Age | Commit message (Collapse) | Author |
|
[contrib/suse/openssh.spec] Crank version numbers
|
|
for UsePAM=yes configuration
|
|
[integrity.sh]
Add an option to modpipe that warns if the modification offset it not
reached in it's stream and turn it on for t-integrity. This should catch
cases where the session is not fuzzed for being too short (cf. my last
"oops" commit)
|
|
to use Solaris native GSS libs. Patch from Pierre Ossman.
|
|
|
|
bsd/libutil.h to libutil.h to avoid deprecation warnings on Ubuntu.
ok tim
|
|
seccomp-bpf sandbox on ARM. Patch from shawnlandden AT gmail.com;
ok dtucker
|
|
libgss too. Patch from Pierre Ossman, ok djm.
|
|
ssh(1) since they're not needed. Patch from Pierre Ossman.
|
|
|
|
[regress/modpipe.c]
s/Id/OpenBSD/ in RCS tag
|
|
[regress/integrity.sh regress/modpipe.c]
Add an option to modpipe that warns if the modification offset it not
reached in it's stream and turn it on for t-integrity. This should catch
cases where the session is not fuzzed for being too short (cf. my last
"oops" commit)
|
|
err.h include from krl.c. Additional portability fixes for modpipe. OK djm
|
|
|
|
lack support for SHA2.
|
|
[integrity.sh]
oops, forgot to increase the output of the ssh command to ensure that
we actually reach $offset
|
|
[integrity.sh]
crank the offset yet again; it was still fuzzing KEX one of Darren's
portable test hosts at 2800
|
|
[integrity.sh]
make the ssh command generates some output to ensure that there are at
least offset+tries bytes in the stream.
|
|
[integrity.sh]
make sure the fuzz offset is actually past the end of KEX for all KEX
types. diffie-hellman-group-exchange-sha256 requires an offset around
2700. Noticed via test failures in portable OpenSSH on platforms that
lack ECC and this the more byte-frugal ECDH KEX algorithms.
|
|
an argument. Pointed out by djm.
|
|
group strto* function prototypes together.
|
|
[sshconnect2.c]
Warn more loudly if an IdentityFile provided by the user cannot be read.
bz #1981, ok djm@
|
|
openbsd-compat/openbsd-compat.h] Add strtoull to compat library for
platforms that don't have it.
|
|
|
|
Use getpgrp() if we don't have getpgid() (old BSDs, maybe others).
|
|
[auth2-pubkey.c]
Correct error message that had a typo and was logging the wrong thing;
patch from Petr Lautrbach
|
|
Iain Morgan
|
|
of 2300) to avoid clobbering the end of (non-MAC'd) KEX. Verified by
Iain Morgan
|
|
|
|
|
|
|
|
[try-ciphers.sh]
remove acss here too
|
|
[sshd.c]
Add openssl version to debug output similar to the client. ok markus@
|
|
[packet.c]
record "Received disconnect" messages at ERROR rather than INFO priority,
since they are abnormal and result in a non-zero ssh exit status; patch
from Iain Morgan in bz#2057; ok dtucker@
|
|
[ssh-keygen.c]
append to moduli file when screening candidates rather than overwriting.
allows resumption of interrupted screen; patch from Christophe Garault
in bz#1957; ok dtucker@
|
|
[version.h]
openssh 6.2
|
|
[sftp.c]
fix NULL deref when built without libedit and control characters
entered as command; debugging and patch from Iain Morgan an
Loganaden Velvindron in bz#1956
|
|
[auth.c]
Fix comment, from jfree.e1 at gmail
|
|
[servconf.c sshd_config sshd_config.5]
Change default of MaxStartups to 10:30:100 to start doing random early
drop at 10 connections up to 100 connections. This will make it harder
to DoS as CPUs have come a long way since the original value was set
back in 2000. Prompted by nion at debian org, ok markus@
|
|
[krl.c]
actually use the xrealloc() return value; spotted by xi.wang AT gmail.com
|
|
[Makefile.in acss.c acss.h cipher-acss.c cipher.c]
[openbsd-compat/openssl-compat.h]
remove ACSS, now that it is gone from libcrypto too
|
|
[krl.c]
redo last commit without the vi-vomit that snuck in:
skip serial lookup when cert's serial number is zero
(now with 100% better comment)
|
|
[krl.c]
Revert last. Breaks due to likely typo. Let djm@ fix later.
ok djm@ via dlg@
|
|
[krl.c]
skip serial lookup when cert's serial number is zero
|
|
- djm@cvs.openbsd.org 2013/01/24 21:45:37
[krl.c]
fix handling of (unused) KRL signatures; skip string in correct buffer
|
|
libcrypto that lacks EVP_CIPHER_CTX_ctrl
|
|
__attribute__ on return values and work around if necessary. ok djm@
|
|
patch from Iain Morgan in bz#2059
|
|
at configure time; the seccomp sandbox will fall back to rlimit at
runtime anyway. Patch from plautrba AT redhat.com in bz#2011
|
|
|