Age | Commit message (Collapse) | Author |
|
prefer agent-hosted keys to keys from PKCS#11; ok markus
Upstream-ID: 7417f7653d58d6306d9f8c08d0263d050e2fd8f4
|
|
Plug mem leak in filter_proposal. ok djm@
Upstream-ID: bf968da7cfcea2a41902832e7d548356a4e2af34
|
|
This will be needed for the upcoming utf8 changes.
|
|
whitspace clean up. No code changes.
|
|
|
|
Patch from vinschen@redhat.com.
|
|
From mschwager via github.
|
|
Avoids sandbox violations for some krb/gssapi libraries.
|
|
fix type of ed25519 values
Upstream-ID: b32d0cb372bbe918ca2de56906901eae225a59b0
|
|
add IdentityAgent; noticed & ok jmc@
Upstream-ID: 4ba9034b00a4cf1beae627f0728da897802df88a
|
|
allow setting IdentityAgent to SSH_AUTH_SOCK; ok djm@
Upstream-ID: 20c508480d8db3eef18942c0fc39b1fcf25652ac
|
|
move SSH_MSG_NONE, so we don't have to include ssh1.h;
ok deraadt@
Upstream-ID: c2f97502efc761a41b18c17ddf460e138ca7994e
|
|
avoids failures with UsePrivilegedPort=yes
patch from Juan Gallego
|
|
missing const in prototypes (ssh1)
Upstream-ID: 789c6ad4928b5fa557369b88c3a6a34926082c05
|
|
Fix inverted logic for updating StreamLocalBindMask which
would cause the server to set an invalid mask. ok djm@
Upstream-ID: 8a4404c8307a5ef9e07ee2169fc6d8106b527587
|
|
IdentityAgent for specifying specific agent sockets; ok
djm@
Upstream-ID: 3e6a15eb89ea0fd406f108826b7dc7dec4fbfac1
|
|
fix junk characters after quotes
Upstream-ID: cc4d0cd32cb6b55a2ef98975d2f7ae857d0dc578
|
|
correct article;
Upstream-ID: 1fbd5b7ab16d2d9834ec79c3cedd4738fa42a168
|
|
fix overriding of StreamLocalBindMask and
StreamLocalBindUnlink in Match blocks; found the hard way Rogan Dawes
Upstream-ID: 940bc69ec0249ab428d24ccd0722ce35cb932ee2
|
|
don't forget to include StreamLocalBindUnlink in the
config dump output
Upstream-ID: 14a6d970b3b45c8e94272e3c661e9a0b2a0ee7cb
|
|
make nethack^wrandomart fingerprint flag more readily
searchable pointed out by Matt Johnston
Upstream-ID: cb40d0235dc153c478c1aad3bc60b195422a54fb
|
|
clarify ordering of subkeys; pointed out by ietf-ssh AT
stbuehler.de
Upstream-ID: 05ebe9f949449a555ebce8e0aad7c8c9acaf8463
|
|
Use a subshell for constructing key types to work around
different sed behaviours for -portable.
Upstream-Regress-ID: 0f6eb673162df229eda9a134a0f10da16151552d
|
|
correct some typos and remove a long-stale XXX note.
