tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,593 Commits 6 Branches 20 Tags 99 MiB
Commit Graph

11593 Commits

Author SHA1 Message Date
Damien Miller 5a37cc118f fix broken OPENSSL_HAS_ECC test 
spotted by dtucker
 2021-10-06 13:16:21 +11:00
Damien Miller 16a25414f3 make sk-dummy.so work without libcrypto installed 2021-10-01 22:40:06 +10:00
Damien Miller dee22129bb make OPENSSL_HAS_ECC checks more thorough 
ok dtucker
 2021-10-01 16:36:24 +10:00
Damien Miller 872595572b fix FIDO key support for !OPENSSL_HAS_ECC case 
ok dtucker
 2021-10-01 16:36:24 +10:00
Damien Miller 489741dc68 enable security key support for --without-openssl 2021-10-01 16:36:24 +10:00
Damien Miller c978565c85 need stdlib.h for free(3) 2021-10-01 16:36:24 +10:00
dtucker@openbsd.org 76a398edfb upstream: Fix up whitespace left by previous 
change removing privsep.  No other changes.

OpenBSD-Regress-ID: 87adec225d8afaee4d6a91b2b71203f52bf14b15
 2021-10-01 14:55:12 +10:00
dtucker@openbsd.org ddcb53b7a7 upstream: Remove references to privsep. 
This removes several do..while loops but does not change the
indentation of the now-shallower loops, which will be done in a separate
whitespace-only commit to keep changes of style and substance separate.

OpenBSD-Regress-ID: 4bed1a0249df7b4a87c965066ce689e79472a8f7
 2021-10-01 14:55:12 +10:00
dtucker@openbsd.org ece2fbe486 upstream: Use "skip" instead of "fatal" 
if SUDO isn't set for the *-command tests. This means running "make tests"
without SUDO set will perform all of the tests that it can instead of
failing on the ones it cannot run.

OpenBSD-Regress-ID: bd4dbbb02f34b2e8c890558ad4a696248def763a
 2021-10-01 14:55:12 +10:00
djm@openbsd.org bb754b470c upstream: unbreak FIDO sk-ed25519 key enrollment for OPENSSL=no builds; 
ok dtucker@

OpenBSD-Commit-ID: 6323a5241728626cbb2bf0452cf6a5bcbd7ff709
 2021-10-01 14:53:24 +10:00
Darren Tucker 207648d7a6 Include stdlib.h for arc4random_uniform prototype. 2021-09-29 20:03:58 +10:00
Darren Tucker 696aadc854 Look for clang after cc and gcc. 2021-09-29 20:00:30 +10:00
Darren Tucker a3c6375555 Use backticks instead of $(..) for portability. 
Older shells (eg /bin/sh on Solaris 10) don't support $() syntax.
 2021-09-29 19:30:59 +10:00
Darren Tucker 958aaa0387 Skip file-based tests by default on Mac OS. 
The file-based tests need OpenSSL so skip them.
 2021-09-29 18:53:32 +10:00
Darren Tucker 55c8bdf6e9 Build without OpenSSL on Mac OS. 
Modern versions don't ship enough libcrypto to build against.
 2021-09-29 18:42:47 +10:00
Darren Tucker c9172193ea Remove TEST_SSH_ECC. 
Convert the only remaining user of it to runtime detection using ssh -Q.
 2021-09-29 18:33:38 +10:00
Darren Tucker 5e6d28b787 Split c89 test openssl setting out. 2021-09-29 17:48:09 +10:00
Darren Tucker c4ac7f98e2 Expand TEST_SHELL consistently with other vars. 2021-09-29 17:40:50 +10:00
Darren Tucker cfe5f7b0eb Replace `pwd` with make variable in regress cmd. 2021-09-29 17:26:50 +10:00
Darren Tucker 899be59da5 Get BUILDDIR from autoconf. 
Use this to replace `pwd`s in regress test command line.
 2021-09-29 17:14:33 +10:00
Darren Tucker c8d92d3d4f Add make clean step to tests. 2021-09-29 13:28:56 +10:00
Darren Tucker 360fb41ef8 Test all available clang and gcc versions. 2021-09-29 12:05:50 +10:00
djm@openbsd.org 4fb49899d7 upstream: Test certificate hostkeys held in ssh-agent too. Would have 
caught regression fixed in sshd r1.575

ok markus@

OpenBSD-Regress-ID: 1f164d7bd89f83762db823eec4ddf2d2556145ed
 2021-09-29 11:35:18 +10:00
djm@openbsd.org ce4854e12e upstream: add some debug output showing how many key file/command lines 
were processed. Useful to see whether a file or command actually has keys
present

