from:"Damien Miller"

CVS: cvs.openbsd.org: src

2012-11-22 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2012/11/22 15:49:30

Modified files:
regress/usr.bin/ssh: Makefile 
Added files:
regress/usr.bin/ssh: keys-command.sh 

Log message:
regress for AuthorizedKeysCommand; hints from markus@

CVS: cvs.openbsd.org: src

2012-11-26 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2012/11/26 18:02:07

Modified files:
share/man/man8 : ssl.8 

Log message:
this advice was arguable back in 2003 but is spurious now;
ok mikeb deraadt

CVS: cvs.openbsd.org: src

2012-12-02 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2012/12/02 13:26:11

Modified files:
usr.bin/ssh: ssh_config.5 sshconnect2.c 

Log message:
Make IdentitiesOnly apply to keys obtained from a PKCS11Provider.
This allows control of which keys are offered from tokens using
IdentityFile. ok markus@

CVS: cvs.openbsd.org: src

2012-12-02 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2012/12/02 13:34:10

Modified files:
usr.bin/ssh: auth.c auth.h auth1.c auth2-chall.c auth2-gss.c 
 auth2-jpake.c auth2.c monitor.c monitor.h 

Log message:
Fixes logging of partial authentication when privsep is enabled
Previously, we recorded Failed xxx since we reset authenticated before
calling auth_log() in auth2.c. This adds an explcit Partial state.

Add a submethod to auth_log() to report which submethod is used
for keyboard-interactive.

Fix multiple authentication when one of the methods is
keyboard-interactive.

ok markus@

CVS: cvs.openbsd.org: src

2012-12-02 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2012/12/02 13:42:15

Modified files:
usr.bin/ssh: ssh-add.1 ssh-add.c 

Log message:
make deleting explicit keys ssh-add -d symmetric with adding keys -
try to delete the corresponding certificate too and respect the -k option
to allow deleting of the key only; feedback and ok markus@

CVS: cvs.openbsd.org: src

2012-12-02 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2012/12/02 13:46:11

Modified files:
usr.bin/ssh: auth-options.c channels.c servconf.c servconf.h 
 serverloop.c session.c sshd_config.5 

Log message:
make AllowTcpForwarding accept local and remote in addition to its
current yes/no to allow the server to specify whether just local or
remote TCP forwarding is enabled. ok markus@

CVS: cvs.openbsd.org: src

2012-12-02 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2012/12/02 13:47:48

Modified files:
regress/usr.bin/ssh: Makefile 
Added files:
regress/usr.bin/ssh: forward-control.sh 

Log message:
regress for AllowTcpForwarding local/remote; ok markus@

CVS: cvs.openbsd.org: src

2012-12-02 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2012/12/02 17:14:06

Modified files:
usr.bin/ssh: auth2-chall.c ssh-keygen.c 

Log message:
Fix compilation with -Wall -Werror (trivial type fixes)

CVS: cvs.openbsd.org: src

2012-12-11 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2012/12/11 16:48:07

Modified files:
regress/usr.bin/ssh: modpipe.c 

Log message:
include commented RCD ID - it helps our tools to sync with portable OpenSSH

CVS: cvs.openbsd.org: src

2013-01-01 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/01/01 17:32:07

Modified files:
usr.bin/ssh: clientloop.c mux.c 

Log message:
channel_setup_local_fwd_listener() returns 0 on failure, not -ve
bz#2055 reported by mathieu.lacage AT gmail.com

CVS: cvs.openbsd.org: src

2013-01-01 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/01/01 17:33:49

Modified files:
usr.bin/ssh: PROTOCOL.agent 

Log message:
correct format description for SSH_AGENTC_ADD_RSA_ID_CONSTRAINED
bz#2051 from david AT lechnology.com

CVS: cvs.openbsd.org: src

2013-01-02 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/01/02 22:49:36

Modified files:
usr.bin/ssh: servconf.h 

Log message:
add a couple of ServerOptions members that should be copied to the privsep
child (for consistency, in this case they happen only to be accessed in the
monitor); ok dtucker@

