| Age | Commit message (Collapse) | Author |
|---|
|
Make ssh_packet_set_rekey_limits take u32 for the number of
seconds until rekeying (negative values are rejected at config parse time).
This allows the removal of some casts and a signed vs unsigned comparison
warning.
rekey_time is cast to int64 for the comparison which is a no-op
on OpenBSD, but should also do the right thing in -portable on
anything still using 32bit time_t (until the system time actually
wraps, anyway).
some early guidance deraadt@, ok djm@
Upstream-ID: c9f18613afb994a07e7622eb326f49de3d123b6c
|
|
In vasnmprintf() return an error if malloc fails and
don't set a function argument to the address of free'd memory.
ok djm@
Upstream-ID: 1efffffff2f51d53c9141f245b90ac23d33b9779
|
|
Return true reason for port forwarding failures where
feasible rather than always "administratively prohibited". bz#2674, ok djm@
Upstream-ID: d901d9887951774e604ca970e1827afaaef9e419
|
|
Small correction to the known_hosts section on when it is
updated. Patch from lkppo at free.fr some time ago, pointed out by smallm at
sdf.org
Upstream-ID: 1834d7af179dea1a12ad2137f84566664af225d5
|
|
Having _XOPEN_SOURCE unconditionally causes problems on some platforms
and configurations, notably Solaris 64-bit binaries. It was there for
the benefit of Linux put the required bits in the *-*linux* section.
Patch from yvoinov at gmail.com.
|
|
fully unbreak: some $SSH invocations did not have -F
specified and could pick up the ~/.ssh/config of the user running the tests
Upstream-Regress-ID: f362d1892c0d3e66212d5d3fc02d915c58ef6b89
|
|
partially unbreak: was not specifying hostname on some
$SSH invocations
Upstream-Regress-ID: bc8a5e98e57bad0a92ef4f34ed91c1d18294e2cc
|
|
revise keys/principals command hang fix (bz#2655) to
consume entire output, avoiding sending SIGPIPE to subprocesses early; ok
dtucker@
Upstream-ID: 7cb04b31a61f8c78c4e48ceededcd2fd5c4ee1bc
|
|
small cleanup post SSHv1 removal:
remove SSHv1-isms in commented examples
reorder token table to group deprecated and compile-time conditional tokens
better
fix config dumping code for some compile-time conditional options that
weren't being correctly skipped (SSHv1 and PKCS#11)
Upstream-ID: f2e96b3cb3158d857c5a91ad2e15925df3060105
|
|
some explicit NULL tests when dumping configured
forwardings; from Karsten Weiss
Upstream-ID: 40957b8dea69672b0e50df6b4a91a94e3e37f72d
|
|
misplaced braces in test; from Karsten Weiss
Upstream-ID: f7b794074d3aae8e35b69a91d211c599c94afaae
|
|
don't dereference authctxt before testing != NULL, it
causes compilers to make assumptions; from Karsten Weiss
Upstream-ID: 794243aad1e976ebc717885b7a97a25e00c031b2
|
|
use correct ssh-add program; bz#2654, from Colin Watson
Upstream-Regress-ID: 7042a36e1bdaec6562f6e57e9d047efe9c7a6030
|
|
Account for timeouts in the integrity tests as failures.
If the first test in a series for a given MAC happens to modify the low
bytes of a packet length, then ssh will time out and this will be
interpreted as a test failure. Patch from cjwatson at debian.org via
bz#2658.
Upstream-Regress-ID: e7467613b0badedaa300bc6fc7495ec2f44e2fb9
|
|
Make forwarding test less racy by using unix domain
sockets instead of TCP ports where possible. Patch from cjwatson at
debian.org via bz#2659.
Upstream-Regress-ID: 4756375aac5916ef9d25452a1c1d5fa9e90299a9
|
|
Fix typo in ~C error message for bad port forward
cancellation. bz#2672, from Brad Marshall via Colin Watson and Ubuntu's
bugtracker.
Upstream-ID: 0d4a7e5ead6cc59c9a44b4c1e5435ab3aada09af
|
|
The POSIX APIs that that sockaddrs all ignore the s*_len
field in the incoming socket, so userspace doesn't need to set it unless it
has its own reasons for tracking the size along with the sockaddr.
ok phessler@ deraadt@ florian@
Upstream-ID: ca6e49e2f22f2b9e81d6d924b90ecd7e422e7437
|
|
keep the tokens list sorted;
Upstream-ID: b96239dae4fb3aa94146bb381afabcc7740a1638
|
|
fix previous
Upstream-ID: c107d6a69bc22325d79fbf78a2a62e04bcac6895
|
|
show a useful error message when included config files
can't be opened; bz#2653, ok dtucker@
Upstream-ID: f598b73b5dfe497344cec9efc9386b4e5a3cb95b
|
|
sshd_config is documented to set
GSSAPIStrictAcceptorCheck=yes by default, so actually make it do this.
bz#2637 ok dtucker
Upstream-ID: 99ef8ac51f17f0f7aec166cb2e34228d4d72a665
|
|
Avoid confusing error message when attempting to use
ssh-keyscan built without SSH protocol v.1 to scan for v.1 keys; bz#2583
Upstream-ID: 5d214abd3a21337d67c6dcc5aa6f313298d0d165
|
|
Re-add '%k' token for AuthorizedKeysCommand which was
lost during the re-org in rev 1.235. bz#2656, from jboning at gmail.com.
