Age | Commit message (Collapse) | Author |
|
willing to parse on a single authorized_keys line; ok deraadt@
OpenBSD-Commit-ID: a43a752c2555d26aa3fc754805a476f6e3e30f46
|
|
Fixes build on some other platforms that don't have va_list immediately
available (eg NetBSD).
|
|
Should fix some compiler warnings on IRIX (bz#3032).
|
|
|
|
We shipped a BSD implementation of realpath() because sftp-server
depended on its behaviour.
OpenBSD is now moving to a more strictly POSIX-compliant realpath(2),
so sftp-server now unconditionally requires its own BSD-style realpath
implementation. As such, there is no need to carry another independant
implementation in openbsd-compat.
ok dtucker@
|
|
OpenBSD-Commit-ID: 824baf9c59afc66a4637017e397b9b74a41684e7
|
|
OpenBSD-Commit-ID: 5ea3d63ab972691f43e9087ab5fd8376d48e898f
|
|
OpenBSD-Commit-ID: 3919cdd58989786660b8269b325646ef8856428e
|
|
sftp-server use ahead of OpenBSD's realpath changing to match POSIX;
ok deraadt@ (thanks for snaps testing)
OpenBSD-Commit-ID: 4f8cbf7ed8679f6237264301d104ecec64885d55
|
|
|
|
UID and GID types vary by platform so cast to u_long and use %lu when
printing them to prevent warnings.
|
|
|
|
When configured --with-prngd-socket the code had a missing bracket after
an API change. Fix that and a couple of warnings. bz#3032 , from
ole.weidner at protonmail.ch
|
|
OpenBSD-Regress-ID: 405beda94e32aa6cc9c80969152fab91f7c54bd3
|
|
A recent regress change (2a9b3a2ce411d16cda9c79ab713c55f65b0ec257 in
portable) broke the PuTTY and Twisted Conch interop tests, because the
key they want to use is now called ssh-rsa rather than rsa. Adapt the
tests to the new file names. bz#3020, patch from cjwatson at debian.org.
OpenBSD-Regress-ID: fd342a37db4d55aa4ec85316f73082c8eb96e64e
|
|
Currently when the multiplex client requests a forward it returns
once the request has been sent but not necessarily when the forward
is up. This causes intermittent text failures due to this race,
so add some sleeps to mitigate this until we can fix it properly.
OpenBSD-Regress-ID: 384c7d209d2443d25ea941d7f677e932621fb253
|
|
|
|
Some platforms (eg AIX and Cygwin) do not have a "tty" group. In those
cases we will fall back to making the tty device the user's primary
group, so do not fatal if the group lookup fails. ok djm@
|
|
OpenBSD-Commit-ID: d148c1c052fa0ed7d105b5428b5c1bab91630048
|
|
OpenBSD-Commit-ID: 668e8d022ed4ab847747214f64119e5865365fa1
|
|
OpenBSD-Commit-ID: a261c421140a0639bb2b66bbceca72bf8239749d
|
|
some arbitrary value < 0. errno is only updated in this case. Change all
(most?) callers of syscalls to follow this better, and let's see if this
strictness helps us in the future.
OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
|
|
upon error the (very sloppy specification) leaves an undefined value in *ret,
so it is wrong to inspect it, the error condition is enough. discussed a
little with nicm, and then much more with millert until we were exasperated
OpenBSD-Commit-ID: 29258fa51edf8115d244b9d4b84028487bf8923e
|
|
OpenBSD-Commit-ID: 702e765d1639b732370d8f003bb84a1c71c4d0c6
|
|
precise == -1. ok millert nicm tb, etc
OpenBSD-Commit-ID: caecf8f57938685c04f125515b9f2806ad408d53
|
|
=?UTF-8?q?or=20path=20added=20in=20last=20commit;=20spotted=20by=20Reynir?=
=?UTF-8?q?=20Bj=C3=B6rnsson?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
ok deraadt@ markus@ tb@
OpenBSD-Commit-ID: b11b084bcc551b2c630560eb08618dd501027bbd
|
|
Readme regress document is missing various individual tests,
which are supported currently. Update README to
include those test cases.
|
|
=?UTF-8?q?n=20error=20path.=20=20From=20Erik=20Sj=C3=B6lund=20via=20githu?=
=?UTF-8?q?b,=20ok=20djm@=20deraadt@?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
OpenBSD-Commit-ID: 62a4893cf83b29a4bbfedc40e7067c25c203e632
|
|
via oss-fuzz
OpenBSD-Commit-ID: 1ea0ba05ded2c5557507bd844cd446e5c8b5b3b7
|
|
OpenBSD-Regress-ID: 298890bc52f0cd09dba76dc1022fabe89bc0ded6
|
|
speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer
and Rambleed. This change encrypts private keys when they are not in use with
a symmetic key that is derived from a relatively large "prekey" consisting of
random data (currently 16KB).
