fdb2306acd
- deraadt@cvs.openbsd.org 2013/11/20 20:54:10
...
[canohost.c clientloop.c match.c readconf.c sftp.c]
unsigned casts for ctype macros where neccessary
ok guenther millert markus
2013-11-21 13:57:15 +11:00
e00167307e
- deraadt@cvs.openbsd.org 2013/11/20 20:53:10
...
[scp.c]
unsigned casts for ctype macros where neccessary
ok guenther millert markus
2013-11-21 13:56:49 +11:00
23e00aa6ba
- djm@cvs.openbsd.org 2013/11/20 02:19:01
...
[sshd.c]
delay closure of in/out fds until after "Bad protocol version
identification..." message, as get_remote_ipaddr/get_remote_port
require them open.
2013-11-21 13:56:28 +11:00
867e6934be
- markus@cvs.openbsd.org 2013/11/13 13:48:20
...
[ssh-pkcs11.c]
add missing braces found by pedro
2013-11-21 13:56:06 +11:00
0600c7020f
- dtucker@cvs.openbsd.org 2013/11/08 11:15:19
...
[bufaux.c bufbn.c buffer.c sftp-client.c sftp-common.c sftp-glob.c]
[uidswap.c] Include stdlib.h for free() as per the man page.
2013-11-21 13:55:43 +11:00
b6a75b0b93
- (dtucker) [regress/keytype.sh] Populate ECDSA key types to be tested by
...
querying the ones that are compiled in.
2013-11-10 20:25:22 +11:00
2c89430119
- (dtucker) [key.c] Check for the correct defines for NID_secp521r1.
2013-11-10 12:38:42 +11:00
dd5264db5f
- (dtucker) [configure.ac] Add missing "test".
2013-11-09 22:32:51 +11:00
95cb2d4eb0
- (dtucker) [configure.ac] Fix brackets in NID_secp521r1 test.
2013-11-09 22:02:31 +11:00
37bcef51b3
- (dtucker) [configure.ac kex.c key.c myproposal.h] Test for the presence of
...
NID_X9_62_prime256v1, NID_secp384r1 and NID_secp521r1 and test that the
latter actually works before using it. Fedora (at least) has NID_secp521r1
that doesn't work (see https://bugzilla.redhat.com/show_bug.cgi?id=1021897 ).
2013-11-09 18:39:25 +11:00
6e2fe81f92
- dtucker@cvs.openbsd.org 2013/11/09 05:41:34
...
[regress/test-exec.sh regress/rekey.sh]
Use smaller test data files to speed up tests. Grow test datafiles
where necessary for a specific test.
2013-11-09 16:55:03 +11:00
aff7ef1bb8
- (dtucker) [contrib/cygwin/ssh-host-config] Simplify host key generation:
...
rather than testing and generating each key, call ssh-keygen -A.
Patch from vinschen at redhat.com.
2013-11-09 00:19:22 +11:00
882abfd3fb
- (dtucker) [Makefile.in configure.ac] Set MALLOC_OPTIONS per platform
...
and pass in TEST_ENV. Unknown options cause stderr to get polluted
and the stderr-data test to fail.
2013-11-09 00:17:41 +11:00
8c333ec23b
- (dtucker) [openbsd-compat/bsd-poll.c] Add headers to prevent compile
...
warnings.
2013-11-08 21:12:58 +11:00
d94240b2f6
- (dtucker) [myproposal.h] Conditionally enable CURVE25519_SHA256.
2013-11-08 21:10:04 +11:00
1c8ce34909
- (dtucker) [kex.c] Only enable CURVE25519_SHA256 if we actually have
...
EVP_sha256.
2013-11-08 19:50:32 +11:00
ccdb9bec46
- (dtucker) [openbsd-compat/openbsd-compat.h] Add null implementation of
...
arc4random_stir for platforms that have arc4random but don't have
arc4random_stir (right now this is only OpenBSD -current).
2013-11-08 18:54:38 +11:00
3420a50169
- (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
...
[contrib/suse/openssh.spec] Update version numbers following release.
2013-11-08 16:48:13 +11:00
3ac4a234df
- djm@cvs.openbsd.org 2013/11/08 01:38:11
...
[version.h]
openssh-6.4
2013-11-08 12:39:49 +11:00
6c81fee693
- djm@cvs.openbsd.org 2013/11/08 00:39:15
...
[auth-options.c auth2-chall.c authfd.c channels.c cipher-3des1.c]
[clientloop.c gss-genr.c monitor_mm.c packet.c schnorr.c umac.c]
[sftp-client.c sftp-glob.c]
use calloc for all structure allocations; from markus@
2013-11-08 12:19:55 +11:00
690d989008
- dtucker@cvs.openbsd.org 2013/11/07 11:58:27
...
[cipher.c cipher.h kex.c kex.h mac.c mac.h servconf.c ssh.c]
Output the effective values of Ciphers, MACs and KexAlgorithms when
the default has not been overridden. ok markus@
2013-11-08 12:16:49 +11:00
08998c5fb9
- dtucker@cvs.openbsd.org 2013/11/08 01:06:14
...
[regress/rekey.sh]
Rekey less frequently during tests to speed them up
2013-11-08 12:11:46 +11:00
4bf7e50e53
- (dtucker) [Makefile.in configure.ac] Remove TEST_SSH_SHA256 environment
...
variable. It's no longer used now that we get the supported MACs from
ssh -Q.
2013-11-07 22:33:48 +11:00
6e9d6f4112
- dtucker@cvs.openbsd.org 2013/11/07 04:26:56
...
[regress/kextype.sh]
trailing space
2013-11-07 15:32:37 +11:00
74cbc22529
- dtucker@cvs.openbsd.org 2013/11/07 03:55:41
...
[regress/kextype.sh]
Use ssh -Q to get kex types instead of a static list.
2013-11-07 15:26:12 +11:00
a955041c93
- dtucker@cvs.openbsd.org 2013/11/07 02:48:38
...
[regress/integrity.sh regress/cipher-speed.sh regress/try-ciphers.sh]
Use ssh -Q instead of hardcoding lists of ciphers or MACs.
2013-11-07 15:21:19 +11:00
06595d6395
- dtucker@cvs.openbsd.org 2013/11/07 01:12:51
...
