History log of /openssh-portable/compat.c (Results 1 - 25 of 219)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# c3903c38 12-Aug-2018 djm@openbsd.org

upstream: revert compat.[ch] section of the following change. It

causes double-free under some circumstances.

--

date: 2018/07/31 03:07:24; author: djm; state: Exp; line

upstream: revert compat.[ch] section of the following change. It

causes double-free under some circumstances.

--

date: 2018/07/31 03:07:24; author: djm; state: Exp; lines: +33 -18; commitid: f7g4UI8eeOXReTPh;
fix some memory leaks spotted by Coverity via Jakub Jelen in bz#2366
feedback and ok dtucker@

OpenBSD-Commit-ID: 1e77547f60fdb5e2ffe23e2e4733c54d8d2d1137

show more ...


# 1a66079c 30-Jul-2018 djm@openbsd.org

upstream: fix some memory leaks spotted by Coverity via Jakub Jelen

in bz#2366 feedback and ok dtucker@

OpenBSD-Commit-ID: 8402bbae67d578bedbadb0ce68ff7c5a136ef563


# cecee2d6 09-Jul-2018 markus@openbsd.org

upstream: client: switch to sshbuf API; ok djm@

OpenBSD-Commit-ID: 60cb0356114acc7625ab85105f6f6a7cd44a8d05


# 312d2f28 04-Jul-2018 djm@openbsd.org

upstream: repair PubkeyAcceptedKeyTypes (and friends) after RSA

signature work - returns ability to add/remove/specify algorithms by
wildcard.

Algorithm lists are now fully expa

upstream: repair PubkeyAcceptedKeyTypes (and friends) after RSA

signature work - returns ability to add/remove/specify algorithms by
wildcard.

Algorithm lists are now fully expanded when the server/client configs
are finalised, so errors are reported early and the config dumps
(e.g. "ssh -G ...") now list the actual algorithms selected.

Clarify that, while wildcards are accepted in algorithm lists, they
aren't full pattern-lists that support negation.

(lots of) feedback, ok markus@

OpenBSD-Commit-ID: a8894c5c81f399a002f02ff4fe6b4fa46b1f3207

show more ...


# 2f30300c 03-Jul-2018 djm@openbsd.org

upstream: crank version number to 7.8; needed for new compat flag

for prior version; part of RSA-SHA2 strictification, ok markus@

OpenBSD-Commit-ID: 84a11fc0efd2674c050712336b5093f5

upstream: crank version number to 7.8; needed for new compat flag

for prior version; part of RSA-SHA2 strictification, ok markus@

OpenBSD-Commit-ID: 84a11fc0efd2674c050712336b5093f5d408e32b

show more ...


# 4ba0d547 03-Jul-2018 djm@openbsd.org

upstream: Improve strictness and control over RSA-SHA2 signature

In ssh, when an agent fails to return a RSA-SHA2 signature when
requested and falls back to RSA-SHA1 instead, retry the s

upstream: Improve strictness and control over RSA-SHA2 signature

In ssh, when an agent fails to return a RSA-SHA2 signature when
requested and falls back to RSA-SHA1 instead, retry the signature to
ensure that the public key algorithm sent in the SSH_MSG_USERAUTH
matches the one in the signature itself.

In sshd, strictly enforce that the public key algorithm sent in the
SSH_MSG_USERAUTH message matches what appears in the signature.

Make the sshd_config PubkeyAcceptedKeyTypes and
HostbasedAcceptedKeyTypes options control accepted signature algorithms
(previously they selected supported key types). This allows these
options to ban RSA-SHA1 in favour of RSA-SHA2.

Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and
"rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures
with certificate keys.

feedback and ok markus@

OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde

show more ...


