633703babf
Conditionalize ECDH methods in CA algos.
...
When building against an OpenSSL configured without ECC, don't include
those algos in CASignatureAlgorithms. ok djm@
2019-05-17 10:50:29 +10:00
5c8d14c512
upstream: Move a variable declaration to the block where it's used
...
to make things a little tidier for -portable.
OpenBSD-Commit-ID: 616379861be95619e5358768b7dee4793e2f3a75
2019-05-17 10:07:43 +10:00
a1d29cc36a
upstream: When doing the fork+exec'ing for ssh-keysign, rearrange
...
the socket into fd3, so as to not mistakenly leak other fd forward
accidentally. ok djm
OpenBSD-Commit-ID: 24cc753f5aa2c6a7d0fbf62766adbc75cd785296
2019-05-17 10:07:43 +10:00
db7606d4a6
upstream: Delete some .Sx macros that were used in a wrong way.
...
Part of a patch from Stephen Gregoratto <dev at sgregoratto dot me>.
OpenBSD-Commit-ID: 15501ed13c595f135e7610b1a5d8345ccdb513b7
2019-05-17 10:07:43 +10:00
cb4accb123
upstream: For PermitOpen violations add the remote host and port to
...
be able to find out from where the request was comming.
Add the same logging for PermitListen violations which where not
logged at all.
Pointed out by Robert Kisteleki (robert AT ripe.net)
input markus
OK deraadt
OpenBSD-Commit-ID: 8a7d0f1b7175504c0d1dca8d9aca1588b66448c8
2019-05-17 10:07:42 +10:00
cd16aceec1
Add OpenSSL 1.1.1 to the supported list.
...
Clarify the language around prngd and egd.
2019-05-16 07:53:20 +10:00
6fd4aa2aaf
Fix typo in man page formatter selector.
2019-05-15 16:19:14 +10:00
285546b73e
Use "doc" man page format if mandoc present.
...
Previously configure would not select the "doc" man page format if
mandoc was present but nroff was not. This checks for mandoc first
and removes a now-superflous AC_PATH_PROG. Based on a patch from
vehk at vehk.de and feedback from schwarze at usta.de.
2019-05-10 15:04:42 +10:00
62dd70613b
upstream: Use the correct (according to POSIX) format for
...
left-justification in snmprintf. bz#3002, patch from velemas at gmail.com, ok
markus@.
OpenBSD-Commit-ID: 65d252b799be0cc8f68b6c47cece0a57bb00fea7
2019-05-08 18:42:43 +10:00
62be1ffe5f
upstream: Free channel objects on exit path. Patch from markus at
...
blueflash.cc, ok deraadt
OpenBSD-Commit-ID: dbe4db381603909482211ffdd2b48abd72169117
2019-05-08 18:42:43 +10:00
1c554a5d94
upstream: Free host on exit path. Patch from markus at
...
blueflash.cc, ok djm@
OpenBSD-Commit-ID: c54e9945d93c4ce28350d8b9fa8b71f744ef2b5a
2019-05-08 18:42:43 +10:00
99043bd64e
upstream: Wrap XMSS including in ifdef. Patch from markus at
...
blueflash.cc, ok djm
OpenBSD-Commit-ID: e3b34fc35cf12d33bde91ac03633210a3bc0f8b5
2019-05-08 18:42:43 +10:00
8fcfb7789c
upstream: Import regenerated moduli.
...
OpenBSD-Commit-ID: db6375fc302e3bdf07d96430c63c991b2c2bd3ff
2019-05-08 18:42:34 +10:00
3a7db919d5
upstream: Use the LogLevel typdef instead of int where appropriate. Patch from Markus Schmidt via openssh-unix-dev, ok markus@
...
OpenBSD-Commit-ID: 4c0f0f458e3da7807806b35e3eb5c1e8403c968a
2019-05-08 18:42:03 +10:00
d7c6e38b87
upstream: Document new default RSA key size. From
...
sebastiaanlokhorst at gmail.com via bz#2997.
