4791f9dcec
- djm@cvs.openbsd.org 2011/01/16 11:50:05
...
[clientloop.c]
Use atomicio when flushing protocol 1 std{out,err} buffers at
session close. This was a latent bug exposed by setting a SIGCHLD
handler and spotted by kevin.brott AT gmail.com; ok dtucker@
2011-01-16 23:16:53 +11:00
50c61f88ab
- (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based
...
on configurations that don't have it.
2011-01-16 18:28:09 +11:00
08f83883f5
not February yet...
2011-01-16 18:24:04 +11:00
c5c346b101
- (tim) [regress/cert-hostkey.sh] Add missing TEST_SSH_ECC guard around some
...
ecdsa bits.
2011-01-13 22:36:14 -08:00
02d99da976
- (tim) [regress/cert-hostkey.sh] Typo. Missing $ on variable name.
2011-01-13 22:20:27 -08:00
e9b40487fa
- (djm) [Makefile.in] Use shell test to disable ecdsa key generating in
...
host-key-force target rather than a substitution that is replaced with a
comment so that the Makefile.in is still a syntactically valid Makefile
(useful to run the distprep target)
2011-01-14 14:47:37 +11:00
42747df8b7
- djm@cvs.openbsd.org 2011/01/13 21:55:25
...
[PROTOCOL.mux]
correct protocol names and add a couple of missing protocol number
defines; patch from bert.wesarg AT googlemail.com
2011-01-14 12:01:50 +11:00
445c9a507d
- djm@cvs.openbsd.org 2011/01/13 21:54:53
...
[mux.c]
correct error messages; patch from bert.wesarg AT googlemail.com
2011-01-14 12:01:29 +11:00
5278806e39
- (djm) [regress/kextype.sh] Testing diffie-hellman-group-exchange-sha256
...
should not depend on ECC support
2011-01-13 22:05:14 +11:00
9b16086e74
- (djm) [myproposal.h] Fix reversed OPENSSL_VERSION_NUMBER test and bad
...
#define that was causing diffie-hellman-group-exchange-sha256 to be
incorrectly disabled
2011-01-13 22:00:20 +11:00
cbaf8e6ec1
- (djm) [regress/Makefile] add a few more generated files to the clean
...
target
2011-01-13 21:08:27 +11:00
ff22df538e
- (djm) [entropy.c] cast OPENSSL_VERSION_NUMBER to u_long to avoid
...
gcc warning on platforms where it defaults to int
2011-01-13 21:05:27 +11:00
9b87a5ce3c
- (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating
...
ecdsa keys. ok djm.
2011-01-12 22:35:43 -08:00
cce927c25f
- (tim) [Makefile.in] test the ECC bits if we have the capability. ok djm
2011-01-12 19:06:31 -08:00
1708cb7d0d
- (djm) [misc.c] include time.h for nanosleep() prototype
2011-01-13 12:21:34 +11:00
134d02a494
- (djm) [configure.ac] Fix broken test for gcc >= 4.4 with per-compiler
...
flag tests that don't depend on gcc version at all; suggested by and
ok dtucker@
2011-01-12 16:00:37 +11:00
945aa0c744
- (djm) [configure.ac] Turn on -Wno-unused-result for gcc >= 4.4 to avoid
...
silly warnings on write() calls we don't care succeed or not.
2011-01-12 13:34:02 +11:00
4927aaf446
- djm@cvs.openbsd.org 2011/01/12 01:53:14
...
avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS
and sanity check arguments (these will be unnecessary when we switch
struct glob members from being type into to size_t in the future);
"looks ok" tedu@ feedback guenther@
2011-01-12 13:32:03 +11:00
b66e917831
- nicm@cvs.openbsd.org 2010/10/08 21:48:42
...
[openbsd-compat/glob.c]
Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit
from ARG_MAX to 64K.
Fixes glob-using programs (notably ftp) able to be triggered to hit
resource limits.
Idea from a similar NetBSD change, original problem reported by jasper@.
ok millert tedu jasper
2011-01-12 13:30:18 +11:00
821de0ad2e
- djm@cvs.openbsd.org 2011/01/11 06:13:10
...
[clientloop.c ssh-keygen.c sshd.c]
some unsigned long long casts that make things a bit easier for
portable without resorting to dropping PRIu64 formats everywhere
2011-01-11 17:20:29 +11:00
a256c8d680
- djm@cvs.openbsd.org 2011/01/11 06:06:09
...
