Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
105,558 Commits 606 Branches 0 Tags 3.1 GiB
6da8034165
Commit Graph

473 Commits

Author SHA1 Message Date
itojun
a6315c15ad utmpx.ut_id is required. 
PR 17998 with slight modification (deal with ttyname shorter than 4)
 2002-08-20 07:42:53 +00:00
itojun
1146a80999 more NO_xx cleanup. can't catch these by openssl-unifdef.pl 2002-08-17 21:41:59 +00:00
itojun
08597903ce sync with 0.9.6g 2002-08-09 15:58:46 +00:00
itojun
5eb341dcb6 openssl 0.9.6g, build framework fixes 2002-08-09 15:45:08 +00:00
itojun
182c0b6e08 sync with 0.9.6f. prevents DoS attack and regen of manpages. 2002-08-08 23:47:34 +00:00
itojun
f5e63fe4c2 openssl 0.9.6f, with security fixes 2002-08-08 23:14:54 +00:00
itojun
7bab20a582 bitmask operation audit (s/&&/&/). from openbsd 2002-08-08 15:12:09 +00:00
itojun
e8859ea868 remove files mistakenly shipped with openssl 0.9.6e. 
(it won't affect the build)
 2002-08-05 11:21:29 +00:00
itojun
85c4496982 http://marc.theaimsgroup.com/?l=openssl-cvs&m=102831422608153&w=2 
*) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
     and get fix the header length calculation.
     [Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>,
      Alon Kantor <alonk@checkpoint.com> (and others),
      Steve Henson]

(critical)
 2002-08-03 12:56:23 +00:00
itojun
e7f66af2b2 fix incorrect overrun check. 
http://marc.theaimsgroup.com/?l=openssl-cvs&m=102831516309127&w=2
(thank todd!)
 2002-08-02 23:09:03 +00:00
itojun
d103e0b575 plug memory leak. from ebisawa@iij. sync w/kame 2002-07-31 07:01:26 +00:00
itojun
ef920a0913 sync with 0.9.6e. 2002-07-31 01:29:37 +00:00
itojun
25e766824a OpenSSL 0.9.6e. includes major security fixes (already applied) 2002-07-30 23:57:34 +00:00
itojun
e9316c8858 apply patch supplied with OpenSSL Security Advisory [30 July 2002] 
advisory 1: four potentially remotely-exploitable vulnerability in
SSL2/SSL3 code
advisory 2: ASN1 parser vulnerability (all SSL/TLS apps affected)
 2002-07-30 12:55:08 +00:00
christos
3fd219f644 add utmpx support. 2002-07-28 23:43:33 +00:00
grant
6742cb1812 sweep of errx/warnx, remove unnecessary trailing \n 2002-07-20 08:36:17 +00:00
itojun
24ef72afbf print connect failure on debugging mode. sync w/openbsd 2002-07-12 13:28:36 +00:00
wiz
4b20971f01 Spell acquire with a 'c'. 2002-07-10 23:16:32 +00:00
itojun
bdfa549223 bark if all connection attemp fails. sync w/openbsd 2002-07-10 10:28:00 +00:00
itojun
92b7524e7d silently connect(2) to next address. sync w/openbsd 2002-07-09 12:04:10 +00:00
itojun
a2a47b15ce don't warn even if reverse lookup fails. sync w/openbsd 2002-07-09 12:03:54 +00:00
itojun
9a2478a3b0 /var/empty -> /var/chroot/sshd. PR 17519 2002-07-08 14:39:53 +00:00
itojun
968294e218 >make ssh-keysign read /etc/ssh/ssh_config 
>and exit if HostbasedAuthentication is disabled globally. based on discussions
>with deraadt, itojun and sommerfeld; ok itojun@

