summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-06-06upstream commitdtucker@openbsd.org
Back out 'plug memleak'. Upstream-ID: 4faacdde136c24a961e24538de373660f869dbc0
2016-06-06upstream commitdjm@openbsd.org
prefer agent-hosted keys to keys from PKCS#11; ok markus Upstream-ID: 7417f7653d58d6306d9f8c08d0263d050e2fd8f4
2016-06-06upstream commitdtucker@openbsd.org
Plug mem leak in filter_proposal. ok djm@ Upstream-ID: bf968da7cfcea2a41902832e7d548356a4e2af34
2016-06-03Update vis.h and vis.c from OpenBSD.Darren Tucker
This will be needed for the upcoming utf8 changes.
2016-05-31modified: configure.acTim Rice
whitspace clean up. No code changes.
2016-05-31whitespace at EOLDamien Miller
2016-05-30Add missing ssh-host-config --name optionDarren Tucker
Patch from vinschen@redhat.com.
2016-05-20Fix comment about sshpam_const and AIX.Darren Tucker
From mschwager via github.
2016-05-20Deny lstat syscalls in seccomp sandboxDamien Miller
Avoids sandbox violations for some krb/gssapi libraries.
2016-05-19upstream commitdjm@openbsd.org
fix type of ed25519 values Upstream-ID: b32d0cb372bbe918ca2de56906901eae225a59b0
2016-05-19upstream commitmarkus@openbsd.org
add IdentityAgent; noticed & ok jmc@ Upstream-ID: 4ba9034b00a4cf1beae627f0728da897802df88a
2016-05-19upstream commitmarkus@openbsd.org
allow setting IdentityAgent to SSH_AUTH_SOCK; ok djm@ Upstream-ID: 20c508480d8db3eef18942c0fc39b1fcf25652ac
2016-05-19upstream commitmarkus@openbsd.org
move SSH_MSG_NONE, so we don't have to include ssh1.h; ok deraadt@ Upstream-ID: c2f97502efc761a41b18c17ddf460e138ca7994e
2016-05-10initialise salen in binresvport_saDamien Miller
avoids failures with UsePrivilegedPort=yes patch from Juan Gallego
2016-05-05upstream commitmarkus@openbsd.org
missing const in prototypes (ssh1) Upstream-ID: 789c6ad4928b5fa557369b88c3a6a34926082c05
2016-05-05upstream commitdtucker@openbsd.org
Fix inverted logic for updating StreamLocalBindMask which would cause the server to set an invalid mask. ok djm@ Upstream-ID: 8a4404c8307a5ef9e07ee2169fc6d8106b527587
2016-05-05upstream commitmarkus@openbsd.org
IdentityAgent for specifying specific agent sockets; ok djm@ Upstream-ID: 3e6a15eb89ea0fd406f108826b7dc7dec4fbfac1
2016-05-05upstream commitdjm@openbsd.org
fix junk characters after quotes Upstream-ID: cc4d0cd32cb6b55a2ef98975d2f7ae857d0dc578
2016-05-05upstream commitjmc@openbsd.org
correct article; Upstream-ID: 1fbd5b7ab16d2d9834ec79c3cedd4738fa42a168
2016-05-04upstream commitdjm@openbsd.org
fix overriding of StreamLocalBindMask and StreamLocalBindUnlink in Match blocks; found the hard way Rogan Dawes Upstream-ID: 940bc69ec0249ab428d24ccd0722ce35cb932ee2
2016-05-04upstream commitdjm@openbsd.org
don't forget to include StreamLocalBindUnlink in the config dump output Upstream-ID: 14a6d970b3b45c8e94272e3c661e9a0b2a0ee7cb
2016-05-04upstream commitdjm@openbsd.org
make nethack^wrandomart fingerprint flag more readily searchable pointed out by Matt Johnston Upstream-ID: cb40d0235dc153c478c1aad3bc60b195422a54fb
2016-05-04upstream commitdjm@openbsd.org
clarify ordering of subkeys; pointed out by ietf-ssh AT stbuehler.de Upstream-ID: 05ebe9f949449a555ebce8e0aad7c8c9acaf8463
2016-05-03upstream commitdtucker@openbsd.org
Use a subshell for constructing key types to work around different sed behaviours for -portable. Upstream-Regress-ID: 0f6eb673162df229eda9a134a0f10da16151552d
2016-05-03upstream commitdjm@openbsd.org
correct some typos and remove a long-stale XXX note. add specification for ed25519 certificates mention no host certificate options/extensions are currently defined pointed out by Simon Tatham Upstream-ID: 7b535ab7dba3340b7d8210ede6791fdaefdf839a
2016-05-03upstream commitdjm@openbsd.org
add ed25519 keys that are supported but missing from this documents; from Peter Moody Upstream-ID: 8caac2d8e8cfd2fca6dc304877346e0a064b014b
2016-05-03upstream commitdtucker@openbsd.org
Implement IUTF8 as per draft-sgtatham-secsh-iutf8-00. Patch from Simon Tatham, ok markus@ Upstream-ID: 58268ebdf37d9d467f78216c681705a5e10c58e8
2016-05-03upstream commitdjm@openbsd.org
unbreak config parsing on reexec from previous commit Upstream-ID: bc69932638a291770955bd05ca55a32660a613ab
2016-05-02upstream commitdjm@openbsd.org
unit and regress tests for SHA256/512; ok markus Upstream-Regress-ID: a0cd1a92dc824067076a5fcef83c18df9b0bf2c6
