summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-11-09upstream commitjmc@openbsd.org
"commandline" -> "command line", since there are so few examples of the former in the pages, so many of the latter, and in some of these pages we had multiple spellings; prompted by tj Upstream-ID: 78459d59bff74223f8139d9001ccd56fc4310659
2015-10-29(re)wrap SYS_sendsyslog in ifdef.Darren Tucker
Replace ifdef that went missing in commit c61b42f2678f21f05653ac2d3d241b48ab5d59ac. Fixes build on older OpenBSDs.
2015-10-29upstream commitdjm@openbsd.org
regress test for "PubkeyAcceptedKeyTypes +..." inside a Match block Upstream-Regress-ID: 246c37ed64a2e5704d4c158ccdca1ff700e10647
2015-10-29upstream commitdtucker@openbsd.org
Fix typo certopt->certopts in shell variable. This would cause the test to hang at a host key prompt if you have an A or CNAME for "proxy" in your local domain. Upstream-Regress-ID: 6ea03bcd39443a83c89e2c5606392ceb9585836a
2015-10-29upstream commitdjm@openbsd.org
Fix "PubkeyAcceptedKeyTypes +..." inside a Match block; ok dtucker@ Upstream-ID: 853662c4036730b966aab77684390c47b9738c69
2015-10-29upstream commitdjm@openbsd.org
fix execv arguments in a way less likely to cause grief for -portable; ok dtucker@ Upstream-ID: 5902bf0ea0371f39f1300698dc3b8e4105fc0fc5
2015-10-29upstream commitdjm@openbsd.org
log certificate serial in verbose() messages to match the main auth success/fail message; ok dtucker@ Upstream-ID: dfc48b417c320b97c36ff351d303c142f2186288
2015-10-29upstream commitdjm@openbsd.org
avoid de-const warning & shrink; ok dtucker@ Upstream-ID: 69a85ef94832378952a22c172009cbf52aaa11db
2015-10-29upstream commitdtucker@openbsd.org
Expand tildes in filenames passed to -i before checking whether or not the identity file exists. This means that if the shell doesn't do the expansion (eg because the option and filename were given as a single argument) then we'll still add the key. bz#2481, ok markus@ Upstream-ID: db1757178a14ac519e9a3e1a2dbd21113cb3bfc6
2015-10-29upstream commitdtucker@openbsd.org
Do not prepend "exec" to the shell command run by "Match exec" in a config file. It's an unnecessary optimization from repurposed ProxyCommand code and prevents some things working with some shells. bz#2471, pointed out by res at qoxp.net. ok markus@ Upstream-ID: a1ead25ae336bfa15fb58d8c6b5589f85b4c33a3
2015-10-29Prevent name collisions with system glob (bz#2463)Darren Tucker
Move glob.h from includes.h to the only caller (sftp) and override the names for the symbols. This prevents name collisions with the system glob in the case where something other than ssh uses it (eg kerberos). With jjelen at redhat.com, ok djm@
2015-10-25upstream commitdtucker@openbsd.org
Update expected group sizes to match recent code changes. Upstream-Regress-ID: 0004f0ea93428969fe75bcfff0d521c553977794
2015-10-25upstream commitdjm@openbsd.org
fix keyscan output for multiple hosts/addrs on one line when host hashing or a non standard port is in use; bz#2479 ok dtucker@ Upstream-ID: 5321dabfaeceba343da3c8a8b5754c6f4a0a307b
