dbee308253
- dtucker@cvs.openbsd.org 2013/05/16 09:08:41
...
[log.c scp.c sshd.c serverloop.c schnorr.c sftp.c]
Fix some "unused result" warnings found via clang and -portable.
ok markus@
2013-05-16 20:32:29 +10:00
64d22946d6
- jmc@cvs.openbsd.org 2013/05/16 06:30:06
...
[sshd_config.5]
oops! avoid Xr to self;
2013-05-16 20:31:29 +10:00
63e0df2b93
- jmc@cvs.openbsd.org 2013/05/16 06:28:45
...
[ssh_config.5]
put IgnoreUnknown in the right place;
2013-05-16 20:30:31 +10:00
0763698f71
- djm@cvs.openbsd.org 2013/05/16 04:27:50
...
[ssh_config.5 readconf.h readconf.c]
add the ability to ignore specific unrecognised ssh_config options;
bz#866; ok markus@
2013-05-16 20:30:03 +10:00
5f96f3b4be
- dtucker@cvs.openbsd.org 2013/05/16 04:09:14
...
[sshd_config.5 servconf.c servconf.h packet.c serverloop.c monitor.c sshd_config
sshd.c] Add RekeyLimit to sshd with the same syntax as the client allowing
rekeying based on traffic volume or time. ok djm@, help & ok jmc@ for the man
page.
2013-05-16 20:29:28 +10:00
c53c2af173
- dtucker@cvs.openbsd.org 2013/05/16 02:00:34
...
[ssh_config sshconnect2.c packet.c readconf.h readconf.c clientloop.c
ssh_config.5 packet.h]
Add an optional second argument to RekeyLimit in the client to allow
rekeying based on elapsed time in addition to amount of traffic.
with djm@ jmc@, ok djm
2013-05-16 20:28:16 +10:00
64c6fceecd
- dtucker@cvs.openbsd.org 2013/05/10 10:13:50
...
[ssh-pkcs11-helper.c]
remove unused extern optarg. ok markus@
2013-05-16 20:27:14 +10:00
caf0010934
- djm@cvs.openbsd.org 2013/05/10 04:08:01
...
[key.c]
memleak in cert_free(), wasn't actually freeing the struct;
bz#2096 from shm AT digitalsun.pl
2013-05-16 20:26:18 +10:00
7e831edbf7
add missing attribution
2013-05-16 20:25:40 +10:00
54da6be320
- djm@cvs.openbsd.org 2013/05/10 03:40:07
...
[sshconnect2.c]
fix bzero(ptr_to_struct, sizeof(ptr_to_struct)); bz#2100 from
2013-05-16 20:25:04 +10:00
5d8b702d95
- dtucker@cvs.openbsd.org 2013/05/06 07:35:12
...
[sftp-server.8]
Reference the version of the sftp draft we actually implement. ok djm@
2013-05-16 20:24:23 +10:00
026d9db3fb
- tedu@cvs.openbsd.org 2013/04/24 16:01:46
...
[misc.c]
remove extra parens noticed by nicm
2013-05-16 20:23:52 +10:00
2ca51bf140
- tedu@cvs.openbsd.org 2013/04/23 17:49:45
...
[misc.c]
use xasprintf instead of a series of strlcats and strdup. ok djm
2013-05-16 20:22:46 +10:00
6aa3eacc5e
- (djm) [contrib/ssh-copy-id] Fix bug that could cause "rm *" to be
...
executed if mktemp failed; bz#2105 ok dtucker@
2013-05-16 11:10:17 +10:00
c54e3e0741
- (dtucker) [configure.ac] Add -Werror to the -Qunused-arguments test so
...
we don't get a warning on compilers that *don't* support it. Add
-Wno-unknown-warning-option. Move both to the start of the list for
maximum noise suppression. Tested with gcc 4.6.3, gcc 2.95.4 and clang 2.9.
2013-05-10 18:53:14 +10:00
a75d247a18
- (dtucker) [kex.c] Only include sha256 and ECC key exchange methods when the
...
underlying libraries support them.
2013-05-10 18:11:55 +10:00
0abfb559e3
- (dtucker) [openbsd-compat/getopt.h openbsd-compat/getopt_long.c
...
openbsd-compat/openbsd-compat.h] pull in getopt.h from openbsd and plumb
in to use it when we're using our own getopt.
2013-05-10 18:08:49 +10:00
ccfdfceacb
- (dtucker) [openbsd-compat/Makefile.in openbsd-compat/getopt.c
...
openbsd-compat/getopt_long.c regress/modpipe.c] Remove getopt.c, add
portability code to getopt_long.c and switch over Makefile and the ugly
hack in modpipe.c. Fixes bz#1448.
2013-05-10 16:28:55 +10:00
3933202007
- (dtucker) [openbsd-compat/getopt_long.c] Import from OpenBSD. No
...
portability changes yet.
2013-05-10 15:38:11 +10:00
35b2fe99be
- (dtucker) [openbsd-compat/getopt.c] Factor out portibility changes to
...
getopt.c. Preprocessed source is identical other than line numbers.
2013-05-10 15:35:26 +10:00
abbc7a7c02
- (dtucker) [configure.ac] Enable -Wsizeof-pointer-memaccess if the compiler
...
supports it. Mentioned by Colin Watson in bz#2100, ok djm.
2013-05-10 13:54:23 +10:00
bc02f163f6
- dtucker@cvs.openbsd.org 2013/04/22 01:17:18
...
[mux.c]
typo in debug output: evitval->exitval
2013-04-23 19:25:49 +10:00
f8b894e31d
- djm@cvs.openbsd.org 2013/04/19 12:07:08
...
[kex.c]
remove duplicated list entry pointed out by naddy@
2013-04-23 19:25:29 +10:00
34bd20a1e5
- djm@cvs.openbsd.org 2013/04/19 11:10:18
...
[ssh.c]
add -Q to usage; reminded by jmc@
2013-04-23 19:25:00 +10:00
ea11119eee
- djm@cvs.openbsd.org 2013/04/19 01:06:50
...
[authfile.c cipher.c cipher.h kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c]
[key.c key.h mac.c mac.h packet.c ssh.1 ssh.c]
add the ability to query supported ciphers, MACs, key type and KEX
algorithms to ssh. Includes some refactoring of KEX and key type handling
to be table-driven; ok markus@
2013-04-23 19:24:32 +10:00
a56086b990
- djm@cvs.openbsd.org 2013/04/19 01:03:01
...
[session.c]
reintroduce 1.262 without the connection-killing bug:
fatal() when ChrootDirectory specified by running without root privileges;
ok markus@
2013-04-23 15:24:18 +10:00
0d6771b464
- djm@cvs.openbsd.org 2013/04/19 01:01:00
...
[ssh-keygen.c]
fix some memory leaks; bz#2088 ok dtucker@
2013-04-23 15:23:24 +10:00
467b00c38b
- djm@cvs.openbsd.org 2013/04/19 01:00:10
...
[sshd_config.5]
document the requirment that the AuthorizedKeysCommand be owned by root;
ok dtucker@ markus@
2013-04-23 15:23:07 +10:00
9303e6527b
- djm@cvs.openbsd.org 2013/04/18 02:16:07
...
[sftp.c]
make "sftp -q" do what it says on the sticker: hush everything but errors;
2013-04-23 15:22:40 +10:00
f1a02aea35
- dtucker@cvs.openbsd.org 2013/04/17 09:04:09
...
[session.c]
revert rev 1.262; it fails because uid is already set here. ok djm@
2013-04-23 15:22:13 +10:00
d5edefd27a
- djm@cvs.openbsd.org 2013/04/11 02:27:50
...
[packet.c]
quiet disconnect notifications on the server from error() back to logit()
if it is a normal client closure; bz#2057 ok+feedback dtucker@
2013-04-23 15:21:39 +10:00
6901032b05
- dtucker@cvs.openbsd.org 2013/04/07 09:40:27
...
[sshd.8]
clarify -e text. suggested by & ok jmc@
2013-04-23 15:21:24 +10:00
03d4d7e60b
- dtucker@cvs.openbsd.org 2013/04/07 02:10:33
...
[log.c log.h ssh.1 ssh.c sshd.8 sshd.c]
Add -E option to ssh and sshd to append debugging logs to a specified file
instead of stderr or syslog. ok markus@, man page help jmc@
2013-04-23 15:21:06 +10:00
37f1c08473
- markus@cvs.openbsd.org 2013/04/06 16:07:00
...
[channels.c sshd.c]
handle ECONNABORTED for accept(); ok deraadt some time ago...
2013-04-23 15:20:43 +10:00
172859cff7
- djm@cvs.openbsd.org 2013/04/05 00:58:51
...
[mux.c]
cleanup mux-created channels that are in SSH_CHANNEL_OPENING state too
(in addition to ones already in OPEN); bz#2079, ok dtucker@
2013-04-23 15:19:27 +10:00
9f12b5dcd5
- djm@cvs.openbsd.org 2013/04/05 00:31:49
...
[pathnames.h]
use the existing _PATH_SSH_USER_RC define to construct the other
pathnames; bz#2077, ok dtucker@ (no binary change)
2013-04-23 15:19:11 +10:00
d677ad14ff
- djm@cvs.openbsd.org 2013/04/05 00:14:00
...
[auth2-gss.c krl.c sshconnect2.c]
hush some {unused, printf type} warnings
2013-04-23 15:18:51 +10:00
508b6c3d3b
- djm@cvs.openbsd.org 2013/03/08 06:32:58
...
[ssh.c]
allow "ssh -f none ..." ok markus@
2013-04-23 15:18:28 +10:00
91a55f28f3
- markus@cvs.openbsd.org 2013/03/07 19:27:25
...
[auth.h auth2-chall.c auth2.c monitor.c sshd_config.5]
add submethod support to AuthenticationMethods; ok and freedback djm@
2013-04-23 15:18:10 +10:00
4ce189d910
- djm@cvs.openbsd.org 2013/03/07 00:19:59
...
[auth2-pubkey.c monitor.c]
reconstruct the original username that was sent by the client, which may
have included a style (e.g. "root:skey") when checking public key
signatures. Fixes public key and hostbased auth when the client specified
a style; ok markus@
2013-04-23 15:17:52 +10:00
5cbec4c259
- djm@cvs.openbsd.org 2013/03/06 23:36:53
...
[readconf.c]
g/c unused variable (-Wunused)
2013-04-23 15:17:12 +10:00
998cc56b65
- djm@cvs.openbsd.org 2013/03/06 23:35:23
...
