Commit Graph

9151 Commits

Author SHA1 Message Date
Darren Tucker
f1ca487940 Remove extra newline. 2018-02-15 22:28:00 +11:00
Darren Tucker
6d4e980f3c OpenSSH's builtin entropy gathering is long gone. 2018-02-15 22:27:51 +11:00
Darren Tucker
389125b25d Replace remaining mysignal() with signal().
These seem to have been missed during the replacement of mysignal
with #define signal in commit 5ade9ab.  Both include the requisite
headers to pick up the #define.
2018-02-15 22:06:26 +11:00
Darren Tucker
265d88d4e6 Remove remaining now-obsolete cvs $Ids. 2018-02-15 20:06:19 +11:00
Darren Tucker
015749e9b1 Regenerate dependencies after UNICOS removal. 2018-02-15 20:04:12 +11:00
Darren Tucker
ddc0f38148 Remove UNICOS support.
The code required to support it is quite invasive to the mainline
code that is synced with upstream and is an ongoing maintenance burden.
Both the hardware and software are literal museum pieces these days and
we could not find anyone still running OpenSSH on one.
2018-02-15 20:04:02 +11:00
Darren Tucker
174bed6869 Retpoline linker flag only needed for linking. 2018-02-13 18:12:47 +11:00
Darren Tucker
075e258c2c Default PidFile is sshd.pid not ssh.pid. 2018-02-13 17:36:43 +11:00
Darren Tucker
49f3c0ec47 Remove assigned-to-but-never-used variable.
'p' was removed in previous change but I neglected to remove the
otherwise-unused assignment to it.
2018-02-13 16:27:09 +11:00
djm@openbsd.org
b8bbff3b3f upstream: remove space before tab
OpenBSD-Commit-ID: 674edd214d0a7332dd4623c9cf8117301b012890
2018-02-13 14:38:05 +11:00
dtucker@openbsd.org
05046d907c upstream Don't reset signal handlers inside handlers.
The signal handlers from the original ssh1 code on which OpenSSH
is based assume unreliable signals and reinstall their handlers.
Since OpenBSD (and pretty much every current system) has reliable
signals this is not needed.  In the unlikely even that -portable
is still being used on such systems we will deal with it in the
compat layer.  ok deraadt@

OpenBSD-Commit-ID: f53a1015cb6908431b92116130d285d71589612c
2018-02-13 09:29:09 +11:00
Darren Tucker
3c51143c63 Whitespace sync with upstream. 2018-02-13 09:07:29 +11:00
Darren Tucker
19edfd4af7 Whitespace sync with upstream. 2018-02-13 08:25:46 +11:00
Darren Tucker
fbfa6f980d Move signal compat code into bsd-signal.{c,h} 2018-02-11 21:24:48 +11:00
Darren Tucker
24d2a33bd3 Include headers for linux/if.h.
Prevents configure-time "present but cannot be compiled" warning.
2018-02-11 21:17:33 +11:00
Darren Tucker
bc02181c24 Fix test for -z,retpolineplt linker flag. 2018-02-11 21:17:21 +11:00
Darren Tucker
3377df00ea Add checks for Spectre v2 mitigation (retpoline)
This adds checks for gcc and clang flags for mitigations for Spectre
variant 2, ie "retpoline".  It'll automatically enabled if the compiler
supports it as part of toolchain hardening flag.  ok djm@
2018-02-11 09:32:37 +11:00
djm@openbsd.org
d9e5cf078e upstream commit
constify some private key-related functions; based on
https://github.com/openssh/openssh-portable/pull/56 by Vincent Brillault

OpenBSD-Commit-ID: dcb94a41834a15f4d00275cb5051616fdc4c988c
2018-02-10 20:26:40 +11:00
djm@openbsd.org
a7c38215d5 upstream commit
Mention ServerAliveTimeout in context of TCPKeepAlives;
prompted by Christoph Anton Mitterer via github

OpenBSD-Commit-ID: f0cf1b5bd3f1fbf41d71c88d75d93afc1c880ca2
2018-02-10 20:06:42 +11:00
djm@openbsd.org
62562ceae6 upstream commit
clarify IgnoreUserKnownHosts; based on github PR from
Christoph Anton Mitterer.

