| Age | Commit message (Collapse) | Author |
|---|
|
Commit 5467fbcb removed key.h so stop including it in portable files
too. Fixes builds on lots of platforms.
|
|
OpenBSD-Commit-ID: 0414642ac7ce01d176b9f359091a66a8bbb640bd
|
|
OpenBSD-Commit-ID: f88ba43c9d54ed2d911218aa8d3f6285430629c3
|
|
OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
|
|
OpenBSD-Commit-ID: 9de41468afd75f54a7f47809d2ad664aa577902c
|
|
Fixes build with -Werror on at least Fedora and probably others.
|
|
|
|
|
|
During the change to the new buffer api the third arg to
sshbuf_get_cstring was ommitted. Fixes build when configured with skey.
|
|
|
|
Add VALGRIND_CHECK_LEAKS knob to turn it back on.
|
|
|
|
This time, make sure to not remove things that are necessary for
pre-auth compression on the client. Add a comment that pre-auth
compression is still supported in the client.
ok markus@
OpenBSD-Commit-ID: 282c6fec7201f18a5c333bbb68d9339734d2f784
|
|
|
|
OpenBSD-Commit-ID: 1cdf56fec95801e4563c47f21696f04cd8b60c4c
|
|
OpenBSD-Commit-ID: d1a1852284e554f39525eb4d4891b207cfb3d3a0
|
|
OpenBSD-Commit-ID: 30d7c27a90b4544ad5dfacf654595710cd499f02
|
|
OpenBSD-Commit-ID: 4dfe9d29fa93d9231645c89084f7217304f7ba29
|
|
OpenBSD-Commit-ID: 2dd5dc17cbc23195be4299fa93be2707a0e08ad9
|
|
djm@
OpenBSD-Commit-ID: d89bd02d33974fd35ca0b8940d88572227b34a48
|
|
OpenBSD-Commit-ID: e48449ab4be3f006f7ba33c66241b7d652973e30
|
|
OpenBSD-Commit-ID: 880aa06bce4b140781e836bb56bec34873290641
|
|
OpenBSD-Commit-ID: 72b02017bac7feac48c9dceff8355056bea300bd
|
|
OpenBSD-Commit-ID: f3cb4e54bff15c593602d95cc43e32ee1a4bac42
|
|
OpenBSD-Commit-ID: 5df340c5965e822c9da21e19579d08dea3cbe429
|
|
OpenBSD-Commit-ID: 5948fb98d704f9c4e075b92edda64e0290b5feb2
|
|
OpenBSD-Commit-ID: 60cb0356114acc7625ab85105f6f6a7cd44a8d05
|
|
OpenBSD-Commit-ID: 98cc4e800f1617c51caf59a6cb3006f14492db79
|
|
It turns out we still support pre-auth compression on the client.
Therefore revert the previous two commits:
date: 2018/07/06 09:06:14; author: sf; commitid: yZVYKIRtUZWD9CmE;
Rename COMP_DELAYED to COMP_ZLIB
Only delayed compression is supported nowadays.
ok markus@
date: 2018/07/06 09:05:01; author: sf; commitid: rEGuT5UgI9f6kddP;
Remove leftovers from pre-authentication compression
Support for this has been removed in 2016.
COMP_DELAYED will be renamed in a later commit.
ok markus@
OpenBSD-Commit-ID: cdfef526357e4e1483c86cf599491b2dafb77772
|
|
Only delayed compression is supported nowadays.
ok markus@
OpenBSD-Commit-ID: 5b1dbaf3d9a4085aaa10fec0b7a4364396561821
|
|
Support for this has been removed in 2016.
COMP_DELAYED will be renamed in a later commit.
ok markus@
OpenBSD-Commit-ID: 6a99616c832627157113fcb0cf5a752daf2e6b58
|
|
ok markus@
OpenBSD-Commit-ID: 9d34cf2f59aca5422021ae2857190578187dc2b4
|
|
Do not write to bufsiz until we are sure the malloc has succeeded,
in case any callers rely on it (which they shouldn't). ok djm@
|
|
read_environment_file recently gained an extra argument Some platform
specific code also calls it so add the argument to those too. Fixes
build on Solaris and AIX.
|
|
match_filter_blacklist()
OpenBSD-Regress-ID: 2da342be913efeb51806351af906fab01ba4367f
|
|
PubkeyAcceptedKeyTypes and, by proxy, test kex_assemble_names()
ok markus@
OpenBSD-Regress-ID: 292978902e14d5729aa87e492dd166c842f72736
|
|
goose chasing
OpenBSD-Regress-ID: d469b29ffadd3402c090e21b792d627d46fa5297
|
|
signature work - returns ability to add/remove/specify algorithms by
wildcard.
Algorithm lists are now fully expanded when the server/client configs
are finalised, so errors are reported early and the config dumps
(e.g. "ssh -G ...") now list the actual algorithms selected.
Clarify that, while wildcards are accepted in algorithm lists, they
aren't full pattern-lists that support negation.
(lots of) feedback, ok markus@
OpenBSD-Commit-ID: a8894c5c81f399a002f02ff4fe6b4fa46b1f3207
|
|
OpenBSD-Regress-ID: e5a9b11368ff6d86e7b25ad10ebe43359b471cd4
|
|
|
|
for certs hosted in ssh-agent
OpenBSD-Commit-ID: e5fd5edd726137dda2d020e1cdebc464110a010f
|
|
OpenBSD-Commit-ID: c36981fdf1f3ce04966d3310826a3e1e6233d93e
|
|
for prior version; part of RSA-SHA2 strictification, ok markus@
OpenBSD-Commit-ID: 84a11fc0efd2674c050712336b5093f5d408e32b
|
|
In ssh, when an agent fails to return a RSA-SHA2 signature when
requested and falls back to RSA-SHA1 instead, retry the signature to
ensure that the public key algorithm sent in the SSH_MSG_USERAUTH
matches the one in the signature itself.
In sshd, strictly enforce that the public key algorithm sent in the
SSH_MSG_USERAUTH message matches what appears in the signature.
Make the sshd_config PubkeyAcceptedKeyTypes and
HostbasedAcceptedKeyTypes options control accepted signature algorithms
(previously they selected supported key types). This allows these
options to ban RSA-SHA1 in favour of RSA-SHA2.
Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and
"rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures
with certificate keys.
feedback and ok markus@
OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde
|
|
pattern-list of whitelisted environment variable names in addition to yes|no.
bz#1800, feedback and ok markus@
OpenBSD-Commit-ID: 77dc2b468e0bf04b53f333434ba257008a1fdf24
|
|
when choosing a prime. An extra increment of linenum snuck in as part of the
conversion to getline(). OK djm@ markus@
OpenBSD-Commit-ID: 0019225cb52ed621b71cd9f19ee2e78e57e3dd38
|
|
doesn't seem to mind, but some platforms in -portable object to the second.
OpenBSD-Regress-ID: d6c3e404871764343761dc25c3bbe29c2621ff74
|
|
Add getline for the benefit of platforms that don't have it. Sourced
from NetBSD (OpenBSD's implementation is a little too chummy with the
internals of FILE).
|
|
OpenBSD-Commit-ID: 9276951caf4daf555f6d262e95720e7f79244572
|
|
OpenBSD-Commit-ID: c968c1d29e392352383c0f9681fcc1e93620c4a9
|
