tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,939 Commits 6 Branches 20 Tags 97 MiB
Commit Graph

12939 Commits

Author SHA1 Message Date
dtucker@openbsd.org 6b73aa2903
upstream: Explictly ignore return codes 
where we don't check them.

OpenBSD-Commit-ID: 1ffb03038ba1b6b72667be50cf5e5e396b5f2740
 2023-03-31 16:17:46 +11:00
dtucker@openbsd.org 6f0308a3e7
upstream: Return immediately from get_sock_port 
if sock <0 so we don't call getsockname on a negative FD.  From Coverity
CID 291840, ok djm@

OpenBSD-Commit-ID: de1c1130646230c2eda559831fc6bfd1b61d9618
 2023-03-31 16:17:22 +11:00
djm@openbsd.org 1c1124dc90
upstream: don't leak arg2 on parse_pubkey_algos error path; ok 
dtucker@

OpenBSD-Commit-ID: 7d0270ad3dd102412ca76add2b3760518abdef75
 2023-03-31 15:32:37 +11:00
djm@openbsd.org 8ba2d4764b
upstream: clamp max number of GSSAPI mechanisms to 2048; ok dtucker 
OpenBSD-Commit-ID: ce66db603a913d3dd57063e330cb5494d70722c4
 2023-03-31 15:32:37 +11:00
djm@openbsd.org 1883841fc1
upstream: don't print key if printing hostname failed; with/ok 
dtucker@

OpenBSD-Commit-ID: ad42971a6ee5a46feab2d79f7f656f8cf4b119f3
 2023-03-31 15:32:36 +11:00
djm@openbsd.org c6011129ca
upstream: remove redundant test 
OpenBSD-Commit-ID: 6a0b719f9b1ae9d42ad8c5b144c7962c93792f7c
 2023-03-31 15:06:20 +11:00
djm@openbsd.org 4fb29eeafb
upstream: don't attempt to decode a ridiculous number of 
attributes; harmless because of bounds elsewhere, but better to be explicit

OpenBSD-Commit-ID: 1a34f4b6896155b80327d15dc7ccf294b538a9f2
 2023-03-31 15:06:20 +11:00
djm@openbsd.org fc437c154e
upstream: remove unused variable; prompted by Coverity CID 291879 
OpenBSD-Commit-ID: 4c7d20ef776887b0ba1aabcfc1b14690e4ad0a40
 2023-03-31 15:06:19 +11:00
dtucker@openbsd.org 0eb8131e4a
upstream: Check fd against >=0 instead of >0 in error path. The 
dup could in theory return fd 0 although currently it doesn't in practice.
From Dmitry Belyavskiy vi github PR#238.

OpenBSD-Commit-ID: 4a95f3f7330394dffee5c749d52713cbf3b54846
 2023-03-31 15:06:19 +11:00
dtucker@openbsd.org 7174ba6f8a
upstream: Ignore return value from muxclient(). It normally loops 
without returning, but it if returns on failure we immediately exit.
Coverity CID 405050.

OpenBSD-Commit-ID: ab3fde6da384ea588226037c38635a6b2e015295
 2023-03-31 15:06:18 +11:00
Damien Miller a4c1c2513e
don't call connect() on negative socket 
Coverity CID 405037
 2023-03-31 14:17:22 +11:00
djm@openbsd.org 34ee842cdd
upstream: return SSH_ERR_KEY_NOT_FOUND if the allowed_signers file 
is empty, not SSH_ERR_INTERNAL_ERROR. Also remove some dead code spotted
by Coverity; with/ok dtucker@

OpenBSD-Commit-ID: 898a1e817cda9869554b1f586a434f67bcc3b650
 2023-03-30 14:09:51 +11:00
dtucker@openbsd.org f108e77a9d
upstream: Remove dead code from inside if block. 
The only way the if statement can be true is if both dup()s fail, and
in that case the tmp2 can never be set. Coverity CID 291805, ok djm@

