summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-11-26Avoid Cygwin ssh-host-config reading /etc/groupDamien Miller
Patch from Corinna Vinschen
2014-11-26allow custom service name for sshd on CygwinDamien Miller
Permits the use of multiple sshd running with different service names. Patch by Florian Friesdorf via Corinna Vinschen
2014-11-24upstream commitjmc@openbsd.org
restore word zapped in previous, and remove some useless "No" macros;
2014-11-24upstream commitderaadt@openbsd.org
/dev/random has created the same effect as /dev/arandom (and /dev/urandom) for quite some time. Mop up the last few, by using /dev/random where we actually want it, or not even mentioning arandom where it is irrelevant.
2014-11-24upstream commitdjm@openbsd.org
fix NULL pointer dereference crash on invalid timestamp found using Michal Zalewski's afl fuzzer
2014-11-24upstream commitmikeb@openbsd.org
Sync AES code to the one shipped in OpenSSL/LibreSSL. This includes a commit made by Andy Polyakov <appro at openssl ! org> to the OpenSSL source tree on Wed, 28 Jun 2006 with the following message: "Mitigate cache-collision timing attack on last round." OK naddy, miod, djm
2014-11-24upstream commitkrw@openbsd.org
Nuke more obvious #include duplications. ok deraadt@ millert@ tedu@
2014-11-19upstream commitdjm@openbsd.org
fix KRL generation when multiple CAs are in use We would generate an invalid KRL when revoking certs by serial number for multiple CA keys due to a section being written out twice. Also extend the regress test to catch this case by having it produce a multi-CA KRL. Reported by peter AT pean.org
2014-11-18upstream commitdjm@openbsd.org
fix NULL pointer dereference crash in key loading found by Michal Zalewski's AFL fuzzer
2014-11-17upstream commitdjm@openbsd.org
fix KRL generation when multiple CAs are in use We would generate an invalid KRL when revoking certs by serial number for multiple CA keys due to a section being written out twice. Also extend the regress test to catch this case by having it produce a multi-CA KRL. Reported by peter AT pean.org
2014-11-17upstream commitbentley@openbsd.org
Reduce instances of `` '' in manuals. troff displays these as typographic quotes, but nroff implementations almost always print them literally, which rarely has the intended effect with modern fonts, even in stock xterm. These uses of `` '' can be replaced either with more semantic alternatives or with Dq, which prints typographic quotes in a UTF-8 locale (but will automatically fall back to `` '' in an ASCII locale). improvements and ok schwarze@
2014-11-11upstream commitdjm@openbsd.org
mux-related manual tweaks mention ControlPersist=0 is the same as ControlPersist=yes recommend that ControlPath sockets be placed in a og-w directory
2014-11-05Prepare scripts for next Cygwin releaseDamien Miller
Makes the Cygwin-specific ssh-user-config script independent of the existence of /etc/passwd. The next Cygwin release will allow to generate passwd and group entries from the Windows account DBs, so the scripts have to adapt. from Corinna Vinschen
2014-10-30include version number in OpenSSL-too-old errorDamien Miller
2014-10-27upstream commitlteo@openbsd.org
Remove unnecessary include: netinet/in_systm.h is not needed by these programs. NB. skipped for portable ok deraadt@ millert@
2014-10-20upstream commitdjm@openbsd.org
whitespace
2014-10-20upstream commitdaniel@openbsd.org
plug a memory leak; from Maxime Villard. ok djm@
2014-10-20upstream commitjmc@openbsd.org
tweak previous;
2014-10-13upstream commitdjm@openbsd.org
whitespace
2014-10-13upstream commitdjm@openbsd.org
Tweak config reparsing with host canonicalisation Make the second pass through the config files always run when hostname canonicalisation is enabled. Add a "Match canonical" criteria that allows ssh_config Match blocks to trigger only in the second config pass. Add a -G option to ssh that causes it to parse its configuration and dump the result to stdout, similar to "sshd -T" Allow ssh_config Port options set in the second config parse phase to be applied (they were being ignored). bz#2267 bz#2286; ok markus
2014-10-13upstream commitdjm@openbsd.org
another -Wpointer-sign from clang
2014-10-13upstream commitdjm@openbsd.org
fix a few -Wpointer-sign warnings from clang
2014-10-13upstream commitdjm@openbsd.org
parse cert sections using nested buffers to reduce copies; ok markus
2014-10-13upstream commitdjm@openbsd.org
correct options in usage(); from mancha1 AT zoho.com
2014-10-13upstream commitdjm@openbsd.org
mention permissions on tun(4) devices in PermitTunnel documentation; bz#2273
2014-10-13upstream commitdjm@openbsd.org
tighten permissions on pty when the "tty" group does not exist; pointed out by Corinna Vinschen; ok markus
2014-10-13upstream commitsobrado@openbsd.org
typo.
