05b5e518c9
- dtucker@cvs.openbsd.org 2013/05/17 10:23:52
...
[regress/login-timeout.sh regress/reexec.sh regress/test-exec.sh]
Use SUDO when cat'ing pid files and running the sshd log wrapper so that
it works with a restrictive umask and the pid files are not world readable.
Changes from -portable. (id sync only)
2013-05-17 20:41:07 +10:00
dd669173f9
- dtucker@cvs.openbsd.org 2013/05/17 10:16:26
...
[regress/try-ciphers.sh]
use expr for math to keep diffs vs portable down
(id sync only)
2013-05-17 20:39:57 +10:00
044f32f4c6
- (dtucker) [regress/cfgmatch.sh] Remove unneeded sleep renderd obsolete by
...
rev 1.6 which calls wait.
2013-05-17 20:12:57 +10:00
9cc8ff7b63
- (dtucker) [regress/runtests.sh] Remove obsolete test driver script.
2013-05-17 20:01:52 +10:00
f8d5b34517
- (dtucker) [regress/stderr-after-eof.sh regress/test-exec.sh] Move the md5
...
helper function to the portable part of test-exec.sh.
2013-05-17 19:53:25 +10:00
6f66981ed3
- (dtucker) [regress/test-exec.sh] Move the portable-specific functions
...
together and add a couple of missing lines from openbsd.
2013-05-17 19:28:51 +10:00
5f1a89a3b6
- (dtucker) [regress/integrity.sh regress/krl.sh regress/test-exec.sh]
...
Move the jot helper function to portable-specific part of test-exec.sh.
2013-05-17 19:17:58 +10:00
96457a54d0
- (dtucker) [regress/agent-getpeereid.sh] Resync spaces with openbsd.
2013-05-17 19:03:38 +10:00
7f19323659
- (dtucker) [regress/cfgmatch.sh] Resync config file setup with openbsd.
2013-05-17 19:02:28 +10:00
8654dd2d73
- (dtucker) [openbsd-compat/getopt.h] Remove unneeded bits.
2013-05-17 16:03:48 +10:00
59d928d3b4
- dtucker@cvs.openbsd.org 2013/05/17 04:29:14
...
[regress/sftp.sh regress/putty-ciphers.sh regress/cipher-speed.sh
regress/test-exec.sh regress/sftp-batch.sh regress/dynamic-forward.sh
regress/putty-transfer.sh regress/conch-ciphers.sh regress/sftp-cmds.sh
regress/scp.sh regress/ssh-com-sftp.sh regress/rekey.sh
regress/putty-kex.sh regress/stderr-data.sh regress/stderr-after-eof.sh
regress/sftp-badcmds.sh regress/reexec.sh regress/ssh-com-client.sh
regress/sftp-chroot.sh regress/forwarding.sh regress/transfer.sh
regress/multiplex.sh]
Move the setting of DATA and COPY into test-exec.sh
2013-05-17 15:32:29 +10:00
34035be27b
- dtucker@cvs.openbsd.org 2013/05/17 01:32:11
...
[regress/integrity.sh]
don't print output from ssh before getting it (it's available in ssh.log)
2013-05-17 14:47:51 +10:00
b8b96b0aa6
- dtucker@cvs.openbsd.org 2013/05/17 01:16:09
...
[regress/agent-timeout.sh]
Pull back some portability changes from -portable:
- TIMEOUT is a read-only variable in some shells
- not all greps have -q so redirect to /dev/null instead.
(ID sync only)
2013-05-17 14:46:20 +10:00
56347efe79
- dtucker@cvs.openbsd.org 2013/05/17 00:37:40
...
[regress/agent.sh regress/keytype.sh regress/cfgmatch.sh
regress/forcecommand.sh regress/proto-version.sh regress/test-exec.sh
regress/cipher-speed.sh regress/cert-hostkey.sh regress/cert-userkey.sh
regress/ssh-com.sh]
replace 'echo -n' with 'printf' since it's more portable
also remove "echon" hack.
2013-05-17 13:28:36 +10:00
91af05c516
- (dtucker) [regress/integrity.sh]. Force fixed Diffie-Hellman key exchange
...
methods. When the openssl version doesn't support ECDH then next one on
the list is DH group exchange, but that causes a bit more traffic which can
mean that the tests flip bits in the initial exchange rather than the MACed
traffic and we get different errors to what the tests look for.
2013-05-17 13:16:59 +10:00
6e1e60c3c2
- (dtucker) [regress/bsd.regress.mk] Remove unused file. We've never used it
...
in portable and it's long gone in openbsd.
