RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2025-01-01 07:12:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
6,757 Commits 69 Branches 157 Tags 27 MiB
ada7e17ae5
Commit Graph

6256 Commits

Author SHA1 Message Date
Tim Rice
ada7e17ae5 - (tim) [regress/integrity.sh] keep old solaris awk from hanging. 2013-02-26 21:49:09 -08:00
Tim Rice
f9e2060ca9 - (tim) [regress/integrity.sh] shell portability fix. 2013-02-26 20:27:29 -08:00
Tim Rice
a514bc05b1 - (tim) [regress/forward-control.sh] use sh in case login shell is csh. 2013-02-26 19:35:26 -08:00
Damien Miller
c0cc7ce166 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 
[contrib/suse/openssh.spec] Crank version numbers
 2013-02-27 10:48:18 +11:00
Damien Miller
6c21bb8c4a - (djm) [regress/integrity.sh] Run sshd via $SUDO; fixes tinderbox breakage 
for UsePAM=yes configuration
 2013-02-26 19:41:30 +11:00
Damien Miller
1e657d592d - djm@cvs.openbsd.org 2013/02/20 08:27:50 
[integrity.sh]
     Add an option to modpipe that warns if the modification offset it not
     reached in it's stream and turn it on for t-integrity. This should catch
     cases where the session is not fuzzed for being too short (cf. my last
     "oops" commit)
 2013-02-26 18:58:06 +11:00
Darren Tucker
03978c61f3 - (dtucker) [configure.ac ssh-gss.h] bz#2073: additional #includes needed 
to use Solaris native GSS libs.  Patch from Pierre Ossman.
 2013-02-25 11:24:44 +11:00
Darren Tucker
a423fefb89 welcome to 2013 2013-02-25 10:32:27 +11:00
Damien Miller
b87f6b70f8 - (djm) [configure.ac includes.h loginrec.c mux.c sftp.c] Prefer 
bsd/libutil.h to libutil.h to avoid deprecation warnings on Ubuntu.
   ok tim
 2013-02-23 09:12:23 +11:00
Damien Miller
91f40d8592 - (djm) [configure.ac sandbox-seccomp-filter.c] Support for Linux 
seccomp-bpf sandbox on ARM. Patch from shawnlandden AT gmail.com;
       ok dtucker
 2013-02-22 11:37:00 +11:00
Darren Tucker
a2b5a4c746 - (dtucker) [configure.ac] bz#2073: look for Solaris' differently-named 
libgss too.  Patch from Pierre Ossman, ok djm.
 2013-02-22 10:43:15 +11:00
Darren Tucker
964de184a8 - (dtucker) [Makefile.in configure.ac] bz#2072: don't link krb5 libs to 
ssh(1) since they're not needed.  Patch from Pierre Ossman.
 2013-02-22 10:39:59 +11:00
Tim Rice
0ec7423692 - (tim) [regress/forward-control.sh] shell portability fix. 2013-02-20 21:37:55 -08:00
Damien Miller
5acc6be981 - djm@cvs.openbsd.org 2013/02/20 08:29:27 
[regress/modpipe.c]
     s/Id/OpenBSD/ in RCS tag
 2013-02-20 21:16:07 +11:00
Damien Miller
283e575a7d - djm@cvs.openbsd.org 2013/02/20 08:27:50 
[regress/integrity.sh regress/modpipe.c]
     Add an option to modpipe that warns if the modification offset it not
     reached in it's stream and turn it on for t-integrity. This should catch
     cases where the session is not fuzzed for being too short (cf. my last
     "oops" commit)
 2013-02-20 21:13:27 +11:00
Tim Rice
c31db8cd6e - (tim) [krl.c Makefile.in regress/Makefile regress/modpipe.c] remove unneeded 
err.h include from krl.c. Additional portability fixes for modpipe. OK djm
 2013-02-19 19:01:51 -08:00
Tim Rice
c08b3ef6f4 - (tim) [regress/cipher-speed.sh regress/try-ciphers.sh] shell portability fix. 2013-02-19 11:53:29 -08:00
Damien Miller
dae85cc3ad - (djm) [regress/integrity.sh] Skip SHA2-based MACs on configurations that 
lack support for SHA2.
