1. 14 Feb, 2020 1 commit
  2. 27 Mar, 2019 1 commit
    • Ed Maste's avatar
      Apply commit 3d896c15 from openssh-portable: · dc9e8d9c
      Ed Maste authored
      upstream: when checking that filenames sent by the server side
      
      match what the client requested, be prepared to handle shell-style brace
      alternations, e.g. "{foo,bar}".
      
      "looks good to me" millert@ + in snaps for the last week courtesy
      deraadt@
      
      OpenBSD-Commit-ID: 3b1ce7639b0b25b2248e3a30f561a548f6815f3e
      
      Discussed with:	des
      dc9e8d9c
  3. 05 Feb, 2019 4 commits
  4. 03 Oct, 2018 1 commit
    • Ed Maste's avatar
      openssh: cherry-pick OpenSSL 1.1.1 compatibility · 0a5cc6b2
      Ed Maste authored
      Upstream commits:
      482d23bcac upstream: hold our collective noses and use the openssl-1.1.x
      48f54b9d12 adapt -portable to OpenSSL 1.1x API
      86e0a9f3d2 upstream: use only openssl-1.1.x API here too
      a3fd8074e2 upstream: missed a bit of openssl-1.0.x API in this unittest
      cce8cbe0ed Fix openssl-1.1 fallout for --without-openssl.
      
      Trivial conflicts in sshkey.c and test_sshkey.c were resolved.
      
      Discussed with:	des
      0a5cc6b2
  5. 28 Aug, 2018 1 commit
  6. 16 May, 2018 1 commit
  7. 06 May, 2018 2 commits
  8. 03 Aug, 2017 1 commit
  9. 31 Jan, 2017 2 commits
  10. 11 Jan, 2017 1 commit
    • Xin LI's avatar
      Apply upstream fix for CVE-2016-10009 and CVE-2016-10010: · 8f8c5592
      Xin LI authored
        add a whitelist of paths from which ssh-agent will load (via
        ssh-pkcs11-helper) a PKCS#11 module; ok markus@
      
        disable Unix-domain socket forwarding when privsep is disabled
      
      (Note that this is a backport of upstream fixes, and this commit
      is mainly to ease future imports).
      
      Obtained from:  OpenBSD
      8f8c5592
  11. 02 Nov, 2016 1 commit
    • Xin LI's avatar
      Apply upstream fix for CVE-2016-8858: · 642a1c38
      Xin LI authored
        Unregister the KEXINIT handler after message has been received.
        Otherwise an unauthenticated peer can repeat the KEXINIT and cause
        allocation of up to 128MB -- until the connection is closed.
        Reported by shilei-c at 360.cn
      
      Obtained from:	OpenBSD
      642a1c38
  12. 10 Mar, 2016 2 commits
  13. 19 Jan, 2016 1 commit
  14. 26 Aug, 2015 2 commits
  15. 02 Jul, 2015 2 commits
  16. 05 Jan, 2015 1 commit
  17. 20 Apr, 2014 1 commit
  18. 22 Mar, 2014 1 commit
  19. 30 Jan, 2014 1 commit
  20. 11 Nov, 2013 1 commit
  21. 18 Sep, 2013 1 commit
  22. 13 Aug, 2013 1 commit
  23. 17 May, 2013 1 commit
  24. 24 Apr, 2013 1 commit
  25. 14 Apr, 2013 1 commit
  26. 02 Apr, 2013 1 commit
  27. 22 Mar, 2013 1 commit
  28. 29 Aug, 2012 2 commits
  29. 25 Jun, 2012 1 commit
    • Xin LI's avatar
      Merge from upstream: · 4bc11fc9
      Xin LI authored
         - djm@cvs.openbsd.org 2012/04/11 13:34:17
           [ssh-keyscan.1 ssh-keyscan.c]
           now that sshd defaults to offering ECDSA keys, ssh-keyscan should also
           look for them by default; bz#1971
      
      Approved by:	des
      4bc11fc9
  30. 28 Sep, 2011 2 commits