| Age | Commit message (Collapse) | Author |
|---|
|
allow form-feed characters at EOL; bz#2431 ok dtucker@
Upstream-ID: 1f453afaba6da2ae69d6afdf1ae79a917552f1a2
|
|
Should fix bz#2603 - "Build with ldns and without kerberos support
fails if ldns compiled with kerberos support" by including correct
cflags/libs
ok dtucker@
|
|
Make ssh_packet_set_rekey_limits take u32 for the number of
seconds until rekeying (negative values are rejected at config parse time).
This allows the removal of some casts and a signed vs unsigned comparison
warning.
rekey_time is cast to int64 for the comparison which is a no-op
on OpenBSD, but should also do the right thing in -portable on
anything still using 32bit time_t (until the system time actually
wraps, anyway).
some early guidance deraadt@, ok djm@
Upstream-ID: c9f18613afb994a07e7622eb326f49de3d123b6c
|
|
In vasnmprintf() return an error if malloc fails and
don't set a function argument to the address of free'd memory.
ok djm@
Upstream-ID: 1efffffff2f51d53c9141f245b90ac23d33b9779
|
|
Return true reason for port forwarding failures where
feasible rather than always "administratively prohibited". bz#2674, ok djm@
Upstream-ID: d901d9887951774e604ca970e1827afaaef9e419
|
|
Small correction to the known_hosts section on when it is
updated. Patch from lkppo at free.fr some time ago, pointed out by smallm at
sdf.org
Upstream-ID: 1834d7af179dea1a12ad2137f84566664af225d5
|
|
Having _XOPEN_SOURCE unconditionally causes problems on some platforms
and configurations, notably Solaris 64-bit binaries. It was there for
the benefit of Linux put the required bits in the *-*linux* section.
Patch from yvoinov at gmail.com.
|
|
fully unbreak: some $SSH invocations did not have -F
specified and could pick up the ~/.ssh/config of the user running the tests
Upstream-Regress-ID: f362d1892c0d3e66212d5d3fc02d915c58ef6b89
|
|
partially unbreak: was not specifying hostname on some
$SSH invocations
Upstream-Regress-ID: bc8a5e98e57bad0a92ef4f34ed91c1d18294e2cc
|
|
revise keys/principals command hang fix (bz#2655) to
consume entire output, avoiding sending SIGPIPE to subprocesses early; ok
dtucker@
Upstream-ID: 7cb04b31a61f8c78c4e48ceededcd2fd5c4ee1bc
|
|
small cleanup post SSHv1 removal:
remove SSHv1-isms in commented examples
reorder token table to group deprecated and compile-time conditional tokens
better
fix config dumping code for some compile-time conditional options that
weren't being correctly skipped (SSHv1 and PKCS#11)
Upstream-ID: f2e96b3cb3158d857c5a91ad2e15925df3060105
|
|
some explicit NULL tests when dumping configured
forwardings; from Karsten Weiss
Upstream-ID: 40957b8dea69672b0e50df6b4a91a94e3e37f72d
|
|
misplaced braces in test; from Karsten Weiss
Upstream-ID: f7b794074d3aae8e35b69a91d211c599c94afaae
|
|
don't dereference authctxt before testing != NULL, it
causes compilers to make assumptions; from Karsten Weiss
Upstream-ID: 794243aad1e976ebc717885b7a97a25e00c031b2
|
|
use correct ssh-add program; bz#2654, from Colin Watson
Upstream-Regress-ID: 7042a36e1bdaec6562f6e57e9d047efe9c7a6030
|
|
Account for timeouts in the integrity tests as failures.
If the first test in a series for a given MAC happens to modify the low
bytes of a packet length, then ssh will time out and this will be
interpreted as a test failure. Patch from cjwatson at debian.org via
bz#2658.
Upstream-Regress-ID: e7467613b0badedaa300bc6fc7495ec2f44e2fb9
|
|
Make forwarding test less racy by using unix domain
sockets instead of TCP ports where possible. Patch from cjwatson at
debian.org via bz#2659.
Upstream-Regress-ID: 4756375aac5916ef9d25452a1c1d5fa9e90299a9
|
|
Fix typo in ~C error message for bad port forward
cancellation. bz#2672, from Brad Marshall via Colin Watson and Ubuntu's
bugtracker.
