Commit Graph

6464 Commits

Author SHA1 Message Date
Darren Tucker
b8ae92d08b - (dtucker) [myproposal.h] Make the conditional algorithm support consistent
and add some comments so it's clear what goes where.
2013-06-11 12:10:02 +10:00
Darren Tucker
97b62f41ad - (dtucker) [myproposal.h] Do not advertise AES GSM ciphers if we don't have
the required OpenSSL support.  Patch from naddy at freebsd.
2013-06-11 11:47:24 +10:00
Darren Tucker
6d8bd57448 - (dtucker) [Makefile.in configure.ac fixalgorithms] Remove unsupported
algorithms (Ciphers, MACs and HostKeyAlgorithms) from man pages.
2013-06-11 11:26:10 +10:00
Damien Miller
36187093ea - dtucker@cvs.openbsd.org 2013/06/07 15:37:52
[channels.c channels.h clientloop.c]
     Add an "ABANDONED" channel state and use for mux sessions that are
     disconnected via the ~. escape sequence.  Channels in this state will
     be able to close if the server responds, but do not count as active channels.
     This means that if you ~. all of the mux clients when using ControlPersist
     on a broken network, the backgrounded mux master will exit when the
     Control Persist time expires rather than hanging around indefinitely.
     bz#1917, also reported and tested by tedu@.  ok djm@ markus@.
2013-06-10 13:07:11 +10:00
Darren Tucker
ae133d4b31 - (dtucker) [configure.ac sftp.c openbsd-compat/openbsd-compat.h] Cater for
platforms that don't have multibyte character support (specifically,
    mblen).
2013-06-06 08:30:20 +10:00
Darren Tucker
408eaf3ab7 - dtucker@cvs.openbsd.org 2013/06/05 22:00:28
[readconf.c]
     plug another memleak.  bz#1967, from Zhenbo Xu, detected by Melton, ok djm
2013-06-06 08:22:46 +10:00
Darren Tucker
e52a260f16 - dtucker@cvs.openbsd.org 2013/06/05 12:52:38
[sshconnect2.c]
     Fix memory leaks found by Zhenbo Xu and the Melton tool.  bz#1967, ok djm
2013-06-06 08:22:05 +10:00
Darren Tucker
0cca17fa18 - dtucker@cvs.openbsd.org 2013/06/05 02:27:50
[sshd.c]
     When running sshd -D, close stderr unless we have explicitly requesting
     logging to stderr. From james.hunt at ubuntu.com via bz#1976, djm's patch
     so, err, ok dtucker.
2013-06-06 08:21:14 +10:00
Darren Tucker
746e9067bd - dtucker@cvs.openbsd.org 2013/06/05 02:07:29
[mux.c]
     fix leaks in mux error paths, from Zhenbo Xu, found by Melton. bz#1967,
     ok djm
2013-06-06 08:20:13 +10:00
Darren Tucker
ea64721275 - dtucker@cvs.openbsd.org 2013/06/04 20:42:36
[sftp.c]
     Make sftp's libedit interface marginally multibyte aware by building up
     the quoted string by character instead of by byte.  Prevents failures
     when linked against a libedit built with wide character support (bz#1990).
     "looks ok" djm
2013-06-06 08:19:09 +10:00
Darren Tucker
194454d7a8 - dtucker@cvs.openbsd.org 2013/06/04 19:12:23
[scp.c]
     use MAXPATHLEN for buffer size instead of fixed value.  ok markus
2013-06-06 08:16:04 +10:00
Darren Tucker
4ac66af091 - dtucker@cvs.openbsd.org 2013/06/03 00:03:18
[mac.c]
     force the MAC output to be 64-bit aligned so umac won't see unaligned
     accesses on strict-alignment architectures.  bz#2101, patch from
     tomas.kuthan at oracle.com, ok djm@
2013-06-06 08:12:37 +10:00
Darren Tucker
ea8342c248 - dtucker@cvs.openbsd.org 2013/06/02 23:36:29
[clientloop.h clientloop.c mux.c]
     No need for the mux cleanup callback to be visible so restore it to static
     and call it through the detach_user function pointer.  ok djm@
2013-06-06 08:11:40 +10:00
Darren Tucker
5d12b8f05d - dtucker@cvs.openbsd.org 2013/06/02 21:01:51
[channels.h]
     typo in comment
2013-06-06 08:09:10 +10:00
Darren Tucker
dc62edbf12 - (dtucker) [Makefile.in] append $CFLAGS to compiler options when building
modpipe in case there's anything in there we need.
