tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,110 Commits 6 Branches 20 Tags 97 MiB
Commit Graph

10110 Commits

Author SHA1 Message Date
Damien Miller edd1d3a626 remove duplicate #includes 
Prompted by Jakub Jelen
 2019-10-02 10:54:28 +10:00
Damien Miller 13c508dfed typo in comment 2019-10-02 10:51:15 +10:00
djm@openbsd.org d0c3ac427f upstream: remove some duplicate #includes 
OpenBSD-Commit-ID: ed6827ab921eff8027669848ef4f70dc1da4098c
 2019-10-02 10:43:47 +10:00
djm@openbsd.org 084682786d upstream: revert unconditional forced login implemented in r1.41 of 
ssh-pkcs11.c; r1.45 added a forced login as a fallback for cases where the
token returns no objects and this is less disruptive for users of tokens
directly in ssh (rather than via ssh-agent) and in ssh-keygen

bz3006, patch from Jakub Jelen; ok markus

OpenBSD-Commit-ID: 33d6df589b072094384631ff93b1030103b3d02e
 2019-10-01 20:24:07 +10:00
jmc@openbsd.org 6c91d42cce upstream: group and sort single letter options; ok deraadt 
OpenBSD-Commit-ID: e1480e760a2b582f79696cdcff70098e23fc603f
 2019-10-01 20:24:07 +10:00
jmc@openbsd.org 3b44bf39ff upstream: fix the DH-GEX text in -a; because this required a comma, 
i added a comma to the first part, for balance...

OpenBSD-Commit-ID: 2c3464e9e82a41e8cdfe8f0a16d94266e43dbb58
 2019-10-01 20:24:07 +10:00
deraadt@openbsd.org 3e53ef28fa upstream: identity_file[] should be PATH_MAX, not the arbitrary 
number 1024

OpenBSD-Commit-ID: e775f94ad47ce9ab37bd1410d7cf3b7ea98b11b7
 2019-10-01 20:24:07 +10:00
jmc@openbsd.org 90d4b2541e upstream: new sentence, new line; 
OpenBSD-Commit-ID: c35ca5ec07be460e95e7406af12eee04a77b6698
 2019-10-01 20:24:07 +10:00
Darren Tucker fbec7dba01 Include stdio.h for snprintf. 
Patch from vapier@gentoo.org.
 2019-09-30 18:01:12 +10:00
Darren Tucker 0a403bfde7 Add SKIP_LTESTS for skipping specific tests. 2019-09-30 14:11:42 +10:00
dtucker@openbsd.org 4d59f7a516 upstream: Test for empty result in expected bits. Remove CRs from log 
as they confuse tools on some platforms.  Re-enable the 3des-cbc test.

OpenBSD-Regress-ID: edf536d4f29fc1ba412889b37247a47f1b49d250
 2019-09-27 15:36:22 +10:00
Darren Tucker 7c817d129e Re-enable dhgex test. 
Since we've added larger fallback groups to dh.c this test will pass
even if there is no moduli file installed on the system.
 2019-09-27 15:26:22 +10:00
Darren Tucker c1e0a32fa8 Add more ToS bits, currently only used by netcat. 2019-09-24 21:17:20 +10:00
Darren Tucker 5a273a33ca Privsep is now required. 2019-09-19 15:41:23 +10:00
djm@openbsd.org 8aa2aa3cd4 upstream: Allow testing signature syntax and validity without verifying 
that a signature came from a trusted signer. To discourage accidental or
unintentional use, this is invoked by the deliberately ugly option name
"check-novalidate"

from Sebastian Kinne

OpenBSD-Commit-ID: cea42c36ab7d6b70890e2d8635c1b5b943adcc0b
 2019-09-16 13:25:53 +10:00
djm@openbsd.org 7047d5afe3 upstream: clarify that IdentitiesOnly also applies to the default 
~/.ssh/id_* keys; bz#3062

OpenBSD-Commit-ID: 604be570e04646f0f4a17026f8b2aada6a585dfa
 2019-09-13 14:53:45 +10:00
dtucker@openbsd.org b36ee3fcb2 upstream: Plug mem leaks on error paths, based in part on github 
pr#120 from David Carlier.  ok djm@.

