mirrors/openssh
0
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2024-11-27 22:33:15 +08:00
Code Issues Packages Projects Releases Wiki Activity
7,453 Commits 69 Branches 157 Tags 29 MiB
ad013944af
Commit Graph

7453 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Damien Miller
ad013944af - (djm) [INSTALL] Recommend libcrypto be built -fPIC, mention LibreSSL, 
update OpenSSL version requirement.
 2014-08-26 09:27:28 +10:00
Damien Miller
ed126de8ee - (djm) [bufec.c] Skip this file on !ECC OpenSSL 2014-08-26 08:37:47 +10:00
Damien Miller
9c1dede005 - (djm) [sftp-server.c] Some systems (e.g. Irix) have prctl() but not 
PR_SET_DUMPABLE, so adjust ifdef; reported by Tom Christensen
 2014-08-24 03:01:06 +10:00
Damien Miller
d244a5816f - (djm) [configure.ac] We now require a working vsnprintf everywhere (not 
just for systems that lack asprintf); check for it always and extend
   test to catch more brokenness. Fixes builds on Solaris <= 9
 2014-08-23 17:06:49 +10:00
Damien Miller
4cec036362 - (djm) [sshd.c] Ignore SIGXFSZ in preauth monitor child; can explode on 
lastlog writing on platforms with high UIDs; bz#2263
 2014-08-23 03:11:09 +10:00
Damien Miller
394a60f259 - (djm) [configure.ac] double braces to appease autoconf 2014-08-22 18:06:20 +10:00
Damien Miller
4d69aeabd6 - (djm) [openbsd-compat/bsd-snprintf.c] Fix compilation failure (prototype/ 
definition mismatch) and warning for broken/missing snprintf case.
 2014-08-22 17:48:27 +10:00
Damien Miller
0c11f1ac36 - (djm) [sshbuf-getput-crypto.c] Fix compilation when OpenSSL lacks ECC 2014-08-22 17:36:56 +10:00
Damien Miller
6d62784b89 - (djm) [configure.ac] include leading zero characters in OpenSSL version 
number; fixes test for unsupported versions
 2014-08-22 17:36:19 +10:00
Damien Miller
4f1ff1ed78 - (djm) [regress/unittests/test_helper/test_helper.c] Fix for systems that 
don't set __progname. Diagnosed by Tom Christensen.
 2014-08-21 15:54:50 +10:00
Damien Miller
005a64da0f - (djm) [key.h] Fix ifdefs for no-ECC OpenSSL 2014-08-21 10:48:41 +10:00
Damien Miller
aa6598ebb3 - (djm) [Makefile.in] fix reference to libtest_helper.a in sshkey test too. 2014-08-21 10:47:54 +10:00
Damien Miller
54703e3cf6 - (djm) [contrib/cygwin/README] Correct build instructions; from Corinna 2014-08-20 11:10:51 +10:00
Damien Miller
f0935698f0 - (djm) [sshkey.h] Fix compilation when OpenSSL lacks ECC 2014-08-20 11:06:50 +10:00
Damien Miller
c5089ecaec - (djm) [Makefile.in] refer to libtest_helper.a by explicit path rather than 
-L/-l; fixes linking problems on some platforms
 2014-08-20 11:06:20 +10:00
Damien Miller
2195847e50 - (djm) [configure.ac] Check OpenSSL version is supported at configure time; 
suggested by Kevin Brott
 2014-08-20 11:05:03 +10:00
Damien Miller
a75aca1bbc - (djm) [INSTALL contrib/caldera/openssh.spec contrib/cygwin/README] 
[contrib/redhat/openssh.spec contrib/suse/openssh.spec] Remove mentions
   of TCP wrappers.
 2014-08-19 11:36:07 +10:00
Damien Miller
3f022b5a94 - (djm) [ssh-dss.c] Include openssl/dsa.h for DSA_SIG 2014-08-19 11:32:34 +10:00
Damien Miller
8813790263 - (djm) [sshbuf.h] Fix compilation on systems without OPENSSL_HAS_ECC. 2014-08-19 11:28:11 +10:00
Damien Miller
2f3d1e7fb2 - (djm) [myproposal.h] Make curve25519 KEX dependent on 
HAVE_EVP_SHA256 instead of OPENSSL_HAS_ECC.
