e3f27006 | 12-Nov-2020 |
Damien Miller |
Revert "detect Linux/X32 systems" This reverts commit 5b56bd0affea7b02b540bdbc4d1d271b0e4fc885. The approach used was incorrect; discussion in bz#3085 |
e51dc7fa | 12-Nov-2020 |
Damien Miller |
SELinux has deprecated security_context_t (it was only ever a char* anyway) |
b79add37 | 12-Nov-2020 |
Darren Tucker |
Remove obsolete AC_HEADER_TIME macro. AC_HEADER_TIME is marked as obsolete in autoconf-2.70 and as far as I can tell everything we have that might be old enough to need it doesn't. |
d5d05cdb | 12-Nov-2020 |
djm@openbsd.org |
upstream: when prompting the user to accept a new hostkey, display any other host names/addresses already associated with the key. E.g. > The authenticity of host 'test (10.0.0.1)'
upstream: when prompting the user to accept a new hostkey, display any other host names/addresses already associated with the key. E.g. > The authenticity of host 'test (10.0.0.1)' can't be established. > ECDSA key fingerprint is SHA256:milU4MODXm8iJQI18wlsbPG7Yup+34fuNNmV08qDnax. > This host key is known by the following other names/addresses: > ~/.ssh/known_hosts:1: host.example.org,10.0.0.1 > ~/.ssh/known_hosts:2: [hashed name] > ~/.ssh/known_hosts:3: [hashed name] > ~/.ssh/known_hosts:4: host > ~/.ssh/known_hosts:5: [host]:2222 > Are you sure you want to continue connecting (yes/no/[fingerprint])? feedback and ok markus@ OpenBSD-Commit-ID: f6f58a77b49f1368b5883b3a1f776447cfcc7ef4
show more ...
|
819b44e8 | 12-Nov-2020 |
dtucker@openbsd.org |
upstream: Prevent integer overflow when ridiculously large ConnectTimeout is specified, capping the effective value (for most platforms) at 24 days. bz#3229, ok djm@ OpenBSD-Com
upstream: Prevent integer overflow when ridiculously large ConnectTimeout is specified, capping the effective value (for most platforms) at 24 days. bz#3229, ok djm@ OpenBSD-Commit-ID: 62d4c4b7b87d111045f8e9f28b5b532d17ac5bc0
show more ...
|
add926dd | 11-Nov-2020 |
djm@openbsd.org |
upstream: fix logic error that broke URI parsing in ProxyJump directives; ok dtucker@ OpenBSD-Commit-ID: 96d48839b1704882a0e9a77898f5e14b2d222705 |
4340dd43 | 10-Nov-2020 |
claudio@openbsd.org |
upstream: Free the previously allocated msg buffer after writing it out. OK djm@ OpenBSD-Commit-ID: 18c055870fc75e4cb9f926c86c7543e2e21d7fa4 |
fcf429a4 | 10-Nov-2020 |
Darren Tucker |
Prevent excessively long username going to PAM. This is a mitigation for a buffer overflow in Solaris' PAM username handling (CVE-2020-14871), and is only enabled for Sun-derived PAM
Prevent excessively long username going to PAM. This is a mitigation for a buffer overflow in Solaris' PAM username handling (CVE-2020-14871), and is only enabled for Sun-derived PAM implementations. This is not a problem in sshd itself, it only prevents sshd from being used as a vector to attack Solaris' PAM. It does not prevent the bug in PAM from being exploited via some other PAM application. Based on github PR#212 from Mike Scott but implemented slightly differently. ok tim@ djm@
show more ...
|
10dce8ff | 08-Nov-2020 |
djm@openbsd.org |
upstream: unbreak; missing NULL check OpenBSD-Commit-ID: 6613dfab488123f454d348ef496824476b8c11c0 |
d5a0cd4f | 08-Nov-2020 |
djm@openbsd.org |
upstream: when requesting a security key touch on stderr, inform the user once the touch has been recorded; requested by claudio@ ok markus@ OpenBSD-Commit-ID: 3b76ee444490e546b9ea7
upstream: when requesting a security key touch on stderr, inform the user once the touch has been recorded; requested by claudio@ ok markus@ OpenBSD-Commit-ID: 3b76ee444490e546b9ea7f879e4092ee0d256233
show more ...
