| Age | Commit message (Collapse) | Author |
|---|
|
Only delayed compression is supported nowadays.
ok markus@
|
|
Support for this has been removed in 2016.
COMP_DELAYED will be renamed in a later commit.
ok markus@
|
|
ok markus@
|
|
|
|
|
|
|
|
returns ability to add/remove/specify algorithms by wildcard.
Algorithm lists are now fully expanded when the server/client configs
are finalised, so errors are reported early and the config dumps
(e.g. "ssh -G ...") now list the actual algorithms selected.
Clarify that, while wildcards are accepted in algorithm lists, they
aren't full pattern-lists that support negation.
(lots of) feedback, ok markus@
|
|
|
|
|
|
can call ber_readbuf() in all cases. This resolves a problem previously
encountered with SNMPv3 authentication, simplifies the code, and completes a
full synchronization of all ber instances.
Proposed by claudio@. Problematic use case in snmpd tested by sthen@ and me.
ldap(s) appear happy as well.
looks good to claudio@
|
|
to the same thing).
|
|
|
|
ok rob reyk
|
|
Aloni.
|
|
Ok reyk@
|
|
See usr.sbin/snmpd/ber.c revision 1.24 commit log for a summary of these
changes (e.g. SNMPv2 traps, User-based Security Model, callback for USM HMAC
calculations).
There is one final ber piece to copy from the snmpd instance related to
ber_getc() which will be done in a separate diff.
"looks good to me" deraadt@
|
|
hosted in ssh-agent
|
|
|
|
version; part of RSA-SHA2 strictification, ok markus@
|
|
In ssh, when an agent fails to return a RSA-SHA2 signature when
requested and falls back to RSA-SHA1 instead, retry the signature to
ensure that the public key algorithm sent in the SSH_MSG_USERAUTH
matches the one in the signature itself.
In sshd, strictly enforce that the public key algorithm sent in the
SSH_MSG_USERAUTH message matches what appears in the signature.
Make the sshd_config PubkeyAcceptedKeyTypes and
HostbasedAcceptedKeyTypes options control accepted signature algorithms
(previously they selected supported key types). This allows these
options to ban RSA-SHA1 in favour of RSA-SHA2.
Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and
"rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures
with certificate keys.
feedback and ok markus@
|
|
whitelisted environment variable names in addition to yes|no.
bz#1800, feedback and ok markus@
|
|
and add some explanatory text: originally from a diff proposed by
matthew martin, with an adjusted text by him
- while here, sync synopsis and usage(), and some other minor tweaks
|
|
|
|
|
|
|
|
Ok reyk@
|
|
with snmpd. More tweaks to come once things are fully synchronized.
Feedback from claudio and Robert Klein.
Ok claudio@
|
|
We have an ldapd(8) server and ypldap in base, so it makes sense to
have a simple LDAP client without depending on the OpenLDAP package.
This tool can be used in an ssh(1) AuthorizedKeysCommand script.
With feedback from many including millert@ schwarze@ gilles@ dlg@ jsing@
OK deraadt@
|
|
|
|
Ok claudio@, "looks right" gsoares@
|
|
/. From JINNOUCHI Yasushi in GitHub issue 1386.
|
|
passwords. A similar fix was applied to snmpd in 2010 (rev 1.23).
Pointers from Reyk.
Ok claudio@
|
|
We have an ldapd(8) server and ypldap in base, so it makes sense to
have a simple LDAP client without depending on the OpenLDAP package.
This tool can be used in an ssh(1) AuthorizedKeysCommand script.
With feedback from many including millert@ schwarze@ gilles@ dlg@ jsing@
OK deraadt@
|
|
|
|
choosing a prime. An extra increment of linenum snuck in as part
of the conversion to getline(). OK djm@ markus@
|
|
from Kamil Rytarowski.
|
|
Pointed out by Tim Chase
OK rob@ gsoares@ jmc@
|
|
slot_attach(). Now this makes no difference, because slot_attach() is
always called right after slot_start(). However this will allow us to
call slot_{attach,detach}() routines, while preserving the state of
the slot.
|
|
We have an ldapd(8) server and ypldap in base, so it makes sense to
have a simple LDAP client without depending on the OpenLDAP package.
This tool can be used in an ssh(1) AuthorizedKeysCommand script.
With feedback from many including millert@ schwarze@ gilles@ dlg@ jsing@
OK deraadt@
|
|
It was used to determine whether the slot obeys MMC and is ready
to start. The stop->opt->mmc flag indicates if it obeys MMC and
the slot->pstate == SLOT_READY indicates if it's ready. So
slot->tstate can be safely removed.
|
|
|
|
overwritten in dev_mix_adjvol(), which is always called.
|
|
|
|
instead of the maximum channel number. This way the code is simpler.
No behaviour change.
|
|
information is already available in the opt structure.
|
|
is available in the opt structure.
|
|
everywhere.
|
|
use the latter everywhere.
|
|
as their value doesn't change once the slot is initialized.
|
|
|
