0a5f0129a3
- djm@cvs.openbsd.org 2011/02/04 00:44:21
...
[key.c]
fix uninitialised nonce variable; reported by Mateusz Kocielski
2011-02-04 11:47:01 +11:00
b407dd8d05
- djm@cvs.openbsd.org 2011/01/31 21:42:15
...
[PROTOCOL.mux]
cut'n'pasto; from bert.wesarg AT googlemail.com
2011-02-04 11:46:39 +11:00
d4a5504cb1
- (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled
...
before attempting setfscreatecon(). Check whether matchpathcon()
succeeded before using its result. Patch from cjwatson AT debian.org;
bz#1851
2011-01-28 10:30:18 +11:00
648f876566
20110127
...
- (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete
AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with
AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white
space changes for consistency/readability. Makes autoconf 2.68 happy.
"Nice work" djm
2011-01-26 12:38:57 -08:00
d069c48207
20110127
...
- (tim) [config.guess config.sub] Sync with upstream.
2011-01-26 12:32:12 -08:00
71adf127e8
- (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c
...
openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
port-linux.c to avoid compilation errors. Add -lselinux to ssh when
building with SELinux support to avoid linking failure; report from
amk AT spamfence.net; ok dtucker
2011-01-25 12:16:15 +11:00
6f8f04b860
- (djm) Release 5.7p1
2011-01-22 20:25:11 +11:00
4a5eb41cee
trim entries older than 5.5p1
2011-01-22 20:24:34 +11:00
966accc533
- (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
...
[contrib/suse/openssh.spec] update versions in docs and spec files.
2011-01-22 20:23:10 +11:00
ad4b1adf95
- OpenBSD CVS Sync
...
- djm@cvs.openbsd.org 2011/01/22 09:18:53
[version.h]
crank to OpenSSH-5.7
2011-01-22 20:21:33 +11:00
79241377df
- (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add
...
RSA_get_default_method() for the benefit of openssl versions that don't
have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott,
ok djm@.
2011-01-22 09:37:01 +11:00
e323ebc250
- (djm) [configure.ac] Disable ECC on OpenSSL <0.9.8g. Releases prior to
...
0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre-
release testing (random crashes and failure to load ECC keys).
ok dtucker@
2011-01-19 23:12:27 +11:00
15e1b4dea7
- (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile instead
...
of RPM so build completes. Signatures were changed to .asc since 4.1p1.
2011-01-18 20:47:04 -08:00
ea52a82969
- (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c audit.h
...
configure.ac defines.h loginrec.c] Bug #1402 : add linux audit subsystem
support, based on patches from Tomas Mraz and jchadima at redhat.
2011-01-17 21:15:27 +11:00
263d43d2a5
- (dtucker) [openbsd-compat/port-linux.c] Fix minor bug caught by -Werror on
...
the tinderbox.
2011-01-17 18:50:22 +11:00
6dfcd34042
- (tim) [regress/agent-getpeereid.sh] shell portability fix.
2011-01-16 22:53:56 -08:00
58497780ab
- (djm) [configure.ac regress/agent-getpeereid.sh regress/multiplex.sh]
...
[regress/sftp-glob.sh regress/test-exec.sh] Rework how feature tests are
disabled on platforms that do not support them; add a "config_defined()"
shell function that greps for defines in config.h and use them to decide
on feature tests.
Convert a couple of existing grep's over config.h to use the new function
Add a define "FILESYSTEM_NO_BACKSLASH" for filesystem that can't represent
backslash characters in filenames, enable it for Cygwin and use it to turn
of tests for quotes backslashes in sftp-glob.sh.
based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@
2011-01-17 16:17:09 +11:00
0c93adc7c1
- (dtucker) [openbsd-compat/port-linux.c] Bug #1838 : Add support for the new
...
Linux OOM-killer magic values that changed in 2.6.36 kernels, with fallback
to the old values. Feedback from vapier at gentoo org and djm, ok djm.
