Age | Commit message (Collapse) | Author |
|
change the multiplexing state, not just new sessions.
mention that confirmation is checked via ssh-askpass
OpenBSD-Commit-ID: 0f1b45551ebb9cc5c9a4fe54ad3b23ce90f1f5c2
|
|
and the only issue is showing an unknown error (since it's not defined)
during fatal(), if it ever an error occurs inside that condition.
OK deraadt@ markus@ djm@
OpenBSD-Commit-ID: acb0a8e6936bfbe590504752d01d1d251a7101d8
|
|
OK dtucker@
OpenBSD-Commit-ID: ec1568cf27726e9638a0415481c20c406e7b441c
|
|
Based on github pull request #99 from Darren Maffat at Oracle: Solaris'
getgrouplist considers _SC_NGROUPS_MAX more of a guideline and can return
a larger number of groups. In this case, retry getgrouplist with a
larger array and defer allocating groups_byname. ok djm@
|
|
Patch from jjelen at redhat via bz#2687. (OpenSSH never calls
setproctitle with a null format so len is always initialized).
|
|
Patch from jjelen at redhat via bz#2687.
|
|
Specifically SKIP_UNIT, USE_VALGRING and LTESTS. Sort the list of
environment variables.
Based on patch from Jakub Jelen
|
|
Previous path was exceeding max socket length on at least one platform (OSX)
|
|
|
|
Patch from Jakub Jelen
|
|
OpenBSD-Commit-ID: 5c019104c280cbd549a264a7217b67665e5732dc
|
|
Treating that as a safe encoding is OK because even when other systems return
that string for real ISO8859-1, it is still safe in the sense that it is
ASCII-compatible and stateless.
Issue reported by Val dot Baranov at duke dot edu. Additional
information provided by Michael dot Felt at felt dot demon dot nl.
Tested by Michael Felt on AIX 6.1 and by Val Baranov on AIX 7.1.
Tweak and OK djm@.
OpenBSD-Commit-ID: 36f1210e0b229817d10eb490d6038f507b8256a7
|
|
remove obsolete and un-needed include
|
|
|
|
|
|
Cygwin's latest 7.x GCC allows to specify -mfunction-return=thunk
as well as -mindirect-branch=thunk on the command line, albeit
producing invalid code, leading to an error at link stage.
The check in configure.ac only checks if the option is present,
but not if it produces valid code.
This patch fixes it by special-casing Cygwin. Another solution
may be to change these to linker checks.
Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
|
|
Further header file standarization in Cygwin uncovered a lazy
indirect include in bsd-cygwin_util.c
Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
|
|
causes double-free under some circumstances.
--
date: 2018/07/31 03:07:24; author: djm; state: Exp; lines: +33 -18; commitid: f7g4UI8eeOXReTPh;
fix some memory leaks spotted by Coverity via Jakub Jelen in bz#2366
feedback and ok dtucker@
OpenBSD-Commit-ID: 1e77547f60fdb5e2ffe23e2e4733c54d8d2d1137
|
|
deraadt@ markus@
OpenBSD-Commit-ID: 5a557e74b839daf13cc105924d2af06a1560faee
|
|
|
|
understand the new key format so convert back to old format to create the
PuTTY key and remove it once done.
OpenBSD-Regress-ID: 2a449a18846c3a144bc645135b551ba6177e38d3
|
|
OpenBSD-Commit-ID: 40d839db0977b4e7ac8b647b16d5411d4faf2f60
|
|
While I'm here, describe and link to the remaining local PROTOCOL.*
docs that weren't already mentioned (PROTOCOL.key, PROTOCOL.krl and
PROTOCOL.mux)
OpenBSD-Commit-ID: 2a900f9b994ba4d53e7aeb467d44d75829fd1231
|
|
OpenBSD-Commit-ID: bc7a1764dff23fa4c5ff0e3379c9c4d5b63c9596
|
|
suported by OpenSSH >= 6.5 (released January 2014), so it should be supported
by most OpenSSH versions in active use.
It is possible to convert new-format private keys to the older
format using "ssh-keygen -f /path/key -pm PEM".
ok deraadt dtucker
OpenBSD-Commit-ID: e3bd4f2509a2103bfa2f710733426af3ad6d8ab8
|
|
avoids unlikely double-free later. Reported by Viktor Dukhovni via
https://github.com/openssh/openssh-portable/pull/96 feedback jsing@ tb@
OpenBSD-Commit-ID: e317eb17c3e05500ae851f279ef6486f0457c805
|
|
=?UTF-8?q?ating=20user=20until=20after=20the=20packet=20containing=20the?=
=?UTF-8?q?=20request=20has=20been=20fully=20parsed.=20Reported=20by=20Dar?=
=?UTF-8?q?iusz=20Tytko=20and=20Micha=C5=82=20Sajdak;=20ok=20deraadt?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
OpenBSD-Commit-ID: b4891882fbe413f230fe8ac8a37349b03bd0b70d
|
|
in bz#2366 feedback and ok dtucker@
OpenBSD-Commit-ID: 8402bbae67d578bedbadb0ce68ff7c5a136ef563
|
|
Most people will 1) be using modern multi-factor authentication methods
like TOTP/OATH etc and 2) be getting support for multi-factor
authentication via PAM or BSD Auth.
