1. 12 Dec, 2016 1 commit
    • Damien Miller's avatar
      Force Turkish locales back to C/POSIX; bz#2643 · dda78a03
      Damien Miller authored
      Turkish locales are unique in their handling of the letters 'i' and
      'I' (yes, they are different letters) and OpenSSH isn't remotely
      prepared to deal with that. For now, the best we can do is to force
      OpenSSH to use the C/POSIX locale and try to preserve the UTF-8
      encoding if possible.
      ok dtucker@
  2. 06 Jun, 2016 1 commit
    • schwarze@openbsd.org's avatar
      upstream commit · 0e059cdf
      schwarze@openbsd.org authored
      To prevent screwing up terminal settings when printing to
       the terminal, for ASCII and UTF-8, escape bytes not forming characters and
       bytes forming non-printable characters with vis(3) VIS_OCTAL. For other
       character sets, abort printing of the current string in these cases.  In
       particular, * let scp(1) respect the local user's LC_CTYPE locale(1); *
       sanitize data received from the remote host; * sanitize filenames, usernames,
       and similar data even locally; * take character display widths into account
       for the progressmeter.
      This is believed to be sufficient to keep the local terminal safe
      on OpenBSD, but bad things can still happen on other systems with
      state-dependent locales because many places in the code print
      unencoded ASCII characters into the output stream.
      Using feedback from djm@ and martijn@,
      various aspects discussed with many others.
      deraadt@ says it should go in now, i probably already hesitated too long
      Upstream-ID: e66afbc94ee396ddcaffd433b9a3b80f387647e0
  3. 15 Jan, 2015 1 commit
    • djm@openbsd.org's avatar
      upstream commit · 1129dcfc
      djm@openbsd.org authored
      sync ssh-keysign, ssh-keygen and some dependencies to the
       new buffer/key API; mostly mechanical, ok markus@
  4. 15 May, 2014 1 commit
    • Damien Miller's avatar
      - markus@cvs.openbsd.org 2014/04/29 18:01:49 · 1f0311c7
      Damien Miller authored
           [auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c]
           [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c]
           [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
           [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c]
           make compiling against OpenSSL optional (make OPENSSL=no);
           reduces algorithms to curve25519, aes-ctr, chacha, ed25519;
           allows us to explore further options; with and ok djm
  5. 24 Feb, 2010 1 commit
  6. 11 Feb, 2010 1 commit
    • Damien Miller's avatar
      - markus@cvs.openbsd.org 2010/02/08 10:50:20 · 7ea845e4
      Damien Miller authored
           [pathnames.h readconf.c readconf.h scp.1 sftp.1 ssh-add.1 ssh-add.c]
           [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config.5]
           replace our obsolete smartcard code with PKCS#11.
           ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11
           provider (shared library) while ssh-agent(1) delegates PKCS#11 to
           a forked a ssh-pkcs11-helper process.
           PKCS#11 is currently a compile time option.
           feedback and ok djm@; inspired by patches from Alon Bar-Lev
  7. 30 Aug, 2006 1 commit
    • Damien Miller's avatar
      - (djm) [CREDITS LICENCE Makefile.in auth.c configure.ac includes.h ] · 1b06dc30
      Damien Miller authored
         [platform.c platform.h sshd.c openbsd-compat/Makefile.in]
         [openbsd-compat/openbsd-compat.h openbsd-compat/port-solaris.c]
         [openbsd-compat/port-solaris.h] Add support for Solaris process
         contracts, enabled with --use-solaris-contracts. Patch from Chad
         Mynhier, tweaked by dtucker@ and myself; ok dtucker@
  8. 05 Aug, 2006 2 commits
    • Damien Miller's avatar
      - (djm) [auth-pam.c auth-shadow.c auth2-none.c cleanup.c sshd.c] · 75bb6644
      Damien Miller authored
         [openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Sprinkle more
         includes for Linux in
    • Damien Miller's avatar
      - deraadt@cvs.openbsd.org 2006/08/03 03:34:42 · d7834353
      Damien Miller authored
           [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
           [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
           [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
           [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
           [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
           [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
           [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
           [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
           [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
           [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
           [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
           [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
           [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
           [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
           [serverloop.c session.c session.h sftp-client.c sftp-common.c]
           [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
           [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
           [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
           [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
           [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
           [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
           almost entirely get rid of the culture of ".h files that include .h files"
           ok djm, sort of ok stevesk
           makes the pain stop in one easy step
           NB. portable commit contains everything *except* removing includes.h, as
           that will take a fair bit more work as we move headers that are required
           for portability workarounds to defines.h. (also, this step wasn't "easy")
  9. 24 Jul, 2006 2 commits
  10. 26 Mar, 2006 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2006/03/25 13:17:03 · 57c30117
      Damien Miller authored
           [atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
           [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
           [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
           [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
           [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
           [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
           [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
           [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
           [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
           [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
           [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
           [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
           [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
           [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
           [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
           [uidswap.c uuencode.c xmalloc.c]
           Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
           Theo nuked - our scripts to sync -portable need them in the files
  11. 25 Mar, 2006 1 commit
    • Damien Miller's avatar
      - deraadt@cvs.openbsd.org 2006/03/19 18:51:18 · b0fb6872
      Damien Miller authored
           [atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
           [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
           [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
           [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
           [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
           [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
           [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
           [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
           [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
           [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
           [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
           [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
           [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
           [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
           [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
           [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
           [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
           [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
           [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
           [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
           [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
           [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
           [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
           RCSID() can die
  12. 02 Oct, 2003 1 commit
    • Darren Tucker's avatar
      - markus@cvs.openbsd.org 2003/09/23 20:17:11 · 3e33cecf
      Darren Tucker authored
           [Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c
           cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h
           monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h
           ssh-agent.c sshd.c]
           replace fatal_cleanup() and linked list of fatal callbacks with static
           cleanup_exit() function.  re-refine cleanup_exit() where appropriate,
           allocate sshd's authctxt eary to allow simpler cleanup in sshd.
           tested by many, ok deraadt@