| Age | Commit message (Collapse) | Author |
|---|
|
fix casts re constness
Upstream-ID: e38f2bac162b37dbaf784d349c8327a6626fa266
|
|
make sure we don't pass a NULL string to vfprintf
(triggered by the principals-command regress test); ok bluhm
Upstream-ID: eb49854f274ab37a0b57056a6af379a0b7111990
|
|
use SO_ZEROIZE for privsep communication (if available)
Upstream-ID: abcbb6d2f8039fc4367a6a78096e5d5c39de4a62
|
|
Switch to recallocarray() for a few operations. Both
growth and shrinkage are handled safely, and there also is no need for
preallocation dances. Future changes in this area will be less error prone.
Review and one bug found by markus
Upstream-ID: 822d664d6a5a1d10eccb23acdd53578a679d5065
|
|
These shutdown() SHUT_RDWR are not needed before close()
ok djm markus claudio
Upstream-ID: 36f13ae4ba10f5618cb9347933101eb4a98dbcb5
|
|
clear session keys from memory; ok djm@
Upstream-ID: ecd178819868975affd5fd6637458b7c712b6a0f
|
|
remove now obsolete ctx from ssh_dispatch_run; ok djm@
Upstream-ID: 9870aabf7f4d71660c31fda91b942b19a8e68d29
|
|
use the ssh_dispatch_run_fatal variant
Upstream-ID: 28c5b364e37c755d1b22652b8cd6735a05c625d8
|
|
another ctx => ssh conversion (in GSSAPI code)
Upstream-ID: 4d6574c3948075c60608d8e045af42fe5b5d8ae0
|
|
git cvsimport missed this commit for some reason
|
|
spell out that custom options/extensions should follow the
usual SSH naming rules, e.g. "extension@example.com"
Upstream-ID: ab326666d2fad40769ec96b5a6de4015ffd97b8d
|
|
one more void *ctx => struct ssh *ssh conversion
Upstream-ID: d299d043471c10214cf52c03daa10f1c232759e2
|
|
fix possible OOB strlen() in SOCKS4A hostname parsing;
ok markus@
Upstream-ID: c67297cbeb0e5a19d81752aa18ec44d31270cd11
|
|
tweak previous;
Upstream-ID: 66987651046c42d142f7318c9695fb81a6d14031
|
|
Add RemoteCommand option to specify a command in the
ssh config file instead of giving it on the client's command line. This
command will be executed on the remote host. The feature allows to automate
tasks using ssh config. OK markus@
Upstream-ID: 5d982fc17adea373a9c68cae1021ce0a0904a5ee
|
|
switch auth2 to ssh_dispatch API; ok djm@
Upstream-ID: a752ca19e2782900dd83060b5c6344008106215f
|
|
switch auth2-none.c to modern APIs; ok djm@
Upstream-ID: 07252b58e064d332214bcabbeae8e08c44b2001b
|
|
switch auth2-passwd.c to modern APIs; ok djm@
Upstream-ID: cba0a8b72b4f97adfb7e3b3fd2f8ba3159981fc7
|
|
switch auth2-hostbased.c to modern APIs; ok djm@
Upstream-ID: 146af25c36daeeb83d5dbbb8ca52b5d25de88f4e
|
|
protocol handlers all get struct ssh passed; ok djm@
Upstream-ID: 0ca9ea2a5d01a6d2ded94c5024456a930c5bfb5d
|
|
ssh: pass struct ssh to auth functions, too; ok djm@
Upstream-ID: d13c509cc782f8f19728fbea47ac7cf36f6e85dd
|
|
sshd: pass struct ssh to auth functions; ok djm@
Upstream-ID: b00a80c3460884ebcdd14ef550154c761aebe488
|
|
remove unused wrapper functions from key.[ch]; ok djm@
Upstream-ID: ea0f4016666a6817fc11f439dd4be06bab69707e
|
|
sshkey_new() might return NULL (pkcs#11 code only); ok
djm@
Upstream-ID: de9f2ad4a42c0b430caaa7d08dea7bac943075dd
|
|
switch sshconnect.c to modern APIs; ok djm@
Upstream-ID: 27be17f84b950d5e139b7a9b281aa487187945ad
|
|
switch auth2-pubkey.c to modern APIs; with & ok djm@
Upstream-ID: 8f08d4316eb1b0c4ffe4a206c05cdd45ed1daf07
|
|
