Age | Commit message (Collapse) | Author |
|
remove SSHv1 support from packet and buffer APIs
ok markus@
Upstream-ID: bfc290053d40b806ecac46317d300677d80e1dc9
|
|
remove SSHv1-related buffers from client code
Upstream-ID: dca5d01108f891861ceaf7ba1c0f2eb274e0c7dd
|
|
remove KEY_RSA1
ok markus@
Upstream-ID: 7408517b077c892a86b581e19f82a163069bf133
|
|
remove SSHv1 configuration options and man pages bits
ok markus@
Upstream-ID: 84638c23546c056727b7a7d653c72574e0f19424
|
|
remove SSH1 make flag and associated files ok markus@
Upstream-ID: ba9feacc5787337c413db7cf26ea3d53f854cfef
|
|
remove SSHv1 ciphers; ok markus@
Upstream-ID: e5ebc5e540d7f23a8c1266db1839794d4d177890
|
|
remove compat20/compat13/compat15 variables
ok markus@
Upstream-ID: 43802c035ceb3fef6c50c400e4ecabf12354691c
|
|
remove options.protocol and client Protocol
configuration knob
ok markus@
Upstream-ID: 5a967f5d06e2d004b0235457b6de3a9a314e9366
|
|
unifdef WITH_SSH1 ok markus@
Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7
|
|
tweak previous;
Upstream-ID: a3abc6857455299aa42a046d232b7984568bceb9
|
|
allow ssh-keygen to include arbitrary string or flag
certificate extensions and critical options. ok markus@ dtucker@
Upstream-ID: 2cf28dd6c5489eb9fc136e0b667ac3ea10241646
|
|
sort;
Upstream-ID: 7e6b56e52b039cf44d0418e9de9aca20a2d2d15a
|
|
Upstream-Regress-ID: 1e6b51ddf767cbad0a4e63eb08026c127e654308
|
|
Upstream-Regress-ID: 30c20180c87cbc99fa1020489fe7fd8245b6420c
Upstream-Regress-ID: 1e6b51ddf767cbad0a4e63eb08026c127e654308
|
|
Merge missing bits from Colin Watson's patch in bz#2658 which make integrity
tests more robust against timeouts. ok djm@
|
|
|
|
Change COMPILER_VERSION tests which limited additional
warnings to gcc4 to instead skip them on gcc3 as clang can handle
-Wpointer-sign and -Wold-style-definition.
Upstream-Regress-ID: e48d7dc13e48d9334b8195ef884dfbc51316012f
|
|
include key fingerprint in "Offering public key" debug
message
Upstream-ID: 964749f820c2ed4cf6a866268b1a05e907315c52
|
|
Avoid relying on implementation-specific behavior when
detecting whether the timestamp or file size overflowed. If time_t and off_t
are not either 32-bit or 64-bit scp will exit with an error. OK djm@
Upstream-ID: f31caae73ddab6df496b7bbbf7da431e267ad135
|
|
Add SyslogFacility option to ssh(1) matching the
equivalent option in sshd(8). bz#2705, patch from erahn at arista.com, ok
djm@
Upstream-ID: d5115c2c0193ceb056ed857813b2a7222abda9ed
|
|
remove a static array unused since rev 1.306 spotted by
clang ok djm@
Upstream-ID: 249b3eed2446f6074ba2219ccc46919dd235a7b8
|
|
Avoid potential signed int overflow when parsing the file
size. Use strtoul() instead of parsing manually. OK djm@
Upstream-ID: 1f82640861c7d905bbb05e7d935d46b0419ced02
|
|
Pointed out by jjelen at redhat.com.
|
|
OpenSSL is using socket() calls (in FIPS mode) when handling ECDSA keys
in privsep child. The socket() syscall is already denied in the seccomp
filter, but in ppc64le kernel, it is implemented using socketcall()
syscall, which is not denied yet (only SYS_SHUTDOWN is allowed) and
therefore fails hard.
Patch from jjelen at redhat.com.
|
|
Recognize nl_langinfo(CODESET) return values "646" and ""
as aliases for "US-ASCII", useful for different versions of NetBSD and
Solaris. Found by dtucker@ and by Tom G. Christensen <tgc at jupiterrise dot
com>. OK dtucker@ deraadt@
Upstream-ID: 38c2133817cbcae75c88c63599ac54228f0fa384
|
|
Change COMPILER_VERSION tests which limited additional
warnings to gcc4 to instead skip them on gcc3 as clang can handle
-Wpointer-sign and -Wold-style-definition.
Upstream-ID: 5cbe348aa76dc1adf55be6c0e388fafaa945439a
|
|
disallow creation (of empty files) in read-only mode;
reported by Michal Zalewski, feedback & ok deraadt@
Upstream-ID: 5d9c8f2fa8511d4ecf95322994ffe73e9283899b
|
|
incorrect renditions of this quote bother me
Upstream-ID: 1662be3ebb7a71d543da088119c31d4d463a9e49
|
|
Speeds up configure and build by a couple of percent. ok djm@
|
|
Fix overly-conservative overflow checks on mulitplications and add checks
on additions. This allows scan_scaled to work up to +/-LLONG_MAX (LLONG_MIN
will still be flagged as a range error). ok millert@
|
|
Collapse underflow and overflow checks into a single block.
ok djm@ millert@
|
|
Catch integer underflow in scan_scaled reported by Nicolas Iooss.
ok deraadt@ djm@
|
|
If running with privsep (mandatory now) as a non-privileged user, we
don't chroot or change to an unprivileged user however we still checked
the existence of the user and directory. Don't do those checks if we're
not going to use them. Based in part on a patch from Lionel Fourquaux
via Corinna Vinschen, ok djm@
|
|
All supported versions of OpenSSL should now have SHA256 so remove our
EVP wrapper implementaion. ok djm@
|
|
We no longer support OpenSSL < 1.0.1 so remove check for unreliable ECC
in OpenSSL < 0.9.8g.
|
|
Resyncs that code with OpenBSD upstream.
|
|
Server-side support for Protocol 1 has been removed so remove !compat20
PAM code path.
|
|
Actually enable ldns when attempting to use ldns-config. bz#2697, patch
from fredrik at fornwall.net.
|
|
Patch from Jakub Jelen
|
|
remove /usr/bin/time calls around tests, makes diffing test
runs harder. Based on patch from Mike Frysinger
Upstream-Regress-ID: 81c1083b14dcf473b23d2817882f40b346ebc95c
|
|
Patch from Mike Frysinger
|
|
|
|
|
|
openssh-7.5
Upstream-ID: b8b9a4a949427c393cd868215e1724ceb3467ee5
|
|
Unbreak obvious syntax error.
|
|
Pointed out by Jann Horn of Google Project Zero
|
|
Used by NetBSD; this unbreaks mprintf() and friends there for the C
locale (caught by dtucker@ and his menagerie of test systems).
|
|
Creating the socket in $OBJ could blow past the (quite limited)
path limit for Unix domain sockets. As a bandaid for bz#2660,
reported by Colin Watson; ok dtucker@
|
|
disallow KEXINIT before NEWKEYS; ok djm; report by
vegard.nossum at oracle.com
Upstream-ID: 3668852d1f145050e62f1da08917de34cb0c5234
|
|
|