| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2018-08-13 | revert compat.[ch] section of the following change. It causes | Damien Miller | |
| double-free under some circumstances. -- date: 2018/07/31 03:07:24; author: djm; state: Exp; lines: +33 -18; commitid: f7g4UI8eeOXReTPh; fix some memory leaks spotted by Coverity via Jakub Jelen in bz#2366 feedback and ok dtucker@ | |||
| 2018-08-12 | better diagnosics on alg list assembly errors; ok deraadt@ markus@ | Damien Miller | |
| 2018-08-10 | improve | Damien Miller | |
| 2018-08-10 | Describe pubkey format, prompted by bz#2853 | Damien Miller | |
| While I'm here, describe and link to the remaining local PROTOCOL.* docs that weren't already mentioned (PROTOCOL.key, PROTOCOL.krl and PROTOCOL.mux) | |||
| 2018-08-10 | fix numbering | Damien Miller | |
| 2018-08-08 | Use new private key format by default. This format is suported by | Damien Miller | |
| OpenSSH >= 6.5 (released January 2014), so it should be supported by most OpenSSH versions in active use. It is possible to convert new-format private keys to the older format using "ssh-keygen -f /path/key -pm PEM". ok deraadt dtucker | |||
| 2018-08-04 | invalidate dh->priv_key after freeing it in error path; avoids | Damien Miller | |
| unlikely double-free later. Reported by Viktor Dukhovni via https://github.com/openssh/openssh-portable/pull/96 feedback jsing@ tb@ | |||
| 2018-07-31 | delay bailout for invalid authenticating user until after the packet | Damien Miller | |
| containing the request has been fully parsed. Reported by Dariusz Tytko and MichaÅ Sajdak; ok deraadt | |||
| 2018-07-31 | fix some memory leaks spotted by Coverity via Jakub Jelen in bz#2366 | Damien Miller | |
| feedback and ok dtucker@ | |||
| 2018-07-27 | avoid expensive channel_open_message() calls; ok djm@ | Markus Friedl | |
| 2018-07-27 | Now that ssh can't be setuid, remove the original_real_uid and | Darren Tucker | |
| original_effective_uid globals and replace with calls to plain getuid(). ok djm@ | |||
| 2018-07-27 | Remove uid checks from low port binds. Now that ssh cannot be | Darren Tucker | |
| setuid and sshd always has privsep on, we can remove the uid checks for low port binds and just let the system do the check. We leave a sanity check for the !privsep case so long as the code is stil there. with & ok djm@ | |||
| 2018-07-27 | ssh(1) no longer supports being setuid root. Remove reference to crc32 | Darren Tucker | |
| which went with protocol 1. Pointed out by deraadt@. | |||
| 2018-07-25 | Don't redefine Makefile choices which come correct from bsd.*.mk | Theo de Raadt | |
| ok markus | |||
| 2018-07-25 | fix indent; Clemens Goessnitzer | Theo de Raadt | |
| 2018-07-25 | Use the caller provided (copied) pwent struct in load_public_identity_files | Bob Beck | |
| instead of calling getpwuid() again and discarding the argument. This prevents a client crash where tilde_expand_filename calls getpwuid() again before the pwent pointer is used. Issue noticed and reported by Pierre-Olivier Martel <pom@apple.com> ok djm@ deraadt@ | |||
| 2018-07-23 | oops, failed to notice that SEE ALSO got messed up; | Jason McIntyre | |
| 2018-07-23 | Point to glob in section 7 for the actual list of special characters instead | kn | |
| the C API in section 3. OK millert jmc nicm, "the right idea" deraadt | |||
| 2018-07-22 | Switch authorized_keys example from ssh-dss to ssh-rsa since the former | Darren Tucker | |
| is no longer enabled by default. Pointed out by Daniel A. Maierhofer, ok jmc | |||
| 2018-07-20 | slightly-clearer description for AuthenticationMethods - the lists | Damien Miller | |
| have comma-separated elements; bz#2663 from Hans Meier | |||
| 2018-07-20 | remove unused zlib.h | Damien Miller | |
| 2018-07-19 | Fix typo in comment. From Alexandru Iacob via github. | Darren Tucker | |
| 2018-07-19 | Deprecate UsePrivilegedPort now that support for running ssh(1) | Darren Tucker | |