[sshlogin.c]
fd leak on error paths; from zinovik@
NB. Id sync only; we use loginrec.c that was also audited and fixed
recently
2011-01-11 17:20:05 +11:00
b73b6fd916
- djm@cvs.openbsd.org 2011/01/08 10:51:51
...
[clientloop.c]
use host and not options.hostname, as the latter may have unescaped
substitution characters
2011-01-11 17:18:56 +11:00
81ad4b1fc0
- (djm) [platform.c] Some missing includes that show up under -Werror
2011-01-11 17:02:23 +11:00
076a3b9ced
- (tim) [regress/host-expand.sh] Fix for building outside of read only
...
source tree.
2011-01-10 12:56:26 -08:00
e63b7f2821
- (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted by
...
openssh AT roumenpetrov.info
2011-01-09 09:19:50 +11:00
996384d500
- (djm) [regress/keytype.sh] s/echo -n/echon/ to repair failing regress
...
test on OSX and others. Reported by imorgan AT nas.nasa.gov
2011-01-08 21:58:20 +11:00
ed3a8eb65f
- djm@cvs.openbsd.org 2011/01/06 23:01:35
...
[sshconnect.c]
reset SIGCHLD handler to SIG_DFL when execuring LocalCommand;
ok markus@
2011-01-07 10:02:52 +11:00
7d06b00032
- djm@cvs.openbsd.org 2011/01/06 22:46:21
...
[regress/Makefile regress/host-expand.sh]
regress test for LocalCommand %n expansion from bert.wesarg AT
googlemail.com; ok markus@
2011-01-07 09:54:20 +11:00
64abf31425
- djm@cvs.openbsd.org 2011/01/06 22:23:02
...
[clientloop.c]
when exiting due to ServerAliveTimeout, mention the hostname that caused
it (useful with backgrounded controlmaster)
2011-01-07 09:51:52 +11:00
83f8a4014d
- djm@cvs.openbsd.org 2011/01/06 22:23:53
...
[ssh.c]
unbreak %n expansion in LocalCommand; patch from bert.wesarg AT
googlemail.com; ok markus@
2011-01-07 09:51:17 +11:00
322125b960
- (djm) [regress/cert-hostkey.sh regress/cert-userkey.sh] fix shell test
...
for no-ECC case. Patch from cristian.ionescu-idbohrn AT axis.com
2011-01-07 09:50:08 +11:00
8ad960b4ba
- otto@cvs.openbsd.org 2011/01/04 20:44:13
...
[ssh-keyscan.c]
handle ecdsa-sha2 with various key lengths; hint and ok djm@
2011-01-06 22:44:44 +11:00
de53fd04b1
- djm@cvs.openbsd.org 2010/12/24 21:41:48
...
[auth-options.c]
don't send the actual forced command in a debug message; ok markus deraadt
2011-01-06 22:44:18 +11:00
106079c06d
- djm@cvs.openbsd.org 2010/12/15 00:49:27
...
[readpass.c]
fix ControlMaster=ask regression
reset SIGCHLD handler before fork (and restore it after) so we don't miss
the the askpass child's exit status. Correct test for exit status/signal to
account for waitpid() failure; with claudio@ ok claudio@ markus@
2011-01-06 22:43:44 +11:00
05c8997b33
- markus@cvs.openbsd.org 2010/12/14 11:59:06
...
[sshconnect.c]
don't mention key type in key-changed-warning, since we also print
this warning if a new key type appears. ok djm@
2011-01-06 22:42:04 +11:00
907998df72
- jmc@cvs.openbsd.org 2010/12/09 14:13:33
...
[scp.1 scp.c]
scp.1: grammer fix
scp.c: add -3 to usage()
2011-01-06 22:41:21 +11:00
f12114366b
- markus@cvs.openbsd.org 2010/12/08 22:46:03
...
[scp.1 scp.c]
add a new -3 option to scp: Copies between two remote hosts are
transferred through the local host. Without this option the data
is copied directly between the two remote hosts. ok djm@ (bugzilla #1837 )
2011-01-06 22:40:30 +11:00
30a69e7bba
- (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage
...
formatter if it is present, followed by nroff and groff respectively.
Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports
in favour of mandoc). feedback and ok tim
2011-01-04 08:16:27 +11:00
d197fd64a1
- (djm) [Makefile.in] revert local hack I didn't intend to commit
2011-01-03 14:48:14 +11:00
41bccf75af
- (djm) [configure.ac] Check whether libdes is needed when building
...
with Heimdal krb5 support. On OpenBSD this library no longer exists,
so linking it unconditionally causes a build failure; ok dtucker
2011-01-02 21:53:07 +11:00
4a06f9271f
- (djm) [loginrec.c] Fix some fd leaks on error paths. ok dtucker
2011-01-02 21:43:59 +11:00
928362dc03
- djm@cvs.openbsd.org 2010/12/08 04:02:47
...
[ssh_config.5 sshd_config.5]
explain that IPQoS arguments are separated by whitespace; iirc requested
by jmc@ a while back
2010-12-26 14:26:45 +11:00
4288c53d04
- djm@cvs.openbsd.org 2010/12/04 00:21:19
...
[regress/sftp-cmds.sh]
adjust for hard-link support
2010-12-05 09:45:50 +11:00
7e1a5a4e1b
- (dtucker) [regress/Makefile] Id sync.
2010-12-05 09:29:31 +11:00
094f1e9934
- djm@cvs.openbsd.org 2010/12/04 13:31:37
...
[hostfile.c]
fix fd leak; spotted and ok dtucker
2010-12-05 09:03:31 +11:00
af1f909254
- djm@cvs.openbsd.org 2010/12/04 00:18:01
...
[sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c]
add a protocol extension to support a hard link operation. It is
available through the "ln" command in the client. The old "ln"
behaviour of creating a symlink is available using its "-s" option
or through the preexisting "symlink" command; based on a patch from
miklos AT szeredi.hu in bz#1555; ok markus@
2010-12-05 09:02:47 +11:00
adab6f1299
- djm@cvs.openbsd.org 2010/12/03 23:55:27
...
[auth-rsa.c]
move check for revoked keys to run earlier (in auth_rsa_key_allowed)
bz#1829; patch from ldv AT altlinux.org; ok markus@
2010-12-05 09:01:47 +11:00
7336b904ff
- (dtucker) OpenBSD CVS Sync
...
- djm@cvs.openbsd.org 2010/12/03 23:49:26
[schnorr.c]
check that g^x^q === 1 mod p; recommended by JPAKE author Feng Hao
(this code is still disabled, but apprently people are treating it as
a reference implementation)
2010-12-05 09:00:30 +11:00
37bb7568ab
- (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from
...
debugging. Spotted by djm.
2010-12-05 08:46:05 +11:00
ebdef76b5d
- (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add
...
shims for the new, non-deprecated OpenSSL key generation functions for
platforms that don't have the new interfaces.
2010-12-04 23:20:50 +11:00
d89745b9e7
- (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range)
...
instead of (arc4random() % range)
2010-12-03 10:50:26 +11:00
d925dcd8a5
- djm@cvs.openbsd.org 2010/11/29 23:45:51
...
[auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c]
[sshconnect.h sshconnect2.c]
automatically order the hostkeys requested by the client based on
which hostkeys are already recorded in known_hosts. This avoids
hostkey warnings when connecting to servers with new ECDSA keys
that are preferred by default; with markus@
2010-12-01 12:21:51 +11:00
03c0e533de
- markus@cvs.openbsd.org 2010/11/29 18:57:04
...
[authfile.c]
correctly load comment for encrypted rsa1 keys;
report/fix Joachim Schipper; ok djm@
2010-12-01 12:03:39 +11:00
87dc0a4188
- djm@cvs.openbsd.org 2010/11/26 05:52:49
...
[scp.c]
Pass through ssh command-line flags and options when doing remote-remote
transfers, e.g. to enable agent forwarding which is particularly useful
in this case; bz#1837 ok dtucker@
2010-12-01 12:03:19 +11:00
f80c3deaaf
- djm@cvs.openbsd.org 2010/11/25 04:10:09
...
[session.c]
replace close() loop for fds 3->64 with closefrom();
ok markus deraadt dtucker
2010-12-01 12:02:59 +11:00
b7f827ae45
- djm@cvs.openbsd.org 2010/11/24 01:24:14
...
