Damien Miller
e8c9f2602c
- (djm) [sshd_config.5] typo; from Iain Morgan
2014-10-03 09:24:56 +10:00
Damien Miller
703b98a267
- (djm) [openbsd-compat/Makefile.in openbsd-compat/kludge-fd_set.c]
...
[openbsd-compat/openbsd-compat.h] Kludge around bad glibc
_FORTIFY_SOURCE check that doesn't grok heap-allocated fd_sets;
ok dtucker@
2014-10-01 09:43:07 +10:00
Damien Miller
0fa0ed061b
- (djm) [sandbox-seccomp-filter.c] Allow mremap and exit for DietLibc;
...
patch from Felix von Leitner; ok dtucker
2014-09-10 08:15:34 +10:00
Darren Tucker
ad7d23d461
20140908
...
- (dtucker) [INSTALL] Update info about egd. ok djm@
2014-09-09 12:23:10 +10:00
Damien Miller
2a8699f37c
- (djm) [openbsd-compat/arc4random.c] Zero seed after keying PRNG
2014-09-04 03:46:05 +10:00
Damien Miller
44988defb1
- (djm) [contrib/cygwin/ssh-host-config] Fix old code leading to
...
permissions/ACLs; from Corinna Vinschen
2014-09-03 05:35:32 +10:00
Damien Miller
23f269562b
- (djm) [defines.h sshbuf.c] Move __predict_true|false to defines.h and
...
conditionalise to avoid duplicate definition.
2014-09-03 05:33:25 +10:00
Damien Miller
41c8de2c00
- (djm) [Makefile.in] Make TEST_SHELL a variable; "good idea" tim@
2014-08-30 16:23:06 +10:00
Damien Miller
d7c81e216a
- (djm) [openbsd-compat/openssl-compat.h] add include guard
2014-08-30 04:18:28 +10:00
Damien Miller
4687802dda
- (djm) [misc.c] Missing newline between functions
2014-08-30 03:29:19 +10:00
Damien Miller
51c77e2922
- (djm) [openbsd-compat/openssl-compat.h] add
...
OPENSSL_[RD]SA_MAX_MODULUS_BITS defines for OpenSSL that lacks them
2014-08-30 02:30:30 +10:00
Damien Miller
3d673d103b
- (djm) [openbsd-compat/explicit_bzero.c] implement explicit_bzero()
...
using memset_s() where possible; improve fallback to indirect bzero
via a volatile pointer to give it more of a chance to avoid being
optimised away.
2014-08-27 06:32:01 +10:00
Damien Miller
146218ac11
- (djm) [monitor.c sshd.c] SIGXFSZ needs to be ignored in postauth
...
monitor, not preauth; bz#2263
2014-08-27 04:11:55 +10:00
Damien Miller
1b215c098b
- (djm) [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c]
...
[regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c]
[regress/unittests/sshkey/common.c]
[regress/unittests/sshkey/test_file.c]
[regress/unittests/sshkey/test_fuzz.c]
[regress/unittests/sshkey/test_sshkey.c] Don't include openssl/ec.h
on !ECC OpenSSL systems
2014-08-27 04:04:40 +10:00
Damien Miller
ad013944af
- (djm) [INSTALL] Recommend libcrypto be built -fPIC, mention LibreSSL,
...
update OpenSSL version requirement.
2014-08-26 09:27:28 +10:00
Damien Miller
ed126de8ee
- (djm) [bufec.c] Skip this file on !ECC OpenSSL
2014-08-26 08:37:47 +10:00
Damien Miller
9c1dede005
- (djm) [sftp-server.c] Some systems (e.g. Irix) have prctl() but not
...
