summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-05-01upstream commitdjm@openbsd.org
remove SSHv1 support from packet and buffer APIs ok markus@ Upstream-ID: bfc290053d40b806ecac46317d300677d80e1dc9
2017-05-01upstream commitdjm@openbsd.org
remove SSHv1-related buffers from client code Upstream-ID: dca5d01108f891861ceaf7ba1c0f2eb274e0c7dd
2017-05-01upstream commitdjm@openbsd.org
remove KEY_RSA1 ok markus@ Upstream-ID: 7408517b077c892a86b581e19f82a163069bf133
2017-05-01upstream commitdjm@openbsd.org
remove SSHv1 configuration options and man pages bits ok markus@ Upstream-ID: 84638c23546c056727b7a7d653c72574e0f19424
2017-05-01upstream commitdjm@openbsd.org
remove SSH1 make flag and associated files ok markus@ Upstream-ID: ba9feacc5787337c413db7cf26ea3d53f854cfef
2017-05-01upstream commitdjm@openbsd.org
remove SSHv1 ciphers; ok markus@ Upstream-ID: e5ebc5e540d7f23a8c1266db1839794d4d177890
2017-05-01upstream commitdjm@openbsd.org
remove compat20/compat13/compat15 variables ok markus@ Upstream-ID: 43802c035ceb3fef6c50c400e4ecabf12354691c
2017-05-01upstream commitdjm@openbsd.org
remove options.protocol and client Protocol configuration knob ok markus@ Upstream-ID: 5a967f5d06e2d004b0235457b6de3a9a314e9366
2017-05-01upstream commitdjm@openbsd.org
unifdef WITH_SSH1 ok markus@ Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7
2017-05-01upstream commitjmc@openbsd.org
tweak previous; Upstream-ID: a3abc6857455299aa42a046d232b7984568bceb9
2017-05-01upstream commitdjm@openbsd.org
allow ssh-keygen to include arbitrary string or flag certificate extensions and critical options. ok markus@ dtucker@ Upstream-ID: 2cf28dd6c5489eb9fc136e0b667ac3ea10241646
2017-05-01upstream commitjmc@openbsd.org
sort; Upstream-ID: 7e6b56e52b039cf44d0418e9de9aca20a2d2d15a
2017-04-28Typo.Darren Tucker
Upstream-Regress-ID: 1e6b51ddf767cbad0a4e63eb08026c127e654308
2017-04-28Add 2 regress commits I applied by hand.Darren Tucker
Upstream-Regress-ID: 30c20180c87cbc99fa1020489fe7fd8245b6420c Upstream-Regress-ID: 1e6b51ddf767cbad0a4e63eb08026c127e654308
2017-04-28Merge integrity.sh rev 1.22.Darren Tucker
Merge missing bits from Colin Watson's patch in bz#2658 which make integrity tests more robust against timeouts. ok djm@
2017-04-28Id sync for integrity.sh rev 1.21 which pulls in some shell portability fixesDarren Tucker
2017-04-28upstream commitjsg@openbsd.org
Change COMPILER_VERSION tests which limited additional warnings to gcc4 to instead skip them on gcc3 as clang can handle -Wpointer-sign and -Wold-style-definition. Upstream-Regress-ID: e48d7dc13e48d9334b8195ef884dfbc51316012f
2017-04-28upstream commitdjm@openbsd.org
include key fingerprint in "Offering public key" debug message Upstream-ID: 964749f820c2ed4cf6a866268b1a05e907315c52
2017-04-28upstream commitmillert@openbsd.org
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@ Upstream-ID: f31caae73ddab6df496b7bbbf7da431e267ad135
2017-04-28upstream commitdtucker@openbsd.org
Add SyslogFacility option to ssh(1) matching the equivalent option in sshd(8). bz#2705, patch from erahn at arista.com, ok djm@ Upstream-ID: d5115c2c0193ceb056ed857813b2a7222abda9ed
2017-04-28upstream commitjsg@openbsd.org
remove a static array unused since rev 1.306 spotted by clang ok djm@ Upstream-ID: 249b3eed2446f6074ba2219ccc46919dd235a7b8
2017-04-28upstream commitmillert@openbsd.org
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@ Upstream-ID: 1f82640861c7d905bbb05e7d935d46b0419ced02
2017-04-25Fix typo in "socketcall".Darren Tucker
Pointed out by jjelen at redhat.com.
2017-04-24Deny socketcall in seccomp filter on ppc64le.Darren Tucker
OpenSSL is using socket() calls (in FIPS mode) when handling ECDSA keys in privsep child. The socket() syscall is already denied in the seccomp filter, but in ppc64le kernel, it is implemented using socketcall() syscall, which is not denied yet (only SYS_SHUTDOWN is allowed) and therefore fails hard. Patch from jjelen at redhat.com.
