| Age | Commit message (Collapse) | Author |
|---|
|
OpenBSD-Commit-ID: 8c7d82ee1e63e26ceb2b3d3a16514019f984f6bf
|
|
"expiry-time" as the former is confusing wrt similar terminology in X.509;
pointed out by jsing@
OpenBSD-Commit-ID: 376939466a1f562f3950a22314bc6505733aaae6
|
|
simple way of giving a key an expiry date. ok markus@
OpenBSD-Commit-ID: 1793b4dd5184fa87f42ed33c7b0f4f02bc877947
|
|
The recently added MIPS ABI tests need AC_LANG_PROGRAM to prevent
warnings from autoconf. Pointed out by klausz at haus-gisela.de.
|
|
some configs.
revision 1.124
date: 2018/03/02 03:02:11; author: djm; state: Exp; lines: +19 -8; commitid: nNRsCijZiGG6SUTT;
Allow escaped quotes \" and \' in ssh_config and sshd_config quotes
option strings. bz#1596 ok markus@
OpenBSD-Commit-ID: 59c40b1b81206d713c06b49d8477402c86babda5
|
|
format details and point to sshd(8), where it is documented;
ok dtucker
OpenBSD-Commit-ID: 95f17e47dae02a6ac7329708c8c893d4cad0004a
|
|
Currently seccomp_audit_arch is set to AUDIT_ARCH_MIPS64 or
AUDIT_ARCH_MIPSEL64 (depending on the endinness) when openssh is built
for MIPS64. However, that's only valid for n64 ABI. The right macros for
n32 ABI defined in seccomp.h are AUDIT_ARCH_MIPS64N32 and
AUDIT_ARCH_MIPSEL64N32, for big and little endian respectively.
Because of that an sshd built for MIPS64 n32 rejects connection attempts
and the output of strace reveals that the problem is related to seccomp
audit:
[pid 194] prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, {len=57,
filter=0x555d5da0}) = 0
[pid 194] write(7, "\0\0\0]\0\0\0\5\0\0\0Ulist_hostkey_types: "..., 97) = ?
[pid 193] <... poll resumed> ) = 2 ([{fd=5, revents=POLLIN|POLLHUP},
{fd=6, revents=POLLHUP}])
[pid 194] +++ killed by SIGSYS +++
This patch fixes that problem by setting the right value to
seccomp_audit_arch taking into account the MIPS64 ABI.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
|
|
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
|
|
|
|
|
|
Some really old platforms (eg SunOS4) segfault on fflush(NULL) so check
for and work around. With klausz at haus-gisela.de.
|
|
Extra #endif breaks compile with -DWITH_XMSS. Pointed out by Jack
Schmidt via github.
|
|
bumped the minimum from 768 to 1024, update man page accordingly.
OpenBSD-Commit-ID: 27563ab4e866cd2aac40a5247876f6787c08a338
|
|
points to something in /dev (rather than checking the device node itself);
makes life easier for portable, where systems with dynamic ptys can delete
nodes before we get around to testing their existence.
OpenBSD-Regress-ID: b1e455b821e62572bccd98102f8dd9d09bb94994
|
|
|
|
Some platforms don't have strndup, which includes Solaris 10, NetBSD 3
and FreeBSD 6.
|
|
This will make maintenance and changes easier. "no objection" tim@
|
|
OpenBSD-Regress-ID: 820f9ec9c6301f6ca330ad4052d85f0e67d0bdc1
|
|
testing of restrict keyword
OpenBSD-Regress-ID: 4268f27c2706a0a95e725d9518c5bcbec9814c6d
|
|
authorized_keys
OpenBSD-Regress-ID: ee771df8955f2735df54746872c6228aff381daa
|
|
remove the legacy one.
Includes a fairly big refactor of auth2-pubkey.c to retain less state
between key file lines.
feedback and ok markus@
OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df
|
|
This API parses options to a dedicated structure rather than the old API's
approach of setting global state. It also includes support for merging
options, e.g. from authorized_keys, authorized_principals and/or
certificates.
feedback and ok markus@
OpenBSD-Commit-ID: 98badda102cd575210d7802943e93a34232c80a2
|
|
different to what was requested. This might happen when an old/non-OpenSSH
agent is asked to make a rsa-sha2-256/512 signature but only supports
ssh-rsa. bz#2799 feedback and ok markus@
OpenBSD-Commit-ID: 760c0f9438c5c58abc16b5f98008ff2d95cb13ce
|
|
OpenBSD-Commit-ID: 518a6736338045e0037f503c21027d958d05e703
|
|
sshd_config quotes option strings. bz#1596 ok markus@
OpenBSD-Commit-ID: dd3a29fc2dc905e8780198e5a6a30b096de1a1cb
|
|
readable. ok markus
OpenBSD-Commit-ID: 2e9247b5762fdac3b6335dc606d3822121714c28
|
|
jmc@
OpenBSD-Commit-ID: 9039cb69a3f9886bfef096891a9e7fcbd620280b
|
|
OpenBSD-Commit-ID: 132812dd2296b1caa8cb07d2408afc28e4e60f93
|
|
with portable. ok djm@.
OpenBSD-Commit-ID: 5233a27aafd1dfadad4b957225f95ae51eb365c1
|
|
OpenBSD-Commit-ID: 52f247d4eafe840c7c14c8befa71a760a8eeb063
|
|
Add #ifdef WITH_XMSS to ssh-xmss.c, move it in the other files to after
includes.h so it's less likely to conflict and will pick up WITH_XMSS if
added to config.h.
|
|
The XMSS code is currently experimental and, unlike the rest of OpenSSH
cannot currently be compiled with a c89 compiler.
|
|
|
|
Some compilers (gcc 2.9.53, 3.0 and probably others, see gcc bug #3481)
do not accept __attribute__ on function pointer prototype args. Check for
this and hide them if they're not accepted.
|
|
|
|
|
|
The former doesn't work on Solaris or BSDs.
|
|
Nothing currently uses them but they cause conflicts on at least
FreeBSD, possibly others. ok djm@
|
|
|
|
Also a couple of minor changes: fail if we can't lock instead of
silently succeeding, and apply a couple of minor style fixes.
|
|
From NetBSD's src/trunk/tools/compat/flock.c, no OpenSSH changes yet.
|
|
BUILDDIR is not set where used for REGRESSTMP, use make's CURDIR
instead. Pointed out by djm@.
|
|
|
|
|
|
Use string_to_security_class() instead.
|
|
|
|
Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS
in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See
https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok
djm@
OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac
|
|
OpenBSD-Commit-ID: 1a719ebeae22a166adf05bea5009add7075acc8c
|
|
AC_FUNC_GETPGRP tests if getpgrp(0) works, which it does if it's not
declared. Instead, test if the zero-arg version we want to use works.
|
|
|
