1. 07 Aug, 2016 18 commits
  2. 06 Aug, 2016 1 commit
  3. 27 Jul, 2016 1 commit
  4. 26 Jul, 2016 3 commits
  5. 24 Jul, 2016 2 commits
  6. 23 Jul, 2016 4 commits
    • Darren Tucker's avatar
      Move Cygwin IPPORT_RESERVED overrride to defines.h · 353766e0
      Darren Tucker authored
      Patch from vinschen at redhat.com.
      353766e0
    • djm@openbsd.org's avatar
      upstream commit · 368dd977
      djm@openbsd.org authored
      fix pledge violation with ssh -f; reported by Valentin
      Kozamernik ok dtucker@
      
      Upstream-ID: a61db7988db88d9dac3c4dd70e18876a8edf84aa
      368dd977
    • djm@openbsd.org's avatar
      upstream commit · f00211e3
      djm@openbsd.org authored
      improve wording; suggested by jmc@
      
      Upstream-ID: 55cb0a24c8e0618b3ceec80998dc82c85db2d2f8
      f00211e3
    • dtucker@openbsd.org's avatar
      upstream commit · 83cbca69
      dtucker@openbsd.org authored
      Lower loglevel for "Authenticated with partial success"
      message similar to other similar level.  bz#2599, patch from cgallek at
      gmail.com, ok markus@
      
      Upstream-ID: 3faab814e947dc7b2e292edede23e94c608cb4dd
      83cbca69
  7. 22 Jul, 2016 9 commits
    • Damien Miller's avatar
      retry waitpid on EINTR failure · 10358abd
      Damien Miller authored
      patch from Jakub Jelen on bz#2581; ok dtucker@
      10358abd
    • djm@openbsd.org's avatar
      upstream commit · da88a70a
      djm@openbsd.org authored
      constify a few functions' arguments; patch from Jakub
      Jelen bz#2581
      
      Upstream-ID: f2043f51454ea37830ff6ad60c8b32b4220f448d
      da88a70a
    • djm@openbsd.org's avatar
      upstream commit · c36d91bd
      djm@openbsd.org authored
      move debug("%p", key) to before key is free'd; probable
      undefined behaviour on strict compilers; reported by Jakub Jelen bz#2581
      
      Upstream-ID: 767f323e1f5819508a0e35e388ec241bac2f953a
      c36d91bd
    • djm@openbsd.org's avatar
      upstream commit · 286f5a77
      djm@openbsd.org authored
      reverse the order in which -J/JumpHost proxies are visited to
      be more intuitive and document
      
      reported by and manpage bits naddy@
      
      Upstream-ID: 3a68fd6a841fd6cf8cedf6552a9607ba99df179a
      286f5a77
    • dtucker@openbsd.org's avatar
      upstream commit · fcd135c9
      dtucker@openbsd.org authored
      Skip passwords longer than 1k in length so clients can't
      easily DoS sshd by sending very long passwords, causing it to spend CPU
      hashing them. feedback djm@, ok markus@.
      
      Brought to our attention by tomas.kuthan at oracle.com, shilei-c at
      360.cn and coredump at autistici.org
      
      Upstream-ID: d0af7d4a2190b63ba1d38eec502bc4be0be9e333
      fcd135c9
    • naddy@openbsd.org's avatar
      upstream commit · 324583e8
      naddy@openbsd.org authored
      Do not clobber the global jump_host variables when
      parsing an inactive configuration.  ok djm@
      
      Upstream-ID: 5362210944d91417d5976346d41ac0b244350d31
      324583e8
    • jmc@openbsd.org's avatar
      upstream commit · 32d921c3
      jmc@openbsd.org authored
      tweak previous;
      
      Upstream-ID: f3c1a5b3f05dff366f60c028728a2b43f15ff534
      32d921c3
    • dtucker@openbsd.org's avatar
      upstream commit · d7eabc86
      dtucker@openbsd.org authored
      Allow wildcard for PermitOpen hosts as well as ports.
      bz#2582, patch from openssh at mzpqnxow.com and jjelen at redhat.com.  ok
      markus@
      
      Upstream-ID: af0294e9b9394c4e16e991424ca0a47a7cc605f2
      d7eabc86
    • markus@openbsd.org's avatar
      upstream commit · b98a2a83
      markus@openbsd.org authored
      Reduce timing attack against obsolete CBC modes by always
      computing the MAC over a fixed size of data. Reported by Jean Paul
      Degabriele, Kenny Paterson, Torben Hansen and Martin Albrecht. ok djm@
      
      Upstream-ID: f20a13279b00ba0afbacbcc1f04e62e9d41c2912
      b98a2a83
  8. 21 Jul, 2016 1 commit
    • Darren Tucker's avatar
      Search users for one with a valid salt. · dbf788b4
      Darren Tucker authored
      If the root account is locked (eg password "!!" or "*LK*") keep looking
      until we find a user with a valid salt to use for crypting passwords of
      invalid users.  ok djm@
      dbf788b4
  9. 18 Jul, 2016 1 commit