summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-05-07upstream: openssh-8.3; ok deraadt@djm@openbsd.org
OpenBSD-Commit-ID: c8831ec88b9c750f5816aed9051031fb535d22c1
2020-05-07upstream: another case where a utimes() failure could make scp senddjm@openbsd.org
a desynchronising error; reminded by Aymeric Vincent ok deraadt markus OpenBSD-Commit-ID: 2ea611d34d8ff6d703a7a8bf858aa5dbfbfa7381
2020-05-07Check if -D_REENTRANT is needed for localtime_r.Darren Tucker
On at least HP-UX 11.11, the localtime_r declararation is behind ifdef _REENTRANT. Check for and add if needed.
2020-05-05Skip security key tests if ENABLE_SK not set.Darren Tucker
2020-05-04upstream: sure enough, some of the test data that we though were indjm@openbsd.org
new format were actually in the old format; fix from Michael Forney OpenBSD-Regress-ID: a41a5c43a61b0f0b1691994dbf16dfb88e8af933
2020-05-04upstream: make mktestdata.sh generate old/new format keys that wedjm@openbsd.org
expect. This script was written before OpenSSH switched to new-format private keys by default and was never updated to the change (until now) From Michael Forney OpenBSD-Regress-ID: 38cf354715c96852e5b71c2393fb6e7ad28b7ca7
2020-05-04upstream: portability fix for sed that always emil a newline evendjm@openbsd.org
if the input does not contain one; from Michael Forney OpenBSD-Regress-ID: 9190c3ddf0d2562ccc02c4a95fce0e392196bfc7
2020-05-04upstream: remove obsolete RSA1 test keys; spotted by Michael Forneydjm@openbsd.org
OpenBSD-Regress-ID: 6384ba889594e217d166908ed8253718ab0866da
2020-05-02Update .depend.Darren Tucker
2020-05-02Remove use of tail for 'make depend'.Darren Tucker
Not every tail supports +N and we can do with out it so just remove it. Prompted by mforney at mforney.org.
2020-05-02upstream: we have a sshkey_save_public() function to save public keys;djm@openbsd.org
use it and save a bunch of redundant code. Patch from loic AT venez.fr; ok markus@ djm@ OpenBSD-Commit-ID: f93e030a0ebcd0fd9054ab30db501ec63454ea5f
2020-05-01Use LONG_LONG_MAX and friends if available.Darren Tucker
If we don't have LLONG_{MIN,MAX} but do have LONG_LONG_{MIN,MAX} then use those instead. We do calculate these values in configure, but it turns out that at least one compiler (old HP ANSI C) can't parse "-9223372036854775808LL" without mangling it. (It can parse "-9223372036854775807LL" which is presumably why its limits.h defines LONG_LONG_MIN as the latter minus 1.) Fixes rekey test when compiled with the aforementioned compiler.
2020-05-01upstream: when receving a file in sink(), be careful to send atdjm@openbsd.org
most a single error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache. ok deraadt@ markus@ OpenBSD-Commit-ID: 6c14d233c97349cb811a8f7921ded3ae7d9e0035
2020-05-01upstream: expose vasnmprintf(); ok (as part of other commit) markusdjm@openbsd.org
deraadt OpenBSD-Commit-ID: 2e80cea441c599631a870fd40307d2ade5a7f9b5
2020-05-01upstream: avoid NULL dereference when attempting to convert invaliddjm@openbsd.org
ssh.com private keys using "ssh-keygen -i"; spotted by Michael Forney OpenBSD-Commit-ID: 2e56e6d26973967d11d13f56ea67145f435bf298
2020-05-01See if SA_RESTART signals will interrupt select().Darren Tucker
On some platforms (at least older HP-UXes such as 11.11, possibly others) setting SA_RESTART on signal handers will cause it to not interrupt select(), at least for calls that do not specify a timeout. Try to detect this and if found, don't use SA_RESTART. POSIX says "If SA_RESTART has been set for the interrupting signal, it is implementation-dependent whether select() restarts or returns with [EINTR]" so this behaviour is within spec.