OpenBSD-Commit-ID: c57adeb1022a8148fc86e5a88837b3b156dbdb7e
 2019-09-13 14:53:45 +10:00
djm@openbsd.org 2aefdf1aef upstream: whitespace 
OpenBSD-Commit-ID: 57a71dd5f4cae8d61e0ac631a862589fb2bfd700
 2019-09-13 14:53:45 +10:00
djm@openbsd.org fbe24b1429 upstream: allow %n to be expanded in ProxyCommand strings 
From Zachary Harmany via github.com/openssh/openssh-portable/pull/118
ok dtucker@

OpenBSD-Commit-ID: 7eebf1b7695f50c66d42053d352a4db9e8fb84b6
 2019-09-13 14:28:44 +10:00
djm@openbsd.org 2ce1d11600 upstream: clarify that ConnectTimeout applies both to the TCP 
connection and to the protocol handshake/KEX. From Jean-Charles Longuet via
Github PR140

OpenBSD-Commit-ID: ce1766abc6da080f0d88c09c2c5585a32b2256bf
 2019-09-13 14:09:21 +10:00
dtucker@openbsd.org df78011427 upstream: Fix potential truncation warning. ok deraadt. 
OpenBSD-Commit-ID: d87b7e3a94ec935e8194e7fce41815e22804c3ff
 2019-09-13 14:09:20 +10:00
Damien Miller ec0e624366 memleak of buffer in sshpam_query 
coverity report via Ed Maste; ok dtucker@
 2019-09-13 13:15:19 +10:00
Damien Miller c17e4638e5 explicitly test set[ug]id() return values 
Legacy !_POSIX_SAVED_IDS path only; coverity report via Ed Maste
ok dtucker@
 2019-09-13 13:15:14 +10:00
naddy@openbsd.org 91a2135f32 upstream: Allow prepending a list of algorithms to the default set 
by starting the list with the '^' character, e.g.

HostKeyAlgorithms ^ssh-ed25519
Ciphers ^aes128-gcm@openssh.com,aes256-gcm@openssh.com

ok djm@ dtucker@

OpenBSD-Commit-ID: 1e1996fac0dc8a4b0d0ff58395135848287f6f97
 2019-09-08 14:49:04 +10:00
djm@openbsd.org c8bdd2db77 upstream: key conversion should fail for !openssl builds, not fall 
through to the key generation code

OpenBSD-Commit-ID: b957436adc43c4941e61d61958a193a708bc83c9
 2019-09-08 14:49:04 +10:00
djm@openbsd.org 823f6c37eb upstream: typo in previous 
OpenBSD-Commit-ID: 7c3b94110864771a6b80a0d8acaca34037c3c96e
 2019-09-08 14:49:04 +10:00
Damien Miller 6a710d3e06 needs time.h for --without-openssl 2019-09-08 14:48:11 +10:00
Damien Miller f61f29afda make unittests pass for no-openssl case 2019-09-08 10:37:17 +10:00
djm@openbsd.org 105e1c9218 upstream: avoid compiling certain files that deeply depend on 
libcrypto when WITH_OPENSSL isn't set

OpenBSD-Commit-ID: 569f08445c27124ec7c7f6c0268d844ec56ac061
 2019-09-06 17:54:21 +10:00
djm@openbsd.org 670104b923 upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@ 
OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f
 2019-09-06 17:54:21 +10:00
djm@openbsd.org be02d7cbde upstream: lots of things were relying on libcrypto headers to 
transitively include various system headers (mostly stdlib.h); include them
explicitly

OpenBSD-Commit-ID: 5b522f4f2d844f78bf1cc4f3f4cc392e177b2080
 2019-09-06 17:54:21 +10:00
djm@openbsd.org d05aaaaadc upstream: remove leakmalloc reference; we used this early when 
refactoring but not since

OpenBSD-Commit-ID: bb28ebda8f7c490b87b37954044a6cdd43a7eb2c
 2019-09-06 16:06:22 +10:00
dtucker@openbsd.org 1268f0bcd8 upstream: Check for RSA support before using it for the user key, 
otherwise use ed25519 which is supported when built without OpenSSL.

