| Age | Commit message (Collapse) | Author |
|---|
|
regress test for "PubkeyAcceptedKeyTypes +..." inside a
Match block
Upstream-Regress-ID: 246c37ed64a2e5704d4c158ccdca1ff700e10647
|
|
Fix typo certopt->certopts in shell variable. This would
cause the test to hang at a host key prompt if you have an A or CNAME for
"proxy" in your local domain.
Upstream-Regress-ID: 6ea03bcd39443a83c89e2c5606392ceb9585836a
|
|
Fix "PubkeyAcceptedKeyTypes +..." inside a Match block;
ok dtucker@
Upstream-ID: 853662c4036730b966aab77684390c47b9738c69
|
|
fix execv arguments in a way less likely to cause grief
for -portable; ok dtucker@
Upstream-ID: 5902bf0ea0371f39f1300698dc3b8e4105fc0fc5
|
|
log certificate serial in verbose() messages to match the
main auth success/fail message; ok dtucker@
Upstream-ID: dfc48b417c320b97c36ff351d303c142f2186288
|
|
avoid de-const warning & shrink; ok dtucker@
Upstream-ID: 69a85ef94832378952a22c172009cbf52aaa11db
|
|
Expand tildes in filenames passed to -i before checking
whether or not the identity file exists. This means that if the shell
doesn't do the expansion (eg because the option and filename were given as a
single argument) then we'll still add the key. bz#2481, ok markus@
Upstream-ID: db1757178a14ac519e9a3e1a2dbd21113cb3bfc6
|
|
Do not prepend "exec" to the shell command run by "Match
exec" in a config file. It's an unnecessary optimization from repurposed
ProxyCommand code and prevents some things working with some shells.
bz#2471, pointed out by res at qoxp.net. ok markus@
Upstream-ID: a1ead25ae336bfa15fb58d8c6b5589f85b4c33a3
|
|
Move glob.h from includes.h to the only caller (sftp) and override the
names for the symbols. This prevents name collisions with the system glob
in the case where something other than ssh uses it (eg kerberos). With
jjelen at redhat.com, ok djm@
|
|
Update expected group sizes to match recent code changes.
Upstream-Regress-ID: 0004f0ea93428969fe75bcfff0d521c553977794
|
|
fix keyscan output for multiple hosts/addrs on one line
when host hashing or a non standard port is in use; bz#2479 ok dtucker@
Upstream-ID: 5321dabfaeceba343da3c8a8b5754c6f4a0a307b
|
|
skip "Could not chdir to home directory" message when
chrooted
patch from Christian Hesse in bz#2485 ok dtucker@
Upstream-ID: 86783c1953da426dff5b03b03ce46e699d9e5431
|
|
Handle the split of tun(4) "link0" into tap(4) in ssh
tun-forwarding. Adapted from portable (using separate devices for this is the
normal case in most OS). ok djm@
Upstream-ID: 90facf4c59ce73d6741db1bc926e578ef465cd39
|
|
fix memory leak in error path ok djm@
Upstream-ID: dd2f402b0a0029b755df029fc7f0679e1365ce35
|
|
Compare pointers to NULL rather than 0.
ok djm@
Upstream-ID: 21616cfea27eda65a06e772cc887530b9a1a27f8
|
|
Replace a function-local allocation with stack memory.
ok djm@
Upstream-ID: c09fbbab637053a2ab9f33ca142b4e20a4c5a17e
|
|
bz#2278 from Brent Paulson
|
|
increase the minimum modulus that we will send or accept in
diffie-hellman-group-exchange to 2048 bits; ok markus@
Upstream-ID: 06dce7a24c17b999a0f5fadfe95de1ed6a1a9b6a
|
|
better handle anchored FQDNs (e.g. 'cvs.openbsd.org.') in
hostname canonicalisation - treat them as already canonical and remove the
trailing '.' before matching ssh_config; ok markus@
Upstream-ID: f7619652e074ac3febe8363f19622aa4853b679a
|
|
0 -> NULL when comparing with a char*.
ok dtucker@, djm@.
