Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | establish V_6_7 branchV_6_7_P1V_6_7 | Damien Miller | 2014-10-07 | 1 | -0/+1 |
| | |||||
* | - (djm) Release OpenSSH-6.7 | Damien Miller | 2014-10-07 | 1 | -0/+3 |
| | |||||
* | - (djm) [sshd_config.5] typo; from Iain Morgan | Damien Miller | 2014-10-03 | 2 | -1/+4 |
| | |||||
* | - (djm) [openbsd-compat/Makefile.in openbsd-compat/kludge-fd_set.c] | Damien Miller | 2014-10-01 | 4 | -3/+53 |
| | | | | | | [openbsd-compat/openbsd-compat.h] Kludge around bad glibc _FORTIFY_SOURCE check that doesn't grok heap-allocated fd_sets; ok dtucker@ | ||||
* | - (djm) [sandbox-seccomp-filter.c] Allow mremap and exit for DietLibc; | Damien Miller | 2014-09-10 | 2 | -0/+8 |
| | | | | patch from Felix von Leitner; ok dtucker | ||||
* | 20140908 | Darren Tucker | 2014-09-09 | 2 | -4/+7 |
| | | | | - (dtucker) [INSTALL] Update info about egd. ok djm@ | ||||
* | - (djm) [openbsd-compat/arc4random.c] Zero seed after keying PRNG | Damien Miller | 2014-09-04 | 2 | -1/+4 |
| | |||||
* | - (djm) [contrib/cygwin/ssh-host-config] Fix old code leading to | Damien Miller | 2014-09-03 | 2 | -32/+2 |
| | | | | permissions/ACLs; from Corinna Vinschen | ||||
* | - (djm) [defines.h sshbuf.c] Move __predict_true|false to defines.h and | Damien Miller | 2014-09-03 | 3 | -11/+16 |
| | | | | conditionalise to avoid duplicate definition. | ||||
* | - (djm) [Makefile.in] Make TEST_SHELL a variable; "good idea" tim@ | Damien Miller | 2014-08-30 | 2 | -3/+4 |
| | |||||
* | - (djm) [openbsd-compat/openssl-compat.h] add include guard | Damien Miller | 2014-08-30 | 2 | -5/+10 |
| | |||||
* | - (djm) [misc.c] Missing newline between functions | Damien Miller | 2014-08-30 | 2 | -0/+2 |
| | |||||
* | - (djm) [openbsd-compat/openssl-compat.h] add | Damien Miller | 2014-08-30 | 2 | -2/+13 |
| | | | | OPENSSL_[RD]SA_MAX_MODULUS_BITS defines for OpenSSL that lacks them | ||||
* | - (djm) [openbsd-compat/explicit_bzero.c] implement explicit_bzero() | Damien Miller | 2014-08-27 | 3 | -5/+30 |
| | | | | | | using memset_s() where possible; improve fallback to indirect bzero via a volatile pointer to give it more of a chance to avoid being optimised away. | ||||
* | - (djm) [monitor.c sshd.c] SIGXFSZ needs to be ignored in postauth | Damien Miller | 2014-08-27 | 3 | -4/+5 |
| | | | | monitor, not preauth; bz#2263 | ||||
* | - (djm) [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c] | Damien Miller | 2014-08-27 | 7 | -7/+29 |
| | | | | | | | | | [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] [regress/unittests/sshkey/common.c] [regress/unittests/sshkey/test_file.c] [regress/unittests/sshkey/test_fuzz.c] [regress/unittests/sshkey/test_sshkey.c] Don't include openssl/ec.h on !ECC OpenSSL systems | ||||
* | - (djm) [INSTALL] Recommend libcrypto be built -fPIC, mention LibreSSL, | Damien Miller | 2014-08-26 | 2 | -10/+17 |
| | | | | update OpenSSL version requirement. | ||||
* | - (djm) [bufec.c] Skip this file on !ECC OpenSSL | Damien Miller | 2014-08-26 | 2 | -1/+7 |
| | |||||