CVS: cvs.openbsd.org: src

2013-01-03 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/01/03 05:49:01

Modified files:
usr.bin/ssh: PROTOCOL 

Log message:
fix description of MAC calculation for EtM modes; ok markus@

CVS: cvs.openbsd.org: src

2013-01-03 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/01/03 05:54:49

Modified files:
usr.bin/ssh: sftp-server.8 sftp-server.c 

Log message:
allow specification of an alternate start directory for sftp-server(8)
I like this markus@

CVS: cvs.openbsd.org: src

2013-01-03 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/01/03 16:22:58

Modified files:
usr.bin/ssh: ssh-keygen.c 

Log message:
allow fingerprinting of keys hosted in PKCS#11 tokens: ssh-keygen -lD ...
ok markus@

CVS: cvs.openbsd.org: src

2013-01-08 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/01/08 22:40:17

Modified files:
usr.bin/ssh: ssh-keygen.c 

Log message:
correctly initialise fingerprint type for fingerprinting PKCS#11 keys

CVS: cvs.openbsd.org: src

2013-01-12 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/01/12 04:22:04

Modified files:
usr.bin/ssh: cipher.c 

Log message:
improve error message for integrity failure in AES-GCM modes; ok markus@

CVS: cvs.openbsd.org: src

2013-01-12 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/01/12 04:23:53

Modified files:
regress/usr.bin/ssh: integrity.sh cipher-speed.sh try-ciphers.sh 

Log message:
test AES-GCM modes; feedback markus@

CVS: cvs.openbsd.org: src

2013-01-17 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/01/17 16:00:01

Modified files:
usr.bin/ssh: auth.c key.c key.h ssh-keygen.1 ssh-keygen.c 
 sshd_config.5 
usr.bin/ssh/lib: Makefile 
Added files:
usr.bin/ssh: PROTOCOL.krl krl.c krl.h 

Log message:
add support for Key Revocation Lists (KRLs). These are a compact way to
represent lists of revoked keys and certificates, taking as little as
a single bit of incremental cost to revoke a certificate by serial number.
KRLs are loaded via the existing RevokedKeys sshd_config option.

feedback and ok markus@

CVS: cvs.openbsd.org: src

2013-01-17 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/01/17 17:24:58

Modified files:
usr.bin/ssh: PROTOCOL.krl krl.c krl.h 

Log message:
RCD IDs help us keep portable in synch

CVS: cvs.openbsd.org: src

2013-01-17 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/01/17 17:45:29

Modified files:
regress/usr.bin/ssh: Makefile cert-userkey.sh 
Added files:
regress/usr.bin/ssh: krl.sh 

Log message:
Tests for Key Revocation Lists (KRLs)

CVS: cvs.openbsd.org: src

2013-01-17 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/01/17 20:00:32

Modified files:
usr.bin/ssh: krl.c 

Log message:
fix KRL generation bug for list sections

CVS: cvs.openbsd.org: src

2013-01-24 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/01/24 14:45:37

Modified files:
usr.bin/ssh: krl.c 

Log message:
fix handling of (unused) KRL signatures; skip string in correct buffer

CVS: cvs.openbsd.org: src

2013-01-24 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/01/24 15:08:56

Modified files:
usr.bin/ssh: krl.c 

Log message:
skip serial lookup when cert's serial number is zero

CVS: cvs.openbsd.org: src

2013-01-25 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/01/25 03:22:19

Modified files:
usr.bin/ssh: krl.c 

Log message:
redo last commit without the vi-vomit that snuck in:

skip serial lookup when cert's serial number is zero

(now with 100% better comment)

CVS: cvs.openbsd.org: src

2013-01-25 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/01/25 23:10:22

Modified files:
lib/libssl/crypto: Makefile shlib_version 
lib/libssl/man : Makefile 
lib/libssl/src/crypto/evp: evp.h 
Removed files:
lib/libssl/src/crypto/acss: acss.h acss_enc.c acss_skey.c 
lib/libssl/src/crypto/evp: e_acss.c 
lib/libssl/src/doc/crypto: acss.pod 

Log message:
remove ACSS, crank libcrypto major; ok markus@ deraadt@

CVS: cvs.openbsd.org: src

2013-01-25 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/01/25 23:11:05

Modified files:
usr.bin/ssh: cipher.c 

Log message:
remove ACSS, now that it is gone from libcrypto too

CVS: cvs.openbsd.org: src

2013-01-27 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/01/27 03:06:12

Modified files:
usr.bin/ssh: krl.c 

Log message:
actually use the xrealloc() return value; spotted by xi.wang AT gmail.com