[regress/rekey.sh]
Factor out the data transfer rekey tests
2013-11-07 15:08:02 +11:00
651dc8b259
- dtucker@cvs.openbsd.org 2013/11/07 00:12:05
...
[regress/rekey.sh]
Test rekeying for every Cipher, MAC and KEX, plus test every KEX with
the GCM ciphers.
2013-11-07 15:04:44 +11:00
234557762b
- dtucker@cvs.openbsd.org 2013/11/04 12:27:42
...
[regress/rekey.sh]
Test rekeying with all KexAlgorithms.
2013-11-07 15:00:51 +11:00
bbfb9b0f38
- markus@cvs.openbsd.org 2013/11/02 22:39:53
...
[regress/kextype.sh]
add curve25519-sha256@libssh.org
2013-11-07 14:56:43 +11:00
aa19548a98
- djm@cvs.openbsd.org 2013/10/09 23:44:14
...
[regress/Makefile] (ID sync only)
regression test for sftp request white/blacklisting and readonly mode.
2013-11-07 14:50:09 +11:00
c8908aabff
- djm@cvs.openbsd.org 2013/11/06 23:05:59
...
[ssh-pkcs11.c]
from portable: s/true/true_val/ to avoid name collisions on dump platforms
RCSID sync only
2013-11-07 13:38:35 +11:00
49c145c5e8
- markus@cvs.openbsd.org 2013/11/06 16:52:11
...
[monitor_wrap.c]
fix rekeying for AES-GCM modes; ok deraadt
2013-11-07 13:35:39 +11:00
67a8800f29
- markus@cvs.openbsd.org 2013/11/04 11:51:16
...
[monitor.c]
fix rekeying for KEX_C25519_SHA256; noted by dtucker@
RCSID sync only; I thought this was a merge botch and fixed it already
2013-11-07 13:32:51 +11:00
df8b030b15
- (djm) [configure.ac defines.h] Skip arc4random_stir() calls on platforms
...
that lack it but have arc4random_uniform()
2013-11-07 13:28:16 +11:00
a6fd1d3c38
- (djm) [regress/modpipe.c regress/rekey.sh] Never intended to commit these
2013-11-07 12:03:26 +11:00
c98319750b
- (djm) [Makefile.in monitor.c] Missed chunks of curve25519 KEX diff
2013-11-07 12:00:23 +11:00
61c5c2319e
- (djm) [ssh-pkcs11.c] Bring back "non-constant initialiser" fix (rev 1.5)
...
that got lost in recent merge.
2013-11-07 11:34:14 +11:00
094003f545
- (djm) [kexc25519.c kexc25519c.c kexc25519s.c] Import missed files from
...
KEX/curve25519 change
2013-11-04 22:59:27 +11:00
ca67a7eaf8
- djm@cvs.openbsd.org 2013/11/03 10:37:19
...
[roaming_common.c]
fix a couple of function definitions foo() -> foo(void)
(-Wold-style-definition)
2013-11-04 09:05:17 +11:00
0bd8f1519d
- markus@cvs.openbsd.org 2013/11/02 22:39:19
...
[ssh_config.5 sshd_config.5]
the default kex is now curve25519-sha256@libssh.org
2013-11-04 08:55:43 +11:00
4c3ba0767f
- markus@cvs.openbsd.org 2013/11/02 22:34:01
...
[auth-options.c]
no need to include monitor_wrap.h and ssh-gss.h
2013-11-04 08:40:13 +11:00
660621b210
- markus@cvs.openbsd.org 2013/11/02 22:24:24
...
[kexdhs.c kexecdhs.c]
no need to include ssh-gss.h
2013-11-04 08:37:51 +11:00
abdca986de
- markus@cvs.openbsd.org 2013/11/02 22:10:15
...
[kexdhs.c kexecdhs.c]
no need to include monitor_wrap.h
2013-11-04 08:30:05 +11:00
1e1242604e
- markus@cvs.openbsd.org 2013/11/02 21:59:15
...
[kex.c kex.h myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
use curve25519 for default key exchange (curve25519-sha256@libssh.org );
initial patch from Aris Adamantiadis; ok djm@
2013-11-04 08:26:52 +11:00
d2252c7919
- markus@cvs.openbsd.org 2013/11/02 20:03:54
...
[ssh-pkcs11.c]
support pkcs#11 tokes that only provide x509 zerts instead of raw pubkeys;
fixes bz#1908; based on patch from Laurent Barbe; ok djm
2013-11-04 07:41:48 +11:00
007e3b357e
- (dtucker) [configure.ac defines.h] Add typedefs for intmax_t and uintmax_t
...
for platforms that don't have them.
2013-11-03 18:43:55 +11:00
710f374735
- (dtucker) [openbsd-compat/setproctitle.c] Handle error case form the 2nd
...
vsnprintf. From eric at openbsd via chl@.
2013-11-03 17:20:34 +11:00
d527704523
- (dtucker) [openbsd-compat/bsd-misc.c] Include time.h for nanosleep.
...
From OpenSMTPD where it prevents "implicit declaration" warnings (it's
a no-op in OpenSSH). From chl at openbsd.
2013-11-03 16:30:46 +11:00
63857c9340
- jmc@cvs.openbsd.org 2013/10/29 18:49:32
...
[sshd_config.5]
pty(4), not pty(7);
2013-10-30 22:31:06 +11:00
5ff30c6b68
- djm@cvs.openbsd.org 2013/10/29 09:48:02
...
[servconf.c servconf.h session.c sshd_config sshd_config.5]
shd_config PermitTTY to disallow TTY allocation, mirroring the
longstanding no-pty authorized_keys option;
bz#2070, patch from Teran McKinney; ok markus@
2013-10-30 22:21:50 +11:00
4a3a9d4bbf
- djm@cvs.openbsd.org 2013/10/29 09:42:11
...
[key.c key.h]
fix potential stack exhaustion caused by nested certificates;
report by Mateusz Kocielski; ok dtucker@ markus@
2013-10-30 22:19:47 +11:00
28631ceaa7
- djm@cvs.openbsd.org 2013/10/25 23:04:51
...
[ssh.c]
fix crash when using ProxyCommand caused by previous commit - was calling
freeaddrinfo(NULL); spotted by sthen@ and Tim Ruehsen, patch by sthen@
2013-10-26 10:07:56 +11:00
26506ad293
- (djm) [ssh-keygen.c ssh-keysign.c sshconnect1.c sshd.c] Remove
...
unnecessary arc4random_stir() calls. The only ones left are to ensure
that the PRNG gets a different state after fork() for platforms that
have broken the API.