2013-05-17 11:23:41 +10:00
982b0cbc4c
- dtucker@cvs.openbsd.org 2013/05/16 05:48:31
...
[regress/rekey.sh]
add tests for RekeyLimit parsing
2013-05-17 09:45:12 +10:00
14490fe7b0
- dtucker@cvs.openbsd.org 2013/05/16 04:26:10
...
[regress/rekey.sh]
add server-side rekey test
2013-05-17 09:44:20 +10:00
c31c8729c1
- dtucker@cvs.openbsd.org 2013/05/16 03:33:30
...
[regress/rekey.sh]
test rekeying when there's no data being transferred
2013-05-17 09:43:33 +10:00
a8a62fcc46
- dtucker@cvs.openbsd.org 2013/05/16 02:10:35
...
[rekey.sh]
Add test for time-based rekeying
2013-05-17 09:42:34 +10:00
5e95173715
- djm@cvs.openbsd.org 2013/05/10 03:46:14
...
[modpipe.c]
sync some portability changes from portable OpenSSH (id sync only)
2013-05-17 09:41:33 +10:00
a4df65b9fc
- dtucker@cvs.openbsd.org 2013/04/22 07:28:53
...
[multiplex.sh]
Add tests for -Oforward and -Ocancel for local and remote forwards
2013-05-17 09:37:31 +10:00
40aaff7e4b
- dtucker@cvs.openbsd.org 2013/04/22 07:23:08
...
[multiplex.sh]
Write mux master logs to regress.log instead of ssh.log to keep separate
2013-05-17 09:36:20 +10:00
f3568fc62b
- djm@cvs.openbsd.org 2013/04/18 02:46:12
...
[Makefile regress/sftp-chroot.sh]
test sshd ChrootDirectory+internal-sftp; feedback & ok dtucker@
2013-05-17 09:35:26 +10:00
dfea3bcdd7
- dtucker@cvs.openbsd.org 2013/04/07 02:16:03
...
[regress/Makefile regress/rekey.sh regress/integrity.sh
regress/sshd-log-wrapper.sh regress/forwarding.sh regress/test-exec.sh]
use -E option for ssh and sshd to write debuging logs to ssh{,d}.log and
save the output from any failing tests. If a test fails the debug output
from ssh and sshd for the failing tests (and only the failing tests) should
be available in failed-ssh{,d}.log.
2013-05-17 09:31:39 +10:00
75129025a2
- dtucker@cvs.openbsd.org 2013/04/06 06:00:22
...
[regress/rekey.sh regress/test-exec.sh regress/integrity.sh
regress/multiplex.sh Makefile regress/cfgmatch.sh]
Split the regress log into 3 parts: the debug output from ssh, the debug
log from sshd and the output from the client command (ssh, scp or sftp).
Somewhat functional now, will become more useful when ssh/sshd -E is added.
2013-05-17 09:19:10 +10:00
7c8b1e7233
- dtucker@cvs.openbsd.org 2013/03/23 11:09:43
...
[test-exec.sh]
Only regenerate host keys if they don't exist or if ssh-keygen has changed
since they were. Reduces test runtime by 5-30% depending on machine
speed.
2013-05-17 09:10:20 +10:00
712de4d110
- djm@cvs.openbsd.org 2013/03/07 00:20:34
...
[regress/proxy-connect.sh]
repeat test with a style appended to the username
2013-05-17 09:07:12 +10:00
09c0f0325b
- dtucker@cvs.openbsd.org 2013/05/16 10:44:06
...
[servconf.c]
remove another now-unused variable
2013-05-16 20:48:57 +10:00
9113d0c238
- dtucker@cvs.openbsd.org 2013/05/16 10:43:34
...
[servconf.c readconf.c]
remove now-unused variables
2013-05-16 20:48:14 +10:00
e194ba4111
- (dtucker) [configure.ac readconf.c servconf.c
...
openbsd-compat/openbsd-compat.h] Add compat bits for scan_scaled.
2013-05-16 20:47:31 +10:00
b7ee852144
- dtucker@cvs.openbsd.org 2013/05/16 09:12:31
...
[readconf.c servconf.c]
switch RekeyLimit traffic volume parsing to scan_scaled. ok djm@
2013-05-16 20:33:10 +10:00
dbee308253
- dtucker@cvs.openbsd.org 2013/05/16 09:08:41
...
