Damien Miller
624a3ca376
- djm@cvs.openbsd.org 2014/01/26 10:22:10
...
[regress/cert-hostkey.sh]
automatically generate revoked keys from listed keys rather than
manually specifying each type; from portable
(Id sync only)
2014-02-28 10:22:37 +11:00
Damien Miller
b843923284
- dtucker@cvs.openbsd.org 2014/01/25 04:35:32
...
[regress/Makefile regress/dhgex.sh]
Add a test for DH GEX sizes
2014-02-28 10:21:26 +11:00
Damien Miller
1e2aa3d904
- dtucker@cvs.openbsd.org 2014/01/20 00:00:30
...
[sftp-chroot.sh]
append to rather than truncating the log file
2014-02-28 10:19:51 +11:00
Damien Miller
f483cc16fe
- dtucker@cvs.openbsd.org 2014/01/19 23:43:02
...
[regress/sftp-chroot.sh]
Don't use -q on sftp as it suppresses logging, instead redirect the
output to the regress logfile.
2014-02-28 10:19:11 +11:00
Damien Miller
6486f16f1c
- (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
...
[contrib/suse/openssh.spec] Crank version numbers
2014-02-28 10:03:52 +11:00
Damien Miller
92cf5adea1
- djm@cvs.openbsd.org 2014/02/27 22:57:40
...
[version.h]
openssh-6.6
2014-02-28 10:01:53 +11:00
Damien Miller
fc5d6759ab
- djm@cvs.openbsd.org 2014/02/27 22:47:07
...
[sshd_config.5]
bz#2184 clarify behaviour of a keyword that appears in multiple
matching Match blocks; ok dtucker@
2014-02-28 10:01:28 +11:00
Damien Miller
172ec7e0af
- djm@cvs.openbsd.org 2014/02/27 08:25:09
...
[bufbn.c]
off by one in range check
2014-02-28 10:00:57 +11:00
Damien Miller
f9a9aaba43
- djm@cvs.openbsd.org 2014/02/27 00:41:49
...
[bufbn.c]
fix unsigned overflow that could lead to reading a short ssh protocol
1 bignum value; found by Ben Hawkes; ok deraadt@
2014-02-28 10:00:27 +11:00
Damien Miller
fb3423b612
- markus@cvs.openbsd.org 2014/02/26 21:53:37
...
[sshd.c]
ssh_gssapi_prepare_supported_oids needs GSSAPI
2014-02-27 10:20:07 +11:00
Damien Miller
1348129a34
- djm@cvs.openbsd.org 2014/02/26 20:29:29
...
[channels.c]
don't assume that the socks4 username is \0 terminated;
spotted by Ben Hawkes; ok markus@
2014-02-27 10:18:32 +11:00
Damien Miller
e6a74aeeac
- djm@cvs.openbsd.org 2014/02/26 20:28:44
...
[auth2-gss.c gss-serv.c ssh-gss.h sshd.c]
bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsep
sandboxing, as running this code in the sandbox can cause violations;
ok markus@
2014-02-27 10:17:49 +11:00
Damien Miller
08b57c67f3
- djm@cvs.openbsd.org 2014/02/26 20:18:37
...
[ssh.c]
bz#2205: avoid early hostname lookups unless canonicalisation is enabled;
ok dtucker@ markus@
2014-02-27 10:17:13 +11:00
Damien Miller
13f97b2286
- djm@cvs.openbsd.org 2014/02/23 20:11:36
...
[readconf.c readconf.h ssh.c ssh_config.5]
reparse ssh_config and ~/.ssh/config if hostname canonicalisation changes
the hostname. This allows users to write configurations that always
refer to canonical hostnames, e.g.
CanonicalizeHostname yes
CanonicalDomains int.example.org example.org
CanonicalizeFallbackLocal no
Host *.int.example.org
Compression off
Host *.example.org
User djm
ok markus@
2014-02-24 15:57:55 +11:00
Damien Miller
bee3a234f3
- djm@cvs.openbsd.org 2014/02/23 20:03:42
...
[ssh-ed25519.c]
check for unsigned overflow; not reachable in OpenSSH but others might
copy our code...
2014-02-24 15:57:22 +11:00
Damien Miller
0628780abe
- djm@cvs.openbsd.org 2014/02/22 01:32:19
...
[readconf.c]
when processing Match blocks, skip 'exec' clauses if previous predicates
failed to match; ok markus@
2014-02-24 15:56:45 +11:00
Damien Miller
0890dc8191
- djm@cvs.openbsd.org 2014/02/15 23:05:36
...
