tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-31 01:35:11 +02:00
Code Issues Packages Projects Releases Wiki Activity
13,388 Commits 6 Branches 22 Tags
Commit Graph

13388 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
tobhe@openbsd.org
d2d247938b
upstream: Log errors in kex_exchange_identification() with level 
verbose instead of error to reduce preauth log spam. All of those get logged
with a more generic error message by sshpkt_fatal().

feedback from sthen@
ok djm@

OpenBSD-Commit-ID: bd47dab4695b134a44c379f0e9a39eed33047809
 2023-08-28 13:34:00 +10:00
djm@openbsd.org
9d7193a835
upstream: correct math for ClientAliveInterval that caused the 
probes to be sent less frequently than configured; from Dawid Majchrzak

OpenBSD-Commit-ID: 641153e7c05117436ddfc58267aa267ca8b80038
 2023-08-28 13:34:00 +10:00
Darren Tucker
3c6ab63b38
Include Portable version in sshd version string. 
bz#3608, ok djm@
 2023-08-25 14:48:02 +10:00
Tess Gauthier
22615453ef temp add x86 zlib built with vs 2022 for CI test 2023-08-23 15:17:17 -04:00
Tess Gauthier
1b8783c18e Merge branch 'merge-9.4' of https://github.com/tgauth/openssh-portable into merge-9.4 2023-08-23 15:03:24 -04:00
Tess Gauthier
4d42e70320 temporarily add zlib built with vs2022 build tools for CI 2023-08-23 14:53:01 -04:00
Tess Gauthier
23090c69ca
Update ci.yml to new build image 2023-08-23 14:32:09 -04:00
Tess Gauthier
6c59360e66 temporarily add dependencies built with VS2022 build tools for CI 2023-08-23 14:12:09 -04:00
Tess Gauthier
f2cd96282f add Windows preprocessor definitions around posix and pkcs11 changes 2023-08-23 14:10:25 -04:00
Tess Gauthier
a1999590a8 fix parsing command-line args and add Windows #ifdef to prevent in future 2023-08-23 13:24:36 -04:00
Tess Gauthier
0db6f3e486 resolve merge conflicts 2023-08-21 16:35:13 -04:00
Darren Tucker
17fa6cd10a
obsd-arm64 host is real hardware... 
so put in the correct config location.
 2023-08-21 19:47:58 +10:00
Darren Tucker
598ca75c85
Add OpenBSD ARM64 test host. 2023-08-21 19:17:27 +10:00
Darren Tucker
1acac79bfb
Add test for zlib development branch. 2023-08-21 19:17:18 +10:00
djm@openbsd.org
84efebf352
upstream: want stdlib.h for free(3) 
OpenBSD-Commit-ID: 743af3c6e3ce5e6cecd051668f0327a01f44af29
 2023-08-21 14:38:38 +10:00
Darren Tucker
e99a02ec18
Fix zlib version check for 1.3 and future version. 
bz#3604.
 2023-08-19 07:41:24 +10:00
Darren Tucker
cb4ed12ffc
Fix zlib version check for 1.3 and future version. 
bz#3604.
 2023-08-19 07:39:08 +10:00
Tess Gauthier
ad45b5c9a1
fix func declaration (#682) 2023-08-18 13:31:56 -04:00
Darren Tucker
25b75e21f1
Add 9.4 branch to CI status page. 2023-08-18 12:50:32 +10:00
djm@openbsd.org
f3e39c4700
upstream: fix regression in OpenSSH 9.4 (mux.c r1.99) that caused 
multiplexed sessions to ignore SIGINT under some circumstances. Reported by /
feedback naddy@, ok dtucker@

OpenBSD-Commit-ID: 4d5c6c894664f50149153fd4764f21f43e7d7e5a
 2023-08-18 12:04:05 +10:00
djm@openbsd.org
803e22eabd
upstream: fix regression in OpenSSH 9.4 (mux.c r1.99) that caused 
multiplexed sessions to ignore SIGINT under some circumstances. Reported by /
feedback naddy@, ok dtucker@

OpenBSD-Commit-ID: 4d5c6c894664f50149153fd4764f21f43e7d7e5a
 2023-08-18 12:02:41 +10:00
djm@openbsd.org
e706bca324
upstream: defence-in-depth MaxAuthTries check in monitor; ok markus 
OpenBSD-Commit-ID: 65a4225dc708e2dae71315adf93677edace46c21
 2023-08-18 11:44:41 +10:00
djm@openbsd.org
d1ab7eb904
upstream: add message number of SSH2_MSG_NEWCOMPRESS defined in RFC8308 
OpenBSD-Commit-ID: 6c984171c96ed67effd7b5092f3d3975d55d6028
 2023-08-15 10:12:26 +10:00
Darren Tucker
c8e79e4872
Add obsd72 and obsd73 test targets. 2023-08-13 15:02:08 +10:00
Darren Tucker
fa8da52934
Add obsd72 and obsd73 test targets. 2023-08-13 15:01:27 +10:00
djm@openbsd.org
f9f1800667
upstream: better debug logging of sessions' exit status 
OpenBSD-Commit-ID: 82237567fcd4098797cbdd17efa6ade08e1a36b0
 2023-08-11 09:12:59 +10:00
naddy@openbsd.org
a8c57bcb07
upstream: drop a wayward comma, ok jmc@ 
OpenBSD-Commit-ID: 5c11fbb9592a29b37bbf36f66df50db9d38182c6
 2023-08-11 09:10:21 +10:00
Damien Miller
e962f9b318
depend 2023-08-10 20:17:07 +10:00
Damien Miller
0fcb60bf83
update versions in RPM specs 2023-08-10 20:17:06 +10:00
Damien Miller
d0cee42984
update version in README 2023-08-10 20:17:06 +10:00
djm@openbsd.org
78b4dc6684
upstream: openssh-9.4 
OpenBSD-Commit-ID: 71fc1e01a4c4ea061b252bd399cda7be757e6e35
 2023-08-10 20:17:05 +10:00
Darren Tucker
58ca4f0aa8
Only include unistd.h once. 2023-08-10 11:30:24 +10:00
Damien Miller
daa5b2d869
depend 2023-08-10 11:10:22 +10:00
Damien Miller
41bfb63f51
update versions in RPM specs 2023-08-10 11:05:42 +10:00
Damien Miller
e598b92b1e
update version in README 2023-08-10 11:05:14 +10:00
djm@openbsd.org
e797e5ffa7
upstream: openssh-9.4 
OpenBSD-Commit-ID: 71fc1e01a4c4ea061b252bd399cda7be757e6e35
 2023-08-10 11:04:25 +10:00
Damien Miller
3961ed02dc
wrap poll.h include in HAVE_POLL_H 2023-08-10 09:08:49 +10:00
dtucker@openbsd.org
e535fbe2af
upstream: Apply ConnectTimeout to multiplexing local socket 
connections.  If the multiplex socket exists but the connection times out,
ssh will fall back to a direct connection the same way it would if the socket
did not exist at all.  ok djm@

