summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-07-03upstream: start ClientAliveInterval bookkeeping before first passdjm@openbsd.org
through select() loop; fixed theoretical case where busy sshd may ignore timeouts from client; inspired by and ok dtucker OpenBSD-Commit-ID: 96bfc4b1f86c7da313882a84755b2b47eb31957f
2020-07-03add check for fido_cred_set_prot() to configureDamien Miller
2020-07-03upstream: Only reset the serveralive check when we receive traffic fromdtucker@openbsd.org
the server and ignore traffic from a port forwarding client, preventing a client from keeping a connection alive when it should be terminated. Based on a patch from jxraynor at gmail.com via openssh-unix-dev and bz#2265, ok djm@ OpenBSD-Commit-ID: a941a575a5cbc244c0ef5d7abd0422bbf02c2dcd
2020-07-03sync sys-queue.h with OpenBSD upstreamDamien Miller
needed for TAILQ_CONCAT
2020-07-03upstream: fix memory leak of mux_ctx; patch from Sergiy Lozovskydjm@openbsd.org
via bz3189 ok dtucker OpenBSD-Commit-ID: db249bd4526fd42d0f4f43f72f7b8b7705253bde
2020-07-03upstream: free kex in ssh_packet_close; ok djm semariemarkus@openbsd.org
OpenBSD-Commit-ID: dbc181e90d3d32fd97b10d75e68e374270e070a2
2020-07-03upstream: Replace TAILQ concatenation loops with TAILQ_CONCATbket@openbsd.org
OK djm@ OpenBSD-Commit-ID: 454b40e09a117ddb833794358970a65b14c431ef
2020-06-27upstream: backout 1.293 fix kex mem-leak in ssh_packet_close at markussemarie@openbsd.org
request the change introduced a NULL deref in sshpkt_vfatal() (uses of ssh->kex after calling ssh_packet_clear_keys()) OpenBSD-Commit-ID: 9c9a6721411461b0b1c28dc00930d7251a798484
2020-06-26document a PAM spec problem in a frustrated commentDamien Miller
2020-06-26upstream: avoid spurious error message when ssh-keygen creates filesdjm@openbsd.org
outside ~/.ssh; with dtucker@ OpenBSD-Commit-ID: ac0c662d44607e00ec78c266ee60752beb1c7e08
2020-06-26missing ifdef SELINUX; spotted by dtuckerDamien Miller
2020-06-26upstream: regress test for ssh-add -d; ok dtucker@djm@openbsd.org
OpenBSD-Regress-ID: 3a2e044be616afc7dd4f56c100179e83b33d8abf
2020-06-26upstream: add test for mux w/-Oproxy; ok djmmarkus@openbsd.org
OpenBSD-Regress-ID: 764d5c696e2a259f1316a056e225e50023abb027
2020-06-26upstream: handle EINTR in waitfd() and timeout_connect() helpers;djm@openbsd.org
bz#3071; ok dtucker@ OpenBSD-Commit-ID: 08fa87be50070bd8b754d9b1ebb1138d7bc9d8ee
2020-06-26upstream: allow "ssh-add -d -" to read keys to be deleted fromdjm@openbsd.org
stdin bz#3180; ok dtucker@ OpenBSD-Commit-ID: 15c7f10289511eb19fce7905c9cae8954e3857ff
2020-06-26upstream: constify a few things; ok dtucker (as part of anotherdjm@openbsd.org
diff) OpenBSD-Commit-ID: 7c17fc987085994d752304bd20b1ae267a9bcdf6
2020-06-26upstream: Defer creation of ~/.ssh by ssh(1) until we attempt todtucker@openbsd.org
write to it so we don't leave an empty .ssh directory when it's not needed. Use the same function to replace the code in ssh-keygen that does the same thing. bz#3156, ok djm@ OpenBSD-Commit-ID: 59c073b569be1a60f4de36f491a4339bc4ae870f
2020-06-26upstream: Expand path to ~/.ssh/rc rather than relying on itdtucker@openbsd.org
being relative to the current directory, so that it'll still be found if the shell startup changes its directory. Since the path is potentially longer, make the cmd buffer that uses it dynamically sized. bz#3185, with & ok djm@ OpenBSD-Commit-ID: 36e33ff01497af3dc8226d0c4c1526fc3a1e46bf
2020-06-26upstream: fix kex mem-leak in ssh_packet_close; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: e2e9533f393620383afd0b68ef435de8d5e8abe4
2020-06-26upstream: fix ssh -O proxy w/mux which got broken by no longermarkus@openbsd.org
making ssh->kex optional in packet.c revision 1.278 ok djm@ OpenBSD-Commit-ID: 2b65df04a064c2c6277359921d2320c90ab7d917
2020-06-26upstream: support loading big sshd_config files w/o realloc; okmarkus@openbsd.org
djm OpenBSD-Commit-ID: ba9238e810074ac907f0cf8cee1737ac04983171
2020-06-26upstream: allow sshd_config longer than 256k; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 83f40dd5457a64c1d3928eb4364461b22766beb3
2020-06-26upstream: only call sshkey_xmss_init() once for KEY_XMSS_CERT; okmarkus@openbsd.org
djm OpenBSD-Commit-ID: d0002ffb7f20f538b014d1d0735facd5a81ff096
2020-06-26upstream: some clarifying commentsdjm@openbsd.org