[log.c scp.c sshd.c serverloop.c schnorr.c sftp.c]
Fix some "unused result" warnings found via clang and -portable.
ok markus@
2013-05-16 20:32:29 +10:00
64d22946d6
- jmc@cvs.openbsd.org 2013/05/16 06:30:06
...
[sshd_config.5]
oops! avoid Xr to self;
2013-05-16 20:31:29 +10:00
63e0df2b93
- jmc@cvs.openbsd.org 2013/05/16 06:28:45
...
[ssh_config.5]
put IgnoreUnknown in the right place;
2013-05-16 20:30:31 +10:00
0763698f71
- djm@cvs.openbsd.org 2013/05/16 04:27:50
...
[ssh_config.5 readconf.h readconf.c]
add the ability to ignore specific unrecognised ssh_config options;
bz#866; ok markus@
2013-05-16 20:30:03 +10:00
5f96f3b4be
- dtucker@cvs.openbsd.org 2013/05/16 04:09:14
...
[sshd_config.5 servconf.c servconf.h packet.c serverloop.c monitor.c sshd_config
sshd.c] Add RekeyLimit to sshd with the same syntax as the client allowing
rekeying based on traffic volume or time. ok djm@, help & ok jmc@ for the man
page.
2013-05-16 20:29:28 +10:00
c53c2af173
- dtucker@cvs.openbsd.org 2013/05/16 02:00:34
...
[ssh_config sshconnect2.c packet.c readconf.h readconf.c clientloop.c
ssh_config.5 packet.h]
Add an optional second argument to RekeyLimit in the client to allow
rekeying based on elapsed time in addition to amount of traffic.
with djm@ jmc@, ok djm
2013-05-16 20:28:16 +10:00
64c6fceecd
- dtucker@cvs.openbsd.org 2013/05/10 10:13:50
...
[ssh-pkcs11-helper.c]
remove unused extern optarg. ok markus@
2013-05-16 20:27:14 +10:00
caf0010934
- djm@cvs.openbsd.org 2013/05/10 04:08:01
...
[key.c]
memleak in cert_free(), wasn't actually freeing the struct;
bz#2096 from shm AT digitalsun.pl
2013-05-16 20:26:18 +10:00
7e831edbf7
add missing attribution
2013-05-16 20:25:40 +10:00
54da6be320
- djm@cvs.openbsd.org 2013/05/10 03:40:07
...
[sshconnect2.c]
fix bzero(ptr_to_struct, sizeof(ptr_to_struct)); bz#2100 from
2013-05-16 20:25:04 +10:00
5d8b702d95
- dtucker@cvs.openbsd.org 2013/05/06 07:35:12
...
[sftp-server.8]
Reference the version of the sftp draft we actually implement. ok djm@
2013-05-16 20:24:23 +10:00
026d9db3fb
- tedu@cvs.openbsd.org 2013/04/24 16:01:46
...
[misc.c]
remove extra parens noticed by nicm
2013-05-16 20:23:52 +10:00
2ca51bf140
- tedu@cvs.openbsd.org 2013/04/23 17:49:45
...
[misc.c]
use xasprintf instead of a series of strlcats and strdup. ok djm
2013-05-16 20:22:46 +10:00
6aa3eacc5e
- (djm) [contrib/ssh-copy-id] Fix bug that could cause "rm *" to be
...
executed if mktemp failed; bz#2105 ok dtucker@
2013-05-16 11:10:17 +10:00
c54e3e0741
- (dtucker) [configure.ac] Add -Werror to the -Qunused-arguments test so
...
we don't get a warning on compilers that *don't* support it. Add
-Wno-unknown-warning-option. Move both to the start of the list for
maximum noise suppression. Tested with gcc 4.6.3, gcc 2.95.4 and clang 2.9.
2013-05-10 18:53:14 +10:00
a75d247a18
- (dtucker) [kex.c] Only include sha256 and ECC key exchange methods when the
...
underlying libraries support them.
2013-05-10 18:11:55 +10:00
0abfb559e3
- (dtucker) [openbsd-compat/getopt.h openbsd-compat/getopt_long.c
...
openbsd-compat/openbsd-compat.h] pull in getopt.h from openbsd and plumb
in to use it when we're using our own getopt.
2013-05-10 18:08:49 +10:00
ccfdfceacb
- (dtucker) [openbsd-compat/Makefile.in openbsd-compat/getopt.c
...
openbsd-compat/getopt_long.c regress/modpipe.c] Remove getopt.c, add
portability code to getopt_long.c and switch over Makefile and the ugly
hack in modpipe.c. Fixes bz#1448.