2020-05-01fix reversed testDamien Miller
2020-05-01wrap sha2.h inclusion in #ifdef HAVE_SHA2_HDamien Miller
2020-05-01upstream: adapt dummy FIDO middleware to API change; ok markus@djm@openbsd.org
OpenBSD-Regress-ID: 8bb84ee500c2eaa5616044314dd0247709a1790f
2020-05-01upstream: tweak previous; ok markusjmc@openbsd.org
OpenBSD-Commit-ID: 41895450ce2294ec44a5713134491cc31f0c09fd
2020-05-01upstream: bring back debug() removed in rev 1.74; noted by pradeepmarkus@openbsd.org
kumar OpenBSD-Commit-ID: 8d134d22ab25979078a3b48d058557d49c402e65
2020-05-01upstream: run the 2nd ssh with BatchMode for scp -3markus@openbsd.org
OpenBSD-Commit-ID: 77994fc8c7ca02d88e6d0d06d0f0fe842a935748
2020-05-01upstream: when signing a challenge using a FIDO toke, perform thedjm@openbsd.org
hashing in the middleware layer rather than in ssh code. This allows middlewares that call APIs that perform the hashing implicitly (including Microsoft's AFAIK). ok markus@ OpenBSD-Commit-ID: c9fc8630aba26c75d5016884932f08a5a237f37d
2020-05-01upstream: Fix comment typo. Patch from mforney at mforney.org.dtucker@openbsd.org
OpenBSD-Commit-ID: 3565f056003707a5e678e60e03f7a3efd0464a2b
2020-05-01upstream: We've standardized on memset over bzero, replace a coupledtucker@openbsd.org
that had slipped in. ok deraadt markus djm. OpenBSD-Commit-ID: f5be055554ee93e6cc66b0053b590bef3728dbd6
2020-05-01Include sys/byteorder.h for htons and friends.Darren Tucker
These are usually in netinet/in.h but on HP-UX they are not defined if _XOPEN_SOURCE_EXTENDED is set. Only needed for netcat in the regression tests.
2020-05-01Fix conditional for openssl-based chacha20.Darren Tucker
Fixes warnings or link errors when building against older OpenSSLs. ok djm
2020-04-24Error out if given RDomain if unsupported.Darren Tucker
If the config contained 'RDomain %D' on a platform that did not support it, the error would not be detected until runtime resulting in a broken sshd. Detect this earlier and error out if found. bz#3126, based on a patch from jjelen at redhat.com, tweaks and ok djm@
2020-04-24upstream: Fix incorrect error message for "too many known hosts files."dtucker@openbsd.org
bz#3149, patch from jjelen at redhat.com. OpenBSD-Commit-ID: e0fcb07ed5cf7fd54ce340471a747c24454235e5
2020-04-24upstream: Remove leave_non_blocking() which is now dead codedtucker@openbsd.org
because nothing sets in_non_blocking_mode any more. Patch from michaael.meeks at collabora.com, ok djm@ OpenBSD-Commit-ID: c403cefe97a5a99eca816e19cc849cdf926bd09c
2020-04-24upstream: ce examples of "Ar arg Ar arg" with "Ar arg arg" andjmc@openbsd.org
stop the spread; OpenBSD-Commit-ID: af0e952ea0f5e2019c2ce953ed1796eca47f0705
2020-04-24Update .depend.Darren Tucker
2020-04-22Mailing list is now closed to non-subscribers.Darren Tucker
While there, add a reference to the bugzilla. ok djm@
2020-04-22Put the values from env vars back.Darren Tucker
This merges the values from the recently removed environment into make's command line arguments since we actually need those.
2020-04-22Pass configure's egrep through to test-exec.sh.Darren Tucker
Use it to create a wrapper function to call it from tests. Fixes the keygen-comment test on platforms with impoverished default egrep (eg Solaris).
