tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,238 Commits 6 Branches 20 Tags 98 MiB
Commit Graph

6731 Commits

Author SHA1 Message Date
Damien Miller db3c595ea7 - djm@cvs.openbsd.org 2014/02/02 03:44:31 
[digest-libc.c digest-openssl.c]
     convert memset of potentially-private data to explicit_bzero()
 2014-02-04 11:25:45 +11:00
Damien Miller aae07e2e20 - djm@cvs.openbsd.org 2014/02/03 23:28:00 
[ssh-ecdsa.c]
     fix memory leak; ECDSA_SIG_new() allocates 'r' and 's' for us, unlike
     DSA_SIG_new. Reported by Batz Spear; ok markus@
 2014-02-04 11:20:40 +11:00
Damien Miller a5103f413b - djm@cvs.openbsd.org 2014/02/02 03:44:32 
[auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c]
     [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c]
     [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c]
     [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c]
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c]
     [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c]
     [sshd.c]
     convert memset of potentially-private data to explicit_bzero()
 2014-02-04 11:20:14 +11:00
Damien Miller 1d2c456426 - tedu@cvs.openbsd.org 2014/01/31 16:39:19 
[auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c]
     [channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c]
     [kexc25519.c krl.c monitor.c sandbox-systrace.c session.c]
     [sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c]
     [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h]
     replace most bzero with explicit_bzero, except a few that cna be memset
     ok djm dtucker
 2014-02-04 11:18:20 +11:00
Damien Miller 3928de067c - djm@cvs.openbsd.org 2014/01/30 22:26:14 
[sandbox-systrace.c]
     allow shutdown(2) syscall in sandbox - it may be called by packet_close()
     from portable
     (Id sync only; change is already in portable)
 2014-02-04 11:13:54 +11:00
Damien Miller e1e480aee8 - jmc@cvs.openbsd.org 2014/01/29 14:04:51 
[sshd_config.5]
     document kbdinteractiveauthentication;
     requested From: Ross L Richardson

     dtucker/markus helped explain its workings;
 2014-02-04 11:13:17 +11:00
Damien Miller 7cc194f70d - djm@cvs.openbsd.org 2014/01/29 06:18:35 
[Makefile.in auth.h auth2-jpake.c auth2.c jpake.c jpake.h monitor.c]
     [monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h]
     [schnorr.c schnorr.h servconf.c servconf.h ssh2.h sshconnect2.c]
     remove experimental, never-enabled JPAKE code; ok markus@
 2014-02-04 11:12:56 +11:00
Damien Miller b0f26544cf - djm@cvs.openbsd.org 2014/01/29 00:19:26 
[sshd.c]
     use kill(0, ...) instead of killpg(0, ...); on most operating systems
     they are equivalent, but SUSv2 describes the latter as having undefined
     behaviour; from portable; ok dtucker
     (Id sync only; change is already in portable)
 2014-02-04 11:10:01 +11:00
Damien Miller f8f35bc471 - jmc@cvs.openbsd.org 2014/01/28 14:13:39 
[ssh-keyscan.1]
     kill some bad Pa;
     From: Jan Stary
 2014-02-04 11:09:12 +11:00
Damien Miller ec93d15170 - markus@cvs.openbsd.org 2014/01/27 20:13:46 
[digest.c digest-openssl.c digest-libc.c Makefile.in]
     rename digest.c to digest-openssl.c and add libc variant; ok djm@
 2014-02-04 11:07:13 +11:00
Damien Miller 4a1c7aa640 - markus@cvs.openbsd.org 2014/01/27 19:18:54 
[auth-rsa.c cipher.c ssh-agent.c sshconnect1.c sshd.c]
     replace openssl MD5 with our ssh_digest_*; ok djm@
 2014-02-04 11:03:36 +11:00
Damien Miller 4e8d937af7 - markus@cvs.openbsd.org 2014/01/27 18:58:14 
[Makefile.in digest.c digest.h hostfile.c kex.h mac.c hmac.c hmac.h]
     replace openssl HMAC with an implementation based on our ssh_digest_*
     ok and feedback djm@
 2014-02-04 11:02:42 +11:00
Tim Rice 69d0d09f76 - (tim) [Makefile.in] build regress/setuid-allow. 2014-01-31 14:25:18 -08:00
Darren Tucker 0eeafcd76b - (dtucker) [readconf.c] Include <arpa/inet.h> for the hton macros. Fixes 
build with HP-UX's compiler.  Patch from Kevin Brott.
 2014-01-31 14:18:51 +11:00
Damien Miller 7e5cec6070 - (djm) [sandbox-seccomp-filter.c sandbox-systrace.c] Allow shutdown(2) 
syscall from sandboxes; it may be called by packet_close.
