djm [Sun, 26 Mar 2006 02:53:32 +0000 (02:53 +0000)]
- djm@cvs.openbsd.org 2006/03/19 02:24:05
[dh.c readconf.c servconf.c]
potential NULL pointer dereferences detected by Coverity
via elad AT netbsd.org; ok deraadt@
djm [Sun, 26 Mar 2006 02:48:01 +0000 (02:48 +0000)]
- OpenBSD CVS Sync
- jakob@cvs.openbsd.org 2006/03/15 08:46:44
[ssh-keygen.c]
if no key file are given when printing the DNS host record, use the
host key file(s) as default. ok djm@
djm [Sat, 25 Mar 2006 13:11:46 +0000 (13:11 +0000)]
[deattack.c deattack.h]
remove IV support from the CRC attack detector, OpenSSH has never used
it - it only applied to IDEA-CFB, which we don't support.
prompted by NetBSD Coverity report via elad AT netbsd.org;
feedback markus@ "nuke it" deraadt@
djm [Sat, 25 Mar 2006 13:05:44 +0000 (13:05 +0000)]
- djm@cvs.openbsd.org 2006/03/20 04:08:18
[gss-serv.c]
last lot of GSSAPI related leaks detected by Coverity via
elad AT netbsd.org; reviewed by simon AT sxw.org.uk; deraadt@ ok
djm [Sat, 25 Mar 2006 13:05:23 +0000 (13:05 +0000)]
- djm@cvs.openbsd.org 2006/03/20 04:07:49
[gss-genr.c]
more GSSAPI related leaks detected by Coverity via elad AT netbsd.org;
reviewed by simon AT sxw.org.uk; deraadt@ ok
djm [Sat, 25 Mar 2006 13:04:53 +0000 (13:04 +0000)]
- djm@cvs.openbsd.org 2006/03/20 04:07:22
[auth2-gss.c]
GSSAPI related leaks detected by Coverity via elad AT netbsd.org;
reviewed by simon AT sxw.org.uk; deraadt@ ok
dtucker [Sat, 18 Mar 2006 13:07:07 +0000 (13:07 +0000)]
- (dtucker) [openbsd-compat/bsd-snprintf.c] Bug #1173: make fmtint() take
a LLONG rather than a long. Fixes scp'ing of large files on platforms
with missing/broken snprintfs. Patch from e.borovac at bom.gov.au.
djm [Wed, 15 Mar 2006 02:02:28 +0000 (02:02 +0000)]
- (djm) [configure.ac defines.h kex.c md-sha256.c]
[openbsd-compat/sha2.h openbsd-compat/openbsd-compat.h]
[openbsd-compat/sha2.c] First stab at portability glue for SHA256
KEX support, should work with libc SHA256 support or OpenSSL
EVP_sha256 if present
djm [Wed, 15 Mar 2006 01:08:28 +0000 (01:08 +0000)]
- djm@cvs.openbsd.org 2006/03/07 09:07:40
[kex.c kex.h monitor.c myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
Implement the diffie-hellman-group-exchange-sha256 key exchange method
using the SHA256 code in libc (and wrapper to make it into an OpenSSL
EVP), interop tested against CVS PuTTY
NB. no portability bits committed yet
djm [Wed, 15 Mar 2006 01:06:41 +0000 (01:06 +0000)]
- djm@cvs.openbsd.org 2006/03/14 00:15:39
[canohost.c]
log the originating address and not just the name when a reverse
mapping check fails, requested by linux AT linuon.com
djm [Wed, 15 Mar 2006 01:06:23 +0000 (01:06 +0000)]
- dtucker@cvs.openbsd.org 2006/03/13 10:26:52
[authfile.c authfile.h ssh-add.c]
Make ssh-add check file permissions before attempting to load private
key files multiple times; it will fail anyway and this prevents confusing
multiple prompts and warnings. mindrot #1138, ok djm@
djm [Wed, 15 Mar 2006 01:05:59 +0000 (01:05 +0000)]
