summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* upstream: deraadt noticed some inconsistency in the way we denotejmc@openbsd.org2019-06-142-10/+10
| | | | | | | | | the "Hostname" and "X11UseLocalhost" keywords; this makes things consistent (effectively reversing my commit of yesterday); ok deraadt markus djm OpenBSD-Commit-ID: 255c02adb29186ac91dcf47dfad7adb1b1e54667
* upstream: consistent lettering for "HostName" keyword; from laurijmc@openbsd.org2019-06-141-3/+3
| | | | | | tirkkonen OpenBSD-Commit-ID: 0c267a1257ed7482b13ef550837b6496e657d563
* Typo fixes in error messages.Darren Tucker2019-06-071-3/+3
| | | | | Patch from knweiss at gmail.com via github pull req #97 (portable- specific parts).
* upstream: Typo and spelling fixes in comments and error messages.dtucker@openbsd.org2019-06-074-9/+9
| | | | | | Patch from knweiss at gmail.com via -portable. OpenBSD-Commit-ID: 2577465442f761a39703762c4f87a8dfcb918b4b
* Include missed bits from previous sync.Darren Tucker2019-06-072-3/+2
|
* upstream: Check for user@host when parsing sftp target. Thisdtucker@openbsd.org2019-06-071-6/+11
| | | | | | | allows user@[1.2.3.4] to work without a path in addition to with one. bz#2999, ok djm@ OpenBSD-Commit-ID: d989217110932490ba8ce92127a9a6838878928b
* upstream: Replace calls to ssh_malloc_init() by a static init ofotto@openbsd.org2019-06-0712-31/+13
| | | | | | | malloc_options. Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@ OpenBSD-Commit-ID: 154f4e3e174f614b09f792d4d06575e08de58a6b
* upstream: fix ssh-keysign fd handling problem introduced in r1.304djm@openbsd.org2019-06-071-2/+2
| | | | | | caused by a typo (STDIN_FILENO vs STDERR_FILENO) OpenBSD-Commit-ID: 57a0b4be7bef23963afe24150e24bf014fdd9cb0
* upstream: Make the standard output messages of both methods oflum@openbsd.org2019-06-071-5/+16
| | | | | | | changing a key pair's comments (using -c and -C) more applicable to both methods. ok and suggestions djm@ dtucker@ OpenBSD-Commit-ID: b379338118109eb36e14a65bc0a12735205b3de6
* Always clean up before and after utimensat test.Darren Tucker2019-06-071-6/+13
|
* Update utimensat test.Darren Tucker2019-06-071-3/+17
| | | | | | | | | | | POSIX specifies that when given a symlink, AT_SYMLINK_NOFOLLOW should update the symlink and not the destination. The compat code doesn't have a way to do this, so where possible it fails instead of following a symlink when explicitly asked not to. Instead of checking for an explicit failure, check that it does not update the destination, which both the real and compat implmentations should honour. Inspired by github pull req #125 from chutzpah at gentoo.org.
* Have pthread_create return errno on failure.Darren Tucker2019-06-071-3/+2
| | | | | | According to POSIX, pthread_create returns the failure reason in the non-zero function return code so make the fork wrapper do that. Matches previous change.
* pthread_create(3) returns positive values on failure.Elliott Hughes2019-06-071-2/+4
| | | | | Found by inspection after finding similar bugs in other code used by Android.
* allow s390 specific ioctl for ecc hardware supportHarald Freudenberger2019-06-051-0/+1
| | | | | | | | | | | | | | | | | | | Adding another s390 specific ioctl to be able to support ECC hardware acceleration to the sandbox seccomp filter rules. Now the ibmca openssl engine provides elliptic curve cryptography support with the help of libica and CCA crypto cards. This is done via jet another ioctl call to the zcrypt device driver and so there is a need to enable this on the openssl sandbox. Code is s390 specific and has been tested, verified and reviewed. Please note that I am also the originator of the previous changes in that area. I posted these changes to Eduardo and he forwarded the patches to the openssl community. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
* openssl-devel is obsoleted by libssl-develSorin Adrian Savu2019-06-051-1/+1
| | | | | openssl-devel is no longer installable via the cygwin setup and it's hidden by default, so you can't see the replacement very easy.
