Tim Rice
c5c346b101
- (tim) [regress/cert-hostkey.sh] Add missing TEST_SSH_ECC guard around some
...
ecdsa bits.
2011-01-13 22:36:14 -08:00
Tim Rice
02d99da976
- (tim) [regress/cert-hostkey.sh] Typo. Missing $ on variable name.
2011-01-13 22:20:27 -08:00
Damien Miller
e9b40487fa
- (djm) [Makefile.in] Use shell test to disable ecdsa key generating in
...
host-key-force target rather than a substitution that is replaced with a
comment so that the Makefile.in is still a syntactically valid Makefile
(useful to run the distprep target)
2011-01-14 14:47:37 +11:00
Damien Miller
42747df8b7
- djm@cvs.openbsd.org 2011/01/13 21:55:25
...
[PROTOCOL.mux]
correct protocol names and add a couple of missing protocol number
defines; patch from bert.wesarg AT googlemail.com
2011-01-14 12:01:50 +11:00
Damien Miller
445c9a507d
- djm@cvs.openbsd.org 2011/01/13 21:54:53
...
[mux.c]
correct error messages; patch from bert.wesarg AT googlemail.com
2011-01-14 12:01:29 +11:00
Damien Miller
5278806e39
- (djm) [regress/kextype.sh] Testing diffie-hellman-group-exchange-sha256
...
should not depend on ECC support
2011-01-13 22:05:14 +11:00
Damien Miller
9b16086e74
- (djm) [myproposal.h] Fix reversed OPENSSL_VERSION_NUMBER test and bad
...
#define that was causing diffie-hellman-group-exchange-sha256 to be
incorrectly disabled
2011-01-13 22:00:20 +11:00
Damien Miller
cbaf8e6ec1
- (djm) [regress/Makefile] add a few more generated files to the clean
...
target
2011-01-13 21:08:27 +11:00
Damien Miller
ff22df538e
- (djm) [entropy.c] cast OPENSSL_VERSION_NUMBER to u_long to avoid
...
gcc warning on platforms where it defaults to int
2011-01-13 21:05:27 +11:00
Tim Rice
9b87a5ce3c
- (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating
...
ecdsa keys. ok djm.
2011-01-12 22:35:43 -08:00
Tim Rice
cce927c25f
- (tim) [Makefile.in] test the ECC bits if we have the capability. ok djm
2011-01-12 19:06:31 -08:00
Damien Miller
1708cb7d0d
- (djm) [misc.c] include time.h for nanosleep() prototype
2011-01-13 12:21:34 +11:00
Damien Miller
134d02a494
- (djm) [configure.ac] Fix broken test for gcc >= 4.4 with per-compiler
...
flag tests that don't depend on gcc version at all; suggested by and
ok dtucker@
2011-01-12 16:00:37 +11:00
Damien Miller
945aa0c744
- (djm) [configure.ac] Turn on -Wno-unused-result for gcc >= 4.4 to avoid
...
silly warnings on write() calls we don't care succeed or not.
2011-01-12 13:34:02 +11:00
Damien Miller
4927aaf446
- djm@cvs.openbsd.org 2011/01/12 01:53:14
...
avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS
and sanity check arguments (these will be unnecessary when we switch
struct glob members from being type into to size_t in the future);
"looks ok" tedu@ feedback guenther@
2011-01-12 13:32:03 +11:00
Damien Miller
b66e917831
- nicm@cvs.openbsd.org 2010/10/08 21:48:42
...
[openbsd-compat/glob.c]
Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit
from ARG_MAX to 64K.
Fixes glob-using programs (notably ftp) able to be triggered to hit
resource limits.
Idea from a similar NetBSD change, original problem reported by jasper@.
ok millert tedu jasper
2011-01-12 13:30:18 +11:00
Damien Miller
821de0ad2e
- djm@cvs.openbsd.org 2011/01/11 06:13:10
...
[clientloop.c ssh-keygen.c sshd.c]
some unsigned long long casts that make things a bit easier for
portable without resorting to dropping PRIu64 formats everywhere
2011-01-11 17:20:29 +11:00
Damien Miller
a256c8d680
- djm@cvs.openbsd.org 2011/01/11 06:06:09
...