sync w/openbsd
 2002-07-03 14:23:13 +00:00
itojun
92ea28e291 >for compression=yes, we fallback to no-compression if the server does 
>not support compression, vice versa for compression=no. ok mouring@
sync w/openbsd
 2002-07-03 10:07:48 +00:00
itojun
673c1a7ac1 >use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld) 
>in order to avoid a possible Kocher timing attack pointed out by Charles
>Hannum; ok provos@
 2002-07-03 10:06:39 +00:00
itojun
c28e7ac1f6 correct signed/unsigned mixup; openbsd 2002-07-03 10:05:58 +00:00
itojun
8d3378688a pednatic check on command line args. correct signed/unsigned mixup. 
sync w/ openbsd
 2002-07-01 06:17:11 +00:00
itojun
84559971ee make use of xfree() consistent. from openbsd 2002-07-01 05:56:45 +00:00
itojun
11792b93b1 don't use freed memory. sync w/openbsd 2002-07-01 05:54:03 +00:00
itojun
5bdd56b128 sync with 3.4 2002-06-26 14:08:29 +00:00
itojun
b8f8e01057 OpenSSH 3.4 around 2002/6/26. 
most significant change:
>make sure # of response matches # of queries, fixes int overflow; from ISS

as we have already enabled privsep by default, we should have been safe.
 2002-06-26 14:02:54 +00:00
itojun
603dca2ed2 sync whitespace w/ openbsd tree 2002-06-24 15:47:25 +00:00
itojun
bc7b65a647 don't lose information while we cast 2002-06-24 15:46:34 +00:00
agc
7d6a7caf6a Cast arguments so that this file will compile on less forgiving architectures 
like arm32.
 2002-06-24 15:32:58 +00:00
itojun
3ea946f134 sync with openssh 3.3. 
local mods included to make it compile with openssl 0.9.6d.
 2002-06-24 05:48:24 +00:00
itojun
3dfc6702ef clean ssh-keysign build dir before import. 2002-06-24 05:45:17 +00:00
itojun
9486e6fd01 it shouldn't be imported 2002-06-24 05:28:32 +00:00
itojun
b5222aff66 OpenSSH 3.3 as of June 24, 2002. 
- ssh is no longer seruid root.  ssh-keyscan is added to read secret host keys.
  protocol version 1 rsh-like authentication is gone.
- FallBackToRsh is deprecated.
 2002-06-24 05:25:39 +00:00
wiz
c650ef5756 Remove (commented out) krb_equiv(3) reference, suggested by joda. 2002-06-13 11:19:48 +00:00
wiz
d844f0d7b1 Fix Xrefs. 2002-06-13 00:15:09 +00:00
wiz
78c59017cc Remove photurisd reference. 2002-06-13 00:14:26 +00:00
wiz
8def406232 Comment out Xref to krb_equiv(3), which does not exist. 2002-06-13 00:09:06 +00:00
itojun
b745604c00 sync sockaddr_ntop with latest openssh (minor change) 2002-06-09 22:22:55 +00:00
itojun
7c75b5ec2f sync with 0.9.6d. shlib minor for libssl and libcrypto 
is cranked for additional functions.
 2002-06-09 16:12:52 +00:00
itojun
7720435b28 openssl 0.9.6d 2002-06-09 15:21:32 +00:00
itojun
f0231f96aa do not propose IDEA cipher on SSL connection, as our default installation 
does not handle IDEA.
TODO: dynamically enable IDEA if libcrypto_idea is linked
 2002-06-09 02:16:18 +00:00
itojun
be5f1d082c use getnameinfo on diag printing. sync w/openssh in openbsd 2002-06-08 21:17:57 +00:00
itojun
e67961b545 check sshd uid/chroot dir on UsePrivilegeSeparation mode, and die if they 
do not exist.  sync w/openssh
 2002-05-29 23:54:29 +00:00
itojun
a5c3041a1b bump date for rhosts auth fix 2002-05-27 13:45:40 +00:00
itojun
b274d69ad0 correct rhosts authentication. should fix PR 17023 2002-05-27 13:45:17 +00:00
itojun
a46557038c now arc4random is in libc, we don't need to supply local version 2002-05-25 00:29:52 +00:00
itojun
a0da78395e correct sha2 interoperability. From: "JuanJo Ciarlante" <jjo@mendoza.gov.ar> 2002-05-20 13:12:45 +00:00
itojun
e26b1052bb use /var/chroot/sshd instead of /var/empty. suggested by christos 2002-05-16 20:59:35 +00:00
itojun
f47caddaf3 turn on privilege separation, as 3.2.1 default do. 
requires sshd uid/gid as well as /var/empty directory.
 2002-05-14 23:33:07 +00:00
itojun
ca89359407 sync with 3.2.1 as of 5/13. 
NOTE: privilege separation is turned off by default
as it seems there still are issues with setsid().
 2002-05-13 02:58:17 +00:00
itojun
24255a6a60 OpenSSH 3.2.1 as of 2002/5/13 2002-05-13 02:28:40 +00:00
itojun
c68a2428ba correct handling of "unique" policy. bump version to 20020507 
(corresponds to filename in ftp://ftp.kame.net/pub/kame).
 2002-05-13 02:10:34 +00:00
itojun
c0fa39f338 correct plogv(). 2002-05-07 08:58:32 +00:00
lukem
244b762de1 Complete the conversion back to the OpenSSH default configuration files of 
"/etc/ssh/ssh_config" (from "/etc/ssh/ssh.conf") for ssh(1) and other
userland tools, and "/etc/ssh/sshd_config (from "/etc/ssh/sshd.conf")
for sshd(8).

