Commit Graph

11992 Commits

Author SHA1 Message Date
djm@openbsd.org 9b73345f80 upstream: fix in-place copies; r1.163 incorrectly skipped truncation in
all cases, not just at the start of a transfer. This could cause overwrites
of larger files to leave junk at the end. Spotted by tb@

OpenBSD-Commit-ID: b189f19cd68119548c8e24e39c79f61e115bf92c
2022-05-16 22:56:58 +10:00
djm@openbsd.org 56a0697fe0 upstream: arrange for scp, when in sftp mode, to not ftruncate(3) files
early

previous behavious of unconditionally truncating the destination file
would cause "scp ~/foo localhost:" and "scp localhost:foo ~/" to
delete all the contents of their destination.

spotted by solene@ sthen@, also bz3431; ok dtucker@

OpenBSD-Commit-ID: ca39fdd39e0ec1466b9666f15cbcfddea6aaa179
2022-05-13 17:00:56 +10:00
dtucker@openbsd.org fbcef70c28 upstream: Remove errant apostrophe. From haruyama at queen-ml org.
OpenBSD-Commit-ID: dc6b294567cb84b384ad6ced9ca469f2bbf0bd10
2022-05-13 13:22:50 +10:00
djm@openbsd.org 0086a286ea upstream: Allow existing -U (use agent) flag to work with "-Y sign"
operations, where it will be interpreted to require that the private keys is
hosted in an agent; bz3429, suggested by Adam Szkoda; ok dtucker@

OpenBSD-Commit-ID: a7bc69873b99c32c42c7628ed9ea91565ba08c2f
2022-05-09 13:11:03 +10:00
djm@openbsd.org cb010744cc upstream: improve error message when 'ssh-keygen -Y sign' is unable to
load a private key; bz3429, reported by Adam Szkoda ok dtucker@

OpenBSD-Commit-ID: bb57b285e67bea536ef81b1055467be2fc380e74
2022-05-09 13:10:09 +10:00
Tobias Heider aa61fc82c6 Remove duplicate bcrypt_pbkdf.o from Makefile
bcrypt_pbkdf.o is duplicated in the openbsd-compat Makefile's object
file list.
2022-05-09 10:58:02 +10:00
djm@openbsd.org deb506d00d upstream: When performing operations that glob(3) a remote path, ensure
that the implicit working directory used to construct that path escapes
glob(3) characters.

This prevents glob characters from being processed in places they
shouldn't, e.g. "cd /tmp/a*/", "get *.txt" should have the get operation
treat the path "/tmp/a*" literally and not attempt to expand it.

Reported by Lusia Kundel; ok markus@

OpenBSD-Commit-ID: 4f647f58482cbad3d58b1eab7f6a1691433deeef
2022-05-09 08:33:59 +10:00
Darren Tucker f38cf74f20 Also retest OpenBSD upstream on .yml changes. 2022-05-06 14:50:18 +10:00
Darren Tucker f87a132800 Note that, for now, we need variadic macros. 2022-05-06 14:46:09 +10:00
Darren Tucker 217b518e0f Add ubsan minimal testcase on OpenBSD.
As suggested by djm@.
2022-05-06 14:39:34 +10:00
djm@openbsd.org 457dce2cfe upstream: sshkey_unshield_private() contains a exact duplicate of
the code in private2_check_padding(). Pull private2_check_padding() up so the
code can be reused. From Martin Vahlensieck, ok deraadt@

OpenBSD-Commit-ID: 876884c3f0e62e8fd8d1594bab06900f971c9c85
2022-05-05 11:34:52 +10:00
djm@openbsd.org 0e44db4d9c upstream: channel_new no longer frees remote_name. So update the
comment accordingly.  As remote_name is not modified, it can be const as
well. From Martin Vahlensieck

OpenBSD-Commit-ID: e4e10dc8dc9f40c166ea5a8e991942bedc75a76a
2022-05-05 11:34:52 +10:00
djm@openbsd.org 37b62fd5ca upstream: mux.c: mark argument as const; from Martin Vahlensieck
OpenBSD-Commit-ID: 69a1a93a55986c7c2ad9f733c093b46a47184341
2022-05-05 11:34:52 +10:00
markus@openbsd.org f4e67c0ad2 upstream: make sure stdout is non-blocking; ok djm@
OpenBSD-Commit-ID: 64940fffbd1b882eda2d7c8c7a43c79368309c0d
2022-05-05 11:34:52 +10:00
florian@openbsd.org e5c036d209 upstream: Add FIDO AUTHENTICATOR section and explain a bit how FIDO
works. The wording came mostly from the 8.2 OpenSSH release notes, addapted
to fit the man page. Then move the -O bits into the new section as is already
done for CERTIFICATES and MODULI GENERATION. Finally we can explain the
trade-offs of resident keys. While here, consistently refer to the FIDO
thingies as "FIDO authenticators", not "FIDO tokens".

