| Age | Commit message (Collapse) | Author |
|---|
|
in description of public key authentication, mention that
the server will send debug messages to the client for some error conditions
after authentication has completed. bz#2709 ok dtucker
Upstream-ID: 750127dbd58c5a2672c2d28bc35fe221fcc8d1dd
|
|
better translate libcrypto errors by looking deeper in
the accursed error stack for codes that indicate the wrong passphrase was
supplied for a PEM key. bz#2699 ok dtucker@
Upstream-ID: 4da4286326d570f4f0489459bb71f6297e54b681
|
|
Add comments referring to the relevant RFC sections for
rekeying behaviour.
Upstream-ID: 6fc8e82485757a27633f9175ad00468f49a07d40
|
|
Drop PRIV_DAX_ACCESS and PRIV_SYS_IB_INFO.
Patch from huieying.lee AT oracle.com via bz#2723
|
|
|
|
unbreak after sshv1 purge
Upstream-Regress-ID: 8ea01a92d5f571b9fba88c1463a4254a7552d51b
|
|
Fix compression output stats broken in rev 1.201. Patch
originally by Russell Coker via Debian bug #797964 and Christoph Biedl. ok
djm@
Upstream-ID: 83a1903b95ec2e4ed100703debb4b4a313b01016
|
|
rationalise the long list of manual CDIAGFLAGS that we
add; most of these were redundant to -Wall -Wextra
Upstream-ID: ea80f445e819719ccdcb237022cacfac990fdc5c
|
|
no need to bzero allocated space now that we use use
recallocarray; ok deraadt@
Upstream-ID: 53333c62ccf97de60b8cb570608c1ba5ca5803c8
|
|
unconditionally zero init size of buffer; ok markus@
deraadt@
Upstream-ID: 218963e846d8f26763ba25afe79294547b99da29
|
|
|
|
some warnings spotted by clang; ok markus@
Upstream-ID: 24381d68ca249c5cee4388ceb0f383fa5b43991b
|
|
recallocarray() needs getpagesize() so add a tiny replacement for that.
|
|
|
|
fix casts re constness
Upstream-ID: e38f2bac162b37dbaf784d349c8327a6626fa266
|
|
make sure we don't pass a NULL string to vfprintf
(triggered by the principals-command regress test); ok bluhm
Upstream-ID: eb49854f274ab37a0b57056a6af379a0b7111990
|
|
use SO_ZEROIZE for privsep communication (if available)
Upstream-ID: abcbb6d2f8039fc4367a6a78096e5d5c39de4a62
|
|
Switch to recallocarray() for a few operations. Both
growth and shrinkage are handled safely, and there also is no need for
preallocation dances. Future changes in this area will be less error prone.
Review and one bug found by markus
Upstream-ID: 822d664d6a5a1d10eccb23acdd53578a679d5065
|
|
These shutdown() SHUT_RDWR are not needed before close()
ok djm markus claudio
Upstream-ID: 36f13ae4ba10f5618cb9347933101eb4a98dbcb5
|
|
clear session keys from memory; ok djm@
Upstream-ID: ecd178819868975affd5fd6637458b7c712b6a0f
|
|
remove now obsolete ctx from ssh_dispatch_run; ok djm@
Upstream-ID: 9870aabf7f4d71660c31fda91b942b19a8e68d29
|
|
use the ssh_dispatch_run_fatal variant
Upstream-ID: 28c5b364e37c755d1b22652b8cd6735a05c625d8
|
|
another ctx => ssh conversion (in GSSAPI code)
Upstream-ID: 4d6574c3948075c60608d8e045af42fe5b5d8ae0
|
|
git cvsimport missed this commit for some reason
|
|
spell out that custom options/extensions should follow the
usual SSH naming rules, e.g. "extension@example.com"
Upstream-ID: ab326666d2fad40769ec96b5a6de4015ffd97b8d
|
|
one more void *ctx => struct ssh *ssh conversion
Upstream-ID: d299d043471c10214cf52c03daa10f1c232759e2
|
|
fix possible OOB strlen() in SOCKS4A hostname parsing;
