| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Wed Apr 11 18:52:26 JST 2001 sakane@ydc.co.jp
* racoon:
Supported to get a certificate from DNS CERT RR.
Also getcertsbyname() is implemented In order to get CERT RRs.
This function can use lwres.a if HAVE_LWRES is defined when racoon
is compiled.
XXX need more local test and interoperability test.
XXX should be arranged too many certificate stuff in racoon.conf.
2001-04-10 Jason R. Thorpe <thorpej@zembu.com>
* racoon/pfkey.c: pk_recvacquire(): Make sure the phase1
and phase2 handlers are unbound before the phase 2 handler
is deleted.
* racoon/isakmp.c: ph1_main(), quick_main(): Add the message
to the received-list before processing to ensure the packet
isn't processed twice in case of an error.
isakmp_post_acquire(): Don't unbind the phase1/phase2 handlers;
let the caller do it.
isakmp_newcookie(): Plug memory leaks.
From George Yang <gyang@zembu.com>.
* racoon/ipsec_doi.c: get_ph2approvalx(): When we find a
matching saprop, make sure to flushsaprop(pr0), as the returned
saprop is a copy. Fixes a memory leak.
From George Yang <gyang@zembu.com>.
* racoon/isakmp_quick.c: quick_r2send(): Make sure to vfree(data)
if we fail to allocate a new body. Fixes a memory leak.
From George Yang <gyang@zembu.com>.
Fri Apr 6 23:25:19 JST 2001 sakane@ydc.co.jp
* racoon:
implemented to generate the policy in the responder side automatically.
If the responder does not have any policy in SPD during phase 2
negotiation, and the directive is set on, then racoon will choice
the first proposal in the SA payload from the initiator, and generate
policy entries from the proposal. This function is for the responder,
and ignored in the initiator case.
XXX should be checked tunnel mode case.
2001-04-04 Jason R. Thorpe <thorpej@zembu.com>
* racoon: Add support for the Dmalloc debugging malloc
library. This library gives very nice memory usage
statistics and leak information.
Wed Apr 4 22:47:27 JST 2001 sakane@ydc.co.jp
* racoon:
support scopeid. base code was from <Francis.Dupont@enst-bretagne.fr>.
it should be considered more.
2001-04-03 Jason R. Thorpe <thorpej@zembu.com>
* racoon: Better integration of debugging malloc libraries.
Use wrapper macros (racoon_{malloc,calloc,free,realloc}())
so that debugging malloc implementations can get file/line
info, and also put traditional malloc/calloc/free/realloc
stubs in the main program so that libraries linked with
racoon get the debugging allocators, as well.
2001-03-26 Jason R. Thorpe <thorpej@zembu.com>
* racoon/isakmp_ident.c: ident_ir2sendmx(): plug memory
leak -- gsstoken wasn't being freed at function exit.
2001-03-26 Jason R. Thorpe <thorpej@zembu.com>
* racoon: Changes to Vendor ID payload handling. Determine
which VID we will send on a per-proposal basis; we may need
to send a different one for each proposal depending on the
proposal contents (e.g. GSSAPI auth method). We no longer
set the Vendor ID in the localconf.
When matching the Vendor ID in check_vendorid(), use a table
of known Vendor IDs, and return the index, and maintain a list
of extensions that vendors implement (e.g. GSSAPI auth method).
XXX We have a slight hack to recognize the Windows 2000 Vendor
ID. Need to clarify with the Microsoft IPsec guys.
In Aggressive Mode, as responder, when sending first
response, make sure to include a Vendor ID payload.
In Main Mode, as responder, when sending first response,
make sure to include a Vendor ID payload.
XXX Still more Vendor ID processing fixes to go. And
GSSAPI auth doesn't interoperate with Windows 2000 yet.
Thu Mar 22 08:06:30 JST 2001 sakane@ydc.co.jp
* racoon:
fixed to parse modp1536 of DH group. reported by <shigeru@iij.ad.jp>
Thu Mar 22 04:56:57 JST 2001 sakane@ydc.co.jp
* racoon/policy.c:
fixed to compare between policies when the responder decides to
accept the proposal or not. the upper layer protocol is represented
by 0 in ID payload.
