summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* bump version numbersV_7_1_P2V_7_1Damien Miller2016-01-143-3/+3
|
* openssh-7.1p2Damien Miller2016-01-141-1/+1
|
* forcibly disable roaming support in the clientDamien Miller2016-01-142-6/+2
|
* upstream commitdjm@openbsd.org2016-01-142-7/+7
| | | | | | some more bzero->explicit_bzero, from Michael McConville Upstream-ID: 17f19545685c33327db2efdc357c1c9225ff00d0
* upstream commitguenther@openbsd.org2016-01-141-1/+1
| | | | | | | | | Use explicit_bzero() when zeroing before free() from Michael McConville (mmcconv1 (at) sccs.swarthmore.edu) ok millert@ djm@ Upstream-ID: 2e3337db046c3fe70c7369ee31515ac73ec00f50
* upstream commitdjm@openbsd.org2016-01-141-0/+1
| | | | | | | fix OOB read in packet code caused by missing return statement found by Ben Hawkes; ok markus@ deraadt@ Upstream-ID: a3e3a85434ebfa0690d4879091959591f30efc62
* read back from libcrypto RAND when privdroppingDamien Miller2016-01-141-0/+6
| | | | | makes certain libcrypto implementations cache a /dev/urandom fd in preparation of sandboxing. Based on patch by Greg Hartman.
* upstream commitdjm@openbsd.org2016-01-141-5/+5
| | | | | | | unbreak connections with peers that set first_kex_follows; fix from Matt Johnston va bz#2515 Upstream-ID: decc88ec4fc7515594fdb42b04aa03189a44184b
* upstream commitdjm@openbsd.org2016-01-142-10/+10
| | | | | | | use explicit_bzero() more liberally in the buffer code; ok deraadt Upstream-ID: 0ece37069fd66bc6e4f55eb1321f93df372b65bf
* we don't use Github for issues/pull-requestsV_7_1_P1Damien Miller2015-08-211-0/+4
|
* fix URL for connect.cDamien Miller2015-08-211-1/+1
|
* update version numbers for 7.1Damien Miller2015-08-213-3/+3
|
* upstream commitdjm@openbsd.org2015-08-211-2/+2
| | | | | | openssh-7.1 Upstream-ID: ff7b1ef4b06caddfb45e08ba998128c88be3d73f
* upstream commitdjm@openbsd.org2015-08-211-2/+2
| | | | | | | fix inverted logic that broke PermitRootLogin; reported by Mantas Mikulenas; ok markus@ Upstream-ID: 260dd6a904c1bb7e43267e394b1c9cf70bdd5ea5
* upstream commitderaadt@openbsd.org2015-08-217-18/+18
| | | | | | | Do not cast result of malloc/calloc/realloc* if stdlib.h is in scope ok krw millert Upstream-ID: 5e50ded78cadf3841556649a16cc4b1cb6c58667
* upstream commitnaddy@openbsd.org2015-08-211-4/+4
| | | | | | | In the certificates section, be consistent about using "host_key" and "user_key" for the respective key types. ok sthen@ deraadt@ Upstream-ID: 9e037ea3b15577b238604c5533e082a3947f13cb
* upstream commitdjm@openbsd.org2015-08-201-2/+13
| | | | | | | Better compat matching for WinSCP, add compat matching for FuTTY (fork of PuTTY); ok markus@ deraadt@ Upstream-ID: 24001d1ac115fa3260fbdc329a4b9aeb283c5389
* upstream commitdjm@openbsd.org2015-08-201-2/+1
| | | | | | | fix double-free() in error path of DSA key generation reported by Mateusz Kocielski; ok markus@ Upstream-ID: 4735d8f888b10599a935fa1b374787089116713c
* upstream commitdjm@openbsd.org2015-08-201-1/+5
| | | | | | | fix free() of uninitialised pointer reported by Mateusz Kocielski; ok markus@ Upstream-ID: 519552b050618501a06b7b023de5cb104e2c5663
* upstream commitdjm@openbsd.org2015-08-201-2/+3
| | | | | | | fixed unlink([uninitialised memory]) reported by Mateusz Kocielski; ok markus@ Upstream-ID: 14a0c4e7d891f5a8dabc4b89d4f6b7c0d5a20109
* upstream commitjmc@openbsd.org2015-08-192-8/+8
| | | | | | | | | match myproposal.h order; from brian conway (i snuck in a tweak while here) ok dtucker Upstream-ID: 35174a19b5237ea36aa3798f042bf5933b772c67
* upstream commitV_7_0_P1V_7_0deraadt@openbsd.org2015-08-114-9/+15
| | | | | | | | | add prohibit-password as a synonymn for without-password, since the without-password is causing too many questions. Harden it to ban all but pubkey, hostbased, and GSSAPI auth (when the latter is enabled) from djm, ok markus Upstream-ID: d53317d7b28942153e6236d3fd6e12ceb482db7a
* update version in READMEDamien Miller2015-08-111-1/+1
|
* update versions in *.specDamien Miller2015-08-112-2/+2
|
* set sshpam_ctxt to NULL after freeDamien Miller2015-08-111-1/+3
| | | | | Avoids use-after-free in monitor when privsep child is compromised. Reported by Moritz Jodeit; ok dtucker@
* Don't resend username to PAM; it already has it.Damien Miller2015-08-112-3/+0
| | | | Pointed out by Moritz Jodeit; ok dtucker@
* Import updated moduli file from OpenBSD.Darren Tucker2015-08-101-246/+267
|
