summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-01-30upstream commitdjm@openbsd.org
revise keys/principals command hang fix (bz#2655) to consume entire output, avoiding sending SIGPIPE to subprocesses early; ok dtucker@ Upstream-ID: 7cb04b31a61f8c78c4e48ceededcd2fd5c4ee1bc
2017-01-30upstream commitdjm@openbsd.org
small cleanup post SSHv1 removal: remove SSHv1-isms in commented examples reorder token table to group deprecated and compile-time conditional tokens better fix config dumping code for some compile-time conditional options that weren't being correctly skipped (SSHv1 and PKCS#11) Upstream-ID: f2e96b3cb3158d857c5a91ad2e15925df3060105
2017-01-30upstream commitdjm@openbsd.org
some explicit NULL tests when dumping configured forwardings; from Karsten Weiss Upstream-ID: 40957b8dea69672b0e50df6b4a91a94e3e37f72d
2017-01-30upstream commitdjm@openbsd.org
misplaced braces in test; from Karsten Weiss Upstream-ID: f7b794074d3aae8e35b69a91d211c599c94afaae
2017-01-30upstream commitdjm@openbsd.org
don't dereference authctxt before testing != NULL, it causes compilers to make assumptions; from Karsten Weiss Upstream-ID: 794243aad1e976ebc717885b7a97a25e00c031b2
2017-01-30upstream commitdjm@openbsd.org
use correct ssh-add program; bz#2654, from Colin Watson Upstream-Regress-ID: 7042a36e1bdaec6562f6e57e9d047efe9c7a6030
2017-01-30upstream commitdtucker@openbsd.org
Account for timeouts in the integrity tests as failures. If the first test in a series for a given MAC happens to modify the low bytes of a packet length, then ssh will time out and this will be interpreted as a test failure. Patch from cjwatson at debian.org via bz#2658. Upstream-Regress-ID: e7467613b0badedaa300bc6fc7495ec2f44e2fb9
2017-01-30upstream commitdtucker@openbsd.org
Make forwarding test less racy by using unix domain sockets instead of TCP ports where possible. Patch from cjwatson at debian.org via bz#2659. Upstream-Regress-ID: 4756375aac5916ef9d25452a1c1d5fa9e90299a9
2017-01-30upstream commitdtucker@openbsd.org
Fix typo in ~C error message for bad port forward cancellation. bz#2672, from Brad Marshall via Colin Watson and Ubuntu's bugtracker. Upstream-ID: 0d4a7e5ead6cc59c9a44b4c1e5435ab3aada09af
2017-01-30upstream commitguenther@openbsd.org
The POSIX APIs that that sockaddrs all ignore the s*_len field in the incoming socket, so userspace doesn't need to set it unless it has its own reasons for tracking the size along with the sockaddr. ok phessler@ deraadt@ florian@ Upstream-ID: ca6e49e2f22f2b9e81d6d924b90ecd7e422e7437
2017-01-30upstream commitjmc@openbsd.org
keep the tokens list sorted; Upstream-ID: b96239dae4fb3aa94146bb381afabcc7740a1638
2017-01-30upstream commitdjm@openbsd.org
fix previous Upstream-ID: c107d6a69bc22325d79fbf78a2a62e04bcac6895
2017-01-30upstream commitdjm@openbsd.org
show a useful error message when included config files can't be opened; bz#2653, ok dtucker@ Upstream-ID: f598b73b5dfe497344cec9efc9386b4e5a3cb95b
2017-01-30upstream commitdjm@openbsd.org
sshd_config is documented to set GSSAPIStrictAcceptorCheck=yes by default, so actually make it do this. bz#2637 ok dtucker Upstream-ID: 99ef8ac51f17f0f7aec166cb2e34228d4d72a665
2017-01-30upstream commitdjm@openbsd.org
Avoid confusing error message when attempting to use ssh-keyscan built without SSH protocol v.1 to scan for v.1 keys; bz#2583 Upstream-ID: 5d214abd3a21337d67c6dcc5aa6f313298d0d165
2017-01-30upstream commitdtucker@openbsd.org
Re-add '%k' token for AuthorizedKeysCommand which was lost during the re-org in rev 1.235. bz#2656, from jboning at gmail.com. Upstream-ID: 2884e203c02764d7b3fe7472710d9c24bdc73e38
2017-01-30upstream commitdjm@openbsd.org
unbreak Unix domain socket forwarding for root; ok markus@ Upstream-ID: 6649c76eb7a3fa15409373295ca71badf56920a2
2017-01-16Remove LOGIN_PROGRAM.Darren Tucker
UseLogin is gone, remove leftover. bz#2665, from cjwatson at debian.org
2017-01-04upstream commitdjm@openbsd.org
relax PKCS#11 whitelist a bit to allow libexec as well as lib directories. Upstream-ID: cf5617958e2e2d39f8285fd3bc63b557da484702
2017-01-04upstream commitdjm@openbsd.org
check number of entries in SSH2_FXP_NAME response; avoids unreachable overflow later. Reported by Jann Horn Upstream-ID: b6b2b434a6d6035b1644ca44f24cd8104057420f
2017-01-03upstream commitdjm@openbsd.org
fix deadlock when keys/principals command produces a lot of output and a key is matched early; bz#2655, patch from jboning AT gmail.com Upstream-ID: e19456429bf99087ea994432c16d00a642060afe
2016-12-20Re-add missing "Prerequisites" header and fix typoDarren Tucker
Patch from HARUYAMA Seigo <haruyama at unixuser org>.