2011-01-17 11:55:59 +11:00
1ccbfa88b1
- (djm) [regress/agent-getpeereid.sh] leave stdout attached when running
...
ssh-add to avoid $SUDO failures on Linux
2011-01-17 11:52:40 +11:00
fd3669eb26
- (djm) [regress/agent-ptrace.sh] Fix false failure on OS X by adding
...
its unique snowflake of a gdb error to the ones we look for.
2011-01-17 11:20:18 +11:00
369c0e8eef
- (djm) [regress/Makefile] use $TEST_SSH_KEYGEN instead of the one in
...
$PATH, fix cleanup of droppings; reported by openssh AT
roumenpetrov.info; ok dtucker@
2011-01-17 10:51:40 +11:00
cfd6e4f57f
- djm@cvs.openbsd.org 2011/01/16 12:05:59
...
[clientloop.c]
a couple more tweaks to the post-close protocol 1 stderr/stdout flush:
now that we use atomicio(), convert them from while loops to if statements
add test and cast to compile cleanly with -Wsigned
2011-01-16 23:18:33 +11:00
6fb6fd5662
- djm@cvs.openbsd.org 2011/01/16 11:50:36
...
[sshconnect.c]
reset the SIGPIPE handler when forking to execute child processes;
ok dtucker@
2011-01-16 23:17:45 +11:00
4791f9dcec
- djm@cvs.openbsd.org 2011/01/16 11:50:05
...
[clientloop.c]
Use atomicio when flushing protocol 1 std{out,err} buffers at
session close. This was a latent bug exposed by setting a SIGCHLD
handler and spotted by kevin.brott AT gmail.com; ok dtucker@
2011-01-16 23:16:53 +11:00
50c61f88ab
- (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based
...
on configurations that don't have it.
2011-01-16 18:28:09 +11:00
08f83883f5
not February yet...
2011-01-16 18:24:04 +11:00
c5c346b101
- (tim) [regress/cert-hostkey.sh] Add missing TEST_SSH_ECC guard around some
...
ecdsa bits.
2011-01-13 22:36:14 -08:00
02d99da976
- (tim) [regress/cert-hostkey.sh] Typo. Missing $ on variable name.
2011-01-13 22:20:27 -08:00
e9b40487fa
- (djm) [Makefile.in] Use shell test to disable ecdsa key generating in
...
host-key-force target rather than a substitution that is replaced with a
comment so that the Makefile.in is still a syntactically valid Makefile
(useful to run the distprep target)
2011-01-14 14:47:37 +11:00
42747df8b7
- djm@cvs.openbsd.org 2011/01/13 21:55:25
...
[PROTOCOL.mux]
correct protocol names and add a couple of missing protocol number
defines; patch from bert.wesarg AT googlemail.com
2011-01-14 12:01:50 +11:00
445c9a507d
- djm@cvs.openbsd.org 2011/01/13 21:54:53
...
[mux.c]
correct error messages; patch from bert.wesarg AT googlemail.com
2011-01-14 12:01:29 +11:00
5278806e39
- (djm) [regress/kextype.sh] Testing diffie-hellman-group-exchange-sha256
...
should not depend on ECC support
2011-01-13 22:05:14 +11:00
9b16086e74
- (djm) [myproposal.h] Fix reversed OPENSSL_VERSION_NUMBER test and bad
...
#define that was causing diffie-hellman-group-exchange-sha256 to be
incorrectly disabled
2011-01-13 22:00:20 +11:00
cbaf8e6ec1
- (djm) [regress/Makefile] add a few more generated files to the clean
...
target
2011-01-13 21:08:27 +11:00
ff22df538e
- (djm) [entropy.c] cast OPENSSL_VERSION_NUMBER to u_long to avoid
...
gcc warning on platforms where it defaults to int
2011-01-13 21:05:27 +11:00
9b87a5ce3c
- (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating
...
ecdsa keys. ok djm.
2011-01-12 22:35:43 -08:00
cce927c25f
- (tim) [Makefile.in] test the ECC bits if we have the capability. ok djm
2011-01-12 19:06:31 -08:00
1708cb7d0d
- (djm) [misc.c] include time.h for nanosleep() prototype
2011-01-13 12:21:34 +11:00
134d02a494
- (djm) [configure.ac] Fix broken test for gcc >= 4.4 with per-compiler
...
flag tests that don't depend on gcc version at all; suggested by and
ok dtucker@
2011-01-12 16:00:37 +11:00
945aa0c744
- (djm) [configure.ac] Turn on -Wno-unused-result for gcc >= 4.4 to avoid
...
silly warnings on write() calls we don't care succeed or not.