 2013-02-19 14:27:44 +11:00
Damien Miller
b3764e1202 - djm@cvs.openbsd.org 2013/02/19 02:14:09 
[integrity.sh]
     oops, forgot to increase the output of the ssh command to ensure that
     we actually reach $offset
 2013-02-19 13:15:01 +11:00
Damien Miller
0dc3bc908e - djm@cvs.openbsd.org 2013/02/18 22:26:47 
[integrity.sh]
     crank the offset yet again; it was still fuzzing KEX one of Darren's
     portable test hosts at 2800
 2013-02-19 09:28:32 +11:00
Damien Miller
33d52566bc - djm@cvs.openbsd.org 2013/02/17 23:16:55 
[integrity.sh]
     make the ssh command generates some output to ensure that there are at
     least offset+tries bytes in the stream.
 2013-02-18 10:18:05 +11:00
Damien Miller
5d7b9565bc - djm@cvs.openbsd.org 2013/02/16 06:08:45 
[integrity.sh]
     make sure the fuzz offset is actually past the end of KEX for all KEX
     types. diffie-hellman-group-exchange-sha256 requires an offset around
     2700. Noticed via test failures in portable OpenSSH on platforms that
     lack ECC and this the more byte-frugal ECDH KEX algorithms.
 2013-02-16 17:32:31 +11:00
Darren Tucker
2991d288db - (dtucker) [openbsd-compat/bsd-misc.c] Handle the case where setpgrp() takes 
an argument.  Pointed out by djm.
 2013-02-15 14:55:38 +11:00
Darren Tucker
f32db83f41 - (dtucker) [openbsd-compat/openbsd-compat.h] Add prototype for strtoul, 
group strto* function prototypes together.
 2013-02-15 12:20:41 +11:00
Damien Miller
5ceddc31cd - dtucker@cvs.openbsd.org 2013/02/15 00:21:01 
[sshconnect2.c]
     Warn more loudly if an IdentityFile provided by the user cannot be read.
     bz #1981, ok djm@
 2013-02-15 12:18:32 +11:00
Darren Tucker
8e6fb780e5 - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoull.c 
openbsd-compat/openbsd-compat.h] Add strtoull to compat library for
   platforms that don't have it.
 2013-02-15 12:13:01 +11:00
Darren Tucker
3c4a24c3e3 - (dtucker) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] 
Use getpgrp() if we don't have getpgid() (old BSDs, maybe others).
 2013-02-15 11:41:35 +11:00
Damien Miller
4018dc04da - djm@cvs.openbsd.org 2013/02/14 21:35:59 
[auth2-pubkey.c]
     Correct error message that had a typo and was logging the wrong thing;
     patch from Petr Lautrbach
 2013-02-15 10:28:55 +11:00
Damien Miller
91edc1ce2b - (djm) [contrib/suse/rc.sshd] Use SSHD_BIN consistently; bz#2056 from 
Iain Morgan
 2013-02-15 10:23:44 +11:00
Damien Miller
57f9218528 - (djm) [regress/integrity.sh] Start fuzzing from offset 2500 (instead 
of 2300) to avoid clobbering the end of (non-MAC'd) KEX. Verified by
  Iain Morgan
 2013-02-14 10:32:33 +11:00
Damien Miller
6d77d6ea2b - (djm) [regress/krl.sh] typo; found by Iain Morgan 2013-02-14 10:31:03 +11:00
Damien Miller
2653f5c0a6 - (djm) [regress/krl.sh] Don't use ecdsa keys in environment that lack ECC. 2013-02-14 10:14:51 +11:00
Damien Miller
2f20de5e3f - (djm) [regress/try-ciphers.sh] clean up CVS merge botch 2013-02-12 11:31:38 +11:00
Damien Miller
58e2c5b394 - djm@cvs.openbsd.org 2013/02/11 23:58:51 
[try-ciphers.sh]
     remove acss here too
 2013-02-12 11:16:57 +11:00
Damien Miller
22e8a1e169 - dtucker@cvs.openbsd.org 2013/02/11 21:21:58 
[sshd.c]
     Add openssl version to debug output similar to the client.  ok markus@
 2013-02-12 11:04:48 +11:00
Damien Miller
894926ebd8 - djm@cvs.openbsd.org 2013/02/10 23:35:24 
[packet.c]
     record "Received disconnect" messages at ERROR rather than INFO priority,
     since they are abnormal and result in a non-zero ssh exit status; patch
     from Iain Morgan in bz#2057; ok dtucker@
 2013-02-12 11:03:58 +11:00
Damien Miller
78d22713c7 - djm@cvs.openbsd.org 2013/02/10 23:32:10 
[ssh-keygen.c]
     append to moduli file when screening candidates rather than overwriting.
