summaryrefslogtreecommitdiffstats
path: root/sftp-server-main.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2018-11-19upstream: Fix inverted logic for redirecting ProxyCommand stderr todtucker@openbsd.org1-3/+5
/dev/null. Fixes mosh in proxycommand mode that was broken by the previous ProxyCommand change that was reported by matthieu@. ok djm@ danj@ OpenBSD-Commit-ID: c6fc9641bc250221a0a81c6beb2e72d603f8add6
2018-11-16upstream: redirect stderr of ProxyCommands to /dev/null when ssh isdjm@openbsd.org1-5/+32
started with ControlPersist; based on patch from Steffen Prohaska OpenBSD-Commit-ID: 1bcaa14a03ae80369d31021271ec75dce2597957
2018-11-16upstream: make grandparent-parent-child sshbuf chains robust todjm@openbsd.org1-7/+10
use-after-free faults if the ancestors are freed before the descendents. Nothing in OpenSSH uses this deallocation pattern. Reported by Jann Horn OpenBSD-Commit-ID: d93501d1d2734245aac802a252b9bb2eccdba0f2
2018-11-16upstream: use path_absolute() for pathname checks; from Manoj Ampalamdjm@openbsd.org8-17/+25
OpenBSD-Commit-ID: 482ce71a5ea5c5f3bc4d00fd719481a6a584d925
2018-11-16Test for OPENSSL_init_crypto before using.Darren Tucker2-3/+7
Check for the presence of OPENSSL_init_crypto and all the flags we want before trying to use it (bz#2931).
2018-11-16upstream: disallow empty incoming filename or ones that refer to thedjm@openbsd.org1-2/+3
current directory; based on report/patch from Harry Sintonen OpenBSD-Commit-ID: f27651b30eaee2df49540ab68d030865c04f6de9
2018-11-16upstream: fix bug in client that was keeping a redundant ssh-agentdjm@openbsd.org1-3/+5
socket around for the life of the connection; bz#2912; reported by Simon Tatham; ok dtucker@ OpenBSD-Commit-ID: 4ded588301183d343dce3e8c5fc1398e35058478
2018-11-16upstream: fix bug in HostbasedAcceptedKeyTypes anddjm@openbsd.org1-5/+34
PubkeyAcceptedKeyTypes options. If only RSA-SHA2 siganture types were specified, then authentication would always fail for RSA keys as the monitor checks only the base key (not the signature algorithm) type against *AcceptedKeyTypes. bz#2746; reported by Jakub Jelen; ok dtucker OpenBSD-Commit-ID: 117bc3dc54578dbdb515a1d3732988cb5b00461b
2018-11-16upstream: support a prefix of '@' to suppress echo of sftp batchdjm@openbsd.org2-28/+40
commands; bz#2926; ok dtucker@ OpenBSD-Commit-ID: 9d635636bc84aeae796467e059f7634de990a79d
2018-11-16upstream: fix markup error (missing blank before delimiter); fromschwarze@openbsd.org1-3/+3
Mike Frysinger <vapier at gentoo dot org> OpenBSD-Commit-ID: 1bc5392f795ca86318d695e0947eaf71a5a4f6d9
2018-11-16upstream: typo in error message; caught by Debian lintian, viadjm@openbsd.org1-2/+2
Colin Watson OpenBSD-Commit-ID: bff614c7bd1f4ca491a84e9b5999f848d0d66758
2018-11-16upstream: correct local variable name; from yawang AT microsoft.comdjm@openbsd.org1-3/+3
OpenBSD-Commit-ID: a0c228390856a215bb66319c89cb3959d3af8c87
2018-11-16upstream: Import new moduli.dtucker@openbsd.org1-0/+1
OpenBSD-Commit-ID: c07772f58028fda683ee6abd41c73da3ff70d403
2018-11-16upstream: mention ssh-ed25519-cert-v01@openssh.com in list of certdjm@openbsd.org1-1/+2
key type at start of doc OpenBSD-Commit-ID: b46b0149256d67f05f2d5d01e160634ed1a67324
2018-11-16Remove fallback check for /usr/local/ssl.Darren Tucker1-20/+4
If configure could not find a working OpenSSL installation it would fall back to checking in /usr/local/ssl. This made sense back when systems did not ship with OpenSSL, but most do and OpenSSL 1.1 doesn't use that as a default any more. The fallback behaviour also meant that if you pointed --with-ssl-dir at a specific directory and it didn't work, it would silently use either the system libs or the ones in /usr/local/ssl. If you want to use /usr/local/ssl you'll need to pass configure --with-ssl-dir=/usr/local/ssl. ok djm@
2018-11-16Fix check for OpenSSL 1.0.1 exactly.Darren Tucker1-1/+1
Both INSTALL and configure.ac claim OpenSSL >= 1.0.1 is supported; fix compile-time check for 1.0.1 to match.
2018-11-11Improve warnings in cygwin service setup.Darren Tucker1-5/+5
bz#2922, patch from vinschen at redhat.com.
2018-11-11Remove hardcoded service name in cygwin setup.Darren Tucker1-1/+1
bz#2922, patch from Christian.Lupien at USherbrooke.ca, sanity check by vinschen at redhat.com.
2018-11-10AC_CHECK_SIZEOF() no longer needs a second argument.Dag-Erling Smørgrav1-4/+4
2018-11-10Fix error message w/out nistp521.Manoj Ampalam1-0/+4
Correct error message when OpenSSL doesn't support certain ECDSA key lengths.
