13b3369830
avoid "return (value)" in void-declared function
...
spotted by Tim Rice; ok dtucker
2019-10-08 15:32:02 +11:00
0c7f8d2326
Make DEF_WEAK more likely to be correct.
...
Completely nop-ing out DEF_WEAK leaves an empty statemment which some
compilers don't like. Replace with a no-op function template. ok djm@
2019-10-08 14:48:32 +11:00
b1e79ea8fa
upstream: Instead of running sed over the whole log to remove CRs,
...
remove them only where it's needed (and confuses test(1) on at least OS X in
portable).
OpenBSD-Regress-ID: a6ab9b4bd1d33770feaf01b2dfb96f9e4189d2d0
2019-10-07 13:08:57 +11:00
8dc7d6b75a
Enable specific ioctl call for EP11 crypto card (s390)
...
The EP11 crypto card needs to make an ioctl call, which receives an
specific argument. This crypto card is for s390 only.
Signed-off-by: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
2019-10-05 18:30:40 +10:00
07f2c7f349
upstream: fix memory leak in error path; bz#3074 patch from
...
krishnaiah.bommu@intel.com , ok dtucker
OpenBSD-Commit-ID: d031853f3ecf47b35a0669588f4d9d8e3b307b3c
2019-10-04 14:34:05 +10:00
b7fbc75e11
upstream: space
...
OpenBSD-Commit-ID: 350648bcf00a2454e7ef998b7d88e42552b348ac
2019-10-04 14:34:05 +10:00
643ab68c79
upstream: more sshsig regress tests: check key revocation, the
...
check-novalidate signature test mode and signing keys in ssh-agent.
From Sebastian Kinne (slightly tweaked)
OpenBSD-Regress-ID: b39566f5cec70140674658cdcedf38752a52e2e2
2019-10-04 13:41:03 +10:00
714031a10b
upstream: Check for gmtime failure in moduli generation. Based on
...
patch from krishnaiah.bommu@intel.com , ok djm@
OpenBSD-Commit-ID: 4c6a4cde0022188ac83737de08da0e875704eeaa
2019-10-04 13:40:57 +10:00
6918974405
upstream: use a more common options order in SYNOPSIS and sync
...
usage(); while here, no need for Bk/Ek;
ok dtucker
OpenBSD-Commit-ID: 38715c3f10b166f599a2283eb7bc14860211bb90
2019-10-04 13:40:57 +10:00
feff96b7d4
upstream: thinko in previous; spotted by Mantas
...
=?UTF-8?q?=20Mikul=C4=97nas?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
OpenBSD-Commit-ID: ffa3f5a45e09752fc47d9041e2203ee2ec15b24d
2019-10-02 19:53:40 +10:00
b5a89eec41
upstream: make signature format match PROTOCO
...
=?UTF-8?q?=20as=20a=20string,=20not=20raw=20bytes.=20Spotted=20by=20Manta?=
=?UTF-8?q?s=20Mikul=C4=97nas?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
OpenBSD-Commit-ID: 80fcc6d52893f80c6de2bedd65353cebfebcfa8f
2019-10-02 18:08:17 +10:00
dc6f81ee94
upstream: ban empty namespace strings for s
...
=?UTF-8?q?shsig;=20spotted=20by=20Mantas=20Mikul=C4=97nas?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
OpenBSD-Commit-ID: 7c5bcf40bed8f4e826230176f4aa353c52aeb698
2019-10-02 18:08:17 +10:00
fa5bd8107e
Put ssherr.h back as it's actually needed.
2019-10-02 14:30:55 +10:00
3ef92a6574
Deny (non-fatal) shmget/shmat/shmdt in preauth privsep child.
...
New wait_random_seeded() function on OpenSSL 1.1.1d uses shmget, shmat, and shmdt
in the preauth codepath, deny (non-fatal) in seccomp_filter sandbox.
2019-10-02 12:24:38 +10:00
edd1d3a626
remove duplicate #includes
...
Prompted by Jakub Jelen
2019-10-02 10:54:28 +10:00
13c508dfed
typo in comment
2019-10-02 10:51:15 +10:00
d0c3ac427f
upstream: remove some duplicate #includes
...
OpenBSD-Commit-ID: ed6827ab921eff8027669848ef4f70dc1da4098c
2019-10-02 10:43:47 +10:00
084682786d
upstream: revert unconditional forced login implemented in r1.41 of
...
ssh-pkcs11.c; r1.45 added a forced login as a fallback for cases where the
token returns no objects and this is less disruptive for users of tokens
directly in ssh (rather than via ssh-agent) and in ssh-keygen
bz3006, patch from Jakub Jelen; ok markus
OpenBSD-Commit-ID: 33d6df589b072094384631ff93b1030103b3d02e
2019-10-01 20:24:07 +10:00
6c91d42cce
upstream: group and sort single letter options; ok deraadt
...
OpenBSD-Commit-ID: e1480e760a2b582f79696cdcff70098e23fc603f
2019-10-01 20:24:07 +10:00
3b44bf39ff
upstream: fix the DH-GEX text in -a; because this required a comma,
...
i added a comma to the first part, for balance...