[session.c]
fatal() when ChrootDirectory specified by running without root privileges;
ok markus@
2013-04-23 15:16:43 +10:00
62e9c4f9b6
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2013/03/05 20:16:09
[sshconnect2.c]
reset pubkey order on partial success; ok djm@
2013-04-23 15:15:49 +10:00
6332da2ae8
- (djm) [auth.c configure.ac misc.c monitor.c monitor_wrap.c] Support
...
platforms, such as Android, that lack struct passwd.pw_gecos. Report
and initial patch from Nathan Osman bz#2086; feedback tim@ ok dtucker@
2013-04-23 14:25:52 +10:00
ce1c9574fc
- (dtucker) [configure.ac] Use -Qunused-arguments to suppress warnings from
...
unused argument warnings (in particular, -fno-builtin-memset) from clang.
2013-04-18 21:36:19 +10:00
bc68f2451b
- (djm) [config.guess config.sub] Update to last versions before they switch
...
to GPL3. ok dtucker@
2013-04-18 11:26:25 +10:00
15fd19c4c9
- djm@cvs.openbsd.org 2013/02/22 22:09:01
...
[ssh.c]
Allow IdenityFile=none; ok markus deraadt (and dtucker for an earlier
version)
2013-04-05 11:22:26 +11:00
5d1d9541a7
- markus@cvs.openbsd.org 2013/02/22 19:13:56
...
[sshconnect.c]
support ProxyCommand=- (stdin/out already point to the proxy); ok djm@
2013-04-05 11:20:00 +11:00
aefa368243
- dtucker@cvs.openbsd.org 2013/02/22 04:45:09
...
[ssh.c readconf.c readconf.h]
Don't complain if IdentityFiles specified in system-wide configs are
missing. ok djm, deraadt
2013-04-05 11:18:35 +11:00
f3c3814243
- dtucker@cvs.openbsd.org 2013/02/19 02:12:47
...
[krl.c]
Remove bogus include. ok djm
(id sync only)
2013-04-05 11:16:52 +11:00
1910478c2d
- dtucker@cvs.openbsd.org 2013/02/17 23:16:57
...
[readconf.c ssh.c readconf.h sshconnect2.c]
Keep track of which IndentityFile options were manually supplied and which
were default options, and don't warn if the latter are missing.
ok markus@
2013-04-05 11:13:08 +11:00
c9627cdbc6
- (dtucker) [openbsd-compat/bsd-cygwin_util.{c,h}] Don't include windows.h
...
to avoid conflicting definitions of __int64, adding the required bits.
Patch from Corinna Vinschen.
2013-04-01 12:40:48 +11:00
75db01d2ce
- (tim) [Makefile.in] remove some duplication introduced in 20130220 commit.
2013-03-22 10:14:32 -07:00
221b4b2436
- (dtucker) [includes.h] Check if _GNU_SOURCE is already defined before
...
defining it again. Prevents warnings if someone, eg, sets it in CFLAGS.
2013-03-22 12:51:09 +11:00
c8a0f27c6d
- (dtucker) [configure.ac] Add stdlib.h to zlib check for exit() prototype.
2013-03-22 12:49:14 +11:00
eed8dc2610
- (djm) Release 6.2p1
2013-03-22 10:25:22 +11:00
83efe7c861
- (djm) [contrib/ssh-copy-id contrib/ssh-copy-id.1] Updated to Phil
...
Hands' greatly revised version.
2013-03-22 10:17:36 +11:00
63b4bcd04e
- (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c]
...
[openbsd-compat/vis.h] FreeBSD's strnvis isn't compatible with OpenBSD's
so mark it as broken. Patch from des AT des.no
2013-03-20 12:55:14 +11:00
aa86c3970f
- (tim) [configure.ac] OpenServer 5 wants lastlog even though it has none
...
of the bits the configure test looks for.
2013-03-16 20:55:46 -07:00
5852840190
- (djm) [session.c] FreeBSD needs setusercontext(..., LOGIN_SETUMASK) to
...
occur after UID switch; patch from John Marshall via des AT des.no;
ok dtucker@
2013-03-15 11:22:37 +11:00
f4db77d766
- (djm) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
...
Add a usleep replacement for platforms that lack it; ok dtucker
2013-03-15 10:34:25 +11:00
a2438bbd28
- (djm) [configure.ac] Disable utmp, wtmp and/or lastlog if the platform
...
is unable to successfully compile them. Based on patch from des AT
des.no
2013-03-15 10:23:07 +11:00
aa97d13fa2
- (dtucker) [auth.c configure.ac platform.c platform.h] Accept uid 2 ("bin")
...
in addition to root as an owner of system directories on AIX and HP-UX.
ok djm@
2013-03-12 11:31:05 +11:00
fe10a28e08
- (dtucker) [regress/Makefile regress/cipher-speed.sh regress/test-exec.sh]
...
Improve portability of cipher-speed test, based mostly on a patch from
Iain Morgan.
2013-03-12 11:19:40 +11:00
e4f4347822
- (djm) [configure.ac] Add a timeout to the select/rlimit test to give it a
...
chance to complete on broken systems; ok dtucker@
2013-03-08 12:14:22 +11:00
2b6ea47106
- (tim) [Makefile.in] Add another missing $(EXEEXT) I should have seen 3 days
...
ago.
2013-03-07 07:37:13 -08:00
4d1a0fe029
remove extra word
2013-03-07 20:14:34 +11:00
9243ef086f
- (dtucker) [defines.h] Remove SIZEOF_CHAR bits since the test for it is
...
was removed in configure.ac rev 1.481 as it was redundant.
2013-03-07 20:06:13 +11:00
b3cd503742
- (dtucker) [INSTALL] Bump documented autoconf version to what we're
...
currently using.
2013-03-07 12:33:35 +11:00
ff008ded7f
- (dtucker) [configure.ac] test that we can set number of file descriptors
...
to zero with setrlimit before enabling the rlimit sandbox. This affects
(at least) HPUX 11.11.
2013-03-06 17:48:48 +11:00
834a0d6d54
- (dtucker) [regress/forward-control.sh] Wait longer for the forwarding
...
connection to start so that the test works on slower machines.
2013-03-06 14:06:48 +11:00
ff8bda8f05
- (tim) [Makefile.in] Add missing $(EXEEXT). Found by Roumen Petrov.
2013-03-05 14:23:58 -08:00
29c7151d20
- (dtucker) [Makefile.in] Remove trailing "\" on PATHS, which caused obscure
...
build breakage on (at least) HP-UX 11.11. Found by Amit Kulkarni and Kevin
Brott.
2013-03-05 21:50:09 +11:00
fef9f7c3d1
add Amit.
2013-03-05 20:02:24 +11:00
5f0e54c892
- (dtucker) [configure.ac] use "=" for shell test and not "==". Spotted by
...
Kevin Brott.
2013-03-05 19:57:39 +11:00
43e5e60bad
- (djm) [regress/modpipe.c] Compilation fix for AIX and parsing fix for
...
HP/UX. Spotted by Kevin Brott
2013-03-05 09:49:00 +11:00
21f591b6d9
- (tim) [regress/krl.sh] keep old solaris awk from hanging.
2013-02-26 22:48:31 -08:00
ada7e17ae5
- (tim) [regress/integrity.sh] keep old solaris awk from hanging.
2013-02-26 21:49:09 -08:00
f9e2060ca9
- (tim) [regress/integrity.sh] shell portability fix.
2013-02-26 20:27:29 -08:00
a514bc05b1
- (tim) [regress/forward-control.sh] use sh in case login shell is csh.
2013-02-26 19:35:26 -08:00
c0cc7ce166
- (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
...
[contrib/suse/openssh.spec] Crank version numbers
2013-02-27 10:48:18 +11:00
6c21bb8c4a
- (djm) [regress/integrity.sh] Run sshd via $SUDO; fixes tinderbox breakage
...
for UsePAM=yes configuration
2013-02-26 19:41:30 +11:00
1e657d592d
- djm@cvs.openbsd.org 2013/02/20 08:27:50
...
[integrity.sh]
Add an option to modpipe that warns if the modification offset it not
reached in it's stream and turn it on for t-integrity. This should catch
cases where the session is not fuzzed for being too short (cf. my last
"oops" commit)
2013-02-26 18:58:06 +11:00
03978c61f3
- (dtucker) [configure.ac ssh-gss.h] bz#2073: additional #includes needed
...
to use Solaris native GSS libs. Patch from Pierre Ossman.
2013-02-25 11:24:44 +11:00
a423fefb89
welcome to 2013
2013-02-25 10:32:27 +11:00
b87f6b70f8
- (djm) [configure.ac includes.h loginrec.c mux.c sftp.c] Prefer
...
bsd/libutil.h to libutil.h to avoid deprecation warnings on Ubuntu.
ok tim
2013-02-23 09:12:23 +11:00
91f40d8592
- (djm) [configure.ac sandbox-seccomp-filter.c] Support for Linux
...
seccomp-bpf sandbox on ARM. Patch from shawnlandden AT gmail.com;
ok dtucker
2013-02-22 11:37:00 +11:00
a2b5a4c746
- (dtucker) [configure.ac] bz#2073: look for Solaris' differently-named
...
libgss too. Patch from Pierre Ossman, ok djm.
2013-02-22 10:43:15 +11:00
964de184a8
- (dtucker) [Makefile.in configure.ac] bz#2072: don't link krb5 libs to
...
ssh(1) since they're not needed. Patch from Pierre Ossman.
2013-02-22 10:39:59 +11:00
0ec7423692
- (tim) [regress/forward-control.sh] shell portability fix.
2013-02-20 21:37:55 -08:00
5acc6be981
- djm@cvs.openbsd.org 2013/02/20 08:29:27
...
[regress/modpipe.c]
s/Id/OpenBSD/ in RCS tag
2013-02-20 21:16:07 +11:00
283e575a7d
- djm@cvs.openbsd.org 2013/02/20 08:27:50
...
[regress/integrity.sh regress/modpipe.c]
Add an option to modpipe that warns if the modification offset it not
reached in it's stream and turn it on for t-integrity. This should catch
cases where the session is not fuzzed for being too short (cf. my last
"oops" commit)
2013-02-20 21:13:27 +11:00
c31db8cd6e
- (tim) [krl.c Makefile.in regress/Makefile regress/modpipe.c] remove unneeded
...
err.h include from krl.c. Additional portability fixes for modpipe. OK djm
2013-02-19 19:01:51 -08:00
c08b3ef6f4
- (tim) [regress/cipher-speed.sh regress/try-ciphers.sh] shell portability fix.
