tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,946 Commits 6 Branches 20 Tags 98 MiB
Commit Graph

6443 Commits

Author SHA1 Message Date
Darren Tucker 40aaff7e4b - dtucker@cvs.openbsd.org 2013/04/22 07:23:08 
[multiplex.sh]
     Write mux master logs to regress.log instead of ssh.log to keep separate
 2013-05-17 09:36:20 +10:00
Darren Tucker f3568fc62b - djm@cvs.openbsd.org 2013/04/18 02:46:12 
[Makefile regress/sftp-chroot.sh]
     test sshd ChrootDirectory+internal-sftp; feedback & ok dtucker@
 2013-05-17 09:35:26 +10:00
Darren Tucker dfea3bcdd7 - dtucker@cvs.openbsd.org 2013/04/07 02:16:03 
[regress/Makefile regress/rekey.sh regress/integrity.sh
     regress/sshd-log-wrapper.sh regress/forwarding.sh regress/test-exec.sh]
     use -E option for ssh and sshd to write debuging logs to ssh{,d}.log and
     save the output from any failing tests.  If a test fails the debug output
     from ssh and sshd for the failing tests (and only the failing tests) should
     be available in failed-ssh{,d}.log.
 2013-05-17 09:31:39 +10:00
Darren Tucker 75129025a2 - dtucker@cvs.openbsd.org 2013/04/06 06:00:22 
[regress/rekey.sh regress/test-exec.sh regress/integrity.sh
     regress/multiplex.sh Makefile regress/cfgmatch.sh]
     Split the regress log into 3 parts: the debug output from ssh, the debug
     log from sshd and the output from the client command (ssh, scp or sftp).
     Somewhat functional now, will become more useful when ssh/sshd -E is added.
 2013-05-17 09:19:10 +10:00
Darren Tucker 7c8b1e7233 - dtucker@cvs.openbsd.org 2013/03/23 11:09:43 
[test-exec.sh]
     Only regenerate host keys if they don't exist or if ssh-keygen has changed
     since they were.  Reduces test runtime by 5-30% depending on machine
     speed.
 2013-05-17 09:10:20 +10:00
Darren Tucker 712de4d110 - djm@cvs.openbsd.org 2013/03/07 00:20:34 
[regress/proxy-connect.sh]
     repeat test with a style appended to the username
 2013-05-17 09:07:12 +10:00
Darren Tucker 09c0f0325b - dtucker@cvs.openbsd.org 2013/05/16 10:44:06 
[servconf.c]
     remove another now-unused variable
 2013-05-16 20:48:57 +10:00
Darren Tucker 9113d0c238 - dtucker@cvs.openbsd.org 2013/05/16 10:43:34 
[servconf.c readconf.c]
     remove now-unused variables
 2013-05-16 20:48:14 +10:00
Darren Tucker e194ba4111 - (dtucker) [configure.ac readconf.c servconf.c 
openbsd-compat/openbsd-compat.h] Add compat bits for scan_scaled.
 2013-05-16 20:47:31 +10:00
Darren Tucker b7ee852144 - dtucker@cvs.openbsd.org 2013/05/16 09:12:31 
[readconf.c servconf.c]
     switch RekeyLimit traffic volume parsing to scan_scaled.  ok djm@
 2013-05-16 20:33:10 +10:00
Darren Tucker dbee308253 - dtucker@cvs.openbsd.org 2013/05/16 09:08:41 
[log.c scp.c sshd.c serverloop.c schnorr.c sftp.c]
     Fix some "unused result" warnings found via clang and -portable.
     ok markus@
 2013-05-16 20:32:29 +10:00
Darren Tucker 64d22946d6 - jmc@cvs.openbsd.org 2013/05/16 06:30:06 
[sshd_config.5]
     oops! avoid Xr to self;
 2013-05-16 20:31:29 +10:00
Darren Tucker 63e0df2b93 - jmc@cvs.openbsd.org 2013/05/16 06:28:45 
[ssh_config.5]
     put IgnoreUnknown in the right place;
 2013-05-16 20:30:31 +10:00
Darren Tucker 0763698f71 - djm@cvs.openbsd.org 2013/05/16 04:27:50 
[ssh_config.5 readconf.h readconf.c]
     add the ability to ignore specific unrecognised ssh_config options;
     bz#866; ok markus@
 2013-05-16 20:30:03 +10:00
Darren Tucker 5f96f3b4be - dtucker@cvs.openbsd.org 2013/05/16 04:09:14 
[sshd_config.5 servconf.c servconf.h packet.c serverloop.c monitor.c sshd_config
     sshd.c] Add RekeyLimit to sshd with the same syntax as the client allowing
     rekeying based on traffic volume or time.  ok djm@, help & ok jmc@ for the man
     page.