CVS: cvs.openbsd.org: src

2013-02-07 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/02/07 17:41:12

Modified files:
usr.bin/ssh: sftp.c 

Log message:
fix NULL deref when built without libedit and control characters
entered as command; debugging and patch from Iain Morgan an
Loganaden Velvindron in bz#1956

CVS: cvs.openbsd.org: src

2013-02-10 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/02/10 16:32:10

Modified files:
usr.bin/ssh: ssh-keygen.c 

Log message:
append to moduli file when screening candidates rather than overwriting.
allows resumption of interrupted screen; patch from Christophe Garault
in bz#1957; ok dtucker@

CVS: cvs.openbsd.org: src

2013-02-10 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/02/10 16:35:24

Modified files:
usr.bin/ssh: packet.c 

Log message:
record Received disconnect messages at ERROR rather than INFO priority,
since they are abnormal and result in a non-zero ssh exit status; patch
from Iain Morgan in bz#2057; ok dtucker@

CVS: cvs.openbsd.org: src

2013-02-11 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/02/11 16:58:51

Modified files:
regress/usr.bin/ssh: try-ciphers.sh 

Log message:
remove acss here too

CVS: cvs.openbsd.org: src

2013-02-14 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/02/14 14:35:59

Modified files:
usr.bin/ssh: auth2-pubkey.c 

Log message:
Correct error message that had a typo and was logging the wrong thing;
patch from Petr Lautrbach

CVS: cvs.openbsd.org: src

2013-02-15 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/02/15 23:08:45

Modified files:
regress/usr.bin/ssh: integrity.sh 

Log message:
make sure the fuzz offset is actually past the end of KEX for all KEX
types. diffie-hellman-group-exchange-sha256 requires an offset around
2700. Noticed via test failures in portable OpenSSH on platforms that
lack ECC and this the more byte-frugal ECDH KEX algorithms.

CVS: cvs.openbsd.org: src

2013-02-17 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/02/17 16:16:55

Modified files:
regress/usr.bin/ssh: integrity.sh 

Log message:
make the ssh command generates some output to ensure that there are at
least offset+tries bytes in the stream.

Re: CVS: cvs.openbsd.org: src

2013-02-17 Thread Damien Miller

On Sun, 17 Feb 2013, Darren Tucker wrote:

 On Sun, Feb 17, 2013 at 01:46:29AM +1100, Darren Tucker wrote:
  OK that's not intended behaviour.  I'll look at it tomorrow and either fix
  it or revert it.
 
 The problem was I didn't distinguish the default-provided IdentityFiles.
 Please try this.
 
 @@ -582,9 +602,7 @@ parse_yesnoask:
   if (*intptr = SSH_MAX_IDENTITY_FILES)
   fatal(%.200s line %d: Too many identity files 
 specified (max %d).,
   filename, linenum, SSH_MAX_IDENTITY_FILES);
 - charptr = options-identity_files[*intptr];
 - *charptr = xstrdup(arg);
 - *intptr = *intptr + 1;
 + add_identity_file(options, NULL, arg, 1);

Does it make sense to remove the (*intptr = SSH_MAX_IDENTITY_FILES)
check here too?

ok either way

CVS: cvs.openbsd.org: src

2013-02-18 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/02/18 15:26:47

Modified files:
regress/usr.bin/ssh: integrity.sh 

Log message:
crank the offset yet again; it was still fuzzing KEX one of Darren's
portable test hosts at 2800

CVS: cvs.openbsd.org: src

2013-02-18 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/02/18 19:14:09

Modified files:
regress/usr.bin/ssh: integrity.sh 

Log message:
oops, forgot to increase the output of the ssh command to ensure that
we actually reach $offset

CVS: cvs.openbsd.org: src

2013-02-20 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/02/20 01:29:27

Modified files:
regress/usr.bin/ssh: modpipe.c 

Log message:
s/Id/OpenBSD/ in RCS tag

CVS: cvs.openbsd.org: src

2013-02-22 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/02/22 15:09:01

Modified files:
usr.bin/ssh: ssh.c 

Log message:
Allow IdenityFile=none; ok markus deraadt (and dtucker for an earlier
version)

