Commit Graph

8925 Commits

Author SHA1 Message Date
Darren Tucker
f21455a084 Include includes.h for HAVE_GETPAGESIZE.
The configure script checks for getpagesize() and sets HAVE_GETPAGESIZE in
config.h, but bsd-getpagesize.c forgot to include includes.h (which
indirectly includes config.h) so the checks always fails, causing linker
issues when linking statically on systems with getpagesize().

Patch from Peter Korsgaard <peter at korsgaard.com>
2017-10-31 10:09:33 +11:00
djm@openbsd.org@openbsd.org
f2ad63c071 upstream commit
whitespace at EOL

OpenBSD-Regress-ID: f4b5df99b28c6f63478deb916c6ed0e794685f07
2017-10-31 09:08:52 +11:00
djm@openbsd.org@openbsd.org
c6415b1f8f upstream commit
whitespace at EOL

OpenBSD-Regress-ID: 19b1394393deee4c8a2114a3b7d18189f27a15cd
2017-10-31 09:08:51 +11:00
millert@openbsd.org@openbsd.org
e4d4ddbbba upstream commit
Use printenv to test whether an SSH_USER_AUTH is set
instead of using $SSH_USER_AUTH.  The latter won't work with csh which treats
unknown variables as an error when expanding them.  OK markus@

OpenBSD-Regress-ID: f601e878dd8b71aa40381573dde3a8f567e6f2d1
2017-10-31 09:08:51 +11:00
millert@openbsd.org@openbsd.org
116b1b4394 upstream commit
Add tests for URI parsing.  OK markus@

OpenBSD-Regress-ID: 5d1df19874f3b916d1a2256a905526e17a98bd3b
2017-10-31 09:08:51 +11:00
djm@openbsd.org@openbsd.org
dbe0662e9c upstream commit
whitespace at EOL

OpenBSD-Commit-ID: c95549cf5a07d56ea11aaff818415118720214f6
2017-10-31 09:08:51 +11:00
djm@openbsd.org@openbsd.org
d213547434 upstream commit
whitespace at EOL (lots)

OpenBSD-Commit-ID: 757257dd44116794ee1b5a45c6724973de181747
2017-10-31 09:08:51 +11:00
djm@openbsd.org@openbsd.org
b77c29a07f upstream commit
improve printing of rdomain on accept() a little

OpenBSD-Commit-ID: 5da58db2243606899cedaa646c70201b2d12247a
2017-10-31 09:08:50 +11:00
jmc@openbsd.org@openbsd.org
68d3bbb2e6 upstream commit
mark up the rdomain keyword;

OpenBSD-Commit-ID: 1b597d0ad0ad20e94dbd61ca066057e6f6313b8a
2017-10-31 09:08:50 +11:00
jmc@openbsd.org@openbsd.org
0b2e2896b9 upstream commit
tweak the uri text, specifically removing some markup to
make it a bit more readable;

issue reported by - and diff ok - millert

OpenBSD-Commit-ID: 8b56a20208040b2d0633536fd926e992de37ef3f
2017-10-31 09:08:50 +11:00
jmc@openbsd.org@openbsd.org
7530e77bdc upstream commit
simplify macros in previous, and some minor tweaks;

OpenBSD-Commit-ID: 6efeca3d8b095b76e21b484607d9cc67ac9a11ca
2017-10-31 09:08:50 +11:00
Damien Miller
eb9c582b71 Switch upstream git repository.
Previously portable OpenSSH has synced against a conversion of OpenBSD's
CVS repository made using the git cvsimport tool, but this has become
increasingly unreliable.

As of this commit, portable OpenSSH now tracks a conversion of the
OpenBSD CVS upstream made using the excellent cvs2gitdump tool from
YASUOKA Masahiko: https://github.com/yasuoka/cvs2gitdump

cvs2gitdump is considerably more reliable than gitcvsimport and the old
version of cvsps that it uses under the hood, and is the same tool used
to export the entire OpenBSD repository to git (so we know it can cope
with future growth).

These new conversions are mirrored at github, so interested parties can
match portable OpenSSH commits to their upstream counterparts.

https://github.com/djmdjm/openbsd-openssh-src
https://github.com/djmdjm/openbsd-openssh-regress

An unfortunate side effect of switching upstreams is that we must have
a flag day, across which the upstream commit IDs will be inconsistent.
The old commit IDs are recorded with the tags "Upstream-ID" for main
directory commits and "Upstream-Regress-ID" for regress commits.

To make it clear that the commit IDs do not refer to the same
things, the new repository will instead use "OpenBSD-ID" and
"OpenBSD-Regress-ID" tags instead.

