summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-02-23upstream: emphasise that the hostkey rotation may send key typesdjm@openbsd.org
that the client may not support, and that the client should simply disregard such keys (this is what ssh does already). OpenBSD-Commit-ID: 65f8ffbc32ac8d12be8f913d7c0ea55bef8622bf
2018-02-22Add headers for sys/audit.h.Darren Tucker
On some older platforms (at least sunos4, probably others) sys/audit.h requires some other headers. Patch from klausz at haus-gisela.de.
2018-02-19Add REGRESSTMP make var override.Darren Tucker
Defaults to original location ($srcdir/regress) but allows overriding if desired, eg a directory in /tmp.
2018-02-18Remove now-unused check for getrusage.Darren Tucker
getrusage was used in ssh-rand-helper but that's now long gone. Patch from klauszh at haus-gisela.de.
2018-02-16upstream: Don't send IUTF8 to servers that don't like them.dtucker@openbsd.org
Some SSH servers eg "ConfD" drop the connection if the client sends the new IUTF8 (RFC8160) terminal mode even if it's not set. Add a bug bit for such servers and avoid sending IUTF8 to them. ok djm@ OpenBSD-Commit-ID: 26425855402d870c3c0a90491e72e2a8a342ceda
2018-02-16freezero should check for NULL.Darren Tucker
2018-02-16upstream: Mention recent DH KEX methods:djm@openbsd.org
diffie-hellman-group14-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 From Jakub Jelen via bz#2826 OpenBSD-Commit-ID: 51bf769f06e55447f4bfa7306949e62d2401907a
2018-02-16upstream: stop loading DSA keys by default, remove sshd_configdjm@openbsd.org
stanza and manpage bits; from Colin Watson via bz#2662, ok dtucker@ OpenBSD-Commit-ID: d33a849f481684ff655c140f5eb1b4acda8c5c09
2018-02-16upstream: Ensure that D mod (P-1) and D mod (Q-1) are calculated injsing@openbsd.org
constant time. This avoids a potential side channel timing leak. ok djm@ markus@ OpenBSD-Commit-ID: 71ff3c16be03290e63d8edab8fac053d8a82968c
2018-02-16upstream: Some obvious freezero() conversions.jsing@openbsd.org
This also zeros an ed25519_pk when it was not being zeroed previously. ok djm@ dtucker@ OpenBSD-Commit-ID: 5c196a3c85c23ac0bd9b11bcadaedd90b7a2ce82
2018-02-15Remove execute bit from modpipe.c.Darren Tucker
2018-02-15Update prngd link to point to sourceforge.Darren Tucker
2018-02-15Remove references to UNICOS.Darren Tucker
2018-02-15Remove extra newline.Darren Tucker
2018-02-15OpenSSH's builtin entropy gathering is long gone.Darren Tucker
2018-02-15Replace remaining mysignal() with signal().Darren Tucker
These seem to have been missed during the replacement of mysignal with #define signal in commit 5ade9ab. Both include the requisite headers to pick up the #define.
2018-02-15Remove remaining now-obsolete cvs $Ids.Darren Tucker
2018-02-15Regenerate dependencies after UNICOS removal.Darren Tucker
2018-02-15Remove UNICOS support.Darren Tucker
The code required to support it is quite invasive to the mainline code that is synced with upstream and is an ongoing maintenance burden. Both the hardware and software are literal museum pieces these days and we could not find anyone still running OpenSSH on one.
2018-02-13Retpoline linker flag only needed for linking.Darren Tucker
2018-02-13Default PidFile is sshd.pid not ssh.pid.Darren Tucker
2018-02-13Remove assigned-to-but-never-used variable.Darren Tucker
'p' was removed in previous change but I neglected to remove the otherwise-unused assignment to it.