Thu Mar 22 01:45:32 JST 2001 sakane@ydc.co.jp
* racoon:
fixed potencial of a buffer overrun when adding a ID payload to
the ISAKMP payload. It happened when policy is both to use IPSec
transport mode and not to specify a transport protocol.
reported by <cs@purdue.edu>.
Thu Mar 15 20:39:03 JST 2001 sakane@ydc.co.jp
* racoon:
- fixed a phase 2 handler deletion. racoon will delete a phase2
handler immediately when hard lifetime expires.
- check a unit of the timer in the configuration file.
2001-03-06 Jason R. Thorpe <thorpej@zembu.com>
* kame/racoon/schedule.c: Implement sched_scrub_param(),
which kills all scheduler work queue entries which a
specified parameter.
* kame/racoon/handler.c: Use sched_scrub_param() to make
sure no references to a handler exist when it is freed.
2001-03-05 Jason R. Thorpe <thorpej@zembu.com>
* kame/racoon/gssapi.c: Use GSS_C_MECH_CODE when reporting
GSSAPI errors.
2001-03-05 Jason R. Thorpe <thorpej@zembu.com>
* kame/racoon/handler.c: Implement deleteallph2(), which
deletes all Phase 2 handlers for a given src/dst/proto.
* kame/racoon/isakmp_inf.c: When processing INITIAL-CONTACT,
try to use the SADB_DELETE `delete all' extension and
deleteallph2() before doing it The Hard Way. For both The
Easy Way and The Hard Way, make sure we only delete SAD entries
for SATYPEs that we manage.
* kame/racoon/pfkey.c: Use a table of SATYPEs that we manage,
and use that table to initialize our PF_KEY state.
Thu Feb 22 10:08:27 JST 2001 sakane@ydc.co.jp
* racoon:
fixed to check the outbound policy when the responder received the
1st packet in phase 2. the tunnel mode and the transport specified
the pair of IP addresses of the end of the SA had failed.
|
|
|
|
run "make makepatchsum", so that patch digests get calculated properly.
!!!This needs to be fixed properly to fit in with pkgsrc infrastructure.!!!
|
|
+ move the patch digest/checksum values from files/patch-sum to distinfo
|
|
base system
|
|
cyrus-imapd. kth-krb4 thus no longer conflicts with cyrus-imapd.
|
|
Detected by pkgconflict.
|
|
0.08 2001/04/12
* Fixing IV length.
Stefan H. Holek <stefan@epy.co.at>
disastry@saiknes.lv
* Skipping the tail of armor.
Stefan H. Holek <stefan@epy.co.at>
|
|
From Lex Wennmacher's pkgconflict results.
|
|
|
|
applications again.
- Fix patch sum for Solaris.
|
|
in PR pkg/12569.
Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6:
o Some documentation for BIO and SSL libraries.
o Enhanced chain verification using key identifiers.
o New sign and verify options to 'dgst' application.
o Support for DER and PEM encoded messages in 'smime' application.
o New 'rsautl' application, low level RSA utility. [*]
o MD4 now included.
o Bugfix for SSL rollback padding check.
o Support for external crypto devices [1].
o Enhanced EVP interface.
[1] The support for external crypto devices is currently a separate
distribution. See the file README.ENGINE.
[*] Not installed with the package.
|
|
that USE_PERL implies, as the core functionality of this package does not
depend on perl. The user can always install perl later, to format the "pod"
docs or to run the installed scripts.
|
|
416) Fix negation of path-type Defaults entries in a boolean context.
|
|
o fix for address generation problems for networks with more than 64,000 adresses
o new option that causes a different log message on the scanned machines.
|
|
|
|
|
|
|
|
0.07 2001/04/05
* New scheme to handle partial bodies.
* Sophisticated buffering mechanism. No temporary files are created.
* Creating pgpdump.1.
