summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-07-15upstream commitmarkus@openbsd.org
adapt tests to new minimum RSA size and default FP format Upstream-Regress-ID: a4b30afd174ce82b96df14eb49fb0b81398ffd0e
2015-07-15upstream commitdjm@openbsd.org
legacy v00 certificates are gone; adapt and don't try to test them; "sure" markus@ dtucker@ Upstream-Regress-ID: c57321e69b3cd4a3b3396dfcc43f0803d047da12
2015-07-15upstream commitdjm@openbsd.org
don't expect SSH v.1 in unittests Upstream-Regress-ID: f8812b16668ba78e6a698646b2a652b90b653397
2015-07-15upstream commitdjm@openbsd.org
turn SSH1 back on to match src/usr.bin/ssh being tested Upstream-Regress-ID: 6c4f763a2f0cc6893bf33983919e9030ae638333
2015-07-15upstream commitdtucker@openbsd.org
Add "PuTTY_Local:" to the clients to which we do not offer DH-GEX. This was the string that was used for development versions prior to September 2014 and they don't do RFC4419 DH-GEX, but unfortunately there are some extant products based on those versions. bx2424 from Jay Rouman, ok markus@ djm@ Upstream-ID: be34d41e18b966832fe09ca243d275b81882e1d5
2015-07-15upstream commitmarkus@openbsd.org
Turn off DSA by default; add HostKeyAlgorithms to the server and PubkeyAcceptedKeyTypes to the client side, so it still can be tested or turned back on; feedback and ok djm@ Upstream-ID: 8450a9e6d83f80c9bfed864ff061dfc9323cec21
2015-07-15upstream commitmarkus@openbsd.org
re-enable ed25519-certs if compiled w/o openssl; ok djm Upstream-ID: e10c90808b001fd2c7a93778418e9b318f5c4c49
2015-07-15upstream commitmarkus@openbsd.org
no need to include the old buffer/key API Upstream-ID: fb13c9f7c0bba2545f3eb0a0e69cb0030819f52b
2015-07-15upstream commitmarkus@openbsd.org
typedefs for Cipher&CipherContext are unused Upstream-ID: 50e6a18ee92221d23ad173a96d5b6c42207cf9a7
2015-07-15upstream commitmarkus@openbsd.org
xmalloc.h is unused Upstream-ID: afb532355b7fa7135a60d944ca1e644d1d63cb58
2015-07-15upstream commitmarkus@openbsd.org
compress.c is gone Upstream-ID: 174fa7faa9b9643cba06164b5e498591356fbced
2015-07-15upstream commitdjm@openbsd.org
another SSH_RSA_MINIMUM_MODULUS_SIZE that needed cranking Upstream-ID: 9d8826cafe96aab4ae8e2f6fd22800874b7ffef1
2015-07-15upstream commitdjm@openbsd.org
add an XXX reminder for getting correct key paths from sshd_config Upstream-ID: feae52b209d7782ad742df04a4260e9fe41741db
2015-07-15upstream commitdjm@openbsd.org
refuse to generate or accept RSA keys smaller than 1024 bits; feedback and ok dtucker@ Upstream-ID: 7ea3d31271366ba264f06e34a3539bf1ac30f0ba
2015-07-15upstream commitdjm@openbsd.org
turn off 1024 bit diffie-hellman-group1-sha1 key exchange method (already off in server, this turns it off in the client by default too) ok dtucker@ Upstream-ID: f59b88f449210ab7acf7d9d88f20f1daee97a4fa
2015-07-15upstream commitdjm@openbsd.org
delete support for legacy v00 certificates; "sure" markus@ dtucker@ Upstream-ID: b5b9bb5f9202d09e88f912989d74928601b6636f
2015-07-15upstream commitdjm@openbsd.org
Compile-time disable SSH v.1 again Upstream-ID: 1d4b513a3a06232f02650b73bad25100d1b800af
2015-07-15upstream commitdjm@openbsd.org
twiddle PermitRootLogin back Upstream-ID: 2bd23976305d0512e9f84d054e1fc23cd70b89f2
2015-07-01upstream commitdjm@openbsd.org
twiddle; (this commit marks the openssh-6.9 release) Upstream-ID: 78500582819f61dd8adee36ec5cc9b9ac9351234
2015-07-01upstream commitdjm@openbsd.org
better refuse ForwardX11Trusted=no connections attempted after ForwardX11Timeout expires; reported by Jann Horn Upstream-ID: bf0fddadc1b46a0334e26c080038313b4b6dea21
2015-07-01upstream commitdjm@openbsd.org
put back default PermitRootLogin=no Upstream-ID: 7bdedd5cead99c57ed5571f3b6b7840922d5f728
2015-07-01upstream commitdjm@openbsd.org
openssh-6.9 Upstream-ID: 6cfe8e1904812531080e6ab6e752d7001b5b2d45
2015-07-01upstream commitdjm@openbsd.org
reset default PermitRootLogin to 'yes' (momentarily, for release) Upstream-ID: cad8513527066e65dd7a1c16363d6903e8cefa24
2015-07-01crank version numbers for releaseDamien Miller
2015-07-01s/--with-ssh1/--without-ssh1/Damien Miller
2015-06-30upstream commitdjm@openbsd.org
fatal() when a remote window update causes the window value to overflow. Reported by Georg Wicherski, ok markus@ Upstream-ID: ead397a9aceb3bf74ebfa5fcaf259d72e569f351
2015-06-30upstream commitdjm@openbsd.org
Fix math error in remote window calculations that causes eventual stalls for datagram channels. Reported by Georg Wicherski, ok markus@ Upstream-ID: be54059d11bf64e0d85061f7257f53067842e2ab
2015-06-30skip IPv6-related portions on hosts without IPv6Damien Miller
