summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-08-23upstream commitdjm@openbsd.org
add tests for matching functions Upstream-Regress-ID: 0869d4f5c5d627c583c6a929d69c17d5dd65882c
2016-08-23removing UseLogin bits from configure.acDamien Miller
2016-08-23upstream commitdjm@openbsd.org
fix negated address matching where the address list consists of a single negated match, e.g. "Match addr !192.20.0.1" Report and patch from Jakub Jelen. bz#2397 ok dtucker@ Upstream-ID: 01dcac3f3e6ca47518cf293e31c73597a4bb40d8
2016-08-23upstream commitdjm@openbsd.org
fix matching for pattern lists that contain a single negated match, e.g. "Host !example" report and patch from Robin Becker. bz#1918 ok dtucker@ Upstream-ID: 05a0cb323ea4bc20e98db099b42c067bfb9ea1ea
2016-08-23upstream commitdjm@openbsd.org
remove UseLogin option and support for having /bin/login manage login sessions; ok deraadt markus dtucker Upstream-ID: bea7213fbf158efab7e602d9d844fba4837d2712
2016-08-23upstream commitnaddy@openbsd.org
Catch up with the SSH1 code removal and delete all mention of protocol 1 particularities, key files and formats, command line options, and configuration keywords from the server documentation and examples. ok jmc@ Upstream-ID: 850328854675b4b6a0d4a90f0b4a9dd9ca4e905f
2016-08-23upstream commitnaddy@openbsd.org
Remove more SSH1 server code: * Drop sshd's -k option. * Retire configuration keywords that only apply to protocol 1, as well as the "protocol" keyword. * Remove some related vestiges of protocol 1 support. ok markus@ Upstream-ID: 9402f82886de917779db12f8ee3f03d4decc244d
2016-08-17Only check for prctl once.Darren Tucker
2016-08-17Fix typo.Darren Tucker
2016-08-17Correct LDFLAGS for clang example.Darren Tucker
--with-ldflags isn't used until after the -ftrapv test, so mention LDFLAGS instead for now.
2016-08-17Remove obsolete CVS $Id from source files.Darren Tucker
Since -portable switched to git the CVS $Id tags are no longer being updated and are becoming increasingly misleading. Remove them.
2016-08-17Remove now-obsolete CVS $Id tags from text files.Darren Tucker
Since -portable switched to git, the CVS $Id tags are no longer being updated and are becoming increasingly misleading. Remove them.
2016-08-17Add a section for compiler specifics.Darren Tucker
Add a section for compiler specifics and document the runtime requirements for clang's integer sanitization.
2016-08-17Test multiplying two long long ints.Darren Tucker
When using clang with -ftrapv or -sanitize=integer the tests would pass but linking would fail with "undefined reference to __mulodi4". Explicitly test for this before enabling -trapv.
2016-08-16add a --with-login-program configure argumentDamien Miller
Saves messing around with LOGIN_PROGRAM env var, which come packaging environments make hard to do during configure phase.
2016-08-16add --with-pam-service to specify PAM service nameDamien Miller
Saves messing around with CFLAGS to do it.
2016-08-16fix false positives when compiled with msanDamien Miller
Our explicit_bzero successfully confused clang -fsanitize-memory in to thinking that memset is never called to initialise memory. Ensure that it is called in a way that the compiler recognises.
2016-08-14upstream commitmarkus@openbsd.org
remove ssh1 server code; ok djm@ Upstream-ID: c24c0c32c49b91740d5a94ae914fb1898ea5f534
2016-08-14upstream commitjca@openbsd.org
Use 2001:db8::/32, the official IPv6 subnet for configuration examples. This makes the IPv6 example consistent with IPv4, and removes a dubious mention of a 6bone subnet. ok sthen@ millert@ Upstream-ID: b027f3d0e0073419a132fd1bf002e8089b233634
2016-08-14upstream commitdtucker@openbsd.org
Update moduli file. Upstream-ID: 6da9a37f74aef9f9cc639004345ad893cad582d8
2016-08-11Import updated moduli.Darren Tucker
2016-08-09upstream commitdtucker@openbsd.org
Improve error message for overlong ControlPath. ok markus@ djm@ Upstream-ID: aed374e2e88dd3eb41390003e5303d0089861eb5
2016-08-09upstream commitdjm@openbsd.org
small refactor of cipher.c: make ciphercontext opaque to callers feedback and ok markus@ Upstream-ID: 094849f8be68c3bdad2c0f3dee551ecf7be87f6f
2016-08-03upstream commitdtucker@openbsd.org
Fix bug introduced in rev 1.467 which causes "buffer_get_bignum_ret: incomplete message" errors when built with WITH_SSH1 and run such that no Protocol 1 ephemeral host key is generated (eg "Protocol 2", no SSH1 host key supplied). Reported by rainer.laatsch at t-online.de, ok deraadt@ Upstream-ID: aa6b132da5c325523aed7989cc5a320497c919dc
2016-08-03upstream commitdjm@openbsd.org
better bounds check on iovcnt (we only ever use fixed, positive values) Upstream-ID: 9baa6eb5cd6e30c9dc7398e5fe853721a3a5bdee
2016-08-02Use tabs consistently inside "case $host".Darren Tucker
2016-08-02Explicitly test for broken strnvis.Darren Tucker
NetBSD added an strnvis and unfortunately made it incompatible with the existing one in OpenBSD and Linux's libbsd (the former having existed for over ten years). Despite this incompatibility being reported during development (see http://gnats.netbsd.org/44977) they still shipped it. Even more unfortunately FreeBSD and later MacOS picked up this incompatible implementation. Try to detect this mess, and assume the only safe option if we're cross compiling. OpenBSD 2.9 (2001): strnvis(char *dst, const char *src, size_t dlen, int flag); NetBSD 6.0 (2012): strnvis(char *dst, size_t dlen, const char *src, int flag); ok djm@
2016-08-02update recommended autoconf versionDamien Miller
2016-08-02update config.guess and config.sub to currentDamien Miller
upstream commit 562f3512b3911ba0c77a7f68214881d1f241f46e
2016-08-02Replace spaces with tabs.Darren Tucker
Mechanically replace spaces with tabs in compat files not synced with OpenBSD.
