openssh.git -

Age	Commit message (Collapse)	Author
2019-09-13	explicitly test set[ug]id() return values	Damien Miller
	Legacy !_POSIX_SAVED_IDS path only; coverity report via Ed Maste ok dtucker@
2019-09-08	upstream: Allow prepending a list of algorithms to the default set	naddy@openbsd.org
	by starting the list with the '^' character, e.g. HostKeyAlgorithms ^ssh-ed25519 Ciphers ^aes128-gcm@openssh.com,aes256-gcm@openssh.com ok djm@ dtucker@ OpenBSD-Commit-ID: 1e1996fac0dc8a4b0d0ff58395135848287f6f97
2019-09-08	upstream: key conversion should fail for !openssl builds, not fall	djm@openbsd.org
	through to the key generation code OpenBSD-Commit-ID: b957436adc43c4941e61d61958a193a708bc83c9
2019-09-08	upstream: typo in previous	djm@openbsd.org
	OpenBSD-Commit-ID: 7c3b94110864771a6b80a0d8acaca34037c3c96e
2019-09-08	needs time.h for --without-openssl	Damien Miller

2019-09-08	make unittests pass for no-openssl case	Damien Miller

2019-09-06	upstream: avoid compiling certain files that deeply depend on	djm@openbsd.org
	libcrypto when WITH_OPENSSL isn't set OpenBSD-Commit-ID: 569f08445c27124ec7c7f6c0268d844ec56ac061
2019-09-06	upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@	djm@openbsd.org
	OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f
2019-09-06	upstream: lots of things were relying on libcrypto headers to	djm@openbsd.org
	transitively include various system headers (mostly stdlib.h); include them explicitly OpenBSD-Commit-ID: 5b522f4f2d844f78bf1cc4f3f4cc392e177b2080
2019-09-06	upstream: remove leakmalloc reference; we used this early when	djm@openbsd.org
	refactoring but not since OpenBSD-Commit-ID: bb28ebda8f7c490b87b37954044a6cdd43a7eb2c
2019-09-06	upstream: Check for RSA support before using it for the user key,	dtucker@openbsd.org
	otherwise use ed25519 which is supported when built without OpenSSL. OpenBSD-Regress-ID: 3d23ddfe83c5062f00ac845d463f19a2ec78c0f7
2019-09-06	Provide explicit path to configure-check.	Darren Tucker
	On some platforms (at least OpenBSD) make won't search VPATH for target files, so building out-of-tree will fail at configure-check. Provide explicit path. ok djm@
2019-09-06	upstream: better error code for bad arguments; inspired by	djm@openbsd.org
	OpenBSD-Commit-ID: dfc263b6041de7f0ed921a1de0b81ddebfab1e0a
2019-09-05	revert config.h/config.h.in freshness checks	Damien Miller
	turns out autoreconf and configure don't touch some files if their content doesn't change, so the mtime can't be relied upon in a makefile rule
2019-09-05	extend autoconf freshness test	Damien Miller
	make it cover config.h.in and config.h separately
2019-09-05	check that configure/config.h is up to date	Damien Miller
	Ensure they are newer than the configure.ac / aclocal.m4 source
2019-09-05	upstream: if a PKCS#11 token returns no keys then try to login and	djm@openbsd.org
	refetch them. Based on patch from Jakub Jelen; bz#2430 ok markus@ OpenBSD-Commit-ID: ab53bd6ddd54dd09e54a8bfbed1a984496f08b43
2019-09-05	upstream: sprinkle in some explicit errors here, otherwise the	djm@openbsd.org
	percolate all the way up to dispatch_run_fatal() and lose all meaninful context to help with bz#3063; ok dtucker@ OpenBSD-Commit-ID: 5b2da83bb1c4a3471444b7910b2120ae36438a0a
2019-09-05	upstream: only send ext_info for KEX_INITIAL; bz#2929 ok dtucker	djm@openbsd.org
	OpenBSD-Commit-ID: 00f5c6062f6863769f5447c6346f78c05d2e4a63
2019-09-05	upstream: macro fix; ok djm	jmc@openbsd.org
	OpenBSD-Commit-ID: e891dd6c7996114cb32f0924cb7898ab55efde6e
2019-09-05	update fuzzing makefile to more recent clang	Damien Miller

2019-09-05	fuzzer for sshsig allowed_signers option parsing	Damien Miller

2019-09-05	upstream: memleak on error path; found by libfuzzer	djm@openbsd.org
	OpenBSD-Commit-ID: 34d44cb0fb5bdb5fcbc6b02b804e71b20a7a5fc7
2019-09-05	upstream: expose allowed_signers options parsing code in header for	djm@openbsd.org
	fuzzing rename to make more consistent with philosophically-similar auth options parsing API. OpenBSD-Commit-ID: 0c67600ef04187f98e2912ca57b60c22a8025b7c
2019-09-05	upstream: Call comma-separated lists as such to clarify semantics.	naddy@openbsd.org
	Options such as Ciphers take values that may be a list of ciphers; the complete list, not indiviual elements, may be prefixed with a dash or plus character to remove from or append to the default list, respectively. Users might read the current text as if each elment took an optional prefix, so tweak the wording from "values" to "list" to prevent such ambiguity for all options supporting these semantics. Fix instances missed in first commit. ok jmc@ kn@ OpenBSD-Commit-ID: 7112522430a54fb9f15a7a26d26190ed84d5e417
2019-09-05	upstream: tweak previous;	jmc@openbsd.org
	OpenBSD-Commit-ID: 0abd728aef6b5b35f6db43176aa83b7e3bf3ce27
2019-09-05	upstream: repair typo and editing mishap	naddy@openbsd.org
	OpenBSD-Commit-ID: d125ab720ca71ccf9baf83e08ddc8c12a328597e
2019-09-05	Fuzzer harness for sshsig	Damien Miller

