1. 04 May, 2016 2 commits
    • djm@openbsd.org's avatar
      upstream commit · 910e59bb
      djm@openbsd.org authored
      fix junk characters after quotes
      
      Upstream-ID: cc4d0cd32cb6b55a2ef98975d2f7ae857d0dc578
      910e59bb
    • jmc@openbsd.org's avatar
      upstream commit · 9283884e
      jmc@openbsd.org authored
      correct article;
      
      Upstream-ID: 1fbd5b7ab16d2d9834ec79c3cedd4738fa42a168
      9283884e
  2. 03 May, 2016 8 commits
    • djm@openbsd.org's avatar
      upstream commit · cfefbcea
      djm@openbsd.org authored
      fix overriding of StreamLocalBindMask and
       StreamLocalBindUnlink in Match blocks; found the hard way Rogan Dawes
      
      Upstream-ID: 940bc69ec0249ab428d24ccd0722ce35cb932ee2
      cfefbcea
    • djm@openbsd.org's avatar
      upstream commit · 771c2f51
      djm@openbsd.org authored
      don't forget to include StreamLocalBindUnlink in the
       config dump output
      
      Upstream-ID: 14a6d970b3b45c8e94272e3c661e9a0b2a0ee7cb
      771c2f51
    • djm@openbsd.org's avatar
      upstream commit · cdcd9419
      djm@openbsd.org authored
      make nethack^wrandomart fingerprint flag more readily
       searchable pointed out by Matt Johnston
      
      Upstream-ID: cb40d0235dc153c478c1aad3bc60b195422a54fb
      cdcd9419
    • djm@openbsd.org's avatar
      upstream commit · 05855bf2
      djm@openbsd.org authored
      clarify ordering of subkeys; pointed out by ietf-ssh AT
       stbuehler.de
      
      Upstream-ID: 05ebe9f949449a555ebce8e0aad7c8c9acaf8463
      05855bf2
    • dtucker@openbsd.org's avatar
      upstream commit · cca3b439
      dtucker@openbsd.org authored
      Use a subshell for constructing key types to work around
       different sed behaviours for -portable.
      
      Upstream-Regress-ID: 0f6eb673162df229eda9a134a0f10da16151552d
      cca3b439
    • djm@openbsd.org's avatar
      upstream commit · fa58208c
      djm@openbsd.org authored
      correct some typos and remove a long-stale XXX note.
      
      add specification for ed25519 certificates
      
      mention no host certificate options/extensions are currently defined
      
      pointed out by Simon Tatham
      
      Upstream-ID: 7b535ab7dba3340b7d8210ede6791fdaefdf839a
      fa58208c
    • djm@openbsd.org's avatar
      upstream commit · b466f956
      djm@openbsd.org authored
      add ed25519 keys that are supported but missing from this
       documents; from Peter Moody
      
      Upstream-ID: 8caac2d8e8cfd2fca6dc304877346e0a064b014b
      b466f956
    • dtucker@openbsd.org's avatar
      upstream commit · 7f3d7631
      dtucker@openbsd.org authored
      Implement IUTF8 as per draft-sgtatham-secsh-iutf8-00.  Patch
       from Simon Tatham, ok markus@
      
      Upstream-ID: 58268ebdf37d9d467f78216c681705a5e10c58e8
      7f3d7631
  3. 02 May, 2016 5 commits
    • djm@openbsd.org's avatar
      upstream commit · 31bc01c0
      djm@openbsd.org authored
      unbreak config parsing on reexec from previous commit
      
      Upstream-ID: bc69932638a291770955bd05ca55a32660a613ab
      31bc01c0
    • djm@openbsd.org's avatar
      upstream commit · 67f1459e
      djm@openbsd.org authored
      unit and regress tests for SHA256/512; ok markus
      
      Upstream-Regress-ID: a0cd1a92dc824067076a5fcef83c18df9b0bf2c6
      67f1459e
    • djm@openbsd.org's avatar
      upstream commit · 0e8eeec8
      djm@openbsd.org authored
      add support for additional fixed DH groups from
       draft-ietf-curdle-ssh-kex-sha2-03
      
      diffie-hellman-group14-sha256 (2K group)
      diffie-hellman-group16-sha512 (4K group)
      diffie-hellman-group18-sha512 (8K group)
      
      based on patch from Mark D. Baushke and Darren Tucker
      ok markus@
      
      Upstream-ID: ac00406ada4f0dfec41585ca0839f039545bc46f
      0e8eeec8
    • djm@openbsd.org's avatar
      upstream commit · 57464e39
      djm@openbsd.org authored
      support SHA256 and SHA512 RSA signatures in certificates;
       ok markus@
      
