summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-08-27upstream: let the "Confirm user presence for key ..." ssh-askpassdjm@openbsd.org
notification respect $SSH_ASKPASS_REQUIRE; ok markus@ OpenBSD-Commit-ID: 7c1a616b348779bda3b9ad46bf592741f8e206c1
2020-08-21Remove check for 'ent' command.Darren Tucker
It was added in 8d1fd57a9 for measuring entropy of ssh_prng_cmds which has long since been removed and there are no other references to it.
2020-08-17Wrap stdint.h include in ifdef HAVE_STDINT_H.Darren Tucker
2020-08-10sync memmem.c with OpenBSDDamien Miller
2020-08-07Always send any PAM account messages.Darren Tucker
If the PAM account stack reaturns any messages, send them to the user not just if the check succeeds. bz#2049, ok djm@
2020-08-07Output test debug logs on failure.Darren Tucker
2020-08-07Add ability to specify exact test target.Darren Tucker
2020-08-07Document --without-openssl and --without-zlib.Darren Tucker
2020-08-07Add without-openssl without-zlib test target.Darren Tucker
2020-08-06Add CI with prepare scriptStefan Schindler
* Only use heimdal kerberos implementation * Fetch yubico/libfido2 (see: https://github.com/Yubico/libfido2) * Add one target for * all features * each feature alone * no features
2020-08-05support NetBSD's utmpx.ut_ss address fieldDamien Miller
bz#960, ok dtucker
2020-08-04wrap a declaration in the same ifdefs as its useDamien Miller
avoids warnings on NetBSD
2020-08-04undef TAILQ_CONCAT and friendsDamien Miller
Needed for NetBSD. etc that supply these macros
2020-08-03upstream: ensure that certificate extensions are lexically sorted.djm@openbsd.org
Previously if the user specified a custom extension then the everything would be in order except the custom ones. bz3198 ok dtucker markus OpenBSD-Commit-ID: d97deb90587b06cb227c66ffebb2d9667bf886f0
2020-08-03upstream: allow -A to explicitly enable agent forwarding in scp anddjm@openbsd.org
sftp. The default remains to not forward an agent, even when ssh_config enables it. ok jmc dtucker markus OpenBSD-Commit-ID: 36cc526aa3b0f94e4704b8d7b969dd63e8576822
2020-08-03upstream: clang -Wimplicit-fallthrough does not recognise /*deraadt@openbsd.org
FALLTHROUGH */ comments, which is the style we currently use, and gives too many boring warnings. ok djm OpenBSD-Commit-ID: 07b5031e9f49f2b69ac5e85b8da4fc9e393992a0
2020-08-03upstream: Also compare username when checking for JumpHost loops.dtucker@openbsd.org
bz#3057, ok djm@ OpenBSD-Commit-ID: 9bbc1d138adb34c54f3c03a15a91f75dbf418782
2020-07-31Remove AC_REVISION.Darren Tucker
It hasn't been useful since we switched to git in 2014. ok djm@
2020-07-28Use argv in OSSH_CHECK_CFLAG_COMPILE test.Darren Tucker
configure.ac is not detecting -Wextra in compilers that implement the option. The problem is that -Wextra implies -Wunused-parameter, and the C excerpt used by aclocal.m4 does not use argv. Patch from pedro at ambientworks.net, ok djm@
2020-07-20Skip ECDSA-SK webauthn test when built w/out ECCDarren Tucker
2020-07-20Add ssh-sk-helper and manpage to RPM spec fileDamien Miller
Based on patch from Fabio Pedretti
2020-07-17upstream: Add %k to the TOKENs for Match Exec for consistency withdtucker@openbsd.org
the other keywords that recently got %k. OpenBSD-Commit-ID: 1857d1c40f270cbc254fca91e66110641dddcfdb
2020-07-17upstream: fix macro slip in previous;jmc@openbsd.org
OpenBSD-Commit-ID: 624e47ab209450ad9ad5c69f54fa69244de5ed9a
2020-07-17upstream: Add test for '%k' (HostKeyAlias) TOKEN.dtucker@openbsd.org
OpenBSD-Regress-ID: 8ed1ba1a811790031aad3fcea860a34ad7910456
2020-07-17upstream: Add tests for expansions on UserKnownHostsFile.dtucker@openbsd.org
OpenBSD-Regress-ID: bccf8060306c841bbcceb1392644f906a4d6ca51
2020-07-17upstream: log error message for process_write() write failuresdjm@openbsd.org
OpenBSD-Commit-ID: f733d7b3b05e3c68967dc18dfe39b9e8fad29851
2020-07-17upstream: Add a '%k' TOKEN that expands to the effective HostKey ofdtucker@openbsd.org
the destination. This allows, eg, keeping host keys in individual files using "UserKnownHostsFile ~/.ssh/known_hosts.d/%k". bz#1654, ok djm@, jmc@ (man page bits) OpenBSD-Commit-ID: 7084d723c9cc987a5c47194219efd099af5beadc
2020-07-17upstream: Add %-TOKEN, environment variable and tilde expansion todtucker@openbsd.org
