summaryrefslogtreecommitdiff
path: root/Makefile.in
AgeCommit message (Collapse)Author
2018-08-24Install authorized_keys(5) as a symlink to sshd(8)Tomas Pospisek
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1720 Bug-Debian: http://bugs.debian.org/441817 Last-Update: 2013-09-14 Patch-Name: authorized-keys-man-symlink.patch
2018-08-24GSSAPI key exchange supportSimon Wilkinson
This patch has been rejected upstream: "None of the OpenSSH developers are in favour of adding this, and this situation has not changed for several years. This is not a slight on Simon's patch, which is of fine quality, but just that a) we don't trust GSSAPI implementations that much and b) we don't like adding new KEX since they are pre-auth attack surface. This one is particularly scary, since it requires hooks out to typically root-owned system resources." However, quite a lot of people rely on this in Debian, and it's better to have it merged into the main openssh package rather than having separate -krb5 packages (as we used to have). It seems to have a generally good security history. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242 Last-Updated: 2018-08-24 Patch-Name: gssapi.patch
2018-08-23fix path in distclean targetDamien Miller
Patch from Jakub Jelen
2018-07-31Remove support for S/KeyDamien Miller
Most people will 1) be using modern multi-factor authentication methods like TOTP/OATH etc and 2) be getting support for multi-factor authentication via PAM or BSD Auth.
2018-07-20Create control sockets in clean temp directoriesDamien Miller
Adds a regress/mkdtemp tool and uses it to create empty temp directories for tests needing control sockets. Patch from Colin Watson via bz#2660; ok dtucker
2018-07-19upstream: Remove support for running ssh(1) setuid and fatal ifdtucker@openbsd.org
attempted. Do not link uidwap.c into ssh any more. Neuters UsePrivilegedPort, which will be marked as deprecated shortly. ok markus@ djm@ OpenBSD-Commit-ID: c4ba5bf9c096f57a6ed15b713a1d7e9e2e373c42
2018-07-13rm regress/misc/kexfuzz/*.o in distclean targetDamien Miller
2018-07-12upstream: remove legacy key emulation layer; ok djm@markus@openbsd.org
OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
2018-07-10upstream: remove legacy buffer API emulation layer; ok djm@markus@openbsd.org
OpenBSD-Commit-ID: 2dd5dc17cbc23195be4299fa93be2707a0e08ad9
2018-04-13Revert $REGRESSTMP changes.Darren Tucker
Revert 3fd2d229 and subsequent changes as they turned out to be a portability hassle.
2018-04-10Many typo fixes from Karsten WeissDamien Miller
Spotted using https://github.com/lucasdemarchi/codespell
2018-02-26Replace $(CURDIR) with $(PWD).Darren Tucker
The former doesn't work on Solaris or BSDs.
2018-02-26Fix breakage when REGRESSTMP not set.Darren Tucker
BUILDDIR is not set where used for REGRESSTMP, use make's CURDIR instead. Pointed out by djm@.
2018-02-26object files end with .o - not .cDamien Miller
2018-02-26upstream: Add experimental support for PQC XMSS keys (Extendedmarkus@openbsd.org
Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@ OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac
2018-02-23Use portable syntax for REGRESSTMP.Darren Tucker
2018-02-19Add REGRESSTMP make var override.Darren Tucker
Defaults to original location ($srcdir/regress) but allows overriding if desired, eg a directory in /tmp.
2018-02-15Remove remaining now-obsolete cvs $Ids.Darren Tucker
2017-12-19remove blocks.c from MakefileDamien Miller
2017-12-19upstream commitnaddy@openbsd.org
Create a persistent umac128.c source file: #define the output size and the name of the entry points for UMAC-128 before including umac.c. Idea from FreeBSD. ok dtucker@ OpenBSD-Commit-ID: 463cfacfa07cb8060a4d4961e63dca307bf3f4b1
2017-12-12Ensure config.h is always in dependencies.Darren Tucker
Put an empty config.h into the dependency list to ensure that it's always listed and consistent.
2017-12-11Add autogenerated dependency info to Makefile.Darren Tucker
Adds a .depend file containing dependency information generated by makedepend, which is appended to the generated Makefile by configure. You can regen the file with "make -f Makefile.in depend" if necessary, but we'll be looking at some way to automatically keep this up to date. "no objection" djm@
2017-12-09Remove now-used check for perl.Darren Tucker
2017-12-01Replace mkinstalldirs with mkdir -p.Darren Tucker
Check for MIKDIR_P and use it instead of mkinstalldirs. Should fix "mkdir: cannot create directory:... File exists" during "make install". Patch from eb at emlix.com.
2017-12-01Remove RSA1 host key generation.Darren Tucker
SSH1 support is now gone, remove SSH1 key generation. Patch from eb at emlix.com.
2017-08-25Split platform_sys_dir_uid into its own fileDamien Miller
platform.o is too heavy for libssh.a use; it calls into the server on many platforms. Move just the function needed by misc.c into its own file.
2017-08-23misc.c needs functions from platform.c nowDamien Miller
2017-07-21upstream commitdjm@openbsd.org
remove post-SSHv1 removal dead code from rsa.c and merge the remaining bit that it still used into ssh-rsa.c; ok markus Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f
2017-05-09clean up regress files and add a .gitignoreDamien Miller
2017-05-01upstream commitdjm@openbsd.org
remove the (in)famous SSHv1 CRC compensation attack detector. Despite your cameo in The Matrix movies, you will not be missed. ok markus Upstream-ID: 44261fce51a56d93cdb2af7b6e184be629f667e0
2017-05-01upstream commitdjm@openbsd.org
remove SSH1 make flag and associated files ok markus@ Upstream-ID: ba9feacc5787337c413db7cf26ea3d53f854cfef
2017-05-01upstream commitdjm@openbsd.org
remove SSHv1 ciphers; ok markus@ Upstream-ID: e5ebc5e540d7f23a8c1266db1839794d4d177890
2017-03-29Remove SHA256 EVP wrapper implementation.Darren Tucker
All supported versions of OpenSSL should now have SHA256 so remove our EVP wrapper implementaion. ok djm@
2017-03-14Plumb conversion test into makefile.Darren Tucker
2017-03-14Add a "unit" target to run only unit tests.Darren Tucker
2016-12-08Check for utf8 local support before testing it.Darren Tucker
Check for utf8 local support and if not found, do not attempt to run the utf8 tests. Suggested by djm@
2016-09-29upstream commitdjm@openbsd.org
Remove support for pre-authentication compression. Doing compression early in the protocol probably seemed reasonable in the 1990s, but today it's clearly a bad idea in terms of both cryptography (cf. multiple compression oracle attacks in TLS) and attack surface. Moreover, to support it across privilege-separation zlib needed the assistance of a complex shared-memory manager that made the required attack surface considerably larger. Prompted by Guido Vranken pointing out a compiler-elided security check in the shared memory manager found by Stack (http://css.csail.mit.edu/stack/); ok deraadt@ markus@ NB. pre-auth authentication has been disabled by default in sshd for >10 years. Upstream-ID: 32af9771788d45a0779693b41d06ec199d849caf
2016-08-23hook match and utf8 unittests up to MakefileDamien Miller
2016-08-14upstream commitmarkus@openbsd.org
remove ssh1 server code; ok djm@ Upstream-ID: c24c0c32c49b91740d5a94ae914fb1898ea5f534
2016-07-18Explicitly specify source files for regress tools.Darren Tucker
Since adding $(REGRESSLIBS), $? is wrong because it includes only the changed source files. $< seems like it'd be right however it doesn't seem to work on some non-GNU makes, so do what works everywhere.
2016-07-18Add dependency on libs for unit tests.Darren Tucker
Makes "./configure && make tests" work again. ok djm@
2016-07-18Correct location for kexfuzz in clean target.Darren Tucker
2016-07-15Map umac_ctx struct name too.Darren Tucker
Prevents size mismatch linker warnings on Solaris 11.
2016-06-15Move platform_disable_tracing into its own file.Darren Tucker
Prevents link errors resolving the extern "options" when platform.o gets linked into ssh-agent when building --with-pam.
2016-06-09Move prctl PR_SET_DUMPABLE into platform.c.Darren Tucker
This should make it easier to add additional platform support such as Solaris (bz#2584).
2016-06-06Fix utf->utf8 typo.Darren Tucker
2016-06-06upstream commitschwarze@openbsd.org
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter. This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream. Using feedback from djm@ and martijn@, various aspects discussed with many others. deraadt@ says it should go in now, i probably already hesitated too long Upstream-ID: e66afbc94ee396ddcaffd433b9a3b80f387647e0
2016-03-14Pass supported malloc options to connect-privsep.Darren Tucker
This allows us to activate only the supported options during the malloc option portion of the connect-privsep test.
2016-03-08make a regress-binaries targetDamien Miller
Easier to build all the regression/unit test binaries in one pass than going through all of ${REGRESS_BINARIES}
2016-03-04hook unittests/misc/kexfuzz into buildDamien Miller