input & OK jmc, naddy

OpenBSD-Commit-ID: dd98748d7644df048f78dcf793b3b63db9ab1d25
2022-05-05 11:34:52 +10:00
jmc@openbsd.org 575771bf79 upstream: remove an obsolete rsa1 format example from an example;
from megan batty
ok djm

OpenBSD-Commit-ID: db2c89879c29bf083df996bd830abfb1e70d62bf
2022-05-05 11:34:52 +10:00
djm@openbsd.org 0bc6b4c8f0 upstream: fix some integer overflows in sieve_large() that show up when
trying to generate modp groups > 16k bits. Reported via GHPR#306 by Bertram
Felgenhauer, but fixed in a different way. feedback/ok tb@

OpenBSD-Commit-ID: 81cbc6dd3a21c57bd6fadea10e44afe37bca558e
2022-05-02 09:22:44 +10:00
djm@openbsd.org a45615cb17 upstream: be stricter in which characters will be accepted in
specifying a mask length; allow only 0-9. From khaleesicodes via GHPR#278; ok
dtucker@

OpenBSD-Commit-ID: e267746c047ea86665cdeccef795a8a56082eeb2
2022-05-02 09:20:50 +10:00
Darren Tucker 4835544d2d Add Mac OS X 12 test target. 2022-04-30 11:00:02 +10:00
Darren Tucker 97a6a8b8c1 Only run tests when source files change.
Also run tests on changes to V_9_0 branch.
2022-04-29 18:34:38 +10:00
Darren Tucker 6d0392b9ff Remove now-empty int32_minmax.inc. 2022-04-29 18:22:34 +10:00
djm@openbsd.org af59463553 upstream: mention that the helpers are used by ssh(1), ssh-agent(1)
and ssh-keygen(1). Previously only ssh(1) was mentioned. From Pedro
Martelletto

OpenBSD-Commit-ID: 30f880f989d4b329589c1c404315685960a5f153
2022-04-29 13:26:24 +10:00
dtucker@openbsd.org 3e26b3a6ee upstream: Don't leak SK device. Patch from Pedro Martelletto via
github PR#316. ok djm@

OpenBSD-Commit-ID: 17d11327545022e727d95fd08b213171c5a4585d
2022-04-29 13:26:24 +10:00
djm@openbsd.org 247082b501 upstream: fix memleak on session-bind path; from Pedro Martelletto, ok
dtucker@

OpenBSD-Commit-ID: e85899a26ba402b4c0717b531317e8fc258f0a7e
2022-04-29 13:18:31 +10:00
djm@openbsd.org e055220080 upstream: avoid printing hash algorithm twice; from lucas AT sexy.is
OpenBSD-Commit-ID: 9d24671e10a84141b7c504396cabad600e47a941
2022-04-28 13:55:12 +10:00
dtucker@openbsd.org 0979e29356 upstream: Add authfd path to debug output. ok markus@
OpenBSD-Commit-ID: f735a17d1a6f2bee63bfc609d76ef8db8c090890
2022-04-27 21:33:11 +10:00
dtucker@openbsd.org 67b7c78476 upstream: Check sshauthopt_new() for NULL. bz#3425, from
tessgauthier at microsoft.com.  ok djm@

OpenBSD-Commit-ID: af0315bc3e44aa406daa7e0ae7c2d719a974483f
2022-04-27 21:30:01 +10:00
millert@openbsd.org d571314d14 upstream: Remove unnecessary includes: openssl/hmac.h and
openssl/evp.h. From Martin Vahlensieck.

OpenBSD-Commit-ID: a6debb5fb0c8a44e43e8d5ca7cc70ad2f3ea31c3
2022-04-27 21:30:01 +10:00
millert@openbsd.org da8dddf8cc upstream: Add missing includes of stdlib.h and stdint.h. We need
stdlib.h for malloc(3) and stdint.h for SIZE_MAX. Unlike the other xmss
files, ssh-xmss.c does not include xmss_commons.h so ssh-xmss.c must include
those headers itself. From Martin Vahlensieck

OpenBSD-Commit-ID: 70e28a9818cee3da1be2ef6503d4b396dd421e6b
2022-04-27 21:29:17 +10:00
millert@openbsd.org fe9d87a680 upstream: Avoid an unnecessary xstrdup in rm_env() when matching
patterns. Since match_pattern() doesn't modify its arguments (they are
const), there is no need to make an extra copy of the strings in
options->send_env. From Martin Vahlensieck

OpenBSD-Commit-ID: 2c9db31e3f4d3403b49642c64ee048b2a0a39351
2022-04-27 21:28:37 +10:00
Darren Tucker 7bf2eb958f Add debian-riscv64 test target. 2022-04-26 23:30:59 +10:00
Darren Tucker 3913c93552 Update OpenSSL and LibreSSL versions in tests. 2022-04-25 17:21:24 +10:00
Darren Tucker dcd8dca29b Include stdlib.h for free() prototype.
... which is used inside the CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG block.
2022-04-23 21:14:01 +10:00
Darren Tucker 4cc05de568 Cache timezone data in capsicum sandbox.
From emaste at freebsd.org, originally part of FreeBSD commit r339216
/ fc3c19a9 with autoconf bits added by me.
2022-04-23 21:14:01 +10:00
dtucker@openbsd.org c31404426d upstream: It looks like we can't completely avoid
waiting for processes to exit so retrieve the pid via controlmaster and
use that.

OpenBSD-Regress-ID: 8246f00f22b14e49d2ff1744c94897ead33d457b
2022-04-21 12:05:26 +10:00
dtucker@openbsd.org d19b21afab upstream: Use ssh -f and ControlPersist ..
to start up test forwards and ssh -O stop to shut them down intead of
sleep loops.  This speeds up the test by an order of magnitude.

OpenBSD-Regress-ID: eb3db5f805100919b092a3b2579c611fba3e83e7
2022-04-20 23:45:24 +10:00
dtucker@openbsd.org 5f76286a12 upstream: Simplify forward-control test.
Since we no longer need to support SSH1 we don't need to run shell
commands on the other end of the connection and can use ssh -N instead.
This also makes the test less racy.

OpenBSD-Regress-ID: 32e94ce272820cc398f30b848b2b0f080d10302c
2022-04-20 15:36:53 +10:00
djm@openbsd.org 687bbf2357 upstream: regression test for sftp cp command
OpenBSD-Regress-ID: c96bea9edde3a384b254785e7f9b2b24a81cdf82
2022-04-20 15:31:55 +10:00
dtucker@openbsd.org f1233f19a6 upstream: Import regenerated moduli
OpenBSD-Commit-ID: f9a0726d957cf10692a231996a1f34e7f9cdfeb0
2022-04-20 15:30:13 +10:00
djm@openbsd.org fec014785d upstream: Try to continue running local I/O for channels in state
OPEN during SSH transport rekeying. The most visible benefit is that it
should make ~-escapes work in the client (e.g. to exit) if the connection
happened to have stalled during a rekey event. Based work by and ok dtucker@

OpenBSD-Commit-ID: a66e8f254e92edd4ce09c9f750883ec8f1ea5f45
2022-04-20 15:08:54 +10:00
dtucker@openbsd.org e68154b0d4 upstream: Import regenerated moduli
OpenBSD-Commit-ID: f9a0726d957cf10692a231996a1f34e7f9cdfeb0
2022-04-20 15:08:54 +10:00
tj@openbsd.org 69928b106d upstream: list the correct version number
for when usage of the sftp protocol became default and fix a typo
from ed maste

OpenBSD-Commit-ID: 24e1795ed2283fdeacf16413c2f07503bcdebb31
2022-04-16 14:37:15 +10:00
dtucker@openbsd.org 21042a05c0 upstream: Correct path for system known hosts file in description
of IgnoreUserKnownHosts.  Patch from Martin Vahlensieck via tech@

OpenBSD-Commit-ID: 9b7784f054fa5aa4d63cb36bd563889477127215
2022-04-16 14:36:48 +10:00
Darren Tucker 53f4aff60a Resync moduli.5 with upstream.
1.18: remove duplicate publication year; carsten dot kunze at arcor dot de
1.19: ssh-keygen's -G/-T have been replaced with -M generate/screen.
2022-04-16 14:33:20 +10:00
Darren Tucker d2b888762b Retire fbsd6 test VM.
It's long since out of support, relatively slow (it's i686) and the
compiler has trouble with PIE.
2022-04-16 14:31:13 +10:00
djm@openbsd.org cd1f700098 upstream: clear io_want/io_ready flags at start of poll() cycle;
avoids plausible spin during rekeying if channel io_want flags are reused
across cycles. ok markus@ deraadt@

OpenBSD-Commit-ID: 91034f855b7c73cd2591657c49ac30f10322b967
2022-04-12 09:35:31 +10:00
dtucker@openbsd.org aa19203027 upstream: Note that curve25519-sha256 was later published in
RFC8731.  ok djm@

OpenBSD-Commit-ID: 2ac2b5d642d4cf5918eaec8653cad9a4460b2743
2022-04-12 09:35:31 +10:00
djm@openbsd.org 4673fa8f2b upstream: two defensive changes from Tobias Stoeckmann via GHPR287
enforce stricter invarient for sshbuf_set_parent() - never allow
a buffer to have a previously-set parent changed.

In sshbuf_reset(), if the reallocation fails, then zero the entire
buffer and not the (potentially smaller) default initial alloc size.

OpenBSD-Commit-ID: 14583203aa5d50ad38d2e209ae10abaf8955e6a9
2022-04-12 09:35:31 +10:00
Damien Miller 26eef015e2 Revert "update build-aux files to match autoconf-2.71"
This reverts commit 0a8ca39fac.

It turns out that the checked-in copies of these files are actually newer
than autoconf-2.71's copies, so this was effectively a downgrade.
Spotted by Bo Anderson via github
2022-04-11 16:07:09 +10:00
Damien Miller 0a8ca39fac update build-aux files to match autoconf-2.71
i.e. config.guess, config.sub and install-sh
2022-04-08 14:48:58 +10:00