tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,283 Commits 6 Branches 20 Tags 98 MiB
Commit Graph

7283 Commits

Author SHA1 Message Date
Damien Miller f0858de6e1 - deraadt@cvs.openbsd.org 2014/03/15 17:28:26 
[ssh-agent.c ssh-keygen.1 ssh-keygen.c]
     Improve usage() and documentation towards the standard form.
     In particular, this line saves a lot of man page reading time.
       usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]
                         [-N new_passphrase] [-C comment] [-f output_keyfile]
     ok schwarze jmc
 2014-04-20 13:01:30 +10:00
Damien Miller 94bfe0fbd6 - naddy@cvs.openbsd.org 2014/03/12 13:06:59 
[ssh-keyscan.1]
     scan for Ed25519 keys by default too
 2014-04-20 13:00:51 +10:00
Damien Miller 3819519288 - djm@cvs.openbsd.org 2014/03/12 04:51:12 
[authfile.c]
     correct test that kdf name is not "none" or "bcrypt"
 2014-04-20 13:00:28 +10:00
Damien Miller 8f9cd709c7 - djm@cvs.openbsd.org 2014/03/12 04:50:32 
[auth-bsdauth.c ssh-keygen.c]
     don't count on things that accept arguments by reference to clear
     things for us on error; most things do, but it's unsafe form.
 2014-04-20 13:00:11 +10:00
Damien Miller 1c7ef4be83 - djm@cvs.openbsd.org 2014/03/12 04:44:58 
[ssh-keyscan.c]
     scan for Ed25519 keys by default too
 2014-04-20 12:59:46 +10:00
Damien Miller c10bf4d051 - djm@cvs.openbsd.org 2014/03/03 22:22:30 
[session.c]
     ignore enviornment variables with embedded '=' or '\0' characters;
     spotted by Jann Horn; ok deraadt@
     Id sync only - portable already has this.
 2014-04-20 12:58:04 +10:00
Damien Miller c2e49062fa - (djm) Use full release (e.g. 6.5p1) in debug output rather than just 
version. From des@des.no
 2014-04-01 14:42:46 +11:00
Damien Miller 14928b7492 - (djm) On platforms that support it, use prctl() to prevent sftp-server 
from accessing /proc/self/{mem,maps}; patch from jann AT thejh.net
 2014-04-01 14:38:07 +11:00
Damien Miller 48abc47e60 - (djm) [sandbox-seccomp-filter.c] Soft-fail stat() syscalls. Add XXX to 
remind myself to add sandbox violation logging via the log socket.
 2014-03-17 14:45:56 +11:00
Tim Rice 9c36698ca2 20140314 
- (tim) [opensshd.init.in] Add support for ed25519
 2014-03-14 12:45:01 -07:00
Damien Miller 19158b2447 - (djm) Release OpenSSH 6.6 2014-03-13 13:14:21 +11:00
Damien Miller 8569eba5d7 - djm@cvs.openbsd.org 2014/03/03 22:22:30 
[session.c]
     ignore enviornment variables with embedded '=' or '\0' characters;
     spotted by Jann Horn; ok deraadt@
 2014-03-04 09:35:17 +11:00
Damien Miller 2476c31b96 - (djm) [regress/Makefile] Disable dhgex regress test; it breaks when 
no moduli file exists at the expected location.
 2014-03-02 04:01:00 +11:00
Damien Miller c83fdf30e9 - (djm) [regress/host-expand.sh] Add RCS Id 2014-02-28 10:34:03 +11:00
Damien Miller 834aeac355 - djm@cvs.openbsd.org 2014/02/27 21:21:25 
[agent-ptrace.sh agent.sh]
     keep return values that are printed in error messages;
     from portable
     (Id sync only)
 2014-02-28 10:25:16 +11:00
Damien Miller 4f7f1a9a0d - djm@cvs.openbsd.org 2014/02/27 20:04:16 
[login-timeout.sh]
     remove any existing LoginGraceTime from sshd_config before adding
