summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-03-25upstream: openssh-7.7markus@openbsd.org
OpenBSD-Commit-ID: 274e614352460b9802c905f38fb5ea7ed5db3d41
2018-03-25upstream: fix bogus warning when signing cert keys using agent;markus@openbsd.org
from djm; ok deraadt dtucker OpenBSD-Commit-ID: 12e50836ba2040042383a8b71e12d7ea06e9633d
2018-03-25Replace /dev/stdin with "-".Darren Tucker
For some reason sftp -b doesn't work with /dev/stdin on Cygwin, as noted and suggested by vinschen at redhat.com.
2018-03-23Provide $OBJ to paths in PuTTY interop tests.Darren Tucker
2018-03-23upstream: Tell puttygen to use /dev/urandom instead of /dev/random. Ondtucker@openbsd.org
OpenBSD they are both non-blocking, but on many other -portable platforms it blocks, stalling tests. OpenBSD-Regress-ID: 397d0d4c719c353f24d79f5b14775e0cfdf0e1cc
2018-03-23upstream: ssh/xmss: fix build; ok djm@markus@openbsd.org
OpenBSD-Commit-ID: c9374ca41d4497f1c673ab681cc33f6e7c5dd186
2018-03-23upstream: ssh/xmss: fix deserialize for certs; ok djm@markus@openbsd.org
OpenBSD-Commit-ID: f44c41636c16ec83502039828beaf521c057dddc
2018-03-22Save $? before case statement.Darren Tucker
In some shells (FreeBSD 9, ash) the case statement resets $?, so save for later testing.
2018-03-14upstream: rename recently-added "valid-before" key restriction todjm@openbsd.org
"expiry-time" as the former is confusing wrt similar terminology in X.509; pointed out by jsing@ OpenBSD-Regress-ID: ac8b41dbfd90cffd525d58350c327195b0937793
2018-03-14upstream: check valid-before option in authorized_keysdjm@openbsd.org
OpenBSD-Regress-ID: 7e1e4a84f7f099a290e5a4cbf4196f90ff2d7e11
2018-03-14upstream: explicitly specify RSA/SHA-2 keytype here toodjm@openbsd.org
OpenBSD-Regress-ID: 74d7b24e8c72c27af6b481198344eb077e993a62
2018-03-14upstream: exlicitly include RSA/SHA-2 keytypes indjm@openbsd.org
PubkeyAcceptedKeyTypes here OpenBSD-Regress-ID: 954d19e0032a74e31697fb1dc7e7d3d1b2d65fe9
2018-03-14upstream: sort expiry-time;jmc@openbsd.org
OpenBSD-Commit-ID: 8c7d82ee1e63e26ceb2b3d3a16514019f984f6bf
2018-03-14upstream: rename recently-added "valid-before" key restriction todjm@openbsd.org
"expiry-time" as the former is confusing wrt similar terminology in X.509; pointed out by jsing@ OpenBSD-Commit-ID: 376939466a1f562f3950a22314bc6505733aaae6
2018-03-14upstream: add valid-before="[time]" authorized_keys option. Adjm@openbsd.org
simple way of giving a key an expiry date. ok markus@ OpenBSD-Commit-ID: 1793b4dd5184fa87f42ed33c7b0f4f02bc877947
2018-03-12Add AC_LANG_PROGRAM to AC_COMPILE_IFELSE.Darren Tucker
The recently added MIPS ABI tests need AC_LANG_PROGRAM to prevent warnings from autoconf. Pointed out by klausz at haus-gisela.de.
2018-03-12upstream: revert recent strdelim() change, it causes problems withdjm@openbsd.org
some configs. revision 1.124 date: 2018/03/02 03:02:11; author: djm; state: Exp; lines: +19 -8; commitid: nNRsCijZiGG6SUTT; Allow escaped quotes \" and \' in ssh_config and sshd_config quotes option strings. bz#1596 ok markus@ OpenBSD-Commit-ID: 59c40b1b81206d713c06b49d8477402c86babda5
2018-03-12upstream: move the input format details to -f; remove the outputjmc@openbsd.org
format details and point to sshd(8), where it is documented; ok dtucker OpenBSD-Commit-ID: 95f17e47dae02a6ac7329708c8c893d4cad0004a
2018-03-08configure.ac: properly set seccomp_audit_arch for MIPS64Vicente Olivert Riera
Currently seccomp_audit_arch is set to AUDIT_ARCH_MIPS64 or AUDIT_ARCH_MIPSEL64 (depending on the endinness) when openssh is built for MIPS64. However, that's only valid for n64 ABI. The right macros for n32 ABI defined in seccomp.h are AUDIT_ARCH_MIPS64N32 and AUDIT_ARCH_MIPSEL64N32, for big and little endian respectively. Because of that an sshd built for MIPS64 n32 rejects connection attempts and the output of strace reveals that the problem is related to seccomp audit: [pid 194] prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, {len=57, filter=0x555d5da0}) = 0 [pid 194] write(7, "\0\0\0]\0\0\0\5\0\0\0Ulist_hostkey_types: "..., 97) = ? [pid 193] <... poll resumed> ) = 2 ([{fd=5, revents=POLLIN|POLLHUP}, {fd=6, revents=POLLHUP}]) [pid 194] +++ killed by SIGSYS +++ This patch fixes that problem by setting the right value to seccomp_audit_arch taking into account the MIPS64 ABI. Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
2018-03-08configure.ac: detect MIPS ABIVicente Olivert Riera
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
2018-03-08Use https URLs for links that support it.Alan Yee
2018-03-05Disable UTMPX on SunOS4.Darren Tucker
2018-03-05Check for and work around buggy fflush(NULL).Darren Tucker
Some really old platforms (eg SunOS4) segfault on fflush(NULL) so check for and work around. With klausz at haus-gisela.de.