 2014-01-31 09:25:34 +11:00
Damien Miller cdb6c90811 - (djm) Release openssh-6.5p1 2014-01-30 12:50:17 +11:00
Damien Miller 996ea80b18 trim entries prior to openssh-6.0p1 2014-01-30 12:49:55 +11:00
Damien Miller f5bbd3b657 - (djm) [configure.ac atomicio.c] Kludge around NetBSD offering 
different symbols for 'read' when various compiler flags are
   in use, causing atomicio.c comparisons against it to break and
   read/write operations to hang; ok dtucker
 2014-01-30 11:26:46 +11:00
Damien Miller c2868192dd - (djm) [configure.ac] Only check for width-specified integer types 
in headers that actually exist. patch from Tom G. Christensen;
   ok dtucker@
 2014-01-30 10:21:19 +11:00
Damien Miller c161fc90fc - (djm) [configure.ac] Fix broken shell test '==' vs '='; patch from 
Tom G. Christensen
 2014-01-29 21:01:33 +11:00
Tim Rice 6f917ad376 - (tim) [regress/agent.sh regress/agent-ptrace.sh] Assign $? to a variable 
when used as an error message inside an if statement so we display the
   correct into. agent.sh patch from Petr Lautrbach.
 2014-01-28 10:26:25 -08:00
Damien Miller ab16ef4152 - (djm) [sshd.c] Use kill(0, ...) instead of killpg(0, ...); the 
latter being specified to have undefined behaviour in SUSv3;
   ok dtucker
 2014-01-28 15:08:12 +11:00
Damien Miller ab03949058 - (djm) [configure.ac] Search for inet_ntop in libnsl and libresovl; 
ok dtucker
 2014-01-28 15:07:10 +11:00
Darren Tucker 4ab20a82d4 - (dtucker) [Makefile.in] Remove trailing backslash which some make 
implementations (eg older Solaris) do not cope with.
 2014-01-27 17:35:04 +11:00
Darren Tucker e7e8b3cfe9 Welcome to 2014 2014-01-27 17:32:50 +11:00
Damien Miller 5b447c0aac - (djm) [configure.ac] correct AC_DEFINE for previous. 2014-01-26 09:46:53 +11:00
Damien Miller 2035b2236d - (djm) [configure.ac sandbox-capsicum.c sandbox-rlimit.c] Disable 
RLIMIT_NOFILE pseudo-sandbox on FreeBSD. In some configurations,
    libc will attempt to open additional file descriptors for crypto
    offload and crash if they cannot be opened.
 2014-01-26 09:39:53 +11:00
Damien Miller a92ac74104 - markus@cvs.openbsd.org 2014/01/25 20:35:37 
[kex.c]
     dh_need needs to be set to max(seclen, blocksize, ivlen, mac_len)
     ok dtucker@, noted by mancha
 2014-01-26 09:38:03 +11:00
Damien Miller 76eea4ab4e - dtucker@cvs.openbsd.org 2014/01/25 10:12:50 
[cipher.c cipher.h kex.c kex.h kexgexc.c]
     Add a special case for the DH group size for 3des-cbc, which has an
     effective strength much lower than the key size.  This causes problems
     with some cryptlib implementations, which don't support group sizes larger
     than 4k but also don't use the largest group size it does support as
     specified in the RFC.  Based on a patch from Petr Lautrbach at Redhat,
     reduced by me with input from Markus.  ok djm@ markus@
 2014-01-26 09:37:25 +11:00
Damien Miller 603b8f47f1 - (djm) [configure.ac] autoconf sets finds to 'yes' not '1', so test 
against the correct thing.
 2014-01-25 13:16:59 +11:00
Damien Miller c96d85376d - (djm) [configure.ac] Do not attempt to use capsicum sandbox unless 
sys/capability.h exists and cap_rights_limit is in libc. Fixes
   build on FreeBSD9x which provides the header but not the libc
   support.
 2014-01-25 13:12:28 +11:00
Damien Miller f62ecef993 - (djm) [configure.ac] Fix detection of capsicum sandbox on FreeBSD 2014-01-25 12:34:38 +11:00
Damien Miller b0e0f760b8 - (djm) [Makefile.in regress/scp-ssh-wrapper.sh regress/scp.sh] Make 
the scp regress test actually test the built scp rather than the one
   in $PATH. ok dtucker@
 2014-01-24 14:27:04 +11:00
Darren Tucker 42a0925301 - (dtucker) [configure.ac] NetBSD's (and FreeBSD's) strnvis is gratuitously 
incompatible with OpenBSD's despite post-dating it by more than a decade.
