Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
111,515 Commits 606 Branches 0 Tags 3.1 GiB
Commit Graph

527 Commits

Author SHA1 Message Date
wiz 8f9e9a2299 Correct misspellings of authentication and available. From Adrian Mrva. 2002-12-21 12:22:12 +00:00
wiz 5e3e5e1ae9 ther -> their, from Adrian Mrva. 2002-12-21 12:19:33 +00:00
thorpej b33be07056 Avoid conflict with reserved identifier "log". 2002-12-06 03:39:06 +00:00
thorpej 5da0736e3a Avoid strict alias warning. 2002-12-06 01:27:10 +00:00
elric 512a461832 Change all functions that call gssapi_krb5_init() to call one of 
two macros GSSAPI_KRB5_INIT() or GSSAPI_KRB5_INIT_MS() which call
the former, check its return code and bail on error.

Addresses PR lib/19191
Given a quick look by joda@.
 2002-11-28 11:21:16 +00:00
darrenr 8084625896 racoon.conf can be found in /etc/racoon, not /etc 2002-11-27 09:51:50 +00:00
itojun a426f44395 sync w/ kame source from 2002/11/20. 
- plug some memory leaks
- correct phase 2 proposal reqid handling
- check for fd_set overrun
 2002-11-20 03:35:57 +00:00
itojun 7285409e64 KAME racoon as of 2002/11/20 2002-11-20 03:30:18 +00:00
itojun 314a4f35b5 correct panic() condition - it was backwards. remove kame-local diff 
which was committed by mistake.
From: Rafal Boni <rafal@attbi.com>
 2002-11-18 23:36:18 +00:00
joda bc13d2aefa don't blindly trust rlen; from Heimdal 0.5.1 2002-10-21 19:39:51 +00:00
provos 32b88027c7 use readlink with bufsize - 1; approved thorpej. 2002-10-19 20:33:17 +00:00
itojun df884fac23 revert previous. need more time to think. 2002-10-18 23:51:07 +00:00
itojun 8201174690 condition to panic() was backwards. sync w/kame 
From: Rafal Boni <rafal@attbi.com>
 2002-10-18 23:44:58 +00:00
itojun 4752a4465b discourage the use of aggressive mode for identity disclosure. 2002-10-18 14:34:04 +00:00
manu a2e26d6e11 back out the previous change. We really don't want to enable login on a 
mode 666 tty.
In order to use sshd logins with a read-only /dev, the administrator has to
make the tty mode 600 root/wheel before the partition gets read-only.
 2002-10-15 15:33:04 +00:00
manu 9dc3c4ee08 Re-allow connection when /dev is read-only, and the tty is owned by the 
user or owned by root.
 2002-10-15 15:19:02 +00:00
itojun 173446ddd0 use cast to unsigned long long, instead of PRIu64 
(to make it easier to move the change back to main openssh distribution)
 2002-10-04 02:22:05 +00:00
petrov 31b9b01a31 use PRIu64 for u_int64_t. 2002-10-03 07:41:10 +00:00
elric f07ce00ec5 Turn on strict alignment #define's, because racoon reliably core 
dumps on machines which require strict alignment such as sparc64.
 2002-10-02 17:53:11 +00:00
itojun ef7d24574a upgrade to openssh 3.5. major changes include: 
- krb4/5 support for privsep (krb5 diff was already applied)

includes fake implementaation of getpeereid() from openssh-portable, which
does nothing useful - need improvement.
 2002-10-01 14:07:26 +00:00
itojun 604e45f4cd OpenSSH 3.5 as of Oct 1, 2002 2002-10-01 13:39:55 +00:00
elric 75bc91b4e4 Changed documentation of the default setting for PermitRootLogin 
to ``no'', to match our actual default setting.

Addresses PR: bin/18445
 2002-09-28 15:07:33 +00:00
itojun 5431e7941f tweak the example $HOME/.ssh/rc script to not show on any cmdline the 
sensitive data it handles. This fixes bug # 402 as reported by
kolya@mit.edu (Nickolai Zeldovich).
 2002-09-25 03:43:19 +00:00
mycroft 1268ff2729 select() -> poll() 2002-09-20 22:16:02 +00:00
mycroft c83fcd876c select() -> poll() 2002-09-20 22:05:59 +00:00
mycroft 016f903642 select() -> poll() 2002-09-20 21:48:58 +00:00
mycroft ee48615074 select() -> poll() 2002-09-20 21:34:31 +00:00
joda ee1dfded94 change unconfigured error code back to ENXIO 2002-09-19 19:48:33 +00:00
joda 7417b5942f de-__P and comment out all parameter names 2002-09-19 19:22:53 +00:00
itojun 17e856961c don't quit while creating X11 listening socket. 
address (first) problem described in
http://mail-index.netbsd.org/current-users/2002/09/16/0005.html
 2002-09-17 06:26:18 +00:00
thorpej f603ddfaad __RCSID is not a portable macro to be using in a host tool (which 
these files are).  As a short-term work-around, only use it if it
is defined.  A better solution will be worked out with the Heimdal
folks later.

