Age | Commit message (Collapse) | Author |
|
when there is a comment. This makes copy-paste of fingerprints into ssh
easier. OK djm@
OpenBSD-Commit-ID: fa01d95624f65c1eb4dc7c575d20d77c78010dfd
|
|
change
OpenBSD-Commit-ID: 6c3ddd5f848b99ea560b31d3fba99ceed66cef37
|
|
OpenBSD-Commit-ID: 85ee6aeff608371826019ea85e55bfa87f79d06e
|
|
|
|
along with the MaxStartups limit in the proctitle; suggestion from Philipp
Marek, w/ feedback from Craig Miskell ok dtucker@
OpenBSD-Commit-ID: a4a6db2dc1641a5df8eddf7d6652176e359dffb3
|
|
ok dtucker@ djm@
OpenBSD-Commit-ID: 0788e7f2b5a9d4e36d3d2ab378f73329320fef66
|
|
|
|
libcrypto support; it works just fine and disabling it breaks a few tests. ok
dtucker@
OpenBSD-Commit-ID: 65f6272c4241eb4b04de78b012fe98b2b555ad44
|
|
cleared; with dtucker@
OpenBSD-Regress-ID: 03178a0580324bf0dff28f7eac6c3edbc5407f8e
|
|
error message for misconfigured helper paths
OpenBSD-Commit-ID: 061bcc262155d12e726305c91394ac0aaf1f8341
|
|
from jtesta@positronsecurity.com via github PR#151.
OpenBSD-Commit-ID: f3d48168623045c258245c340a5a2af7dbb74edc
|
|
prompt; reported by jmc@
OpenBSD-Commit-ID: 04d4f582fc194eb3897ebcbfe286c49958ba2859
|
|
messages
OpenBSD-Commit-ID: 6da47a0e6373f6683006f49bc2a516d197655508
|
|
authenticator"
OpenBSD-Commit-ID: 031bca03c1d1f878ab929facd561911f1bc68dfd
|
|
again
OpenBSD-Commit-ID: 341749062c089cc360a7877e9ee3a887aecde395
|
|
authenticator.
* Rename -O to -K to keep "-O option" available.
* Document -K.
* Trim usage() message down to synopsis, like all other commands.
ok markus@
OpenBSD-Commit-ID: 015c2c4b28f8e19107adc80351b44b23bca4c78a
|
|
other and reality ok markus@
OpenBSD-Commit-ID: cdf64454f2c3604c25977c944e5b6262a3bcce92
|
|
expand_proxy_command()
Always put 'host' before 'host_arg' for consistency. ok markus@ djm@
OpenBSD-Commit-ID: 1ba5b25472779f1b1957295fcc6907bb961472a3
|
|
ssh-sk-helper, making debugging a bit easier. ok markus@
OpenBSD-Commit-ID: 2e7aea6bf5770d3f38b7c7bba891069256c5a49a
|
|
It's only needed for USE_PAM or HAVE_CYGWIN cases and will cause compiler
warnings otherwise.
|
|
|
|
This function is only used in this file, and only on Cygwin, so make
it static and hide it behind HAVE_CYGWIN. Prevents missing prototype
warning.
|
|
When running ./configure --with-ldns, if ldns-config cannot be found, we
add -Iyes/include to CPPFLAGS and -Lyes/lib to LDFLAGS. Fix that.
|
|
sshpam_password_change_required is only used in auth-pam.c, so make it
static to prevent a mising prototype warning.
|
|
Include the right header just like the other sandbox files.
Fixes missing prototype warnings for ssh_sandbox_* functions.
|
|
Include stdlib.h for calloc, malloc, free and setenv.
|
|
This fixes the following when there are no openssl headers on the system:
ssh-ecdsa-sk.c:34:10: fatal error: 'openssl/bn.h' file not found
|
|
|
|
|
|
|
|
|
|
|
|
Make struct timespec test consistent with existing timeval test.
Include time.h for timespec in compat header where required.
|
|
|
|
RIPEMD160 support was removed upstream in 2017, however we still had
a configure test and compat code for it, so clean those up now.
|
|
|
|
Closes: #946242
|
|
As noted in openssh/openssh-portable#149, i386 does not have have
_NR_shmget etc. Instead, it has a single ipc syscall (see man 2 ipc,
https://linux.die.net/man/2/ipc). Add this syscall, if present, to the
list of syscalls that seccomp will deny non-fatally.
Bug-Debian: https://bugs.debian.org/946242
Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=30f704ebc0e9e32b3d12f5d9e8c1b705fdde2c89
Last-Update: 2020-01-11
Patch-Name: sandbox-seccomp-ipc.patch
|
|
|
|
This helps sshd accept connections on mips platforms with
upcoming glibc ( 2.31 )
Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=b110cefdfbf5a20f49b774a55062d6ded2fb6e22
Last-Update: 2020-01-11
Patch-Name: sandbox-seccomp-clock_gettime64.patch
|
|
Needed on Linux ARM. bz#3100, patch from jjelen@redhat.com.
Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=5af6fd5461bb709304e6979c8b7856c7af921c9e
Last-Update: 2020-01-11
Patch-Name: sandbox-seccomp-clock_nanosleep_time64.patch
|
|
seccomp: Allow clock_nanosleep() to make OpenSSH working with latest
glibc. Patch from Jakub Jelen <jjelen@redhat.com> via bz #3093.
Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=b1c82f4b8adf3f42476d8a1f292df33fb7aa1a56
Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=546274a6f89489d2e6be8a8b62f2bb63c87a61fd
Last-Update: 2020-01-11
Patch-Name: sandbox-seccomp-clock_nanosleep.patch
|
|
|
|
|
|
test?
OpenBSD-Regress-ID: 3b953df5a7e14081ff6cf495d4e8d40e153cbc3a
Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=ff31f15773ee173502eec4d7861ec56f26bba381
Last-Update: 2020-01-09
Patch-Name: regress-2020.patch
|
|
by anton@
OpenBSD-Commit-ID: db1c32478a01dfbc9c4db171de0f25907bea5775
|
|
little; ok djm
OpenBSD-Commit-ID: 491ce15ae52a88b7a6a2b3b6708a14b4aacdeebb
|
|
|
|
Closes: #948466
|
|
As noted in openssh/openssh-portable#149, i386 does not have have
_NR_shmget etc. Instead, it has a single ipc syscall (see man 2 ipc,
https://linux.die.net/man/2/ipc). Add this syscall, if present, to the
list of syscalls that seccomp will deny non-fatally.
|