summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2006-06-13 - markus@cvs.openbsd.org 2006/06/08 14:45:49Damien Miller
[readpass.c sshconnect.c sshconnect2.c uidswap.c uidswap.h] do not set the gid, noted by solar; ok djm
2006-06-13 - markus@cvs.openbsd.org 2006/06/06 10:20:20Damien Miller
[readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c] replace remaining setuid() calls with permanently_set_uid() and check seteuid() return values; report Marcus Meissner; ok dtucker djm
2006-06-13 - markus@cvs.openbsd.org 2006/06/01 09:21:48Damien Miller
[sshd.c] call get_remote_ipaddr() early; fixes logging after client disconnects; report mpf@; ok dtucker@
2006-06-13 - mk@cvs.openbsd.org 2006/05/30 11:46:38Damien Miller
[ssh-add.c] Sync usage() with man page and reality. ok deraadt dtucker
2006-06-13 - jmc@cvs.openbsd.org 2006/05/29 16:13:23Damien Miller
[ssh.1] add GSSAPI to the list of authentication methods supported;
2006-06-13 - jmc@cvs.openbsd.org 2006/05/29 16:10:03Damien Miller
[ssh_config.5] oops - previous was too long; split the list of auths up
2006-06-13 - dtucker@cvs.openbsd.org 2006/05/29 12:56:33Damien Miller
[ssh_config] Add GSSAPIAuthentication and GSSAPIDelegateCredentials to examples in sample ssh_config. ok markus@
2006-06-13 - dtucker@cvs.openbsd.org 2006/05/29 12:54:08Damien Miller
[ssh_config.5] Add gssapi-with-mic to PreferredAuthentications default list; ok jmc
2006-06-13 - miod@cvs.openbsd.org 2006/05/18 21:27:25Damien Miller
[kexdhc.c kexgexc.c] paramter -> parameter
2006-06-13 - markus@cvs.openbsd.org 2006/05/17 12:43:34Damien Miller
[scp.c sftp.c ssh-agent.c ssh-keygen.c sshconnect.c] fix leak; coverity via Kylene Jo Hall
2006-06-13 - markus@cvs.openbsd.org 2006/05/16 09:00:00Damien Miller
[clientloop.c] missing free; from Kylene Hall
2006-06-13 - djm@cvs.openbsd.org 2006/05/08 10:49:48Damien Miller
[sshconnect2.c] uint32_t -> u_int32_t (which we use everywhere else) (Id sync only - portable already had this)
2006-05-21 - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitorDarren Tucker
and slave, we can remove the special-case handling in the audit hook in auth_log.
2006-05-17 - (dtucker) [ssh-rand-helper.c] Check return code of mkdir and fix fileDarren Tucker
pointer leak. From kjhall at us.ibm.com, found by coverity.
2006-05-15typoDarren Tucker
2006-05-15 - (dtucker) [auth-pam.c] Bug #1188: pass result of do_pam_account back andDarren Tucker
do not allow kbdint again after the PAM account check fails. ok djm@
2006-05-15 - (dtucker) [defines.h] Find a value for IOV_MAX or use a conservativeDarren Tucker
default. Patch originally from tim@, ok djm
2006-05-15 - (dtucker) [openbsd-compat/getrrsetbyname.c] Use _compat_res instead ofDarren Tucker
_res, prevents problems on some platforms that have _res as a global but don't have getrrsetbyname(), eg IRIX 5.3. Found and tested by georg.schwarz at freenet.de, ok djm@.
2006-05-06 - dtucker@cvs.openbsd.org 2006/05/06 08:35:40Darren Tucker
[auth-krb5.c] Add $OpenBSD$ in comment here too
2006-05-06 - djm@cvs.openbsd.org 2006/04/01 05:37:46Darren Tucker
[OVERVIEW] $OpenBSD$ in here too
2006-05-06 - djm@cvs.openbsd.org 2006/05/04 14:55:23Darren Tucker
[dh.c] tighter DH exponent checks here too; feedback and ok markus@
2006-05-06 - dtucker@cvs.openbsd.org 2006/04/25 08:02:27Darren Tucker
[authfile.c authfile.h sshconnect2.c ssh.c sshconnect1.c] Prevent ssh from trying to open private keys with bad permissions more than once or prompting for their passphrases (which it subsequently ignores anyway), similar to a previous change in ssh-add. bz #1186, ok djm@
2006-05-04 - (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.cDarren Tucker
session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar) in Portable-only code; since calloc zeros, remove now-redundant memsets. Also add a couple of sanity checks. With & ok djm@
2006-05-03 - (dtucker) [packet.c] Remove in_systm.h since it's also in includes.hDarren Tucker
and double including it on IRIX 5.3 causes problems. From Georg Schwarz, "no objections" tim@
2006-04-23missing fileDamien Miller
2006-04-23 - (djm) [auth.h dispatch.h kex.h] sprinkle in signal.h to getDamien Miller
sig_atomic_t
2006-04-23 - dtucker@cvs.openbsd.org 2006/04/18 10:44:28Damien Miller
[bufaux.c bufbn.c Makefile.in] Move Buffer bignum functions into their own file, bufbn.c. This means that sftp and sftp-server (which use the Buffer functions in bufaux.c but not the bignum ones) no longer need to be linked with libcrypto. ok markus@
2006-04-23 - stevesk@cvs.openbsd.org 2006/04/22 18:29:33Damien Miller
[crc32.c] remove extra spaces
2006-04-23 - djm@cvs.openbsd.org 2006/04/22 04:06:51Damien Miller
[uidswap.c] use setres[ug]id() to permanently revoke privileges; ok deraadt@ (ID Sync only - portable already uses setres[ug]id() whenever possible)
2006-04-23 - djm@cvs.openbsd.org 2006/04/20 21:53:44Damien Miller
[includes.h session.c sftp.c] Switch from using pipes to socketpairs for communication between sftp/scp and ssh, and between sshd and its subprocesses. This saves a file descriptor per session and apparently makes userland ppp over ssh work; ok markus@ deraadt@ (ID Sync only - portable makes this decision on a per-platform basis)
2006-04-23 - markus@cvs.openbsd.org 2006/04/20 09:47:59Damien Miller
[sshconnect.c] simplify; ok djm@
2006-04-23 - djm@cvs.openbsd.org 2006/04/20 09:27:09Damien Miller
[auth.h clientloop.c dispatch.c dispatch.h kex.h] replace the last non-sig_atomic_t flag used in a signal handler with a sig_atomic_t, unfortunately with some knock-on effects in other (non- signal) contexts in which it is used; ok markus@
2006-04-23 - dtucker@cvs.openbsd.org 2006/04/18 10:44:28Damien Miller
[bufaux.c bufbn.c] Move Buffer bignum functions into their own file, bufbn.c. This means that sftp and sftp-server (which use the Buffer functions in bufaux.c but not the bignum ones) no longer need to be linked with libcrypto. ok markus@
2006-04-23 - djm@cvs.openbsd.org 2006/04/16 07:59:00Damien Miller
[atomicio.c] reorder sanity test so that it cannot dereference past the end of the iov array; well spotted canacar@!