2013-02-19 11:53:29 -08:00
dae85cc3ad
- (djm) [regress/integrity.sh] Skip SHA2-based MACs on configurations that
...
lack support for SHA2.
2013-02-19 14:27:44 +11:00
b3764e1202
- djm@cvs.openbsd.org 2013/02/19 02:14:09
...
[integrity.sh]
oops, forgot to increase the output of the ssh command to ensure that
we actually reach $offset
2013-02-19 13:15:01 +11:00
0dc3bc908e
- djm@cvs.openbsd.org 2013/02/18 22:26:47
...
[integrity.sh]
crank the offset yet again; it was still fuzzing KEX one of Darren's
portable test hosts at 2800
2013-02-19 09:28:32 +11:00
33d52566bc
- djm@cvs.openbsd.org 2013/02/17 23:16:55
...
[integrity.sh]
make the ssh command generates some output to ensure that there are at
least offset+tries bytes in the stream.
2013-02-18 10:18:05 +11:00
5d7b9565bc
- djm@cvs.openbsd.org 2013/02/16 06:08:45
...
[integrity.sh]
make sure the fuzz offset is actually past the end of KEX for all KEX
types. diffie-hellman-group-exchange-sha256 requires an offset around
2700. Noticed via test failures in portable OpenSSH on platforms that
lack ECC and this the more byte-frugal ECDH KEX algorithms.
2013-02-16 17:32:31 +11:00
2991d288db
- (dtucker) [openbsd-compat/bsd-misc.c] Handle the case where setpgrp() takes
...
an argument. Pointed out by djm.
2013-02-15 14:55:38 +11:00
f32db83f41
- (dtucker) [openbsd-compat/openbsd-compat.h] Add prototype for strtoul,
...
group strto* function prototypes together.
2013-02-15 12:20:41 +11:00
5ceddc31cd
- dtucker@cvs.openbsd.org 2013/02/15 00:21:01
...
[sshconnect2.c]
Warn more loudly if an IdentityFile provided by the user cannot be read.
bz #1981 , ok djm@
2013-02-15 12:18:32 +11:00
8e6fb780e5
- (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoull.c
...
openbsd-compat/openbsd-compat.h] Add strtoull to compat library for
platforms that don't have it.
2013-02-15 12:13:01 +11:00
3c4a24c3e3
- (dtucker) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
...
Use getpgrp() if we don't have getpgid() (old BSDs, maybe others).
2013-02-15 11:41:35 +11:00
4018dc04da
- djm@cvs.openbsd.org 2013/02/14 21:35:59
...
[auth2-pubkey.c]
Correct error message that had a typo and was logging the wrong thing;
patch from Petr Lautrbach
2013-02-15 10:28:55 +11:00
91edc1ce2b
- (djm) [contrib/suse/rc.sshd] Use SSHD_BIN consistently; bz#2056 from
...
Iain Morgan
2013-02-15 10:23:44 +11:00
57f9218528
- (djm) [regress/integrity.sh] Start fuzzing from offset 2500 (instead
...
of 2300) to avoid clobbering the end of (non-MAC'd) KEX. Verified by
Iain Morgan
2013-02-14 10:32:33 +11:00
6d77d6ea2b
- (djm) [regress/krl.sh] typo; found by Iain Morgan
2013-02-14 10:31:03 +11:00
2653f5c0a6
- (djm) [regress/krl.sh] Don't use ecdsa keys in environment that lack ECC.
2013-02-14 10:14:51 +11:00
2f20de5e3f
- (djm) [regress/try-ciphers.sh] clean up CVS merge botch
2013-02-12 11:31:38 +11:00
58e2c5b394
- djm@cvs.openbsd.org 2013/02/11 23:58:51
...
[try-ciphers.sh]
remove acss here too
2013-02-12 11:16:57 +11:00
22e8a1e169
- dtucker@cvs.openbsd.org 2013/02/11 21:21:58
...
[sshd.c]
Add openssl version to debug output similar to the client. ok markus@
2013-02-12 11:04:48 +11:00
894926ebd8
- djm@cvs.openbsd.org 2013/02/10 23:35:24
...
[packet.c]
record "Received disconnect" messages at ERROR rather than INFO priority,
since they are abnormal and result in a non-zero ssh exit status; patch
from Iain Morgan in bz#2057; ok dtucker@
2013-02-12 11:03:58 +11:00
78d22713c7
- djm@cvs.openbsd.org 2013/02/10 23:32:10
...
[ssh-keygen.c]
append to moduli file when screening candidates rather than overwriting.
allows resumption of interrupted screen; patch from Christophe Garault
in bz#1957; ok dtucker@
2013-02-12 11:03:36 +11:00
fd05154dc4
- markus@cvs.openbsd.org 2013/02/10 21:19:34
...
[version.h]
openssh 6.2
2013-02-12 11:03:10 +11:00
d6d9fa0281
- djm@cvs.openbsd.org 2013/02/08 00:41:12
...
[sftp.c]
fix NULL deref when built without libedit and control characters
entered as command; debugging and patch from Iain Morgan an
Loganaden Velvindron in bz#1956
2013-02-12 11:02:46 +11:00
18de9133c2
- dtucker@cvs.openbsd.org 2013/02/06 00:22:21
...
[auth.c]
Fix comment, from jfree.e1 at gmail
2013-02-12 11:02:27 +11:00
1f583df8c3
- dtucker@cvs.openbsd.org 2013/02/06 00:20:42
...
[servconf.c sshd_config sshd_config.5]
Change default of MaxStartups to 10:30:100 to start doing random early
drop at 10 connections up to 100 connections. This will make it harder
to DoS as CPUs have come a long way since the original value was set
back in 2000. Prompted by nion at debian org, ok markus@
2013-02-12 11:02:08 +11:00
0cd2f8e5f8
- djm@cvs.openbsd.org 2013/01/27 10:06:12
...
[krl.c]
actually use the xrealloc() return value; spotted by xi.wang AT gmail.com
2013-02-12 11:01:39 +11:00
f0a8ded824
- djm@cvs.openbsd.org 2013/01/26 06:11:05
...
[Makefile.in acss.c acss.h cipher-acss.c cipher.c]
[openbsd-compat/openssl-compat.h]
remove ACSS, now that it is gone from libcrypto too
2013-02-12 11:00:34 +11:00
60565bcb5c
- djm@cvs.openbsd.org 2013/01/25 10:22:19
...
[krl.c]
redo last commit without the vi-vomit that snuck in:
skip serial lookup when cert's serial number is zero
(now with 100% better comment)
2013-02-12 10:56:42 +11:00
377d9a44f9
- krw@cvs.openbsd.org 2013/01/25 05:00:27
...
[krl.c]
Revert last. Breaks due to likely typo. Let djm@ fix later.
ok djm@ via dlg@
2013-02-12 10:55:16 +11:00
6045f5d574
- djm@cvs.openbsd.org 2013/01/24 22:08:56
...
[krl.c]
skip serial lookup when cert's serial number is zero
2013-02-12 10:54:54 +11:00
ea078462ea
- (djm) OpenBSD CVS Sync
...
- djm@cvs.openbsd.org 2013/01/24 21:45:37
[krl.c]
fix handling of (unused) KRL signatures; skip string in correct buffer
2013-02-12 10:54:37 +11:00
b6f73b3af6
- (djm) [configure.ac openbsd-compat/openssl-compat.h] Repair build on old
...
libcrypto that lacks EVP_CIPHER_CTX_ctrl
2013-02-11 10:39:12 +11:00
951b53b1be
- (dtucker) [configure.ac openbsd-compat/sys-tree.h] Test if compiler allows
...
__attribute__ on return values and work around if necessary. ok djm@
2013-02-08 11:50:09 +11:00
e7f50e1c18
- (djm) [contrib/redhat/sshd.init] treat RETVAL as an integer;
...
patch from Iain Morgan in bz#2059
2013-02-08 10:49:37 +11:00
5c3bbd76aa
- (djm) [configure.ac] Don't probe seccomp capability of running kernel
...
at configure time; the seccomp sandbox will fall back to rlimit at
runtime anyway. Patch from plautrba AT redhat.com in bz#2011
2013-02-07 10:11:05 +11:00
dc75d1fc04
- (djm) [regress/krl.sh] replacement for jot; most platforms lack it
2013-01-20 22:58:51 +11:00
d60b210830
- (djm) [openbsd-compat/sys-tree.h] Sync with OpenBSD. krl.c needs newer
...
version.
2013-01-20 22:49:58 +11:00
a7522d9fc0
- markus@cvs.openbsd.org 2013/01/19 12:34:55
...
[krl.c]
RB_INSERT does not remove existing elments; ok djm@
2013-01-20 22:35:31 +11:00
a0a7ee8bf4
- jmc@cvs.openbsd.org 2013/01/19 07:13:25
...
[ssh-keygen.1]
fix some formatting; ok djm
2013-01-20 22:35:06 +11:00
881a7a2c5d
- jmc@cvs.openbsd.org 2013/01/18 21:48:43
...
[ssh-keygen.1]
command-line (adj.) -> command line (n.);
2013-01-20 22:34:46 +11:00
072fdcd198
- jmc@cvs.openbsd.org 2013/01/18 08:39:04
...
[ssh-keygen.1]
add -Q to the options list; ok djm
2013-01-20 22:34:04 +11:00
72abeb709e
- jmc@cvs.openbsd.org 2013/01/18 08:00:49
...
[sshd_config.5]
tweak previous;
2013-01-20 22:33:44 +11:00
3d6d68b1e1
- jmc@cvs.openbsd.org 2013/01/18 07:59:46
...
[ssh-keygen.c]
-u before -V in usage();
2013-01-20 22:33:23 +11:00
ac5542b6b8
- jmc@cvs.openbsd.org 2013/01/18 07:57:47
...
[ssh-keygen.1]
tweak previous;
2013-01-20 22:33:02 +11:00
da5cc5d09a
- (djm) [cipher-aes.c cipher-ctr.c openbsd-compat/openssl-compat.h]
...
Move prototypes for replacement ciphers to openssl-compat.h; fix EVP
prototypes for openssl-1.0.0-fips.
2013-01-20 22:31:29 +11:00
13f5f768bc
- djm@cvs.openbsd.org 2013/01/18 03:00:32
...