Stefan H. Holek <stefan@epy.co.at> kindly contributes the followings:
* Fixed keyserver preferences (can be >1 octet)
* Changed display of time fields to include timezone information
* Added -u flag to display time fields in UTC instead of the local
timezone (PGP time fields == seconds since 00:00:00, January 1,
1970, UTC)
* Fixed key and signature expiration time calculations
(expiration time == seconds since creation time)
* Added capability to read from stdin when no file is specifed on the
commandline
* Implemented missing subpackets
- revocation_key
- reason_for_revocation
- key_flags
- signer_user_id (not tested)
- notation_data (not tested)
|
|
Pointed out in PR 12546 by Martti Kuparinen <martti.kuparinen@iki.fi>
|
|
openbsd sbin/isakmpd/x509.c 1.46 -> 1.47
|
|
(isakmpd-20010403.tar.gz is placed into ftp.netbsd.org LOCAL_PORTS directory).
major changes from source-changes@openbsd mailing list:
use the hash algorithm found in original certificate for the signature
after it has been patched. from angelos@
For the GETSPI PFKEY message, use the sequence number from the ACQUIRE
message.
Make DES a feature, so isakmpd can compile on Linux (most of the fixed
by newsham@lava.net)
x509 verified to work on NetBSD now
|
|
Always touch the downloaded vulnerability list, so that the audit-packages
script doesn't moan erroneously.
From Jim Bernard, in PR 12457.
|
|
o Respect ${CFLAGS}
|
|
* Supporting old-format packet length 3 ("until the end of the file").
|
|
|
|
|
|
|
|
PGP packet visualizer
|
|
one - addresses 2nd part of PR 12457, from Jim Bernard.
|
|
first component is now a package name+version/pattern, no more
executable/patchname/whatnot.
While there, introduce BUILD_USES_MSGFMT as shorthand to pull in
devel/gettext unless /usr/bin/msgfmt exists (i.e. on post-1.5 -current).
Patch by Alistair Crooks <agc@netbsd.org>
|
|
|
|
|
|
John the Ripper is a password cracker, currently available for UNIX, DOS,
WinNT/Win95. Its primary purpose is to detect weak UNIX passwords. It has
been tested with Linux x86/Alpha/SPARC, FreeBSD x86, OpenBSD x86, Solaris
2.x SPARC and x86, Digital UNIX, AIX, HP-UX, and IRIX.
The DOS and Win32 ports are done with DJGPP and Cygnus Developer's Kit,
respectively.
Package contributed by dawszy@e-lubin.com in private mail.
|
|
|
|
Passive OS fingerprinting technique based on information coming
from remote host when it establishes connection to our system. Captured
packets contains enough information to determine OS - and, unlike
active scanners (nmap, queSO) - without sending anything to this host.
Submitted by in private mail.
|
|
|
|
Passive OS fingerprinting technique based on information coming
from remote host when it establishes connection to our system. Captured
packets contains enough information to determine OS - and, unlike
active scanners (nmap, queSO) - without sending anything to this host.
Package contributed by Dawid Szymanski <daws@irc.pl> on IRC.
|
|
|
|
|
|
- -Make the "test" target work.
- -Allow the user to set USE_RSAREF2. (It works!) Not sure why you'd
ever want to...
|
|
Remove obsolete warning about setting USA_RESIDENT.
|
|
|
|
|
|
20010322
- (djm) Better AIX no tty fix, spotted by Gert Doering <gert@greenie.muc.de>
- (djm) Released 2.5.2p2
20010321
- (djm) Fix ttyname breakage for AIX and Tru64. Patch from Steve
VanDevender <stevev@darkwing.uoregon.edu>
- (djm) Make sure pam_retval is initialised on call to pam_end. Patch
from Solar Designer <solar@openwall.com>
- (djm) Don't loop forever when changing password via PAM. Patch
from Solar Designer <solar@openwall.com>
- (djm) Generate config files before build
- (djm) Correctly handle SIA and AIX when no tty present. Spotted and
suggested fix from Mike Battersby <mib@unimelb.edu.au>
20010320
- (bal) glob.c update to added GLOB_LIMITS (OpenBSD CVS).
- (bal) glob.c update to set gl_pathv to NULL (OpenBSD CVS).
- (bal) Oops. Missed globc.h change (OpenBSD CVS).
