Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-03-12 | scan for Ed25519 keys by default too | Christian Weisgerber | |
2014-03-12 | correct test that kdf name is not "none" or "bcrypt" | Damien Miller | |
2014-03-12 | don't count on things that accept arguments by reference to clear | Damien Miller | |
things for us on error; most things do, but it's unsafe form. | |||
2014-03-12 | scan for Ed25519 keys by default too | Damien Miller | |
2014-03-03 | ignore enviornment variables with embedded '=' or '\0' characters; | Damien Miller | |
spotted by Jann Horn; ok deraadt@ | |||
2014-02-28 | Absolutely do not override base system build features in this file!! | Theo de Raadt | |
Discovered by miod. | |||
2014-02-27 | openssh-6.6 | Damien Miller | |
2014-02-27 | bz#2184 clarify behaviour of a keyword that appears in multiple | Damien Miller | |
matching Match blocks; ok dtucker@ | |||
2014-02-27 | off by one in range check | Damien Miller | |
2014-02-27 | fix unsigned overflow that could lead to reading a short ssh protocol | Damien Miller | |
1 bignum value; found by Ben Hawkes; ok deraadt@ | |||
2014-02-26 | ssh_gssapi_prepare_supported_oids needs GSSAPI | Markus Friedl | |
2014-02-26 | don't assume that the socks4 username is \0 terminated; | Damien Miller | |
spotted by Ben Hawkes; ok markus@ | |||
2014-02-26 | bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsep | Damien Miller | |
sandboxing, as running this code in the sandbox can cause violations; ok markus@ | |||
2014-02-26 | bz#2205: avoid early hostname lookups unless canonicalisation is enabled; | Damien Miller | |
ok dtucker@ markus@ | |||
2014-02-23 | reparse ssh_config and ~/.ssh/config if hostname canonicalisation changes | Damien Miller | |
the hostname. This allows users to write configurations that always refer to canonical hostnames, e.g. CanonicalizeHostname yes CanonicalDomains int.example.org example.org CanonicalizeFallbackLocal no Host *.int.example.org Compression off Host *.example.org User djm ok markus@ | |||
2014-02-23 | check for unsigned overflow; not reachable in OpenSSH but others might | Damien Miller | |
copy our code... | |||
2014-02-22 | when processing Match blocks, skip 'exec' clauses if previous predicates | Damien Miller | |
failed to match; ok markus@ | |||
2014-02-15 | avoid spurious "getsockname failed: Bad file descriptor" errors in ssh -W; | Damien Miller | |
bz#2200, debian#738692 via Colin Watson; ok dtucker@ | |||
2014-02-07 | -Wold-style-declaration is not supported by gcc 3. | Miod Vallat | |
2014-02-07 | remove some logging that makes ssh debugging output very verbose; | Damien Miller | |
ok markus | |||
2014-02-06 | in ssh_create_socket(), only do the getaddrinfo for BindAddress when | Damien Miller | |
BindAddress is actually specified. Fixes regression in 6.5 for UsePrivilegedPort=yes; patch from Corinna Vinschen | |||
2014-02-05 | tweak synopsis: calling ssh-keygen without any arguments is fine; ok jmc@ | Christian Weisgerber | |
while here, fix ordering in usage(); requested by jmc@ | |||
2014-02-04 | delay lowercasing of hostname until right before hostname | Damien Miller | |
canonicalisation to unbreak case-sensitive matching of ssh_config; reported by Ike Devolder; ok markus@ | |||
2014-02-03 | fix memory leak; ECDSA_SIG_new() allocates 'r' and 's' for us, unlike | Damien Miller | |
DSA_SIG_new. Reported by Batz Spear; ok markus@ | |||
2014-02-02 | convert memset of potentially-private data to explicit_bzero() | Damien Miller | |
2014-01-31 | replace most bzero with explicit_bzero, except a few that cna be memset | Ted Unangst | |
ok djm dtucker | |||
2014-01-30 | allow shutdown(2) syscall in sandbox - it may be called by packet_close() | Damien Miller | |
from portable | |||
2014-01-29 | document kbdinteractiveauthentication; | Jason McIntyre | |
requested From: Ross L Richardson dtucker/markus helped explain its workings; | |||
2014-01-29 | remove experimental, never-enabled JPAKE code; ok markus@ | Damien Miller | |
2014-01-29 | In the experimental, never-enabled JPAKE code: clear returned digest and | Damien Miller | |
length in hash_buffer() for error cases; could lead to memory corruption later if EVP_Digest* fails. Pointed out by Mark Dowd | |||
2014-01-29 | use kill(0, ...) instead of killpg(0, ...); on most operating systems | Damien Miller | |
they are equivalent, but SUSv2 describes the latter as having undefined behaviour; from portable; ok dtucker | |||
2014-01-28 | rename digest.c to digest-openssl.c and add libc variant; ok djm@ | Markus Friedl | |
2014-01-28 | kill some bad Pa; | Jason McIntyre | |
From: Jan Stary | |||
2014-01-27 | replace openssl MD5 with our ssh_digest_*; ok djm@ | Markus Friedl | |
2014-01-27 | replace openssl HMAC with an implementation based on our ssh_digest_* | Markus Friedl | |
ok and feedback djm@ | |||
2014-01-25 | dh_need needs to be set to max(seclen, blocksize, ivlen, mac_len) | Markus Friedl | |
ok dtucker@, noted by mancha | |||
2014-01-25 | Add a special case for the DH group size for 3des-cbc, which has an | Darren Tucker | |
effective strength much lower than the key size. This causes problems with some cryptlib implementations, which don't support group sizes larger than 4k but also don't use the largest group size it does support as specified in the RFC. Based on a patch from Petr Lautrbach at Redhat, reduced by me with input from Markus. ok djm@ markus@ | |||
2014-01-20 | memleak; found by Loganaden Velvindron @ AfriNIC; ok markus@ | Damien Miller | |
2014-01-19 | Cast the sizeof to socklen_t so it'll work even if the supplied len is | Darren Tucker | |
negative. Suggested by and ok djm, ok deraadt. | |||
2014-01-19 | fix inverted meaning of 'no' and 'yes' for CanonicalizeFallbackLocal | Damien Miller | |
2014-01-19 | Cast socklen_t when comparing to size_t and use socklen_t to iterate over | Darren Tucker | |
the ip options, both to prevent signed/unsigned comparison warnings. Patch from vinschen at redhat via portable openssh, begrudging ok deraadt. | |||
2014-01-18 | explicitly define USE_PIPES to 1 to prevent redefinition warnings in portable | Darren Tucker | |
on platforms that use pipes for everything. | |||
2014-01-18 | Remove -Wbounded: it is now the compiler default. | Martynas Venckus | |
2014-01-17 | fix log message statvfs. ok djm | Darren Tucker | |
2014-01-17 | remove unused includes. ok djm@ | Darren Tucker | |
2014-01-17 | signed/unsigned comparison warning fix; from portable | Damien Miller | |
2014-01-16 | openssh-6.5 | Damien Miller | |
2014-01-16 | needless and incorrect cast to size_t can break resumption of | Damien Miller | |
large download; patch from tobias@ | |||
2014-01-12 | avoid use of OpenSSL BIGNUM type and functions for KEX with | Damien Miller | |
Curve25519 by adding a buffer_put_bignum2_from_string() that stores a string using the bignum encoding rules. Will make it easier to build a reduced-feature OpenSSH without OpenSSL in the future; ok markus@ | |||
2014-01-10 | the /etc/ssh/ssh_host_ed25519_key is loaded by default too | Damien Miller | |