with Tim Rice
2015-06-30upstream commitdjm@openbsd.org
add getpid to sandbox, reachable by grace_alarm_handler reported by Jakub Jelen; bz#2419 Upstream-ID: d0da1117c16d4c223954995d35b0f47c8f684cd8
2015-06-27upstream commitdjm@openbsd.org
Fix \-escaping bug that caused forward path parsing to skip two characters and skip past the end of the string. Based on patch by Salvador Fandino; ok dtucker@ Upstream-ID: 7b879dc446335677cbe4cb549495636a0535f3bd
2015-06-25add missing pselect6Damien Miller
patch from Jakub Jelen
2015-06-25upstream commitdjm@openbsd.org
correct test to sshkey_sign(); spotted by Albert S. Upstream-ID: 5f7347f40f0ca6abdaca2edb3bd62f4776518933
2015-06-25upstream commitdtucker@openbsd.org
Revert previous commit. We still want to call setgroups in the case where there are zero groups to remove any that we might otherwise inherit (as pointed out by grawity at gmail.com) and since the 2nd argument to setgroups is always a static global it's always valid to dereference in this case. ok deraadt@ djm@ Upstream-ID: 895b5ac560a10befc6b82afa778641315725fd01
2015-06-25upstream commitdtucker@openbsd.org
Revert previous commit. We still want to call setgroups in the case where there are zero groups to remove any that we might otherwise inherit (as pointed out by grawity at gmail.com) and since the 2nd argument to setgroups is always a static global it's always valid to dereference in this case. ok deraadt@ djm@ Upstream-ID: 895b5ac560a10befc6b82afa778641315725fd01
2015-06-23upstream commitdjm@openbsd.org
Don't count successful partial authentication as failures in monitor; this may have caused the monitor to refuse multiple authentications that would otherwise have successfully completed; ok markus@ Upstream-ID: eb74b8e506714d0f649bd5c300f762a527af04a3
2015-06-23upstream commitdtucker@openbsd.org
Don't call setgroups if we have zero groups; there's no guarantee that it won't try to deref the pointer. Based on a patch from mail at quitesimple.org, ok djm deraadt Upstream-ID: 2fff85e11d7a9a387ef7fddf41fbfaf566708ab1
2015-06-18fix syntax errorDamien Miller
2015-06-17upstream commitjsing@openbsd.org
If AuthorizedPrincipalsCommand is specified, however AuthorizedPrincipalsFile is not (or is set to "none"), authentication will potentially fail due to key_cert_check_authority() failing to locate a principal that matches the username, even though an authorized principal has already been matched in the output of the subprocess. Fix this by using the same logic to determine if pw->pw_name should be passed, as is used to determine if a authorized principal must be matched earlier on. ok djm@ Upstream-ID: 43b42302ec846b0ea68aceb40677245391b9409d
2015-06-17upstream commitjsing@openbsd.org
Make the arguments to match_principals_command() similar to match_principals_file(), by changing the last argument a struct sshkey_cert * and dereferencing key->cert in the caller. No functional change. ok djm@ Upstream-ID: 533f99b844b21b47342b32b62e198dfffcf8651c
2015-06-17trivial optimisation for seccomp-bpfDamien Miller
When doing arg inspection and the syscall doesn't match, skip past the instruction that reloads the syscall into the accumulator, since the accumulator hasn't been modified at this point.
2015-06-17aarch64 support for seccomp-bpf sandboxDamien Miller
Also resort and tidy syscall list. Based on patches by Jakub Jelen bz#2361; ok dtucker@
2015-06-15upstream commitdjm@openbsd.org
return failure on RSA signature error; reported by Albert S Upstream-ID: e61bb93dbe0349625807b0810bc213a6822121fa
2015-06-09Fix t12 rules for out of tree builds.Tim Rice
2015-06-07upstream commitmillert@openbsd.org
For "ssh -L 12345:/tmp/sock" don't fail with "No forward host name." (we have a path, not a host name). Based on a diff from Jared Yanovich. OK djm@ Upstream-ID: 2846b0a8c7de037e33657f95afbd282837fc213f
2015-06-05upstream commitdjm@openbsd.org
typo: accidental repetition; bz#2386 Upstream-ID: 45e620d99f6bc301e5949d34a54027374991c88b
2015-06-05Add Linux powerpc64le and powerpcle entries.Darren Tucker
Stopgap to resolve bz#2409 because we are so close to release and will update config.guess and friends shortly after the release. ok djm@
2015-06-03Merge branch 'master' of git.mindrot.org:/var/git/opensshTim Rice
2015-06-03Remove unneeded backslashes. Patch from Ángel GonzálezTim Rice
2015-06-04Remove redundant include of stdarg.h. bz#2410Darren Tucker
2015-06-04upstream commitdjm@openbsd.org
mention CheckHostIP adding addresses to known_hosts; bz#1993; ok dtucker@ Upstream-ID: fd44b68440fd0dc29abf9f2d3f703d74a2396cb7