* | - (djm) [sftp-server.c] Some systems (e.g. Irix) have prctl() but not | Damien Miller | 2014-08-24 | 2 | -2/+6 |
| | | | | PR_SET_DUMPABLE, so adjust ifdef; reported by Tom Christensen | ||||
* | - (djm) [configure.ac] We now require a working vsnprintf everywhere (not | Damien Miller | 2014-08-23 | 2 | -12/+21 |
| | | | | | just for systems that lack asprintf); check for it always and extend test to catch more brokenness. Fixes builds on Solaris <= 9 | ||||
* | - (djm) [sshd.c] Ignore SIGXFSZ in preauth monitor child; can explode on | Damien Miller | 2014-08-23 | 2 | -0/+8 |
| | | | | lastlog writing on platforms with high UIDs; bz#2263 | ||||
* | - (djm) [configure.ac] double braces to appease autoconf | Damien Miller | 2014-08-22 | 2 | -3/+4 |
| | |||||
* | - (djm) [openbsd-compat/bsd-snprintf.c] Fix compilation failure (prototype/ | Damien Miller | 2014-08-22 | 2 | -2/+4 |
| | | | | definition mismatch) and warning for broken/missing snprintf case. | ||||
* | - (djm) [sshbuf-getput-crypto.c] Fix compilation when OpenSSL lacks ECC | Damien Miller | 2014-08-22 | 2 | -1/+4 |
| | |||||
* | - (djm) [configure.ac] include leading zero characters in OpenSSL version | Damien Miller | 2014-08-22 | 2 | -4/+8 |
| | | | | number; fixes test for unsupported versions | ||||
* | - (djm) [regress/unittests/test_helper/test_helper.c] Fix for systems that | Damien Miller | 2014-08-21 | 2 | -0/+15 |
| | | | | don't set __progname. Diagnosed by Tom Christensen. | ||||
* | - (djm) [key.h] Fix ifdefs for no-ECC OpenSSL | Damien Miller | 2014-08-21 | 2 | -2/+3 |
| | |||||
* | - (djm) [Makefile.in] fix reference to libtest_helper.a in sshkey test too. | Damien Miller | 2014-08-21 | 2 | -3/+6 |
| | |||||
* | - (djm) [contrib/cygwin/README] Correct build instructions; from Corinna | Damien Miller | 2014-08-20 | 2 | -1/+2 |
| | |||||
* | - (djm) [sshkey.h] Fix compilation when OpenSSL lacks ECC | Damien Miller | 2014-08-20 | 2 | -14/+25 |
| | |||||
* | - (djm) [Makefile.in] refer to libtest_helper.a by explicit path rather than | Damien Miller | 2014-08-20 | 2 | -2/+4 |
| | | | | -L/-l; fixes linking problems on some platforms | ||||
* | - (djm) [configure.ac] Check OpenSSL version is supported at configure time; | Damien Miller | 2014-08-20 | 2 | -3/+15 |
| | | | | suggested by Kevin Brott | ||||
* | - (djm) [INSTALL contrib/caldera/openssh.spec contrib/cygwin/README] | Damien Miller | 2014-08-19 | 6 | -21/+6 |
| | | | | | [contrib/redhat/openssh.spec contrib/suse/openssh.spec] Remove mentions of TCP wrappers. | ||||
* | - (djm) [ssh-dss.c] Include openssl/dsa.h for DSA_SIG | Damien Miller | 2014-08-19 | 2 | -0/+2 |
| | |||||
* | - (djm) [sshbuf.h] Fix compilation on systems without OPENSSL_HAS_ECC. | Damien Miller | 2014-08-19 | 2 | -5/+12 |
| | |||||
* | - (djm) [myproposal.h] Make curve25519 KEX dependent on | Damien Miller | 2014-08-19 | 1 | -1/+1 |
| | | | | HAVE_EVP_SHA256 instead of OPENSSL_HAS_ECC. | ||||
* | - (djm) [serverloop.c] Fix syntax error on Cygwin; from Corinna Vinschen | Damien Miller | 2014-08-19 | 2 | -4/+11 |
| | |||||