 2013-05-16 20:29:28 +10:00
Darren Tucker c53c2af173 - dtucker@cvs.openbsd.org 2013/05/16 02:00:34 
[ssh_config sshconnect2.c packet.c readconf.h readconf.c clientloop.c
     ssh_config.5 packet.h]
     Add an optional second argument to RekeyLimit in the client to allow
     rekeying based on elapsed time in addition to amount of traffic.
     with djm@ jmc@, ok djm
 2013-05-16 20:28:16 +10:00
Darren Tucker 64c6fceecd - dtucker@cvs.openbsd.org 2013/05/10 10:13:50 
[ssh-pkcs11-helper.c]
     remove unused extern optarg.  ok markus@
 2013-05-16 20:27:14 +10:00
Darren Tucker caf0010934 - djm@cvs.openbsd.org 2013/05/10 04:08:01 
[key.c]
     memleak in cert_free(), wasn't actually freeing the struct;
     bz#2096 from shm AT digitalsun.pl
 2013-05-16 20:26:18 +10:00
Darren Tucker 7e831edbf7 add missing attribution 2013-05-16 20:25:40 +10:00
Darren Tucker 54da6be320 - djm@cvs.openbsd.org 2013/05/10 03:40:07 
[sshconnect2.c]
     fix bzero(ptr_to_struct, sizeof(ptr_to_struct)); bz#2100 from
 2013-05-16 20:25:04 +10:00
Darren Tucker 5d8b702d95 - dtucker@cvs.openbsd.org 2013/05/06 07:35:12 
[sftp-server.8]
     Reference the version of the sftp draft we actually implement.  ok djm@
 2013-05-16 20:24:23 +10:00
Darren Tucker 026d9db3fb - tedu@cvs.openbsd.org 2013/04/24 16:01:46 
[misc.c]
     remove extra parens noticed by nicm
 2013-05-16 20:23:52 +10:00
Darren Tucker 2ca51bf140 - tedu@cvs.openbsd.org 2013/04/23 17:49:45 
[misc.c]
     use xasprintf instead of a series of strlcats and strdup. ok djm
 2013-05-16 20:22:46 +10:00
Damien Miller 6aa3eacc5e - (djm) [contrib/ssh-copy-id] Fix bug that could cause "rm *" to be 
executed if mktemp failed; bz#2105 ok dtucker@
 2013-05-16 11:10:17 +10:00
Darren Tucker c54e3e0741 - (dtucker) [configure.ac] Add -Werror to the -Qunused-arguments test so 
we don't get a warning on compilers that *don't* support it.  Add
   -Wno-unknown-warning-option.  Move both to the start of the list for
   maximum noise suppression.  Tested with gcc 4.6.3, gcc 2.95.4 and clang 2.9.
 2013-05-10 18:53:14 +10:00
Darren Tucker a75d247a18 - (dtucker) [kex.c] Only include sha256 and ECC key exchange methods when the 
underlying libraries support them.
 2013-05-10 18:11:55 +10:00
Darren Tucker 0abfb559e3 - (dtucker) [openbsd-compat/getopt.h openbsd-compat/getopt_long.c 
openbsd-compat/openbsd-compat.h] pull in getopt.h from openbsd and plumb
  in to use it when we're using our own getopt.
 2013-05-10 18:08:49 +10:00
Darren Tucker ccfdfceacb - (dtucker) [openbsd-compat/Makefile.in openbsd-compat/getopt.c 
openbsd-compat/getopt_long.c regress/modpipe.c] Remove getopt.c, add
   portability code to getopt_long.c and switch over Makefile and the ugly
   hack in modpipe.c.  Fixes bz#1448.
 2013-05-10 16:28:55 +10:00
Darren Tucker 3933202007 - (dtucker) [openbsd-compat/getopt_long.c] Import from OpenBSD. No 
portability changes yet.
 2013-05-10 15:38:11 +10:00
Darren Tucker 35b2fe99be - (dtucker) [openbsd-compat/getopt.c] Factor out portibility changes to 
getopt.c.  Preprocessed source is identical other than line numbers.
 2013-05-10 15:35:26 +10:00
Darren Tucker abbc7a7c02 - (dtucker) [configure.ac] Enable -Wsizeof-pointer-memaccess if the compiler 
supports it.  Mentioned by Colin Watson in bz#2100, ok djm.