   Declare it as broken, and document FreeBSD's as the same.  ok djm@
 2014-01-23 23:14:39 +11:00
Tim Rice 617da33c20 - (tim) [session.c] Improve error reporting on set_id(). 2014-01-22 19:16:10 -08:00
Damien Miller 5c2ff5e31f - (djm) [configure.ac aclocal.m4] More tests to detect fallout from 
platform hardening options: include some long long int arithmatic
   to detect missing support functions for -ftrapv in libgcc and
   equivalents, actually test linking when -ftrapv is supplied and
   set either both -pie/-fPIE or neither. feedback and ok dtucker@
 2014-01-22 21:30:12 +11:00
Damien Miller 852472a54b - (djm) [configure.ac] Unless specifically requested, only attempt 
to build Position Independent Executables on gcc >= 4.x; ok dtucker
 2014-01-22 16:31:18 +11:00
Damien Miller ee87838786 - (djm) [openbsd-compat/setproctitle.c] Don't fail to compile if a 
platform that is expected to use the reuse-argv style setproctitle
   hack surprises us by providing a setproctitle in libc; ok dtucker
 2014-01-22 16:30:15 +11:00
Damien Miller 5c96a154c7 - (djm) [aclocal.m4] Flesh out the code run in the OSSH_CHECK_CFLAG_COMPILE 
and OSSH_CHECK_LDFLAG_LINK tests to give them a better chance of
   detecting toolchain-related problems; ok dtucker
 2014-01-21 13:10:26 +11:00
Tim Rice 9464ba6fb3 - (tim) [platform.c session.c] Fix bug affecting SVR5 platforms introduced 
with sftp chroot support. Move set_id call after chroot.
 2014-01-20 17:59:28 -08:00
Darren Tucker a6d573caa1 - (dtucker) [aclocal.m4] Differentiate between compile-time and link-time 
tests in the configure output.  ok djm.
 2014-01-21 12:50:46 +11:00
Darren Tucker 096118dc73 - (dtucker) [configure.ac] Make PIE a configure-time option which defaults 
to on platforms where it's known to be reliably detected and off elsewhere.
   Works around platforms such as FreeBSD 9.1 where it does not interop with
   -ftrapv (it seems to work but fails when trying to link ssh).  ok djm@
 2014-01-21 12:48:51 +11:00
Damien Miller f9df7f6f47 - (djm) [regress/cert-hostkey.sh] Fix regress failure on platforms that 
skip one or more key types (e.g. RHEL/CentOS 6.5); ok dtucker@
 2014-01-20 20:07:15 +11:00
Darren Tucker c74e70eb52 - (dtucker) [gss-serv-krb5.c] Fall back to krb5_cc_gen_new if the Kerberos 
implementation does not have krb5_cc_new_unique, similar to what we do
   in auth-krb5.c.
 2014-01-20 13:18:09 +11:00
Damien Miller 3510979e83 - djm@cvs.openbsd.org 2014/01/20 00:08:48 
[digest.c]
     memleak; found by Loganaden Velvindron @ AfriNIC; ok markus@
 2014-01-20 12:41:53 +11:00
Darren Tucker 7eee358d7a - dtucker@cvs.openbsd.org 2014/01/19 11:21:51 
[addrmatch.c]
     Cast the sizeof to socklen_t so it'll work even if the supplied len is
     negative.  Suggested by and ok djm, ok deraadt.
 2014-01-19 22:37:02 +11:00
Darren Tucker b7e01c09b5 - djm@cvs.openbsd.org 2014/01/19 04:48:08 
[ssh_config.5]
     fix inverted meaning of 'no' and 'yes' for CanonicalizeFallbackLocal
 2014-01-19 22:36:13 +11:00
Darren Tucker 7b1ded04ad - dtucker@cvs.openbsd.org 2014/01/19 04:17:29 
[canohost.c addrmatch.c]
     Cast socklen_t when comparing to size_t and use socklen_t to iterate over
     the ip options, both to prevent signed/unsigned comparison warnings.
     Patch from vinschen at redhat via portable openssh, begrudging ok deraadt.
 2014-01-19 15:30:02 +11:00
Darren Tucker 293ee3c9f0 - dtucker@cvs.openbsd.org 2014/01/18 09:36:26 
[session.c]
     explicitly define USE_PIPES to 1 to prevent redefinition warnings in
     portable on platforms that use pipes for everything.  From redhat @
     redhat.
 2014-01-19 15:28:01 +11:00
Darren Tucker 2aca159d05 - dtucker@cvs.openbsd.org 2014/01/17 06:23:24 
[sftp-server.c]
     fix log message statvfs.  ok djm
 2014-01-19 15:25:34 +11:00