summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* - (djm) [openbsd-compat/explicit_bzero.c] implement explicit_bzero()HEADoriginmasterdjm2014-08-263-5/+30
| | | | | | using memset_s() where possible; improve fallback to indirect bzero via a volatile pointer to give it more of a chance to avoid being optimised away.
* - (djm) [monitor.c sshd.c] SIGXFSZ needs to be ignored in postauthdjm2014-08-263-4/+5
| | | | monitor, not preauth; bz#2263
* - (djm) [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c]djm2014-08-267-7/+29
| | | | | | | | | [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] [regress/unittests/sshkey/common.c] [regress/unittests/sshkey/test_file.c] [regress/unittests/sshkey/test_fuzz.c] [regress/unittests/sshkey/test_sshkey.c] Don't include openssl/ec.h on !ECC OpenSSL systems
* - (djm) [INSTALL] Recommend libcrypto be built -fPIC, mention LibreSSL,djm2014-08-252-10/+17
| | | | update OpenSSL version requirement.
* - (djm) [bufec.c] Skip this file on !ECC OpenSSLdjm2014-08-252-1/+7
|
* - (djm) [sftp-server.c] Some systems (e.g. Irix) have prctl() but notdjm2014-08-232-2/+6
| | | | PR_SET_DUMPABLE, so adjust ifdef; reported by Tom Christensen
* - (djm) [configure.ac] We now require a working vsnprintf everywhere (notdjm2014-08-232-12/+21
| | | | | just for systems that lack asprintf); check for it always and extend test to catch more brokenness. Fixes builds on Solaris <= 9
* - (djm) [sshd.c] Ignore SIGXFSZ in preauth monitor child; can explode ondjm2014-08-222-0/+8
| | | | lastlog writing on platforms with high UIDs; bz#2263
* - (djm) [configure.ac] double braces to appease autoconfdjm2014-08-222-3/+4
|
* - (djm) [openbsd-compat/bsd-snprintf.c] Fix compilation failure (prototype/djm2014-08-222-2/+4
| | | | definition mismatch) and warning for broken/missing snprintf case.
* - (djm) [sshbuf-getput-crypto.c] Fix compilation when OpenSSL lacks ECCdjm2014-08-222-1/+4
|
* - (djm) [configure.ac] include leading zero characters in OpenSSL versiondjm2014-08-222-4/+8
| | | | number; fixes test for unsupported versions
* - (djm) [regress/unittests/test_helper/test_helper.c] Fix for systems thatdjm2014-08-212-0/+15
| | | | don't set __progname. Diagnosed by Tom Christensen.
* - (djm) [key.h] Fix ifdefs for no-ECC OpenSSLdjm2014-08-212-2/+3
|
* - (djm) [Makefile.in] fix reference to libtest_helper.a in sshkey test too.djm2014-08-212-3/+6
|
* - (djm) [contrib/cygwin/README] Correct build instructions; from Corinnadjm2014-08-202-1/+2
|
* - (djm) [sshkey.h] Fix compilation when OpenSSL lacks ECCdjm2014-08-202-14/+25
|
* - (djm) [Makefile.in] refer to libtest_helper.a by explicit path rather thandjm2014-08-202-2/+4
| | | | -L/-l; fixes linking problems on some platforms
* - (djm) [configure.ac] Check OpenSSL version is supported at configure time;djm2014-08-202-3/+15
| | | | suggested by Kevin Brott
* - (djm) [INSTALL contrib/caldera/openssh.spec contrib/cygwin/README]djm2014-08-196-21/+6
| | | | | [contrib/redhat/openssh.spec contrib/suse/openssh.spec] Remove mentions of TCP wrappers.
* - (djm) [ssh-dss.c] Include openssl/dsa.h for DSA_SIGdjm2014-08-192-0/+2
|
* - (djm) [sshbuf.h] Fix compilation on systems without OPENSSL_HAS_ECC.djm2014-08-192-5/+12
|
* - (djm) [myproposal.h] Make curve25519 KEX dependent ondjm2014-08-191-1/+1
| | | | HAVE_EVP_SHA256 instead of OPENSSL_HAS_ECC.
* - (djm) [serverloop.c] Fix syntax error on Cygwin; from Corinna Vinschendjm2014-08-192-4/+11
|
* - (djm) [README contrib/caldera/openssh.spec]djm2014-08-105-6/+10
| | | | [contrib/redhat/openssh.spec contrib/suse/openssh.spec] Update versions
* - (djm) [regress/multiplex.sh] Use -d (detach stdin) flag to disassociatedjm2014-08-012-2/+4
| | | | nc from stdin, it's more portable
* - (djm) [regress/multiplex.sh] Instruct nc not to quit as soon as stdindjm2014-08-012-2/+4
| | | | is closed; avoid regress failures when stdin is /dev/null
* - (djm) [regress/multiplex.sh] Skip test for non-OpenBSD netcat. We needdjm2014-08-012-4/+12
| | | | a better solution, but this will have to do for now.
