summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-02-11Include headers for linux/if.h.Darren Tucker
Prevents configure-time "present but cannot be compiled" warning.
2018-02-11Fix test for -z,retpolineplt linker flag.Darren Tucker
2018-02-11Add checks for Spectre v2 mitigation (retpoline)Darren Tucker
This adds checks for gcc and clang flags for mitigations for Spectre variant 2, ie "retpoline". It'll automatically enabled if the compiler supports it as part of toolchain hardening flag. ok djm@
2018-02-10upstream commitdjm@openbsd.org
constify some private key-related functions; based on https://github.com/openssh/openssh-portable/pull/56 by Vincent Brillault OpenBSD-Commit-ID: dcb94a41834a15f4d00275cb5051616fdc4c988c
2018-02-10upstream commitdjm@openbsd.org
Mention ServerAliveTimeout in context of TCPKeepAlives; prompted by Christoph Anton Mitterer via github OpenBSD-Commit-ID: f0cf1b5bd3f1fbf41d71c88d75d93afc1c880ca2
2018-02-10upstream commitdjm@openbsd.org
clarify IgnoreUserKnownHosts; based on github PR from Christoph Anton Mitterer. OpenBSD-Commit-ID: 4fff2c17620c342fb2f1f9c2d2e679aab3e589c3
2018-02-10upstream commitdjm@openbsd.org
Shorter, more accurate explanation of NoHostAuthenticationForLocalhost without the confusing example. Prompted by Christoph Anton Mitterer via github and bz#2293. OpenBSD-Commit-ID: 19dc96bea25b80d78d416b581fb8506f1e7b76df
2018-02-10upstream commitdjm@openbsd.org
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker OpenBSD-Commit-ID: 59e2611141c0b2ee579c6866e8eb9d7d8217bc6b
2018-02-10upstream commitdjm@openbsd.org
Refuse to create a certificate with an unusable number of principals; Prompted by gdestuynder via github OpenBSD-Commit-ID: 8cfae2451e8f07810e3e2546dfdcce66984cbd29
2018-02-10upstream commitdjm@openbsd.org
fatal if we're unable to write all the public key; previously we would silently ignore errors writing the comment and terminating newline. Prompted by github PR from WillerZ; ok dtucker OpenBSD-Commit-ID: 18fbfcfd4e8c6adbc84820039b64d70906e49831
2018-02-10Add changelog entry for binary strip change.Darren Tucker
2018-02-10Remove unused variables.Darren Tucker
2018-02-10Don't strip binaries so debuginfo gets built.Darren Tucker
Tell install not to strip binaries during package creation so that the debuginfo package can be built.
2018-02-10Fix bogus dates in changelog.Darren Tucker
2018-02-10Remove SSH1 from description.Darren Tucker
2018-02-10Add support for compat-openssl10 build dep.Darren Tucker
2018-02-10Add leading zero so it'll work when rhel not set.Darren Tucker
When rhel is not set it will error out with "bad if". Add leading zero as per https://fedoraproject.org/wiki/Packaging:DistTag so it'll work on non-RHEL.
2018-02-10Update openssl-devel dependency.Darren Tucker
2018-02-10Add mandir with-mandir' for RHEL 5 compatibility.nkadel
Activate '--mandir' and '--with-mandir' settings in setup for RHEL 5 compatibility.
2018-02-10Discard 'K5DIR' reporting.nkadel
It does not work inside 'mock' build environment.
2018-02-10Add 'dist' to 'rel' for OS specific RPM names.nkadel
2018-02-10Add openssh-devel >= 0.9.8f for redhat spec file.nkadel
2018-02-10Enhance BuildRequires for openssh-x11-askpass.nkadel
2018-02-10Always include x11-ssh-askpass SRPM.nkadel
Always include x11-ssh-askpass tarball in redhat SRPM, even if unused.
2018-02-10this is long unused; prompted by dtucker@Damien Miller
2018-02-09upstream commitdtucker@openbsd.org
Remove unused sKerberosTgtPassing from enum. From calestyo via github pull req #11, ok djm@ OpenBSD-Commit-ID: 1008f8870865a7c4968b7aed402a0a9e3e5b9540
2018-02-09upstream commitdtucker@openbsd.org
Rename struct umac_ctx to umac128_ctx too. In portable some linkers complain about two symbols with the same name having differing sizes. ok djm@ OpenBSD-Commit-ID: cbebf8bdd3310a9795b4939a1e112cfe24061ca3
2018-02-09upstream commitdtucker@openbsd.org
ssh_free checks for and handles NULL args, remove NULL checks from remaining callers. ok djm@ OpenBSD-Commit-ID: bb926825c53724c069df68a93a2597f9192f7e7b
2018-02-08Set SO_REUSEADDR in regression test netcat.Darren Tucker
Sometimes multiplex tests fail on Solaris with "netcat: local_listen: Address already in use" which is likely due to previous invocations leaving the port in TIME_WAIT. Set SO_REUSEADDR (in addition to SO_REUSEPORT which is alread set on platforms that support it). ok djm@
2018-02-08upstream commitjsing@openbsd.org
Convert some explicit_bzero()/free() calls to freezero(). ok deraadt@ dtucker@ OpenBSD-Commit-ID: f566ab99149650ebe58b1d4b946ea726c3829609
2018-02-08upstream commitjsing@openbsd.org
Remove some #ifdef notyet code from OpenSSL 0.9.8 days. These functions have never appeared in OpenSSL and are likely never to do so. "kill it with fire" djm@ OpenBSD-Commit-ID: fee9560e283fd836efc2631ef381658cc673d23e
2018-02-08upstream commitjsing@openbsd.org
Remove all guards for calls to OpenSSL free functions - all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards. Prompted by dtucker@ asking about guards for RSA_free(), when looking at openssh-portable pr#84 on github. ok deraadt@ dtucker@ OpenBSD-Commit-ID: 954f1c51b94297d0ae1f749271e184141e0cadae
2018-02-07Remove obsolete "Smartcard support" messageDarren Tucker
The configure checks that populated $SCARD_MSG were removed in commits 7ea845e4 and d8f60022 when the smartcard support was replaced with PKCS#11.