2011-01-12 13:34:02 +11:00
4927aaf446
- djm@cvs.openbsd.org 2011/01/12 01:53:14
...
avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS
and sanity check arguments (these will be unnecessary when we switch
struct glob members from being type into to size_t in the future);
"looks ok" tedu@ feedback guenther@
2011-01-12 13:32:03 +11:00
b66e917831
- nicm@cvs.openbsd.org 2010/10/08 21:48:42
...
[openbsd-compat/glob.c]
Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit
from ARG_MAX to 64K.
Fixes glob-using programs (notably ftp) able to be triggered to hit
resource limits.
Idea from a similar NetBSD change, original problem reported by jasper@.
ok millert tedu jasper
2011-01-12 13:30:18 +11:00
821de0ad2e
- djm@cvs.openbsd.org 2011/01/11 06:13:10
...
[clientloop.c ssh-keygen.c sshd.c]
some unsigned long long casts that make things a bit easier for
portable without resorting to dropping PRIu64 formats everywhere
2011-01-11 17:20:29 +11:00
a256c8d680
- djm@cvs.openbsd.org 2011/01/11 06:06:09
...
[sshlogin.c]
fd leak on error paths; from zinovik@
NB. Id sync only; we use loginrec.c that was also audited and fixed
recently
2011-01-11 17:20:05 +11:00
b73b6fd916
- djm@cvs.openbsd.org 2011/01/08 10:51:51
...
[clientloop.c]
use host and not options.hostname, as the latter may have unescaped
substitution characters
2011-01-11 17:18:56 +11:00
81ad4b1fc0
- (djm) [platform.c] Some missing includes that show up under -Werror
2011-01-11 17:02:23 +11:00
076a3b9ced
- (tim) [regress/host-expand.sh] Fix for building outside of read only
...
source tree.
2011-01-10 12:56:26 -08:00
e63b7f2821
- (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted by
...
openssh AT roumenpetrov.info
2011-01-09 09:19:50 +11:00
996384d500
- (djm) [regress/keytype.sh] s/echo -n/echon/ to repair failing regress
...
test on OSX and others. Reported by imorgan AT nas.nasa.gov
2011-01-08 21:58:20 +11:00
ed3a8eb65f
- djm@cvs.openbsd.org 2011/01/06 23:01:35
...
[sshconnect.c]
reset SIGCHLD handler to SIG_DFL when execuring LocalCommand;
ok markus@
2011-01-07 10:02:52 +11:00
7d06b00032
- djm@cvs.openbsd.org 2011/01/06 22:46:21
...
[regress/Makefile regress/host-expand.sh]
regress test for LocalCommand %n expansion from bert.wesarg AT
googlemail.com; ok markus@
2011-01-07 09:54:20 +11:00
64abf31425
- djm@cvs.openbsd.org 2011/01/06 22:23:02
...
[clientloop.c]
when exiting due to ServerAliveTimeout, mention the hostname that caused
it (useful with backgrounded controlmaster)
2011-01-07 09:51:52 +11:00
83f8a4014d
- djm@cvs.openbsd.org 2011/01/06 22:23:53
...
[ssh.c]
unbreak %n expansion in LocalCommand; patch from bert.wesarg AT
googlemail.com; ok markus@
2011-01-07 09:51:17 +11:00
322125b960
- (djm) [regress/cert-hostkey.sh regress/cert-userkey.sh] fix shell test
...
for no-ECC case. Patch from cristian.ionescu-idbohrn AT axis.com
2011-01-07 09:50:08 +11:00
8ad960b4ba
- otto@cvs.openbsd.org 2011/01/04 20:44:13
...
[ssh-keyscan.c]
handle ecdsa-sha2 with various key lengths; hint and ok djm@
2011-01-06 22:44:44 +11:00
de53fd04b1
- djm@cvs.openbsd.org 2010/12/24 21:41:48
...
