73600e51af
- djm@cvs.openbsd.org 2013/10/10 00:53:25
...
[sftp-server.c]
add -Q, -P and -p to usage() before jmc@ catches me
2013-10-15 11:56:25 +11:00
6eaeebf27d
- djm@cvs.openbsd.org 2013/10/09 23:42:17
...
[sftp-server.8 sftp-server.c]
Add ability to whitelist and/or blacklist sftp protocol requests by name.
Refactor dispatch loop and consolidate read-only mode checks.
Make global variables static, since sftp-server is linked into sshd(8).
ok dtucker@
2013-10-15 11:55:57 +11:00
df62d71e64
- dtucker@cvs.openbsd.org 2013/10/08 11:42:13
...
[dh.c dh.h]
Increase the size of the Diffie-Hellman groups requested for a each
symmetric key size. New values from NIST Special Publication 800-57 with
the upper limit specified by RFC4419. Pointed out by Peter Backes, ok
djm@.
2013-10-10 10:32:39 +11:00
e6e52f8c5d
- djm@cvs.openbsd.org 2013/09/19 01:26:29
...
[sshconnect.c]
bz#1211: make BindAddress work with UsePrivilegedPort=yes; patch from
swp AT swp.pp.ru; ok dtucker@
2013-10-10 10:28:07 +11:00
71152bc991
- djm@cvs.openbsd.org 2013/09/19 01:24:46
...
[channels.c]
bz#1297 - tell the client (via packet_send_debug) when their preferred
listen address has been overridden by the server's GatewayPorts;
ok dtucker@
2013-10-10 10:27:21 +11:00
b59aaf3c4f
- djm@cvs.openbsd.org 2013/09/19 00:49:12
...
[sftp-client.c]
fix swapped pflag and printflag in sftp upload_dir; from Iain Morgan
2013-10-10 10:26:21 +11:00
5d80e4522d
- djm@cvs.openbsd.org 2013/09/19 00:24:52
...
[progressmeter.c]
store the initial file offset so the progress meter doesn't freak out
when resuming sftp transfers. bz#2137; patch from Iain Morgan; ok dtucker@
2013-10-10 10:25:09 +11:00
ad92df7e5e
- sthen@cvs.openbsd.org 2013/09/16 11:35:43
...
[ssh_config]
Remove gssapi config parts from ssh_config, as was already done for
sshd_config. Req by/ok ajacoutot@
ID SYNC ONLY for portable; kerberos/gssapi is still pretty popular
2013-10-10 10:24:11 +11:00
720711960b
- (djm) [openbsd-compat/Makefile.in openbsd-compat/arc4random.c]
...
[openbsd-compat/bsd-arc4random.c] Replace old RC4-based arc4random
implementation with recent OpenBSD's ChaCha-based PRNG. ok dtucker@,
tested tim@
2013-10-09 10:44:47 +11:00
9159310087
- (djm) [openbsd-compat/arc4random.c openbsd-compat/chacha_private.h] Pull
...
in OpenBSD implementation of arc4random, shortly to replace the existing
bsd-arc4random.c
2013-10-09 10:42:32 +11:00
67f1d557a6
correct incorrect years in datestamps; from des
2013-10-09 09:33:08 +11:00
f2bf36c3eb
- (dtucker) [platform.c platform.h sshd.c] bz#2156: restore Linux oom_adj
...
setting when handling SIGHUP to maintain behaviour over retart. Patch
from Matthew Ife.
2013-09-22 19:02:40 +10:00
e90a06ae57
- (dtucker) [sshd_config] Trailing whitespace; from jstjohn at purdue edu.
2013-09-18 15:09:38 +10:00
13840e0103
- djm@cvs.openbsd.org 2013/09/13 06:54:34
...
[channels.c]
avoid unaligned access in code that reused a buffer to send a
struct in_addr in a reply; simpler just use use buffer_put_int();
from portable; spotted by and ok dtucker@
2013-09-14 09:49:43 +10:00
70182522a4
- djm@cvs.openbsd.org 2013/09/12 01:41:12
...
[clientloop.c]
fix connection crash when sending break (~B) on ControlPersist'd session;
ok dtucker@
2013-09-14 09:49:19 +10:00
ff9d6c2a41
- sthen@cvs.openbsd.org 2013/09/07 13:53:11
...
[sshd_config]
Remove commented-out kerberos/gssapi config options from sample config,
kerberos support is currently not enabled in ssh in OpenBSD. Discussed with
various people; ok deraadt@
ID SYNC ONLY for portable; kerberos/gssapi is still pretty popular
2013-09-14 09:48:55 +10:00
8bab5e7b5f
- deraadt@cvs.openbsd.org 2013/09/02 22:00:34
...
[ssh-keygen.c sshconnect1.c sshd.c]
All the instances of arc4random_stir() are bogus, since arc4random()
does this itself, inside itself, and has for a very long time.. Actually,
this was probably reducing the entropy available.
ok djm
ID SYNC ONLY for portable; we don't trust other arc4random implementations
to do this right.
2013-09-14 09:47:00 +10:00
61353b3208
- djm@cvs.openbsd.org 2013/08/31 00:13:54
...
[sftp.c]
make ^w match ksh behaviour (delete previous word instead of entire line)
2013-09-14 09:45:32 +10:00
660854859c
- mikeb@cvs.openbsd.org 2013/08/28 12:34:27
...
[ssh-keygen.c]
improve batch processing a bit by making use of the quite flag a bit
more often and exit with a non zero code if asked to find a hostname
in a known_hosts file and it wasn't there;
originally from reyk@, ok djm
2013-09-14 09:45:03 +10:00
045bda5cb8
- djm@cvs.openbsd.org 2013/08/22 19:02:21
...
[sshd.c]
Stir PRNG after post-accept fork. The child gets a different PRNG state
anyway via rexec and explicit privsep reseeds, but it's good to be sure.
ok markus@
2013-09-14 09:44:37 +10:00
ed4af412da
add marker for 6.3p1 release at the point of the last included change
2013-09-14 09:40:51 +10:00
43968a8e66
- (djm) [openbsd-compat/bsd-snprintf.c] #ifdef noytet for intmax_t bits
...
until we have configure support.
2013-08-28 14:00:54 +10:00
04be8b9e53
- (djm) [openbsd-compat/bsd-snprintf.c] teach our local snprintf code the
...
'j' (intmax_t/uintmax_t) and 'z' (size_t/ssize_t) conversions in case we
start to use them in the future.
2013-08-28 12:49:43 +10:00
f2f6c315a9
- jmc@cvs.openbsd.org 2013/08/20 06:56:07
...
[ssh.1 ssh_config.5]
some proxyusefdpass tweaks;
2013-08-21 02:44:58 +10:00
1262b6638f
- djm@cvs.openbsd.org 2013/08/20 00:11:38
...
[readconf.c readconf.h ssh_config.5 sshconnect.c]
Add a ssh_config ProxyUseFDPass option that supports the use of
ProxyCommands that establish a connection and then pass a connected
file descriptor back to ssh(1). This allows the ProxyCommand to exit
rather than have to shuffle data back and forth and enables ssh to use
getpeername, etc. to obtain address information just like it does with
regular directly-connected sockets. ok markus@
2013-08-21 02:44:24 +10:00
b7727df37e
- jmc@cvs.openbsd.org 2013/08/14 08:39:27
...
[scp.1 ssh.1]
some Bx/Ox conversion;
From: Jan Stary
2013-08-21 02:43:49 +10:00
d5d9d7b1fd
- djm@cvs.openbsd.org 2013/08/13 18:33:08
...
[ssh-keygen.c]
another of the same typo
2013-08-21 02:43:27 +10:00
d234afb0b3
- djm@cvs.openbsd.org 2013/08/13 18:32:08
...
[ssh-keygen.c]
typo in error message; from Stephan Rickauer
2013-08-21 02:42:58 +10:00
e0ee727b82
- djm@cvs.openbsd.org 2013/08/09 03:56:42
...
[sftp.c]
enable ctrl-left-arrow and ctrl-right-arrow to move forward/back a word;
matching ksh's relatively recent change.
2013-08-21 02:42:35 +10:00
fec029f1dc
- djm@cvs.openbsd.org 2013/08/09 03:39:13
...
[sftp-client.c]
two problems found by a to-be-committed regress test: 1) msg_id was not
being initialised so was starting at a random value from the heap
(harmless, but confusing). 2) some error conditions were not being
propagated back to the caller
2013-08-21 02:42:12 +10:00
036d30743f
- djm@cvs.openbsd.org 2013/08/09 03:37:25
...
[sftp.c]
do getopt parsing for all sftp commands (with an empty optstring for
commands without arguments) to ensure consistent behaviour
2013-08-21 02:41:46 +10:00
c7dba12bf9
- djm@cvs.openbsd.org 2013/08/08 05:04:03
...
[sftp-client.c sftp-client.h sftp.c]
add a "-l" flag for the rename command to force it to use the silly
standard SSH_FXP_RENAME command instead of the POSIX-rename- like
posix-rename@openssh.com extension.
intended for use in regress tests, so no documentation.
2013-08-21 02:41:15 +10:00
034f27a0c0
- djm@cvs.openbsd.org 2013/08/08 04:52:04
...
[sftp.c]
fix two year old regression: symlinking a file would incorrectly
canonicalise the target path. bz#2129 report from delphij AT freebsd.org
2013-08-21 02:40:44 +10:00
c6895c5c67
- jmc@cvs.openbsd.org 2013/08/07 06:24:51
...
[sftp.1 sftp.c]
sort -a;
2013-08-21 02:40:21 +10:00
a6d6c1f38a
- djm@cvs.openbsd.org 2013/08/06 23:06:01
...
[servconf.c]
add cast to avoid format warning; from portable
2013-08-21 02:40:01 +10:00
eec840673b
- djm@cvs.openbsd.org 2013/08/06 23:05:01
...
[sftp.1]
document top-level -a option (the -a option to 'get' was already
documented)
2013-08-21 02:39:39 +10:00
02e878070d
- djm@cvs.openbsd.org 2013/08/06 23:03:49
...
[sftp.c]
fix some whitespace at EOL
make list of commands an enum rather than a long list of defines
add -a to usage()
2013-08-21 02:38:51 +10:00
acd2060f75
- (dtucker) [regress/Makefile regress/test-exec.sh] Roll back the -nt
...
removal. The "make clean" removes modpipe which is built by the top-level
directory before running the tests. Spotted by tim@
2013-08-08 17:02:12 +10:00
9542de4547
- (dtucker) [misc.c] Remove define added for fallback testing that was
...
mistakenly included in the previous commit.
2013-08-08 12:50:06 +10:00
94396b7f06
- (dtucker) [misc.c] Fall back to time(2) at runtime if clock_gettime(
...
CLOCK_MONOTONIC...) fails. Some older versions of RHEL have the
CLOCK_MONOTONIC define but don't actually support it. Found and tested
by Kevin Brott, ok djm.
2013-08-08 11:52:37 +10:00
a5a3cbfa0f
- (dtucker) [regress/Makefile regress/test-exec.sh] Don't try to use test -nt
...
since some platforms (eg really old FreeBSD) don't have it. Instead,
run "make clean" before a complete regress run. ok djm.
2013-08-08 10:58:49 +10:00
f3ab2c5f9c
- (dtucker) [auth-krb5.c configure.ac openbsd-compat/bsd-misc.h] Add support
...
for building with older Heimdal versions. ok djm.
2013-08-04 21:48:41 +10:00
ab3575c055
- (djm) [sshlogin.h] Fix prototype merge botch from 2006; bz#2134
2013-08-01 14:34:16 +10:00
c192a4c4f6
- (djm) [channels.c channels.h] bz#2135: On Solaris, isatty() on a non-
...
blocking connecting socket will clear any stored errno that might
otherwise have been retrievable via getsockopt(). A hack to limit writes
to TTYs on AIX was triggering this. Since only AIX needs the hack, wrap
it in an #ifdef. Diagnosis and patch from Ivo Raisr.
2013-08-01 14:29:20 +10:00
81f7cf1ec5
more correct comment for last commit
2013-07-25 18:41:40 -07:00
0553ad76ff
- (tim) [regress/forwarding.sh] Fix for building outside read only source tree.
