| Age | Commit message (Collapse) | Author |
|---|
|
fix regression in 7.4 server-sig-algs, where we were
accidentally excluding SHA2 RSA signature methods. bz#2680, patch from Nuno
Goncalves; ok dtucker@
Upstream-ID: 81ac8bfb30960447740b9b8f6a214dcf322f12e8
|
|
Check for NULL return value from key_new. Patch from
jjelen at redhat.com via bz#2687, ok djm@
Upstream-ID: 059e33cd43cba88dc8caf0b1936fd4dd88fd5b8e
|
|
reword a comment to make it fit 80 columns
Upstream-ID: b4b48b4487c0821d16e812c40c9b09f03b28e349
|
|
Check for NULL argument to sshkey_read. Patch from
jjelen at redhat.com via bz#2687, ok djm@
Upstream-ID: c2d00c2ea50c4861d271d0a586f925cc64a87e0e
|
|
Plug some mem leaks mostly on error paths. From jjelen
at redhat.com via bz#2687, ok djm@
Upstream-ID: 3fb030149598957a51b7c8beb32bf92cf30c96f2
|
|
Plug mem leak on GLOB_NOMATCH case. From jjelen at
redhat.com via bz#2687, ok djm@
Upstream-ID: 8016a7ae97719d3aa55fb723fc2ad3200058340d
|
|
Plug descriptor leaks of auth_sock. From jjelen at
redhat.com via bz#2687, ok djm@
Upstream-ID: 248acb99a5ed2fdca37d1aa33c0fcee7be286d88
|
|
correctly hash hosts with a port number. Reported by Josh
Powers in bz#2692; ok dtucker@
Upstream-ID: 468e357ff143e00acc05bdd2803a696b3d4b6442
|
|
don't truncate off \r\n from long stderr lines; bz#2688,
reported by Brian Dyson; ok dtucker@
Upstream-ID: cdfdc4ba90639af807397ce996153c88af046ca4
|
|
Validate digest arg in ssh_digest_final; from jjelen at
redhat.com via bz#2687, ok djm@
Upstream-ID: dbe5494dfddfe523fab341a3dab5a79e7338f878
|
|
Part of bz#2687, from jjelen at redhat.com.
|
|
Check for socket with and without screen number. From Apple and Jakob
Schlyter via bz#2341, with contributions from Ron Frederick, ok djm@
|
|
quote [host]:port in generated ProxyJump commandline; the
[ / ] characters can confuse some shells (e.g. zsh). Reported by Lauri
Tirkkonen via bugs@
Upstream-ID: 65cdd161460e1351c3d778e974c1c2a4fa4bc182
|
|
Check l->hosts before dereferencing; fixes potential null
pointer deref. ok djm@
Upstream-ID: 81c0327c6ec361da794b5c680601195cc23d1301
|
|
linenum is unsigned long so use %lu in log formats. ok
deraadt@
Upstream-ID: 9dc582d9bb887ebe0164e030d619fc20b1a4ea08
|
|
fix ssh-keygen -H accidentally corrupting known_hosts that
contained already-hashed entries. HKF_MATCH_HOST_HASHED is only set by
hostkeys_foreach() when hostname matching is in use, so we need to look for
the hash marker explicitly.
Upstream-ID: da82ad653b93e8a753580d3cf5cd448bc2520528
|
|
small memleak: free fd_set on connection timeout (though
we are heading to exit anyway). From Tom Rix in bz#2683
Upstream-ID: 10e3dadbb8199845b66581473711642d9e6741c4
|
|
errant dot; from klemens nanni
Upstream-ID: 83d93366a5acf47047298c5d3ebc5e7426f37921
|
|
might as well set the listener socket CLOEXEC
Upstream-ID: 9c538433d6a0ca79f5f21decc5620e46fb68ab57
|
|
add test cases for C locale; ok schwarze@
Upstream-Regress-ID: 783d75de35fbc923d46e2a5e6cee30f8f381ba87
|
|
Add a common nl_langinfo(CODESET) alias for US-ASCII
"ANSI_X3.4-1968" that is used by Linux. Fixes mprintf output truncation for
non-UTF-8 locales on Linux spotted by dtucker@; ok deraadt@ schwarze@
Upstream-ID: c6808956ebffd64066f9075d839f74ff0dd60719
|
|
Remove deprecated SSH1 options RSAAuthentication and
RhostsRSAAuthentication from regression test sshd_config.
Upstream-Regress-ID: 8066b753d9dce7cf02ff87af5c727ff680d99491
|
|
Do not show rsa1 key type in usage when compiled without
SSH1 support.
Upstream-ID: 068b5c41357a02f319957746fa4e84ea73960f57
|
|
ifdef out "rsa1" from the list of supported keytypes when
compiled without SSH1 support. Found by kdunlop at guralp.com, ok djm@
Upstream-ID: cea93a26433d235bb1d64b1d990f19a9c160a70f
|
|
For ProxyJump/-J, surround host name with brackets to
allow literal IPv6 addresses. From Dick Visser; ok dtucker@
Upstream-ID: 3a5d3b0171250daf6a5235e91bce09c1d5746bf1
|
|
Fix memory leaks in match_filter_list() error paths.
