prevent authorized_keys options picked up on public key
tests without a corresponding private key authentication being applied to
other authentication methods. Reported by halex@, ok markus@
Don't make parsing of authorized_keys' environment=
option conditional on PermitUserEnv - always parse it, but only use the
result if the option is enabled. This prevents the syntax of authorized_keys
changing depending on which sshd_config options were enabled.
bz#2329; based on patch from coladict AT gmail.com, ok dtucker@
Remove pattern length argument from match_pattern_list(), we
only ever use it for strlen(pattern).
Prompted by hanno AT hboeck.de pointing an out-of-bound read
error caused by an incorrect pattern length found using AFL
and his own tools.
ok markus@
Add a simple regression test for sshd's configuration
parser. Right now, all it does is run the output of sshd -T back through
itself and ensure the output is valid and invariant.
Blacklist DH-GEX for specific PuTTY versions known to
send non-RFC4419 DH-GEX messages rather than all versions of PuTTY.
According to Simon Tatham, 0.65 and newer versions will send RFC4419 DH-GEX
messages. ok djm@
use the sizeof the struct not the sizeof a pointer to the
struct in ssh_digest_start()
This file is only used if ssh is built with OPENSSL=no
ok markus@
This might help with the reported problem cross compiling for Android
("error: expected identifier or '(' before numeric constant") but
shouldn't hurt in any case.
Document that the TERM environment variable is not
subject to SendEnv and AcceptEnv. bz#2386, based loosely on a patch from
jjelen at redhat, help and ok jmc@
Two small fixes for sshd -T: ListenAddress'es are added
to a list head so reverse the order when printing them to ensure the
behaviour remains the same, and print StreamLocalBindMask as octal with
leading zero. ok deraadt@
use error/logit/fatal instead of fprintf(stderr, ...)
and exit(0), fix a few errors that were being printed to stdout instead of
stderr and a few non-errors that were going to stderr instead of stdout
bz#2325; ok dtucker
This changes configure.ac to look for '${host}-ar' as set by
AC_CANONICAL_HOST before looking for the unprefixed 'ar'.
Useful when cross-compiling when all your binutils are prefixed.
Patch from moben at exherbo org via astrand at lysator liu se and
bz#2352.
djm@openbsd.org
dtucker@openbsd.org
jsg@openbsd.org
Darren Tucker
jmc@openbsd.org
deraadt@openbsd.org
Damien Miller