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/19 17:07:23
[auth.c readconf.c]
undo /etc/shell and proto 2,1 change for openssh-2.5.2
- markus@cvs.openbsd.org 2001/03/19 17:12:10
[version.h]
version 2.5.2
- (djm) Update RPM spec version
- (djm) Release 2.5.2p1
- tim@mindrot.org 2001/03/19 18:33:47 [defines.h]
change S_ISLNK macro to work for UnixWare 2.03
- tim@mindrot.org 2001/03/19 20:45:11 [openbsd-compat/glob.c]
add get_arg_max(). Use sysconf() if ARG_MAX is not defined
20010319
- (djm) Seed PRNG at startup, rather than waiting for arc4random calls to
do it implicitly.
- (djm) Add getusershell() functions from OpenBSD CVS
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/18 12:07:52
[auth-options.c]
ignore permitopen="host:port" if AllowTcpForwarding==no
- (djm) Make scp work on systems without 64-bit ints
- tim@mindrot.org 2001/03/18 18:28:39 [defines.h]
move HAVE_LONG_LONG_INT where it works
- (bal) Use 'NGROUPS' for NeXT Since 'MAX_NGROUPS' is wrapped up in -lposix
stuff. Change suggested by Mark Miller <markm@swoon.net>
- (bal) Small fix to scp. %lu vs %ld
- (bal) NeXTStep lacks S_ISLNK. Plus split up S_IS*
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2001/03/19 03:52:51
[sftp-client.c]
Report ssh connection closing correctly; ok deraadt@
- deraadt@cvs.openbsd.org 2001/03/18 23:30:55
[compat.c compat.h sshd.c]
specifically version match on ssh scanners. do not log scan
information to the console
- djm@cvs.openbsd.org 2001/03/19 12:10:17
[sshd.8]
Document permitopen authorized_keys option; ok markus@
- djm@cvs.openbsd.org 2001/03/19 05:49:52
[ssh.1]
document PreferredAuthentications option; ok markus@
- (bal) Minor NeXT fixed. Forgot to #undef NGROUPS_MAX
20010318
- (bal) Fixed scp type casing issue which causes "scp: protocol error:
size not delimited" fatal errors when tranfering.
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/17 17:27:59
[auth.c]
check /etc/shells, too
- tim@mindrot.org 2001/03/17 18:45:25 [compat.c]
openbsd-compat/fake-regex.h
20010317
- Support usrinfo() on AIX. Based on patch from Gert Doering
<gert@greenie.muc.de>
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/15 15:05:59
[scp.c]
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
- markus@cvs.openbsd.org 2001/03/15 22:07:08
[session.c]
pass Session to do_child + KNF
- djm@cvs.openbsd.org 2001/03/16 08:16:18
[sftp-client.c sftp-client.h sftp-glob.c sftp-int.c]
Revise globbing for get/put to be more shell-like. In particular,
"get/put file* directory/" now works. ok markus@
- markus@cvs.openbsd.org 2001/03/16 09:55:53
[sftp-int.c]
fix memset and whitespace
- markus@cvs.openbsd.org 2001/03/16 13:44:24
[sftp-int.c]
discourage strcat/strcpy
- markus@cvs.openbsd.org 2001/03/16 19:06:30
[auth-options.c channels.c channels.h serverloop.c session.c]
implement "permitopen" key option, restricts -L style forwarding to
to specified host:port pairs. based on work by harlan@genua.de
- Check for gl_matchc support in glob_t and fall back to the
openbsd-compat/glob.[ch] support if it does not exist.
20010315
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/14 08:57:14
[sftp-client.c]
Wall
- markus@cvs.openbsd.org 2001/03/14 15:15:58
[sftp-int.c]
add version command
- deraadt@cvs.openbsd.org 2001/03/14 22:50:25
[sftp-server.c]
note no getopt()
- (stevesk) ssh-keyscan.c: specify "openbsd-compat/fake-queue.h"
- (bal) Cygwin README change by Corinna Vinschen <vinschen@redhat.com>
20010314
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/13 17:34:42
[auth-options.c]
missing xfree, deny key on parse error; ok stevesk@
- djm@cvs.openbsd.org 2001/03/13 22:42:54
[sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp-int.c]
sftp client filename globbing for get, put, ch{mod,grp,own}. ok markus@
- (bal) Fix strerror() in bsd-misc.c
- (djm) Add replacement glob() from OpenBSD libc if the system glob is
missing or lacks the GLOB_ALTDIRFUNC extension
- (djm) Remove -I$(srcdir)/openbsd-compat from CFLAGS, refer to headers
relatively. Avoids conflict between glob.h and /usr/include/glob.h
20010313
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/12 22:02:02
[key.c key.h ssh-add.c ssh-keygen.c sshconnect.c sshconnect2.c]
remove old key_fingerprint interface, s/_ex//
20010312
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/11 13:25:36
[auth2.c key.c]
debug
- jakob@cvs.openbsd.org 2001/03/11 15:03:16
[key.c key.h]
add improved fingerprint functions. based on work by Carsten
Raskgaard <cara@int.tele.dk> and modified by me. ok markus@.