2016-08-02Strip trailing whitespace.Darren Tucker
Mechanically strip trailing whitespace on files not synced with OpenBSD (or in the case of bsd-snprint.c, rsync).
2016-08-02Repair $OpenBSD markers.Darren Tucker
2016-08-02Repair $OpenBSD marker.Darren Tucker
2016-08-01modified: configure.ac opensshd.init.inTim Rice
Skip generating missing RSA1 key on startup unless ssh1 support is enabled. Spotted by Jean-Pierre Radley
2016-07-28define _OPENBSD_SOURCE for reallocarray on NetBSDDamien Miller
Report by and debugged with Hisashi T Fujinaka, dtucker nailed the problem (lack of prototype causing return type confusion).
2016-07-27KNFDamien Miller
2016-07-27Linux auditing also needs packet.hDamien Miller
2016-07-27fix auditing on LinuxDamien Miller
get_remote_ipaddr() was replaced with ssh_remote_ipaddr()
2016-07-24crank version numbersDamien Miller
2016-07-24upstream commitdjm@openbsd.org
openssh-7.3 Upstream-ID: af106a7eb665f642648cf1993e162c899f358718
2016-07-23Move Cygwin IPPORT_RESERVED overrride to defines.hDarren Tucker
Patch from vinschen at redhat.com.
2016-07-23upstream commitdjm@openbsd.org
fix pledge violation with ssh -f; reported by Valentin Kozamernik ok dtucker@ Upstream-ID: a61db7988db88d9dac3c4dd70e18876a8edf84aa
2016-07-23upstream commitdjm@openbsd.org
improve wording; suggested by jmc@ Upstream-ID: 55cb0a24c8e0618b3ceec80998dc82c85db2d2f8
2016-07-23upstream commitdtucker@openbsd.org
Lower loglevel for "Authenticated with partial success" message similar to other similar level. bz#2599, patch from cgallek at gmail.com, ok markus@ Upstream-ID: 3faab814e947dc7b2e292edede23e94c608cb4dd
2016-07-22retry waitpid on EINTR failureDamien Miller
patch from Jakub Jelen on bz#2581; ok dtucker@
2016-07-22upstream commitdjm@openbsd.org
constify a few functions' arguments; patch from Jakub Jelen bz#2581 Upstream-ID: f2043f51454ea37830ff6ad60c8b32b4220f448d
2016-07-22upstream commitdjm@openbsd.org
move debug("%p", key) to before key is free'd; probable undefined behaviour on strict compilers; reported by Jakub Jelen bz#2581 Upstream-ID: 767f323e1f5819508a0e35e388ec241bac2f953a
2016-07-22upstream commitdjm@openbsd.org
reverse the order in which -J/JumpHost proxies are visited to be more intuitive and document reported by and manpage bits naddy@ Upstream-ID: 3a68fd6a841fd6cf8cedf6552a9607ba99df179a
2016-07-22upstream commitdtucker@openbsd.org
Skip passwords longer than 1k in length so clients can't easily DoS sshd by sending very long passwords, causing it to spend CPU hashing them. feedback djm@, ok markus@. Brought to our attention by tomas.kuthan at oracle.com, shilei-c at 360.cn and coredump at autistici.org Upstream-ID: d0af7d4a2190b63ba1d38eec502bc4be0be9e333
2016-07-22upstream commitnaddy@openbsd.org
Do not clobber the global jump_host variables when parsing an inactive configuration. ok djm@ Upstream-ID: 5362210944d91417d5976346d41ac0b244350d31