      Upstream-ID: b45be2f2ce8cacd794dc5730edaabc90e5eb434a
      57464e39
    • djm@openbsd.org's avatar
      upstream commit · 1a31d02b
      djm@openbsd.org authored
      fix signed/unsigned errors reported by clang-3.7; add
       sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with
       better safety checking; feedback and ok markus@
      
      Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820
      1a31d02b
  4. 29 Apr, 2016 2 commits
    • djm@openbsd.org's avatar
      upstream commit · d2d6bf86
      djm@openbsd.org authored
      close ControlPersist background process stderr when not
       in debug mode or when logging to a file or syslog. bz#1988 ok dtucker
      
      Upstream-ID: 4fb726f0fdcb155ad419913cea10dc4afd409d24
      d2d6bf86
    • djm@openbsd.org's avatar
      upstream commit · 9ee692fa
      djm@openbsd.org authored
      fix comment
      
      Upstream-ID: 313a385bd7b69a82f8e28ecbaf5789c774457b15
      9ee692fa
  5. 28 Apr, 2016 1 commit
    • jmc@openbsd.org's avatar
      upstream commit · ee1e0a16
      jmc@openbsd.org authored
      cidr permitted for {allow,deny}users; from lars nooden ok djm
      
      Upstream-ID: 13e7327fe85f6c63f3f7f069e0fdc8c351515d11
      ee1e0a16
  6. 21 Apr, 2016 2 commits
    • djm@openbsd.org's avatar
      upstream commit · b6e0140a
      djm@openbsd.org authored
      make argument == NULL tests more consistent
      
      Upstream-ID: dc4816678704aa5cbda3a702e0fa2033ff04581d
      b6e0140a
    • jmc@openbsd.org's avatar
      upstream commit · 6aaabc2b
      jmc@openbsd.org authored
      tweak previous;
      
      Upstream-ID: 46c1bab91c164078edbccd5f7d06b9058edd814f
      6aaabc2b
  7. 15 Apr, 2016 7 commits
    • djm@openbsd.org's avatar
      upstream commit · 0f839e59
      djm@openbsd.org authored
      missing bit of Include regress
      
      Upstream-Regress-ID: 1063595f7f40f8489a1b7a27230b9e8acccea34f
      0f839e59
    • djm@openbsd.org's avatar
      upstream commit · 12e4ac46
      djm@openbsd.org authored
      remove redundant CLEANFILES section
      
      Upstream-Regress-ID: 29ef1b267fa56daa60a1463396635e7d53afb587
      12e4ac46
    • djm@openbsd.org's avatar
      upstream commit · b1d05aa6
      djm@openbsd.org authored
      sync CLEANFILES with portable, sort
      
      Upstream-Regress-ID: cb782f4f1ab3e079efbc335c6b64942f790766ed
      b1d05aa6
    • djm@openbsd.org's avatar
      upstream commit · 35f22dad
      djm@openbsd.org authored
      regression test for ssh_config Include directive
      
      Upstream-Regress-ID: 46a38c8101f635461c506d1aac2d96af80f97f1e
      35f22dad
    • djm@openbsd.org's avatar
      upstream commit · 6b8a1a87
      djm@openbsd.org authored
      unbreak test for recent ssh de-duplicated forwarding
       change
      
      Upstream-Regress-ID: 6b2b115d99acd7cff13986e6739ea214cf2a3da3
      6b8a1a87
    • djm@openbsd.org's avatar
      upstream commit · 07678770
      djm@openbsd.org authored
      add test knob and warning for StrictModes
      
      Upstream-Regress-ID: 8cd10952ce7898655ee58945904f2a0a3bdf7682
      07678770
    • djm@openbsd.org's avatar
      upstream commit · dc7990be
      djm@openbsd.org authored
      Include directive for ssh_config(5); feedback & ok markus@
      
      Upstream-ID: ae3b76e2e343322b9f74acde6f1e1c5f027d5fff
      dc7990be
  8. 13 Apr, 2016 2 commits
    • Damien Miller's avatar
      ignore PAM environment vars when UseLogin=yes · 85bdcd7c
      Damien Miller authored
      If PAM is configured to read user-specified environment variables
      and UseLogin=yes in sshd_config, then a hostile local user may
      attack /bin/login via LD_PRELOAD or similar environment variables
      set via PAM.
      
      CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
      85bdcd7c
    • djm@openbsd.org's avatar
      upstream commit · dce19bf6
      djm@openbsd.org authored
      make private key loading functions consistently handle NULL
       key pointer arguments; ok markus@
      
      Upstream-ID: 92038726ef4a338169c35dacc9c5a07fcc7fa761
      dce19bf6
  9. 08 Apr, 2016 5 commits
    • Darren Tucker's avatar
      Remove NO_IPPORT_RESERVED_CONCEPT · 5f41f030
      Darren Tucker authored
      Replace by defining IPPORT_RESERVED to zero on Cygwin, which should have
      the same effect without causing problems syncing patches with OpenBSD.
      Resync the two affected functions with OpenBSD.  ok djm, sanity checked
      by Corinna.
      5f41f030
    • djm@openbsd.org's avatar
      upstream commit · 34a01b2c
      djm@openbsd.org authored
      whitespace at EOL
      
      Upstream-ID: 5beffd4e001515da12851b974e2323ae4aa313b6
      34a01b2c
    • djm@openbsd.org's avatar
      upstream commit · 90ee563f
      djm@openbsd.org authored
      We accidentally send an empty string and a zero uint32 with
       every direct-streamlocal@openssh.com channel open, in contravention of our
       own spec.
      
      Fixing this is too hard wrt existing versions that expect these
      fields to be present and fatal() if they aren't, so document them
      as "reserved" fields in the PROTOCOL spec as though we always
      intended this and let us never speak of it again.
      
      bz#2529, reported by Ron Frederick
      
      Upstream-ID: 34cd326a4d236ca6e39084c4ff796bd97ab833e7
      90ee563f
    • djm@openbsd.org's avatar
      upstream commit · 0ccbd5ec
      djm@openbsd.org authored
      don't record duplicate LocalForward and RemoteForward
       entries; fixes failure with ExitOnForwardFailure+hostname canonicalisation
       where the same forwards are added on the second pass through the
       configuration file. bz#2562; ok dtucker@
      
      Upstream-ID: 40a51d68b6300f1cc61deecdb7d4847b8b7b0de1
      0ccbd5ec
    • krw@openbsd.org's avatar
      upstream commit · 574def0e
      krw@openbsd.org authored
      Another use for fcntl() and thus of the superfluous 3rd
       parameter is when sanitising standard fd's before calling daemon().
      
      Use a tweaked version of the ssh(1) function in all three places
      found using fcntl() this way.
      
      ok jca@ beck@
      
      Upstream-ID: f16811ffa19a1c5f4ef383c5f0fecb843c84e218
      574def0e
  10. 04 Apr, 2016 2 commits
  11. 01 Apr, 2016 2 commits
    • djm@openbsd.org's avatar
      upstream commit · 95687f58
      djm@openbsd.org authored
      whitespace at EOL
      
      Upstream-ID: 40ae2203d07cb14e0a89e1a0d4c6120ee8fd8c3a
      95687f58
    • dtucker@openbsd.org's avatar
      upstream commit · fdfbf458
      dtucker@openbsd.org authored
      Remove fallback from moduli to "primes" file that was
       deprecated in 2001 and fix log messages referring to primes file.  Based on
       patch from xnox at ubuntu.com via bz#2559.  "kill it" deraadt@
      
      Upstream-ID: 0d4f8c70e2fa7431a83b95f8ca81033147ba8713
      fdfbf458
  12. 17 Mar, 2016 1 commit
    • djm@openbsd.org's avatar
      upstream commit · 0235a5fa
      djm@openbsd.org authored
      UseDNS affects ssh hostname processing in authorized_keys,
       not known_hosts; bz#2554 reported by jjelen AT redhat.com
      
      Upstream-ID: c1c1bb895dde46095fc6d81d8653703928437591
      0235a5fa
  13. 14 Mar, 2016 1 commit