[krl.c]
fix KRL generation bug for list sections
2013-01-18 15:32:03 +11:00
ebafebda85
- djm@cvs.openbsd.org 2013/01/18 00:45:29
...
[regress/Makefile regress/cert-userkey.sh regress/krl.sh]
Tests for Key Revocation Lists (KRLs)
2013-01-18 11:51:56 +11:00
f3747bf401
- djm@cvs.openbsd.org 2013/01/17 23:00:01
...
[auth.c key.c key.h ssh-keygen.1 ssh-keygen.c sshd_config.5]
[krl.c krl.h PROTOCOL.krl]
add support for Key Revocation Lists (KRLs). These are a compact way to
represent lists of revoked keys and certificates, taking as little as
a single bit of incremental cost to revoke a certificate by serial number.
KRLs are loaded via the existing RevokedKeys sshd_config option.
feedback and ok markus@
2013-01-18 11:44:04 +11:00
b26699bbad
- (djm) [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh]
...
check for GCM support before testing GCM ciphers.
2013-01-17 14:31:57 +11:00
efa1c95092
- (djm) [regress/integrity.sh] repair botched merge
2013-01-12 23:10:47 +11:00
846dc7f21c
- djm@cvs.openbsd.org 2013/01/12 11:23:53
...
[regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh]
test AES-GCM modes; feedback markus@
2013-01-12 22:46:26 +11:00
c20eb8b8ea
- djm@cvs.openbsd.org 2013/01/12 11:22:04
...
[cipher.c]
improve error message for integrity failure in AES-GCM modes; ok markus@
2013-01-12 22:41:26 +11:00
1422c0887c
- djm@cvs.openbsd.org 2013/01/09 05:40:17
...
[ssh-keygen.c]
correctly initialise fingerprint type for fingerprinting PKCS#11 keys
2013-01-09 16:44:54 +11:00
d522c68872
- (djm) [cipher.c configure.ac openbsd-compat/openssl-compat.h]
...
Fix merge botch, automatically detect AES-GCM in OpenSSL, move a little
cipher compat code to openssl-compat.h
2013-01-09 16:42:47 +11:00
1d75abfe23
- markus@cvs.openbsd.org 2013/01/08 18:49:04
...
[PROTOCOL authfile.c cipher.c cipher.h kex.c kex.h monitor_wrap.c]
[myproposal.h packet.c ssh_config.5 sshd_config.5]
support AES-GCM as defined in RFC 5647 (but with simpler KEX handling)
ok and feedback djm@
2013-01-09 16:12:19 +11:00
aa7ad3039c
- jmc@cvs.openbsd.org 2013/01/04 19:26:38
...
[sftp-server.8 sftp-server.c]
sftp-server.8: add argument name to -d
sftp-server.c: add -d to usage()
ok djm
2013-01-09 15:58:21 +11:00
ec77c954c8
- djm@cvs.openbsd.org 2013/01/03 23:22:58
...
[ssh-keygen.c]
allow fingerprinting of keys hosted in PKCS#11 tokens: ssh-keygen -lD ...
ok markus@
2013-01-09 15:58:00 +11:00
502ab0eff1
- djm@cvs.openbsd.org 2013/01/03 12:54:49
...
[sftp-server.8 sftp-server.c]
allow specification of an alternate start directory for sftp-server(8)
"I like this" markus@
2013-01-09 15:57:36 +11:00
3739c8f041
- djm@cvs.openbsd.org 2013/01/03 12:49:01
...
[PROTOCOL]
fix description of MAC calculation for EtM modes; ok markus@
2013-01-09 15:57:16 +11:00
441384453c
- djm@cvs.openbsd.org 2013/01/03 05:49:36
...
[servconf.h]
add a couple of ServerOptions members that should be copied to the privsep
child (for consistency, in this case they happen only to be accessed in
the monitor); ok dtucker@
2013-01-09 15:56:45 +11:00
697485d50a
- djm@cvs.openbsd.org 2013/01/02 00:33:49
...
[PROTOCOL.agent]
correct format description for SSH_AGENTC_ADD_RSA_ID_CONSTRAINED
bz#2051 from david AT lechnology.com
2013-01-09 15:56:13 +11:00
73298f420e
- djm@cvs.openbsd.org 2013/01/02 00:32:07
...
[clientloop.c mux.c]
channel_setup_local_fwd_listener() returns 0 on failure, not -ve
bz#2055 reported by mathieu.lacage AT gmail.com
2013-01-09 15:55:50 +11:00
4e14a58f3f
- dtucker@cvs.openbsd.org 2012/12/14 05:26:43
...
[auth.c]
use correct string in error message; from rustybsd at gmx.fr
2013-01-09 15:54:48 +11:00
0fc77297e6
- (dtucker) [Makefile.in] Add some scaffolding so that the new regress
...
tests will work with VPATH directories.
2012-12-17 15:59:42 +11:00
13cbff1e00
- (djm) [cipher.c] Fix missing prototype for compat code
2012-12-13 08:25:07 +11:00
25a02b0c95
- (djm) [configure.ac cipher-ctr.c] Adapt EVP AES CTR change to retain our
...
compat code for older OpenSSL
2012-12-13 08:18:56 +11:00
8c05da3326
- markus@cvs.openbsd.org 2012/12/12 16:45:52
...
[packet.c]
reset incoming_packet buffer for each new packet in EtM-case, too;
this happens if packets are parsed only parially (e.g. ignore
messages sent when su/sudo turn off echo); noted by sthen/millert
2012-12-13 07:18:59 +11:00
faabeb6b36
- (djm) [regress/Makefile] fix t-exec rule
2012-12-12 12:51:54 +11:00
37461d7391
- (djm) [regress/integrity.sh] Fix awk quoting, packet length skip
2012-12-12 12:37:32 +11:00
37834afe7b
- (djm) [mac.c] fix merge botch
2012-12-12 11:00:37 +11:00
ec7ce9ace4
- markus@cvs.openbsd.org 2012/12/11 23:12:13
...
[try-ciphers.sh]
add hmac-ripemd160-etm@openssh.com
2012-12-12 10:55:32 +11:00
1fb593a3f1
- markus@cvs.openbsd.org 2012/12/11 22:42:11
...
[regress/Makefile regress/modpipe.c regress/integrity.sh]
test the integrity of the packets; with djm@
2012-12-12 10:54:37 +11:00
1a45b63d7b
- markus@cvs.openbsd.org 2012/12/11 22:32:56
...
[regress/try-ciphers.sh]
add etm modes
2012-12-12 10:52:07 +11:00
74f13bdf26
- sthen@cvs.openbsd.org 2012/12/11 22:51:45
...
[mac.c]
fix typo, s/tem/etm in hmac-ripemd160-tem. ok markus@
2012-12-12 10:46:53 +11:00
af43a7ac2d
- markus@cvs.openbsd.org 2012/12/11 22:31:18
...
[PROTOCOL authfile.c cipher.c cipher.h kex.h mac.c myproposal.h]
[packet.c ssh_config.5 sshd_config.5]
add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms
that change the packet format and compute the MAC over the encrypted
message (including the packet size) instead of the plaintext data;
these EtM modes are considered more secure and used by default.
feedback and ok djm@
2012-12-12 10:46:31 +11:00
6a1937eac5
- markus@cvs.openbsd.org 2012/12/11 22:16:21
...
[monitor.c]
drain the log messages after receiving the keystate from the unpriv
child. otherwise it might block while sending. ok djm@
2012-12-12 10:44:38 +11:00
3e1027cd1f
- dtucker@cvs.openbsd.org 2012/12/07 01:51:35
...
[serverloop.c]
Cast signal to int for logging. A no-op on openbsd (they're always ints)
but will prevent warnings in portable. ok djm@
2012-12-07 13:07:46 +11:00
8a96522482
- markus@cvs.openbsd.org 2012/12/05 15:42:52
...
[ssh-add.c]
prevent double-free of comment; ok djm@
2012-12-07 13:07:02 +11:00
f9333d5246
- jmc@cvs.openbsd.org 2012/12/03 08:33:03
...
[ssh-add.1 sshd_config.5]
tweak previous;
2012-12-07 13:06:13 +11:00
3dfb877046
- dtucker@cvs.openbsd.org 2012/12/06 06:06:54
...
[regress/keys-command.sh]
Fix some problems with the keys-command test:
- use string comparison rather than numeric comparison
- check for existing KEY_COMMAND file and don't clobber if it exists
- clean up KEY_COMMAND file if we do create it.
- check that KEY_COMMAND is executable (which it won't be if eg /var/run
is mounted noexec).
ok djm.
2012-12-07 13:03:10 +11:00
96ce9a1e45
20121205
...
- (tim) [defines.h] Some platforms are missing ULLONG_MAX. Feedback djm@.
2012-12-04 07:50:03 -08:00
8b48982a56
- (djm) [configure.ac] Revert previous. configure.ac already does this
...
for us.
2012-12-03 12:35:55 +11:00
03af12e930
- (djm) [configure.ac] Turn on -g for gcc compilers. Helps pre-installation
...
debugging. ok dtucker@
2012-12-03 11:55:53 +11:00
55aca027ed
- djm@cvs.openbsd.org 2012/12/03 00:14:06
...
[auth2-chall.c ssh-keygen.c]
Fix compilation with -Wall -Werror (trivial type fixes)
2012-12-03 11:25:30 +11:00
999bd2d259
- djm@cvs.openbsd.org 2012/12/02 20:47:48
...
[Makefile regress/forward-control.sh]
regress for AllowTcpForwarding local/remote; ok markus@
2012-12-03 10:13:39 +11:00
771c43cee6
- djm@cvs.openbsd.org 2012/11/22 22:49:30
...
[regress/Makefile regress/keys-command.sh]
regress for AuthorizedKeysCommand; hints from markus@
2012-12-03 10:12:13 +11:00
6618e92509
- djm@cvs.openbsd.org 2012/10/19 05:10:42
...
[regress/cert-userkey.sh]
include a serial number when generating certs
2012-12-03 10:09:04 +11:00
fa51d8b6b2
- dtucker@cvs.openbsd.org 2012/10/05 02:20:48
...
[regress/cipher-speed.sh regress/try-ciphers.sh]
Add umac-128@openssh.com to the list of MACs to be tested
2012-12-03 10:08:25 +11:00
d27a026ab7
- dtucker@cvs.openbsd.org 2012/10/05 02:05:30
...
[regress/multiplex.sh]
Use 'kill -0' to test for the presence of a pid since it's more portable
2012-12-03 10:06:37 +11:00
15b05cfa17
- djm@cvs.openbsd.org 2012/12/02 20:34:10
...