CVS: cvs.openbsd.org: src

2013-03-06 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/03/06 16:35:23

Modified files:
usr.bin/ssh: session.c 

Log message:
fatal() when ChrootDirectory specified by running without root privileges;
ok markus@

CVS: cvs.openbsd.org: src

2013-03-06 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/03/06 16:36:53

Modified files:
usr.bin/ssh: readconf.c 

Log message:
g/c unused variable (-Wunused)

CVS: cvs.openbsd.org: src

2013-03-06 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/03/06 17:20:00

Modified files:
usr.bin/ssh: auth2-pubkey.c monitor.c 

Log message:
reconstruct the original username that was sent by the client, which may
have included a style (e.g. root:skey) when checking public key
signatures. Fixes public key and hostbased auth when the client specified
a style; ok markus@

CVS: cvs.openbsd.org: src

2013-03-06 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/03/06 17:20:34

Modified files:
regress/usr.bin/ssh: proxy-connect.sh 

Log message:
repeat test with a style appended to the username

CVS: cvs.openbsd.org: src

2013-03-07 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/03/07 23:32:58

Modified files:
usr.bin/ssh: ssh.c 

Log message:
allow ssh -f none ... ok markus@

CVS: cvs.openbsd.org: www

2013-03-21 Thread Damien Miller

CVSROOT:/cvs
Module name:www
Changes by: d...@cvs.openbsd.org2013/03/21 18:02:52

Modified files:
openssh: ftp.html index.html openbsd.html 
Added files:
openssh/txt: release-6.2 

Log message:
release OpenSSH 6.2

CVS: cvs.openbsd.org: www

2013-03-21 Thread Damien Miller

CVSROOT:/cvs
Module name:www
Changes by: d...@cvs.openbsd.org2013/03/21 18:04:46

Modified files:
openssh/txt: release-6.2 

Log message:
fill in SHA1 sums

CVS: cvs.openbsd.org: www

2013-03-21 Thread Damien Miller

CVSROOT:/cvs
Module name:www
Changes by: d...@cvs.openbsd.org2013/03/21 19:03:37

Modified files:
openssh: report.html 

Log message:
update bugzilla link

CVS: cvs.openbsd.org: src

2013-04-04 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/04/04 18:14:00

Modified files:
usr.bin/ssh: auth2-gss.c krl.c sshconnect2.c 

Log message:
hush some {unused, printf type} warnings

CVS: cvs.openbsd.org: src

2013-04-04 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/04/04 18:31:49

Modified files:
usr.bin/ssh: pathnames.h 

Log message:
use the existing _PATH_SSH_USER_RC define to construct the other
pathnames; bz#2077, ok dtucker@ (no binary change)

CVS: cvs.openbsd.org: src

2013-04-04 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/04/04 18:58:51

Modified files:
usr.bin/ssh: mux.c 

Log message:
cleanup mux-created channels that are in SSH_CHANNEL_OPENING state too
(in addition to ones already in OPEN); bz#2079, ok dtucker@

CVS: cvs.openbsd.org: src

2013-04-10 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/04/10 20:27:50

Modified files:
usr.bin/ssh: packet.c 

Log message:
quiet disconnect notifications on the server from error() back to logit()
if it is a normal client closure; bz#2057 ok+feedback dtucker@

CVS: cvs.openbsd.org: src

2013-04-17 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/04/17 20:16:08

Modified files:
usr.bin/ssh: sftp.c 

Log message:
make sftp -q do what it says on the sticker: hush everything but errors;
ok dtucker@

CVS: cvs.openbsd.org: src

2013-04-17 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/04/17 20:46:12

Modified files:
regress/usr.bin/ssh: Makefile 
Added files:
regress/usr.bin/ssh: sftp-chroot.sh 

Log message:
test sshd ChrootDirectory+internal-sftp; feedback  ok dtucker@

CVS: cvs.openbsd.org: src

2013-04-18 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/04/18 19:00:10

Modified files:
usr.bin/ssh: sshd_config.5 

Log message:
document the requirment that the AuthorizedKeysCommand be owned by root;
ok dtucker@ markus@