 2014-08-19 11:14:36 +10:00
Damien Miller
d4e7d59d01 - (djm) [serverloop.c] Fix syntax error on Cygwin; from Corinna Vinschen 2014-08-19 11:14:17 +10:00
Damien Miller
9eaeea2cf2 - (djm) [README contrib/caldera/openssh.spec] 
[contrib/redhat/openssh.spec contrib/suse/openssh.spec] Update versions
 2014-08-10 11:35:05 +10:00
Damien Miller
f8988fbef0 - (djm) [regress/multiplex.sh] Use -d (detach stdin) flag to disassociate 
nc from stdin, it's more portable
 2014-08-01 13:31:52 +10:00
Damien Miller
5b3879fd4b - (djm) [regress/multiplex.sh] Instruct nc not to quit as soon as stdin 
is closed; avoid regress failures when stdin is /dev/null
 2014-08-01 12:28:31 +10:00
Damien Miller
a9c46746d2 - (djm) [regress/multiplex.sh] Skip test for non-OpenBSD netcat. We need 
a better solution, but this will have to do for now.
 2014-08-01 12:26:49 +10:00
Damien Miller
426117b2e9 - schwarze@cvs.openbsd.org 2014/07/28 15:40:08 
[sftp-server.8 sshd_config.5]
     some systems no longer need /dev/log;
     issue noticed by jirib;
     ok deraadt
 2014-07-30 12:33:20 +10:00
Damien Miller
f497794b69 - dtucker@cvs.openbsd.org 2014/07/25 21:22:03 
[ssh-agent.c]
     Clear buffer used for handling messages.  This prevents keys being
     left in memory after they have been expired or deleted in some cases
     (but note that ssh-agent is setgid so you would still need root to
     access them).  Pointed out by Kevin Burns, ok deraadt
 2014-07-30 12:32:46 +10:00
Damien Miller
a8a0f65c57 - OpenBSD CVS Sync 
- millert@cvs.openbsd.org 2014/07/24 22:57:10
     [ssh.1]
     Mention UNIX-domain socket forwarding too.  OK jmc@ deraadt@
 2014-07-30 12:32:28 +10:00
Damien Miller
56b840f2b8 - (djm) [regress/multiplex.sh] restore incorrectly deleted line; 
pointed out by Christian Hesse
 2014-07-25 08:11:30 +10:00
Darren Tucker
dd417b60d5 - dtucker@cvs.openbsd.org 2014/07/22 23:35:38 
[regress/unittests/sshkey/testdata/*]
     Regenerate test keys with certs signed with ed25519 instead of ecdsa.
     These can be used in -portable on platforms that don't support ECDSA.
 2014-07-23 10:41:21 +10:00
Darren Tucker
40e5021189 - dtucker@cvs.openbsd.org 2014/07/22 23:57:40 
[regress/unittests/sshkey/mktestdata.sh]
     Add $OpenBSD tag to make syncs easier
 2014-07-23 10:35:45 +10:00
Darren Tucker
07e644251e - dtucker@cvs.openbsd.org 2014/07/22 23:23:22 
[regress/unittests/sshkey/mktestdata.sh]
     Sign test certs with ed25519 instead of ecdsa so that they'll work in
     -portable on platforms that don't have ECDSA in their OpenSSL.  ok djm
 2014-07-23 10:34:26 +10:00
Darren Tucker
cea099a7c4 - djm@cvs.openbsd.org 2014/07/22 01:32:12 
[regress/multiplex.sh]
     change the test for still-open Unix domain sockets to be robust against
     nc implementations that produce error messages. from -portable
     (Id sync only)
 2014-07-23 10:04:02 +10:00
Darren Tucker
31eb78078d - guenther@cvs.openbsd.org 2014/07/22 07:13:42 
[umac.c]
     Convert from <sys/endian.h> to the shiney new <endian.h>
     ok dtucker@, who also confirmed that -portable handles this already
     (ID sync only, includes.h pulls in endian.h if available.)
