1. 04 May, 2016 2 commits
    • djm@openbsd.org's avatar
      upstream commit · 910e59bb
      djm@openbsd.org authored
      fix junk characters after quotes
      Upstream-ID: cc4d0cd32cb6b55a2ef98975d2f7ae857d0dc578
    • jmc@openbsd.org's avatar
      upstream commit · 9283884e
      jmc@openbsd.org authored
      correct article;
      Upstream-ID: 1fbd5b7ab16d2d9834ec79c3cedd4738fa42a168
  2. 03 May, 2016 8 commits
    • djm@openbsd.org's avatar
      upstream commit · cfefbcea
      djm@openbsd.org authored
      fix overriding of StreamLocalBindMask and
       StreamLocalBindUnlink in Match blocks; found the hard way Rogan Dawes
      Upstream-ID: 940bc69ec0249ab428d24ccd0722ce35cb932ee2
    • djm@openbsd.org's avatar
      upstream commit · 771c2f51
      djm@openbsd.org authored
      don't forget to include StreamLocalBindUnlink in the
       config dump output
      Upstream-ID: 14a6d970b3b45c8e94272e3c661e9a0b2a0ee7cb
    • djm@openbsd.org's avatar
      upstream commit · cdcd9419
      djm@openbsd.org authored
      make nethack^wrandomart fingerprint flag more readily
       searchable pointed out by Matt Johnston
      Upstream-ID: cb40d0235dc153c478c1aad3bc60b195422a54fb
    • djm@openbsd.org's avatar
      upstream commit · 05855bf2
      djm@openbsd.org authored
      clarify ordering of subkeys; pointed out by ietf-ssh AT
      Upstream-ID: 05ebe9f949449a555ebce8e0aad7c8c9acaf8463
    • dtucker@openbsd.org's avatar
      upstream commit · cca3b439
      dtucker@openbsd.org authored
      Use a subshell for constructing key types to work around
       different sed behaviours for -portable.
      Upstream-Regress-ID: 0f6eb673162df229eda9a134a0f10da16151552d
    • djm@openbsd.org's avatar
      upstream commit · fa58208c
      djm@openbsd.org authored
      correct some typos and remove a long-stale XXX note.
      add specification for ed25519 certificates
      mention no host certificate options/extensions are currently defined
      pointed out by Simon Tatham
      Upstream-ID: 7b535ab7dba3340b7d8210ede6791fdaefdf839a
    • djm@openbsd.org's avatar
      upstream commit · b466f956
      djm@openbsd.org authored
      add ed25519 keys that are supported but missing from this
       documents; from Peter Moody
      Upstream-ID: 8caac2d8e8cfd2fca6dc304877346e0a064b014b
    • dtucker@openbsd.org's avatar
      upstream commit · 7f3d7631
      dtucker@openbsd.org authored
      Implement IUTF8 as per draft-sgtatham-secsh-iutf8-00.  Patch
       from Simon Tatham, ok markus@
      Upstream-ID: 58268ebdf37d9d467f78216c681705a5e10c58e8
  3. 02 May, 2016 5 commits
    • djm@openbsd.org's avatar
      upstream commit · 31bc01c0
      djm@openbsd.org authored
      unbreak config parsing on reexec from previous commit
      Upstream-ID: bc69932638a291770955bd05ca55a32660a613ab
    • djm@openbsd.org's avatar
      upstream commit · 67f1459e
      djm@openbsd.org authored
      unit and regress tests for SHA256/512; ok markus
      Upstream-Regress-ID: a0cd1a92dc824067076a5fcef83c18df9b0bf2c6
    • djm@openbsd.org's avatar
      upstream commit · 0e8eeec8
      djm@openbsd.org authored
      add support for additional fixed DH groups from
      diffie-hellman-group14-sha256 (2K group)
      diffie-hellman-group16-sha512 (4K group)
      diffie-hellman-group18-sha512 (8K group)
      based on patch from Mark D. Baushke and Darren Tucker
      ok markus@
      Upstream-ID: ac00406ada4f0dfec41585ca0839f039545bc46f
    • djm@openbsd.org's avatar
      upstream commit · 57464e39