2013-10-26 10:05:46 +11:00
bd43e88723
- (tim) [regress/sftp-perm.sh] We need a shell that understands "! somecmd"
2013-10-24 12:22:49 -07:00
a90c033808
- djm@cvs.openbsd.org 2013/10/24 08:19:36
...
[ssh.c]
fix bug introduced in hostname canonicalisation commit: don't try to
resolve hostnames when a ProxyCommand is set unless the user has forced
canonicalisation; spotted by Iain Morgan
2013-10-24 21:03:17 +11:00
cf31f38634
- dtucker@cvs.openbsd.org 2013/10/24 00:51:48
...
[readconf.c servconf.c ssh_config.5 sshd_config.5]
Disallow empty Match statements and add "Match all" which matches
everything. ok djm, man page help jmc@
2013-10-24 21:02:56 +11:00
4bedd4032a
- dtucker@cvs.openbsd.org 2013/10/24 00:49:49
...
[moduli.c]
Periodically print progress and, if possible, expected time to completion
when screening moduli for DH groups. ok deraadt djm
2013-10-24 21:02:26 +11:00
5ecb416298
- djm@cvs.openbsd.org 2013/10/23 23:35:32
...
[sshd.c]
include local address and port in "Connection from ..." message (only
shown at loglevel>=verbose)
2013-10-24 21:02:02 +11:00
03bf2e61ad
- dtucker@cvs.openbsd.org 2013/10/23 05:40:58
...
[servconf.c]
fix comment
2013-10-24 21:01:26 +11:00
8f18731914
- (djm) [auth-krb5.c] bz#2032 - use local username in krb5_kuserok check
...
rather than full client name which may be of form user@REALM;
patch from Miguel Sanders; ok dtucker@
2013-10-24 10:53:02 +11:00
5b01b0dcb4
- djm@cvs.openbsd.org 2013/10/23 04:16:22
...
[ssh-keygen.c]
Make code match documentation: relative-specified certificate expiry time
should be relative to current time and not the validity start time.
Reported by Petr Lautrbach; ok deraadt@
2013-10-23 16:31:31 +11:00
eff5cada58
- djm@cvs.openbsd.org 2013/10/23 03:05:19
...
[readconf.c ssh.c]
comment
2013-10-23 16:31:10 +11:00
084bcd24e9
- djm@cvs.openbsd.org 2013/10/23 03:03:07
...
[readconf.c]
Hostname may have %h sequences that should be expanded prior to Match
evaluation; spotted by Iain Morgan
2013-10-23 16:30:51 +11:00
8e5a67f469
- jmc@cvs.openbsd.org 2013/10/20 18:00:13
...
[ssh_config.5]
tweak the "exec" description, as worded by djm;
2013-10-23 16:30:25 +11:00
c0049bd0bc
- djm@cvs.openbsd.org 2013/10/20 09:51:26
...
[scp.1 sftp.1]
add canonicalisation options to -o lists
2013-10-23 16:29:59 +11:00
8a04be795f
- djm@cvs.openbsd.org 2013/10/20 06:19:28
...
[readconf.c ssh_config.5]
rename "command" subclause of the recently-added "Match" keyword to
"exec"; it's shorter, clearer in intent and we might want to add the
ability to match against the command being executed at the remote end in
the future.
2013-10-23 16:29:40 +11:00
5c86ebdf83
- djm@cvs.openbsd.org 2013/10/20 04:39:28
...
[ssh_config.5]
document % expansions performed by "Match command ..."
2013-10-23 16:29:12 +11:00
4502f88774
- djm@cvs.openbsd.org 2013/10/17 22:08:04
...
[sshd.c]
include remote port in bad banner message; bz#2162
2013-10-18 10:17:36 +11:00
1edcbf65eb
- jmc@cvs.openbsd.org 2013/10/17 07:35:48
...
[sftp.1 sftp.c]
tweak previous;
2013-10-18 10:17:17 +11:00
a176e18230
- djm@cvs.openbsd.org 2013/10/09 23:44:14
...
[regress/Makefile regress/sftp-perm.sh]
regression test for sftp request white/blacklisting and readonly mode.
2013-10-18 09:05:41 +11:00
e3ea09494d
- djm@cvs.openbsd.org 2013/10/17 00:46:49
...
[ssh.c]
rearrange check to reduce diff against -portable
(Id sync only)
2013-10-17 11:57:23 +11:00
f29238e674
- djm@cvs.openbsd.org 2013/10/17 00:30:13
...
[PROTOCOL sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c]
fsync@openssh.com protocol extension for sftp-server
client support to allow calling fsync() faster successful transfer
patch mostly by imorgan AT nas.nasa.gov; bz#1798
"fine" markus@ "grumble OK" deraadt@ "doesn't sound bad to me" millert@
2013-10-17 11:48:52 +11:00
51682faa59
- djm@cvs.openbsd.org 2013/10/16 22:58:01
...
[ssh.c ssh_config.5]
one I missed in previous: s/isation/ization/
2013-10-17 11:48:31 +11:00
3850559be9
- djm@cvs.openbsd.org 2013/10/16 22:49:39
...
[readconf.c readconf.h ssh.1 ssh.c ssh_config.5]
s/canonicalise/canonicalize/ for consistency with existing spelling,
e.g. authorized_keys; pointed out by naddy@
2013-10-17 11:48:13 +11:00
607af3434b
- jmc@cvs.openbsd.org 2013/10/16 06:42:25
...
[ssh_config.5]
tweak previous;
2013-10-17 11:47:51 +11:00
0faf747e2f
- djm@cvs.openbsd.org 2013/10/16 02:31:47
...
[readconf.c readconf.h roaming_client.c ssh.1 ssh.c ssh_config.5]
[sshconnect.c sshconnect.h]
Implement client-side hostname canonicalisation to allow an explicit
search path of domain suffixes to use to convert unqualified host names
to fully-qualified ones for host key matching.
This is particularly useful for host certificates, which would otherwise
need to list unqualified names alongside fully-qualified ones (and this
causes a number of problems).
"looks fine" markus@
2013-10-17 11:47:23 +11:00
d77b81f856
- jmc@cvs.openbsd.org 2013/10/15 14:10:25
...
