summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* shorten temporary SSH_REGRESS_TMP pathV_7_8_P1V_7_8Damien Miller2018-08-231-1/+1
| | | | Previous path was exceeding max socket length on at least one platform (OSX)
* rebuild dependenciesDamien Miller2018-08-231-2/+2
|
* fix path in distclean targetDamien Miller2018-08-231-1/+1
| | | | Patch from Jakub Jelen
* upstream: memleak introduced in r1.83; from Colin Watsondjm@openbsd.org2018-08-231-2/+2
| | | | OpenBSD-Commit-ID: 5c019104c280cbd549a264a7217b67665e5732dc
* upstream: AIX reports the CODESET as "ISO8859-1" in the POSIX locale.schwarze@openbsd.org2018-08-221-4/+9
| | | | | | | | | | | | | Treating that as a safe encoding is OK because even when other systems return that string for real ISO8859-1, it is still safe in the sense that it is ASCII-compatible and stateless. Issue reported by Val dot Baranov at duke dot edu. Additional information provided by Michael dot Felt at felt dot demon dot nl. Tested by Michael Felt on AIX 6.1 and by Val Baranov on AIX 7.1. Tweak and OK djm@. OpenBSD-Commit-ID: 36f1210e0b229817d10eb490d6038f507b8256a7
* modified: openbsd-compat/port-uw.cTim Rice2018-08-211-1/+0
| | | | remove obsolete and un-needed include
* Missing unistd.h for regress/mkdtemp.cDamien Miller2018-08-201-0/+1
|
* update version numbers in anticipation of releaseDamien Miller2018-08-173-3/+3
|
* configure: work around GCC shortcoming on CygwinCorinna Vinschen2018-08-131-2/+9
| | | | | | | | | | | | | | Cygwin's latest 7.x GCC allows to specify -mfunction-return=thunk as well as -mindirect-branch=thunk on the command line, albeit producing invalid code, leading to an error at link stage. The check in configure.ac only checks if the option is present, but not if it produces valid code. This patch fixes it by special-casing Cygwin. Another solution may be to change these to linker checks. Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
* cygwin: add missing stdarg.h includeCorinna Vinschen2018-08-131-0/+1
| | | | | | | Further header file standarization in Cygwin uncovered a lazy indirect include in bsd-cygwin_util.c Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
* upstream: revert compat.[ch] section of the following change. Itdjm@openbsd.org2018-08-134-56/+34
| | | | | | | | | | | | causes double-free under some circumstances. -- date: 2018/07/31 03:07:24; author: djm; state: Exp; lines: +33 -18; commitid: f7g4UI8eeOXReTPh; fix some memory leaks spotted by Coverity via Jakub Jelen in bz#2366 feedback and ok dtucker@ OpenBSD-Commit-ID: 1e77547f60fdb5e2ffe23e2e4733c54d8d2d1137
* upstream: better diagnosics on alg list assembly errors; okdjm@openbsd.org2018-08-132-26/+29
| | | | | | deraadt@ markus@ OpenBSD-Commit-ID: 5a557e74b839daf13cc105924d2af06a1560faee
* Some AIX fixes; report from Michael FeltDamien Miller2018-08-111-2/+3
|
* upstream: The script that cooks up PuTTY format host keys does notdtucker@openbsd.org2018-08-101-3/+6
| | | | | | | understand the new key format so convert back to old format to create the PuTTY key and remove it once done. OpenBSD-Regress-ID: 2a449a18846c3a144bc645135b551ba6177e38d3
* upstream: improvedjm@openbsd.org2018-08-101-6/+6
| | | | OpenBSD-Commit-ID: 40d839db0977b4e7ac8b647b16d5411d4faf2f60
* upstream: Describe pubkey format, prompted by bz#2853djm@openbsd.org2018-08-101-1/+32
| | | | | | | | While I'm here, describe and link to the remaining local PROTOCOL.* docs that weren't already mentioned (PROTOCOL.key, PROTOCOL.krl and PROTOCOL.mux) OpenBSD-Commit-ID: 2a900f9b994ba4d53e7aeb467d44d75829fd1231
* upstream: fix numberingdjm@openbsd.org2018-08-101-3/+3
| | | | OpenBSD-Commit-ID: bc7a1764dff23fa4c5ff0e3379c9c4d5b63c9596
* upstream: Use new private key format by default. This format isdjm@openbsd.org2018-08-082-19/+12
| | | | | | | | | | | | suported by OpenSSH >= 6.5 (released January 2014), so it should be supported by most OpenSSH versions in active use. It is possible to convert new-format private keys to the older format using "ssh-keygen -f /path/key -pm PEM". ok deraadt dtucker OpenBSD-Commit-ID: e3bd4f2509a2103bfa2f710733426af3ad6d8ab8
