Damien Miller
d197fd64a1
- (djm) [Makefile.in] revert local hack I didn't intend to commit
2011-01-03 14:48:14 +11:00
Damien Miller
41bccf75af
- (djm) [configure.ac] Check whether libdes is needed when building
...
with Heimdal krb5 support. On OpenBSD this library no longer exists,
so linking it unconditionally causes a build failure; ok dtucker
2011-01-02 21:53:07 +11:00
Damien Miller
4a06f9271f
- (djm) [loginrec.c] Fix some fd leaks on error paths. ok dtucker
2011-01-02 21:43:59 +11:00
Damien Miller
928362dc03
- djm@cvs.openbsd.org 2010/12/08 04:02:47
...
[ssh_config.5 sshd_config.5]
explain that IPQoS arguments are separated by whitespace; iirc requested
by jmc@ a while back
2010-12-26 14:26:45 +11:00
Darren Tucker
bf5fec1bc6
Id sync
2010-12-05 10:34:08 +11:00
Darren Tucker
4288c53d04
- djm@cvs.openbsd.org 2010/12/04 00:21:19
...
[regress/sftp-cmds.sh]
adjust for hard-link support
2010-12-05 09:45:50 +11:00
Darren Tucker
7e1a5a4e1b
- (dtucker) [regress/Makefile] Id sync.
2010-12-05 09:29:31 +11:00
Darren Tucker
094f1e9934
- djm@cvs.openbsd.org 2010/12/04 13:31:37
...
[hostfile.c]
fix fd leak; spotted and ok dtucker
2010-12-05 09:03:31 +11:00
Darren Tucker
af1f909254
- djm@cvs.openbsd.org 2010/12/04 00:18:01
...
[sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c]
add a protocol extension to support a hard link operation. It is
available through the "ln" command in the client. The old "ln"
behaviour of creating a symlink is available using its "-s" option
or through the preexisting "symlink" command; based on a patch from
miklos AT szeredi.hu in bz#1555; ok markus@
2010-12-05 09:02:47 +11:00
Darren Tucker
adab6f1299
- djm@cvs.openbsd.org 2010/12/03 23:55:27
...
[auth-rsa.c]
move check for revoked keys to run earlier (in auth_rsa_key_allowed)
bz#1829; patch from ldv AT altlinux.org; ok markus@
2010-12-05 09:01:47 +11:00
Darren Tucker
7336b904ff
- (dtucker) OpenBSD CVS Sync
...
- djm@cvs.openbsd.org 2010/12/03 23:49:26
[schnorr.c]
check that g^x^q === 1 mod p; recommended by JPAKE author Feng Hao
(this code is still disabled, but apprently people are treating it as
a reference implementation)
2010-12-05 09:00:30 +11:00
Darren Tucker
37bb7568ab
- (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from
...
debugging. Spotted by djm.
2010-12-05 08:46:05 +11:00
Darren Tucker
ebdef76b5d
- (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add
...
shims for the new, non-deprecated OpenSSL key generation functions for
platforms that don't have the new interfaces.
2010-12-04 23:20:50 +11:00
Damien Miller
d89745b9e7
- (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range)
...
instead of (arc4random() % range)
2010-12-03 10:50:26 +11:00
Damien Miller
d925dcd8a5
- djm@cvs.openbsd.org 2010/11/29 23:45:51
...
[auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c]
[sshconnect.h sshconnect2.c]
automatically order the hostkeys requested by the client based on
which hostkeys are already recorded in known_hosts. This avoids
hostkey warnings when connecting to servers with new ECDSA keys
that are preferred by default; with markus@
2010-12-01 12:21:51 +11:00
Damien Miller
03c0e533de
- markus@cvs.openbsd.org 2010/11/29 18:57:04
...
[authfile.c]
correctly load comment for encrypted rsa1 keys;
report/fix Joachim Schipper; ok djm@
2010-12-01 12:03:39 +11:00
Damien Miller
87dc0a4188
- djm@cvs.openbsd.org 2010/11/26 05:52:49
...
[scp.c]
Pass through ssh command-line flags and options when doing remote-remote
transfers, e.g. to enable agent forwarding which is particularly useful
in this case; bz#1837 ok dtucker@
2010-12-01 12:03:19 +11:00
Damien Miller
f80c3deaaf
- djm@cvs.openbsd.org 2010/11/25 04:10:09
...
[session.c]
replace close() loop for fds 3->64 with closefrom();
ok markus deraadt dtucker
2010-12-01 12:02:59 +11:00
Damien Miller
b7f827ae45
- djm@cvs.openbsd.org 2010/11/24 01:24:14
...
[channels.c]
remove a debug() that pollutes stderr on client connecting to a server
in debug mode (channel_close_fds is called transitively from the session
code post-fork); bz#1719, ok dtucker
2010-12-01 12:02:35 +11:00
Damien Miller
d0fdd6818c
- djm@cvs.openbsd.org 2010/11/23 23:57:24
...
[clientloop.c]
avoid NULL deref on receiving a channel request on an unknown or invalid
channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@
2010-12-01 12:02:14 +11:00
Damien Miller
6a740e7b92
- djm@cvs.openbsd.org 2010/11/23 02:35:50
...
[auth.c]
use strict_modes already passed as function argument over referencing
global options.strict_modes
2010-12-01 12:01:51 +11:00
Damien Miller
a232792783
- djm@cvs.openbsd.org 2010/11/21 10:57:07
...