2013-05-10 16:28:55 +10:00
3933202007
- (dtucker) [openbsd-compat/getopt_long.c] Import from OpenBSD. No
...
portability changes yet.
2013-05-10 15:38:11 +10:00
35b2fe99be
- (dtucker) [openbsd-compat/getopt.c] Factor out portibility changes to
...
getopt.c. Preprocessed source is identical other than line numbers.
2013-05-10 15:35:26 +10:00
abbc7a7c02
- (dtucker) [configure.ac] Enable -Wsizeof-pointer-memaccess if the compiler
...
supports it. Mentioned by Colin Watson in bz#2100, ok djm.
2013-05-10 13:54:23 +10:00
bc02f163f6
- dtucker@cvs.openbsd.org 2013/04/22 01:17:18
...
[mux.c]
typo in debug output: evitval->exitval
2013-04-23 19:25:49 +10:00
f8b894e31d
- djm@cvs.openbsd.org 2013/04/19 12:07:08
...
[kex.c]
remove duplicated list entry pointed out by naddy@
2013-04-23 19:25:29 +10:00
34bd20a1e5
- djm@cvs.openbsd.org 2013/04/19 11:10:18
...
[ssh.c]
add -Q to usage; reminded by jmc@
2013-04-23 19:25:00 +10:00
ea11119eee
- djm@cvs.openbsd.org 2013/04/19 01:06:50
...
[authfile.c cipher.c cipher.h kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c]
[key.c key.h mac.c mac.h packet.c ssh.1 ssh.c]
add the ability to query supported ciphers, MACs, key type and KEX
algorithms to ssh. Includes some refactoring of KEX and key type handling
to be table-driven; ok markus@
2013-04-23 19:24:32 +10:00
a56086b990
- djm@cvs.openbsd.org 2013/04/19 01:03:01
...
[session.c]
reintroduce 1.262 without the connection-killing bug:
fatal() when ChrootDirectory specified by running without root privileges;
ok markus@
2013-04-23 15:24:18 +10:00
0d6771b464
- djm@cvs.openbsd.org 2013/04/19 01:01:00
...
[ssh-keygen.c]
fix some memory leaks; bz#2088 ok dtucker@
2013-04-23 15:23:24 +10:00
467b00c38b
- djm@cvs.openbsd.org 2013/04/19 01:00:10
...
[sshd_config.5]
document the requirment that the AuthorizedKeysCommand be owned by root;
ok dtucker@ markus@
2013-04-23 15:23:07 +10:00
9303e6527b
- djm@cvs.openbsd.org 2013/04/18 02:16:07
...
[sftp.c]
make "sftp -q" do what it says on the sticker: hush everything but errors;
2013-04-23 15:22:40 +10:00
f1a02aea35
- dtucker@cvs.openbsd.org 2013/04/17 09:04:09
...
[session.c]
revert rev 1.262; it fails because uid is already set here. ok djm@
2013-04-23 15:22:13 +10:00
d5edefd27a
- djm@cvs.openbsd.org 2013/04/11 02:27:50
...
[packet.c]
quiet disconnect notifications on the server from error() back to logit()
if it is a normal client closure; bz#2057 ok+feedback dtucker@
2013-04-23 15:21:39 +10:00
6901032b05
- dtucker@cvs.openbsd.org 2013/04/07 09:40:27
...
[sshd.8]
clarify -e text. suggested by & ok jmc@
2013-04-23 15:21:24 +10:00
03d4d7e60b
- dtucker@cvs.openbsd.org 2013/04/07 02:10:33
...
[log.c log.h ssh.1 ssh.c sshd.8 sshd.c]
Add -E option to ssh and sshd to append debugging logs to a specified file
instead of stderr or syslog. ok markus@, man page help jmc@
2013-04-23 15:21:06 +10:00
37f1c08473
- markus@cvs.openbsd.org 2013/04/06 16:07:00
...
[channels.c sshd.c]
handle ECONNABORTED for accept(); ok deraadt some time ago...
2013-04-23 15:20:43 +10:00
172859cff7
- djm@cvs.openbsd.org 2013/04/05 00:58:51
...
[mux.c]
cleanup mux-created channels that are in SSH_CHANNEL_OPENING state too
(in addition to ones already in OPEN); bz#2079, ok dtucker@
2013-04-23 15:19:27 +10:00
9f12b5dcd5
- djm@cvs.openbsd.org 2013/04/05 00:31:49
...