      djm@openbsd.org authored
      support SHA256 and SHA512 RSA signatures in certificates;
       ok markus@
      Upstream-ID: b45be2f2ce8cacd794dc5730edaabc90e5eb434a
    • djm@openbsd.org's avatar
      upstream commit · 1a31d02b
      djm@openbsd.org authored
      fix signed/unsigned errors reported by clang-3.7; add
       sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with
       better safety checking; feedback and ok markus@
      Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820
  4. 29 Apr, 2016 2 commits
    • djm@openbsd.org's avatar
      upstream commit · d2d6bf86
      djm@openbsd.org authored
      close ControlPersist background process stderr when not
       in debug mode or when logging to a file or syslog. bz#1988 ok dtucker
      Upstream-ID: 4fb726f0fdcb155ad419913cea10dc4afd409d24
    • djm@openbsd.org's avatar
      upstream commit · 9ee692fa
      djm@openbsd.org authored
      fix comment
      Upstream-ID: 313a385bd7b69a82f8e28ecbaf5789c774457b15
  5. 28 Apr, 2016 1 commit
    • jmc@openbsd.org's avatar
      upstream commit · ee1e0a16
      jmc@openbsd.org authored
      cidr permitted for {allow,deny}users; from lars nooden ok djm
      Upstream-ID: 13e7327fe85f6c63f3f7f069e0fdc8c351515d11
  6. 21 Apr, 2016 2 commits
    • djm@openbsd.org's avatar
      upstream commit · b6e0140a
      djm@openbsd.org authored
      make argument == NULL tests more consistent
      Upstream-ID: dc4816678704aa5cbda3a702e0fa2033ff04581d
    • jmc@openbsd.org's avatar
      upstream commit · 6aaabc2b
      jmc@openbsd.org authored
      tweak previous;
      Upstream-ID: 46c1bab91c164078edbccd5f7d06b9058edd814f
  7. 15 Apr, 2016 7 commits
    • djm@openbsd.org's avatar
      upstream commit · 0f839e59
      djm@openbsd.org authored
      missing bit of Include regress
      Upstream-Regress-ID: 1063595f7f40f8489a1b7a27230b9e8acccea34f
    • djm@openbsd.org's avatar
      upstream commit · 12e4ac46
      djm@openbsd.org authored
      remove redundant CLEANFILES section
      Upstream-Regress-ID: 29ef1b267fa56daa60a1463396635e7d53afb587
    • djm@openbsd.org's avatar
      upstream commit · b1d05aa6
      djm@openbsd.org authored
      sync CLEANFILES with portable, sort
      Upstream-Regress-ID: cb782f4f1ab3e079efbc335c6b64942f790766ed
    • djm@openbsd.org's avatar
      upstream commit · 35f22dad
      djm@openbsd.org authored
      regression test for ssh_config Include directive
      Upstream-Regress-ID: 46a38c8101f635461c506d1aac2d96af80f97f1e
    • djm@openbsd.org's avatar
      upstream commit · 6b8a1a87
      djm@openbsd.org authored
      unbreak test for recent ssh de-duplicated forwarding
      Upstream-Regress-ID: 6b2b115d99acd7cff13986e6739ea214cf2a3da3
    • djm@openbsd.org's avatar
      upstream commit · 07678770
      djm@openbsd.org authored
      add test knob and warning for StrictModes
      Upstream-Regress-ID: 8cd10952ce7898655ee58945904f2a0a3bdf7682
    • djm@openbsd.org's avatar
      upstream commit · dc7990be
      djm@openbsd.org authored
      Include directive for ssh_config(5); feedback & ok markus@
      Upstream-ID: ae3b76e2e343322b9f74acde6f1e1c5f027d5fff
  8. 13 Apr, 2016 2 commits
    • Damien Miller's avatar
      ignore PAM environment vars when UseLogin=yes · 85bdcd7c
      Damien Miller authored
      If PAM is configured to read user-specified environment variables
      and UseLogin=yes in sshd_config, then a hostile local user may
      attack /bin/login via LD_PRELOAD or similar environment variables
      set via PAM.
      CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
    • djm@openbsd.org's avatar
      upstream commit · dce19bf6
      djm@openbsd.org authored
      make private key loading functions consistently handle NULL
       key pointer arguments; ok markus@
      Upstream-ID: 92038726ef4a338169c35dacc9c5a07fcc7fa761
  9. 08 Apr, 2016 5 commits
    • Darren Tucker's avatar
      Remove NO_IPPORT_RESERVED_CONCEPT · 5f41f030
      Darren Tucker authored
      Replace by defining IPPORT_RESERVED to zero on Cygwin, which should have
      the same effect without causing problems syncing patches with OpenBSD.
      Resync the two affected functions with OpenBSD.  ok djm, sanity checked
      by Corinna.
    • djm@openbsd.org's avatar
      upstream commit · 34a01b2c
      djm@openbsd.org authored
      whitespace at EOL
      Upstream-ID: 5beffd4e001515da12851b974e2323ae4aa313b6
    • djm@openbsd.org's avatar
      upstream commit · 90ee563f
      djm@openbsd.org authored
      We accidentally send an empty string and a zero uint32 with
       every direct-streamlocal@openssh.com channel open, in contravention of our
       own spec.
      Fixing this is too hard wrt existing versions that expect these
      fields to be present and fatal() if they aren't, so document them
      as "reserved" fields in the PROTOCOL spec as though we always
      intended this and let us never speak of it again.
      bz#2529, reported by Ron Frederick
      Upstream-ID: 34cd326a4d236ca6e39084c4ff796bd97ab833e7
    • djm@openbsd.org's avatar
      upstream commit · 0ccbd5ec
      djm@openbsd.org authored
      don't record duplicate LocalForward and RemoteForward
       entries; fixes failure with ExitOnForwardFailure+hostname canonicalisation
       where the same forwards are added on the second pass through the
       configuration file. bz#2562; ok dtucker@
      Upstream-ID: 40a51d68b6300f1cc61deecdb7d4847b8b7b0de1
    • krw@openbsd.org's avatar
      upstream commit · 574def0e
      krw@openbsd.org authored
      Another use for fcntl() and thus of the superfluous 3rd
       parameter is when sanitising standard fd's before calling daemon().
      Use a tweaked version of the ssh(1) function in all three places
      found using fcntl() this way.
      ok jca@ beck@
      Upstream-ID: f16811ffa19a1c5f4ef383c5f0fecb843c84e218
  10. 04 Apr, 2016 2 commits
  11. 01 Apr, 2016 2 commits
    • djm@openbsd.org's avatar
      upstream commit · 95687f58
      djm@openbsd.org authored
      whitespace at EOL
      Upstream-ID: 40ae2203d07cb14e0a89e1a0d4c6120ee8fd8c3a
    • dtucker@openbsd.org's avatar
      upstream commit · fdfbf458
      dtucker@openbsd.org authored
      Remove fallback from moduli to "primes" file that was
       deprecated in 2001 and fix log messages referring to primes file.  Based on
       patch from xnox at ubuntu.com via bz#2559.  "kill it" deraadt@
      Upstream-ID: 0d4f8c70e2fa7431a83b95f8ca81033147ba8713
  12. 17 Mar, 2016 1 commit
    • djm@openbsd.org's avatar
      upstream commit · 0235a5fa
      djm@openbsd.org authored
      UseDNS affects ssh hostname processing in authorized_keys,
       not known_hosts; bz#2554 reported by jjelen AT redhat.com
      Upstream-ID: c1c1bb895dde46095fc6d81d8653703928437591
  13. 14 Mar, 2016 1 commit