* upstream: invalidate dh->priv_key after freeing it in error path;djm@openbsd.org2018-08-061-1/+2
| | | | | | | avoids unlikely double-free later. Reported by Viktor Dukhovni via https://github.com/openssh/openssh-portable/pull/96 feedback jsing@ tb@ OpenBSD-Commit-ID: e317eb17c3e05500ae851f279ef6486f0457c805
* upstream: delay bailout for invalid authenticdjm@openbsd.org2018-07-313-19/+28
| | | | | | | | | | | =?UTF-8?q?ating=20user=20until=20after=20the=20packet=20containing=20the?= =?UTF-8?q?=20request=20has=20been=20fully=20parsed.=20Reported=20by=20Dar?= =?UTF-8?q?iusz=20Tytko=20and=20Micha=C5=82=20Sajdak;=20ok=20deraadt?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenBSD-Commit-ID: b4891882fbe413f230fe8ac8a37349b03bd0b70d
* upstream: fix some memory leaks spotted by Coverity via Jakub Jelendjm@openbsd.org2018-07-317-56/+82
| | | | | | in bz#2366 feedback and ok dtucker@ OpenBSD-Commit-ID: 8402bbae67d578bedbadb0ce68ff7c5a136ef563
* Remove support for S/KeyDamien Miller2018-07-3115-232/+9
| | | | | | Most people will 1) be using modern multi-factor authentication methods like TOTP/OATH etc and 2) be getting support for multi-factor authentication via PAM or BSD Auth.
* upstream: avoid expensive channel_open_message() calls; ok djm@markus@openbsd.org2018-07-313-6/+15
| | | | OpenBSD-Commit-ID: aea3b5512ad681cd8710367d743e8a753d4425d9
* upstream: Now that ssh can't be setuid, remove thedtucker@openbsd.org2018-07-314-36/+13
| | | | | | | original_real_uid and original_effective_uid globals and replace with calls to plain getuid(). ok djm@ OpenBSD-Commit-ID: 92561c0cd418d34e6841e20ba09160583e27b68c
* upstream: Remove uid checks from low port binds. Now that sshdtucker@openbsd.org2018-07-314-17/+15
| | | | | | | | | cannot be setuid and sshd always has privsep on, we can remove the uid checks for low port binds and just let the system do the check. We leave a sanity check for the !privsep case so long as the code is stil there. with & ok djm@ OpenBSD-Commit-ID: 9535cfdbd1cd54486fdbedfaee44ce4367ec7ca0
* upstream: ssh(1) no longer supports being setuid root. Remove referencedtucker@openbsd.org2018-07-271-8/+2
| | | | | | to crc32 which went with protocol 1. Pointed out by deraadt@. OpenBSD-Commit-ID: f8763c25fd96ed91dd1abdab5667fd2e27e377b6
* correct snprintf truncation check in closefrom()Damien Miller2018-07-271-1/+1
| | | | | | | Truncation cannot happen unless the system has set PATH_MAX to some nonsensically low value. bz#2862, patch from Daniel Le
* Include stdarg.h in mkdtemp for va_list.Darren Tucker2018-07-271-0/+1
|
* upstream: Don't redefine Makefile choices which come correct fromderaadt@openbsd.org2018-07-261-0/+1
| | | | | | bsd.*.mk ok markus OpenBSD-Commit-ID: 814b2f670df75759e1581ecef530980b2b3d7e0f
* upstream: fix indent; Clemens Goessnitzerderaadt@openbsd.org2018-07-261-2/+2
| | | | OpenBSD-Commit-ID: b5149a6d92b264d35f879d24608087b254857a83
* upstream: Use the caller provided (copied) pwent struct inbeck@openbsd.org2018-07-261-3/+1
| | | | | | | | | load_public_identity_files instead of calling getpwuid() again and discarding the argument. This prevents a client crash where tilde_expand_filename calls getpwuid() again before the pwent pointer is used. Issue noticed and reported by Pierre-Olivier Martel <pom@apple.com> ok djm@ deraadt@ OpenBSD-Commit-ID: a067d74b5b098763736c94cc1368de8ea3f0b157
* upstream: oops, failed to notice that SEE ALSO got messed up;jmc@openbsd.org2018-07-261-2/+2
| | | | OpenBSD-Commit-ID: 61c1306542cefdc6e59ac331751afe961557427d
* upstream: Point to glob in section 7 for the actual list of specialkn@openbsd.org2018-07-262-13/+13
| | | | | | | | characters instead the C API in section 3. OK millert jmc nicm, "the right idea" deraadt OpenBSD-Commit-ID: a74fd215488c382809e4d041613aeba4a4b1ffc6