2013-06-06 05:12:35 +10:00
Darren Tucker
2a22873cd8 - (dtucker) [regress/forwarding.sh] For (as yet unknown) reason, the
forwarding test is extremely slow copying data on some machines so switch
   back to copying the much smaller ls binary until we can figure out why
   this is.
2013-06-06 01:59:13 +10:00
Darren Tucker
b4e00949f0 - (dtucker) [contrib/ssh-copy-id] bz#2117: Use portable operator in test.
Patch from cjwatson at debian.
2013-06-05 22:48:44 +10:00
Darren Tucker
2ea9eb77a7 - (dtucker) Enable sha256 kex methods based on the presence of the necessary
functions, not from the openssl version.
2013-06-05 15:04:00 +10:00
Darren Tucker
16cac190eb - (dtucker) [configure.ac] Some other platforms need sys/types.h before
sys/socket.h.
2013-06-04 12:55:24 +10:00
Darren Tucker
0b43ffe143 - (dtucker) [configure.ac] Some platforms need sys/types.h before sys/un.h. 2013-06-03 09:30:44 +10:00
Tim Rice
3f3064c822 - (tim) [regress/sftp-chroot.sh] skip if no sudo. ok dtucker 2013-06-02 15:13:09 -07:00
Tim Rice
01ec0af301 - (tim) [aclocal.m4] Enhance OSSH_CHECK_CFLAG_COMPILE to check stderr.
feedback and ok dtucker
2013-06-02 14:31:27 -07:00
Tim Rice
5ab9b63468 - (tim) [configure.ac regress/Makefile] With rev 1.47 of test-exec.sh we
need a shell that can handle "[ file1 -nt file2 ]". Rather than keep
   dealing with shell portability issues in regression tests, we let
   configure find us a capable shell on those platforms with an old /bin/sh.
2013-06-02 14:05:48 -07:00
Darren Tucker
898ac935e5 - (dtucker) [configure.ac] bz#2111: don't try to use lastlog on Android.
Patch from Nathan Osman.
2013-06-03 02:03:25 +10:00
Darren Tucker
ef4901c3eb - (dtucker) [configure.ac] sys/un.h needs sys/socket.h on some platforms
to prevent noise from configure. Patch from Nathan Osman.
2013-06-03 01:59:13 +10:00
Darren Tucker
073f795bc1 - dtucker@cvs.openbsd.org 2013/06/02 13:35:58
[ssh-agent.c]
     Make parent_alive_interval time_t to avoid signed/unsigned comparison
2013-06-02 23:47:11 +10:00
Darren Tucker
00e1abb1eb - dtucker@cvs.openbsd.org 2013/06/02 13:33:05
[progressmeter.c]
     Add misc.h for monotime prototype. (id sync only)
2013-06-02 23:46:24 +10:00
Tim Rice
86211d1738 20130602
- (tim) [Makefile.in] Make Solaris, UnixWare, & OpenServer linkers happy
   linking regress/modpipe.
2013-06-01 18:38:23 -07:00
Darren Tucker
e9887d1c37 - (dtucker) [sandbox-seccomp-filter.c] Allow clock_gettimeofday. 2013-06-02 09:17:09 +10:00
Darren Tucker
65cf74079a fix typo 2013-06-02 09:11:19 +10:00
Darren Tucker
c9a1991b95 - dtucker@cvs.openbsd.org 2013/06/01 22:34:50
[sftp-client.c]
     Update progressmeter when data is acked, not when it's sent.  bz#2108, from
     Debian via Colin Watson, ok djm@
2013-06-02 08:37:05 +10:00
Darren Tucker
a710891659 - (dtucker) [configure.ac misc.c] Look for clock_gettime in librt and fall
back to time(NULL) if we can't find it anywhere.