OpenBSD-Commit-ID: 2fbe1a36d4a24b98531b2d298a6557c8285dc1b4
 2023-08-04 17:50:35 +10:00
Darren Tucker
9d92e7b248
Fix RNG seeding for OpenSSL w/out self seeding. 
When sshd is built with an OpenSSL that does not self-seed, it would
fail in the preauth privsep process while handling a new connection.
Sanity checked by djm@
 2023-08-03 20:29:08 +10:00
djm@openbsd.org
f70010d9b0
upstream: CheckHostIP has defaulted to 'no' for a while; make the 
commented- out config option match. From Ed Maste

OpenBSD-Commit-ID: e66e934c45a9077cb1d51fc4f8d3df4505db58d9
 2023-08-03 09:09:02 +10:00
dtucker@openbsd.org
c88a8788f9
upstream: remove unnecessary if statement. 
github PR#422 from eyalasulin999, ok djm@

OpenBSD-Commit-ID: 2b6b0dde4407e039f58f86c8d2ff584a8205ea55
 2023-08-01 18:54:30 +10:00
jmc@openbsd.org
77b8b865cd
upstream: %C is a callable macro in mdoc(7) 
so, as we do for %D, escape it;

OpenBSD-Commit-ID: 538cfcddbbb59dc3a8739604319491dcb8e0c0c9
 2023-08-01 18:54:13 +10:00
djm@openbsd.org
e0f91aa9c2
upstream: don't need to start a command here; use ssh -N instead. 
Fixes failure on cygwin spotted by Darren

OpenBSD-Regress-ID: ff678a8cc69160a3b862733d935ec4a383f93cfb
 2023-07-30 11:41:45 +10:00
djm@openbsd.org
f446a44f30
upstream: add LTESTS_FROM variable to allow skipping of tests up to 
a specific point. e.g. "make LTESTS_FROM=t-sftp" will only run the sftp.sh
test and subsequent ones. ok dtucker@

OpenBSD-Regress-ID: 07f653de731def074b29293db946042706fcead3
 2023-07-30 11:41:44 +10:00
djm@openbsd.org
8eb8899d61
upstream: test ChrootDirectory in Match block 
OpenBSD-Regress-ID: a6150262f39065939f025e546af2a346ffe674c1
 2023-07-30 11:18:09 +10:00
djm@openbsd.org
e43f43d3f1
upstream: better error messages 
OpenBSD-Regress-ID: 55e4186604e80259496d841e690ea2090981bc7a
 2023-07-30 11:17:43 +10:00
djm@openbsd.org
6958f00acf
upstream: don't incorrectly truncate logged strings retrieved from 
PKCS#11 modules; based on GHPR406 by Jakub Jelen; ok markus

OpenBSD-Commit-ID: 7ed1082f23a13b38c373008f856fd301d50012f9
 2023-07-28 08:31:01 +10:00
djm@openbsd.org
d1ffde6b55
upstream: make sshd_config AuthorizedPrincipalsCommand and 
AuthorizedKeysCommand accept the %D (routing domain) and a new %C (connection
address/port 4-tuple) as expansion sequences; ok markus

OpenBSD-Commit-ID: ee9a48bf1a74c4ace71b69de69cfdaa2a7388565
 2023-07-28 08:29:21 +10:00
djm@openbsd.org
999a2886ca
upstream: increase default KDF work-factor for OpenSSH format 
private keys from 16 to 24; { feedback ok } x { deraadt markus }

OpenBSD-Commit-ID: a3afb1383f8ff0a49613d449f02395d9e8d4a9ec
 2023-07-28 08:29:20 +10:00
Darren Tucker
0fa803a1dd
Prefer OpenSSL's SHA256 in sk-dummy.so 
Previously sk-dummy.so used libc's (or compat's) SHA256 since it may be
built without OpenSSL.  In many cases, however, including both libc's
and OpenSSL's headers together caused conflicting definitions.

We tried working around this (on OpenSSL <1.1 you could define
OPENSSL_NO_SHA, NetBSD had USE_LIBC_SHA2, various #define hacks) with
varying levels of success.  Since OpenSSL >=1.1 removed OPENSSL_NO_SHA
and including most OpenSSL headers would bring sha.h in, even if it
wasn't used directly this was a constant hassle.

Admit defeat and use OpenSSL's SHA256 unless we aren't using OpenSSL at
all.  ok djm@
 2023-07-27 10:30:12 +10:00