tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,505 Commits 6 Branches 20 Tags 99 MiB
Commit Graph

11505 Commits

Author SHA1 Message Date
bagajjal 2539e60536
fix HKEY_LOCAL_MACHINE\SOFTWARE\OpenSSH registry permissions (#484) 2021-03-22 19:17:33 -07:00
djm@openbsd.org 8a9520836e upstream: return non-zero exit status when killed by signal; bz#3281 ok 
dtucker@

OpenBSD-Commit-ID: 117b31cf3c807993077b596bd730c24da9e9b816
 2021-03-19 13:24:56 +11:00
djm@openbsd.org 1269b8a686 upstream: increase maximum SSH2_FXP_READ to match the maximum 
packet size. Also handle zero-length reads that are borderline nonsensical
but not explicitly banned by the spec. Based on patch from Mike Frysinger,
feedback deraadt@ ok dtucker@

OpenBSD-Commit-ID: 4e67d60d81bde7b84a742b4ee5a34001bdf80d9c
 2021-03-19 13:20:32 +11:00
djm@openbsd.org 860b676044 upstream: don't let logging clobber errno before use 
OpenBSD-Commit-ID: ce6cca370005c270c277c51c111bb6911e1680ec
 2021-03-19 13:20:32 +11:00
Darren Tucker 5ca8a92165 Only call dh_set_moduli_file if using OpenSSL. 
Fixes link failure when configuring --without-openssl since dh.c is not
linked in.
 2021-03-13 14:40:43 +11:00
Darren Tucker 867a7dcf00 Don't install moduli during tests. 
Now that we have TEST_SSH_MODULI_FILE pointing to the moduli in the
soure directory we don't need to install the file to prevent warnings
about it being missing.
 2021-03-13 13:52:53 +11:00
Darren Tucker 0c054538fc Point TEST_SSH_MODULI_FILE at our own moduli. 
This will allow the test to run without requiring a moduli file
installed at the configured default path.
 2021-03-13 13:51:26 +11:00
jsg@openbsd.org 4d48219c72 upstream: spelling 
OpenBSD-Commit-ID: 478bc3db04f62f1048ed6e1765400f3ab325e60f
 2021-03-13 13:14:13 +11:00
dtucker@openbsd.org 88057eb6df upstream: Add ModuliFile keyword to sshd_config to specify the 
location of the "moduli" file containing the groups for DH-GEX.  This will
allow us to run tests against arbitrary moduli files without having to
install them. ok djm@

OpenBSD-Commit-ID: 8df99d60b14ecaaa28f3469d01fc7f56bff49f66
 2021-03-13 13:14:13 +11:00
djm@openbsd.org f07519a2af upstream: pwcopy() struct passwd that we're going to reuse across a 
bunch of library calls; bz3273 ok dtucker@

OpenBSD-Commit-ID: b6eafa977b2e44607b1b121f5de855107809b762
 2021-03-13 13:09:54 +11:00
dtucker@openbsd.org 69d6d4b0c8 upstream: Import regenerated moduli file. 
OpenBSD-Commit-ID: 7ac6c252d2a5be8fbad4c66d9d35db507c9dac5b
 2021-03-13 13:09:28 +11:00
djm@openbsd.org e5895e8ecf upstream: no need to reset buffer after send_msg() as that is done 
for us; patch from Mike Frysinger

OpenBSD-Commit-ID: 565516495ff8362a38231e0f1a087b8ae66da59c
 2021-03-13 13:06:10 +11:00
dtucker@openbsd.org 721948e674 upstream: Add TEST_SSH_MODULI_FILE variable to allow overriding of the 
moduli file used during the test run.