2013-07-25 16:03:16 -07:00
ed899eb597
- (tim) [sftp-client.c] Use of a gcc extension trips up native compilers on
...
Solaris and UnixWare. Feedback and OK djm@
2013-07-25 15:40:00 -07:00
d1e26cf391
- djm@cvs.openbsd.org 2013/06/21 02:26:26
...
[regress/sftp-cmds.sh regress/test-exec.sh]
unbreak sftp-cmds for renamed test data (s/ls/data/)
2013-07-25 12:11:18 +10:00
78d47b7c5b
- dtucker@cvs.openbsd.org 2013/06/10 21:56:43
...
[regress/forwarding.sh]
Add test for forward config parsing
2013-07-25 12:08:46 +10:00
fea440639e
- dtucker@cvs.openbsd.org 2013/05/30 20:12:32
...
[regress/test-exec.sh]
use ssh and sshd as testdata since it needs to be >256k for the rekey test
2013-07-25 12:08:07 +10:00
53435b2d87
- djm@cvs.openbsd.org 2013/07/25 00:57:37
...
[version.h]
openssh-6.3 for release
2013-07-25 11:57:15 +10:00
0d032419ee
- djm@cvs.openbsd.org 2013/07/25 00:56:52
...
[sftp-client.c sftp-client.h sftp.1 sftp.c]
sftp support for resuming partial downloads; patch mostly by Loganaden
Velvindron/AfriNIC with some tweaks by me; feedback and ok dtucker@
2013-07-25 11:56:52 +10:00
98e27dcf58
- djm@cvs.openbsd.org 2013/07/25 00:29:10
...
[ssh.c]
daemonise backgrounded (ControlPersist'ed) multiplexing master to ensure
it is fully detached from its controlling terminal. based on debugging
2013-07-25 11:55:52 +10:00
94c9cd34d1
- djm@cvs.openbsd.org 2013/07/22 12:20:02
...
[umac.h]
oops, forgot to commit corresponding header change;
spotted by jsg and jasper
2013-07-25 11:55:39 +10:00
c331dbd222
- djm@cvs.openbsd.org 2013/07/22 05:00:17
...
[umac.c]
make MAC key, data to be hashed and nonce for final hash const;
checked with -Wcast-qual
2013-07-25 11:55:20 +10:00
c8669a8cd2
- djm@cvs.openbsd.org 2013/07/20 22:20:42
...
[krl.c]
fix verification error in (as-yet usused) KRL signature checking path
2013-07-25 11:52:48 +10:00
63ddc899d2
- djm@cvs.openbsd.org 2013/07/20 01:55:13
...
[auth-krb5.c gss-serv-krb5.c gss-serv.c]
fix kerberos/GSSAPI deprecation warnings and linking; "looks okay" millert@
2013-07-20 13:35:45 +10:00
1f0e86f23f
- djm@cvs.openbsd.org 2013/07/20 01:50:20
...
[ssh-agent.c]
call cleanup_handler on SIGINT when in debug mode to ensure sockets
are cleaned up on manual exit; bz#2120
2013-07-20 13:22:49 +10:00
3009d3cbb8
- djm@cvs.openbsd.org 2013/07/20 01:44:37
...
[ssh-keygen.c ssh.c]
More useful error message on missing current user in /etc/passwd
2013-07-20 13:22:31 +10:00
32ecfa0f79
- djm@cvs.openbsd.org 2013/07/20 01:43:46
...
[umac.c]
use a union to ensure correct alignment; ok deraadt
2013-07-20 13:22:13 +10:00
85b45e0918
- markus@cvs.openbsd.org 2013/07/19 07:37:48
...
[auth.h kex.h kexdhs.c kexecdhs.c kexgexs.c monitor.c servconf.c]
[servconf.h session.c sshd.c sshd_config.5]
add ssh-agent(1) support to sshd(8); allows encrypted hostkeys,
or hostkeys on smartcards; most of the work by Zev Weiss; bz #1974
ok djm@
2013-07-20 13:21:52 +10:00
d93340cbb6
- djm@cvs.openbsd.org 2013/07/18 01:12:26
...
[ssh.1]
be more exact wrt perms for ~/.ssh/config; bz#2078
2013-07-18 16:14:34 +10:00
bf836e535d
- schwarze@cvs.openbsd.org 2013/07/16 00:07:52
...
[scp.1 sftp-server.8 ssh-keyscan.1 ssh-keysign.8 ssh-pkcs11-helper.8]
use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@
2013-07-18 16:14:13 +10:00
649fe025a4
- djm@cvs.openbsd.org 2013/07/12 05:48:55
...
[ssh.c]
set TCP nodelay for connections started with -N; bz#2124 ok dtucker@
2013-07-18 16:13:55 +10:00
5bb8833e80
- djm@cvs.openbsd.org 2013/07/12 05:42:03
...
[ssh-keygen.c]
do_print_resource_record() can never be called with a NULL filename, so
don't attempt (and bungle) asking for one if it has not been specified
bz#2127 ok dtucker@
2013-07-18 16:13:37 +10:00
7313fc9222
- djm@cvs.openbsd.org 2013/07/12 00:43:50
...
[misc.c]
in ssh_gai_strerror() don't fallback to strerror for EAI_SYSTEM when
errno == 0. Avoids confusing error message in some broken resolver
cases. bz#2122 patch from plautrba AT redhat.com; ok dtucker
2013-07-18 16:13:19 +10:00
746d1a6c52
- djm@cvs.openbsd.org 2013/07/12 00:20:00
...
[sftp.c ssh-keygen.c ssh-pkcs11.c]
fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
2013-07-18 16:13:02 +10:00
ce98654674
- djm@cvs.openbsd.org 2013/07/12 00:19:59
...
[auth-options.c auth-rsa.c bufaux.c buffer.h channels.c hostfile.c]
[hostfile.h mux.c packet.c packet.h roaming_common.c serverloop.c]
fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
2013-07-18 16:12:44 +10:00
0d02c3e10e
- markus@cvs.openbsd.org 2013/07/02 12:31:43
...
[dh.c]
remove extra whitespace
2013-07-18 16:12:06 +10:00
fecfd118d6
- jmc@cvs.openbsd.org 2013/06/27 14:05:37
...
[ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
do not use Sx for sections outwith the man page - ingo informs me that
stuff like html will render with broken links;
issue reported by Eric S. Raymond, via djm
2013-07-18 16:11:50 +10:00
bc35d92e78
- djm@cvs.openbsd.org 2013/06/22 06:31:57
...
[scp.c]
improved time_t overflow check suggested by guenther@
2013-07-18 16:11:25 +10:00
8158441d01
- djm@cvs.openbsd.org 2013/06/21 05:43:10
...
[scp.c]
make this -Wsign-compare clean after time_t conversion
2013-07-18 16:11:07 +10:00
bbeb1dac55
- djm@cvs.openbsd.org 2013/06/21 05:42:32
...
[dh.c]
sprinkle in some error() to explain moduli(5) parse failures
2013-07-18 16:10:49 +10:00
7f2b438ca0
- djm@cvs.openbsd.org 2013/06/21 00:37:49
...
[ssh_config.5]
explicitly mention that IdentitiesOnly can be used with IdentityFile
to control which keys are offered from an agent.
2013-07-18 16:10:29 +10:00
20bdcd7236
- djm@cvs.openbsd.org 2013/06/21 00:34:49
...
[auth-rsa.c auth.h auth2-hostbased.c auth2-pubkey.c monitor.c]
for hostbased authentication, print the client host and user on
the auth success/failure line; bz#2064, ok dtucker@
2013-07-18 16:10:09 +10:00
3071070b39
- markus@cvs.openbsd.org 2013/06/20 19:15:06
...
[krl.c]
don't leak the rdata blob on errors; ok djm@
2013-07-18 16:09:44 +10:00
044bd2a7dd
- guenther@cvs.openbsd.org 2013/06/17 04:48:42
...
[scp.c]
Handle time_t values as long long's when formatting them and when
parsing them from remote servers.
Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
2013-07-18 16:09:25 +10:00
9a66155421
- dtucker@cvs.openbsd.org 2013/06/10 19:19:44
...
[readconf.c]
revert 1.203 while we investigate crashes reported by okan@
2013-07-18 16:09:04 +10:00
b7482cff46
- (dtucker) [contrib/cygwin/README contrib/cygwin/ssh-host-config
...
contrib/cygwin/ssh-user-config] Modernizes and improve readability of
the Cygwin README file (which hasn't been updated for ages), drop
unsupported OSes from the ssh-host-config help text, and drop an
unneeded option from ssh-user-config. Patch from vinschen at redhat com.
2013-07-02 20:06:46 +10:00
b8ae92d08b
- (dtucker) [myproposal.h] Make the conditional algorithm support consistent
...
and add some comments so it's clear what goes where.
2013-06-11 12:10:02 +10:00
97b62f41ad
- (dtucker) [myproposal.h] Do not advertise AES GSM ciphers if we don't have
...
the required OpenSSL support. Patch from naddy at freebsd.
2013-06-11 11:47:24 +10:00
6d8bd57448
- (dtucker) [Makefile.in configure.ac fixalgorithms] Remove unsupported
...
algorithms (Ciphers, MACs and HostKeyAlgorithms) from man pages.
2013-06-11 11:26:10 +10:00
36187093ea
- dtucker@cvs.openbsd.org 2013/06/07 15:37:52
...
[channels.c channels.h clientloop.c]
Add an "ABANDONED" channel state and use for mux sessions that are
disconnected via the ~. escape sequence. Channels in this state will
be able to close if the server responds, but do not count as active channels.
This means that if you ~. all of the mux clients when using ControlPersist
on a broken network, the backgrounded mux master will exit when the
Control Persist time expires rather than hanging around indefinitely.
bz#1917, also reported and tested by tedu@. ok djm@ markus@.
2013-06-10 13:07:11 +10:00
ae133d4b31
- (dtucker) [configure.ac sftp.c openbsd-compat/openbsd-compat.h] Cater for
...
platforms that don't have multibyte character support (specifically,
mblen).
2013-06-06 08:30:20 +10:00
408eaf3ab7
- dtucker@cvs.openbsd.org 2013/06/05 22:00:28
...
[readconf.c]
plug another memleak. bz#1967, from Zhenbo Xu, detected by Melton, ok djm
2013-06-06 08:22:46 +10:00
e52a260f16
- dtucker@cvs.openbsd.org 2013/06/05 12:52:38
...
[sshconnect2.c]
Fix memory leaks found by Zhenbo Xu and the Melton tool. bz#1967, ok djm
2013-06-06 08:22:05 +10:00
0cca17fa18
- dtucker@cvs.openbsd.org 2013/06/05 02:27:50
...
[sshd.c]
When running sshd -D, close stderr unless we have explicitly requesting
logging to stderr. From james.hunt at ubuntu.com via bz#1976, djm's patch
so, err, ok dtucker.
2013-06-06 08:21:14 +10:00
746e9067bd
- dtucker@cvs.openbsd.org 2013/06/05 02:07:29
...
[mux.c]
fix leaks in mux error paths, from Zhenbo Xu, found by Melton. bz#1967,
ok djm
2013-06-06 08:20:13 +10:00
ea64721275
- dtucker@cvs.openbsd.org 2013/06/04 20:42:36
...
[sftp.c]
Make sftp's libedit interface marginally multibyte aware by building up
the quoted string by character instead of by byte. Prevents failures
when linked against a libedit built with wide character support (bz#1990).
"looks ok" djm
2013-06-06 08:19:09 +10:00
194454d7a8
- dtucker@cvs.openbsd.org 2013/06/04 19:12:23
...
[scp.c]
use MAXPATHLEN for buffer size instead of fixed value. ok markus
2013-06-06 08:16:04 +10:00
4ac66af091
- dtucker@cvs.openbsd.org 2013/06/03 00:03:18
...
[mac.c]
force the MAC output to be 64-bit aligned so umac won't see unaligned
accesses on strict-alignment architectures. bz#2101, patch from
tomas.kuthan at oracle.com, ok djm@
2013-06-06 08:12:37 +10:00
ea8342c248
- dtucker@cvs.openbsd.org 2013/06/02 23:36:29
...