switch from Key typedef with struct sshkey; ok djm@
Upstream-ID: 3067d33e04efbe5131ce8f70668c47a58e5b7a1f
|
|
remove ssh1 references; ok djm@
Upstream-ID: fc23b7578e7b0a8daaec72946d7f5e58ffff5a3d
|
|
revise sshkey_load_public(): remove ssh1 related
comments, remove extra open()/close() on keyfile, prevent leak of 'pub' if
'keyp' is NULL, replace strlcpy+cat with asprintf; ok djm@
Upstream-ID: 6175e47cab5b4794dcd99c1175549a483ec673ca
|
|
sshbuf_consume: reset empty buffer; ok djm@
Upstream-ID: 0d4583ba57f69e369d38bbd7843d85cac37fa821
|
|
remove SSH_CHANNEL_XXX_DRAINING (ssh1 only); ok djm@
Upstream-ID: e2e225b6ac67b84dd024f38819afff2554fafe42
|
|
remove channel_input_close_confirmation (ssh1 only); ok
djm@
Upstream-ID: 8e7c8c38f322d255bb0294a5c0ebef53fdf576f1
|
|
fix references to obsolete v00 cert format; spotted by
Jakub Jelen
Upstream-ID: 7600ce193ab8fd19451acfe24fc2eb39d46b2c4f
|
|
The cross-compiling fallback message says it's assuming the test
passed, but it didn't actually set the cache var which causes
later tests to fail.
|
|
there's no reason to artificially limit the key path
here, just check that it fits PATH_MAX; spotted by Matthew Patton
Upstream-ID: 858addaf2009c9cf04d80164a41b2088edb30b58
|
|
Now that we no longer support SSHv1, replace the contents
of this file with a pointer to
https://tools.ietf.org/html/draft-miller-ssh-agent-00 It's better edited,
doesn't need to document stuff we no longer implement and does document stuff
that we do implement (RSA SHA256/512 signature flags)
Upstream-ID: da8cdc46bbcc266efabd565ddddd0d8e556f846e
|
|
allow LogLevel in sshd_config Match blocks; ok dtucker
bz#2717
Upstream-ID: 662e303be63148f47db1aa78ab81c5c2e732baa8
|
|
remove duplicate check; spotted by Jakub Jelen
Upstream-ID: 30c2996c1767616a8fdc49d4cee088efac69c3b0
|
|
mention that Ed25519 keys are valid as CA keys; spotted
by Jakub Jelen
Upstream-ID: d3f6db58b30418cb1c3058211b893a1ffed3dfd4
|
|
|
|
remove hmac-ripemd160; ok dtucker
Upstream-ID: 896e737ea0bad6e23327d1c127e02d5e9e9c654d
|
|
make requesting bad ECDSA bits yield the same error
(SSH_ERR_KEY_LENGTH) as the same mistake for RSA/DSA
Upstream-ID: bf40d3fee567c271e33f05ef8e4e0fa0b6f0ece6
|
|
fix for new SSH_ERR_KEY_LENGTH error value
Upstream-Regress-ID: c38a6e6174d4c3feca3518df150d4fbae0dca8dc
|
|
helps if I commit the correct version of the file. fix
missing return statement.
Upstream-ID: c86394a3beeb1ec6611e659bfa830254f325546c
|
|
remove arcfour, blowfish and CAST here too
Upstream-Regress-ID: c613b3bcbef75df1fe84ca4dc2d3ef253dc5e920
|
|
I was too aggressive with the scalpel in the last commit;
unbreak sshd, spotted quickly by naddy@
Upstream-ID: fb7e75d2b2c7e6ca57dee00ca645e322dd49adbf
|
|
Refuse RSA keys <1024 bits in length. Improve reporting
for keys that do not meet this requirement. ok markus@
Upstream-ID: b385e2a7b13b1484792ee681daaf79e1e203df6c
|
|
Don't offer CBC ciphers by default in the client. ok
markus@
Upstream-ID: 94c9ce8d0d1a085052e11c7f3307950fdc0901ef
|
|
As promised in last release announcement: remove
support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@
Upstream-ID: 21f8facdba3fd8da248df6417000867cec6ba222
|
|
more simplification and removal of SSHv1-related code;
ok djm@
Upstream-ID: d2f041aa0b79c0ebd98c68a01e5a0bfab2cf3b55
|
