use HostKeyAlias if specified instead of hostname for
matching host certificate principal names; bz#2728; ok dtucker@
Upstream-ID: dc2e11c83ae9201bbe74872a0c895ae9725536dd
no need to call log_init to reinitialise logged PID in
child sessions, since we haven't called openlog() in log_init() since 1999;
ok markus@
Upstream-ID: 0906e4002af5d83d3d544df75e1187c932a3cf2e
When using the escape sequence &~ the code path is
client_loop() -> client_simple_escape_filter() -> process_escapes() -> fork()
and the pledge for this path lacks the proc promise and therefore aborts the
process. The solution is to just add proc the promise to this specific
pledge.
Reported by Gregoire Jadi gjadi ! omecha.info
Insight with tb@, OK jca@
Upstream-ID: 63c05e30c28209519f476023b65b0b1b0387a05b
Add user@host prefix to client's "Permisison denied"
messages, useful in particular when using "stacked" connections where it's
not clear which host is denying. bz#2720, ok djm@ markus@
Upstream-ID: de88e1e9dcb050c98e85377482d1287a9fe0d2be
Do not require that unknown EXT_INFO extension values not
contain \0 characters. This would cause fatal connection errors if an
implementation sent e.g. string-encoded sub-values inside a value.
Reported by Denis Bider; ok markus@
Upstream-ID: 030e10fdc605563c040244c4b4f1d8ae75811a5c
Include replacement timespeccmp() for systems that lack it.
Support time_t struct stat->st_mtime in addition to
timespec stat->st_mtim, as well as unsorted fallback.
print '?' instead of incorrect link count (that the
protocol doesn't provide) for remote listings. bz#2710 ok dtucker@
Upstream-ID: c611f98a66302cea452ef10f13fff8cf0385242e
return failure rather than fatal() for more cases during
mux negotiations. Causes the session to fall back to a non-mux connection if
they occur. bz#2707 ok dtucker@
Upstream-ID: d2a7892f464d434e1f615334a1c9d0cdb83b29ab
in description of public key authentication, mention that
the server will send debug messages to the client for some error conditions
after authentication has completed. bz#2709 ok dtucker
Upstream-ID: 750127dbd58c5a2672c2d28bc35fe221fcc8d1dd
better translate libcrypto errors by looking deeper in
the accursed error stack for codes that indicate the wrong passphrase was
supplied for a PEM key. bz#2699 ok dtucker@
Upstream-ID: 4da4286326d570f4f0489459bb71f6297e54b681
Fix compression output stats broken in rev 1.201. Patch
originally by Russell Coker via Debian bug #797964 and Christoph Biedl. ok
djm@
Upstream-ID: 83a1903b95ec2e4ed100703debb4b4a313b01016
rationalise the long list of manual CDIAGFLAGS that we
add; most of these were redundant to -Wall -Wextra
Upstream-ID: ea80f445e819719ccdcb237022cacfac990fdc5c
make sure we don't pass a NULL string to vfprintf
(triggered by the principals-command regress test); ok bluhm
Upstream-ID: eb49854f274ab37a0b57056a6af379a0b7111990
Switch to recallocarray() for a few operations. Both
growth and shrinkage are handled safely, and there also is no need for
preallocation dances. Future changes in this area will be less error prone.
Review and one bug found by markus
Upstream-ID: 822d664d6a5a1d10eccb23acdd53578a679d5065
spell out that custom options/extensions should follow the
usual SSH naming rules, e.g. "extension@example.com"
Upstream-ID: ab326666d2fad40769ec96b5a6de4015ffd97b8d
Add RemoteCommand option to specify a command in the
ssh config file instead of giving it on the client's command line. This
command will be executed on the remote host. The feature allows to automate
tasks using ssh config. OK markus@
Upstream-ID: 5d982fc17adea373a9c68cae1021ce0a0904a5ee
jmc@openbsd.org
djm@openbsd.org
mestre@openbsd.org
dtucker@openbsd.org
Damien Miller
Darren Tucker
markus@openbsd.org
deraadt@openbsd.org
bluhm@openbsd.org