summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-06-16 - (dtucker) [defines.h] Fix undef of _PATH_MAILDIR. From rak at debian viaDarren Tucker
OpenSMTPD and chl@
2014-06-13 - (dtucker) [configure.ac] Remove tcpwrappers support, support has alreadyDarren Tucker
been removed from sshd.c.
2014-06-11 - (tim) [regress/unittests/test_helper/test_helper.h] Add includes.h forTim Rice
u_intXX_t types.
2014-06-12 - (dtucker) [regress/unittests/sshbuf/*.c regress/unittests/test_helper/*]Darren Tucker
Wrap stdlib.h include an ifdef for platforms that don't have it.
2014-06-12 - (dtucker) [defines.h] Add va_copy if we don't already have it, taken fromDarren Tucker
openbsd-compat/bsd-asprintf.c.
2014-06-11 - (dtucker) [bufaux.c bufbn.c bufec.c buffer.c] Pull in includes.h forDarren Tucker
compat stuff, specifically whether or not OpenSSL has ECC.
2014-06-11 - (dtucker) [openbsd-compat/arc4random.c] Use explicit_bzero instead of anDarren Tucker
assigment that might get optimized out. ok djm@
2014-06-11 - (dtucker) [sshbuf.h] Only declare ECC functions if building withoutDarren Tucker
OpenSSL or if OpenSSL has ECC.
2014-06-11 - dtucker@cvs.openbsd.org 2014/06/10 21:46:11Darren Tucker
[sshbuf.h] Group ECC functions together to make things a little easier in -portable. "doesn't bother me" deraadt@
2014-06-11 - djm@cvs.openbsd.org 2014/06/05 22:17:50Darren Tucker
[sshconnect2.c] fix inverted test that caused PKCS#11 keys that were explicitly listed not to be preferred. Reported by Dirk-Willem van Gulik
2014-06-11 - (dtucker) [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] ifdefDarren Tucker
ECC variable too.
2014-06-11 - (dtucker) [myprosal.h] Don't include curve25519-sha256@libssh.org inDarren Tucker
the proposal if the version of OpenSSL we're using doesn't support ECC.
2014-06-11 - (dtucker) [regress/unittests/sshbuf/test_sshbuf_getput_crypto.cDarren Tucker
regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] Only do NISTP256 curve tests if OpenSSL has them.
2014-05-27 - (djm) [configure.ac openbsd-compat/bsd-cygwin_util.c]Damien Miller
[openbsd-compat/bsd-cygwin_util.h] On Cygwin, determine privilege separation user at runtime, since it may need to be a domain account. Patch from Corinna Vinschen.
2014-05-27 - (djm) [contrib/cygwin/ssh-host-config] Updated Cygwin ssh-host-configDamien Miller
from Corinna Vinschen, fixing a number of bugs and preparing for Cygwin 1.7.30.
2014-05-27 - (djm) [cipher.c] Fix merge botch.Damien Miller
2014-05-22 - (djm) [Makefile.in] typo in pathDamien Miller
2014-05-21revert a diff I didn't mean to commitDamien Miller
2014-05-21 - (djm) [misc.c] Use CLOCK_BOOTTIME in preference to CLOCK_MONOTONICDamien Miller
when it is available. It takes into account time spent suspended, thereby ensuring timeouts (e.g. for expiring agent keys) fire correctly. bz#2228 reported by John Haxby
2014-05-21 - (djm) [commit configure.ac defines.h sshpty.c] don't attempt to useDamien Miller
vhangup on Linux. It doens't work for non-root users, and for them it just messes up the tty settings.
2014-05-15 - (djm) [sshbuf.c] need __predict_falseDamien Miller
2014-05-15 - (djm) [regress/Makefile Makefile.in]Damien Miller
[regress/unittests/sshbuf/test_sshbuf.c [regress/unittests/sshbuf/test_sshbuf_fixed.c] [regress/unittests/sshbuf/test_sshbuf_fuzz.c] [regress/unittests/sshbuf/test_sshbuf_getput_basic.c] [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c] [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] [regress/unittests/sshbuf/test_sshbuf_misc.c] [regress/unittests/sshbuf/tests.c] [regress/unittests/test_helper/fuzz.c] [regress/unittests/test_helper/test_helper.c] Hook new unit tests into the build and "make tests"
2014-05-15 - (djm) [regress/unittests/Makefile]Damien Miller
[regress/unittests/Makefile.inc] [regress/unittests/sshbuf/Makefile] [regress/unittests/sshbuf/test_sshbuf.c] [regress/unittests/sshbuf/test_sshbuf_fixed.c] [regress/unittests/sshbuf/test_sshbuf_fuzz.c] [regress/unittests/sshbuf/test_sshbuf_getput_basic.c] [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c] [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] [regress/unittests/sshbuf/test_sshbuf_misc.c] [regress/unittests/sshbuf/tests.c] [regress/unittests/test_helper/Makefile] [regress/unittests/test_helper/fuzz.c] [regress/unittests/test_helper/test_helper.c] [regress/unittests/test_helper/test_helper.h] Import new unit tests from OpenBSD; not yet hooked up to build.
2014-05-15 - logan@cvs.openbsd.org 2014/05/04 10:40:59Damien Miller
[connect-privsep.sh] Remove the Z flag from the list of malloc options as it was removed from malloc.c 10 days ago. OK from miod@
2014-05-15 - dtucker@cvs.openbsd.org 2014/05/03 18:46:14Damien Miller
[proxy-connect.sh] Add tests for with and without compression, with and without privsep.
