Age | Commit message (Collapse) | Author |
|
revision 1.20
date: 2015/10/13 20:55:37; author: millert; state: Exp; lines: +2 -2; commitid: X39sl5ay1czgFIgp;
In rev 1.15 the sizeof argument was fixed in a strlcat() call but
the truncation check immediately following it was not updated to
match. Not an issue in practice since the buffers are the same
size. OK deraadt@
|
|
revision 1.19
date: 2015/01/16 16:48:51; author: deraadt; state: Exp; lines: +3 -3; commitid: 0DYulI8hhujBHMcR;
Move to the <limits.h> universe.
review by millert, binary checking process with doug, concept with guenther
|
|
revision 1.18
date: 2014/10/19 03:56:28; author: doug; state: Exp; lines: +9 -9; commitid: U6QxmtbXrGoc02S5;
Revert last commit due to changed semantics found by make release.
|
|
revision 1.17
date: 2014/10/18 20:43:52; author: doug; state: Exp; lines: +10 -10; commitid: I74hI1tVZtsspKEt;
Better POSIX compliance in realpath(3).
millert@ made changes to realpath.c based on FreeBSD's version. I merged
Todd's changes into dl_realpath.c.
ok millert@, guenther@
|
|
revision 1.16
date: 2013/04/05 12:59:54; author: kurt; state: Exp; lines: +3 -1;
- Add comments regarding copies of these files also in libexec/ld.so
okay guenther@
|
|
revision 1.15
date: 2012/09/13 15:39:05; author: deraadt; state: Exp; lines: +2 -2;
specify the bounds of the dst to strlcat (both values were static and
equal, but it is more correct)
from Michal Mazurek
|
|
revision 1.14
date: 2011/07/24 21:03:00; author: miod; state: Exp; lines: +35 -13;
Recent Single Unix will malloc memory if the second argument of realpath()
is NULL, and third-party software is starting to rely upon this.
Adapted from FreeBSD via Jona Joachim (jaj ; hcl-club , .lu), with minor
tweaks from nicm@ and yours truly.
|
|
apply PubkeyAcceptedKeyTypes filtering earlier, so all
skipped keys are noted before pubkey authentication starts. ok dtucker@
Upstream-ID: ba4f52f54268a421a2a5f98bb375403f4cb044b8
|
|
free the correct IV length, don't assume it's always the
cipher blocksize; ok dtucker@
Upstream-ID: c260d9e5ec73628d9ff4b067fbb060eff5a7d298
|
|
Change all tame callers to namechange to pledge(2).
Upstream-ID: 17e654fc27ceaf523c60f4ffd9ec7ae4e7efc7f2
|
|
OpenBSD only for now
|
|
include PubkeyAcceptedKeyTypes in ssh -G config dump
Upstream-ID: 6c097ce6ffebf6fe393fb7988b5d152a5d6b36bb
|
|
UsePrivilegeSeparation defaults to sandbox now.
ok djm@
Upstream-ID: bff136c38bcae89df82e044d2f42de21e1ad914f
|
|
don't try to change tun device flags if they are already
what we need; makes it possible to use tun/tap networking as non- root user
if device permissions and interface flags are pre-established; based on patch
by Ossi Herrala
Upstream-ID: 89099ac4634cd477b066865acf54cb230780fd21
|
|
|
|
adapt to recent sshkey_parse_private_fileblob() API
change
Upstream-Regress-ID: 5c0d818da511e33e0abf6a92a31bd7163b7ad988
|
|
fix command-line option to match what was actually
committed
Upstream-Regress-ID: 3e8c24a2044e8afd37e7ce17b69002ca817ac699
|
|
regress test for CertificateFile; patch from Meghana Bhat
via bz#2436
Upstream-Regress-ID: e7a6e980cbe0f8081ba2e83de40d06c17be8bd25
|
|
some more bzero->explicit_bzero, from Michael McConville
Upstream-ID: 17f19545685c33327db2efdc357c1c9225ff00d0
|
|
fix email
Upstream-ID: 72150f2d54b94de14ebef1ea054ef974281bf834
|
|
a sandbox using tame ok djm
Upstream-ID: 4ca24e47895e72f5daaa02f3e3d3e5ca2d820fa3
|
|
re-order system calls in order of risk, ok i'll be
honest, ordered this way they look like tame... ok djm
Upstream-ID: 42a1e6d251fd8be13c8262bee026059ae6328813
|
|
some certificatefile tweaks; ok djm
Upstream-ID: 0e5a7852c28c05fc193419cc7e50e64c1c535af0
|
|
add ssh_config CertificateFile option to explicitly list
a certificate; patch from Meghana Bhat on bz#2436; ok markus@
Upstream-ID: 58648ec53c510b41c1f46d8fe293aadc87229ab8
|
|
fix two typos.