- jakob@cvs.openbsd.org 2001/03/11 15:04:16
[ssh-keygen.1 ssh-keygen.c]
print both md5, sha1 and bubblebabble fingerprints when using
ssh-keygen -l -v. ok markus@.
- jakob@cvs.openbsd.org 2001/03/11 15:13:09
[key.c]
cleanup & shorten some var names key_fingerprint_bubblebabble.
- deraadt@cvs.openbsd.org 2001/03/11 16:39:03
[ssh-keygen.c]
KNF, and SHA1 binary output is just creeping featurism
- tim@mindrot.org 2001/03/11 17:29:32 [configure.in]
test if snprintf() supports %ll
add /dev to search path for PRNGD/EGD socket
fix my mistake in USER_PATH test program
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/11 18:29:51
[key.c]
style+cleanup
- markus@cvs.openbsd.org 2001/03/11 22:33:24
[ssh-keygen.1 ssh-keygen.c]
remove -v again. use -B instead for bubblebabble. make -B consistent
with -l and make -B work with /path/to/known_hosts. ok deraadt@
- (djm) Bump portable version number for generating test RPMs
- (djm) Add "static_openssl" RPM build option, remove rsh build dependency
- (bal) Reorder includes in Makefile.
20010311
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/10 12:48:27
[sshconnect2.c]
ignore nonexisting private keys; report rjmooney@mediaone.net
- deraadt@cvs.openbsd.org 2001/03/10 12:53:51
[readconf.c ssh_config]
default to SSH2, now that m68k runs fast
- stevesk@cvs.openbsd.org 2001/03/10 15:02:05
[ttymodes.c ttymodes.h]
remove unused sgtty macros; ok markus@
- deraadt@cvs.openbsd.org 2001/03/10 15:31:00
[compat.c compat.h sshconnect.c]
all known netscreen ssh versions, and older versions of OSU ssh cannot
handle password padding (newer OSU is fixed)
- tim@mindrot.org 2001/03/10 16:33:42 [configure.in Makefile.in sshd_config]
make sure $bindir is in USER_PATH so scp will work
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/10 17:51:04
[kex.c match.c match.h readconf.c readconf.h sshconnect2.c]
add PreferredAuthentications
20010310
- OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2001/03/09 03:14:39
[ssh-keygen.c]
create *.pub files with umask 0644, so that you can mv them to
authorized_keys
- deraadt@cvs.openbsd.org 2001/03/09 12:30:29
[sshd.c]
typo; slade@shore.net
- Removed log.o from sftp client. Not needed.
20010309
- OpenBSD CVS Sync
- stevesk@cvs.openbsd.org 2001/03/08 18:47:12
[auth1.c]
unused; ok markus@
- stevesk@cvs.openbsd.org 2001/03/08 20:44:48
[sftp.1]
spelling, cleanup; ok deraadt@
- markus@cvs.openbsd.org 2001/03/08 21:42:33
[compat.c compat.h readconf.h ssh.c sshconnect1.c sshconnect2.c]
implement client side of SSH2_MSG_USERAUTH_PK_OK (test public key ->
no need to do enter passphrase or do expensive sign operations if the
server does not accept key).
20010308
- OpenBSD CVS Sync
- djm@cvs.openbsd.org 2001/03/07 10:11:23
[sftp-client.c sftp-client.h sftp-int.c sftp-server.c sftp.1 sftp.c sftp.h]
Support for new draft (draft-ietf-secsh-filexfer-01). New symlink handling
functions and small protocol change.
