Commit Graph

7493 Commits

Author SHA1 Message Date
djm@openbsd.org
fc30256136 upstream commit
mux-related manual tweaks

mention ControlPersist=0 is the same as ControlPersist=yes

recommend that ControlPath sockets be placed in a og-w directory
2014-11-11 09:27:17 +11:00
Damien Miller
0e4cff5f35 Prepare scripts for next Cygwin release
Makes the Cygwin-specific ssh-user-config script independent of the
existence of /etc/passwd.  The next Cygwin release will allow to
generate passwd and group entries from the Windows account DBs, so the
scripts have to adapt.

from Corinna Vinschen
2014-11-05 11:01:31 +11:00
Damien Miller
7d0ba53366 include version number in OpenSSL-too-old error 2014-10-30 10:45:41 +11:00
lteo@openbsd.org
3bcb92e04d upstream commit
Remove unnecessary include: netinet/in_systm.h is not needed
 by these programs.

NB. skipped for portable

ok deraadt@ millert@
2014-10-27 16:34:52 +11:00
djm@openbsd.org
6fdcaeb995 upstream commit
whitespace
2014-10-20 14:41:44 +11:00
daniel@openbsd.org
165bc87862 upstream commit
plug a memory leak; from Maxime Villard.

ok djm@
2014-10-20 14:40:06 +11:00
jmc@openbsd.org
b1ba15f388 upstream commit
tweak previous;
2014-10-20 14:40:05 +11:00
djm@openbsd.org
259a02ebdf upstream commit
whitespace
2014-10-13 14:36:06 +11:00
djm@openbsd.org
957fbceb0f upstream commit
Tweak config reparsing with host canonicalisation

Make the second pass through the config files always run when
hostname canonicalisation is enabled.

Add a "Match canonical" criteria that allows ssh_config Match
blocks to trigger only in the second config pass.

Add a -G option to ssh that causes it to parse its configuration
and dump the result to stdout, similar to "sshd -T"

Allow ssh_config Port options set in the second config parse
phase to be applied (they were being ignored).

bz#2267 bz#2286; ok markus
2014-10-13 11:41:48 +11:00
djm@openbsd.org
5c0dafd38b upstream commit
another -Wpointer-sign from clang
2014-10-13 11:39:23 +11:00
djm@openbsd.org
bb005dc815 upstream commit
fix a few -Wpointer-sign warnings from clang
2014-10-13 11:39:18 +11:00
djm@openbsd.org
3cc1fbb4fb upstream commit
parse cert sections using nested buffers to reduce
 copies; ok markus
2014-10-13 11:39:11 +11:00
djm@openbsd.org
4a45922aeb upstream commit
correct options in usage(); from mancha1 AT zoho.com
2014-10-13 11:39:02 +11:00
djm@openbsd.org
48dffd5beb upstream commit
mention permissions on tun(4) devices in PermitTunnel
 documentation; bz#2273
2014-10-13 11:38:46 +11:00
djm@openbsd.org
a5883d4ecc upstream commit
tighten permissions on pty when the "tty" group does
 not exist; pointed out by Corinna Vinschen; ok markus
2014-10-13 11:38:36 +11:00
sobrado@openbsd.org
180bcb406b upstream commit
typo.
2014-10-13 11:37:56 +11:00
sobrado@openbsd.org
f70b22bcdd upstream commit
improve capitalization for the Ed25519 public-key
 signature system.

ok djm@
2014-10-13 11:37:32 +11:00
doug@openbsd.org
7df8818409 upstream commit
Free resources on error in mkstemp and fdopen