     a specific one for the test back in
 2014-02-28 10:24:11 +11:00
Damien Miller d705d987c2 - djm@cvs.openbsd.org 2014/01/26 10:49:17 
[scp-ssh-wrapper.sh scp.sh]
     make sure $SCP is tested on the remote end rather than whichever one
     happens to be in $PATH; from portable
     (Id sync only)
 2014-02-28 10:23:26 +11:00
Damien Miller 624a3ca376 - djm@cvs.openbsd.org 2014/01/26 10:22:10 
[regress/cert-hostkey.sh]
     automatically generate revoked keys from listed keys rather than
     manually specifying each type; from portable
     (Id sync only)
 2014-02-28 10:22:37 +11:00
Damien Miller b843923284 - dtucker@cvs.openbsd.org 2014/01/25 04:35:32 
[regress/Makefile regress/dhgex.sh]
     Add a test for DH GEX sizes
 2014-02-28 10:21:26 +11:00
Damien Miller 1e2aa3d904 - dtucker@cvs.openbsd.org 2014/01/20 00:00:30 
[sftp-chroot.sh]
     append to rather than truncating the log file
 2014-02-28 10:19:51 +11:00
Damien Miller f483cc16fe - dtucker@cvs.openbsd.org 2014/01/19 23:43:02 
[regress/sftp-chroot.sh]
     Don't use -q on sftp as it suppresses logging, instead redirect the
     output to the regress logfile.
 2014-02-28 10:19:11 +11:00
Damien Miller 6486f16f1c - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 
[contrib/suse/openssh.spec] Crank version numbers
 2014-02-28 10:03:52 +11:00
Damien Miller 92cf5adea1 - djm@cvs.openbsd.org 2014/02/27 22:57:40 
[version.h]
     openssh-6.6
 2014-02-28 10:01:53 +11:00
Damien Miller fc5d6759ab - djm@cvs.openbsd.org 2014/02/27 22:47:07 
[sshd_config.5]
     bz#2184 clarify behaviour of a keyword that appears in multiple
     matching Match blocks; ok dtucker@
 2014-02-28 10:01:28 +11:00
Damien Miller 172ec7e0af - djm@cvs.openbsd.org 2014/02/27 08:25:09 
[bufbn.c]
     off by one in range check
 2014-02-28 10:00:57 +11:00
Damien Miller f9a9aaba43 - djm@cvs.openbsd.org 2014/02/27 00:41:49 
[bufbn.c]
     fix unsigned overflow that could lead to reading a short ssh protocol
     1 bignum value; found by Ben Hawkes; ok deraadt@
 2014-02-28 10:00:27 +11:00
Damien Miller fb3423b612 - markus@cvs.openbsd.org 2014/02/26 21:53:37 
[sshd.c]
     ssh_gssapi_prepare_supported_oids needs GSSAPI
 2014-02-27 10:20:07 +11:00
Damien Miller 1348129a34 - djm@cvs.openbsd.org 2014/02/26 20:29:29 
[channels.c]
     don't assume that the socks4 username is \0 terminated;
     spotted by Ben Hawkes; ok markus@
 2014-02-27 10:18:32 +11:00
Damien Miller e6a74aeeac - djm@cvs.openbsd.org 2014/02/26 20:28:44 
[auth2-gss.c gss-serv.c ssh-gss.h sshd.c]
     bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsep
     sandboxing, as running this code in the sandbox can cause violations;
     ok markus@
 2014-02-27 10:17:49 +11:00
Damien Miller 08b57c67f3 - djm@cvs.openbsd.org 2014/02/26 20:18:37 
[ssh.c]
     bz#2205: avoid early hostname lookups unless canonicalisation is enabled;
     ok dtucker@ markus@
 2014-02-27 10:17:13 +11:00
Damien Miller 13f97b2286 - djm@cvs.openbsd.org 2014/02/23 20:11:36 
[readconf.c readconf.h ssh.c ssh_config.5]
     reparse ssh_config and ~/.ssh/config if hostname canonicalisation changes
     the hostname. This allows users to write configurations that always
     refer to canonical hostnames, e.g.

     CanonicalizeHostname yes
     CanonicalDomains int.example.org example.org
     CanonicalizeFallbackLocal no

     Host *.int.example.org
         Compression off
     Host *.example.org
         User djm

     ok markus@
 2014-02-24 15:57:55 +11:00
Damien Miller bee3a234f3 - djm@cvs.openbsd.org 2014/02/23 20:03:42 
[ssh-ed25519.c]
     check for unsigned overflow; not reachable in OpenSSH but others might
     copy our code...
 2014-02-24 15:57:22 +11:00
Damien Miller 0628780abe - djm@cvs.openbsd.org 2014/02/22 01:32:19 
[readconf.c]
     when processing Match blocks, skip 'exec' clauses if previous predicates
     failed to match; ok markus@
 2014-02-24 15:56:45 +11:00
Damien Miller 0890dc8191 - djm@cvs.openbsd.org 2014/02/15 23:05:36 
[channels.c]
     avoid spurious "getsockname failed: Bad file descriptor" errors in ssh -W;
     bz#2200, debian#738692 via Colin Watson; ok dtucker@
 2014-02-24 15:56:07 +11:00
Damien Miller d3cf67e111 - djm@cvs.openbsd.org 2014/02/07 06:55:54 
[cipher.c mac.c]
     remove some logging that makes ssh debugging output very verbose;
     ok markus
 2014-02-24 15:55:36 +11:00
Tim Rice 03ae081aea 20140221 
- (tim) [configure.ac]  Fix cut-and-paste error. Patch from Bryan Drewery.
 2014-02-21 09:09:34 -08:00
Darren Tucker 4a20959d2e - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add compat 
code for older OpenSSL versions that don't have EVP_MD_CTX_copy_ex.
 2014-02-13 16:38:32 +11:00
Damien Miller d1a7a9c0fd - djm@cvs.openbsd.org 2014/02/06 22:21:01 
[sshconnect.c]
     in ssh_create_socket(), only do the getaddrinfo for BindAddress when
     BindAddress is actually specified. Fixes regression in 6.5 for
     UsePrivilegedPort=yes; patch from Corinna Vinschen
 2014-02-07 09:24:33 +11:00
Damien Miller 6ce35b6cc4 - naddy@cvs.openbsd.org 2014/02/05 20:13:25 
[ssh-keygen.1 ssh-keygen.c]
     tweak synopsis: calling ssh-keygen without any arguments is fine; ok jmc@
     while here, fix ordering in usage(); requested by jmc@
 2014-02-07 09:24:14 +11:00
Damien Miller 6434cb2cfb - (djm) [sandbox-seccomp-filter.c] Not all Linux architectures define 
__NR_shutdown; some go via the socketcall(2) multiplexer.
 2014-02-06 11:17:50 +11:00
Darren Tucker 8d36f9ac71 - (dtucker) [openbsd-compat/bsd-poll.c] Don't bother checking for non-NULL 
before freeing since free(NULL) is a no-op.  ok djm.
 2014-02-06 10:44:13 +11:00
Damien Miller a0959da368 - (djm) [sandbox-capsicum.c] Don't fatal if Capsicum is offered by 
headers/libc but not supported by the kernel. Patch from Loganaden
   Velvindron @ AfriNIC
 2014-02-05 10:33:45 +11:00
Damien Miller 9c449bc183 - (djm) [regress/setuid-allowed.c] Missing string.h for strerror() 2014-02-04 11:38:28 +11:00
Damien Miller bf7e0f03be - (djm) [openbsd-compat/Makefile.in] Add missing explicit_bzero.o 2014-02-04 11:37:50 +11:00
Damien Miller eb6d870a0e - djm@cvs.openbsd.org 2014/02/04 00:24:29 
[ssh.c]
     delay lowercasing of hostname until right before hostname
     canonicalisation to unbreak case-sensitive matching of ssh_config;
     reported by Ike Devolder; ok markus@
 2014-02-04 11:26:34 +11:00
Damien Miller d56b44d2df - djm@cvs.openbsd.org 2014/02/04 00:24:29 
[ssh.c]
     delay lowercasing of hostname until right before hostname
     canonicalisation to unbreak case-sensitive matching of ssh_config;
     reported by Ike Devolder; ok markus@
 2014-02-04 11:26:04 +11:00
Damien Miller db3c595ea7 - djm@cvs.openbsd.org 2014/02/02 03:44:31 
[digest-libc.c digest-openssl.c]
     convert memset of potentially-private data to explicit_bzero()
 2014-02-04 11:25:45 +11:00
Damien Miller aae07e2e20 - djm@cvs.openbsd.org 2014/02/03 23:28:00 
[ssh-ecdsa.c]
     fix memory leak; ECDSA_SIG_new() allocates 'r' and 's' for us, unlike
     DSA_SIG_new. Reported by Batz Spear; ok markus@
 2014-02-04 11:20:40 +11:00
Damien Miller a5103f413b - djm@cvs.openbsd.org 2014/02/02 03:44:32 
[auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c]
     [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c]
     [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c]
     [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c]
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c]
     [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c]
     [sshd.c]
     convert memset of potentially-private data to explicit_bzero()
 2014-02-04 11:20:14 +11:00
Damien Miller 1d2c456426 - tedu@cvs.openbsd.org 2014/01/31 16:39:19 
[auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c]
     [channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c]
     [kexc25519.c krl.c monitor.c sandbox-systrace.c session.c]
     [sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c]
     [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h]
     replace most bzero with explicit_bzero, except a few that cna be memset
     ok djm dtucker
 2014-02-04 11:18:20 +11:00