summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-10-04upstream: spacedjm@openbsd.org
OpenBSD-Commit-ID: 350648bcf00a2454e7ef998b7d88e42552b348ac
2019-10-04upstream: more sshsig regress tests: check key revocation, thedjm@openbsd.org
check-novalidate signature test mode and signing keys in ssh-agent. From Sebastian Kinne (slightly tweaked) OpenBSD-Regress-ID: b39566f5cec70140674658cdcedf38752a52e2e2
2019-10-04upstream: Check for gmtime failure in moduli generation. Based ondtucker@openbsd.org
patch from krishnaiah.bommu@intel.com, ok djm@ OpenBSD-Commit-ID: 4c6a4cde0022188ac83737de08da0e875704eeaa
2019-10-04upstream: use a more common options order in SYNOPSIS and syncjmc@openbsd.org
usage(); while here, no need for Bk/Ek; ok dtucker OpenBSD-Commit-ID: 38715c3f10b166f599a2283eb7bc14860211bb90
2019-10-02upstream: thinko in previous; spotted by Mantasdjm@openbsd.org
=?UTF-8?q?=20Mikul=C4=97nas?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenBSD-Commit-ID: ffa3f5a45e09752fc47d9041e2203ee2ec15b24d
2019-10-02upstream: make signature format match PROTOCOdjm@openbsd.org
=?UTF-8?q?=20as=20a=20string,=20not=20raw=20bytes.=20Spotted=20by=20Manta?= =?UTF-8?q?s=20Mikul=C4=97nas?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenBSD-Commit-ID: 80fcc6d52893f80c6de2bedd65353cebfebcfa8f
2019-10-02upstream: ban empty namespace strings for sdjm@openbsd.org
=?UTF-8?q?shsig;=20spotted=20by=20Mantas=20Mikul=C4=97nas?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenBSD-Commit-ID: 7c5bcf40bed8f4e826230176f4aa353c52aeb698
2019-10-02Put ssherr.h back as it's actually needed.Darren Tucker
2019-10-02Deny (non-fatal) shmget/shmat/shmdt in preauth privsep child.Lonnie Abelbeck
New wait_random_seeded() function on OpenSSL 1.1.1d uses shmget, shmat, and shmdt in the preauth codepath, deny (non-fatal) in seccomp_filter sandbox.
2019-10-02remove duplicate #includesDamien Miller
Prompted by Jakub Jelen
2019-10-02typo in commentDamien Miller
2019-10-02upstream: remove some duplicate #includesdjm@openbsd.org
OpenBSD-Commit-ID: ed6827ab921eff8027669848ef4f70dc1da4098c
2019-10-01upstream: revert unconditional forced login implemented in r1.41 ofdjm@openbsd.org
ssh-pkcs11.c; r1.45 added a forced login as a fallback for cases where the token returns no objects and this is less disruptive for users of tokens directly in ssh (rather than via ssh-agent) and in ssh-keygen bz3006, patch from Jakub Jelen; ok markus OpenBSD-Commit-ID: 33d6df589b072094384631ff93b1030103b3d02e
2019-10-01upstream: group and sort single letter options; ok deraadtjmc@openbsd.org
OpenBSD-Commit-ID: e1480e760a2b582f79696cdcff70098e23fc603f
2019-10-01upstream: fix the DH-GEX text in -a; because this required a comma,jmc@openbsd.org
i added a comma to the first part, for balance... OpenBSD-Commit-ID: 2c3464e9e82a41e8cdfe8f0a16d94266e43dbb58
2019-10-01upstream: identity_file[] should be PATH_MAX, not the arbitraryderaadt@openbsd.org
number 1024 OpenBSD-Commit-ID: e775f94ad47ce9ab37bd1410d7cf3b7ea98b11b7
2019-10-01upstream: new sentence, new line;jmc@openbsd.org
OpenBSD-Commit-ID: c35ca5ec07be460e95e7406af12eee04a77b6698
2019-09-30Include stdio.h for snprintf.Darren Tucker
Patch from vapier@gentoo.org.
2019-09-30Add SKIP_LTESTS for skipping specific tests.Darren Tucker
2019-09-27upstream: Test for empty result in expected bits. Remove CRs from logdtucker@openbsd.org
as they confuse tools on some platforms. Re-enable the 3des-cbc test. OpenBSD-Regress-ID: edf536d4f29fc1ba412889b37247a47f1b49d250
2019-09-27Re-enable dhgex test.Darren Tucker
Since we've added larger fallback groups to dh.c this test will pass even if there is no moduli file installed on the system.