- markus@cvs.openbsd.org 2001/03/08 00:15:48
[readconf.c ssh.1]
turn off useprivilegedports by default. only rhost-auth needs
this. older sshd's may need this, too.
- (stevesk) Reliant Unix (SNI) needs HAVE_BOGUS_SYS_QUEUE_H;
Dirk Markwardt <D.Markwardt@tu-bs.de>
20010307
- (bal) OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2001/03/06 06:11:18
[ssh-keyscan.c]
appease gcc
- deraadt@cvs.openbsd.org 2001/03/06 06:11:44
[sftp-int.c sftp.1 sftp.c]
sftp -b batchfile; mouring@etoh.eviladmin.org
- deraadt@cvs.openbsd.org 2001/03/06 15:10:42
[sftp.1]
order things
- deraadt@cvs.openbsd.org 2001/03/07 01:19:06
[ssh.1 sshd.8]
the name "secure shell" is boring, noone ever uses it
- deraadt@cvs.openbsd.org 2001/03/07 04:05:58
[ssh.1]
removed dated comment
- Cygwin contrib improvements from Corinna Vinschen <vinschen@redhat.com>
20010306
- (bal) OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2001/03/05 14:28:47
[sshd.8]
alpha order; jcs@rt.fm
- stevesk@cvs.openbsd.org 2001/03/05 15:44:51
[servconf.c]
sync error message; ok markus@
- deraadt@cvs.openbsd.org 2001/03/05 15:56:16
[myproposal.h ssh.1]
switch to aes128-cbc/hmac-md5 by default in SSH2 -- faster;
provos & markus ok
- deraadt@cvs.openbsd.org 2001/03/05 16:07:15
[sshd.8]
detail default hmac setup too
- markus@cvs.openbsd.org 2001/03/05 17:17:21
[kex.c kex.h sshconnect2.c sshd.c]
generate a 2*need size (~300 instead of 1024/2048) random private
exponent during the DH key agreement. according to Niels (the great
german advisor) this is safe since /etc/primes contains strong
primes only.
References:
P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key
agreement with short exponents, In Advances in Cryptology
- EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343.
- stevesk@cvs.openbsd.org 2001/03/05 17:40:48
[ssh.1]
more ssh_known_hosts2 documentation; ok markus@
- stevesk@cvs.openbsd.org 2001/03/05 17:58:22
[dh.c]
spelling
- deraadt@cvs.openbsd.org 2001/03/06 00:33:04
[authfd.c cli.c ssh-agent.c]
EINTR/EAGAIN handling is required in more cases
- millert@cvs.openbsd.org 2001/03/06 01:06:03
[ssh-keyscan.c]
Don't assume we wil get the version string all in one read().
deraadt@ OK'd
- millert@cvs.openbsd.org 2001/03/06 01:08:27
[clientloop.c]
If read() fails with EINTR deal with it the same way we treat EAGAIN
20010305
- (bal) CVS ID touch up on sshpty.[ch] and sshlogin.[ch]
- (bal) CVS ID touch up on sftp-int.c
- (bal) CVS ID touch up on uuencode.c
- (bal) CVS ID touch up on auth2.c, serverloop.c, session.c & sshd.c
- (bal) OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2001/02/17 23:48:48
[sshd.8]
it's the OpenSSH one
- deraadt@cvs.openbsd.org 2001/02/21 07:37:04
[ssh-keyscan.c]
inline -> __inline__, and some indent
- deraadt@cvs.openbsd.org 2001/02/21 09:05:54
[authfile.c]
improve fd handling
- deraadt@cvs.openbsd.org 2001/02/21 09:12:56
[sftp-server.c]
careful with & and &&; markus ok
- stevesk@cvs.openbsd.org 2001/02/21 21:14:04
[ssh.c]
-i supports DSA identities now; ok markus@
- deraadt@cvs.openbsd.org 2001/02/22 04:29:37