2020-04-22Remove unneeded env vars from t-exec invocation.Darren Tucker
2020-04-22upstream: Backslash '$' at then end of string. Prevents warning ondtucker@openbsd.org
some shells. OpenBSD-Regress-ID: 5dc27ab624c09d34078fd326b10e38c1ce9c741f
2020-04-21Sync rev 1.49.Darren Tucker
Prevent infinite for loop since i went from ssize_t to size_t. Patch from eagleoflqj via OpenSSH github PR#178, ok djm@, feedback & ok millert@
2020-04-20upstream: regression test for printing of private key fingerprints anddjm@openbsd.org
key comments, mostly by loic AT venez.fr (slightly tweaked for portability) ok dtucker@ OpenBSD-Regress-ID: 8dc6c4feaf4fe58b6d634cd89afac9a13fd19004
2020-04-20upstream: fix a bug I introduced in r1.406: when printing private keydjm@openbsd.org
fingerprint of old-format key, key comments were not being displayed. Spotted by loic AT venez.fr, ok dtucker OpenBSD-Commit-ID: 2d98e4f9eb168eea733d17e141e1ead9fe26e533
2020-04-17upstream: repair private key fingerprint printing to also printdjm@openbsd.org
comment after regression caused by my recent pubkey loading refactor. Reported by loic AT venez.fr, ok dtucker@ OpenBSD-Commit-ID: f8db49acbee6a6ccb2a4259135693b3cceedb89e
2020-04-17upstream: refactor out some duplicate private key loading code;djm@openbsd.org
based on patch from loic AT venez.fr, ok dtucker@ OpenBSD-Commit-ID: 5eff2476b0d8d0614924c55e350fb7bb9c84f45e
2020-04-17upstream: add space beteen macro arg and punctuation;jmc@openbsd.org
OpenBSD-Commit-ID: c93a6cbb4bf9468fc4c13e64bc1fd4efee201a44
2020-04-17upstream: auth2-pubkey r1.89 changed the order of operations todjm@openbsd.org
checking AuthorizedKeysFile first and falling back to AuthorizedKeysCommand if no key was found in a file. Document this order here; bz3134 OpenBSD-Commit-ID: afce0872cbfcfc1d4910ad7722e50f792a1dce12
2020-04-17sys/sysctl.h is only used on OpenBSDDamien Miller
so change the preprocessor test used to include it to check __OpenBSD__, matching the code that uses the symbols it declares.
2020-04-17upstream: fix reversed test that caused IdentitiesOnly=yes to notdjm@openbsd.org
apply to keys loaded from a PKCS11Provider; bz3141, ok dtucker@ OpenBSD-Commit-ID: e3dd6424b94685671fe84c9b9dbe352fb659f677
2020-04-17upstream: mention that /etc/hosts.equiv and /etc/shosts.equiv aredjm@openbsd.org
not considered for HostbasedAuthentication when the target user is root; bz3148 OpenBSD-Commit-ID: fe4c1256929e53f23af17068fbef47852f4bd752
2020-04-17upstream: make IgnoreRhosts a tri-state option: "yes" ignoredjm@openbsd.org
rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only" to allow .shosts files but not .rhosts. ok dtucker@ OpenBSD-Commit-ID: d08d6930ed06377a80cf53923c1955e9589342e9
2020-04-17upstream: allow the IgnoreRhosts directive to appear anywhere in adjm@openbsd.org
sshd_config, not just before any Match blocks; bz3148, ok dtucker@ OpenBSD-Commit-ID: e042467d703bce640b1f42c5d1a62bf3825736e8
2020-04-17upstream: add space between macro arg and punctuation;jmc@openbsd.org
OpenBSD-Commit-ID: e579e4d95eef13059c30931ea1f09ed8296b819c
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-05 10:43:26 +0000