2019-09-24Add more ToS bits, currently only used by netcat.Darren Tucker
2019-09-19Privsep is now required.Darren Tucker
2019-09-16upstream: Allow testing signature syntax and validity without verifyingdjm@openbsd.org
that a signature came from a trusted signer. To discourage accidental or unintentional use, this is invoked by the deliberately ugly option name "check-novalidate" from Sebastian Kinne OpenBSD-Commit-ID: cea42c36ab7d6b70890e2d8635c1b5b943adcc0b
2019-09-13upstream: clarify that IdentitiesOnly also applies to the defaultdjm@openbsd.org
~/.ssh/id_* keys; bz#3062 OpenBSD-Commit-ID: 604be570e04646f0f4a17026f8b2aada6a585dfa
2019-09-13upstream: Plug mem leaks on error paths, based in part on githubdtucker@openbsd.org
pr#120 from David Carlier. ok djm@. OpenBSD-Commit-ID: c57adeb1022a8148fc86e5a88837b3b156dbdb7e
2019-09-13upstream: whitespacedjm@openbsd.org
OpenBSD-Commit-ID: 57a71dd5f4cae8d61e0ac631a862589fb2bfd700
2019-09-13upstream: allow %n to be expanded in ProxyCommand stringsdjm@openbsd.org
From Zachary Harmany via github.com/openssh/openssh-portable/pull/118 ok dtucker@ OpenBSD-Commit-ID: 7eebf1b7695f50c66d42053d352a4db9e8fb84b6
2019-09-13upstream: clarify that ConnectTimeout applies both to the TCPdjm@openbsd.org
connection and to the protocol handshake/KEX. From Jean-Charles Longuet via Github PR140 OpenBSD-Commit-ID: ce1766abc6da080f0d88c09c2c5585a32b2256bf
2019-09-13upstream: Fix potential truncation warning. ok deraadt.dtucker@openbsd.org
OpenBSD-Commit-ID: d87b7e3a94ec935e8194e7fce41815e22804c3ff
2019-09-13memleak of buffer in sshpam_queryDamien Miller
coverity report via Ed Maste; ok dtucker@
2019-09-13explicitly test set[ug]id() return valuesDamien Miller
Legacy !_POSIX_SAVED_IDS path only; coverity report via Ed Maste ok dtucker@
2019-09-08upstream: Allow prepending a list of algorithms to the default setnaddy@openbsd.org
by starting the list with the '^' character, e.g. HostKeyAlgorithms ^ssh-ed25519 Ciphers ^aes128-gcm@openssh.com,aes256-gcm@openssh.com ok djm@ dtucker@ OpenBSD-Commit-ID: 1e1996fac0dc8a4b0d0ff58395135848287f6f97
2019-09-08upstream: key conversion should fail for !openssl builds, not falldjm@openbsd.org
through to the key generation code OpenBSD-Commit-ID: b957436adc43c4941e61d61958a193a708bc83c9
2019-09-08upstream: typo in previousdjm@openbsd.org
OpenBSD-Commit-ID: 7c3b94110864771a6b80a0d8acaca34037c3c96e
2019-09-08needs time.h for --without-opensslDamien Miller
2019-09-08make unittests pass for no-openssl caseDamien Miller
2019-09-06upstream: avoid compiling certain files that deeply depend ondjm@openbsd.org
libcrypto when WITH_OPENSSL isn't set OpenBSD-Commit-ID: 569f08445c27124ec7c7f6c0268d844ec56ac061
2019-09-06upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@djm@openbsd.org
OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f
2019-09-06upstream: lots of things were relying on libcrypto headers todjm@openbsd.org
transitively include various system headers (mostly stdlib.h); include them explicitly OpenBSD-Commit-ID: 5b522f4f2d844f78bf1cc4f3f4cc392e177b2080
2019-09-06upstream: remove leakmalloc reference; we used this early whendjm@openbsd.org
refactoring but not since OpenBSD-Commit-ID: bb28ebda8f7c490b87b37954044a6cdd43a7eb2c
2019-09-06upstream: Check for RSA support before using it for the user key,dtucker@openbsd.org
otherwise use ed25519 which is supported when built without OpenSSL. OpenBSD-Regress-ID: 3d23ddfe83c5062f00ac845d463f19a2ec78c0f7
2019-09-06Provide explicit path to configure-check.Darren Tucker
On some platforms (at least OpenBSD) make won't search VPATH for target files, so building out-of-tree will fail at configure-check. Provide explicit path. ok djm@
2019-09-06upstream: better error code for bad arguments; inspired bydjm@openbsd.org
OpenBSD-Commit-ID: dfc263b6041de7f0ed921a1de0b81ddebfab1e0a
2019-09-05revert config.h/config.h.in freshness checksDamien Miller
turns out autoreconf and configure don't touch some files if their content doesn't change, so the mtime can't be relied upon in a makefile rule
2019-09-05extend autoconf freshness testDamien Miller
make it cover config.h.in and config.h separately
2019-09-05check that configure/config.h is up to dateDamien Miller
Ensure they are newer than the configure.ac / aclocal.m4 source
2019-09-05upstream: if a PKCS#11 token returns no keys then try to login anddjm@openbsd.org
refetch them. Based on patch from Jakub Jelen; bz#2430 ok markus@ OpenBSD-Commit-ID: ab53bd6ddd54dd09e54a8bfbed1a984496f08b43
2019-09-05upstream: sprinkle in some explicit errors here, otherwise thedjm@openbsd.org
percolate all the way up to dispatch_run_fatal() and lose all meaninful context to help with bz#3063; ok dtucker@ OpenBSD-Commit-ID: 5b2da83bb1c4a3471444b7910b2120ae36438a0a
2019-09-05upstream: only send ext_info for KEX_INITIAL; bz#2929 ok dtuckerdjm@openbsd.org
OpenBSD-Commit-ID: 00f5c6062f6863769f5447c6346f78c05d2e4a63