| setuid has been removed, remove supporting code and clean up references to it in the man pages We have not shipped ssh(1) the setuid bit since 2002. If ayone really needs to make connections from a low port number this can be implemented via a small setuid ProxyCommand. ok markus@ jmc@ djm@ | |||
| 2018-07-18 | Remove support for running ssh(1) setuid and fatal if attempted. | Darren Tucker | |
| Do not link uidwap.c into ssh any more. Neuters UsePrivilegedPort, which will be marked as deprecated shortly. ok markus@ djm@ | |||
| 2018-07-16 | Slot 0 in the hostbased key array was previously RSA1, but that is | Darren Tucker | |
| now gone and the slot is unused so remove it. Remove two now-unused macros, and add an array bounds check to the two remaining ones (array is statically sized, so mostly a safety check on future changes). ok markus@ | |||
| 2018-07-16 | Remove support for loading HostBasedAuthentication keys directly in | Darren Tucker | |
| ssh(1) and always use ssh-keysign. This removes one of the few remaining reasons why ssh(1) might be setuid. ok markus@ | |||
| 2018-07-16 | keep options.identity_file_userprovided array in sync when we load | Damien Miller | |
| keys, fixing some spurious error messages; ok markus | |||
| 2018-07-16 | memleaks; found by valgrind | Damien Miller | |
| 2018-07-12 | remove prototype to long-gone function | Damien Miller | |
| 2018-07-11 | treat ssh_packet_write_wait() errors as fatal; ok djm@ | Markus Friedl | |
| 2018-07-11 | remove legacy key emulation layer; ok djm@ | Markus Friedl | |
| 2018-07-11 | s/wuth/with/ in comment | Martijn van Duren | |
| 2018-07-10 | re-remove some pre-auth compression bits | Stefan Fritsch | |
| This time, make sure to not remove things that are necessary for pre-auth compression on the client. Add a comment that pre-auth compression is still supported in the client. ok markus@ | |||
| 2018-07-10 | kerberos/gssapi fixes for buffer removal | Damien Miller | |
| 2018-07-10 | buffer.[ch] and bufaux.c are no more | Damien Miller | |
| 2018-07-10 | one mention of Buffer that almost got away :) | Damien Miller | |
| 2018-07-09 | replace cast with call to sshbuf_mutable_ptr(); ok djm@ | Markus Friedl | |
| 2018-07-09 | remove legacy buffer API emulation layer; ok djm@ | Markus Friedl | |
| 2018-07-09 | sshd: switch monitor to sshbuf API; lots of help & ok djm@ | Markus Friedl | |
| 2018-07-09 | sshd: switch GSSAPI to sshbuf API; ok djm@ | Markus Friedl | |
| 2018-07-09 | sshd: switch authentication to sshbuf API; ok djm@ | Markus Friedl | |
| 2018-07-09 | sshd: switch config to sshbuf API; ok djm@ | Markus Friedl | |
| 2018-07-09 | sshd: switch loginmsg to sshbuf API; ok djm@ | Markus Friedl | |
| 2018-07-09 | ttymodes: switch to sshbuf API; ok djm@ | Markus Friedl | |
| 2018-07-09 | client: switch mux to sshbuf API; with & ok djm@ | Markus Friedl | |
| 2018-07-09 | client: switch to sshbuf API; ok djm@ | Markus Friedl | |
| 2018-07-09 | pkcs11: switch to sshbuf API; ok djm@ | Markus Friedl | |
| 2018-07-09 | Revert previous two commits | Stefan Fritsch | |
| It turns out we still support pre-auth compression on the client. Therefore revert the previous two commits: date: 2018/07/06 09:06:14; author: sf; commitid: yZVYKIRtUZWD9CmE; Rename COMP_DELAYED to COMP_ZLIB Only delayed compression is supported nowadays. ok markus@ date: 2018/07/06 09:05:01; author: sf; commitid: rEGuT5UgI9f6kddP; Remove leftovers from pre-authentication compression Support for this has been removed in 2016. COMP_DELAYED will be renamed in a later commit. ok markus@ | |||
| 2018-07-06 | Rename COMP_DELAYED to COMP_ZLIB | Stefan Fritsch | |
| Only delayed compression is supported nowadays. ok markus@ | |||
| 2018-07-06 | Remove leftovers from pre-authentication compression | Stefan Fritsch | |
| Support for this has been removed in 2016. COMP_DELAYED will be renamed in a later commit. ok markus@ | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |