| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
| |
Prefer setvbuf() to setlinebuf() for portability; ok
deraadt@
|
| |
|
|
|
|
|
| |
Fix crashes in the handling of the sshd config file found
with the afl fuzzer.
ok deraadt@ djm@
|
| |
|
|
| |
Patch from Corinna Vinschen
|
| |
|
|
|
|
| |
Permits the use of multiple sshd running with different service names.
Patch by Florian Friesdorf via Corinna Vinschen
|
| |
|
|
|
| |
restore word zapped in previous, and remove some useless
"No" macros;
|
| |
|
|
|
|
|
| |
/dev/random has created the same effect as /dev/arandom
(and /dev/urandom) for quite some time. Mop up the last few, by using
/dev/random where we actually want it, or not even mentioning arandom where
it is irrelevant.
|
| |
|
|
|
|
| |
fix NULL pointer dereference crash on invalid timestamp
found using Michal Zalewski's afl fuzzer
|
| |
|
|
|
|
|
|
|
|
| |
Sync AES code to the one shipped in OpenSSL/LibreSSL.
This includes a commit made by Andy Polyakov <appro at openssl ! org>
to the OpenSSL source tree on Wed, 28 Jun 2006 with the following
message: "Mitigate cache-collision timing attack on last round."
OK naddy, miod, djm
|
| |
|
|
|
|
| |
Nuke more obvious #include duplications.
ok deraadt@ millert@ tedu@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
fix KRL generation when multiple CAs are in use
We would generate an invalid KRL when revoking certs by serial
number for multiple CA keys due to a section being written out
twice.
Also extend the regress test to catch this case by having it
produce a multi-CA KRL.
Reported by peter AT pean.org
|
| |
|
|
|
|
| |
fix NULL pointer dereference crash in key loading
found by Michal Zalewski's AFL fuzzer
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
fix KRL generation when multiple CAs are in use
We would generate an invalid KRL when revoking certs by serial
number for multiple CA keys due to a section being written out
twice.
Also extend the regress test to catch this case by having it
produce a multi-CA KRL.
Reported by peter AT pean.org
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reduce instances of `` '' in manuals.
troff displays these as typographic quotes, but nroff implementations
almost always print them literally, which rarely has the intended effect
with modern fonts, even in stock xterm.
These uses of `` '' can be replaced either with more semantic alternatives
or with Dq, which prints typographic quotes in a UTF-8 locale (but will
automatically fall back to `` '' in an ASCII locale).
improvements and ok schwarze@
|
| |
|
|
|
|
|
|
| |
mux-related manual tweaks
mention ControlPersist=0 is the same as ControlPersist=yes
recommend that ControlPath sockets be placed in a og-w directory
|
| |
|
|
|
|
|
|
|
| |
Makes the Cygwin-specific ssh-user-config script independent of the
existence of /etc/passwd. The next Cygwin release will allow to
generate passwd and group entries from the Windows account DBs, so the
scripts have to adapt.
from Corinna Vinschen
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Remove unnecessary include: netinet/in_systm.h is not needed
by these programs.
NB. skipped for portable
ok deraadt@ millert@
|
| |
|
|
| |
whitespace
|
| |
|
|
|
|
| |
plug a memory leak; from Maxime Villard.
ok djm@
|
| |
|
|
| |
tweak previous;
|
| |
|
|
| |
whitespace
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Tweak config reparsing with host canonicalisation
Make the second pass through the config files always run when
hostname canonicalisation is enabled.
Add a "Match canonical" criteria that allows ssh_config Match
blocks to trigger only in the second config pass.
Add a -G option to ssh that causes it to parse its configuration
and dump the result to stdout, similar to "sshd -T"
Allow ssh_config Port options set in the second config parse
phase to be applied (they were being ignored).
bz#2267 bz#2286; ok markus
|
| |
|
|
| |
another -Wpointer-sign from clang
|
| |
|
|
| |
fix a few -Wpointer-sign warnings from clang
|
| |
|
|
|
| |
parse cert sections using nested buffers to reduce
copies; ok markus
|
| |
|
|
| |
correct options in usage(); from mancha1 AT zoho.com
|
| |
|
|
|
| |
mention permissions on tun(4) devices in PermitTunnel
documentation; bz#2273
|
| |
|
|
|
| |
tighten permissions on pty when the "tty" group does
not exist; pointed out by Corinna Vinschen; ok markus
|
| |
|
|
| |
typo.
|
| |
|
|
|
|
|
| |
improve capitalization for the Ed25519 public-key
signature system.
ok djm@
|
| |
|
|
|
|
| |
Free resources on error in mkstemp and fdopen
ok djm@
|
| |
|
|
| |
djm how did you make a typo like that...
|
| |
|
|
|
| |
When dumping the server configuration (sshd -T), print
correct KEX, MAC and cipher defaults. Spotted by Iain Morgan
|
| |
|
|
| |
~-expand lcd paths
|
| | |
|
| |
|
|
| |
Commit logs will be generated from git at release time.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
[openbsd-compat/openbsd-compat.h] Kludge around bad glibc
_FORTIFY_SOURCE check that doesn't grok heap-allocated fd_sets;
ok dtucker@
|
| |
|
|
| |
patch from Felix von Leitner; ok dtucker
|
| |
|
|
| |
- (dtucker) [INSTALL] Update info about egd. ok djm@
|
| | |
|
| |
|
|
| |
permissions/ACLs; from Corinna Vinschen
|
| |
|
|
| |
conditionalise to avoid duplicate definition.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
OPENSSL_[RD]SA_MAX_MODULUS_BITS defines for OpenSSL that lacks them
|
