summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-10-31upstream commitdjm@openbsd.org@openbsd.org
improve printing of rdomain on accept() a little OpenBSD-Commit-ID: 5da58db2243606899cedaa646c70201b2d12247a
2017-10-31upstream commitjmc@openbsd.org@openbsd.org
mark up the rdomain keyword; OpenBSD-Commit-ID: 1b597d0ad0ad20e94dbd61ca066057e6f6313b8a
2017-10-31upstream commitjmc@openbsd.org@openbsd.org
tweak the uri text, specifically removing some markup to make it a bit more readable; issue reported by - and diff ok - millert OpenBSD-Commit-ID: 8b56a20208040b2d0633536fd926e992de37ef3f
2017-10-31upstream commitjmc@openbsd.org@openbsd.org
simplify macros in previous, and some minor tweaks; OpenBSD-Commit-ID: 6efeca3d8b095b76e21b484607d9cc67ac9a11ca
2017-10-31Switch upstream git repository.Damien Miller
Previously portable OpenSSH has synced against a conversion of OpenBSD's CVS repository made using the git cvsimport tool, but this has become increasingly unreliable. As of this commit, portable OpenSSH now tracks a conversion of the OpenBSD CVS upstream made using the excellent cvs2gitdump tool from YASUOKA Masahiko: https://github.com/yasuoka/cvs2gitdump cvs2gitdump is considerably more reliable than gitcvsimport and the old version of cvsps that it uses under the hood, and is the same tool used to export the entire OpenBSD repository to git (so we know it can cope with future growth). These new conversions are mirrored at github, so interested parties can match portable OpenSSH commits to their upstream counterparts. https://github.com/djmdjm/openbsd-openssh-src https://github.com/djmdjm/openbsd-openssh-regress An unfortunate side effect of switching upstreams is that we must have a flag day, across which the upstream commit IDs will be inconsistent. The old commit IDs are recorded with the tags "Upstream-ID" for main directory commits and "Upstream-Regress-ID" for regress commits. To make it clear that the commit IDs do not refer to the same things, the new repository will instead use "OpenBSD-ID" and "OpenBSD-Regress-ID" tags instead. Apart from being a longwinded explanation of what is going on, this commit message also serves to synchronise our tools with the state of the tree, which happens to be: OpenBSD-ID: 9c43a9968c7929613284ea18e9fb92e4e2a8e4c1 OpenBSD-Regress-ID: b33b385719420bf3bc57d664feda6f699c147fef
2017-10-27fix rdomain compilation errorsDamien Miller
2017-10-25autoconf glue to enable Linux VRFDamien Miller
2017-10-25basic valid_rdomain() implementation for LinuxDamien Miller
2017-10-25implement get/set_rdomain() for LinuxDamien Miller
Not enabled, pending implementation of valid_rdomain() and autoconf glue
2017-10-25stubs for rdomain replacement functionsDamien Miller
2017-10-25rename port-tun.[ch] => port-net.[ch]Damien Miller
Ahead of adding rdomain support
2017-10-25upstream commitdjm@openbsd.org
uninitialised variable in PermitTunnel printing code Upstream-ID: f04dc33e42855704e116b8da61095ecc71bc9e9a
2017-10-25provide hooks and fallbacks for rdomain supportDamien Miller
2017-10-25check for net/route.h and sys/sysctl.hDamien Miller
2017-10-25upstream commitdjm@openbsd.org
transfer ownership of stdout to the session channel by dup2'ing /dev/null to fd 1. This allows propagation of remote stdout close to the local side; reported by David Newall, ok markus@ Upstream-ID: 8d9ac18a11d89e6b0415f0cbf67b928ac67f0e79
2017-10-25upstream commitdjm@openbsd.org
add a "rdomain" criteria for the sshd_config Match keyword to allow conditional configuration that depends on which rdomain(4) a connection was recevied on. ok markus@ Upstream-ID: 27d8fd5a3f1bae18c9c6e533afdf99bff887a4fb
2017-10-25upstream commitdjm@openbsd.org
add sshd_config RDomain keyword to place sshd and the subsequent user session (including the shell and any TCP/IP forwardings) into the specified rdomain(4) ok markus@ Upstream-ID: be2358e86346b5cacf20d90f59f980b87d1af0f5
2017-10-25upstream commitdjm@openbsd.org
Add optional rdomain qualifier to sshd_config's ListenAddress option to allow listening on a different rdomain(4), e.g. ListenAddress 0.0.0.0 rdomain 4 Upstream-ID: 24b6622c376feeed9e9be8b9605e593695ac9091
2017-10-25upstream commitmillert@openbsd.org
Kill dead store and some spaces vs. tabs indent in parse_user_host_path(). Noticed by markus@ Upstream-ID: 114fec91dadf9af46c7c94fd40fc630ea2de8200
2017-10-25upstream commitjmc@openbsd.org
tweak previous; ok djm Upstream-ID: 7d913981ab315296be1f759c67b6e17aea38fca9
2017-10-23avoid -Wsign-compare warning in argv copyingDamien Miller
2017-10-23upstream commitdjm@openbsd.org