2006-04-23 - djm@cvs.openbsd.org 2006/04/16 00:54:10Damien Miller
[sftp-client.c] avoid making a tiny 4-byte write to send the packet length of sftp commands, which would result in a separate tiny packet on the wire by using atomiciov(writev, ...) to write the length and the command in one pass; ok deraadt@
2006-04-23 - djm@cvs.openbsd.org 2006/04/16 00:52:55Damien Miller
[atomicio.c atomicio.h] introduce atomiciov() function that wraps readv/writev to retry interrupted transfers like atomicio() does for read/write; feedback deraadt@ dtucker@ stevesk@ ok deraadt@
2006-04-23 - djm@cvs.openbsd.org 2006/04/16 00:48:52Damien Miller
[buffer.c buffer.h channels.c] Fix condition where we could exit with a fatal error when an input buffer became too large and the remote end had advertised a big window. The problem was a mismatch in the backoff math between the channels code and the buffer code, so make a buffer_check_alloc() function that the channels code can use to propsectivly check whether an incremental allocation will succeed. bz #1131, debugged with the assistance of cove AT wildpackets.com; ok dtucker@ deraadt@
2006-04-23 - djm@cvs.openbsd.org 2006/04/03 07:10:38Damien Miller
[gss-genr.c] GSSAPI buffers shouldn't be nul-terminated, spotted in bugzilla #1066 by dleonard AT vintela.com. use xasprintf() to simplify code while in there; "looks right" deraadt@
2006-04-23 - dtucker@cvs.openbsd.org 2006/04/02 08:34:52Damien Miller
[ssh-keysign.c] sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
2006-04-23 - djm@cvs.openbsd.org 2006/04/01 05:51:34Damien Miller
[atomicio.c] ANSIfy; requested deraadt@
2006-04-23 - djm@cvs.openbsd.org 2006/04/01 05:50:29Damien Miller
[scp.c] xasprintification; ok deraadt@
2006-04-23 - (djm) OpenBSD CVS SyncDamien Miller
- deraadt@cvs.openbsd.org 2006/04/01 05:42:20 [scp.c] minimal lint cleanup (unused crud, and some size_t); ok djm
2006-04-22 - (djm) [Makefile.in configure.ac session.c sshpty.c]Damien Miller
[contrib/redhat/sshd.init openbsd-compat/Makefile.in] [openbsd-compat/openbsd-compat.h openbsd-compat/port-linux.c] [openbsd-compat/port-linux.h] Add support for SELinux, setting the execution and TTY contexts. based on patch from Daniel Walsh, bz #880; ok dtucker@
2006-04-18 - (djm) Reorder IP options check so that it isn't broken byDamien Miller
mapped addresses; bz #1179 reported by markw wtech-llc.com; ok dtucker@
2006-03-31 - djm@cvs.openbsd.org 2006/03/31 09:13:56Damien Miller
[ssh_config.5] remote user escape is %r not %h; spotted by jmc@
2006-03-31 - jmc@cvs.openbsd.org 2006/03/31 09:09:30Damien Miller
[ssh_config.5] kill trailing whitespace;
2006-03-31 - dtucker@cvs.openbsd.org 2006/03/30 11:40:21Damien Miller
[auth.c monitor.c] Prevent duplicate log messages when privsep=yes; ok djm@
2006-03-31 - dtucker@cvs.openbsd.org 2006/03/30 11:05:17Damien Miller
[ssh-keygen.c] Correctly handle truncated files while converting keys; ok djm@
2006-03-31 - djm@cvs.openbsd.org 2006/03/30 10:41:25Damien Miller
[ssh.c ssh_config.5] add percent escape chars to the IdentityFile option, bz #1159 based on a patch by imaging AT math.ualberta.ca; feedback and ok dtucker@
2006-03-31 - djm@cvs.openbsd.org 2006/03/30 09:58:16Damien Miller
[authfd.c bufaux.c deattack.c gss-serv.c mac.c misc.c misc.h] [monitor_wrap.c msg.c packet.c sftp-client.c sftp-server.c ssh-agent.c] replace {GET,PUT}_XXBIT macros with functionally similar functions, silencing a heap of lint warnings. also allows them to use __bounded__ checking which can't be applied to macros; requested by and feedback from deraadt@