| Age | Commit message (Collapse) | Author |
|---|
|
bz#3052; ok dtucker
OpenBSD-Commit-ID: a91b2a8d5f1053d34d7fce44523c53fb534ba914
|
|
from likan_999.student AT sina.com
|
|
Dropping this privilege removes the ability to create hard links to
files owned by other users. This is required for the legacy sftp rename
operation.
bz#3036; approach ok Alex Wilson (the original author of the Solaris
sandbox/pledge replacement code)
|
|
supported even when built without OpenSSL. Use RSA for the secondary type
test if supported, otherwise skip it. Fixes this test for !OpenSSL builds.
OpenBSD-Regress-ID: 101cb34a84fd974c623bdb2e496f25a6e91be109
|
|
sshbuf-misc.c to regress as it was done in ssh make file. from Moritz Buhl
OpenBSD-Regress-ID: 9e1c23476bb845f3cf3d15d9032da3ed0cb2fcf5
|
|
Enable -Wextra if compiler supports it
Set -Wno-error=format-truncation if available to prevent expected
string truncations in openbsd-compat from breaking -Werror builds
|
|
Refactor closefrom() to use a single brute-force close() loop fallback.
Based on patch from likan_999.student@sina.com in bz#3049. ok dtucker@
|
|
Options such as Ciphers take values that may be a list of ciphers; the
complete list, not indiviual elements, may be prefixed with a dash or plus
character to remove from or append to the default list respectively.
Users might read the current text as if each elment took an optional prefix,
so tweak the wording from "values" to "list" to prevent such ambiguity for
all options supporting this semantics (those that provide a list of
available elements via "ssh -Q ...").
Input and OK jmc
OpenBSD-Commit-ID: 4fdd175b0e5f5cb10ab3f26ccc38a93bb6515d57
|
|
OpenBSD-Commit-ID: 99dd10e72c04e93849981d43d64c946619efa474
|
|
There is no parameter called "pathname", it should simply be "path".
bz#3059, patch from samuel at cendio.se.
|
|
Restrict to PROT_(READ|WRITE|NONE), i.e. exclude PROT_EXEC
|
|
Used by some hardened heap allocators. Requested by Yegor
Timoshenko in https://github.com/openssh/openssh-portable/pull/142
|
|
fixed buffer; ok markus@
OpenBSD-Commit-ID: 3f9ef20bca5ef5058b48c1cac67c53b9a1d15711
|
|
incorrectly during "match exec" processing. bz#2791 reported by Dario
Bertini; ok dtucker
OpenBSD-Commit-ID: cf9eddd6a6be726cb73bd9c3936f3888cd85c03d
|
|
"unresponsive" to clarify what it checks for. Patch from jblaine at
kickflop.net via github pr#129, ok djm@.
OpenBSD-Commit-ID: 3682f8ec7227f5697945daa25d11ce2d933899e9
|
|
-b which allows better error messages from later validation. bz#3050, ok
djm@
OpenBSD-Commit-ID: 10adf6876b2401b3dc02da580ebf67af05861673
|
|
the size restrictions and apply the default size only to the matching key
type. tweak and ok dtucker@
OpenBSD-Commit-ID: b825de92d79cc4cba19b298c61e99909488ff57e
|
|
sshkey_load_private_type will now return SSH_ERR_KEY_BAD_PERMISSIONS in that
case. Patch from jitendra.sharma at intel.com, ok djm@
OpenBSD-Commit-ID: 07916a17ed0a252591b71e7fb4be2599cb5b0c77
|
|
Patch from jitendra.sharma at intel.com.
|
|
bz#3037 from Jitendra Sharma
OpenBSD-Regress-ID: 71440fa9186f5842a65ce9a27159385c6cb6f751
|
|
OpenBSD-Commit-ID: 82f6de7438ea7ee5a14f44fdf5058ed57688fdc3
|
|
search/comparison argument, instead of a u_char*. Saves callers needing to
cast.