ok markus@
Upstream-ID: c67297cbeb0e5a19d81752aa18ec44d31270cd11
|
|
tweak previous;
Upstream-ID: 66987651046c42d142f7318c9695fb81a6d14031
|
|
Add RemoteCommand option to specify a command in the
ssh config file instead of giving it on the client's command line. This
command will be executed on the remote host. The feature allows to automate
tasks using ssh config. OK markus@
Upstream-ID: 5d982fc17adea373a9c68cae1021ce0a0904a5ee
|
|
switch auth2 to ssh_dispatch API; ok djm@
Upstream-ID: a752ca19e2782900dd83060b5c6344008106215f
|
|
switch auth2-none.c to modern APIs; ok djm@
Upstream-ID: 07252b58e064d332214bcabbeae8e08c44b2001b
|
|
switch auth2-passwd.c to modern APIs; ok djm@
Upstream-ID: cba0a8b72b4f97adfb7e3b3fd2f8ba3159981fc7
|
|
switch auth2-hostbased.c to modern APIs; ok djm@
Upstream-ID: 146af25c36daeeb83d5dbbb8ca52b5d25de88f4e
|
|
protocol handlers all get struct ssh passed; ok djm@
Upstream-ID: 0ca9ea2a5d01a6d2ded94c5024456a930c5bfb5d
|
|
ssh: pass struct ssh to auth functions, too; ok djm@
Upstream-ID: d13c509cc782f8f19728fbea47ac7cf36f6e85dd
|
|
sshd: pass struct ssh to auth functions; ok djm@
Upstream-ID: b00a80c3460884ebcdd14ef550154c761aebe488
|
|
remove unused wrapper functions from key.[ch]; ok djm@
Upstream-ID: ea0f4016666a6817fc11f439dd4be06bab69707e
|
|
sshkey_new() might return NULL (pkcs#11 code only); ok
djm@
Upstream-ID: de9f2ad4a42c0b430caaa7d08dea7bac943075dd
|
|
switch sshconnect.c to modern APIs; ok djm@
Upstream-ID: 27be17f84b950d5e139b7a9b281aa487187945ad
|
|
switch auth2-pubkey.c to modern APIs; with & ok djm@
Upstream-ID: 8f08d4316eb1b0c4ffe4a206c05cdd45ed1daf07
|
|
switch from Key typedef with struct sshkey; ok djm@
Upstream-ID: 3067d33e04efbe5131ce8f70668c47a58e5b7a1f
|
|
remove ssh1 references; ok djm@
Upstream-ID: fc23b7578e7b0a8daaec72946d7f5e58ffff5a3d
|
|
revise sshkey_load_public(): remove ssh1 related
comments, remove extra open()/close() on keyfile, prevent leak of 'pub' if
'keyp' is NULL, replace strlcpy+cat with asprintf; ok djm@
Upstream-ID: 6175e47cab5b4794dcd99c1175549a483ec673ca
|
|
sshbuf_consume: reset empty buffer; ok djm@
Upstream-ID: 0d4583ba57f69e369d38bbd7843d85cac37fa821
|
|
remove SSH_CHANNEL_XXX_DRAINING (ssh1 only); ok djm@
Upstream-ID: e2e225b6ac67b84dd024f38819afff2554fafe42
|
|
remove channel_input_close_confirmation (ssh1 only); ok
djm@
Upstream-ID: 8e7c8c38f322d255bb0294a5c0ebef53fdf576f1
|
|
fix references to obsolete v00 cert format; spotted by
Jakub Jelen
Upstream-ID: 7600ce193ab8fd19451acfe24fc2eb39d46b2c4f
|
|
The cross-compiling fallback message says it's assuming the test
passed, but it didn't actually set the cache var which causes
later tests to fail.
|
|
there's no reason to artificially limit the key path
here, just check that it fits PATH_MAX; spotted by Matthew Patton
Upstream-ID: 858addaf2009c9cf04d80164a41b2088edb30b58
|
|
Now that we no longer support SSHv1, replace the contents
of this file with a pointer to
https://tools.ietf.org/html/draft-miller-ssh-agent-00 It's better edited,
doesn't need to document stuff we no longer implement and does document stuff
that we do implement (RSA SHA256/512 signature flags)
Upstream-ID: da8cdc46bbcc266efabd565ddddd0d8e556f846e
|
