tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,408 Commits 6 Branches 20 Tags 97 MiB
Commit Graph

7408 Commits

Author SHA1 Message Date
Damien Miller b15cd7bb09 - logan@cvs.openbsd.org 2014/04/22 10:07:12 
[sftp.c]
     Sort the sftp command list.
     OK from djm@
 2014-05-15 13:46:52 +10:00
Damien Miller d8accc0aa7 - logan@cvs.openbsd.org 2014/04/21 14:36:16 
[sftp-client.c sftp-client.h sftp.c]
     Implement sftp upload resume support.
     OK from djm@, with input from guenther@, mlarkin@ and
     okan@
 2014-05-15 13:46:25 +10:00
Damien Miller 16cd3928a8 - logan@cvs.openbsd.org 2014/04/20 09:24:26 
[dns.c dns.h ssh-keygen.c]
     Add support for SSHFP DNS records for ED25519 key types.
     OK from djm@
 2014-05-15 13:45:58 +10:00
Damien Miller ec0b67eb3b - (djm) [rijndael.c rijndael.h] Sync with newly-ressurected versions ine 
OpenBSD
 2014-05-15 13:45:26 +10:00
Darren Tucker f028460d0b - (dtucker) [defines.h] Define __GNUC_PREREQ__ macro if we don't already 
have it.  Only attempt to use __attribute__(__bounded__) for gcc.
 2014-05-01 02:24:35 +10:00
Damien Miller b628cc4c3e - djm@cvs.openbsd.org 2014/04/20 02:49:32 
[compat.c]
     add a canonical 6.6 + curve25519 bignum fix fake version that I can
     recommend people use ahead of the openssh-6.7 release
 2014-04-20 13:33:58 +10:00
Damien Miller 8885669139 - djm@cvs.openbsd.org 2014/04/20 02:30:25 
[misc.c misc.h umac.c]
     use get/put_u32 to load values rather than *((UINT32 *)p) that breaks on
     strict-alignment architectures; reported by and ok stsp@
 2014-04-20 13:33:19 +10:00
Damien Miller 16f85cbc7e - tedu@cvs.openbsd.org 2014/04/19 18:42:19 
[ssh.1]
     delete .xr to hosts.equiv. there's still an unfortunate amount of
     documentation referring to rhosts equivalency in here.
 2014-04-20 13:29:28 +10:00
Damien Miller 69cb24b735 - tedu@cvs.openbsd.org 2014/04/19 18:15:16 
[sshd.8]
     remove some really old rsh references
 2014-04-20 13:29:06 +10:00
Damien Miller 84c1e7bca8 - tedu@cvs.openbsd.org 2014/04/19 14:53:48 
[ssh-keysign.c sshd.c]
     Delete futile calls to RAND_seed. ok djm
     NB. Id sync only. This only applies to OpenBSD's libcrypto slashathon
 2014-04-20 13:27:53 +10:00
Damien Miller 0e6b67423b - djm@cvs.openbsd.org 2014/04/19 05:54:59 
[compat.c]
     missing wildcard; pointed out by naddy@
 2014-04-20 13:27:01 +10:00
Damien Miller 9395b28223 - djm@cvs.openbsd.org 2014/04/18 23:52:25 
[compat.c compat.h sshconnect2.c sshd.c version.h]
     OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections
     using the curve25519-sha256@libssh.org KEX exchange method to fail
     when connecting with something that implements the spec properly.

     Disable this KEX method when speaking to one of the affected
     versions.

     reported by Aris Adamantiadis; ok markus@
 2014-04-20 13:25:30 +10:00
Damien Miller 8c492da58f - djm@cvs.openbsd.org 2014/04/16 23:28:12 
[ssh-agent.1]
     remove the identity files from this manpage - ssh-agent doesn't deal
     with them at all and the same information is duplicated in ssh-add.1
     (which does deal with them); prodded by deraadt@
 2014-04-20 13:25:09 +10:00
Damien Miller adbfdbbdcc - djm@cvs.openbsd.org 2014/04/16 23:22:45 
[bufaux.c]
     skip leading zero bytes in buffer_put_bignum2_from_string();
     reported by jan AT mojzis.com; ok markus@
 2014-04-20 13:24:49 +10:00
Damien Miller 75c62728dc - djm@cvs.openbsd.org 2014/04/12 04:55:53 
[sshd.c]
     avoid crash at exit: check that pmonitor!=NULL before dereferencing;
     bz#2225, patch from kavi AT juniper.net
 2014-04-20 13:24:31 +10:00
Damien Miller 2a328437fb - djm@cvs.openbsd.org 2014/04/01 05:32:57 
[packet.c]
     demote a debug3 to PACKET_DEBUG; ok markus@
 2014-04-20 13:24:01 +10:00
Damien Miller 7d6a9fb660 - djm@cvs.openbsd.org 2014/04/01 03:34:10 
[sshconnect.c]
     When using VerifyHostKeyDNS with a DNSSEC resolver, down-convert any
     certificate keys to plain keys and attempt SSHFP resolution.

