History log of /openssh-portable/ (Results 1476 - 1500 of 10956)
Revision (<<< Hide revision tags) (Show revision tags >>>)Date Author Comments
(<<< Hide modified files)
(Show modified files >>>)
bb542f0c14-Dec-2018 tedu@openbsd.org

upstream: remove unused and problematic sudo clean. ok espie

OpenBSD-Regress-ID: ca90c20a15a85b661e13e98b80c10e65cd662f7b

0a843d9a26-Dec-2018 djm@openbsd.org

upstream: move client/server SSH-* banners to buffers under

ssh->kex and factor out the banner exchange. This eliminates some common code
from the client and server.

Also be mor

upstream: move client/server SSH-* banners to buffers under

ssh->kex and factor out the banner exchange. This eliminates some common code
from the client and server.

Also be more strict about handling \r characters - these should only
be accepted immediately before \n (pointed out by Jann Horn).

Inspired by a patch from Markus Schmidt.
(lots of) feedback and ok markus@

OpenBSD-Commit-ID: 1cc7885487a6754f63641d7d3279b0941890275b

show more ...

434b587a06-Dec-2018 dtucker@openbsd.org

upstream: Fix calculation of initial bandwidth limits. Account for

written bytes before the initial timer check so that the first buffer written
is accounted. Set the threshold after wh

upstream: Fix calculation of initial bandwidth limits. Account for

written bytes before the initial timer check so that the first buffer written
is accounted. Set the threshold after which the timer is checked such that
the limit starts being computed as soon as possible, ie after the second
buffer is written. This prevents an initial burst of traffic and provides a
more accurate bandwidth limit. bz#2927, ok djm.

OpenBSD-Commit-ID: ff3ef76e4e43040ec198c2718d5682c36b255cb6

show more ...

a6a0788c06-Dec-2018 djm@openbsd.org

upstream: only consider the ext-info-c extension during the initial

KEX. It shouldn't be sent in subsequent ones, but if it is present we should
ignore it.

This prevents sshd fr

upstream: only consider the ext-info-c extension during the initial

KEX. It shouldn't be sent in subsequent ones, but if it is present we should
ignore it.

This prevents sshd from sending a SSH_MSG_EXT_INFO for REKEX for buggy
these clients. Reported by Jakub Jelen via bz2929; ok dtucker@

OpenBSD-Commit-ID: 91564118547f7807030ec537480303e2371902f9

show more ...

63bba57a06-Dec-2018 djm@openbsd.org

upstream: fix option letter pasto in previous

OpenBSD-Commit-ID: e26c8bf2f2a808f3c47960e1e490d2990167ec39

737e4edd06-Dec-2018 djm@openbsd.org

upstream: mention that the ssh-keygen -F (find host in

authorized_keys) and -R (remove host from authorized_keys) options may accept
either a bare hostname or a [hostname]:port combo. bz

upstream: mention that the ssh-keygen -F (find host in

authorized_keys) and -R (remove host from authorized_keys) options may accept
either a bare hostname or a [hostname]:port combo. bz#2935

OpenBSD-Commit-ID: 5535cf4ce78375968b0d2cd7aa316fa3eb176780

show more ...

8a22ffaa06-Dec-2018 Damien Miller

expose $SSH_CONNECTION in the PAM environment

This makes the connection 4-tuple available to PAM modules that
wish to use it in decision-making. bz#2741

a784fa8c12-Dec-2018 Kevin Adler

Don't pass loginmsg by address now that it's an sshbuf*

In 120a1ec74, loginmsg was changed from the legacy Buffer type
to struct sshbuf*, but it missed changing calls to
sys_auth_all

Don't pass loginmsg by address now that it's an sshbuf*

In 120a1ec74, loginmsg was changed from the legacy Buffer type
to struct sshbuf*, but it missed changing calls to
sys_auth_allowed_user and sys_auth_record_login which passed
loginmsg by address. Now that it's a pointer, just pass it directly.

This only affects AIX, unless there are out of tree users.

show more ...

285310b806-Dec-2018 djm@openbsd.org

upstream: no need to allocate channels_pre/channels_post in

channel_init_channels() as we do it anyway in channel_handler_init() that we
call at the end of the function. Fix from Markus

upstream: no need to allocate channels_pre/channels_post in

channel_init_channels() as we do it anyway in channel_handler_init() that we
call at the end of the function. Fix from Markus Schmidt via bz#2938

OpenBSD-Commit-ID: 74893638af49e3734f1e33a54af1b7ea533373ed

show more ...