* let principals-command.sh work for noexec /var/runDamien Miller2015-08-101-109/+113
|
* work around echo -n / sed behaviour in testsDamien Miller2015-08-061-2/+2
|
* upstream commitdjm@openbsd.org2015-08-061-2/+2
| | | | | | adjust for RSA minimum modulus switch; ok deraadt@ Upstream-Regress-ID: 5a72c83431b96224d583c573ca281cd3a3ebfdae
* upstream commitdjm@openbsd.org2015-08-052-4/+4
| | | | | | | backout SSH_RSA_MINIMUM_MODULUS_SIZE increase for this release; problems spotted by sthen@ ok deraadt@ markus@ Upstream-ID: d0bd60dde9e8c3cd7030007680371894c1499822
* upstream commitdjm@openbsd.org2015-08-021-2/+2
| | | | | | openssh 7.0; ok deraadt@ Upstream-ID: c63afdef537f57f28ae84145c5a8e29e9250221f
* upstream commitchris@openbsd.org2015-08-021-3/+3
| | | | | | | | Allow PermitRootLogin to be overridden by config ok markus@ deeradt@ Upstream-ID: 5cf3e26ed702888de84e2dc9d0054ccf4d9125b4
* upstream commitdjm@openbsd.org2015-08-021-2/+2
| | | | | | | fix pty permissions; patch from Nikolay Edigaryev; ok deraadt Upstream-ID: 40ff076d2878b916fbfd8e4f45dbe5bec019e550
* upstream commitderaadt@openbsd.org2015-08-023-6/+6
| | | | | | | change default: PermitRootLogin without-password matching install script changes coming as well ok djm markus Upstream-ID: 0e2a6c4441daf5498b47a61767382bead5eb8ea6
* downgrade OOM adjustment logging: verbose -> debugDamien Miller2015-07-301-2/+2
|
* upstream commitdjm@openbsd.org2015-07-309-84/+187
| | | | | | | | | | Allow ssh_config and sshd_config kex parameters options be prefixed by a '+' to indicate that the specified items be appended to the default rather than replacing it. approach suggested by dtucker@, feedback dlg@, ok markus@ Upstream-ID: 0f901137298fc17095d5756ff1561a7028e8882a
* upstream commitdjm@openbsd.org2015-07-291-3/+3
| | | | | | | fix bug in previous; was printing incorrect string for failed host key algorithms negotiation Upstream-ID: 22c0dc6bc61930513065d92e11f0753adc4c6e6e
* upstream commitdjm@openbsd.org2015-07-293-9/+38
| | | | | | | include the peer's offer when logging a failure to negotiate a mutual set of algorithms (kex, pubkey, ciphers, etc.) ok markus@ Upstream-ID: bbb8caabf5c01790bb845f5ce135565248d7c796
* upstream commitdjm@openbsd.org2015-07-291-2/+3
| | | | | | | add Cisco to the list of clients that choke on the hostkeys update extension. Pointed out by Howard Kash Upstream-ID: c9eadde28ecec056c73d09ee10ba4570dfba7e84
* upstream commitguenther@openbsd.org2015-07-291-1/+4
| | | | | | | | | Permit kbind(2) use in the sandbox now, to ease testing of ld.so work using it reminded by miod@, ok deraadt@ Upstream-ID: 523922e4d1ba7a091e3824e77a8a3c818ee97413
* upstream commitmillert@openbsd.org2015-07-211-2/+2
| | | | | | | Move .Pp before .Bl, not after to quiet mandoc -Tlint. Noticed by jmc@ Upstream-ID: 59fadbf8407cec4e6931e50c53cfa0214a848e23
* upstream commitmillert@openbsd.org2015-07-211-3/+3
| | | | | | Sync usage with SYNOPSIS Upstream-ID: 7a321a170181a54f6450deabaccb6ef60cf3f0b7
* upstream commitmillert@openbsd.org2015-07-211-21/+107
| | | | | | | Better desciption of Unix domain socket forwarding. bz#2423; ok jmc@ Upstream-ID: 85e28874726897e3f26ae50dfa2e8d2de683805d
* make realpath.c compile -Wsign-compare cleanDamien Miller2015-07-201-2/+5
|
* upstream commitdjm@openbsd.org2015-07-201-5/+14
| | | | | | | | mention that the default of UseDNS=no implies that hostnames cannot be used for host matching in sshd_config and authorized_keys; bz#2045, ok dtucker@ Upstream-ID: 0812705d5f2dfa59aab01f2764ee800b1741c4e1
* upstream commitdjm@openbsd.org2015-07-201-6/+14
| | | | | | | don't ignore PKCS#11 hosted keys that return empty CKA_ID; patch by Jakub Jelen via bz#2429; ok markus Upstream-ID: 2f7c94744eb0342f8ee8bf97b2351d4e00116485
* upstream commitdjm@openbsd.org2015-07-201-1/+6
| | | | | | | skip uninitialised PKCS#11 slots; patch from Jakub Jelen in bz#2427 ok markus@ Upstream-ID: 744c1e7796e237ad32992d0d02148e8a18f27d29
* upstream commitdjm@openbsd.org2015-07-201-3/+8
| | | | | | | only query each keyboard-interactive device once per authentication request regardless of how many times it is listed; ok markus@ Upstream-ID: d73fafba6e86030436ff673656ec1f33d9ffeda1
* upstream commitdjm@openbsd.org2015-07-171-11/+11
| | | | | | | remove -u flag to diff (only used for error output) to make things easier for -portable Upstream-Regress-ID: a5d6777d2909540d87afec3039d9bb2414ade548
View Lorry Controller Status