2018-03-05Remove extra XMSS #endifDarren Tucker
Extra #endif breaks compile with -DWITH_XMSS. Pointed out by Jack Schmidt via github.
2018-03-04upstream: Update RSA minimum modulus size to 1024. sshkey.h rev 1.18dtucker@openbsd.org
bumped the minimum from 768 to 1024, update man page accordingly. OpenBSD-Commit-ID: 27563ab4e866cd2aac40a5247876f6787c08a338
2018-03-04upstream: for the pty control tests, just check that the PTY pathdjm@openbsd.org
points to something in /dev (rather than checking the device node itself); makes life easier for portable, where systems with dynamic ptys can delete nodes before we get around to testing their existence. OpenBSD-Regress-ID: b1e455b821e62572bccd98102f8dd9d09bb94994
2018-03-03Update PAM password change to new opts API.Darren Tucker
2018-03-03Add strndup for platforms that need it.Darren Tucker
Some platforms don't have strndup, which includes Solaris 10, NetBSD 3 and FreeBSD 6.
2018-03-03Flatten and alphabetize object file lists.Darren Tucker
This will make maintenance and changes easier. "no objection" tim@
2018-03-03upstream: unit tests for new authorized_keys options APIdjm@openbsd.org
OpenBSD-Regress-ID: 820f9ec9c6301f6ca330ad4052d85f0e67d0bdc1
2018-03-03upstream: fix testing of pty option, include positive test anddjm@openbsd.org
testing of restrict keyword OpenBSD-Regress-ID: 4268f27c2706a0a95e725d9518c5bcbec9814c6d
2018-03-03upstream: better testing for port-forwarding and restrict flags indjm@openbsd.org
authorized_keys OpenBSD-Regress-ID: ee771df8955f2735df54746872c6228aff381daa
2018-03-03upstream: switch over to the new authorized_keys options API anddjm@openbsd.org
remove the legacy one. Includes a fairly big refactor of auth2-pubkey.c to retain less state between key file lines. feedback and ok markus@ OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df
2018-03-03upstream: Introduce a new API for handling authorized_keys options.djm@openbsd.org
This API parses options to a dedicated structure rather than the old API's approach of setting global state. It also includes support for merging options, e.g. from authorized_keys, authorized_principals and/or certificates. feedback and ok markus@ OpenBSD-Commit-ID: 98badda102cd575210d7802943e93a34232c80a2
2018-03-03upstream: warn when the agent returns a signature type that wasdjm@openbsd.org
different to what was requested. This might happen when an old/non-OpenSSH agent is asked to make a rsa-sha2-256/512 signature but only supports ssh-rsa. bz#2799 feedback and ok markus@ OpenBSD-Commit-ID: 760c0f9438c5c58abc16b5f98008ff2d95cb13ce
2018-03-03upstream: apply a lick of paint; tweaks/ok dtuckerjmc@openbsd.org
OpenBSD-Commit-ID: 518a6736338045e0037f503c21027d958d05e703
2018-03-02upstream: Allow escaped quotes \" and \' in ssh_config anddjm@openbsd.org
sshd_config quotes option strings. bz#1596 ok markus@ OpenBSD-Commit-ID: dd3a29fc2dc905e8780198e5a6a30b096de1a1cb
2018-03-02upstream: refactor sshkey_read() to make it a little more, err,djm@openbsd.org
readable. ok markus OpenBSD-Commit-ID: 2e9247b5762fdac3b6335dc606d3822121714c28
2018-03-02upstream: missing #ifdef for _PATH_HOST_XMSS_KEY_FILE; report bymarkus@openbsd.org
jmc@ OpenBSD-Commit-ID: 9039cb69a3f9886bfef096891a9e7fcbd620280b
2018-03-02upstream: Remove unneeded (local) include. ok markus@dtucker@openbsd.org
OpenBSD-Commit-ID: 132812dd2296b1caa8cb07d2408afc28e4e60f93
2018-03-02upstream: Add $OpenBSD$ markers to xmss files to help keep synceddtucker@openbsd.org
with portable. ok djm@. OpenBSD-Commit-ID: 5233a27aafd1dfadad4b957225f95ae51eb365c1
2018-03-02upstream: Add newline at end of file to prevent compiler warnings.dtucker@openbsd.org
OpenBSD-Commit-ID: 52f247d4eafe840c7c14c8befa71a760a8eeb063
2018-02-28Add WITH_XMSS, move to prevent conflicts.Darren Tucker
Add #ifdef WITH_XMSS to ssh-xmss.c, move it in the other files to after includes.h so it's less likely to conflict and will pick up WITH_XMSS if added to config.h.
2018-02-28Conditionally compile XMSS code.Darren Tucker
The XMSS code is currently experimental and, unlike the rest of OpenSSH cannot currently be compiled with a c89 compiler.
2018-02-27Check dlopen has RTLD_NOW before enabling pkcs11.Darren Tucker
2018-02-27Check for attributes on prototype args.Darren Tucker
Some compilers (gcc 2.9.53, 3.0 and probably others, see gcc bug #3481) do not accept __attribute__ on function pointer prototype args. Check for this and hide them if they're not accepted.
2018-02-27Check if HAVE_DECL_BZERO correctly.Darren Tucker
2018-02-26Wrap <stdint.h> in #ifdef HAVE_STDINT_H.Darren Tucker
2018-02-26Replace $(CURDIR) with $(PWD).Darren Tucker
The former doesn't work on Solaris or BSDs.
2018-02-26Comment out hexdump().Darren Tucker
Nothing currently uses them but they cause conflicts on at least FreeBSD, possibly others. ok djm@