44a8e7ce6f
upstream commit
...
don't try to cleanup NULL KEX proposals in
kex_prop_free(); found by Jukka Taimisto and Markus Hietava
2015-04-29 18:14:20 +10:00
3038a19187
upstream commit
...
use error/logit/fatal instead of fprintf(stderr, ...)
and exit(0), fix a few errors that were being printed to stdout instead of
stderr and a few non-errors that were going to stderr instead of stdout
bz#2325; ok dtucker
2015-04-29 18:14:20 +10:00
a58be33cb6
upstream commit
...
debug log missing DISPLAY environment when X11
forwarding requested; bz#1682 ok dtucker@
2015-04-29 18:13:35 +10:00
17d4d9d9fb
upstream commit
...
don't call record_login() in monitor when UseLogin is
enabled; bz#278 reported by drk AT sgi.com; ok dtucker
2015-04-29 18:13:34 +10:00
40132ff87b
upstream commit
...
Add some missing options to sshd -T and fix the output
of VersionAddendum HostCertificate. bz#2346, patch from jjelen at redhat
com, ok djm.
2015-04-29 18:13:34 +10:00
6cc7cfa936
upstream commit
...
Document "none" for PidFile XAuthLocation
TrustedUserCAKeys and RevokedKeys. bz#2382, feedback from jmc@, ok djm@
2015-04-29 18:13:34 +10:00
15fdfc9b1c
upstream commit
...
Plug leak of address passed to logging. bz#2373, patch
from jjelen at redhat, ok markus@
2015-04-29 18:13:33 +10:00
bb2289e2a4
upstream commit
...
Output remote username in debug output since with Host
and Match it's not always obvious what it will be. bz#2368, ok djm@
2015-04-29 18:13:07 +10:00
70860b6d07
Format UsePAM setting when using sshd -T.
...
Part of bz#2346, patch from jjelen at redhat com.
2015-04-17 10:56:13 +10:00
ee15d9c9f0
Wrap endian.h include inside ifdef (bz#2370).
2015-04-17 10:40:23 +10:00
408f4c2ad4
Look for '${host}-ar' before 'ar'.
...
This changes configure.ac to look for '${host}-ar' as set by
AC_CANONICAL_HOST before looking for the unprefixed 'ar'.
Useful when cross-compiling when all your binutils are prefixed.
Patch from moben at exherbo org via astrand at lysator liu se and
bz#2352.
2015-04-17 09:39:58 +10:00
673a1c16ad
remove dependency on arpa/telnet.h
2015-04-16 11:40:35 +10:00
202d443eed
Remove duplicate include of pwd.h. bz#2337, patch from Mordy Ovits.
2015-04-15 15:59:49 +10:00
5979864934
platform's with openpty don't need pty_release
2015-04-13 14:40:17 +10:00
318be28cda
upstream commit
...
deprecate ancient, pre-RFC4419 and undocumented
SSH2_MSG_KEX_DH_GEX_REQUEST_OLD message; ok markus@ deraadt@ "seems
reasonable" dtucker@
2015-04-13 14:37:20 +10:00
d8f391caef
upstream commit
...
Don't send hostkey advertisments
(hostkeys-00@openssh.com ) to current versions of Tera Term as they can't
handle them. Newer versions should be OK. Patch from Bryan Drewery and
IWAMOTO Kouichi, ok djm@
2015-04-13 14:37:19 +10:00
2c2cfe1a1c
upstream commit
...
include port number if a non-default one has been
specified; based on patch from Michael Handler
2015-04-13 14:37:18 +10:00
4492a4f222
upstream commit
...
treat Protocol=1,2|2,1 as Protocol=2 when compiled
without SSH1 support; ok dtucker@ millert@
2015-04-13 14:37:17 +10:00
c265e2e6e9
upstream commit
...
Do not use int for sig_atomic_t; spotted by
christos@netbsd; ok markus@
2015-04-13 14:37:17 +10:00
e7bf3a5eda
Use do{}while(0) for no-op functions.
...
From FreeBSD.
2015-04-07 10:48:04 +10:00
bb99844aba
Wrap blf.h include in ifdef. From FreeBSD.
2015-04-07 10:47:15 +10:00
d9b9b43656
Fix misspellings of regress CONFOPTS env variables.
...
Patch from Bryan Drewery.
