summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-05-01Define INT32_MAX and INT64_MAX if needed.Darren Tucker
2017-05-01Wrap stdint.h in HAVE_STDINT_HDarren Tucker
2017-05-01upstream commitdjm@openbsd.org
remove unused variable Upstream-ID: 66011f00819d0e71b14700449a98414033284516
2017-05-01upstream commitdjm@openbsd.org
eliminate explicit specification of protocol in tests and loops over protocol. We only support SSHv2 now. Upstream-Regress-ID: 0082838a9b8a382b7ee9cbf0c1b9db727784fadd
2017-05-01upstream commitdjm@openbsd.org
remove SSHv1 support from unit tests Upstream-Regress-ID: 395ca2aa48f1f7d23eefff6cb849ea733ca8bbfe
2017-05-01upstream commitdjm@openbsd.org
fixup setting ciphercontext->plaintext (lost in SSHv1 purge), though it isn't really used for much anymore. Upstream-ID: 859b8bce84ff4865b32097db5430349d04b9b747
2017-05-01remove configure --with-ssh1Damien Miller
2017-05-01upstream commitdjm@openbsd.org
flense SSHv1 support from ssh-agent, considerably simplifying it ok markus Upstream-ID: 71d772cdcefcb29f76e01252e8361e6fc2dfc365
2017-05-01upstream commitdjm@openbsd.org
obliterate ssh1.h and some dead code that used it ok markus@ Upstream-ID: 1ca9159a9fb95618f9d51e069ac8e1131a087343
2017-05-01upstream commitdjm@openbsd.org
exterminate the -1 flag from scp ok markus@ Upstream-ID: 26d247f7065da15056b209cef5f594ff591b89db
2017-05-01upstream commitdjm@openbsd.org
purge the last traces of SSHv1 from the TTY modes handling code ok markus Upstream-ID: 963a19f1e06577377c38a3b7ce468f121b966195
2017-05-01upstream commitdjm@openbsd.org
remove the (in)famous SSHv1 CRC compensation attack detector. Despite your cameo in The Matrix movies, you will not be missed. ok markus Upstream-ID: 44261fce51a56d93cdb2af7b6e184be629f667e0
2017-05-01upstream commitdjm@openbsd.org
undo some local debugging stuff that I committed by accident Upstream-ID: fe5b31f69a60d47171836911f144acff77810217
2017-05-01upstream commitdjm@openbsd.org
remove SSHv1 support from packet and buffer APIs ok markus@ Upstream-ID: bfc290053d40b806ecac46317d300677d80e1dc9
2017-05-01upstream commitdjm@openbsd.org
remove SSHv1-related buffers from client code Upstream-ID: dca5d01108f891861ceaf7ba1c0f2eb274e0c7dd
2017-05-01upstream commitdjm@openbsd.org
remove KEY_RSA1 ok markus@ Upstream-ID: 7408517b077c892a86b581e19f82a163069bf133
2017-05-01upstream commitdjm@openbsd.org
remove SSHv1 configuration options and man pages bits ok markus@ Upstream-ID: 84638c23546c056727b7a7d653c72574e0f19424
2017-05-01upstream commitdjm@openbsd.org
remove SSH1 make flag and associated files ok markus@ Upstream-ID: ba9feacc5787337c413db7cf26ea3d53f854cfef
2017-05-01upstream commitdjm@openbsd.org
remove SSHv1 ciphers; ok markus@ Upstream-ID: e5ebc5e540d7f23a8c1266db1839794d4d177890
2017-05-01upstream commitdjm@openbsd.org
remove compat20/compat13/compat15 variables ok markus@ Upstream-ID: 43802c035ceb3fef6c50c400e4ecabf12354691c
2017-05-01upstream commitdjm@openbsd.org
remove options.protocol and client Protocol configuration knob ok markus@ Upstream-ID: 5a967f5d06e2d004b0235457b6de3a9a314e9366
2017-05-01upstream commitdjm@openbsd.org
unifdef WITH_SSH1 ok markus@ Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7
2017-05-01upstream commitjmc@openbsd.org
tweak previous; Upstream-ID: a3abc6857455299aa42a046d232b7984568bceb9
2017-05-01upstream commitdjm@openbsd.org
allow ssh-keygen to include arbitrary string or flag certificate extensions and critical options. ok markus@ dtucker@ Upstream-ID: 2cf28dd6c5489eb9fc136e0b667ac3ea10241646
2017-05-01upstream commitjmc@openbsd.org
sort; Upstream-ID: 7e6b56e52b039cf44d0418e9de9aca20a2d2d15a
2017-04-28Typo.Darren Tucker
Upstream-Regress-ID: 1e6b51ddf767cbad0a4e63eb08026c127e654308
2017-04-28Add 2 regress commits I applied by hand.Darren Tucker
Upstream-Regress-ID: 30c20180c87cbc99fa1020489fe7fd8245b6420c Upstream-Regress-ID: 1e6b51ddf767cbad0a4e63eb08026c127e654308
2017-04-28Merge integrity.sh rev 1.22.Darren Tucker
Merge missing bits from Colin Watson's patch in bz#2658 which make integrity tests more robust against timeouts. ok djm@
2017-04-28Id sync for integrity.sh rev 1.21 which pulls in some shell portability fixesDarren Tucker