[clientloop.h clientloop.c mux.c]
No need for the mux cleanup callback to be visible so restore it to static
and call it through the detach_user function pointer. ok djm@
2013-06-06 08:11:40 +10:00
5d12b8f05d
- dtucker@cvs.openbsd.org 2013/06/02 21:01:51
...
[channels.h]
typo in comment
2013-06-06 08:09:10 +10:00
dc62edbf12
- (dtucker) [Makefile.in] append $CFLAGS to compiler options when building
...
modpipe in case there's anything in there we need.
2013-06-06 05:12:35 +10:00
2a22873cd8
- (dtucker) [regress/forwarding.sh] For (as yet unknown) reason, the
...
forwarding test is extremely slow copying data on some machines so switch
back to copying the much smaller ls binary until we can figure out why
this is.
2013-06-06 01:59:13 +10:00
b4e00949f0
- (dtucker) [contrib/ssh-copy-id] bz#2117: Use portable operator in test.
...
Patch from cjwatson at debian.
2013-06-05 22:48:44 +10:00
2ea9eb77a7
- (dtucker) Enable sha256 kex methods based on the presence of the necessary
...
functions, not from the openssl version.
2013-06-05 15:04:00 +10:00
16cac190eb
- (dtucker) [configure.ac] Some other platforms need sys/types.h before
...
sys/socket.h.
2013-06-04 12:55:24 +10:00
0b43ffe143
- (dtucker) [configure.ac] Some platforms need sys/types.h before sys/un.h.
2013-06-03 09:30:44 +10:00
3f3064c822
- (tim) [regress/sftp-chroot.sh] skip if no sudo. ok dtucker
2013-06-02 15:13:09 -07:00
01ec0af301
- (tim) [aclocal.m4] Enhance OSSH_CHECK_CFLAG_COMPILE to check stderr.
...
feedback and ok dtucker
2013-06-02 14:31:27 -07:00
5ab9b63468
- (tim) [configure.ac regress/Makefile] With rev 1.47 of test-exec.sh we
...
need a shell that can handle "[ file1 -nt file2 ]". Rather than keep
dealing with shell portability issues in regression tests, we let
configure find us a capable shell on those platforms with an old /bin/sh.
2013-06-02 14:05:48 -07:00
898ac935e5
- (dtucker) [configure.ac] bz#2111: don't try to use lastlog on Android.
...
Patch from Nathan Osman.
2013-06-03 02:03:25 +10:00
ef4901c3eb
- (dtucker) [configure.ac] sys/un.h needs sys/socket.h on some platforms
...
to prevent noise from configure. Patch from Nathan Osman.
2013-06-03 01:59:13 +10:00
073f795bc1
- dtucker@cvs.openbsd.org 2013/06/02 13:35:58
...
[ssh-agent.c]
Make parent_alive_interval time_t to avoid signed/unsigned comparison
2013-06-02 23:47:11 +10:00
00e1abb1eb
- dtucker@cvs.openbsd.org 2013/06/02 13:33:05
...
[progressmeter.c]
Add misc.h for monotime prototype. (id sync only)
2013-06-02 23:46:24 +10:00
86211d1738
20130602
...
- (tim) [Makefile.in] Make Solaris, UnixWare, & OpenServer linkers happy
linking regress/modpipe.
2013-06-01 18:38:23 -07:00
e9887d1c37
- (dtucker) [sandbox-seccomp-filter.c] Allow clock_gettimeofday.
2013-06-02 09:17:09 +10:00
65cf74079a
fix typo
2013-06-02 09:11:19 +10:00
c9a1991b95
- dtucker@cvs.openbsd.org 2013/06/01 22:34:50
...
[sftp-client.c]
Update progressmeter when data is acked, not when it's sent. bz#2108, from
Debian via Colin Watson, ok djm@
2013-06-02 08:37:05 +10:00
a710891659
- (dtucker) [configure.ac misc.c] Look for clock_gettime in librt and fall
...
back to time(NULL) if we can't find it anywhere.
2013-06-02 08:18:31 +10:00
f60845fde2
- (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c cipher-ctr.c
...
groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c
sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c
openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c
openbsd-compat/port-linux.c] Replace portable-specific instances of xfree
with the equivalent calls to free.
2013-06-02 08:07:31 +10:00
3750fce6ac
- dtucker@cvs.openbsd.org 2013/06/01 20:59:25
...
[scp.c sftp-client.c]
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch
from Nathan Osman via bz#2113. ok deraadt.
(note: corrected bug number from 2085)
2013-06-02 07:52:21 +10:00
b759c9c2ef
- dtucker@cvs.openbsd.org 2013/06/01 13:15:52
...
[ssh-agent.c clientloop.c misc.h packet.c progressmeter.c misc.c
channels.c sandbox-systrace.c]
Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like
keepalives and rekeying will work properly over clock steps. Suggested by
markus@, "looks good" djm@.
2013-06-02 07:46:16 +10:00
55119253c6
- dtucker@cvs.openbsd.org 2013/05/31 12:28:10
...
[ssh-agent.c]
Use time_t where appropriate. ok djm
2013-06-02 07:43:59 +10:00
0acca3797d
- djm@cvs.openbsd.org 2013/05/19 02:42:42
...
[auth.h auth.c key.c monitor.c auth-rsa.c auth2.c auth1.c key.h]
Standardise logging of supplemental information during userauth. Keys
and ruser is now logged in the auth success/failure message alongside
the local username, remote host/port and protocol in use. Certificates
contents and CA are logged too.
Pushing all logging onto a single line simplifies log analysis as it is
no longer necessary to relate information scattered across multiple log
entries. "I like it" markus@
2013-06-02 07:41:51 +10:00
74836ae0fa
- djm@cvs.openbsd.org 2013/05/19 02:38:28
...
[auth2-pubkey.c]
fix failure to recognise cert-authority keys if a key of a different type
appeared in authorized_keys before it; ok markus@
2013-06-02 07:32:00 +10:00
a627d42e51
- djm@cvs.openbsd.org 2013/05/17 00:13:13
...
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
dns.c packet.c readpass.c authfd.c moduli.c]
bye, bye xfree(); ok markus@
2013-06-02 07:31:17 +10:00
c7aad0058c
- (dtucker) [configure.ac defines.h] Test for fd_mask, howmany and NFDBITS
...
rather than trying to enumerate the plaforms that don't have them.
Based on a patch from Nathan Osman, with help from tim@.
2013-06-02 07:18:47 +10:00
c0c3373216
- (dtucker) [configure.ac openbsd-compat/xcrypt.c] bz#2112: fall back to
...
using openssl's DES_crpyt function on platorms that don't have a native
one, eg Android. Based on a patch from Nathan Osman.
2013-06-02 06:28:03 +10:00
efdf534214
- (dtucker) [configure.ac openbsd-compat/bsd-misc.h] bz#2087: Add a null
...
implementation of endgrent for platforms that don't have it (eg Android).
Loosely based on a patch from Nathan Osman, ok djm
2013-05-30 08:29:08 +10:00
9b42d32738
- dtucker@cvs.openbsd.org 2013/05/17 10:35:43
...
[regress/scp.sh]
use a file extention that's not special on some platforms. from portable
(id sync only)
2013-05-17 20:48:59 +10:00
0a404b0ed7
- dtucker@cvs.openbsd.org 2013/05/17 10:34:30
...
[regress/portnum.sh]
use a more portable negated if structure. from portable (id sync only)
2013-05-17 20:47:29 +10:00
62ee222e6f
- dtucker@cvs.openbsd.org 2013/05/17 10:33:09
...
[regress/agent-getpeereid.sh]
don't redirect stdout from sudo. from portable (id sync only)
2013-05-17 20:46:00 +10:00
00478d30cb
- dtucker@cvs.openbsd.org 2013/05/17 10:30:07
...
[regress/test-exec.sh]
wait a bit longer for startup and use case for absolute path.
from portable (id sync only)
2013-05-17 20:45:06 +10:00
98989eb95e
- dtucker@cvs.openbsd.org 2013/05/17 10:28:11
...
[regress/sftp.sh]
only compare copied data if sftp succeeds. from portable (id sync only)
2013-05-17 20:44:09 +10:00
438f60eb9a
- dtucker@cvs.openbsd.org 2013/05/17 10:26:26
...
[regress/sftp-badcmds.sh]
remove unused BATCH variable. (id sync only)
2013-05-17 20:43:13 +10:00
1466bd25a8
- dtucker@cvs.openbsd.org 2013/05/17 10:24:48
...
[localcommand.sh]
use backticks for portability. (id sync only)
2013-05-17 20:42:05 +10:00
05b5e518c9
- dtucker@cvs.openbsd.org 2013/05/17 10:23:52
...
[regress/login-timeout.sh regress/reexec.sh regress/test-exec.sh]
Use SUDO when cat'ing pid files and running the sshd log wrapper so that
it works with a restrictive umask and the pid files are not world readable.
Changes from -portable. (id sync only)
2013-05-17 20:41:07 +10:00
dd669173f9
- dtucker@cvs.openbsd.org 2013/05/17 10:16:26
...
[regress/try-ciphers.sh]
use expr for math to keep diffs vs portable down
(id sync only)
2013-05-17 20:39:57 +10:00
044f32f4c6
- (dtucker) [regress/cfgmatch.sh] Remove unneeded sleep renderd obsolete by
...
rev 1.6 which calls wait.
2013-05-17 20:12:57 +10:00
9cc8ff7b63
- (dtucker) [regress/runtests.sh] Remove obsolete test driver script.
2013-05-17 20:01:52 +10:00
f8d5b34517
- (dtucker) [regress/stderr-after-eof.sh regress/test-exec.sh] Move the md5
...
helper function to the portable part of test-exec.sh.
2013-05-17 19:53:25 +10:00
6f66981ed3
- (dtucker) [regress/test-exec.sh] Move the portable-specific functions
...
together and add a couple of missing lines from openbsd.
2013-05-17 19:28:51 +10:00
5f1a89a3b6
- (dtucker) [regress/integrity.sh regress/krl.sh regress/test-exec.sh]
...
Move the jot helper function to portable-specific part of test-exec.sh.
2013-05-17 19:17:58 +10:00
96457a54d0
- (dtucker) [regress/agent-getpeereid.sh] Resync spaces with openbsd.
2013-05-17 19:03:38 +10:00
7f19323659
- (dtucker) [regress/cfgmatch.sh] Resync config file setup with openbsd.
2013-05-17 19:02:28 +10:00
8654dd2d73
- (dtucker) [openbsd-compat/getopt.h] Remove unneeded bits.
2013-05-17 16:03:48 +10:00
59d928d3b4
- dtucker@cvs.openbsd.org 2013/05/17 04:29:14
...
[regress/sftp.sh regress/putty-ciphers.sh regress/cipher-speed.sh
regress/test-exec.sh regress/sftp-batch.sh regress/dynamic-forward.sh
regress/putty-transfer.sh regress/conch-ciphers.sh regress/sftp-cmds.sh
regress/scp.sh regress/ssh-com-sftp.sh regress/rekey.sh
regress/putty-kex.sh regress/stderr-data.sh regress/stderr-after-eof.sh
regress/sftp-badcmds.sh regress/reexec.sh regress/ssh-com-client.sh
regress/sftp-chroot.sh regress/forwarding.sh regress/transfer.sh
regress/multiplex.sh]
Move the setting of DATA and COPY into test-exec.sh
2013-05-17 15:32:29 +10:00
34035be27b
- dtucker@cvs.openbsd.org 2013/05/17 01:32:11
...
[regress/integrity.sh]
don't print output from ssh before getting it (it's available in ssh.log)
2013-05-17 14:47:51 +10:00
b8b96b0aa6
- dtucker@cvs.openbsd.org 2013/05/17 01:16:09
...
[regress/agent-timeout.sh]
Pull back some portability changes from -portable:
- TIMEOUT is a read-only variable in some shells
- not all greps have -q so redirect to /dev/null instead.
(ID sync only)
2013-05-17 14:46:20 +10:00
56347efe79
- dtucker@cvs.openbsd.org 2013/05/17 00:37:40
...
[regress/agent.sh regress/keytype.sh regress/cfgmatch.sh
regress/forcecommand.sh regress/proto-version.sh regress/test-exec.sh
regress/cipher-speed.sh regress/cert-hostkey.sh regress/cert-userkey.sh
regress/ssh-com.sh]
replace 'echo -n' with 'printf' since it's more portable
also remove "echon" hack.