[auth.c auth.h auth1.c auth2-chall.c auth2-gss.c auth2-jpake.c auth2.c]
[monitor.c monitor.h]
Fixes logging of partial authentication when privsep is enabled
Previously, we recorded "Failed xxx" since we reset authenticated before
calling auth_log() in auth2.c. This adds an explcit "Partial" state.
Add a "submethod" to auth_log() to report which submethod is used
for keyboard-interactive.
Fix multiple authentication when one of the methods is
keyboard-interactive.
ok markus@
2012-12-03 09:53:20 +11:00
aa5b3f8314
- djm@cvs.openbsd.org 2012/12/02 20:46:11
...
[auth-options.c channels.c servconf.c servconf.h serverloop.c session.c]
[sshd_config.5]
make AllowTcpForwarding accept "local" and "remote" in addition to its
current "yes"/"no" to allow the server to specify whether just local or
remote TCP forwarding is enabled. ok markus@
2012-12-03 09:50:54 +11:00
33a813613a
- djm@cvs.openbsd.org 2012/12/02 20:42:15
...
[ssh-add.1 ssh-add.c]
make deleting explicit keys "ssh-add -d" symmetric with adding keys -
try to delete the corresponding certificate too and respect the -k option
to allow deleting of the key only; feedback and ok markus@
2012-12-03 09:50:24 +11:00
cb6b68b209
- djm@cvs.openbsd.org 2012/12/02 20:26:11
...
[ssh_config.5 sshconnect2.c]
Make IdentitiesOnly apply to keys obtained from a PKCS11Provider.
This allows control of which keys are offered from tokens using
IdentityFile. ok markus@
2012-12-03 09:49:52 +11:00
cf6ef137b5
- (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD to get
...
TAILQ_FOREACH_SAFE needed for upcoming changes.
2012-12-03 09:37:56 +11:00
6f3b362fa8
- djm@cvs.openbsd.org 2012/11/14 02:32:15
...
[ssh-keygen.c]
allow the full range of unsigned serial numbers; 'fine' deraadt@
2012-11-14 19:04:33 +11:00
1e85469fcb
- djm@cvs.openbsd.org 2012/11/14 02:24:27
...
[auth2-pubkey.c]
fix username passed to helper program
prepare stdio fds before closefrom()
spotted by landry@
2012-11-14 19:04:02 +11:00
0120c41d6b
- jmc@cvs.openbsd.org 2012/09/26 17:34:38
...
[moduli.5]
last stage of rfc changes, using consistent Rs/Re blocks, and moving the
references into a STANDARDS section;
2012-11-07 08:36:00 +11:00
d5c3d4c0ca
- eric@cvs.openbsd.org 2011/11/28 08:46:27
...
[moduli.5]
fix formula
ok djm@
2012-11-07 08:35:38 +11:00
737f7aff36
- (dtucker) [auth2-pubkey.c] wrap paths.h in an ifdef for platforms that
...
don't have it. Spotted by tim@.
2012-11-05 17:07:43 +11:00
f96ff18a92
- (dtucker) [uidswap.c openbsd-compat/Makefile.in
...
openbsd-compat/bsd-setres_id.c openbsd-compat/bsd-setres_id.h
openbsd-compat/openbsd-compat.h] Move the fallback code for setting uids
and gids from uidswap.c to the compat library, which allows it to work with
the new setresuid calls in auth2-pubkey. with tim@, ok djm@
2012-11-05 17:04:37 +11:00
a6e3f01d1e
- djm@cvs.openbsd.org 2012/11/04 11:09:15
...
[auth.h auth1.c auth2.c monitor.c servconf.c servconf.h sshd.c]
[sshd_config.5]
Support multiple required authentication via an AuthenticationMethods
option. This option lists one or more comma-separated lists of
authentication method names. Successful completion of all the methods in
any list is required for authentication to complete;
feedback and ok markus@
2012-11-04 23:21:40 +11:00
d0d1099b3b
- djm@cvs.openbsd.org 2012/11/04 10:38:43
...
[auth2-pubkey.c sshd.c sshd_config.5]
Remove default of AuthorizedCommandUser. Administrators are now expected
to explicitly specify a user. feedback and ok markus@
2012-11-04 22:23:14 +11:00
f33580eed0
- OpenBSD CVS Sync
...
- jmc@cvs.openbsd.org 2012/10/31 08:04:50
[sshd_config.5]
tweak previous;
2012-11-04 22:22:52 +11:00
09d3e12512
- djm@cvs.openbsd.org 2012/10/30 21:29:55
...
[auth-rsa.c auth.c auth.h auth2-pubkey.c servconf.c servconf.h]
[sshd.c sshd_config sshd_config.5]
new sshd_config option AuthorizedKeysCommand to support fetching
authorized_keys from a command in addition to (or instead of) from
the filesystem. The command is run as the target server user unless
another specified via a new AuthorizedKeysCommandUser option.
patch originally by jchadima AT redhat.com, reworked by me; feedback
and ok markus@
2012-10-31 08:58:58 +11:00
07daed505f
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2012/10/05 12:34:39
[sftp.c]
fix signed vs unsigned warning; feedback & ok: djm@
2012-10-31 08:57:55 +11:00
c0e5cbe222
- (tim) [buildpkg.sh.in] Double up on some backslashes so they end up in
...
the generated file as intended.
2012-10-18 21:38:58 -07:00
cc8e9ffdd1
- [Makefile.in] "Using $< in a non-suffix rule context is a GNUmake idiom"
2012-10-05 15:41:06 +10:00
50ce447ef9
- [umac.c] Enforce allowed umac output sizes. From djm@.
2012-10-05 12:11:33 +10:00
ee4ad778d7
- dtucker@cvs.openbsd.org 2012/09/10 01:51:19
...
[regress/multiplex.sh]
use -Ocheck and waiting for completions by PID to make multiplexing test
less racy and (hopefully) more reliable on slow hardware.
2012-10-05 12:04:10 +10:00
9b2c0360cf
- dtucker@cvs.openbsd.org 2012/09/10 00:49:21
...
[regress/multiplex.sh]
Log -O cmd output to the log file and make logging consistent with the
other tests. Test clean shutdown of an existing channel when testing
"stop".
2012-10-05 11:45:39 +10:00
6fc5aa8b2e
- dtucker@cvs.openbsd.org 2012/09/09 11:51:25
...
[multiplex.sh]
Add test for ssh -Ostop
2012-10-05 11:43:57 +10:00
189e5bad5c
- dtucker@cvs.openbsd.org 2012/09/06 04:11:07
...
[regress/try-ciphers.sh]
Restore missing space. (Id sync only).
2012-10-05 11:41:52 +10:00
992faad1f1
- [Makefile umac.c] Add special-case target to build umac128.o.
2012-10-05 11:38:24 +10:00
427e409e99
- markus@cvs.openbsd.org 2012/10/04 13:21:50
...
[myproposal.h ssh_config.5 umac.h sshd_config.5 ssh.1 sshd.8 mac.c]
add umac128 variant; ok djm@ at n2k12
(note: further Makefile work is required)
2012-10-05 11:02:39 +10:00
0dc283b13a
- djm@cvs.openbsd.org 2012/10/02 07:07:45
...
[ssh-keygen.c]
fix -z option, broken in revision 1.215
2012-10-05 10:52:51 +10:00
3a7c04105a
- naddy@cvs.openbsd.org 2012/10/01 13:59:51
...
[monitor_wrap.c]
pasto; ok djm@
2012-10-05 10:51:59 +10:00
628a3fdce2
- jmc@cvs.openbsd.org 2012/09/26 16:12:13
...
[ssh.1]
last stage of rfc changes, using consistent Rs/Re blocks, and moving the
references into a STANDARDS section;
2012-10-05 10:50:15 +10:00
17146d369c
- dtucker@cvs.openbsd.org 2012/09/21 10:55:04
...
[sftp.c]
Fix handling of filenames containing escaped globbing characters and
escape "#" and "*". Patch from Jean-Marc Robert via tech@, ok djm.
2012-10-05 10:46:16 +10:00
191fcc6e4e
- dtucker@cvs.openbsd.org 2012/09/21 10:53:07
...
[sftp.c]
Fix improper handling of absolute paths when PWD is part of the completed
path. Patch from Jean-Marc Robert via tech@, ok djm.
2012-10-05 10:45:01 +10:00
063018d9f6
- dtucker@cvs.openbsd.org 2012/09/18 10:36:12
...
[sftp.c]
Add bounds check on sftp tab-completion. Part of a patch from from
Jean-Marc Robert via tech@, ok djm
2012-10-05 10:43:58 +10:00
302889a1b0
- markus@cvs.openbsd.org 2012/09/17 13:04:11
...
[packet.c]
clear old keys on rekeing; ok djm
2012-10-05 10:42:53 +10:00
0af2405ebf
- (dtucker) OpenBSD CVS Sync
...
- djm@cvs.openbsd.org 2012/09/17 09:54:44
[sftp.c]
an XXX for later
2012-10-05 10:41:25 +10:00
26b9e3b0c5
- markus@cvs.openbsd.org 2012/09/14 16:51:34
...
[sshconnect.c]
remove unused variable
2012-09-17 13:25:44 +10:00
bb6cc07cf4
- dtucker@cvs.openbsd.org 2012/09/13 23:37:36
...
[servconf.c]
Fix comment line length
2012-09-17 13:25:06 +10:00
86dc9b4110
Fix author's name for RFC6594 SSHFP change
2012-09-07 18:08:23 +10:00
48bf4b0ca3
- dtucker@cvs.openbsd.org 2012/09/07 06:34:21
...
[clientloop.c]
when muxmaster is run with -N, make it shut down gracefully when a client
sends it "-O stop" rather than hanging around (bz#1985). ok djm@
2012-09-07 16:38:53 +10:00
ca0d0fd806
- dtucker@cvs.openbsd.org 2012/09/07 01:10:21
...
[clientloop.c]
Merge escape help text for ~v and ~V; ok djm@
2012-09-07 11:22:24 +10:00
f111d40604
- dtucker@cvs.openbsd.org 2012/09/07 00:30:19
...
[clientloop.c]
Print '^Z' instead of a raw ^Z when the sequence is not supported. ok djm@
2012-09-07 11:21:42 +10:00
83d0af6907
- jmc@cvs.openbsd.org 2012/09/06 13:57:42
...
[ssh.1]
missing letter in previous;
2012-09-07 11:21:03 +10:00
92a39cfa09
- dtucker@cvs.openbsd.org 2012/09/06 09:50:13
...
[clientloop.c]
Make the escape command help (~?) context sensitive so that only commands
that will work in the current session are shown. ok markus@
(note: previous commit with this description was a mistake on my part while
pulling changes from OpenBSD)
2012-09-07 11:20:20 +10:00
241995382e
bz#2039: add acknowledgement of the original authors of the ECDSA SSHFP DNS
...
work. From Ondřej Surý.
2012-09-07 10:44:34 +10:00
29bf4040b4
- dtucker@cvs.openbsd.org 2012/09/06 09:50:13
...
[clientloop.c]
Make the escape command help (~?) context sensitive so that only commands
that will work in the current session are shown. ok markus@
2012-09-06 21:26:34 +10:00
50a48d025f
- dtucker@cvs.openbsd.org 2012/09/06 04:37:39
...
[clientloop.c log.c ssh.1 log.h]
Add ~v and ~V escape sequences to raise and lower the logging level
respectively. Man page help from jmc, ok deraadt jmc
2012-09-06 21:25:37 +10:00
00c1518a4d
- djm@cvs.openbsd.org 2012/08/17 01:30:00
...
[compat.c sshconnect.c]
Send client banner immediately, rather than waiting for the server to
move first for SSH protocol 2 connections (the default). Patch based on
one in bz#1999 by tls AT panix.com, feedback dtucker@ ok markus@
2012-09-06 21:21:56 +10:00
f09a8a6c6d
- djm@cvs.openbsd.org 2012/08/17 01:25:58
...
[ssh-keygen.c]
print details of which host lines were deleted when using
"ssh-keygen -R host"; ok markus@
2012-09-06 21:20:39 +10:00
ae608bdd83
- djm@cvs.openbsd.org 2012/08/17 01:22:56
...
[kex.c]
add some comments about better handling first-KEX-follows notifications
from the server. Nothing uses these right now. No binary change
2012-09-06 21:19:51 +10:00
66cb0e0733
- dtucker@cvs.openbsd.org 2012/08/17 00:45:45
...
[clientloop.c clientloop.h mux.c]
Force a clean shutdown of ControlMaster client sessions when the ~. escape
sequence is used. This means that ~. should now work in mux clients even
if the server is no longer responding. Found by tedu, ok djm.
2012-09-06 21:19:05 +10:00
3ee50c5d9f
- jmc@cvs.openbsd.org 2012/08/15 18:25:50
...
[ssh-keygen.1]
a little more info on certificate validity;
requested by Ross L Richardson, and provided by djm
2012-09-06 21:18:11 +10:00
23e4b80a60
- (dtucker) [moduli] Import new moduli file.
2012-08-30 10:42:47 +10:00
4eb0a532ef
- (djm) Release openssh-6.1
2012-08-29 10:26:20 +10:00
318541854f
- (dtucker) [openbsd-compat/bsd-cygwin_util.h] define WIN32_LEAN_AND_MEAN
...
for compatibility with future mingw-w64 headers. Patch from vinschen at
redhat com.
2012-08-28 19:57:19 +10:00
39a9d2c933
- (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
...
[contrib/suse/openssh.spec] Update version numbers
2012-08-22 21:57:13 +10:00
38fe66230f
- markus@cvs.openbsd.org 2012/07/22 18:19:21
...
[version.h]
openssh 6.1
2012-07-31 12:23:16 +10:00
46cb75a258
- dtucker@cvs.openbsd.org 2012/07/13 01:35:21
...
[servconf.c]
handle long comments in config files better. bz#2025, ok markus
2012-07-31 12:22:37 +10:00
1cce103b3e
fix truncated entry
2012-07-31 12:22:18 +10:00
5a5c2b9063
- djm@cvs.openbsd.org 2012/07/10 02:19:15
...
[servconf.c servconf.h sshd.c sshd_config]
Turn on systrace sandboxing of pre-auth sshd by default for new installs
by shipping a config that overrides the current UsePrivilegeSeparation=yes
default. Make it easier to flip the default in the future by adding too.
2012-07-31 12:21:34 +10:00
709a1e90d9
- jmc@cvs.openbsd.org 2012/07/06 06:38:03
...
[ssh-keygen.c]
missing full stop in usage();
2012-07-31 12:20:43 +10:00
d809a4bc28
Import regened moduli file.
2012-07-20 10:42:06 +10:00
fff9f095e2
- djm@cvs.openbsd.org 2012/07/06 01:47:38
...
[ssh.c]
move setting of tty_flag to after config parsing so RequestTTY options
are correctly picked up. bz#1995 patch from przemoc AT gmail.com;
ok dtucker@
2012-07-06 13:45:01 +10:00
ab523b0246
- djm@cvs.openbsd.org 2012/07/06 01:37:21
...
[mux.c]
fix memory leak of passed-in environment variables and connection
context when new session message is malformed; bz#2003 from Bert.Wesarg
AT googlemail.com
2012-07-06 13:44:43 +10:00
dfceafe8b1
- dtucker@cvs.openbsd.org 2012/07/06 00:41:59
...
[moduli.c ssh-keygen.1 ssh-keygen.c]
Add options to specify starting line number and number of lines to process
when screening moduli candidates. This allows processing of different
parts of a candidate moduli file in parallel. man page help jmc@, ok djm@
2012-07-06 13:44:19 +10:00
77eab7b024
- (djm) [configure.ac] Recursively expand $(bindir) to ensure it has no
...
unexpanded $(prefix) embedded. bz#2007 patch from nix-corp AT
esperi.org.uk; ok dtucker@
2012-07-06 11:49:28 +10:00
a0433a7096
- (djm) [sandbox-seccomp-filter.c] fallback to rlimit if seccomp filter is
...
not available. Allows use of sshd compiled on host with a filter-capable
kernel on hosts that lack the support. bz#2011 ok dtucker@
2012-07-06 10:27:10 +10:00
34f702ae64
- (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for
...
platforms that don't have it. "looks good" tim@
2012-07-04 08:50:09 +10:00
d545a4b974
- (dtucker) [configure.ac sandbox-rlimit.c] Test whether or not
...
setrlimit(RLIMIT_FSIZE, rl_zero) and skip it if it's not supported. Its
benefit is minor, so it's not worth disabling the sandbox if it doesn't
work.
2012-07-03 22:48:31 +10:00
60395f91c6
- (dtucker) [configure.ac] Detect platforms that can't use select(2) with
...
setrlimit(RLIMIT_NOFILE, rl_zero) and disable the rlimit sandbox on those.
2012-07-03 14:31:18 +10:00
6ea5dc6bb8
- (dtucker) [regress/test-exec.sh] Correct uname for cygwin/w2k.
2012-07-03 01:11:28 +10:00
ec1e15d51a
- (dtucker) [regress/reexec.sh regress/sftp-cmds.sh regress/test-exec.sh]
...
Move cygwin detection to test-exec and use to skip reexec test on cygwin.
2012-07-03 01:06:49 +10:00
369ceedce2
- dtucker@cvs.openbsd.org 2012/07/02 14:37:06
...
[regress/connect-privsep.sh]
remove exit from end of test since it prevents reporting failure
2012-07-03 00:53:18 +10:00
4908d44e67
- dtucker@cvs.openbsd.org 2012/07/02 12:13:26
...
[ssh-pkcs11-helper.c sftp-client.c]
fix a couple of "assigned but not used" warnings. ok markus@
2012-07-02 22:15:38 +10:00
7b30501bf5
- dtucker@cvs.openbsd.org 2012/07/02 08:50:03
...
[ssh.c]
set interactive ToS for forwarded X11 sessions. ok djm@
2012-07-02 18:55:09 +10:00
3b4b2d3021
- markus@cvs.openbsd.org 2012/06/30 14:35:09
...
[sandbox-systrace.c sshd.c]
fix a during the load of the sandbox policies (child can still make
the read-syscall and wait forever for systrace-answers) by replacing
the read/write synchronisation with SIGSTOP/SIGCONT;
report and help hshoexer@; ok djm@, dtucker@
2012-07-02 18:54:31 +10:00
ecbf14aa53
- naddy@cvs.openbsd.org 2012/06/29 13:57:25
...
[ssh_config.5 sshd_config.5]
match the documented MAC order of preference to the actual one;
ok dtucker@
2012-07-02 18:53:37 +10:00
14a9d2515b
- (dtucker) [key.c] ifdef out sha256 key types on platforms that don't have
...
the required functions in libcrypto.
2012-06-30 20:05:02 +10:00
3886f95d42
- (dtucker) [myproposal.h] Remove trailing backslash to fix compile error
2012-06-30 19:47:01 +10:00
a08c20763a
- dtucker@cvs.openbsd.org 2012/06/28 05:07:45
...
[regress/try-ciphers.sh regress/cipher-speed.sh]
Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed
from draft6 of the spec and will not be in the RFC when published. Patch
from mdb at juniper net via bz#2023, ok markus
2012-06-30 15:08:53 +10:00
2920bc145c
- dtucker@cvs.openbsd.org 2012/06/26 12:06:59
...
[regress/connect-privsep.sh]
test sandbox with every malloc option
2012-06-30 15:06:28 +10:00
ff32d7c9d2
- djm@cvs.openbsd.org 2012/06/01 00:52:52
...
[regress/sftp-cmds.sh]
don't delete .* on cleanup due to unintended env expansion; pointed out in
bz#2014 by openssh AT roumenpetrov.info
2012-06-30 15:04:13 +10:00
4430a86c14
- djm@cvs.openbsd.org 2012/06/01 00:47:35
...
[multiplex.sh forwarding.sh]
append to rather than truncate test log; bz#2013 from openssh AT
roumenpetrov.
2012-06-30 15:03:28 +10:00
301390316c
- dtucker@cvs.openbsd.org 2012/05/13 01:42:32
...
[regress/addrmatch.sh]
Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests
to match. Feedback and ok djm@ markus@.
2012-06-30 15:01:22 +10:00
ee3c196ec7
- naddy@cvs.openbsd.org 2012/06/29 13:57:25
...
[ssh_config.5 sshd_config.5]
match the documented MAC order of preference to the actual one; ok dtucker@
(actual patch accidentally committed with previous)
2012-06-30 08:35:59 +10:00
db4f8e8618
- dtucker@cvs.openbsd.org 2012/06/28 05:07:45
...
