summaryrefslogtreecommitdiff
path: root/Makefile.in
AgeCommit message (Collapse)Author
2016-02-29Install authorized_keys(5) as a symlink to sshd(8)Tomas Pospisek
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1720 Bug-Debian: http://bugs.debian.org/441817 Last-Update: 2013-09-14 Patch-Name: authorized-keys-man-symlink.patch
2016-02-29GSSAPI key exchange supportSimon Wilkinson
This patch has been rejected upstream: "None of the OpenSSH developers are in favour of adding this, and this situation has not changed for several years. This is not a slight on Simon's patch, which is of fine quality, but just that a) we don't trust GSSAPI implementations that much and b) we don't like adding new KEX since they are pre-auth attack surface. This one is particularly scary, since it requires hooks out to typically root-owned system resources." However, quite a lot of people rely on this in Debian, and it's better to have it merged into the main openssh package rather than having separate -krb5 packages (as we used to have). It seems to have a generally good security history. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242 Last-Updated: 2016-01-04 Patch-Name: gssapi.patch
2016-02-23Disable tests where fs perms are incorrectDamien Miller
Some tests have strict requirements on the filesystem permissions for certain files and directories. This adds a regress/check-perm tool that copies the relevant logic from sshd to exactly test the paths in question. This lets us skip tests when the local filesystem doesn't conform to our expectations rather than continuing and failing the test run. ok dtucker@
2016-01-27upstream commitmarkus@openbsd.org
remove roaming support; ok djm@ Upstream-ID: 2cab8f4b197bc95776fb1c8dc2859dad0c64dc56
2016-01-08Support Illumos/Solaris fine-grained privilegesDamien Miller
Includes a pre-auth privsep sandbox and several pledge() emulations. bz#2511, patch by Alex Wilson. ok dtucker@
2015-11-09upstream commitjmc@openbsd.org
remove slogin links; ok deraadt markus djm Upstream-ID: 39ba08548acde4c54f2d4520c202c2a863a3c730
2015-10-14upstream commitderaadt@openbsd.org
Change all tame callers to namechange to pledge(2). Upstream-ID: 17e654fc27ceaf523c60f4ffd9ec7ae4e7efc7f2
2015-10-08hook tame(2) sandbox up to buildDamien Miller
OpenBSD only for now
2015-09-14Use ssh-keygen -A when generating host keys.Darren Tucker
Use ssh-keygen -A instead of per-keytype invocations when generating host keys. Add tests when doing host-key-force since we can't use ssh-keygen -A since it can't specify alternate locations. bz#2459, ok djm@
2015-02-25Revert "Work around finicky USL linker so netcat will build."Tim Rice
This reverts commit d1db656021d0cd8c001a6692f772f1de29b67c8b. No longer needed with commit 678e473e2af2e4802f24dd913985864d9ead7fb3
2015-02-24Work around finicky USL linker so netcat will build.Tim Rice
2015-02-21mkdir kex unit test directory so testing out of tree builds worksTim Rice
2015-02-22mkdir hostkey and bitmap unit test directoriesDamien Miller
2015-02-17hook up hostkeys unittest to portable MakefilesDamien Miller
2015-01-20fix kex testDamien Miller
2015-01-20upstream commitmarkus@openbsd.org
finally enable the KEX tests I wrote some years ago...
2015-01-20upstream commitmarkus@openbsd.org
add experimental api for packet layer; ok djm@
2015-01-20upstream commitmarkus@openbsd.org
update packet.c & isolate, introduce struct ssh a) switch packet.c to buffer api and isolate per-connection info into struct ssh b) (de)serialization of the state is moved from monitor to packet.c c) the old packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and integrated into packet.c with and ok djm@
2015-01-15make bitmap test compileDamien Miller
2015-01-15upstream commitdjm@openbsd.org
unit tests for KRL bitmap
2015-01-15support --without-openssl at configure timeDamien Miller
Disables and removes dependency on OpenSSL. Many features don't work and the set of crypto options is greatly restricted. This will only work on system with native arc4random or /dev/urandom. Considered highly experimental for now.
