summaryrefslogtreecommitdiff
path: root/compat.c
AgeCommit message (Collapse)Author
2014-04-20 - djm@cvs.openbsd.org 2014/04/19 05:54:59Damien Miller
[compat.c] missing wildcard; pointed out by naddy@
2014-04-20 - djm@cvs.openbsd.org 2014/04/18 23:52:25Damien Miller
[compat.c compat.h sshconnect2.c sshd.c version.h] OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections using the curve25519-sha256@libssh.org KEX exchange method to fail when connecting with something that implements the spec properly. Disable this KEX method when speaking to one of the affected versions. reported by Aris Adamantiadis; ok markus@
2013-12-31 - djm@cvs.openbsd.org 2013/12/30 23:52:28Damien Miller
[auth2-hostbased.c auth2-pubkey.c compat.c compat.h ssh-rsa.c] [sshconnect.c sshconnect2.c sshd.c] refuse RSA keys from old proprietary clients/servers that use the obsolete RSA+MD5 signature scheme. it will still be possible to connect with these clients/servers but only DSA keys will be accepted, and we'll deprecate them entirely in a future release. ok markus@
2013-06-02 - djm@cvs.openbsd.org 2013/05/17 00:13:13Darren Tucker
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c dns.c packet.c readpass.c authfd.c moduli.c] bye, bye xfree(); ok markus@
2012-09-06 - djm@cvs.openbsd.org 2012/08/17 01:30:00Darren Tucker
[compat.c sshconnect.c] Send client banner immediately, rather than waiting for the server to move first for SSH protocol 2 connections (the default). Patch based on one in bz#1999 by tls AT panix.com, feedback dtucker@ ok markus@
2011-10-02 - markus@cvs.openbsd.org 2011/09/23 07:45:05Darren Tucker
[mux.c readconf.h channels.h compat.h compat.c ssh.c readconf.c channels.c version.h] unbreak remote portforwarding with dynamic allocated listen ports: 1) send the actual listen port in the open message (instead of 0). this allows multiple forwardings with a dynamic listen port 2) update the matching permit-open entry, so we can identify where to connect to report: den at skbkontur.ru and P. Szczygielski feedback and ok djm@
2008-11-03 - markus@cvs.openbsd.org 2008/09/11 14:22:37Damien Miller
[compat.c compat.h nchan.c ssh.c] only send eow and no-more-sessions requests to openssh 5 and newer; fixes interop problems with broken ssh v2 implementations; ok djm@
2007-01-05 - djm@cvs.openbsd.org 2006/12/12 03:58:42Damien Miller
[channels.c compat.c compat.h] bz #1019: some ssh.com versions apparently can't cope with the remote port forwarding bind_address being a hostname, so send them an address for cases where they are not explicitly specified (wildcard or localhost bind). reported by daveroth AT acm.org; ok dtucker@ deraadt@
2006-08-05 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42Damien Miller
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c] [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ] [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c] [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c] [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c] [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c] [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c] [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h] [serverloop.c session.c session.h sftp-client.c sftp-common.c] [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c] [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c] [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h] [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h] almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step NB. portable commit contains everything *except* removing includes.h, as that will take a fair bit more work as we move headers that are required for portability workarounds to defines.h. (also, this step wasn't "easy")
2006-08-05 - stevesk@cvs.openbsd.org 2006/07/26 13:57:17Damien Miller
[authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c] [hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c] [scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c] [sshconnect1.c sshd.c xmalloc.c] move #include <stdlib.h> out of includes.h
2006-07-24 - stevesk@cvs.openbsd.org 2006/07/22 20:48:23Damien Miller
[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c] [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c] [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c] [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c] [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c] [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c] [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c] [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c] [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c] [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c] [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c] move #include <string.h> out of includes.h
2006-03-26 - djm@cvs.openbsd.org 2006/03/25 13:17:03Damien Miller
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c] [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c] [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c] [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c] [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c] [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c] [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c] [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c] [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c] [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c] [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c] [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] [uidswap.c uuencode.c xmalloc.c] Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
2006-03-26 - deraadt@cvs.openbsd.org 2006/03/19 18:51:18Damien Miller
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c] [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c] [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c] [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c] [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c] [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c] [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c] [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c] [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c] [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c] [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c] [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c] [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c] [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c] [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c] [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c] RCSID() can die
2005-03-01 - djm@cvs.openbsd.org 2005/03/01 10:09:52Damien Miller
[auth-options.c channels.c channels.h clientloop.c compat.c compat.h] [misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5] [sshd_config.5] bz#413: allow optional specification of bind address for port forwardings. Patch originally by Dan Astorian, but worked on by several people Adds GatewayPorts=clientspecified option on server to allow remote forwards to bind to client-specified ports.
