summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-03-14upstream: when downloading FIDO2 resident keys from a token, don'tdjm@openbsd.org
prompt for a PIN until the token has told us that it needs one. Avoids double-prompting on devices that implement on-device authentication (e.g. a touchscreen PIN pad on the Trezor Model T). ok dtucker@ OpenBSD-Commit-ID: 38b78903dd4422d7d3204095a31692fb69130817
2020-03-13sync fnmatch.c with upstream to fix another typoDamien Miller
2020-03-13another spelling error in commentDamien Miller
2020-03-13spelling mistakesDamien Miller
from https://fossies.org/linux/misc/openssh-8.2p1.tar.gz/codespell.html
2020-03-13upstream: fix relative includes in sshd_config; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: fa29b0da3c93cbc3a1d4c6bcd58af43c00ffeb5b
2020-03-13upstream: fix use-after-free in do_download_sk; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 96b49623d297797d4fc069f1f09e13c8811f8863
2020-03-13upstream: do not leak oprincipals; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 4691d9387eab36f8fda48f5d8009756ed13a7c4c
2020-03-13upstream: initialize seconds for debug message; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 293fbefe6d00b4812a180ba02e26170e4c855b81
2020-03-13upstream: correct return code; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 319d09e3b7f4b2bc920c67244d9ff6426b744810
2020-03-13upstream: principalsp is optional, pubkey required; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 2cc3ea5018c28ed97edaccd7f17d2cc796f01024
2020-03-13upstream: remove unused variables in ssh-pkcs11-helper; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 13e572846d0d1b28f1251ddd2165e9cf18135ae1
2020-03-13upstream: return correct error in sshsk_ed25519_sig; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 52bf733df220303c260fee4f165ec64b4a977625
2020-03-13upstream: fix possible null-deref in check_key_not_revoked; okmarkus@openbsd.org
djm OpenBSD-Commit-ID: 80855e9d7af42bb6fcc16c074ba69876bfe5e3bf
2020-03-13upstream: ssh_fetch_identitylist() returns the return value frommarkus@openbsd.org
ssh_request_reply() so we should also check against != 0 ok djm OpenBSD-Commit-ID: 28d0028769d03e665688c61bb5fd943e18614952
2020-03-13upstream: sshkey_cert_check_authority requires reason to be set;markus@openbsd.org
ok djm OpenBSD-Commit-ID: 6f7a6f19540ed5749763c2f9530c0897c94aa552
2020-03-13upstream: passphrase depends on kdfname, not ciphername (possiblemarkus@openbsd.org
null-deref); ok djm OpenBSD-Commit-ID: 0d39668edf5e790b5837df4926ee1141cec5471c
2020-03-13upstream: consistently check packet_timeout_ms against 0; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: e8fb8cb2c96c980f075069302534eaf830929928
2020-03-13upstream: initialize cname in case ai_canonname is NULL or toomarkus@openbsd.org
long; ok djm OpenBSD-Commit-ID: c27984636fdb1035d1642283664193e91aab6e37
2020-03-13upstream: fix uninitialized pointers for forward_cancel; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 612778e6d87ee865d0ba97d0a335f141cee1aa37
2020-03-13upstream: exit on parse failures in input_service_request; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 6a7e1bfded26051d5aa893c030229b1ee6a0d5d2
2020-03-13upstream: fix null-deref on calloc failure; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: a313519579b392076b7831ec022dfdefbec8724a
2020-03-13upstream: exit if ssh_krl_revoke_key_sha256 fails; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 0864ad4fe8bf28ab21fd1df766e0365c11bbc0dc
2020-03-13upstream: pkcs11_register_provider: return < 0 on error; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: cfc8321315b787e4d40da4bdb2cbabd4154b0d97
2020-03-13upstream: sshsig: return correct error, fix null-deref; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 1d1af7cd538b8b23e621cf7ab84f11e7a923edcd
2020-03-13upstream: vasnmprintf allocates str and returns -1; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: dae4c9e83d88471bf3b3f89e3da7a107b44df11c
2020-03-13upstream: sshpkt_fatal() does not return; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 7dfe847e28bd78208eb227b37f29f4a2a0929929
2020-02-28upstream: no-touch-required certificate option should be andjm@openbsd.org