 2013-05-10 13:54:23 +10:00
Damien Miller bc02f163f6 - dtucker@cvs.openbsd.org 2013/04/22 01:17:18 
[mux.c]
     typo in debug output: evitval->exitval
 2013-04-23 19:25:49 +10:00
Damien Miller f8b894e31d - djm@cvs.openbsd.org 2013/04/19 12:07:08 
[kex.c]
     remove duplicated list entry pointed out by naddy@
 2013-04-23 19:25:29 +10:00
Damien Miller 34bd20a1e5 - djm@cvs.openbsd.org 2013/04/19 11:10:18 
[ssh.c]
     add -Q to usage; reminded by jmc@
 2013-04-23 19:25:00 +10:00
Damien Miller ea11119eee - djm@cvs.openbsd.org 2013/04/19 01:06:50 
[authfile.c cipher.c cipher.h kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c]
     [key.c key.h mac.c mac.h packet.c ssh.1 ssh.c]
     add the ability to query supported ciphers, MACs, key type and KEX
     algorithms to ssh. Includes some refactoring of KEX and key type handling
     to be table-driven; ok markus@
 2013-04-23 19:24:32 +10:00
Damien Miller a56086b990 - djm@cvs.openbsd.org 2013/04/19 01:03:01 
[session.c]
     reintroduce 1.262 without the connection-killing bug:
     fatal() when ChrootDirectory specified by running without root privileges;
     ok markus@
 2013-04-23 15:24:18 +10:00
Damien Miller 0d6771b464 - djm@cvs.openbsd.org 2013/04/19 01:01:00 
[ssh-keygen.c]
     fix some memory leaks; bz#2088 ok dtucker@
 2013-04-23 15:23:24 +10:00
Damien Miller 467b00c38b - djm@cvs.openbsd.org 2013/04/19 01:00:10 
[sshd_config.5]
     document the requirment that the AuthorizedKeysCommand be owned by root;
     ok dtucker@ markus@
 2013-04-23 15:23:07 +10:00
Damien Miller 9303e6527b - djm@cvs.openbsd.org 2013/04/18 02:16:07 
[sftp.c]
     make "sftp -q" do what it says on the sticker: hush everything but errors;
 2013-04-23 15:22:40 +10:00
Damien Miller f1a02aea35 - dtucker@cvs.openbsd.org 2013/04/17 09:04:09 
[session.c]
     revert rev 1.262; it fails because uid is already set here.  ok djm@
 2013-04-23 15:22:13 +10:00
Damien Miller d5edefd27a - djm@cvs.openbsd.org 2013/04/11 02:27:50 
[packet.c]
     quiet disconnect notifications on the server from error() back to logit()
     if it is a normal client closure; bz#2057 ok+feedback dtucker@
 2013-04-23 15:21:39 +10:00
Damien Miller 6901032b05 - dtucker@cvs.openbsd.org 2013/04/07 09:40:27 
[sshd.8]
     clarify -e text. suggested by & ok jmc@
 2013-04-23 15:21:24 +10:00
Damien Miller 03d4d7e60b - dtucker@cvs.openbsd.org 2013/04/07 02:10:33 
[log.c log.h ssh.1 ssh.c sshd.8 sshd.c]
     Add -E option to ssh and sshd to append debugging logs to a specified file
     instead of stderr or syslog.  ok markus@, man page help jmc@
 2013-04-23 15:21:06 +10:00
Damien Miller 37f1c08473 - markus@cvs.openbsd.org 2013/04/06 16:07:00 
[channels.c sshd.c]
     handle ECONNABORTED for accept(); ok deraadt some time ago...
 2013-04-23 15:20:43 +10:00
Damien Miller 172859cff7 - djm@cvs.openbsd.org 2013/04/05 00:58:51 
[mux.c]
     cleanup mux-created channels that are in SSH_CHANNEL_OPENING state too
     (in addition to ones already in OPEN); bz#2079, ok dtucker@
 2013-04-23 15:19:27 +10:00
Damien Miller 9f12b5dcd5 - djm@cvs.openbsd.org 2013/04/05 00:31:49 
[pathnames.h]
     use the existing _PATH_SSH_USER_RC define to construct the other
     pathnames; bz#2077, ok dtucker@ (no binary change)
 2013-04-23 15:19:11 +10:00
Damien Miller d677ad14ff - djm@cvs.openbsd.org 2013/04/05 00:14:00 
[auth2-gss.c krl.c sshconnect2.c]
     hush some {unused, printf type} warnings
 2013-04-23 15:18:51 +10:00
Damien Miller 508b6c3d3b - djm@cvs.openbsd.org 2013/03/08 06:32:58 
[ssh.c]
     allow "ssh -f none ..." ok markus@
 2013-04-23 15:18:28 +10:00
Damien Miller 91a55f28f3 - markus@cvs.openbsd.org 2013/03/07 19:27:25 
[auth.h auth2-chall.c auth2.c monitor.c sshd_config.5]
     add submethod support to AuthenticationMethods; ok and freedback djm@
 2013-04-23 15:18:10 +10:00
Damien Miller 4ce189d910 - djm@cvs.openbsd.org 2013/03/07 00:19:59 