PR_SET_DUMPABLE, so adjust ifdef; reported by Tom Christensen
2014-08-24 03:01:06 +10:00
Damien Miller
d244a5816f
- (djm) [configure.ac] We now require a working vsnprintf everywhere (not
...
just for systems that lack asprintf); check for it always and extend
test to catch more brokenness. Fixes builds on Solaris <= 9
2014-08-23 17:06:49 +10:00
Damien Miller
4cec036362
- (djm) [sshd.c] Ignore SIGXFSZ in preauth monitor child; can explode on
...
lastlog writing on platforms with high UIDs; bz#2263
2014-08-23 03:11:09 +10:00
Damien Miller
394a60f259
- (djm) [configure.ac] double braces to appease autoconf
2014-08-22 18:06:20 +10:00
Damien Miller
4d69aeabd6
- (djm) [openbsd-compat/bsd-snprintf.c] Fix compilation failure (prototype/
...
definition mismatch) and warning for broken/missing snprintf case.
2014-08-22 17:48:27 +10:00
Damien Miller
0c11f1ac36
- (djm) [sshbuf-getput-crypto.c] Fix compilation when OpenSSL lacks ECC
2014-08-22 17:36:56 +10:00
Damien Miller
6d62784b89
- (djm) [configure.ac] include leading zero characters in OpenSSL version
...
number; fixes test for unsupported versions
2014-08-22 17:36:19 +10:00
Damien Miller
4f1ff1ed78
- (djm) [regress/unittests/test_helper/test_helper.c] Fix for systems that
...
don't set __progname. Diagnosed by Tom Christensen.
2014-08-21 15:54:50 +10:00
Damien Miller
005a64da0f
- (djm) [key.h] Fix ifdefs for no-ECC OpenSSL
2014-08-21 10:48:41 +10:00
Damien Miller
aa6598ebb3
- (djm) [Makefile.in] fix reference to libtest_helper.a in sshkey test too.
2014-08-21 10:47:54 +10:00
Damien Miller
54703e3cf6
- (djm) [contrib/cygwin/README] Correct build instructions; from Corinna
2014-08-20 11:10:51 +10:00
Damien Miller
f0935698f0
- (djm) [sshkey.h] Fix compilation when OpenSSL lacks ECC
2014-08-20 11:06:50 +10:00
Damien Miller
c5089ecaec
- (djm) [Makefile.in] refer to libtest_helper.a by explicit path rather than
...
-L/-l; fixes linking problems on some platforms
2014-08-20 11:06:20 +10:00
Damien Miller
2195847e50
- (djm) [configure.ac] Check OpenSSL version is supported at configure time;
...
suggested by Kevin Brott
2014-08-20 11:05:03 +10:00
Damien Miller
a75aca1bbc
- (djm) [INSTALL contrib/caldera/openssh.spec contrib/cygwin/README]
...
[contrib/redhat/openssh.spec contrib/suse/openssh.spec] Remove mentions
of TCP wrappers.
2014-08-19 11:36:07 +10:00
Damien Miller
3f022b5a94
- (djm) [ssh-dss.c] Include openssl/dsa.h for DSA_SIG
2014-08-19 11:32:34 +10:00
Damien Miller
8813790263
- (djm) [sshbuf.h] Fix compilation on systems without OPENSSL_HAS_ECC.
2014-08-19 11:28:11 +10:00
Damien Miller
2f3d1e7fb2
- (djm) [myproposal.h] Make curve25519 KEX dependent on
...
HAVE_EVP_SHA256 instead of OPENSSL_HAS_ECC.
2014-08-19 11:14:36 +10:00
Damien Miller
d4e7d59d01
- (djm) [serverloop.c] Fix syntax error on Cygwin; from Corinna Vinschen
2014-08-19 11:14:17 +10:00
Damien Miller
9eaeea2cf2
- (djm) [README contrib/caldera/openssh.spec]
...