Upstream-ID: 0d4a7e5ead6cc59c9a44b4c1e5435ab3aada09af
|
|
The POSIX APIs that that sockaddrs all ignore the s*_len
field in the incoming socket, so userspace doesn't need to set it unless it
has its own reasons for tracking the size along with the sockaddr.
ok phessler@ deraadt@ florian@
Upstream-ID: ca6e49e2f22f2b9e81d6d924b90ecd7e422e7437
|
|
keep the tokens list sorted;
Upstream-ID: b96239dae4fb3aa94146bb381afabcc7740a1638
|
|
fix previous
Upstream-ID: c107d6a69bc22325d79fbf78a2a62e04bcac6895
|
|
show a useful error message when included config files
can't be opened; bz#2653, ok dtucker@
Upstream-ID: f598b73b5dfe497344cec9efc9386b4e5a3cb95b
|
|
sshd_config is documented to set
GSSAPIStrictAcceptorCheck=yes by default, so actually make it do this.
bz#2637 ok dtucker
Upstream-ID: 99ef8ac51f17f0f7aec166cb2e34228d4d72a665
|
|
Avoid confusing error message when attempting to use
ssh-keyscan built without SSH protocol v.1 to scan for v.1 keys; bz#2583
Upstream-ID: 5d214abd3a21337d67c6dcc5aa6f313298d0d165
|
|
Re-add '%k' token for AuthorizedKeysCommand which was
lost during the re-org in rev 1.235. bz#2656, from jboning at gmail.com.
Upstream-ID: 2884e203c02764d7b3fe7472710d9c24bdc73e38
|
|
unbreak Unix domain socket forwarding for root; ok
markus@
Upstream-ID: 6649c76eb7a3fa15409373295ca71badf56920a2
|
|
UseLogin is gone, remove leftover. bz#2665, from cjwatson at debian.org
|
|
relax PKCS#11 whitelist a bit to allow libexec as well as
lib directories.
Upstream-ID: cf5617958e2e2d39f8285fd3bc63b557da484702
|
|
check number of entries in SSH2_FXP_NAME response; avoids
unreachable overflow later. Reported by Jann Horn
Upstream-ID: b6b2b434a6d6035b1644ca44f24cd8104057420f
|
|
fix deadlock when keys/principals command produces a lot of
output and a key is matched early; bz#2655, patch from jboning AT gmail.com
Upstream-ID: e19456429bf99087ea994432c16d00a642060afe
|
|
Patch from HARUYAMA Seigo <haruyama at unixuser org>.
|
|
|
|
use standard /bin/sh equality test; from Mike Frysinger
Upstream-Regress-ID: 7b6f0b63525f399844c8ac211003acb8e4b0bec2
|
|
|
|
openssh-7.4
Upstream-ID: 1ee404adba6bbe10ae9277cbae3a94abe2867b79
|
|
remove testcase that depends on exact output and
behaviour of snprintf(..., "%s", NULL)
Upstream-Regress-ID: cab4288531766bd9593cb556613b91a2eeefb56f
|
|
Use LOGNAME to get current user and fall back to whoami if
not set. Mainly to benefit -portable since some platforms don't have whoami.
Upstream-Regress-ID: e3a16b7836a3ae24dc8f8a4e43fdf8127a60bdfa
|
|
Add regression test for AllowUsers and DenyUsers. Patch from
Zev Weiss <zev at bewilderbeest.net>
Upstream-Regress-ID: 8f1aac24d52728398871dac14ad26ea38b533fb9
|
|
Fixes warning pointed out by Zev Weiss <zev at bewilderbeest.net>
|
|
revert to rev1.2; the new bits in this test depend on changes
to ssh that aren't yet committed
Upstream-Regress-ID: 828ffc2c7afcf65d50ff2cf3dfc47a073ad39123
|
|
Move the "stop sshd" code into its own helper function.
Patch from Zev Weiss <zev at bewilderbeest.net>, ok djm@
Upstream-Regress-ID: a113dea77df5bd97fb4633ea31f3d72dbe356329
|
|
regression test for certificates along with private key
with no public half. bz#2617, mostly from Adam Eijdenberg
Upstream-Regress-ID: 2e74dc2c726f4dc839609b3ce045466b69f01115
|
|
Use $SUDO to read pidfile in case root's umask is
restricted. From portable.
Upstream-Regress-ID: f6b1c7ffbc5a0dfb7d430adb2883344899174a98
|
|
Add missing braces in DenyUsers code. Patch from zev at
bewilderbeest.net, ok deraadt@
Upstream-ID: d747ace338dcf943b077925f90f85f789714b54e
|
|
Fix text in error message. Patch from zev at
bewilderbeest.net.
Upstream-ID: deb0486e175e7282f98f9a15035d76c55c84f7f6
|
|
disable Unix-domain socket forwarding when privsep is
disabled
Upstream-ID: ab61516ae0faadad407857808517efa900a0d6d0
|
|
log connections dropped in excess of MaxStartups at
verbose LogLevel; bz#2613 based on diff from Tomas Kuthan; ok dtucker@
Upstream-ID: 703ae690dbf9b56620a6018f8a3b2389ce76d92b
|
|
|
|
These commented-out includes have "Still needed?" comments. Since
they've been commented out for ~13 years I assert that they're not.
|
|
|
