Commit Graph

7567 Commits

Author SHA1 Message Date
Damien Miller e8c9f2602c - (djm) [sshd_config.5] typo; from Iain Morgan 2014-10-03 09:24:56 +10:00
Damien Miller 703b98a267 - (djm) [openbsd-compat/Makefile.in openbsd-compat/kludge-fd_set.c]
[openbsd-compat/openbsd-compat.h] Kludge around bad glibc
   _FORTIFY_SOURCE check that doesn't grok heap-allocated fd_sets;
   ok dtucker@
2014-10-01 09:43:07 +10:00
Damien Miller 0fa0ed061b - (djm) [sandbox-seccomp-filter.c] Allow mremap and exit for DietLibc;
patch from Felix von Leitner; ok dtucker
2014-09-10 08:15:34 +10:00
Darren Tucker ad7d23d461 20140908
- (dtucker) [INSTALL] Update info about egd.  ok djm@
2014-09-09 12:23:10 +10:00
Damien Miller 2a8699f37c - (djm) [openbsd-compat/arc4random.c] Zero seed after keying PRNG 2014-09-04 03:46:05 +10:00
Damien Miller 44988defb1 - (djm) [contrib/cygwin/ssh-host-config] Fix old code leading to
permissions/ACLs; from Corinna Vinschen
2014-09-03 05:35:32 +10:00
Damien Miller 23f269562b - (djm) [defines.h sshbuf.c] Move __predict_true|false to defines.h and
conditionalise to avoid duplicate definition.
2014-09-03 05:33:25 +10:00
Damien Miller 41c8de2c00 - (djm) [Makefile.in] Make TEST_SHELL a variable; "good idea" tim@ 2014-08-30 16:23:06 +10:00
Damien Miller d7c81e216a - (djm) [openbsd-compat/openssl-compat.h] add include guard 2014-08-30 04:18:28 +10:00
Damien Miller 4687802dda - (djm) [misc.c] Missing newline between functions 2014-08-30 03:29:19 +10:00
Damien Miller 51c77e2922 - (djm) [openbsd-compat/openssl-compat.h] add
OPENSSL_[RD]SA_MAX_MODULUS_BITS defines for OpenSSL that lacks them
2014-08-30 02:30:30 +10:00
Damien Miller 3d673d103b - (djm) [openbsd-compat/explicit_bzero.c] implement explicit_bzero()
using memset_s() where possible; improve fallback to indirect bzero
   via a volatile pointer to give it more of a chance to avoid being
   optimised away.
2014-08-27 06:32:01 +10:00
Damien Miller 146218ac11 - (djm) [monitor.c sshd.c] SIGXFSZ needs to be ignored in postauth
monitor, not preauth; bz#2263
2014-08-27 04:11:55 +10:00
Damien Miller 1b215c098b - (djm) [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c]
[regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c]
   [regress/unittests/sshkey/common.c]
   [regress/unittests/sshkey/test_file.c]
   [regress/unittests/sshkey/test_fuzz.c]
   [regress/unittests/sshkey/test_sshkey.c] Don't include openssl/ec.h
   on !ECC OpenSSL systems
2014-08-27 04:04:40 +10:00
Damien Miller ad013944af - (djm) [INSTALL] Recommend libcrypto be built -fPIC, mention LibreSSL,
update OpenSSL version requirement.
2014-08-26 09:27:28 +10:00
Damien Miller ed126de8ee - (djm) [bufec.c] Skip this file on !ECC OpenSSL 2014-08-26 08:37:47 +10:00
Damien Miller 9c1dede005 - (djm) [sftp-server.c] Some systems (e.g. Irix) have prctl() but not
PR_SET_DUMPABLE, so adjust ifdef; reported by Tom Christensen
2014-08-24 03:01:06 +10:00
Damien Miller d244a5816f - (djm) [configure.ac] We now require a working vsnprintf everywhere (not
just for systems that lack asprintf); check for it always and extend
   test to catch more brokenness. Fixes builds on Solaris <= 9
2014-08-23 17:06:49 +10:00
Damien Miller 4cec036362 - (djm) [sshd.c] Ignore SIGXFSZ in preauth monitor child; can explode on
lastlog writing on platforms with high UIDs; bz#2263
2014-08-23 03:11:09 +10:00
Damien Miller 394a60f259 - (djm) [configure.ac] double braces to appease autoconf 2014-08-22 18:06:20 +10:00
Damien Miller 4d69aeabd6 - (djm) [openbsd-compat/bsd-snprintf.c] Fix compilation failure (prototype/
definition mismatch) and warning for broken/missing snprintf case.
2014-08-22 17:48:27 +10:00
Damien Miller 0c11f1ac36 - (djm) [sshbuf-getput-crypto.c] Fix compilation when OpenSSL lacks ECC 2014-08-22 17:36:56 +10:00
Damien Miller 6d62784b89 - (djm) [configure.ac] include leading zero characters in OpenSSL version
number; fixes test for unsupported versions
2014-08-22 17:36:19 +10:00
Damien Miller 4f1ff1ed78 - (djm) [regress/unittests/test_helper/test_helper.c] Fix for systems that
don't set __progname. Diagnosed by Tom Christensen.
