summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2011-02-04 - djm@cvs.openbsd.org 2011/02/04 00:44:21Damien Miller
[key.c] fix uninitialised nonce variable; reported by Mateusz Kocielski
2011-02-04 - djm@cvs.openbsd.org 2011/01/31 21:42:15Damien Miller
[PROTOCOL.mux] cut'n'pasto; from bert.wesarg AT googlemail.com
2011-02-0420110128Damien Miller
- (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled before attempting setfscreatecon(). Check whether matchpathcon() succeeded before using its result. Patch from cjwatson AT debian.org; bz#1851
2011-02-04cherry-pickDamien Miller
20110125 - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to port-linux.c to avoid compilation errors. Add -lselinux to ssh when building with SELinux support to avoid linking failure; report from amk AT spamfence.net; ok dtucker
2011-01-28 - (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabledDamien Miller
before attempting setfscreatecon(). Check whether matchpathcon() succeeded before using its result. Patch from cjwatson AT debian.org; bz#1851
2011-01-2620110127Tim Rice
- (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white space changes for consistency/readability. Makes autoconf 2.68 happy. "Nice work" djm
2011-01-2620110127Tim Rice
- (tim) [config.guess config.sub] Sync with upstream.
2011-01-25 - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.cDamien Miller
openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to port-linux.c to avoid compilation errors. Add -lselinux to ssh when building with SELinux support to avoid linking failure; report from amk AT spamfence.net; ok dtucker
2011-01-22 - (djm) Release 5.7p1Damien Miller
2011-01-22trim entries older than 5.5p1Damien Miller
2011-01-22 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]Damien Miller
[contrib/suse/openssh.spec] update versions in docs and spec files.
2011-01-22 - OpenBSD CVS SyncDamien Miller
- djm@cvs.openbsd.org 2011/01/22 09:18:53 [version.h] crank to OpenSSH-5.7
2011-01-22 - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] AddDarren Tucker
RSA_get_default_method() for the benefit of openssl versions that don't have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott, ok djm@.
2011-01-19 - (djm) [configure.ac] Disable ECC on OpenSSL <0.9.8g. Releases prior toDamien Miller
0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre- release testing (random crashes and failure to load ECC keys). ok dtucker@
2011-01-18 - (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile insteadTim Rice
of RPM so build completes. Signatures were changed to .asc since 4.1p1.
2011-01-17- (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c audit.hDarren Tucker
configure.ac defines.h loginrec.c] Bug #1402: add linux audit subsystem support, based on patches from Tomas Mraz and jchadima at redhat.
2011-01-17 - (dtucker) [openbsd-compat/port-linux.c] Fix minor bug caught by -Werror onDarren Tucker
the tinderbox.
2011-01-16 - (tim) [regress/agent-getpeereid.sh] shell portability fix.Tim Rice
2011-01-17 - (djm) [configure.ac regress/agent-getpeereid.sh regress/multiplex.sh]Damien Miller
[regress/sftp-glob.sh regress/test-exec.sh] Rework how feature tests are disabled on platforms that do not support them; add a "config_defined()" shell function that greps for defines in config.h and use them to decide on feature tests. Convert a couple of existing grep's over config.h to use the new function Add a define "FILESYSTEM_NO_BACKSLASH" for filesystem that can't represent backslash characters in filenames, enable it for Cygwin and use it to turn of tests for quotes backslashes in sftp-glob.sh. based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@
2011-01-17 - (dtucker) [openbsd-compat/port-linux.c] Bug #1838: Add support for the newDarren Tucker
Linux OOM-killer magic values that changed in 2.6.36 kernels, with fallback to the old values. Feedback from vapier at gentoo org and djm, ok djm.
2011-01-17 - (djm) [regress/agent-getpeereid.sh] leave stdout attached when runningDamien Miller
ssh-add to avoid $SUDO failures on Linux
2011-01-17 - (djm) [regress/agent-ptrace.sh] Fix false failure on OS X by addingDamien Miller
its unique snowflake of a gdb error to the ones we look for.