OpenBSD-Commit-ID: 0bd9ff94e84e03a22df8e6c12f6074a95d27f23c
 2021-09-29 11:35:11 +10:00
dtucker@openbsd.org 15abdd5235 upstream: Make prototype for rijndaelEncrypt match function 
including the bounds. Fixes error in portable where GCC>=11 takes notice of
the bounds. ok deraadt@

OpenBSD-Commit-ID: cdd2f05fd1549e1786a70871e513cf9e9cf099a6
 2021-09-29 11:09:27 +10:00
dtucker@openbsd.org d1d29ea1d1 upstream: Import regenerated moduli. 
OpenBSD-Commit-ID: 4bec5db13b736b64b06a0fca704cbecc2874c8e1
 2021-09-29 11:00:50 +10:00
Darren Tucker 39f2111b1d Add new compiler hardening flags. 
Add -fzero-call-used-regs and -ftrivial-auto-var-init to the list of
compiler hardening flags that configure checks for.  These are supported
by clang and gcc, and make ROP gadgets less useful and mitigate
stack-based infoleaks respectively.  ok djm@
 2021-09-29 10:53:55 +10:00
Damien Miller bf944e3794 initgroups needs grp.h 2021-09-27 00:03:19 +10:00
djm@openbsd.org 8c5b565514 upstream: openssh-8.8 
OpenBSD-Commit-ID: 12357794602ac979eb7312a1fb190c453f492ec4
 2021-09-27 00:03:12 +10:00
djm@openbsd.org f3cbe43e28 upstream: need initgroups() before setresgid(); reported by anton@, 
ok deraadt@

OpenBSD-Commit-ID: 6aa003ee658b316960d94078f2a16edbc25087ce
 2021-09-27 00:02:42 +10:00
Damien Miller 8acaff41f7 update version numbers for release 2021-09-26 22:16:36 +10:00
kn@openbsd.org d39039ddc0 upstream: RSA/SHA-1 is not used by default anymore 
OK dtucker deraadt djm

OpenBSD-Commit-ID: 055c51a221c3f099dd75c95362f902da1b8678c6
 2021-09-26 21:13:28 +10:00
Darren Tucker 9b2ee74e3a Move the fgrep replacement to hostkey-rotate.sh. 
The fgrep replacement for buggy greps doesn't work in the sftp-glob test
so move it to just where we know it's needed.
 2021-09-24 11:08:03 +10:00
Darren Tucker f703954157 Replacement function for buggy fgrep. 
GNU (f)grep <=2.18, as shipped by FreeBSD<=12 and NetBSD<=9 will
occasionally fail to find ssh host keys in the hostkey-rotate test.
If we have those versions, use awk instead.
 2021-09-24 08:06:48 +10:00
David Manouchehri f6a660e5bf Don't prompt for yes/no questions. 2021-09-24 07:52:04 +10:00
djm@openbsd.org 7ed1a3117c upstream: fix missing -s in SYNOPSYS and usage() as well as a 
capitalisation mistake; spotted by jmc@

OpenBSD-Commit-ID: 0ed8ee085c7503c60578941d8b45f3a61d4c9710
 2021-09-21 08:06:09 +10:00
dtucker@openbsd.org 8c07170135 upstream: Fix "Allocated port" debug message 
for unix domain sockets. From peder.stray at gmail.com via github PR#272,
ok deraadt@

OpenBSD-Commit-ID: 8d5ef3fbdcdd29ebb0792b5022a4942db03f017e
 2021-09-20 14:31:57 +10:00
djm@openbsd.org 277d3c6adf upstream: Switch scp back to use the old protocol by default, ahead of 
release. We'll wait a little longer for people to pick up sftp-server(8) that
supports the extension that scp needs for ~user paths to continue working in
SFTP protocol mode. Discussed with deraadt@

