Age | Commit message (Collapse) | Author |
|
The code required to support it is quite invasive to the mainline
code that is synced with upstream and is an ongoing maintenance burden.
Both the hardware and software are literal museum pieces these days and
we could not find anyone still running OpenSSH on one.
|
|
|
|
|
|
'p' was removed in previous change but I neglected to remove the
otherwise-unused assignment to it.
|
|
OpenBSD-Commit-ID: 674edd214d0a7332dd4623c9cf8117301b012890
|
|
The signal handlers from the original ssh1 code on which OpenSSH
is based assume unreliable signals and reinstall their handlers.
Since OpenBSD (and pretty much every current system) has reliable
signals this is not needed. In the unlikely even that -portable
is still being used on such systems we will deal with it in the
compat layer. ok deraadt@
OpenBSD-Commit-ID: f53a1015cb6908431b92116130d285d71589612c
|
|
|
|
|
|
|
|
Prevents configure-time "present but cannot be compiled" warning.
|
|
|
|
This adds checks for gcc and clang flags for mitigations for Spectre
variant 2, ie "retpoline". It'll automatically enabled if the compiler
supports it as part of toolchain hardening flag. ok djm@
|
|
constify some private key-related functions; based on
https://github.com/openssh/openssh-portable/pull/56 by Vincent Brillault
OpenBSD-Commit-ID: dcb94a41834a15f4d00275cb5051616fdc4c988c
|
|
Mention ServerAliveTimeout in context of TCPKeepAlives;
prompted by Christoph Anton Mitterer via github
OpenBSD-Commit-ID: f0cf1b5bd3f1fbf41d71c88d75d93afc1c880ca2
|
|
clarify IgnoreUserKnownHosts; based on github PR from
Christoph Anton Mitterer.
OpenBSD-Commit-ID: 4fff2c17620c342fb2f1f9c2d2e679aab3e589c3
|
|
Shorter, more accurate explanation of
NoHostAuthenticationForLocalhost without the confusing example. Prompted by
Christoph Anton Mitterer via github and bz#2293.
OpenBSD-Commit-ID: 19dc96bea25b80d78d416b581fb8506f1e7b76df
|
|
Disable RemoteCommand and RequestTTY in the ssh session
started by scp. sftp is already doing this. From Camden Narzt via github; ok
dtucker
OpenBSD-Commit-ID: 59e2611141c0b2ee579c6866e8eb9d7d8217bc6b
|
|
Refuse to create a certificate with an unusable number of
principals; Prompted by gdestuynder via github
OpenBSD-Commit-ID: 8cfae2451e8f07810e3e2546dfdcce66984cbd29
|
|
fatal if we're unable to write all the public key; previously
we would silently ignore errors writing the comment and terminating newline.
Prompted by github PR from WillerZ; ok dtucker
OpenBSD-Commit-ID: 18fbfcfd4e8c6adbc84820039b64d70906e49831
|
|
|
|
|
|
Tell install not to strip binaries during package creation so that the
debuginfo package can be built.
|
|
|
|
|
|
|
|
When rhel is not set it will error out with "bad if". Add leading zero
as per https://fedoraproject.org/wiki/Packaging:DistTag so it'll work
on non-RHEL.
|
|
|
|
Activate '--mandir' and '--with-mandir' settings in setup for RHEL
5 compatibility.
|
|
It does not work inside 'mock' build environment.
|
|
|
|
|
|
|
|
Always include x11-ssh-askpass tarball in redhat SRPM, even if unused.
|
|
|
|
Remove unused sKerberosTgtPassing from enum. From
calestyo via github pull req #11, ok djm@
OpenBSD-Commit-ID: 1008f8870865a7c4968b7aed402a0a9e3e5b9540
|
|
Rename struct umac_ctx to umac128_ctx too. In portable
some linkers complain about two symbols with the same name having differing
sizes. ok djm@
OpenBSD-Commit-ID: cbebf8bdd3310a9795b4939a1e112cfe24061ca3
|
|
ssh_free checks for and handles NULL args, remove NULL
checks from remaining callers. ok djm@
OpenBSD-Commit-ID: bb926825c53724c069df68a93a2597f9192f7e7b
|
|
Sometimes multiplex tests fail on Solaris with "netcat: local_listen:
Address already in use" which is likely due to previous invocations
leaving the port in TIME_WAIT. Set SO_REUSEADDR (in addition to
SO_REUSEPORT which is alread set on platforms that support it). ok djm@
|
|
Convert some explicit_bzero()/free() calls to freezero().
ok deraadt@ dtucker@
OpenBSD-Commit-ID: f566ab99149650ebe58b1d4b946ea726c3829609
|
|
Remove some #ifdef notyet code from OpenSSL 0.9.8 days.
These functions have never appeared in OpenSSL and are likely never to do
so.
"kill it with fire" djm@
OpenBSD-Commit-ID: fee9560e283fd836efc2631ef381658cc673d23e
|
|
Remove all guards for calls to OpenSSL free functions -
all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards.
Prompted by dtucker@ asking about guards for RSA_free(), when looking at
openssh-portable pr#84 on github.
ok deraadt@ dtucker@
OpenBSD-Commit-ID: 954f1c51b94297d0ae1f749271e184141e0cadae
|
|
The configure checks that populated $SCARD_MSG were removed in commits
7ea845e4 and d8f60022 when the smartcard support was replaced with
PKCS#11.
|
|
Replace "trojan horse" with the correct term (MITM).
From maikel at predikkta.com via bz#2822, ok markus@
OpenBSD-Commit-ID: e86ac64c512057c89edfadb43302ac0aa81a6c53
|
|
Add a couple of non-negativity checks to avoid close(-1).
ok djm
OpenBSD-Commit-ID: 4701ce0b37161c891c838d0931305f1d37a50880
|
|
The file descriptors for socket, stdin, stdout and stderr
aren't necessarily distinct, so check if they are the same to avoid closing
the same fd several times.
ok djm
OpenBSD-Commit-ID: 60d71fd22e9a32f5639d4ba6e25a2f417fc36ac1
|
|
I accidentially a word
OpenBSD-Commit-ID: 4547ee713fa941da861e83ae7a3e6432f915e14a
|
|
certificate options are case-sensitive; fix case on one
that had it wrong.
move a badly-place sentence to a less bad place
OpenBSD-Commit-ID: 231e516bba860699a1eece6d48532d825f5f747b
|
|
|
|
Fix a logic bug in sshd_exchange_identification which
prevented clients using major protocol version 2 from connecting to the
server. ok millert@
OpenBSD-Commit-ID: 8668dec04586e27f1c0eb039ef1feb93d80a5ee9
|
|
Add missing braces; fixes 'write: Socket is not
connected' error in ssh. ok deraadt@
OpenBSD-Commit-ID: db73a3a9e147722d410866cac34d43ed52e1ad24
|