2013-05-17 13:28:36 +10:00
91af05c516
- (dtucker) [regress/integrity.sh]. Force fixed Diffie-Hellman key exchange
...
methods. When the openssl version doesn't support ECDH then next one on
the list is DH group exchange, but that causes a bit more traffic which can
mean that the tests flip bits in the initial exchange rather than the MACed
traffic and we get different errors to what the tests look for.
2013-05-17 13:16:59 +10:00
6e1e60c3c2
- (dtucker) [regress/bsd.regress.mk] Remove unused file. We've never used it
...
in portable and it's long gone in openbsd.
2013-05-17 11:23:41 +10:00
982b0cbc4c
- dtucker@cvs.openbsd.org 2013/05/16 05:48:31
...
[regress/rekey.sh]
add tests for RekeyLimit parsing
2013-05-17 09:45:12 +10:00
14490fe7b0
- dtucker@cvs.openbsd.org 2013/05/16 04:26:10
...
[regress/rekey.sh]
add server-side rekey test
2013-05-17 09:44:20 +10:00
c31c8729c1
- dtucker@cvs.openbsd.org 2013/05/16 03:33:30
...
[regress/rekey.sh]
test rekeying when there's no data being transferred
2013-05-17 09:43:33 +10:00
a8a62fcc46
- dtucker@cvs.openbsd.org 2013/05/16 02:10:35
...
[rekey.sh]
Add test for time-based rekeying
2013-05-17 09:42:34 +10:00
5e95173715
- djm@cvs.openbsd.org 2013/05/10 03:46:14
...
[modpipe.c]
sync some portability changes from portable OpenSSH (id sync only)
2013-05-17 09:41:33 +10:00
a4df65b9fc
- dtucker@cvs.openbsd.org 2013/04/22 07:28:53
...
[multiplex.sh]
Add tests for -Oforward and -Ocancel for local and remote forwards
2013-05-17 09:37:31 +10:00
40aaff7e4b
- dtucker@cvs.openbsd.org 2013/04/22 07:23:08
...
[multiplex.sh]
Write mux master logs to regress.log instead of ssh.log to keep separate
2013-05-17 09:36:20 +10:00
f3568fc62b
- djm@cvs.openbsd.org 2013/04/18 02:46:12
...
[Makefile regress/sftp-chroot.sh]
test sshd ChrootDirectory+internal-sftp; feedback & ok dtucker@
2013-05-17 09:35:26 +10:00
dfea3bcdd7
- dtucker@cvs.openbsd.org 2013/04/07 02:16:03
...
[regress/Makefile regress/rekey.sh regress/integrity.sh
regress/sshd-log-wrapper.sh regress/forwarding.sh regress/test-exec.sh]
use -E option for ssh and sshd to write debuging logs to ssh{,d}.log and
save the output from any failing tests. If a test fails the debug output
from ssh and sshd for the failing tests (and only the failing tests) should
be available in failed-ssh{,d}.log.
2013-05-17 09:31:39 +10:00
75129025a2
- dtucker@cvs.openbsd.org 2013/04/06 06:00:22
...
[regress/rekey.sh regress/test-exec.sh regress/integrity.sh
regress/multiplex.sh Makefile regress/cfgmatch.sh]
Split the regress log into 3 parts: the debug output from ssh, the debug
log from sshd and the output from the client command (ssh, scp or sftp).
Somewhat functional now, will become more useful when ssh/sshd -E is added.
2013-05-17 09:19:10 +10:00
7c8b1e7233
- dtucker@cvs.openbsd.org 2013/03/23 11:09:43
...
[test-exec.sh]
Only regenerate host keys if they don't exist or if ssh-keygen has changed
since they were. Reduces test runtime by 5-30% depending on machine
speed.
2013-05-17 09:10:20 +10:00
712de4d110
- djm@cvs.openbsd.org 2013/03/07 00:20:34
...
[regress/proxy-connect.sh]
repeat test with a style appended to the username
2013-05-17 09:07:12 +10:00
09c0f0325b
- dtucker@cvs.openbsd.org 2013/05/16 10:44:06
...
[servconf.c]
remove another now-unused variable
2013-05-16 20:48:57 +10:00
9113d0c238
- dtucker@cvs.openbsd.org 2013/05/16 10:43:34
...
[servconf.c readconf.c]
remove now-unused variables
2013-05-16 20:48:14 +10:00
e194ba4111
- (dtucker) [configure.ac readconf.c servconf.c
...
openbsd-compat/openbsd-compat.h] Add compat bits for scan_scaled.
2013-05-16 20:47:31 +10:00
b7ee852144
- dtucker@cvs.openbsd.org 2013/05/16 09:12:31
...
[readconf.c servconf.c]
switch RekeyLimit traffic volume parsing to scan_scaled. ok djm@
2013-05-16 20:33:10 +10:00
dbee308253
- dtucker@cvs.openbsd.org 2013/05/16 09:08:41
...
[log.c scp.c sshd.c serverloop.c schnorr.c sftp.c]
Fix some "unused result" warnings found via clang and -portable.
ok markus@
2013-05-16 20:32:29 +10:00
64d22946d6
- jmc@cvs.openbsd.org 2013/05/16 06:30:06
...
[sshd_config.5]
oops! avoid Xr to self;
2013-05-16 20:31:29 +10:00
63e0df2b93
- jmc@cvs.openbsd.org 2013/05/16 06:28:45
...
[ssh_config.5]
put IgnoreUnknown in the right place;
2013-05-16 20:30:31 +10:00
0763698f71
- djm@cvs.openbsd.org 2013/05/16 04:27:50
...
[ssh_config.5 readconf.h readconf.c]
add the ability to ignore specific unrecognised ssh_config options;
bz#866; ok markus@
2013-05-16 20:30:03 +10:00
5f96f3b4be
- dtucker@cvs.openbsd.org 2013/05/16 04:09:14
...
[sshd_config.5 servconf.c servconf.h packet.c serverloop.c monitor.c sshd_config
sshd.c] Add RekeyLimit to sshd with the same syntax as the client allowing
rekeying based on traffic volume or time. ok djm@, help & ok jmc@ for the man
page.
2013-05-16 20:29:28 +10:00
c53c2af173
- dtucker@cvs.openbsd.org 2013/05/16 02:00:34
...
[ssh_config sshconnect2.c packet.c readconf.h readconf.c clientloop.c
ssh_config.5 packet.h]
Add an optional second argument to RekeyLimit in the client to allow
rekeying based on elapsed time in addition to amount of traffic.
with djm@ jmc@, ok djm
2013-05-16 20:28:16 +10:00
64c6fceecd
- dtucker@cvs.openbsd.org 2013/05/10 10:13:50
...
[ssh-pkcs11-helper.c]
remove unused extern optarg. ok markus@
2013-05-16 20:27:14 +10:00
caf0010934
- djm@cvs.openbsd.org 2013/05/10 04:08:01
...
[key.c]
memleak in cert_free(), wasn't actually freeing the struct;
bz#2096 from shm AT digitalsun.pl
2013-05-16 20:26:18 +10:00
7e831edbf7
add missing attribution
2013-05-16 20:25:40 +10:00
54da6be320
- djm@cvs.openbsd.org 2013/05/10 03:40:07
...
[sshconnect2.c]
fix bzero(ptr_to_struct, sizeof(ptr_to_struct)); bz#2100 from
2013-05-16 20:25:04 +10:00
5d8b702d95
- dtucker@cvs.openbsd.org 2013/05/06 07:35:12
...
[sftp-server.8]
Reference the version of the sftp draft we actually implement. ok djm@
2013-05-16 20:24:23 +10:00
026d9db3fb
- tedu@cvs.openbsd.org 2013/04/24 16:01:46
...
[misc.c]
remove extra parens noticed by nicm
2013-05-16 20:23:52 +10:00
2ca51bf140
- tedu@cvs.openbsd.org 2013/04/23 17:49:45
...
[misc.c]
use xasprintf instead of a series of strlcats and strdup. ok djm
2013-05-16 20:22:46 +10:00
6aa3eacc5e
- (djm) [contrib/ssh-copy-id] Fix bug that could cause "rm *" to be
...
executed if mktemp failed; bz#2105 ok dtucker@
2013-05-16 11:10:17 +10:00
c54e3e0741
- (dtucker) [configure.ac] Add -Werror to the -Qunused-arguments test so
...
we don't get a warning on compilers that *don't* support it. Add
-Wno-unknown-warning-option. Move both to the start of the list for
maximum noise suppression. Tested with gcc 4.6.3, gcc 2.95.4 and clang 2.9.
2013-05-10 18:53:14 +10:00
a75d247a18
- (dtucker) [kex.c] Only include sha256 and ECC key exchange methods when the
...
underlying libraries support them.
2013-05-10 18:11:55 +10:00
0abfb559e3
- (dtucker) [openbsd-compat/getopt.h openbsd-compat/getopt_long.c
...
openbsd-compat/openbsd-compat.h] pull in getopt.h from openbsd and plumb
in to use it when we're using our own getopt.
2013-05-10 18:08:49 +10:00
ccfdfceacb
- (dtucker) [openbsd-compat/Makefile.in openbsd-compat/getopt.c
...
openbsd-compat/getopt_long.c regress/modpipe.c] Remove getopt.c, add
portability code to getopt_long.c and switch over Makefile and the ugly
hack in modpipe.c. Fixes bz#1448.
2013-05-10 16:28:55 +10:00
3933202007
- (dtucker) [openbsd-compat/getopt_long.c] Import from OpenBSD. No
...
portability changes yet.
2013-05-10 15:38:11 +10:00
35b2fe99be
- (dtucker) [openbsd-compat/getopt.c] Factor out portibility changes to
...
getopt.c. Preprocessed source is identical other than line numbers.
2013-05-10 15:35:26 +10:00
abbc7a7c02
- (dtucker) [configure.ac] Enable -Wsizeof-pointer-memaccess if the compiler
...
supports it. Mentioned by Colin Watson in bz#2100, ok djm.
2013-05-10 13:54:23 +10:00
bc02f163f6
- dtucker@cvs.openbsd.org 2013/04/22 01:17:18
...
[mux.c]
typo in debug output: evitval->exitval
2013-04-23 19:25:49 +10:00
f8b894e31d
- djm@cvs.openbsd.org 2013/04/19 12:07:08
...
[kex.c]
remove duplicated list entry pointed out by naddy@
2013-04-23 19:25:29 +10:00
34bd20a1e5
- djm@cvs.openbsd.org 2013/04/19 11:10:18
...
[ssh.c]
add -Q to usage; reminded by jmc@
2013-04-23 19:25:00 +10:00
ea11119eee
- djm@cvs.openbsd.org 2013/04/19 01:06:50
...
[authfile.c cipher.c cipher.h kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c]
[key.c key.h mac.c mac.h packet.c ssh.1 ssh.c]
add the ability to query supported ciphers, MACs, key type and KEX
algorithms to ssh. Includes some refactoring of KEX and key type handling
to be table-driven; ok markus@
2013-04-23 19:24:32 +10:00
a56086b990
- djm@cvs.openbsd.org 2013/04/19 01:03:01
...
[session.c]
reintroduce 1.262 without the connection-killing bug:
fatal() when ChrootDirectory specified by running without root privileges;
ok markus@
2013-04-23 15:24:18 +10:00
0d6771b464
- djm@cvs.openbsd.org 2013/04/19 01:01:00
...
[ssh-keygen.c]
fix some memory leaks; bz#2088 ok dtucker@
2013-04-23 15:23:24 +10:00
467b00c38b
- djm@cvs.openbsd.org 2013/04/19 01:00:10
...
[sshd_config.5]
document the requirment that the AuthorizedKeysCommand be owned by root;
ok dtucker@ markus@
2013-04-23 15:23:07 +10:00
9303e6527b
- djm@cvs.openbsd.org 2013/04/18 02:16:07
...
[sftp.c]
make "sftp -q" do what it says on the sticker: hush everything but errors;
2013-04-23 15:22:40 +10:00
f1a02aea35
- dtucker@cvs.openbsd.org 2013/04/17 09:04:09
...
[session.c]
revert rev 1.262; it fails because uid is already set here. ok djm@
2013-04-23 15:22:13 +10:00
d5edefd27a
- djm@cvs.openbsd.org 2013/04/11 02:27:50
...