[ssh.1 ssh_config.5]
tweak previous;
2013-10-17 11:39:00 +11:00
dcd39f29ce
- [ssh.c] g/c unused variable.
2013-10-17 11:31:40 +11:00
386feab0c4
- djm@cvs.openbsd.org 2013/10/14 23:31:01
...
[ssh.c]
whitespace at EOL; pointed out by markus@
2013-10-15 12:14:49 +11:00
e9fc72edd6
- djm@cvs.openbsd.org 2013/10/14 23:28:23
...
[canohost.c misc.c misc.h readconf.c sftp-server.c ssh.c]
refactor client config code a little:
add multistate option partsing to readconf.c, similar to servconf.c's
existing code.
move checking of options that accept "none" as an argument to readconf.c
add a lowercase() function and use it instead of explicit tolower() in
loops
part of a larger diff that was ok markus@
2013-10-15 12:14:12 +11:00
194fd904d8
- djm@cvs.openbsd.org 2013/10/14 22:22:05
...
[readconf.c readconf.h ssh-keysign.c ssh.c ssh_config.5]
add a "Match" keyword to ssh_config that allows matching on hostname,
user and result of arbitrary commands. "nice work" markus@
2013-10-15 12:13:05 +11:00
71df752de2
- djm@cvs.openbsd.org 2013/10/14 21:20:52
...
[session.c session.h]
Add logging of session starts in a useful format; ok markus@ feedback and
ok dtucker@
2013-10-15 12:12:02 +11:00
6efab27109
- jmc@cvs.openbsd.org 2013/10/14 14:18:56
...
[sftp-server.8 sftp-server.c]
tweak previous;
ok djm
2013-10-15 12:07:05 +11:00
61c7de8a94
- djm@cvs.openbsd.org 2013/10/11 02:53:45
...
[sftp-client.h]
obsolete comment
2013-10-15 12:06:45 +11:00
2f93d0556e
- djm@cvs.openbsd.org 2013/10/11 02:52:23
...
[sftp-client.c]
missed one arg reorder
2013-10-15 12:06:27 +11:00
bda5c84457
- djm@cvs.openbsd.org 2013/10/11 02:45:36
...
[sftp-client.c]
rename flag arguments to be more clear and consistent.
reorder some internal function arguments to make adding additional flags
easier.
no functional change
2013-10-15 12:05:58 +11:00
61ee4d68ca
- djm@cvs.openbsd.org 2013/10/10 01:43:03
...
[sshd.c]
bz#2139: fix re-exec fallback by ensuring that startup_pipe is correctly
updated; ok dtucker@
2013-10-15 11:56:47 +11:00
73600e51af
- djm@cvs.openbsd.org 2013/10/10 00:53:25
...
[sftp-server.c]
add -Q, -P and -p to usage() before jmc@ catches me
2013-10-15 11:56:25 +11:00
6eaeebf27d
- djm@cvs.openbsd.org 2013/10/09 23:42:17
...
[sftp-server.8 sftp-server.c]
Add ability to whitelist and/or blacklist sftp protocol requests by name.
Refactor dispatch loop and consolidate read-only mode checks.
Make global variables static, since sftp-server is linked into sshd(8).
ok dtucker@
2013-10-15 11:55:57 +11:00
df62d71e64
- dtucker@cvs.openbsd.org 2013/10/08 11:42:13
...
[dh.c dh.h]
Increase the size of the Diffie-Hellman groups requested for a each
symmetric key size. New values from NIST Special Publication 800-57 with
the upper limit specified by RFC4419. Pointed out by Peter Backes, ok
djm@.
2013-10-10 10:32:39 +11:00
e6e52f8c5d
- djm@cvs.openbsd.org 2013/09/19 01:26:29
...
[sshconnect.c]
bz#1211: make BindAddress work with UsePrivilegedPort=yes; patch from
swp AT swp.pp.ru; ok dtucker@
2013-10-10 10:28:07 +11:00
71152bc991
- djm@cvs.openbsd.org 2013/09/19 01:24:46
...
[channels.c]
bz#1297 - tell the client (via packet_send_debug) when their preferred
listen address has been overridden by the server's GatewayPorts;
ok dtucker@
2013-10-10 10:27:21 +11:00
b59aaf3c4f
- djm@cvs.openbsd.org 2013/09/19 00:49:12
...
[sftp-client.c]
fix swapped pflag and printflag in sftp upload_dir; from Iain Morgan
2013-10-10 10:26:21 +11:00
5d80e4522d
- djm@cvs.openbsd.org 2013/09/19 00:24:52
...
[progressmeter.c]
store the initial file offset so the progress meter doesn't freak out
when resuming sftp transfers. bz#2137; patch from Iain Morgan; ok dtucker@
2013-10-10 10:25:09 +11:00
ad92df7e5e
- sthen@cvs.openbsd.org 2013/09/16 11:35:43
...
[ssh_config]
Remove gssapi config parts from ssh_config, as was already done for
sshd_config. Req by/ok ajacoutot@
ID SYNC ONLY for portable; kerberos/gssapi is still pretty popular
2013-10-10 10:24:11 +11:00
720711960b
- (djm) [openbsd-compat/Makefile.in openbsd-compat/arc4random.c]
...
[openbsd-compat/bsd-arc4random.c] Replace old RC4-based arc4random
implementation with recent OpenBSD's ChaCha-based PRNG. ok dtucker@,
tested tim@
2013-10-09 10:44:47 +11:00
9159310087
- (djm) [openbsd-compat/arc4random.c openbsd-compat/chacha_private.h] Pull
...
in OpenBSD implementation of arc4random, shortly to replace the existing
bsd-arc4random.c
2013-10-09 10:42:32 +11:00
67f1d557a6
correct incorrect years in datestamps; from des
2013-10-09 09:33:08 +11:00
f2bf36c3eb
- (dtucker) [platform.c platform.h sshd.c] bz#2156: restore Linux oom_adj
...
setting when handling SIGHUP to maintain behaviour over retart. Patch
from Matthew Ife.
2013-09-22 19:02:40 +10:00
e90a06ae57
- (dtucker) [sshd_config] Trailing whitespace; from jstjohn at purdue edu.
2013-09-18 15:09:38 +10:00
13840e0103
- djm@cvs.openbsd.org 2013/09/13 06:54:34
...