2013-06-02 08:18:31 +10:00
Darren Tucker
f60845fde2 - (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c cipher-ctr.c
groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c
   sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c
   openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c
   openbsd-compat/port-linux.c] Replace portable-specific instances of xfree
   with the equivalent calls to free.
2013-06-02 08:07:31 +10:00
Darren Tucker
3750fce6ac - dtucker@cvs.openbsd.org 2013/06/01 20:59:25
[scp.c sftp-client.c]
     Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is.  Patch
     from Nathan Osman via bz#2113.  ok deraadt.

(note: corrected bug number from 2085)
2013-06-02 07:52:21 +10:00
Darren Tucker
b759c9c2ef - dtucker@cvs.openbsd.org 2013/06/01 13:15:52
[ssh-agent.c clientloop.c misc.h packet.c progressmeter.c misc.c
     channels.c sandbox-systrace.c]
     Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like
     keepalives and rekeying will work properly over clock steps.  Suggested by
     markus@, "looks good" djm@.
2013-06-02 07:46:16 +10:00
Darren Tucker
55119253c6 - dtucker@cvs.openbsd.org 2013/05/31 12:28:10
[ssh-agent.c]
     Use time_t where appropriate.  ok djm
2013-06-02 07:43:59 +10:00
Darren Tucker
0acca3797d - djm@cvs.openbsd.org 2013/05/19 02:42:42
[auth.h auth.c key.c monitor.c auth-rsa.c auth2.c auth1.c key.h]
     Standardise logging of supplemental information during userauth. Keys
     and ruser is now logged in the auth success/failure message alongside
     the local username, remote host/port and protocol in use. Certificates
     contents and CA are logged too.
     Pushing all logging onto a single line simplifies log analysis as it is
     no longer necessary to relate information scattered across multiple log
     entries. "I like it" markus@
2013-06-02 07:41:51 +10:00
Darren Tucker
74836ae0fa - djm@cvs.openbsd.org 2013/05/19 02:38:28
[auth2-pubkey.c]
     fix failure to recognise cert-authority keys if a key of a different type
     appeared in authorized_keys before it; ok markus@
2013-06-02 07:32:00 +10:00
Darren Tucker
a627d42e51 - djm@cvs.openbsd.org 2013/05/17 00:13:13
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
     ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
     gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
     auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
     servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
     auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
     sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
     kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
     kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
     monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
     ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
     sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
     ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
     dns.c packet.c readpass.c authfd.c moduli.c]
     bye, bye xfree(); ok markus@
2013-06-02 07:31:17 +10:00
Darren Tucker
c7aad0058c - (dtucker) [configure.ac defines.h] Test for fd_mask, howmany and NFDBITS
rather than trying to enumerate the plaforms that don't have them.
   Based on a patch from Nathan Osman, with help from tim@.
2013-06-02 07:18:47 +10:00
Darren Tucker
c0c3373216 - (dtucker) [configure.ac openbsd-compat/xcrypt.c] bz#2112: fall back to
using openssl's DES_crpyt function on platorms that don't have a native
   one, eg Android.  Based on a patch from Nathan Osman.
2013-06-02 06:28:03 +10:00
Darren Tucker
efdf534214 - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] bz#2087: Add a null
implementation of endgrent for platforms that don't have it (eg Android).
