summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-10-20upstream commitdjm@openbsd.org
In the description of pattern-lists, clarify negated matches by explicitly stating that a negated match will never yield a positive result, and that at least one positive term in the pattern-list must match. bz#1918 Upstream-ID: 652d2f9d993f158fc5f83cef4a95cd9d95ae6a14
2017-10-20upstream commitdjm@openbsd.org
log debug messages sent to peer; ok deraadt markus Upstream-ID: 3b4fdc0a06ea5083f61d96e20043000f477103d9
2017-10-20upstream commitjmc@openbsd.org
trim permitrootlogin description somewhat, to avoid ambiguity; original diff from walter alejandro iglesias, tweaked by sthen and myself ok sthen schwarze deraadt Upstream-ID: 1749418b2bc073f3fdd25fe21f8263c3637fe5d2
2017-10-20upstream commitdjm@openbsd.org
mention SSH_USER_AUTH in the list of environment variables Upstream-ID: 1083397c3ee54b4933121ab058c70a0fc6383691
2017-10-20upstream commitdjm@openbsd.org
BIO_get_mem_data() is supposed to take a char* as pointer argument, so don't pass it a const char* Upstream-ID: 1ccd91eb7f4dd4f0fa812d4f956987cd00b5f6ec
2017-10-20upstream commitbenno@openbsd.org
clarify the order in which config statements are used. ok jmc@ djm@ Upstream-ID: e37e27bb6bbac71315e22cb9690fd8a556a501ed
2017-10-20upstream commitdjm@openbsd.org
replace statically-sized arrays in ServerOptions with dynamic ones managed by xrecallocarray, removing some arbitrary (though large) limits and saving a bit of memory; "much nicer" markus@ Upstream-ID: 1732720b2f478fe929d6687ac7b0a97ff2efe9d2
2017-10-20upstream commitjmc@openbsd.org
%C is hashed; from klemens nanni ok markus Upstream-ID: 6ebed7b2e1b6ee5402a67875d74f5e2859d8f998
2017-10-05upstream commitdjm@openbsd.org
exercise PermitOpen a little more thoroughly Upstream-Regress-ID: f41592334e227a4c1f9a983044522de4502d5eac
2017-10-05upstream commitdtucker@openbsd.org
UsePrivilegeSeparation is gone, stop trying to test it. Upstream-Regress-ID: 796a5057cfd79456a20ea935cc53f6eb80ace191
2017-10-05upstream commitdjm@openbsd.org
fix (another) problem in PermitOpen introduced during the channels.c refactor: the third and subsequent arguments to PermitOpen were being silently ignored; ok markus@ Upstream-ID: 067c89f1f53cbc381628012ba776d6861e6782fd
2017-10-03upstream commitdjm@openbsd.org
Fix PermitOpen crash; spotted by benno@, ok dtucker@ deraadt@ Upstream-ID: c2cc84ffac070d2e1ff76182c70ca230a387983c
2017-10-01update URL againDamien Miller
I spotted a typo in the draft so uploaded a new version...