[servconf.c]
grammar; slade@shore.net
- deraadt@cvs.openbsd.org 2001/02/22 06:43:55
[ssh-keygen.1 ssh-keygen.c]
document -d, and -t defaults to rsa1
- deraadt@cvs.openbsd.org 2001/02/22 08:03:51
[ssh-keygen.1 ssh-keygen.c]
bye bye -d
- deraadt@cvs.openbsd.org 2001/02/22 18:09:06
[sshd_config]
activate RSA 2 key
- markus@cvs.openbsd.org 2001/02/22 21:57:27
[ssh.1 sshd.8]
typos/grammar from matt@anzen.com
- markus@cvs.openbsd.org 2001/02/22 21:59:44
[auth.c auth.h auth1.c auth2.c misc.c misc.h ssh.c]
use pwcopy in ssh.c, too
- markus@cvs.openbsd.org 2001/02/23 15:34:53
[serverloop.c]
debug2->3
- markus@cvs.openbsd.org 2001/02/23 18:15:13
[sshd.c]
the random session key depends now on the session_key_int
sent by the 'attacker'
dig1 = md5(cookie|session_key_int);
dig2 = md5(dig1|cookie|session_key_int);
fake_session_key = dig1|dig2;
this change is caused by a mail from anakin@pobox.com
patch based on discussions with my german advisor niels@openbsd.org
- deraadt@cvs.openbsd.org 2001/02/24 10:37:55
[readconf.c]
look for id_rsa by default, before id_dsa
- deraadt@cvs.openbsd.org 2001/02/24 10:37:26
[sshd_config]
ssh2 rsa key before dsa key
- markus@cvs.openbsd.org 2001/02/27 10:35:27
[packet.c]
fix random padding
- markus@cvs.openbsd.org 2001/02/27 11:00:11
[compat.c]
support SSH-2.0-2.1 ; from Christophe_Moret@hp.com
- deraadt@cvs.openbsd.org 2001/02/28 05:34:28
[misc.c]
pull in protos
- deraadt@cvs.openbsd.org 2001/02/28 05:36:28
[sftp.c]
do not kill the subprocess on termination (we will see if this helps
things or hurts things)
- markus@cvs.openbsd.org 2001/02/28 08:45:39
[clientloop.c]
fix byte counts for ssh protocol v1
- markus@cvs.openbsd.org 2001/02/28 08:54:55
[channels.c nchan.c nchan.h]
make sure remote stderr does not get truncated.
remove closed fd's from the select mask.
- markus@cvs.openbsd.org 2001/02/28 09:57:07
[packet.c packet.h sshconnect2.c]
in ssh protocol v2 use ignore messages for padding (instead of
trailing \0).
- markus@cvs.openbsd.org 2001/02/28 12:55:07
[channels.c]
unify debug messages
- deraadt@cvs.openbsd.org 2001/02/28 17:52:54
[misc.c]
for completeness, copy pw_gecos too
- markus@cvs.openbsd.org 2001/02/28 21:21:41
[sshd.c]
generate a fake session id, too
- markus@cvs.openbsd.org 2001/02/28 21:27:48
[channels.c packet.c packet.h serverloop.c]
use ignore message to simulate a SSH2_MSG_CHANNEL_DATA message
use random content in ignore messages.
- markus@cvs.openbsd.org 2001/02/28 21:31:32
[channels.c]
typo
- deraadt@cvs.openbsd.org 2001/03/01 02:11:25
[authfd.c]
split line so that p will have an easier time next time around
- deraadt@cvs.openbsd.org 2001/03/01 02:29:04
[ssh.c]
shorten usage by a line
- deraadt@cvs.openbsd.org 2001/03/01 02:45:10
[auth-rsa.c auth2.c deattack.c packet.c]
KNF
- deraadt@cvs.openbsd.org 2001/03/01 03:38:33
[cli.c cli.h rijndael.h ssh-keyscan.1]
copyright notices on all source files
- markus@cvs.openbsd.org 2001/03/01 22:46:37
[ssh.c]
don't truncate remote ssh-2 commands; from mkubita@securities.cz
use min, not max for logging, fixes overflow.