CVS: cvs.openbsd.org: src

2013-04-18 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/04/18 19:01:00

Modified files:
usr.bin/ssh: ssh-keygen.c 

Log message:
fix some memory leaks; bz#2088 ok dtucker@

CVS: cvs.openbsd.org: src

2013-04-18 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/04/18 19:03:01

Modified files:
usr.bin/ssh: session.c 

Log message:
reintroduce 1.262 without the connection-killing bug:

fatal() when ChrootDirectory specified by running without root privileges;

ok markus@

CVS: cvs.openbsd.org: src

2013-04-18 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/04/18 19:06:50

Modified files:
usr.bin/ssh: authfile.c cipher.c cipher.h kex.c kex.h 
 kexecdh.c kexecdhc.c kexecdhs.c key.c key.h 
 mac.c mac.h packet.c ssh.1 ssh.c 

Log message:
add the ability to query supported ciphers, MACs, key type and KEX
algorithms to ssh. Includes some refactoring of KEX and key type handling
to be table-driven; ok markus@

CVS: cvs.openbsd.org: src

2013-04-19 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/04/19 05:10:18

Modified files:
usr.bin/ssh: ssh.c 

Log message:
add -Q to usage; reminded by jmc@

CVS: cvs.openbsd.org: src

2013-04-19 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/04/19 06:07:08

Modified files:
usr.bin/ssh: kex.c 

Log message:
remove duplicated list entry pointed out by naddy@

CVS: cvs.openbsd.org: src

2013-05-09 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/05/09 21:40:07

Modified files:
usr.bin/ssh: sshconnect2.c 

Log message:
fix bzero(ptr_to_struct, sizeof(ptr_to_struct)); bz#2100 from
Colin Watson

CVS: cvs.openbsd.org: src

2013-05-09 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/05/09 21:46:14

Modified files:
regress/usr.bin/ssh: modpipe.c 

Log message:
sync some portability changes from portable OpenSSH

CVS: cvs.openbsd.org: src

2013-05-09 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/05/09 22:08:01

Modified files:
usr.bin/ssh: key.c 

Log message:
memleak in cert_free(), wasn't actually freeing the struct;
bz#2096 from shm AT digitalsun.pl

CVS: cvs.openbsd.org: www

2013-05-15 Thread Damien Miller

CVSROOT:/cvs
Module name:www
Changes by: d...@cvs.openbsd.org2013/05/15 20:34:30

Modified files:
openssh: index.html 
Added files:
openssh/txt: release-6.2p2 

Log message:
Release Portable OpenSSH 6.2p2

CVS: cvs.openbsd.org: src

2013-05-15 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/05/15 22:27:50

Modified files:
usr.bin/ssh: readconf.c readconf.h ssh_config.5 

Log message:
add the ability to ignore specific unrecognised ssh_config options;
bz#866; ok markus@

CVS: cvs.openbsd.org: src

2013-05-16 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/05/16 18:13:14

Modified files:
usr.bin/ssh: addrmatch.c auth-chall.c auth-options.c 
 auth-rsa.c auth.c auth1.c auth2-chall.c 
 auth2-gss.c auth2-hostbased.c auth2-jpake.c 
 auth2-kbdint.c auth2-passwd.c auth2-pubkey.c 
 auth2.c authfd.c authfile.c bufaux.c bufbn.c 
 bufec.c buffer.c canohost.c channels.c 
 cipher-3des1.c cipher.c clientloop.c compat.c 
 dns.c groupaccess.c gss-genr.c hostfile.c 
 jpake.c kex.c kexdhc.c kexdhs.c kexecdhc.c 
 kexecdhs.c kexgexc.c kexgexs.c key.c mac.c 
 match.c misc.c moduli.c monitor.c monitor_mm.c 
 monitor_wrap.c mux.c packet.c readconf.c 
 readpass.c roaming_client.c rsa.c schnorr.c 
 scp.c servconf.c serverloop.c session.c 
 sftp-client.c sftp-common.c sftp-glob.c 
 sftp-server.c sftp.c ssh-add.c ssh-agent.c 
 ssh-dss.c ssh-ecdsa.c ssh-keygen.c 
 ssh-keyscan.c ssh-keysign.c ssh-pkcs11-client.c 
 ssh-pkcs11-helper.c ssh-pkcs11.c ssh-rsa.c 
 ssh.c sshconnect.c sshconnect1.c sshconnect2.c 
 sshd.c umac.c uuencode.c xmalloc.c xmalloc.h 

