summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-04-04Tidy up openssl header test.Darren Tucker
2016-04-04Fix configure-time warnings for openssl test.Darren Tucker
2016-04-01upstream commitdjm@openbsd.org
whitespace at EOL Upstream-ID: 40ae2203d07cb14e0a89e1a0d4c6120ee8fd8c3a
2016-04-01upstream commitdtucker@openbsd.org
Remove fallback from moduli to "primes" file that was deprecated in 2001 and fix log messages referring to primes file. Based on patch from xnox at ubuntu.com via bz#2559. "kill it" deraadt@ Upstream-ID: 0d4f8c70e2fa7431a83b95f8ca81033147ba8713
2016-03-18upstream commitdjm@openbsd.org
UseDNS affects ssh hostname processing in authorized_keys, not known_hosts; bz#2554 reported by jjelen AT redhat.com Upstream-ID: c1c1bb895dde46095fc6d81d8653703928437591
2016-03-15Don't call Solaris setproject() with UsePAM=yes.Darren Tucker
When Solaris Projects are enabled along with PAM setting the project is PAM's responsiblity. bz#2425, based on patch from brent.paulson at gmail.com.
2016-03-15remove slogin from *.specDamien Miller
2016-03-15upstream commitdjm@openbsd.org
unbreak authentication using lone certificate keys in ssh-agent: when attempting pubkey auth with a certificate, if no separate private key is found among the keys then try with the certificate key itself. bz#2550 reported by Peter Moody Upstream-ID: f939cd76d68e6a9a3d1711b5a943d6ed1e623966
2016-03-15upstream commitdjm@openbsd.org
sanitise characters destined for xauth reported by github.com/tintinweb feedback and ok deraadt and markus Upstream-ID: 18ad8d0d74cbd2ea3306a16595a306ee356aa261
2016-03-14Pass supported malloc options to connect-privsep.Darren Tucker
This allows us to activate only the supported options during the malloc option portion of the connect-privsep test.
2016-03-14Remove leftover roaming.h file.Darren Tucker
Pointed out by des at des.no.
2016-03-14Quote variables that may contain whitespace.Darren Tucker
The variable $L_TMP_ID_FILE needs to be surrounded by quotes in order to survive paths containing whitespace. bz#2551, from Corinna Vinschen via Philip Hands.
2016-03-11Include priv.h for priv_set_t.Darren Tucker
From alex at cooperi.net.
2016-03-10Import openssh_7.2p2.orig.tar.gzColin Watson
2016-03-10update versions for releaseDamien Miller
2016-03-10sanitise characters destined for xauth(1)Damien Miller
reported by github.com/tintinweb
2016-03-09Wrap stdint.h inside #ifdef HAVE_STDINT_H.Darren Tucker
2016-03-09Add compat to monotime_double().Darren Tucker
Apply all of the portability changes in monotime() to monotime() double. Fixes build on at least older FreeBSD systems.
2016-03-08make a regress-binaries targetDamien Miller
Easier to build all the regression/unit test binaries in one pass than going through all of ${REGRESS_BINARIES}
2016-03-08unbreak kexfuzz for -Werror without __bounded__Damien Miller
2016-03-08unbreak PAM after canohost refactorDamien Miller
2016-03-08auth_get_canonical_hostname in portable code.Darren Tucker
"refactor canohost.c" replaced get_canonical_hostname, this makes the same change to some portable-specific code.
2016-03-08upstream commitdjm@openbsd.org
refactor canohost.c: move functions that cache results closer to the places that use them (authn and session code). After this, no state is cached in canohost.c feedback and ok markus@ Upstream-ID: 5f2e4df88d4803fc8ec59ec53629105e23ce625e
2016-03-04hook unittests/misc/kexfuzz into buildDamien Miller
2016-03-04upstream commitdtucker@openbsd.org
Filter debug messages out of log before picking the last two lines. Should prevent problems if any more debug output is added late in the connection. Upstream-Regress-ID: 345d0a9589c381e7d640a4ead06cfaadf4db1363
2016-03-04upstream commitdjm@openbsd.org
add KEX fuzzer harness; ok deraadt@ Upstream-Regress-ID: 3df5242d30551b12b828aa9ba4a4cec0846be8d1
2016-03-04upstream commitdtucker@openbsd.org
Look back 3 lines for possible error messages. Changes to the code mean that "Bad packet length" errors are 3 lines back instead of the previous two, which meant we didn't skip some offsets that we intended to. Upstream-Regress-ID: 24f36912740a634d509a3144ebc8eb7c09b9c684
2016-03-04upstream commitdjm@openbsd.org
fix ClientAliveInterval when a time-based RekeyLimit is set; previously keepalive packets were not being sent. bz#2252 report and analysis by Christian Wittenhorst and Garrett Lee feedback and ok dtucker@ Upstream-ID: d48f9deadd35fdacdd5106b41bb07630ddd4aa81
2016-03-04upstream commitdtucker@openbsd.org
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@ Upstream-ID: 99f1cf15c9a8f161086b814d414d862795ae153d
2016-03-04upstream commitdtucker@openbsd.org
Improve precision of progressmeter for sftp and scp by storing sub-second timestamps. Pointed out by mmcc@, ok deraadt@ markus@ Upstream-ID: 38fd83a3d83dbf81c8ff7b5d1302382fe54970ab
2016-03-04upstream commitjca@openbsd.org
Print ssize_t with %zd; ok deraadt@ mmcc@ Upstream-ID: 0590313bbb013ff6692298c98f7e0be349d124bd
2016-03-04upstream commitdjm@openbsd.org
rearrange DH public value tests to be a little more clear rearrange DH private value generation to explain rationale more clearly and include an extra sanity check. ok deraadt Upstream-ID: 9ad8a07e1a12684e1b329f9bd88941b249d4b2ad
2016-03-01Import updated moduli file from OpenBSD.Darren Tucker
Note that 1.5k bit groups have been removed.