[auth-options.c]
don't send the actual forced command in a debug message; ok markus deraadt
2011-01-06 22:44:18 +11:00
106079c06d
- djm@cvs.openbsd.org 2010/12/15 00:49:27
...
[readpass.c]
fix ControlMaster=ask regression
reset SIGCHLD handler before fork (and restore it after) so we don't miss
the the askpass child's exit status. Correct test for exit status/signal to
account for waitpid() failure; with claudio@ ok claudio@ markus@
2011-01-06 22:43:44 +11:00
05c8997b33
- markus@cvs.openbsd.org 2010/12/14 11:59:06
...
[sshconnect.c]
don't mention key type in key-changed-warning, since we also print
this warning if a new key type appears. ok djm@
2011-01-06 22:42:04 +11:00
907998df72
- jmc@cvs.openbsd.org 2010/12/09 14:13:33
...
[scp.1 scp.c]
scp.1: grammer fix
scp.c: add -3 to usage()
2011-01-06 22:41:21 +11:00
f12114366b
- markus@cvs.openbsd.org 2010/12/08 22:46:03
...
[scp.1 scp.c]
add a new -3 option to scp: Copies between two remote hosts are
transferred through the local host. Without this option the data
is copied directly between the two remote hosts. ok djm@ (bugzilla #1837 )
2011-01-06 22:40:30 +11:00
30a69e7bba
- (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage
...
formatter if it is present, followed by nroff and groff respectively.
Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports
in favour of mandoc). feedback and ok tim
2011-01-04 08:16:27 +11:00
d197fd64a1
- (djm) [Makefile.in] revert local hack I didn't intend to commit
2011-01-03 14:48:14 +11:00
41bccf75af
- (djm) [configure.ac] Check whether libdes is needed when building
...
with Heimdal krb5 support. On OpenBSD this library no longer exists,
so linking it unconditionally causes a build failure; ok dtucker
2011-01-02 21:53:07 +11:00
4a06f9271f
- (djm) [loginrec.c] Fix some fd leaks on error paths. ok dtucker
2011-01-02 21:43:59 +11:00
928362dc03
- djm@cvs.openbsd.org 2010/12/08 04:02:47
...
[ssh_config.5 sshd_config.5]
explain that IPQoS arguments are separated by whitespace; iirc requested
by jmc@ a while back
2010-12-26 14:26:45 +11:00
4288c53d04
- djm@cvs.openbsd.org 2010/12/04 00:21:19
...
[regress/sftp-cmds.sh]
adjust for hard-link support
2010-12-05 09:45:50 +11:00
7e1a5a4e1b
- (dtucker) [regress/Makefile] Id sync.
2010-12-05 09:29:31 +11:00
094f1e9934
- djm@cvs.openbsd.org 2010/12/04 13:31:37
...
[hostfile.c]
fix fd leak; spotted and ok dtucker
2010-12-05 09:03:31 +11:00
af1f909254
- djm@cvs.openbsd.org 2010/12/04 00:18:01
...
[sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c]
add a protocol extension to support a hard link operation. It is
available through the "ln" command in the client. The old "ln"
behaviour of creating a symlink is available using its "-s" option
or through the preexisting "symlink" command; based on a patch from
miklos AT szeredi.hu in bz#1555; ok markus@
2010-12-05 09:02:47 +11:00
adab6f1299
- djm@cvs.openbsd.org 2010/12/03 23:55:27
...
[auth-rsa.c]
move check for revoked keys to run earlier (in auth_rsa_key_allowed)
bz#1829; patch from ldv AT altlinux.org; ok markus@
2010-12-05 09:01:47 +11:00
7336b904ff
- (dtucker) OpenBSD CVS Sync
...
- djm@cvs.openbsd.org 2010/12/03 23:49:26
[schnorr.c]
check that g^x^q === 1 mod p; recommended by JPAKE author Feng Hao
(this code is still disabled, but apprently people are treating it as
a reference implementation)
2010-12-05 09:00:30 +11:00
37bb7568ab
- (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from
...
debugging. Spotted by djm.