[contrib/redhat/openssh.spec contrib/suse/openssh.spec] Update versions
2014-08-10 11:35:05 +10:00
Damien Miller
f8988fbef0
- (djm) [regress/multiplex.sh] Use -d (detach stdin) flag to disassociate
...
nc from stdin, it's more portable
2014-08-01 13:31:52 +10:00
Damien Miller
5b3879fd4b
- (djm) [regress/multiplex.sh] Instruct nc not to quit as soon as stdin
...
is closed; avoid regress failures when stdin is /dev/null
2014-08-01 12:28:31 +10:00
Damien Miller
a9c46746d2
- (djm) [regress/multiplex.sh] Skip test for non-OpenBSD netcat. We need
...
a better solution, but this will have to do for now.
2014-08-01 12:26:49 +10:00
Damien Miller
426117b2e9
- schwarze@cvs.openbsd.org 2014/07/28 15:40:08
...
[sftp-server.8 sshd_config.5]
some systems no longer need /dev/log;
issue noticed by jirib;
ok deraadt
2014-07-30 12:33:20 +10:00
Damien Miller
f497794b69
- dtucker@cvs.openbsd.org 2014/07/25 21:22:03
...
[ssh-agent.c]
Clear buffer used for handling messages. This prevents keys being
left in memory after they have been expired or deleted in some cases
(but note that ssh-agent is setgid so you would still need root to
access them). Pointed out by Kevin Burns, ok deraadt
2014-07-30 12:32:46 +10:00
Damien Miller
a8a0f65c57
- OpenBSD CVS Sync
...
- millert@cvs.openbsd.org 2014/07/24 22:57:10
[ssh.1]
Mention UNIX-domain socket forwarding too. OK jmc@ deraadt@
2014-07-30 12:32:28 +10:00
Damien Miller
56b840f2b8
- (djm) [regress/multiplex.sh] restore incorrectly deleted line;
...
pointed out by Christian Hesse
2014-07-25 08:11:30 +10:00
Darren Tucker
dd417b60d5
- dtucker@cvs.openbsd.org 2014/07/22 23:35:38
...
[regress/unittests/sshkey/testdata/*]
Regenerate test keys with certs signed with ed25519 instead of ecdsa.
These can be used in -portable on platforms that don't support ECDSA.
2014-07-23 10:41:21 +10:00
Darren Tucker
40e5021189
- dtucker@cvs.openbsd.org 2014/07/22 23:57:40
...
[regress/unittests/sshkey/mktestdata.sh]
Add $OpenBSD tag to make syncs easier
2014-07-23 10:35:45 +10:00
Darren Tucker
07e644251e
- dtucker@cvs.openbsd.org 2014/07/22 23:23:22
...
[regress/unittests/sshkey/mktestdata.sh]
Sign test certs with ed25519 instead of ecdsa so that they'll work in
-portable on platforms that don't have ECDSA in their OpenSSL. ok djm
2014-07-23 10:34:26 +10:00
Darren Tucker
cea099a7c4
- djm@cvs.openbsd.org 2014/07/22 01:32:12
...
[regress/multiplex.sh]
change the test for still-open Unix domain sockets to be robust against
nc implementations that produce error messages. from -portable
(Id sync only)
2014-07-23 10:04:02 +10:00
Darren Tucker
31eb78078d
- guenther@cvs.openbsd.org 2014/07/22 07:13:42
...
[umac.c]
Convert from <sys/endian.h> to the shiney new <endian.h>
ok dtucker@, who also confirmed that -portable handles this already
(ID sync only, includes.h pulls in endian.h if available.)
2014-07-23 09:43:42 +10:00
Darren Tucker
820763efef
- dtucker@cvs.openbsd.org 2014/07/22 01:18:50
...
[key.c]
Prevent spam from key_load_private_pem during hostbased auth. ok djm@
2014-07-23 09:40:46 +10:00
Darren Tucker
c4ee219a66
- (dtucker) [regress/unittests/sshkey/test_{file,fuzz,sshkey}.c] Wrap ecdsa-
...
specific tests inside OPENSSL_HAS_ECC.
2014-07-23 04:27:50 +10:00