OpenBSD-Commit-ID: 4fff2c17620c342fb2f1f9c2d2e679aab3e589c3
2018-02-10 17:55:31 +11:00
djm@openbsd.org
4f011daa4c upstream commit
Shorter, more accurate explanation of
NoHostAuthenticationForLocalhost without the confusing example. Prompted by
Christoph Anton Mitterer via github and bz#2293.

OpenBSD-Commit-ID: 19dc96bea25b80d78d416b581fb8506f1e7b76df
2018-02-10 17:41:16 +11:00
djm@openbsd.org
77e05394af upstream commit
Disable RemoteCommand and RequestTTY in the ssh session
started by scp. sftp is already doing this. From Camden Narzt via github; ok
dtucker

OpenBSD-Commit-ID: 59e2611141c0b2ee579c6866e8eb9d7d8217bc6b
2018-02-10 17:16:04 +11:00
djm@openbsd.org
ca613249a0 upstream commit
Refuse to create a certificate with an unusable number of
principals; Prompted by gdestuynder via github

OpenBSD-Commit-ID: 8cfae2451e8f07810e3e2546dfdcce66984cbd29
2018-02-10 16:49:44 +11:00
djm@openbsd.org
b56ac069d4 upstream commit
fatal if we're unable to write all the public key; previously
we would silently ignore errors writing the comment and terminating newline.
Prompted by github PR from WillerZ; ok dtucker

OpenBSD-Commit-ID: 18fbfcfd4e8c6adbc84820039b64d70906e49831
2018-02-10 16:45:34 +11:00
Darren Tucker
cdb10bd431 Add changelog entry for binary strip change. 2018-02-10 11:18:38 +11:00
Darren Tucker
fbddd91897 Remove unused variables. 2018-02-10 11:14:54 +11:00
Darren Tucker
937d96587d Don't strip binaries so debuginfo gets built.
Tell install not to strip binaries during package creation so that the
debuginfo package can be built.
2018-02-10 11:12:45 +11:00
Darren Tucker
eb0865f330 Fix bogus dates in changelog. 2018-02-10 10:33:11 +11:00
Darren Tucker
7fbde1b34c Remove SSH1 from description. 2018-02-10 10:25:15 +11:00
Darren Tucker
9c34a76f09 Add support for compat-openssl10 build dep. 2018-02-10 10:23:00 +11:00
Darren Tucker
04f4e8193c Add leading zero so it'll work when rhel not set.
When rhel is not set it will error out with "bad if". Add leading zero
as per https://fedoraproject.org/wiki/Packaging:DistTag so it'll work
on non-RHEL.
2018-02-10 09:58:32 +11:00
Darren Tucker
12abd67a6a Update openssl-devel dependency. 2018-02-10 09:58:32 +11:00
nkadel
b33e7645f8 Add mandir with-mandir' for RHEL 5 compatibility.
Activate '--mandir' and '--with-mandir' settings in setup for RHEL
5 compatibility.
2018-02-10 09:58:32 +11:00
nkadel
94f8bf360e Discard 'K5DIR' reporting.
It does not work inside 'mock' build environment.
2018-02-10 09:58:32 +11:00
nkadel
bb7e54dbaf Add 'dist' to 'rel' for OS specific RPM names. 2018-02-10 09:58:32 +11:00
nkadel
87346f1f57 Add openssh-devel >= 0.9.8f for redhat spec file. 2018-02-10 09:58:32 +11:00
nkadel
bec1478d71 Enhance BuildRequires for openssh-x11-askpass. 2018-02-10 09:58:32 +11:00
nkadel
3104fcbdd3 Always include x11-ssh-askpass SRPM.
Always include x11-ssh-askpass tarball in redhat SRPM, even if unused.
2018-02-10 09:58:32 +11:00
Damien Miller
c61d0d038d this is long unused; prompted by dtucker@ 2018-02-10 09:43:12 +11:00
dtucker@openbsd.org
745771fb78 upstream commit
Remove unused sKerberosTgtPassing from enum.  From
calestyo via github pull req #11, ok djm@