2015-04-07 09:10:00 +10:00
3f4ea3c9ab
upstream commit
...
correct return value in pubkey parsing, spotted by Ben Hawkes
ok markus@
2015-04-04 09:18:26 +11:00
7da2be0cb9
upstream commit
...
adapt to recent hostfile.c change: when parsing
known_hosts without fully parsing the keys therein, hostkeys_foreach() will
now correctly identify KEY_RSA1 keys; ok markus@ miod@
2015-04-01 10:03:05 +11:00
9e1777a0d1
upstream commit
...
use ${SSH} for -Q instead of installed ssh
2015-04-01 10:02:56 +11:00
ce1b358ea4
upstream commit
...
make CLEANFILES clean up more of the tests' droppings
2015-04-01 10:02:01 +11:00
398f9ef192
upstream commit
...
downgrade error() for known_hosts parse errors to debug()
to quiet warnings from ssh1 keys present when compiled !ssh1.
also identify ssh1 keys when scanning, even when compiled !ssh1
ok markus@ miod@
2015-04-01 10:00:46 +11:00
9a47ab8003
upstream commit
...
fd leak for !ssh1 case; found by unittests; ok markus@
2015-04-01 10:00:46 +11:00
c9a0805a62
upstream commit
...
don't fatal when a !ssh1 sshd is reexeced from a w/ssh1
listener; reported by miod@; ok miod@ markus@
2015-04-01 10:00:45 +11:00
704d8c8898
upstream commit
...
Comments are only supported for RSA1 keys. If a user
tried to add one and entered his passphrase, explicitly clear it before exit.
This is done in all other error paths, too.
ok djm
2015-04-01 10:00:27 +11:00
78de1673c0
upstream commit
...
ssh-askpass(1) is the default, overridden by SSH_ASKPASS;
diff originally from jiri b;
2015-04-01 10:00:27 +11:00
26e0bcf766
upstream commit
...
fix uninitialised memory read when parsing a config file
consisting of a single nul byte. Found by hanno AT hboeck.de using AFL; ok
dtucker
2015-03-30 11:01:08 +11:00
fecede00a7
upstream commit
...
sigp and lenp are not optional in ssh_agent_sign(); ok
djm@
2015-03-27 12:02:38 +11:00
1b0ef38132
upstream commit
...
don't try to load .ssh/identity by default if SSH1 is
disabled; ok markus@
2015-03-27 12:02:34 +11:00
f9b7885237
upstream commit
...
ban all-zero curve25519 keys as recommended by latest
CFRG curves draft; ok markus
2015-03-27 12:02:27 +11:00
b8afbe2c1a
upstream commit
...
relax bits needed check to allow
diffie-hellman-group1-sha1 key exchange to complete for chacha20-poly1305 was
selected as symmetric cipher; ok markus
2015-03-27 12:02:23 +11:00
47842f71e3
upstream commit
...
ignore v1 errors on ssh-add -D; only try v2 keys on
-l/-L (unless WITH_SSH1) ok djm@
2015-03-27 12:02:16 +11:00
5f57e77f91
upstream commit
...
unbreak ssh_agent_sign (lenp vs *lenp)
2015-03-27 12:02:13 +11:00
4daeb67181
upstream commit
...
don't leak 'setp' on error; noted by Nicholas Lemonias;
ok djm@
2015-03-27 12:01:47 +11:00
7d4f96f9de
upstream commit
...
consistent check for NULL as noted by Nicholas
Lemonias; ok djm@
2015-03-27 12:00:52 +11:00
df100be513
upstream commit
...
correct fmt-string for size_t as noted by Nicholas
Lemonias; ok djm@
2015-03-27 12:00:47 +11:00
a22b9ef212
upstream commit
...
promote chacha20-poly1305@openssh.com to be the default
cipher; ok markus
2015-03-27 12:00:43 +11:00
2aa9da1a3b
upstream commit
...
Compile-time disable SSH protocol 1. You can turn it
back on using the Makefile.inc knob if you need it to talk to ancient
devices.
2015-03-27 12:00:37 +11:00
53097b2022
upstream commit
...
fix double-negative error message "ssh1 is not
unsupported"
2015-03-27 12:00:33 +11:00
5c27e3b6ec
upstream commit
...
for ssh-keygen -A, don't try (and fail) to generate ssh
v.1 keys when compiled without SSH1 support RSA/DSA/ECDSA keys when compiled
without OpenSSL based on patch by Mike Frysinger; bz#2369
2015-03-23 17:10:14 +11:00
725fd22a8c
upstream commit
...
KRL support doesn't need OpenSSL anymore, remove #ifdefs
from around call
2015-03-23 17:08:39 +11:00
b07011c18e
upstream commit
...
#if 0 some more arrays used only for decrypting (we don't
use since we only need encrypt for AES-CTR)
2015-03-23 17:08:12 +11:00
1cb3016635
upstream commit
...
add back the changes from rev 1.206, djm reverted this by
mistake in rev 1.207
2015-03-23 17:07:36 +11:00
4d24b3b6a4
remove error() accidentally inserted for debugging
...
pointed out by Christian Hesse
2015-03-20 09:32:27 +11:00
9f82e5a904
portability fix: Solaris systems may not have a grep that understands -q
2015-03-16 22:49:20 -07:00
djm@openbsd.org
dtucker@openbsd.org
Darren Tucker
Damien Miller
miod@openbsd.org
markus@openbsd.org
tobias@openbsd.org
jmc@openbsd.org
naddy@openbsd.org
jsg@openbsd.org
Damien Miller
Tim Rice