2016-02-29Import openssh_7.2p1.orig.tar.gzColin Watson
2016-02-26Add a note about using xlc on AIX.Darren Tucker
2016-02-24Skip PrintLastLog in config dump mode.Darren Tucker
When DISABLE_LASTLOG is set, do not try to include PrintLastLog in the config dump since it'll be reported as UNKNOWN.
2016-02-23update spec/README versions ahead of releaseDamien Miller
2016-02-23put back portable patchlevel to p1Damien Miller
2016-02-23upstream commitdjm@openbsd.org
openssh-7.2 Upstream-ID: 9db776b26014147fc907ece8460ef2bcb0f11e78
2016-02-23Disable tests where fs perms are incorrectDamien Miller
Some tests have strict requirements on the filesystem permissions for certain files and directories. This adds a regress/check-perm tool that copies the relevant logic from sshd to exactly test the paths in question. This lets us skip tests when the local filesystem doesn't conform to our expectations rather than continuing and failing the test run. ok dtucker@
2016-02-23fix sandbox on OSX LionDamien Miller
sshd was failing with: ssh_sandbox_child: sandbox_init: dlopen(/usr/lib/libsandbox.1.dylib, 261):cw image not found [preauth] caused by chroot before sandboxing. Avoid by explicitly linking libsandbox to sshd. Spotted by Darren.
2016-02-23upstream commitdjm@openbsd.org
fix spurious error message when incorrect passphrase entered for keys; reported by espie@ ok deraadt@ Upstream-ID: 58b2e46e63ed6912ed1ee780bd3bd8560f9a5899
2016-02-23upstream commitsobrado@openbsd.org
set ssh(1) protocol version to 2 only. ok djm@ Upstream-ID: e168daf9d27d7e392e3c9923826bd8e87b2b3a10
2016-02-23upstream commitsobrado@openbsd.org
add missing ~/.ssh/id_ecdsa and ~/.ssh/id_ed25519 to IdentityFile. ok djm@ Upstream-ID: 6ce99466312e4ae7708017c3665e3edb976f70cf
2016-02-23upstream commitsobrado@openbsd.org
AddressFamily defaults to any. ok djm@ Upstream-ID: 0d94aa06a4b889bf57a7f631c45ba36d24c13e0c
2016-02-19Make Solaris privs code build on older systems.Darren Tucker
Not all systems with Solaris privs have priv_basicset so factor that out and provide backward compatibility code. Similarly, not all have PRIV_NET_ACCESS so wrap that in #ifdef. Based on code from alex at cooperi.net and djm@ with help from carson at taltos.org and wieland at purdue.edu.
2016-02-18upstream commitdjm@openbsd.org
rekey refactor broke SSH1; spotted by Tom G. Christensen Upstream-ID: 43f0d57928cc077c949af0bfa71ef574dcb58243
2016-02-18upstream commitdjm@openbsd.org
rsa-sha2-512,rsa-sha2-256 cannot be selected explicitly in *KeyTypes options yet. Remove them from the lists of algorithms for now. committing on behalf of markus@ ok djm@ Upstream-ID: c6e8820eb8e610ac21551832c0c89684a9a51bb7
2016-02-18upstream commitjmc@openbsd.org
since these pages now clearly tell folks to avoid v1, normalise the docs from a v2 perspective (i.e. stop pointing out which bits are v2 only); ok/tweaks djm ok markus Upstream-ID: eb474f8c36fb6a532dc05c282f7965e38dcfa129
2016-02-17upstream commitdjm@openbsd.org
make sandboxed privilege separation the default, not just for new installs; "absolutely" deraadt@ Upstream-ID: 5221ef3b927d2df044e9aa3f5db74ae91743f69b