RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2025-01-15 06:01:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,104 Commits 69 Branches 157 Tags 27 MiB
bcce47466b
Commit Graph

8104 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
jmc@openbsd.org
95923e0520 upstream commit 
tweak previous;

Upstream-ID: f29b3cfcfd9aa31fa140c393e7bd48c1c74139d6
 2015-09-16 17:52:05 +10:00
dtucker@openbsd.org
86ac462f83 upstream commit 
Update usage to match man page.

Upstream-ID: 9e85aefaecfb6aaf34c7cfd0700cd21783a35675
 2015-09-16 17:52:05 +10:00
djm@openbsd.org
674b3b68c1 upstream commit 
expand %i in ControlPath to UID; bz#2449

patch from Christian Hesse w/ feedback from dtucker@

Upstream-ID: 2ba8d303e555a84e2f2165ab4b324b41e80ab925
 2015-09-16 17:52:04 +10:00
djm@openbsd.org
c0f55db7ee upstream commit 
mention -Q key-plain and -Q key-cert; bz#2455 pointed out
 by Jakub Jelen

Upstream-ID: c8f1f8169332e4fa73ac96b0043e3b84e01d4896
 2015-09-16 17:52:04 +10:00
Darren Tucker
cfffbdb10f Use ssh-keygen -A when generating host keys. 
Use ssh-keygen -A instead of per-keytype invocations when generating host
keys.  Add tests when doing host-key-force since we can't use ssh-keygen -A
since it can't specify alternate locations.  bz#2459, ok djm@
 2015-09-14 16:24:21 +10:00
Darren Tucker
366bada1e9 Correct default value for --with-ssh1. 
bz#2457, from konto-mindrot.org at walimnieto.com.
 2015-09-11 13:33:23 +10:00
djm@openbsd.org
2bca8a43e7 upstream commit 
more clarity on what AuthorizedKeysFile=none does; based
 on diff by Thiebaud Weksteen

Upstream-ID: 78ab87f069080f0cc3bc353bb04eddd9e8ad3704
 2015-09-11 13:28:01 +10:00
djm@openbsd.org
61942ea4a0 upstream commit 
openssh_RSA_verify return type is int, so don't make it
 size_t within the function itself with only negative numbers or zero assigned
 to it. bz#2460

Upstream-ID: b6e794b0c7fc4f9f329509263c8668d35f83ea55
 2015-09-11 13:28:00 +10:00
dtucker@openbsd.org
4f7cc2f8cc upstream commit 
Plug minor memory leaks when options are used more than
 once.  bz#2182, patch from Tiago Cunha, ok deraadt djm

Upstream-ID: 5b84d0401e27fe1614c10997010cc55933adb48e
 2015-09-11 13:28:00 +10:00
Darren Tucker
7ad8b287c8 Force resolution of _res for correct detection. 
bz#2259, from sconeu at yahoo.com.
 2015-09-11 13:11:02 +10:00
Damien Miller
26ad182472 allow getrandom syscall; from Felix von Leitner 2015-09-10 10:57:41 +10:00
jmc@openbsd.org
5245bc1e6b upstream commit 
full stop belongs outside the brackets, not inside;

Upstream-ID: 99d098287767799ac33d2442a05b5053fa5a551a
 2015-09-04 16:57:03 +10:00
djm@openbsd.org
a85768a932 upstream commit 
add a debug2() right before DNS resolution; it's a place
 where ssh could previously silently hang for a while. bz#2433

Upstream-ID: 52a1a3e0748db66518e7598352c427145692a6a0
 2015-09-04 16:57:03 +10:00
djm@openbsd.org
46152af8d2 upstream commit 
correct function name in error messages

Upstream-ID: 92fb2798617ad9561370897f4ab60adef2ff4c0e
 2015-09-04 16:57:02 +10:00
djm@openbsd.org
a954cdb799 upstream commit 
better document ExitOnForwardFailure; bz#2444, ok
 dtucker@

Upstream-ID: a126209b5a6d9cb3117ac7ab5bc63d284538bfc2
 2015-09-04 16:57:02 +10:00
djm@openbsd.org
f54d8ac247 upstream commit 
don't record hostbased authentication hostkeys as user
 keys in test for multiple authentication with the same key

