summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* upstream: fix leaks in unit test; with this, all unit tests aredjm@openbsd.org2018-07-131-1/+4
| | | | | | leak free (as far as valgrind can spot anyway) OpenBSD-Regress-ID: b824d8b27998365379963440e5d18b95ca03aa17
* Enable leak checks for unit tests with valgrindDamien Miller2018-07-131-5/+3
| | | | | Leave the leak checking on unconditionally when running with valgrind. The unit tests are leak-free and I want them to stay that way.
* increase timeout to match cfgmatch.shDamien Miller2018-07-131-1/+1
| | | | lets test pass under valgrind (on my workstation at least)
* rm regress/misc/kexfuzz/*.o in distclean targetDamien Miller2018-07-131-0/+1
|
* repair !WITH_OPENSSL buildDamien Miller2018-07-131-0/+2
|
* missing headersDamien Miller2018-07-132-0/+3
|
* Remove key.h from portable files too.Darren Tucker2018-07-126-6/+0
| | | | | Commit 5467fbcb removed key.h so stop including it in portable files too. Fixes builds on lots of platforms.
* upstream: remove prototype to long-gone functiondjm@openbsd.org2018-07-121-3/+1
| | | | OpenBSD-Commit-ID: 0414642ac7ce01d176b9f359091a66a8bbb640bd
* upstream: treat ssh_packet_write_wait() errors as fatal; ok djm@markus@openbsd.org2018-07-123-9/+9
| | | | OpenBSD-Commit-ID: f88ba43c9d54ed2d911218aa8d3f6285430629c3
* upstream: remove legacy key emulation layer; ok djm@markus@openbsd.org2018-07-1222-489/+197
| | | | OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
* upstream: s/wuth/with/ in commentmartijn@openbsd.org2018-07-121-2/+2
| | | | OpenBSD-Commit-ID: 9de41468afd75f54a7f47809d2ad664aa577902c
* Include stdlib.h for declaration of free.Darren Tucker2018-07-111-0/+1
| | | | Fixes build with -Werror on at least Fedora and probably others.
* VALGRIND_CHECK_LEAKS logic was backwards :(Damien Miller2018-07-112-2/+2
|
* Fix sshbuf_new error path in skey.Darren Tucker2018-07-111-2/+2
|
* Supply missing third arg in skey.Darren Tucker2018-07-111-1/+1
| | | | | During the change to the new buffer api the third arg to sshbuf_get_cstring was ommitted. Fixes build when configured with skey.
* Supply some more missing "int r" in skeyDarren Tucker2018-07-112-2/+3
|
* disable valgrind memleak checking by defaultDamien Miller2018-07-112-2/+10
| | | | Add VALGRIND_CHECK_LEAKS knob to turn it back on.
* Supply missing "int r" in skey code.Darren Tucker2018-07-111-0/+1
|
* upstream: re-remove some pre-auth compression bitssf@openbsd.org2018-07-112-4/+3
| | | | | | | | | | This time, make sure to not remove things that are necessary for pre-auth compression on the client. Add a comment that pre-auth compression is still supported in the client. ok markus@ OpenBSD-Commit-ID: 282c6fec7201f18a5c333bbb68d9339734d2f784
* Adapt portable to legacy buffer API removalDamien Miller2018-07-1018-440/+561
|
* upstream: kerberos/gssapi fixes for buffer removaldjm@openbsd.org2018-07-105-15/+43
| | | | OpenBSD-Commit-ID: 1cdf56fec95801e4563c47f21696f04cd8b60c4c
* upstream: buffer.[ch] and bufaux.c are no moredjm@openbsd.org2018-07-101-4/+3
| | | | OpenBSD-Commit-ID: d1a1852284e554f39525eb4d4891b207cfb3d3a0
* upstream: one mention of Buffer that almost got away :)djm@openbsd.org2018-07-101-2/+3
| | | | OpenBSD-Commit-ID: 30d7c27a90b4544ad5dfacf654595710cd499f02
* upstream: replace cast with call to sshbuf_mutable_ptr(); ok djm@markus@openbsd.org2018-07-106-12/+12
| | | | OpenBSD-Commit-ID: 4dfe9d29fa93d9231645c89084f7217304f7ba29