2014-05-15 - djm@cvs.openbsd.org 2014/04/21 22:15:37Damien Miller
[dhgex.sh integrity.sh kextype.sh rekey.sh try-ciphers.sh] repair regress tests broken by server-side default cipher/kex/mac changes by ensuring that the option under test is included in the server's algorithm list
2014-05-15 - djm@cvs.openbsd.org 2014/03/13 20:44:49Damien Miller
[login-timeout.sh] this test is a sorry mess of race conditions; add another sleep to avoid a failure on slow machines (at least until I find a better way)
2014-05-15 - (djm) [Makefile.in configure.ac sshbuf-getput-basic.c]Damien Miller
[sshbuf-getput-crypto.c sshbuf.c] compilation and portability fixes
2014-05-15 - (djm) [configure.ac] Unconditionally define WITH_OPENSSL until we writeDamien Miller
portability glue to support building without libcrypto
2014-05-15 - logan@cvs.openbsd.org 2014/05/05 07:02:30Damien Miller
[sftp.c] Zap extra whitespace. OK from djm@ and dtucker@
2014-05-15 - markus@cvs.openbsd.org 2014/05/03 17:20:34Damien Miller
[monitor.c packet.c packet.h] unbreak compression, by re-init-ing the compression code in the post-auth child. the new buffer code is more strict, and requires buffer_init() while the old code was happy after a bzero(); originally from djm@
2014-05-15 - djm@cvs.openbsd.org 2014/05/02 03:27:54Damien Miller
[chacha.h cipher-chachapoly.h digest.h hmac.h kex.h kexc25519.c] [misc.h poly1305.h ssh-pkcs11.c defines.h] revert __bounded change; it causes way more problems for portable than it solves; pointed out by dtucker@
2014-05-15 - naddy@cvs.openbsd.org 2014/04/30 19:07:48Damien Miller
[mac.c myproposal.h umac.c] UMAC can use our local fallback implementation of AES when OpenSSL isn't available. Glue code straight from Ted Krovetz's original umac.c. ok markus@
2014-05-15 - djm@cvs.openbsd.org 2014/04/30 05:29:56Damien Miller
[bufaux.c bufbn.c bufec.c buffer.c buffer.h sshbuf-getput-basic.c] [sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c sshbuf.h ssherr.c] [ssherr.h] New buffer API; the first installment of the conversion/replacement of OpenSSH's internals to make them usable as a standalone library. This includes a set of wrappers to make it compatible with the existing buffer API so replacement can occur incrementally. With and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review.
2014-05-15 - dtucker@cvs.openbsd.org 2014/04/29 20:36:51Damien Miller
[sftp.c] Don't attempt to append a nul quote char to the filename. Should prevent fatal'ing with "el_insertstr failed" when there's a single quote char somewhere in the string. bz#2238, ok markus@
2014-05-15 - dtucker@cvs.openbsd.org 2014/04/29 19:58:50Damien Miller
[sftp.c] Move nulling of variable next to where it's freed. ok markus@
2014-05-15 - markus@cvs.openbsd.org 2014/04/29 18:01:49Damien Miller
[auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c] [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c] [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c] make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
2014-05-15 - djm@cvs.openbsd.org 2014/04/29 13:10:30Damien Miller
[clientloop.c serverloop.c] bz#1818 - don't send channel success/failre replies on channels that have sent a close already; analysis and patch from Simon Tatham; ok markus@
2014-05-15 - djm@cvs.openbsd.org 2014/04/28 03:09:18Damien Miller
[authfile.c bufaux.c buffer.h channels.c krl.c mux.c packet.c packet.h] [ssh-keygen.c] buffer_get_string_ptr's return should be const to remind callers that futzing with it will futz with the actual buffer contents
2014-05-15 - djm@cvs.openbsd.org 2014/04/23 12:42:34Damien Miller
[readconf.c] don't record duplicate IdentityFiles
2014-05-15 - jmc@cvs.openbsd.org 2014/04/22 14:16:30Damien Miller
[sftp.1] zap eol whitespace;
2014-05-15 - logan@cvs.openbsd.org 2014/04/22 12:42:04Damien Miller
[sftp.1] Document sftp upload resume. OK from djm@, with feedback from okan@.
2014-05-15 - logan@cvs.openbsd.org 2014/04/22 10:07:12Damien Miller
[sftp.c] Sort the sftp command list. OK from djm@
2014-05-15 - logan@cvs.openbsd.org 2014/04/21 14:36:16Damien Miller
[sftp-client.c sftp-client.h sftp.c] Implement sftp upload resume support. OK from djm@, with input from guenther@, mlarkin@ and okan@
2014-05-15 - logan@cvs.openbsd.org 2014/04/20 09:24:26Damien Miller
[dns.c dns.h ssh-keygen.c] Add support for SSHFP DNS records for ED25519 key types. OK from djm@
2014-05-15 - (djm) [rijndael.c rijndael.h] Sync with newly-ressurected versions ineDamien Miller
OpenBSD
2014-05-01 - (dtucker) [defines.h] Define __GNUC_PREREQ__ macro if we don't alreadyDarren Tucker
have it. Only attempt to use __attribute__(__bounded__) for gcc.
2014-04-20 - djm@cvs.openbsd.org 2014/04/20 02:49:32Damien Miller
[compat.c] add a canonical 6.6 + curve25519 bignum fix fake version that I can recommend people use ahead of the openssh-6.7 release
2014-04-20 - djm@cvs.openbsd.org 2014/04/20 02:30:25Damien Miller
[misc.c misc.h umac.c] use get/put_u32 to load values rather than *((UINT32 *)p) that breaks on strict-alignment architectures; reported by and ok stsp@
2014-04-20 - tedu@cvs.openbsd.org 2014/04/19 18:42:19Damien Miller
[ssh.1] delete .xr to hosts.equiv. there's still an unfortunate amount of documentation referring to rhosts equivalency in here.