summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-01-30upstream commitdtucker@openbsd.org
Allow RekeyLimits in excess of 4G up to 2**63 bits (limited by the return type of scan_scaled). Part of bz#2521, ok djm. Upstream-ID: 13bea82be566b9704821b1ea05bf7804335c7979
2016-01-30upstream commitdtucker@openbsd.org
Account for packets buffered but not yet processed when computing whether or not it is time to perform rekeying. bz#2521, based loosely on a patch from olo at fb.com, ok djm@ Upstream-ID: 67e268b547f990ed220f3cb70a5624d9bda12b8c
2016-01-27upstream commitdjm@openbsd.org
change old $FreeBSD version string in comment so it doesn't become an RCS ident downstream; requested by des AT des.no Upstream-ID: 8ca558c01f184e596b45e4fc8885534b2c864722
2016-01-27upstream commitdjm@openbsd.org
make the debug messages a bit more useful here Upstream-ID: 478ccd4e897e0af8486b294aa63aa3f90ab78d64
2016-01-27upstream commitjsg@openbsd.org
Zero a stack buffer with explicit_bzero() instead of memset() when returning from client_loop() for consistency with buffer_free()/sshbuf_free(). ok dtucker@ deraadt@ djm@ Upstream-ID: bc9975b2095339811c3b954694d7d15ea5c58f66
2016-01-27upstream commitdtucker@openbsd.org
Include sys/time.h for gettimeofday. From sortie at maxsi.org. Upstream-ID: 6ed0c33b836d9de0a664cd091e86523ecaa2fb3b
2016-01-27upstream commitmarkus@openbsd.org
fd leaks; report Qualys Security Advisory team; ok deraadt@ Upstream-ID: 4ec0f12b9d8fa202293c9effa115464185aa071d
2016-01-27upstream commitmarkus@openbsd.org
remove roaming support; ok djm@ Upstream-ID: 2cab8f4b197bc95776fb1c8dc2859dad0c64dc56
2016-01-27upstream commitderaadt@openbsd.org
Disable experimental client-side roaming support. Server side was disabled/gutted for years already, but this aspect was surprisingly forgotten. Thanks for report from Qualys Upstream-ID: 2328004b58f431a554d4c1bf67f5407eae3389df
2016-01-27bump version numbersDamien Miller
2016-01-27openssh-7.1p2Damien Miller
2016-01-14Import openssh_7.1p2.orig.tar.gzColin Watson
2016-01-15forcibly disable roaming support in the clientDamien Miller
2016-01-14bump version numbersDamien Miller
2016-01-14openssh-7.1p2Damien Miller
2016-01-14forcibly disable roaming support in the clientDamien Miller
2016-01-14upstream commitdjm@openbsd.org
some more bzero->explicit_bzero, from Michael McConville Upstream-ID: 17f19545685c33327db2efdc357c1c9225ff00d0
2016-01-14upstream commitguenther@openbsd.org
Use explicit_bzero() when zeroing before free() from Michael McConville (mmcconv1 (at) sccs.swarthmore.edu) ok millert@ djm@ Upstream-ID: 2e3337db046c3fe70c7369ee31515ac73ec00f50
2016-01-14upstream commitdjm@openbsd.org
fix OOB read in packet code caused by missing return statement found by Ben Hawkes; ok markus@ deraadt@ Upstream-ID: a3e3a85434ebfa0690d4879091959591f30efc62
2016-01-14read back from libcrypto RAND when privdroppingDamien Miller
makes certain libcrypto implementations cache a /dev/urandom fd in preparation of sandboxing. Based on patch by Greg Hartman.
2016-01-14upstream commitdjm@openbsd.org
unbreak connections with peers that set first_kex_follows; fix from Matt Johnston va bz#2515 Upstream-ID: decc88ec4fc7515594fdb42b04aa03189a44184b
2016-01-14upstream commitdjm@openbsd.org
use explicit_bzero() more liberally in the buffer code; ok deraadt Upstream-ID: 0ece37069fd66bc6e4f55eb1321f93df372b65bf
2016-01-14upstream commitdjm@openbsd.org
eliminate fallback from untrusted X11 forwarding to trusted forwarding when the X server disables the SECURITY extension; Reported by Thomas Hoger; ok deraadt@ Upstream-ID: f76195bd2064615a63ef9674a0e4096b0713f938
2016-01-13upstream commitdjm@openbsd.org
use explicit_bzero() more liberally in the buffer code; ok deraadt Upstream-ID: 0ece37069fd66bc6e4f55eb1321f93df372b65bf
2016-01-08Support Illumos/Solaris fine-grained privilegesDamien Miller
Includes a pre-auth privsep sandbox and several pledge() emulations. bz#2511, patch by Alex Wilson. ok dtucker@
2016-01-07upstream commitdjm@openbsd.org
fix three bugs in KRL code related to (unused) signature support: verification length was being incorrectly calculated, multiple signatures were being incorrectly processed and a NULL dereference that occurred when signatures were verified. Reported by Carl Jackson Upstream-ID: e705e97ad3ccce84291eaa651708dd1b9692576b
