a494eea816
Add an ifdef to disable the AES_CTR_MT cipher because static binaries don't
...
work with -pthread, and /rescue is linked against libssh.
2008-06-23 14:51:31 +00:00
80a665de90
Add the HPN patch for ssh:
...
http://www.psc.edu/networking/projects/hpn-ssh/
2008-06-22 15:42:50 +00:00
bf3ddb193b
Bump date for previous.
2008-06-18 07:40:16 +00:00
93c1205f96
Add an admin port command to retrieve the peer certificate. Submitted by Timo Teras.
2008-06-18 07:12:04 +00:00
c47cb1615c
Add an admin port command to retrieve the peer certificate. Submitted by
...
Timmo Teras.
2008-06-18 07:12:03 +00:00
01e8cc1e5d
Set sockets to be closed on exec to avoid potential file descriptor inheritance issues. Submitted by Timo Teras.
2008-06-18 07:04:23 +00:00
5d397c5ba5
Set sockets to be closed on exec to avoid potential file descriptor
...
inheritance issues. Submitted by Timmo Teras.
2008-06-18 07:04:22 +00:00
7598372e37
Use utility functions to evaluate and manipulate network port values. No functional changes. Submitted by Timo Teras.
2008-06-18 06:47:25 +00:00
2c40396f3a
Use utility functions to evaluate or manipulate network port values. No
...
functional changes. Submitted by Timmo Teras.
2008-06-18 06:47:24 +00:00
7dac642960
Admin port code cleanup. No functional changes. Submitted by Timo Teras.
2008-06-18 06:27:49 +00:00
18fc645e9a
Admin port code cleanup. No functional changes. Submitted by Timmo Teras.
2008-06-18 06:27:48 +00:00
9345b05cc4
Correct a phase2 status event. Submitted by Timo Teras.
2008-06-18 06:11:38 +00:00
b163716d45
Correct a phase2 status event. Submitted by Timmo Teras.
2008-06-18 06:11:37 +00:00
f5792c6ee8
Apply patch from Darryl Miles which adjusts SSL_shutdown's behavior for
...
non-blocking BIOs so that it is sane -- so that, in other words, -1 with
a meaningful library error code (WANT_READ or WANT_WRITE) is returned
when we would block for I/O. Without this change, you have to sleep or
spin -- you can't know how to put the underlying socket in your select
or poll set.
Patch from http://marc.info/?l=openssl-dev&m=115154030723033&w=2 and
rationale at http://marc.info/?l=openssl-dev&m=115153998821797&w=2 where
sadly they were overlooked by the OpenSSL team for some time. It is hoped
that now that we've brought this change to their attention they will
integrate it into their sources and we can lose the local change in
NetBSD.
2008-06-10 19:45:00 +00:00
31197b7671
Fix two Denial of Service vulnerabilities in OpenSSL:
...
- Fix flaw if server key exchange message is omitted from a TLS handshake
which could lead to a silent crash.
- Fix double free in TLS server name extensions which could lead to a
remote crash.
Fixes CVE-2008-1672.
2008-06-05 15:30:10 +00:00
90318d80f4
PR/38728: Tomoyuki Okazaki: Enable Camellia
2008-05-26 16:39:45 +00:00
a41e5a83be
Add coverity alloc comment.
2008-05-24 20:07:00 +00:00
cfb67f710f
add a coverity alloc comment.
2008-05-24 20:05:52 +00:00
e520f14ae6
Coverity CID 5003: Fix memory leak.
2008-05-24 20:00:07 +00:00
e3ee1b22da
Coverity CID 5004: Fix double free.
2008-05-24 19:58:01 +00:00
78dc0fbbfc
Add a coverity alloc comment.
2008-05-24 19:54:43 +00:00
13ebcc71fb
Add a coverity alloc comment
2008-05-24 19:52:36 +00:00
c2e438738f
Coverity CID 5007: Avoid double free.
2008-05-24 19:48:27 +00:00
677bd71b1f
Add a coverity allocation comment.
2008-05-24 19:46:32 +00:00
66009f62a3
Coverity CID 5010: Avoid buf[-1] = '\0' on error.
2008-05-24 19:32:28 +00:00
aa3b40a116
Coverity CID 5018: Fix double frees.
2008-05-24 18:39:40 +00:00
b6c10a6fe5
avoid using free_func as an argument because it is already a typedef.
2008-05-10 16:52:05 +00:00
33d34d249c
fix version string
2008-05-09 22:10:19 +00:00
2149db96e3
resolve conflicts
2008-05-09 21:49:39 +00:00
b69a53abf2
import today's snapshot! Hi <tls>
2008-05-09 21:34:04 +00:00
2a499f37b6
From Christian Hohnstaedt: allow out of tree building
2008-05-08 12:24:50 +00:00
11a6dbe728
Convert TNF licenses to new 2 clause variant
2008-04-30 13:10:46 +00:00
ce099b4099
Remove clause 3 and 4 from TNF licenses
2008-04-28 20:22:51 +00:00
098f566eb9
Do as in revision 1.26 of sshd_config: add a sample, commented-out line
...
for X.org's xauth.
2008-04-25 15:01:45 +00:00
ed9bfcd9c2
From Timo Teras: extract port numbers from SADB_X_EXT_NAT_T[SD]PORT if present in purge_ipsec_spi().
2008-04-25 14:41:18 +00:00
c6898eabf6
extract ports information from SADB_X_EXT_NAT_T_[SD]PORT if present in purge_ipsec_spi()
2008-04-25 14:41:17 +00:00
795befa36d
namespace police to make it buildable (no, it still does not work),
...
add rcsid.
2008-04-20 15:01:14 +00:00
41de77d985
Sync SCM_RIGHTS passing code with the version used in racoon (i.e.
...
set message header and controll message size to the same value again)
2008-04-19 22:15:30 +00:00
57a7ea54be
for symmetry set controllen the same way we set it on the receiving side.
2008-04-13 21:45:19 +00:00
03409c55d7
Don't use variable size allocation on the stack.
2008-04-13 21:44:14 +00:00
c09e4a3a8c
Fix for CVE-2007-3108
...
The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and
earlier does not properly perform Montgomery multiplication, which might
allow local users to conduct a side-channel attack and retrieve RSA
private keys.
2008-04-10 14:19:59 +00:00
1d2009704e
fix another build breaker
2008-04-07 07:37:07 +00:00
1f7a577d0e
re-add removed files.
2008-04-06 23:39:05 +00:00
cbdb6c7a40
resolve conflicts.
2008-04-06 23:38:19 +00:00
49d015609b
Import 5.0
2008-04-06 21:18:28 +00:00
fe2ff28dc6
Add no-user-rc option which disables execution of ~/.ssh/rc
...
(backport from OpenSSH 4.9)
2008-04-05 17:20:53 +00:00
11a00dfcb8
Fix two vulnerabilities in OpenSSH:
...
- X11 forwarding information disclosure (CVE-2008-1483)
- ForceCommand bypass vulnerability
2008-04-03 13:09:14 +00:00
1c3bd4b930
fix Linux build
2008-04-02 19:02:50 +00:00
5ae92982aa
properly fix the variable stack allocation code.
2008-03-28 21:18:45 +00:00
fe6642740b
Still from Cyrus Rahman: fix file descriptor leak introduced by previous
...
commit.
2008-03-28 20:28:14 +00:00
christos