Don't count the initial block twice when computing how
many bytes to discard for the work around for the attacks against CBC-mode.
ok djm@; report from Jean Paul, Kenny, Martin and Torben @ RHUL
Upstream-ID: f445f509a4e0a7ba3b9c0dae7311cb42458dc1e2
revision 1.13
date: 2017/03/11 23:37:23; author: djm; state: Exp; lines: +14 -1; commitid: jnFKyHkB3CEiEZ2R;
fix signed integer overflow in scan_scaled. Found by Nicolas Iooss
using AFL against ssh_config. ok deraadt@ millert@
----------------------------
revision 1.12
date: 2013/11/29 19:00:51; author: deraadt; state: Exp; lines: +6 -5;
fairly simple unsigned char casts for ctype
ok krw
----------------------------
revision 1.11
date: 2012/11/12 14:07:20; author: halex; state: Exp; lines: +4 -2;
make scan_scaled set errno to EINVAL rather than ERANGE if it encounters
an invalid multiplier, like the man page says it should
"looks sensible" deraadt@, ok ian@
----------------------------
revision 1.10
date: 2009/06/20 15:00:04; author: martynas; state: Exp; lines: +4 -4;
use llabs instead of the home-grown version; and some comment changes
ok ian@, millert@
----------------------------
When updating hostkeys, accept RSA keys if
HostkeyAlgorithms contains any RSA keytype. Previously, ssh could ignore RSA
keys when any of the ssh-rsa-sha2-* methods was enabled in HostkeyAlgorithms
nit ssh-rsa (SHA1 signatures) was not. bz#2650 reported by Luis Ressel; ok
dtucker@
Upstream-ID: c5e8cfee15c42f4a05d126158a0766ea06da79d2
better match sshd config parser behaviour: fatal() if
line is overlong, increase line buffer to match sshd's; bz#2651 reported by
Don Fong; ok dtucker@
Upstream-ID: b175ae7e0ba403833f1ee566edf10f67443ccd18
ensure hostname is lower-case before hashing it;
bz#2591 reported by Griff Miller II; ok dtucker@
Upstream-ID: c3b8b93804f376bd00d859b8bcd9fc0d86b4db17
fix regression in 7.4 server-sig-algs, where we were
accidentally excluding SHA2 RSA signature methods. bz#2680, patch from Nuno
Goncalves; ok dtucker@
Upstream-ID: 81ac8bfb30960447740b9b8f6a214dcf322f12e8
quote [host]:port in generated ProxyJump commandline; the
[ / ] characters can confuse some shells (e.g. zsh). Reported by Lauri
Tirkkonen via bugs@
Upstream-ID: 65cdd161460e1351c3d778e974c1c2a4fa4bc182
fix ssh-keygen -H accidentally corrupting known_hosts that
contained already-hashed entries. HKF_MATCH_HOST_HASHED is only set by
hostkeys_foreach() when hostname matching is in use, so we need to look for
the hash marker explicitly.
Upstream-ID: da82ad653b93e8a753580d3cf5cd448bc2520528
small memleak: free fd_set on connection timeout (though
we are heading to exit anyway). From Tom Rix in bz#2683
Upstream-ID: 10e3dadbb8199845b66581473711642d9e6741c4
Add a common nl_langinfo(CODESET) alias for US-ASCII
"ANSI_X3.4-1968" that is used by Linux. Fixes mprintf output truncation for
non-UTF-8 locales on Linux spotted by dtucker@; ok deraadt@ schwarze@
Upstream-ID: c6808956ebffd64066f9075d839f74ff0dd60719
AF_UNIX kind of sockets are now supported. socket() and connect() calls are implemented. Windows specific logic in authfd.c is now removed. https://github.com/PowerShell/Win32-OpenSSH/issues/532 is created to keep track of ssh-agent end point authentication
Remove deprecated SSH1 options RSAAuthentication and
RhostsRSAAuthentication from regression test sshd_config.
Upstream-Regress-ID: 8066b753d9dce7cf02ff87af5c727ff680d99491
ifdef out "rsa1" from the list of supported keytypes when
compiled without SSH1 support. Found by kdunlop at guralp.com, ok djm@
Upstream-ID: cea93a26433d235bb1d64b1d990f19a9c160a70f
For ProxyJump/-J, surround host name with brackets to
allow literal IPv6 addresses. From Dick Visser; ok dtucker@
Upstream-ID: 3a5d3b0171250daf6a5235e91bce09c1d5746bf1
fix division by zero crash in "df" output when server
returns zero total filesystem blocks/inodes. Spotted by Guido Vranken; ok
dtucker@
Upstream-ID: 6fb6c2ae6b289aa07b6232dbc0be54682ef5419f
bring back r1.34 that was backed out for problems loading
public keys:
translate OpenSSL error codes to something more
meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@
with additional fix from Jakub Jelen to solve the backout.
bz#2525 bz#2523 re-ok dtucker@
Upstream-ID: a9d5bc0306f4473d9b4f4484f880e95f3c1cc031
markus@openbsd.org
dtucker@openbsd.org
Damien Miller
Manoj Ampalam
djm@openbsd.org
Darren Tucker
jmc@openbsd.org
jsg@openbsd.org
bagajjal
Yanbing