[auth2-pubkey.c monitor.c]
     reconstruct the original username that was sent by the client, which may
     have included a style (e.g. "root:skey") when checking public key
     signatures. Fixes public key and hostbased auth when the client specified
     a style; ok markus@
 2013-04-23 15:17:52 +10:00
Damien Miller 5cbec4c259 - djm@cvs.openbsd.org 2013/03/06 23:36:53 
[readconf.c]
     g/c unused variable (-Wunused)
 2013-04-23 15:17:12 +10:00
Damien Miller 998cc56b65 - djm@cvs.openbsd.org 2013/03/06 23:35:23 
[session.c]
     fatal() when ChrootDirectory specified by running without root privileges;
     ok markus@
 2013-04-23 15:16:43 +10:00
Damien Miller 62e9c4f9b6 - (djm) OpenBSD CVS Sync 
- markus@cvs.openbsd.org 2013/03/05 20:16:09
     [sshconnect2.c]
     reset pubkey order on partial success; ok djm@
 2013-04-23 15:15:49 +10:00
Damien Miller 6332da2ae8 - (djm) [auth.c configure.ac misc.c monitor.c monitor_wrap.c] Support 
platforms, such as Android, that lack struct passwd.pw_gecos. Report
   and initial patch from Nathan Osman bz#2086; feedback tim@ ok dtucker@
 2013-04-23 14:25:52 +10:00
Darren Tucker ce1c9574fc - (dtucker) [configure.ac] Use -Qunused-arguments to suppress warnings from 
unused argument warnings (in particular, -fno-builtin-memset) from clang.
 2013-04-18 21:36:19 +10:00
Damien Miller bc68f2451b - (djm) [config.guess config.sub] Update to last versions before they switch 
to GPL3. ok dtucker@
 2013-04-18 11:26:25 +10:00
Darren Tucker 15fd19c4c9 - djm@cvs.openbsd.org 2013/02/22 22:09:01 
[ssh.c]
     Allow IdenityFile=none; ok markus deraadt (and dtucker for an earlier
     version)
 2013-04-05 11:22:26 +11:00
Darren Tucker 5d1d9541a7 - markus@cvs.openbsd.org 2013/02/22 19:13:56 
[sshconnect.c]
     support ProxyCommand=- (stdin/out already point to the proxy); ok djm@
 2013-04-05 11:20:00 +11:00
Darren Tucker aefa368243 - dtucker@cvs.openbsd.org 2013/02/22 04:45:09 
[ssh.c readconf.c readconf.h]
     Don't complain if IdentityFiles specified in system-wide configs are
     missing.  ok djm, deraadt
 2013-04-05 11:18:35 +11:00
Darren Tucker f3c3814243 - dtucker@cvs.openbsd.org 2013/02/19 02:12:47 
[krl.c]
     Remove bogus include.  ok djm
(id sync only)
 2013-04-05 11:16:52 +11:00
Darren Tucker 1910478c2d - dtucker@cvs.openbsd.org 2013/02/17 23:16:57 
[readconf.c ssh.c readconf.h sshconnect2.c]
     Keep track of which IndentityFile options were manually supplied and which
     were default options, and don't warn if the latter are missing.
     ok markus@
 2013-04-05 11:13:08 +11:00
Darren Tucker c9627cdbc6 - (dtucker) [openbsd-compat/bsd-cygwin_util.{c,h}] Don't include windows.h 
to avoid conflicting definitions of __int64, adding the required bits.
   Patch from Corinna Vinschen.
 2013-04-01 12:40:48 +11:00
Tim Rice 75db01d2ce - (tim) [Makefile.in] remove some duplication introduced in 20130220 commit. 2013-03-22 10:14:32 -07:00
Darren Tucker 221b4b2436 - (dtucker) [includes.h] Check if _GNU_SOURCE is already defined before 
defining it again.  Prevents warnings if someone, eg, sets it in CFLAGS.
 2013-03-22 12:51:09 +11:00
Darren Tucker c8a0f27c6d - (dtucker) [configure.ac] Add stdlib.h to zlib check for exit() prototype. 2013-03-22 12:49:14 +11:00
Damien Miller eed8dc2610 - (djm) Release 6.2p1 2013-03-22 10:25:22 +11:00
Damien Miller 83efe7c861 - (djm) [contrib/ssh-copy-id contrib/ssh-copy-id.1] Updated to Phil 
Hands' greatly revised version.
 2013-03-22 10:17:36 +11:00
Damien Miller 63b4bcd04e - (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c] 
[openbsd-compat/vis.h] FreeBSD's strnvis isn't compatible with OpenBSD's
   so mark it as broken. Patch from des AT des.no
 2013-03-20 12:55:14 +11:00
Tim Rice aa86c3970f - (tim) [configure.ac] OpenServer 5 wants lastlog even though it has none 
of the bits the configure test looks for.
