus completely disabling rlogin and rsh into the machine). -OpenBSD 4.6 March 5, 2010 10 +OpenBSD 4.7 March 5, 2010 10 diff --git a/sshd_config.0 b/sshd_config.0 index a9162f18d2f7..94935c07f5f9 100644 --- a/sshd_config.0 +++ b/sshd_config.0 @@ -656,4 +656,4 @@ AUTHORS versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support for privilege separation. -OpenBSD 4.6 March 4, 2010 10 +OpenBSD 4.7 March 4, 2010 10 diff --git a/version.h b/version.h index c604c753c082..5d2b0b741f02 100644 --- a/version.h +++ b/version.h @@ -1,6 +1,6 @@ -/* $OpenBSD: version.h,v 1.57 2010/03/07 22:01:32 djm Exp $ */ +/* $OpenBSD: version.h,v 1.58 2010/03/16 16:36:49 djm Exp $ */ -#define SSH_VERSION "OpenSSH_5.4" +#define SSH_VERSION "OpenSSH_5.5" #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE |