summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-08-17Correct LDFLAGS for clang example.Darren Tucker
--with-ldflags isn't used until after the -ftrapv test, so mention LDFLAGS instead for now.
2016-08-17Remove obsolete CVS $Id from source files.Darren Tucker
Since -portable switched to git the CVS $Id tags are no longer being updated and are becoming increasingly misleading. Remove them.
2016-08-17Remove now-obsolete CVS $Id tags from text files.Darren Tucker
Since -portable switched to git, the CVS $Id tags are no longer being updated and are becoming increasingly misleading. Remove them.
2016-08-17Add a section for compiler specifics.Darren Tucker
Add a section for compiler specifics and document the runtime requirements for clang's integer sanitization.
2016-08-17Test multiplying two long long ints.Darren Tucker
When using clang with -ftrapv or -sanitize=integer the tests would pass but linking would fail with "undefined reference to __mulodi4". Explicitly test for this before enabling -trapv.
2016-08-16add a --with-login-program configure argumentDamien Miller
Saves messing around with LOGIN_PROGRAM env var, which come packaging environments make hard to do during configure phase.
2016-08-16add --with-pam-service to specify PAM service nameDamien Miller
Saves messing around with CFLAGS to do it.
2016-08-16fix false positives when compiled with msanDamien Miller
Our explicit_bzero successfully confused clang -fsanitize-memory in to thinking that memset is never called to initialise memory. Ensure that it is called in a way that the compiler recognises.
2016-08-14upstream commitmarkus@openbsd.org
remove ssh1 server code; ok djm@ Upstream-ID: c24c0c32c49b91740d5a94ae914fb1898ea5f534
2016-08-14upstream commitjca@openbsd.org
Use 2001:db8::/32, the official IPv6 subnet for configuration examples. This makes the IPv6 example consistent with IPv4, and removes a dubious mention of a 6bone subnet. ok sthen@ millert@ Upstream-ID: b027f3d0e0073419a132fd1bf002e8089b233634
2016-08-14upstream commitdtucker@openbsd.org
Update moduli file. Upstream-ID: 6da9a37f74aef9f9cc639004345ad893cad582d8
2016-08-11Import updated moduli.Darren Tucker
2016-08-09upstream commitdtucker@openbsd.org
Improve error message for overlong ControlPath. ok markus@ djm@ Upstream-ID: aed374e2e88dd3eb41390003e5303d0089861eb5
2016-08-09upstream commitdjm@openbsd.org
small refactor of cipher.c: make ciphercontext opaque to callers feedback and ok markus@ Upstream-ID: 094849f8be68c3bdad2c0f3dee551ecf7be87f6f
2016-08-03upstream commitdtucker@openbsd.org
Fix bug introduced in rev 1.467 which causes "buffer_get_bignum_ret: incomplete message" errors when built with WITH_SSH1 and run such that no Protocol 1 ephemeral host key is generated (eg "Protocol 2", no SSH1 host key supplied). Reported by rainer.laatsch at t-online.de, ok deraadt@ Upstream-ID: aa6b132da5c325523aed7989cc5a320497c919dc
2016-08-03upstream commitdjm@openbsd.org
better bounds check on iovcnt (we only ever use fixed, positive values) Upstream-ID: 9baa6eb5cd6e30c9dc7398e5fe853721a3a5bdee
2016-08-02Use tabs consistently inside "case $host".Darren Tucker
2016-08-02Explicitly test for broken strnvis.Darren Tucker
NetBSD added an strnvis and unfortunately made it incompatible with the existing one in OpenBSD and Linux's libbsd (the former having existed for over ten years). Despite this incompatibility being reported during development (see http://gnats.netbsd.org/44977) they still shipped it. Even more unfortunately FreeBSD and later MacOS picked up this incompatible implementation. Try to detect this mess, and assume the only safe option if we're cross compiling. OpenBSD 2.9 (2001): strnvis(char *dst, const char *src, size_t dlen, int flag); NetBSD 6.0 (2012): strnvis(char *dst, size_t dlen, const char *src, int flag); ok djm@
2016-08-02update recommended autoconf versionDamien Miller
2016-08-02update config.guess and config.sub to currentDamien Miller
upstream commit 562f3512b3911ba0c77a7f68214881d1f241f46e
2016-08-02Replace spaces with tabs.Darren Tucker
Mechanically replace spaces with tabs in compat files not synced with OpenBSD.
2016-08-02Strip trailing whitespace.Darren Tucker
Mechanically strip trailing whitespace on files not synced with OpenBSD (or in the case of bsd-snprint.c, rsync).
2016-08-02Repair $OpenBSD markers.Darren Tucker
2016-08-02Repair $OpenBSD marker.Darren Tucker
2016-08-01modified: configure.ac opensshd.init.inTim Rice
Skip generating missing RSA1 key on startup unless ssh1 support is enabled. Spotted by Jean-Pierre Radley
2016-07-28define _OPENBSD_SOURCE for reallocarray on NetBSDDamien Miller
Report by and debugged with Hisashi T Fujinaka, dtucker nailed the problem (lack of prototype causing return type confusion).