|
|
OpenBSD-Commit-ID: aea3b5512ad681cd8710367d743e8a753d4425d9
|
|
original_real_uid and original_effective_uid globals and replace with calls
to plain getuid(). ok djm@
OpenBSD-Commit-ID: 92561c0cd418d34e6841e20ba09160583e27b68c
|
|
cannot be setuid and sshd always has privsep on, we can remove the uid checks
for low port binds and just let the system do the check. We leave a sanity
check for the !privsep case so long as the code is stil there. with & ok
djm@
OpenBSD-Commit-ID: 9535cfdbd1cd54486fdbedfaee44ce4367ec7ca0
|
|
to crc32 which went with protocol 1. Pointed out by deraadt@.
OpenBSD-Commit-ID: f8763c25fd96ed91dd1abdab5667fd2e27e377b6
|
|
Truncation cannot happen unless the system has set PATH_MAX to some
nonsensically low value.
bz#2862, patch from Daniel Le
|
|
|
|
bsd.*.mk ok markus
OpenBSD-Commit-ID: 814b2f670df75759e1581ecef530980b2b3d7e0f
|
|
OpenBSD-Commit-ID: b5149a6d92b264d35f879d24608087b254857a83
|
|
load_public_identity_files instead of calling getpwuid() again and discarding
the argument. This prevents a client crash where tilde_expand_filename calls
getpwuid() again before the pwent pointer is used. Issue noticed and reported
by Pierre-Olivier Martel <pom@apple.com> ok djm@ deraadt@
OpenBSD-Commit-ID: a067d74b5b098763736c94cc1368de8ea3f0b157
|
|
OpenBSD-Commit-ID: 61c1306542cefdc6e59ac331751afe961557427d
|
|
characters instead the C API in section 3.
OK millert jmc nicm, "the right idea" deraadt
OpenBSD-Commit-ID: a74fd215488c382809e4d041613aeba4a4b1ffc6
|
|
since the former is no longer enabled by default. Pointed out by Daniel A.
Maierhofer, ok jmc
OpenBSD-Commit-ID: 6a196cef53d7524e0c9b58cdbc1b5609debaf8c7
|
|
lists have comma-separated elements; bz#2663 from Hans Meier
OpenBSD-Commit-ID: 931c983d0fde4764d0942fb2c2b5017635993b5a
|
|
Adds a regress/mkdtemp tool and uses it to create empty temp
directories for tests needing control sockets.
Patch from Colin Watson via bz#2660; ok dtucker
|
|
OpenBSD-Commit-ID: 8d274a9b467c7958df12668b49144056819f79f1
|
|
OpenBSD-Commit-ID: eff4ec07c6c8c5483533da43a4dda37d72ef7f1d
|
|
Some versions of OpenSSL have "free_func" in their headers, which zlib
typedefs. Including openssl after zlib (eg via sshkey.h) results in
"syntax error before `free_func'", which this fixes.
|
|
ssh(1) setuid has been removed, remove supporting code and clean up
references to it in the man pages
We have not shipped ssh(1) the setuid bit since 2002. If ayone
really needs to make connections from a low port number this can
be implemented via a small setuid ProxyCommand.
ok markus@ jmc@ djm@
OpenBSD-Commit-ID: d03364610b7123ae4c6792f5274bd147b6de717e
|
|
attempted. Do not link uidwap.c into ssh any more. Neuters
UsePrivilegedPort, which will be marked as deprecated shortly. ok markus@
djm@
OpenBSD-Commit-ID: c4ba5bf9c096f57a6ed15b713a1d7e9e2e373c42
|
|
but that is now gone and the slot is unused so remove it. Remove two
now-unused macros, and add an array bounds check to the two remaining ones
(array is statically sized, so mostly a safety check on future changes). ok
markus@
OpenBSD-Commit-ID: 2e4c0ca6cc1d8daeccead2aa56192a3f9d5e1e7a
|
|
directly in ssh(1) and always use ssh-keysign. This removes one of the few
remaining reasons why ssh(1) might be setuid. ok markus@
OpenBSD-Commit-ID: 97f01e1448707129a20d75f86bad5d27c3cf0b7d
|