|
292bcb24 | 08-Nov-2020 |
Darren Tucker |
Remove preprocessor directive from log macro calls. Preprocessor directives inside macro calls, such as the new log macros, are undefined behaviour and do not work with, eg old GCCs. Pu
Remove preprocessor directive from log macro calls. Preprocessor directives inside macro calls, such as the new log macros, are undefined behaviour and do not work with, eg old GCCs. Put the entire log call inside the ifdef for OPENSSL_HAS_NISTP521.
show more ...
|
71693251 | 08-Nov-2020 |
dtucker@openbsd.org |
upstream: Add a comment documenting the source of the moduli group sizes. OpenBSD-Commit-ID: aec0725ce607630caaa62682624c6763b350391c |
4d94b031 | 08-Nov-2020 |
dtucker@openbsd.org |
upstream: Replace WITH_OPENSSL ifdefs in log calls with a macro. The log calls are themselves now macros, and preprocessor directives inside macro arguments are undefined behaviour which
upstream: Replace WITH_OPENSSL ifdefs in log calls with a macro. The log calls are themselves now macros, and preprocessor directives inside macro arguments are undefined behaviour which some compilers (eg old GCCs) choke on. It also makes the code tidier. ok deraadt@ OpenBSD-Commit-ID: cc12a9029833d222043aecd252d654965c351a69
show more ...
|
6d2564b9 | 06-Nov-2020 |
Darren Tucker |
Fix function body for variadic macro test. AC_LANG_PROGRAM puts its second argument inside main() so we don't need to do it ourselves. |
586f9bd2 | 06-Nov-2020 |
Darren Tucker |
Remove AC_PROC_CC_C99 obsoleted in autoconf 2.70. Since we only use it to make sure we can handle variadic macros, explicitly check only for that. with & ok djm@ |
a019e353 | 05-Nov-2020 |
Darren Tucker |
Replace AC_TRY_COMPILE obsoleted in autoconf 2.70. Replace with the equivalent AC_COMPILE_IFELSE. |
771b7795 | 05-Nov-2020 |
Darren Tucker |
Move AC_PROG_CC_C99 to immediately afer AC_PROG_CC. This puts the related C version selection output in the same place. |
e5591161 | 05-Nov-2020 |
Darren Tucker |
AC_CHECK_HEADER() is obsoleted in autoconf 2.70. Replace with the non-obsoleted AC_CHECK_HEADERS(). |
05bcd0ca | 03-Nov-2020 |
djm@openbsd.org |
upstream: fold consecutive '*' wildcards to mitigate combinatorial explosion of recursive searches; ok dtucker OpenBSD-Commit-ID: d18bcb39c40fb8a1ab61153db987e7d11dd3792b |
7d680448 | 29-Oct-2020 |
djm@openbsd.org |
upstream: print reason in fatal error message when kex_assemble_namelist() fails OpenBSD-Commit-ID: a9975ee8db6c98d6f32233d88051b2077ca63dab |
95d1109f | 28-Oct-2020 |
djm@openbsd.org |
upstream: fix sshd_config SetEnv directive inside Match blocks; part of github PR#201 from github user manuelm OpenBSD-Commit-ID: 9772e3748abff3ad65ae8fc43d026ed569b1d2bc |
b12b835d | 28-Oct-2020 |
djm@openbsd.org |
upstream: fix type of nid in type_bits_valid(); github PR#202 from github user thingsconnected OpenBSD-Commit-ID: 769d2b040dec7ab32d323daf54b854dd5dcb5485 |
1a14c131 | 28-Oct-2020 |
djm@openbsd.org |
upstream: whitespace; no code change OpenBSD-Commit-ID: efefc1c47e880887bdee8cd2127ca93177eaad79 |
815209ab | 28-Oct-2020 |
djm@openbsd.org |
upstream: UpdateHostkeys: fixed/better detection of host keys that exist under other names and addresses; spotted by and debugged with lots of help from jca@ OpenBSD-Commit-ID:
upstream: UpdateHostkeys: fixed/better detection of host keys that exist under other names and addresses; spotted by and debugged with lots of help from jca@ OpenBSD-Commit-ID: 5113d7f550bbd48243db1705afbf16b63792d4b7
show more ...
|
a575cf44 | 21-Oct-2020 |
Duncan Eastoe |
session.c: use "denylist" terminology Follow upstream (6d755706a0059eb9e2d63517f288b75cbc3b4701) language improvements in this portable-specific code. |