[channels.c]
avoid unaligned access in code that reused a buffer to send a
struct in_addr in a reply; simpler just use use buffer_put_int();
from portable; spotted by and ok dtucker@
2013-09-14 09:49:43 +10:00
70182522a4
- djm@cvs.openbsd.org 2013/09/12 01:41:12
...
[clientloop.c]
fix connection crash when sending break (~B) on ControlPersist'd session;
ok dtucker@
2013-09-14 09:49:19 +10:00
ff9d6c2a41
- sthen@cvs.openbsd.org 2013/09/07 13:53:11
...
[sshd_config]
Remove commented-out kerberos/gssapi config options from sample config,
kerberos support is currently not enabled in ssh in OpenBSD. Discussed with
various people; ok deraadt@
ID SYNC ONLY for portable; kerberos/gssapi is still pretty popular
2013-09-14 09:48:55 +10:00
8bab5e7b5f
- deraadt@cvs.openbsd.org 2013/09/02 22:00:34
...
[ssh-keygen.c sshconnect1.c sshd.c]
All the instances of arc4random_stir() are bogus, since arc4random()
does this itself, inside itself, and has for a very long time.. Actually,
this was probably reducing the entropy available.
ok djm
ID SYNC ONLY for portable; we don't trust other arc4random implementations
to do this right.
2013-09-14 09:47:00 +10:00
61353b3208
- djm@cvs.openbsd.org 2013/08/31 00:13:54
...
[sftp.c]
make ^w match ksh behaviour (delete previous word instead of entire line)
2013-09-14 09:45:32 +10:00
660854859c
- mikeb@cvs.openbsd.org 2013/08/28 12:34:27
...
[ssh-keygen.c]
improve batch processing a bit by making use of the quite flag a bit
more often and exit with a non zero code if asked to find a hostname
in a known_hosts file and it wasn't there;
originally from reyk@, ok djm
2013-09-14 09:45:03 +10:00
045bda5cb8
- djm@cvs.openbsd.org 2013/08/22 19:02:21
...
[sshd.c]
Stir PRNG after post-accept fork. The child gets a different PRNG state
anyway via rexec and explicit privsep reseeds, but it's good to be sure.
ok markus@
2013-09-14 09:44:37 +10:00
ed4af412da
add marker for 6.3p1 release at the point of the last included change
2013-09-14 09:40:51 +10:00
43968a8e66
- (djm) [openbsd-compat/bsd-snprintf.c] #ifdef noytet for intmax_t bits
...
until we have configure support.
2013-08-28 14:00:54 +10:00
04be8b9e53
- (djm) [openbsd-compat/bsd-snprintf.c] teach our local snprintf code the
...
'j' (intmax_t/uintmax_t) and 'z' (size_t/ssize_t) conversions in case we
start to use them in the future.
2013-08-28 12:49:43 +10:00
f2f6c315a9
- jmc@cvs.openbsd.org 2013/08/20 06:56:07
...
[ssh.1 ssh_config.5]
some proxyusefdpass tweaks;
2013-08-21 02:44:58 +10:00
1262b6638f
- djm@cvs.openbsd.org 2013/08/20 00:11:38
...
[readconf.c readconf.h ssh_config.5 sshconnect.c]
Add a ssh_config ProxyUseFDPass option that supports the use of
ProxyCommands that establish a connection and then pass a connected
file descriptor back to ssh(1). This allows the ProxyCommand to exit
rather than have to shuffle data back and forth and enables ssh to use
getpeername, etc. to obtain address information just like it does with
regular directly-connected sockets. ok markus@
2013-08-21 02:44:24 +10:00
b7727df37e
- jmc@cvs.openbsd.org 2013/08/14 08:39:27
...
[scp.1 ssh.1]
some Bx/Ox conversion;
From: Jan Stary
2013-08-21 02:43:49 +10:00
d5d9d7b1fd
- djm@cvs.openbsd.org 2013/08/13 18:33:08
...
[ssh-keygen.c]
another of the same typo
2013-08-21 02:43:27 +10:00
d234afb0b3
- djm@cvs.openbsd.org 2013/08/13 18:32:08
...
[ssh-keygen.c]
typo in error message; from Stephan Rickauer
2013-08-21 02:42:58 +10:00
e0ee727b82
- djm@cvs.openbsd.org 2013/08/09 03:56:42
...
[sftp.c]
enable ctrl-left-arrow and ctrl-right-arrow to move forward/back a word;
matching ksh's relatively recent change.
2013-08-21 02:42:35 +10:00
fec029f1dc
- djm@cvs.openbsd.org 2013/08/09 03:39:13
...
[sftp-client.c]
two problems found by a to-be-committed regress test: 1) msg_id was not
being initialised so was starting at a random value from the heap
(harmless, but confusing). 2) some error conditions were not being
propagated back to the caller
2013-08-21 02:42:12 +10:00
036d30743f
- djm@cvs.openbsd.org 2013/08/09 03:37:25
...
[sftp.c]
do getopt parsing for all sftp commands (with an empty optstring for
commands without arguments) to ensure consistent behaviour
2013-08-21 02:41:46 +10:00
c7dba12bf9
- djm@cvs.openbsd.org 2013/08/08 05:04:03
...
[sftp-client.c sftp-client.h sftp.c]
add a "-l" flag for the rename command to force it to use the silly
standard SSH_FXP_RENAME command instead of the POSIX-rename- like
posix-rename@openssh.com extension.
intended for use in regress tests, so no documentation.
2013-08-21 02:41:15 +10:00
034f27a0c0
- djm@cvs.openbsd.org 2013/08/08 04:52:04
...
[sftp.c]
fix two year old regression: symlinking a file would incorrectly
canonicalise the target path. bz#2129 report from delphij AT freebsd.org
2013-08-21 02:40:44 +10:00
c6895c5c67
- jmc@cvs.openbsd.org 2013/08/07 06:24:51
...
[sftp.1 sftp.c]
sort -a;
2013-08-21 02:40:21 +10:00
a6d6c1f38a
- djm@cvs.openbsd.org 2013/08/06 23:06:01
...
[servconf.c]
add cast to avoid format warning; from portable
2013-08-21 02:40:01 +10:00
eec840673b
- djm@cvs.openbsd.org 2013/08/06 23:05:01
...