2016-01-07upstream commitdjm@openbsd.org
unused prototype Upstream-ID: f3eef4389d53ed6c0d5c77dcdcca3060c745da97
2016-01-07upstream commitguenther@openbsd.org
Use pread/pwrite instead separate lseek+read/write for lastlog. Cast to off_t before multiplication to avoid truncation on ILP32 ok kettenis@ mmcc@ Upstream-ID: fc40092568cd195719ddf1a00aa0742340d616cf
2016-01-07upstream commitsemarie@openbsd.org
adjust pledge promises for ControlMaster: when using "ask" or "autoask", the process will use ssh-askpass for asking confirmation. problem found by halex@ ok halex@ Upstream-ID: 38a58b30ae3eef85051c74d3c247216ec0735f80
2015-12-18upstream commitdjm@openbsd.org
unbreak connections with peers that set first_kex_follows; fix from Matt Johnston va bz#2515 Upstream-ID: decc88ec4fc7515594fdb42b04aa03189a44184b
2015-12-18upstream commitdoug@openbsd.org
Add "id" to ssh-agent pledge for subprocess support. Found the hard way by Jan Johansson when using ssh-agent with X. Also, rearranged proc/exec and retval to match other pledge calls in the tree. ok djm@ Upstream-ID: 914255f6850e5e7fa830a2de6c38605333b584db
2015-12-18upstream commitmmcc@openbsd.org
Remove NULL-checks before sshbuf_free(). ok djm@ Upstream-ID: 5ebed00ed5f9f03b119a345085e8774565466917
2015-12-18upstream commitdjm@openbsd.org
include remote port number in a few more messages; makes tying log messages together into a session a bit easier; bz#2503 ok dtucker@ Upstream-ID: 9300dc354015f7a7368d94a8ff4a4266a69d237e
2015-12-18upstream commitdjm@openbsd.org
don't try to load SSHv1 private key when compiled without SSHv1 support. From Iain Morgan bz#2505 Upstream-ID: 8b8e7b02a448cf5e5635979df2d83028f58868a7
2015-12-18upstream commitdjm@openbsd.org
use SSH_MAX_PUBKEY_BYTES consistently as buffer size when reading key files. Increase it to match the size of the buffers already being used. Upstream-ID: 1b60586b484b55a947d99a0b32bd25e0ced56fae
2015-12-18upstream commitmmcc@openbsd.org
Remove NULL-checks before sshkey_free(). ok djm@ Upstream-ID: 3e35afe8a25e021216696b5d6cde7f5d2e5e3f52
2015-12-18upstream commitdtucker@openbsd.org
fflush stdout so that output is seen even when running in debug mode when output may otherwise not be flushed. Patch from dustin at null-ptr.net. Upstream-ID: b0c6b4cd2cdb01d7e9eefbffdc522e35b5bc4acc
2015-12-15Increase robustness of redhat/openssh.specDarren Tucker
- remove configure --with-rsh, because this option isn't supported anymore - replace last occurrence of BuildPreReq by BuildRequires - update grep statement to query the krb5 include directory Patch from CarstenGrohmann via github, ok djm.
2015-12-15Allow --without-ssl-engine with --without-opensslDarren Tucker
Patch from Mike Frysinger via github.
2015-12-15Include openssl crypto.h for SSLeay.Darren Tucker
Patch from doughdemon via github.
2015-12-15Add sys/time.h for gettimeofday.Darren Tucker
Should allow it it compile with MUSL libc. Based on patch from doughdemon via github.
2015-12-11upstream commitdjm@openbsd.org
correct error messages; from Tomas Kuthan bz#2507 Upstream-ID: 7454a0affeab772398052954c79300aa82077093
2015-12-11upstream commitmmcc@openbsd.org
Pass (char *)NULL rather than (char *)0 to execl and execlp. ok dtucker@ Upstream-ID: 56c955106cbddba86c3dd9bbf786ac0d1b361492
2015-12-11upstream commitmmcc@openbsd.org
Remove NULL-checks before free(). ok dtucker@ Upstream-ID: e3d3cb1ce900179906af36517b5eea0fb15e6ef8
2015-12-11upstream commitmmcc@openbsd.org
Fix a couple "the the" typos. ok dtucker@ Upstream-ID: ec364c5af32031f013001fd28d1bd3dfacfe9a72
2015-12-11upstream commitmarkus@openbsd.org
stricter encoding type checks for ssh-rsa; ok djm@ Upstream-ID: 8cca7c787599a5e8391e184d0b4f36fdc3665650
2015-12-09Don't set IPV6_V6ONLY on OpenBSDDamien Miller
It isn't necessary and runs afoul of pledge(2) restrictions.
2015-12-07upstream commitdjm@openbsd.org
basic unit tests for rsa-sha2-* signature types Upstream-Regress-ID: 7dc4b9db809d578ff104d591b4d86560c3598d3c
2015-12-07upstream commitmarkus@openbsd.org
prefer rsa-sha2-512 over -256 for hostkeys, too; noticed by naddy@ Upstream-ID: 685f55f7ec566a8caca587750672723a0faf3ffe
2015-12-07upstream committobias@openbsd.org
Properly handle invalid %-format by calling fatal. ok deraadt, djm Upstream-ID: 5692bce7d9f6eaa9c488cb93d3b55e758bef1eac