2003-11-03 - markus@cvs.openbsd.org 2003/11/02 11:01:03Darren Tucker
[auth2-gss.c compat.c compat.h sshconnect2.c] remove support for SSH_BUG_GSSAPI_BER; simon@sxw.org.uk
2003-09-02 - markus@cvs.openbsd.org 2003/08/29 10:03:15Damien Miller
[compat.c compat.h] SSH_BUG_K5USER is unused; ok henning@
2003-08-26 - markus@cvs.openbsd.org 2003/08/22 10:56:09Darren Tucker
[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c session.h ssh-gss.h ssh_config.5 sshconnect2.c sshd_config sshd_config.5] support GSS API user authentication; patches from Simon Wilkinson, stripped down and tested by Jakob and myself.
2003-05-14 - (djm) RCSID sync w/ OpenBSDDamien Miller
2003-04-09*** empty log message ***Damien Miller
2003-04-01 - markus@cvs.openbsd.org 2003/04/01 10:31:26Damien Miller
[compat.c compat.h kex.c] bugfix causes stalled connections for ssh.com < 3.0; noticed by ho@; tested by ho@ and myself
2002-09-30 - (djm) OpenBSD CVS SyncDamien Miller
- mickey@cvs.openbsd.org 2002/09/27 10:42:09 [compat.c compat.h sshd.c] add a generic match for a prober, such as sie big brother; idea from stevesk@; markus@ ok
2002-09-22 - (djm) OpenBSD CVS SyncDamien Miller
- stevesk@cvs.openbsd.org 2002/09/19 14:53:14 [compat.c]
2002-04-10 - markus@cvs.openbsd.org 2002/04/10 08:21:47Ben Lindstrom
[auth1.c compat.c compat.h] strip '@' from username only for KerbV and known broken clients, bug #204 Don't mind me.. I just commited a changelog with no patch. <sigh>
2002-03-26 - markus@cvs.openbsd.org 2002/03/25 21:13:51Ben Lindstrom
[channels.c channels.h compat.c compat.h nchan.c] don't send stderr data after EOF, accept this from older known (broken) sshd servers only, fixes http://bugzilla.mindrot.org/show_bug.cgi?id=179
2002-03-07 - markus@cvs.openbsd.org 2002/03/06 00:24:39Damien Miller
[compat.c] compat.c
2002-03-07 - markus@cvs.openbsd.org 2002/03/06 00:23:27Damien Miller
[compat.c dh.c] undo
2002-03-07 - OpenBSD CVS SyncDamien Miller
- markus@cvs.openbsd.org 2002/03/06 00:20:54 [compat.c dh.c] compat.c
2002-01-22 - markus@cvs.openbsd.org 2002/01/21 22:30:12Damien Miller
[cipher.c compat.c myproposal.h] remove "rijndael-*", just use "aes-" since this how rijndael is called in the drafts; ok stevesk@
2002-01-22 - markus@cvs.openbsd.org 2002/01/13 17:57:37Damien Miller
[auth2.c auth2-chall.c compat.c sshconnect2.c sshd.c] use buffer API and avoid static strings of fixed size; ok provos@/mouring@
2001-12-21 - deraadt@cvs.openbsd.org 2001/12/19 07:18:56Damien Miller
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h] [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c] [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c] [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c] [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c] [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c] [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config] [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c] basic KNF done while i was looking for something else
2001-12-06 - markus@cvs.openbsd.org 2001/12/05 16:54:51Ben Lindstrom
[compat.c match.c match.h] make theo and djm happy: bye bye regexp
2001-12-06 - deraadt@cvs.openbsd.org 2001/12/05 10:06:12Ben Lindstrom
[authfd.c authfile.c bufaux.c channels.c compat.c kex.c kexgex.c key.c misc.c packet.c servconf.c ssh-agent.c sshconnect2.c sshconnect.c sshd.c ssh-dss.c ssh-keygen.c ssh-rsa.c] minor KNF
2001-09-20 - markus@cvs.openbsd.org 2001/09/20 13:50:40Ben Lindstrom
[compat.c compat.h ssh.c] bug compat: request a dummy channel for -N (no shell) sessions + cleanup; vinschen@redhat.com
2001-09-18 - markus@cvs.openbsd.org 2001/09/17 21:09:47Ben Lindstrom
[compat.c] more versions suffering the SSH_BUG_DEBUG bug; 3.0.x reported by dbutts@maddog.storability.com
2001-07-04 - markus@cvs.openbsd.org 2001/06/25 08:25:41Ben Lindstrom
[channels.c channels.h cipher.c clientloop.c compat.c compat.h hostfile.c kex.c kex.h key.c key.h nchan.c packet.c serverloop.c session.c session.h sftp-server.c ssh-add.c ssh-agent.c uuencode.h] update copyright for 2001
2001-04-30 - markus@cvs.openbsd.org 2001/04/30 16:02:49Ben Lindstrom
[compat.c] ssh-2.0.10 has the weak-key-bug, too.
