| Age | Commit message (Collapse) | Author |
|---|
|
tweak previous;
|
|
document FingerprintHash here too
|
|
|
|
Add FingerprintHash option to control algorithm used for
key fingerprints. Default changes from MD5 to SHA256 and format from hex to
base64.
Feedback and ok naddy@ markus@
|
|
don't count partial authentication success as a failure
against MaxAuthTries; ok deraadt@
|
|
revert chunk I didn't mean to commit yet; via jmc@
|
|
revision 1.2
date: 2014/12/08 03:45:00; author: bcook; state: Exp; lines: +2 -2; commitid: 7zWEBgJJOCZ2hvTV;
avoid left shift overflow in reallocarray.
Some 64-bit platforms (e.g. Windows 64) have a 32-bit long. So, shifting
1UL 32-bits to the left causes an overflow. This replaces the constant 1UL with
(size_t)1 so that we get the correct constant size for the platform.
discussed with tedu@ & deraadt@
|
|
from Fedora
|
|
explicitly include sys/param.h in files that use the
howmany() macro; from portable
|
|
mention AuthorizedKeysCommandUser must be set for
AuthorizedKeysCommand to be run; bz#2287
|
|
show in debug output which hostkeys are being tried when
attempting hostbased auth; patch from Iain Morgan
|
|
Make manual reflect reality: sftp-server's -d option
accepts a "%d" option, not a "%h" one.
bz#2316; reported by Kirk Wolf
|
|
better error value for invalid signature length
|
|
unused code. Should fix compile error reported by plautrba at redhat.
|
|
|
|
add tests for new client RevokedHostKeys option; refactor
to make it a bit more readable
|
|
Nuke yet more obvious #include duplications.
ok deraadt@
|
|
key_in_file() wrapper is no longer used
|
|
add RevokedHostKeys option for the client
Allow textfile or KRL-based revocation of hostkeys.
|
|
convert KRL code to new buffer API
ok markus@
|
|
Prefer setvbuf() to setlinebuf() for portability; ok
deraadt@
|
|
Fix crashes in the handling of the sshd config file found
with the afl fuzzer.
ok deraadt@ djm@
|
|
Patch from Corinna Vinschen
|
|
Permits the use of multiple sshd running with different service names.
Patch by Florian Friesdorf via Corinna Vinschen
|
|
restore word zapped in previous, and remove some useless
"No" macros;
|
|
/dev/random has created the same effect as /dev/arandom
(and /dev/urandom) for quite some time. Mop up the last few, by using
/dev/random where we actually want it, or not even mentioning arandom where
it is irrelevant.
|
|
fix NULL pointer dereference crash on invalid timestamp
found using Michal Zalewski's afl fuzzer
|
|
Sync AES code to the one shipped in OpenSSL/LibreSSL.
This includes a commit made by Andy Polyakov <appro at openssl ! org>
to the OpenSSL source tree on Wed, 28 Jun 2006 with the following
message: "Mitigate cache-collision timing attack on last round."
OK naddy, miod, djm
|
|
Nuke more obvious #include duplications.
ok deraadt@ millert@ tedu@
|
|
fix KRL generation when multiple CAs are in use
We would generate an invalid KRL when revoking certs by serial
number for multiple CA keys due to a section being written out
twice.
Also extend the regress test to catch this case by having it
produce a multi-CA KRL.
Reported by peter AT pean.org
|
|
fix NULL pointer dereference crash in key loading
found by Michal Zalewski's AFL fuzzer
|
|
fix KRL generation when multiple CAs are in use
We would generate an invalid KRL when revoking certs by serial
number for multiple CA keys due to a section being written out
twice.
Also extend the regress test to catch this case by having it
produce a multi-CA KRL.
Reported by peter AT pean.org
|
|
Reduce instances of `` '' in manuals.
troff displays these as typographic quotes, but nroff implementations
almost always print them literally, which rarely has the intended effect
with modern fonts, even in stock xterm.
These uses of `` '' can be replaced either with more semantic alternatives
or with Dq, which prints typographic quotes in a UTF-8 locale (but will
automatically fall back to `` '' in an ASCII locale).
improvements and ok schwarze@
|
|
mux-related manual tweaks
mention ControlPersist=0 is the same as ControlPersist=yes
recommend that ControlPath sockets be placed in a og-w directory
|
|
Makes the Cygwin-specific ssh-user-config script independent of the
existence of /etc/passwd. The next Cygwin release will allow to
generate passwd and group entries from the Windows account DBs, so the
scripts have to adapt.
from Corinna Vinschen
|
|
|
|
Remove unnecessary include: netinet/in_systm.h is not needed
by these programs.
NB. skipped for portable
ok deraadt@ millert@
|
|
whitespace
|
|
plug a memory leak; from Maxime Villard.
ok djm@
|
|
tweak previous;
|
|
whitespace
|
|
Tweak config reparsing with host canonicalisation
Make the second pass through the config files always run when
hostname canonicalisation is enabled.
Add a "Match canonical" criteria that allows ssh_config Match
blocks to trigger only in the second config pass.
Add a -G option to ssh that causes it to parse its configuration
and dump the result to stdout, similar to "sshd -T"
Allow ssh_config Port options set in the second config parse
phase to be applied (they were being ignored).
bz#2267 bz#2286; ok markus
|
|
another -Wpointer-sign from clang
|
|
fix a few -Wpointer-sign warnings from clang
|
|
parse cert sections using nested buffers to reduce
copies; ok markus
|
|
correct options in usage(); from mancha1 AT zoho.com
|
|
mention permissions on tun(4) devices in PermitTunnel
documentation; bz#2273
|
|
tighten permissions on pty when the "tty" group does
not exist; pointed out by Corinna Vinschen; ok markus
|
|
typo.
|
|
improve capitalization for the Ed25519 public-key
signature system.
ok djm@
|