[sshlogin.c]
fd leak on error paths; from zinovik@
NB. Id sync only; we use loginrec.c that was also audited and fixed
recently
2011-01-11 17:20:05 +11:00
Damien Miller
b73b6fd916
- djm@cvs.openbsd.org 2011/01/08 10:51:51
...
[clientloop.c]
use host and not options.hostname, as the latter may have unescaped
substitution characters
2011-01-11 17:18:56 +11:00
Damien Miller
81ad4b1fc0
- (djm) [platform.c] Some missing includes that show up under -Werror
2011-01-11 17:02:23 +11:00
Tim Rice
076a3b9ced
- (tim) [regress/host-expand.sh] Fix for building outside of read only
...
source tree.
2011-01-10 12:56:26 -08:00
Damien Miller
e63b7f2821
- (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted by
...
openssh AT roumenpetrov.info
2011-01-09 09:19:50 +11:00
Damien Miller
996384d500
- (djm) [regress/keytype.sh] s/echo -n/echon/ to repair failing regress
...
test on OSX and others. Reported by imorgan AT nas.nasa.gov
2011-01-08 21:58:20 +11:00
Damien Miller
ed3a8eb65f
- djm@cvs.openbsd.org 2011/01/06 23:01:35
...
[sshconnect.c]
reset SIGCHLD handler to SIG_DFL when execuring LocalCommand;
ok markus@
2011-01-07 10:02:52 +11:00
Damien Miller
7d06b00032
- djm@cvs.openbsd.org 2011/01/06 22:46:21
...
[regress/Makefile regress/host-expand.sh]
regress test for LocalCommand %n expansion from bert.wesarg AT
googlemail.com; ok markus@
2011-01-07 09:54:20 +11:00
Damien Miller
64abf31425
- djm@cvs.openbsd.org 2011/01/06 22:23:02
...
[clientloop.c]
when exiting due to ServerAliveTimeout, mention the hostname that caused
it (useful with backgrounded controlmaster)
2011-01-07 09:51:52 +11:00
Damien Miller
83f8a4014d
- djm@cvs.openbsd.org 2011/01/06 22:23:53
...
[ssh.c]
unbreak %n expansion in LocalCommand; patch from bert.wesarg AT
googlemail.com; ok markus@
2011-01-07 09:51:17 +11:00
Damien Miller
322125b960
- (djm) [regress/cert-hostkey.sh regress/cert-userkey.sh] fix shell test
...
for no-ECC case. Patch from cristian.ionescu-idbohrn AT axis.com
2011-01-07 09:50:08 +11:00
Damien Miller
8ad960b4ba
- otto@cvs.openbsd.org 2011/01/04 20:44:13
...
[ssh-keyscan.c]
handle ecdsa-sha2 with various key lengths; hint and ok djm@
2011-01-06 22:44:44 +11:00
Damien Miller
de53fd04b1
- djm@cvs.openbsd.org 2010/12/24 21:41:48
...
[auth-options.c]
don't send the actual forced command in a debug message; ok markus deraadt
2011-01-06 22:44:18 +11:00
Damien Miller
106079c06d
- djm@cvs.openbsd.org 2010/12/15 00:49:27
...
[readpass.c]
fix ControlMaster=ask regression
reset SIGCHLD handler before fork (and restore it after) so we don't miss
the the askpass child's exit status. Correct test for exit status/signal to
account for waitpid() failure; with claudio@ ok claudio@ markus@
2011-01-06 22:43:44 +11:00
Damien Miller
05c8997b33
- markus@cvs.openbsd.org 2010/12/14 11:59:06
...
[sshconnect.c]
don't mention key type in key-changed-warning, since we also print
this warning if a new key type appears. ok djm@
2011-01-06 22:42:04 +11:00
Damien Miller
907998df72
- jmc@cvs.openbsd.org 2010/12/09 14:13:33
...
[scp.1 scp.c]
scp.1: grammer fix
scp.c: add -3 to usage()
2011-01-06 22:41:21 +11:00
Damien Miller
f12114366b
- markus@cvs.openbsd.org 2010/12/08 22:46:03
...
