Age | Commit message (Collapse) | Author |
|
Make WinSCP patterns for SSH_OLD_DHGEX more specific to
exclude WinSCP 5.10.x and up. bz#2748, from martin at winscp.net, ok djm@
Upstream-ID: 6fd7c32e99af3952db007aa180e73142ddbc741a
|
|
g/c unused variable; make a little more portable
Upstream-ID: 3f5980481551cb823c6fb2858900f93fa9217dea
|
|
Allow IPQoS=none in ssh/sshd to not set an explicit
ToS/DSCP value and just use the operating system default; ok dtucker@
Upstream-ID: 77906ff8c7b660b02ba7cb1e47b17d66f54f1f7e
|
|
|
|
fix support for unknown key types; ok djm@
Upstream-ID: 53fb29394ed04d616d65b3748dee5aa06b07ab48
|
|
switch from select() to poll() for the ssh-agent
mainloop; ok markus
Upstream-ID: 4a94888ee67b3fd948fd10693973beb12f802448
|
|
Make ""Killed by signal 1" LogLevel verbose so it's not
shown at the default level. Prevents it from appearing during ssh -J and
equivalent ProxyCommand configs. bz#1906, bz#2744, feedback&ok markus@
Upstream-ID: debfaa7e859b272246c2f2633335d288d2e2ae28
|
|
man pages with pseudo synopses which list filenames end
up creating very ugly output in man -k; after some discussion with ingo, we
feel the simplest fix is to remove such SYNOPSIS sections: the info is hardly
helpful at page top, is contained already in FILES, and there are
sufficiently few that just zapping them is simple;
ok schwarze, who also helpfully ran things through a build to check
output;
Upstream-ID: 3e211b99457e2f4c925c5927d608e6f97431336c
|
|
zap redundant Makefile variables. okay djm@
Upstream-ID: e39b3902fe1d6c4a7ba6a3c58e072219f3c1e604
|
|
slightly rework previous, to avoid an article issue;
Upstream-ID: 15a315f0460ddd3d4e2ade1f16d6c640a8c41b30
|
|
When generating all hostkeys (ssh-keygen -A), clobber
existing keys if they exist but are zero length. zero-length keys could
previously be made if ssh-keygen failed part way through generating them, so
avoid that case too. bz#2561 reported by Krzysztof Cieplucha; ok dtucker@
Upstream-ID: f662201c28ab8e1f086b5d43c59cddab5ade4044
|
|
actually remove these files
Upstream-ID: 1bd41cba06a7752de4df304305a8153ebfb6b0ac
|
|
remove post-SSHv1 removal dead code from rsa.c and merge
the remaining bit that it still used into ssh-rsa.c; ok markus
Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f
|
|
|
|
UnixWare needs BROKEN_TCGETATTR_ICANON like Solaris
Analysis by Robbie Zhang
|
|
|
|
Only call close once in confree(). ssh_packet_close will
close the FD so only explicitly close non-SSH channels. bz#2734, from
bagajjal at microsoft.com, ok djm@
Upstream-ID: a81ce0c8b023527167739fccf1732b154718ab02
|
|
|
|
Allow ssh-keygen to use a key held in ssh-agent as a CA when
signing certificates. bz#2377 ok markus
Upstream-ID: fb42e920b592edcbb5b50465739a867c09329c8f
|
|
regress test for ExposeAuthInfo
Upstream-Regress-ID: 190e5b6866376f4061c411ab157ca4d4e7ae86fd
|
|
correct env var name
Upstream-ID: 721e761c2b1d6a4dcf700179f16fd53a1dadb313
|
|
spelling;
Upstream-ID: 606f933c8e2d0be902ea663946bc15e3eee40b25
|
|
don't pass pointer to struct sshcipher between privsep
processes, just redo the lookup in each using the already-passed cipher name.
bz#2704 based on patch from Brooks Davis; ok markus dtucker
Upstream-ID: 2eab434c09bdf549dafd7da3e32a0d2d540adbe0
|
|
refactor authentication logging
optionally record successful auth methods and public credentials
used in a file accessible to user sessions
feedback and ok markus@
Upstream-ID: 090b93036967015717b9a54fd0467875ae9d32fb
|
|
word fix;
Upstream-ID: 8539bdaf2366603a34a9b2f034527ca13bb795c5
|
|
switch sshconnect.c from (slightly abused) select() to
poll(); ok deraadt@ a while back
Upstream-ID: efc1937fc591bbe70ac9e9542bb984f354c8c175
|
|
use HostKeyAlias if specified instead of hostname for
matching host certificate principal names; bz#2728; ok dtucker@
Upstream-ID: dc2e11c83ae9201bbe74872a0c895ae9725536dd
|
|
no need to call log_init to reinitialise logged PID in
child sessions, since we haven't called openlog() in log_init() since 1999;
ok markus@
Upstream-ID: 0906e4002af5d83d3d544df75e1187c932a3cf2e
|
|
When using the escape sequence &~ the code path is
client_loop() -> client_simple_escape_filter() -> process_escapes() -> fork()
and the pledge for this path lacks the proc promise and therefore aborts the
process. The solution is to just add proc the promise to this specific
pledge.