[channels.c]
avoid spurious "getsockname failed: Bad file descriptor" errors in ssh -W;
bz#2200, debian#738692 via Colin Watson; ok dtucker@
2014-02-24 15:56:07 +11:00
Damien Miller
d3cf67e111
- djm@cvs.openbsd.org 2014/02/07 06:55:54
...
[cipher.c mac.c]
remove some logging that makes ssh debugging output very verbose;
ok markus
2014-02-24 15:55:36 +11:00
Tim Rice
03ae081aea
20140221
...
- (tim) [configure.ac] Fix cut-and-paste error. Patch from Bryan Drewery.
2014-02-21 09:09:34 -08:00
Darren Tucker
4a20959d2e
- (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add compat
...
code for older OpenSSL versions that don't have EVP_MD_CTX_copy_ex.
2014-02-13 16:38:32 +11:00
Damien Miller
d1a7a9c0fd
- djm@cvs.openbsd.org 2014/02/06 22:21:01
...
[sshconnect.c]
in ssh_create_socket(), only do the getaddrinfo for BindAddress when
BindAddress is actually specified. Fixes regression in 6.5 for
UsePrivilegedPort=yes; patch from Corinna Vinschen
2014-02-07 09:24:33 +11:00
Damien Miller
6ce35b6cc4
- naddy@cvs.openbsd.org 2014/02/05 20:13:25
...
[ssh-keygen.1 ssh-keygen.c]
tweak synopsis: calling ssh-keygen without any arguments is fine; ok jmc@
while here, fix ordering in usage(); requested by jmc@
2014-02-07 09:24:14 +11:00
Damien Miller
6434cb2cfb
- (djm) [sandbox-seccomp-filter.c] Not all Linux architectures define
...
__NR_shutdown; some go via the socketcall(2) multiplexer.
2014-02-06 11:17:50 +11:00
Darren Tucker
8d36f9ac71
- (dtucker) [openbsd-compat/bsd-poll.c] Don't bother checking for non-NULL
...
before freeing since free(NULL) is a no-op. ok djm.
2014-02-06 10:44:13 +11:00
Damien Miller
a0959da368
- (djm) [sandbox-capsicum.c] Don't fatal if Capsicum is offered by
...
headers/libc but not supported by the kernel. Patch from Loganaden
Velvindron @ AfriNIC
2014-02-05 10:33:45 +11:00
Damien Miller
9c449bc183
- (djm) [regress/setuid-allowed.c] Missing string.h for strerror()
2014-02-04 11:38:28 +11:00
Damien Miller
bf7e0f03be
- (djm) [openbsd-compat/Makefile.in] Add missing explicit_bzero.o
2014-02-04 11:37:50 +11:00
Damien Miller
eb6d870a0e
- djm@cvs.openbsd.org 2014/02/04 00:24:29
...
[ssh.c]
delay lowercasing of hostname until right before hostname
canonicalisation to unbreak case-sensitive matching of ssh_config;
reported by Ike Devolder; ok markus@
2014-02-04 11:26:34 +11:00
Damien Miller
db3c595ea7
- djm@cvs.openbsd.org 2014/02/02 03:44:31
...
[digest-libc.c digest-openssl.c]
convert memset of potentially-private data to explicit_bzero()
2014-02-04 11:25:45 +11:00
Damien Miller
aae07e2e20
- djm@cvs.openbsd.org 2014/02/03 23:28:00
...
[ssh-ecdsa.c]
fix memory leak; ECDSA_SIG_new() allocates 'r' and 's' for us, unlike
DSA_SIG_new. Reported by Batz Spear; ok markus@
2014-02-04 11:20:40 +11:00
Damien Miller
a5103f413b
- djm@cvs.openbsd.org 2014/02/02 03:44:32
...
[auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c]
[buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c]
[kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c]
[monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c]
[ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c]
[ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c]
[sshd.c]
convert memset of potentially-private data to explicit_bzero()
2014-02-04 11:20:14 +11:00
Damien Miller
1d2c456426
- tedu@cvs.openbsd.org 2014/01/31 16:39:19
...
[auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c]
[channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c]
[kexc25519.c krl.c monitor.c sandbox-systrace.c session.c]
[sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c]
[openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h]
replace most bzero with explicit_bzero, except a few that cna be memset
ok djm dtucker
2014-02-04 11:18:20 +11:00
Damien Miller
3928de067c
- djm@cvs.openbsd.org 2014/01/30 22:26:14
...
