Commit Graph

6717 Commits

Author SHA1 Message Date
Damien Miller
7bf7b889b3 - (djm) [openbsd-compat/port-linux.c] bz#1960: fix crash on SELinux
systems where sshd is run in te wrong context. Patch from Sven
   Vermeulen; ok dtucker@
2012-03-09 10:25:16 +11:00
Darren Tucker
93a2d41505 - (dtucker) [audit-bsm.c configure.ac] bug #1968: enable workarounds for BSM
audit breakage in Solaris 11.  Patch from Magnus Johansson.
2012-02-24 10:40:41 +11:00
Tim Rice
a3f297de91 - (tim) [regress/keytype.sh] stderr redirection needs to be inside back quote
to work. Spotted by Angel Gonzalez
2012-02-14 23:01:42 -08:00
Tim Rice
f79b5d38a1 - (tim) [defines.h] move chunk introduced in 1.125 before MAXPATHLEN so
it actually works.
2012-02-14 20:13:05 -08:00
Tim Rice
e3609c935c - (tim) [openbsd-compat/bsd-misc.h sshd.c] Fix conflicting return type for
unsetenv due to rev 1.14 change to setenv.c. Cast unsetenv to void in sshd.c
   ok dtucker@
2012-02-14 10:03:30 -08:00
Damien Miller
7b7901c330 - (djm) [openbsd-compat/bsd-cygwin_util.c] Add PROGRAMFILES to list of
preserved Cygwin environment variables; from Corinna Vinschen
2012-02-14 06:38:36 +11:00
Damien Miller
db854559be - markus@cvs.openbsd.org 2012/02/09 20:00:18
[version.h]
     move from 6.0-beta to 6.0
2012-02-11 08:19:44 +11:00
Damien Miller
72de982def - markus@cvs.openbsd.org 2012/01/25 19:40:09
[packet.c packet.h]
     packet_read_poll() is not used anymore.
2012-02-11 08:19:21 +11:00
Damien Miller
5d0077008f - markus@cvs.openbsd.org 2012/01/25 19:36:31
[authfile.c]
     memleak in key_load_file(); from Jan Klemkow
2012-02-11 08:19:02 +11:00
Damien Miller
1de2cfe9a9 - markus@cvs.openbsd.org 2012/01/25 19:26:43
[packet.c]
     do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying;
     ok dtucker@, djm@
2012-02-11 08:18:43 +11:00
Damien Miller
8d60be5487 - dtucker@cvs.openbsd.org 2012/01/18 21:46:43
[clientloop.c]
     Ensure that $DISPLAY contains only valid characters before using it to
     extract xauth data so that it can't be used to play local shell
     metacharacter games.  Report from r00t_ati at ihteam.net, ok markus.
2012-02-11 08:18:17 +11:00
Damien Miller
fb12c6d8bb - miod@cvs.openbsd.org 2012/01/16 20:34:09
[ssh-pkcs11-client.c]
     Fix a memory leak in pkcs11_rsa_private_encrypt(), reported by Jan Klemkow.
     While there, be sure to buffer_clear() between send_msg() and recv_msg().
     ok markus@
2012-02-11 08:17:52 +11:00
Damien Miller
83ba8e6056 - miod@cvs.openbsd.org 2012/01/08 13:17:11
[ssh-ecdsa.c]
     Fix memory leak in ssh_ecdsa_verify(); from Loganaden Velvindron,
     ok markus@
2012-02-11 08:17:27 +11:00
Damien Miller
2ec0342ed4 - djm@cvs.openbsd.org 2012/01/07 21:11:36
[mux.c]
     fix double-free in new session handler
2012-02-11 08:16:28 +11:00
Damien Miller
a2876db5e6 - djm@cvs.openbsd.org 2012/01/05 00:16:56
[monitor.c]
     memleak on error path
2012-02-11 08:16:06 +11:00
Damien Miller
b56e4930ae - (djm) [ssh-keygen.c] Don't fail in do_gen_all_hostkeys on platforms
that don't support ECC. Patch from Phil Oleson
2012-02-06 07:41:27 +11:00
Darren Tucker
e9b3ad73ba - (dtucker) [configure.ac mac.c openbsd-compat/openssl-compat.h] Add
null implementation of HMAC_CTX_init for the benefit of old versions
   of OpenSSL that don't have it.