[packet.c]
quiet disconnect notifications on the server from error() back to logit()
if it is a normal client closure; bz#2057 ok+feedback dtucker@
2013-04-23 15:21:39 +10:00
6901032b05
- dtucker@cvs.openbsd.org 2013/04/07 09:40:27
...
[sshd.8]
clarify -e text. suggested by & ok jmc@
2013-04-23 15:21:24 +10:00
03d4d7e60b
- dtucker@cvs.openbsd.org 2013/04/07 02:10:33
...
[log.c log.h ssh.1 ssh.c sshd.8 sshd.c]
Add -E option to ssh and sshd to append debugging logs to a specified file
instead of stderr or syslog. ok markus@, man page help jmc@
2013-04-23 15:21:06 +10:00
37f1c08473
- markus@cvs.openbsd.org 2013/04/06 16:07:00
...
[channels.c sshd.c]
handle ECONNABORTED for accept(); ok deraadt some time ago...
2013-04-23 15:20:43 +10:00
172859cff7
- djm@cvs.openbsd.org 2013/04/05 00:58:51
...
[mux.c]
cleanup mux-created channels that are in SSH_CHANNEL_OPENING state too
(in addition to ones already in OPEN); bz#2079, ok dtucker@
2013-04-23 15:19:27 +10:00
9f12b5dcd5
- djm@cvs.openbsd.org 2013/04/05 00:31:49
...
[pathnames.h]
use the existing _PATH_SSH_USER_RC define to construct the other
pathnames; bz#2077, ok dtucker@ (no binary change)
2013-04-23 15:19:11 +10:00
d677ad14ff
- djm@cvs.openbsd.org 2013/04/05 00:14:00
...
[auth2-gss.c krl.c sshconnect2.c]
hush some {unused, printf type} warnings
2013-04-23 15:18:51 +10:00
508b6c3d3b
- djm@cvs.openbsd.org 2013/03/08 06:32:58
...
[ssh.c]
allow "ssh -f none ..." ok markus@
2013-04-23 15:18:28 +10:00
91a55f28f3
- markus@cvs.openbsd.org 2013/03/07 19:27:25
...
[auth.h auth2-chall.c auth2.c monitor.c sshd_config.5]
add submethod support to AuthenticationMethods; ok and freedback djm@
2013-04-23 15:18:10 +10:00
4ce189d910
- djm@cvs.openbsd.org 2013/03/07 00:19:59
...
[auth2-pubkey.c monitor.c]
reconstruct the original username that was sent by the client, which may
have included a style (e.g. "root:skey") when checking public key
signatures. Fixes public key and hostbased auth when the client specified
a style; ok markus@
2013-04-23 15:17:52 +10:00
5cbec4c259
- djm@cvs.openbsd.org 2013/03/06 23:36:53
...
[readconf.c]
g/c unused variable (-Wunused)
2013-04-23 15:17:12 +10:00
998cc56b65
- djm@cvs.openbsd.org 2013/03/06 23:35:23
...
[session.c]
fatal() when ChrootDirectory specified by running without root privileges;
ok markus@
2013-04-23 15:16:43 +10:00
62e9c4f9b6
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2013/03/05 20:16:09
[sshconnect2.c]
reset pubkey order on partial success; ok djm@
2013-04-23 15:15:49 +10:00
6332da2ae8
- (djm) [auth.c configure.ac misc.c monitor.c monitor_wrap.c] Support
...
platforms, such as Android, that lack struct passwd.pw_gecos. Report
and initial patch from Nathan Osman bz#2086; feedback tim@ ok dtucker@
2013-04-23 14:25:52 +10:00
ce1c9574fc
- (dtucker) [configure.ac] Use -Qunused-arguments to suppress warnings from
...
unused argument warnings (in particular, -fno-builtin-memset) from clang.
2013-04-18 21:36:19 +10:00
bc68f2451b
- (djm) [config.guess config.sub] Update to last versions before they switch
...
to GPL3. ok dtucker@
2013-04-18 11:26:25 +10:00
15fd19c4c9
- djm@cvs.openbsd.org 2013/02/22 22:09:01
...
[ssh.c]
Allow IdenityFile=none; ok markus deraadt (and dtucker for an earlier
version)
2013-04-05 11:22:26 +11:00
5d1d9541a7
- markus@cvs.openbsd.org 2013/02/22 19:13:56
...
[sshconnect.c]
support ProxyCommand=- (stdin/out already point to the proxy); ok djm@
2013-04-05 11:20:00 +11:00
aefa368243
- dtucker@cvs.openbsd.org 2013/02/22 04:45:09
...
[ssh.c readconf.c readconf.h]
Don't complain if IdentityFiles specified in system-wide configs are
missing. ok djm, deraadt
2013-04-05 11:18:35 +11:00
f3c3814243
- dtucker@cvs.openbsd.org 2013/02/19 02:12:47
...
[krl.c]
Remove bogus include. ok djm
(id sync only)
2013-04-05 11:16:52 +11:00
1910478c2d
- dtucker@cvs.openbsd.org 2013/02/17 23:16:57
...
[readconf.c ssh.c readconf.h sshconnect2.c]
Keep track of which IndentityFile options were manually supplied and which
were default options, and don't warn if the latter are missing.
ok markus@
2013-04-05 11:13:08 +11:00
c9627cdbc6
- (dtucker) [openbsd-compat/bsd-cygwin_util.{c,h}] Don't include windows.h
...
to avoid conflicting definitions of __int64, adding the required bits.
Patch from Corinna Vinschen.
2013-04-01 12:40:48 +11:00
75db01d2ce
- (tim) [Makefile.in] remove some duplication introduced in 20130220 commit.
2013-03-22 10:14:32 -07:00
221b4b2436
- (dtucker) [includes.h] Check if _GNU_SOURCE is already defined before
...
defining it again. Prevents warnings if someone, eg, sets it in CFLAGS.
2013-03-22 12:51:09 +11:00
c8a0f27c6d
- (dtucker) [configure.ac] Add stdlib.h to zlib check for exit() prototype.
2013-03-22 12:49:14 +11:00
eed8dc2610
- (djm) Release 6.2p1
2013-03-22 10:25:22 +11:00
83efe7c861
- (djm) [contrib/ssh-copy-id contrib/ssh-copy-id.1] Updated to Phil
...
Hands' greatly revised version.
2013-03-22 10:17:36 +11:00
63b4bcd04e
- (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c]
...
[openbsd-compat/vis.h] FreeBSD's strnvis isn't compatible with OpenBSD's
so mark it as broken. Patch from des AT des.no
2013-03-20 12:55:14 +11:00
aa86c3970f
- (tim) [configure.ac] OpenServer 5 wants lastlog even though it has none
...
of the bits the configure test looks for.
2013-03-16 20:55:46 -07:00
5852840190
- (djm) [session.c] FreeBSD needs setusercontext(..., LOGIN_SETUMASK) to
...
occur after UID switch; patch from John Marshall via des AT des.no;
ok dtucker@
2013-03-15 11:22:37 +11:00
f4db77d766
- (djm) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
...
Add a usleep replacement for platforms that lack it; ok dtucker
2013-03-15 10:34:25 +11:00
a2438bbd28
- (djm) [configure.ac] Disable utmp, wtmp and/or lastlog if the platform
...
is unable to successfully compile them. Based on patch from des AT
des.no
2013-03-15 10:23:07 +11:00
aa97d13fa2
- (dtucker) [auth.c configure.ac platform.c platform.h] Accept uid 2 ("bin")
...
in addition to root as an owner of system directories on AIX and HP-UX.
ok djm@
2013-03-12 11:31:05 +11:00
fe10a28e08
- (dtucker) [regress/Makefile regress/cipher-speed.sh regress/test-exec.sh]
...
Improve portability of cipher-speed test, based mostly on a patch from
Iain Morgan.
2013-03-12 11:19:40 +11:00
e4f4347822
- (djm) [configure.ac] Add a timeout to the select/rlimit test to give it a
...
chance to complete on broken systems; ok dtucker@
2013-03-08 12:14:22 +11:00
2b6ea47106
- (tim) [Makefile.in] Add another missing $(EXEEXT) I should have seen 3 days
...
ago.
2013-03-07 07:37:13 -08:00
4d1a0fe029
remove extra word
2013-03-07 20:14:34 +11:00
9243ef086f
- (dtucker) [defines.h] Remove SIZEOF_CHAR bits since the test for it is
...
was removed in configure.ac rev 1.481 as it was redundant.
2013-03-07 20:06:13 +11:00
b3cd503742
- (dtucker) [INSTALL] Bump documented autoconf version to what we're
...
currently using.
2013-03-07 12:33:35 +11:00
ff008ded7f
- (dtucker) [configure.ac] test that we can set number of file descriptors
...
to zero with setrlimit before enabling the rlimit sandbox. This affects
(at least) HPUX 11.11.
2013-03-06 17:48:48 +11:00
834a0d6d54
- (dtucker) [regress/forward-control.sh] Wait longer for the forwarding
...
connection to start so that the test works on slower machines.
2013-03-06 14:06:48 +11:00
ff8bda8f05
- (tim) [Makefile.in] Add missing $(EXEEXT). Found by Roumen Petrov.
2013-03-05 14:23:58 -08:00
29c7151d20
- (dtucker) [Makefile.in] Remove trailing "\" on PATHS, which caused obscure
...
build breakage on (at least) HP-UX 11.11. Found by Amit Kulkarni and Kevin
Brott.
2013-03-05 21:50:09 +11:00
fef9f7c3d1
add Amit.
2013-03-05 20:02:24 +11:00
5f0e54c892
- (dtucker) [configure.ac] use "=" for shell test and not "==". Spotted by
...
Kevin Brott.
2013-03-05 19:57:39 +11:00
43e5e60bad
- (djm) [regress/modpipe.c] Compilation fix for AIX and parsing fix for
...
HP/UX. Spotted by Kevin Brott
2013-03-05 09:49:00 +11:00
21f591b6d9
- (tim) [regress/krl.sh] keep old solaris awk from hanging.
2013-02-26 22:48:31 -08:00
ada7e17ae5
- (tim) [regress/integrity.sh] keep old solaris awk from hanging.
2013-02-26 21:49:09 -08:00
f9e2060ca9
- (tim) [regress/integrity.sh] shell portability fix.
2013-02-26 20:27:29 -08:00
a514bc05b1
- (tim) [regress/forward-control.sh] use sh in case login shell is csh.
2013-02-26 19:35:26 -08:00
c0cc7ce166
- (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
...
[contrib/suse/openssh.spec] Crank version numbers
2013-02-27 10:48:18 +11:00
6c21bb8c4a
- (djm) [regress/integrity.sh] Run sshd via $SUDO; fixes tinderbox breakage
...
for UsePAM=yes configuration
2013-02-26 19:41:30 +11:00
1e657d592d
- djm@cvs.openbsd.org 2013/02/20 08:27:50
...
[integrity.sh]
Add an option to modpipe that warns if the modification offset it not
reached in it's stream and turn it on for t-integrity. This should catch
cases where the session is not fuzzed for being too short (cf. my last
"oops" commit)
2013-02-26 18:58:06 +11:00
03978c61f3
- (dtucker) [configure.ac ssh-gss.h] bz#2073: additional #includes needed
...
to use Solaris native GSS libs. Patch from Pierre Ossman.
2013-02-25 11:24:44 +11:00
a423fefb89
welcome to 2013
2013-02-25 10:32:27 +11:00
b87f6b70f8
- (djm) [configure.ac includes.h loginrec.c mux.c sftp.c] Prefer
...
bsd/libutil.h to libutil.h to avoid deprecation warnings on Ubuntu.
ok tim
2013-02-23 09:12:23 +11:00
91f40d8592
- (djm) [configure.ac sandbox-seccomp-filter.c] Support for Linux
...
seccomp-bpf sandbox on ARM. Patch from shawnlandden AT gmail.com;
ok dtucker
2013-02-22 11:37:00 +11:00
a2b5a4c746
- (dtucker) [configure.ac] bz#2073: look for Solaris' differently-named
...
libgss too. Patch from Pierre Ossman, ok djm.
