upstream: use the new variant log macros instead of prepending

__func__ and appending ssh_err(r) manually; ok markus@

OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8

upstream: some language improvements; ok markus

OpenBSD-Commit-ID: 939d787d571b4d5da50b3b721fd0b2ac236acaa8

upstream: free kex in ssh_packet_close; ok djm semarie

OpenBSD-Commit-ID: dbc181e90d3d32fd97b10d75e68e374270e070a2

upstream: backout 1.293 fix kex mem-leak in ssh_packet_close at markus

request

the change introduced a NULL deref in sshpkt_vfatal() (uses of ssh->kex after
calling ssh_packet_c

upstream: backout 1.293 fix kex mem-leak in ssh_packet_close at markus

request

the change introduced a NULL deref in sshpkt_vfatal() (uses of ssh->kex after
calling ssh_packet_clear_keys())

OpenBSD-Commit-ID: 9c9a6721411461b0b1c28dc00930d7251a798484

show more ...

upstream: fix kex mem-leak in ssh_packet_close; ok djm

OpenBSD-Commit-ID: e2e9533f393620383afd0b68ef435de8d5e8abe4

upstream: fix ssh -O proxy w/mux which got broken by no longer

making ssh->kex optional in packet.c revision 1.278 ok djm@

OpenBSD-Commit-ID: 2b65df04a064c2c6277359921d2320c90ab7d917

upstream: consistently check packet_timeout_ms against 0; ok djm

OpenBSD-Commit-ID: e8fb8cb2c96c980f075069302534eaf830929928

upstream: have sshpkt_fatal() save/restore errno before we

potentially call strerror() (via ssh_err()); ok dtucker

OpenBSD-Commit-ID: 5590df31d21405498c848245b85c24acb84ad787

upstream: Fix typo in comment.

OpenBSD-Commit-ID: d1d7a6553208bf439378fd1cf686a828aceb353a

upstream: Make zlib optional. This adds a "ZLIB" build time option

that allows building without zlib compression and associated options. With
feedback from markus@, ok djm@

Ope

upstream: Make zlib optional. This adds a "ZLIB" build time option

that allows building without zlib compression and associated options. With
feedback from markus@, ok djm@

OpenBSD-Commit-ID: 44c6e1133a90fd15a3aa865bdedc53bab28b7910

show more ...

upstream: strdup may return NULL if memory allocation fails. Use

the safer xstrdup which fatals on allocation failures.

ok markus@

OpenBSD-Commit-ID: 8b608d387120630753cbcb

upstream: strdup may return NULL if memory allocation fails. Use

the safer xstrdup which fatals on allocation failures.

ok markus@

OpenBSD-Commit-ID: 8b608d387120630753cbcb8110e0b019c0c9a0d0

show more ...

Wrap poll.h includes in HAVE_POLL_H.

upstream: When system calls indicate an error they return -1, not

some arbitrary value < 0. errno is only updated in this case. Change all
(most?) callers of syscalls to follow this be

upstream: When system calls indicate an error they return -1, not

some arbitrary value < 0. errno is only updated in this case. Change all
(most?) callers of syscalls to follow this better, and let's see if this
strictness helps us in the future.

OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075

show more ...

upstream: Typo and spelling fixes in comments and error messages.

Patch from knweiss at gmail.com via -portable.

OpenBSD-Commit-ID: 2577465442f761a39703762c4f87a8dfcb918b4b

upstream: Remove crc32.{c,h} which were only used by the now-gone

SSH1 protocol. Patch from yumkam at gmail.com, ok deraadt.

OpenBSD-Commit-ID: cceda5876c5ba6b4d8abcd52335329198cee3

upstream: Remove crc32.{c,h} which were only used by the now-gone

SSH1 protocol. Patch from yumkam at gmail.com, ok deraadt.