     Prevents a server from skipping SSHFP lookup and forcing a new-hostkey
     dialog by offering only certificate keys.

     Reported by mcv21 AT cam.ac.uk
 2014-04-20 13:23:43 +10:00
Damien Miller fcd62c0b66 - djm@cvs.openbsd.org 2014/04/01 02:05:27 
[ssh-keysign.c]
     include fingerprint of key not found
     use arc4random_buf() instead of loop+arc4random()
 2014-04-20 13:23:21 +10:00
Damien Miller 43b156cf72 - jmc@cvs.openbsd.org 2014/03/31 13:39:34 
[ssh-keygen.1]
     the text for the -K option was inserted in the wrong place in -r1.108;
     fix From: Matthew Clarke
 2014-04-20 13:23:03 +10:00
Damien Miller c1621c84f2 - naddy@cvs.openbsd.org 2014/03/28 05:17:11 
[ssh_config.5 sshd_config.5]
     sync available and default algorithms, improve algorithm list formatting
     help from jmc@ and schwarze@, ok deraadt@
 2014-04-20 13:22:46 +10:00
Damien Miller f2719b7c2b - tedu@cvs.openbsd.org 2014/03/26 19:58:37 
[sshd.8 sshd.c]
     remove libwrap support. ok deraadt djm mfriedl
 2014-04-20 13:22:18 +10:00
Damien Miller 4f40209aa4 - djm@cvs.openbsd.org 2014/03/26 04:55:35 
[chacha.h cipher-chachapoly.h digest.h hmac.h kex.h kexc25519.c
     [misc.h poly1305.h ssh-pkcs11.c]
     use __bounded(...) attribute recently added to sys/cdefs.h instead of
     longform __attribute__(__bounded(...));

     for brevity and a warning free compilation with llvm/clang
 2014-04-20 13:21:22 +10:00
Damien Miller 9235a030ad Three commits in one (since they touch the same heavily-diverged file 
repeatedly):

   - markus@cvs.openbsd.org 2014/03/25 09:40:03
     [myproposal.h]
     trimm default proposals.

     This commit removes the weaker pre-SHA2 hashes, the broken ciphers
     (arcfour), and the broken modes (CBC) from the default configuration
     (the patch only changes the default, all the modes are still available
     for the config files).