2017-04-18upstream commitschwarze@openbsd.org
Recognize nl_langinfo(CODESET) return values "646" and "" as aliases for "US-ASCII", useful for different versions of NetBSD and Solaris. Found by dtucker@ and by Tom G. Christensen <tgc at jupiterrise dot com>. OK dtucker@ deraadt@ Upstream-ID: 38c2133817cbcae75c88c63599ac54228f0fa384
2017-04-18upstream commitjsg@openbsd.org
Change COMPILER_VERSION tests which limited additional warnings to gcc4 to instead skip them on gcc3 as clang can handle -Wpointer-sign and -Wold-style-definition. Upstream-ID: 5cbe348aa76dc1adf55be6c0e388fafaa945439a
2017-04-04upstream commitdjm@openbsd.org
disallow creation (of empty files) in read-only mode; reported by Michal Zalewski, feedback & ok deraadt@ Upstream-ID: 5d9c8f2fa8511d4ecf95322994ffe73e9283899b
2017-04-04upstream commitderaadt@openbsd.org
incorrect renditions of this quote bother me Upstream-ID: 1662be3ebb7a71d543da088119c31d4d463a9e49
2017-03-31Check for and use gcc's -pipe.Darren Tucker
Speeds up configure and build by a couple of percent. ok djm@
2017-03-29Import fmt_scaled.c rev 1.16 from OpenBSD.Darren Tucker
Fix overly-conservative overflow checks on mulitplications and add checks on additions. This allows scan_scaled to work up to +/-LLONG_MAX (LLONG_MIN will still be flagged as a range error). ok millert@
2017-03-29Import fmt_scaled.c rev 1.15 from OpenBSD.Darren Tucker
Collapse underflow and overflow checks into a single block. ok djm@ millert@
2017-03-29Import fmt_scaled.c rev 1.14 from OpenBSD.Darren Tucker
Catch integer underflow in scan_scaled reported by Nicolas Iooss. ok deraadt@ djm@
2017-03-29Don't check privsep user or path when unprivilegedDarren Tucker
If running with privsep (mandatory now) as a non-privileged user, we don't chroot or change to an unprivileged user however we still checked the existence of the user and directory. Don't do those checks if we're not going to use them. Based in part on a patch from Lionel Fourquaux via Corinna Vinschen, ok djm@
2017-03-29Remove SHA256 EVP wrapper implementation.Darren Tucker
All supported versions of OpenSSL should now have SHA256 so remove our EVP wrapper implementaion. ok djm@
2017-03-29Remove check for OpenSSL < 0.9.8g.Darren Tucker
We no longer support OpenSSL < 1.0.1 so remove check for unreliable ECC in OpenSSL < 0.9.8g.
2017-03-29Remove compat code for OpenSSL < 0.9.7.Darren Tucker
Resyncs that code with OpenBSD upstream.
2017-03-29Remove SSHv1 code path.Darren Tucker
Server-side support for Protocol 1 has been removed so remove !compat20 PAM code path.
2017-03-24Enable ldns when using ldns-config.Darren Tucker
Actually enable ldns when attempting to use ldns-config. bz#2697, patch from fredrik at fornwall.net.
2017-03-22Missing header on Linux/s390Damien Miller
Patch from Jakub Jelen
2017-03-21upstream commitdjm@openbsd.org
remove /usr/bin/time calls around tests, makes diffing test runs harder. Based on patch from Mike Frysinger Upstream-Regress-ID: 81c1083b14dcf473b23d2817882f40b346ebc95c
2017-03-21Fix syntax error on Linux/X32Damien Miller
Patch from Mike Frysinger
2017-03-20Add llabs() implementation.Darren Tucker
2017-03-20crank version numbersDamien Miller
2017-03-20upstream commitdjm@openbsd.org
openssh-7.5 Upstream-ID: b8b9a4a949427c393cd868215e1724ceb3467ee5
2017-03-20I'm a doofus.Damien Miller
Unbreak obvious syntax error.
2017-03-20on Cygwin, check paths from server for backslashesDamien Miller
Pointed out by Jann Horn of Google Project Zero
2017-03-20Yet another synonym for ASCII: "646"Damien Miller
Used by NetBSD; this unbreaks mprintf() and friends there for the C locale (caught by dtucker@ and his menagerie of test systems).
2017-03-20create test mux socket in /tmpDamien Miller
Creating the socket in $OBJ could blow past the (quite limited) path limit for Unix domain sockets. As a bandaid for bz#2660, reported by Colin Watson; ok dtucker@
2017-03-17upstream commitmarkus@openbsd.org
disallow KEXINIT before NEWKEYS; ok djm; report by vegard.nossum at oracle.com Upstream-ID: 3668852d1f145050e62f1da08917de34cb0c5234
2017-03-16Include includes.h for compat bits.Darren Tucker