Fixes building these host tools on Solaris 8.
 2002-09-13 19:09:00 +00:00
joda 72be5e0769 invert detach flag to match previous NetBSD behaviour 2002-09-12 17:16:38 +00:00
joda cae4f88ee0 kill some warnings 2002-09-12 15:35:02 +00:00
joda 2c3a59b23a krb5_socklen_t and krb5_ssize_t should not go here 2002-09-12 14:52:33 +00:00
joda 91f0927074 make this actually do something 2002-09-12 14:12:18 +00:00
joda 58cc4c1950 alias dns functions so we don't have to bump major 2002-09-12 14:10:25 +00:00
joda da086653ff resolve import conflicts 2002-09-12 13:18:49 +00:00
joda 0444766465 import heimdal 0.5 2002-09-12 12:41:31 +00:00
joda 5146dc79e7 import helper 2002-09-12 12:35:03 +00:00
joda 3cc6c8c775 resolve import conflicts 2002-09-12 12:33:10 +00:00
joda cfa4cd31bb import krb4 1.2 2002-09-12 12:22:01 +00:00
itojun 32e004f92a kerberos support w/ privsep. confirmed to work by lha@stacken.kth.se 2002-09-09 06:45:17 +00:00
itojun 42ebaa698b don't touch free'ed memory. From: wang.zhong3@zte.com.cn, sync w/kame 2002-09-03 14:38:13 +00:00
itojun 2b9b8f5bd3 reduce #ifdef related to OPENSSLDIR - we want it be static 2002-09-01 11:38:34 +00:00
itojun 50d422c24f e_os.h is not part of exported openssl interface, so don't install it into 
/usr/include/openssl (e_os.h has an explicit comment about it).  it obviously
is a bug in openssl 0.9.6 Makefile.
based on openssl 0.9.7 snapshot.
 2002-08-31 10:46:36 +00:00
itojun e1754c22c2 if () statement error. From: Krister Walfridsson <cato@df.lth.se> 
(not compiled)  sync w/kame
 2002-08-31 07:56:14 +00:00
itojun 7049b3bdab blank commit to force rebuild of krb.h 2002-08-29 14:34:11 +00:00
itojun f613969b8a somehow main trunk was not in sync with 0.9.6f for this file. noted by havard. 2002-08-28 23:10:30 +00:00
itojun bcb0cf6929 tighten isakmp header length validation. from kame 2002-08-28 04:44:04 +00:00
wiz b57bfa3f73 Drop superfluous Ns, sort sections. 2002-08-20 16:05:46 +00:00
wiz 4f40f42275 Remove superfluous Ns, drop trailing whitespace, fix a Xr, don't let lines 
get longer than 80 characters.
 2002-08-20 16:04:13 +00:00
wiz 2610a5c4d8 Remove superfluous Ns; while here, remove trailing whitespace and fix a 
punctuation problem.
 2002-08-20 15:59:37 +00:00
wiz 158398c921 Fix Ns abuse. 2002-08-20 15:32:12 +00:00
wiz 9bf08abfd4 Remove some unnecessary .Ns and trailing whitespace. 2002-08-20 15:24:38 +00:00
itojun a6315c15ad utmpx.ut_id is required. 
PR 17998 with slight modification (deal with ttyname shorter than 4)
 2002-08-20 07:42:53 +00:00
itojun 1146a80999 more NO_xx cleanup. can't catch these by openssl-unifdef.pl 2002-08-17 21:41:59 +00:00
itojun 08597903ce sync with 0.9.6g 2002-08-09 15:58:46 +00:00
itojun 5eb341dcb6 openssl 0.9.6g, build framework fixes 2002-08-09 15:45:08 +00:00
itojun 182c0b6e08 sync with 0.9.6f. prevents DoS attack and regen of manpages. 2002-08-08 23:47:34 +00:00
itojun f5e63fe4c2 openssl 0.9.6f, with security fixes 2002-08-08 23:14:54 +00:00
itojun 7bab20a582 bitmask operation audit (s/&&/&/). from openbsd 2002-08-08 15:12:09 +00:00
itojun e8859ea868 remove files mistakenly shipped with openssl 0.9.6e. 
(it won't affect the build)
 2002-08-05 11:21:29 +00:00
itojun 85c4496982 http://marc.theaimsgroup.com/?l=openssl-cvs&m=102831422608153&w=2 
*) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
     and get fix the header length calculation.
     [Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>,
      Alon Kantor <alonk@checkpoint.com> (and others),
      Steve Henson]