* upstream: tweak previous;jmc@openbsd.org2019-05-211-3/+4
| | | | OpenBSD-Commit-ID: 42f39f22f53cfcb913bce401ae0f1bb93e08dd6c
* upstream: embiggen format buffer size for certificate serial number sodjm@openbsd.org2019-05-201-2/+2
| | | | | | that it will fit a full 64 bit integer. bz#3012 from Manoel Domingues Junior OpenBSD-Commit-ID: a51f3013056d05b976e5af6b978dcb9e27bbc12b
* upstream: When signing certificates with an RSA key, default todjm@openbsd.org2019-05-202-3/+19
| | | | | | | | | | | | | using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys will therefore be incompatible with OpenSSH < 7.2 unless the default is overridden. Document the ability of the ssh-keygen -t flag to override the signature algorithm when signing certificates, and the new default. ok deraadt@ OpenBSD-Commit-ID: 400c9c15013978204c2cb80f294b03ae4cfc8b95
* Add no-op implementation of pam_putenv.Darren Tucker2019-05-171-4/+8
| | | | | | Some platforms such as HP-UX do not have pam_putenv. Currently the calls are ifdef'ed out, but a new one was recently added. Remove the ifdefs and add a no-op implementation. bz#3008, ok djm.
* Use the correct macro for SSH_ALLOWED_CA_SIGALGS.Darren Tucker2019-05-171-1/+1
|
* Fix building w/out ECC.Darren Tucker2019-05-173-0/+32
| | | | | Ifdef out ECC specific code so that that it'll build against an OpenSSL configured w/out ECC. With & ok djm@
* Conditionalize ECDH methods in CA algos.Darren Tucker2019-05-171-3/+1
| | | | | When building against an OpenSSL configured without ECC, don't include those algos in CASignatureAlgorithms. ok djm@
* upstream: Move a variable declaration to the block where it's useddtucker@openbsd.org2019-05-171-3/+3
| | | | | | to make things a little tidier for -portable. OpenBSD-Commit-ID: 616379861be95619e5358768b7dee4793e2f3a75
* upstream: When doing the fork+exec'ing for ssh-keysign, rearrangederaadt@openbsd.org2019-05-171-7/+9
| | | | | | | the socket into fd3, so as to not mistakenly leak other fd forward accidentally. ok djm OpenBSD-Commit-ID: 24cc753f5aa2c6a7d0fbf62766adbc75cd785296
* upstream: Delete some .Sx macros that were used in a wrong way.schwarze@openbsd.org2019-05-172-10/+6
| | | | | | Part of a patch from Stephen Gregoratto <dev at sgregoratto dot me>. OpenBSD-Commit-ID: 15501ed13c595f135e7610b1a5d8345ccdb513b7
* upstream: For PermitOpen violations add the remote host and port toflorian@openbsd.org2019-05-171-3/+21
| | | | | | | | | | | | | | be able to find out from where the request was comming. Add the same logging for PermitListen violations which where not logged at all. Pointed out by Robert Kisteleki (robert AT ripe.net) input markus OK deraadt OpenBSD-Commit-ID: 8a7d0f1b7175504c0d1dca8d9aca1588b66448c8
* Add OpenSSL 1.1.1 to the supported list.Darren Tucker2019-05-151-6/+8
| | | | Clarify the language around prngd and egd.
* Fix typo in man page formatter selector.Darren Tucker2019-05-151-1/+1
|
* Use "doc" man page format if mandoc present.Darren Tucker2019-05-101-5/+5
| | | | | | | Previously configure would not select the "doc" man page format if mandoc was present but nroff was not. This checks for mandoc first and removes a now-superflous AC_PATH_PROG. Based on a patch from vehk at vehk.de and feedback from schwarze at usta.de.
