summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-10-02Deny (non-fatal) shmget/shmat/shmdt in preauth privsep child.Lonnie Abelbeck
New wait_random_seeded() function on OpenSSL 1.1.1d uses shmget, shmat, and shmdt in the preauth codepath, deny (non-fatal) in seccomp_filter sandbox.
2019-10-02remove duplicate #includesDamien Miller
Prompted by Jakub Jelen
2019-10-02typo in commentDamien Miller
2019-10-02upstream: remove some duplicate #includesdjm@openbsd.org
OpenBSD-Commit-ID: ed6827ab921eff8027669848ef4f70dc1da4098c
2019-10-01upstream: revert unconditional forced login implemented in r1.41 ofdjm@openbsd.org
ssh-pkcs11.c; r1.45 added a forced login as a fallback for cases where the token returns no objects and this is less disruptive for users of tokens directly in ssh (rather than via ssh-agent) and in ssh-keygen bz3006, patch from Jakub Jelen; ok markus OpenBSD-Commit-ID: 33d6df589b072094384631ff93b1030103b3d02e
2019-10-01upstream: group and sort single letter options; ok deraadtjmc@openbsd.org
OpenBSD-Commit-ID: e1480e760a2b582f79696cdcff70098e23fc603f
2019-10-01upstream: fix the DH-GEX text in -a; because this required a comma,jmc@openbsd.org
i added a comma to the first part, for balance... OpenBSD-Commit-ID: 2c3464e9e82a41e8cdfe8f0a16d94266e43dbb58
2019-10-01upstream: identity_file[] should be PATH_MAX, not the arbitraryderaadt@openbsd.org
number 1024 OpenBSD-Commit-ID: e775f94ad47ce9ab37bd1410d7cf3b7ea98b11b7
2019-10-01upstream: new sentence, new line;jmc@openbsd.org
OpenBSD-Commit-ID: c35ca5ec07be460e95e7406af12eee04a77b6698
2019-09-30Include stdio.h for snprintf.Darren Tucker
Patch from vapier@gentoo.org.
2019-09-30Add SKIP_LTESTS for skipping specific tests.Darren Tucker
2019-09-27upstream: Test for empty result in expected bits. Remove CRs from logdtucker@openbsd.org
as they confuse tools on some platforms. Re-enable the 3des-cbc test. OpenBSD-Regress-ID: edf536d4f29fc1ba412889b37247a47f1b49d250
2019-09-27Re-enable dhgex test.Darren Tucker
Since we've added larger fallback groups to dh.c this test will pass even if there is no moduli file installed on the system.
2019-09-24Add more ToS bits, currently only used by netcat.Darren Tucker
2019-09-19Privsep is now required.Darren Tucker
2019-09-16upstream: Allow testing signature syntax and validity without verifyingdjm@openbsd.org
that a signature came from a trusted signer. To discourage accidental or unintentional use, this is invoked by the deliberately ugly option name "check-novalidate" from Sebastian Kinne OpenBSD-Commit-ID: cea42c36ab7d6b70890e2d8635c1b5b943adcc0b
2019-09-13upstream: clarify that IdentitiesOnly also applies to the defaultdjm@openbsd.org
~/.ssh/id_* keys; bz#3062 OpenBSD-Commit-ID: 604be570e04646f0f4a17026f8b2aada6a585dfa
2019-09-13upstream: Plug mem leaks on error paths, based in part on githubdtucker@openbsd.org
pr#120 from David Carlier. ok djm@. OpenBSD-Commit-ID: c57adeb1022a8148fc86e5a88837b3b156dbdb7e
2019-09-13upstream: whitespacedjm@openbsd.org
OpenBSD-Commit-ID: 57a71dd5f4cae8d61e0ac631a862589fb2bfd700
2019-09-13upstream: allow %n to be expanded in ProxyCommand stringsdjm@openbsd.org
From Zachary Harmany via github.com/openssh/openssh-portable/pull/118 ok dtucker@ OpenBSD-Commit-ID: 7eebf1b7695f50c66d42053d352a4db9e8fb84b6
2019-09-13upstream: clarify that ConnectTimeout applies both to the TCPdjm@openbsd.org
connection and to the protocol handshake/KEX. From Jean-Charles Longuet via Github PR140 OpenBSD-Commit-ID: ce1766abc6da080f0d88c09c2c5585a32b2256bf
2019-09-13upstream: Fix potential truncation warning. ok deraadt.dtucker@openbsd.org
OpenBSD-Commit-ID: d87b7e3a94ec935e8194e7fce41815e22804c3ff
2019-09-13memleak of buffer in sshpam_queryDamien Miller
coverity report via Ed Maste; ok dtucker@
2019-09-13explicitly test set[ug]id() return valuesDamien Miller
Legacy !_POSIX_SAVED_IDS path only; coverity report via Ed Maste ok dtucker@
2019-09-08upstream: Allow prepending a list of algorithms to the default setnaddy@openbsd.org
by starting the list with the '^' character, e.g. HostKeyAlgorithms ^ssh-ed25519 Ciphers ^aes128-gcm@openssh.com,aes256-gcm@openssh.com ok djm@ dtucker@ OpenBSD-Commit-ID: 1e1996fac0dc8a4b0d0ff58395135848287f6f97
2019-09-08upstream: key conversion should fail for !openssl builds, not falldjm@openbsd.org