2016-12-20upstream commitdjm@openbsd.org
use standard /bin/sh equality test; from Mike Frysinger Upstream-Regress-ID: 7b6f0b63525f399844c8ac211003acb8e4b0bec2
2016-12-19crank version numbers for releaseDamien Miller
2016-12-19upstream commitdjm@openbsd.org
openssh-7.4 Upstream-ID: 1ee404adba6bbe10ae9277cbae3a94abe2867b79
2016-12-19upstream commitdjm@openbsd.org
remove testcase that depends on exact output and behaviour of snprintf(..., "%s", NULL) Upstream-Regress-ID: cab4288531766bd9593cb556613b91a2eeefb56f
2016-12-19upstream commitdtucker@openbsd.org
Use LOGNAME to get current user and fall back to whoami if not set. Mainly to benefit -portable since some platforms don't have whoami. Upstream-Regress-ID: e3a16b7836a3ae24dc8f8a4e43fdf8127a60bdfa
2016-12-17upstream commitdtucker@openbsd.org
Add regression test for AllowUsers and DenyUsers. Patch from Zev Weiss <zev at bewilderbeest.net> Upstream-Regress-ID: 8f1aac24d52728398871dac14ad26ea38b533fb9
2016-12-16Add missing monitor.h include.Darren Tucker
Fixes warning pointed out by Zev Weiss <zev at bewilderbeest.net>
2016-12-16upstream commitdjm@openbsd.org
revert to rev1.2; the new bits in this test depend on changes to ssh that aren't yet committed Upstream-Regress-ID: 828ffc2c7afcf65d50ff2cf3dfc47a073ad39123
2016-12-16upstream commitdtucker@openbsd.org
Move the "stop sshd" code into its own helper function. Patch from Zev Weiss <zev at bewilderbeest.net>, ok djm@ Upstream-Regress-ID: a113dea77df5bd97fb4633ea31f3d72dbe356329
2016-12-16upstream commitdjm@openbsd.org
regression test for certificates along with private key with no public half. bz#2617, mostly from Adam Eijdenberg Upstream-Regress-ID: 2e74dc2c726f4dc839609b3ce045466b69f01115
2016-12-16upstream commitdtucker@openbsd.org
Use $SUDO to read pidfile in case root's umask is restricted. From portable. Upstream-Regress-ID: f6b1c7ffbc5a0dfb7d430adb2883344899174a98
2016-12-16upstream commitdtucker@openbsd.org
Add missing braces in DenyUsers code. Patch from zev at bewilderbeest.net, ok deraadt@ Upstream-ID: d747ace338dcf943b077925f90f85f789714b54e
2016-12-16upstream commitdtucker@openbsd.org
Fix text in error message. Patch from zev at bewilderbeest.net. Upstream-ID: deb0486e175e7282f98f9a15035d76c55c84f7f6
2016-12-14upstream commitdjm@openbsd.org
disable Unix-domain socket forwarding when privsep is disabled Upstream-ID: ab61516ae0faadad407857808517efa900a0d6d0
2016-12-14upstream commitdjm@openbsd.org
log connections dropped in excess of MaxStartups at verbose LogLevel; bz#2613 based on diff from Tomas Kuthan; ok dtucker@ Upstream-ID: 703ae690dbf9b56620a6018f8a3b2389ce76d92b
2016-12-13Get default of TEST_SSH_UTF8 from environment.Darren Tucker
2016-12-13Remove commented-out includes.Darren Tucker
These commented-out includes have "Still needed?" comments. Since they've been commented out for ~13 years I assert that they're not.
2016-12-13Add prototype for strcasestr in compat library.Darren Tucker
2016-12-13Add strcasestr to compat library.Darren Tucker
Fixes build on (at least) Solaris 10.
2016-12-12Force Turkish locales back to C/POSIX; bz#2643Damien Miller
Turkish locales are unique in their handling of the letters 'i' and 'I' (yes, they are different letters) and OpenSSH isn't remotely prepared to deal with that. For now, the best we can do is to force OpenSSH to use the C/POSIX locale and try to preserve the UTF-8 encoding if possible. ok dtucker@
2016-12-09exit is in stdlib.h not unistd.h (that's _exit).Darren Tucker
2016-12-09Include <unistd.h> for exit in utf8 locale test.Darren Tucker
2016-12-08Check for utf8 local support before testing it.Darren Tucker
Check for utf8 local support and if not found, do not attempt to run the utf8 tests. Suggested by djm@
2016-12-08Use AC_PATH_TOOL for krb5-config.Darren Tucker
This will use the host-prefixed version when cross compiling; patch from david.michael at coreos.com.
2016-12-06upstream commitdjm@openbsd.org
make IdentityFile successfully load and use certificates that have no corresponding bare public key. E.g. just a private id_rsa and certificate id_rsa-cert.pub (and no id_rsa.pub). bz#2617 ok dtucker@ Upstream-ID: c1e9699b8c0e3b63cc4189e6972e3522b6292604
2016-12-06Add a gnome-ssh-askpass3 target for GTK+3 versionDamien Miller
Based on patch from Colin Watson via bz#2640
2016-12-06Make gnome-ssh-askpass2.c GTK+3-friendlyDamien Miller
Patch from Colin Watson via bz#2640
2016-12-05upstream commitdjm@openbsd.org
Fix public key authentication when multiple authentication is in use. Instead of deleting and re-preparing the entire keys list, just reset the 'used' flags; the keys list is already in a good order (with already- tried keys at the back) Analysis and patch from Vincent Brillault on bz#2642; ok dtucker@ Upstream-ID: 7123f12dc2f3bcaae715853035a97923d7300176