 2014-07-23 09:43:42 +10:00
Darren Tucker
820763efef - dtucker@cvs.openbsd.org 2014/07/22 01:18:50 
[key.c]
     Prevent spam from key_load_private_pem during hostbased auth.  ok djm@
 2014-07-23 09:40:46 +10:00
Darren Tucker
c4ee219a66 - (dtucker) [regress/unittests/sshkey/test_{file,fuzz,sshkey}.c] Wrap ecdsa- 
specific tests inside OPENSSL_HAS_ECC.
 2014-07-23 04:27:50 +10:00
Damien Miller
04f4824940 - (djm) [regress/multiplex.sh] change the test for still-open Unix 
domain sockets to be robust against nc implementations that produce
    error messages.
 2014-07-22 11:31:47 +10:00
Damien Miller
5ea4fe00d5 - (djm) [regress/multiplex.sh] ssh mux master lost -N somehow; 
put it back
 2014-07-22 09:39:19 +10:00
Darren Tucker
948a1774a7 - (dtucker) [sshkey.c] ifdef out unused variable when compiling without 
OPENSSL_HAS_ECC.
 2014-07-22 01:07:11 +10:00
Damien Miller
c8f610f6cc - (djm) [regress/multiplex.sh] Not all netcat accept the -N option. 2014-07-21 10:23:27 +10:00
Damien Miller
0e4e95566c - millert@cvs.openbsd.org 2014/07/15 15:54:15 
[forwarding.sh multiplex.sh]
     Add support for Unix domain socket forwarding.  A remote TCP port
     may be forwarded to a local Unix domain socket and vice versa or
     both ends may be a Unix domain socket.  This is a reimplementation
     of the streamlocal patches by William Ahern from:
         http://www.25thandclement.com/~william/projects/streamlocal.html
     OK djm@ markus@
 2014-07-21 09:52:54 +10:00
Darren Tucker
93a87ab27e - (dtucker) [regress/unittests/sshkey/ 
{common,test_file,test_fuzz,test_sshkey}.c] Wrap stdint.h includes in
   ifdefs.
 2014-07-21 06:30:25 +10:00
Darren Tucker
5573171352 - (dtucker) [cipher.c openbsd-compat/openssl-compat.h] Restore the bits 
needed to build AES CTR mode against OpenSSL 0.9.8f and above.  ok djm
 2014-07-21 02:24:59 +10:00
Tim Rice
74e2868271 - (tim) [openbsd-compat/port-uw.c] Include misc.h for fwd_opts, used 
in servconf.h.
 2014-07-18 20:00:11 -07:00
Darren Tucker
d1a0421f8e - (dtucker) [key.c sshkey.c] Put new ecdsa bits inside ifdef OPENSSL_HAS_ECC. 2014-07-19 07:23:55 +10:00
Darren Tucker
f0fe9ea1be - (dtucker) [Makefile.in] Add a t-exec target to run just the executable 
tests.
 2014-07-19 06:33:12 +10:00
Darren Tucker
450bc1180d - (dtucker) [auth2-gss.c gss-serv-krb5.c] Include misc.h for fwd_opts, used 
in servconf.h.
 2014-07-19 06:23:18 +10:00
Damien Miller
ab2ec586ba - djm@cvs.openbsd.org 2014/07/18 02:46:01 
[ssh-agent.c]
     restore umask around listener socket creation (dropped in streamlocal patch
     merge)
 2014-07-18 15:04:47 +10:00
Damien Miller
357610d159 - djm@cvs.openbsd.org 2014/07/17 07:22:19 
[mux.c ssh.c]
     reflect stdio-forward ("ssh -W host:port ...") failures in exit status.
     previously we were always returning 0. bz#2255 reported by Brendan
     Germain; ok dtucker
 2014-07-18 15:04:10 +10:00
Damien Miller
dad9a4a0b7 - djm@cvs.openbsd.org 2014/07/17 00:12:03 
[key.c]
     silence "incorrect passphrase" error spam; reported and ok dtucker@
 2014-07-18 15:03:49 +10:00