2016-05-02upstream commitdjm@openbsd.org
add support for additional fixed DH groups from draft-ietf-curdle-ssh-kex-sha2-03 diffie-hellman-group14-sha256 (2K group) diffie-hellman-group16-sha512 (4K group) diffie-hellman-group18-sha512 (8K group) based on patch from Mark D. Baushke and Darren Tucker ok markus@ Upstream-ID: ac00406ada4f0dfec41585ca0839f039545bc46f
2016-05-02upstream commitdjm@openbsd.org
support SHA256 and SHA512 RSA signatures in certificates; ok markus@ Upstream-ID: b45be2f2ce8cacd794dc5730edaabc90e5eb434a
2016-05-02upstream commitdjm@openbsd.org
fix signed/unsigned errors reported by clang-3.7; add sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with better safety checking; feedback and ok markus@ Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820
2016-04-29upstream commitdjm@openbsd.org
close ControlPersist background process stderr when not in debug mode or when logging to a file or syslog. bz#1988 ok dtucker Upstream-ID: 4fb726f0fdcb155ad419913cea10dc4afd409d24
2016-04-29upstream commitdjm@openbsd.org
fix comment Upstream-ID: 313a385bd7b69a82f8e28ecbaf5789c774457b15
2016-04-28upstream commitjmc@openbsd.org
cidr permitted for {allow,deny}users; from lars nooden ok djm Upstream-ID: 13e7327fe85f6c63f3f7f069e0fdc8c351515d11
2016-04-21upstream commitdjm@openbsd.org
make argument == NULL tests more consistent Upstream-ID: dc4816678704aa5cbda3a702e0fa2033ff04581d
2016-04-21upstream commitjmc@openbsd.org
tweak previous; Upstream-ID: 46c1bab91c164078edbccd5f7d06b9058edd814f
2016-04-15upstream commitdjm@openbsd.org
missing bit of Include regress Upstream-Regress-ID: 1063595f7f40f8489a1b7a27230b9e8acccea34f
2016-04-15upstream commitdjm@openbsd.org
remove redundant CLEANFILES section Upstream-Regress-ID: 29ef1b267fa56daa60a1463396635e7d53afb587
2016-04-15upstream commitdjm@openbsd.org
sync CLEANFILES with portable, sort Upstream-Regress-ID: cb782f4f1ab3e079efbc335c6b64942f790766ed
2016-04-15upstream commitdjm@openbsd.org
regression test for ssh_config Include directive Upstream-Regress-ID: 46a38c8101f635461c506d1aac2d96af80f97f1e
2016-04-15upstream commitdjm@openbsd.org
unbreak test for recent ssh de-duplicated forwarding change Upstream-Regress-ID: 6b2b115d99acd7cff13986e6739ea214cf2a3da3
2016-04-15upstream commitdjm@openbsd.org
add test knob and warning for StrictModes Upstream-Regress-ID: 8cd10952ce7898655ee58945904f2a0a3bdf7682
2016-04-15upstream commitdjm@openbsd.org
Include directive for ssh_config(5); feedback & ok markus@ Upstream-ID: ae3b76e2e343322b9f74acde6f1e1c5f027d5fff
2016-04-13ignore PAM environment vars when UseLogin=yesDamien Miller
If PAM is configured to read user-specified environment variables and UseLogin=yes in sshd_config, then a hostile local user may attack /bin/login via LD_PRELOAD or similar environment variables set via PAM. CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
2016-04-13upstream commitdjm@openbsd.org
make private key loading functions consistently handle NULL key pointer arguments; ok markus@ Upstream-ID: 92038726ef4a338169c35dacc9c5a07fcc7fa761
2016-04-08Remove NO_IPPORT_RESERVED_CONCEPTDarren Tucker
Replace by defining IPPORT_RESERVED to zero on Cygwin, which should have the same effect without causing problems syncing patches with OpenBSD. Resync the two affected functions with OpenBSD. ok djm, sanity checked by Corinna.
2016-04-08upstream commitdjm@openbsd.org
whitespace at EOL Upstream-ID: 5beffd4e001515da12851b974e2323ae4aa313b6
2016-04-08upstream commitdjm@openbsd.org
We accidentally send an empty string and a zero uint32 with every direct-streamlocal@openssh.com channel open, in contravention of our own spec. Fixing this is too hard wrt existing versions that expect these fields to be present and fatal() if they aren't, so document them as "reserved" fields in the PROTOCOL spec as though we always intended this and let us never speak of it again. bz#2529, reported by Ron Frederick Upstream-ID: 34cd326a4d236ca6e39084c4ff796bd97ab833e7
2016-04-08upstream commitdjm@openbsd.org
don't record duplicate LocalForward and RemoteForward entries; fixes failure with ExitOnForwardFailure+hostname canonicalisation where the same forwards are added on the second pass through the configuration file. bz#2562; ok dtucker@ Upstream-ID: 40a51d68b6300f1cc61deecdb7d4847b8b7b0de1