2013-02-22 10:43:15 +11:00
964de184a8
- (dtucker) [Makefile.in configure.ac] bz#2072: don't link krb5 libs to
...
ssh(1) since they're not needed. Patch from Pierre Ossman.
2013-02-22 10:39:59 +11:00
0ec7423692
- (tim) [regress/forward-control.sh] shell portability fix.
2013-02-20 21:37:55 -08:00
5acc6be981
- djm@cvs.openbsd.org 2013/02/20 08:29:27
...
[regress/modpipe.c]
s/Id/OpenBSD/ in RCS tag
2013-02-20 21:16:07 +11:00
283e575a7d
- djm@cvs.openbsd.org 2013/02/20 08:27:50
...
[regress/integrity.sh regress/modpipe.c]
Add an option to modpipe that warns if the modification offset it not
reached in it's stream and turn it on for t-integrity. This should catch
cases where the session is not fuzzed for being too short (cf. my last
"oops" commit)
2013-02-20 21:13:27 +11:00
c31db8cd6e
- (tim) [krl.c Makefile.in regress/Makefile regress/modpipe.c] remove unneeded
...
err.h include from krl.c. Additional portability fixes for modpipe. OK djm
2013-02-19 19:01:51 -08:00
c08b3ef6f4
- (tim) [regress/cipher-speed.sh regress/try-ciphers.sh] shell portability fix.
2013-02-19 11:53:29 -08:00
dae85cc3ad
- (djm) [regress/integrity.sh] Skip SHA2-based MACs on configurations that
...
lack support for SHA2.
2013-02-19 14:27:44 +11:00
b3764e1202
- djm@cvs.openbsd.org 2013/02/19 02:14:09
...
[integrity.sh]
oops, forgot to increase the output of the ssh command to ensure that
we actually reach $offset
2013-02-19 13:15:01 +11:00
0dc3bc908e
- djm@cvs.openbsd.org 2013/02/18 22:26:47
...
[integrity.sh]
crank the offset yet again; it was still fuzzing KEX one of Darren's
portable test hosts at 2800
2013-02-19 09:28:32 +11:00
33d52566bc
- djm@cvs.openbsd.org 2013/02/17 23:16:55
...
[integrity.sh]
make the ssh command generates some output to ensure that there are at
least offset+tries bytes in the stream.
2013-02-18 10:18:05 +11:00
5d7b9565bc
- djm@cvs.openbsd.org 2013/02/16 06:08:45
...
[integrity.sh]
make sure the fuzz offset is actually past the end of KEX for all KEX
types. diffie-hellman-group-exchange-sha256 requires an offset around
2700. Noticed via test failures in portable OpenSSH on platforms that
lack ECC and this the more byte-frugal ECDH KEX algorithms.
2013-02-16 17:32:31 +11:00
2991d288db
- (dtucker) [openbsd-compat/bsd-misc.c] Handle the case where setpgrp() takes
...
an argument. Pointed out by djm.
2013-02-15 14:55:38 +11:00
f32db83f41
- (dtucker) [openbsd-compat/openbsd-compat.h] Add prototype for strtoul,
...
group strto* function prototypes together.
2013-02-15 12:20:41 +11:00
5ceddc31cd
- dtucker@cvs.openbsd.org 2013/02/15 00:21:01
...
[sshconnect2.c]
Warn more loudly if an IdentityFile provided by the user cannot be read.
bz #1981 , ok djm@
2013-02-15 12:18:32 +11:00
8e6fb780e5
- (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoull.c
...
openbsd-compat/openbsd-compat.h] Add strtoull to compat library for
platforms that don't have it.
2013-02-15 12:13:01 +11:00
3c4a24c3e3
- (dtucker) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
...
Use getpgrp() if we don't have getpgid() (old BSDs, maybe others).
2013-02-15 11:41:35 +11:00
4018dc04da
- djm@cvs.openbsd.org 2013/02/14 21:35:59
...
[auth2-pubkey.c]
Correct error message that had a typo and was logging the wrong thing;
patch from Petr Lautrbach
2013-02-15 10:28:55 +11:00
91edc1ce2b
- (djm) [contrib/suse/rc.sshd] Use SSHD_BIN consistently; bz#2056 from
...
Iain Morgan
2013-02-15 10:23:44 +11:00
57f9218528
- (djm) [regress/integrity.sh] Start fuzzing from offset 2500 (instead
...
of 2300) to avoid clobbering the end of (non-MAC'd) KEX. Verified by
Iain Morgan
2013-02-14 10:32:33 +11:00
6d77d6ea2b
- (djm) [regress/krl.sh] typo; found by Iain Morgan
2013-02-14 10:31:03 +11:00
2653f5c0a6
- (djm) [regress/krl.sh] Don't use ecdsa keys in environment that lack ECC.
2013-02-14 10:14:51 +11:00
2f20de5e3f
- (djm) [regress/try-ciphers.sh] clean up CVS merge botch
2013-02-12 11:31:38 +11:00
58e2c5b394
- djm@cvs.openbsd.org 2013/02/11 23:58:51
...
[try-ciphers.sh]
remove acss here too
2013-02-12 11:16:57 +11:00
22e8a1e169
- dtucker@cvs.openbsd.org 2013/02/11 21:21:58
...
[sshd.c]
Add openssl version to debug output similar to the client. ok markus@
2013-02-12 11:04:48 +11:00
894926ebd8
- djm@cvs.openbsd.org 2013/02/10 23:35:24
...
[packet.c]
record "Received disconnect" messages at ERROR rather than INFO priority,
since they are abnormal and result in a non-zero ssh exit status; patch
from Iain Morgan in bz#2057; ok dtucker@
2013-02-12 11:03:58 +11:00
78d22713c7
- djm@cvs.openbsd.org 2013/02/10 23:32:10
...
[ssh-keygen.c]
append to moduli file when screening candidates rather than overwriting.
allows resumption of interrupted screen; patch from Christophe Garault
in bz#1957; ok dtucker@
2013-02-12 11:03:36 +11:00
fd05154dc4
- markus@cvs.openbsd.org 2013/02/10 21:19:34
...
[version.h]
openssh 6.2
2013-02-12 11:03:10 +11:00
d6d9fa0281
- djm@cvs.openbsd.org 2013/02/08 00:41:12
...
[sftp.c]
fix NULL deref when built without libedit and control characters
entered as command; debugging and patch from Iain Morgan an
Loganaden Velvindron in bz#1956
2013-02-12 11:02:46 +11:00
18de9133c2
- dtucker@cvs.openbsd.org 2013/02/06 00:22:21
...
[auth.c]
Fix comment, from jfree.e1 at gmail
2013-02-12 11:02:27 +11:00
1f583df8c3
- dtucker@cvs.openbsd.org 2013/02/06 00:20:42
...
[servconf.c sshd_config sshd_config.5]
Change default of MaxStartups to 10:30:100 to start doing random early
drop at 10 connections up to 100 connections. This will make it harder
to DoS as CPUs have come a long way since the original value was set
back in 2000. Prompted by nion at debian org, ok markus@
2013-02-12 11:02:08 +11:00
0cd2f8e5f8
- djm@cvs.openbsd.org 2013/01/27 10:06:12
...
[krl.c]
actually use the xrealloc() return value; spotted by xi.wang AT gmail.com
2013-02-12 11:01:39 +11:00
f0a8ded824
- djm@cvs.openbsd.org 2013/01/26 06:11:05
...
[Makefile.in acss.c acss.h cipher-acss.c cipher.c]
[openbsd-compat/openssl-compat.h]
remove ACSS, now that it is gone from libcrypto too
2013-02-12 11:00:34 +11:00
60565bcb5c
- djm@cvs.openbsd.org 2013/01/25 10:22:19
...
[krl.c]
redo last commit without the vi-vomit that snuck in:
skip serial lookup when cert's serial number is zero
(now with 100% better comment)
2013-02-12 10:56:42 +11:00
377d9a44f9
- krw@cvs.openbsd.org 2013/01/25 05:00:27
...
[krl.c]
Revert last. Breaks due to likely typo. Let djm@ fix later.
ok djm@ via dlg@
2013-02-12 10:55:16 +11:00
6045f5d574
- djm@cvs.openbsd.org 2013/01/24 22:08:56
...
[krl.c]
skip serial lookup when cert's serial number is zero
2013-02-12 10:54:54 +11:00
ea078462ea
- (djm) OpenBSD CVS Sync
...
- djm@cvs.openbsd.org 2013/01/24 21:45:37
[krl.c]
fix handling of (unused) KRL signatures; skip string in correct buffer
2013-02-12 10:54:37 +11:00
b6f73b3af6
- (djm) [configure.ac openbsd-compat/openssl-compat.h] Repair build on old
...
libcrypto that lacks EVP_CIPHER_CTX_ctrl
2013-02-11 10:39:12 +11:00
951b53b1be
- (dtucker) [configure.ac openbsd-compat/sys-tree.h] Test if compiler allows
...
__attribute__ on return values and work around if necessary. ok djm@
2013-02-08 11:50:09 +11:00
e7f50e1c18
- (djm) [contrib/redhat/sshd.init] treat RETVAL as an integer;
...
patch from Iain Morgan in bz#2059
2013-02-08 10:49:37 +11:00
5c3bbd76aa
- (djm) [configure.ac] Don't probe seccomp capability of running kernel
...
at configure time; the seccomp sandbox will fall back to rlimit at
runtime anyway. Patch from plautrba AT redhat.com in bz#2011
2013-02-07 10:11:05 +11:00
dc75d1fc04
- (djm) [regress/krl.sh] replacement for jot; most platforms lack it
2013-01-20 22:58:51 +11:00
d60b210830
- (djm) [openbsd-compat/sys-tree.h] Sync with OpenBSD. krl.c needs newer
...
version.
2013-01-20 22:49:58 +11:00
a7522d9fc0
- markus@cvs.openbsd.org 2013/01/19 12:34:55
...
[krl.c]
RB_INSERT does not remove existing elments; ok djm@
2013-01-20 22:35:31 +11:00
a0a7ee8bf4
- jmc@cvs.openbsd.org 2013/01/19 07:13:25
...
[ssh-keygen.1]
fix some formatting; ok djm
2013-01-20 22:35:06 +11:00
881a7a2c5d
- jmc@cvs.openbsd.org 2013/01/18 21:48:43
...
[ssh-keygen.1]
command-line (adj.) -> command line (n.);
2013-01-20 22:34:46 +11:00
072fdcd198
- jmc@cvs.openbsd.org 2013/01/18 08:39:04
...
[ssh-keygen.1]
add -Q to the options list; ok djm
2013-01-20 22:34:04 +11:00
72abeb709e
- jmc@cvs.openbsd.org 2013/01/18 08:00:49
...
[sshd_config.5]
tweak previous;
2013-01-20 22:33:44 +11:00
3d6d68b1e1
- jmc@cvs.openbsd.org 2013/01/18 07:59:46
...
[ssh-keygen.c]
-u before -V in usage();
2013-01-20 22:33:23 +11:00
ac5542b6b8
- jmc@cvs.openbsd.org 2013/01/18 07:57:47
...
[ssh-keygen.1]
tweak previous;
2013-01-20 22:33:02 +11:00
da5cc5d09a
- (djm) [cipher-aes.c cipher-ctr.c openbsd-compat/openssl-compat.h]
...
Move prototypes for replacement ciphers to openssl-compat.h; fix EVP
prototypes for openssl-1.0.0-fips.
2013-01-20 22:31:29 +11:00
13f5f768bc
- djm@cvs.openbsd.org 2013/01/18 03:00:32
...
[krl.c]
fix KRL generation bug for list sections
2013-01-18 15:32:03 +11:00
ebafebda85
- djm@cvs.openbsd.org 2013/01/18 00:45:29
...
[regress/Makefile regress/cert-userkey.sh regress/krl.sh]
Tests for Key Revocation Lists (KRLs)
2013-01-18 11:51:56 +11:00
f3747bf401
- djm@cvs.openbsd.org 2013/01/17 23:00:01
...
[auth.c key.c key.h ssh-keygen.1 ssh-keygen.c sshd_config.5]
[krl.c krl.h PROTOCOL.krl]
add support for Key Revocation Lists (KRLs). These are a compact way to
represent lists of revoked keys and certificates, taking as little as
a single bit of incremental cost to revoke a certificate by serial number.