2017-10-01sync release notes URLDamien Miller
2017-10-01sync contrib/ssh-copy-id with upstreamDamien Miller
2017-10-01update version in RPM spec filesDamien Miller
2017-10-01update agent draft URLDamien Miller
2017-10-01upstream commitdjm@openbsd.org
openssh-7.6; ok deraadt@ Upstream-ID: a39c3a5b63a1baae109ae1ae4c7c34c2a59acde0
2017-10-01upstream commitjmc@openbsd.org
tweak EposeAuthinfo; diff from lars nooden tweaked by sthen; ok djm dtucker Upstream-ID: 8f2ea5d2065184363e8be7a0ba24d98a3b259748
2017-09-28don't fatal ./configure for LibreSSLDamien Miller
2017-09-28abort in configure when only openssl-1.1.x foundDamien Miller
We don't support openssl-1.1.x yet (see multiple threads on the openssh-unix-dev@ mailing list for the reason), but previously ./configure would accept it and the compilation would subsequently fail. This makes ./configure display an explicit error message and abort. ok dtucker@
2017-09-27Check for and handle calloc(p, 0) = NULL.Darren Tucker
On some platforms (AIX, maybe others) allocating zero bytes of memory via the various *alloc functions returns NULL, which is permitted by the standards. Autoconf has some macros for detecting this (with the exception of calloc for some reason) so use these and if necessary activate shims for them. ok djm@
2017-09-26upstream commitmarkus@openbsd.org
test reverse dynamic forwarding with SOCKS Upstream-Regress-ID: 95cf290470f7e5e2f691e4bc6ba19b91eced2f79
2017-09-26sync missing changes in dynamic-forward.shDamien Miller
2017-09-25Add minimal strsignal for platforms without it.Darren Tucker
2017-09-24upstream commitdjm@openbsd.org
fix inverted test on channel open failure path that "upgraded" a transient failure into a fatal error; reported by sthen and also seen by benno@; ok sthen@ Upstream-ID: b58b3fbb79ba224599c6cd6b60c934fc46c68472
2017-09-24upstream commitdjm@openbsd.org
write the correct buffer when tunnel forwarding; doesn't matter on OpenBSD (they are the same) but does matter on portable where we use an output filter to translate os-specific tun/tap headers Upstream-ID: f1ca94eff48404827b12e1d12f6139ee99a72284
2017-09-24upstream commitdjm@openbsd.org
fix tunnel forwarding problem introduced in refactor; reported by stsp@ ok markus@ Upstream-ID: 81a731cdae1122c8522134095d1a8b60fa9dcd04
2017-09-22upstream commitmarkus@openbsd.org
Add 'reverse' dynamic forwarding which combines dynamic forwarding (-D) with remote forwarding (-R) where the remote-forwarded port expects SOCKS-requests. The SSH server code is unchanged and the parsing happens at the SSH clients side. Thus the full SOCKS-request is sent over the forwarded channel and the client parses c->output. Parsing happens in channel_before_prepare_select(), _before_ the select bitmask is computed in the pre[] handlers, but after network input processing in the post[] handlers. help and ok djm@ Upstream-ID: aa25a6a3851064f34fe719e0bf15656ad5a64b89
2017-09-22upstream commitdtucker@openbsd.org
Use strsignal in debug message instead of casting for the benefit of portable where sig_atomic_t might not be int. "much nicer" deraadt@ Upstream-ID: 2dac6c1e40511c700bd90664cd263ed2299dcf79
2017-09-22upstream commitmillert@openbsd.org
Use explicit_bzero() instead of bzero() before free() to prevent the compiler from optimizing away the bzero() call. OK djm@ Upstream-ID: cdc6197e64c9684c7250e23d60863ee1b53cef1d
2017-09-19upstream commitdjm@openbsd.org
fix use-after-free in ~^Z escape handler path, introduced in channels.c refactor; spotted by millert@ "makes sense" deraadt@ Upstream-ID: 8fa2cdc65c23ad6420c1e59444b0c955b0589b22
2017-09-19upstream commitdtucker@openbsd.org
Prevent type mismatch warning in debug on platforms where sig_atomic_t != int. ok djm@ Upstream-ID: 306e2375eb0364a4c68e48f091739bea4f4892ed
2017-09-19upstream commitdtucker@openbsd.org
Add braces missing after channels refactor. ok markus@ Upstream-ID: 72ab325c84e010680dbc88f226e2aa96b11a3980
2017-09-19add freezero(3) replacementDamien Miller
ok dtucker@
2017-09-19move FORTIFY_SOURCE into hardening options groupDamien Miller