     allows resumption of interrupted screen; patch from Christophe Garault
     in bz#1957; ok dtucker@
 2013-02-12 11:03:36 +11:00
Damien Miller
fd05154dc4 - markus@cvs.openbsd.org 2013/02/10 21:19:34 
[version.h]
     openssh 6.2
 2013-02-12 11:03:10 +11:00
Damien Miller
d6d9fa0281 - djm@cvs.openbsd.org 2013/02/08 00:41:12 
[sftp.c]
     fix NULL deref when built without libedit and control characters
     entered as command; debugging and patch from Iain Morgan an
     Loganaden Velvindron in bz#1956
 2013-02-12 11:02:46 +11:00
Damien Miller
18de9133c2 - dtucker@cvs.openbsd.org 2013/02/06 00:22:21 
[auth.c]
     Fix comment, from jfree.e1 at gmail
 2013-02-12 11:02:27 +11:00
Damien Miller
1f583df8c3 - dtucker@cvs.openbsd.org 2013/02/06 00:20:42 
[servconf.c sshd_config sshd_config.5]
     Change default of MaxStartups to 10:30:100 to start doing random early
     drop at 10 connections up to 100 connections.  This will make it harder
     to DoS as CPUs have come a long way since the original value was set
     back in 2000.  Prompted by nion at debian org, ok markus@
 2013-02-12 11:02:08 +11:00
Damien Miller
0cd2f8e5f8 - djm@cvs.openbsd.org 2013/01/27 10:06:12 
[krl.c]
     actually use the xrealloc() return value; spotted by xi.wang AT gmail.com
 2013-02-12 11:01:39 +11:00
Damien Miller
f0a8ded824 - djm@cvs.openbsd.org 2013/01/26 06:11:05 
[Makefile.in acss.c acss.h cipher-acss.c cipher.c]
     [openbsd-compat/openssl-compat.h]
     remove ACSS, now that it is gone from libcrypto too
 2013-02-12 11:00:34 +11:00
Damien Miller
60565bcb5c - djm@cvs.openbsd.org 2013/01/25 10:22:19 
[krl.c]
     redo last commit without the vi-vomit that snuck in:
     skip serial lookup when cert's serial number is zero
     (now with 100% better comment)
 2013-02-12 10:56:42 +11:00
Damien Miller
377d9a44f9 - krw@cvs.openbsd.org 2013/01/25 05:00:27 
[krl.c]
     Revert last. Breaks due to likely typo. Let djm@ fix later.
     ok djm@ via dlg@
 2013-02-12 10:55:16 +11:00
Damien Miller
6045f5d574 - djm@cvs.openbsd.org 2013/01/24 22:08:56 
[krl.c]
     skip serial lookup when cert's serial number is zero
 2013-02-12 10:54:54 +11:00
Damien Miller
ea078462ea - (djm) OpenBSD CVS Sync 
- djm@cvs.openbsd.org 2013/01/24 21:45:37
     [krl.c]
     fix handling of (unused) KRL signatures; skip string in correct buffer
 2013-02-12 10:54:37 +11:00
Damien Miller
b6f73b3af6 - (djm) [configure.ac openbsd-compat/openssl-compat.h] Repair build on old 
libcrypto that lacks EVP_CIPHER_CTX_ctrl
 2013-02-11 10:39:12 +11:00
Darren Tucker
951b53b1be - (dtucker) [configure.ac openbsd-compat/sys-tree.h] Test if compiler allows 
__attribute__ on return values and work around if necessary.  ok djm@
 2013-02-08 11:50:09 +11:00
Damien Miller
e7f50e1c18 - (djm) [contrib/redhat/sshd.init] treat RETVAL as an integer; 
patch from Iain Morgan in bz#2059
 2013-02-08 10:49:37 +11:00