RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2025-01-03 16:22:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,811 Commits 69 Branches 157 Tags 27 MiB
2ea974630d
Commit Graph

7811 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
djm@openbsd.org
2ea974630d upstream commit 
add ssh-agent -D to leave ssh-agent in foreground
 without enabling debug mode; bz#2381 ok dtucker@
 2015-04-29 18:15:38 +10:00
deraadt@openbsd.org
8ac2ffd7aa upstream commit 
2*len -> use xreallocarray() ok djm
 2015-04-29 18:15:24 +10:00
deraadt@openbsd.org
657a5fbc0d upstream commit 
rename xrealloc() to xreallocarray() since it follows
 that form. ok djm
 2015-04-29 18:15:23 +10:00
dtucker@openbsd.org
1108ae242f upstream commit 
Two small fixes for sshd -T: ListenAddress'es are added
 to a list head so reverse the order when printing them to ensure the
 behaviour remains the same, and print StreamLocalBindMask as octal with
 leading zero.  ok deraadt@
 2015-04-29 18:14:36 +10:00
dtucker@openbsd.org
bd902b8473 upstream commit 
Check for and reject missing arguments for
 VersionAddendum and ForceCommand. bz#2281, patch from plautrba at redhat com,
 ok djm@
 2015-04-29 18:14:23 +10:00
djm@openbsd.org
ca42c17585 upstream commit 
unknown certificate extensions are non-fatal, so don't
 fatal when they are encountered; bz#2387 reported by Bob Van Zant; ok
 dtucker@
 2015-04-29 18:14:22 +10:00
jsg@openbsd.org
39bfbf7caa upstream commit 
Add back a backslash removed in rev 1.42 so
 KEX_SERVER_ENCRYPT will include aes again.

ok deraadt@
 2015-04-29 18:14:21 +10:00
djm@openbsd.org
6b0d576bb8 upstream commit 
s/recommended/required/ that private keys be og-r this
 wording change was made a while ago but got accidentally reverted
 2015-04-29 18:14:21 +10:00
djm@openbsd.org
44a8e7ce6f upstream commit 
don't try to cleanup NULL KEX proposals in
 kex_prop_free(); found by Jukka Taimisto and Markus Hietava
 2015-04-29 18:14:20 +10:00
djm@openbsd.org
3038a19187 upstream commit 
use error/logit/fatal instead of fprintf(stderr, ...)
 and exit(0), fix a few errors that were being printed to stdout instead of
 stderr and a few non-errors that were going to stderr instead of stdout
 bz#2325; ok dtucker
 2015-04-29 18:14:20 +10:00
djm@openbsd.org
a58be33cb6 upstream commit 
debug log missing DISPLAY environment when X11
 forwarding requested; bz#1682 ok dtucker@
 2015-04-29 18:13:35 +10:00
djm@openbsd.org
17d4d9d9fb upstream commit 
don't call record_login() in monitor when UseLogin is
 enabled; bz#278 reported by drk AT sgi.com; ok dtucker
 2015-04-29 18:13:34 +10:00
dtucker@openbsd.org
40132ff87b upstream commit 
Add some missing options to sshd -T and fix the output
 of VersionAddendum HostCertificate.  bz#2346, patch from jjelen at redhat
 com, ok djm.
 2015-04-29 18:13:34 +10:00
dtucker@openbsd.org
6cc7cfa936 upstream commit 
Document "none" for PidFile XAuthLocation
 TrustedUserCAKeys and RevokedKeys. bz#2382, feedback from jmc@, ok djm@
 2015-04-29 18:13:34 +10:00
dtucker@openbsd.org
15fdfc9b1c upstream commit 
Plug leak of address passed to logging.  bz#2373, patch
 from jjelen at redhat, ok markus@
 2015-04-29 18:13:33 +10:00
dtucker@openbsd.org
bb2289e2a4 upstream commit 
Output remote username in debug output since with Host
 and Match it's not always obvious what it will be.  bz#2368, ok djm@
 2015-04-29 18:13:07 +10:00
Darren Tucker
70860b6d07 Format UsePAM setting when using sshd -T. 
Part of bz#2346, patch from jjelen at redhat com.
 2015-04-17 10:56:13 +10:00
Darren Tucker
ee15d9c9f0 Wrap endian.h include inside ifdef (bz#2370). 2015-04-17 10:40:23 +10:00
Darren Tucker
408f4c2ad4 Look for '${host}-ar' before 'ar'. 
This changes configure.ac to look for '${host}-ar' as set by
AC_CANONICAL_HOST before looking for the unprefixed 'ar'.
Useful when cross-compiling when all your binutils are prefixed.