ok dtucker@ markus@
Upstream-ID: c7f96ac0877f6dc9188bbc908100a8d246cc7f0e
|
|
fix division by zero crash in "df" output when server
returns zero total filesystem blocks/inodes. Spotted by Guido Vranken; ok
dtucker@
Upstream-ID: 6fb6c2ae6b289aa07b6232dbc0be54682ef5419f
|
|
EVP_R_PRIVATE_KEY_DECODE_ERROR was added in OpenSSL 1.0.0 so ifdef out
for the benefit of OpenSSL versions prior to that.
|
|
bring back r1.34 that was backed out for problems loading
public keys:
translate OpenSSL error codes to something more
meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@
with additional fix from Jakub Jelen to solve the backout.
bz#2525 bz#2523 re-ok dtucker@
Upstream-ID: a9d5bc0306f4473d9b4f4484f880e95f3c1cc031
|
|
Sanitise escape sequences in key comments sent to printf
but preserve valid UTF-8 when the locale supports it; bz#2520 ok dtucker@
Upstream-ID: e8eed28712ba7b22d49be534237eed019875bd1e
|
|
Avoid printf %s NULL. From semarie@, OK djm@
Upstream-ID: 06beef7344da0208efa9275d504d60d2a5b9266c
|
|
Restore \r\n newline sequence for server ident string. The CR
got lost in the flensing of SSHv1. Pointed out by Stef Bon
Upstream-ID: 5333fd43ce5396bf5999496096fac5536e678fac
|
|
unit test for match_filter_list() function; still want a
better name for this...
Upstream-Regress-ID: 840ad6118552c35111f0a897af9c8d93ab8de92a
|
|
use ssh_packet_set_log_preamble() to include connection
username in packet log messages, e.g.
Connection closed by invalid user foo 10.1.1.1 port 44056 [preauth]
ok markus@ bz#113
Upstream-ID: 3591b88bdb5416d6066fb3d49d8fff2375bf1a15
|
|
add ssh_packet_set_log_preamble() to allow inclusion of a
preamble string in disconnect messages; ok markus@
Upstream-ID: 34cb41182cd76d414c214ccb01c01707849afead
|
|
support =- for removing methods from algorithms lists,
e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671 "I like
it" markus@
Upstream-ID: c78c38f9f81a963b33d0eade559f6048add24a6d
|
|
allow form-feed characters at EOL; bz#2431 ok dtucker@
Upstream-ID: 1f453afaba6da2ae69d6afdf1ae79a917552f1a2
|
|
Should fix bz#2603 - "Build with ldns and without kerberos support
fails if ldns compiled with kerberos support" by including correct
cflags/libs
ok dtucker@
|
|
Make ssh_packet_set_rekey_limits take u32 for the number of
seconds until rekeying (negative values are rejected at config parse time).
This allows the removal of some casts and a signed vs unsigned comparison
warning.
rekey_time is cast to int64 for the comparison which is a no-op
on OpenBSD, but should also do the right thing in -portable on
anything still using 32bit time_t (until the system time actually
wraps, anyway).
some early guidance deraadt@, ok djm@
Upstream-ID: c9f18613afb994a07e7622eb326f49de3d123b6c
|
|
In vasnmprintf() return an error if malloc fails and
don't set a function argument to the address of free'd memory.
ok djm@
Upstream-ID: 1efffffff2f51d53c9141f245b90ac23d33b9779
|
|
Return true reason for port forwarding failures where
feasible rather than always "administratively prohibited". bz#2674, ok djm@
Upstream-ID: d901d9887951774e604ca970e1827afaaef9e419
|
|
Small correction to the known_hosts section on when it is
updated. Patch from lkppo at free.fr some time ago, pointed out by smallm at
sdf.org
Upstream-ID: 1834d7af179dea1a12ad2137f84566664af225d5
|
|
Having _XOPEN_SOURCE unconditionally causes problems on some platforms
and configurations, notably Solaris 64-bit binaries. It was there for
the benefit of Linux put the required bits in the *-*linux* section.
Patch from yvoinov at gmail.com.
|
|
fully unbreak: some $SSH invocations did not have -F
specified and could pick up the ~/.ssh/config of the user running the tests
Upstream-Regress-ID: f362d1892c0d3e66212d5d3fc02d915c58ef6b89
|
|
partially unbreak: was not specifying hostname on some
$SSH invocations
Upstream-Regress-ID: bc8a5e98e57bad0a92ef4f34ed91c1d18294e2cc
|
|
revise keys/principals command hang fix (bz#2655) to
consume entire output, avoiding sending SIGPIPE to subprocesses early; ok
dtucker@
Upstream-ID: 7cb04b31a61f8c78c4e48ceededcd2fd5c4ee1bc
|
|
small cleanup post SSHv1 removal:
remove SSHv1-isms in commented examples
reorder token table to group deprecated and compile-time conditional tokens
better
fix config dumping code for some compile-time conditional options that
weren't being correctly skipped (SSHv1 and PKCS#11)
Upstream-ID: f2e96b3cb3158d857c5a91ad2e15925df3060105
|
|
some explicit NULL tests when dumping configured
forwardings; from Karsten Weiss
Upstream-ID: 40957b8dea69672b0e50df6b4a91a94e3e37f72d
|
|
misplaced braces in test; from Karsten Weiss
Upstream-ID: f7b794074d3aae8e35b69a91d211c599c94afaae
|
|
don't dereference authctxt before testing != NULL, it
causes compilers to make assumptions; from Karsten Weiss
Upstream-ID: 794243aad1e976ebc717885b7a97a25e00c031b2
|