* upstream: remove legacy buffer API emulation layer; ok djm@markus@openbsd.org2018-07-109-649/+6
| | | | OpenBSD-Commit-ID: 2dd5dc17cbc23195be4299fa93be2707a0e08ad9
* upstream: sshd: switch monitor to sshbuf API; lots of help & okmarkus@openbsd.org2018-07-103-421/+566
| | | | | | djm@ OpenBSD-Commit-ID: d89bd02d33974fd35ca0b8940d88572227b34a48
* upstream: sshd: switch GSSAPI to sshbuf API; ok djm@markus@openbsd.org2018-07-104-65/+86
| | | | OpenBSD-Commit-ID: e48449ab4be3f006f7ba33c66241b7d652973e30
* upstream: sshd: switch authentication to sshbuf API; ok djm@markus@openbsd.org2018-07-1012-85/+95
| | | | OpenBSD-Commit-ID: 880aa06bce4b140781e836bb56bec34873290641
* upstream: sshd: switch config to sshbuf API; ok djm@markus@openbsd.org2018-07-103-44/+48
| | | | OpenBSD-Commit-ID: 72b02017bac7feac48c9dceff8355056bea300bd
* upstream: sshd: switch loginmsg to sshbuf API; ok djm@markus@openbsd.org2018-07-107-43/+56
| | | | OpenBSD-Commit-ID: f3cb4e54bff15c593602d95cc43e32ee1a4bac42
* upstream: ttymodes: switch to sshbuf API; ok djm@markus@openbsd.org2018-07-104-64/+81
| | | | OpenBSD-Commit-ID: 5df340c5965e822c9da21e19579d08dea3cbe429
* upstream: client: switch mux to sshbuf API; with & ok djm@markus@openbsd.org2018-07-101-414/+507
| | | | OpenBSD-Commit-ID: 5948fb98d704f9c4e075b92edda64e0290b5feb2
* upstream: client: switch to sshbuf API; ok djm@markus@openbsd.org2018-07-108-328/+416
| | | | OpenBSD-Commit-ID: 60cb0356114acc7625ab85105f6f6a7cd44a8d05
* upstream: pkcs11: switch to sshbuf API; ok djm@markus@openbsd.org2018-07-101-57/+79
| | | | OpenBSD-Commit-ID: 98cc4e800f1617c51caf59a6cb3006f14492db79
* upstream: Revert previous two commitssf@openbsd.org2018-07-106-14/+20
| | | | | | | | | | | | | | | | | | | | | | It turns out we still support pre-auth compression on the client. Therefore revert the previous two commits: date: 2018/07/06 09:06:14; author: sf; commitid: yZVYKIRtUZWD9CmE; Rename COMP_DELAYED to COMP_ZLIB Only delayed compression is supported nowadays. ok markus@ date: 2018/07/06 09:05:01; author: sf; commitid: rEGuT5UgI9f6kddP; Remove leftovers from pre-authentication compression Support for this has been removed in 2016. COMP_DELAYED will be renamed in a later commit. ok markus@ OpenBSD-Commit-ID: cdfef526357e4e1483c86cf599491b2dafb77772
* upstream: Rename COMP_DELAYED to COMP_ZLIBsf@openbsd.org2018-07-104-12/+12
| | | | | | | | Only delayed compression is supported nowadays. ok markus@ OpenBSD-Commit-ID: 5b1dbaf3d9a4085aaa10fec0b7a4364396561821
* upstream: Remove leftovers from pre-authentication compressionsf@openbsd.org2018-07-105-15/+9
| | | | | | | | | Support for this has been removed in 2016. COMP_DELAYED will be renamed in a later commit. ok markus@ OpenBSD-Commit-ID: 6a99616c832627157113fcb0cf5a752daf2e6b58
* upstream: Remove unused ssh_packet_start_compression()sf@openbsd.org2018-07-103-27/+3
| | | | | | ok markus@ OpenBSD-Commit-ID: 9d34cf2f59aca5422021ae2857190578187dc2b4
* Defer setting bufsiz in getdelim.Darren Tucker2018-07-061-2/+2
| | | | | Do not write to bufsiz until we are sure the malloc has succeeded, in case any callers rely on it (which they shouldn't). ok djm@
* Fix other callers of read_environment_file.Darren Tucker2018-07-051-2/+4
| | | | | | read_environment_file recently gained an extra argument Some platform specific code also calls it so add the argument to those too. Fixes build on Solaris and AIX.