87d6cf1c29-Nov-2018 djm@openbsd.org

upstream: don't attempt to connect to empty SSH_AUTH_SOCK; bz#293

OpenBSD-Commit-ID: 0e8fc8f19f14b21adef7109e0faa583d87c0e929

91b1919828-Nov-2018 djm@openbsd.org

upstream: don't truncate user or host name in "user@host's

OpenBSD-Commit-ID: e6ca01a8d58004b7f2cac0b1b7ce8f87e425e360

dd0cf63123-Nov-2018 jmc@openbsd.org

upstream: tweak previous;

OpenBSD-Commit-ID: 08f096922eb00c98251501c193ff9e83fbb5de4f

8a85f54525-Nov-2018 Darren Tucker

Include stdio.h for FILE if needed.

16fb23f224-Nov-2018 Darren Tucker

Reverse order of OpenSSL init functions.

Try the new init function (OPENSSL_init_crypto) before falling back to
the old one (OpenSSL_add_all_algorithms).

98f878d224-Nov-2018 Darren Tucker

Improve OpenSSL_add_all_algorithms check.

OpenSSL_add_all_algorithms() may be a macro so check for that too.

9e34e0c523-Nov-2018 djm@openbsd.org

upstream: add a ssh_config "Match final" predicate

Matches in same pass as "Match canonical" but doesn't require
hostname canonicalisation be enabled. bz#2906 ok markus

OpenBSD-

upstream: add a ssh_config "Match final" predicate

Matches in same pass as "Match canonical" but doesn't require
hostname canonicalisation be enabled. bz#2906 ok markus

OpenBSD-Commit-ID: fba1dfe9f6e0cabcd0e2b3be13f7a434199beffa

show more ...

4da58d5822-Nov-2018 dtucker@openbsd.org

upstream: Remove now-unneeded ifdef SIGINFO around handler since it is

now always used for SIGUSR1 even when SIGINFO is not defined. This will make
things simpler in -portable.

upstream: Remove now-unneeded ifdef SIGINFO around handler since it is

now always used for SIGUSR1 even when SIGINFO is not defined. This will make
things simpler in -portable.

OpenBSD-Regress-ID: 4ff0265b335820b0646d37beb93f036ded0dc43f

show more ...

c721d58722-Nov-2018 Darren Tucker

Move RANDOM_SEED_SIZE outside ifdef.

RANDOM_SEED_SIZE is used by both the OpenSSL and non-OpenSSL code
This fixes the build with configureed --without-openssl.

deb5155222-Nov-2018 Darren Tucker

Resync with OpenBSD by pulling in an ifdef SIGINFO.

28c7b2cd22-Nov-2018 Damien Miller

fix configure test for OpenSSL version

square brackets in case statements may be eaten by autoconf.

Report and fix from Filipp Gunbin; tweaked by naddy@

42c5ec4b22-Nov-2018 Damien Miller

refactor libcrypto initialisation

Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually
supports it.

Move all libcrypto initialisation to a single function, and call t

refactor libcrypto initialisation

Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually
supports it.

Move all libcrypto initialisation to a single function, and call that
from seed_rng() that is called early in each tool's main().

Prompted by patch from Rosen Penev

show more ...

5b60b6c022-Nov-2018 dtucker@openbsd.org

upstream: Output info on SIGUSR1 as well as

SIGINFO to resync with portable. (ID sync only).

OpenBSD-Regress-ID: 699d153e2de22dce51a1b270c40a98472d1a1b16

e4ae345d22-Nov-2018 dtucker@openbsd.org

upstream: Append pid to temp files in /var/run and set a cleanup

trap for them. This allows multiple instances of tests to run without
colliding.

OpenBSD-Regress-ID: 57add105ecd

upstream: Append pid to temp files in /var/run and set a cleanup

trap for them. This allows multiple instances of tests to run without
colliding.

OpenBSD-Regress-ID: 57add105ecdfc54752d8003acdd99eb68c3e0b4c

show more ...

f72d0f5231-Oct-2018 dtucker@openbsd.org

upstream: UsePrivilegeSeparation no is deprecated

test "yes" and "sandbox".

OpenBSD-Regress-ID: 80e685ed8990766527dc629b1affc09a75bfe2da

35d0e5fe17-Oct-2018 djm@openbsd.org

upstream: add some knobs:

UNITTEST_FAST?= no # Skip slow tests (e.g. less intensive fuzzing).
UNITTEST_SLOW?= no # Include slower tests (e.g. more intensive fuzzing).
UNITTES

upstream: add some knobs:

UNITTEST_FAST?= no # Skip slow tests (e.g. less intensive fuzzing).
UNITTEST_SLOW?= no # Include slower tests (e.g. more intensive fuzzing).
UNITTEST_VERBOSE?= no # Verbose test output (inc. per-test names).

useful if you want to run the tests as a smoke test to exercise the
functionality without waiting for all the fuzzers to run.

OpenBSD-Regress-ID: e04d82ebec86068198cd903acf1c67563c57315e

show more ...

1...<<51525354555657585960>>...439