2014-08-21 15:54:50 +10:00
Damien Miller 005a64da0f - (djm) [key.h] Fix ifdefs for no-ECC OpenSSL 2014-08-21 10:48:41 +10:00
Damien Miller aa6598ebb3 - (djm) [Makefile.in] fix reference to libtest_helper.a in sshkey test too. 2014-08-21 10:47:54 +10:00
Damien Miller 54703e3cf6 - (djm) [contrib/cygwin/README] Correct build instructions; from Corinna 2014-08-20 11:10:51 +10:00
Damien Miller f0935698f0 - (djm) [sshkey.h] Fix compilation when OpenSSL lacks ECC 2014-08-20 11:06:50 +10:00
Damien Miller c5089ecaec - (djm) [Makefile.in] refer to libtest_helper.a by explicit path rather than
-L/-l; fixes linking problems on some platforms
2014-08-20 11:06:20 +10:00
Damien Miller 2195847e50 - (djm) [configure.ac] Check OpenSSL version is supported at configure time;
suggested by Kevin Brott
2014-08-20 11:05:03 +10:00
Damien Miller a75aca1bbc - (djm) [INSTALL contrib/caldera/openssh.spec contrib/cygwin/README]
[contrib/redhat/openssh.spec contrib/suse/openssh.spec] Remove mentions
   of TCP wrappers.
2014-08-19 11:36:07 +10:00
Damien Miller 3f022b5a94 - (djm) [ssh-dss.c] Include openssl/dsa.h for DSA_SIG 2014-08-19 11:32:34 +10:00
Damien Miller 8813790263 - (djm) [sshbuf.h] Fix compilation on systems without OPENSSL_HAS_ECC. 2014-08-19 11:28:11 +10:00
Damien Miller 2f3d1e7fb2 - (djm) [myproposal.h] Make curve25519 KEX dependent on
HAVE_EVP_SHA256 instead of OPENSSL_HAS_ECC.
2014-08-19 11:14:36 +10:00
Damien Miller d4e7d59d01 - (djm) [serverloop.c] Fix syntax error on Cygwin; from Corinna Vinschen 2014-08-19 11:14:17 +10:00
Damien Miller 9eaeea2cf2 - (djm) [README contrib/caldera/openssh.spec]
[contrib/redhat/openssh.spec contrib/suse/openssh.spec] Update versions
2014-08-10 11:35:05 +10:00
Damien Miller f8988fbef0 - (djm) [regress/multiplex.sh] Use -d (detach stdin) flag to disassociate
nc from stdin, it's more portable
2014-08-01 13:31:52 +10:00
Damien Miller 5b3879fd4b - (djm) [regress/multiplex.sh] Instruct nc not to quit as soon as stdin
is closed; avoid regress failures when stdin is /dev/null
2014-08-01 12:28:31 +10:00
Damien Miller a9c46746d2 - (djm) [regress/multiplex.sh] Skip test for non-OpenBSD netcat. We need
a better solution, but this will have to do for now.
2014-08-01 12:26:49 +10:00
Damien Miller 426117b2e9 - schwarze@cvs.openbsd.org 2014/07/28 15:40:08
[sftp-server.8 sshd_config.5]
     some systems no longer need /dev/log;
     issue noticed by jirib;
     ok deraadt
2014-07-30 12:33:20 +10:00
Damien Miller f497794b69 - dtucker@cvs.openbsd.org 2014/07/25 21:22:03
[ssh-agent.c]
     Clear buffer used for handling messages.  This prevents keys being
     left in memory after they have been expired or deleted in some cases
     (but note that ssh-agent is setgid so you would still need root to
     access them).  Pointed out by Kevin Burns, ok deraadt
2014-07-30 12:32:46 +10:00
Damien Miller a8a0f65c57 - OpenBSD CVS Sync
- millert@cvs.openbsd.org 2014/07/24 22:57:10
     [ssh.1]
     Mention UNIX-domain socket forwarding too.  OK jmc@ deraadt@
2014-07-30 12:32:28 +10:00
Damien Miller 56b840f2b8 - (djm) [regress/multiplex.sh] restore incorrectly deleted line;
pointed out by Christian Hesse
2014-07-25 08:11:30 +10:00
Darren Tucker dd417b60d5 - dtucker@cvs.openbsd.org 2014/07/22 23:35:38
[regress/unittests/sshkey/testdata/*]
     Regenerate test keys with certs signed with ed25519 instead of ecdsa.
     These can be used in -portable on platforms that don't support ECDSA.
2014-07-23 10:41:21 +10:00
Darren Tucker 40e5021189 - dtucker@cvs.openbsd.org 2014/07/22 23:57:40
[regress/unittests/sshkey/mktestdata.sh]
     Add $OpenBSD tag to make syncs easier
2014-07-23 10:35:45 +10:00
Darren Tucker 07e644251e - dtucker@cvs.openbsd.org 2014/07/22 23:23:22
[regress/unittests/sshkey/mktestdata.sh]
     Sign test certs with ed25519 instead of ecdsa so that they'll work in
     -portable on platforms that don't have ECDSA in their OpenSSL.  ok djm
2014-07-23 10:34:26 +10:00
Darren Tucker cea099a7c4 - djm@cvs.openbsd.org 2014/07/22 01:32:12
[regress/multiplex.sh]
     change the test for still-open Unix domain sockets to be robust against
     nc implementations that produce error messages. from -portable
     (Id sync only)
2014-07-23 10:04:02 +10:00
Darren Tucker 31eb78078d - guenther@cvs.openbsd.org 2014/07/22 07:13:42
[umac.c]
     Convert from <sys/endian.h> to the shiney new <endian.h>
     ok dtucker@, who also confirmed that -portable handles this already
     (ID sync only, includes.h pulls in endian.h if available.)
2014-07-23 09:43:42 +10:00
Darren Tucker 820763efef - dtucker@cvs.openbsd.org 2014/07/22 01:18:50
[key.c]
     Prevent spam from key_load_private_pem during hostbased auth.  ok djm@
2014-07-23 09:40:46 +10:00
Darren Tucker c4ee219a66 - (dtucker) [regress/unittests/sshkey/test_{file,fuzz,sshkey}.c] Wrap ecdsa-
specific tests inside OPENSSL_HAS_ECC.
2014-07-23 04:27:50 +10:00