Apart from being a longwinded explanation of what is going on, this
commit message also serves to synchronise our tools with the state of
the tree, which happens to be:

OpenBSD-ID: 9c43a9968c7929613284ea18e9fb92e4e2a8e4c1
OpenBSD-Regress-ID: b33b385719420bf3bc57d664feda6f699c147fef
2017-10-31 09:05:16 +11:00
Damien Miller
2de5c6b53b fix rdomain compilation errors 2017-10-27 08:42:33 +11:00
Damien Miller
6bd5b569fd autoconf glue to enable Linux VRF 2017-10-25 14:15:42 +11:00
Damien Miller
97c5aaf925 basic valid_rdomain() implementation for Linux 2017-10-25 14:09:56 +11:00
Damien Miller
ce1cca39d7 implement get/set_rdomain() for Linux
Not enabled, pending implementation of valid_rdomain() and autoconf glue
2017-10-25 13:47:59 +11:00
Damien Miller
6eee79f9b8 stubs for rdomain replacement functions 2017-10-25 13:22:50 +11:00
Damien Miller
f5594f939f rename port-tun.[ch] => port-net.[ch]
Ahead of adding rdomain support
2017-10-25 13:22:50 +11:00
djm@openbsd.org
d685e5a31f upstream commit
uninitialised variable in PermitTunnel printing code

Upstream-ID: f04dc33e42855704e116b8da61095ecc71bc9e9a
2017-10-25 13:12:10 +11:00
Damien Miller
43c29bb7cf provide hooks and fallbacks for rdomain support 2017-10-25 13:11:38 +11:00
Damien Miller
3235473bc8 check for net/route.h and sys/sysctl.h 2017-10-25 13:11:37 +11:00
djm@openbsd.org
4d5456c7de upstream commit
transfer ownership of stdout to the session channel by
dup2'ing /dev/null to fd 1. This allows propagation of remote stdout close to
the local side; reported by David Newall, ok markus@

Upstream-ID: 8d9ac18a11d89e6b0415f0cbf67b928ac67f0e79
2017-10-25 12:26:21 +11:00
djm@openbsd.org
68af80e6fd upstream commit
add a "rdomain" criteria for the sshd_config Match
keyword to allow conditional configuration that depends on which rdomain(4) a
connection was recevied on. ok markus@

Upstream-ID: 27d8fd5a3f1bae18c9c6e533afdf99bff887a4fb
2017-10-25 12:26:21 +11:00
djm@openbsd.org
35eb33fb95 upstream commit
add sshd_config RDomain keyword to place sshd and the
subsequent user session (including the shell and any TCP/IP forwardings) into
the specified rdomain(4)

ok markus@

Upstream-ID: be2358e86346b5cacf20d90f59f980b87d1af0f5
2017-10-25 12:26:13 +11:00
djm@openbsd.org
acf559e1cf upstream commit
Add optional rdomain qualifier to sshd_config's
ListenAddress option to allow listening on a different rdomain(4), e.g.

ListenAddress 0.0.0.0 rdomain 4

Upstream-ID: 24b6622c376feeed9e9be8b9605e593695ac9091
2017-10-25 12:26:06 +11:00
millert@openbsd.org
b9903ee8ee upstream commit
Kill dead store and some spaces vs. tabs indent in
parse_user_host_path(). Noticed by markus@

Upstream-ID: 114fec91dadf9af46c7c94fd40fc630ea2de8200
2017-10-25 11:22:24 +11:00
jmc@openbsd.org
0869627e00 upstream commit
tweak previous; ok djm

Upstream-ID: 7d913981ab315296be1f759c67b6e17aea38fca9
2017-10-25 11:22:23 +11:00
Damien Miller
e3fa20e2e5 avoid -Wsign-compare warning in argv copying 2017-10-23 16:25:24 +11:00
djm@openbsd.org
b7548b12a6 upstream commit
Expose devices allocated for tun/tap forwarding.

At the client, the device may be obtained from a new %T expansion
for LocalCommand.

At the server, the allocated devices will be listed in a
SSH_TUNNEL variable exposed to the environment of any user sessions
started after the tunnel forwarding was established.

ok markus

Upstream-ID: e61e53f8ae80566e9ddc0d67a5df5bdf2f3c9f9e
2017-10-23 16:14:30 +11:00
millert@openbsd.org
887669ef03 upstream commit
Add URI support to ssh, sftp and scp.  For example
ssh://user@host or sftp://user@host/path.  The connection parameters
described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since
the ssh fingerprint format in the draft uses md5 with no way to specify the
hash function type.  OK djm@

Upstream-ID: 4ba3768b662d6722de59e6ecb00abf2d4bf9cacc
2017-10-23 16:10:08 +11:00
Damien Miller
d27bff293c Fix missed RCSID merges 2017-10-20 13:22:00 +11:00
djm@openbsd.org
d3b6aeb546 upstream commit
more RCSIDs