2014-10-13upstream commitsobrado@openbsd.org
improve capitalization for the Ed25519 public-key signature system. ok djm@
2014-10-13upstream commitdoug@openbsd.org
Free resources on error in mkstemp and fdopen ok djm@
2014-10-13upstream commitderaadt@openbsd.org
djm how did you make a typo like that...
2014-10-13upstream commitdjm@openbsd.org
When dumping the server configuration (sshd -T), print correct KEX, MAC and cipher defaults. Spotted by Iain Morgan
2014-10-13upstream commitdjm@openbsd.org
~-expand lcd paths
2014-10-12remove duplicated KEX_DH1 entryDamien Miller
2014-10-09remove ChangeLog fileDamien Miller
Commit logs will be generated from git at release time.
2014-10-07delete contrib/caldera directoryDamien Miller
2014-10-07test commitDamien Miller
2014-10-07 - (djm) Release OpenSSH-6.7Damien Miller
2014-10-03 - (djm) [sshd_config.5] typo; from Iain MorganDamien Miller
2014-10-01 - (djm) [openbsd-compat/Makefile.in openbsd-compat/kludge-fd_set.c]Damien Miller
[openbsd-compat/openbsd-compat.h] Kludge around bad glibc _FORTIFY_SOURCE check that doesn't grok heap-allocated fd_sets; ok dtucker@
2014-09-10 - (djm) [sandbox-seccomp-filter.c] Allow mremap and exit for DietLibc;Damien Miller
patch from Felix von Leitner; ok dtucker
2014-09-0920140908Darren Tucker
- (dtucker) [INSTALL] Update info about egd. ok djm@
2014-09-04 - (djm) [openbsd-compat/arc4random.c] Zero seed after keying PRNGDamien Miller
2014-09-03 - (djm) [contrib/cygwin/ssh-host-config] Fix old code leading toDamien Miller
permissions/ACLs; from Corinna Vinschen
2014-09-03 - (djm) [defines.h sshbuf.c] Move __predict_true|false to defines.h andDamien Miller
conditionalise to avoid duplicate definition.
2014-08-30 - (djm) [Makefile.in] Make TEST_SHELL a variable; "good idea" tim@Damien Miller
2014-08-30 - (djm) [openbsd-compat/openssl-compat.h] add include guardDamien Miller
2014-08-30 - (djm) [misc.c] Missing newline between functionsDamien Miller
2014-08-30 - (djm) [openbsd-compat/openssl-compat.h] addDamien Miller
OPENSSL_[RD]SA_MAX_MODULUS_BITS defines for OpenSSL that lacks them
2014-08-27 - (djm) [openbsd-compat/explicit_bzero.c] implement explicit_bzero()Damien Miller
using memset_s() where possible; improve fallback to indirect bzero via a volatile pointer to give it more of a chance to avoid being optimised away.
2014-08-27 - (djm) [monitor.c sshd.c] SIGXFSZ needs to be ignored in postauthDamien Miller
monitor, not preauth; bz#2263