2011-01-17 - (djm) [regress/Makefile] use $TEST_SSH_KEYGEN instead of the one inDamien Miller
$PATH, fix cleanup of droppings; reported by openssh AT roumenpetrov.info; ok dtucker@
2011-01-16 - djm@cvs.openbsd.org 2011/01/16 12:05:59Damien Miller
[clientloop.c] a couple more tweaks to the post-close protocol 1 stderr/stdout flush: now that we use atomicio(), convert them from while loops to if statements add test and cast to compile cleanly with -Wsigned
2011-01-16 - djm@cvs.openbsd.org 2011/01/16 11:50:36Damien Miller
[sshconnect.c] reset the SIGPIPE handler when forking to execute child processes; ok dtucker@
2011-01-16 - djm@cvs.openbsd.org 2011/01/16 11:50:05Damien Miller
[clientloop.c] Use atomicio when flushing protocol 1 std{out,err} buffers at session close. This was a latent bug exposed by setting a SIGCHLD handler and spotted by kevin.brott AT gmail.com; ok dtucker@
2011-01-16 - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-basedDarren Tucker
on configurations that don't have it.
2011-01-16not February yet...Darren Tucker
2011-01-13 - (tim) [regress/cert-hostkey.sh] Add missing TEST_SSH_ECC guard around someTim Rice
ecdsa bits.
2011-01-13 - (tim) [regress/cert-hostkey.sh] Typo. Missing $ on variable name.Tim Rice
2011-01-14 - (djm) [Makefile.in] Use shell test to disable ecdsa key generating inDamien Miller
host-key-force target rather than a substitution that is replaced with a comment so that the Makefile.in is still a syntactically valid Makefile (useful to run the distprep target)
2011-01-14 - djm@cvs.openbsd.org 2011/01/13 21:55:25Damien Miller
[PROTOCOL.mux] correct protocol names and add a couple of missing protocol number defines; patch from bert.wesarg AT googlemail.com
2011-01-14 - djm@cvs.openbsd.org 2011/01/13 21:54:53Damien Miller
[mux.c] correct error messages; patch from bert.wesarg AT googlemail.com
2011-01-13 - (djm) [regress/kextype.sh] Testing diffie-hellman-group-exchange-sha256Damien Miller
should not depend on ECC support
2011-01-13 - (djm) [myproposal.h] Fix reversed OPENSSL_VERSION_NUMBER test and badDamien Miller
#define that was causing diffie-hellman-group-exchange-sha256 to be incorrectly disabled
2011-01-13 - (djm) [regress/Makefile] add a few more generated files to the cleanDamien Miller
target
2011-01-13 - (djm) [entropy.c] cast OPENSSL_VERSION_NUMBER to u_long to avoidDamien Miller
gcc warning on platforms where it defaults to int
2011-01-12 - (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generatingTim Rice
ecdsa keys. ok djm.
2011-01-12 - (tim) [Makefile.in] test the ECC bits if we have the capability. ok djmTim Rice
2011-01-13 - (djm) [misc.c] include time.h for nanosleep() prototypeDamien Miller
2011-01-12 - (djm) [configure.ac] Fix broken test for gcc >= 4.4 with per-compilerDamien Miller
flag tests that don't depend on gcc version at all; suggested by and ok dtucker@
2011-01-12 - (djm) [configure.ac] Turn on -Wno-unused-result for gcc >= 4.4 to avoidDamien Miller
silly warnings on write() calls we don't care succeed or not.
2011-01-12 - djm@cvs.openbsd.org 2011/01/12 01:53:14Damien Miller
avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS and sanity check arguments (these will be unnecessary when we switch struct glob members from being type into to size_t in the future); "looks ok" tedu@ feedback guenther@
2011-01-12 - nicm@cvs.openbsd.org 2010/10/08 21:48:42Damien Miller
[openbsd-compat/glob.c] Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit from ARG_MAX to 64K. Fixes glob-using programs (notably ftp) able to be triggered to hit resource limits. Idea from a similar NetBSD change, original problem reported by jasper@. ok millert tedu jasper
2011-01-11 - djm@cvs.openbsd.org 2011/01/11 06:13:10Damien Miller
[clientloop.c ssh-keygen.c sshd.c] some unsigned long long casts that make things a bit easier for portable without resorting to dropping PRIu64 formats everywhere
2011-01-11 - djm@cvs.openbsd.org 2011/01/11 06:06:09Damien Miller
[sshlogin.c] fd leak on error paths; from zinovik@ NB. Id sync only; we use loginrec.c that was also audited and fixed recently
2011-01-11 - djm@cvs.openbsd.org 2011/01/08 10:51:51Damien Miller
[clientloop.c] use host and not options.hostname, as the latter may have unescaped substitution characters
2011-01-11 - (djm) [platform.c] Some missing includes that show up under -WerrorDamien Miller
2011-01-10 - (tim) [regress/host-expand.sh] Fix for building outside of read onlyTim Rice
source tree.
2011-01-09 - (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted byDamien Miller
openssh AT roumenpetrov.info