Upstream-Regress-ID: 1aecbe3f8224793f0ec56741a86d619830eb33be
2017-10-20 13:15:40 +11:00
djm@openbsd.org
b011edbb32 upstream commit
add RCSIDs to these; they make syncing portable a bit
easier

Upstream-ID: 56cb7021faea599736dd7e7f09c2e714425b1e68
2017-10-20 12:58:35 +11:00
Damien Miller
6eb2759778 upstream commit
Apply missing commit 1.11 to kexc25519s.c

Upstream-ID: 5f020e23a1ee6c3597af1f91511e68552cdf15e8
2017-10-20 12:58:18 +11:00
Damien Miller
6f72280553 upstream commit
Apply missing commit 1.127 to servconf.h

Upstream-ID: f14c4bac74a2b7cf1e3cff6bea5c447f192a7d15
2017-10-20 12:57:24 +11:00
jmc@openbsd.org
bb3e16ab25 upstream commit
remove unused Pp;

Upstream-ID: 8ad26467f1f6a40be887234085a8e01a61a00550
2017-10-20 12:01:03 +11:00
djm@openbsd.org
05b69e9957 upstream commit
In the description of pattern-lists, clarify negated
matches by explicitly stating that a negated match will never yield a
positive result, and that at least one positive term in the pattern-list must
match. bz#1918

Upstream-ID: 652d2f9d993f158fc5f83cef4a95cd9d95ae6a14
2017-10-20 12:01:03 +11:00
djm@openbsd.org
eb80e26a15 upstream commit
log debug messages sent to peer; ok deraadt markus

Upstream-ID: 3b4fdc0a06ea5083f61d96e20043000f477103d9
2017-10-20 12:01:03 +11:00
jmc@openbsd.org
071325f458 upstream commit
trim permitrootlogin description somewhat, to avoid
ambiguity; original diff from walter alejandro iglesias, tweaked by sthen and
myself

ok sthen schwarze deraadt

Upstream-ID: 1749418b2bc073f3fdd25fe21f8263c3637fe5d2
2017-10-20 12:01:03 +11:00
djm@openbsd.org
10727487be upstream commit
mention SSH_USER_AUTH in the list of environment
variables

Upstream-ID: 1083397c3ee54b4933121ab058c70a0fc6383691
2017-10-20 12:01:03 +11:00
djm@openbsd.org
224f193d6a upstream commit
BIO_get_mem_data() is supposed to take a char* as pointer
argument, so don't pass it a const char*

Upstream-ID: 1ccd91eb7f4dd4f0fa812d4f956987cd00b5f6ec
2017-10-20 12:01:03 +11:00
benno@openbsd.org
cfa46825b5 upstream commit
clarify the order in which config statements are used. ok
jmc@ djm@

Upstream-ID: e37e27bb6bbac71315e22cb9690fd8a556a501ed
2017-10-20 12:01:03 +11:00
djm@openbsd.org
dceabc7ad7 upstream commit
replace statically-sized arrays in ServerOptions with
dynamic ones managed by xrecallocarray, removing some arbitrary (though
large) limits and saving a bit of memory; "much nicer" markus@

Upstream-ID: 1732720b2f478fe929d6687ac7b0a97ff2efe9d2
2017-10-20 12:01:02 +11:00
jmc@openbsd.org
2b4f3ab050 upstream commit
%C is hashed; from klemens nanni ok markus

Upstream-ID: 6ebed7b2e1b6ee5402a67875d74f5e2859d8f998
2017-10-20 11:58:34 +11:00
djm@openbsd.org
a66714508b upstream commit
exercise PermitOpen a little more thoroughly

Upstream-Regress-ID: f41592334e227a4c1f9a983044522de4502d5eac
2017-10-05 05:51:46 +11:00
dtucker@openbsd.org
609ecc8e57 upstream commit
UsePrivilegeSeparation is gone, stop trying to test it.

Upstream-Regress-ID: 796a5057cfd79456a20ea935cc53f6eb80ace191
2017-10-05 05:51:46 +11:00
djm@openbsd.org
69bda02288 upstream commit
fix (another) problem in PermitOpen introduced during the
channels.c refactor: the third and subsequent arguments to PermitOpen were
being silently ignored; ok markus@

Upstream-ID: 067c89f1f53cbc381628012ba776d6861e6782fd
2017-10-05 05:51:12 +11:00
djm@openbsd.org
66bf74a921 upstream commit
Fix PermitOpen crash; spotted by benno@, ok dtucker@ deraadt@

Upstream-ID: c2cc84ffac070d2e1ff76182c70ca230a387983c
2017-10-03 06:34:26 +11:00
Damien Miller
d63b38160a update URL again
I spotted a typo in the draft so uploaded a new version...
2017-10-01 10:32:25 +11:00
Damien Miller
6f64f59643 sync release notes URL 2017-10-01 10:01:56 +11:00