Log message:
bye, bye xfree(); ok markus@

CVS: cvs.openbsd.org: src

2013-05-18 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/05/18 20:38:28

Modified files:
usr.bin/ssh: auth2-pubkey.c 

Log message:
fix failure to recognise cert-authority keys if a key of a different type
appeared in authorized_keys before it; ok markus@

CVS: cvs.openbsd.org: src

2013-05-18 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/05/18 20:42:42

Modified files:
usr.bin/ssh: auth-rsa.c auth.c auth.h auth1.c auth2.c key.c 
 key.h monitor.c 

Log message:
Standardise logging of supplemental information during userauth. Keys
and ruser is now logged in the auth success/failure message alongside
the local username, remote host/port and protocol in use. Certificates
contents and CA are logged too.

Pushing all logging onto a single line simplifies log analysis as it is
no longer necessary to relate information scattered across multiple log
entries. I like it markus@

CVS: cvs.openbsd.org: src

2013-06-04 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/06/04 23:45:54

Modified files:
sys/crypto : idgen.c idgen.h 

Log message:
fix a bug that caused time-based rekeys to happen too frequently.

rename the structure internals to id32_* in anticipation of an
idgen16() that might come in the future.

CVS: cvs.openbsd.org: src

2013-06-20 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/06/20 18:34:49

Modified files:
usr.bin/ssh: auth-rsa.c auth.h auth2-hostbased.c 
 auth2-pubkey.c monitor.c 

Log message:
for hostbased authentication, print the client host and user on
the auth success/failure line; bz#2064, ok dtucker@

CVS: cvs.openbsd.org: src

2013-06-20 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/06/20 18:37:49

Modified files:
usr.bin/ssh: ssh_config.5 

Log message:
explicitly mention that IdentitiesOnly can be used with IdentityFile
to control which keys are offered from an agent.

CVS: cvs.openbsd.org: src

2013-06-20 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/06/20 20:26:26

Modified files:
regress/usr.bin/ssh: sftp-cmds.sh test-exec.sh 

Log message:
unbreak sftp-cmds for renamed test data (s/ls/data/)

CVS: cvs.openbsd.org: src

2013-06-20 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/06/20 23:42:32

Modified files:
usr.bin/ssh: dh.c 

Log message:
sprinkle in some error() to explain moduli(5) parse failures

CVS: cvs.openbsd.org: src

2013-06-20 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/06/20 23:43:10

Modified files:
usr.bin/ssh: scp.c 

Log message:
make this -Wsign-compare clean after time_t conversion

CVS: cvs.openbsd.org: src

2013-06-22 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/06/22 00:31:57

Modified files:
usr.bin/ssh: scp.c 

Log message:
improved time_t overflow check suggested by guenther@

CVS: cvs.openbsd.org: src

2013-07-11 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/07/11 18:20:00

Modified files:
usr.bin/ssh: auth-options.c auth-rsa.c bufaux.c buffer.h 
 channels.c hostfile.c hostfile.h mux.c packet.c 
 packet.h roaming_common.c serverloop.c sftp.c 
 ssh-keygen.c ssh-pkcs11.c 

Log message:
fix pointer-signedness warnings from clang/llvm-3.3; seems nice deraadt@

CVS: cvs.openbsd.org: src

2013-07-11 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/07/11 18:43:50

Modified files:
usr.bin/ssh: misc.c 

Log message:
in ssh_gai_strerror() don't fallback to strerror for EAI_SYSTEM when
errno == 0. Avoids confusing error message in some broken resolver
cases. bz#2122 patch from plautrba AT redhat.com; ok dtucker

CVS: cvs.openbsd.org: src

2013-07-11 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/07/11 23:42:03

Modified files:
usr.bin/ssh: ssh-keygen.c 

Log message:
do_print_resource_record() can never be called with a NULL filename, so
don't attempt (and bungle) asking for one if it has not been specified
bz#2127 ok dtucker@