 2013-03-16 20:55:46 -07:00
Damien Miller 5852840190 - (djm) [session.c] FreeBSD needs setusercontext(..., LOGIN_SETUMASK) to 
occur after UID switch; patch from John Marshall via des AT des.no;
   ok dtucker@
 2013-03-15 11:22:37 +11:00
Damien Miller f4db77d766 - (djm) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] 
Add a usleep replacement for platforms that lack it; ok dtucker
 2013-03-15 10:34:25 +11:00
Damien Miller a2438bbd28 - (djm) [configure.ac] Disable utmp, wtmp and/or lastlog if the platform 
is unable to successfully compile them. Based on patch from des AT
    des.no
 2013-03-15 10:23:07 +11:00
Darren Tucker aa97d13fa2 - (dtucker) [auth.c configure.ac platform.c platform.h] Accept uid 2 ("bin") 
in addition to root as an owner of system directories on AIX and HP-UX.
   ok djm@
 2013-03-12 11:31:05 +11:00
Darren Tucker fe10a28e08 - (dtucker) [regress/Makefile regress/cipher-speed.sh regress/test-exec.sh] 
Improve portability of cipher-speed test, based mostly on a patch from
   Iain Morgan.
 2013-03-12 11:19:40 +11:00
Damien Miller e4f4347822 - (djm) [configure.ac] Add a timeout to the select/rlimit test to give it a 
chance to complete on broken systems; ok dtucker@
 2013-03-08 12:14:22 +11:00
Tim Rice 2b6ea47106 - (tim) [Makefile.in] Add another missing $(EXEEXT) I should have seen 3 days 
ago.
 2013-03-07 07:37:13 -08:00
Darren Tucker 4d1a0fe029 remove extra word 2013-03-07 20:14:34 +11:00
Darren Tucker 9243ef086f - (dtucker) [defines.h] Remove SIZEOF_CHAR bits since the test for it is 
was removed in configure.ac rev 1.481 as it was redundant.
 2013-03-07 20:06:13 +11:00
Darren Tucker b3cd503742 - (dtucker) [INSTALL] Bump documented autoconf version to what we're 
currently using.
 2013-03-07 12:33:35 +11:00
Darren Tucker ff008ded7f - (dtucker) [configure.ac] test that we can set number of file descriptors 
to zero with setrlimit before enabling the rlimit sandbox.  This affects
   (at least) HPUX 11.11.
 2013-03-06 17:48:48 +11:00
Darren Tucker 834a0d6d54 - (dtucker) [regress/forward-control.sh] Wait longer for the forwarding 
connection to start so that the test works on slower machines.
 2013-03-06 14:06:48 +11:00
Tim Rice ff8bda8f05 - (tim) [Makefile.in] Add missing $(EXEEXT). Found by Roumen Petrov. 2013-03-05 14:23:58 -08:00
Darren Tucker 29c7151d20 - (dtucker) [Makefile.in] Remove trailing "\" on PATHS, which caused obscure 
build breakage on (at least) HP-UX 11.11.  Found by Amit Kulkarni and Kevin
   Brott.
 2013-03-05 21:50:09 +11:00
Darren Tucker fef9f7c3d1 add Amit. 2013-03-05 20:02:24 +11:00
Darren Tucker 5f0e54c892 - (dtucker) [configure.ac] use "=" for shell test and not "==". Spotted by 
Kevin Brott.
 2013-03-05 19:57:39 +11:00
Damien Miller 43e5e60bad - (djm) [regress/modpipe.c] Compilation fix for AIX and parsing fix for 
HP/UX. Spotted by Kevin Brott
 2013-03-05 09:49:00 +11:00
Tim Rice 21f591b6d9 - (tim) [regress/krl.sh] keep old solaris awk from hanging. 2013-02-26 22:48:31 -08:00
Tim Rice ada7e17ae5 - (tim) [regress/integrity.sh] keep old solaris awk from hanging. 2013-02-26 21:49:09 -08:00
Tim Rice f9e2060ca9 - (tim) [regress/integrity.sh] shell portability fix. 2013-02-26 20:27:29 -08:00
Tim Rice a514bc05b1 - (tim) [regress/forward-control.sh] use sh in case login shell is csh. 2013-02-26 19:35:26 -08:00
Damien Miller c0cc7ce166 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 
[contrib/suse/openssh.spec] Crank version numbers
 2013-02-27 10:48:18 +11:00
Damien Miller 6c21bb8c4a - (djm) [regress/integrity.sh] Run sshd via $SUDO; fixes tinderbox breakage 
for UsePAM=yes configuration
 2013-02-26 19:41:30 +11:00
Damien Miller 1e657d592d - djm@cvs.openbsd.org 2013/02/20 08:27:50 
[integrity.sh]
     Add an option to modpipe that warns if the modification offset it not
     reached in it's stream and turn it on for t-integrity. This should catch
     cases where the session is not fuzzed for being too short (cf. my last
     "oops" commit)
 2013-02-26 18:58:06 +11:00
Darren Tucker 03978c61f3 - (dtucker) [configure.ac ssh-gss.h] bz#2073: additional #includes needed 
to use Solaris native GSS libs.  Patch from Pierre Ossman.
