Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
139,877 Commits 606 Branches 0 Tags 3.1 GiB
ff66f5797e
Commit Graph

822 Commits

Author SHA1 Message Date
christos
5db1262f0e PR/31261: Mark Davies: ssh invokes xauth with bogus argument 2005-09-09 12:24:37 +00:00
christos
453555bc8b PR/31243: Mark Davies: sshd uses pipes rather than socketpairs, making bash 
not execute .bashrc. Since socketpairs work on all NetBSD systems, make it
the default.
 2005-09-09 12:20:12 +00:00
elad
8f1a245ebd Use default_md = sha1 in ``req'' section too, so we don't fallback to MD5. 
Noted by smb@.
 2005-09-01 21:35:25 +00:00
elad
98e0d8f19f SHA1 is a better default than MD5. 
Discussed with Steven M. Bellovin.
Closes PR/30395.
 2005-08-27 12:32:15 +00:00
manu
0b97cbeb71 Update to ipsec-tools 0.6.1 2005-08-20 00:57:06 +00:00
manu
96ae7759c9 Import ipsec-tools 0.6.1 2005-08-20 00:40:43 +00:00
wiz
c8f5575b45 End sentence with a dot. 2005-08-14 09:25:08 +00:00
wiz
c91d1d213a Drop trailing whitespace. 2005-08-07 11:19:35 +00:00
manu
111c13fe24 Resolve conflicts caused by recent ipsec-tools-0.6.1rc1 import by prefering 
the newer software. Some useful local change might have been overwritten,
we'll take care of this soon.
 2005-08-07 09:38:45 +00:00
manu
df08b9e74a Update ipsec-tools to 0.6.1rc1 
Most of the changes since 0.6b4 have already been committed to the NetBSD
tree. This upgrade fixes some IPcomp and NAT-T related problems that were
left unadressed in the NetBSD tree.
 2005-08-07 08:46:11 +00:00
christos
1a191ad79e PR/29862: Denis Lagno: sshd segfaults with long keys 
The problem was that the rsa fips validation code did not allocate long
enough buffers, so it was trashing the stack.
 2005-07-30 00:38:40 +00:00
he
182dc837b5 Move a variable declaration to the variable declaration section of 
the enclosing block from within the middle of active code, so that
this compiles with older gcc.  Fixes build problem for vax.
 2005-07-14 11:26:57 +00:00
manu
b0602a2f44 Add safety checks for informational messages 2005-07-12 21:33:01 +00:00
tron
50c09443b0 Backout botched patch, approved by Emmanuel Dreyfus. 2005-07-12 19:17:37 +00:00
manu
132d72e25b Add SHA2 support 2005-07-12 16:49:52 +00:00
manu
7736ad81cf Add comments on how to use the hook scripts without NAT-T 2005-07-12 16:33:27 +00:00
manu
ecb971f5f8 Don't wipe out IKE ports for SA update as it breaks things: the SA is taken 
from an existing SA and already has matching IKE ports.
 2005-07-12 16:24:29 +00:00
manu
91b9c188b3 Add support for alrogithms with non OpenSSL default key sizes 2005-07-12 14:51:07 +00:00
manu
e0dd78cfbd Don't use adminport when it is disabled 2005-07-12 14:15:39 +00:00
manu
4c94bccce3 Set IKE ports to 0 in SA when NAT-T is not in use. This fixes problems 
when NAT-T is disabled
 2005-07-12 14:14:46 +00:00
manu
929f80643d Safety checks on informational messages 2005-07-12 14:13:10 +00:00
manu
8bc1e3c0ac pkcs7 support 2005-07-12 14:12:20 +00:00
tron
d3544c4e45 Document that "aes" can be used for IKE and ESP encryption. 2005-07-07 12:34:17 +00:00
christos
eb8e3b9ad4 Add proper casts. Fix a problem where (uint32_t < ~0). Cast both ~0's to 
u_int, since this is what the author intended.
 2005-06-28 16:12:41 +00:00
christos
ca496ece2e - Add lint comments 
- Fix bad casts.
- Comment out unused variables.
 2005-06-28 16:04:54 +00:00
christos
a1625e9ee8 Fix an error I introduced in the previous commit. The length could be 0. 
Also parenthesize an expression properly.
 2005-06-28 16:03:09 +00:00
christos
444efb36db deal with casting/caddr_t stupidity. It is not 1980 anymore and people should 
start using void *, instead of caddr_t.
 2005-06-27 03:19:45 +00:00
christos
983e538712 Collect externs into one file instead of duplicating them everywhere. 2005-06-26 23:49:31 +00:00
christos
dd8cdde018 Fix compiler warnings. 2005-06-26 23:34:26 +00:00
christos
fba8d9ce60 Fix some of the pointer abuse, and add some const. Not done yet. 2005-06-26 21:14:08 +00:00
manu
dd3259cec0 NAT-T fix: We treat null ports in SPD as wildcard so that IKE ports 
are used instead. This was done on phase 2 initiation from the kernel
(acquire message), but not on phase 2 initiation retries when the
phase 2 had been queued  for a phase 1.
 2005-06-22 21:28:18 +00:00
manu
13ca728372 Consume NAT-T packets that have already been seen through MSG_PEEK 2005-06-15 07:29:20 +00:00
chs
7bbdd188e1 appease gcc -Wuninitialized on hp700. 2005-06-05 19:08:28 +00:00
manu
6ec5a5a9b7 Fix Xauth login with PAM authentication 2005-06-04 22:09:27 +00:00
manu
2c39301c40 Endianness bug fix 2005-06-04 21:55:05 +00:00
manu
311dff8be0 Missing 0th element in rm_idtype2doi array 2005-06-03 22:27:06 +00:00
lukem
d687f4502c appease gcc -Wuninitialized 2005-06-02 04:59:17 +00:00
lukem
936a4cd73f Don't attempt to close a random file descriptor upon error. 
Detected with gcc -Wuninitialized.
 2005-06-02 04:57:33 +00:00
lukem
08ef6270ca appease gcc -Wuninitialized 2005-06-02 04:56:14 +00:00
lukem
89f4d29f7d Appease gcc -Wuninitialized, in a similar method used elsewhere in the 
same function.
 2005-06-02 04:43:45 +00:00
lukem
6e3cdc676d appease gcc -Wuninitialized 2005-06-01 12:07:00 +00:00
wiz
8bf012821a Drop trailing whitespace. 2005-05-25 16:57:39 +00:00
wiz
bf77c4e4b3 Drop trailing whitespace and a grammar fix. 2005-05-25 10:09:36 +00:00
manu
bd592e6e99 Really delete phase 1 on Xauth failure 2005-05-20 07:34:47 +00:00
manu
48fade8581 Fix NAT-T plus IPcomp 2005-05-20 01:28:13 +00:00
manu
c6660c31c6 Fix parse bug in IPsec policies 2005-05-20 00:57:33 +00:00
manu
2e090d4afb When altering the lifetime, don't modify to configured proposal, duplicate 
it instead.
 2005-05-20 00:54:55 +00:00
christos
137ea645ec PR/30198: Lubomir Sedlacik: The forwarding listening host is optional; don't 
try to free it.
 2005-05-18 16:11:11 +00:00
manu
6add206c2f - Fix a double free 
- For acquire messages, when NAT-T is in use, consider null port as a
  wildcard and use IKE port
 2005-05-13 14:09:44 +00:00
manu
a5a80e2b4d Update sample config file to higher security settings 2005-05-10 10:22:03 +00:00