d2d51003a6
upstream commit
...
fix NULL pointer dereference crash in key loading
found by Michal Zalewski's AFL fuzzer
2014-11-18 12:00:51 +11:00
9f9fad0191
upstream commit
...
fix KRL generation when multiple CAs are in use
We would generate an invalid KRL when revoking certs by serial
number for multiple CA keys due to a section being written out
twice.
Also extend the regress test to catch this case by having it
produce a multi-CA KRL.
Reported by peter AT pean.org
2014-11-17 11:20:39 +11:00
da8af83d3f
upstream commit
...
Reduce instances of `` '' in manuals.
troff displays these as typographic quotes, but nroff implementations
almost always print them literally, which rarely has the intended effect
with modern fonts, even in stock xterm.
These uses of `` '' can be replaced either with more semantic alternatives
or with Dq, which prints typographic quotes in a UTF-8 locale (but will
automatically fall back to `` '' in an ASCII locale).
improvements and ok schwarze@
2014-11-17 11:19:33 +11:00
fc30256136
upstream commit
...
mux-related manual tweaks
mention ControlPersist=0 is the same as ControlPersist=yes
recommend that ControlPath sockets be placed in a og-w directory
2014-11-11 09:27:17 +11:00
0e4cff5f35
Prepare scripts for next Cygwin release
...
Makes the Cygwin-specific ssh-user-config script independent of the
existence of /etc/passwd. The next Cygwin release will allow to
generate passwd and group entries from the Windows account DBs, so the
scripts have to adapt.
from Corinna Vinschen
2014-11-05 11:01:31 +11:00
7d0ba53366
include version number in OpenSSL-too-old error
2014-10-30 10:45:41 +11:00
3bcb92e04d
upstream commit
...
Remove unnecessary include: netinet/in_systm.h is not needed
by these programs.
NB. skipped for portable
ok deraadt@ millert@
2014-10-27 16:34:52 +11:00
6fdcaeb995
upstream commit
...
whitespace
2014-10-20 14:41:44 +11:00
165bc87862
upstream commit
...
plug a memory leak; from Maxime Villard.
ok djm@
2014-10-20 14:40:06 +11:00
b1ba15f388
upstream commit
...
tweak previous;
2014-10-20 14:40:05 +11:00
259a02ebdf
upstream commit
...
whitespace
2014-10-13 14:36:06 +11:00
957fbceb0f
upstream commit
...
Tweak config reparsing with host canonicalisation
Make the second pass through the config files always run when
hostname canonicalisation is enabled.
Add a "Match canonical" criteria that allows ssh_config Match
blocks to trigger only in the second config pass.
Add a -G option to ssh that causes it to parse its configuration
and dump the result to stdout, similar to "sshd -T"
Allow ssh_config Port options set in the second config parse
phase to be applied (they were being ignored).
bz#2267 bz#2286; ok markus
2014-10-13 11:41:48 +11:00
5c0dafd38b
upstream commit
...
another -Wpointer-sign from clang
2014-10-13 11:39:23 +11:00
bb005dc815
upstream commit
...
fix a few -Wpointer-sign warnings from clang
2014-10-13 11:39:18 +11:00
3cc1fbb4fb
upstream commit
...
parse cert sections using nested buffers to reduce
copies; ok markus
2014-10-13 11:39:11 +11:00
4a45922aeb
upstream commit
...
correct options in usage(); from mancha1 AT zoho.com
2014-10-13 11:39:02 +11:00
48dffd5beb
upstream commit
...
mention permissions on tun(4) devices in PermitTunnel
documentation; bz#2273
2014-10-13 11:38:46 +11:00
a5883d4ecc
upstream commit
...
tighten permissions on pty when the "tty" group does
not exist; pointed out by Corinna Vinschen; ok markus
2014-10-13 11:38:36 +11:00
180bcb406b
upstream commit
...
typo.
2014-10-13 11:37:56 +11:00
f70b22bcdd
upstream commit
...
improve capitalization for the Ed25519 public-key
signature system.
ok djm@
2014-10-13 11:37:32 +11:00
7df8818409
upstream commit
...
Free resources on error in mkstemp and fdopen
ok djm@
2014-10-13 11:37:21 +11:00
40ba4c9733
upstream commit
...
djm how did you make a typo like that...
2014-10-13 11:37:14 +11:00
57d378ec92
upstream commit
...
When dumping the server configuration (sshd -T), print
correct KEX, MAC and cipher defaults. Spotted by Iain Morgan
2014-10-13 11:36:04 +11:00
7ff880ede5
upstream commit
...
~-expand lcd paths
2014-10-13 11:35:49 +11:00
4460a7ad0c
remove duplicated KEX_DH1 entry
2014-10-12 12:35:48 +11:00
c9b8426a61
remove ChangeLog file
...
Commit logs will be generated from git at release time.
