8c02e3639a
upstream commit
...
KNF compression proposal and simplify the client side a
little. ok djm@
Upstream-ID: aa814b694efe9e5af8a26e4c80a05526ae6d6605
2016-06-06 11:25:38 +10:00
7ec4946fb6
upstream commit
...
Back out 'plug memleak'.
Upstream-ID: 4faacdde136c24a961e24538de373660f869dbc0
2016-06-06 11:25:37 +10:00
82f24c3ddc
upstream commit
...
prefer agent-hosted keys to keys from PKCS#11; ok markus
Upstream-ID: 7417f7653d58d6306d9f8c08d0263d050e2fd8f4
2016-06-06 11:25:37 +10:00
a0cb7778fb
upstream commit
...
Plug mem leak in filter_proposal. ok djm@
Upstream-ID: bf968da7cfcea2a41902832e7d548356a4e2af34
2016-06-06 11:25:37 +10:00
ae9c0d4d5c
Update vis.h and vis.c from OpenBSD.
...
This will be needed for the upcoming utf8 changes.
2016-06-03 16:03:44 +10:00
e1d93705f8
modified: configure.ac
...
whitspace clean up. No code changes.
2016-05-31 11:13:22 -07:00
604a037d84
whitespace at EOL
2016-05-31 16:45:28 +10:00
1842420016
Add missing ssh-host-config --name option
...
Patch from vinschen@redhat.com .
2016-05-30 19:35:28 +10:00
39c0cecaa1
Fix comment about sshpam_const and AIX.
...
From mschwager via github.
2016-05-20 10:01:58 +10:00
f64062b1f7
Deny lstat syscalls in seccomp sandbox
...
Avoids sandbox violations for some krb/gssapi libraries.
2016-05-20 09:56:53 +10:00
531c135409
upstream commit
...
fix type of ed25519 values
Upstream-ID: b32d0cb372bbe918ca2de56906901eae225a59b0
2016-05-19 17:48:36 +10:00
75e21688f5
upstream commit
...
add IdentityAgent; noticed & ok jmc@
Upstream-ID: 4ba9034b00a4cf1beae627f0728da897802df88a
2016-05-19 17:48:36 +10:00
1a75d14daf
upstream commit
...
allow setting IdentityAgent to SSH_AUTH_SOCK; ok djm@
Upstream-ID: 20c508480d8db3eef18942c0fc39b1fcf25652ac
2016-05-19 17:48:35 +10:00
0516454151
upstream commit
...
move SSH_MSG_NONE, so we don't have to include ssh1.h;
ok deraadt@
Upstream-ID: c2f97502efc761a41b18c17ddf460e138ca7994e
2016-05-19 17:48:34 +10:00
332ff3d770
initialise salen in binresvport_sa
...
avoids failures with UsePrivilegedPort=yes
patch from Juan Gallego
2016-05-10 09:51:06 +10:00
c5c1d5d2f0
upstream commit
...
missing const in prototypes (ssh1)
Upstream-ID: 789c6ad4928b5fa557369b88c3a6a34926082c05
2016-05-05 00:10:03 +10:00
9faae50e2e
upstream commit
...
Fix inverted logic for updating StreamLocalBindMask which
would cause the server to set an invalid mask. ok djm@
Upstream-ID: 8a4404c8307a5ef9e07ee2169fc6d8106b527587
2016-05-05 00:10:03 +10:00
b02ad1ce91
upstream commit
...
IdentityAgent for specifying specific agent sockets; ok
djm@
Upstream-ID: 3e6a15eb89ea0fd406f108826b7dc7dec4fbfac1
2016-05-05 00:01:49 +10:00
910e59bba0
upstream commit
...
fix junk characters after quotes
Upstream-ID: cc4d0cd32cb6b55a2ef98975d2f7ae857d0dc578
2016-05-05 00:01:49 +10:00
9283884e64
upstream commit
...
correct article;
Upstream-ID: 1fbd5b7ab16d2d9834ec79c3cedd4738fa42a168
2016-05-05 00:01:49 +10:00
cfefbcea10
upstream commit
...