    Loosely based on a patch from Nathan Osman, ok djm
2013-05-30 08:29:08 +10:00
Darren Tucker
9b42d32738 - dtucker@cvs.openbsd.org 2013/05/17 10:35:43
[regress/scp.sh]
     use a file extention that's not special on some platforms.  from portable
     (id sync only)
2013-05-17 20:48:59 +10:00
Darren Tucker
0a404b0ed7 - dtucker@cvs.openbsd.org 2013/05/17 10:34:30
[regress/portnum.sh]
     use a more portable negated if structure.  from portable (id sync only)
2013-05-17 20:47:29 +10:00
Darren Tucker
62ee222e6f - dtucker@cvs.openbsd.org 2013/05/17 10:33:09
[regress/agent-getpeereid.sh]
     don't redirect stdout from sudo.  from portable (id sync only)
2013-05-17 20:46:00 +10:00
Darren Tucker
00478d30cb - dtucker@cvs.openbsd.org 2013/05/17 10:30:07
[regress/test-exec.sh]
     wait a bit longer for startup and use case for absolute path.
     from portable (id sync only)
2013-05-17 20:45:06 +10:00
Darren Tucker
98989eb95e - dtucker@cvs.openbsd.org 2013/05/17 10:28:11
[regress/sftp.sh]
     only compare copied data if sftp succeeds.  from portable (id sync only)
2013-05-17 20:44:09 +10:00
Darren Tucker
438f60eb9a - dtucker@cvs.openbsd.org 2013/05/17 10:26:26
[regress/sftp-badcmds.sh]
     remove unused BATCH variable. (id sync only)
2013-05-17 20:43:13 +10:00
Darren Tucker
1466bd25a8 - dtucker@cvs.openbsd.org 2013/05/17 10:24:48
[localcommand.sh]
     use backticks for portability. (id sync only)
2013-05-17 20:42:05 +10:00
Darren Tucker
05b5e518c9 - dtucker@cvs.openbsd.org 2013/05/17 10:23:52
[regress/login-timeout.sh regress/reexec.sh regress/test-exec.sh]
     Use SUDO when cat'ing pid files and running the sshd log wrapper so that
     it works with a restrictive umask and the pid files are not world readable.
     Changes from -portable.  (id sync only)
2013-05-17 20:41:07 +10:00
Darren Tucker
dd669173f9 - dtucker@cvs.openbsd.org 2013/05/17 10:16:26
[regress/try-ciphers.sh]
     use expr for math to keep diffs vs portable down
     (id sync only)
2013-05-17 20:39:57 +10:00
Darren Tucker
044f32f4c6 - (dtucker) [regress/cfgmatch.sh] Remove unneeded sleep renderd obsolete by
rev 1.6 which calls wait.
2013-05-17 20:12:57 +10:00
Darren Tucker
9cc8ff7b63 - (dtucker) [regress/runtests.sh] Remove obsolete test driver script. 2013-05-17 20:01:52 +10:00
Darren Tucker
f8d5b34517 - (dtucker) [regress/stderr-after-eof.sh regress/test-exec.sh] Move the md5
helper function to the portable part of test-exec.sh.
2013-05-17 19:53:25 +10:00
Darren Tucker
6f66981ed3 - (dtucker) [regress/test-exec.sh] Move the portable-specific functions
together and add a couple of missing lines from openbsd.
2013-05-17 19:28:51 +10:00
Darren Tucker
5f1a89a3b6 - (dtucker) [regress/integrity.sh regress/krl.sh regress/test-exec.sh]
Move the jot helper function to portable-specific part of test-exec.sh.