CVS: cvs.openbsd.org: src

2013-07-11 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/07/11 23:48:55

Modified files:
usr.bin/ssh: ssh.c 

Log message:
set TCP nodelay for connections started with -N; bz#2124 ok dtucker@

Re: CVS: cvs.openbsd.org: src

2013-07-16 Thread Damien Miller

On Tue, 16 Jul 2013, Joel Sing wrote:

 CVSROOT:  /cvs
 Module name:  src
 Changes by:   js...@cvs.openbsd.org   2013/07/16 07:22:55
 
 Modified files:
   usr.sbin/httpd/src/modules/ssl: mod_ssl.c mod_ssl.h 
   ssl_engine_config.c 
   ssl_engine_init.c 
 
 Log message:
 Disable SSL compression in order to mitigate CRIME attacks. Add
 an SSLCompression option so that it can be turned back on, however on
 this is currently a no-op due to the compile options for libssl.

specifically, we turn compression off at compile time in our libssl
so we aren't victim to the CRIME attack anyway.

CVS: cvs.openbsd.org: src

2013-07-17 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/07/17 19:12:27

Modified files:
usr.bin/ssh: ssh.1 

Log message:
be more exact wrt perms for ~/.ssh/config; bz#2078

CVS: cvs.openbsd.org: src

2013-07-19 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/07/19 19:43:46

Modified files:
usr.bin/ssh: umac.c 

Log message:
use a union to ensure correct alignment; ok deraadt

CVS: cvs.openbsd.org: src

2013-07-19 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/07/19 19:44:37

Modified files:
usr.bin/ssh: ssh-keygen.c ssh.c 

Log message:
More useful error message on missing current user in /etc/passwd

CVS: cvs.openbsd.org: src

2013-07-19 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/07/19 19:50:20

Modified files:
usr.bin/ssh: ssh-agent.c 

Log message:
call cleanup_handler on SIGINT when in debug mode to ensure sockets
are cleaned up on manual exit; bz#2120

CVS: cvs.openbsd.org: src

2013-07-19 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/07/19 19:55:13

Modified files:
usr.bin/ssh/sshd: Makefile 
usr.bin/ssh/ssh: Makefile 
usr.bin/ssh: gss-serv.c gss-serv-krb5.c auth-krb5.c 

Log message:
fix kerberos/GSSAPI deprecation warnings and linking; looks okay millert@

CVS: cvs.openbsd.org: src

2013-07-20 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/07/20 16:20:43

Modified files:
usr.bin/ssh: krl.c 

Log message:
fix verification error in (as-yet usused) KRL signature checking path

CVS: cvs.openbsd.org: src

2013-07-21 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/07/21 23:00:17

Modified files:
usr.bin/ssh: umac.c 

Log message:
make MAC key, data to be hashed and nonce for final hash const;
checked with -Wcast-qual

CVS: cvs.openbsd.org: src

2013-07-22 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/07/22 06:20:02

Modified files:
usr.bin/ssh: umac.h 

Log message:
oops, forgot to commit corresponding header change;
spotted by jsg and jasper

Re: CVS: cvs.openbsd.org: src

2013-07-22 Thread Damien Miller

apologies; I forgot to commit the header. Fixed now

On Mon, 22 Jul 2013, Jasper Lievisse Adriaanse wrote:

 On Sun, Jul 21, 2013 at 11:00:17PM -0600, Damien Miller wrote:
  CVSROOT:/cvs
  Module name:src
  Changes by: d...@cvs.openbsd.org2013/07/21 23:00:17
  
  Modified files:
  usr.bin/ssh: umac.c 
  
  Log message:
  make MAC key, data to be hashed and nonce for final hash const;
  checked with -Wcast-qual
 Hi,
 