through to the key generation code OpenBSD-Commit-ID: b957436adc43c4941e61d61958a193a708bc83c9
2019-09-08upstream: typo in previousdjm@openbsd.org
OpenBSD-Commit-ID: 7c3b94110864771a6b80a0d8acaca34037c3c96e
2019-09-08needs time.h for --without-opensslDamien Miller
2019-09-08make unittests pass for no-openssl caseDamien Miller
2019-09-06upstream: avoid compiling certain files that deeply depend ondjm@openbsd.org
libcrypto when WITH_OPENSSL isn't set OpenBSD-Commit-ID: 569f08445c27124ec7c7f6c0268d844ec56ac061
2019-09-06upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@djm@openbsd.org
OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f
2019-09-06upstream: lots of things were relying on libcrypto headers todjm@openbsd.org
transitively include various system headers (mostly stdlib.h); include them explicitly OpenBSD-Commit-ID: 5b522f4f2d844f78bf1cc4f3f4cc392e177b2080
2019-09-06upstream: remove leakmalloc reference; we used this early whendjm@openbsd.org
refactoring but not since OpenBSD-Commit-ID: bb28ebda8f7c490b87b37954044a6cdd43a7eb2c
2019-09-06upstream: Check for RSA support before using it for the user key,dtucker@openbsd.org
otherwise use ed25519 which is supported when built without OpenSSL. OpenBSD-Regress-ID: 3d23ddfe83c5062f00ac845d463f19a2ec78c0f7
2019-09-06Provide explicit path to configure-check.Darren Tucker
On some platforms (at least OpenBSD) make won't search VPATH for target files, so building out-of-tree will fail at configure-check. Provide explicit path. ok djm@
2019-09-06upstream: better error code for bad arguments; inspired bydjm@openbsd.org
OpenBSD-Commit-ID: dfc263b6041de7f0ed921a1de0b81ddebfab1e0a
2019-09-05revert config.h/config.h.in freshness checksDamien Miller
turns out autoreconf and configure don't touch some files if their content doesn't change, so the mtime can't be relied upon in a makefile rule
2019-09-05extend autoconf freshness testDamien Miller
make it cover config.h.in and config.h separately
2019-09-05check that configure/config.h is up to dateDamien Miller
Ensure they are newer than the configure.ac / aclocal.m4 source
2019-09-05upstream: if a PKCS#11 token returns no keys then try to login anddjm@openbsd.org
refetch them. Based on patch from Jakub Jelen; bz#2430 ok markus@ OpenBSD-Commit-ID: ab53bd6ddd54dd09e54a8bfbed1a984496f08b43
2019-09-05upstream: sprinkle in some explicit errors here, otherwise thedjm@openbsd.org
percolate all the way up to dispatch_run_fatal() and lose all meaninful context to help with bz#3063; ok dtucker@ OpenBSD-Commit-ID: 5b2da83bb1c4a3471444b7910b2120ae36438a0a
2019-09-05upstream: only send ext_info for KEX_INITIAL; bz#2929 ok dtuckerdjm@openbsd.org
OpenBSD-Commit-ID: 00f5c6062f6863769f5447c6346f78c05d2e4a63
2019-09-05upstream: macro fix; ok djmjmc@openbsd.org
OpenBSD-Commit-ID: e891dd6c7996114cb32f0924cb7898ab55efde6e
2019-09-05update fuzzing makefile to more recent clangDamien Miller
2019-09-05fuzzer for sshsig allowed_signers option parsingDamien Miller
2019-09-05upstream: memleak on error path; found by libfuzzerdjm@openbsd.org
OpenBSD-Commit-ID: 34d44cb0fb5bdb5fcbc6b02b804e71b20a7a5fc7
2019-09-05upstream: expose allowed_signers options parsing code in header fordjm@openbsd.org
fuzzing rename to make more consistent with philosophically-similar auth options parsing API. OpenBSD-Commit-ID: 0c67600ef04187f98e2912ca57b60c22a8025b7c
2019-09-05upstream: Call comma-separated lists as such to clarify semantics.naddy@openbsd.org
Options such as Ciphers take values that may be a list of ciphers; the complete list, not indiviual elements, may be prefixed with a dash or plus character to remove from or append to the default list, respectively. Users might read the current text as if each elment took an optional prefix, so tweak the wording from "values" to "list" to prevent such ambiguity for all options supporting these semantics. Fix instances missed in first commit. ok jmc@ kn@ OpenBSD-Commit-ID: 7112522430a54fb9f15a7a26d26190ed84d5e417
2019-09-05upstream: tweak previous;jmc@openbsd.org
OpenBSD-Commit-ID: 0abd728aef6b5b35f6db43176aa83b7e3bf3ce27
2019-09-05upstream: repair typo and editing mishapnaddy@openbsd.org
OpenBSD-Commit-ID: d125ab720ca71ccf9baf83e08ddc8c12a328597e