[pathnames.h]
use the existing _PATH_SSH_USER_RC define to construct the other
pathnames; bz#2077, ok dtucker@ (no binary change)
2013-04-23 15:19:11 +10:00
d677ad14ff
- djm@cvs.openbsd.org 2013/04/05 00:14:00
...
[auth2-gss.c krl.c sshconnect2.c]
hush some {unused, printf type} warnings
2013-04-23 15:18:51 +10:00
508b6c3d3b
- djm@cvs.openbsd.org 2013/03/08 06:32:58
...
[ssh.c]
allow "ssh -f none ..." ok markus@
2013-04-23 15:18:28 +10:00
91a55f28f3
- markus@cvs.openbsd.org 2013/03/07 19:27:25
...
[auth.h auth2-chall.c auth2.c monitor.c sshd_config.5]
add submethod support to AuthenticationMethods; ok and freedback djm@
2013-04-23 15:18:10 +10:00
4ce189d910
- djm@cvs.openbsd.org 2013/03/07 00:19:59
...
[auth2-pubkey.c monitor.c]
reconstruct the original username that was sent by the client, which may
have included a style (e.g. "root:skey") when checking public key
signatures. Fixes public key and hostbased auth when the client specified
a style; ok markus@
2013-04-23 15:17:52 +10:00
5cbec4c259
- djm@cvs.openbsd.org 2013/03/06 23:36:53
...
[readconf.c]
g/c unused variable (-Wunused)
2013-04-23 15:17:12 +10:00
998cc56b65
- djm@cvs.openbsd.org 2013/03/06 23:35:23
...
[session.c]
fatal() when ChrootDirectory specified by running without root privileges;
ok markus@
2013-04-23 15:16:43 +10:00
62e9c4f9b6
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2013/03/05 20:16:09
[sshconnect2.c]
reset pubkey order on partial success; ok djm@
2013-04-23 15:15:49 +10:00
6332da2ae8
- (djm) [auth.c configure.ac misc.c monitor.c monitor_wrap.c] Support
...
platforms, such as Android, that lack struct passwd.pw_gecos. Report
and initial patch from Nathan Osman bz#2086; feedback tim@ ok dtucker@
2013-04-23 14:25:52 +10:00
ce1c9574fc
- (dtucker) [configure.ac] Use -Qunused-arguments to suppress warnings from
...
unused argument warnings (in particular, -fno-builtin-memset) from clang.
2013-04-18 21:36:19 +10:00
bc68f2451b
- (djm) [config.guess config.sub] Update to last versions before they switch
...
to GPL3. ok dtucker@
2013-04-18 11:26:25 +10:00
15fd19c4c9
- djm@cvs.openbsd.org 2013/02/22 22:09:01
...
[ssh.c]
Allow IdenityFile=none; ok markus deraadt (and dtucker for an earlier
version)
2013-04-05 11:22:26 +11:00
5d1d9541a7
- markus@cvs.openbsd.org 2013/02/22 19:13:56
...
[sshconnect.c]
support ProxyCommand=- (stdin/out already point to the proxy); ok djm@
2013-04-05 11:20:00 +11:00
aefa368243
- dtucker@cvs.openbsd.org 2013/02/22 04:45:09
...
[ssh.c readconf.c readconf.h]
Don't complain if IdentityFiles specified in system-wide configs are
missing. ok djm, deraadt
2013-04-05 11:18:35 +11:00
f3c3814243
- dtucker@cvs.openbsd.org 2013/02/19 02:12:47
...
[krl.c]
Remove bogus include. ok djm
(id sync only)
2013-04-05 11:16:52 +11:00
1910478c2d
- dtucker@cvs.openbsd.org 2013/02/17 23:16:57
...
[readconf.c ssh.c readconf.h sshconnect2.c]
Keep track of which IndentityFile options were manually supplied and which
were default options, and don't warn if the latter are missing.
ok markus@
2013-04-05 11:13:08 +11:00
c9627cdbc6
- (dtucker) [openbsd-compat/bsd-cygwin_util.{c,h}] Don't include windows.h
...
to avoid conflicting definitions of __int64, adding the required bits.
Patch from Corinna Vinschen.
2013-04-01 12:40:48 +11:00
75db01d2ce
- (tim) [Makefile.in] remove some duplication introduced in 20130220 commit.
2013-03-22 10:14:32 -07:00
221b4b2436
- (dtucker) [includes.h] Check if _GNU_SOURCE is already defined before
...
defining it again. Prevents warnings if someone, eg, sets it in CFLAGS.
2013-03-22 12:51:09 +11:00
c8a0f27c6d
- (dtucker) [configure.ac] Add stdlib.h to zlib check for exit() prototype.