[channels.c]
remove a debug() that pollutes stderr on client connecting to a server
in debug mode (channel_close_fds is called transitively from the session
code post-fork); bz#1719, ok dtucker
2010-12-01 12:02:35 +11:00
d0fdd6818c
- djm@cvs.openbsd.org 2010/11/23 23:57:24
...
[clientloop.c]
avoid NULL deref on receiving a channel request on an unknown or invalid
channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@
2010-12-01 12:02:14 +11:00
6a740e7b92
- djm@cvs.openbsd.org 2010/11/23 02:35:50
...
[auth.c]
use strict_modes already passed as function argument over referencing
global options.strict_modes
2010-12-01 12:01:51 +11:00
a232792783
- djm@cvs.openbsd.org 2010/11/21 10:57:07
...
[authfile.c]
Refactor internals of private key loading and saving to work on memory
buffers rather than directly on files. This will make a few things
easier to do in the future; ok markus@
2010-12-01 12:01:21 +11:00
2cd629349d
- djm@cvs.openbsd.org 2010/11/21 01:01:13
...
[clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c]
honour $TMPDIR for client xauth and ssh-agent temporary directories;
feedback and ok markus@
2010-12-01 11:50:35 +11:00
188ea814b1
- OpenBSD CVS Sync
...
- deraadt@cvs.openbsd.org 2010/11/20 05:12:38
[auth2-pubkey.c]
clean up cases of ;;
2010-12-01 11:50:14 +11:00
73de86ac5a
- (djm) [defines.h] Add IP DSCP defines
2010-11-24 10:50:04 +11:00
4b6cbf7aab
- (dtucker) [packet.c] Remove redundant local declaration of "int tos".
2010-11-24 10:46:37 +11:00
88e341e1ca
- (djm) [loginrec.c] Relax permission requirement on btmp logs to allow
...
group read/write. ok dtucker@
2010-11-24 10:36:15 +11:00
d995712383
- (dtucker) [platform.c session.c] Move the getluid call out of session.c and
...
into the platform-specific code Only affects SCO, tested by and ok tim@.
2010-11-24 10:09:13 +11:00
9e0ff7afc8
- (dtucker) Bug #1840 : fix warning when configuring --with-ssl-engine, patch
...
from vapier at gentoo org.
2010-11-22 17:59:00 +11:00
0a1847347d
- jmc@cvs.openbsd.org 2010/11/18 15:01:00
...
[scp.1 sftp.1 ssh.1 sshd_config.5]
add IPQoS to the various -o lists, and zap some trailing whitespace;
2010-11-20 15:21:03 +11:00
8e1ea4e5a3
- jmc@cvs.openbsd.org 2010/11/15 07:40:14
...
[ssh_config.5]
libary -> library;
2010-11-20 15:20:10 +11:00
0dac6fb6b2
- djm@cvs.openbsd.org 2010/11/13 23:27:51
...
[clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h]
[servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5]
allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of
hardcoding lowdelay/throughput.
bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
2010-11-20 15:19:38 +11:00
4499f4cc20
- djm@cvs.openbsd.org 2010/11/10 01:33:07
...
[kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c]
use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED.
these have been around for years by this time. ok markus
2010-11-20 15:15:49 +11:00
7a221a1591
- djm@cvs.openbsd.org 2010/11/05 02:46:47
...
[packet.c]
whitespace KNF
2010-11-20 15:14:29 +11:00
dd190ddfd7
- (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on
...
platforms that don't support ECC. Fixes some spurious warnings reported
by tim@
2010-11-11 14:17:02 +11:00
c7a8af03a0
- (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] Add
...
support for platforms missing isblank(). ok djm@
2010-11-08 14:26:23 -08:00
e426f5e932
- (tim) [regress/kextype.sh] Not all platforms have time in /usr/bin.
...
Feedback from dtucker@
2010-11-08 09:15:14 -08:00
c10aeaa8f2
- (tim) [regress/kextype.sh] Shell portability fix.
2010-11-07 13:03:11 -08:00
522262f8b3
- (tim) [regress/Makefile] Fixes to allow building/testing outside source
...
tree.
2010-11-07 13:00:27 -08:00
d1ece6e4a2
- (dtucker) [platform.c] includes.h instead of defines.h so that we get
...
the correct typedefs.