Upstream-ID: 26b368fa2cff481f47f37e01b8da1ae5b57b1adc
 2015-09-04 16:57:01 +10:00
djm@openbsd.org
ac3451dd65 upstream commit 
remove extra newline in nethack-mode hostkey; from
 Christian Hesse bz#2686

Upstream-ID: 4f56368b1cc47baeea0531912186f66007fd5b92
 2015-09-04 16:57:01 +10:00
djm@openbsd.org
9e3ed9ebb1 upstream commit 
trim junk from end of file; bz#2455 from Jakub Jelen

Upstream-Regress-ID: a4e64e8931e40d23874b047074444eff919cdfe6
 2015-09-04 16:56:23 +10:00
jsg@openbsd.org
f3a3ea180a upstream commit 
Fix occurrences of "r = func() != 0" which result in the
 wrong error codes being returned due to != having higher precedence than =.

ok deraadt@ markus@

Upstream-ID: 5fc35c9fc0319cc6fca243632662d2f06b5fd840
 2015-09-03 10:44:41 +10:00
Damien Miller
f498a98cf8 don't check for yp_match; ok tim@ 2015-09-03 09:11:22 +10:00
djm@openbsd.org
9690b78b78 upstream commit 
Improve printing of KEX offers and decisions

The debug output now labels the client and server offers and the
negotiated options. ok markus@

Upstream-ID: 8db921b3f92a4565271b1c1fbce6e7f508e1a2cb
 2015-08-22 11:17:08 +10:00
djm@openbsd.org
60a92470e2 upstream commit 
Fix printing (ssh -G ...) of HostKeyAlgorithms=+...
 Reported by Bryan Drewery

Upstream-ID: 19ad20c41bd5971e006289b6f9af829dd46c1293
 2015-08-22 11:17:07 +10:00
djm@openbsd.org
6310f60fff upstream commit 
Fix expansion of HostkeyAlgorithms=+...

Reported by Bryan Drewery

Upstream-ID: 70ca1deea39d758ba36d36428ae832e28566f78d
 2015-08-22 11:17:07 +10:00
deraadt@openbsd.org
e774e5ea56 upstream commit 
Improve size == 0, count == 0 checking in mm_zalloc,
 which is "array" like. Discussed with tedu, millert, otto.... and ok djm

Upstream-ID: 899b021be43b913fad3eca1aef44efe710c53e29
 2015-08-22 11:17:06 +10:00
Damien Miller
189de02d9a expose POLLHUP and POLLNVAL for netcat.c 2015-08-21 15:45:02 +10:00
Damien Miller
e91346dc2b we don't use Github for issues/pull-requests 2015-08-21 14:49:03 +10:00
Damien Miller
a4f5b507c7 fix URL for connect.c 2015-08-21 14:43:55 +10:00
Damien Miller
d026a8d3da update version numbers for 7.1 2015-08-21 13:47:10 +10:00
djm@openbsd.org
78f8f589f0 upstream commit 
openssh-7.1

Upstream-ID: ff7b1ef4b06caddfb45e08ba998128c88be3d73f
 2015-08-21 13:47:08 +10:00
djm@openbsd.org
32a181980c upstream commit 
fix inverted logic that broke PermitRootLogin; reported
 by Mantas Mikulenas; ok markus@

Upstream-ID: 260dd6a904c1bb7e43267e394b1c9cf70bdd5ea5
 2015-08-21 13:43:25 +10:00
deraadt@openbsd.org
ce445b0ed9 upstream commit 
Do not cast result of malloc/calloc/realloc* if stdlib.h
 is in scope ok krw millert

Upstream-ID: 5e50ded78cadf3841556649a16cc4b1cb6c58667
 2015-08-21 13:43:25 +10:00
naddy@openbsd.org
05291e5288 upstream commit 
In the certificates section, be consistent about using
 "host_key" and "user_key" for the respective key types.  ok sthen@ deraadt@

Upstream-ID: 9e037ea3b15577b238604c5533e082a3947f13cb
 2015-08-21 13:43:24 +10:00
djm@openbsd.org
8543d4ef6f upstream commit 
Better compat matching for WinSCP, add compat matching
 for FuTTY (fork of PuTTY); ok markus@ deraadt@