Expose devices allocated for tun/tap forwarding. At the client, the device may be obtained from a new %T expansion for LocalCommand. At the server, the allocated devices will be listed in a SSH_TUNNEL variable exposed to the environment of any user sessions started after the tunnel forwarding was established. ok markus Upstream-ID: e61e53f8ae80566e9ddc0d67a5df5bdf2f3c9f9e
2017-10-23upstream commitmillert@openbsd.org
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@ Upstream-ID: 4ba3768b662d6722de59e6ecb00abf2d4bf9cacc
2017-10-20Fix missed RCSID mergesDamien Miller
2017-10-20upstream commitdjm@openbsd.org
more RCSIDs Upstream-Regress-ID: 1aecbe3f8224793f0ec56741a86d619830eb33be
2017-10-20upstream commitdjm@openbsd.org
add RCSIDs to these; they make syncing portable a bit easier Upstream-ID: 56cb7021faea599736dd7e7f09c2e714425b1e68
2017-10-20upstream commitDamien Miller
Apply missing commit 1.11 to kexc25519s.c Upstream-ID: 5f020e23a1ee6c3597af1f91511e68552cdf15e8
2017-10-20upstream commitDamien Miller
Apply missing commit 1.127 to servconf.h Upstream-ID: f14c4bac74a2b7cf1e3cff6bea5c447f192a7d15
2017-10-20upstream commitjmc@openbsd.org
remove unused Pp; Upstream-ID: 8ad26467f1f6a40be887234085a8e01a61a00550
2017-10-20upstream commitdjm@openbsd.org
In the description of pattern-lists, clarify negated matches by explicitly stating that a negated match will never yield a positive result, and that at least one positive term in the pattern-list must match. bz#1918 Upstream-ID: 652d2f9d993f158fc5f83cef4a95cd9d95ae6a14
2017-10-20upstream commitdjm@openbsd.org
log debug messages sent to peer; ok deraadt markus Upstream-ID: 3b4fdc0a06ea5083f61d96e20043000f477103d9
2017-10-20upstream commitjmc@openbsd.org
trim permitrootlogin description somewhat, to avoid ambiguity; original diff from walter alejandro iglesias, tweaked by sthen and myself ok sthen schwarze deraadt Upstream-ID: 1749418b2bc073f3fdd25fe21f8263c3637fe5d2
2017-10-20upstream commitdjm@openbsd.org
mention SSH_USER_AUTH in the list of environment variables Upstream-ID: 1083397c3ee54b4933121ab058c70a0fc6383691
2017-10-20upstream commitdjm@openbsd.org
BIO_get_mem_data() is supposed to take a char* as pointer argument, so don't pass it a const char* Upstream-ID: 1ccd91eb7f4dd4f0fa812d4f956987cd00b5f6ec
2017-10-20upstream commitbenno@openbsd.org
clarify the order in which config statements are used. ok jmc@ djm@ Upstream-ID: e37e27bb6bbac71315e22cb9690fd8a556a501ed
2017-10-20upstream commitdjm@openbsd.org
replace statically-sized arrays in ServerOptions with dynamic ones managed by xrecallocarray, removing some arbitrary (though large) limits and saving a bit of memory; "much nicer" markus@ Upstream-ID: 1732720b2f478fe929d6687ac7b0a97ff2efe9d2
2017-10-20upstream commitjmc@openbsd.org
%C is hashed; from klemens nanni ok markus Upstream-ID: 6ebed7b2e1b6ee5402a67875d74f5e2859d8f998
2017-10-05upstream commitdjm@openbsd.org
exercise PermitOpen a little more thoroughly Upstream-Regress-ID: f41592334e227a4c1f9a983044522de4502d5eac
2017-10-05upstream commitdtucker@openbsd.org
UsePrivilegeSeparation is gone, stop trying to test it. Upstream-Regress-ID: 796a5057cfd79456a20ea935cc53f6eb80ace191
2017-10-05upstream commitdjm@openbsd.org
fix (another) problem in PermitOpen introduced during the channels.c refactor: the third and subsequent arguments to PermitOpen were being silently ignored; ok markus@ Upstream-ID: 067c89f1f53cbc381628012ba776d6861e6782fd
2017-10-03upstream commitdjm@openbsd.org
Fix PermitOpen crash; spotted by benno@, ok dtucker@ deraadt@ Upstream-ID: c2cc84ffac070d2e1ff76182c70ca230a387983c
2017-10-01update URL againDamien Miller
I spotted a typo in the draft so uploaded a new version...
2017-10-01sync release notes URLDamien Miller
2017-10-01sync contrib/ssh-copy-id with upstreamDamien Miller
2017-10-01update version in RPM spec filesDamien Miller
2017-10-01update agent draft URLDamien Miller
2017-10-01upstream commitdjm@openbsd.org
openssh-7.6; ok deraadt@ Upstream-ID: a39c3a5b63a1baae109ae1ae4c7c34c2a59acde0
2017-10-01upstream commitjmc@openbsd.org
tweak EposeAuthinfo; diff from lars nooden tweaked by sthen; ok djm dtucker Upstream-ID: 8f2ea5d2065184363e8be7a0ba24d98a3b259748
2017-09-28don't fatal ./configure for LibreSSLDamien Miller
2017-09-28abort in configure when only openssl-1.1.x foundDamien Miller
We don't support openssl-1.1.x yet (see multiple threads on the openssh-unix-dev@ mailing list for the reason), but previously ./configure would accept it and the compilation would subsequently fail. This makes ./configure display an explicit error message and abort. ok dtucker@