* upstream: deal with API rename: match_filter_list() =>djm@openbsd.org2018-07-041-2/+2
| | | | | | match_filter_blacklist() OpenBSD-Regress-ID: 2da342be913efeb51806351af906fab01ba4367f
* upstream: exercise new expansion behaviour ofdjm@openbsd.org2018-07-041-1/+50
| | | | | | | | PubkeyAcceptedKeyTypes and, by proxy, test kex_assemble_names() ok markus@ OpenBSD-Regress-ID: 292978902e14d5729aa87e492dd166c842f72736
* upstream: add a comment that could have saved me 45 minutes of wilddjm@openbsd.org2018-07-041-1/+2
| | | | | | goose chasing OpenBSD-Regress-ID: d469b29ffadd3402c090e21b792d627d46fa5297
* upstream: repair PubkeyAcceptedKeyTypes (and friends) after RSAdjm@openbsd.org2018-07-0410-67/+187
| | | | | | | | | | | | | | | | signature work - returns ability to add/remove/specify algorithms by wildcard. Algorithm lists are now fully expanded when the server/client configs are finalised, so errors are reported early and the config dumps (e.g. "ssh -G ...") now list the actual algorithms selected. Clarify that, while wildcards are accepted in algorithm lists, they aren't full pattern-lists that support negation. (lots of) feedback, ok markus@ OpenBSD-Commit-ID: a8894c5c81f399a002f02ff4fe6b4fa46b1f3207
* upstream: some magic for RSA-SHA2 checksdjm@openbsd.org2018-07-041-1/+8
| | | | OpenBSD-Regress-ID: e5a9b11368ff6d86e7b25ad10ebe43359b471cd4
* dependDamien Miller2018-07-031-2/+2
|
* upstream: some finesse to fix RSA-SHA2 certificate authenticationdjm@openbsd.org2018-07-033-8/+12
| | | | | | for certs hosted in ssh-agent OpenBSD-Commit-ID: e5fd5edd726137dda2d020e1cdebc464110a010f
* upstream: check correct variable; unbreak agent keysdjm@openbsd.org2018-07-031-2/+2
| | | | OpenBSD-Commit-ID: c36981fdf1f3ce04966d3310826a3e1e6233d93e
* upstream: crank version number to 7.8; needed for new compat flagdjm@openbsd.org2018-07-032-4/+5
| | | | | | for prior version; part of RSA-SHA2 strictification, ok markus@ OpenBSD-Commit-ID: 84a11fc0efd2674c050712336b5093f5d408e32b
* upstream: Improve strictness and control over RSA-SHA2 signaturedjm@openbsd.org2018-07-0318-256/+469
| | | | | | | | | | | | | | | | | | | | | | | In ssh, when an agent fails to return a RSA-SHA2 signature when requested and falls back to RSA-SHA1 instead, retry the signature to ensure that the public key algorithm sent in the SSH_MSG_USERAUTH matches the one in the signature itself. In sshd, strictly enforce that the public key algorithm sent in the SSH_MSG_USERAUTH message matches what appears in the signature. Make the sshd_config PubkeyAcceptedKeyTypes and HostbasedAcceptedKeyTypes options control accepted signature algorithms (previously they selected supported key types). This allows these options to ban RSA-SHA1 in favour of RSA-SHA2. Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and "rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures with certificate keys. feedback and ok markus@ OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde
View Lorry Controller Status