Age | Commit message (Collapse) | Author |
|
Prevents configure-time "present but cannot be compiled" warning.
|
|
|
|
This adds checks for gcc and clang flags for mitigations for Spectre
variant 2, ie "retpoline". It'll automatically enabled if the compiler
supports it as part of toolchain hardening flag. ok djm@
|
|
constify some private key-related functions; based on
https://github.com/openssh/openssh-portable/pull/56 by Vincent Brillault
OpenBSD-Commit-ID: dcb94a41834a15f4d00275cb5051616fdc4c988c
|
|
Mention ServerAliveTimeout in context of TCPKeepAlives;
prompted by Christoph Anton Mitterer via github
OpenBSD-Commit-ID: f0cf1b5bd3f1fbf41d71c88d75d93afc1c880ca2
|
|
clarify IgnoreUserKnownHosts; based on github PR from
Christoph Anton Mitterer.
OpenBSD-Commit-ID: 4fff2c17620c342fb2f1f9c2d2e679aab3e589c3
|
|
Shorter, more accurate explanation of
NoHostAuthenticationForLocalhost without the confusing example. Prompted by
Christoph Anton Mitterer via github and bz#2293.
OpenBSD-Commit-ID: 19dc96bea25b80d78d416b581fb8506f1e7b76df
|
|
Disable RemoteCommand and RequestTTY in the ssh session
started by scp. sftp is already doing this. From Camden Narzt via github; ok
dtucker
OpenBSD-Commit-ID: 59e2611141c0b2ee579c6866e8eb9d7d8217bc6b
|
|
Refuse to create a certificate with an unusable number of
principals; Prompted by gdestuynder via github
OpenBSD-Commit-ID: 8cfae2451e8f07810e3e2546dfdcce66984cbd29
|
|
fatal if we're unable to write all the public key; previously
we would silently ignore errors writing the comment and terminating newline.
Prompted by github PR from WillerZ; ok dtucker
OpenBSD-Commit-ID: 18fbfcfd4e8c6adbc84820039b64d70906e49831
|
|
|
|
|
|
Tell install not to strip binaries during package creation so that the
debuginfo package can be built.
|
|
|
|
|
|
|
|
When rhel is not set it will error out with "bad if". Add leading zero
as per https://fedoraproject.org/wiki/Packaging:DistTag so it'll work
on non-RHEL.
|
|
|
|
Activate '--mandir' and '--with-mandir' settings in setup for RHEL
5 compatibility.
|
|
It does not work inside 'mock' build environment.
|
|
|
|
|
|
|
|
Always include x11-ssh-askpass tarball in redhat SRPM, even if unused.
|
|
|
|
Remove unused sKerberosTgtPassing from enum. From
calestyo via github pull req #11, ok djm@
OpenBSD-Commit-ID: 1008f8870865a7c4968b7aed402a0a9e3e5b9540
|
|
Rename struct umac_ctx to umac128_ctx too. In portable
some linkers complain about two symbols with the same name having differing
sizes. ok djm@
OpenBSD-Commit-ID: cbebf8bdd3310a9795b4939a1e112cfe24061ca3
|
|
ssh_free checks for and handles NULL args, remove NULL
checks from remaining callers. ok djm@
OpenBSD-Commit-ID: bb926825c53724c069df68a93a2597f9192f7e7b
|
|
Sometimes multiplex tests fail on Solaris with "netcat: local_listen:
Address already in use" which is likely due to previous invocations
leaving the port in TIME_WAIT. Set SO_REUSEADDR (in addition to
SO_REUSEPORT which is alread set on platforms that support it). ok djm@
|
|
Convert some explicit_bzero()/free() calls to freezero().
ok deraadt@ dtucker@
OpenBSD-Commit-ID: f566ab99149650ebe58b1d4b946ea726c3829609
|
|
Remove some #ifdef notyet code from OpenSSL 0.9.8 days.
These functions have never appeared in OpenSSL and are likely never to do
so.