2013-03-22 12:49:14 +11:00
eed8dc2610
- (djm) Release 6.2p1
2013-03-22 10:25:22 +11:00
83efe7c861
- (djm) [contrib/ssh-copy-id contrib/ssh-copy-id.1] Updated to Phil
...
Hands' greatly revised version.
2013-03-22 10:17:36 +11:00
63b4bcd04e
- (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c]
...
[openbsd-compat/vis.h] FreeBSD's strnvis isn't compatible with OpenBSD's
so mark it as broken. Patch from des AT des.no
2013-03-20 12:55:14 +11:00
aa86c3970f
- (tim) [configure.ac] OpenServer 5 wants lastlog even though it has none
...
of the bits the configure test looks for.
2013-03-16 20:55:46 -07:00
5852840190
- (djm) [session.c] FreeBSD needs setusercontext(..., LOGIN_SETUMASK) to
...
occur after UID switch; patch from John Marshall via des AT des.no;
ok dtucker@
2013-03-15 11:22:37 +11:00
f4db77d766
- (djm) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
...
Add a usleep replacement for platforms that lack it; ok dtucker
2013-03-15 10:34:25 +11:00
a2438bbd28
- (djm) [configure.ac] Disable utmp, wtmp and/or lastlog if the platform
...
is unable to successfully compile them. Based on patch from des AT
des.no
2013-03-15 10:23:07 +11:00
aa97d13fa2
- (dtucker) [auth.c configure.ac platform.c platform.h] Accept uid 2 ("bin")
...
in addition to root as an owner of system directories on AIX and HP-UX.
ok djm@
2013-03-12 11:31:05 +11:00
fe10a28e08
- (dtucker) [regress/Makefile regress/cipher-speed.sh regress/test-exec.sh]
...
Improve portability of cipher-speed test, based mostly on a patch from
Iain Morgan.
2013-03-12 11:19:40 +11:00
e4f4347822
- (djm) [configure.ac] Add a timeout to the select/rlimit test to give it a
...
chance to complete on broken systems; ok dtucker@
2013-03-08 12:14:22 +11:00
2b6ea47106
- (tim) [Makefile.in] Add another missing $(EXEEXT) I should have seen 3 days
...
ago.
2013-03-07 07:37:13 -08:00
4d1a0fe029
remove extra word
2013-03-07 20:14:34 +11:00
9243ef086f
- (dtucker) [defines.h] Remove SIZEOF_CHAR bits since the test for it is
...
was removed in configure.ac rev 1.481 as it was redundant.
2013-03-07 20:06:13 +11:00
b3cd503742
- (dtucker) [INSTALL] Bump documented autoconf version to what we're
...
currently using.
2013-03-07 12:33:35 +11:00
ff008ded7f
- (dtucker) [configure.ac] test that we can set number of file descriptors
...
to zero with setrlimit before enabling the rlimit sandbox. This affects
(at least) HPUX 11.11.
2013-03-06 17:48:48 +11:00
834a0d6d54
- (dtucker) [regress/forward-control.sh] Wait longer for the forwarding
...
connection to start so that the test works on slower machines.
2013-03-06 14:06:48 +11:00
ff8bda8f05
- (tim) [Makefile.in] Add missing $(EXEEXT). Found by Roumen Petrov.
2013-03-05 14:23:58 -08:00
29c7151d20
- (dtucker) [Makefile.in] Remove trailing "\" on PATHS, which caused obscure
...
build breakage on (at least) HP-UX 11.11. Found by Amit Kulkarni and Kevin
Brott.
2013-03-05 21:50:09 +11:00
fef9f7c3d1
add Amit.
2013-03-05 20:02:24 +11:00
5f0e54c892
- (dtucker) [configure.ac] use "=" for shell test and not "==". Spotted by
...
Kevin Brott.
2013-03-05 19:57:39 +11:00
43e5e60bad
- (djm) [regress/modpipe.c] Compilation fix for AIX and parsing fix for
...
HP/UX. Spotted by Kevin Brott
2013-03-05 09:49:00 +11:00
21f591b6d9
- (tim) [regress/krl.sh] keep old solaris awk from hanging.
2013-02-26 22:48:31 -08:00
ada7e17ae5
- (tim) [regress/integrity.sh] keep old solaris awk from hanging.
2013-02-26 21:49:09 -08:00
f9e2060ca9
- (tim) [regress/integrity.sh] shell portability fix.
2013-02-26 20:27:29 -08:00
a514bc05b1
- (tim) [regress/forward-control.sh] use sh in case login shell is csh.
