summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-12-23include and use OpenBSD netcat in regress/Damien Miller
2014-12-22upstream commitdjm@openbsd.org
mention ssh -Q feature to list supported { MAC, cipher, KEX, key } algorithms in more places and include the query string used to list the relevant information; bz#2288
2014-12-22upstream commitjmc@openbsd.org
tweak previous;
2014-12-22upstream commitdjm@openbsd.org
regression test for multiple required pubkey authentication; ok markus@
2014-12-22upstream commitdjm@openbsd.org
correct description of what will happen when a AuthorizedKeysCommand is specified but AuthorizedKeysCommandUser is not (sshd will refuse to start)
2014-12-22upstream commitdjm@openbsd.org
make internal handling of filename arguments of "none" more consistent with ssh. "none" arguments are now replaced with NULL when the configuration is finalised. Simplifies checking later on (just need to test not-NULL rather than that + strcmp) and cleans up some inconsistencies. ok markus@
2014-12-22upstream commitdjm@openbsd.org
remember which public keys have been used for authentication and refuse to accept previously-used keys. This allows AuthenticationMethods=publickey,publickey to require that users authenticate using two _different_ pubkeys. ok markus@
2014-12-22upstream commitdjm@openbsd.org
fix passing of wildcard forward bind addresses when connection multiplexing is in use; patch from Sami Hartikainen via bz#2324; ok dtucker@
2014-12-22upstream commitdjm@openbsd.org
make this slightly easier to diff against portable
2014-12-22add missing regress output fileDamien Miller
2014-12-22upstream commitdjm@openbsd.org
adjust for new SHA256 key fingerprints and slightly-different MD5 hex fingerprint format
2014-12-22upstream commitdjm@openbsd.org
poll changes to netcat (usr.bin/netcat.c r1.125) broke this test; fix it by ensuring more stdio fds are sent to devnull
2014-12-22upstream commitjmc@openbsd.org
tweak previous;
2014-12-22upstream commitdjm@openbsd.org
document FingerprintHash here too
2014-12-22missing include for base64 encodingDamien Miller
2014-12-22upstream commitdjm@openbsd.org
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
2014-12-22upstream commitdjm@openbsd.org
don't count partial authentication success as a failure against MaxAuthTries; ok deraadt@
2014-12-18upstream commitdjm@openbsd.org
revert chunk I didn't mean to commit yet; via jmc@
2014-12-18upstream libc changeDamien Miller
revision 1.2 date: 2014/12/08 03:45:00; author: bcook; state: Exp; lines: +2 -2; commitid: 7zWEBgJJOCZ2hvTV; avoid left shift overflow in reallocarray. Some 64-bit platforms (e.g. Windows 64) have a 32-bit long. So, shifting 1UL 32-bits to the left causes an overflow. This replaces the constant 1UL with (size_t)1 so that we get the correct constant size for the platform. discussed with tedu@ & deraadt@
2014-12-18include CFLAGS in gnome askpass targetsDamien Miller
from Fedora
2014-12-11upstream commitdjm@openbsd.org
explicitly include sys/param.h in files that use the howmany() macro; from portable
2014-12-11upstream commitdjm@openbsd.org
mention AuthorizedKeysCommandUser must be set for AuthorizedKeysCommand to be run; bz#2287
2014-12-11upstream commitdjm@openbsd.org
show in debug output which hostkeys are being tried when attempting hostbased auth; patch from Iain Morgan
2014-12-11upstream commitdjm@openbsd.org
Make manual reflect reality: sftp-server's -d option accepts a "%d" option, not a "%h" one. bz#2316; reported by Kirk Wolf
2014-12-10upstream commitdjm@openbsd.org
better error value for invalid signature length
2014-12-10Resync more with OpenBSD's rijndael.c, in particular "#if 0"-ing out someDarren Tucker
unused code. Should fix compile error reported by plautrba at redhat.