Upstream-ID: 24001d1ac115fa3260fbdc329a4b9aeb283c5389
 2015-08-20 13:07:42 +10:00
djm@openbsd.org
ec6eda16eb upstream commit 
fix double-free() in error path of DSA key generation
 reported by Mateusz Kocielski; ok markus@

Upstream-ID: 4735d8f888b10599a935fa1b374787089116713c
 2015-08-20 13:07:41 +10:00
djm@openbsd.org
45b0eb752c upstream commit 
fix free() of uninitialised pointer reported by Mateusz
 Kocielski; ok markus@

Upstream-ID: 519552b050618501a06b7b023de5cb104e2c5663
 2015-08-20 13:07:41 +10:00
djm@openbsd.org
c837643b93 upstream commit 
fixed unlink([uninitialised memory]) reported by Mateusz
 Kocielski; ok markus@

Upstream-ID: 14a0c4e7d891f5a8dabc4b89d4f6b7c0d5a20109
 2015-08-20 13:07:40 +10:00
jmc@openbsd.org
1f8d3d629c upstream commit 
match myproposal.h order; from brian conway (i snuck in a
 tweak while here)

ok dtucker

Upstream-ID: 35174a19b5237ea36aa3798f042bf5933b772c67
 2015-08-19 10:47:16 +10:00
deraadt@openbsd.org
1dc8d93ce6 upstream commit 
add prohibit-password as a synonymn for without-password,
 since the without-password is causing too many questions.  Harden it to ban
 all but pubkey, hostbased, and GSSAPI auth (when the latter is enabled) from
 djm, ok markus

Upstream-ID: d53317d7b28942153e6236d3fd6e12ceb482db7a
 2015-08-11 18:57:29 +10:00
Damien Miller
90a95a4745 update version in README 2015-08-11 13:53:49 +10:00
Damien Miller
318c377435 update versions in *.spec 2015-08-11 13:53:48 +10:00
Damien Miller
5e75f51987 set sshpam_ctxt to NULL after free 
Avoids use-after-free in monitor when privsep child is compromised.
Reported by Moritz Jodeit; ok dtucker@
 2015-08-11 13:36:00 +10:00
Damien Miller
d4697fe9a2 Don't resend username to PAM; it already has it. 
Pointed out by Moritz Jodeit; ok dtucker@
 2015-08-11 13:36:00 +10:00
Darren Tucker
88763a6c89 Import updated moduli file from OpenBSD. 2015-08-10 11:21:13 +10:00
Damien Miller
55b263fb7c let principals-command.sh work for noexec /var/run 2015-08-10 11:13:44 +10:00
Damien Miller
2651e34cd1 work around echo -n / sed behaviour in tests 2015-08-06 11:43:42 +10:00
djm@openbsd.org
d85dad8177 upstream commit 
adjust for RSA minimum modulus switch; ok deraadt@

Upstream-Regress-ID: 5a72c83431b96224d583c573ca281cd3a3ebfdae
 2015-08-06 11:13:25 +10:00
djm@openbsd.org
57e8e229ba upstream commit 
backout SSH_RSA_MINIMUM_MODULUS_SIZE increase for this
 release; problems spotted by sthen@ ok deraadt@ markus@

Upstream-ID: d0bd60dde9e8c3cd7030007680371894c1499822
 2015-08-05 10:08:39 +10:00
djm@openbsd.org
f097d0ea1e upstream commit 
openssh 7.0; ok deraadt@

Upstream-ID: c63afdef537f57f28ae84145c5a8e29e9250221f
 2015-08-02 19:59:26 +10:00
chris@openbsd.org
3d5728a0f6 upstream commit 
Allow PermitRootLogin to be overridden by config

ok markus@ deeradt@

Upstream-ID: 5cf3e26ed702888de84e2dc9d0054ccf4d9125b4
 2015-08-02 19:59:26 +10:00
djm@openbsd.org
6f941396b6 upstream commit 
fix pty permissions; patch from Nikolay Edigaryev; ok
 deraadt

Upstream-ID: 40ff076d2878b916fbfd8e4f45dbe5bec019e550
 2015-08-02 19:59:25 +10:00