extension, not a critical option. OpenBSD-Commit-ID: 626b22c5feb7be8a645e4b9a9bef89893b88600d
2020-02-28upstream: better error message when trying to use a FIDO keydjm@openbsd.org
function and SecurityKeyProvider is empty OpenBSD-Commit-ID: e56602c2ee8c82f835d30e4dc8ee2e4a7896be24
2020-02-28upstream: Drop leading space from line count that was confusingdtucker@openbsd.org
ssh-keygen's screen mode. OpenBSD-Commit-ID: 3bcae7a754db3fc5ad3cab63dd46774edb35b8ae
2020-02-28upstream: change explicit_bzero();free() to freezero()jsg@openbsd.org
While freezero() returns early if the pointer is NULL the tests for NULL in callers are left to avoid warnings about passing an uninitialised size argument across a function boundry. ok deraadt@ djm@ OpenBSD-Commit-ID: 2660fa334fcc7cd05ec74dd99cb036f9ade6384a
2020-02-26upstream: Have sftp reject "-1" in the same way as ssh(1) anddtucker@openbsd.org
scp(1) do instead of accepting and silently ignoring it since protocol 1 support has been removed. Spotted by shivakumar2696 at gmail.com, ok deraadt@ OpenBSD-Commit-ID: b79f95559a1c993214f4ec9ae3c34caa87e9d5de
2020-02-26upstream: Remove obsolete XXX comment. ok deraadt@dtucker@openbsd.org
OpenBSD-Commit-ID: bc462cc843947feea26a2e21c750b3a7469ff01b
2020-02-26releasing package openssh version 1:8.2p1-4Colin Watson
2020-02-26Install ssh-sk-helper even on non-Linux architecturesColin Watson
It will need an external middleware library in those cases.
2020-02-24Add /etc/ssh/sshd_config.d/ to openssh-serverColin Watson
Closes: #952427
2020-02-24Add /etc/ssh/ssh_config.d/ to openssh-clientColin Watson
2020-02-24upstream: Fix typo. Patch from itoama at live.jp via github PR#173.dtucker@openbsd.org
OpenBSD-Commit-ID: 5cdaafab38bbdea0d07e24777d00bfe6f972568a
2020-02-23releasing package openssh version 1:8.2p1-3Colin Watson
2020-02-23Reupload with -saColin Watson
This works around confusion with 1:8.2p1-1 being in NEW: dgit left out the .orig from the .changes, but dak then complains that "openssh_8.2p1.orig.tar.gz is only available in NEW".
2020-02-23releasing package openssh version 1:8.2p1-2Colin Watson
2020-02-23Move ssh-sk-helper into openssh-clientColin Watson
... rather than shipping it in a separate package. The extra library dependencies are pretty small, so it doesn't seem worth bloating the Packages file. Suggested by Bastian Blank.
2020-02-22Switch %define to %global for redhat/openssh.specNico Kadel-Garcia
2020-02-21releasing package openssh version 1:8.2p1-1Colin Watson
2020-02-21Update md5sum threshold in changelogColin Watson
2020-02-21openssh-tests Depends: openssh-sk-helperColin Watson
2020-02-21Fix typoColin Watson
2020-02-21Include /etc/ssh/*_config.d/*.confColin Watson
Include /etc/ssh/ssh_config.d/*.conf from /etc/ssh/ssh_config and /etc/ssh/sshd_config.d/*.conf from /etc/ssh/sshd_config. Closes: #845315
2020-02-21Revert "upstream: Update default IPQoS in ssh(1), sshd(8) to DSCP AF21 for"Colin Watson
This reverts commit 5ee8448ad7c306f05a9f56769f95336a8269f379. The IPQoS default changes have some unfortunate interactions with iptables (see https://bugs.debian.org/923880) and VMware, so I'm temporarily reverting them until those have been fixed. Bug-Debian: https://bugs.debian.org/923879 Bug-Debian: https://bugs.debian.org/926229 Bug-Ubuntu: https://bugs.launchpad.net/bugs/1822370 Last-Update: 2019-04-08 Patch-Name: revert-ipqos-defaults.patch
2020-02-21Work around conch interoperability failureColin Watson
Twisted Conch fails to read private keys in the new format (https://twistedmatrix.com/trac/ticket/9515). Work around this until it can be fixed in Twisted. Forwarded: not-needed Last-Update: 2019-10-09 Patch-Name: conch-old-privkey-format.patch
2020-02-21Restore reading authorized_keys2 by defaultColin Watson
Upstream seems to intend to gradually phase this out, so don't assume that this will remain the default forever. However, we were late in adopting the upstream sshd_config changes, so it makes sense to extend the grace period. Bug-Debian: https://bugs.debian.org/852320 Forwarded: not-needed Last-Update: 2017-03-05 Patch-Name: restore-authorized_keys2.patch
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-22 13:39:03 +0000