2015-01-15upstream commitdjm@openbsd.org
avoid BIGNUM in KRL code by using a simple bitmap; feedback and ok markus
2014-12-23include and use OpenBSD netcat in regress/Damien Miller
2014-08-30 - (djm) [Makefile.in] Make TEST_SHELL a variable; "good idea" tim@Damien Miller
2014-08-21 - (djm) [Makefile.in] fix reference to libtest_helper.a in sshkey test too.Damien Miller
2014-08-20 - (djm) [Makefile.in] refer to libtest_helper.a by explicit path rather thanDamien Miller
-L/-l; fixes linking problems on some platforms
2014-07-19 - (dtucker) [Makefile.in] Add a t-exec target to run just the executableDarren Tucker
tests.
2014-07-02 - djm@cvs.openbsd.org 2014/06/24 01:14:17Damien Miller
[Makefile.in regress/Makefile regress/unittests/Makefile] [regress/unittests/sshkey/Makefile] [regress/unittests/sshkey/common.c] [regress/unittests/sshkey/common.h] [regress/unittests/sshkey/mktestdata.sh] [regress/unittests/sshkey/test_file.c] [regress/unittests/sshkey/test_fuzz.c] [regress/unittests/sshkey/test_sshkey.c] [regress/unittests/sshkey/tests.c] [regress/unittests/sshkey/testdata/dsa_1] [regress/unittests/sshkey/testdata/dsa_1-cert.fp] [regress/unittests/sshkey/testdata/dsa_1-cert.pub] [regress/unittests/sshkey/testdata/dsa_1.fp] [regress/unittests/sshkey/testdata/dsa_1.fp.bb] [regress/unittests/sshkey/testdata/dsa_1.param.g] [regress/unittests/sshkey/testdata/dsa_1.param.priv] [regress/unittests/sshkey/testdata/dsa_1.param.pub] [regress/unittests/sshkey/testdata/dsa_1.pub] [regress/unittests/sshkey/testdata/dsa_1_pw] [regress/unittests/sshkey/testdata/dsa_2] [regress/unittests/sshkey/testdata/dsa_2.fp] [regress/unittests/sshkey/testdata/dsa_2.fp.bb] [regress/unittests/sshkey/testdata/dsa_2.pub] [regress/unittests/sshkey/testdata/dsa_n] [regress/unittests/sshkey/testdata/dsa_n_pw] [regress/unittests/sshkey/testdata/ecdsa_1] [regress/unittests/sshkey/testdata/ecdsa_1-cert.fp] [regress/unittests/sshkey/testdata/ecdsa_1-cert.pub] [regress/unittests/sshkey/testdata/ecdsa_1.fp] [regress/unittests/sshkey/testdata/ecdsa_1.fp.bb] [regress/unittests/sshkey/testdata/ecdsa_1.param.curve] [regress/unittests/sshkey/testdata/ecdsa_1.param.priv] [regress/unittests/sshkey/testdata/ecdsa_1.param.pub] [regress/unittests/sshkey/testdata/ecdsa_1.pub] [regress/unittests/sshkey/testdata/ecdsa_1_pw] [regress/unittests/sshkey/testdata/ecdsa_2] [regress/unittests/sshkey/testdata/ecdsa_2.fp] [regress/unittests/sshkey/testdata/ecdsa_2.fp.bb] [regress/unittests/sshkey/testdata/ecdsa_2.param.curve] [regress/unittests/sshkey/testdata/ecdsa_2.param.priv] [regress/unittests/sshkey/testdata/ecdsa_2.param.pub] [regress/unittests/sshkey/testdata/ecdsa_2.pub] [regress/unittests/sshkey/testdata/ecdsa_n] [regress/unittests/sshkey/testdata/ecdsa_n_pw] [regress/unittests/sshkey/testdata/ed25519_1] [regress/unittests/sshkey/testdata/ed25519_1-cert.fp] [regress/unittests/sshkey/testdata/ed25519_1-cert.pub] [regress/unittests/sshkey/testdata/ed25519_1.fp] [regress/unittests/sshkey/testdata/ed25519_1.fp.bb] [regress/unittests/sshkey/testdata/ed25519_1.pub] [regress/unittests/sshkey/testdata/ed25519_1_pw] [regress/unittests/sshkey/testdata/ed25519_2] [regress/unittests/sshkey/testdata/ed25519_2.fp] [regress/unittests/sshkey/testdata/ed25519_2.fp.bb] [regress/unittests/sshkey/testdata/ed25519_2.pub] [regress/unittests/sshkey/testdata/pw] [regress/unittests/sshkey/testdata/rsa1_1] [regress/unittests/sshkey/testdata/rsa1_1.fp] [regress/unittests/sshkey/testdata/rsa1_1.fp.bb] [regress/unittests/sshkey/testdata/rsa1_1.param.n] [regress/unittests/sshkey/testdata/rsa1_1.pub] [regress/unittests/sshkey/testdata/rsa1_1_pw] [regress/unittests/sshkey/testdata/rsa1_2] [regress/unittests/sshkey/testdata/rsa1_2.fp] [regress/unittests/sshkey/testdata/rsa1_2.fp.bb] [regress/unittests/sshkey/testdata/rsa1_2.param.n] [regress/unittests/sshkey/testdata/rsa1_2.pub] [regress/unittests/sshkey/testdata/rsa_1] [regress/unittests/sshkey/testdata/rsa_1-cert.fp] [regress/unittests/sshkey/testdata/rsa_1-cert.pub] [regress/unittests/sshkey/testdata/rsa_1.fp] [regress/unittests/sshkey/testdata/rsa_1.fp.bb] [regress/unittests/sshkey/testdata/rsa_1.param.n] [regress/unittests/sshkey/testdata/rsa_1.param.p] [regress/unittests/sshkey/testdata/rsa_1.param.q] [regress/unittests/sshkey/testdata/rsa_1.pub] [regress/unittests/sshkey/testdata/rsa_1_pw] [regress/unittests/sshkey/testdata/rsa_2] [regress/unittests/sshkey/testdata/rsa_2.fp] [regress/unittests/sshkey/testdata/rsa_2.fp.bb] [regress/unittests/sshkey/testdata/rsa_2.param.n] [regress/unittests/sshkey/testdata/rsa_2.param.p] [regress/unittests/sshkey/testdata/rsa_2.param.q] [regress/unittests/sshkey/testdata/rsa_2.pub] [regress/unittests/sshkey/testdata/rsa_n] [regress/unittests/sshkey/testdata/rsa_n_pw] unit and fuzz tests for new key API
2014-07-02 - djm@cvs.openbsd.org 2014/06/24 01:13:21Damien Miller
[Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c [sshconnect2.c sshd.c sshkey.c sshkey.h [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h] New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago. NB. This commit also removes portable OpenSSH support for OpenSSL <0.9.8e.
2014-05-22 - (djm) [Makefile.in] typo in pathDamien Miller
2014-05-15 - (djm) [regress/Makefile Makefile.in]Damien Miller
[regress/unittests/sshbuf/test_sshbuf.c [regress/unittests/sshbuf/test_sshbuf_fixed.c] [regress/unittests/sshbuf/test_sshbuf_fuzz.c] [regress/unittests/sshbuf/test_sshbuf_getput_basic.c] [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c] [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] [regress/unittests/sshbuf/test_sshbuf_misc.c] [regress/unittests/sshbuf/tests.c] [regress/unittests/test_helper/fuzz.c] [regress/unittests/test_helper/test_helper.c] Hook new unit tests into the build and "make tests"
2014-05-15 - (djm) [Makefile.in configure.ac sshbuf-getput-basic.c]Damien Miller
[sshbuf-getput-crypto.c sshbuf.c] compilation and portability fixes
2014-02-04 - djm@cvs.openbsd.org 2014/01/29 06:18:35Damien Miller
[Makefile.in auth.h auth2-jpake.c auth2.c jpake.c jpake.h monitor.c] [monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h] [schnorr.c schnorr.h servconf.c servconf.h ssh2.h sshconnect2.c] remove experimental, never-enabled JPAKE code; ok markus@
2014-02-04 - markus@cvs.openbsd.org 2014/01/27 20:13:46Damien Miller
[digest.c digest-openssl.c digest-libc.c Makefile.in] rename digest.c to digest-openssl.c and add libc variant; ok djm@
2014-02-04 - markus@cvs.openbsd.org 2014/01/27 18:58:14Damien Miller
[Makefile.in digest.c digest.h hostfile.c kex.h mac.c hmac.c hmac.h] replace openssl HMAC with an implementation based on our ssh_digest_* ok and feedback djm@
2014-01-31 - (tim) [Makefile.in] build regress/setuid-allow.Tim Rice
2014-01-27 - (dtucker) [Makefile.in] Remove trailing backslash which some makeDarren Tucker
implementations (eg older Solaris) do not cope with.