UserKnownHostsFile, allowing the file to be automagically split up in the configuration (eg bz#1654). ok djm@, man page parts jmc@ OpenBSD-Commit-ID: 7e1b406caf147638bb51558836a72d6cc0bd1b18
2020-07-17upstream: - Add [-a rounds] in ssh-keygen man page and usage() -solene@openbsd.org
Reorder parameters list in the first usage() case - Sentence rewording ok dtucker@ jmc@ noticed usage() missed -a flag too OpenBSD-Commit-ID: f06b9afe91cc96f260b929a56e9930caecbde246
2020-07-17upstream: start sentence with capital letter;jmc@openbsd.org
OpenBSD-Commit-ID: ab06581d51b2b4cc1b4aab781f7f3cfa56cad973
2020-07-17detect Linux/X32 systemsDamien Miller
This is a frankenstein monster of AMD64 instructions/calling conventions but with a 4GB address space. Allegedly deprecated but people still run into it causing weird sandbox failures, e.g. bz#3085
2020-07-15upstream: Fix previous by calling the correct function.dtucker@openbsd.org
OpenBSD-Regress-ID: 821cdd1dff9c502cceff4518b6afcb81767cad5a
2020-07-15upstream: Update test to match recent change in match.cdtucker@openbsd.org
OpenBSD-Regress-ID: 965bda1f95f09a765050707340c73ad755f41167
2020-07-15Adjust portable code to match changes in 939d787d,Darren Tucker
2020-07-15upstream: Add default for number of rounds (-a). ok djm@dtucker@openbsd.org
OpenBSD-Commit-ID: cb7e9aa04ace01a98e63e4bd77f34a42ab169b15
2020-07-15upstream: allow some additional control over the use of ssh-askpassdjm@openbsd.org
via $SSH_ASKPASS_REQUIRE, including force-enable/disable. bz#69 ok markus@ OpenBSD-Commit-ID: 3a1e6cbbf6241ddc4405c4246caa2c249f149eb2
2020-07-15upstream: correct recently broken commentsderaadt@openbsd.org
OpenBSD-Commit-ID: 964d9a88f7de1d0eedd3f8070b43fb6e426351f1
2020-07-15upstream: some language improvements; ok markusdjm@openbsd.org
OpenBSD-Commit-ID: 939d787d571b4d5da50b3b721fd0b2ac236acaa8
2020-07-15upstream: update setproctitle after re-exec; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: bc92d122f9184ec2a9471ade754b80edd034ce8b
2020-07-15upstream: keep ignoring HUP after fork+exec; ok djmmarkus@openbsd.org
OpenBSD-Commit-ID: 7679985a84ee5ceb09839905bb6f3ddd568749a2
2020-07-15upstream: don't exit the listener on send_rexec_state errors; okmarkus@openbsd.org
djm OpenBSD-Commit-ID: 57cbd757d130d3f45b7d41310b3a15eeec137d5c
2020-07-15upstream: Use $OBJ to find key files. Fixes test when run on an objdtucker@openbsd.org
directory (on OpenBSD) or out of tree (in Portable). OpenBSD-Regress-ID: 938fa8ac86adaa527d64a305bd2135cfbb1c0a17
2020-07-04Wrap stdint.h in ifdef HAVE_STDINT_H.Darren Tucker
2020-07-03upstream: put back the mux_ctx memleak fix, but only for channels ofdjm@openbsd.org
type SSH_CHANNEL_MUX_LISTENER; Specifically SSH_CHANNEL_MUX_PROXY channels should not have this structure freed. OpenBSD-Commit-ID: f3b213ae60405f77439e2b06262f054760c9d325
2020-07-03upstream: revert r1.399 - the lifetime of c->mux_ctx is more complex;djm@openbsd.org
simply freeing it here causes other problems OpenBSD-Commit-ID: c6fee8ca94e2485faa783839541962be2834c5ed
2020-07-03upstream: avoid tilde_expand_filename() in expanding ~/.ssh/rc - ifdjm@openbsd.org
sshd is in chroot mode, the likely absence of a password database will cause tilde_expand_filename() to fatal; ok dtucker@ OpenBSD-Commit-ID: e20aee6159e8b79190d18dba1513fc1b7c8b7ee1
2020-07-03upstream: when redirecting sshd's log output to a file, undo thisdjm@openbsd.org
redirection after the session child process is forked(); ok dtucker@ OpenBSD-Commit-ID: 6df86dd653c91f5bc8ac1916e7680d9d24690865
2020-07-03upstream: start ClientAliveInterval bookkeeping before first passdjm@openbsd.org
through select() loop; fixed theoretical case where busy sshd may ignore timeouts from client; inspired by and ok dtucker OpenBSD-Commit-ID: 96bfc4b1f86c7da313882a84755b2b47eb31957f
2020-07-03add check for fido_cred_set_prot() to configureDamien Miller
2020-07-03upstream: Only reset the serveralive check when we receive traffic fromdtucker@openbsd.org
the server and ignore traffic from a port forwarding client, preventing a client from keeping a connection alive when it should be terminated. Based on a patch from jxraynor at gmail.com via openssh-unix-dev and bz#2265, ok djm@ OpenBSD-Commit-ID: a941a575a5cbc244c0ef5d7abd0422bbf02c2dcd
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-21 05:25:21 +0000