Patch from moben at exherbo org via astrand at lysator liu se and
bz#2352.
 2015-04-17 09:39:58 +10:00
Damien Miller
673a1c16ad remove dependency on arpa/telnet.h 2015-04-16 11:40:35 +10:00
Darren Tucker
202d443eed Remove duplicate include of pwd.h. bz#2337, patch from Mordy Ovits. 2015-04-15 15:59:49 +10:00
Damien Miller
5979864934 platform's with openpty don't need pty_release 2015-04-13 14:40:17 +10:00
djm@openbsd.org
318be28cda upstream commit 
deprecate ancient, pre-RFC4419 and undocumented
 SSH2_MSG_KEX_DH_GEX_REQUEST_OLD message; ok markus@ deraadt@ "seems
 reasonable" dtucker@
 2015-04-13 14:37:20 +10:00
dtucker@openbsd.org
d8f391caef upstream commit 
Don't send hostkey advertisments
 (hostkeys-00@openssh.com) to current versions of Tera Term as they can't
 handle them.  Newer versions should be OK.  Patch from Bryan Drewery and
 IWAMOTO Kouichi, ok djm@
 2015-04-13 14:37:19 +10:00
djm@openbsd.org
2c2cfe1a1c upstream commit 
include port number if a non-default one has been
 specified; based on patch from Michael Handler
 2015-04-13 14:37:18 +10:00
djm@openbsd.org
4492a4f222 upstream commit 
treat Protocol=1,2|2,1 as Protocol=2 when compiled
 without SSH1 support; ok dtucker@ millert@
 2015-04-13 14:37:17 +10:00
miod@openbsd.org
c265e2e6e9 upstream commit 
Do not use int for sig_atomic_t; spotted by
 christos@netbsd; ok markus@
 2015-04-13 14:37:17 +10:00
Darren Tucker
e7bf3a5eda Use do{}while(0) for no-op functions. 
From FreeBSD.
 2015-04-07 10:48:04 +10:00
Darren Tucker
bb99844aba Wrap blf.h include in ifdef. From FreeBSD. 2015-04-07 10:47:15 +10:00
Darren Tucker
d9b9b43656 Fix misspellings of regress CONFOPTS env variables. 
Patch from Bryan Drewery.
 2015-04-07 09:10:00 +10:00
djm@openbsd.org
3f4ea3c9ab upstream commit 
correct return value in pubkey parsing, spotted by Ben Hawkes
 ok markus@
 2015-04-04 09:18:26 +11:00
djm@openbsd.org
7da2be0cb9 upstream commit 
adapt to recent hostfile.c change: when parsing
 known_hosts without fully parsing the keys therein, hostkeys_foreach() will
 now correctly identify KEY_RSA1 keys; ok markus@ miod@
 2015-04-01 10:03:05 +11:00
markus@openbsd.org
9e1777a0d1 upstream commit 
use ${SSH} for -Q instead of installed ssh
 2015-04-01 10:02:56 +11:00
djm@openbsd.org
ce1b358ea4 upstream commit 
make CLEANFILES clean up more of the tests' droppings
 2015-04-01 10:02:01 +11:00
djm@openbsd.org
398f9ef192 upstream commit 
downgrade error() for known_hosts parse errors to debug()
 to quiet warnings from ssh1 keys present when compiled !ssh1.

also identify ssh1 keys when scanning, even when compiled !ssh1

ok markus@ miod@
 2015-04-01 10:00:46 +11:00
djm@openbsd.org
9a47ab8003 upstream commit 
fd leak for !ssh1 case; found by unittests; ok markus@
 2015-04-01 10:00:46 +11:00
djm@openbsd.org
c9a0805a62 upstream commit 
don't fatal when a !ssh1 sshd is reexeced from a w/ssh1
 listener; reported by miod@; ok miod@ markus@
 2015-04-01 10:00:45 +11:00
tobias@openbsd.org
704d8c8898 upstream commit 
Comments are only supported for RSA1 keys. If a user
 tried to add one and entered his passphrase, explicitly clear it before exit.
 This is done in all other error paths, too.

ok djm
 2015-04-01 10:00:27 +11:00
jmc@openbsd.org
78de1673c0 upstream commit 
ssh-askpass(1) is the default, overridden by SSH_ASKPASS;
 diff originally from jiri b;
 2015-04-01 10:00:27 +11:00
djm@openbsd.org
26e0bcf766 upstream commit 
fix uninitialised memory read when parsing a config file
 consisting of a single nul byte. Found by hanno AT hboeck.de using AFL; ok
 dtucker
 2015-03-30 11:01:08 +11:00
markus@openbsd.org
fecede00a7 upstream commit 
sigp and lenp are not optional in ssh_agent_sign(); ok
 djm@
 2015-03-27 12:02:38 +11:00
naddy@openbsd.org
1b0ef38132 upstream commit 
don't try to load .ssh/identity by default if SSH1 is
 disabled; ok markus@
 2015-03-27 12:02:34 +11:00
djm@openbsd.org
f9b7885237 upstream commit 
ban all-zero curve25519 keys as recommended by latest
 CFRG curves draft; ok markus
 2015-03-27 12:02:27 +11:00
djm@openbsd.org
b8afbe2c1a upstream commit 
relax bits needed check to allow
 diffie-hellman-group1-sha1 key exchange to complete for chacha20-poly1305 was
 selected as symmetric cipher; ok markus
 2015-03-27 12:02:23 +11:00
markus@openbsd.org
47842f71e3 upstream commit 
ignore v1 errors on ssh-add -D; only try v2 keys on
 -l/-L (unless WITH_SSH1) ok djm@
 2015-03-27 12:02:16 +11:00
markus@openbsd.org
5f57e77f91 upstream commit 
unbreak ssh_agent_sign (lenp vs *lenp)
 2015-03-27 12:02:13 +11:00
markus@openbsd.org
4daeb67181 upstream commit 
don't leak 'setp' on error; noted by Nicholas Lemonias;
 ok djm@
 2015-03-27 12:01:47 +11:00
markus@openbsd.org
7d4f96f9de upstream commit 
consistent check for NULL as noted by Nicholas
 Lemonias; ok djm@
 2015-03-27 12:00:52 +11:00
markus@openbsd.org
df100be513 upstream commit 
correct fmt-string for size_t as noted by Nicholas
 Lemonias; ok djm@
 2015-03-27 12:00:47 +11:00
djm@openbsd.org
a22b9ef212 upstream commit 
promote chacha20-poly1305@openssh.com to be the default
 cipher; ok markus
 2015-03-27 12:00:43 +11:00