OpenBSD-Commit-ID: cceda5876c5ba6b4d8abcd52335329198cee3240

show more ...

upstream: in ssh_set_newkeys(), mention the direction that we're

keying in debug messages. Previously it would be difficult to tell which
direction it was talking about

OpenBSD-

upstream: in ssh_set_newkeys(), mention the direction that we're

keying in debug messages. Previously it would be difficult to tell which
direction it was talking about

OpenBSD-Commit-ID: c2b71bfcceb2a7389b9d0b497fb2122a406a522d

show more ...

upstream: pass values used in KEX hash computation as sshbuf

rather than pointer+len

suggested by me; implemented by markus@ ok me

OpenBSD-Commit-ID: 994f33c464f4a9e0f1d219

upstream: pass values used in KEX hash computation as sshbuf

rather than pointer+len

suggested by me; implemented by markus@ ok me

OpenBSD-Commit-ID: 994f33c464f4a9e0f1d21909fa3e379f5a0910f0

show more ...

upstream: Make sshpkt_get_bignum2() allocate the bignum it is

parsing rather than make the caller do it. Saves a lot of boilerplate code.

from markus@ ok djm@

OpenBSD-Commi

upstream: Make sshpkt_get_bignum2() allocate the bignum it is

parsing rather than make the caller do it. Saves a lot of boilerplate code.

from markus@ ok djm@

OpenBSD-Commit-ID: 576bf784f9a240f5a1401f7005364e59aed3bce9

show more ...

upstream: allow sshpkt_fatal() to take a varargs format; we'll

use this to give packet-related fatal error messages more context (esp. the
remote endpoint) ok markus@

OpenBSD-Co

upstream: allow sshpkt_fatal() to take a varargs format; we'll

use this to give packet-related fatal error messages more context (esp. the
remote endpoint) ok markus@

OpenBSD-Commit-ID: de57211f9543426b515a8a10a4f481666b2b2a50

show more ...

upstream: fix memory leak of ciphercontext when rekeying; bz#2942

Patch from Markus Schmidt; ok markus@

OpenBSD-Commit-ID: 7877f1b82e249986f1ef98d0ae76ce987d332bdd

upstream: move client/server SSH-* banners to buffers under

ssh->kex and factor out the banner exchange. This eliminates some common code
from the client and server.

Also be mor

upstream: move client/server SSH-* banners to buffers under

ssh->kex and factor out the banner exchange. This eliminates some common code
from the client and server.

Also be more strict about handling \r characters - these should only
be accepted immediately before \n (pointed out by Jann Horn).

Inspired by a patch from Markus Schmidt.
(lots of) feedback and ok markus@

OpenBSD-Commit-ID: 1cc7885487a6754f63641d7d3279b0941890275b

show more ...

Explicitly include openssl before zlib.

Some versions of OpenSSL have "free_func" in their headers, which zlib
typedefs. Including openssl after zlib (eg via sshkey.h) results in
"s

Explicitly include openssl before zlib.

Some versions of OpenSSL have "free_func" in their headers, which zlib
typedefs. Including openssl after zlib (eg via sshkey.h) results in
"syntax error before `free_func'", which this fixes.

show more ...

upstream: memleaks; found by valgrind

OpenBSD-Commit-ID: 6c3ba22be53e753c899545f771e8399fc93cd844

upstream: client: switch to sshbuf API; ok djm@

OpenBSD-Commit-ID: 60cb0356114acc7625ab85105f6f6a7cd44a8d05

upstream: Revert previous two commits

It turns out we still support pre-auth compression on the client.
Therefore revert the previous two commits:

date: 2018/07/06 09:06:14; au

upstream: Revert previous two commits

It turns out we still support pre-auth compression on the client.
Therefore revert the previous two commits:

date: 2018/07/06 09:06:14; author: sf; commitid: yZVYKIRtUZWD9CmE;
Rename COMP_DELAYED to COMP_ZLIB

Only delayed compression is supported nowadays.

ok markus@

date: 2018/07/06 09:05:01; author: sf; commitid: rEGuT5UgI9f6kddP;
Remove leftovers from pre-authentication compression

Support for this has been removed in 2016.
COMP_DELAYED will be renamed in a later commit.

ok markus@

OpenBSD-Commit-ID: cdfef526357e4e1483c86cf599491b2dafb77772

show more ...