Attackers must recover the entire prekey with high accuracy before
they can attempt to decrypt the shielded private key, but the current
generation of attacks have bit error rates that, when applied
cumulatively to the entire prekey, make this unlikely.
Implementation-wise, keys are encrypted "shielded" when loaded and then
automatically and transparently unshielded when used for signatures or
when being saved/serialised.
Hopefully we can remove this in a few years time when computer
architecture has become less unsafe.
been in snaps for a bit already; thanks deraadt@
ok dtucker@ deraadt@
OpenBSD-Commit-ID: 19767213c312e46f94b303a512ef8e9218a39bd4
|
|
an uninitialised variable; spotted by dtucker@
OpenBSD-Commit-ID: 02802018784250f68202f01c8561de82e17b0638
|
|
optional, not local-path - sync help
from deraadt:
- prefer -R and undocument -r (but add a comment for future editors)
from schwarze:
- prefer -p and undocument -P (as above. the comment was schwarze's too)
more:
- add the -f flag to reput and reget
- sort help (i can;t remember who suggested this originally)
djm and deraadt were ok with earlier versions of this;
tim and schwarze ok
OpenBSD-Commit-ID: 3c699b53b46111f5c57eed4533f132e7e58bacdd
|
|
resolve to LONG_MAX Reported by Kirk Wolf bz2977; ok dtucker
OpenBSD-Regress-ID: 15c9fe87be1ec241d24707006a31123d3a3117e0
|
|
OpenBSD-Regress-ID: 69d5b6f278e04ed32377046f7692c714c2d07a68
|
|
OpenBSD-Regress-ID: d4c34916fe20d717692f10ef50b5ae5a271c12c7
|
|
Patch from mforney at mforney.org.
|
|
Cast bitcount to u_in64_t before bit shifting to prevent integer overflow
on 32bit platforms which cause incorrect results when adding a block
>=512M in size. sha1 patch from ante84 at gmail.com via openssh github,
sha2 with djm@, ok tedu@
|
|
Wrap blowfish, sha*, md5, and rmd160 so that internal calls go direct
ok deraadt@
|
|
|
|
in hash Final and End functions. OK deraadt@ djm@
|
|
specifies multiple -J options on the commandline. bz3015 ok dtucker@
OpenBSD-Commit-ID: 181c15a65cac3b575819bc8d9a56212c3c748179
|
|
correct signature algorithm when requested. Patch from Jakub Jelen in bz3016
ok dtucker markus
OpenBSD-Commit-ID: 61f86efbeb4a1857a3e91298c1ccc6cf49b79624
|
|
files before consulting AuthorizedKeysCommand; ok dtucker markus
OpenBSD-Commit-ID: 13652998bea5cb93668999c39c3c48e8429db8b3
|
|
OpenBSD-Commit-ID: 582e2bd05854e49365195b58989b68ac67f09140
|
|
dtucker
OpenBSD-Commit-ID: 4ade73629ede63b691f36f9a929f943d4e7a44e4
|
|
the "Hostname" and "X11UseLocalhost" keywords; this makes things consistent
(effectively reversing my commit of yesterday);
ok deraadt markus djm
OpenBSD-Commit-ID: 255c02adb29186ac91dcf47dfad7adb1b1e54667
|
|
tirkkonen
OpenBSD-Commit-ID: 0c267a1257ed7482b13ef550837b6496e657d563
|
|
Patch from knweiss at gmail.com via github pull req #97 (portable-
specific parts).
|
|
Patch from knweiss at gmail.com via -portable.
OpenBSD-Commit-ID: 2577465442f761a39703762c4f87a8dfcb918b4b
|