* upstream: Use the correct (according to POSIX) format fordtucker@openbsd.org2019-05-081-3/+3
| | | | | | | left-justification in snmprintf. bz#3002, patch from velemas at gmail.com, ok markus@. OpenBSD-Commit-ID: 65d252b799be0cc8f68b6c47cece0a57bb00fea7
* upstream: Free channel objects on exit path. Patch from markus atdtucker@openbsd.org2019-05-081-4/+24
| | | | | | blueflash.cc, ok deraadt OpenBSD-Commit-ID: dbe4db381603909482211ffdd2b48abd72169117
* upstream: Free host on exit path. Patch from markus atdtucker@openbsd.org2019-05-081-1/+2
| | | | | | blueflash.cc, ok djm@ OpenBSD-Commit-ID: c54e9945d93c4ce28350d8b9fa8b71f744ef2b5a
* upstream: Wrap XMSS including in ifdef. Patch from markus atdtucker@openbsd.org2019-05-081-2/+4
| | | | | | blueflash.cc, ok djm OpenBSD-Commit-ID: e3b34fc35cf12d33bde91ac03633210a3bc0f8b5
* upstream: Import regenerated moduli.dtucker@openbsd.org2019-05-081-0/+1
| | | | OpenBSD-Commit-ID: db6375fc302e3bdf07d96430c63c991b2c2bd3ff
* upstream: Use the LogLevel typdef instead of int where appropriate. Patch ↵dtucker@openbsd.org2019-05-082-4/+5
| | | | | | from Markus Schmidt via openssh-unix-dev, ok markus@ OpenBSD-Commit-ID: 4c0f0f458e3da7807806b35e3eb5c1e8403c968a
* upstream: Document new default RSA key size. Fromdtucker@openbsd.org2019-05-081-4/+4
| | | | | | sebastiaanlokhorst at gmail.com via bz#2997. OpenBSD-Commit-ID: bdd62ff5d4d649d2147904e91bf7cefa82fe11e1
* upstream: When running sshd -T, assume any attibute not provided bydtucker@openbsd.org2019-05-083-10/+15
| | | | | | | -C does not match, which allows it to work when sshd_config contains a Match directive with or without -C. bz#2858, ok djm@ OpenBSD-Commit-ID: 1a701f0a33e3bc96753cfda2fe0b0378520b82eb
* upstream: Remove crc32.{c,h} which were only used by the now-gonedtucker@openbsd.org2019-05-085-141/+4
| | | | | | SSH1 protocol. Patch from yumkam at gmail.com, ok deraadt. OpenBSD-Commit-ID: cceda5876c5ba6b4d8abcd52335329198cee3240
* Remove unused variables from RLIMIT_NOFILE test.Darren Tucker2019-04-301-2/+1
|
* Import regenerated moduli.Darren Tucker2019-04-261-451/+451
|
* Whitespace resync w/OpenBSD.Darren Tucker2019-04-261-9/+9
| | | | Patch from markus at blueflash.cc via openssh-unix-dev.
* Don't install duplicate STREAMS modules on SolarisDarren Tucker2019-04-261-0/+9
| | | | | | | Check if STREAMS modules are already installed on pty before installing since when compiling with XPG>=4 they will likely be installed already. Prevents hangs and duplicate lines on the terminal. bz#2945 and bz#2998, patch from djm@
* makedependV_8_0_P1Damien Miller2019-04-181-1/+1
|
* second thoughts: leave README in placeDamien Miller2019-04-051-0/+74
| | | | | | | A number of contrib/* files refer to the existing README so let's leave it in place for release and add the new markdown version in parallel. I'll get rid of README after release.
* Revert "rewrite README"Damien Miller2019-04-051-59/+47
| | | | This reverts commit 9444d82678cb7781820da4d1c23b3c2b9fb1e12f.
* rewrite READMEDamien Miller2019-04-051-47/+59
| | | | | | | Include basic build instructions and comments on commonly-used build- time flags, links to the manual pages and other resources. Now in Markdown format for better viewing on github, etc.
* update versionsDamien Miller2019-04-043-3/+3
|
* upstream: openssh-8.0djm@openbsd.org2019-04-041-2/+2
| | | | OpenBSD-Commit-ID: 5aafdf218679dab982fea20771afd643be9a127b
* session: Do not use removed APIDamien Miller2019-04-031-1/+1
| | | | from Jakub Jelen
* upstream: when logging/fataling on error, include a bit more detaildjm@openbsd.org2019-04-031-17/+21
| | | | | | than just the function name and the error message OpenBSD-Commit-ID: dd72d7eba2215fcb89be516c378f633ea5bcca9f
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-30 04:35:24 +0100