2013-02-26 19:35:26 -08:00
c0cc7ce166
- (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
...
[contrib/suse/openssh.spec] Crank version numbers
2013-02-27 10:48:18 +11:00
6c21bb8c4a
- (djm) [regress/integrity.sh] Run sshd via $SUDO; fixes tinderbox breakage
...
for UsePAM=yes configuration
2013-02-26 19:41:30 +11:00
1e657d592d
- djm@cvs.openbsd.org 2013/02/20 08:27:50
...
[integrity.sh]
Add an option to modpipe that warns if the modification offset it not
reached in it's stream and turn it on for t-integrity. This should catch
cases where the session is not fuzzed for being too short (cf. my last
"oops" commit)
2013-02-26 18:58:06 +11:00
03978c61f3
- (dtucker) [configure.ac ssh-gss.h] bz#2073: additional #includes needed
...
to use Solaris native GSS libs. Patch from Pierre Ossman.
2013-02-25 11:24:44 +11:00
a423fefb89
welcome to 2013
2013-02-25 10:32:27 +11:00
b87f6b70f8
- (djm) [configure.ac includes.h loginrec.c mux.c sftp.c] Prefer
...
bsd/libutil.h to libutil.h to avoid deprecation warnings on Ubuntu.
ok tim
2013-02-23 09:12:23 +11:00
91f40d8592
- (djm) [configure.ac sandbox-seccomp-filter.c] Support for Linux
...
seccomp-bpf sandbox on ARM. Patch from shawnlandden AT gmail.com;
ok dtucker
2013-02-22 11:37:00 +11:00
a2b5a4c746
- (dtucker) [configure.ac] bz#2073: look for Solaris' differently-named
...
libgss too. Patch from Pierre Ossman, ok djm.
2013-02-22 10:43:15 +11:00
964de184a8
- (dtucker) [Makefile.in configure.ac] bz#2072: don't link krb5 libs to
...
ssh(1) since they're not needed. Patch from Pierre Ossman.
2013-02-22 10:39:59 +11:00
0ec7423692
- (tim) [regress/forward-control.sh] shell portability fix.
2013-02-20 21:37:55 -08:00
5acc6be981
- djm@cvs.openbsd.org 2013/02/20 08:29:27
...
[regress/modpipe.c]
s/Id/OpenBSD/ in RCS tag
2013-02-20 21:16:07 +11:00
283e575a7d
- djm@cvs.openbsd.org 2013/02/20 08:27:50
...
[regress/integrity.sh regress/modpipe.c]
Add an option to modpipe that warns if the modification offset it not
reached in it's stream and turn it on for t-integrity. This should catch
cases where the session is not fuzzed for being too short (cf. my last
"oops" commit)
2013-02-20 21:13:27 +11:00
c31db8cd6e
- (tim) [krl.c Makefile.in regress/Makefile regress/modpipe.c] remove unneeded
...
err.h include from krl.c. Additional portability fixes for modpipe. OK djm
2013-02-19 19:01:51 -08:00
c08b3ef6f4
- (tim) [regress/cipher-speed.sh regress/try-ciphers.sh] shell portability fix.
2013-02-19 11:53:29 -08:00
dae85cc3ad
- (djm) [regress/integrity.sh] Skip SHA2-based MACs on configurations that
...
lack support for SHA2.
2013-02-19 14:27:44 +11:00
b3764e1202
- djm@cvs.openbsd.org 2013/02/19 02:14:09
...
[integrity.sh]
oops, forgot to increase the output of the ssh command to ensure that
we actually reach $offset
2013-02-19 13:15:01 +11:00
0dc3bc908e
- djm@cvs.openbsd.org 2013/02/18 22:26:47
...
[integrity.sh]
crank the offset yet again; it was still fuzzing KEX one of Darren's
portable test hosts at 2800
2013-02-19 09:28:32 +11:00
33d52566bc
- djm@cvs.openbsd.org 2013/02/17 23:16:55
...
[integrity.sh]
make the ssh command generates some output to ensure that there are at
least offset+tries bytes in the stream.
2013-02-18 10:18:05 +11:00
5d7b9565bc
- djm@cvs.openbsd.org 2013/02/16 06:08:45
...
[integrity.sh]
make sure the fuzz offset is actually past the end of KEX for all KEX
types. diffie-hellman-group-exchange-sha256 requires an offset around
2700. Noticed via test failures in portable OpenSSH on platforms that
lack ECC and this the more byte-frugal ECDH KEX algorithms.