 2013-02-25 11:24:44 +11:00
Darren Tucker a423fefb89 welcome to 2013 2013-02-25 10:32:27 +11:00
Damien Miller b87f6b70f8 - (djm) [configure.ac includes.h loginrec.c mux.c sftp.c] Prefer 
bsd/libutil.h to libutil.h to avoid deprecation warnings on Ubuntu.
   ok tim
 2013-02-23 09:12:23 +11:00
Damien Miller 91f40d8592 - (djm) [configure.ac sandbox-seccomp-filter.c] Support for Linux 
seccomp-bpf sandbox on ARM. Patch from shawnlandden AT gmail.com;
       ok dtucker
 2013-02-22 11:37:00 +11:00
Darren Tucker a2b5a4c746 - (dtucker) [configure.ac] bz#2073: look for Solaris' differently-named 
libgss too.  Patch from Pierre Ossman, ok djm.
 2013-02-22 10:43:15 +11:00
Darren Tucker 964de184a8 - (dtucker) [Makefile.in configure.ac] bz#2072: don't link krb5 libs to 
ssh(1) since they're not needed.  Patch from Pierre Ossman.
 2013-02-22 10:39:59 +11:00
Tim Rice 0ec7423692 - (tim) [regress/forward-control.sh] shell portability fix. 2013-02-20 21:37:55 -08:00
Damien Miller 5acc6be981 - djm@cvs.openbsd.org 2013/02/20 08:29:27 
[regress/modpipe.c]
     s/Id/OpenBSD/ in RCS tag
 2013-02-20 21:16:07 +11:00
Damien Miller 283e575a7d - djm@cvs.openbsd.org 2013/02/20 08:27:50 
[regress/integrity.sh regress/modpipe.c]
     Add an option to modpipe that warns if the modification offset it not
     reached in it's stream and turn it on for t-integrity. This should catch
     cases where the session is not fuzzed for being too short (cf. my last
     "oops" commit)
 2013-02-20 21:13:27 +11:00
Tim Rice c31db8cd6e - (tim) [krl.c Makefile.in regress/Makefile regress/modpipe.c] remove unneeded 
err.h include from krl.c. Additional portability fixes for modpipe. OK djm
 2013-02-19 19:01:51 -08:00
Tim Rice c08b3ef6f4 - (tim) [regress/cipher-speed.sh regress/try-ciphers.sh] shell portability fix. 2013-02-19 11:53:29 -08:00
Damien Miller dae85cc3ad - (djm) [regress/integrity.sh] Skip SHA2-based MACs on configurations that 
lack support for SHA2.
 2013-02-19 14:27:44 +11:00
Damien Miller b3764e1202 - djm@cvs.openbsd.org 2013/02/19 02:14:09 
[integrity.sh]
     oops, forgot to increase the output of the ssh command to ensure that
     we actually reach $offset
 2013-02-19 13:15:01 +11:00
Damien Miller 0dc3bc908e - djm@cvs.openbsd.org 2013/02/18 22:26:47 
[integrity.sh]
     crank the offset yet again; it was still fuzzing KEX one of Darren's
     portable test hosts at 2800
 2013-02-19 09:28:32 +11:00
Damien Miller 33d52566bc - djm@cvs.openbsd.org 2013/02/17 23:16:55 
[integrity.sh]
     make the ssh command generates some output to ensure that there are at
     least offset+tries bytes in the stream.
 2013-02-18 10:18:05 +11:00
Damien Miller 5d7b9565bc - djm@cvs.openbsd.org 2013/02/16 06:08:45 
[integrity.sh]
     make sure the fuzz offset is actually past the end of KEX for all KEX
     types. diffie-hellman-group-exchange-sha256 requires an offset around
     2700. Noticed via test failures in portable OpenSSH on platforms that
     lack ECC and this the more byte-frugal ECDH KEX algorithms.
 2013-02-16 17:32:31 +11:00
Darren Tucker 2991d288db - (dtucker) [openbsd-compat/bsd-misc.c] Handle the case where setpgrp() takes 
an argument.  Pointed out by djm.
 2013-02-15 14:55:38 +11:00
Darren Tucker f32db83f41 - (dtucker) [openbsd-compat/openbsd-compat.h] Add prototype for strtoul, 
group strto* function prototypes together.