Upstream-ID: 2884e203c02764d7b3fe7472710d9c24bdc73e38
|
|
unbreak Unix domain socket forwarding for root; ok
markus@
Upstream-ID: 6649c76eb7a3fa15409373295ca71badf56920a2
|
|
UseLogin is gone, remove leftover. bz#2665, from cjwatson at debian.org
|
|
relax PKCS#11 whitelist a bit to allow libexec as well as
lib directories.
Upstream-ID: cf5617958e2e2d39f8285fd3bc63b557da484702
|
|
check number of entries in SSH2_FXP_NAME response; avoids
unreachable overflow later. Reported by Jann Horn
Upstream-ID: b6b2b434a6d6035b1644ca44f24cd8104057420f
|
|
fix deadlock when keys/principals command produces a lot of
output and a key is matched early; bz#2655, patch from jboning AT gmail.com
Upstream-ID: e19456429bf99087ea994432c16d00a642060afe
|
|
Patch from HARUYAMA Seigo <haruyama at unixuser org>.
|
|
use standard /bin/sh equality test; from Mike Frysinger
Upstream-Regress-ID: 7b6f0b63525f399844c8ac211003acb8e4b0bec2
|
|
|
|
openssh-7.4
Upstream-ID: 1ee404adba6bbe10ae9277cbae3a94abe2867b79
|
|
remove testcase that depends on exact output and
behaviour of snprintf(..., "%s", NULL)
Upstream-Regress-ID: cab4288531766bd9593cb556613b91a2eeefb56f
|
|
Use LOGNAME to get current user and fall back to whoami if
not set. Mainly to benefit -portable since some platforms don't have whoami.
Upstream-Regress-ID: e3a16b7836a3ae24dc8f8a4e43fdf8127a60bdfa
|
|
Add regression test for AllowUsers and DenyUsers. Patch from
Zev Weiss <zev at bewilderbeest.net>
Upstream-Regress-ID: 8f1aac24d52728398871dac14ad26ea38b533fb9
|
|
Fixes warning pointed out by Zev Weiss <zev at bewilderbeest.net>
|
|
revert to rev1.2; the new bits in this test depend on changes
to ssh that aren't yet committed
Upstream-Regress-ID: 828ffc2c7afcf65d50ff2cf3dfc47a073ad39123
|
|
Move the "stop sshd" code into its own helper function.
Patch from Zev Weiss <zev at bewilderbeest.net>, ok djm@
Upstream-Regress-ID: a113dea77df5bd97fb4633ea31f3d72dbe356329
|
|
regression test for certificates along with private key
with no public half. bz#2617, mostly from Adam Eijdenberg
Upstream-Regress-ID: 2e74dc2c726f4dc839609b3ce045466b69f01115
|
|
Use $SUDO to read pidfile in case root's umask is
restricted. From portable.
Upstream-Regress-ID: f6b1c7ffbc5a0dfb7d430adb2883344899174a98
|
|
Add missing braces in DenyUsers code. Patch from zev at
bewilderbeest.net, ok deraadt@
Upstream-ID: d747ace338dcf943b077925f90f85f789714b54e
|
|
Fix text in error message. Patch from zev at
bewilderbeest.net.
Upstream-ID: deb0486e175e7282f98f9a15035d76c55c84f7f6
|
|
disable Unix-domain socket forwarding when privsep is
disabled
Upstream-ID: ab61516ae0faadad407857808517efa900a0d6d0
|
|
log connections dropped in excess of MaxStartups at
verbose LogLevel; bz#2613 based on diff from Tomas Kuthan; ok dtucker@
Upstream-ID: 703ae690dbf9b56620a6018f8a3b2389ce76d92b
|
|
|
|
These commented-out includes have "Still needed?" comments. Since
they've been commented out for ~13 years I assert that they're not.
|
|
|
|
Fixes build on (at least) Solaris 10.
|
|
Turkish locales are unique in their handling of the letters 'i' and
'I' (yes, they are different letters) and OpenSSH isn't remotely
prepared to deal with that. For now, the best we can do is to force
OpenSSH to use the C/POSIX locale and try to preserve the UTF-8
encoding if possible.
ok dtucker@
|
|
|