[mac.c myproposal.h ssh_config.5 sshd_config.5]
Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed
from draft6 of the spec and will not be in the RFC when published. Patch
from mdb at juniper net via bz#2023, ok markus.
2012-06-30 08:34:59 +10:00
560de922b1
- dtucker@cvs.openbsd.org 2012/06/26 11:02:30
...
[sandbox-systrace.c]
Add mquery to the list of allowed syscalls for "UsePrivilegeSeparation
sandbox" since malloc now uses it. From johnw.mail at gmail com.
2012-06-30 08:33:53 +10:00
ea8582931f
- dtucker@cvs.openbsd.org 2012/06/22 14:36:33
...
[sftp.c]
Remove unused variable leftover from tab-completion changes.
From Steve.McClellan at radisys com, ok markus@
2012-06-30 08:33:32 +10:00
5f58a87768
- dtucker@cvs.openbsd.org 2012/06/22 12:30:26
...
[monitor.c sshconnect2.c]
remove dead code following 'for (;;)' loops.
From Steve.McClellan at radisys com, ok markus@
2012-06-30 08:33:17 +10:00
97f43bbfc9
- dtucker@cvs.openbsd.org 2012/06/21 00:16:07
...
[addrmatch.c]
fix strlcpy truncation check. from carsten at debian org, ok markus
2012-06-30 08:32:29 +10:00
8908da7dce
- (dtucker) [openbsd-compat/getrrsetbyname-ldns.c] bz #2022 : prevent null
...
pointer deref in the client when built with LDNS and using DNSSEC with a
CNAME. Patch from gregdlg+mr at hochet info.
2012-06-28 15:21:32 +10:00
62dcd63f5e
- (dtucker) [contrib/cygwin/ssh-host-config] Ensure that user sshd runs as
...
can logon as a service. Patch from vinschen at redhat com.
2012-06-22 22:02:42 +10:00
6c6da33d31
- djm@cvs.openbsd.org 2012/06/20 04:42:58
...
[clientloop.c serverloop.c]
initialise accept() backoff timer to avoid EINVAL from select(2) in
rekeying
2012-06-20 22:31:26 +10:00
f8268503d1
- jmc@cvs.openbsd.org 2012/06/19 21:35:54
...
[sshd_config.5]
tweak previous; ok markus
2012-06-20 21:54:15 +10:00
c24da77015
- markus@cvs.openbsd.org 2012/06/19 18:25:28
...
[servconf.c servconf.h sshd_config.5]
sshd_config: extend Match to allow AcceptEnv and {Allow,Deny}{Users,Groups}
this allows 'Match LocalPort 1022' combined with 'AllowUser bauer'
ok djm@ (back in March)
2012-06-20 21:53:58 +10:00
36378c6413
- dtucker@cvs.openbsd.org 2012/06/18 12:17:18
...
[ssh.1]
Clarify description of -W. Noted by Steve.McClellan at radisys com, ok jmc
2012-06-20 21:53:25 +10:00
b9902cf6f6
- dtucker@cvs.openbsd.org 2012/06/18 12:07:07
...
[ssh.1 sshd.8]
Remove mention of 'three' key files since there are now four. From
Steve.McClellan at radisys com.
2012-06-20 21:52:58 +10:00
7192433633
- dtucker@cvs.openbsd.org 2012/06/18 11:49:58
...
[ssh_config.5]
RSA instead of DSA twice. From Steve.McClellan at radisys com
2012-06-20 21:52:38 +10:00
276dcfd7f7
- dtucker@cvs.openbsd.org 2012/06/18 11:43:53
...
[jpake.c]
correct sizeof usage. patch from saw at online.de, ok deraadt
2012-06-20 21:52:18 +10:00
2e7decfcc0
- djm@cvs.openbsd.org 2012/06/01 01:01:22
...
[mux.c]
fix memory leak when mux socket creation fails; bz#2002 from bert.wesarg
AT googlemail.com
2012-06-20 21:52:00 +10:00
7f12157c0a
- djm@cvs.openbsd.org 2012/06/01 00:49:35
...
[PROTOCOL.mux]
correct types of port numbers (integers, not strings); bz#2004 from
bert.wesarg AT googlemail.com
2012-06-20 21:51:29 +10:00
3bde12aeef
- djm@cvs.openbsd.org 2012/05/23 03:28:28
...
[dns.c dns.h key.c key.h ssh-keygen.c]
add support for RFC6594 SSHFP DNS records for ECDSA key types.
patch from bugzilla-m67 AT nulld.me in bz#1978; ok + tweak markus@
2012-06-20 21:51:11 +10:00
ac58ce86e6
- djm@cvs.openbsd.org 2012/01/07 21:11:36
...
[mux.c]
fix double-free in new session handler
NB. Id sync only
2012-06-20 21:50:47 +10:00
140df63e1f
- djm@cvs.openbsd.org 2011/12/04 23:16:12
...
[mux.c]
revert:
> revision 1.32
> date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1
> fix bz#1948: ssh -f doesn't fork for multiplexed connection.
> ok dtucker@
it interacts badly with ControlPersist
2012-06-20 21:46:57 +10:00
efc6fc995d
- djm@cvs.openbsd.org 2011/12/02 00:41:56
...
[mux.c]
fix bz#1948: ssh -f doesn't fork for multiplexed connection.
ok dtucker@
2012-06-20 21:44:56 +10:00
ba9ea3200d
- dtucker@cvs.openbsd.org 2012/05/19 06:30:30
...
[sshd_config.5]
Document PermitOpen none. bz#2001, patch from Loganaden Velvindron
2012-05-19 19:37:33 +10:00
fbcf827559
- (dtucker) OpenBSD CVS Sync
...
- dtucker@cvs.openbsd.org 2012/05/13 01:42:32
[servconf.h servconf.c sshd.8 sshd.c auth.c sshd_config.5]
Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests
to match. Feedback and ok djm@ markus@.
2012-05-19 19:37:01 +10:00
593538911a
- (dtucker) [configure.ac contrib/Makefile] bz#1996: use AC_PATH_TOOL to find
...
pkg-config so it does the right thing when cross-compiling. Patch from
cjwatson at debian org.
2012-05-19 15:24:37 +10:00
d0494fdb29
- (dtucker) [configure.ac] bz#2010: fix non-portable shell construct. Patch
...
from cjwatson at debian org.
2012-05-19 14:25:39 +10:00
e1a3ddf992
- (dtucker) [configure.ac] Include <sys/param.h> rather than <sys/types.h>
...
to fix building on some plaforms. Fom bowman at math utah edu and
des at des no.
2012-05-04 11:05:45 +10:00
d0d3fff483
- (dtucker) [regress/addrmatch.sh] skip tests when running on a non-ipv6
...
platform rather than exiting early, so that we still clean up and return
status to test-exec.sh
2012-04-27 10:55:39 +10:00
025bfd11d9
- (djm) [auth-krb5.c] Save errno across calls that might modify it;
...
ok dtucker@
2012-04-26 09:52:15 +10:00
7584cb1ac4
- (djm) [auth-passwd.c] Handle crypt() returning NULL; from Paul Wouters
...
via Niels
2012-04-26 09:51:26 +10:00
ba77e1f673
- djm@cvs.openbsd.org 2012/04/23 08:18:17
...
[channels.c]
fix function proto/source mismatch
2012-04-23 18:21:05 +10:00
70b2d5550b
- jmc@cvs.openbsd.org 2012/04/20 16:26:22
...
[ssh.1]
use "brackets" instead of "braces", for consistency;
2012-04-22 11:26:10 +10:00
4922315d1d
- djm@cvs.openbsd.org 2012/04/20 03:24:23
...
[sftp.c]
setlinebuf(3) is more readable than setvbuf(.., _IOLBF, ...)
2012-04-22 11:25:47 +10:00
8fef9ebbab
- djm@cvs.openbsd.org 2012/04/12 02:43:55
...
[sshd_config sshd_config.5]
mention AuthorizedPrincipalsFile=none default
2012-04-22 11:25:10 +10:00
23528816dc
- djm@cvs.openbsd.org 2012/04/12 02:42:32
...
[servconf.c servconf.h sshd.c sshd_config sshd_config.5]
VersionAddendum option to allow server operators to append some arbitrary
text to the SSH-... banner; ok deraadt@ "don't care" markus@
2012-04-22 11:24:43 +10:00
839f743464
- djm@cvs.openbsd.org 2012/04/11 13:34:17
...
[ssh-keyscan.1 ssh-keyscan.c]
now that sshd defaults to offering ECDSA keys, ssh-keyscan should also
look for them by default; bz#1971
2012-04-22 11:24:21 +10:00
a116d13c4d
- djm@cvs.openbsd.org 2012/04/11 13:26:40
...
[sshd.c]
don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a
while; ok deraadt@ markus@
2012-04-22 11:23:46 +10:00
9fed161e67
- djm@cvs.openbsd.org 2012/04/11 13:17:54
...
[auth.c]
Support "none" as an argument for AuthorizedPrincipalsFile to indicate
no file should be read.
2012-04-22 11:21:43 +10:00
a6508753db
- djm@cvs.openbsd.org 2012/04/11 13:16:19
...
[channels.c channels.h clientloop.c serverloop.c]
don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a
while; ok deraadt@ markus@
2012-04-22 11:21:10 +10:00
c6081482b2
- dtucker@cvs.openbsd.org 2012/03/29 23:54:36
...
[channels.c channels.h servconf.c]
Add PermitOpen none option based on patch from Loganaden Velvindron
(bz #1949 ). ok djm@
2012-04-22 11:18:53 +10:00
48348fc3b4
- djm@cvs.openbsd.org 2012/03/28 07:23:22
...
[PROTOCOL.certkeys]
explain certificate extensions/crit split rationale. Mention requirement
that each appear at most once per cert.
2012-04-22 11:08:30 +10:00
29cd188887
- guenther@cvs.openbsd.org 2012/03/15 03:10:27
...
[session.c]
root should always be excluded from the test for /etc/nologin instead
of having it always enforced even when marked as ignorenologin. This
regressed when the logic was incompletely flipped around in rev 1.251
ok halex@ millert@
2012-04-22 11:08:10 +10:00
a563cced06
- djm@cvs.openbsd.org 2012/02/29 11:21:26
...
[ssh-keygen.c]
allow conversion of RSA1 keys to public PEM and PKCS8; "nice" markus@
2012-04-22 11:07:28 +10:00
d5dacb43fa
- (djm) Release openssh-6.0
2012-04-20 15:01:01 +10:00
bf2304167b
- (djm) [README] Update URL to release notes.