2010-12-05 08:46:05 +11:00
ebdef76b5d
- (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add
...
shims for the new, non-deprecated OpenSSL key generation functions for
platforms that don't have the new interfaces.
2010-12-04 23:20:50 +11:00
d89745b9e7
- (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range)
...
instead of (arc4random() % range)
2010-12-03 10:50:26 +11:00
d925dcd8a5
- djm@cvs.openbsd.org 2010/11/29 23:45:51
...
[auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c]
[sshconnect.h sshconnect2.c]
automatically order the hostkeys requested by the client based on
which hostkeys are already recorded in known_hosts. This avoids
hostkey warnings when connecting to servers with new ECDSA keys
that are preferred by default; with markus@
2010-12-01 12:21:51 +11:00
03c0e533de
- markus@cvs.openbsd.org 2010/11/29 18:57:04
...
[authfile.c]
correctly load comment for encrypted rsa1 keys;
report/fix Joachim Schipper; ok djm@
2010-12-01 12:03:39 +11:00
87dc0a4188
- djm@cvs.openbsd.org 2010/11/26 05:52:49
...
[scp.c]
Pass through ssh command-line flags and options when doing remote-remote
transfers, e.g. to enable agent forwarding which is particularly useful
in this case; bz#1837 ok dtucker@
2010-12-01 12:03:19 +11:00
f80c3deaaf
- djm@cvs.openbsd.org 2010/11/25 04:10:09
...
[session.c]
replace close() loop for fds 3->64 with closefrom();
ok markus deraadt dtucker
2010-12-01 12:02:59 +11:00
b7f827ae45
- djm@cvs.openbsd.org 2010/11/24 01:24:14
...
[channels.c]
remove a debug() that pollutes stderr on client connecting to a server
in debug mode (channel_close_fds is called transitively from the session
code post-fork); bz#1719, ok dtucker
2010-12-01 12:02:35 +11:00
d0fdd6818c
- djm@cvs.openbsd.org 2010/11/23 23:57:24
...
[clientloop.c]
avoid NULL deref on receiving a channel request on an unknown or invalid
channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@
2010-12-01 12:02:14 +11:00
6a740e7b92
- djm@cvs.openbsd.org 2010/11/23 02:35:50
...
[auth.c]
use strict_modes already passed as function argument over referencing
global options.strict_modes
2010-12-01 12:01:51 +11:00
a232792783
- djm@cvs.openbsd.org 2010/11/21 10:57:07
...
[authfile.c]
Refactor internals of private key loading and saving to work on memory
buffers rather than directly on files. This will make a few things
easier to do in the future; ok markus@
2010-12-01 12:01:21 +11:00
2cd629349d
- djm@cvs.openbsd.org 2010/11/21 01:01:13
...
[clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c]
honour $TMPDIR for client xauth and ssh-agent temporary directories;
feedback and ok markus@
2010-12-01 11:50:35 +11:00
188ea814b1
- OpenBSD CVS Sync
...
- deraadt@cvs.openbsd.org 2010/11/20 05:12:38
[auth2-pubkey.c]
clean up cases of ;;
2010-12-01 11:50:14 +11:00
73de86ac5a
- (djm) [defines.h] Add IP DSCP defines
2010-11-24 10:50:04 +11:00
4b6cbf7aab
- (dtucker) [packet.c] Remove redundant local declaration of "int tos".
2010-11-24 10:46:37 +11:00
88e341e1ca
- (djm) [loginrec.c] Relax permission requirement on btmp logs to allow
...
group read/write. ok dtucker@
2010-11-24 10:36:15 +11:00
d995712383
- (dtucker) [platform.c session.c] Move the getluid call out of session.c and
...
into the platform-specific code Only affects SCO, tested by and ok tim@.
2010-11-24 10:09:13 +11:00
9e0ff7afc8
- (dtucker) Bug #1840 : fix warning when configuring --with-ssl-engine, patch
...
from vapier at gentoo org.
2010-11-22 17:59:00 +11:00
0a1847347d
- jmc@cvs.openbsd.org 2010/11/18 15:01:00
...