OpenBSD-Commit-ID: 5268479000fd97bfa30ab819f3517139daa054a2
2020-06-26upstream: updated argument name for -P in first synopsis wasjmc@openbsd.org
missed in previous; OpenBSD-Commit-ID: 8d84dc3050469884ea91e29ee06a371713f2d0b7
2020-06-26upstream: supply word missing in previous;jmc@openbsd.org
OpenBSD-Commit-ID: 16a38b049f216108f66c8b699aa046063381bd23
2020-06-22missing files for webauthn/sshsig unit testDamien Miller
2020-06-22upstream: add support for verification of webauthn sshsig signature,djm@openbsd.org
and example HTML/JS to generate webauthn signatures in SSH formats (also used to generate the testdata/* for the test). OpenBSD-Regress-ID: dc575be5bb1796fdf4b8aaee0ef52a6671a0f6fb
2020-06-22upstream: Add support for FIDO webauthn (verification only).djm@openbsd.org
webauthn is a standard for using FIDO keys in web browsers. webauthn signatures are a slightly different format to plain FIDO signatures - this support allows verification of these. Feedback and ok markus@ OpenBSD-Commit-ID: ab7e3a9fb5782d99d574f408614d833379e564ad
2020-06-22upstream: refactor ECDSA-SK verification a little ahead of addingdjm@openbsd.org
support for FIDO webauthn signature verification support; ok markus@ OpenBSD-Commit-ID: c9f478fd8e0c1bd17e511ce8694f010d8e32043e
2020-06-22upstream: support for RFC4648 base64url encoding; ok markusdjm@openbsd.org
OpenBSD-Commit-ID: 0ef22c55e772dda05c112c88412c0797fec66eb4
2020-06-22upstream: better terminology for permissions; feedback & ok markus@djm@openbsd.org
OpenBSD-Commit-ID: ff2a71803b5ea57b83cc3fa9b3be42b70e462fb9
2020-06-22upstream: better terminology for permissions; feedback & ok markus@djm@openbsd.org
OpenBSD-Commit-ID: ffb220b435610741dcb4de0e7fc68cbbdc876d2c
2020-06-22upstream: Correct synopsis and usage for the options accepted whendtucker@openbsd.org
passing a command to ssh-agent. ok jmc@ OpenBSD-Commit-ID: b36f0679cb0cac0e33b361051b3406ade82ea846
2020-06-19Add OPENBSD ORIGINAL marker to bcrypt_pbkdf.Darren Tucker
2020-06-19Extra brackets around sizeof() in bcrypt.Darren Tucker
Prevents following warning from clang 10: bcrypt_pbkdf.c:94:40: error: expression does not compute the number of elements in this array; element type is ´uint32_tÂ[...] place parentheses around the ´sizeof(uint64_t)´ expression to silence this warning
2020-06-19Add includes.h to new test.Darren Tucker
Fixes warnings eg "´bounded´ attribute directive ignor" from gcc.
2020-06-19Skip OpenSSL specific tests w/out OpenSSL.Darren Tucker
Allows unit tests to pass when configure'ed --without-openssl.
2020-06-19Hook sshsig tests up to Portable Makefiles.Darren Tucker
2020-06-19upstream: Test that ssh-agent exits when running as as subprocessdtucker@openbsd.org
of a specified command (ie "ssh-agent command"). Would have caught bz#3181. OpenBSD-Regress-ID: 895b4765ba5153eefaea3160a7fe08ac0b6db8b3
2020-06-19upstream: run sshsig unit testsdjm@openbsd.org
OpenBSD-Regress-ID: 706ef17e2b545b64873626e0e35553da7c06052a
2020-06-19upstream: basic unit test for sshsig.[ch], including FIDO keysdjm@openbsd.org
verification only so far OpenBSD-Regress-ID: fb1f946c8fc59206bc6a6666e577b5d5d7e45896
2020-06-19upstream: basic unit test for FIDO kep parsingdjm@openbsd.org
OpenBSD-Regress-ID: 8089b88393dd916d7c95422b442a6fd4cfe00c82
2020-06-19upstream: check public host key matches private; ok markus@ (asdjm@openbsd.org
part of previous diff) OpenBSD-Commit-ID: 65a4f66436028748b59fb88b264cb8c94ce2ba63
2020-06-19upstream: avoid spurious "Unable to load host key" message whendjm@openbsd.org
sshd can load a private key but no public counterpart; with & ok markus@ OpenBSD-Commit-ID: 0713cbdf9aa1ff8ac7b1f78b09ac911af510f81b
2020-06-12upstream: correct RFC number; from HARUYAMA Seigo via GH PR191djm@openbsd.org
OpenBSD-Commit-ID: 8d03b6c96ca98bfbc23d3754c3c33e1fe0852e10
2020-06-05upstream: unbreak "sshd -ddd" - close of config passing fd happened toodjm@openbsd.org
early. ok markus@ OpenBSD-Commit-ID: 49346e945c6447aca3e904e65fc400128d2f8ed0
2020-06-05Add support for AUDIT_ARCH_RISCV64Andreas Schwab
2020-06-05upstream: make sshbuf_putb(b, NULL) a no-opdjm@openbsd.org
OpenBSD-Commit-ID: 976fdc99b500e347023d430df372f31c1dd128f7
2020-06-05upstream: make sshbuf_dump() args constdjm@openbsd.org
OpenBSD-Commit-ID: b4a5accae750875d665b862504169769bcf663bd
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-05 16:59:15 +0000