[sftp.1]
document top-level -a option (the -a option to 'get' was already
documented)
2013-08-21 02:39:39 +10:00
02e878070d
- djm@cvs.openbsd.org 2013/08/06 23:03:49
...
[sftp.c]
fix some whitespace at EOL
make list of commands an enum rather than a long list of defines
add -a to usage()
2013-08-21 02:38:51 +10:00
acd2060f75
- (dtucker) [regress/Makefile regress/test-exec.sh] Roll back the -nt
...
removal. The "make clean" removes modpipe which is built by the top-level
directory before running the tests. Spotted by tim@
2013-08-08 17:02:12 +10:00
9542de4547
- (dtucker) [misc.c] Remove define added for fallback testing that was
...
mistakenly included in the previous commit.
2013-08-08 12:50:06 +10:00
94396b7f06
- (dtucker) [misc.c] Fall back to time(2) at runtime if clock_gettime(
...
CLOCK_MONOTONIC...) fails. Some older versions of RHEL have the
CLOCK_MONOTONIC define but don't actually support it. Found and tested
by Kevin Brott, ok djm.
2013-08-08 11:52:37 +10:00
a5a3cbfa0f
- (dtucker) [regress/Makefile regress/test-exec.sh] Don't try to use test -nt
...
since some platforms (eg really old FreeBSD) don't have it. Instead,
run "make clean" before a complete regress run. ok djm.
2013-08-08 10:58:49 +10:00
f3ab2c5f9c
- (dtucker) [auth-krb5.c configure.ac openbsd-compat/bsd-misc.h] Add support
...
for building with older Heimdal versions. ok djm.
2013-08-04 21:48:41 +10:00
ab3575c055
- (djm) [sshlogin.h] Fix prototype merge botch from 2006; bz#2134
2013-08-01 14:34:16 +10:00
c192a4c4f6
- (djm) [channels.c channels.h] bz#2135: On Solaris, isatty() on a non-
...
blocking connecting socket will clear any stored errno that might
otherwise have been retrievable via getsockopt(). A hack to limit writes
to TTYs on AIX was triggering this. Since only AIX needs the hack, wrap
it in an #ifdef. Diagnosis and patch from Ivo Raisr.
2013-08-01 14:29:20 +10:00
81f7cf1ec5
more correct comment for last commit
2013-07-25 18:41:40 -07:00
0553ad76ff
- (tim) [regress/forwarding.sh] Fix for building outside read only source tree.
2013-07-25 16:03:16 -07:00
ed899eb597
- (tim) [sftp-client.c] Use of a gcc extension trips up native compilers on
...
Solaris and UnixWare. Feedback and OK djm@
2013-07-25 15:40:00 -07:00
d1e26cf391
- djm@cvs.openbsd.org 2013/06/21 02:26:26
...
[regress/sftp-cmds.sh regress/test-exec.sh]
unbreak sftp-cmds for renamed test data (s/ls/data/)
2013-07-25 12:11:18 +10:00
78d47b7c5b
- dtucker@cvs.openbsd.org 2013/06/10 21:56:43
...
[regress/forwarding.sh]
Add test for forward config parsing
2013-07-25 12:08:46 +10:00
fea440639e
- dtucker@cvs.openbsd.org 2013/05/30 20:12:32
...
[regress/test-exec.sh]
use ssh and sshd as testdata since it needs to be >256k for the rekey test
2013-07-25 12:08:07 +10:00
53435b2d87
- djm@cvs.openbsd.org 2013/07/25 00:57:37
...
[version.h]
openssh-6.3 for release
2013-07-25 11:57:15 +10:00
0d032419ee
- djm@cvs.openbsd.org 2013/07/25 00:56:52
...
[sftp-client.c sftp-client.h sftp.1 sftp.c]
sftp support for resuming partial downloads; patch mostly by Loganaden
Velvindron/AfriNIC with some tweaks by me; feedback and ok dtucker@
2013-07-25 11:56:52 +10:00
98e27dcf58
- djm@cvs.openbsd.org 2013/07/25 00:29:10
...
[ssh.c]
daemonise backgrounded (ControlPersist'ed) multiplexing master to ensure
it is fully detached from its controlling terminal. based on debugging
2013-07-25 11:55:52 +10:00
94c9cd34d1
- djm@cvs.openbsd.org 2013/07/22 12:20:02
...
[umac.h]
oops, forgot to commit corresponding header change;
spotted by jsg and jasper
2013-07-25 11:55:39 +10:00
c331dbd222
- djm@cvs.openbsd.org 2013/07/22 05:00:17
...
[umac.c]
make MAC key, data to be hashed and nonce for final hash const;
checked with -Wcast-qual
2013-07-25 11:55:20 +10:00
c8669a8cd2
- djm@cvs.openbsd.org 2013/07/20 22:20:42
...
[krl.c]
fix verification error in (as-yet usused) KRL signature checking path
2013-07-25 11:52:48 +10:00
63ddc899d2
- djm@cvs.openbsd.org 2013/07/20 01:55:13
...
[auth-krb5.c gss-serv-krb5.c gss-serv.c]
fix kerberos/GSSAPI deprecation warnings and linking; "looks okay" millert@
2013-07-20 13:35:45 +10:00
1f0e86f23f
- djm@cvs.openbsd.org 2013/07/20 01:50:20
...
[ssh-agent.c]
call cleanup_handler on SIGINT when in debug mode to ensure sockets
are cleaned up on manual exit; bz#2120
2013-07-20 13:22:49 +10:00
3009d3cbb8
- djm@cvs.openbsd.org 2013/07/20 01:44:37
...
[ssh-keygen.c ssh.c]
More useful error message on missing current user in /etc/passwd
2013-07-20 13:22:31 +10:00
32ecfa0f79
- djm@cvs.openbsd.org 2013/07/20 01:43:46
...
[umac.c]
use a union to ensure correct alignment; ok deraadt
2013-07-20 13:22:13 +10:00
85b45e0918
- markus@cvs.openbsd.org 2013/07/19 07:37:48
...
[auth.h kex.h kexdhs.c kexecdhs.c kexgexs.c monitor.c servconf.c]
[servconf.h session.c sshd.c sshd_config.5]
add ssh-agent(1) support to sshd(8); allows encrypted hostkeys,
or hostkeys on smartcards; most of the work by Zev Weiss; bz #1974
ok djm@
2013-07-20 13:21:52 +10:00
d93340cbb6
- djm@cvs.openbsd.org 2013/07/18 01:12:26
...