OpenBSD-Commit-ID: 1008f8870865a7c4968b7aed402a0a9e3e5b9540
2018-02-09 20:00:35 +11:00
dtucker@openbsd.org
1f385f5533 upstream commit
Rename struct umac_ctx to umac128_ctx too.  In portable
some linkers complain about two symbols with the same name having differing
sizes.  ok djm@

OpenBSD-Commit-ID: cbebf8bdd3310a9795b4939a1e112cfe24061ca3
2018-02-09 20:00:18 +11:00
dtucker@openbsd.org
f1f047fb03 upstream commit
ssh_free checks for and handles NULL args, remove NULL
checks from remaining callers.  ok djm@

OpenBSD-Commit-ID: bb926825c53724c069df68a93a2597f9192f7e7b
2018-02-09 20:00:18 +11:00
Darren Tucker
aee49b2a89 Set SO_REUSEADDR in regression test netcat.
Sometimes multiplex tests fail on Solaris with "netcat: local_listen:
Address already in use" which is likely due to previous invocations
leaving the port in TIME_WAIT.  Set SO_REUSEADDR (in addition to
SO_REUSEPORT which is alread set on platforms that support it).  ok djm@
2018-02-08 12:42:12 +11:00
jsing@openbsd.org
1749991c55 upstream commit
Convert some explicit_bzero()/free() calls to freezero().

ok deraadt@ dtucker@

OpenBSD-Commit-ID: f566ab99149650ebe58b1d4b946ea726c3829609
2018-02-08 09:26:27 +11:00
jsing@openbsd.org
94ec2b69d4 upstream commit
Remove some #ifdef notyet code from OpenSSL 0.9.8 days.

These functions have never appeared in OpenSSL and are likely never to do
so.

"kill it with fire" djm@

OpenBSD-Commit-ID: fee9560e283fd836efc2631ef381658cc673d23e
2018-02-08 09:26:27 +11:00
jsing@openbsd.org
7cd31632e3 upstream commit
Remove all guards for calls to OpenSSL free functions -
all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards.

Prompted by dtucker@ asking about guards for RSA_free(), when looking at
openssh-portable pr#84 on github.

ok deraadt@ dtucker@

OpenBSD-Commit-ID: 954f1c51b94297d0ae1f749271e184141e0cadae
2018-02-08 09:26:27 +11:00
Darren Tucker
3c000d57d4 Remove obsolete "Smartcard support" message
The configure checks that populated $SCARD_MSG were removed in commits
7ea845e4 and d8f60022 when the smartcard support was replaced with
PKCS#11.
2018-02-07 09:26:45 +11:00
dtucker@openbsd.org
3e615090de upstream commit
Replace "trojan horse" with the correct term (MITM).
From maikel at predikkta.com via bz#2822, ok markus@

OpenBSD-Commit-ID: e86ac64c512057c89edfadb43302ac0aa81a6c53
2018-02-07 07:50:46 +11:00
tb@openbsd.org
3484380110 upstream commit
Add a couple of non-negativity checks to avoid close(-1).

ok djm

OpenBSD-Commit-ID: 4701ce0b37161c891c838d0931305f1d37a50880
2018-02-07 07:50:46 +11:00
tb@openbsd.org
5069320be9 upstream commit
The file descriptors for socket, stdin, stdout and stderr
aren't necessarily distinct, so check if they are the same to avoid closing
the same fd several times.

ok djm

OpenBSD-Commit-ID: 60d71fd22e9a32f5639d4ba6e25a2f417fc36ac1
2018-02-07 07:50:46 +11:00