ok djm@
2014-10-13 11:37:21 +11:00
deraadt@openbsd.org
40ba4c9733 upstream commit
djm how did you make a typo like that...
2014-10-13 11:37:14 +11:00
djm@openbsd.org
57d378ec92 upstream commit
When dumping the server configuration (sshd -T), print
 correct KEX, MAC and cipher defaults. Spotted by Iain Morgan
2014-10-13 11:36:04 +11:00
djm@openbsd.org
7ff880ede5 upstream commit
~-expand lcd paths
2014-10-13 11:35:49 +11:00
Damien Miller
4460a7ad0c remove duplicated KEX_DH1 entry 2014-10-12 12:35:48 +11:00
Damien Miller
c9b8426a61 remove ChangeLog file
Commit logs will be generated from git at release time.
2014-10-09 10:34:06 +11:00
Damien Miller
81d18ff7c9 delete contrib/caldera directory 2014-10-07 21:24:25 +11:00
Damien Miller
0ec9e87d36 test commit 2014-10-07 19:57:27 +11:00
Damien Miller
8fb65a4456 - (djm) Release OpenSSH-6.7 2014-10-07 09:21:49 +11:00
Damien Miller
e8c9f2602c - (djm) [sshd_config.5] typo; from Iain Morgan 2014-10-03 09:24:56 +10:00
Damien Miller
703b98a267 - (djm) [openbsd-compat/Makefile.in openbsd-compat/kludge-fd_set.c]
[openbsd-compat/openbsd-compat.h] Kludge around bad glibc
   _FORTIFY_SOURCE check that doesn't grok heap-allocated fd_sets;
   ok dtucker@
2014-10-01 09:43:07 +10:00
Damien Miller
0fa0ed061b - (djm) [sandbox-seccomp-filter.c] Allow mremap and exit for DietLibc;
patch from Felix von Leitner; ok dtucker
2014-09-10 08:15:34 +10:00
Darren Tucker
ad7d23d461 20140908
- (dtucker) [INSTALL] Update info about egd.  ok djm@
2014-09-09 12:23:10 +10:00
Damien Miller
2a8699f37c - (djm) [openbsd-compat/arc4random.c] Zero seed after keying PRNG 2014-09-04 03:46:05 +10:00
Damien Miller
44988defb1 - (djm) [contrib/cygwin/ssh-host-config] Fix old code leading to
permissions/ACLs; from Corinna Vinschen
2014-09-03 05:35:32 +10:00
Damien Miller
23f269562b - (djm) [defines.h sshbuf.c] Move __predict_true|false to defines.h and
conditionalise to avoid duplicate definition.
2014-09-03 05:33:25 +10:00
Damien Miller
41c8de2c00 - (djm) [Makefile.in] Make TEST_SHELL a variable; "good idea" tim@ 2014-08-30 16:23:06 +10:00
Damien Miller
d7c81e216a - (djm) [openbsd-compat/openssl-compat.h] add include guard 2014-08-30 04:18:28 +10:00
Damien Miller
4687802dda - (djm) [misc.c] Missing newline between functions 2014-08-30 03:29:19 +10:00
Damien Miller
51c77e2922 - (djm) [openbsd-compat/openssl-compat.h] add
OPENSSL_[RD]SA_MAX_MODULUS_BITS defines for OpenSSL that lacks them
2014-08-30 02:30:30 +10:00
Damien Miller
3d673d103b - (djm) [openbsd-compat/explicit_bzero.c] implement explicit_bzero()
using memset_s() where possible; improve fallback to indirect bzero
   via a volatile pointer to give it more of a chance to avoid being
   optimised away.
2014-08-27 06:32:01 +10:00
Damien Miller
146218ac11 - (djm) [monitor.c sshd.c] SIGXFSZ needs to be ignored in postauth
monitor, not preauth; bz#2263
2014-08-27 04:11:55 +10:00
Damien Miller
1b215c098b - (djm) [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c]
[regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c]
   [regress/unittests/sshkey/common.c]
   [regress/unittests/sshkey/test_file.c]
   [regress/unittests/sshkey/test_fuzz.c]
   [regress/unittests/sshkey/test_sshkey.c] Don't include openssl/ec.h
   on !ECC OpenSSL systems
2014-08-27 04:04:40 +10:00
Damien Miller
ad013944af - (djm) [INSTALL] Recommend libcrypto be built -fPIC, mention LibreSSL,
update OpenSSL version requirement.
2014-08-26 09:27:28 +10:00
Damien Miller
ed126de8ee - (djm) [bufec.c] Skip this file on !ECC OpenSSL 2014-08-26 08:37:47 +10:00
Damien Miller
9c1dede005 - (djm) [sftp-server.c] Some systems (e.g. Irix) have prctl() but not
PR_SET_DUMPABLE, so adjust ifdef; reported by Tom Christensen
2014-08-24 03:01:06 +10:00
Damien Miller
d244a5816f - (djm) [configure.ac] We now require a working vsnprintf everywhere (not
just for systems that lack asprintf); check for it always and extend
   test to catch more brokenness. Fixes builds on Solaris <= 9
2014-08-23 17:06:49 +10:00
Damien Miller
4cec036362 - (djm) [sshd.c] Ignore SIGXFSZ in preauth monitor child; can explode on
lastlog writing on platforms with high UIDs; bz#2263
2014-08-23 03:11:09 +10:00
Damien Miller
394a60f259 - (djm) [configure.ac] double braces to appease autoconf 2014-08-22 18:06:20 +10:00
Damien Miller
4d69aeabd6 - (djm) [openbsd-compat/bsd-snprintf.c] Fix compilation failure (prototype/
definition mismatch) and warning for broken/missing snprintf case.
2014-08-22 17:48:27 +10:00
Damien Miller
0c11f1ac36 - (djm) [sshbuf-getput-crypto.c] Fix compilation when OpenSSL lacks ECC 2014-08-22 17:36:56 +10:00
Damien Miller
6d62784b89 - (djm) [configure.ac] include leading zero characters in OpenSSL version
number; fixes test for unsupported versions
2014-08-22 17:36:19 +10:00
Damien Miller
4f1ff1ed78 - (djm) [regress/unittests/test_helper/test_helper.c] Fix for systems that
don't set __progname. Diagnosed by Tom Christensen.
2014-08-21 15:54:50 +10:00