etc/postinstall will detect this, and if "fix" is given, rename the files.
 2002-04-29 08:23:34 +00:00
itojun
812e154ef2 netbsd uses EXIT STATUS, not RETURN VALUES, for commands 2002-04-26 02:48:54 +00:00
wiz
77e1048dc4 Whitespace fixes, use standard headers, RCS police. 2002-04-26 02:33:00 +00:00
wiz
8366b5d7de Sort sections and SEE ALSO, add NetBSD tag. 2002-04-26 02:31:10 +00:00
itojun
cd1e16de59 upgrade to KAME racoon as of 2002/4/26. 
file descriptor leak fix.
null encryption algorithm key length fix (should use 0).
couple of null-pointer reference fixes.
set port # to 500 in ID payload (possible interop issue - spec is unclear).
correctly match address pair on informational exchange
 2002-04-26 02:25:13 +00:00
itojun
b4df5a033c KAME racoon as of 2002/4/26 2002-04-26 02:16:38 +00:00
itojun
936168b29d correct afs/kerberos token-passing. notified by markus@openbsd 2002-04-24 01:48:04 +00:00
itojun
34b40b030e sync with openssh 3.2 as of 2002/4/22. 
- privilege separation
- afs/kerberos auth security issue fixed
 2002-04-22 07:59:35 +00:00
itojun
ff10d69ea5 OpenSSH 3.2 as of 2002/4/22. bring in sys/sys/tree.h 2002-04-22 07:47:47 +00:00
itojun
f597d4ec88 OpenSSH 3.2 as of 2002/4/22. fixes issues with AFS/kerberos auth 2002-04-22 07:35:39 +00:00
bjh21
f7136b499f Remove .cvsignore files. 
<URL:http://www.netbsd.org/developers/cvs-repos/notes.html#cvsignore>
 2002-04-04 17:07:06 +00:00
itojun
abe35ee7d1 correct initial contact payload handling. PR 15949. sync with kame 2002-03-29 01:18:08 +00:00
itojun
16bd2c3983 handle RTM_NEWADDR correctly. PR 15693. sync w/kame 2002-03-22 03:58:43 +00:00
reinoud
1c9c09e3be Simple file static function had wrong function definition : 
-find_etype(hdb_entry *princ, unsigned *etypes, unsigned len,
+find_etype(hdb_entry *princ, krb5_enctype *etypes, unsigned len,