Upstream-ID: 424402c0d8863a11b51749bacd7f8d932083b709
|
|
fix possible hang on closed output; bz#2469 reported by Tomas
Kuthan ok markus@
Upstream-ID: f7afd41810f8540f524284f1be6b970859f94fe3
|
|
skip if running as root; many systems (inc OpenBSD) allow
root to ptrace arbitrary processes
Upstream-Regress-ID: be2b925df89360dff36f972951fa0fa793769038
|
|
try all supported key types here; bz#2455 reported by
Jakub Jelen
Upstream-Regress-ID: 188cb7d9031cdbac3a0fa58b428b8fa2b2482bba
|
|
- Fix error message: passphrase needs to be at least 5
characters, not 4. - Remove unused function argument. - Remove two
unnecessary variables.
OK djm@
Upstream-ID: 13010c05bfa8b523da1c0dc19e81dd180662bc30
|
|
When adding keys to the agent, don't ignore the comment
of keys for which the user is prompted for a passphrase.
Tweak and OK djm@
Upstream-ID: dc737c620a5a8d282cc4f66e3b9b624e9abefbec
|
|
Use explicit_bzero() when zeroing before free()
from Michael McConville (mmcconv1 (at) sccs.swarthmore.edu)
ok millert@ djm@
Upstream-ID: 2e3337db046c3fe70c7369ee31515ac73ec00f50
|
|
sync -Q in usage() to SYNOPSIS; since it's drastically
shorter, i've reformatted the block to sync with the man (80 cols) and saved
a line;
Upstream-ID: 86e2c65c3989a0777a6258a77e589b9f6f354abd
|
|
tweak previous;
Upstream-ID: f29b3cfcfd9aa31fa140c393e7bd48c1c74139d6
|
|
Update usage to match man page.
Upstream-ID: 9e85aefaecfb6aaf34c7cfd0700cd21783a35675
|
|
expand %i in ControlPath to UID; bz#2449
patch from Christian Hesse w/ feedback from dtucker@
Upstream-ID: 2ba8d303e555a84e2f2165ab4b324b41e80ab925
|
|
mention -Q key-plain and -Q key-cert; bz#2455 pointed out
by Jakub Jelen
Upstream-ID: c8f1f8169332e4fa73ac96b0043e3b84e01d4896
|
|
Use ssh-keygen -A instead of per-keytype invocations when generating host
keys. Add tests when doing host-key-force since we can't use ssh-keygen -A
since it can't specify alternate locations. bz#2459, ok djm@
|
|
bz#2457, from konto-mindrot.org at walimnieto.com.
|
|
more clarity on what AuthorizedKeysFile=none does; based
on diff by Thiebaud Weksteen
Upstream-ID: 78ab87f069080f0cc3bc353bb04eddd9e8ad3704
|
|
openssh_RSA_verify return type is int, so don't make it
size_t within the function itself with only negative numbers or zero assigned
to it. bz#2460
Upstream-ID: b6e794b0c7fc4f9f329509263c8668d35f83ea55
|
|
Plug minor memory leaks when options are used more than
once. bz#2182, patch from Tiago Cunha, ok deraadt djm
Upstream-ID: 5b84d0401e27fe1614c10997010cc55933adb48e
|
|
bz#2259, from sconeu at yahoo.com.
|
|
|
|
full stop belongs outside the brackets, not inside;
Upstream-ID: 99d098287767799ac33d2442a05b5053fa5a551a
|
|
add a debug2() right before DNS resolution; it's a place
where ssh could previously silently hang for a while. bz#2433
Upstream-ID: 52a1a3e0748db66518e7598352c427145692a6a0
|
|
correct function name in error messages
Upstream-ID: 92fb2798617ad9561370897f4ab60adef2ff4c0e
|
|
better document ExitOnForwardFailure; bz#2444, ok
dtucker@
Upstream-ID: a126209b5a6d9cb3117ac7ab5bc63d284538bfc2
|
|
don't record hostbased authentication hostkeys as user
keys in test for multiple authentication with the same key
Upstream-ID: 26b368fa2cff481f47f37e01b8da1ae5b57b1adc
|
|
remove extra newline in nethack-mode hostkey; from
Christian Hesse bz#2686
Upstream-ID: 4f56368b1cc47baeea0531912186f66007fd5b92
|
|
trim junk from end of file; bz#2455 from Jakub Jelen
Upstream-Regress-ID: a4e64e8931e40d23874b047074444eff919cdfe6
|