OpenBSD-Regress-ID: be10f785263120edb64fc87db0e0d6570a10220a
 2021-03-13 13:02:51 +11:00
Darren Tucker 82fef71e20 Allow (but return EACCES) fstatat64 in sandbox. 
This is apparently used in some configurations of OpenSSL when glibc
has getrandom().  bz#3276, patch from Kris Karas, ok djm@
 2021-03-12 15:58:57 +11:00
Darren Tucker 1cd67ee15c Move generic includes outside of ifdef. 
This ensures that the macros in log.h are defined in the case where
either of --with-solaris-projects or --with-solaris-privs are used
without --with-solaris-contracts.  bz#3278.
 2021-03-12 13:16:10 +11:00
bagajjal 65625c685a
Check systemwide ssh config file permissions (#483) 2021-03-11 16:49:29 -08:00
Darren Tucker 2421a567a8 Import regenerated moduli file. 2021-03-10 17:44:16 +11:00
millert@openbsd.org e99080c05d upstream: Fix PRINT macro, the suffix param to sshlog() was missing. 
Also remove redundant __func__ prefix from PRINT calls as the macro already
adds __FILE__, __func__ and __LINE__.  From Christos Zoulas. OK dtucker@

OpenBSD-Commit-ID: 01fdfa9c5541151b5461d9d7d6ca186a3413d949
 2021-03-10 10:14:26 +11:00
bagajjal 1a1a2ac5f1
administrators authorized keys file can have read permissions for other users. (#481) 2021-03-09 10:02:51 -08:00
bagajjal bc7adf5a84
Allow users to configure custom shell arguments (#480) 2021-03-03 18:05:25 -08:00
djm@openbsd.org 160db17fc6 upstream: don't sshbuf_get_u32() into an enum; reported by goetze 
AT dovetail.com via bz3269

OpenBSD-Commit-ID: 99a30a8f1df9bd72be54e21eee5c56a0f050921a
 2021-03-04 09:43:28 +11:00
sthen@openbsd.org cffd033817 upstream: typo in other_hostkeys_message() display output, ok djm 
OpenBSD-Commit-ID: 276f58afc97b6f5826e0be58380b737603dbf5f5
 2021-03-04 09:43:28 +11:00
djm@openbsd.org 7fe141b96b upstream: needs FILE*; from Mike Frysinger 
OpenBSD-Commit-ID: dddb3aa9cb5792eeeaa37a1af67b5a3f25ded41d
 2021-03-03 19:43:59 +11:00
Damien Miller d2afd717e6 update depend 2021-03-02 21:31:47 +11:00
Damien Miller f0c4eddf7c update relnotes URL 2021-03-02 21:30:14 +11:00
Damien Miller 67a8bb7fe6 update RPM spec version numbers 2021-03-02 21:29:54 +11:00
djm@openbsd.org 0a4b23b11b upstream: openssh-8.5 
OpenBSD-Commit-ID: 185e85d60fe042b8f8fa1ef29d4ef637bdf397d6
 2021-03-02 16:43:01 +11:00
Darren Tucker de3866383b Only upload config logs if configure fails. 2021-03-01 21:13:24 +11:00
dtucker@openbsd.org 85ff2a564c upstream: Add %k to list of keywords. From 
=?UTF-8?q?=20Eero=20H=C3=A4kkinenvia=20bz#3267?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

OpenBSD-Commit-ID: 9c87f39a048cee2a7d1c8bab951b2f716256865e
 2021-03-01 10:20:42 +11:00
dtucker@openbsd.org e774bac359 upstream: Do not try to reset signal handler for signal 0 in 
subprocess. Prevents spurious debug message.  ok djm@

OpenBSD-Commit-ID: 7f9785e292dcf304457566ad4637effd27ad1d46
 2021-02-28 13:01:20 +11:00
djm@openbsd.org 351c5dbbd7 upstream: fix alphabetic ordering of options; spotted by Iain Morgan 
OpenBSD-Commit-ID: f955fec617d74af0feb5b275831a9fee813d7ad5
 2021-02-28 10:54:19 +11:00
Darren Tucker 0d1c9dbe57 zlib is now optional. 2021-02-27 12:26:08 +11:00
Jeffrey H. Johnson b7c6ee7b43 Fix punctuatio and typo in README.md. 
Some very minor fixes, missing 's' and punctuation.
 2021-02-27 12:26:08 +11:00
Damien Miller 6248b86074 Revert "ssh: optional bind interface if bind address specified." 
This reverts commit 5a878a71a3.