OpenBSD-Commit-ID: c0d6089b3fb725015462040cd94e23237449f0c8
 2023-03-30 14:09:37 +11:00
Darren Tucker 05b8e88ebe
child_set_eng: verify both env pointer and count. 
If child_set env was called with a NULL env pointer and a non-zero count
it would end up in a null deref, although we don't currently do this.
Prompted by Coverity CID 291850, tweak & ok djm@
 2023-03-30 14:08:35 +11:00
Tess Gauthier 0b1285526e add updated proj files for testing 2023-03-29 12:47:58 -04:00
dtucker@openbsd.org 28f1b8ef9b
upstream: Ignore return from sshpkt_disconnect 
since we set our own return value for the function.  Coverity CID 291797,
ok djm@

OpenBSD-Commit-ID: 710b57ba954c139240895e23feea41f203201f04
 2023-03-29 12:33:32 +11:00
dtucker@openbsd.org c3da05d959
upstream: Plug potential mem leak in process_put. 
It allocates abs_dst inside a loop but only frees it on exit, so free
inside the loop if necessary.  Coverity CID 291837, ok djm@

OpenBSD-Commit-ID: a01616503a185519b16f00dde25d34ceaf4ae1a3
 2023-03-29 12:22:33 +11:00
djm@openbsd.org 13ae327eae
upstream: fix memory leak; Coverity CID 291848 
with/ok dtucker@

OpenBSD-Commit-ID: 37f80cb5d075ead5a00ad1b74175684ab1156ff8
 2023-03-29 12:22:23 +11:00
dtucker@openbsd.org 9ffa76e128
upstream: Plug more mem leaks in sftp by making 
make_absolute_pwd_glob work in the same way as make_absolute: you
pass it a dynamically allocated string and it either returns it, or
frees it and allocates a new one. Patch from emaste at freebsd.org and
https://reviews.freebsd.org/D37253 ok djm@

OpenBSD-Commit-ID: 85f7404e9d47fd28b222fbc412678f3361d2dffc
 2023-03-28 19:03:54 +11:00
dtucker@openbsd.org 82b2b83269
upstream: Remove compat code for OpenSSL < 1.1.* 
since -portable no longer supports them.

OpenBSD-Commit-ID: ea2893783331947cd29a67612b4e56f818f185ff
 2023-03-28 19:03:29 +11:00
dtucker@openbsd.org b500afcf00
upstream: Remove compat code for OpenSSL 1.0.* 
versions now that -portable has dropped support for those versions.

OpenBSD-Regress-ID: 82a8eacd87aec28e4aa19f17246ddde9d5ce7fe7
 2023-03-28 19:03:10 +11:00
Darren Tucker 727560e601
Prevent conflicts between Solaris SHA2 and OpenSSL. 
We used to prevent conflicts between native SHA2 headers and OpenSSL's
by setting OPENSSL_NO_SHA but that was removed prior to OpenSSL 1.1.0
 2023-03-28 19:03:03 +11:00
Darren Tucker 46db8e14b7
Remove HEADER_SHA_H from previous... 
since it causes more problems than it solves.
 2023-03-28 12:44:03 +11:00
Darren Tucker 72bd68d373
Replace OPENSSL_NO_SHA with HEADER_SHA_H. 
Since this test doesn't use OpenSSL's SHA2 and may cause conflicts we
don't want to include it, but OPENSSL_NO_SHA was removed beginning in
OpenSSL's 1.1 series.
 2023-03-28 10:35:18 +11:00
Darren Tucker 99668f2e6e
Configure with --target instead of deprecated form. 2023-03-28 09:50:06 +11:00
Darren Tucker f751d9306c
Pass rpath when building 64bit Solaris. 2023-03-27 22:18:49 +11:00
Darren Tucker a64b935cd4
Explicitly disable OpenSSL on AIX test VM. 2023-03-27 22:18:46 +11:00
dtucker@openbsd.org 7ebc6f060f
upstream: Add RevokedHostKeys to percent expansion test. 
OpenBSD-Regress-ID: c077fd12a38005dd53d878c5b944154dec88d2ff
 2023-03-27 15:04:36 +11:00
dtucker@openbsd.org f1a17de150
upstream: Add tilde and environment variable expansion to 
RevokedHostKeys. bz#3552, ok djm@

