Age | Commit message (Collapse) | Author |
|
|
|
[ssh.c]
delay lowercasing of hostname until right before hostname
canonicalisation to unbreak case-sensitive matching of ssh_config;
reported by Ike Devolder; ok markus@
|
|
[digest-libc.c digest-openssl.c]
convert memset of potentially-private data to explicit_bzero()
|
|
[ssh-ecdsa.c]
fix memory leak; ECDSA_SIG_new() allocates 'r' and 's' for us, unlike
DSA_SIG_new. Reported by Batz Spear; ok markus@
|
|
[auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c]
[buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c]
[kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c]
[monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c]
[ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c]
[ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c]
[sshd.c]
convert memset of potentially-private data to explicit_bzero()
|
|
[auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c]
[channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c]
[kexc25519.c krl.c monitor.c sandbox-systrace.c session.c]
[sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c]
[openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h]
replace most bzero with explicit_bzero, except a few that cna be memset
ok djm dtucker
|
|
[sandbox-systrace.c]
allow shutdown(2) syscall in sandbox - it may be called by packet_close()
from portable
(Id sync only; change is already in portable)
|
|
[sshd_config.5]
document kbdinteractiveauthentication;
requested From: Ross L Richardson
dtucker/markus helped explain its workings;
|
|
[Makefile.in auth.h auth2-jpake.c auth2.c jpake.c jpake.h monitor.c]
[monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h]
[schnorr.c schnorr.h servconf.c servconf.h ssh2.h sshconnect2.c]
remove experimental, never-enabled JPAKE code; ok markus@
|
|
[sshd.c]
use kill(0, ...) instead of killpg(0, ...); on most operating systems
they are equivalent, but SUSv2 describes the latter as having undefined
behaviour; from portable; ok dtucker
(Id sync only; change is already in portable)
|
|
[ssh-keyscan.1]
kill some bad Pa;
From: Jan Stary
|
|
[digest.c digest-openssl.c digest-libc.c Makefile.in]
rename digest.c to digest-openssl.c and add libc variant; ok djm@
|
|
[auth-rsa.c cipher.c ssh-agent.c sshconnect1.c sshd.c]
replace openssl MD5 with our ssh_digest_*; ok djm@
|
|
[Makefile.in digest.c digest.h hostfile.c kex.h mac.c hmac.c hmac.h]
replace openssl HMAC with an implementation based on our ssh_digest_*
ok and feedback djm@
|
|
|
|
build with HP-UX's compiler. Patch from Kevin Brott.
|
|
syscall from sandboxes; it may be called by packet_close.
|
|
|
|
|
|
different symbols for 'read' when various compiler flags are
in use, causing atomicio.c comparisons against it to break and
read/write operations to hang; ok dtucker
|
|
in headers that actually exist. patch from Tom G. Christensen;
ok dtucker@
|
|
Tom G. Christensen
|
|
when used as an error message inside an if statement so we display the
correct into. agent.sh patch from Petr Lautrbach.
|
|
latter being specified to have undefined behaviour in SUSv3;
ok dtucker
|
|
ok dtucker
|
|
implementations (eg older Solaris) do not cope with.
|
|
|
|
|
|
RLIMIT_NOFILE pseudo-sandbox on FreeBSD. In some configurations,
libc will attempt to open additional file descriptors for crypto
offload and crash if they cannot be opened.
|
|
[kex.c]
dh_need needs to be set to max(seclen, blocksize, ivlen, mac_len)
ok dtucker@, noted by mancha
|
|
[cipher.c cipher.h kex.c kex.h kexgexc.c]
Add a special case for the DH group size for 3des-cbc, which has an
effective strength much lower than the key size. This causes problems
with some cryptlib implementations, which don't support group sizes larger
than 4k but also don't use the largest group size it does support as
specified in the RFC. Based on a patch from Petr Lautrbach at Redhat,
reduced by me with input from Markus. ok djm@ markus@
|
|
against the correct thing.
|
|
sys/capability.h exists and cap_rights_limit is in libc. Fixes
build on FreeBSD9x which provides the header but not the libc
support.
|
|
|
|
the scp regress test actually test the built scp rather than the one
in $PATH. ok dtucker@
|
|
incompatible with OpenBSD's despite post-dating it by more than a decade.
Declare it as broken, and document FreeBSD's as the same. ok djm@
|
|
|
|
platform hardening options: include some long long int arithmatic
to detect missing support functions for -ftrapv in libgcc and
equivalents, actually test linking when -ftrapv is supplied and
set either both -pie/-fPIE or neither. feedback and ok dtucker@
|
|
to build Position Independent Executables on gcc >= 4.x; ok dtucker
|
|
platform that is expected to use the reuse-argv style setproctitle
hack surprises us by providing a setproctitle in libc; ok dtucker
|
|
and OSSH_CHECK_LDFLAG_LINK tests to give them a better chance of
detecting toolchain-related problems; ok dtucker
|
|
with sftp chroot support. Move set_id call after chroot.
|
|
tests in the configure output. ok djm.
|
|
to on platforms where it's known to be reliably detected and off elsewhere.
Works around platforms such as FreeBSD 9.1 where it does not interop with
-ftrapv (it seems to work but fails when trying to link ssh). ok djm@
|
|
skip one or more key types (e.g. RHEL/CentOS 6.5); ok dtucker@
|
|
implementation does not have krb5_cc_new_unique, similar to what we do
in auth-krb5.c.
|
|
[digest.c]
memleak; found by Loganaden Velvindron @ AfriNIC; ok markus@
|
|
[addrmatch.c]
Cast the sizeof to socklen_t so it'll work even if the supplied len is
negative. Suggested by and ok djm, ok deraadt.
|
|
[ssh_config.5]
fix inverted meaning of 'no' and 'yes' for CanonicalizeFallbackLocal
|
|
[canohost.c addrmatch.c]
Cast socklen_t when comparing to size_t and use socklen_t to iterate over
the ip options, both to prevent signed/unsigned comparison warnings.
Patch from vinschen at redhat via portable openssh, begrudging ok deraadt.
|