[scp.1 sftp.1 ssh.1 sshd_config.5]
add IPQoS to the various -o lists, and zap some trailing whitespace;
2010-11-20 15:21:03 +11:00
8e1ea4e5a3
- jmc@cvs.openbsd.org 2010/11/15 07:40:14
...
[ssh_config.5]
libary -> library;
2010-11-20 15:20:10 +11:00
0dac6fb6b2
- djm@cvs.openbsd.org 2010/11/13 23:27:51
...
[clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h]
[servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5]
allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of
hardcoding lowdelay/throughput.
bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
2010-11-20 15:19:38 +11:00
4499f4cc20
- djm@cvs.openbsd.org 2010/11/10 01:33:07
...
[kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c]
use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED.
these have been around for years by this time. ok markus
2010-11-20 15:15:49 +11:00
7a221a1591
- djm@cvs.openbsd.org 2010/11/05 02:46:47
...
[packet.c]
whitespace KNF
2010-11-20 15:14:29 +11:00
dd190ddfd7
- (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on
...
platforms that don't support ECC. Fixes some spurious warnings reported
by tim@
2010-11-11 14:17:02 +11:00
c7a8af03a0
- (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] Add
...
support for platforms missing isblank(). ok djm@
2010-11-08 14:26:23 -08:00
e426f5e932
- (tim) [regress/kextype.sh] Not all platforms have time in /usr/bin.
...
Feedback from dtucker@
2010-11-08 09:15:14 -08:00
c10aeaa8f2
- (tim) [regress/kextype.sh] Shell portability fix.
2010-11-07 13:03:11 -08:00
522262f8b3
- (tim) [regress/Makefile] Fixes to allow building/testing outside source
...
tree.
2010-11-07 13:00:27 -08:00
d1ece6e4a2
- (dtucker) [platform.c] includes.h instead of defines.h so that we get
...
the correct typedefs.
2010-11-07 18:05:54 +11:00
9283d8cbc5
- (dtucker) [platform.c] Need servconf.h and extern options.
2010-11-05 18:56:08 +11:00
f619d1cad9
- (dtucker) [regress/kextype.sh] Make sha256 test depend on ECC. This is not
...
strictly correct since while ECC requires sha256 the reverse is not true
however it does prevent spurious test failures.
2010-11-05 18:41:50 +11:00
345178d951
- (dtucker) [regress/kextype.sh] Add missing "test".
2010-11-05 18:35:52 +11:00
eab5f0df90
- (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh]
...
Import recent changes to regress/Makefile, pass a flag to enable ECC tests
from configure through to regress/Makefile and use it in the tests.
2010-11-05 18:23:38 +11:00
b69e033e67
- (dtucker) [regress/keytype.sh] Import new test.
2010-11-05 18:19:15 +11:00
b12fe272a0
- (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case
...
check into platform.c
2010-11-05 14:47:01 +11:00
cc12418e18
- (dtucker) [platform.c session.c] Move PAM credential establishment for the
...
non-LOGIN_CAP case into platform.c.
2010-11-05 13:32:52 +11:00
0b2ee6452c
- (dtucker) [platform.c session.c] Move irix setusercontext fragment into
...
platform.c.
2010-11-05 13:29:25 +11:00
676b912e78
- (dtucker) platform.c session.c] Move aix_usrinfo frament into platform.c.
2010-11-05 13:11:04 +11:00
7a8afe3186
- (dtucker) platform.c session.c] Move the USE_LIBIAF fragment into
...
platform.c
2010-11-05 13:07:24 +11:00
728d8371a1
- (dtucker) [platform.c session.c] Move the PAM credential establishment for
...
the LOGIN_CAP case into platform.c.
2010-11-05 13:00:05 +11:00
fd4d8aa2cb
- (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to
...
retain previous behavior.
2010-11-05 12:50:41 +11:00
44a97be0cc
- (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c.
2010-11-05 12:45:18 +11:00
4db380701d
- (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into
...
platform.c
2010-11-05 12:41:13 +11:00
920612e45a
- (dtucker) [platform.c platform.h session.c] Add a platform hook to run
...
after the user's groups are established and move the selinux calls into it.
2010-11-05 12:36:15 +11:00
97528353c2
- (dtucker) [configure.ac platform.{c,h} session.c
...
openbsd-compat/port-solaris.{c,h}] Bug #1824 : Add Solaris Project support.