* upstream: Switch authorized_keys example from ssh-dss to ssh-rsadtucker@openbsd.org2018-07-261-5/+5
| | | | | | | since the former is no longer enabled by default. Pointed out by Daniel A. Maierhofer, ok jmc OpenBSD-Commit-ID: 6a196cef53d7524e0c9b58cdbc1b5609debaf8c7
* upstream: slightly-clearer description for AuthenticationMethods - thedjm@openbsd.org2018-07-201-3/+3
| | | | | | lists have comma-separated elements; bz#2663 from Hans Meier OpenBSD-Commit-ID: 931c983d0fde4764d0942fb2c2b5017635993b5a
* Create control sockets in clean temp directoriesDamien Miller2018-07-205-2/+83
| | | | | | | Adds a regress/mkdtemp tool and uses it to create empty temp directories for tests needing control sockets. Patch from Colin Watson via bz#2660; ok dtucker
* upstream: remove unused zlib.hdjm@openbsd.org2018-07-202-16/+2
| | | | OpenBSD-Commit-ID: 8d274a9b467c7958df12668b49144056819f79f1
* upstream: Fix typo in comment. From Alexandru Iacob via github.dtucker@openbsd.org2018-07-201-2/+2
| | | | OpenBSD-Commit-ID: eff4ec07c6c8c5483533da43a4dda37d72ef7f1d
* Explicitly include openssl before zlib.Darren Tucker2018-07-201-0/+12
| | | | | | Some versions of OpenSSL have "free_func" in their headers, which zlib typedefs. Including openssl after zlib (eg via sshkey.h) results in "syntax error before `free_func'", which this fixes.
* upstream: Deprecate UsePrivilegedPort now that support for runningdtucker@openbsd.org2018-07-199-66/+25
| | | | | | | | | | | | | ssh(1) setuid has been removed, remove supporting code and clean up references to it in the man pages We have not shipped ssh(1) the setuid bit since 2002. If ayone really needs to make connections from a low port number this can be implemented via a small setuid ProxyCommand. ok markus@ jmc@ djm@ OpenBSD-Commit-ID: d03364610b7123ae4c6792f5274bd147b6de717e
* upstream: Remove support for running ssh(1) setuid and fatal ifdtucker@openbsd.org2018-07-1911-134/+22
| | | | | | | | attempted. Do not link uidwap.c into ssh any more. Neuters UsePrivilegedPort, which will be marked as deprecated shortly. ok markus@ djm@ OpenBSD-Commit-ID: c4ba5bf9c096f57a6ed15b713a1d7e9e2e373c42
* upstream: Slot 0 in the hostbased key array was previously RSA1,dtucker@openbsd.org2018-07-191-22/+22
| | | | | | | | | but that is now gone and the slot is unused so remove it. Remove two now-unused macros, and add an array bounds check to the two remaining ones (array is statically sized, so mostly a safety check on future changes). ok markus@ OpenBSD-Commit-ID: 2e4c0ca6cc1d8daeccead2aa56192a3f9d5e1e7a
* upstream: Remove support for loading HostBasedAuthentication keysdtucker@openbsd.org2018-07-193-39/+9
| | | | | | | directly in ssh(1) and always use ssh-keysign. This removes one of the few remaining reasons why ssh(1) might be setuid. ok markus@ OpenBSD-Commit-ID: 97f01e1448707129a20d75f86bad5d27c3cf0b7d
* upstream: keep options.identity_file_userprovided array in sync when wedjm@openbsd.org2018-07-161-2/+18
| | | | | | load keys, fixing some spurious error messages; ok markus OpenBSD-Commit-ID: c63e3d5200ee2cf9e35bda98de847302566c6a00
* upstream: memleak in unittest; found by valgrinddjm@openbsd.org2018-07-161-3/+34
| | | | OpenBSD-Regress-ID: 168c23b0fb09fc3d0b438628990d3fd9260a8a5e
* upstream: memleaks; found by valgrinddjm@openbsd.org2018-07-162-3/+5
| | | | OpenBSD-Commit-ID: 6c3ba22be53e753c899545f771e8399fc93cd844
* Undef a few new macros in sys-queue.h.Darren Tucker2018-07-141-0/+5
| | | | Prevents macro redefinition warnings on OSX.
* Include unistd.h for geteuid declaration.Darren Tucker2018-07-131-0/+1
|
* Fallout from buffer conversion in AUDIT_EVENTS.Darren Tucker2018-07-131-2/+4
| | | | Supply missing "int r" and fix error path for sshbuf_new().
* upstream: make this use ssh_proxy rather than starting/stopping adjm@openbsd.org2018-07-131-4/+8
| | | | | | daemon for each testcase OpenBSD-Regress-ID: 608b7655ea65b1ba8fff5a13ce9caa60ef0c8166
View Lorry Controller Status