[sandbox-systrace.c]
allow shutdown(2) syscall in sandbox - it may be called by packet_close()
from portable
(Id sync only; change is already in portable)
2014-02-04 11:13:54 +11:00
Damien Miller
e1e480aee8
- jmc@cvs.openbsd.org 2014/01/29 14:04:51
...
[sshd_config.5]
document kbdinteractiveauthentication;
requested From: Ross L Richardson
dtucker/markus helped explain its workings;
2014-02-04 11:13:17 +11:00
Damien Miller
7cc194f70d
- djm@cvs.openbsd.org 2014/01/29 06:18:35
...
[Makefile.in auth.h auth2-jpake.c auth2.c jpake.c jpake.h monitor.c]
[monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h]
[schnorr.c schnorr.h servconf.c servconf.h ssh2.h sshconnect2.c]
remove experimental, never-enabled JPAKE code; ok markus@
2014-02-04 11:12:56 +11:00
Damien Miller
b0f26544cf
- djm@cvs.openbsd.org 2014/01/29 00:19:26
...
[sshd.c]
use kill(0, ...) instead of killpg(0, ...); on most operating systems
they are equivalent, but SUSv2 describes the latter as having undefined
behaviour; from portable; ok dtucker
(Id sync only; change is already in portable)
2014-02-04 11:10:01 +11:00
Damien Miller
f8f35bc471
- jmc@cvs.openbsd.org 2014/01/28 14:13:39
...
[ssh-keyscan.1]
kill some bad Pa;
From: Jan Stary
2014-02-04 11:09:12 +11:00
Damien Miller
ec93d15170
- markus@cvs.openbsd.org 2014/01/27 20:13:46
...
[digest.c digest-openssl.c digest-libc.c Makefile.in]
rename digest.c to digest-openssl.c and add libc variant; ok djm@
2014-02-04 11:07:13 +11:00
Damien Miller
4a1c7aa640
- markus@cvs.openbsd.org 2014/01/27 19:18:54
...
[auth-rsa.c cipher.c ssh-agent.c sshconnect1.c sshd.c]
replace openssl MD5 with our ssh_digest_*; ok djm@
2014-02-04 11:03:36 +11:00
Damien Miller
4e8d937af7
- markus@cvs.openbsd.org 2014/01/27 18:58:14
...
[Makefile.in digest.c digest.h hostfile.c kex.h mac.c hmac.c hmac.h]
replace openssl HMAC with an implementation based on our ssh_digest_*
ok and feedback djm@
2014-02-04 11:02:42 +11:00
Tim Rice
69d0d09f76
- (tim) [Makefile.in] build regress/setuid-allow.
2014-01-31 14:25:18 -08:00
Darren Tucker
0eeafcd76b
- (dtucker) [readconf.c] Include <arpa/inet.h> for the hton macros. Fixes
...
build with HP-UX's compiler. Patch from Kevin Brott.
2014-01-31 14:18:51 +11:00
Damien Miller
7e5cec6070
- (djm) [sandbox-seccomp-filter.c sandbox-systrace.c] Allow shutdown(2)
...
syscall from sandboxes; it may be called by packet_close.
2014-01-31 09:25:34 +11:00
Damien Miller
cdb6c90811
- (djm) Release openssh-6.5p1
2014-01-30 12:50:17 +11:00
Damien Miller
996ea80b18
trim entries prior to openssh-6.0p1
2014-01-30 12:49:55 +11:00
Damien Miller
f5bbd3b657
- (djm) [configure.ac atomicio.c] Kludge around NetBSD offering
...
different symbols for 'read' when various compiler flags are
in use, causing atomicio.c comparisons against it to break and
read/write operations to hang; ok dtucker
2014-01-30 11:26:46 +11:00
Damien Miller
c2868192dd
- (djm) [configure.ac] Only check for width-specified integer types
...
in headers that actually exist. patch from Tom G. Christensen;
ok dtucker@
2014-01-30 10:21:19 +11:00
Damien Miller
c161fc90fc
- (djm) [configure.ac] Fix broken shell test '==' vs '='; patch from
...
Tom G. Christensen
2014-01-29 21:01:33 +11:00
Tim Rice
6f917ad376
- (tim) [regress/agent.sh regress/agent-ptrace.sh] Assign $? to a variable
...
when used as an error message inside an if statement so we display the
correct into. agent.sh patch from Petr Lautrbach.
2014-01-28 10:26:25 -08:00
Damien Miller
ab16ef4152
- (djm) [sshd.c] Use kill(0, ...) instead of killpg(0, ...); the
...
latter being specified to have undefined behaviour in SUSv3;
ok dtucker
2014-01-28 15:08:12 +11:00