Patch from cory.erickson at csu mnscu edu with a bit of rework from me.
ok djm@
2010-11-05 12:03:05 +11:00
34ee4204c6
- (djm) [loginrec.c loginrec.h] Use correct uid_t/pid_t types instead of
...
int. Should fix bz#1817 cleanly; ok dtucker@
2010-11-05 10:52:37 +11:00
0733121194
- djm@cvs.openbsd.org 2010/11/04 02:45:34
...
[sftp-server.c]
umask should be parsed as octal. reported by candland AT xmission.com;
ok markus@
2010-11-05 10:20:31 +11:00
55fa56505b
- jmc@cvs.openbsd.org 2010/10/28 18:33:28
...
[scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
knock out some "-*- nroff -*-" lines;
2010-11-05 10:20:14 +11:00
b472a90d4c
- djm@cvs.openbsd.org 2010/10/28 11:22:09
...
[authfile.c key.c key.h ssh-keygen.c]
fix a possible NULL deref on loading a corrupt ECDH key
store ECDH group information in private keys files as "named groups"
rather than as a set of explicit group parameters (by setting
the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and
retrieves the group's OpenSSL NID that we need for various things.
2010-11-05 10:19:49 +11:00
3a0e9f6479
- djm@cvs.openbsd.org 2010/09/22 12:26:05
...
[regress/Makefile regress/kextype.sh]
regress test for each of the key exchange algorithms that we support
2010-11-05 10:16:34 +11:00
54b1f3121d
- (dtucker) [defines.h] Use SIZE_T_MAX for SIZE_MAX for platforms that have a
...
native one.
2010-10-25 16:54:28 +11:00
bdd3e67c19
- (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with
...
1.12 to unbreak Solaris build.
ok djm@
2010-10-24 18:35:55 -07:00
7bc236de21
- (dtucker) [defines.h] Add SIZE_MAX for the benefit of platforms that don't
...
have it.
2010-10-24 11:58:43 +11:00
d633fef471
- (dtucker) [regress/cert-userkey.sh] Disable ECC-based tests on platforms
...
which don't have ECC support in libcrypto.
2010-10-24 11:33:07 +11:00
bfd9b1be41
- (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platforms
...
which don't have ECC support in libcrypto.
2010-10-24 11:19:26 +11:00
d78739ab90
- sthen@cvs.openbsd.org 2010/10/23 22:06:12
...
[sftp.c]
escape '[' in filename tab-completion; fix a type while there.
ok djm@
2010-10-24 10:56:32 +11:00
a53939332d
- (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build.
2010-10-24 10:47:30 +11:00
6fd2d7de4b
- djm@cvs.openbsd.org 2010/08/31 12:24:09
...
[regress/cert-hostkey.sh regress/cert-userkey.sh]
tests for ECDSA certificates
2010-10-21 15:27:14 +11:00
68512c0341
- OpenBSD CVS Sync
...
- dtucker@cvs.openbsd.org 2010/10/12 02:22:24
[mux.c]
Typo in confirmation message. bz#1827, patch from imorgan at nas nasa gov
2010-10-21 15:21:11 +11:00
9c0c31d2db
- (djm) [sshconnect.c] Need signal.h for prototype for kill(2)
2010-10-12 13:30:44 +11:00
47e57bfab4
- (djm) [canohost.c] Zero a4 instead of addr to better match type.
...
bz#1825, reported by foo AT mailinator.com
2010-10-12 13:28:12 +11:00
1f78980099
- (djm) [configure.ac] Use = instead of == in shell tests. Patch from
...
dr AT vasco.com
2010-10-11 22:35:22 +11:00
88b844f19b
- (djm) [openbsd-compat/Makefile.in] Actually link timingsafe_bcmp
2010-10-07 22:19:23 +11:00
80e9953938
- (djm) [cipher-acss.c] Add missing header.
2010-10-07 22:12:08 +11:00
37f4f1892f
- (djm) [openbsd-compat/glob.c] restore ARG_MAX compat code.