[ssh.1]
be more exact wrt perms for ~/.ssh/config; bz#2078
2013-07-18 16:14:34 +10:00
bf836e535d
- schwarze@cvs.openbsd.org 2013/07/16 00:07:52
...
[scp.1 sftp-server.8 ssh-keyscan.1 ssh-keysign.8 ssh-pkcs11-helper.8]
use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@
2013-07-18 16:14:13 +10:00
649fe025a4
- djm@cvs.openbsd.org 2013/07/12 05:48:55
...
[ssh.c]
set TCP nodelay for connections started with -N; bz#2124 ok dtucker@
2013-07-18 16:13:55 +10:00
5bb8833e80
- djm@cvs.openbsd.org 2013/07/12 05:42:03
...
[ssh-keygen.c]
do_print_resource_record() can never be called with a NULL filename, so
don't attempt (and bungle) asking for one if it has not been specified
bz#2127 ok dtucker@
2013-07-18 16:13:37 +10:00
7313fc9222
- djm@cvs.openbsd.org 2013/07/12 00:43:50
...
[misc.c]
in ssh_gai_strerror() don't fallback to strerror for EAI_SYSTEM when
errno == 0. Avoids confusing error message in some broken resolver
cases. bz#2122 patch from plautrba AT redhat.com; ok dtucker
2013-07-18 16:13:19 +10:00
746d1a6c52
- djm@cvs.openbsd.org 2013/07/12 00:20:00
...
[sftp.c ssh-keygen.c ssh-pkcs11.c]
fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
2013-07-18 16:13:02 +10:00
ce98654674
- djm@cvs.openbsd.org 2013/07/12 00:19:59
...
[auth-options.c auth-rsa.c bufaux.c buffer.h channels.c hostfile.c]
[hostfile.h mux.c packet.c packet.h roaming_common.c serverloop.c]
fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
2013-07-18 16:12:44 +10:00
0d02c3e10e
- markus@cvs.openbsd.org 2013/07/02 12:31:43
...
[dh.c]
remove extra whitespace
2013-07-18 16:12:06 +10:00
fecfd118d6
- jmc@cvs.openbsd.org 2013/06/27 14:05:37
...
[ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
do not use Sx for sections outwith the man page - ingo informs me that
stuff like html will render with broken links;
issue reported by Eric S. Raymond, via djm
2013-07-18 16:11:50 +10:00
bc35d92e78
- djm@cvs.openbsd.org 2013/06/22 06:31:57
...
[scp.c]
improved time_t overflow check suggested by guenther@
2013-07-18 16:11:25 +10:00
8158441d01
- djm@cvs.openbsd.org 2013/06/21 05:43:10
...
[scp.c]
make this -Wsign-compare clean after time_t conversion
2013-07-18 16:11:07 +10:00
bbeb1dac55
- djm@cvs.openbsd.org 2013/06/21 05:42:32
...
[dh.c]
sprinkle in some error() to explain moduli(5) parse failures
2013-07-18 16:10:49 +10:00
7f2b438ca0
- djm@cvs.openbsd.org 2013/06/21 00:37:49
...
[ssh_config.5]
explicitly mention that IdentitiesOnly can be used with IdentityFile
to control which keys are offered from an agent.
2013-07-18 16:10:29 +10:00
20bdcd7236
- djm@cvs.openbsd.org 2013/06/21 00:34:49
...
[auth-rsa.c auth.h auth2-hostbased.c auth2-pubkey.c monitor.c]
for hostbased authentication, print the client host and user on
the auth success/failure line; bz#2064, ok dtucker@
2013-07-18 16:10:09 +10:00
3071070b39
- markus@cvs.openbsd.org 2013/06/20 19:15:06
...
[krl.c]
don't leak the rdata blob on errors; ok djm@
2013-07-18 16:09:44 +10:00
044bd2a7dd
- guenther@cvs.openbsd.org 2013/06/17 04:48:42
...
[scp.c]
Handle time_t values as long long's when formatting them and when
parsing them from remote servers.
Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
2013-07-18 16:09:25 +10:00
9a66155421
- dtucker@cvs.openbsd.org 2013/06/10 19:19:44
...
[readconf.c]
revert 1.203 while we investigate crashes reported by okan@
2013-07-18 16:09:04 +10:00
b7482cff46
- (dtucker) [contrib/cygwin/README contrib/cygwin/ssh-host-config
...
contrib/cygwin/ssh-user-config] Modernizes and improve readability of
the Cygwin README file (which hasn't been updated for ages), drop
unsupported OSes from the ssh-host-config help text, and drop an
unneeded option from ssh-user-config. Patch from vinschen at redhat com.
2013-07-02 20:06:46 +10:00
b8ae92d08b
- (dtucker) [myproposal.h] Make the conditional algorithm support consistent
...
and add some comments so it's clear what goes where.
2013-06-11 12:10:02 +10:00
97b62f41ad
- (dtucker) [myproposal.h] Do not advertise AES GSM ciphers if we don't have
...
the required OpenSSL support. Patch from naddy at freebsd.
2013-06-11 11:47:24 +10:00
6d8bd57448
- (dtucker) [Makefile.in configure.ac fixalgorithms] Remove unsupported
...
algorithms (Ciphers, MACs and HostKeyAlgorithms) from man pages.
2013-06-11 11:26:10 +10:00
36187093ea
- dtucker@cvs.openbsd.org 2013/06/07 15:37:52
...
[channels.c channels.h clientloop.c]
Add an "ABANDONED" channel state and use for mux sessions that are
disconnected via the ~. escape sequence. Channels in this state will
be able to close if the server responds, but do not count as active channels.
This means that if you ~. all of the mux clients when using ControlPersist
on a broken network, the backgrounded mux master will exit when the
Control Persist time expires rather than hanging around indefinitely.
bz#1917, also reported and tested by tedu@. ok djm@ markus@.
2013-06-10 13:07:11 +10:00
ae133d4b31
- (dtucker) [configure.ac sftp.c openbsd-compat/openbsd-compat.h] Cater for
...
platforms that don't have multibyte character support (specifically,
mblen).
2013-06-06 08:30:20 +10:00
408eaf3ab7
- dtucker@cvs.openbsd.org 2013/06/05 22:00:28
...