2018-02-13upstream: remove space before tabdjm@openbsd.org
OpenBSD-Commit-ID: 674edd214d0a7332dd4623c9cf8117301b012890
2018-02-13upstream Don't reset signal handlers inside handlers.dtucker@openbsd.org
The signal handlers from the original ssh1 code on which OpenSSH is based assume unreliable signals and reinstall their handlers. Since OpenBSD (and pretty much every current system) has reliable signals this is not needed. In the unlikely even that -portable is still being used on such systems we will deal with it in the compat layer. ok deraadt@ OpenBSD-Commit-ID: f53a1015cb6908431b92116130d285d71589612c
2018-02-13Whitespace sync with upstream.Darren Tucker
2018-02-13Whitespace sync with upstream.Darren Tucker
2018-02-11Move signal compat code into bsd-signal.{c,h}Darren Tucker
2018-02-11Include headers for linux/if.h.Darren Tucker
Prevents configure-time "present but cannot be compiled" warning.
2018-02-11Fix test for -z,retpolineplt linker flag.Darren Tucker
2018-02-11Add checks for Spectre v2 mitigation (retpoline)Darren Tucker
This adds checks for gcc and clang flags for mitigations for Spectre variant 2, ie "retpoline". It'll automatically enabled if the compiler supports it as part of toolchain hardening flag. ok djm@
2018-02-10upstream commitdjm@openbsd.org
constify some private key-related functions; based on https://github.com/openssh/openssh-portable/pull/56 by Vincent Brillault OpenBSD-Commit-ID: dcb94a41834a15f4d00275cb5051616fdc4c988c
2018-02-10upstream commitdjm@openbsd.org
Mention ServerAliveTimeout in context of TCPKeepAlives; prompted by Christoph Anton Mitterer via github OpenBSD-Commit-ID: f0cf1b5bd3f1fbf41d71c88d75d93afc1c880ca2
2018-02-10upstream commitdjm@openbsd.org
clarify IgnoreUserKnownHosts; based on github PR from Christoph Anton Mitterer. OpenBSD-Commit-ID: 4fff2c17620c342fb2f1f9c2d2e679aab3e589c3
2018-02-10upstream commitdjm@openbsd.org
Shorter, more accurate explanation of NoHostAuthenticationForLocalhost without the confusing example. Prompted by Christoph Anton Mitterer via github and bz#2293. OpenBSD-Commit-ID: 19dc96bea25b80d78d416b581fb8506f1e7b76df
2018-02-10upstream commitdjm@openbsd.org
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker OpenBSD-Commit-ID: 59e2611141c0b2ee579c6866e8eb9d7d8217bc6b
2018-02-10upstream commitdjm@openbsd.org
Refuse to create a certificate with an unusable number of principals; Prompted by gdestuynder via github OpenBSD-Commit-ID: 8cfae2451e8f07810e3e2546dfdcce66984cbd29
2018-02-10upstream commitdjm@openbsd.org
fatal if we're unable to write all the public key; previously we would silently ignore errors writing the comment and terminating newline. Prompted by github PR from WillerZ; ok dtucker OpenBSD-Commit-ID: 18fbfcfd4e8c6adbc84820039b64d70906e49831
2018-02-10releasing package openssh version 1:7.6p1-4Colin Watson
2018-02-10Add changelog entry for binary strip change.Darren Tucker
2018-02-10Remove unused variables.Darren Tucker
2018-02-10Don't strip binaries so debuginfo gets built.Darren Tucker
Tell install not to strip binaries during package creation so that the debuginfo package can be built.
2018-02-10Fix bogus dates in changelog.Darren Tucker
2018-02-10Remove SSH1 from description.Darren Tucker
2018-02-10Add support for compat-openssl10 build dep.Darren Tucker
2018-02-10Add leading zero so it'll work when rhel not set.Darren Tucker
When rhel is not set it will error out with "bad if". Add leading zero as per https://fedoraproject.org/wiki/Packaging:DistTag so it'll work on non-RHEL.
2018-02-10Update openssl-devel dependency.Darren Tucker
2018-02-10Add mandir with-mandir' for RHEL 5 compatibility.nkadel
Activate '--mandir' and '--with-mandir' settings in setup for RHEL 5 compatibility.
2018-02-10Discard 'K5DIR' reporting.nkadel
It does not work inside 'mock' build environment.
2018-02-10Add 'dist' to 'rel' for OS specific RPM names.nkadel
2018-02-10Add openssh-devel >= 0.9.8f for redhat spec file.nkadel