     ok djm@, reminded by tedu@ & naddy@ and discussed with many
   - deraadt@cvs.openbsd.org 2014/03/26 17:16:26
     [myproposal.h]
     The current sharing of myproposal[] between both client and server code
     makes the previous diff highly unpallatable.  We want to go in that
     direction for the server, but not for the client.  Sigh.
     Brought up by naddy.
   - markus@cvs.openbsd.org 2014/03/27 23:01:27
     [myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
     disable weak proposals in sshd, but keep them in ssh; ok djm@
 2014-04-20 13:17:20 +10:00
Damien Miller 6e1777f592 - tedu@cvs.openbsd.org 2014/03/19 14:42:44 
[scp.1]
     there is no need for rcp anymore
     ok deraadt millert
 2014-04-20 13:02:58 +10:00
Damien Miller eb1b7c514d - tedu@cvs.openbsd.org 2014/03/17 19:44:10 
[ssh.1]
     old descriptions of des and blowfish are old. maybe ok deraadt
 2014-04-20 13:02:26 +10:00
Damien Miller f0858de6e1 - deraadt@cvs.openbsd.org 2014/03/15 17:28:26 
[ssh-agent.c ssh-keygen.1 ssh-keygen.c]
     Improve usage() and documentation towards the standard form.
     In particular, this line saves a lot of man page reading time.
       usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]
                         [-N new_passphrase] [-C comment] [-f output_keyfile]
     ok schwarze jmc
 2014-04-20 13:01:30 +10:00
Damien Miller 94bfe0fbd6 - naddy@cvs.openbsd.org 2014/03/12 13:06:59 
[ssh-keyscan.1]
     scan for Ed25519 keys by default too
 2014-04-20 13:00:51 +10:00
Damien Miller 3819519288 - djm@cvs.openbsd.org 2014/03/12 04:51:12 
[authfile.c]
     correct test that kdf name is not "none" or "bcrypt"
 2014-04-20 13:00:28 +10:00
Damien Miller 8f9cd709c7 - djm@cvs.openbsd.org 2014/03/12 04:50:32 
[auth-bsdauth.c ssh-keygen.c]
     don't count on things that accept arguments by reference to clear
     things for us on error; most things do, but it's unsafe form.
 2014-04-20 13:00:11 +10:00
Damien Miller 1c7ef4be83 - djm@cvs.openbsd.org 2014/03/12 04:44:58 
[ssh-keyscan.c]
     scan for Ed25519 keys by default too
 2014-04-20 12:59:46 +10:00
Damien Miller c10bf4d051 - djm@cvs.openbsd.org 2014/03/03 22:22:30 
[session.c]
     ignore enviornment variables with embedded '=' or '\0' characters;
     spotted by Jann Horn; ok deraadt@
     Id sync only - portable already has this.
 2014-04-20 12:58:04 +10:00
Damien Miller c2e49062fa - (djm) Use full release (e.g. 6.5p1) in debug output rather than just 
version. From des@des.no
 2014-04-01 14:42:46 +11:00
Damien Miller 14928b7492 - (djm) On platforms that support it, use prctl() to prevent sftp-server 
from accessing /proc/self/{mem,maps}; patch from jann AT thejh.net
 2014-04-01 14:38:07 +11:00
Damien Miller 48abc47e60 - (djm) [sandbox-seccomp-filter.c] Soft-fail stat() syscalls. Add XXX to 
remind myself to add sandbox violation logging via the log socket.
 2014-03-17 14:45:56 +11:00
Tim Rice 9c36698ca2 20140314 
- (tim) [opensshd.init.in] Add support for ed25519
 2014-03-14 12:45:01 -07:00
Damien Miller 19158b2447 - (djm) Release OpenSSH 6.6 2014-03-13 13:14:21 +11:00
Damien Miller 8569eba5d7 - djm@cvs.openbsd.org 2014/03/03 22:22:30 
[session.c]
     ignore enviornment variables with embedded '=' or '\0' characters;
     spotted by Jann Horn; ok deraadt@
 2014-03-04 09:35:17 +11:00
Damien Miller 2476c31b96 - (djm) [regress/Makefile] Disable dhgex regress test; it breaks when 
no moduli file exists at the expected location.
 2014-03-02 04:01:00 +11:00
Damien Miller c83fdf30e9 - (djm) [regress/host-expand.sh] Add RCS Id 2014-02-28 10:34:03 +11:00
Damien Miller 834aeac355 - djm@cvs.openbsd.org 2014/02/27 21:21:25 
[agent-ptrace.sh agent.sh]
     keep return values that are printed in error messages;
     from portable
     (Id sync only)
 2014-02-28 10:25:16 +11:00
Damien Miller 4f7f1a9a0d - djm@cvs.openbsd.org 2014/02/27 20:04:16 
[login-timeout.sh]
     remove any existing LoginGraceTime from sshd_config before adding
     a specific one for the test back in
 2014-02-28 10:24:11 +11:00
Damien Miller d705d987c2 - djm@cvs.openbsd.org 2014/01/26 10:49:17 
[scp-ssh-wrapper.sh scp.sh]
     make sure $SCP is tested on the remote end rather than whichever one
     happens to be in $PATH; from portable
     (Id sync only)
 2014-02-28 10:23:26 +11:00
Damien Miller 624a3ca376 - djm@cvs.openbsd.org 2014/01/26 10:22:10 
[regress/cert-hostkey.sh]
     automatically generate revoked keys from listed keys rather than
     manually specifying each type; from portable
     (Id sync only)
 2014-02-28 10:22:37 +11:00
Damien Miller b843923284 - dtucker@cvs.openbsd.org 2014/01/25 04:35:32 
[regress/Makefile regress/dhgex.sh]
     Add a test for DH GEX sizes
 2014-02-28 10:21:26 +11:00
Damien Miller 1e2aa3d904 - dtucker@cvs.openbsd.org 2014/01/20 00:00:30 
[sftp-chroot.sh]
     append to rather than truncating the log file
 2014-02-28 10:19:51 +11:00
Damien Miller f483cc16fe - dtucker@cvs.openbsd.org 2014/01/19 23:43:02 
[regress/sftp-chroot.sh]
     Don't use -q on sftp as it suppresses logging, instead redirect the
     output to the regress logfile.
 2014-02-28 10:19:11 +11:00
Damien Miller 6486f16f1c - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 
[contrib/suse/openssh.spec] Crank version numbers
 2014-02-28 10:03:52 +11:00
Damien Miller 92cf5adea1 - djm@cvs.openbsd.org 2014/02/27 22:57:40 
[version.h]
     openssh-6.6
 2014-02-28 10:01:53 +11:00
Damien Miller fc5d6759ab - djm@cvs.openbsd.org 2014/02/27 22:47:07 
[sshd_config.5]
     bz#2184 clarify behaviour of a keyword that appears in multiple
     matching Match blocks; ok dtucker@
 2014-02-28 10:01:28 +11:00
Damien Miller 172ec7e0af - djm@cvs.openbsd.org 2014/02/27 08:25:09 
[bufbn.c]
     off by one in range check
 2014-02-28 10:00:57 +11:00