OpenBSD-Commit-ID: ce5d8e0219b63cded594c17d4c2958c06918ec0d
 2023-03-27 15:03:53 +11:00
djm@openbsd.org 009eb4cb48
upstream: fix test: getnameinfo returns a non-zero value on error, not 
(neccessarily) -1. From GHPR#384

OpenBSD-Commit-ID: d35e2b71268f66f5543a7ea68751972b3ae22b25
 2023-03-27 14:31:57 +11:00
djm@openbsd.org 4f0a676486
upstream: scp: when copying local->remote, check that source file 
exists before opening SFTP connection to the server. Based on GHPR#370 ok
dtucker, markus

OpenBSD-Commit-ID: b4dd68e15bfe22ce4fac9960a1066a2b721e54fb
 2023-03-27 14:28:00 +11:00
Darren Tucker 154d8baf63
Also look for gdb error message from OpenIndiana. 2023-03-27 12:22:30 +11:00
Darren Tucker fbd3811ddb
Explicitly disable security key test on aix51 VM. 
We don't know how to build the shared objects required for the security
key tests so skip them.
 2023-03-27 11:08:00 +11:00
Darren Tucker 4922ac3be8
Split libcrypto and other config flags. 
This should allow the automatic OpenSSL version selection in the tests
to work better.
 2023-03-26 14:49:43 +11:00
Darren Tucker 4a948b1469
Specify test target if we build without OpenSSL. 
When we decide we can't use the versions of OpenSSL available, also
restrict the tests we run to avoid the ones that need OpenSSL.
 2023-03-26 14:39:45 +11:00
Darren Tucker b308c636f5
Find suitable OpenSSL version. 
Check the installed OpenSSL versions for a suitable one, and if there
isn't (and we don't have a specific version configured) then build
without OpenSSL.
 2023-03-26 14:22:53 +11:00
Damien Miller 021ea5c286
Github testing support for BoringSSL 2023-03-24 15:39:48 +11:00
Damien Miller 9a97cd1064
BoringSSL doesn't support EC_POINT_point2bn() 
so don't invoke it in unittest
 2023-03-24 15:39:48 +11:00
Damien Miller cc5969c033
another ERR_load_CRYPTO_strings() vestige 2023-03-24 15:39:47 +11:00
Damien Miller 4974293899
don't use obsolete ERR_load_CRYPTO_strings() 
OpenSSL (and elsewhere in OpenSSH) uses ERR_load_crypto_strings()
 2023-03-24 15:26:27 +11:00
Damien Miller 3c527d55f9
Allow building with BoringSSL 2023-03-24 15:26:26 +11:00
Damien Miller b7e27cfd7f
put back SSLeay_version compat in configure test 
Needed to detect old versions and give good "your version is bad"
messages at configure time; spotted by dtucker@
 2023-03-24 15:26:26 +11:00
Damien Miller 7280401bdd
remove support for old libcrypto 
OpenSSH now requires LibreSSL 3.1.0 or greater or
OpenSSL 1.1.1 or greater

with/ok dtucker@
 2023-03-24 13:56:25 +11:00
Tess Gauthier b06f2907e3 bump platform toolset to v143 2023-03-21 12:13:10 -04:00
Tess Gauthier cdee73645a
add codeql suppression and explanation (#670) 2023-03-20 13:59:39 -04:00
Darren Tucker abda22fb48
Test latest OpenSSL 1.1, 3.0 and LibreSSL 3.7. 2023-03-19 15:36:13 +11:00
Tess Gauthier 51d658e8da
change server firewall settings to private profile only (#669) 2023-03-16 13:29:40 -04:00
Darren Tucker 610ac1cb07
Show 9.3 branch instead of 9.2. 2023-03-16 21:38:04 +11:00
Damien Miller cb30fbdbee
depend 2023-03-16 08:28:19 +11:00
Damien Miller 1dba63eb10
crank version 2023-03-16 08:27:54 +11:00