# a575ddd5 16-Apr-2018 djm@openbsd.org

upstream: Disable SSH2_MSG_DEBUG messages for Twisted Conch clients

without version numbers since they choke on them under some circumstances.
https://twistedmatrix.com/trac/ticket/9422

upstream: Disable SSH2_MSG_DEBUG messages for Twisted Conch clients

without version numbers since they choke on them under some circumstances.
https://twistedmatrix.com/trac/ticket/9422 via Colin Watson

Newer Conch versions have a version number in their ident string and
handle debug messages okay. https://twistedmatrix.com/trac/ticket/9424

OpenBSD-Commit-ID: 6cf7be262af0419c58ddae11324d9c0dc1577539

show more ...


Revision tags: V_7_7_P1
# 85701771 15-Feb-2018 dtucker@openbsd.org

upstream: Don't send IUTF8 to servers that don't like them.

Some SSH servers eg "ConfD" drop the connection if the client sends the
new IUTF8 (RFC8160) terminal mode even if it's not set

upstream: Don't send IUTF8 to servers that don't like them.

Some SSH servers eg "ConfD" drop the connection if the client sends the
new IUTF8 (RFC8160) terminal mode even if it's not set. Add a bug bit
for such servers and avoid sending IUTF8 to them. ok djm@

OpenBSD-Commit-ID: 26425855402d870c3c0a90491e72e2a8a342ceda

show more ...


# 14b5c635 23-Jan-2018 djm@openbsd.org

upstream commit

Drop compatibility hacks for some ancient SSH
implementations, including ssh.com <=2.* and OpenSSH <= 3.*.

These versions were all released in or before 2001 and

upstream commit

Drop compatibility hacks for some ancient SSH
implementations, including ssh.com <=2.* and OpenSSH <= 3.*.

These versions were all released in or before 2001 and predate the
final SSH RFCs. The hacks in question aren't necessary for RFC-
compliant SSH implementations.

ok markus@

OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138

show more ...


Revision tags: V_7_6_P1
# 2985d406 25-Jul-2017 dtucker@openbsd.org

upstream commit

Make WinSCP patterns for SSH_OLD_DHGEX more specific to
exclude WinSCP 5.10.x and up. bz#2748, from martin at winscp.net, ok djm@

Upstream-ID: 6fd7c32e99af3952d

upstream commit

Make WinSCP patterns for SSH_OLD_DHGEX more specific to
exclude WinSCP 5.10.x and up. bz#2748, from martin at winscp.net, ok djm@

Upstream-ID: 6fd7c32e99af3952db007aa180e73142ddbc741a

show more ...


# 97f4d308 30-Apr-2017 djm@openbsd.org

upstream commit

remove compat20/compat13/compat15 variables

ok markus@

Upstream-ID: 43802c035ceb3fef6c50c400e4ecabf12354691c


# 99f95ba8 30-Apr-2017 djm@openbsd.org

upstream commit

remove options.protocol and client Protocol
configuration knob

ok markus@

Upstream-ID: 5a967f5d06e2d004b0235457b6de3a9a314e9366


# 56912dea 30-Apr-2017 djm@openbsd.org

upstream commit

unifdef WITH_SSH1 ok markus@

Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7


Revision tags: V_7_5_P1
# 68bc8cfa 03-Feb-2017 djm@openbsd.org

upstream commit

support =- for removing methods from algorithms lists,
e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671 "I like
it" markus@

Upstream-ID:

upstream commit

support =- for removing methods from algorithms lists,
e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671 "I like
it" markus@

Upstream-ID: c78c38f9f81a963b33d0eade559f6048add24a6d

show more ...


Revision tags: V_7_4_P1, V_7_3_P1
# 7ec4946f 23-May-2016 dtucker@openbsd.org

upstream commit

Back out 'plug memleak'.