(critical)
 2002-08-03 12:56:23 +00:00
itojun e7f66af2b2 fix incorrect overrun check. 
http://marc.theaimsgroup.com/?l=openssl-cvs&m=102831516309127&w=2
(thank todd!)
 2002-08-02 23:09:03 +00:00
itojun d103e0b575 plug memory leak. from ebisawa@iij. sync w/kame 2002-07-31 07:01:26 +00:00
itojun ef920a0913 sync with 0.9.6e. 2002-07-31 01:29:37 +00:00
itojun 25e766824a OpenSSL 0.9.6e. includes major security fixes (already applied) 2002-07-30 23:57:34 +00:00
itojun e9316c8858 apply patch supplied with OpenSSL Security Advisory [30 July 2002] 
advisory 1: four potentially remotely-exploitable vulnerability in
SSL2/SSL3 code
advisory 2: ASN1 parser vulnerability (all SSL/TLS apps affected)
 2002-07-30 12:55:08 +00:00
christos 3fd219f644 add utmpx support. 2002-07-28 23:43:33 +00:00
grant 6742cb1812 sweep of errx/warnx, remove unnecessary trailing \n 2002-07-20 08:36:17 +00:00
itojun 24ef72afbf print connect failure on debugging mode. sync w/openbsd 2002-07-12 13:28:36 +00:00
wiz 4b20971f01 Spell acquire with a 'c'. 2002-07-10 23:16:32 +00:00
itojun bdfa549223 bark if all connection attemp fails. sync w/openbsd 2002-07-10 10:28:00 +00:00
itojun 92b7524e7d silently connect(2) to next address. sync w/openbsd 2002-07-09 12:04:10 +00:00
itojun a2a47b15ce don't warn even if reverse lookup fails. sync w/openbsd 2002-07-09 12:03:54 +00:00
itojun 9a2478a3b0 /var/empty -> /var/chroot/sshd. PR 17519 2002-07-08 14:39:53 +00:00
itojun 968294e218 >make ssh-keysign read /etc/ssh/ssh_config 
>and exit if HostbasedAuthentication is disabled globally. based on discussions
>with deraadt, itojun and sommerfeld; ok itojun@

sync w/openbsd
 2002-07-03 14:23:13 +00:00
itojun 92ea28e291 >for compression=yes, we fallback to no-compression if the server does 
>not support compression, vice versa for compression=no. ok mouring@
sync w/openbsd
 2002-07-03 10:07:48 +00:00
itojun 673c1a7ac1 >use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld) 
>in order to avoid a possible Kocher timing attack pointed out by Charles
>Hannum; ok provos@
 2002-07-03 10:06:39 +00:00
itojun c28e7ac1f6 correct signed/unsigned mixup; openbsd 2002-07-03 10:05:58 +00:00
itojun 8d3378688a pednatic check on command line args. correct signed/unsigned mixup. 
sync w/ openbsd
 2002-07-01 06:17:11 +00:00
itojun 84559971ee make use of xfree() consistent. from openbsd 2002-07-01 05:56:45 +00:00
itojun 11792b93b1 don't use freed memory. sync w/openbsd 2002-07-01 05:54:03 +00:00
itojun 5bdd56b128 sync with 3.4 2002-06-26 14:08:29 +00:00
itojun b8f8e01057 OpenSSH 3.4 around 2002/6/26. 
most significant change:
>make sure # of response matches # of queries, fixes int overflow; from ISS

as we have already enabled privsep by default, we should have been safe.
 2002-06-26 14:02:54 +00:00
itojun 603dca2ed2 sync whitespace w/ openbsd tree 2002-06-24 15:47:25 +00:00
itojun bc7b65a647 don't lose information while we cast 2002-06-24 15:46:34 +00:00
agc 7d6a7caf6a Cast arguments so that this file will compile on less forgiving architectures 
like arm32.
 2002-06-24 15:32:58 +00:00
itojun 3ea946f134 sync with openssh 3.3. 
local mods included to make it compile with openssl 0.9.6d.
 2002-06-24 05:48:24 +00:00
itojun 3dfc6702ef clean ssh-keysign build dir before import. 2002-06-24 05:45:17 +00:00
itojun 9486e6fd01 it shouldn't be imported 2002-06-24 05:28:32 +00:00
itojun b5222aff66 OpenSSH 3.3 as of June 24, 2002. 
- ssh is no longer seruid root.  ssh-keyscan is added to read secret host keys.
  protocol version 1 rsh-like authentication is gone.
- FallBackToRsh is deprecated.
 2002-06-24 05:25:39 +00:00
wiz c650ef5756 Remove (commented out) krb_equiv(3) reference, suggested by joda. 2002-06-13 11:19:48 +00:00
wiz d844f0d7b1 Fix Xrefs. 2002-06-13 00:15:09 +00:00
wiz 78c59017cc Remove photurisd reference. 2002-06-13 00:14:26 +00:00
wiz 8def406232 Comment out Xref to krb_equiv(3), which does not exist. 2002-06-13 00:09:06 +00:00
itojun b745604c00 sync sockaddr_ntop with latest openssh (minor change) 2002-06-09 22:22:55 +00:00
itojun 7c75b5ec2f sync with 0.9.6d. shlib minor for libssl and libcrypto 
is cranked for additional functions.
 2002-06-09 16:12:52 +00:00
itojun 7720435b28 openssl 0.9.6d 2002-06-09 15:21:32 +00:00
itojun f0231f96aa do not propose IDEA cipher on SSL connection, as our default installation 
does not handle IDEA.
TODO: dynamically enable IDEA if libcrypto_idea is linked
 2002-06-09 02:16:18 +00:00