KRLs are loaded via the existing RevokedKeys sshd_config option.
feedback and ok markus@
2013-01-18 11:44:04 +11:00
b26699bbad
- (djm) [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh]
...
check for GCM support before testing GCM ciphers.
2013-01-17 14:31:57 +11:00
efa1c95092
- (djm) [regress/integrity.sh] repair botched merge
2013-01-12 23:10:47 +11:00
846dc7f21c
- djm@cvs.openbsd.org 2013/01/12 11:23:53
...
[regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh]
test AES-GCM modes; feedback markus@
2013-01-12 22:46:26 +11:00
c20eb8b8ea
- djm@cvs.openbsd.org 2013/01/12 11:22:04
...
[cipher.c]
improve error message for integrity failure in AES-GCM modes; ok markus@
2013-01-12 22:41:26 +11:00
1422c0887c
- djm@cvs.openbsd.org 2013/01/09 05:40:17
...
[ssh-keygen.c]
correctly initialise fingerprint type for fingerprinting PKCS#11 keys
2013-01-09 16:44:54 +11:00
d522c68872
- (djm) [cipher.c configure.ac openbsd-compat/openssl-compat.h]
...
Fix merge botch, automatically detect AES-GCM in OpenSSL, move a little
cipher compat code to openssl-compat.h
2013-01-09 16:42:47 +11:00
1d75abfe23
- markus@cvs.openbsd.org 2013/01/08 18:49:04
...
[PROTOCOL authfile.c cipher.c cipher.h kex.c kex.h monitor_wrap.c]
[myproposal.h packet.c ssh_config.5 sshd_config.5]
support AES-GCM as defined in RFC 5647 (but with simpler KEX handling)
ok and feedback djm@
2013-01-09 16:12:19 +11:00
aa7ad3039c
- jmc@cvs.openbsd.org 2013/01/04 19:26:38
...
[sftp-server.8 sftp-server.c]
sftp-server.8: add argument name to -d
sftp-server.c: add -d to usage()
ok djm
2013-01-09 15:58:21 +11:00
ec77c954c8
- djm@cvs.openbsd.org 2013/01/03 23:22:58
...
[ssh-keygen.c]
allow fingerprinting of keys hosted in PKCS#11 tokens: ssh-keygen -lD ...
ok markus@
2013-01-09 15:58:00 +11:00
502ab0eff1
- djm@cvs.openbsd.org 2013/01/03 12:54:49
...
[sftp-server.8 sftp-server.c]
allow specification of an alternate start directory for sftp-server(8)
"I like this" markus@
2013-01-09 15:57:36 +11:00
3739c8f041
- djm@cvs.openbsd.org 2013/01/03 12:49:01
...
[PROTOCOL]
fix description of MAC calculation for EtM modes; ok markus@
2013-01-09 15:57:16 +11:00
441384453c
- djm@cvs.openbsd.org 2013/01/03 05:49:36
...
[servconf.h]
add a couple of ServerOptions members that should be copied to the privsep
child (for consistency, in this case they happen only to be accessed in
the monitor); ok dtucker@
2013-01-09 15:56:45 +11:00
697485d50a
- djm@cvs.openbsd.org 2013/01/02 00:33:49
...
[PROTOCOL.agent]
correct format description for SSH_AGENTC_ADD_RSA_ID_CONSTRAINED
bz#2051 from david AT lechnology.com
2013-01-09 15:56:13 +11:00
73298f420e
- djm@cvs.openbsd.org 2013/01/02 00:32:07
...
[clientloop.c mux.c]
channel_setup_local_fwd_listener() returns 0 on failure, not -ve
bz#2055 reported by mathieu.lacage AT gmail.com
2013-01-09 15:55:50 +11:00
4e14a58f3f
- dtucker@cvs.openbsd.org 2012/12/14 05:26:43
...
[auth.c]
use correct string in error message; from rustybsd at gmx.fr
2013-01-09 15:54:48 +11:00
0fc77297e6
- (dtucker) [Makefile.in] Add some scaffolding so that the new regress
...
tests will work with VPATH directories.
2012-12-17 15:59:42 +11:00
13cbff1e00
- (djm) [cipher.c] Fix missing prototype for compat code
2012-12-13 08:25:07 +11:00
25a02b0c95
- (djm) [configure.ac cipher-ctr.c] Adapt EVP AES CTR change to retain our
...
compat code for older OpenSSL
2012-12-13 08:18:56 +11:00
8c05da3326
- markus@cvs.openbsd.org 2012/12/12 16:45:52
...
[packet.c]
reset incoming_packet buffer for each new packet in EtM-case, too;
this happens if packets are parsed only parially (e.g. ignore
messages sent when su/sudo turn off echo); noted by sthen/millert
2012-12-13 07:18:59 +11:00
faabeb6b36
- (djm) [regress/Makefile] fix t-exec rule
2012-12-12 12:51:54 +11:00
37461d7391
- (djm) [regress/integrity.sh] Fix awk quoting, packet length skip
2012-12-12 12:37:32 +11:00
37834afe7b
- (djm) [mac.c] fix merge botch
2012-12-12 11:00:37 +11:00
ec7ce9ace4
- markus@cvs.openbsd.org 2012/12/11 23:12:13
...
[try-ciphers.sh]
add hmac-ripemd160-etm@openssh.com
2012-12-12 10:55:32 +11:00
1fb593a3f1
- markus@cvs.openbsd.org 2012/12/11 22:42:11
...
[regress/Makefile regress/modpipe.c regress/integrity.sh]
test the integrity of the packets; with djm@
2012-12-12 10:54:37 +11:00
1a45b63d7b
- markus@cvs.openbsd.org 2012/12/11 22:32:56
...
[regress/try-ciphers.sh]
add etm modes
2012-12-12 10:52:07 +11:00
74f13bdf26
- sthen@cvs.openbsd.org 2012/12/11 22:51:45
...
[mac.c]
fix typo, s/tem/etm in hmac-ripemd160-tem. ok markus@
2012-12-12 10:46:53 +11:00
af43a7ac2d
- markus@cvs.openbsd.org 2012/12/11 22:31:18
...
[PROTOCOL authfile.c cipher.c cipher.h kex.h mac.c myproposal.h]
[packet.c ssh_config.5 sshd_config.5]
add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms
that change the packet format and compute the MAC over the encrypted
message (including the packet size) instead of the plaintext data;
these EtM modes are considered more secure and used by default.
feedback and ok djm@
2012-12-12 10:46:31 +11:00
6a1937eac5
- markus@cvs.openbsd.org 2012/12/11 22:16:21
...
[monitor.c]
drain the log messages after receiving the keystate from the unpriv
child. otherwise it might block while sending. ok djm@
2012-12-12 10:44:38 +11:00
3e1027cd1f
- dtucker@cvs.openbsd.org 2012/12/07 01:51:35
...
[serverloop.c]
Cast signal to int for logging. A no-op on openbsd (they're always ints)
but will prevent warnings in portable. ok djm@
2012-12-07 13:07:46 +11:00
8a96522482
- markus@cvs.openbsd.org 2012/12/05 15:42:52
...
[ssh-add.c]
prevent double-free of comment; ok djm@
2012-12-07 13:07:02 +11:00
f9333d5246
- jmc@cvs.openbsd.org 2012/12/03 08:33:03
...
[ssh-add.1 sshd_config.5]
tweak previous;
2012-12-07 13:06:13 +11:00
3dfb877046
- dtucker@cvs.openbsd.org 2012/12/06 06:06:54
...
[regress/keys-command.sh]
Fix some problems with the keys-command test:
- use string comparison rather than numeric comparison
- check for existing KEY_COMMAND file and don't clobber if it exists
- clean up KEY_COMMAND file if we do create it.
- check that KEY_COMMAND is executable (which it won't be if eg /var/run
is mounted noexec).
ok djm.
2012-12-07 13:03:10 +11:00
96ce9a1e45
20121205
...
- (tim) [defines.h] Some platforms are missing ULLONG_MAX. Feedback djm@.
2012-12-04 07:50:03 -08:00
8b48982a56
- (djm) [configure.ac] Revert previous. configure.ac already does this
...
for us.
2012-12-03 12:35:55 +11:00
03af12e930
- (djm) [configure.ac] Turn on -g for gcc compilers. Helps pre-installation
...
debugging. ok dtucker@
2012-12-03 11:55:53 +11:00
55aca027ed
- djm@cvs.openbsd.org 2012/12/03 00:14:06
...
[auth2-chall.c ssh-keygen.c]
Fix compilation with -Wall -Werror (trivial type fixes)
2012-12-03 11:25:30 +11:00
999bd2d259
- djm@cvs.openbsd.org 2012/12/02 20:47:48
...
[Makefile regress/forward-control.sh]
regress for AllowTcpForwarding local/remote; ok markus@
2012-12-03 10:13:39 +11:00
771c43cee6
- djm@cvs.openbsd.org 2012/11/22 22:49:30
...
[regress/Makefile regress/keys-command.sh]
regress for AuthorizedKeysCommand; hints from markus@
2012-12-03 10:12:13 +11:00
6618e92509
- djm@cvs.openbsd.org 2012/10/19 05:10:42
...
[regress/cert-userkey.sh]
include a serial number when generating certs
2012-12-03 10:09:04 +11:00
fa51d8b6b2
- dtucker@cvs.openbsd.org 2012/10/05 02:20:48
...
[regress/cipher-speed.sh regress/try-ciphers.sh]
Add umac-128@openssh.com to the list of MACs to be tested
2012-12-03 10:08:25 +11:00
d27a026ab7
- dtucker@cvs.openbsd.org 2012/10/05 02:05:30
...
[regress/multiplex.sh]
Use 'kill -0' to test for the presence of a pid since it's more portable
2012-12-03 10:06:37 +11:00
15b05cfa17
- djm@cvs.openbsd.org 2012/12/02 20:34:10
...
[auth.c auth.h auth1.c auth2-chall.c auth2-gss.c auth2-jpake.c auth2.c]
[monitor.c monitor.h]
Fixes logging of partial authentication when privsep is enabled
Previously, we recorded "Failed xxx" since we reset authenticated before
calling auth_log() in auth2.c. This adds an explcit "Partial" state.
Add a "submethod" to auth_log() to report which submethod is used
for keyboard-interactive.
Fix multiple authentication when one of the methods is
keyboard-interactive.
ok markus@
2012-12-03 09:53:20 +11:00
aa5b3f8314
- djm@cvs.openbsd.org 2012/12/02 20:46:11
...
[auth-options.c channels.c servconf.c servconf.h serverloop.c session.c]
[sshd_config.5]
make AllowTcpForwarding accept "local" and "remote" in addition to its
current "yes"/"no" to allow the server to specify whether just local or
remote TCP forwarding is enabled. ok markus@
2012-12-03 09:50:54 +11:00
33a813613a
- djm@cvs.openbsd.org 2012/12/02 20:42:15
...
[ssh-add.1 ssh-add.c]
make deleting explicit keys "ssh-add -d" symmetric with adding keys -
try to delete the corresponding certificate too and respect the -k option
to allow deleting of the key only; feedback and ok markus@
2012-12-03 09:50:24 +11:00
cb6b68b209
- djm@cvs.openbsd.org 2012/12/02 20:26:11
...
[ssh_config.5 sshconnect2.c]
Make IdentitiesOnly apply to keys obtained from a PKCS11Provider.
This allows control of which keys are offered from tokens using
IdentityFile. ok markus@
2012-12-03 09:49:52 +11:00
cf6ef137b5
- (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD to get
...
TAILQ_FOREACH_SAFE needed for upcoming changes.
2012-12-03 09:37:56 +11:00
6f3b362fa8
- djm@cvs.openbsd.org 2012/11/14 02:32:15
...
[ssh-keygen.c]
allow the full range of unsigned serial numbers; 'fine' deraadt@
2012-11-14 19:04:33 +11:00
1e85469fcb
- djm@cvs.openbsd.org 2012/11/14 02:24:27
...
[auth2-pubkey.c]
fix username passed to helper program
prepare stdio fds before closefrom()
spotted by landry@
2012-11-14 19:04:02 +11:00
0120c41d6b
- jmc@cvs.openbsd.org 2012/09/26 17:34:38
...