2013-05-17 19:17:58 +10:00
Darren Tucker
96457a54d0 - (dtucker) [regress/agent-getpeereid.sh] Resync spaces with openbsd. 2013-05-17 19:03:38 +10:00
Darren Tucker
7f19323659 - (dtucker) [regress/cfgmatch.sh] Resync config file setup with openbsd. 2013-05-17 19:02:28 +10:00
Darren Tucker
8654dd2d73 - (dtucker) [openbsd-compat/getopt.h] Remove unneeded bits. 2013-05-17 16:03:48 +10:00
Darren Tucker
59d928d3b4 - dtucker@cvs.openbsd.org 2013/05/17 04:29:14
[regress/sftp.sh regress/putty-ciphers.sh regress/cipher-speed.sh
     regress/test-exec.sh regress/sftp-batch.sh regress/dynamic-forward.sh
     regress/putty-transfer.sh regress/conch-ciphers.sh regress/sftp-cmds.sh
     regress/scp.sh regress/ssh-com-sftp.sh regress/rekey.sh
     regress/putty-kex.sh regress/stderr-data.sh regress/stderr-after-eof.sh
     regress/sftp-badcmds.sh regress/reexec.sh regress/ssh-com-client.sh
     regress/sftp-chroot.sh regress/forwarding.sh regress/transfer.sh
     regress/multiplex.sh]
     Move the setting of DATA and COPY into test-exec.sh
2013-05-17 15:32:29 +10:00
Darren Tucker
34035be27b - dtucker@cvs.openbsd.org 2013/05/17 01:32:11
[regress/integrity.sh]
     don't print output from ssh before getting it (it's available in ssh.log)
2013-05-17 14:47:51 +10:00
Darren Tucker
b8b96b0aa6 - dtucker@cvs.openbsd.org 2013/05/17 01:16:09
[regress/agent-timeout.sh]
     Pull back some portability changes from -portable:
      - TIMEOUT is a read-only variable in some shells
      - not all greps have -q so redirect to /dev/null instead.
     (ID sync only)
2013-05-17 14:46:20 +10:00
Darren Tucker
56347efe79 - dtucker@cvs.openbsd.org 2013/05/17 00:37:40
[regress/agent.sh regress/keytype.sh regress/cfgmatch.sh
     regress/forcecommand.sh regress/proto-version.sh regress/test-exec.sh
     regress/cipher-speed.sh regress/cert-hostkey.sh regress/cert-userkey.sh
     regress/ssh-com.sh]
     replace 'echo -n' with 'printf' since it's more portable
     also remove "echon" hack.
2013-05-17 13:28:36 +10:00
Darren Tucker
91af05c516 - (dtucker) [regress/integrity.sh]. Force fixed Diffie-Hellman key exchange
methods.  When the openssl version doesn't support ECDH then next one on
   the list is DH group exchange, but that causes a bit more traffic which can
   mean that the tests flip bits in the initial exchange rather than the MACed
   traffic and we get different errors to what the tests look for.
2013-05-17 13:16:59 +10:00
Darren Tucker
6e1e60c3c2 - (dtucker) [regress/bsd.regress.mk] Remove unused file. We've never used it
in portable and it's long gone in openbsd.
2013-05-17 11:23:41 +10:00
Darren Tucker
982b0cbc4c - dtucker@cvs.openbsd.org 2013/05/16 05:48:31
[regress/rekey.sh]
     add tests for RekeyLimit parsing
2013-05-17 09:45:12 +10:00
Darren Tucker
14490fe7b0 - dtucker@cvs.openbsd.org 2013/05/16 04:26:10
[regress/rekey.sh]
     add server-side rekey test
2013-05-17 09:44:20 +10:00
Darren Tucker
c31c8729c1 - dtucker@cvs.openbsd.org 2013/05/16 03:33:30
[regress/rekey.sh]
     test rekeying when there's no data being transferred
2013-05-17 09:43:33 +10:00
Darren Tucker
a8a62fcc46 - dtucker@cvs.openbsd.org 2013/05/16 02:10:35
[rekey.sh]
     Add test for time-based rekeying
2013-05-17 09:42:34 +10:00
Darren Tucker
5e95173715 - djm@cvs.openbsd.org 2013/05/10 03:46:14
[modpipe.c]
     sync some portability changes from portable OpenSSH (id sync only)
2013-05-17 09:41:33 +10:00
Darren Tucker
a4df65b9fc - dtucker@cvs.openbsd.org 2013/04/22 07:28:53
[multiplex.sh]
     Add tests for -Oforward and -Ocancel for local and remote forwards
2013-05-17 09:37:31 +10:00
Darren Tucker
40aaff7e4b - dtucker@cvs.openbsd.org 2013/04/22 07:23:08
[multiplex.sh]
     Write mux master logs to regress.log instead of ssh.log to keep separate
2013-05-17 09:36:20 +10:00
Darren Tucker
f3568fc62b - djm@cvs.openbsd.org 2013/04/18 02:46:12
[Makefile regress/sftp-chroot.sh]
     test sshd ChrootDirectory+internal-sftp; feedback & ok dtucker@
2013-05-17 09:35:26 +10:00
Darren Tucker
dfea3bcdd7 - dtucker@cvs.openbsd.org 2013/04/07 02:16:03
[regress/Makefile regress/rekey.sh regress/integrity.sh
     regress/sshd-log-wrapper.sh regress/forwarding.sh regress/test-exec.sh]
     use -E option for ssh and sshd to write debuging logs to ssh{,d}.log and
     save the output from any failing tests.  If a test fails the debug output
     from ssh and sshd for the failing tests (and only the failing tests) should
     be available in failed-ssh{,d}.log.