2010-10-07 22:10:38 +11:00
45fcdaa1cf
- djm@cvs.openbsd.org 2010/10/06 21:10:21
...
[sshconnect.c]
swapped args to kill(2)
2010-10-07 22:07:58 +11:00
a41ccca643
- djm@cvs.openbsd.org 2010/10/06 06:39:28
...
[clientloop.c ssh.c sshconnect.c sshconnect.h]
kill proxy command on fatal() (we already kill it on clean exit);
ok markus@
2010-10-07 22:07:32 +11:00
38d9a965bf
- djm@cvs.openbsd.org 2010/10/05 05:13:18
...
[sftp.c sshconnect.c]
use default shell /bin/sh if $SHELL is ""; ok markus@
2010-10-07 22:07:11 +11:00
9a3d0dc062
- djm@cvs.openbsd.org 2010/10/01 23:05:32
...
[cipher-3des1.c cipher-bf1.c cipher-ctr.c openbsd-compat/openssl-compat.h]
adapt to API changes in openssl-1.0.0a
NB. contains compat code to select correct API for older OpenSSL
2010-10-07 22:06:42 +11:00
c54b02c4eb
- djm@cvs.openbsd.org 2010/09/30 11:04:51
...
[servconf.c]
prevent free() of string in .rodata when overriding AuthorizedKeys in
a Match block; patch from rein AT basefarm.no
2010-10-07 21:40:17 +11:00
68e2e56ea9
- djm@cvs.openbsd.org 2010/09/26 22:26:33
...
[sftp.c]
when performing an "ls" in columnated (short) mode, only call
ioctl(TIOCGWINSZ) once to get the window width instead of per-
filename
2010-10-07 21:39:55 +11:00
a6e121aaa0
- djm@cvs.openbsd.org 2010/09/25 09:30:16
...
[sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h]
make use of new glob(3) GLOB_KEEPSTAT extension to save extra server
rountrips to fetch per-file stat(2) information.
NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to
match.
2010-10-07 21:39:17 +11:00
aa18063baf
- matthew@cvs.openbsd.org 2010/09/24 13:33:00
...
[misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h]
[openbsd-compat/timingsafe_bcmp.c]
Add timingsafe_bcmp(3) to libc, mention that it's already in the
kernel in kern(9), and remove it from OpenSSH.
ok deraadt@, djm@
NB. re-added under openbsd-compat/ for portable OpenSSH
2010-10-07 21:25:27 +11:00
2beb32f290
- jmc@cvs.openbsd.org 2010/09/23 13:36:46
...
[scp.1 sftp.1]
add KexAlgorithms to the -o list;
2010-09-24 22:16:03 +10:00
56883e194f
- jmc@cvs.openbsd.org 2010/09/23 13:34:43
...
[sftp.c]
add [-l limit] to usage();
2010-09-24 22:15:39 +10:00
65e42f87fe
- djm@cvs.openbsd.org 2010/09/22 22:58:51
...
[atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c]
[sftp-client.h sftp.1 sftp.c]
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth
limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
2010-09-24 22:15:11 +10:00
7fe2b1fec3
- jmc@cvs.openbsd.org 2010/09/22 08:30:08
...
[ssh.1 ssh_config.5]
ssh.1: add kexalgorithms to the -o list
ssh_config.5: format the kexalgorithms in a more consistent
(prettier!) way
ok djm
2010-09-24 22:11:53 +10:00
d5f62bf280
- djm@cvs.openbsd.org 2010/09/22 05:01:30
...
[kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h]
[servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5]
add a KexAlgorithms knob to the client and server configuration to allow
selection of which key exchange methods are used by ssh(1) and sshd(8)
and their order of preference.
ok markus@
2010-09-24 22:11:14 +10:00
603134e077
- djm@cvs.openbsd.org 2010/09/20 07:19:27
...
[mux.c]
"atomically" create the listening mux socket by binding it on a temorary
name and then linking it into position after listen() has succeeded.
this allows the mux clients to determine that the server socket is
either ready or stale without races. stale server sockets are now
automatically removed
ok deraadt
2010-09-24 22:07:55 +10:00
Damien Miller
Tim Rice
Darren Tucker