| Age | Commit message (Collapse) | Author |
|---|
|
Nuke yet more obvious #include duplications.
ok deraadt@
|
|
key_in_file() wrapper is no longer used
|
|
add RevokedHostKeys option for the client
Allow textfile or KRL-based revocation of hostkeys.
|
|
convert KRL code to new buffer API
ok markus@
|
|
Prefer setvbuf() to setlinebuf() for portability; ok
deraadt@
|
|
Fix crashes in the handling of the sshd config file found
with the afl fuzzer.
ok deraadt@ djm@
|
|
Patch from Corinna Vinschen
|
|
Permits the use of multiple sshd running with different service names.
Patch by Florian Friesdorf via Corinna Vinschen
|
|
restore word zapped in previous, and remove some useless
"No" macros;
|
|
/dev/random has created the same effect as /dev/arandom
(and /dev/urandom) for quite some time. Mop up the last few, by using
/dev/random where we actually want it, or not even mentioning arandom where
it is irrelevant.
|
|
fix NULL pointer dereference crash on invalid timestamp
found using Michal Zalewski's afl fuzzer
|
|
Sync AES code to the one shipped in OpenSSL/LibreSSL.
This includes a commit made by Andy Polyakov <appro at openssl ! org>
to the OpenSSL source tree on Wed, 28 Jun 2006 with the following
message: "Mitigate cache-collision timing attack on last round."
OK naddy, miod, djm
|
|
Nuke more obvious #include duplications.
ok deraadt@ millert@ tedu@
|
|
fix KRL generation when multiple CAs are in use
We would generate an invalid KRL when revoking certs by serial
number for multiple CA keys due to a section being written out
twice.
Also extend the regress test to catch this case by having it
produce a multi-CA KRL.
Reported by peter AT pean.org
|
|
fix NULL pointer dereference crash in key loading
found by Michal Zalewski's AFL fuzzer
|
|
fix KRL generation when multiple CAs are in use
We would generate an invalid KRL when revoking certs by serial
number for multiple CA keys due to a section being written out
twice.
Also extend the regress test to catch this case by having it
produce a multi-CA KRL.
Reported by peter AT pean.org
|
|
Reduce instances of `` '' in manuals.
troff displays these as typographic quotes, but nroff implementations
almost always print them literally, which rarely has the intended effect
with modern fonts, even in stock xterm.
These uses of `` '' can be replaced either with more semantic alternatives
or with Dq, which prints typographic quotes in a UTF-8 locale (but will
automatically fall back to `` '' in an ASCII locale).
improvements and ok schwarze@
|
|
mux-related manual tweaks
mention ControlPersist=0 is the same as ControlPersist=yes
recommend that ControlPath sockets be placed in a og-w directory
|
|
Makes the Cygwin-specific ssh-user-config script independent of the
existence of /etc/passwd. The next Cygwin release will allow to
generate passwd and group entries from the Windows account DBs, so the
scripts have to adapt.
from Corinna Vinschen
|
|
|
|
Remove unnecessary include: netinet/in_systm.h is not needed
by these programs.
NB. skipped for portable
ok deraadt@ millert@
|
|
whitespace
|
|
plug a memory leak; from Maxime Villard.
ok djm@
|
|
tweak previous;
|
|
whitespace
|
|
Tweak config reparsing with host canonicalisation
Make the second pass through the config files always run when
hostname canonicalisation is enabled.
Add a "Match canonical" criteria that allows ssh_config Match
blocks to trigger only in the second config pass.
Add a -G option to ssh that causes it to parse its configuration
and dump the result to stdout, similar to "sshd -T"
Allow ssh_config Port options set in the second config parse
phase to be applied (they were being ignored).
bz#2267 bz#2286; ok markus
|
|
another -Wpointer-sign from clang
|
|
fix a few -Wpointer-sign warnings from clang
|
|
parse cert sections using nested buffers to reduce
copies; ok markus
|
|
correct options in usage(); from mancha1 AT zoho.com
|
|
mention permissions on tun(4) devices in PermitTunnel
documentation; bz#2273
|
|
tighten permissions on pty when the "tty" group does
not exist; pointed out by Corinna Vinschen; ok markus
|
|
typo.
|
|
improve capitalization for the Ed25519 public-key
signature system.
ok djm@
|
|
Free resources on error in mkstemp and fdopen
ok djm@
|
|
djm how did you make a typo like that...
|
|
When dumping the server configuration (sshd -T), print
correct KEX, MAC and cipher defaults. Spotted by Iain Morgan
|
|
~-expand lcd paths
|
|
|
|
Commit logs will be generated from git at release time.
|
|
|
|
|
|
|
|
|
|
[openbsd-compat/openbsd-compat.h] Kludge around bad glibc
_FORTIFY_SOURCE check that doesn't grok heap-allocated fd_sets;
ok dtucker@
|
|
patch from Felix von Leitner; ok dtucker
|
|
- (dtucker) [INSTALL] Update info about egd. ok djm@
|
|
|
|
permissions/ACLs; from Corinna Vinschen
|
|
conditionalise to avoid duplicate definition.
|