Reported by Gregoire Jadi gjadi ! omecha.info
Insight with tb@, OK jca@
Upstream-ID: 63c05e30c28209519f476023b65b0b1b0387a05b
|
|
Import regenerated moduli.
Upstream-ID: b25bf747544265b39af74fe0716dc8d9f5b63b95
|
|
Run the screen twice so we end up with more candidate
groups. ok djm@
Upstream-ID: b92c93266d8234d493857bb822260dacf4366157
|
|
Add user@host prefix to client's "Permisison denied"
messages, useful in particular when using "stacked" connections where it's
not clear which host is denying. bz#2720, ok djm@ markus@
Upstream-ID: de88e1e9dcb050c98e85377482d1287a9fe0d2be
|
|
Do not require that unknown EXT_INFO extension values not
contain \0 characters. This would cause fatal connection errors if an
implementation sent e.g. string-encoded sub-values inside a value.
Reported by Denis Bider; ok markus@
Upstream-ID: 030e10fdc605563c040244c4b4f1d8ae75811a5c
|
|
missing prototype.
Upstream-ID: f443d2be9910fd2165a0667956d03343c46f66c9
|
|
Include replacement timespeccmp() for systems that lack it.
Support time_t struct stat->st_mtime in addition to
timespec stat->st_mtim, as well as unsorted fallback.
|
|
print '?' instead of incorrect link count (that the
protocol doesn't provide) for remote listings. bz#2710 ok dtucker@
Upstream-ID: c611f98a66302cea452ef10f13fff8cf0385242e
|
|
implement sorting for globbed ls; bz#2649 ok dtucker@
Upstream-ID: ed3110f351cc9703411bf847ba864041fb7216a8
|
|
return failure rather than fatal() for more cases during
mux negotiations. Causes the session to fall back to a non-mux connection if
they occur. bz#2707 ok dtucker@
Upstream-ID: d2a7892f464d434e1f615334a1c9d0cdb83b29ab
|
|
in description of public key authentication, mention that
the server will send debug messages to the client for some error conditions
after authentication has completed. bz#2709 ok dtucker
Upstream-ID: 750127dbd58c5a2672c2d28bc35fe221fcc8d1dd
|
|
better translate libcrypto errors by looking deeper in
the accursed error stack for codes that indicate the wrong passphrase was
supplied for a PEM key. bz#2699 ok dtucker@
Upstream-ID: 4da4286326d570f4f0489459bb71f6297e54b681
|
|
Add comments referring to the relevant RFC sections for
rekeying behaviour.
Upstream-ID: 6fc8e82485757a27633f9175ad00468f49a07d40
|
|
Drop PRIV_DAX_ACCESS and PRIV_SYS_IB_INFO.
Patch from huieying.lee AT oracle.com via bz#2723
|
|
|
|
unbreak after sshv1 purge
Upstream-Regress-ID: 8ea01a92d5f571b9fba88c1463a4254a7552d51b
|
|
Fix compression output stats broken in rev 1.201. Patch
originally by Russell Coker via Debian bug #797964 and Christoph Biedl. ok
djm@
Upstream-ID: 83a1903b95ec2e4ed100703debb4b4a313b01016
|
|
rationalise the long list of manual CDIAGFLAGS that we
add; most of these were redundant to -Wall -Wextra
Upstream-ID: ea80f445e819719ccdcb237022cacfac990fdc5c
|
|
no need to bzero allocated space now that we use use
recallocarray; ok deraadt@
Upstream-ID: 53333c62ccf97de60b8cb570608c1ba5ca5803c8
|
|
unconditionally zero init size of buffer; ok markus@
deraadt@
Upstream-ID: 218963e846d8f26763ba25afe79294547b99da29
|
|
|
|
some warnings spotted by clang; ok markus@
Upstream-ID: 24381d68ca249c5cee4388ceb0f383fa5b43991b
|