OpenBSD-Commit-ID: f281f603a705fba317ff076e7b11bcf2df941871
 2021-09-20 12:03:17 +10:00
djm@openbsd.org ace19b34cc upstream: better error message for ~user failures when the 
sftp-server lacks the expand-path extension; ok deraadt@

OpenBSD-Commit-ID: 9c1d965d389411f7e86f0a445158bf09b8f9e4bc
 2021-09-19 17:21:59 +10:00
djm@openbsd.org 6b1238ba97 upstream: make some more scp-in-SFTP mode better match Unix idioms 
suggested by deraadt@

OpenBSD-Commit-ID: 0f2439404ed4cf0b0be8bf49a1ee734836e1ac87
 2021-09-19 17:21:59 +10:00
djm@openbsd.org e694f8ac44 upstream: allow log_stderr==2 to prefix log messages with argv[0] 
use this to make scp's SFTP mode error messages more scp-like

prompted by and ok deraadt@

OpenBSD-Commit-ID: 0e821dbde423fc2280e47414bdc22aaa5b4e0733
 2021-09-19 17:21:59 +10:00
Darren Tucker 8a7a06ee50 Test against LibreSSL 3.2.6, 3.3.4, 3.4.0. 2021-09-17 13:03:31 +10:00
djm@openbsd.org c25c84074a upstream: missing space character in ssh -G output broke the 
t-sshcfgparse regression test; spotted by anton@

OpenBSD-Commit-ID: bcc36fae2f233caac4baa8e58482da4aa350eed0
 2021-09-16 15:38:16 +10:00
djm@openbsd.org a4bee1934b upstream: allow CanonicalizePermittedCNAMEs=none in ssh_config; ok 
markus@

OpenBSD-Commit-ID: 668a82ba8e56d731b26ffc5703213bfe071df623
 2021-09-16 15:38:16 +10:00
mbuhl@openbsd.org d0fffc88c8 upstream: put back the mux_ctx memleak fix for SSH_CHANNEL_MUX_CLIENT 
OK mfriedl@

OpenBSD-Commit-ID: 1aba1da828956cacaadb81a637338734697d9798
 2021-09-15 15:58:18 +10:00
schwarze@openbsd.org 19b3d846f0 upstream: Do not ignore SIGINT while waiting for input if editline(3) 
is not used. Instead, in non-interactive mode, exit sftp(1), like for other
serious errors. As pointed out by dtucker@, when compiled without editline(3)
support in portable OpenSSH, the el == NULL branch is also used for
interactive mode. In that case, discard the input line and provide a fresh
prompt to the user just like in the case where editline(3) is used. OK djm@

OpenBSD-Commit-ID: 7d06f4d3ebba62115527fafacf38370d09dfb393
 2021-09-11 20:26:51 +10:00
djm@openbsd.org ba61123eef upstream: when using SFTP protocol, continue transferring files after a 
transfer error occurs. This matches original scp/rcp behaviour. ok dtucker@

OpenBSD-Commit-ID: dfe4558d71dd09707e9b5d6e7d2e53b793da69fa
 2021-09-11 10:41:39 +10:00
dtucker@openbsd.org b0ec59a708 upstream: Document that non-interactive commands are run via the user's 
shell using the -c flag.  ok jmc@

OpenBSD-Commit-ID: 4f0d912077732eead10423afd1acf4fc0ceec477
 2021-09-10 22:05:35 +10:00
dtucker@openbsd.org 66a658b5d9 upstream: Document behaviour of arguments following non-interactive 
commands. Prompted by github PR#139 from EvanTheB, feedback & ok djm@ jmc@

OpenBSD-Commit-ID: fc758d1fe0471dfab4304fcad6cd4ecc3d79162a
 2021-09-10 20:34:09 +10:00
dtucker@openbsd.org 1d47e28e40 upstream: Clarify which file's attributes -p preserves, and that 
it's specifically the file mode bits. bz#3340 from calestyo at scientia.net,
ok djm@ jmc@

OpenBSD-Commit-ID: f09e6098ed1c4be00c730873049825f8ee7cb884
 2021-09-10 20:34:09 +10:00