[scp.1 scp.c]
add a new -3 option to scp: Copies between two remote hosts are
transferred through the local host. Without this option the data
is copied directly between the two remote hosts. ok djm@ (bugzilla #1837 )
2011-01-06 22:40:30 +11:00
Damien Miller
30a69e7bba
- (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage
...
formatter if it is present, followed by nroff and groff respectively.
Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports
in favour of mandoc). feedback and ok tim
2011-01-04 08:16:27 +11:00
Damien Miller
d197fd64a1
- (djm) [Makefile.in] revert local hack I didn't intend to commit
2011-01-03 14:48:14 +11:00
Damien Miller
41bccf75af
- (djm) [configure.ac] Check whether libdes is needed when building
...
with Heimdal krb5 support. On OpenBSD this library no longer exists,
so linking it unconditionally causes a build failure; ok dtucker
2011-01-02 21:53:07 +11:00
Damien Miller
4a06f9271f
- (djm) [loginrec.c] Fix some fd leaks on error paths. ok dtucker
2011-01-02 21:43:59 +11:00
Damien Miller
928362dc03
- djm@cvs.openbsd.org 2010/12/08 04:02:47
...
[ssh_config.5 sshd_config.5]
explain that IPQoS arguments are separated by whitespace; iirc requested
by jmc@ a while back
2010-12-26 14:26:45 +11:00
Darren Tucker
bf5fec1bc6
Id sync
2010-12-05 10:34:08 +11:00
Darren Tucker
4288c53d04
- djm@cvs.openbsd.org 2010/12/04 00:21:19
...
[regress/sftp-cmds.sh]
adjust for hard-link support
2010-12-05 09:45:50 +11:00
Darren Tucker
7e1a5a4e1b
- (dtucker) [regress/Makefile] Id sync.
2010-12-05 09:29:31 +11:00
Darren Tucker
094f1e9934
- djm@cvs.openbsd.org 2010/12/04 13:31:37
...
[hostfile.c]
fix fd leak; spotted and ok dtucker
2010-12-05 09:03:31 +11:00
Darren Tucker
af1f909254
- djm@cvs.openbsd.org 2010/12/04 00:18:01
...
[sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c]
add a protocol extension to support a hard link operation. It is
available through the "ln" command in the client. The old "ln"
behaviour of creating a symlink is available using its "-s" option
or through the preexisting "symlink" command; based on a patch from
miklos AT szeredi.hu in bz#1555; ok markus@
2010-12-05 09:02:47 +11:00
Darren Tucker
adab6f1299
- djm@cvs.openbsd.org 2010/12/03 23:55:27
...
[auth-rsa.c]
move check for revoked keys to run earlier (in auth_rsa_key_allowed)
bz#1829; patch from ldv AT altlinux.org; ok markus@
2010-12-05 09:01:47 +11:00
Darren Tucker
7336b904ff
- (dtucker) OpenBSD CVS Sync
...
- djm@cvs.openbsd.org 2010/12/03 23:49:26
[schnorr.c]
check that g^x^q === 1 mod p; recommended by JPAKE author Feng Hao
(this code is still disabled, but apprently people are treating it as
a reference implementation)
2010-12-05 09:00:30 +11:00
Darren Tucker
37bb7568ab
- (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from
...
debugging. Spotted by djm.
2010-12-05 08:46:05 +11:00
Darren Tucker
ebdef76b5d
- (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add
...
shims for the new, non-deprecated OpenSSL key generation functions for
platforms that don't have the new interfaces.
2010-12-04 23:20:50 +11:00
Damien Miller
d89745b9e7
- (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range)
...
instead of (arc4random() % range)
2010-12-03 10:50:26 +11:00
Damien Miller
d925dcd8a5
- djm@cvs.openbsd.org 2010/11/29 23:45:51
...
[auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c]
[sshconnect.h sshconnect2.c]
automatically order the hostkeys requested by the client based on
which hostkeys are already recorded in known_hosts. This avoids
hostkey warnings when connecting to servers with new ECDSA keys
that are preferred by default; with markus@
2010-12-01 12:21:51 +11:00