openssh - openssh

	Commit message (Collapse)	Author	Age	Files	Lines
*	upstream commit	djm@openbsd.org	2016-09-28	1	-62/+0
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Remove support for pre-authentication compression. Doing compression early in the protocol probably seemed reasonable in the 1990s, but today it's clearly a bad idea in terms of both cryptography (cf. multiple compression oracle attacks in TLS) and attack surface. Moreover, to support it across privilege-separation zlib needed the assistance of a complex shared-memory manager that made the required attack surface considerably larger. Prompted by Guido Vranken pointing out a compiler-elided security check in the shared memory manager found by Stack (http://css.csail.mit.edu/stack/); ok deraadt@ markus@ NB. pre-auth authentication has been disabled by default in sshd for >10 years. Upstream-ID: 32af9771788d45a0779693b41d06ec199d849caf
*	- tedu@cvs.openbsd.org 2014/01/04 17:50:55	Damien Miller	2014-01-10	1	-2/+2
\| \| \| \| \|	[mac.c monitor_mm.c monitor_mm.h xmalloc.c] use standard types and formats for size_t like variables. ok dtucker
*	- otto@cvs.openbsd.org 2008/04/29 11:20:31	Damien Miller	2008-05-19	1	-4/+1
\| \| \| \| \|	[monitor_mm.h] garbage collect two unused fields in struct mm_master; ok markus@
*	- deraadt@cvs.openbsd.org 2006/08/03 03:34:42	Damien Miller	2006-08-05	1	-2/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c] [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ] [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c] [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c] [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c] [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c] [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c] [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h] [serverloop.c session.c session.h sftp-client.c sftp-common.c] [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c] [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c] [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h] [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h] almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step NB. portable commit contains everything except removing includes.h, as that will take a fair bit more work as we move headers that are required for portability workarounds to defines.h. (also, this step wasn't "easy")
*	- djm@cvs.openbsd.org 2006/03/25 22:22:43	Damien Miller	2006-03-26	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	[atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h] [bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h] [compat.h compress.h crc32.c crc32.h deattack.h dh.h dispatch.h] [dns.c dns.h getput.h groupaccess.h gss-genr.c gss-serv-krb5.c] [gss-serv.c hostfile.h includes.h kex.h key.h log.h mac.h match.h] [misc.h monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h msg.h] [myproposal.h packet.h pathnames.h progressmeter.h readconf.h rsa.h] [scard.h servconf.h serverloop.h session.h sftp-common.h sftp.h] [ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h] [ttymodes.h uidswap.h uuencode.h xmalloc.h] standardise spacing in $OpenBSD$ tags; requested by deraadt@
*	- (djm) Sync sys/tree.h with OpenBSD -current. Rename tree.h and	Damien Miller	2002-09-12	1	-1/+1
\| \| \| \|	fake-queue.h to sys-tree.h and sys-queue.h
*	whitespace sync	Kevin Steves	2002-06-26	1	-1/+1
\|
*	- stevesk@cvs.openbsd.org 2002/03/26 03:24:01	Ben Lindstrom	2002-03-26	1	-0/+2
\| \| \| \| \|	[monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h] $OpenBSD$
*	- (stevesk) import OpenBSD <sys/tree.h> as "openbsd-compat/tree.h"	Kevin Steves	2002-03-26	1	-1/+1
\|
*	- provos@cvs.openbsd.org 2002/03/18 17:50:31	Ben Lindstrom	2002-03-22	1	-0/+64
\| \| \| \| \| \| \| \| \| \| \|	[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c session.h servconf.h serverloop.c session.c sshd.c] integrate privilege separated openssh; its turned off by default for now. work done by me and markus@ applied, but outside of ensure that smaller code bits migrated with their owners.. no work was tried to 'fix' it to work. =) Later project!
*	revert more of my stupidity	Damien Miller	2002-03-13	1	-64/+0
\|
*	Import of Niels Provos' 20020312 ssh-complete.diff	Damien Miller	2002-03-13	1	-0/+64
	PAM, Cygwin and OSF SIA will not work for sure