Upstream-ID: a928e9c21c0a9020727d99738ff64027c1272300
|
|
fix some signed/unsigned integer type mismatches in
format strings; reported by Nicholas Lemonias
Upstream-ID: 78cd55420a0eef68c4095bdfddd1af84afe5f95c
|
|
argument to sshkey_from_private() and sshkey_demote()
can't be NULL
Upstream-ID: 0111245b1641d387977a9b38da15916820a5fd1f
|
|
reported by Nicholas Lemonias
|
|
|
|
|
|
revision 1.20
date: 2015/10/13 20:55:37; author: millert; state: Exp; lines: +2 -2; commitid: X39sl5ay1czgFIgp;
In rev 1.15 the sizeof argument was fixed in a strlcat() call but
the truncation check immediately following it was not updated to
match. Not an issue in practice since the buffers are the same
size. OK deraadt@
|
|
revision 1.19
date: 2015/01/16 16:48:51; author: deraadt; state: Exp; lines: +3 -3; commitid: 0DYulI8hhujBHMcR;
Move to the <limits.h> universe.
review by millert, binary checking process with doug, concept with guenther
|
|
revision 1.18
date: 2014/10/19 03:56:28; author: doug; state: Exp; lines: +9 -9; commitid: U6QxmtbXrGoc02S5;
Revert last commit due to changed semantics found by make release.
|
|
revision 1.17
date: 2014/10/18 20:43:52; author: doug; state: Exp; lines: +10 -10; commitid: I74hI1tVZtsspKEt;
Better POSIX compliance in realpath(3).
millert@ made changes to realpath.c based on FreeBSD's version. I merged
Todd's changes into dl_realpath.c.
ok millert@, guenther@
|
|
revision 1.16
date: 2013/04/05 12:59:54; author: kurt; state: Exp; lines: +3 -1;
- Add comments regarding copies of these files also in libexec/ld.so
okay guenther@
|
|
revision 1.15
date: 2012/09/13 15:39:05; author: deraadt; state: Exp; lines: +2 -2;
specify the bounds of the dst to strlcat (both values were static and
equal, but it is more correct)
from Michal Mazurek
|
|
revision 1.14
date: 2011/07/24 21:03:00; author: miod; state: Exp; lines: +35 -13;
Recent Single Unix will malloc memory if the second argument of realpath()
is NULL, and third-party software is starting to rely upon this.
Adapted from FreeBSD via Jona Joachim (jaj ; hcl-club , .lu), with minor
tweaks from nicm@ and yours truly.
|
|
apply PubkeyAcceptedKeyTypes filtering earlier, so all
skipped keys are noted before pubkey authentication starts. ok dtucker@
Upstream-ID: ba4f52f54268a421a2a5f98bb375403f4cb044b8
|
|
free the correct IV length, don't assume it's always the
cipher blocksize; ok dtucker@
Upstream-ID: c260d9e5ec73628d9ff4b067fbb060eff5a7d298
|
|
Change all tame callers to namechange to pledge(2).
Upstream-ID: 17e654fc27ceaf523c60f4ffd9ec7ae4e7efc7f2
|
|
OpenBSD only for now
|
|
include PubkeyAcceptedKeyTypes in ssh -G config dump
Upstream-ID: 6c097ce6ffebf6fe393fb7988b5d152a5d6b36bb
|
|
UsePrivilegeSeparation defaults to sandbox now.
ok djm@
Upstream-ID: bff136c38bcae89df82e044d2f42de21e1ad914f
|
|
don't try to change tun device flags if they are already
what we need; makes it possible to use tun/tap networking as non- root user
if device permissions and interface flags are pre-established; based on patch
by Ossi Herrala
Upstream-ID: 89099ac4634cd477b066865acf54cb230780fd21
|
|
|
|
adapt to recent sshkey_parse_private_fileblob() API
change
Upstream-Regress-ID: 5c0d818da511e33e0abf6a92a31bd7163b7ad988
|
|
fix command-line option to match what was actually
committed
Upstream-Regress-ID: 3e8c24a2044e8afd37e7ce17b69002ca817ac699
|
|
regress test for CertificateFile; patch from Meghana Bhat
via bz#2436
Upstream-Regress-ID: e7a6e980cbe0f8081ba2e83de40d06c17be8bd25
|
|
some more bzero->explicit_bzero, from Michael McConville
Upstream-ID: 17f19545685c33327db2efdc357c1c9225ff00d0
|
|
fix email
Upstream-ID: 72150f2d54b94de14ebef1ea054ef974281bf834
|
|
a sandbox using tame ok djm
Upstream-ID: 4ca24e47895e72f5daaa02f3e3d3e5ca2d820fa3
|
|
re-order system calls in order of risk, ok i'll be
honest, ordered this way they look like tame... ok djm
Upstream-ID: 42a1e6d251fd8be13c8262bee026059ae6328813
|
|
some certificatefile tweaks; ok djm
Upstream-ID: 0e5a7852c28c05fc193419cc7e50e64c1c535af0
|
|
add ssh_config CertificateFile option to explicitly list
a certificate; patch from Meghana Bhat on bz#2436; ok markus@
Upstream-ID: 58648ec53c510b41c1f46d8fe293aadc87229ab8
|
|
fix two typos.
Upstream-ID: 424402c0d8863a11b51749bacd7f8d932083b709
|