- deraadt@cvs.openbsd.org 2001/03/02 06:21:01
[sshd.8]
explain SIGHUP better
- deraadt@cvs.openbsd.org 2001/03/02 09:42:49
[sshd.8]
doc the dsa/rsa key pair files
- deraadt@cvs.openbsd.org 2001/03/02 18:54:31
[atomicio.c atomicio.h auth-chall.c auth.c auth2-chall.c crc32.h
scp.c serverloop.c session.c sftp-server.8 sftp.1 ssh-add.1 ssh-add.c
ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh.1 sshd.8]
make copyright lines the same format
- deraadt@cvs.openbsd.org 2001/03/03 06:53:12
[ssh-keyscan.c]
standard theo sweep
- millert@cvs.openbsd.org 2001/03/03 21:19:41
[ssh-keyscan.c]
Dynamically allocate read_wait and its copies. Since maxfd is
based on resource limits it is often (usually?) larger than FD_SETSIZE.
- millert@cvs.openbsd.org 2001/03/03 21:40:30
[sftp-server.c]
Dynamically allocate fd_set; deraadt@ OK
- millert@cvs.openbsd.org 2001/03/03 21:41:07
[packet.c]
Dynamically allocate fd_set; deraadt@ OK
- deraadt@cvs.openbsd.org 2001/03/03 22:07:50
[sftp-server.c]
KNF
- markus@cvs.openbsd.org 2001/03/03 23:52:22
[sftp.c]
clean up arg processing. based on work by Christophe_Moret@hp.com
- markus@cvs.openbsd.org 2001/03/03 23:59:34
[log.c ssh.c]
log*.c -> log.c
- markus@cvs.openbsd.org 2001/03/04 00:03:59
[channels.c]
debug1->2
- stevesk@cvs.openbsd.org 2001/03/04 10:57:53
[ssh.c]
add -m to usage; ok markus@
- stevesk@cvs.openbsd.org 2001/03/04 11:04:41
[sshd.8]
small cleanup and clarify for PermitRootLogin; ok markus@
- stevesk@cvs.openbsd.org 2001/03/04 11:16:06
[servconf.c sshd.8]
kill obsolete RandomSeed; ok markus@ deraadt@
- stevesk@cvs.openbsd.org 2001/03/04 12:54:04
[sshd.8]
spelling
- millert@cvs.openbsd.org 2001/03/04 17:42:28
[authfd.c channels.c dh.c log.c readconf.c servconf.c sftp-int.c
ssh.c sshconnect.c sshd.c]
log functions should not be passed strings that end in newline as they
get passed on to syslog() and when logging to stderr, do_log() appends
its own newline.
- deraadt@cvs.openbsd.org 2001/03/04 18:21:28
[sshd.8]
list SSH2 ciphers
- (bal) Put HAVE_PW_CLASS_IN_PASSWD back into pwcopy()
- (bal) Fix up logging since it changed. removed log-*.c
- (djm) Fix up LOG_AUTHPRIV for systems that have it
- (stevesk) OpenBSD sync:
- deraadt@cvs.openbsd.org 2001/03/05 08:37:27
[ssh-keyscan.c]
skip inlining, why bother
- (stevesk) sftp.c: handle __progname
20010304
- (bal) Remove make-ssh-known-hosts.1 since it's no longer valid.
- (bal) Updated contrib/README to remove 'make-ssh-known-hosts' and
give Mark Roth credit for mdoc2man.pl
20010303
- (djm) Remove make-ssh-known-hosts.pl, ssh-keyscan is better.
- (djm) Document PAM ChallengeResponseAuthentication in sshd.8
- (djm) Disable and comment ChallengeResponseAuthentication in sshd_config
- (djm) Allow PRNGd entropy collection from localhost TCP socket. Replace
"--with-egd-pool" configure option with "--with-prngd-socket" and
"--with-prngd-port" options. Debugged and improved by Lutz Jaenicke
<Lutz.Jaenicke@aet.TU-Cottbus.DE>
|
|
|
|
Add fitting LDFLAGS, so that an installed version of gmp doesn't
influence the build (see pkg/12235).
Also remove CFLAGS=-O2.
|
|
possible installed one. Fixes pkg/12235 by Michael Graff.
Remove CFLAGS=-O2.
|
|
|
|
pkg/12420: XS-based DES implementation for perl
|