2015-10-25upstream commitdjm@openbsd.org
skip "Could not chdir to home directory" message when chrooted patch from Christian Hesse in bz#2485 ok dtucker@ Upstream-ID: 86783c1953da426dff5b03b03ce46e699d9e5431
2015-10-25upstream commitsthen@openbsd.org
Handle the split of tun(4) "link0" into tap(4) in ssh tun-forwarding. Adapted from portable (using separate devices for this is the normal case in most OS). ok djm@ Upstream-ID: 90facf4c59ce73d6741db1bc926e578ef465cd39
2015-10-25upstream commitgsoares@openbsd.org
fix memory leak in error path ok djm@ Upstream-ID: dd2f402b0a0029b755df029fc7f0679e1365ce35
2015-10-25upstream commitmmcc@openbsd.org
Compare pointers to NULL rather than 0. ok djm@ Upstream-ID: 21616cfea27eda65a06e772cc887530b9a1a27f8
2015-10-25upstream commitmmcc@openbsd.org
Replace a function-local allocation with stack memory. ok djm@ Upstream-ID: c09fbbab637053a2ab9f33ca142b4e20a4c5a17e
2015-10-22turn off PrintLastLog when --disable-lastlogDamien Miller
bz#2278 from Brent Paulson
2015-10-17upstream commitdjm@openbsd.org
increase the minimum modulus that we will send or accept in diffie-hellman-group-exchange to 2048 bits; ok markus@ Upstream-ID: 06dce7a24c17b999a0f5fadfe95de1ed6a1a9b6a
2015-10-17upstream commitdjm@openbsd.org
better handle anchored FQDNs (e.g. 'cvs.openbsd.org.') in hostname canonicalisation - treat them as already canonical and remove the trailing '.' before matching ssh_config; ok markus@ Upstream-ID: f7619652e074ac3febe8363f19622aa4853b679a
2015-10-17upstream commitmmcc@openbsd.org
0 -> NULL when comparing with a char*. ok dtucker@, djm@. Upstream-ID: a928e9c21c0a9020727d99738ff64027c1272300
2015-10-16upstream commitdjm@openbsd.org
fix some signed/unsigned integer type mismatches in format strings; reported by Nicholas Lemonias Upstream-ID: 78cd55420a0eef68c4095bdfddd1af84afe5f95c
2015-10-16upstream commitdjm@openbsd.org
argument to sshkey_from_private() and sshkey_demote() can't be NULL Upstream-ID: 0111245b1641d387977a9b38da15916820a5fd1f
2015-10-16need va_copy before va_startDamien Miller
reported by Nicholas Lemonias
2015-10-15fix compilation on systems without SYMLOOP_MAXDamien Miller
2015-10-14s/SANDBOX_TAME/SANDBOX_PLEDGE/gDamien Miller
2015-10-14upstream commitDamien Miller
revision 1.20 date: 2015/10/13 20:55:37; author: millert; state: Exp; lines: +2 -2; commitid: X39sl5ay1czgFIgp; In rev 1.15 the sizeof argument was fixed in a strlcat() call but the truncation check immediately following it was not updated to match. Not an issue in practice since the buffers are the same size. OK deraadt@
2015-10-14upstream commitDamien Miller
revision 1.19 date: 2015/01/16 16:48:51; author: deraadt; state: Exp; lines: +3 -3; commitid: 0DYulI8hhujBHMcR; Move to the <limits.h> universe. review by millert, binary checking process with doug, concept with guenther
2015-10-14upstream commitDamien Miller
revision 1.18 date: 2014/10/19 03:56:28; author: doug; state: Exp; lines: +9 -9; commitid: U6QxmtbXrGoc02S5; Revert last commit due to changed semantics found by make release.
