djm [Sun, 26 Mar 2006 03:11:39 +0000 (03:11 +0000)]
- djm@cvs.openbsd.org 2006/03/22 21:27:15
[deattack.c deattack.h packet.c]
remove IV support from the CRC attack detector, OpenSSH has never used
it - it only applied to IDEA-CFB, which we don't support.
prompted by NetBSD Coverity report via elad AT netbsd.org;
feedback markus@ "nuke it" deraadt@
djm [Sun, 26 Mar 2006 03:07:26 +0000 (03:07 +0000)]
- deraadt@cvs.openbsd.org 2006/03/20 18:26:55
[channels.c monitor.c session.c session.h ssh-agent.c ssh-keygen.c]
[ssh-rsa.c ssh.c sshlogin.c]
annoying spacing fixes getting in the way of real diffs
djm [Sun, 26 Mar 2006 03:05:20 +0000 (03:05 +0000)]
- deraadt@cvs.openbsd.org 2006/03/20 18:17:20
[auth1.c auth2.c sshd.c]
sprinkle some ARGSUSED for table driven functions (which sometimes
must ignore their args)
djm [Sun, 26 Mar 2006 03:02:16 +0000 (03:02 +0000)]
- djm@cvs.openbsd.org 2006/03/20 11:38:46
[key.c]
(really) last of the Coverity diffs: avoid possible NULL deref in
key_free. via elad AT netbsd.org; markus@ ok
djm [Sun, 26 Mar 2006 03:01:54 +0000 (03:01 +0000)]
- djm@cvs.openbsd.org 2006/03/20 04:09:44
[monitor.c]
memory leaks detected by Coverity via elad AT netbsd.org;
deraadt@ ok
that should be all of them now
djm [Sun, 26 Mar 2006 02:53:32 +0000 (02:53 +0000)]
- djm@cvs.openbsd.org 2006/03/19 02:24:05
[dh.c readconf.c servconf.c]
potential NULL pointer dereferences detected by Coverity
via elad AT netbsd.org; ok deraadt@
djm [Sun, 26 Mar 2006 02:48:01 +0000 (02:48 +0000)]
- OpenBSD CVS Sync
- jakob@cvs.openbsd.org 2006/03/15 08:46:44
[ssh-keygen.c]
if no key file are given when printing the DNS host record, use the
host key file(s) as default. ok djm@
djm [Sat, 25 Mar 2006 13:11:46 +0000 (13:11 +0000)]
[deattack.c deattack.h]
remove IV support from the CRC attack detector, OpenSSH has never used
it - it only applied to IDEA-CFB, which we don't support.
prompted by NetBSD Coverity report via elad AT netbsd.org;
feedback markus@ "nuke it" deraadt@
djm [Sat, 25 Mar 2006 13:05:44 +0000 (13:05 +0000)]
- djm@cvs.openbsd.org 2006/03/20 04:08:18
[gss-serv.c]
last lot of GSSAPI related leaks detected by Coverity via
elad AT netbsd.org; reviewed by simon AT sxw.org.uk; deraadt@ ok
djm [Sat, 25 Mar 2006 13:05:23 +0000 (13:05 +0000)]
- djm@cvs.openbsd.org 2006/03/20 04:07:49
[gss-genr.c]
more GSSAPI related leaks detected by Coverity via elad AT netbsd.org;
reviewed by simon AT sxw.org.uk; deraadt@ ok
djm [Sat, 25 Mar 2006 13:04:53 +0000 (13:04 +0000)]
- djm@cvs.openbsd.org 2006/03/20 04:07:22
[auth2-gss.c]
GSSAPI related leaks detected by Coverity via elad AT netbsd.org;
reviewed by simon AT sxw.org.uk; deraadt@ ok
dtucker [Sat, 18 Mar 2006 13:07:07 +0000 (13:07 +0000)]
- (dtucker) [openbsd-compat/bsd-snprintf.c] Bug #1173: make fmtint() take
a LLONG rather than a long. Fixes scp'ing of large files on platforms
with missing/broken snprintfs. Patch from e.borovac at bom.gov.au.
djm [Wed, 15 Mar 2006 02:02:28 +0000 (02:02 +0000)]
- (djm) [configure.ac defines.h kex.c md-sha256.c]
[openbsd-compat/sha2.h openbsd-compat/openbsd-compat.h]
[openbsd-compat/sha2.c] First stab at portability glue for SHA256
KEX support, should work with libc SHA256 support or OpenSSL
EVP_sha256 if present
djm [Wed, 15 Mar 2006 01:08:28 +0000 (01:08 +0000)]
- djm@cvs.openbsd.org 2006/03/07 09:07:40
[kex.c kex.h monitor.c myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
Implement the diffie-hellman-group-exchange-sha256 key exchange method
using the SHA256 code in libc (and wrapper to make it into an OpenSSL
EVP), interop tested against CVS PuTTY
NB. no portability bits committed yet
djm [Wed, 15 Mar 2006 01:06:41 +0000 (01:06 +0000)]
- djm@cvs.openbsd.org 2006/03/14 00:15:39
[canohost.c]
log the originating address and not just the name when a reverse
mapping check fails, requested by linux AT linuon.com
djm [Wed, 15 Mar 2006 01:06:23 +0000 (01:06 +0000)]
- dtucker@cvs.openbsd.org 2006/03/13 10:26:52
[authfile.c authfile.h ssh-add.c]
Make ssh-add check file permissions before attempting to load private
key files multiple times; it will fail anyway and this prevents confusing
multiple prompts and warnings. mindrot #1138, ok djm@
djm [Wed, 15 Mar 2006 01:05:59 +0000 (01:05 +0000)]
- dtucker@cvs.openbsd.org 2006/03/13 10:14:29
[misc.c ssh_config.5 sshd_config.5]
Allow config directives to contain whitespace by surrounding them by double
quotes. mindrot #482, man page help from jmc@, ok djm@
djm [Wed, 15 Mar 2006 01:05:40 +0000 (01:05 +0000)]
- dtucker@cvs.openbsd.org 2006/03/13 08:43:16
[ssh-keygen.c]
Make ssh-keygen handle CR and CRLF line termination when converting IETF
format keys, in adition to vanilla LF. mindrot #1157, tested by Chris
Pepper, ok djm@
djm [Wed, 15 Mar 2006 01:05:22 +0000 (01:05 +0000)]
- dtucker@cvs.openbsd.org 2006/03/13 08:33:00
[packet.c]
Set TCP_NODELAY for all connections not just "interactive" ones. Fixes
poor performance and protocol stalls under some network conditions (mindrot
bugs #556 and #981). Patch originally from markus@, ok djm@
djm [Wed, 15 Mar 2006 01:04:36 +0000 (01:04 +0000)]
- djm@cvs.openbsd.org 2006/03/13 08:16:00
[sshd.c]
don't log that we are listening on a socket before the listen() call
actually succeeds, bz #1162 reported by Senthil Kumar; ok dtucker@
djm [Wed, 15 Mar 2006 01:01:14 +0000 (01:01 +0000)]
- djm@cvs.openbsd.org 2006/02/28 01:10:21
[session.c]
fix logout recording when privilege separation is disabled, analysis and
patch from vinschen at redhat.com; tested by dtucker@ ok deraadt@
NB. ID sync only - patch already in portable