summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-04-01upstream commitdjm@openbsd.org
downgrade error() for known_hosts parse errors to debug() to quiet warnings from ssh1 keys present when compiled !ssh1. also identify ssh1 keys when scanning, even when compiled !ssh1 ok markus@ miod@
2015-04-01upstream commitdjm@openbsd.org
fd leak for !ssh1 case; found by unittests; ok markus@
2015-04-01upstream commitdjm@openbsd.org
don't fatal when a !ssh1 sshd is reexeced from a w/ssh1 listener; reported by miod@; ok miod@ markus@
2015-04-01upstream committobias@openbsd.org
Comments are only supported for RSA1 keys. If a user tried to add one and entered his passphrase, explicitly clear it before exit. This is done in all other error paths, too. ok djm
2015-04-01upstream commitjmc@openbsd.org
ssh-askpass(1) is the default, overridden by SSH_ASKPASS; diff originally from jiri b;
2015-03-30upstream commitdjm@openbsd.org
fix uninitialised memory read when parsing a config file consisting of a single nul byte. Found by hanno AT hboeck.de using AFL; ok dtucker
2015-03-27upstream commitmarkus@openbsd.org
sigp and lenp are not optional in ssh_agent_sign(); ok djm@
2015-03-27upstream commitnaddy@openbsd.org
don't try to load .ssh/identity by default if SSH1 is disabled; ok markus@
2015-03-27upstream commitdjm@openbsd.org
ban all-zero curve25519 keys as recommended by latest CFRG curves draft; ok markus
2015-03-27upstream commitdjm@openbsd.org
relax bits needed check to allow diffie-hellman-group1-sha1 key exchange to complete for chacha20-poly1305 was selected as symmetric cipher; ok markus
2015-03-27upstream commitmarkus@openbsd.org
ignore v1 errors on ssh-add -D; only try v2 keys on -l/-L (unless WITH_SSH1) ok djm@
2015-03-27upstream commitmarkus@openbsd.org
unbreak ssh_agent_sign (lenp vs *lenp)
2015-03-27upstream commitmarkus@openbsd.org
don't leak 'setp' on error; noted by Nicholas Lemonias; ok djm@
2015-03-27upstream commitmarkus@openbsd.org
consistent check for NULL as noted by Nicholas Lemonias; ok djm@
2015-03-27upstream commitmarkus@openbsd.org
correct fmt-string for size_t as noted by Nicholas Lemonias; ok djm@
2015-03-27upstream commitdjm@openbsd.org
promote chacha20-poly1305@openssh.com to be the default cipher; ok markus
2015-03-27upstream commitdjm@openbsd.org
Compile-time disable SSH protocol 1. You can turn it back on using the Makefile.inc knob if you need it to talk to ancient devices.
2015-03-27upstream commitdjm@openbsd.org
fix double-negative error message "ssh1 is not unsupported"
2015-03-23upstream commitdjm@openbsd.org
for ssh-keygen -A, don't try (and fail) to generate ssh v.1 keys when compiled without SSH1 support RSA/DSA/ECDSA keys when compiled without OpenSSL based on patch by Mike Frysinger; bz#2369
2015-03-23upstream commitdjm@openbsd.org
KRL support doesn't need OpenSSL anymore, remove #ifdefs from around call
2015-03-23upstream commitdjm@openbsd.org
#if 0 some more arrays used only for decrypting (we don't use since we only need encrypt for AES-CTR)
2015-03-23upstream commitjsg@openbsd.org
add back the changes from rev 1.206, djm reverted this by mistake in rev 1.207
2015-03-20remove error() accidentally inserted for debuggingDamien Miller
pointed out by Christian Hesse
2015-03-16portability fix: Solaris systems may not have a grep that understands -qTim Rice
2015-03-11fix compile with clangDamien Miller
2015-03-11make unit tests work for !OPENSSH_HAS_ECCDamien Miller
2015-03-09upstream commitdjm@openbsd.org
unbreak for w/SSH1 (default) case; ok markus@ deraadt@
2015-03-05unbreak hostkeys test for w/ SSH1 caseDamien Miller
2015-03-06upstream commitdjm@openbsd.org
fix sshkey_certify() return value for unsupported key types; ok markus@ deraadt@
2015-03-04update version numbers to match version.hDamien Miller
2015-03-05upstream commitdjm@openbsd.org
make these work with !SSH1; ok markus@ deraadt@
2015-03-05upstream commitdjm@openbsd.org
make ssh-add -D work with !SSH1 agent
2015-03-04netcat needs poll.h portability goopDamien Miller
2015-03-05upstream commitmarkus@openbsd.org
make it possible to run tests w/o ssh1 support; ok djm@
2015-03-05upstream commitdjm@openbsd.org
crank; ok markus, deraadt
2015-03-03more --without-ssh1 fixesDamien Miller
2015-03-03fix merge both that broke --without-ssh1 compileDamien Miller
2015-03-04upstream commitdjm@openbsd.org
add SSH1 Makefile knob to make it easier to build without SSH1 support; ok markus@
2015-03-04upstream commitdjm@openbsd.org
expand __unused to full __attribute__ for better portability
2015-03-04avoid warningDamien Miller
2015-03-04Revert "define __unused to nothing if not already defined"Damien Miller
This reverts commit 1598419e38afbaa8aa5df8dd6b0af98301e2c908. Some system headers have objects named __unused
2015-03-04check for crypt and DES_crypt in openssl blockDamien Miller
fixes builds on systems that use DES_crypt; based on patch from Roumen Petrov
2015-03-04define __unused to nothing if not already definedDamien Miller
fixes builds on BSD/OS
2015-03-04upstream commitdjm@openbsd.org
reorder logic for better portability; patch from Roumen Petrov
2015-03-04upstream commitdjm@openbsd.org
Allow "ssh -Q protocol-version" to list supported SSH protocol versions. Useful for detecting builds without SSH v.1 support; idea and ok markus@
2015-03-03upstream commitmillert@openbsd.org
Make sure we only call getnameinfo() for AF_INET or AF_INET6 sockets. getpeername() of a Unix domain socket may return without error on some systems without actually setting ss_family so getnameinfo() was getting called with ss_family set to AF_UNSPEC. OK djm@
2015-02-28portability fixes for regress/netcat.cDamien Miller
Mostly avoiding "err(1, NULL)"
2015-02-28twiddle another test for portabilityDamien Miller
from Tom G. Christensen
2015-02-27twiddle test for portabilityDamien Miller
2015-02-26make regress/netcat.c fd passing (more) portableDamien Miller