summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-06-08Always clean up before and after utimensat test.Darren Tucker
2019-06-07Update utimensat test.Darren Tucker
POSIX specifies that when given a symlink, AT_SYMLINK_NOFOLLOW should update the symlink and not the destination. The compat code doesn't have a way to do this, so where possible it fails instead of following a symlink when explicitly asked not to. Instead of checking for an explicit failure, check that it does not update the destination, which both the real and compat implmentations should honour. Inspired by github pull req #125 from chutzpah at gentoo.org.
2019-06-07Have pthread_create return errno on failure.Darren Tucker
According to POSIX, pthread_create returns the failure reason in the non-zero function return code so make the fork wrapper do that. Matches previous change.
2019-06-07pthread_create(3) returns positive values on failure.Elliott Hughes
Found by inspection after finding similar bugs in other code used by Android.
2019-06-05allow s390 specific ioctl for ecc hardware supportHarald Freudenberger
Adding another s390 specific ioctl to be able to support ECC hardware acceleration to the sandbox seccomp filter rules. Now the ibmca openssl engine provides elliptic curve cryptography support with the help of libica and CCA crypto cards. This is done via jet another ioctl call to the zcrypt device driver and so there is a need to enable this on the openssl sandbox. Code is s390 specific and has been tested, verified and reviewed. Please note that I am also the originator of the previous changes in that area. I posted these changes to Eduardo and he forwarded the patches to the openssl community. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
2019-06-05openssl-devel is obsoleted by libssl-develSorin Adrian Savu
openssl-devel is no longer installable via the cygwin setup and it's hidden by default, so you can't see the replacement very easy.
2019-05-21upstream: tweak previous;jmc@openbsd.org
OpenBSD-Commit-ID: 42f39f22f53cfcb913bce401ae0f1bb93e08dd6c
2019-05-20upstream: embiggen format buffer size for certificate serial number sodjm@openbsd.org
that it will fit a full 64 bit integer. bz#3012 from Manoel Domingues Junior OpenBSD-Commit-ID: a51f3013056d05b976e5af6b978dcb9e27bbc12b
2019-05-20upstream: When signing certificates with an RSA key, default todjm@openbsd.org
using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys will therefore be incompatible with OpenSSH < 7.2 unless the default is overridden. Document the ability of the ssh-keygen -t flag to override the signature algorithm when signing certificates, and the new default. ok deraadt@ OpenBSD-Commit-ID: 400c9c15013978204c2cb80f294b03ae4cfc8b95
2019-05-17Add no-op implementation of pam_putenv.Darren Tucker
Some platforms such as HP-UX do not have pam_putenv. Currently the calls are ifdef'ed out, but a new one was recently added. Remove the ifdefs and add a no-op implementation. bz#3008, ok djm.
2019-05-17Use the correct macro for SSH_ALLOWED_CA_SIGALGS.Darren Tucker
2019-05-17Fix building w/out ECC.Darren Tucker
Ifdef out ECC specific code so that that it'll build against an OpenSSL configured w/out ECC. With & ok djm@
2019-05-17Conditionalize ECDH methods in CA algos.Darren Tucker
When building against an OpenSSL configured without ECC, don't include those algos in CASignatureAlgorithms. ok djm@
2019-05-17upstream: Move a variable declaration to the block where it's useddtucker@openbsd.org
to make things a little tidier for -portable. OpenBSD-Commit-ID: 616379861be95619e5358768b7dee4793e2f3a75
2019-05-17upstream: When doing the fork+exec'ing for ssh-keysign, rearrangederaadt@openbsd.org
the socket into fd3, so as to not mistakenly leak other fd forward accidentally. ok djm OpenBSD-Commit-ID: 24cc753f5aa2c6a7d0fbf62766adbc75cd785296
2019-05-17upstream: Delete some .Sx macros that were used in a wrong way.schwarze@openbsd.org
Part of a patch from Stephen Gregoratto <dev at sgregoratto dot me>. OpenBSD-Commit-ID: 15501ed13c595f135e7610b1a5d8345ccdb513b7
2019-05-17upstream: For PermitOpen violations add the remote host and port toflorian@openbsd.org
be able to find out from where the request was comming. Add the same logging for PermitListen violations which where not logged at all. Pointed out by Robert Kisteleki (robert AT ripe.net) input markus OK deraadt OpenBSD-Commit-ID: 8a7d0f1b7175504c0d1dca8d9aca1588b66448c8
2019-05-16Add OpenSSL 1.1.1 to the supported list.Darren Tucker
Clarify the language around prngd and egd.
2019-05-15Fix typo in man page formatter selector.Darren Tucker
2019-05-10Use "doc" man page format if mandoc present.Darren Tucker
Previously configure would not select the "doc" man page format if mandoc was present but nroff was not. This checks for mandoc first and removes a now-superflous AC_PATH_PROG. Based on a patch from vehk at vehk.de and feedback from schwarze at usta.de.