fix overriding of StreamLocalBindMask and
StreamLocalBindUnlink in Match blocks; found the hard way Rogan Dawes
Upstream-ID: 940bc69ec0249ab428d24ccd0722ce35cb932ee2
2016-05-04 01:58:46 +10:00
771c2f51ff
upstream commit
...
don't forget to include StreamLocalBindUnlink in the
config dump output
Upstream-ID: 14a6d970b3b45c8e94272e3c661e9a0b2a0ee7cb
2016-05-04 01:58:46 +10:00
cdcd941994
upstream commit
...
make nethack^wrandomart fingerprint flag more readily
searchable pointed out by Matt Johnston
Upstream-ID: cb40d0235dc153c478c1aad3bc60b195422a54fb
2016-05-04 01:58:46 +10:00
05855bf2ce
upstream commit
...
clarify ordering of subkeys; pointed out by ietf-ssh AT
stbuehler.de
Upstream-ID: 05ebe9f949449a555ebce8e0aad7c8c9acaf8463
2016-05-04 00:55:21 +10:00
cca3b43958
upstream commit
...
Use a subshell for constructing key types to work around
different sed behaviours for -portable.
Upstream-Regress-ID: 0f6eb673162df229eda9a134a0f10da16151552d
2016-05-03 23:05:32 +10:00
fa58208c65
upstream commit
...
correct some typos and remove a long-stale XXX note.
add specification for ed25519 certificates
mention no host certificate options/extensions are currently defined
pointed out by Simon Tatham
Upstream-ID: 7b535ab7dba3340b7d8210ede6791fdaefdf839a
2016-05-03 20:29:14 +10:00
b466f956c3
upstream commit
...
add ed25519 keys that are supported but missing from this
documents; from Peter Moody
Upstream-ID: 8caac2d8e8cfd2fca6dc304877346e0a064b014b
2016-05-03 20:29:13 +10:00
7f3d76319a
upstream commit
...
Implement IUTF8 as per draft-sgtatham-secsh-iutf8-00. Patch
from Simon Tatham, ok markus@
Upstream-ID: 58268ebdf37d9d467f78216c681705a5e10c58e8
2016-05-03 20:04:42 +10:00
31bc01c05d
upstream commit
...
unbreak config parsing on reexec from previous commit
Upstream-ID: bc69932638a291770955bd05ca55a32660a613ab
2016-05-03 00:14:01 +10:00
67f1459efd
upstream commit
...
unit and regress tests for SHA256/512; ok markus
Upstream-Regress-ID: a0cd1a92dc824067076a5fcef83c18df9b0bf2c6
2016-05-02 20:59:50 +10:00
0e8eeec8e7
upstream commit
...
add support for additional fixed DH groups from
draft-ietf-curdle-ssh-kex-sha2-03
diffie-hellman-group14-sha256 (2K group)
diffie-hellman-group16-sha512 (4K group)
diffie-hellman-group18-sha512 (8K group)
based on patch from Mark D. Baushke and Darren Tucker
ok markus@
Upstream-ID: ac00406ada4f0dfec41585ca0839f039545bc46f
2016-05-02 20:39:32 +10:00
57464e3934
upstream commit
...
support SHA256 and SHA512 RSA signatures in certificates;
ok markus@
Upstream-ID: b45be2f2ce8cacd794dc5730edaabc90e5eb434a
2016-05-02 20:35:05 +10:00
1a31d02b24
upstream commit
...
fix signed/unsigned errors reported by clang-3.7; add
sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with
better safety checking; feedback and ok markus@
Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820
2016-05-02 20:35:04 +10:00
d2d6bf864e
upstream commit
...
close ControlPersist background process stderr when not
in debug mode or when logging to a file or syslog. bz#1988 ok dtucker
Upstream-ID: 4fb726f0fdcb155ad419913cea10dc4afd409d24
2016-04-29 18:09:02 +10:00
9ee692fa11
upstream commit
...
fix comment
Upstream-ID: 313a385bd7b69a82f8e28ecbaf5789c774457b15
2016-04-29 18:09:02 +10:00
ee1e0a16ff
upstream commit
...
