tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,082 Commits 6 Branches 20 Tags 99 MiB
Commit Graph

12082 Commits

Author SHA1 Message Date
djm@openbsd.org 25c8a2bbcc
upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak 
OPENSSL=no builds

OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e
 2022-10-28 13:49:01 +11:00
djm@openbsd.org 1192588546
upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g. 
ssh-keyscan 192.168.0.0/24

If a CIDR range is passed, then it will be expanded to all possible
addresses in the range including the all-0s and all-1s addresses.

bz#976 feedback/ok markus@

OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b
 2022-10-28 13:39:35 +11:00
Damien Miller 64af420930
fix merge botch 2022-10-28 12:54:35 +11:00
djm@openbsd.org 2726764269
upstream: refactor sshkey_private_deserialize 
feedback/ok markus@

OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f
 2022-10-28 12:47:01 +11:00
djm@openbsd.org 2519a7077a
upstream: refactor sshkey_private_serialize_opt() 
feedback/ok markus@

OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd
 2022-10-28 12:47:01 +11:00
djm@openbsd.org 11a768adf9
upstream: refactor certify 
feedback/ok markus@

OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6
 2022-10-28 12:47:00 +11:00
djm@openbsd.org 3fbc58bb24
upstream: refactor sshkey_sign() and sshkey_verify() 
feedback/ok markus@

OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc
 2022-10-28 12:47:00 +11:00
djm@openbsd.org a1deb6cdbb
upstream: refactor sshkey_from_blob_internal() 
feedback/ok markus@

OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283
 2022-10-28 12:46:59 +11:00
djm@openbsd.org 7d00799c93
upstream: refactor sshkey_from_private() 
feedback/ok markus@

OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53
 2022-10-28 12:46:59 +11:00
djm@openbsd.org 262647c2e9
upstream: factor out key generation 
feedback/ok markus@

OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb
 2022-10-28 12:46:58 +11:00
djm@openbsd.org 401c74e7dc
upstream: refactor and simplify sshkey_read() 
feedback/ok markus@

OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971
 2022-10-28 12:46:57 +11:00
djm@openbsd.org 591fed94e6
upstream: factor out public key serialization 
feedback/ok markus@

OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033
 2022-10-28 12:46:57 +11:00
djm@openbsd.org 1e78844ae2
upstream: factor out sshkey_equal_public() 
feedback/ok markus@

OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94
 2022-10-28 12:46:56 +11:00
djm@openbsd.org 25de1c01a8
upstream: begin big refactor of sshkey 
Move keytype data and some of the type-specific code (allocation,
cleanup, etc) out into each key type's implementation. Subsequent
commits will move more, with the goal of having each key-*.c file
owning as much of its keytype's implementation as possible.

lots of feedback + ok markus@

OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec
 2022-10-28 12:46:56 +11:00
djm@openbsd.org 445363433b
upstream: Be more paranoid with host/domain names coming from the 
never write a name with bad characters to a known_hosts file.

reported by David Leadbeater, ok deraadt@

OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad
 2022-10-25 10:16:35 +11:00
djm@openbsd.org 7190154de2
upstream: regress test for unmatched glob characters; fails before 
previous commit but passes now. bz3488; prodded by dtucker@

OpenBSD-Regress-ID: 0cc5cc9ea4a6fd170dc61b9212f15badaafb3bbd
 2022-10-25 08:56:38 +11:00
djm@openbsd.org a4821a5924
upstream: when scp(1) is using the SFTP protocol for transport (the 
default), better match scp/rcp's handling of globs that don't match the
globbed characters but do match literally (e.g. trying to transfer
"foo.[1]").

Previously scp(1) in SFTP mode would not match these pathnames but
legacy scp/rcp mode would.

Reported by Michael Yagliyan in bz3488; ok dtucker@

OpenBSD-Commit-ID: d8a3773f53015ba811fddba7473769a2fd343e11
 2022-10-25 08:55:11 +11:00
jsg@openbsd.org 18376847b8
upstream: use correct type with sizeof ok djm@ 
OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143
 2022-10-25 08:55:11 +11:00
jmc@openbsd.org 4a4883664d
upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here, 
wrap a long line

ssh-agent.c:
- add -O to usage()

OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389
 2022-10-25 08:55:10 +11:00
djm@openbsd.org 9fd2441113
upstream: document "-O no-restrict-websafe"; spotted by Ross L 
Richardson

OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b
 2022-10-25 08:54:43 +11:00
Darren Tucker 614252b05d
OpenSSL dev branch now identifies as 3.2.0. 2022-10-18 06:29:16 +11:00
Damien Miller 195e5a65fd
revert c64b62338b and guard POLL* defines instead 
c64b62338b broke OSX builds, which do have poll.h but lack ppoll(2)
Spotted by dtucker
 2022-10-17 09:41:47 +11:00
Damien Miller bc2e480d99
undef _get{short,long} before redefining 2022-10-14 14:52:22 +11:00
Harmen Stoppels 5eb796a369
Fix snprintf configure test for clang 15 
Clang 15 -Wimplicit-int defaults to an error in C99 mode and above.
A handful of tests have "main(..." and not "int main(..." which caused
the tests to produce incorrect results.
 2022-10-14 07:37:16 +11:00
Damien Miller c64b62338b
skip bsd-poll.h if poll.h found; ok dtucker 2022-10-10 12:32:43 +11:00
djm@openbsd.org 5ee2b8ccfc
upstream: honour user's umask if it is more restrictive then the ssh 
default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@

OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d
 2022-10-07 09:45:02 +11:00
Darren Tucker a75cffc270
Add LibreSSL 3.6.0 to test suite. 
While there, bump OpenSSL to latest 1.1.1q release.
 2022-10-07 03:54:56 +11:00
Darren Tucker fcc0f0c0e9
Add 9.1 branch to CI status page. 2022-10-06 21:18:16 +11:00
Darren Tucker ef211eee63
Test commits to all branches of portable. 
Only test OpenBSD upstream on commits to master since that's what it
tracks.
 2022-10-05 06:31:48 +11:00
Damien Miller fe646de03c
whitespace at EOL 2022-10-05 03:47:26 +11:00
Damien Miller a6e1852d10
mention libfido2 autodetection 2022-10-05 03:40:01 +11:00
Damien Miller 7360c2c206
remove mention of --with-security-key-builtin 
it is enabled by default when libfido2 is installed
 2022-10-05 03:37:36 +11:00
Damien Miller 0ffb46f2ee
update .depend 2022-10-04 01:51:42 +11:00
Damien Miller 657e676ff6
update release notes URL 2022-10-04 01:45:52 +11:00
Damien Miller f059da2b29
crank versions in RPM spec files 2022-10-04 01:45:41 +11:00
djm@openbsd.org b51f3f172d
upstream: openssh-9.1 
OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56
 2022-09-27 19:37:13 +10:00
dtucker@openbsd.org 4cf8d0c0f3
upstream: Fix typo. From AlexanderStohr via github PR#343. 
OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497
 2022-09-27 08:16:44 +10:00
djm@openbsd.org 8179fed326
upstream: add RequiredRSASize to the list of keywords accepted by 
-o; spotted by jmc@

OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e
 2022-09-27 08:16:44 +10:00
Damien Miller 5f954929e9
no need for glob.h here 
it also causes portability problems
 2022-09-19 20:59:34 +10:00
Damien Miller 03d94a4720
avoid Wuninitialized false positive in gcc-12ish 2022-09-19 20:59:04 +10:00
djm@openbsd.org 9d95252911
upstream: use users-groups-by-id@openssh.com sftp-server extension 
(when available) to fill in user/group names for directory listings.
Implement a client-side cache of see uid/gid=>user/group names. ok markus@

OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e
 2022-09-19 20:51:14 +10:00
djm@openbsd.org 8ff680368b
upstream: sftp client library support for 
users-groups-by-id@openssh.com; ok markus@

OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de
 2022-09-19 20:49:14 +10:00
djm@openbsd.org 488f6e1c58
upstream: extend sftp-common.c:extend ls_file() to support supplied 
user/group names; ok markus@

OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0
 2022-09-19 20:49:13 +10:00
djm@openbsd.org 74b77f7497
upstream: sftp-server(8): add a "users-groups-by-id@openssh.com" 
extension request that allows the client to obtain user/group names that
correspond to a set of uids/gids.

Will be used to make directory listings more useful and consistent
in sftp(1).

ok markus@

OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3
 2022-09-19 20:49:13 +10:00
djm@openbsd.org 231a346c0c
upstream: better debugging for connect_next() 
OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640
 2022-09-19 19:25:14 +10:00
djm@openbsd.org 1875042c52
upstream: Add RequiredRSASize for sshd(8); RSA keys that fall 
beneath this limit will be ignored for user and host-based authentication.

Feedback deraadt@ ok markus@

OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1
 2022-09-17 20:39:02 +10:00
djm@openbsd.org 54b333d12e
upstream: add a RequiredRSASize for checking RSA key length in 
ssh(1). User authentication keys that fall beneath this limit will be
ignored. If a host presents a host key beneath this limit then the connection
will be terminated (unfortunately there are no fallbacks in the protocol for
host authentication).

feedback deraadt, Dmitry Belyavskiy; ok markus@

OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a
 2022-09-17 20:39:02 +10:00
djm@openbsd.org 07d8771bac
upstream: Add a sshkey_check_rsa_length() call for checking the 
length of an RSA key; ok markus@

OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134
 2022-09-17 20:38:40 +10:00
djm@openbsd.org 3991a0cf94
upstream: actually hook up restrict_websafe; the command-line flag 
was never actually used. Spotted by Matthew Garrett

OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1
 2022-09-17 20:37:20 +10:00
djm@openbsd.org 30b2a7e429
upstream: correct error value 
OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4
 2022-09-17 20:37:19 +10:00