2012-04-20 14:11:04 +10:00
8beb320390
- (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
...
[contrib/suse/openssh.spec] Update for release 6.0
2012-04-20 10:58:34 +10:00
398c0ffe0e
- (djm) [configure.ac] Fix compilation error on FreeBSD, whose libutil
...
contains openpty() but not login()
2012-04-19 21:46:35 +10:00
e0956e3834
- (djm) [Makefile.in configure.ac sandbox-seccomp-filter.c] Add sandbox
...
mode for Linux's new seccomp filter; patch from Will Drewry; feedback
and ok dtucker@
2012-04-04 11:27:54 +10:00
ce1ec9d4e2
- (djm) [openbsd-compat/bsd-cygwin_util.h] #undef _WIN32 to avoid incorrect
...
assumptions when building on Cygwin; patch from Corinna Vinschen
2012-03-30 14:07:05 +11:00
4d55734c16
- (djm) [entropy.c] bz#1991: relax OpenSSL version test to allow running
...
openssh binaries on a newer fix release than they were compiled on.
with and ok dtucker@
2012-03-30 11:34:27 +11:00
67ccc86506
- (dtucker) [contrib/redhat/openssh.spec] Bug #1992 : remove now-gone WARNING
...
file from spec file. From crighter at nuclioss com.
2012-03-30 10:19:56 +11:00
54c38d24c6
- (djm) [packet.c] bz#1963: Fix IPQoS not being set on non-mapped v4-in-v6
...
addressed connections. ok dtucker@
2012-03-09 10:28:07 +11:00
7bf7b889b3
- (djm) [openbsd-compat/port-linux.c] bz#1960: fix crash on SELinux
...
systems where sshd is run in te wrong context. Patch from Sven
Vermeulen; ok dtucker@
2012-03-09 10:25:16 +11:00
93a2d41505
- (dtucker) [audit-bsm.c configure.ac] bug #1968 : enable workarounds for BSM
...
audit breakage in Solaris 11. Patch from Magnus Johansson.
2012-02-24 10:40:41 +11:00
a3f297de91
- (tim) [regress/keytype.sh] stderr redirection needs to be inside back quote
...
to work. Spotted by Angel Gonzalez
2012-02-14 23:01:42 -08:00
f79b5d38a1
- (tim) [defines.h] move chunk introduced in 1.125 before MAXPATHLEN so
...
it actually works.
2012-02-14 20:13:05 -08:00
e3609c935c
- (tim) [openbsd-compat/bsd-misc.h sshd.c] Fix conflicting return type for
...
unsetenv due to rev 1.14 change to setenv.c. Cast unsetenv to void in sshd.c
ok dtucker@
2012-02-14 10:03:30 -08:00
7b7901c330
- (djm) [openbsd-compat/bsd-cygwin_util.c] Add PROGRAMFILES to list of
...
preserved Cygwin environment variables; from Corinna Vinschen
2012-02-14 06:38:36 +11:00
db854559be
- markus@cvs.openbsd.org 2012/02/09 20:00:18
...
[version.h]
move from 6.0-beta to 6.0
2012-02-11 08:19:44 +11:00
72de982def
- markus@cvs.openbsd.org 2012/01/25 19:40:09
...
[packet.c packet.h]
packet_read_poll() is not used anymore.
2012-02-11 08:19:21 +11:00
5d0077008f
- markus@cvs.openbsd.org 2012/01/25 19:36:31
...
[authfile.c]
memleak in key_load_file(); from Jan Klemkow
2012-02-11 08:19:02 +11:00
1de2cfe9a9
- markus@cvs.openbsd.org 2012/01/25 19:26:43
...
[packet.c]
do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying;
ok dtucker@, djm@
2012-02-11 08:18:43 +11:00
8d60be5487
- dtucker@cvs.openbsd.org 2012/01/18 21:46:43
...
[clientloop.c]
Ensure that $DISPLAY contains only valid characters before using it to
extract xauth data so that it can't be used to play local shell
metacharacter games. Report from r00t_ati at ihteam.net, ok markus.
2012-02-11 08:18:17 +11:00
fb12c6d8bb
- miod@cvs.openbsd.org 2012/01/16 20:34:09
...
[ssh-pkcs11-client.c]
Fix a memory leak in pkcs11_rsa_private_encrypt(), reported by Jan Klemkow.
While there, be sure to buffer_clear() between send_msg() and recv_msg().
ok markus@
2012-02-11 08:17:52 +11:00
83ba8e6056
- miod@cvs.openbsd.org 2012/01/08 13:17:11
...
[ssh-ecdsa.c]
Fix memory leak in ssh_ecdsa_verify(); from Loganaden Velvindron,
ok markus@
2012-02-11 08:17:27 +11:00
2ec0342ed4
- djm@cvs.openbsd.org 2012/01/07 21:11:36
...
[mux.c]
fix double-free in new session handler
2012-02-11 08:16:28 +11:00
a2876db5e6
- djm@cvs.openbsd.org 2012/01/05 00:16:56
...
[monitor.c]
memleak on error path
2012-02-11 08:16:06 +11:00
b56e4930ae
- (djm) [ssh-keygen.c] Don't fail in do_gen_all_hostkeys on platforms
...
that don't support ECC. Patch from Phil Oleson
2012-02-06 07:41:27 +11:00
e9b3ad73ba
- (dtucker) [configure.ac mac.c openbsd-compat/openssl-compat.h] Add
...
null implementation of HMAC_CTX_init for the benefit of old versions
of OpenSSL that don't have it.
2012-01-17 14:03:34 +11:00
8ed4de8f1d
- djm@cvs.openbsd.org 2011/12/07 05:44:38
...
[auth2.c dh.c packet.c roaming.h roaming_client.c roaming_common.c]
fix some harmless and/or unreachable int overflows;
reported Xi Wang, ok markus@
2011-12-19 10:52:50 +11:00
913ddff40d
- djm@cvs.openbsd.org 2011/12/04 23:16:12
...
[mux.c]
revert:
> revision 1.32
> date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1
> fix bz#1948: ssh -f doesn't fork for multiplexed connection.
> ok dtucker@
it interacts badly with ControlPersist
2011-12-19 10:52:21 +11:00
d0e582c6da
- djm@cvs.openbsd.org 2011/12/02 00:43:57
...
[mac.c]
fix bz#1934: newer OpenSSL versions will require HMAC_CTX_Init before
HMAC_init (this change in policy seems insane to me)
ok dtucker@
2011-12-19 10:51:39 +11:00
5360dff2a0
- djm@cvs.openbsd.org 2011/12/02 00:41:56
...
[mux.c]
fix bz#1948: ssh -f doesn't fork for multiplexed connection.
ok dtucker@
2011-12-19 10:51:11 +11:00
47d8115e53
- oga@cvs.openbsd.org 2011/11/16 12:24:28
...
[sftp.c]
Don't leak list in complete_cmd_parse if there are no commands found.
Discovered when I was ``borrowing'' this code for something else.
ok djm@
2011-11-25 13:53:48 +11:00
4a725ef6a5
- (dtucker) [configure.ac] Set _FORTIFY_SOURCE. ok djm@
2011-11-21 16:38:48 +11:00
aa3cbd1b5b
- (dtucker) [INSTALL LICENCE configure.ac openbsd-compat/Makefile.in
...
openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/getrrsetbyname.c]
bz 1320: Add optional support for LDNS, a BSD licensed DNS resolver library
which supports DNSSEC. Patch from Simon Vallet (svallet at genoscope cns fr)
with some rework from myself and djm. ok djm.
2011-11-04 11:25:24 +11:00
be4032ba1e
- dtucker@cvs.openbsd.org 011/11/04 00:09:39
...
[moduli]
regenerated moduli file; ok deraadt
2011-11-04 11:16:06 +11:00
9c5d553d58
- djm@cvs.openbsd.org 2011/10/24 02:13:13
...
[session.c]
bz#1859: send tty break to pty master instead of (probably already
closed) slave side; "looks good" markus@
2011-11-04 10:55:24 +11:00
2d6665d944
- djm@cvs.openbsd.org 2011/10/24 02:10:46
...
[ssh.c]
bz#1943: unbreak stdio forwarding when ControlPersist is in user - ssh
was incorrectly requesting the forward in both the control master and
slave. skip requesting it in the master to fix. ok markus@
2011-11-04 10:54:22 +11:00
8a057953d2
- djm@cvs.openbsd.org 2011/10/19 10:39:48
...
[umac.c]
typo in comment; patch from Michael W. Bombardieri
2011-11-04 10:53:31 +11:00
9ee09cfce6
- djm@cvs.openbsd.org 2011/10/19 00:06:10
...
[moduli.c]
s/tmpfile/tmp/ to make this -Wshadow clean
2011-11-04 10:52:43 +11:00
e68cf84ac8
- djm@cvs.openbsd.org 2011/10/18 23:37:42
...
[ssh-add.c]
add -k to usage(); reminded by jmc@
2011-11-04 10:51:51 +11:00
45c66d7ad4
- djm@cvs.openbsd.org 2011/10/18 05:15:28
...
[ssh.c]
ssh(1): skip attempting to create ~/.ssh when -F is passed; ok markus@
2011-11-04 10:50:40 +11:00
9f157abbb6
- (dtucker) [contrib/cygwin/Makefile] Continue if installing a doc file
...
fails. Patch from Corinna Vinschen.
2011-10-25 09:37:57 +11:00
8f4279e4ab
- djm@cvs.openbsd.org 2011/10/18 05:00:48
...
[ssh-add.1 ssh-add.c]
new "ssh-add -k" option to load plain keys (skipping certificates);
"looks ok" markus@
2011-10-18 16:06:33 +11:00
c51a5ab2c6
- djm@cvs.openbsd.org 2011/10/18 04:58:26
...
[auth-options.c key.c]
remove explict search for \0 in packet strings, this job is now done
implicitly by buffer_get_cstring; ok markus
2011-10-18 16:06:14 +11:00
91f3eaec88
- stsp@cvs.openbsd.org 2011/10/16 15:51:39
...
[moduli.c]
add missing includes to unbreak tree; fix from rpointel
2011-10-18 16:05:55 +11:00
927d82bc6a
- jmc@cvs.openbsd.org 2011/10/16 15:02:41
...
[ssh-keygen.c]
put -K in the right place (usage());
2011-10-18 16:05:38 +11:00
Darren Tucker
Damien Miller
Tim Rice