Upstream-ID: 4faacdde136c24a961e24538de373660f869dbc0


# a0cb7778 22-May-2016 dtucker@openbsd.org

upstream commit

Plug mem leak in filter_proposal. ok djm@

Upstream-ID: bf968da7cfcea2a41902832e7d548356a4e2af34


Revision tags: V_7_2_P2, V_7_2_P1, V_7_1_P2, V_7_1_P1
# 8543d4ef 19-Aug-2015 djm@openbsd.org

upstream commit

Better compat matching for WinSCP, add compat matching
for FuTTY (fork of PuTTY); ok markus@ deraadt@

Upstream-ID: 24001d1ac115fa3260fbdc329a4b9aeb283c5389


Revision tags: V_7_0_P1
# b6ea0e57 28-Jul-2015 djm@openbsd.org

upstream commit

add Cisco to the list of clients that choke on the
hostkeys update extension. Pointed out by Howard Kash

Upstream-ID: c9eadde28ecec056c73d09ee10ba4570dfba7e84


# b1dc2b33 13-Jul-2015 dtucker@openbsd.org

upstream commit

Add "PuTTY_Local:" to the clients to which we do not
offer DH-GEX. This was the string that was used for development versions
prior to September 2014 and they don't

upstream commit

Add "PuTTY_Local:" to the clients to which we do not
offer DH-GEX. This was the string that was used for development versions
prior to September 2014 and they don't do RFC4419 DH-GEX, but unfortunately
there are some extant products based on those versions. bx2424 from Jay
Rouman, ok markus@ djm@

Upstream-ID: be34d41e18b966832fe09ca243d275b81882e1d5

show more ...


Revision tags: V_6_9_P1
# b282fec1 26-May-2015 dtucker@openbsd.org

upstream commit

Cap DH-GEX group size at 4kbits for Cisco implementations.
Some of them will choke when asked for preferred sizes >4k instead of
returning the 4k group that they do

upstream commit

Cap DH-GEX group size at 4kbits for Cisco implementations.
Some of them will choke when asked for preferred sizes >4k instead of
returning the 4k group that they do have. bz#2209, ok djm@

Upstream-ID: 54b863a19713446b7431f9d06ad0532b4fcfef8d

show more ...


# e661a863 04-May-2015 djm@openbsd.org

upstream commit

Remove pattern length argument from match_pattern_list(), we
only ever use it for strlen(pattern).

Prompted by hanno AT hboeck.de pointing an out-of-bound read

upstream commit

Remove pattern length argument from match_pattern_list(), we
only ever use it for strlen(pattern).

Prompted by hanno AT hboeck.de pointing an out-of-bound read
error caused by an incorrect pattern length found using AFL
and his own tools.

ok markus@

show more ...


# ea139507 06-May-2015 dtucker@openbsd.org

upstream commit

Blacklist DH-GEX for specific PuTTY versions known to
send non-RFC4419 DH-GEX messages rather than all versions of PuTTY.
According to Simon Tatham, 0.65 and newer

upstream commit

Blacklist DH-GEX for specific PuTTY versions known to
send non-RFC4419 DH-GEX messages rather than all versions of PuTTY.
According to Simon Tatham, 0.65 and newer versions will send RFC4419 DH-GEX
messages. ok djm@

show more ...


# b58234f0 05-May-2015 dtucker@openbsd.org

upstream commit

WinSCP doesn't implement RFC4419 DH-GEX so flag it so we
don't offer that KEX method. ok markus@


# 318be28c 12-Apr-2015 djm@openbsd.org

upstream commit

deprecate ancient, pre-RFC4419 and undocumented
SSH2_MSG_KEX_DH_GEX_REQUEST_OLD message; ok markus@ deraadt@ "seems
reasonable" dtucker@


# d8f391ca 10-Apr-2015 dtucker@openbsd.org

upstream commit

Don't send hostkey advertisments
(hostkeys-00@openssh.com) to current versions of Tera Term as they can't
handle them. Newer versions should be OK. Patch from Bry

upstream commit

Don't send hostkey advertisments
(hostkeys-00@openssh.com) to current versions of Tera Term as they can't
handle them. Newer versions should be OK. Patch from Bryan Drewery and
IWAMOTO Kouichi, ok djm@

show more ...


123456789