"kill it with fire" djm@
OpenBSD-Commit-ID: fee9560e283fd836efc2631ef381658cc673d23e
|
|
Remove all guards for calls to OpenSSL free functions -
all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards.
Prompted by dtucker@ asking about guards for RSA_free(), when looking at
openssh-portable pr#84 on github.
ok deraadt@ dtucker@
OpenBSD-Commit-ID: 954f1c51b94297d0ae1f749271e184141e0cadae
|
|
The configure checks that populated $SCARD_MSG were removed in commits
7ea845e4 and d8f60022 when the smartcard support was replaced with
PKCS#11.
|
|
Replace "trojan horse" with the correct term (MITM).
From maikel at predikkta.com via bz#2822, ok markus@
OpenBSD-Commit-ID: e86ac64c512057c89edfadb43302ac0aa81a6c53
|
|
Add a couple of non-negativity checks to avoid close(-1).
ok djm
OpenBSD-Commit-ID: 4701ce0b37161c891c838d0931305f1d37a50880
|
|
The file descriptors for socket, stdin, stdout and stderr
aren't necessarily distinct, so check if they are the same to avoid closing
the same fd several times.
ok djm
OpenBSD-Commit-ID: 60d71fd22e9a32f5639d4ba6e25a2f417fc36ac1
|
|
I accidentially a word
OpenBSD-Commit-ID: 4547ee713fa941da861e83ae7a3e6432f915e14a
|
|
certificate options are case-sensitive; fix case on one
that had it wrong.
move a badly-place sentence to a less bad place
OpenBSD-Commit-ID: 231e516bba860699a1eece6d48532d825f5f747b
|
|
|
|
Fix a logic bug in sshd_exchange_identification which
prevented clients using major protocol version 2 from connecting to the
server. ok millert@
OpenBSD-Commit-ID: 8668dec04586e27f1c0eb039ef1feb93d80a5ee9
|
|
Add missing braces; fixes 'write: Socket is not
connected' error in ssh. ok deraadt@
OpenBSD-Commit-ID: db73a3a9e147722d410866cac34d43ed52e1ad24
|
|
|
|
|
|
Drop compatibility hacks for some ancient SSH
implementations, including ssh.com <=2.* and OpenSSH <= 3.*.
These versions were all released in or before 2001 and predate the
final SSH RFCs. The hacks in question aren't necessary for RFC-
compliant SSH implementations.
ok markus@
OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
|
|
try harder to preserve errno during
ssh_connect_direct() to make the final error message possibly accurate;
bz#2814, ok dtucker@
OpenBSD-Commit-ID: 57de882cb47381c319b04499fef845dd0c2b46ca
|
|
unbreak support for clients that advertise a protocol
version of "1.99" (indicating both v2 and v1 support). Busted by me during
SSHv1 purge in r1.358; bz2810, ok dtucker
OpenBSD-Commit-ID: e8f9c2bee11afc16c872bb79d6abe9c555bd0e4b
|
|
don't attempt to force hostnames that are addresses to
lowercase, but instead canonicalise them through getnameinfo/getaddrinfo to
remove ambiguities (e.g. ::0001 => ::1) before they are matched against
known_hosts; bz#2763, ok dtucker@
OpenBSD-Commit-ID: ba0863ff087e61e5c65efdbe53be3cb92c9aefa0
|
|
avoid modifying pw->pw_passwd; let endpwent() clean up
for us, but keep a scrubbed copy; bz2777, ok dtucker@
OpenBSD-Commit-ID: 715afc0f59c6b82c4929a73279199ed241ce0752
|
|
clarify authorship; prodded by and ok markus@
OpenBSD-Commit-ID: e1938eee58c89b064befdabe232835fa83bb378c
|
|
group shared source files (e.g. SRCS_KEX) and allow
compilation w/o OPENSSL ok djm@
OpenBSD-Commit-ID: fa728823ba21c4b45212750e1d3a4b2086fd1a62
|