2012-01-17 14:03:34 +11:00
Damien Miller
8ed4de8f1d - djm@cvs.openbsd.org 2011/12/07 05:44:38
[auth2.c dh.c packet.c roaming.h roaming_client.c roaming_common.c]
     fix some harmless and/or unreachable int overflows;
     reported Xi Wang, ok markus@
2011-12-19 10:52:50 +11:00
Damien Miller
913ddff40d - djm@cvs.openbsd.org 2011/12/04 23:16:12
[mux.c]
     revert:
     > revision 1.32
     > date: 2011/12/02 00:41:56;  author: djm;  state: Exp;  lines: +4 -1
     > fix bz#1948: ssh -f doesn't fork for multiplexed connection.
     > ok dtucker@
     it interacts badly with ControlPersist
2011-12-19 10:52:21 +11:00
Damien Miller
d0e582c6da - djm@cvs.openbsd.org 2011/12/02 00:43:57
[mac.c]
     fix bz#1934: newer OpenSSL versions will require HMAC_CTX_Init before
     HMAC_init (this change in policy seems insane to me)
     ok dtucker@
2011-12-19 10:51:39 +11:00
Damien Miller
5360dff2a0 - djm@cvs.openbsd.org 2011/12/02 00:41:56
[mux.c]
     fix bz#1948: ssh -f doesn't fork for multiplexed connection.
     ok dtucker@
2011-12-19 10:51:11 +11:00
Damien Miller
47d8115e53 - oga@cvs.openbsd.org 2011/11/16 12:24:28
[sftp.c]
     Don't leak list in complete_cmd_parse if there are no commands found.
     Discovered when I was ``borrowing'' this code for something else.
     ok djm@
2011-11-25 13:53:48 +11:00
Darren Tucker
4a725ef6a5 - (dtucker) [configure.ac] Set _FORTIFY_SOURCE. ok djm@ 2011-11-21 16:38:48 +11:00
Darren Tucker
aa3cbd1b5b - (dtucker) [INSTALL LICENCE configure.ac openbsd-compat/Makefile.in
openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/getrrsetbyname.c]
   bz 1320: Add optional support for LDNS, a BSD licensed DNS resolver library
   which supports DNSSEC.  Patch from Simon Vallet (svallet at genoscope cns fr)
   with some rework from myself and djm.  ok djm.
2011-11-04 11:25:24 +11:00
Darren Tucker
be4032ba1e - dtucker@cvs.openbsd.org 011/11/04 00:09:39
[moduli]
     regenerated moduli file; ok deraadt
2011-11-04 11:16:06 +11:00
Darren Tucker
9c5d553d58 - djm@cvs.openbsd.org 2011/10/24 02:13:13
[session.c]
     bz#1859: send tty break to pty master instead of (probably already
     closed) slave side; "looks good" markus@
2011-11-04 10:55:24 +11:00
Darren Tucker
2d6665d944 - djm@cvs.openbsd.org 2011/10/24 02:10:46
[ssh.c]
     bz#1943: unbreak stdio forwarding when ControlPersist is in user - ssh
     was incorrectly requesting the forward in both the control master and
     slave. skip requesting it in the master to fix. ok markus@
2011-11-04 10:54:22 +11:00
Darren Tucker
8a057953d2 - djm@cvs.openbsd.org 2011/10/19 10:39:48
[umac.c]
     typo in comment; patch from Michael W. Bombardieri
2011-11-04 10:53:31 +11:00
Darren Tucker
9ee09cfce6 - djm@cvs.openbsd.org 2011/10/19 00:06:10
[moduli.c]
     s/tmpfile/tmp/ to make this -Wshadow clean
2011-11-04 10:52:43 +11:00
Darren Tucker
e68cf84ac8 - djm@cvs.openbsd.org 2011/10/18 23:37:42
[ssh-add.c]
     add -k to usage(); reminded by jmc@
2011-11-04 10:51:51 +11:00
Darren Tucker
45c66d7ad4 - djm@cvs.openbsd.org 2011/10/18 05:15:28
[ssh.c]
     ssh(1): skip attempting to create ~/.ssh when -F is passed; ok markus@
2011-11-04 10:50:40 +11:00
Darren Tucker
9f157abbb6 - (dtucker) [contrib/cygwin/Makefile] Continue if installing a doc file
fails.  Patch from Corinna Vinschen.
2011-10-25 09:37:57 +11:00
Damien Miller
8f4279e4ab - djm@cvs.openbsd.org 2011/10/18 05:00:48
[ssh-add.1 ssh-add.c]
     new "ssh-add -k" option to load plain keys (skipping certificates);
     "looks ok" markus@
2011-10-18 16:06:33 +11:00
Damien Miller
c51a5ab2c6 - djm@cvs.openbsd.org 2011/10/18 04:58:26
[auth-options.c key.c]
     remove explict search for \0 in packet strings, this job is now done
     implicitly by buffer_get_cstring; ok markus
2011-10-18 16:06:14 +11:00
Damien Miller
91f3eaec88 - stsp@cvs.openbsd.org 2011/10/16 15:51:39
[moduli.c]
     add missing includes to unbreak tree; fix from rpointel
2011-10-18 16:05:55 +11:00
Damien Miller
927d82bc6a - jmc@cvs.openbsd.org 2011/10/16 15:02:41
[ssh-keygen.c]
     put -K in the right place (usage());
2011-10-18 16:05:38 +11:00
Damien Miller
390d0561fc - dtucker@cvs.openbsd.org 2011/10/16 11:02:46
[moduli.c ssh-keygen.1 ssh-keygen.c]
     Add optional checkpoints for moduli screening.  feedback & ok deraadt
2011-10-18 16:05:19 +11:00
Damien Miller
d3e6990c4c - djm@cvs.openbsd.org 2011/10/04 14:17:32
[sftp-glob.c]
     silence error spam for "ls */foo" in directory with files; bz#1683
2011-10-18 16:04:57 +11:00
Darren Tucker
2e13560ff5 - djm@cvs.openbsd.org 2011/09/30 21:22:49
[sshd.c]
     fix inverted test that caused logspam; spotted by henning@
2011-10-02 19:10:13 +11:00
Darren Tucker
95125e5f43 ChangeLog entry for sshd.c rev 1.409 2011-10-02 19:09:07 +11:00
Darren Tucker
af1a60ec4f - djm@cvs.openbsd.org 2011/09/25 05:44:47
[auth2-pubkey.c]
     improve the AuthorizedPrincipalsFile debug log message to include
     file and line number
2011-10-02 18:59:59 +11:00
Darren Tucker
68afb8c5f2 - markus@cvs.openbsd.org 2011/09/23 07:45:05
[mux.c readconf.h channels.h compat.h compat.c ssh.c readconf.c channels.c     version.h]
     unbreak remote portforwarding with dynamic allocated listen ports:
     1) send the actual listen port in the open message (instead of 0).
        this allows multiple forwardings with a dynamic listen port
     2) update the matching permit-open entry, so we can identify where
        to connect to
     report: den at skbkontur.ru and P. Szczygielski
     feedback and ok djm@
2011-10-02 18:59:03 +11:00
Darren Tucker
1338b9e067 - dtucker@cvs.openbsd.org 2011/09/23 00:22:04
[channels.c auth-options.c servconf.c channels.h sshd.8]
     Add wildcard support to PermitOpen, allowing things like "PermitOpen
     localhost:*".  bz #1857, ok djm markus.
2011-10-02 18:57:35 +11:00
Darren Tucker
b0b29cc0c5 remove SELECT_REQUIRED_FDS added erroneously with strnlen. spotted by tim 2011-10-02 18:49:24 +11:00
Darren Tucker
036876cd7d - (dtucker) [openbsd-compat/mktemp.c] Fix compiler warning. ok djm 2011-10-01 18:46:12 +10:00
Darren Tucker
b54f50e5d0 - (dtucker) [configure.ac openbsd-compat/Makefile.in
openbsd-compat/strnlen.c] Add strnlen to the compat library.
2011-09-29 23:17:18 +10:00
Damien Miller
5ffe1c4b43 - (djm) [configure.ac defines.h] No need to detect sizeof(char); patch
from des AT des.no
2011-09-29 11:11:51 +10:00
Damien Miller
d1a74580f8 - (djm) [openbsd-compat/setenv.c] Forklift upgrade, including inclusion
of static __findenv() function from upstream setenv.c
2011-09-23 11:26:34 +10:00
Damien Miller
3e6fe87ef9 - otto@cvs.openbsd.org 2008/12/09 19:38:38
[openbsd-compat/inet_ntop.c]
     fix inet_ntop(3) prototype; ok millert@ libc to be bumbed very soon
2011-09-23 11:16:09 +10:00
Damien Miller
64efe9671d - (djm) [openbsd-compat/sha2.c openbsd-compat/sha2.h] Remove OpenBSD rcsid
marker. The upstream API has changed (function and structure names)
   enough to put it out of sync with other providers of this interface.
2011-09-23 11:13:00 +10:00