2019-09-03	oops; missed including the actual file	Damien Miller

2019-09-03	portability fixes for sshsig	Damien Miller

2019-09-03	upstream: regress test for sshsig; feedback and ok markus@	djm@openbsd.org
	OpenBSD-Regress-ID: 74c0974f2cdae8d9599b9d76a09680bae55d8a8b
2019-09-03	upstream: only add plain keys to prevent any certs laying around	djm@openbsd.org
	from confusing the test. OpenBSD-Regress-ID: b8f1508f822bc560b98dea910e61ecd76f34100f
2019-09-03	upstream: sshsig tweaks and improvements from and suggested by	djm@openbsd.org
	Markus ok markus/me OpenBSD-Commit-ID: ea4f46ad5a16b27af96e08c4877423918c4253e9
2019-09-03	upstream: sshsig: lightweight signature and verification ability	djm@openbsd.org
	for OpenSSH This adds a simple manual signature scheme to OpenSSH. Signatures can be made and verified using ssh-keygen -Y sign\|verify Signatures embed the key used to make them. At verification time, this is matched via principal name against an authorized_keys-like list of allowed signers. Mostly by Sebastian Kinne w/ some tweaks by me ok markus@ OpenBSD-Commit-ID: 2ab568e7114c933346616392579d72be65a4b8fb
2019-09-03	upstream: move authorized_keys option parsing helpsers to misc.c	djm@openbsd.org
	and make them public; ok markus@ OpenBSD-Commit-ID: c18bcb2a687227b3478377c981c2d56af2638ea2
2019-09-03	upstream: make get_sigtype public as sshkey_get_sigtype(); ok	djm@openbsd.org
	markus@ OpenBSD-Commit-ID: 01f8cdbec63350490d2249f41112c5780d1cfbb8
2019-09-03	upstream: move advance_past_options to authfile.c and make it	djm@openbsd.org
	public; ok markus@ OpenBSD-Commit-ID: edda2fbba2c5b1f48e60f857a2010479e80c5f3c
2019-09-03	upstream: move skip_space() to misc.c and make it public; ok	djm@openbsd.org
	markus@ OpenBSD-Commit-ID: caa77e8a3b210948e29ad3e28c5db00852961eae
2019-09-03	upstream: authfd: add function to check if key is in agent	djm@openbsd.org
	This commit adds a helper function which allows the caller to check if a given public key is present in ssh-agent. work by Sebastian Kinne; ok markus@ OpenBSD-Commit-ID: d43c5826353e1fdc1af71eb42961b30782c7bd13
2019-09-03	upstream: fix memleak in ssh_free_identitylist(); ok markus@	djm@openbsd.org
	OpenBSD-Commit-ID: aa51f77ae2c5330a1f61b2d22933f24a443f9abf
2019-09-03	upstream: factor out confirm_overwrite(); ok markus@	djm@openbsd.org
	OpenBSD-Commit-ID: 304e95381b39c774c8fced7e5328b106a3ff0400
2019-09-03	upstream: constify an argument	djm@openbsd.org
	OpenBSD-Commit-ID: 724bafc9f993746ad4303e95bede2c030de6233b
2019-09-02	upstream: downgrade PKCS#11 "provider returned no slots" warning	djm@openbsd.org
	from log level error to debug. This is common when attempting to enumerate keys on smartcard readers with no cards plugged in. bz#3058 ok dtucker@ OpenBSD-Commit-ID: bb8839ddeb77c271390488af1b771041d43e49c6
2019-09-02	upstream: print comment when printing pubkey from private	djm@openbsd.org
	bz#3052; ok dtucker OpenBSD-Commit-ID: a91b2a8d5f1053d34d7fce44523c53fb534ba914
2019-09-02	fixed test in OSX closefrom() replacement	Damien Miller
	from likan_999.student AT sina.com
2019-09-02	retain Solaris PRIV_FILE_LINK_ANY in sftp-server	Damien Miller
	Dropping this privilege removes the ability to create hard links to files owned by other users. This is required for the legacy sftp rename operation. bz#3036; approach ok Alex Wilson (the original author of the Solaris sandbox/pledge replacement code)
2019-08-30	upstream: Use ed25519 for most hostkey rotation tests since it's	dtucker@openbsd.org
	supported even when built without OpenSSL. Use RSA for the secondary type test if supported, otherwise skip it. Fixes this test for !OpenSSL builds. OpenBSD-Regress-ID: 101cb34a84fd974c623bdb2e496f25a6e91be109
2019-08-30	upstream: Test did not compile due to missing symbols. Add source	bluhm@openbsd.org
	sshbuf-misc.c to regress as it was done in ssh make file. from Moritz Buhl OpenBSD-Regress-ID: 9e1c23476bb845f3cf3d15d9032da3ed0cb2fcf5
2019-08-30	tweak warning flags	Damien Miller
	Enable -Wextra if compiler supports it Set -Wno-error=format-truncation if available to prevent expected string truncations in openbsd-compat from breaking -Werror builds
2019-08-30	proc_pidinfo()-based closefrom() for OS X	Damien Miller
	Refactor closefrom() to use a single brute-force close() loop fallback. Based on patch from likan_999.student@sina.com in bz#3049. ok dtucker@