Previously portable OpenSSH has synced against a conversion of OpenBSD's
CVS repository made using the git cvsimport tool, but this has become
increasingly unreliable.
As of this commit, portable OpenSSH now tracks a conversion of the
OpenBSD CVS upstream made using the excellent cvs2gitdump tool from
YASUOKA Masahiko: https://github.com/yasuoka/cvs2gitdump
cvs2gitdump is considerably more reliable than gitcvsimport and the old
version of cvsps that it uses under the hood, and is the same tool used
to export the entire OpenBSD repository to git (so we know it can cope
with future growth).
These new conversions are mirrored at github, so interested parties can
match portable OpenSSH commits to their upstream counterparts.
https://github.com/djmdjm/openbsd-openssh-srchttps://github.com/djmdjm/openbsd-openssh-regress
An unfortunate side effect of switching upstreams is that we must have
a flag day, across which the upstream commit IDs will be inconsistent.
The old commit IDs are recorded with the tags "Upstream-ID" for main
directory commits and "Upstream-Regress-ID" for regress commits.
To make it clear that the commit IDs do not refer to the same
things, the new repository will instead use "OpenBSD-ID" and
"OpenBSD-Regress-ID" tags instead.
Apart from being a longwinded explanation of what is going on, this
commit message also serves to synchronise our tools with the state of
the tree, which happens to be:
OpenBSD-ID: 9c43a9968c7929613284ea18e9fb92e4e2a8e4c1
OpenBSD-Regress-ID: b33b385719420bf3bc57d664feda6f699c147fef
transfer ownership of stdout to the session channel by
dup2'ing /dev/null to fd 1. This allows propagation of remote stdout close to
the local side; reported by David Newall, ok markus@
Upstream-ID: 8d9ac18a11d89e6b0415f0cbf67b928ac67f0e79
add a "rdomain" criteria for the sshd_config Match
keyword to allow conditional configuration that depends on which rdomain(4) a
connection was recevied on. ok markus@
Upstream-ID: 27d8fd5a3f1bae18c9c6e533afdf99bff887a4fb
add sshd_config RDomain keyword to place sshd and the
subsequent user session (including the shell and any TCP/IP forwardings) into
the specified rdomain(4)
ok markus@
Upstream-ID: be2358e86346b5cacf20d90f59f980b87d1af0f5
Add optional rdomain qualifier to sshd_config's
ListenAddress option to allow listening on a different rdomain(4), e.g.
ListenAddress 0.0.0.0 rdomain 4
Upstream-ID: 24b6622c376feeed9e9be8b9605e593695ac9091
Expose devices allocated for tun/tap forwarding.
At the client, the device may be obtained from a new %T expansion
for LocalCommand.
At the server, the allocated devices will be listed in a
SSH_TUNNEL variable exposed to the environment of any user sessions
started after the tunnel forwarding was established.
ok markus
Upstream-ID: e61e53f8ae80566e9ddc0d67a5df5bdf2f3c9f9e
Add URI support to ssh, sftp and scp. For example
ssh://user@host or sftp://user@host/path. The connection parameters
described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since
the ssh fingerprint format in the draft uses md5 with no way to specify the
hash function type. OK djm@
Upstream-ID: 4ba3768b662d6722de59e6ecb00abf2d4bf9cacc
In the description of pattern-lists, clarify negated
matches by explicitly stating that a negated match will never yield a
positive result, and that at least one positive term in the pattern-list must
match. bz#1918
Upstream-ID: 652d2f9d993f158fc5f83cef4a95cd9d95ae6a14
trim permitrootlogin description somewhat, to avoid
ambiguity; original diff from walter alejandro iglesias, tweaked by sthen and
myself
ok sthen schwarze deraadt
Upstream-ID: 1749418b2bc073f3fdd25fe21f8263c3637fe5d2
BIO_get_mem_data() is supposed to take a char* as pointer
argument, so don't pass it a const char*
Upstream-ID: 1ccd91eb7f4dd4f0fa812d4f956987cd00b5f6ec
replace statically-sized arrays in ServerOptions with
dynamic ones managed by xrecallocarray, removing some arbitrary (though
large) limits and saving a bit of memory; "much nicer" markus@
Upstream-ID: 1732720b2f478fe929d6687ac7b0a97ff2efe9d2
fix (another) problem in PermitOpen introduced during the
channels.c refactor: the third and subsequent arguments to PermitOpen were
being silently ignored; ok markus@
Upstream-ID: 067c89f1f53cbc381628012ba776d6861e6782fd
We don't support openssl-1.1.x yet (see multiple threads on the
openssh-unix-dev@ mailing list for the reason), but previously
./configure would accept it and the compilation would subsequently
fail. This makes ./configure display an explicit error message and
abort.
ok dtucker@
On some platforms (AIX, maybe others) allocating zero bytes of memory
via the various *alloc functions returns NULL, which is permitted
by the standards. Autoconf has some macros for detecting this (with
the exception of calloc for some reason) so use these and if necessary
activate shims for them. ok djm@