cidr permitted for {allow,deny}users; from lars nooden ok djm
Upstream-ID: 13e7327fe85f6c63f3f7f069e0fdc8c351515d11
2016-04-28 19:55:28 +10:00
b6e0140a5a
upstream commit
...
make argument == NULL tests more consistent
Upstream-ID: dc4816678704aa5cbda3a702e0fa2033ff04581d
2016-04-21 16:30:11 +10:00
6aaabc2b61
upstream commit
...
tweak previous;
Upstream-ID: 46c1bab91c164078edbccd5f7d06b9058edd814f
2016-04-21 16:30:11 +10:00
0f839e5969
upstream commit
...
missing bit of Include regress
Upstream-Regress-ID: 1063595f7f40f8489a1b7a27230b9e8acccea34f
2016-04-15 12:58:35 +10:00
12e4ac46ae
upstream commit
...
remove redundant CLEANFILES section
Upstream-Regress-ID: 29ef1b267fa56daa60a1463396635e7d53afb587
2016-04-15 12:58:09 +10:00
b1d05aa653
upstream commit
...
sync CLEANFILES with portable, sort
Upstream-Regress-ID: cb782f4f1ab3e079efbc335c6b64942f790766ed
2016-04-15 11:16:13 +10:00
35f22dad26
upstream commit
...
regression test for ssh_config Include directive
Upstream-Regress-ID: 46a38c8101f635461c506d1aac2d96af80f97f1e
2016-04-15 11:16:13 +10:00
6b8a1a8700
upstream commit
...
unbreak test for recent ssh de-duplicated forwarding
change
Upstream-Regress-ID: 6b2b115d99acd7cff13986e6739ea214cf2a3da3
2016-04-15 11:16:12 +10:00
0767877024
upstream commit
...
add test knob and warning for StrictModes
Upstream-Regress-ID: 8cd10952ce7898655ee58945904f2a0a3bdf7682
2016-04-15 11:16:12 +10:00
dc7990be86
upstream commit
...
Include directive for ssh_config(5); feedback & ok markus@
Upstream-ID: ae3b76e2e343322b9f74acde6f1e1c5f027d5fff
2016-04-15 11:16:11 +10:00
85bdcd7c92
ignore PAM environment vars when UseLogin=yes
...
If PAM is configured to read user-specified environment variables
and UseLogin=yes in sshd_config, then a hostile local user may
attack /bin/login via LD_PRELOAD or similar environment variables
set via PAM.
CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
2016-04-13 10:44:42 +10:00
dce19bf6e4
upstream commit
...
make private key loading functions consistently handle NULL
key pointer arguments; ok markus@
Upstream-ID: 92038726ef4a338169c35dacc9c5a07fcc7fa761
2016-04-13 10:44:06 +10:00
5f41f030e2
Remove NO_IPPORT_RESERVED_CONCEPT
...
Replace by defining IPPORT_RESERVED to zero on Cygwin, which should have
the same effect without causing problems syncing patches with OpenBSD.
Resync the two affected functions with OpenBSD. ok djm, sanity checked
by Corinna.
2016-04-08 21:21:27 +10:00
34a01b2cf7
upstream commit
...
whitespace at EOL
Upstream-ID: 5beffd4e001515da12851b974e2323ae4aa313b6
2016-04-08 18:21:51 +10:00
90ee563fa6
upstream commit
...
We accidentally send an empty string and a zero uint32 with
every direct-streamlocal@openssh.com channel open, in contravention of our
own spec.
Fixing this is too hard wrt existing versions that expect these
fields to be present and fatal() if they aren't, so document them
as "reserved" fields in the PROTOCOL spec as though we always
intended this and let us never speak of it again.
bz#2529, reported by Ron Frederick
Upstream-ID: 34cd326a4d236ca6e39084c4ff796bd97ab833e7
2016-04-08 17:36:29 +10:00
dtucker@openbsd.org
djm@openbsd.org
Darren Tucker
Tim Rice
Damien Miller
markus@openbsd.org
jmc@openbsd.org