[moduli.5]
last stage of rfc changes, using consistent Rs/Re blocks, and moving the
references into a STANDARDS section;
2012-11-07 08:36:00 +11:00
d5c3d4c0ca
- eric@cvs.openbsd.org 2011/11/28 08:46:27
...
[moduli.5]
fix formula
ok djm@
2012-11-07 08:35:38 +11:00
737f7aff36
- (dtucker) [auth2-pubkey.c] wrap paths.h in an ifdef for platforms that
...
don't have it. Spotted by tim@.
2012-11-05 17:07:43 +11:00
f96ff18a92
- (dtucker) [uidswap.c openbsd-compat/Makefile.in
...
openbsd-compat/bsd-setres_id.c openbsd-compat/bsd-setres_id.h
openbsd-compat/openbsd-compat.h] Move the fallback code for setting uids
and gids from uidswap.c to the compat library, which allows it to work with
the new setresuid calls in auth2-pubkey. with tim@, ok djm@
2012-11-05 17:04:37 +11:00
a6e3f01d1e
- djm@cvs.openbsd.org 2012/11/04 11:09:15
...
[auth.h auth1.c auth2.c monitor.c servconf.c servconf.h sshd.c]
[sshd_config.5]
Support multiple required authentication via an AuthenticationMethods
option. This option lists one or more comma-separated lists of
authentication method names. Successful completion of all the methods in
any list is required for authentication to complete;
feedback and ok markus@
2012-11-04 23:21:40 +11:00
d0d1099b3b
- djm@cvs.openbsd.org 2012/11/04 10:38:43
...
[auth2-pubkey.c sshd.c sshd_config.5]
Remove default of AuthorizedCommandUser. Administrators are now expected
to explicitly specify a user. feedback and ok markus@
2012-11-04 22:23:14 +11:00
f33580eed0
- OpenBSD CVS Sync
...
- jmc@cvs.openbsd.org 2012/10/31 08:04:50
[sshd_config.5]
tweak previous;
2012-11-04 22:22:52 +11:00
09d3e12512
- djm@cvs.openbsd.org 2012/10/30 21:29:55
...
[auth-rsa.c auth.c auth.h auth2-pubkey.c servconf.c servconf.h]
[sshd.c sshd_config sshd_config.5]
new sshd_config option AuthorizedKeysCommand to support fetching
authorized_keys from a command in addition to (or instead of) from
the filesystem. The command is run as the target server user unless
another specified via a new AuthorizedKeysCommandUser option.
patch originally by jchadima AT redhat.com, reworked by me; feedback
and ok markus@
2012-10-31 08:58:58 +11:00
07daed505f
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2012/10/05 12:34:39
[sftp.c]
fix signed vs unsigned warning; feedback & ok: djm@
2012-10-31 08:57:55 +11:00
c0e5cbe222
- (tim) [buildpkg.sh.in] Double up on some backslashes so they end up in
...
the generated file as intended.
2012-10-18 21:38:58 -07:00
cc8e9ffdd1
- [Makefile.in] "Using $< in a non-suffix rule context is a GNUmake idiom"
2012-10-05 15:41:06 +10:00
50ce447ef9
- [umac.c] Enforce allowed umac output sizes. From djm@.
2012-10-05 12:11:33 +10:00
ee4ad778d7
- dtucker@cvs.openbsd.org 2012/09/10 01:51:19
...
[regress/multiplex.sh]
use -Ocheck and waiting for completions by PID to make multiplexing test
less racy and (hopefully) more reliable on slow hardware.
2012-10-05 12:04:10 +10:00
9b2c0360cf
- dtucker@cvs.openbsd.org 2012/09/10 00:49:21
...
[regress/multiplex.sh]
Log -O cmd output to the log file and make logging consistent with the
other tests. Test clean shutdown of an existing channel when testing
"stop".
2012-10-05 11:45:39 +10:00
6fc5aa8b2e
- dtucker@cvs.openbsd.org 2012/09/09 11:51:25
...
[multiplex.sh]
Add test for ssh -Ostop
2012-10-05 11:43:57 +10:00
189e5bad5c
- dtucker@cvs.openbsd.org 2012/09/06 04:11:07
...
[regress/try-ciphers.sh]
Restore missing space. (Id sync only).
2012-10-05 11:41:52 +10:00
992faad1f1
- [Makefile umac.c] Add special-case target to build umac128.o.
2012-10-05 11:38:24 +10:00
427e409e99
- markus@cvs.openbsd.org 2012/10/04 13:21:50
...
[myproposal.h ssh_config.5 umac.h sshd_config.5 ssh.1 sshd.8 mac.c]
add umac128 variant; ok djm@ at n2k12
(note: further Makefile work is required)
2012-10-05 11:02:39 +10:00
0dc283b13a
- djm@cvs.openbsd.org 2012/10/02 07:07:45
...
[ssh-keygen.c]
fix -z option, broken in revision 1.215
2012-10-05 10:52:51 +10:00
3a7c04105a
- naddy@cvs.openbsd.org 2012/10/01 13:59:51
...
[monitor_wrap.c]
pasto; ok djm@
2012-10-05 10:51:59 +10:00
628a3fdce2
- jmc@cvs.openbsd.org 2012/09/26 16:12:13
...
[ssh.1]
last stage of rfc changes, using consistent Rs/Re blocks, and moving the
references into a STANDARDS section;
2012-10-05 10:50:15 +10:00
17146d369c
- dtucker@cvs.openbsd.org 2012/09/21 10:55:04
...
[sftp.c]
Fix handling of filenames containing escaped globbing characters and
escape "#" and "*". Patch from Jean-Marc Robert via tech@, ok djm.
2012-10-05 10:46:16 +10:00
191fcc6e4e
- dtucker@cvs.openbsd.org 2012/09/21 10:53:07
...
[sftp.c]
Fix improper handling of absolute paths when PWD is part of the completed
path. Patch from Jean-Marc Robert via tech@, ok djm.
2012-10-05 10:45:01 +10:00
063018d9f6
- dtucker@cvs.openbsd.org 2012/09/18 10:36:12
...
[sftp.c]
Add bounds check on sftp tab-completion. Part of a patch from from
Jean-Marc Robert via tech@, ok djm
2012-10-05 10:43:58 +10:00
302889a1b0
- markus@cvs.openbsd.org 2012/09/17 13:04:11
...
[packet.c]
clear old keys on rekeing; ok djm
2012-10-05 10:42:53 +10:00
0af2405ebf
- (dtucker) OpenBSD CVS Sync
...
- djm@cvs.openbsd.org 2012/09/17 09:54:44
[sftp.c]
an XXX for later
2012-10-05 10:41:25 +10:00
26b9e3b0c5
- markus@cvs.openbsd.org 2012/09/14 16:51:34
...
[sshconnect.c]
remove unused variable
2012-09-17 13:25:44 +10:00
bb6cc07cf4
- dtucker@cvs.openbsd.org 2012/09/13 23:37:36
...
[servconf.c]
Fix comment line length
2012-09-17 13:25:06 +10:00
86dc9b4110
Fix author's name for RFC6594 SSHFP change
2012-09-07 18:08:23 +10:00
48bf4b0ca3
- dtucker@cvs.openbsd.org 2012/09/07 06:34:21
...
[clientloop.c]
when muxmaster is run with -N, make it shut down gracefully when a client
sends it "-O stop" rather than hanging around (bz#1985). ok djm@
2012-09-07 16:38:53 +10:00
ca0d0fd806
- dtucker@cvs.openbsd.org 2012/09/07 01:10:21
...
[clientloop.c]
Merge escape help text for ~v and ~V; ok djm@
2012-09-07 11:22:24 +10:00
f111d40604
- dtucker@cvs.openbsd.org 2012/09/07 00:30:19
...
[clientloop.c]
Print '^Z' instead of a raw ^Z when the sequence is not supported. ok djm@
2012-09-07 11:21:42 +10:00
83d0af6907
- jmc@cvs.openbsd.org 2012/09/06 13:57:42
...
[ssh.1]
missing letter in previous;
2012-09-07 11:21:03 +10:00
92a39cfa09
- dtucker@cvs.openbsd.org 2012/09/06 09:50:13
...
[clientloop.c]
Make the escape command help (~?) context sensitive so that only commands
that will work in the current session are shown. ok markus@
(note: previous commit with this description was a mistake on my part while
pulling changes from OpenBSD)
2012-09-07 11:20:20 +10:00
241995382e
bz#2039: add acknowledgement of the original authors of the ECDSA SSHFP DNS
...
work. From Ondřej Surý.
2012-09-07 10:44:34 +10:00
29bf4040b4
- dtucker@cvs.openbsd.org 2012/09/06 09:50:13
...
[clientloop.c]
Make the escape command help (~?) context sensitive so that only commands
that will work in the current session are shown. ok markus@
2012-09-06 21:26:34 +10:00
50a48d025f
- dtucker@cvs.openbsd.org 2012/09/06 04:37:39
...
[clientloop.c log.c ssh.1 log.h]
Add ~v and ~V escape sequences to raise and lower the logging level
respectively. Man page help from jmc, ok deraadt jmc
2012-09-06 21:25:37 +10:00
00c1518a4d
- djm@cvs.openbsd.org 2012/08/17 01:30:00
...
[compat.c sshconnect.c]
Send client banner immediately, rather than waiting for the server to
move first for SSH protocol 2 connections (the default). Patch based on
one in bz#1999 by tls AT panix.com, feedback dtucker@ ok markus@
2012-09-06 21:21:56 +10:00
f09a8a6c6d
- djm@cvs.openbsd.org 2012/08/17 01:25:58
...
[ssh-keygen.c]
print details of which host lines were deleted when using
"ssh-keygen -R host"; ok markus@
2012-09-06 21:20:39 +10:00
ae608bdd83
- djm@cvs.openbsd.org 2012/08/17 01:22:56
...
[kex.c]
add some comments about better handling first-KEX-follows notifications
from the server. Nothing uses these right now. No binary change
2012-09-06 21:19:51 +10:00
66cb0e0733
- dtucker@cvs.openbsd.org 2012/08/17 00:45:45
...
[clientloop.c clientloop.h mux.c]
Force a clean shutdown of ControlMaster client sessions when the ~. escape
sequence is used. This means that ~. should now work in mux clients even
if the server is no longer responding. Found by tedu, ok djm.
2012-09-06 21:19:05 +10:00
3ee50c5d9f
- jmc@cvs.openbsd.org 2012/08/15 18:25:50
...
[ssh-keygen.1]
a little more info on certificate validity;
requested by Ross L Richardson, and provided by djm
2012-09-06 21:18:11 +10:00
23e4b80a60
- (dtucker) [moduli] Import new moduli file.
2012-08-30 10:42:47 +10:00
4eb0a532ef
- (djm) Release openssh-6.1
2012-08-29 10:26:20 +10:00
318541854f
- (dtucker) [openbsd-compat/bsd-cygwin_util.h] define WIN32_LEAN_AND_MEAN
...
for compatibility with future mingw-w64 headers. Patch from vinschen at
redhat com.
2012-08-28 19:57:19 +10:00
39a9d2c933
- (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
...
[contrib/suse/openssh.spec] Update version numbers
2012-08-22 21:57:13 +10:00
38fe66230f
- markus@cvs.openbsd.org 2012/07/22 18:19:21
...
[version.h]
openssh 6.1
2012-07-31 12:23:16 +10:00
46cb75a258
- dtucker@cvs.openbsd.org 2012/07/13 01:35:21
...
[servconf.c]
handle long comments in config files better. bz#2025, ok markus
2012-07-31 12:22:37 +10:00
1cce103b3e
fix truncated entry
2012-07-31 12:22:18 +10:00
5a5c2b9063
- djm@cvs.openbsd.org 2012/07/10 02:19:15
...
[servconf.c servconf.h sshd.c sshd_config]
Turn on systrace sandboxing of pre-auth sshd by default for new installs
by shipping a config that overrides the current UsePrivilegeSeparation=yes
default. Make it easier to flip the default in the future by adding too.
2012-07-31 12:21:34 +10:00
709a1e90d9
- jmc@cvs.openbsd.org 2012/07/06 06:38:03
...
[ssh-keygen.c]
missing full stop in usage();
2012-07-31 12:20:43 +10:00
Damien Miller
Darren Tucker
Tim Rice