2013-05-17 09:31:39 +10:00
Darren Tucker
75129025a2 - dtucker@cvs.openbsd.org 2013/04/06 06:00:22
[regress/rekey.sh regress/test-exec.sh regress/integrity.sh
     regress/multiplex.sh Makefile regress/cfgmatch.sh]
     Split the regress log into 3 parts: the debug output from ssh, the debug
     log from sshd and the output from the client command (ssh, scp or sftp).
     Somewhat functional now, will become more useful when ssh/sshd -E is added.
2013-05-17 09:19:10 +10:00
Darren Tucker
7c8b1e7233 - dtucker@cvs.openbsd.org 2013/03/23 11:09:43
[test-exec.sh]
     Only regenerate host keys if they don't exist or if ssh-keygen has changed
     since they were.  Reduces test runtime by 5-30% depending on machine
     speed.
2013-05-17 09:10:20 +10:00
Darren Tucker
712de4d110 - djm@cvs.openbsd.org 2013/03/07 00:20:34
[regress/proxy-connect.sh]
     repeat test with a style appended to the username
2013-05-17 09:07:12 +10:00
Darren Tucker
09c0f0325b - dtucker@cvs.openbsd.org 2013/05/16 10:44:06
[servconf.c]
     remove another now-unused variable
2013-05-16 20:48:57 +10:00
Darren Tucker
9113d0c238 - dtucker@cvs.openbsd.org 2013/05/16 10:43:34
[servconf.c readconf.c]
     remove now-unused variables
2013-05-16 20:48:14 +10:00
Darren Tucker
e194ba4111 - (dtucker) [configure.ac readconf.c servconf.c
openbsd-compat/openbsd-compat.h] Add compat bits for scan_scaled.
2013-05-16 20:47:31 +10:00
Darren Tucker
b7ee852144 - dtucker@cvs.openbsd.org 2013/05/16 09:12:31
[readconf.c servconf.c]
     switch RekeyLimit traffic volume parsing to scan_scaled.  ok djm@
2013-05-16 20:33:10 +10:00
Darren Tucker
dbee308253 - dtucker@cvs.openbsd.org 2013/05/16 09:08:41
[log.c scp.c sshd.c serverloop.c schnorr.c sftp.c]
     Fix some "unused result" warnings found via clang and -portable.
     ok markus@
2013-05-16 20:32:29 +10:00
Darren Tucker
64d22946d6 - jmc@cvs.openbsd.org 2013/05/16 06:30:06
[sshd_config.5]
     oops! avoid Xr to self;
2013-05-16 20:31:29 +10:00
Darren Tucker
63e0df2b93 - jmc@cvs.openbsd.org 2013/05/16 06:28:45
[ssh_config.5]
     put IgnoreUnknown in the right place;
2013-05-16 20:30:31 +10:00
Darren Tucker
0763698f71 - djm@cvs.openbsd.org 2013/05/16 04:27:50
[ssh_config.5 readconf.h readconf.c]
     add the ability to ignore specific unrecognised ssh_config options;
     bz#866; ok markus@
2013-05-16 20:30:03 +10:00
Darren Tucker
5f96f3b4be - dtucker@cvs.openbsd.org 2013/05/16 04:09:14
[sshd_config.5 servconf.c servconf.h packet.c serverloop.c monitor.c sshd_config
     sshd.c] Add RekeyLimit to sshd with the same syntax as the client allowing
     rekeying based on traffic volume or time.  ok djm@, help & ok jmc@ for the man
     page.