 2013-02-15 12:20:41 +11:00
Damien Miller 5ceddc31cd - dtucker@cvs.openbsd.org 2013/02/15 00:21:01 
[sshconnect2.c]
     Warn more loudly if an IdentityFile provided by the user cannot be read.
     bz #1981, ok djm@
 2013-02-15 12:18:32 +11:00
Darren Tucker 8e6fb780e5 - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoull.c 
openbsd-compat/openbsd-compat.h] Add strtoull to compat library for
   platforms that don't have it.
 2013-02-15 12:13:01 +11:00
Darren Tucker 3c4a24c3e3 - (dtucker) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] 
Use getpgrp() if we don't have getpgid() (old BSDs, maybe others).
 2013-02-15 11:41:35 +11:00
Damien Miller 4018dc04da - djm@cvs.openbsd.org 2013/02/14 21:35:59 
[auth2-pubkey.c]
     Correct error message that had a typo and was logging the wrong thing;
     patch from Petr Lautrbach
 2013-02-15 10:28:55 +11:00
Damien Miller 91edc1ce2b - (djm) [contrib/suse/rc.sshd] Use SSHD_BIN consistently; bz#2056 from 
Iain Morgan
 2013-02-15 10:23:44 +11:00
Damien Miller 57f9218528 - (djm) [regress/integrity.sh] Start fuzzing from offset 2500 (instead 
of 2300) to avoid clobbering the end of (non-MAC'd) KEX. Verified by
  Iain Morgan
 2013-02-14 10:32:33 +11:00
Damien Miller 6d77d6ea2b - (djm) [regress/krl.sh] typo; found by Iain Morgan 2013-02-14 10:31:03 +11:00
Damien Miller 2653f5c0a6 - (djm) [regress/krl.sh] Don't use ecdsa keys in environment that lack ECC. 2013-02-14 10:14:51 +11:00
Damien Miller 2f20de5e3f - (djm) [regress/try-ciphers.sh] clean up CVS merge botch 2013-02-12 11:31:38 +11:00
Damien Miller 58e2c5b394 - djm@cvs.openbsd.org 2013/02/11 23:58:51 
[try-ciphers.sh]
     remove acss here too
 2013-02-12 11:16:57 +11:00
Damien Miller 22e8a1e169 - dtucker@cvs.openbsd.org 2013/02/11 21:21:58 
[sshd.c]
     Add openssl version to debug output similar to the client.  ok markus@
 2013-02-12 11:04:48 +11:00
Damien Miller 894926ebd8 - djm@cvs.openbsd.org 2013/02/10 23:35:24 
[packet.c]
     record "Received disconnect" messages at ERROR rather than INFO priority,
     since they are abnormal and result in a non-zero ssh exit status; patch
     from Iain Morgan in bz#2057; ok dtucker@
 2013-02-12 11:03:58 +11:00
Damien Miller 78d22713c7 - djm@cvs.openbsd.org 2013/02/10 23:32:10 
[ssh-keygen.c]
     append to moduli file when screening candidates rather than overwriting.
     allows resumption of interrupted screen; patch from Christophe Garault
     in bz#1957; ok dtucker@
 2013-02-12 11:03:36 +11:00
Damien Miller fd05154dc4 - markus@cvs.openbsd.org 2013/02/10 21:19:34 
[version.h]
     openssh 6.2
 2013-02-12 11:03:10 +11:00
Damien Miller d6d9fa0281 - djm@cvs.openbsd.org 2013/02/08 00:41:12 
[sftp.c]
     fix NULL deref when built without libedit and control characters
     entered as command; debugging and patch from Iain Morgan an
     Loganaden Velvindron in bz#1956
 2013-02-12 11:02:46 +11:00
Damien Miller 18de9133c2 - dtucker@cvs.openbsd.org 2013/02/06 00:22:21 
[auth.c]
     Fix comment, from jfree.e1 at gmail
 2013-02-12 11:02:27 +11:00
Damien Miller 1f583df8c3 - dtucker@cvs.openbsd.org 2013/02/06 00:20:42 
[servconf.c sshd_config sshd_config.5]
     Change default of MaxStartups to 10:30:100 to start doing random early
     drop at 10 connections up to 100 connections.  This will make it harder
     to DoS as CPUs have come a long way since the original value was set
     back in 2000.  Prompted by nion at debian org, ok markus@
 2013-02-12 11:02:08 +11:00
Damien Miller 0cd2f8e5f8 - djm@cvs.openbsd.org 2013/01/27 10:06:12 
[krl.c]
     actually use the xrealloc() return value; spotted by xi.wang AT gmail.com
 2013-02-12 11:01:39 +11:00
Damien Miller f0a8ded824 - djm@cvs.openbsd.org 2013/01/26 06:11:05 
[Makefile.in acss.c acss.h cipher-acss.c cipher.c]
     [openbsd-compat/openssl-compat.h]
     remove ACSS, now that it is gone from libcrypto too
 2013-02-12 11:00:34 +11:00
Damien Miller 60565bcb5c - djm@cvs.openbsd.org 2013/01/25 10:22:19 
[krl.c]
     redo last commit without the vi-vomit that snuck in:
     skip serial lookup when cert's serial number is zero
     (now with 100% better comment)
 2013-02-12 10:56:42 +11:00
Damien Miller 377d9a44f9 - krw@cvs.openbsd.org 2013/01/25 05:00:27 
[krl.c]
     Revert last. Breaks due to likely typo. Let djm@ fix later.