2014-12-10Add reallocarray to compat libraryDarren Tucker
2014-12-05upstream commitdjm@openbsd.org
add tests for new client RevokedHostKeys option; refactor to make it a bit more readable
2014-12-05upstream commitkrw@openbsd.org
Nuke yet more obvious #include duplications. ok deraadt@
2014-12-05upstream commitdjm@openbsd.org
key_in_file() wrapper is no longer used
2014-12-05upstream commitdjm@openbsd.org
add RevokedHostKeys option for the client Allow textfile or KRL-based revocation of hostkeys.
2014-12-05upstream commitdjm@openbsd.org
convert KRL code to new buffer API ok markus@
2014-12-05upstream commitmillert@openbsd.org
Prefer setvbuf() to setlinebuf() for portability; ok deraadt@
2014-11-26upstream commitjsg@openbsd.org
Fix crashes in the handling of the sshd config file found with the afl fuzzer. ok deraadt@ djm@
2014-11-26Avoid Cygwin ssh-host-config reading /etc/groupDamien Miller
Patch from Corinna Vinschen
2014-11-26allow custom service name for sshd on CygwinDamien Miller
Permits the use of multiple sshd running with different service names. Patch by Florian Friesdorf via Corinna Vinschen
2014-11-24upstream commitjmc@openbsd.org
restore word zapped in previous, and remove some useless "No" macros;
2014-11-24upstream commitderaadt@openbsd.org
/dev/random has created the same effect as /dev/arandom (and /dev/urandom) for quite some time. Mop up the last few, by using /dev/random where we actually want it, or not even mentioning arandom where it is irrelevant.
2014-11-24upstream commitdjm@openbsd.org
fix NULL pointer dereference crash on invalid timestamp found using Michal Zalewski's afl fuzzer
2014-11-24upstream commitmikeb@openbsd.org
Sync AES code to the one shipped in OpenSSL/LibreSSL. This includes a commit made by Andy Polyakov <appro at openssl ! org> to the OpenSSL source tree on Wed, 28 Jun 2006 with the following message: "Mitigate cache-collision timing attack on last round." OK naddy, miod, djm
2014-11-24upstream commitkrw@openbsd.org
Nuke more obvious #include duplications. ok deraadt@ millert@ tedu@
2014-11-19upstream commitdjm@openbsd.org
fix KRL generation when multiple CAs are in use We would generate an invalid KRL when revoking certs by serial number for multiple CA keys due to a section being written out twice. Also extend the regress test to catch this case by having it produce a multi-CA KRL. Reported by peter AT pean.org
2014-11-18upstream commitdjm@openbsd.org
fix NULL pointer dereference crash in key loading found by Michal Zalewski's AFL fuzzer
2014-11-17upstream commitdjm@openbsd.org
fix KRL generation when multiple CAs are in use We would generate an invalid KRL when revoking certs by serial number for multiple CA keys due to a section being written out twice. Also extend the regress test to catch this case by having it produce a multi-CA KRL. Reported by peter AT pean.org
2014-11-17upstream commitbentley@openbsd.org
Reduce instances of `` '' in manuals. troff displays these as typographic quotes, but nroff implementations almost always print them literally, which rarely has the intended effect with modern fonts, even in stock xterm. These uses of `` '' can be replaced either with more semantic alternatives or with Dq, which prints typographic quotes in a UTF-8 locale (but will automatically fall back to `` '' in an ASCII locale). improvements and ok schwarze@
2014-11-11upstream commitdjm@openbsd.org
mux-related manual tweaks mention ControlPersist=0 is the same as ControlPersist=yes recommend that ControlPath sockets be placed in a og-w directory
2014-11-05Prepare scripts for next Cygwin releaseDamien Miller
Makes the Cygwin-specific ssh-user-config script independent of the existence of /etc/passwd. The next Cygwin release will allow to generate passwd and group entries from the Windows account DBs, so the scripts have to adapt. from Corinna Vinschen
2014-10-30include version number in OpenSSL-too-old errorDamien Miller
2014-10-27upstream commitlteo@openbsd.org
Remove unnecessary include: netinet/in_systm.h is not needed by these programs. NB. skipped for portable ok deraadt@ millert@
2014-10-20upstream commitdjm@openbsd.org
whitespace