2018-11-09fix compilation with openssl built without ECCEneas U de Queiroz2-0/+8
ECDSA code in openssh-compat.h and libressl-api-compat.c needs to be guarded by OPENSSL_HAS_ECC Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2018-11-08Simplify OpenSSL 1.1 function checks.Darren Tucker1-113/+37
Replace AC_SEARCH_LIBS checks for OpenSSL 1.1 functions with a single AC_CHECK_FUNCS. ok djm@
2018-11-05Fix pasto for HAVE_EVP_CIPHER_CTX_SET_IV.Darren Tucker1-1/+1
Prevents unnecessary redefinition. Patch from mforney at mforney.org.
2018-10-31Import new moduli.Darren Tucker1-427/+451
2018-10-28Update check for minimum OpenSSL version.Darren Tucker1-2/+2
2018-10-28Update required OpenSSL versions to match current.Darren Tucker1-5/+5
2018-10-28Use detected version functions in openssl compat.Darren Tucker1-3/+10
Use detected functions in compat layer instead of guessing based on versions. Really fixes builds with LibreSSL, not just configure.
2018-10-27Check for the existence of openssl version funcs.Darren Tucker1-5/+12
Check for the existence of openssl version functions and use the ones detected instead of trying to guess based on the int32 version identifier. Fixes builds with LibreSSL.
2018-10-26fix builds on OpenSSL <= 1.0.xDamien Miller2-1/+14
I thought OpenSSL 1.0.x offered the new-style OpenSSL_version_num() API to obtain version number, but they don't.
2018-10-23remove remaining references to SSLeayDamien Miller2-7/+10
Prompted by Rosen Penev
2018-10-23regen dependDamien Miller1-1/+1
2018-10-23upstream: refer to OpenSSL not SSLeay;djm@openbsd.org3-9/+10
we're old, but we don't have to act it OpenBSD-Commit-ID: 9ca38d11f8ed19e61a55108d1e892d696cee08ec
2018-10-23fix compile for openssl 1.0.x w/ --with-ssl-engineDamien Miller1-1/+1
bz#2921, patch from cotequeiroz
2018-10-22Include openssl compatibility.Darren Tucker2-0/+3
Patch from rosenp at gmail.com via openssh-unix-dev.
2018-10-22upstream: when printing certificate contents "ssh-keygen -Lfdjm@openbsd.org1-3/+4
/path/certificate", include the algorithm that the CA used to sign the cert. OpenBSD-Commit-ID: 1ea20b5048a851a7a0758dcb9777a211a2c0dddd
2018-10-22upstream: struct sockaddr_storage is guaranteed to be large enough,florian@openbsd.org1-5/+1
no need to check the size. OK kn, deraadt OpenBSD-Commit-ID: 0aa56e92eb49c79f495b31a5093109ec5841f439
2018-10-17Require OpenSSL 1.1.x series 1.1.0g or greaterV_7_9_P1Damien Miller1-9/+13
Previous versions have a bug with EVP_CipherInit() when passed a NULL EVP_CIPHER, per https://github.com/openssl/openssl/pull/4613 ok dtucker@
2018-10-16unbreak compilation with --with-ssl-engineDamien Miller1-1/+1
Missing last argument to OPENSSL_init_crypto()
2018-10-16Remove gcc spectre mitigation flags.Darren Tucker1-9/+0
Current impementions of the gcc spectre mitigation flags cause miscompilations when combined with other flags and do not provide much protection. Found by fweimer at redhat.com, ok djm@
2018-10-16Avoid deprecated OPENSSL_config when using 1.1.xDamien Miller1-0/+6
OpenSSL 1.1.x soft-deprecated OPENSSL_config in favour of OPENSSL_init_crypto; pointed out by Jakub Jelen
2018-10-12Don't avoid our *sprintf replacements.Darren Tucker1-0/+9
Don't let systems with broken printf(3) avoid our replacements via asprintf(3)/vasprintf(3) calling libc internally. From djm@
2018-10-12Check if snprintf understands %zu.Darren Tucker1-0/+23
If the platforms snprintf and friends don't understand %zu, use the compat replacement. Prevents segfaults on those platforms.
2018-10-12remove stale link, tweakDamien Miller1-5/+1
2018-10-12update version numbers ahead of releaseDamien Miller3-3/+3
2018-10-12upstream: don't send new-style rsa-sha2-*-cert-v01@openssh.com names todjm@openbsd.org1-2/+3
older OpenSSH that can't handle them. spotted by Adam Eijdenberg; ok dtucker OpenBSD-Commit-ID: 662bbc402e3d7c9b6c322806269698106a6ae631
2018-10-11update dependsDamien Miller1-3/+3
2018-10-11some more duplicated key algorithm linesDamien Miller1-4/+0
From Adam Eijdenberg
2018-10-11fix duplicated algorithm specification linesDamien Miller1-4/+0
Spotted by Adam Eijdenberg
2018-10-11upstream: typo in plain RSA algorithm counterpart names fordjm@openbsd.org1-3/+3
certificates; spotted by Adam Eijdenberg; ok dtucker@ OpenBSD-Commit-ID: bfcdeb6f4fc9e7607f5096574c8f118f2e709e00
2018-10-11check pw_passwd != NULL here tooDamien Miller1-0/+3
Again, for systems with broken NIS implementations. Prompted by coolbugcheckers AT gmail.com
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 15:10:42 +0100