OpenBSD-Commit-ID: bdd62ff5d4d649d2147904e91bf7cefa82fe11e1
2019-05-08 18:42:03 +10:00
e826bbcafe
upstream: When running sshd -T, assume any attibute not provided by
...
-C does not match, which allows it to work when sshd_config contains a Match
directive with or without -C. bz#2858, ok djm@
OpenBSD-Commit-ID: 1a701f0a33e3bc96753cfda2fe0b0378520b82eb
2019-05-08 18:42:03 +10:00
5696512d7a
upstream: Remove crc32.{c,h} which were only used by the now-gone
...
SSH1 protocol. Patch from yumkam at gmail.com, ok deraadt.
OpenBSD-Commit-ID: cceda5876c5ba6b4d8abcd52335329198cee3240
2019-05-08 18:42:03 +10:00
34e87fb5d9
Remove unused variables from RLIMIT_NOFILE test.
2019-04-30 12:27:57 +10:00
35e82e62c1
Import regenerated moduli.
2019-04-26 18:38:27 +10:00
5590f53f99
Whitespace resync w/OpenBSD.
...
Patch from markus at blueflash.cc via openssh-unix-dev.
2019-04-26 18:22:10 +10:00
b7b8334914
Don't install duplicate STREAMS modules on Solaris
...
Check if STREAMS modules are already installed on pty before installing
since when compiling with XPG>=4 they will likely be installed already.
Prevents hangs and duplicate lines on the terminal. bz#2945 and bz#2998,
patch from djm@
2019-04-26 18:06:34 +10:00
fd0fa130ec
makedepend
2019-04-18 08:52:57 +10:00
5de397a876
second thoughts: leave README in place
...
A number of contrib/* files refer to the existing README so let's leave
it in place for release and add the new markdown version in parallel.
I'll get rid of README after release.
2019-04-05 11:29:51 -07:00
5d3127d927
Revert "rewrite README"
...
This reverts commit 9444d82678
2019-04-05 11:29:31 -07:00
9444d82678
rewrite README
...
Include basic build instructions and comments on commonly-used build-
time flags, links to the manual pages and other resources.
Now in Markdown format for better viewing on github, etc.
2019-04-05 11:26:35 -07:00
a924de0c49
update versions
2019-04-05 03:41:52 +11:00
312dcee739
upstream: openssh-8.0
...
OpenBSD-Commit-ID: 5aafdf218679dab982fea20771afd643be9a127b
2019-04-05 03:39:46 +11:00
885bc11469
session: Do not use removed API
...
from Jakub Jelen
2019-04-04 02:47:40 +11:00
9d7b2882b0
upstream: when logging/fataling on error, include a bit more detail
...
than just the function name and the error message
OpenBSD-Commit-ID: dd72d7eba2215fcb89be516c378f633ea5bcca9f
2019-04-03 09:34:03 +11:00
79a87d3278
Remove "struct ssh" from sys_auth_record_login.
...
It's not needed, and is not available from the call site in loginrec.c
Should only affect AIX, spotted by Kevin Brott.
2019-04-03 06:27:45 +11:00
138c0d52cd
Adapt custom_failed_login to new prototype.
...
Spotted by Kevin Brott.
2019-04-02 18:21:35 +11:00
a0ca4009ab
Add includes.h for compat layer.
...
Should fix build on AIX 7.2.
2019-04-01 20:07:23 +11:00
0099115178
Stop USL compilers for erroring with "integral constant expression expected"
2019-03-31 22:14:22 -07:00
43f47ebbdd
Only use O_NOFOLLOW in fchownat and fchmodat if defined
2019-03-31 19:22:19 -07:00
342d6e5158
Adjust softhsm2 path on Fedora Linux for regress
...
The SoftHSM lives in Fedora in /usr/lib64/pkcs11/libsofthsm2.so
2019-03-29 22:37:15 +11:00
f5abb05f8c
Only use O_NOFOLLOW in utimensat if defined.
...
Fixes build on systems that don't have it (Solaris <=9) Found by
Tom G. Christensen.
2019-03-28 09:26:14 +11:00
786cd4c183
drop old Cygwin considerations
...