2013-02-16 17:32:31 +11:00
2991d288db
- (dtucker) [openbsd-compat/bsd-misc.c] Handle the case where setpgrp() takes
...
an argument. Pointed out by djm.
2013-02-15 14:55:38 +11:00
f32db83f41
- (dtucker) [openbsd-compat/openbsd-compat.h] Add prototype for strtoul,
...
group strto* function prototypes together.
2013-02-15 12:20:41 +11:00
5ceddc31cd
- dtucker@cvs.openbsd.org 2013/02/15 00:21:01
...
[sshconnect2.c]
Warn more loudly if an IdentityFile provided by the user cannot be read.
bz #1981 , ok djm@
2013-02-15 12:18:32 +11:00
8e6fb780e5
- (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoull.c
...
openbsd-compat/openbsd-compat.h] Add strtoull to compat library for
platforms that don't have it.
2013-02-15 12:13:01 +11:00
3c4a24c3e3
- (dtucker) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
...
Use getpgrp() if we don't have getpgid() (old BSDs, maybe others).
2013-02-15 11:41:35 +11:00
4018dc04da
- djm@cvs.openbsd.org 2013/02/14 21:35:59
...
[auth2-pubkey.c]
Correct error message that had a typo and was logging the wrong thing;
patch from Petr Lautrbach
2013-02-15 10:28:55 +11:00
91edc1ce2b
- (djm) [contrib/suse/rc.sshd] Use SSHD_BIN consistently; bz#2056 from
...
Iain Morgan
2013-02-15 10:23:44 +11:00
57f9218528
- (djm) [regress/integrity.sh] Start fuzzing from offset 2500 (instead
...
of 2300) to avoid clobbering the end of (non-MAC'd) KEX. Verified by
Iain Morgan
2013-02-14 10:32:33 +11:00
6d77d6ea2b
- (djm) [regress/krl.sh] typo; found by Iain Morgan
2013-02-14 10:31:03 +11:00
2653f5c0a6
- (djm) [regress/krl.sh] Don't use ecdsa keys in environment that lack ECC.
2013-02-14 10:14:51 +11:00
2f20de5e3f
- (djm) [regress/try-ciphers.sh] clean up CVS merge botch
2013-02-12 11:31:38 +11:00
58e2c5b394
- djm@cvs.openbsd.org 2013/02/11 23:58:51
...
[try-ciphers.sh]
remove acss here too
2013-02-12 11:16:57 +11:00
22e8a1e169
- dtucker@cvs.openbsd.org 2013/02/11 21:21:58
...
[sshd.c]
Add openssl version to debug output similar to the client. ok markus@
2013-02-12 11:04:48 +11:00
894926ebd8
- djm@cvs.openbsd.org 2013/02/10 23:35:24
...
[packet.c]
record "Received disconnect" messages at ERROR rather than INFO priority,
since they are abnormal and result in a non-zero ssh exit status; patch
from Iain Morgan in bz#2057; ok dtucker@
2013-02-12 11:03:58 +11:00
78d22713c7
- djm@cvs.openbsd.org 2013/02/10 23:32:10
...
[ssh-keygen.c]
append to moduli file when screening candidates rather than overwriting.
allows resumption of interrupted screen; patch from Christophe Garault
in bz#1957; ok dtucker@
2013-02-12 11:03:36 +11:00
fd05154dc4
- markus@cvs.openbsd.org 2013/02/10 21:19:34
...
[version.h]
openssh 6.2
2013-02-12 11:03:10 +11:00
d6d9fa0281
- djm@cvs.openbsd.org 2013/02/08 00:41:12
...
[sftp.c]
fix NULL deref when built without libedit and control characters
entered as command; debugging and patch from Iain Morgan an
Loganaden Velvindron in bz#1956
2013-02-12 11:02:46 +11:00
18de9133c2
- dtucker@cvs.openbsd.org 2013/02/06 00:22:21
...
[auth.c]
Fix comment, from jfree.e1 at gmail
2013-02-12 11:02:27 +11:00
1f583df8c3
- dtucker@cvs.openbsd.org 2013/02/06 00:20:42
...
[servconf.c sshd_config sshd_config.5]
Change default of MaxStartups to 10:30:100 to start doing random early
drop at 10 connections up to 100 connections. This will make it harder
to DoS as CPUs have come a long way since the original value was set
back in 2000. Prompted by nion at debian org, ok markus@
2013-02-12 11:02:08 +11:00
Darren Tucker
Damien Miller
Tim Rice