2018-02-07upstream commitdtucker@openbsd.org
Replace "trojan horse" with the correct term (MITM). From maikel at predikkta.com via bz#2822, ok markus@ OpenBSD-Commit-ID: e86ac64c512057c89edfadb43302ac0aa81a6c53
2018-02-07upstream committb@openbsd.org
Add a couple of non-negativity checks to avoid close(-1). ok djm OpenBSD-Commit-ID: 4701ce0b37161c891c838d0931305f1d37a50880
2018-02-07upstream committb@openbsd.org
The file descriptors for socket, stdin, stdout and stderr aren't necessarily distinct, so check if they are the same to avoid closing the same fd several times. ok djm OpenBSD-Commit-ID: 60d71fd22e9a32f5639d4ba6e25a2f417fc36ac1
2018-02-07upstream commitdjm@openbsd.org
I accidentially a word OpenBSD-Commit-ID: 4547ee713fa941da861e83ae7a3e6432f915e14a
2018-02-07upstream commitdjm@openbsd.org
certificate options are case-sensitive; fix case on one that had it wrong. move a badly-place sentence to a less bad place OpenBSD-Commit-ID: 231e516bba860699a1eece6d48532d825f5f747b
2018-01-24crypto_api.h needs includes.hDamien Miller
2018-01-24upstream commitstsp@openbsd.org
Fix a logic bug in sshd_exchange_identification which prevented clients using major protocol version 2 from connecting to the server. ok millert@ OpenBSD-Commit-ID: 8668dec04586e27f1c0eb039ef1feb93d80a5ee9
2018-01-24upstream commitstsp@openbsd.org
Add missing braces; fixes 'write: Socket is not connected' error in ssh. ok deraadt@ OpenBSD-Commit-ID: db73a3a9e147722d410866cac34d43ed52e1ad24
2018-01-23rebuild dependsDamien Miller
2018-01-23one SSH_BUG_BANNER instance that got awayDamien Miller
2018-01-23upstream commitdjm@openbsd.org
Drop compatibility hacks for some ancient SSH implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These versions were all released in or before 2001 and predate the final SSH RFCs. The hacks in question aren't necessary for RFC- compliant SSH implementations. ok markus@ OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
2018-01-23upstream commitdjm@openbsd.org
try harder to preserve errno during ssh_connect_direct() to make the final error message possibly accurate; bz#2814, ok dtucker@ OpenBSD-Commit-ID: 57de882cb47381c319b04499fef845dd0c2b46ca
2018-01-23upstream commitdjm@openbsd.org
unbreak support for clients that advertise a protocol version of "1.99" (indicating both v2 and v1 support). Busted by me during SSHv1 purge in r1.358; bz2810, ok dtucker OpenBSD-Commit-ID: e8f9c2bee11afc16c872bb79d6abe9c555bd0e4b
2018-01-23upstream commitdjm@openbsd.org
don't attempt to force hostnames that are addresses to lowercase, but instead canonicalise them through getnameinfo/getaddrinfo to remove ambiguities (e.g. ::0001 => ::1) before they are matched against known_hosts; bz#2763, ok dtucker@ OpenBSD-Commit-ID: ba0863ff087e61e5c65efdbe53be3cb92c9aefa0
2018-01-23upstream commitdjm@openbsd.org
avoid modifying pw->pw_passwd; let endpwent() clean up for us, but keep a scrubbed copy; bz2777, ok dtucker@ OpenBSD-Commit-ID: 715afc0f59c6b82c4929a73279199ed241ce0752
2018-01-23upstream commitnaddy@openbsd.org
clarify authorship; prodded by and ok markus@ OpenBSD-Commit-ID: e1938eee58c89b064befdabe232835fa83bb378c
2018-01-23upstream commitmarkus@openbsd.org
group shared source files (e.g. SRCS_KEX) and allow compilation w/o OPENSSL ok djm@ OpenBSD-Commit-ID: fa728823ba21c4b45212750e1d3a4b2086fd1a62