- Cygwin supports non-DOS characters in filenames
- Cygwin does not support Windows XP anymore
Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
2019-03-28 09:23:46 +11:00
21da87f439
upstream: fix interaction between ClientAliveInterval and RekeyLimit
...
that could cause connection to close incorrectly; Report and patch from Jakub
Jelen in bz#2757; ok dtucker@ markus@
OpenBSD-Commit-ID: 17229a8a65bd8e6c2080318ec2b7a61e1aede3fb
2019-03-27 20:30:58 +11:00
4f0019a9af
upstream: Fix authentication failures when "AuthenticationMethods
...
any" in a Match block overrides a more restrictive global default.
Spotted by jmc@, ok markus@
OpenBSD-Commit-ID: a90a4fe2ab81d0eeeb8fdfc21af81f7eabda6666
2019-03-26 10:20:41 +11:00
d6e5def308
upstream: whitespace
...
OpenBSD-Commit-ID: 106e853ae8a477e8385bc53824d3884a8159db07
2019-03-26 10:20:41 +11:00
26e0cef07b
upstream: Expand comment to document rationale for default key
...
sizes. "seems worthwhile" deraadt.
OpenBSD-Commit-ID: 72e5c0983d7da1fb72f191870f36cb58263a2456
2019-03-26 10:20:22 +11:00
f47269ea67
upstream: Increase the default RSA key size to 3072 bits. Based on
...
the estimates from NIST Special Publication 800-57, 3k bits provides security
equivalent to 128 bits which is the smallest symmetric cipher we enable by
default. ok markus@ deraadt@
OpenBSD-Commit-ID: 461dd32ebe808f88f4fc3ec74749b0e6bef2276b
2019-03-26 10:20:22 +11:00
62949c5b37
upstream: full stop in the wrong place;
...
OpenBSD-Commit-ID: 478a0567c83553a2aebf95d0f1bd67ac1b1253e4
2019-03-26 10:20:22 +11:00
1b1332b5bb
upstream: benno helped me clean up the tcp forwarding section;
...
OpenBSD-Commit-ID: d4bec27edefde636fb632b7f0b7c656b9c7b7f08
2019-03-26 10:20:22 +11:00
2aee9a49f6
upstream: fix use-after-free in ssh-pkcs11; found by hshoexer w/AFL
...
OpenBSD-Commit-ID: febce81cca72b71f70513fbee4ff52ca050f675c
2019-03-26 10:20:22 +11:00
9edbd7821e
Fix build when configured --without-openssl.
...
ok djm@
2019-03-14 10:17:28 +11:00
825ab32f0d
On Cygwin run sshd as SYSTEM where possible.
...
Seteuid now creates user token using S4U. We don't create a token
from scratch anymore, so we don't need the "Create a process token"
privilege. The service can run under SYSTEM again...
...unless Cygwin is running on Windows Vista or Windows 7 in the
WOW64 32 bit emulation layer. It turns out that WOW64 on these systems
didn't implement MsV1_0 S4U Logon so we still need the fallback
to NtCreateToken for these systems.
Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
2019-03-14 08:51:17 +11:00
a212107bfd
Replace alloca with xcalloc.
...
The latter checks for memory exhaustion and integer overflow and may be
at a less predictable place. Sanity check by vinschen at redhat.com, ok
djm@
2019-03-13 10:49:16 +11:00
daa7505aad
Use Cygwin-specific matching only for users+groups.
...
Patch from vinschen at redhat.com, updated a little by me.
2019-03-12 09:19:19 +11:00
fd10cf027b
upstream: Move checks for lists of users or groups into their own
...
function. This is a no-op on OpenBSD but will make things easier in
-portable, eg on systems where these checks should be case-insensitive. ok
djm@
OpenBSD-Commit-ID: 8bc9c8d98670e23f8eaaaefe29c1f98e7ba0487e
2019-03-08 15:10:07 +11:00
Darren Tucker
dtucker@openbsd.org
deraadt@openbsd.org
schwarze@openbsd.org
florian@openbsd.org
Damien Miller
djm@openbsd.org
Tim Rice
Jakub Jelen
Corinna Vinschen
jmc@openbsd.org
markus@openbsd.org