2001-04-30 - markus@cvs.openbsd.org 2001/04/30 15:50:46Ben Lindstrom
[compat.c compat.h kex.c] allow interop with weaker key generation used by ssh-2.0.x, x < 10
2001-04-29 - markus@cvs.openbsd.org 2001/04/29 19:16:52Ben Lindstrom
[channels.c clientloop.c compat.c compat.h serverloop.c] more ssh.com-2.0.x bug-compat; from per@appgate.com
2001-04-19 - markus@cvs.openbsd.org 2001/04/18 23:43:26Ben Lindstrom
[auth2.c compat.c sshconnect2.c] more ssh v2 hostbased-auth interop: ssh.com >= 2.1.0 works now (however the 2.1.0 server seems to work only if debug is enabled...)
2001-04-12 - markus@cvs.openbsd.org 2001/04/12 19:15:26Ben Lindstrom
[auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c sshd_config] implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2) similar to RhostRSAAuthentication unless you enable (the experimental) HostbasedUsesNameFromPacketOnly option. please test. :)
2001-04-05 - markus@cvs.openbsd.org 2001/04/05 11:09:17Ben Lindstrom
[clientloop.c compat.c compat.h] add SSH_BUG_NOREKEY and detect broken (=all old) openssh versions.
2001-04-05 - markus@cvs.openbsd.org 2001/04/05 10:00:06Ben Lindstrom
[compat.c] 2.3.x does old GEX, too; report jakob@
2001-04-04 - markus@cvs.openbsd.org 2001/04/04 15:50:55Ben Lindstrom
[compat.c] f-secure 1.3.2 does not handle IGNORE; from milliondl@ornl.gov
2001-03-29 - provos@cvs.openbsd.org 2001/03/27 17:46:50Ben Lindstrom
[compat.c compat.h dh.c dh.h ssh2.h sshconnect2.c sshd.c version.h] make dh group exchange more flexible, allow min and max group size, okay markus@, deraadt@
2001-03-29 - markus@cvs.openbsd.org 2001/03/27 10:57:00Ben Lindstrom
[compat.c compat.h ssh-rsa.c] some older systems use NID_md5 instead of NID_sha1 for RSASSA-PKCS1-v1_5 signatures in SSH protocol 2, ok djm@
2001-03-24 - djm@cvs.openbsd.org 2001/03/23 11:04:07Ben Lindstrom
[compat.c compat.h sshconnect2.c sshd.c] Compat for OpenSSH with broken Rijndael/AES. ok markus@
2001-03-19 - deraadt@cvs.openbsd.org 2001/03/18 23:30:55Damien Miller
[compat.c compat.h sshd.c] specifically version match on ssh scanners. do not log scan information to the console
2001-03-17 - tim@mindrot.org 2001/03/17 18:45:25 [compat.c]Tim Rice
openbsd-compat/fake-regex.h
2001-03-10 - deraadt@cvs.openbsd.org 2001/03/10 15:31:00Ben Lindstrom
[compat.c compat.h sshconnect.c] all known netscreen ssh versions, and older versions of OSU ssh cannot handle password padding (newer OSU is fixed)
2001-03-09 - markus@cvs.openbsd.org 2001/03/08 21:42:33Ben Lindstrom
[compat.c compat.h readconf.h ssh.c sshconnect1.c sshconnect2.c] implement client side of SSH2_MSG_USERAUTH_PK_OK (test public key -> no need to do enter passphrase or do expensive sign operations if the server does not accept key).