- dtucker@cvs.openbsd.org 2006/03/13 10:14:29
[misc.c ssh_config.5 sshd_config.5]
Allow config directives to contain whitespace by surrounding them by double
quotes. mindrot #482, man page help from jmc@, ok djm@
djm [Wed, 15 Mar 2006 01:05:40 +0000 (01:05 +0000)]
- dtucker@cvs.openbsd.org 2006/03/13 08:43:16
[ssh-keygen.c]
Make ssh-keygen handle CR and CRLF line termination when converting IETF
format keys, in adition to vanilla LF. mindrot #1157, tested by Chris
Pepper, ok djm@
djm [Wed, 15 Mar 2006 01:05:22 +0000 (01:05 +0000)]
- dtucker@cvs.openbsd.org 2006/03/13 08:33:00
[packet.c]
Set TCP_NODELAY for all connections not just "interactive" ones. Fixes
poor performance and protocol stalls under some network conditions (mindrot
bugs #556 and #981). Patch originally from markus@, ok djm@
djm [Wed, 15 Mar 2006 01:04:36 +0000 (01:04 +0000)]
- djm@cvs.openbsd.org 2006/03/13 08:16:00
[sshd.c]
don't log that we are listening on a socket before the listen() call
actually succeeds, bz #1162 reported by Senthil Kumar; ok dtucker@
djm [Wed, 15 Mar 2006 01:01:14 +0000 (01:01 +0000)]
- djm@cvs.openbsd.org 2006/02/28 01:10:21
[session.c]
fix logout recording when privilege separation is disabled, analysis and
patch from vinschen at redhat.com; tested by dtucker@ ok deraadt@
NB. ID sync only - patch already in portable
djm [Wed, 15 Mar 2006 00:35:54 +0000 (00:35 +0000)]
- jmc@cvs.openbsd.org 2006/02/19 19:52:10
[sshd.8]
move the sshrc stuff out of FILES, and into its own section:
FILES is not a good place to document how stuff works;
djm [Wed, 15 Mar 2006 00:32:06 +0000 (00:32 +0000)]
- jmc@cvs.openbsd.org 2006/02/13 10:16:39
[sshd.8]
no need to subsection the authorized_keys examples - instead, convert
this to look like an actual file. also use proto 2 keys, and use IETF
example addresses;
djm [Wed, 15 Mar 2006 00:30:38 +0000 (00:30 +0000)]
- djm@cvs.openbsd.org 2006/02/12 10:44:18
[readconf.c]
raise error when the user specifies a RekeyLimit that is smaller than 16
(the smallest of our cipher's blocksize) or big enough to cause integer
wraparound; ok & feedback dtucker@
djm [Wed, 15 Mar 2006 00:30:13 +0000 (00:30 +0000)]
- djm@cvs.openbsd.org 2006/02/12 06:45:34
[ssh.c ssh_config.5]
add a %l expansion code to the ControlPath, which is filled in with the
local hostname at runtime. Requested by henning@ to avoid some problems
with /home on NFS; ok dtucker@
djm [Wed, 15 Mar 2006 00:27:20 +0000 (00:27 +0000)]
- jmc@cvs.openbsd.org 2006/02/09 10:10:47
[sshd.8]
- move some text into a CAVEATS section
- merge the COMMAND EXECUTION... section into AUTHENTICATION
djm [Wed, 15 Mar 2006 00:26:55 +0000 (00:26 +0000)]
- stevesk@cvs.openbsd.org 2006/02/09 00:32:07
[includes.h]
#include <sys/endian.h> not needed; ok djm@
NB. ID Sync only - we still need this (but it may move later)
djm [Wed, 15 Mar 2006 00:24:12 +0000 (00:24 +0000)]
- stevesk@cvs.openbsd.org 2006/02/08 14:38:18
[includes.h packet.c]
move #include <netinet/in_systm.h> and <netinet/ip.h> out of
includes.h; ok markus@