In the Acorn32 port an enum doesn't have to be unsigned (!) int's ... but
can also be a byte/char sized var.
 2002-03-21 21:02:16 +00:00
bjh21
24460e83d2 Actually use the 8003 patch joda applied upstream, rather than the one I sent 
him (oops).
 2002-03-18 19:16:04 +00:00
bjh21
4284d720b1 CKSUMTYPE needs to include 0x8003, since some things use that. 
Approved by joda and committed upstream.
 2002-03-18 19:07:49 +00:00
itojun
0a2445c3b6 move sshd config files to /etc/ssh 2002-03-11 04:57:55 +00:00
sommerfeld
68c304f103 Fix several LL128 format string mismatches with a chainsaw. 
%llu is "unsigned long long", not "uint64_t"; the former can be 128
bits on LP64 systems.
 2002-03-09 15:03:33 +00:00
itojun
9d597e40f3 printf type mismatch. 2002-03-08 06:03:21 +00:00
itojun
295a85a1c9 sync better with reality (LoginGraceTime) 2002-03-08 02:18:11 +00:00
itojun
af34a358ff sync w/ 3.1 as of 2002/3/8. configuration file directory is still /etc 
(openbsd usr.bin/ssh is using /etc/ssh)
 2002-03-08 02:00:50 +00:00
itojun
797a097779 OpenSSH 3.1 as of 2002/3/8. plugs off-by-one security hole 2002-03-08 01:20:24 +00:00
tron
9097d36b33 Fix off by one error described in "PINE-CERT-20020301" advisory. 2002-03-07 16:02:22 +00:00
wiz
a50cd7c5cd Add SYNOPSIS. 2002-03-06 14:25:42 +00:00
itojun
e4446468a6 s/IPSec/IPsec/. 2002-03-06 00:21:36 +00:00
joda
a8d19a98fc don't try to use the krb5 context if the init fails; should fix 
bin/15585
 2002-02-26 11:16:08 +00:00
bjh21
4845a9458f Rather than assuming that -1 is a valid value for a LogLevel or LogFacility, 
explicitly declare SYSLOG_LEVEL_NOT_SET and SYSLOG_FACILITY_NOT_SET and use
those instead.

This is necessary for -fshort-enums platforms, and corresponds to the
following OpenBSD revisions:
log.c           1.21
log.h           1.5
readconf.c      1.95
servconf.c      1.53
 2002-02-10 16:23:33 +00:00
bjh21
57a0815fae Clean up the distinction between krb5_enctype and int, and between 
krb5_key_usage and unsigned.  These patches are necessary for
platforms with short enums, and should already be in Heimdal CVS.
 2002-02-10 15:31:18 +00:00
joda
8dd8e58e76 import heimdal rev 1.42: we have to create our own param struct before 
marshaling (fixes bin/15520)
 2002-02-08 18:35:30 +00:00
simonb
f6d51843ea Mirror 32-bit alignment change in crypto/dist/heimdal/lib/roken/resolve.c. 2002-01-08 03:27:59 +00:00
thorpej
5f9568a12e Make sure the state array passed to initstate(3) is 32-bit aligned, 
as that is how it is accessed within the random(3) suite of routines.
 2002-01-08 02:15:24 +00:00
thorpej
19a95cad9c Fix warnings generated by gcc 3.1. 2001-12-31 20:09:53 +00:00
explorer
ad08960f5c When calling krb5_verify_user(), we must restore root's uid, since it will need to read /etc/krb5.keytab. 2001-12-19 10:28:47 +00:00
he
a18ce029f6 Deal with lossage caused by the addition of the netbsd-1-5 branch tag 
to these files.

Apparently, the "magic" which causes the latest version on the
vendor branch to appear at the head in the repository broke when
the netbsd-1-5 tag was added.  Thus, merge in the lost revisions from
the vendor tag to work around this.
 2001-12-13 15:53:54 +00:00
itojun
e2970b134f sync with openbsd/remove variable name from prototype 2001-12-12 17:24:46 +00:00
itojun
684138909c fix constness difference in prototype and func def. 2001-12-12 17:16:16 +00:00
itojun
718900f830 sync with 3.0.2 2001-12-06 03:54:04 +00:00
itojun
d97f5d9481 OpenSSH 3.0.2 as of 2001/12/06. fixes environment variable passing in UseLogin=yes 2001-12-06 03:46:04 +00:00
wiz
b4371d47f5 Replace some misuses of "then" with "than". 2001-12-04 17:56:30 +00:00
thorpej
cce3152281 Deal with an LP64 printf format issue. 2001-11-30 00:46:36 +00:00
itojun
d4b3b8bf82 update version date to 20011127 2001-11-27 04:16:08 +00:00
itojun
f7146cb367 resolve one more conflict 2001-11-27 04:11:23 +00:00