It's still on by default, but now it's possible to turn it off using --without-hardening. This is useful since it's known to cause problems with some -fsanitize options. ok dtucker@
2017-09-18upstream commitbluhm@openbsd.org
Print SKIPPED if sudo and doas configuration is missing. Prevents that running the regression test with wrong environment is reported as failure. Keep the fatal there to avoid interfering with other setups for portable ssh. OK dtucker@ Upstream-Regress-ID: f0dc60023caef496ded341ac5aade2a606fa234e
2017-09-18upstream commitdtucker@openbsd.org
Remove obsolete privsep=no fallback test. Upstream-Regress-ID: 7d6e1baa1678ac6be50c2a1555662eb1047638df
2017-09-18upstream commitdtucker@openbsd.org
Remove non-privsep test since disabling privsep is now deprecated. Upstream-Regress-ID: 77ad3f3d8d52e87f514a80f285c6c1229b108ce8
2017-09-18upstream commitdtucker@openbsd.org
Don't call fatal from stop_sshd since it calls cleanup which calls stop_sshd which will probably fail in the same way. Instead, just bail. Differentiate between sshd dying without cleanup and not shutting down. Upstream-Regress-ID: f97315f538618b349e2b0bea02d6b0c9196c6bc4
2017-09-14upstream commitdjm@openbsd.org
Revert commitid: gJtIN6rRTS3CHy9b. ------------- identify the case where SSHFP records are missing but other DNS RR types are present and display a more useful error message for this case; patch by Thordur Bjornsson; bz#2501; ok dtucker@ ------------- This caused unexpected failures when VerifyHostKeyDNS=yes, SSHFP results are missing but the user already has the key in known_hosts Spotted by dtucker@ Upstream-ID: 97e31742fddaf72046f6ffef091ec0d823299920
2017-09-12adapt portable to channels API changesDamien Miller
2017-09-12upstream commitdjm@openbsd.org
unused variable Upstream-ID: 2f9ba09f2708993d35eac5aa71df910dcc52bac1
2017-09-12upstream commitdjm@openbsd.org
fix tun/tap forwarding case in previous Upstream-ID: 43ebe37a930320e24bca6900dccc39857840bc53
2017-09-12upstream commitdjm@openbsd.org
Make remote channel ID a u_int Previously we tracked the remote channel IDs in an int, but this is strictly incorrect: the wire protocol uses uint32 and there is nothing in-principle stopping a SSH implementation from sending, say, 0xffff0000. In practice everyone numbers their channels sequentially, so this has never been a problem. ok markus@ Upstream-ID: b9f4cd3dc53155b4a5c995c0adba7da760d03e73
2017-09-12upstream commitdjm@openbsd.org
refactor channels.c Move static state to a "struct ssh_channels" that is allocated at runtime and tracked as a member of struct ssh. Explicitly pass "struct ssh" to all channels functions. Replace use of the legacy packet APIs in channels.c. Rework sshd_config PermitOpen handling: previously the configuration parser would call directly into the channels layer. After the refactor this is not possible, as the channels structures are allocated at connection time and aren't available when the configuration is parsed. The server config parser now tracks PermitOpen itself and explicitly configures the channels code later. ok markus@ Upstream-ID: 11828f161656b965cc306576422613614bea2d8f
2017-09-12upstream commitdjm@openbsd.org
typo in comment Upstream-ID: a93b1e6f30f1f9b854b5b964b9fd092d0c422c47
2017-09-12upstream commitjmc@openbsd.org
tweak previous; Upstream-ID: bb8cc40b61b15f6a13d81da465ac5bfc65cbfc4b
2017-09-08Fuzzer harnesses for sig verify and pubkey parsingDamien Miller
These are some basic clang libfuzzer harnesses for signature verification and public key parsing. Some assembly (metaphorical) required.
2017-09-08Give configure ability to set CFLAGS/LDFLAGS laterDamien Miller
Some CFLAGS/LDFLAGS may disrupt the configure script's operation, in particular santization and fuzzer options that break assumptions about memory and file descriptor dispositions. This adds two flags to configure --with-cflags-after and --with-ldflags-after that allow specifying additional compiler and linker options that are added to the resultant Makefiles but not used in the configure run itself. E.g. env CC=clang-3.9 ./configure \ --with-cflags-after=-fsantize=address \ --with-ldflags-after="-g -fsanitize=address"