2013-05-16 20:29:28 +10:00
Darren Tucker
c53c2af173 - dtucker@cvs.openbsd.org 2013/05/16 02:00:34
[ssh_config sshconnect2.c packet.c readconf.h readconf.c clientloop.c
     ssh_config.5 packet.h]
     Add an optional second argument to RekeyLimit in the client to allow
     rekeying based on elapsed time in addition to amount of traffic.
     with djm@ jmc@, ok djm
2013-05-16 20:28:16 +10:00
Darren Tucker
64c6fceecd - dtucker@cvs.openbsd.org 2013/05/10 10:13:50
[ssh-pkcs11-helper.c]
     remove unused extern optarg.  ok markus@
2013-05-16 20:27:14 +10:00
Darren Tucker
caf0010934 - djm@cvs.openbsd.org 2013/05/10 04:08:01
[key.c]
     memleak in cert_free(), wasn't actually freeing the struct;
     bz#2096 from shm AT digitalsun.pl
2013-05-16 20:26:18 +10:00
Darren Tucker
7e831edbf7 add missing attribution 2013-05-16 20:25:40 +10:00
Darren Tucker
54da6be320 - djm@cvs.openbsd.org 2013/05/10 03:40:07
[sshconnect2.c]
     fix bzero(ptr_to_struct, sizeof(ptr_to_struct)); bz#2100 from
2013-05-16 20:25:04 +10:00
Darren Tucker
5d8b702d95 - dtucker@cvs.openbsd.org 2013/05/06 07:35:12
[sftp-server.8]
     Reference the version of the sftp draft we actually implement.  ok djm@
2013-05-16 20:24:23 +10:00
Darren Tucker
026d9db3fb - tedu@cvs.openbsd.org 2013/04/24 16:01:46
[misc.c]
     remove extra parens noticed by nicm
2013-05-16 20:23:52 +10:00
Darren Tucker
2ca51bf140 - tedu@cvs.openbsd.org 2013/04/23 17:49:45
[misc.c]
     use xasprintf instead of a series of strlcats and strdup. ok djm
2013-05-16 20:22:46 +10:00
Damien Miller
6aa3eacc5e - (djm) [contrib/ssh-copy-id] Fix bug that could cause "rm *" to be
executed if mktemp failed; bz#2105 ok dtucker@
2013-05-16 11:10:17 +10:00
Darren Tucker
c54e3e0741 - (dtucker) [configure.ac] Add -Werror to the -Qunused-arguments test so
we don't get a warning on compilers that *don't* support it.  Add
   -Wno-unknown-warning-option.  Move both to the start of the list for
   maximum noise suppression.  Tested with gcc 4.6.3, gcc 2.95.4 and clang 2.9.
2013-05-10 18:53:14 +10:00
Darren Tucker
a75d247a18 - (dtucker) [kex.c] Only include sha256 and ECC key exchange methods when the
underlying libraries support them.
2013-05-10 18:11:55 +10:00
Darren Tucker
0abfb559e3 - (dtucker) [openbsd-compat/getopt.h openbsd-compat/getopt_long.c
openbsd-compat/openbsd-compat.h] pull in getopt.h from openbsd and plumb
  in to use it when we're using our own getopt.
2013-05-10 18:08:49 +10:00
Darren Tucker
ccfdfceacb - (dtucker) [openbsd-compat/Makefile.in openbsd-compat/getopt.c
openbsd-compat/getopt_long.c regress/modpipe.c] Remove getopt.c, add
   portability code to getopt_long.c and switch over Makefile and the ugly
   hack in modpipe.c.  Fixes bz#1448.
2013-05-10 16:28:55 +10:00
Darren Tucker
3933202007 - (dtucker) [openbsd-compat/getopt_long.c] Import from OpenBSD. No
portability changes yet.
2013-05-10 15:38:11 +10:00