Age | Commit message (Collapse) | Author |
|
On some older platforms (at least sunos4, probably others) sys/audit.h
requires some other headers. Patch from klausz at haus-gisela.de.
|
|
Defaults to original location ($srcdir/regress) but allows overriding
if desired, eg a directory in /tmp.
|
|
getrusage was used in ssh-rand-helper but that's now long gone.
Patch from klauszh at haus-gisela.de.
|
|
Some SSH servers eg "ConfD" drop the connection if the client sends the
new IUTF8 (RFC8160) terminal mode even if it's not set. Add a bug bit
for such servers and avoid sending IUTF8 to them. ok djm@
OpenBSD-Commit-ID: 26425855402d870c3c0a90491e72e2a8a342ceda
|
|
|
|
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
From Jakub Jelen via bz#2826
OpenBSD-Commit-ID: 51bf769f06e55447f4bfa7306949e62d2401907a
|
|
stanza and manpage bits; from Colin Watson via bz#2662, ok dtucker@
OpenBSD-Commit-ID: d33a849f481684ff655c140f5eb1b4acda8c5c09
|
|
constant time.
This avoids a potential side channel timing leak.
ok djm@ markus@
OpenBSD-Commit-ID: 71ff3c16be03290e63d8edab8fac053d8a82968c
|
|
This also zeros an ed25519_pk when it was not being zeroed previously.
ok djm@ dtucker@
OpenBSD-Commit-ID: 5c196a3c85c23ac0bd9b11bcadaedd90b7a2ce82
|
|
|
|
|
|
|
|
|
|
|
|
These seem to have been missed during the replacement of mysignal
with #define signal in commit 5ade9ab. Both include the requisite
headers to pick up the #define.
|
|
|
|
|
|
The code required to support it is quite invasive to the mainline
code that is synced with upstream and is an ongoing maintenance burden.
Both the hardware and software are literal museum pieces these days and
we could not find anyone still running OpenSSH on one.
|
|
|
|
|
|
'p' was removed in previous change but I neglected to remove the
otherwise-unused assignment to it.
|
|
OpenBSD-Commit-ID: 674edd214d0a7332dd4623c9cf8117301b012890
|
|
The signal handlers from the original ssh1 code on which OpenSSH
is based assume unreliable signals and reinstall their handlers.
Since OpenBSD (and pretty much every current system) has reliable
signals this is not needed. In the unlikely even that -portable
is still being used on such systems we will deal with it in the
compat layer. ok deraadt@
OpenBSD-Commit-ID: f53a1015cb6908431b92116130d285d71589612c
|
|
|
|
|
|
|
|
Prevents configure-time "present but cannot be compiled" warning.
|
|
|
|
This adds checks for gcc and clang flags for mitigations for Spectre
variant 2, ie "retpoline". It'll automatically enabled if the compiler
supports it as part of toolchain hardening flag. ok djm@
|
|
constify some private key-related functions; based on
https://github.com/openssh/openssh-portable/pull/56 by Vincent Brillault
OpenBSD-Commit-ID: dcb94a41834a15f4d00275cb5051616fdc4c988c
|
|
Mention ServerAliveTimeout in context of TCPKeepAlives;
prompted by Christoph Anton Mitterer via github
OpenBSD-Commit-ID: f0cf1b5bd3f1fbf41d71c88d75d93afc1c880ca2
|
|
clarify IgnoreUserKnownHosts; based on github PR from
Christoph Anton Mitterer.
OpenBSD-Commit-ID: 4fff2c17620c342fb2f1f9c2d2e679aab3e589c3
|
|
Shorter, more accurate explanation of
NoHostAuthenticationForLocalhost without the confusing example. Prompted by
Christoph Anton Mitterer via github and bz#2293.
OpenBSD-Commit-ID: 19dc96bea25b80d78d416b581fb8506f1e7b76df
|
|
Disable RemoteCommand and RequestTTY in the ssh session
started by scp. sftp is already doing this. From Camden Narzt via github; ok
dtucker
OpenBSD-Commit-ID: 59e2611141c0b2ee579c6866e8eb9d7d8217bc6b
|
|
Refuse to create a certificate with an unusable number of
principals; Prompted by gdestuynder via github
OpenBSD-Commit-ID: 8cfae2451e8f07810e3e2546dfdcce66984cbd29
|
|
fatal if we're unable to write all the public key; previously
we would silently ignore errors writing the comment and terminating newline.
Prompted by github PR from WillerZ; ok dtucker
OpenBSD-Commit-ID: 18fbfcfd4e8c6adbc84820039b64d70906e49831
|
|
|
|
|
|
Tell install not to strip binaries during package creation so that the
debuginfo package can be built.
|
|
|
|
|
|
|
|
When rhel is not set it will error out with "bad if". Add leading zero
as per https://fedoraproject.org/wiki/Packaging:DistTag so it'll work
on non-RHEL.
|
|
|
|
Activate '--mandir' and '--with-mandir' settings in setup for RHEL
5 compatibility.
|
|
It does not work inside 'mock' build environment.
|
|
|
|
|
|
|
|
Always include x11-ssh-askpass tarball in redhat SRPM, even if unused.
|