2014-01-24 - (djm) [Makefile.in regress/scp-ssh-wrapper.sh regress/scp.sh] MakeDamien Miller
the scp regress test actually test the built scp rather than the one in $PATH. ok dtucker@
2014-01-17 - (djm) [Makefile.in configure.ac sandbox-capsicum.c sandbox-darwin.c]Damien Miller
[sandbox-null.c sandbox-rlimit.c sandbox-seccomp-filter.c] [sandbox-systrace.c ssh-sandbox.h sshd.c] Support preauth sandboxing using the Capsicum API introduced in FreeBSD 10. Patch by Dag-Erling Smorgrav, updated by Loganaden Velvindron @ AfriNIC; ok dtucker@
2014-01-10 - djm@cvs.openbsd.org 2014/01/09 23:20:00Damien Miller
[digest.c digest.h hostfile.c kex.c kex.h kexc25519.c kexc25519c.c] [kexc25519s.c kexdh.c kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c] [kexgexs.c key.c key.h roaming_client.c roaming_common.c schnorr.c] [schnorr.h ssh-dss.c ssh-ecdsa.c ssh-rsa.c sshconnect2.c] Introduce digest API and use it to perform all hashing operations rather than calling OpenSSL EVP_Digest* directly. Will make it easier to build a reduced-feature OpenSSH without OpenSSL in future; feedback, ok markus@
2013-12-08 - (djm) [Makefile.in regress/Makefile regress/agent-ptrace.sh]Damien Miller
[regress/setuid-allowed.c] Check that ssh-agent is not on a no-setuid filesystem before running agent-ptrace.sh; ok dtucker
2013-12-07 - (djm) [Makefile.in] PATHSUBS and keygen bits for Ed25519; fromDamien Miller
Loganaden Velvindron @ AfriNIC in bz#2179
2013-12-07 - [Makefile.in] Add ed25519 sourcesDamien Miller
2013-11-21 - djm@cvs.openbsd.org 2013/11/21 00:45:44Damien Miller
[Makefile.in PROTOCOL PROTOCOL.chacha20poly1305 authfile.c chacha.c] [chacha.h cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h] [dh.c myproposal.h packet.c poly1305.c poly1305.h servconf.c ssh.1] [ssh.c ssh_config.5 sshd_config.5] Add a new protocol 2 transport cipher "chacha20-poly1305@openssh.com" that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode. Inspired by and similar to Adam Langley's proposal for TLS: http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file. Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@
2013-11-09 - (dtucker) [Makefile.in configure.ac] Set MALLOC_OPTIONS per platformDarren Tucker
and pass in TEST_ENV. Unknown options cause stderr to get polluted and the stderr-data test to fail.
2013-11-07 - (dtucker) [Makefile.in configure.ac] Remove TEST_SSH_SHA256 environmentDarren Tucker
variable. It's no longer used now that we get the supported MACs from ssh -Q.
2013-11-07 - (djm) [Makefile.in monitor.c] Missed chunks of curve25519 KEX diffDamien Miller
2013-11-04 - markus@cvs.openbsd.org 2013/11/02 21:59:15Damien Miller
[kex.c kex.h myproposal.h ssh-keyscan.c sshconnect2.c sshd.c] use curve25519 for default key exchange (curve25519-sha256@libssh.org); initial patch from Aris Adamantiadis; ok djm@
2013-06-11 - (dtucker) [Makefile.in configure.ac fixalgorithms] Remove unsupportedDarren Tucker
algorithms (Ciphers, MACs and HostKeyAlgorithms) from man pages.
2013-06-06 - (dtucker) [Makefile.in] append $CFLAGS to compiler options when buildingDarren Tucker
modpipe in case there's anything in there we need.