 It seems this commit broke the tree:
 
 cc -O2 -pipe -g -I/usr/src/usr.bin/ssh/lib/.. -DENABLE_PKCS11 -DHAVE_DLOPEN
 -DKRB5 -I/usr/include/kerberosV -DGSSAPI -I/usr/src/usr.bin/ssh/lib/..
 -DENABLE_PKCS11   -c /usr/src/usr.bin/ssh/lib/../umac.c -o umac.o
 /usr/src/usr.bin/ssh/lib/../umac.c:1213: error: conflicting types for 
 'umac_new'
 /usr/src/usr.bin/ssh/lib/../umac.h:55: error: previous declaration of 
 'umac_new' was here
 /usr/src/usr.bin/ssh/lib/../umac.c:1238: error: conflicting types for 
 'umac_final'
 /usr/src/usr.bin/ssh/lib/../umac.h:68: error: previous declaration of 
 'umac_final' was here
 /usr/src/usr.bin/ssh/lib/../umac.c:1251: error: conflicting types for 
 'umac_update'
 /usr/src/usr.bin/ssh/lib/../umac.h:65: error: previous declaration of 
 'umac_update' was here
 
 -- 
 Cheers,
 Jasper
 
 Stay Hungry. Stay Foolish

CVS: cvs.openbsd.org: src

2013-07-24 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/07/24 18:29:11

Modified files:
usr.bin/ssh: ssh.c 

Log message:
daemonise backgrounded (ControlPersist'ed) multiplexing master to ensure
it is fully detached from its controlling terminal. based on debugging
and patch from tedu@
ok dtucker@ be careful deraadt@

CVS: cvs.openbsd.org: src

2013-07-24 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/07/24 18:56:52

Modified files:
usr.bin/ssh: sftp-client.c sftp-client.h sftp.1 sftp.c 

Log message:
sftp support for resuming partial downloads; patch mostly by Loganaden
Velvindron/AfriNIC with some tweaks by me; feedback and ok dtucker@
Just be careful deraadt@

CVS: cvs.openbsd.org: src

2013-07-24 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/07/24 18:57:37

Modified files:
usr.bin/ssh: version.h 

Log message:
openssh-6.3 for release

CVS: cvs.openbsd.org: src

2013-08-06 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/08/06 17:03:49

Modified files:
usr.bin/ssh: sftp.c 

Log message:
fix some whitespace at EOL

make list of commands an enum rather than a long list of defines

add -a to usage()

CVS: cvs.openbsd.org: src

2013-08-06 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/08/06 17:05:02

Modified files:
usr.bin/ssh: sftp.1 

Log message:
document top-level -a option (the -a option to 'get' was already documented)

CVS: cvs.openbsd.org: src

2013-08-06 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/08/06 17:06:01

Modified files:
usr.bin/ssh: servconf.c 

Log message:
add cast to avoid format warning; from portable

CVS: cvs.openbsd.org: src

2013-08-07 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/08/07 22:52:04

Modified files:
usr.bin/ssh: sftp.c 

Log message:
fix two year old regression: symlinking a file would incorrectly
canonicalise the target path. bz#2129 report from delphij AT freebsd.org

CVS: cvs.openbsd.org: src

2013-08-07 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/08/07 23:04:03

Modified files:
usr.bin/ssh: sftp.c sftp-client.c sftp-client.h 

Log message:
add a -l flag for the rename command to force it to use the silly
standard SSH_FXP_RENAME command instead of the POSIX-rename- like
posix-ren...@openssh.com extension.

intended for use in regress tests, so no documentation.

CVS: cvs.openbsd.org: src

2013-08-08 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/08/08 21:37:25

Modified files:
usr.bin/ssh: sftp.c 

Log message:
do getopt parsing for all sftp commands (with an empty optstring for
commands without arguments) to ensure consistent behaviour

CVS: cvs.openbsd.org: src

2013-08-08 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/08/08 21:39:13

Modified files:
usr.bin/ssh: sftp-client.c 

Log message:
two problems found by a to-be-committed regress test: 1) msg_id was not
being initialised so was starting at a random value from the heap
(harmless, but confusing). 2) some error conditions were not being
propagated back to the caller

CVS: cvs.openbsd.org: src

2013-08-08 Thread Damien Miller

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2013/08/08 21:56:42

Modified files:
usr.bin/ssh: sftp.c 

Log message:
enable ctrl-left-arrow and ctrl-right-arrow to move forward/back a word;
matching ksh's relatively recent change.

1 2 3 4 5 6 7 8 9 10 >

1 - 100 of 2886 matches

Mail list logo