2019-05-08upstream: Use the correct (according to POSIX) format fordtucker@openbsd.org
left-justification in snmprintf. bz#3002, patch from velemas at gmail.com, ok markus@. OpenBSD-Commit-ID: 65d252b799be0cc8f68b6c47cece0a57bb00fea7
2019-05-08upstream: Free channel objects on exit path. Patch from markus atdtucker@openbsd.org
blueflash.cc, ok deraadt OpenBSD-Commit-ID: dbe4db381603909482211ffdd2b48abd72169117
2019-05-08upstream: Free host on exit path. Patch from markus atdtucker@openbsd.org
blueflash.cc, ok djm@ OpenBSD-Commit-ID: c54e9945d93c4ce28350d8b9fa8b71f744ef2b5a
2019-05-08upstream: Wrap XMSS including in ifdef. Patch from markus atdtucker@openbsd.org
blueflash.cc, ok djm OpenBSD-Commit-ID: e3b34fc35cf12d33bde91ac03633210a3bc0f8b5
2019-05-08upstream: Import regenerated moduli.dtucker@openbsd.org
OpenBSD-Commit-ID: db6375fc302e3bdf07d96430c63c991b2c2bd3ff
2019-05-08upstream: Use the LogLevel typdef instead of int where appropriate. Patch ↵dtucker@openbsd.org
from Markus Schmidt via openssh-unix-dev, ok markus@ OpenBSD-Commit-ID: 4c0f0f458e3da7807806b35e3eb5c1e8403c968a
2019-05-08upstream: Document new default RSA key size. Fromdtucker@openbsd.org
sebastiaanlokhorst at gmail.com via bz#2997. OpenBSD-Commit-ID: bdd62ff5d4d649d2147904e91bf7cefa82fe11e1
2019-05-08upstream: When running sshd -T, assume any attibute not provided bydtucker@openbsd.org
-C does not match, which allows it to work when sshd_config contains a Match directive with or without -C. bz#2858, ok djm@ OpenBSD-Commit-ID: 1a701f0a33e3bc96753cfda2fe0b0378520b82eb
2019-05-08upstream: Remove crc32.{c,h} which were only used by the now-gonedtucker@openbsd.org
SSH1 protocol. Patch from yumkam at gmail.com, ok deraadt. OpenBSD-Commit-ID: cceda5876c5ba6b4d8abcd52335329198cee3240
2019-04-30Remove unused variables from RLIMIT_NOFILE test.Darren Tucker
2019-04-26Import regenerated moduli.Darren Tucker
2019-04-26Whitespace resync w/OpenBSD.Darren Tucker
Patch from markus at blueflash.cc via openssh-unix-dev.
2019-04-26Don't install duplicate STREAMS modules on SolarisDarren Tucker
Check if STREAMS modules are already installed on pty before installing since when compiling with XPG>=4 they will likely be installed already. Prevents hangs and duplicate lines on the terminal. bz#2945 and bz#2998, patch from djm@
2019-04-18makedependDamien Miller
2019-04-05second thoughts: leave README in placeDamien Miller
A number of contrib/* files refer to the existing README so let's leave it in place for release and add the new markdown version in parallel. I'll get rid of README after release.
2019-04-05Revert "rewrite README"Damien Miller
This reverts commit 9444d82678cb7781820da4d1c23b3c2b9fb1e12f.
2019-04-05rewrite READMEDamien Miller
Include basic build instructions and comments on commonly-used build- time flags, links to the manual pages and other resources. Now in Markdown format for better viewing on github, etc.
2019-04-05update versionsDamien Miller
2019-04-05upstream: openssh-8.0djm@openbsd.org
OpenBSD-Commit-ID: 5aafdf218679dab982fea20771afd643be9a127b
2019-04-04session: Do not use removed APIDamien Miller
from Jakub Jelen
2019-04-03upstream: when logging/fataling on error, include a bit more detaildjm@openbsd.org
than just the function name and the error message OpenBSD-Commit-ID: dd72d7eba2215fcb89be516c378f633ea5bcca9f
2019-04-03Remove "struct ssh" from sys_auth_record_login.Darren Tucker
It's not needed, and is not available from the call site in loginrec.c Should only affect AIX, spotted by Kevin Brott.
2019-04-02Adapt custom_failed_login to new prototype.Darren Tucker
Spotted by Kevin Brott.
2019-04-01Add includes.h for compat layer.Darren Tucker
Should fix build on AIX 7.2.
2019-03-31Stop USL compilers for erroring with "integral constant expression expected"Tim Rice
2019-03-31Only use O_NOFOLLOW in fchownat and fchmodat if definedTim Rice
2019-03-29Adjust softhsm2 path on Fedora Linux for regressJakub Jelen
The SoftHSM lives in Fedora in /usr/lib64/pkcs11/libsofthsm2.so
2019-03-28Only use O_NOFOLLOW in utimensat if defined.Darren Tucker
Fixes build on systems that don't have it (Solaris <=9) Found by Tom G. Christensen.
2019-03-28drop old Cygwin considerationsCorinna Vinschen
- Cygwin supports non-DOS characters in filenames - Cygwin does not support Windows XP anymore Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
2019-03-27upstream: fix interaction between ClientAliveInterval and RekeyLimitdjm@openbsd.org
that could cause connection to close incorrectly; Report and patch from Jakub Jelen in bz#2757; ok dtucker@ markus@ OpenBSD-Commit-ID: 17229a8a65bd8e6c2080318ec2b7a61e1aede3fb