* | - (djm) [README contrib/caldera/openssh.spec] | Damien Miller | 2014-08-10 | 5 | -6/+10 |
| | | | | [contrib/redhat/openssh.spec contrib/suse/openssh.spec] Update versions | ||||
* | - (djm) [regress/multiplex.sh] Use -d (detach stdin) flag to disassociate | Damien Miller | 2014-08-01 | 2 | -2/+4 |
| | | | | nc from stdin, it's more portable | ||||
* | - (djm) [regress/multiplex.sh] Instruct nc not to quit as soon as stdin | Damien Miller | 2014-08-01 | 2 | -2/+4 |
| | | | | is closed; avoid regress failures when stdin is /dev/null | ||||
* | - (djm) [regress/multiplex.sh] Skip test for non-OpenBSD netcat. We need | Damien Miller | 2014-08-01 | 2 | -4/+12 |
| | | | | a better solution, but this will have to do for now. | ||||
* | - schwarze@cvs.openbsd.org 2014/07/28 15:40:08 | Damien Miller | 2014-07-30 | 3 | -9/+14 |
| | | | | | | | [sftp-server.8 sshd_config.5] some systems no longer need /dev/log; issue noticed by jirib; ok deraadt | ||||
* | - dtucker@cvs.openbsd.org 2014/07/25 21:22:03 | Damien Miller | 2014-07-30 | 2 | -1/+8 |
| | | | | | | | | [ssh-agent.c] Clear buffer used for handling messages. This prevents keys being left in memory after they have been expired or deleted in some cases (but note that ssh-agent is setgid so you would still need root to access them). Pointed out by Kevin Burns, ok deraadt | ||||
* | - OpenBSD CVS Sync | Damien Miller | 2014-07-30 | 2 | -5/+14 |
| | | | | | | - millert@cvs.openbsd.org 2014/07/24 22:57:10 [ssh.1] Mention UNIX-domain socket forwarding too. OK jmc@ deraadt@ | ||||
* | - (djm) [regress/multiplex.sh] restore incorrectly deleted line; | Damien Miller | 2014-07-25 | 2 | -1/+5 |
| | | | | pointed out by Christian Hesse | ||||
* | - dtucker@cvs.openbsd.org 2014/07/22 23:35:38 | Darren Tucker | 2014-07-23 | 75 | -217/+222 |
| | | | | | | [regress/unittests/sshkey/testdata/*] Regenerate test keys with certs signed with ed25519 instead of ecdsa. These can be used in -portable on platforms that don't support ECDSA. | ||||
* | - dtucker@cvs.openbsd.org 2014/07/22 23:57:40 | Darren Tucker | 2014-07-23 | 2 | -0/+4 |
| | | | | | [regress/unittests/sshkey/mktestdata.sh] Add $OpenBSD tag to make syncs easier | ||||
* | - dtucker@cvs.openbsd.org 2014/07/22 23:23:22 | Darren Tucker | 2014-07-23 | 2 | -3/+7 |
| | | | | | | [regress/unittests/sshkey/mktestdata.sh] Sign test certs with ed25519 instead of ecdsa so that they'll work in -portable on platforms that don't have ECDSA in their OpenSSL. ok djm | ||||
* | - djm@cvs.openbsd.org 2014/07/22 01:32:12 | Darren Tucker | 2014-07-23 | 2 | -1/+6 |
| | | | | | | | [regress/multiplex.sh] change the test for still-open Unix domain sockets to be robust against nc implementations that produce error messages. from -portable (Id sync only) | ||||
* | - guenther@cvs.openbsd.org 2014/07/22 07:13:42 | Darren Tucker | 2014-07-23 | 2 | -1/+6 |
| | | | | | | | [umac.c] Convert from <sys/endian.h> to the shiney new <endian.h> ok dtucker@, who also confirmed that -portable handles this already (ID sync only, includes.h pulls in endian.h if available.) |