* - schwarze@cvs.openbsd.org 2014/07/28 15:40:08djm2014-07-303-9/+14
| | | | | | | [sftp-server.8 sshd_config.5] some systems no longer need /dev/log; issue noticed by jirib; ok deraadt
* - dtucker@cvs.openbsd.org 2014/07/25 21:22:03djm2014-07-302-1/+8
| | | | | | | | [ssh-agent.c] Clear buffer used for handling messages. This prevents keys being left in memory after they have been expired or deleted in some cases (but note that ssh-agent is setgid so you would still need root to access them). Pointed out by Kevin Burns, ok deraadt
* - OpenBSD CVS Syncdjm2014-07-302-5/+14
| | | | | | - millert@cvs.openbsd.org 2014/07/24 22:57:10 [ssh.1] Mention UNIX-domain socket forwarding too. OK jmc@ deraadt@
* - (djm) [regress/multiplex.sh] restore incorrectly deleted line;djm2014-07-242-1/+5
| | | | pointed out by Christian Hesse
* - dtucker@cvs.openbsd.org 2014/07/22 23:35:38dtucker2014-07-2375-217/+222
| | | | | | [regress/unittests/sshkey/testdata/*] Regenerate test keys with certs signed with ed25519 instead of ecdsa. These can be used in -portable on platforms that don't support ECDSA.
* - dtucker@cvs.openbsd.org 2014/07/22 23:57:40dtucker2014-07-232-0/+4
| | | | | [regress/unittests/sshkey/mktestdata.sh] Add $OpenBSD tag to make syncs easier
* - dtucker@cvs.openbsd.org 2014/07/22 23:23:22dtucker2014-07-232-3/+7
| | | | | | [regress/unittests/sshkey/mktestdata.sh] Sign test certs with ed25519 instead of ecdsa so that they'll work in -portable on platforms that don't have ECDSA in their OpenSSL. ok djm
* - djm@cvs.openbsd.org 2014/07/22 01:32:12dtucker2014-07-232-1/+6
| | | | | | | [regress/multiplex.sh] change the test for still-open Unix domain sockets to be robust against nc implementations that produce error messages. from -portable (Id sync only)
* - guenther@cvs.openbsd.org 2014/07/22 07:13:42dtucker2014-07-222-1/+6
| | | | | | | [umac.c] Convert from <sys/endian.h> to the shiney new <endian.h> ok dtucker@, who also confirmed that -portable handles this already (ID sync only, includes.h pulls in endian.h if available.)
* - dtucker@cvs.openbsd.org 2014/07/22 01:18:50dtucker2014-07-222-2/+9
| | | | | [key.c] Prevent spam from key_load_private_pem during hostbased auth. ok djm@
* - (dtucker) [regress/unittests/sshkey/test_{file,fuzz,sshkey}.c] Wrap ecdsa-dtucker2014-07-224-0/+20
| | | | specific tests inside OPENSSL_HAS_ECC.
* - (djm) [regress/multiplex.sh] change the test for still-open Unixdjm2014-07-222-2/+5
| | | | | domain sockets to be robust against nc implementations that produce error messages.
* - (djm) [regress/multiplex.sh] ssh mux master lost -N somehow;djm2014-07-212-1/+5
| | | | put it back
* - (dtucker) [sshkey.c] ifdef out unused variable when compiling withoutdtucker2014-07-212-2/+4
| | | | OPENSSL_HAS_ECC.
* - (djm) [regress/multiplex.sh] Not all netcat accept the -N option.djm2014-07-212-9/+22
|
* - millert@cvs.openbsd.org 2014/07/15 15:54:15djm2014-07-203-6/+74
| | | | | | | | | | [forwarding.sh multiplex.sh] Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
* - (dtucker) [regress/unittests/sshkey/dtucker2014-07-205-0/+11
| | | | | {common,test_file,test_fuzz,test_sshkey}.c] Wrap stdint.h includes in ifdefs.
* - (dtucker) [cipher.c openbsd-compat/openssl-compat.h] Restore the bitsdtucker2014-07-203-1/+20
| | | | needed to build AES CTR mode against OpenSSL 0.9.8f and above. ok djm
* - (tim) [openbsd-compat/port-uw.c] Include misc.h for fwd_opts, usedtim2014-07-192-0/+5
| | | | in servconf.h.
* - (dtucker) [key.c sshkey.c] Put new ecdsa bits inside ifdef OPENSSL_HAS_ECC.dtucker2014-07-183-1/+4
|
* - (dtucker) [Makefile.in] Add a t-exec target to run just the executabledtucker2014-07-182-2/+4
| | | | tests.
* - (dtucker) [auth2-gss.c gss-serv-krb5.c] Include misc.h for fwd_opts, useddtucker2014-07-183-0/+4
| | | | in servconf.h.
View Lorry Controller Status