OpenBSD-Regress-ID: 3d23ddfe83c5062f00ac845d463f19a2ec78c0f7
 2019-09-06 14:37:23 +10:00
Darren Tucker fd7a2dec65 Provide explicit path to configure-check. 
On some platforms (at least OpenBSD) make won't search VPATH for target
files, so building out-of-tree will fail at configure-check.  Provide
explicit path.  ok djm@
 2019-09-06 14:09:41 +10:00
djm@openbsd.org 00865c2969 upstream: better error code for bad arguments; inspired by 
OpenBSD-Commit-ID: dfc263b6041de7f0ed921a1de0b81ddebfab1e0a
 2019-09-06 12:01:45 +10:00
Damien Miller afdf27f5ac revert config.h/config.h.in freshness checks 
turns out autoreconf and configure don't touch some files if their content
doesn't change, so the mtime can't be relied upon in a makefile rule
 2019-09-05 21:38:40 +10:00
Damien Miller a97609e850 extend autoconf freshness test 
make it cover config.h.in and config.h separately
 2019-09-05 20:54:39 +10:00
Damien Miller 182297c10e check that configure/config.h is up to date 
Ensure they are newer than the configure.ac / aclocal.m4 source
 2019-09-05 20:35:33 +10:00
djm@openbsd.org 7d6034bd02 upstream: if a PKCS#11 token returns no keys then try to login and 
refetch them. Based on patch from Jakub Jelen; bz#2430 ok markus@

OpenBSD-Commit-ID: ab53bd6ddd54dd09e54a8bfbed1a984496f08b43
 2019-09-05 20:07:12 +10:00
djm@openbsd.org 76f09bd959 upstream: sprinkle in some explicit errors here, otherwise the 
percolate all the way up to dispatch_run_fatal() and lose all meaninful
context

to help with bz#3063; ok dtucker@

OpenBSD-Commit-ID: 5b2da83bb1c4a3471444b7910b2120ae36438a0a
 2019-09-05 20:07:12 +10:00
djm@openbsd.org 0ea332497b upstream: only send ext_info for KEX_INITIAL; bz#2929 ok dtucker 
OpenBSD-Commit-ID: 00f5c6062f6863769f5447c6346f78c05d2e4a63
 2019-09-05 20:07:12 +10:00
jmc@openbsd.org f23d91f9fa upstream: macro fix; ok djm 
OpenBSD-Commit-ID: e891dd6c7996114cb32f0924cb7898ab55efde6e
 2019-09-05 20:07:12 +10:00
Damien Miller 8b57337c1c update fuzzing makefile to more recent clang 2019-09-05 15:46:39 +10:00
Damien Miller ae631ad77d fuzzer for sshsig allowed_signers option parsing 2019-09-05 15:46:11 +10:00
djm@openbsd.org 69159afe24 upstream: memleak on error path; found by libfuzzer 
OpenBSD-Commit-ID: 34d44cb0fb5bdb5fcbc6b02b804e71b20a7a5fc7
 2019-09-05 15:44:19 +10:00
djm@openbsd.org bab6feb01f upstream: expose allowed_signers options parsing code in header for 
fuzzing

rename to make more consistent with philosophically-similar auth
options parsing API.

OpenBSD-Commit-ID: 0c67600ef04187f98e2912ca57b60c22a8025b7c
 2019-09-05 14:56:51 +10:00
naddy@openbsd.org 4f9d75fbaf upstream: Call comma-separated lists as such to clarify semantics. 
Options such as Ciphers take values that may be a list of ciphers; the
complete list, not indiviual elements, may be prefixed with a dash or plus
character to remove from or append to the default list, respectively.

Users might read the current text as if each elment took an optional prefix,
so tweak the wording from "values" to "list" to prevent such ambiguity for
all options supporting these semantics.

Fix instances missed in first commit.  ok jmc@ kn@

OpenBSD-Commit-ID: 7112522430a54fb9f15a7a26d26190ed84d5e417
 2019-09-05 14:56:51 +10:00
jmc@openbsd.org db1e6f60f0 upstream: tweak previous; 
OpenBSD-Commit-ID: 0abd728aef6b5b35f6db43176aa83b7e3bf3ce27
 2019-09-05 14:56:51 +10:00
naddy@openbsd.org 0f44e5956c upstream: repair typo and editing mishap 
OpenBSD-Commit-ID: d125ab720ca71ccf9baf83e08ddc8c12a328597e
 2019-09-05 14:56:51 +10:00
Damien Miller f4846dfc6a Fuzzer harness for sshsig 2019-09-05 14:26:39 +10:00