2014-10-09 10:34:06 +11:00
81d18ff7c9
delete contrib/caldera directory
2014-10-07 21:24:25 +11:00
0ec9e87d36
test commit
2014-10-07 19:57:27 +11:00
8fb65a4456
- (djm) Release OpenSSH-6.7
2014-10-07 09:21:49 +11:00
e8c9f2602c
- (djm) [sshd_config.5] typo; from Iain Morgan
2014-10-03 09:24:56 +10:00
703b98a267
- (djm) [openbsd-compat/Makefile.in openbsd-compat/kludge-fd_set.c]
...
[openbsd-compat/openbsd-compat.h] Kludge around bad glibc
_FORTIFY_SOURCE check that doesn't grok heap-allocated fd_sets;
ok dtucker@
2014-10-01 09:43:07 +10:00
0fa0ed061b
- (djm) [sandbox-seccomp-filter.c] Allow mremap and exit for DietLibc;
...
patch from Felix von Leitner; ok dtucker
2014-09-10 08:15:34 +10:00
ad7d23d461
20140908
...
- (dtucker) [INSTALL] Update info about egd. ok djm@
2014-09-09 12:23:10 +10:00
2a8699f37c
- (djm) [openbsd-compat/arc4random.c] Zero seed after keying PRNG
2014-09-04 03:46:05 +10:00
44988defb1
- (djm) [contrib/cygwin/ssh-host-config] Fix old code leading to
...
permissions/ACLs; from Corinna Vinschen
2014-09-03 05:35:32 +10:00
23f269562b
- (djm) [defines.h sshbuf.c] Move __predict_true|false to defines.h and
...
conditionalise to avoid duplicate definition.
2014-09-03 05:33:25 +10:00
41c8de2c00
- (djm) [Makefile.in] Make TEST_SHELL a variable; "good idea" tim@
2014-08-30 16:23:06 +10:00
d7c81e216a
- (djm) [openbsd-compat/openssl-compat.h] add include guard
2014-08-30 04:18:28 +10:00
4687802dda
- (djm) [misc.c] Missing newline between functions
2014-08-30 03:29:19 +10:00
51c77e2922
- (djm) [openbsd-compat/openssl-compat.h] add
...
OPENSSL_[RD]SA_MAX_MODULUS_BITS defines for OpenSSL that lacks them
2014-08-30 02:30:30 +10:00
3d673d103b
- (djm) [openbsd-compat/explicit_bzero.c] implement explicit_bzero()
...
using memset_s() where possible; improve fallback to indirect bzero
via a volatile pointer to give it more of a chance to avoid being
optimised away.
2014-08-27 06:32:01 +10:00
146218ac11
- (djm) [monitor.c sshd.c] SIGXFSZ needs to be ignored in postauth
...
monitor, not preauth; bz#2263
2014-08-27 04:11:55 +10:00
1b215c098b
- (djm) [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c]
...
[regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c]
[regress/unittests/sshkey/common.c]
[regress/unittests/sshkey/test_file.c]
[regress/unittests/sshkey/test_fuzz.c]
[regress/unittests/sshkey/test_sshkey.c] Don't include openssl/ec.h
on !ECC OpenSSL systems
2014-08-27 04:04:40 +10:00
ad013944af
- (djm) [INSTALL] Recommend libcrypto be built -fPIC, mention LibreSSL,
...
update OpenSSL version requirement.
2014-08-26 09:27:28 +10:00
ed126de8ee
- (djm) [bufec.c] Skip this file on !ECC OpenSSL
2014-08-26 08:37:47 +10:00
9c1dede005
- (djm) [sftp-server.c] Some systems (e.g. Irix) have prctl() but not
...
PR_SET_DUMPABLE, so adjust ifdef; reported by Tom Christensen
2014-08-24 03:01:06 +10:00
d244a5816f
- (djm) [configure.ac] We now require a working vsnprintf everywhere (not
...
just for systems that lack asprintf); check for it always and extend
test to catch more brokenness. Fixes builds on Solaris <= 9
2014-08-23 17:06:49 +10:00
4cec036362
- (djm) [sshd.c] Ignore SIGXFSZ in preauth monitor child; can explode on
...
lastlog writing on platforms with high UIDs; bz#2263
2014-08-23 03:11:09 +10:00
394a60f259
- (djm) [configure.ac] double braces to appease autoconf
2014-08-22 18:06:20 +10:00
4d69aeabd6
- (djm) [openbsd-compat/bsd-snprintf.c] Fix compilation failure (prototype/
...
definition mismatch) and warning for broken/missing snprintf case.
2014-08-22 17:48:27 +10:00
djm@openbsd.org
bentley@openbsd.org
Damien Miller
Damien Miller
lteo@openbsd.org
daniel@openbsd.org
jmc@openbsd.org
sobrado@openbsd.org
doug@openbsd.org
deraadt@openbsd.org
Darren Tucker