2016-07-27KNFDamien Miller
2016-07-27Linux auditing also needs packet.hDamien Miller
2016-07-27fix auditing on LinuxDamien Miller
get_remote_ipaddr() was replaced with ssh_remote_ipaddr()
2016-07-24crank version numbersDamien Miller
2016-07-24upstream commitdjm@openbsd.org
openssh-7.3 Upstream-ID: af106a7eb665f642648cf1993e162c899f358718
2016-07-23Move Cygwin IPPORT_RESERVED overrride to defines.hDarren Tucker
Patch from vinschen at redhat.com.
2016-07-23upstream commitdjm@openbsd.org
fix pledge violation with ssh -f; reported by Valentin Kozamernik ok dtucker@ Upstream-ID: a61db7988db88d9dac3c4dd70e18876a8edf84aa
2016-07-23upstream commitdjm@openbsd.org
improve wording; suggested by jmc@ Upstream-ID: 55cb0a24c8e0618b3ceec80998dc82c85db2d2f8
2016-07-23upstream commitdtucker@openbsd.org
Lower loglevel for "Authenticated with partial success" message similar to other similar level. bz#2599, patch from cgallek at gmail.com, ok markus@ Upstream-ID: 3faab814e947dc7b2e292edede23e94c608cb4dd
2016-07-22retry waitpid on EINTR failureDamien Miller
patch from Jakub Jelen on bz#2581; ok dtucker@
2016-07-22upstream commitdjm@openbsd.org
constify a few functions' arguments; patch from Jakub Jelen bz#2581 Upstream-ID: f2043f51454ea37830ff6ad60c8b32b4220f448d
2016-07-22upstream commitdjm@openbsd.org
move debug("%p", key) to before key is free'd; probable undefined behaviour on strict compilers; reported by Jakub Jelen bz#2581 Upstream-ID: 767f323e1f5819508a0e35e388ec241bac2f953a
2016-07-22upstream commitdjm@openbsd.org
reverse the order in which -J/JumpHost proxies are visited to be more intuitive and document reported by and manpage bits naddy@ Upstream-ID: 3a68fd6a841fd6cf8cedf6552a9607ba99df179a
2016-07-22upstream commitdtucker@openbsd.org
Skip passwords longer than 1k in length so clients can't easily DoS sshd by sending very long passwords, causing it to spend CPU hashing them. feedback djm@, ok markus@. Brought to our attention by tomas.kuthan at oracle.com, shilei-c at 360.cn and coredump at autistici.org Upstream-ID: d0af7d4a2190b63ba1d38eec502bc4be0be9e333
2016-07-22upstream commitnaddy@openbsd.org
Do not clobber the global jump_host variables when parsing an inactive configuration. ok djm@ Upstream-ID: 5362210944d91417d5976346d41ac0b244350d31
2016-07-22upstream commitjmc@openbsd.org
tweak previous; Upstream-ID: f3c1a5b3f05dff366f60c028728a2b43f15ff534
2016-07-22upstream commitdtucker@openbsd.org
Allow wildcard for PermitOpen hosts as well as ports. bz#2582, patch from openssh at mzpqnxow.com and jjelen at redhat.com. ok markus@ Upstream-ID: af0294e9b9394c4e16e991424ca0a47a7cc605f2
2016-07-22upstream commitmarkus@openbsd.org
Reduce timing attack against obsolete CBC modes by always computing the MAC over a fixed size of data. Reported by Jean Paul Degabriele, Kenny Paterson, Torben Hansen and Martin Albrecht. ok djm@ Upstream-ID: f20a13279b00ba0afbacbcc1f04e62e9d41c2912
2016-07-21Search users for one with a valid salt.Darren Tucker
If the root account is locked (eg password "!!" or "*LK*") keep looking until we find a user with a valid salt to use for crypting passwords of invalid users. ok djm@
2016-07-18Explicitly specify source files for regress tools.Darren Tucker
Since adding $(REGRESSLIBS), $? is wrong because it includes only the changed source files. $< seems like it'd be right however it doesn't seem to work on some non-GNU makes, so do what works everywhere.
2016-07-18Conditionally include err.h.Darren Tucker
2016-07-18Remove local implementation of err, errx.Darren Tucker
We now have a shared implementation in libopenbsd-compat.
2016-07-18upstream commitdjm@openbsd.org
Add some unsigned overflow checks for extra_pad. None of these are reachable with the amount of padding that we use internally. bz#2566, pointed out by Torben Hansen. ok markus@ Upstream-ID: 4d4be8450ab2fc1b852d5884339f8e8c31c3fd76
2016-07-18Add dependency on libs for unit tests.Darren Tucker
Makes "./configure && make tests" work again. ok djm@