2015-10-14upstream commitDamien Miller
revision 1.17 date: 2014/10/18 20:43:52; author: doug; state: Exp; lines: +10 -10; commitid: I74hI1tVZtsspKEt; Better POSIX compliance in realpath(3). millert@ made changes to realpath.c based on FreeBSD's version. I merged Todd's changes into dl_realpath.c. ok millert@, guenther@
2015-10-14upstream commitDamien Miller
revision 1.16 date: 2013/04/05 12:59:54; author: kurt; state: Exp; lines: +3 -1; - Add comments regarding copies of these files also in libexec/ld.so okay guenther@
2015-10-14upstream commitDamien Miller
revision 1.15 date: 2012/09/13 15:39:05; author: deraadt; state: Exp; lines: +2 -2; specify the bounds of the dst to strlcat (both values were static and equal, but it is more correct) from Michal Mazurek
2015-10-14upstream commitDamien Miller
revision 1.14 date: 2011/07/24 21:03:00; author: miod; state: Exp; lines: +35 -13; Recent Single Unix will malloc memory if the second argument of realpath() is NULL, and third-party software is starting to rely upon this. Adapted from FreeBSD via Jona Joachim (jaj ; hcl-club , .lu), with minor tweaks from nicm@ and yours truly.
2015-10-14upstream commitdjm@openbsd.org
apply PubkeyAcceptedKeyTypes filtering earlier, so all skipped keys are noted before pubkey authentication starts. ok dtucker@ Upstream-ID: ba4f52f54268a421a2a5f98bb375403f4cb044b8
2015-10-14upstream commitdjm@openbsd.org
free the correct IV length, don't assume it's always the cipher blocksize; ok dtucker@ Upstream-ID: c260d9e5ec73628d9ff4b067fbb060eff5a7d298
2015-10-14upstream commitderaadt@openbsd.org
Change all tame callers to namechange to pledge(2). Upstream-ID: 17e654fc27ceaf523c60f4ffd9ec7ae4e7efc7f2
2015-10-08hook tame(2) sandbox up to buildDamien Miller
OpenBSD only for now
2015-10-08upstream commitdjm@openbsd.org
include PubkeyAcceptedKeyTypes in ssh -G config dump Upstream-ID: 6c097ce6ffebf6fe393fb7988b5d152a5d6b36bb
2015-10-08upstream commitsobrado@openbsd.org
UsePrivilegeSeparation defaults to sandbox now. ok djm@ Upstream-ID: bff136c38bcae89df82e044d2f42de21e1ad914f
2015-10-08upstream commitdjm@openbsd.org
don't try to change tun device flags if they are already what we need; makes it possible to use tun/tap networking as non- root user if device permissions and interface flags are pre-established; based on patch by Ossi Herrala Upstream-ID: 89099ac4634cd477b066865acf54cb230780fd21
2015-10-05unbreak merge botchDamien Miller
2015-10-06upstream commitdjm@openbsd.org
adapt to recent sshkey_parse_private_fileblob() API change Upstream-Regress-ID: 5c0d818da511e33e0abf6a92a31bd7163b7ad988
2015-10-06upstream commitdjm@openbsd.org
fix command-line option to match what was actually committed Upstream-Regress-ID: 3e8c24a2044e8afd37e7ce17b69002ca817ac699
2015-10-06upstream commitdjm@openbsd.org
regress test for CertificateFile; patch from Meghana Bhat via bz#2436 Upstream-Regress-ID: e7a6e980cbe0f8081ba2e83de40d06c17be8bd25
2015-10-06upstream commitdjm@openbsd.org
some more bzero->explicit_bzero, from Michael McConville Upstream-ID: 17f19545685c33327db2efdc357c1c9225ff00d0
2015-10-06upstream commitderaadt@openbsd.org
fix email Upstream-ID: 72150f2d54b94de14ebef1ea054ef974281bf834
2015-10-06upstream commitderaadt@openbsd.org
a sandbox using tame ok djm Upstream-ID: 4ca24e47895e72f5daaa02f3e3d3e5ca2d820fa3
2015-10-06upstream commitderaadt@openbsd.org
re-order system calls in order of risk, ok i'll be honest, ordered this way they look like tame... ok djm Upstream-ID: 42a1e6d251fd8be13c8262bee026059ae6328813
2015-10-06upstream commitjmc@openbsd.org
some certificatefile tweaks; ok djm Upstream-ID: 0e5a7852c28c05fc193419cc7e50e64c1c535af0