     ok djm@ via dlg@
 2013-02-12 10:55:16 +11:00
Damien Miller 6045f5d574 - djm@cvs.openbsd.org 2013/01/24 22:08:56 
[krl.c]
     skip serial lookup when cert's serial number is zero
 2013-02-12 10:54:54 +11:00
Damien Miller ea078462ea - (djm) OpenBSD CVS Sync 
- djm@cvs.openbsd.org 2013/01/24 21:45:37
     [krl.c]
     fix handling of (unused) KRL signatures; skip string in correct buffer
 2013-02-12 10:54:37 +11:00
Damien Miller b6f73b3af6 - (djm) [configure.ac openbsd-compat/openssl-compat.h] Repair build on old 
libcrypto that lacks EVP_CIPHER_CTX_ctrl
 2013-02-11 10:39:12 +11:00
Darren Tucker 951b53b1be - (dtucker) [configure.ac openbsd-compat/sys-tree.h] Test if compiler allows 
__attribute__ on return values and work around if necessary.  ok djm@
 2013-02-08 11:50:09 +11:00
Damien Miller e7f50e1c18 - (djm) [contrib/redhat/sshd.init] treat RETVAL as an integer; 
patch from Iain Morgan in bz#2059
 2013-02-08 10:49:37 +11:00
Damien Miller 5c3bbd76aa - (djm) [configure.ac] Don't probe seccomp capability of running kernel 
at configure time; the seccomp sandbox will fall back to rlimit at
       runtime anyway. Patch from plautrba AT redhat.com in bz#2011
 2013-02-07 10:11:05 +11:00
Damien Miller dc75d1fc04 - (djm) [regress/krl.sh] replacement for jot; most platforms lack it 2013-01-20 22:58:51 +11:00
Damien Miller d60b210830 - (djm) [openbsd-compat/sys-tree.h] Sync with OpenBSD. krl.c needs newer 
version.
 2013-01-20 22:49:58 +11:00
Damien Miller a7522d9fc0 - markus@cvs.openbsd.org 2013/01/19 12:34:55 
[krl.c]
     RB_INSERT does not remove existing elments; ok djm@
 2013-01-20 22:35:31 +11:00
Damien Miller a0a7ee8bf4 - jmc@cvs.openbsd.org 2013/01/19 07:13:25 
[ssh-keygen.1]
     fix some formatting; ok djm
 2013-01-20 22:35:06 +11:00
Damien Miller 881a7a2c5d - jmc@cvs.openbsd.org 2013/01/18 21:48:43 
[ssh-keygen.1]
     command-line (adj.) -> command line (n.);
 2013-01-20 22:34:46 +11:00
Damien Miller 072fdcd198 - jmc@cvs.openbsd.org 2013/01/18 08:39:04 
[ssh-keygen.1]
     add -Q to the options list; ok djm
 2013-01-20 22:34:04 +11:00
Damien Miller 72abeb709e - jmc@cvs.openbsd.org 2013/01/18 08:00:49 
[sshd_config.5]
     tweak previous;
 2013-01-20 22:33:44 +11:00
Damien Miller 3d6d68b1e1 - jmc@cvs.openbsd.org 2013/01/18 07:59:46 
[ssh-keygen.c]
     -u before -V in usage();
 2013-01-20 22:33:23 +11:00
Damien Miller ac5542b6b8 - jmc@cvs.openbsd.org 2013/01/18 07:57:47 
[ssh-keygen.1]
     tweak previous;
 2013-01-20 22:33:02 +11:00
Damien Miller da5cc5d09a - (djm) [cipher-aes.c cipher-ctr.c openbsd-compat/openssl-compat.h] 
Move prototypes for replacement ciphers to openssl-compat.h; fix EVP
   prototypes for openssl-1.0.0-fips.
 2013-01-20 22:31:29 +11:00
Damien Miller 13f5f768bc - djm@cvs.openbsd.org 2013/01/18 03:00:32 
[krl.c]
     fix KRL generation bug for list sections
 2013-01-18 15:32:03 +11:00
Damien Miller ebafebda85 - djm@cvs.openbsd.org 2013/01/18 00:45:29 
[regress/Makefile regress/cert-userkey.sh regress/krl.sh]
     Tests for Key Revocation Lists (KRLs)
 2013-01-18 11:51:56 +11:00