OpenBSD-Commit-ID: d63b69b7c5dd570963e682f758f5a47b825605ed
|
|
forwarding the gpg-agent (and options ControlMaster+RemoteForward in
ssh_config(5)) then the codepath taken will call mux_client_request_session
-> mm_send_fd -> sendmsg(2). Since sendmsg(2) is not allowed in that codepath
then pledge(2) kills the process.
The solution is to add "sendfd" to pledge(2), which is not too bad considering
a little bit later we reduce pledge(2) to only "stdio proc tty" in that
codepath.
Problem reported and diff provided by Timothy Brown <tbrown at freeshell.org>
OK deraadt@
OpenBSD-Commit-ID: 7ce38b6542bbec00e441595d0a178e970a9472ac
|
|
a comma is a dot. Patch from hnj2 via github pr#141.
OpenBSD-Commit-ID: 01f5a460438ff1af09aab483c0a70065309445f0
|
|
This puts the "all tests passed" message back at the end where the
test harnesses can find it.
|
|
|
|
means we have to skip a couple tests when only one key type is supported.
OpenBSD-Regress-ID: 22d05befb9c7ce21ce8dc22acf1ffe9e2ef2e95e
|
|
The DH-GEX override doesn't work when build without OpenSSL, and
we'll prefer curve25519 these days, removing the need for it.
|
|
ed25519 since it's supported by both OpenSSL and non-OpenSSL builds.
OpenBSD-Regress-ID: 9f2bb3eadd50fcc8245b1bd8fd6f0e53602f71aa
|
|
supported for both OpenSSL and non-OpenSSL builds.
OpenBSD-Regress-ID: 174be4be876edd493e4a5c851e5bc579885e7a0a
|
|
algorithms. Allows tests to pass when built without OpenSSL.
OpenBSD-Regress-ID: 617169a6dd9d06db3697a449d9a26c284eca20fc
|
|
supported by the binaries.
OpenBSD-Regress-ID: fcbd115efacec8ab0ecbdb3faef79ac696cb1d62
|
|
OpenBSD-Regress-ID: 770e31fe61dc33ed8eea9c04ce839b33ddb4dc96
|
|
Splits test into file-tests, t-exec, unit and interop-tests and their
respective dependencies. Should allow running any set individually
without having to build the other dependencies that are not needed
for that specific test.
|
|
|
|
|
|
|
|
Split the binaries for the unit tests out into a regress-unit-binaries
target, and add a dependency on it for only the unit tests. This allows
us to run the integration tests only ("make t-exec") without building
the unit tests, which allows us to run a subset of the tests when
building --without-openssl without trying (and failing) to build the
unit tests.
This means there are two targets for "unit" which I *think* is valid
(it works in testing, and makedepend will generate Makefiles of this
form)a but I could be wrong.
|
|
DH-GEX.
OpenBSD-Regress-ID: 7c918230d969ecf7656babd6191a74526bffbffd
|
|
binaries.
OpenBSD-Regress-ID: e3f0938a0a7407e2dfbb90abc3ec979ab6e8eeea
|
|
by the binary.
OpenBSD-Regress-ID: 395a54cab16e9e4ece9aec047ab257954eebd413
|
|
It's not needed on -portable (that's handled by includes.h) and not all
platforms have it.
|
|
|
|
|
|
Rather than attempt to apply 14 years' worth of changes to OpenBSD's sha2
I imported the current versions directly then re-applied the portability
changes. This also allowed re-syncing digest-libc.c against upstream.
|
|
These are not changed from their original state, the next commit will
re-apply the portable changes.
|
|
When valgrind is enabled, test-exec.sh counts the number of invocations
that valgrind detects failures in, not the total number of errors detected.
This makes the name to be more accurate.
|
|
|
|
test. They were originally required to work with Protocol 1, but now we can
use ssh -N and the control socket without the sleeps. While there, suppress
output fro the control exit commands.
OpenBSD-Regress-ID: 4c51a1d651242f12c90074c18c61008a74c1c790
|
|
OpenBSD-Regress-ID: 1596ab168729954be3d219933b2d01cc93687e76
|