add specification for ed25519 certificates
mention no host certificate options/extensions are currently defined
pointed out by Simon Tatham
Upstream-ID: 7b535ab7dba3340b7d8210ede6791fdaefdf839a
|
|
add ed25519 keys that are supported but missing from this
documents; from Peter Moody
Upstream-ID: 8caac2d8e8cfd2fca6dc304877346e0a064b014b
|
|
Implement IUTF8 as per draft-sgtatham-secsh-iutf8-00. Patch
from Simon Tatham, ok markus@
Upstream-ID: 58268ebdf37d9d467f78216c681705a5e10c58e8
|
|
unbreak config parsing on reexec from previous commit
Upstream-ID: bc69932638a291770955bd05ca55a32660a613ab
|
|
unit and regress tests for SHA256/512; ok markus
Upstream-Regress-ID: a0cd1a92dc824067076a5fcef83c18df9b0bf2c6
|
|
add support for additional fixed DH groups from
draft-ietf-curdle-ssh-kex-sha2-03
diffie-hellman-group14-sha256 (2K group)
diffie-hellman-group16-sha512 (4K group)
diffie-hellman-group18-sha512 (8K group)
based on patch from Mark D. Baushke and Darren Tucker
ok markus@
Upstream-ID: ac00406ada4f0dfec41585ca0839f039545bc46f
|
|
support SHA256 and SHA512 RSA signatures in certificates;
ok markus@
Upstream-ID: b45be2f2ce8cacd794dc5730edaabc90e5eb434a
|
|
fix signed/unsigned errors reported by clang-3.7; add
sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with
better safety checking; feedback and ok markus@
Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820
|
|
close ControlPersist background process stderr when not
in debug mode or when logging to a file or syslog. bz#1988 ok dtucker
Upstream-ID: 4fb726f0fdcb155ad419913cea10dc4afd409d24
|
|
fix comment
Upstream-ID: 313a385bd7b69a82f8e28ecbaf5789c774457b15
|
|
cidr permitted for {allow,deny}users; from lars nooden ok djm
Upstream-ID: 13e7327fe85f6c63f3f7f069e0fdc8c351515d11
|
|
make argument == NULL tests more consistent
Upstream-ID: dc4816678704aa5cbda3a702e0fa2033ff04581d
|
|
tweak previous;
Upstream-ID: 46c1bab91c164078edbccd5f7d06b9058edd814f
|
|
missing bit of Include regress
Upstream-Regress-ID: 1063595f7f40f8489a1b7a27230b9e8acccea34f
|
|
remove redundant CLEANFILES section
Upstream-Regress-ID: 29ef1b267fa56daa60a1463396635e7d53afb587
|
|
sync CLEANFILES with portable, sort
Upstream-Regress-ID: cb782f4f1ab3e079efbc335c6b64942f790766ed
|
|
regression test for ssh_config Include directive
Upstream-Regress-ID: 46a38c8101f635461c506d1aac2d96af80f97f1e
|
|
unbreak test for recent ssh de-duplicated forwarding
change
Upstream-Regress-ID: 6b2b115d99acd7cff13986e6739ea214cf2a3da3
|
|
add test knob and warning for StrictModes
Upstream-Regress-ID: 8cd10952ce7898655ee58945904f2a0a3bdf7682
|
|
Include directive for ssh_config(5); feedback & ok markus@
Upstream-ID: ae3b76e2e343322b9f74acde6f1e1c5f027d5fff
|
|
If PAM is configured to read user-specified environment variables
and UseLogin=yes in sshd_config, then a hostile local user may
attack /bin/login via LD_PRELOAD or similar environment variables
set via PAM.
CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
|
|
make private key loading functions consistently handle NULL
key pointer arguments; ok markus@
Upstream-ID: 92038726ef4a338169c35dacc9c5a07fcc7fa761
|
|
Replace by defining IPPORT_RESERVED to zero on Cygwin, which should have
the same effect without causing problems syncing patches with OpenBSD.
Resync the two affected functions with OpenBSD. ok djm, sanity checked
by Corinna.
|
|
whitespace at EOL
Upstream-ID: 5beffd4e001515da12851b974e2323ae4aa313b6
|
|
We accidentally send an empty string and a zero uint32 with
every direct-streamlocal@openssh.com channel open, in contravention of our
own spec.
Fixing this is too hard wrt existing versions that expect these
fields to be present and fatal() if they aren't, so document them
as "reserved" fields in the PROTOCOL spec as though we always
intended this and let us never speak of it again.
bz#2529, reported by Ron Frederick
Upstream-ID: 34cd326a4d236ca6e39084c4ff796bd97ab833e7
|
|
don't record duplicate LocalForward and RemoteForward
entries; fixes failure with ExitOnForwardFailure+hostname canonicalisation
where the same forwards are added on the second pass through the
configuration file. bz#2562; ok dtucker@
Upstream-ID: 40a51d68b6300f1cc61deecdb7d4847b8b7b0de1
|
|
Another use for fcntl() and thus of the superfluous 3rd
parameter is when sanitising standard fd's before calling daemon().
Use a tweaked version of the ssh(1) function in all three places
found using fcntl() this way.
ok jca@ beck@
Upstream-ID: f16811ffa19a1c5f4ef383c5f0fecb843c84e218
|