2010-11-07 18:05:54 +11:00
9283d8cbc5
- (dtucker) [platform.c] Need servconf.h and extern options.
2010-11-05 18:56:08 +11:00
f619d1cad9
- (dtucker) [regress/kextype.sh] Make sha256 test depend on ECC. This is not
...
strictly correct since while ECC requires sha256 the reverse is not true
however it does prevent spurious test failures.
2010-11-05 18:41:50 +11:00
345178d951
- (dtucker) [regress/kextype.sh] Add missing "test".
2010-11-05 18:35:52 +11:00
eab5f0df90
- (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh]
...
Import recent changes to regress/Makefile, pass a flag to enable ECC tests
from configure through to regress/Makefile and use it in the tests.
2010-11-05 18:23:38 +11:00
b69e033e67
- (dtucker) [regress/keytype.sh] Import new test.
2010-11-05 18:19:15 +11:00
b12fe272a0
- (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case
...
check into platform.c
2010-11-05 14:47:01 +11:00
cc12418e18
- (dtucker) [platform.c session.c] Move PAM credential establishment for the
...
non-LOGIN_CAP case into platform.c.
2010-11-05 13:32:52 +11:00
0b2ee6452c
- (dtucker) [platform.c session.c] Move irix setusercontext fragment into
...
platform.c.
2010-11-05 13:29:25 +11:00
676b912e78
- (dtucker) platform.c session.c] Move aix_usrinfo frament into platform.c.
2010-11-05 13:11:04 +11:00
7a8afe3186
- (dtucker) platform.c session.c] Move the USE_LIBIAF fragment into
...
platform.c
2010-11-05 13:07:24 +11:00
728d8371a1
- (dtucker) [platform.c session.c] Move the PAM credential establishment for
...
the LOGIN_CAP case into platform.c.
2010-11-05 13:00:05 +11:00
fd4d8aa2cb
- (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to
...
retain previous behavior.
2010-11-05 12:50:41 +11:00
44a97be0cc
- (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c.
2010-11-05 12:45:18 +11:00
4db380701d
- (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into
...
platform.c
2010-11-05 12:41:13 +11:00
920612e45a
- (dtucker) [platform.c platform.h session.c] Add a platform hook to run
...
after the user's groups are established and move the selinux calls into it.
2010-11-05 12:36:15 +11:00
97528353c2
- (dtucker) [configure.ac platform.{c,h} session.c
...
openbsd-compat/port-solaris.{c,h}] Bug #1824 : Add Solaris Project support.
Patch from cory.erickson at csu mnscu edu with a bit of rework from me.
ok djm@
2010-11-05 12:03:05 +11:00
34ee4204c6
- (djm) [loginrec.c loginrec.h] Use correct uid_t/pid_t types instead of
...
int. Should fix bz#1817 cleanly; ok dtucker@
2010-11-05 10:52:37 +11:00
0733121194
- djm@cvs.openbsd.org 2010/11/04 02:45:34
...
[sftp-server.c]
umask should be parsed as octal. reported by candland AT xmission.com;
ok markus@
2010-11-05 10:20:31 +11:00
55fa56505b
- jmc@cvs.openbsd.org 2010/10/28 18:33:28
...
[scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
knock out some "-*- nroff -*-" lines;
2010-11-05 10:20:14 +11:00
b472a90d4c
- djm@cvs.openbsd.org 2010/10/28 11:22:09
...
[authfile.c key.c key.h ssh-keygen.c]
fix a possible NULL deref on loading a corrupt ECDH key
store ECDH group information in private keys files as "named groups"
rather than as a set of explicit group parameters (by setting
the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and
retrieves the group's OpenSSL NID that we need for various things.
2010-11-05 10:19:49 +11:00
3a0e9f6479
- djm@cvs.openbsd.org 2010/09/22 12:26:05
...
[regress/Makefile regress/kextype.sh]
regress test for each of the key exchange algorithms that we support
2010-11-05 10:16:34 +11:00
54b1f3121d
- (dtucker) [defines.h] Use SIZE_T_MAX for SIZE_MAX for platforms that have a
...
native one.
2010-10-25 16:54:28 +11:00
bdd3e67c19
- (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with
...
1.12 to unbreak Solaris build.
ok djm@
2010-10-24 18:35:55 -07:00
Damien Miller
Darren Tucker
Tim Rice