2017-04-28upstream commitjsg@openbsd.org
Change COMPILER_VERSION tests which limited additional warnings to gcc4 to instead skip them on gcc3 as clang can handle -Wpointer-sign and -Wold-style-definition. Upstream-Regress-ID: e48d7dc13e48d9334b8195ef884dfbc51316012f
2017-04-28upstream commitdjm@openbsd.org
include key fingerprint in "Offering public key" debug message Upstream-ID: 964749f820c2ed4cf6a866268b1a05e907315c52
2017-04-28upstream commitmillert@openbsd.org
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@ Upstream-ID: f31caae73ddab6df496b7bbbf7da431e267ad135
2017-04-28upstream commitdtucker@openbsd.org
Add SyslogFacility option to ssh(1) matching the equivalent option in sshd(8). bz#2705, patch from erahn at arista.com, ok djm@ Upstream-ID: d5115c2c0193ceb056ed857813b2a7222abda9ed
2017-04-28upstream commitjsg@openbsd.org
remove a static array unused since rev 1.306 spotted by clang ok djm@ Upstream-ID: 249b3eed2446f6074ba2219ccc46919dd235a7b8
2017-04-28upstream commitmillert@openbsd.org
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@ Upstream-ID: 1f82640861c7d905bbb05e7d935d46b0419ced02
2017-04-25Fix typo in "socketcall".Darren Tucker
Pointed out by jjelen at redhat.com.
2017-04-24Deny socketcall in seccomp filter on ppc64le.Darren Tucker
OpenSSL is using socket() calls (in FIPS mode) when handling ECDSA keys in privsep child. The socket() syscall is already denied in the seccomp filter, but in ppc64le kernel, it is implemented using socketcall() syscall, which is not denied yet (only SYS_SHUTDOWN is allowed) and therefore fails hard. Patch from jjelen at redhat.com.
2017-04-18upstream commitschwarze@openbsd.org
Recognize nl_langinfo(CODESET) return values "646" and "" as aliases for "US-ASCII", useful for different versions of NetBSD and Solaris. Found by dtucker@ and by Tom G. Christensen <tgc at jupiterrise dot com>. OK dtucker@ deraadt@ Upstream-ID: 38c2133817cbcae75c88c63599ac54228f0fa384
2017-04-18upstream commitjsg@openbsd.org
Change COMPILER_VERSION tests which limited additional warnings to gcc4 to instead skip them on gcc3 as clang can handle -Wpointer-sign and -Wold-style-definition. Upstream-ID: 5cbe348aa76dc1adf55be6c0e388fafaa945439a
2017-04-04upstream commitdjm@openbsd.org
disallow creation (of empty files) in read-only mode; reported by Michal Zalewski, feedback & ok deraadt@ Upstream-ID: 5d9c8f2fa8511d4ecf95322994ffe73e9283899b
2017-04-04upstream commitderaadt@openbsd.org
incorrect renditions of this quote bother me Upstream-ID: 1662be3ebb7a71d543da088119c31d4d463a9e49
2017-03-31Check for and use gcc's -pipe.Darren Tucker
Speeds up configure and build by a couple of percent. ok djm@
2017-03-29Import fmt_scaled.c rev 1.16 from OpenBSD.Darren Tucker
Fix overly-conservative overflow checks on mulitplications and add checks on additions. This allows scan_scaled to work up to +/-LLONG_MAX (LLONG_MIN will still be flagged as a range error). ok millert@
2017-03-29Import fmt_scaled.c rev 1.15 from OpenBSD.Darren Tucker
Collapse underflow and overflow checks into a single block. ok djm@ millert@
2017-03-29Import fmt_scaled.c rev 1.14 from OpenBSD.Darren Tucker
Catch integer underflow in scan_scaled reported by Nicolas Iooss. ok deraadt@ djm@
2017-03-29Don't check privsep user or path when unprivilegedDarren Tucker
If running with privsep (mandatory now) as a non-privileged user, we don't chroot or change to an unprivileged user however we still checked the existence of the user and directory. Don't do those checks if we're not going to use them. Based in part on a patch from Lionel Fourquaux via Corinna Vinschen, ok djm@
2017-03-29Remove SHA256 EVP wrapper implementation.Darren Tucker
All supported versions of OpenSSL should now have SHA256 so remove our EVP wrapper implementaion. ok djm@
2017-03-29Remove check for OpenSSL < 0.9.8g.Darren Tucker
We no longer support OpenSSL < 1.0.1 so remove check for unreliable ECC in OpenSSL < 0.9.8g.
2017-03-29Remove compat code for OpenSSL < 0.9.7.Darren Tucker
Resyncs that code with OpenBSD upstream.
2017-03-29Remove SSHv1 code path.Darren Tucker
Server-side support for Protocol 1 has been removed so remove !compat20 PAM code path.