| Age | Commit message (Collapse) | Author |
|---|
|
fix KRL generation when multiple CAs are in use
We would generate an invalid KRL when revoking certs by serial
number for multiple CA keys due to a section being written out
twice.
Also extend the regress test to catch this case by having it
produce a multi-CA KRL.
Reported by peter AT pean.org
|
|
fix NULL pointer dereference crash in key loading
found by Michal Zalewski's AFL fuzzer
|
|
fix KRL generation when multiple CAs are in use
We would generate an invalid KRL when revoking certs by serial
number for multiple CA keys due to a section being written out
twice.
Also extend the regress test to catch this case by having it
produce a multi-CA KRL.
Reported by peter AT pean.org
|
|
Reduce instances of `` '' in manuals.
troff displays these as typographic quotes, but nroff implementations
almost always print them literally, which rarely has the intended effect
with modern fonts, even in stock xterm.
These uses of `` '' can be replaced either with more semantic alternatives
or with Dq, which prints typographic quotes in a UTF-8 locale (but will
automatically fall back to `` '' in an ASCII locale).
improvements and ok schwarze@
|
|
mux-related manual tweaks
mention ControlPersist=0 is the same as ControlPersist=yes
recommend that ControlPath sockets be placed in a og-w directory
|
|
Makes the Cygwin-specific ssh-user-config script independent of the
existence of /etc/passwd. The next Cygwin release will allow to
generate passwd and group entries from the Windows account DBs, so the
scripts have to adapt.
from Corinna Vinschen
|
|
|
|
Remove unnecessary include: netinet/in_systm.h is not needed
by these programs.
NB. skipped for portable
ok deraadt@ millert@
|
|
whitespace
|
|
plug a memory leak; from Maxime Villard.
ok djm@
|
|
tweak previous;
|
|
whitespace
|
|
Tweak config reparsing with host canonicalisation
Make the second pass through the config files always run when
hostname canonicalisation is enabled.
Add a "Match canonical" criteria that allows ssh_config Match
blocks to trigger only in the second config pass.
Add a -G option to ssh that causes it to parse its configuration
and dump the result to stdout, similar to "sshd -T"
Allow ssh_config Port options set in the second config parse
phase to be applied (they were being ignored).
bz#2267 bz#2286; ok markus
|
|
another -Wpointer-sign from clang
|
|
fix a few -Wpointer-sign warnings from clang
|
|
parse cert sections using nested buffers to reduce
copies; ok markus
|
|
correct options in usage(); from mancha1 AT zoho.com
|
|
mention permissions on tun(4) devices in PermitTunnel
documentation; bz#2273
|
|
tighten permissions on pty when the "tty" group does
not exist; pointed out by Corinna Vinschen; ok markus
|
|
typo.
|
|
improve capitalization for the Ed25519 public-key
signature system.
ok djm@
|
|
Free resources on error in mkstemp and fdopen
ok djm@
|
|
djm how did you make a typo like that...
|
|
When dumping the server configuration (sshd -T), print
correct KEX, MAC and cipher defaults. Spotted by Iain Morgan
|
|
~-expand lcd paths
|
|
|
|
Commit logs will be generated from git at release time.
|
|
|
|
|
|
|
|
|
|
[openbsd-compat/openbsd-compat.h] Kludge around bad glibc
_FORTIFY_SOURCE check that doesn't grok heap-allocated fd_sets;
ok dtucker@
|
|
patch from Felix von Leitner; ok dtucker
|
|
- (dtucker) [INSTALL] Update info about egd. ok djm@
|
|
|
|
permissions/ACLs; from Corinna Vinschen
|
|
conditionalise to avoid duplicate definition.
|
|
|
|
|
|
|
|
OPENSSL_[RD]SA_MAX_MODULUS_BITS defines for OpenSSL that lacks them
|
|
using memset_s() where possible; improve fallback to indirect bzero
via a volatile pointer to give it more of a chance to avoid being
optimised away.
|
|
monitor, not preauth; bz#2263
|
|
[regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c]
[regress/unittests/sshkey/common.c]
[regress/unittests/sshkey/test_file.c]
[regress/unittests/sshkey/test_fuzz.c]
[regress/unittests/sshkey/test_sshkey.c] Don't include openssl/ec.h
on !ECC OpenSSL systems
|
|
update OpenSSL version requirement.
|
|
|
|
PR_SET_DUMPABLE, so adjust ifdef; reported by Tom Christensen
|
|
just for systems that lack asprintf); check for it always and extend
test to catch more brokenness. Fixes builds on Solaris <= 9
|
|
lastlog writing on platforms with high UIDs; bz#2263
|
|
|