[readconf.c]
plug another memleak. bz#1967, from Zhenbo Xu, detected by Melton, ok djm
2013-06-06 08:22:46 +10:00
e52a260f16
- dtucker@cvs.openbsd.org 2013/06/05 12:52:38
...
[sshconnect2.c]
Fix memory leaks found by Zhenbo Xu and the Melton tool. bz#1967, ok djm
2013-06-06 08:22:05 +10:00
0cca17fa18
- dtucker@cvs.openbsd.org 2013/06/05 02:27:50
...
[sshd.c]
When running sshd -D, close stderr unless we have explicitly requesting
logging to stderr. From james.hunt at ubuntu.com via bz#1976, djm's patch
so, err, ok dtucker.
2013-06-06 08:21:14 +10:00
746e9067bd
- dtucker@cvs.openbsd.org 2013/06/05 02:07:29
...
[mux.c]
fix leaks in mux error paths, from Zhenbo Xu, found by Melton. bz#1967,
ok djm
2013-06-06 08:20:13 +10:00
ea64721275
- dtucker@cvs.openbsd.org 2013/06/04 20:42:36
...
[sftp.c]
Make sftp's libedit interface marginally multibyte aware by building up
the quoted string by character instead of by byte. Prevents failures
when linked against a libedit built with wide character support (bz#1990).
"looks ok" djm
2013-06-06 08:19:09 +10:00
194454d7a8
- dtucker@cvs.openbsd.org 2013/06/04 19:12:23
...
[scp.c]
use MAXPATHLEN for buffer size instead of fixed value. ok markus
2013-06-06 08:16:04 +10:00
4ac66af091
- dtucker@cvs.openbsd.org 2013/06/03 00:03:18
...
[mac.c]
force the MAC output to be 64-bit aligned so umac won't see unaligned
accesses on strict-alignment architectures. bz#2101, patch from
tomas.kuthan at oracle.com, ok djm@
2013-06-06 08:12:37 +10:00
ea8342c248
- dtucker@cvs.openbsd.org 2013/06/02 23:36:29
...
[clientloop.h clientloop.c mux.c]
No need for the mux cleanup callback to be visible so restore it to static
and call it through the detach_user function pointer. ok djm@
2013-06-06 08:11:40 +10:00
5d12b8f05d
- dtucker@cvs.openbsd.org 2013/06/02 21:01:51
...
[channels.h]
typo in comment
2013-06-06 08:09:10 +10:00
dc62edbf12
- (dtucker) [Makefile.in] append $CFLAGS to compiler options when building
...
modpipe in case there's anything in there we need.
2013-06-06 05:12:35 +10:00
2a22873cd8
- (dtucker) [regress/forwarding.sh] For (as yet unknown) reason, the
...
forwarding test is extremely slow copying data on some machines so switch
back to copying the much smaller ls binary until we can figure out why
this is.
2013-06-06 01:59:13 +10:00
b4e00949f0
- (dtucker) [contrib/ssh-copy-id] bz#2117: Use portable operator in test.
...
Patch from cjwatson at debian.
2013-06-05 22:48:44 +10:00
2ea9eb77a7
- (dtucker) Enable sha256 kex methods based on the presence of the necessary
...
functions, not from the openssl version.
2013-06-05 15:04:00 +10:00
16cac190eb
- (dtucker) [configure.ac] Some other platforms need sys/types.h before
...
sys/socket.h.
2013-06-04 12:55:24 +10:00
0b43ffe143
- (dtucker) [configure.ac] Some platforms need sys/types.h before sys/un.h.
2013-06-03 09:30:44 +10:00
3f3064c822
- (tim) [regress/sftp-chroot.sh] skip if no sudo. ok dtucker
2013-06-02 15:13:09 -07:00
01ec0af301
- (tim) [aclocal.m4] Enhance OSSH_CHECK_CFLAG_COMPILE to check stderr.
...
feedback and ok dtucker
2013-06-02 14:31:27 -07:00
5ab9b63468
- (tim) [configure.ac regress/Makefile] With rev 1.47 of test-exec.sh we
...
need a shell that can handle "[ file1 -nt file2 ]". Rather than keep
dealing with shell portability issues in regression tests, we let
configure find us a capable shell on those platforms with an old /bin/sh.
2013-06-02 14:05:48 -07:00
898ac935e5
- (dtucker) [configure.ac] bz#2111: don't try to use lastlog on Android.
...
Patch from Nathan Osman.
2013-06-03 02:03:25 +10:00
ef4901c3eb
- (dtucker) [configure.ac] sys/un.h needs sys/socket.h on some platforms
...
to prevent noise from configure. Patch from Nathan Osman.
2013-06-03 01:59:13 +10:00
073f795bc1
- dtucker@cvs.openbsd.org 2013/06/02 13:35:58
...
[ssh-agent.c]
Make parent_alive_interval time_t to avoid signed/unsigned comparison
2013-06-02 23:47:11 +10:00
00e1abb1eb
- dtucker@cvs.openbsd.org 2013/06/02 13:33:05
...
[progressmeter.c]
Add misc.h for monotime prototype. (id sync only)
2013-06-02 23:46:24 +10:00
86211d1738
20130602
...
- (tim) [Makefile.in] Make Solaris, UnixWare, & OpenServer linkers happy
linking regress/modpipe.
2013-06-01 18:38:23 -07:00
e9887d1c37
- (dtucker) [sandbox-seccomp-filter.c] Allow clock_gettimeofday.
2013-06-02 09:17:09 +10:00
65cf74079a
fix typo
2013-06-02 09:11:19 +10:00
c9a1991b95
- dtucker@cvs.openbsd.org 2013/06/01 22:34:50
...
[sftp-client.c]
Update progressmeter when data is acked, not when it's sent. bz#2108, from
Debian via Colin Watson, ok djm@
2013-06-02 08:37:05 +10:00
a710891659
- (dtucker) [configure.ac misc.c] Look for clock_gettime in librt and fall
...
back to time(NULL) if we can't find it anywhere.
2013-06-02 08:18:31 +10:00
f60845fde2
- (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c cipher-ctr.c
...
groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c
sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c
openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c
openbsd-compat/port-linux.c] Replace portable-specific instances of xfree
with the equivalent calls to free.
2013-06-02 08:07:31 +10:00
Damien Miller
Darren Tucker
Tim Rice