[authfile.c]
Refactor internals of private key loading and saving to work on memory
buffers rather than directly on files. This will make a few things
easier to do in the future; ok markus@
2010-12-01 12:01:21 +11:00
Damien Miller
2cd629349d
- djm@cvs.openbsd.org 2010/11/21 01:01:13
...
[clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c]
honour $TMPDIR for client xauth and ssh-agent temporary directories;
feedback and ok markus@
2010-12-01 11:50:35 +11:00
Damien Miller
188ea814b1
- OpenBSD CVS Sync
...
- deraadt@cvs.openbsd.org 2010/11/20 05:12:38
[auth2-pubkey.c]
clean up cases of ;;
2010-12-01 11:50:14 +11:00
Damien Miller
73de86ac5a
- (djm) [defines.h] Add IP DSCP defines
2010-11-24 10:50:04 +11:00
Darren Tucker
4b6cbf7aab
- (dtucker) [packet.c] Remove redundant local declaration of "int tos".
2010-11-24 10:46:37 +11:00
Damien Miller
88e341e1ca
- (djm) [loginrec.c] Relax permission requirement on btmp logs to allow
...
group read/write. ok dtucker@
2010-11-24 10:36:15 +11:00
Darren Tucker
d995712383
- (dtucker) [platform.c session.c] Move the getluid call out of session.c and
...
into the platform-specific code Only affects SCO, tested by and ok tim@.
2010-11-24 10:09:13 +11:00
Darren Tucker
9e0ff7afc8
- (dtucker) Bug #1840 : fix warning when configuring --with-ssl-engine, patch
...
from vapier at gentoo org.
2010-11-22 17:59:00 +11:00
Damien Miller
0a1847347d
- jmc@cvs.openbsd.org 2010/11/18 15:01:00
...
[scp.1 sftp.1 ssh.1 sshd_config.5]
add IPQoS to the various -o lists, and zap some trailing whitespace;
2010-11-20 15:21:03 +11:00
Damien Miller
8e1ea4e5a3
- jmc@cvs.openbsd.org 2010/11/15 07:40:14
...
[ssh_config.5]
libary -> library;
2010-11-20 15:20:10 +11:00
Damien Miller
0dac6fb6b2
- djm@cvs.openbsd.org 2010/11/13 23:27:51
...
[clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h]
[servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5]
allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of
hardcoding lowdelay/throughput.
bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
2010-11-20 15:19:38 +11:00
Damien Miller
4499f4cc20
- djm@cvs.openbsd.org 2010/11/10 01:33:07
...
[kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c]
use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED.
these have been around for years by this time. ok markus
2010-11-20 15:15:49 +11:00
Damien Miller
7a221a1591
- djm@cvs.openbsd.org 2010/11/05 02:46:47
...
[packet.c]
whitespace KNF
2010-11-20 15:14:29 +11:00
Damien Miller
dd190ddfd7
- (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on
...
platforms that don't support ECC. Fixes some spurious warnings reported
by tim@
2010-11-11 14:17:02 +11:00
Tim Rice
c7a8af03a0
- (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] Add
...
support for platforms missing isblank(). ok djm@
2010-11-08 14:26:23 -08:00
Tim Rice
e426f5e932
- (tim) [regress/kextype.sh] Not all platforms have time in /usr/bin.
...
Feedback from dtucker@
2010-11-08 09:15:14 -08:00
Tim Rice
c10aeaa8f2
- (tim) [regress/kextype.sh] Shell portability fix.
2010-11-07 13:03:11 -08:00
Tim Rice
522262f8b3
- (tim) [regress/Makefile] Fixes to allow building/testing outside source
...
tree.
2010-11-07 13:00:27 -08:00
Darren Tucker
d1ece6e4a2
- (dtucker) [platform.c] includes.h instead of defines.h so that we get
...
the correct typedefs.
2010-11-07 18:05:54 +11:00
Darren Tucker
9283d8cbc5
- (dtucker) [platform.c] Need servconf.h and extern options.
2010-11-05 18:56:08 +11:00
Darren Tucker
f619d1cad9
- (dtucker) [regress/kextype.sh] Make sha256 test depend on ECC. This is not
...
strictly correct since while ECC requires sha256 the reverse is not true
however it does prevent spurious test failures.
2010-11-05 18:41:50 +11:00
Darren Tucker
345178d951
- (dtucker) [regress/kextype.sh] Add missing "test".
2010-11-05 18:35:52 +11:00
Darren Tucker
eab5f0df90
- (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh]
...
Import recent changes to regress/Makefile, pass a flag to enable ECC tests
from configure through to regress/Makefile and use it in the tests.
2010-11-05 18:23:38 +11:00
Darren Tucker
b69e033e67
- (dtucker) [regress/keytype.sh] Import new test.
2010-11-05 18:19:15 +11:00
Darren Tucker
b12fe272a0
- (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case
...
check into platform.c
2010-11-05 14:47:01 +11:00
Darren Tucker
cc12418e18
- (dtucker) [platform.c session.c] Move PAM credential establishment for the
...
non-LOGIN_CAP case into platform.c.
2010-11-05 13:32:52 +11:00
Darren Tucker
0b2ee6452c
- (dtucker) [platform.c session.c] Move irix setusercontext fragment into
...
platform.c.
2010-11-05 13:29:25 +11:00
Darren Tucker
676b912e78
- (dtucker) platform.c session.c] Move aix_usrinfo frament into platform.c.
2010-11-05 13:11:04 +11:00
Darren Tucker
7a8afe3186
- (dtucker) platform.c session.c] Move the USE_LIBIAF fragment into
...
platform.c
2010-11-05 13:07:24 +11:00