Apologies - I accidentally pushed this.
 2021-02-26 16:45:50 +11:00
Damien Miller 493339a940 detech BSD libc hash functions in libbsd / libmd 
Some Linux distributions are shipping the BSD-style hashing functions
(e.g. SHA256Update) in libbsd and/or libmd. Detect this situation to
avoid header/replacement clashes later. ok dtucker@
 2021-02-26 15:46:47 +11:00
Dmitrii Turlupov 5a878a71a3 ssh: optional bind interface if bind address specified. 
Allows the -b and -B options to be used together.
For example, when the interface is in the VRF.
 2021-02-26 15:46:47 +11:00
djm@openbsd.org 1fe4d70df9 upstream: remove this KEX fuzzer; it's awkward to use and doesn't play 
nice with popular fuzzing drivers like libfuzzer. AFAIK nobody has used it
but me.

OpenBSD-Regress-ID: cad919522b3ce90c147c95abaf81b0492ac296c9
 2021-02-26 15:23:42 +11:00
Darren Tucker 24a3a67bd7 Remove macos-11.00 PAM test target too. 
These are failing apparently due to some kind of infrastructure problem,
making it look like every commit is busted.
 2021-02-26 11:50:37 +11:00
djm@openbsd.org 473201783f upstream: a bit more debugging behind #ifdef DEBUG_SK 
OpenBSD-Commit-ID: d9fbce14945721061cb322f0084c2165d33d1993
 2021-02-26 11:18:26 +11:00
Darren Tucker fd9fa76a34 Remove macos-11.0 from the test target list. 
It has been consistently failing for the past few days with a github
actions internal error.
 2021-02-26 01:15:10 +11:00
Philip Hands 476ac8e9d3 tidy the $INSTALLKEY_SH code layout a little 
SSH-Copy-ID-Upstream: 78178aa5017222773e4c23d9001391eeaeca8983
 2021-02-26 01:06:15 +11:00
Jakub Jelen 983e05ef3b if unable to add a missing newline, fail 
SSH-Copy-ID-Upstream: 76b25e18f55499ea9edb4c4d6dc4a80bebc36d95
 2021-02-26 01:06:15 +11:00
Philip Hands 3594b3b015 use $AUTH_KEY_DIR, now that we have it 
since that was a change made since jjelen's commit was written

also, quote the variables

SSH-Copy-ID-Upstream: 588cd8e5cbf95f3443d92b9ab27c5d73ceaf6616
 2021-02-26 01:06:15 +11:00
Jakub Jelen 333e25f7bc restorecon the correct directory 
if using different path for authorized_keys file

SSH-Copy-ID-Upstream: 791a3df47b48412c726bff6f7b1d190721e65d51
 2021-02-26 01:06:15 +11:00
djm@openbsd.org 9beeab8a37 upstream: s/PubkeyAcceptedKeyTypes/PubkeyAcceptedAlgorithms/ 
OpenBSD-Regress-ID: 3dbc005fa29f69dc23d97e433b6dffed6fe7cb69
 2021-02-25 15:15:46 +11:00
dtucker@openbsd.org 2dd9870c16 upstream: Rename pubkeyacceptedkeytypes to pubkeyacceptedalgorithms in 
test to match change to config-dump output.

OpenBSD-Regress-ID: 74c9a4ad50306be873d032819d5e55c24eb74d5d
 2021-02-25 10:31:47 +11:00
dtucker@openbsd.org b9225c3a1c upstream: Put obsolete aliases for hostbasedalgorithms and 
pubkeyacceptedalgorithms after their current names so that the config-dump
mode finds and uses the current names.  Spotted by Phil Pennock.

OpenBSD-Commit-ID: 5dd10e93cccfaff3aaaa09060c917adff04a9b15
 2021-02-25 00:28:45 +11:00
djm@openbsd.org 8b8b60542d upstream: lots more s/key types/signature algorithms/ mostly in 
HostbasedAcceptedAlgorithms and HostKeyAlgorithms; prompted by Jakub Jelen

OpenBSD-Commit-ID: 3f719de4385b1a89e4323b2549c66aae050129cb
 2021-02-24 08:56:22 +11:00
djm@openbsd.org 0aeb508aaa upstream: Correct reference to signature algorithms as keys; from 
Jakub Jelen

OpenBSD-Commit-ID: 36f7ecee86fc811aa0f8e21e7a872eee044b4be5
 2021-02-24 08:56:22 +11:00
Darren Tucker f186a020f2 Add a couple more test VMs. 2021-02-23 16:05:22 +11:00