OpenBSD-Commit-ID: 2c3464e9e82a41e8cdfe8f0a16d94266e43dbb58
2019-10-01 20:24:07 +10:00
3e53ef28fa
upstream: identity_file[] should be PATH_MAX, not the arbitrary
...
number 1024
OpenBSD-Commit-ID: e775f94ad47ce9ab37bd1410d7cf3b7ea98b11b7
2019-10-01 20:24:07 +10:00
90d4b2541e
upstream: new sentence, new line;
...
OpenBSD-Commit-ID: c35ca5ec07be460e95e7406af12eee04a77b6698
2019-10-01 20:24:07 +10:00
fbec7dba01
Include stdio.h for snprintf.
...
Patch from vapier@gentoo.org .
2019-09-30 18:01:12 +10:00
0a403bfde7
Add SKIP_LTESTS for skipping specific tests.
2019-09-30 14:11:42 +10:00
4d59f7a516
upstream: Test for empty result in expected bits. Remove CRs from log
...
as they confuse tools on some platforms. Re-enable the 3des-cbc test.
OpenBSD-Regress-ID: edf536d4f29fc1ba412889b37247a47f1b49d250
2019-09-27 15:36:22 +10:00
7c817d129e
Re-enable dhgex test.
...
Since we've added larger fallback groups to dh.c this test will pass
even if there is no moduli file installed on the system.
2019-09-27 15:26:22 +10:00
c1e0a32fa8
Add more ToS bits, currently only used by netcat.
2019-09-24 21:17:20 +10:00
5a273a33ca
Privsep is now required.
2019-09-19 15:41:23 +10:00
8aa2aa3cd4
upstream: Allow testing signature syntax and validity without verifying
...
that a signature came from a trusted signer. To discourage accidental or
unintentional use, this is invoked by the deliberately ugly option name
"check-novalidate"
from Sebastian Kinne
OpenBSD-Commit-ID: cea42c36ab7d6b70890e2d8635c1b5b943adcc0b
2019-09-16 13:25:53 +10:00
7047d5afe3
upstream: clarify that IdentitiesOnly also applies to the default
...
~/.ssh/id_* keys; bz#3062
OpenBSD-Commit-ID: 604be570e04646f0f4a17026f8b2aada6a585dfa
2019-09-13 14:53:45 +10:00
b36ee3fcb2
upstream: Plug mem leaks on error paths, based in part on github
...
pr#120 from David Carlier. ok djm@.
OpenBSD-Commit-ID: c57adeb1022a8148fc86e5a88837b3b156dbdb7e
2019-09-13 14:53:45 +10:00
2aefdf1aef
upstream: whitespace
...
OpenBSD-Commit-ID: 57a71dd5f4cae8d61e0ac631a862589fb2bfd700
2019-09-13 14:53:45 +10:00
fbe24b1429
upstream: allow %n to be expanded in ProxyCommand strings
...
From Zachary Harmany via github.com/openssh/openssh-portable/pull/118
ok dtucker@
OpenBSD-Commit-ID: 7eebf1b7695f50c66d42053d352a4db9e8fb84b6
2019-09-13 14:28:44 +10:00
2ce1d11600
upstream: clarify that ConnectTimeout applies both to the TCP
...
connection and to the protocol handshake/KEX. From Jean-Charles Longuet via
Github PR140
OpenBSD-Commit-ID: ce1766abc6da080f0d88c09c2c5585a32b2256bf
2019-09-13 14:09:21 +10:00
df78011427
upstream: Fix potential truncation warning. ok deraadt.
...
OpenBSD-Commit-ID: d87b7e3a94ec935e8194e7fce41815e22804c3ff
2019-09-13 14:09:20 +10:00
ec0e624366
memleak of buffer in sshpam_query
...
coverity report via Ed Maste; ok dtucker@
2019-09-13 13:15:19 +10:00
c17e4638e5
explicitly test set[ug]id() return values
...
Legacy !_POSIX_SAVED_IDS path only; coverity report via Ed Maste
ok dtucker@
2019-09-13 13:15:14 +10:00
91a2135f32
upstream: Allow prepending a list of algorithms to the default set
...
by starting the list with the '^' character, e.g.
HostKeyAlgorithms ^ssh-ed25519
Ciphers ^aes128-gcm@openssh.com ,aes256-gcm@openssh.com
ok djm@ dtucker@
OpenBSD-Commit-ID: 1e1996fac0dc8a4b0d0ff58395135848287f6f97
2019-09-08 14:49:04 +10:00
c8bdd2db77
upstream: key conversion should fail for !openssl builds, not fall
...
through to the key generation code
OpenBSD-Commit-ID: b957436adc43c4941e61d61958a193a708bc83c9
2019-09-08 14:49:04 +10:00
823f6c37eb
upstream: typo in previous
...
OpenBSD-Commit-ID: 7c3b94110864771a6b80a0d8acaca34037c3c96e
2019-09-08 14:49:04 +10:00
6a710d3e06
needs time.h for --without-openssl
2019-09-08 14:48:11 +10:00
f61f29afda
make unittests pass for no-openssl case
2019-09-08 10:37:17 +10:00
105e1c9218
upstream: avoid compiling certain files that deeply depend on
...
libcrypto when WITH_OPENSSL isn't set
OpenBSD-Commit-ID: 569f08445c27124ec7c7f6c0268d844ec56ac061
2019-09-06 17:54:21 +10:00
670104b923
upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@
...
OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f
2019-09-06 17:54:21 +10:00
be02d7cbde
upstream: lots of things were relying on libcrypto headers to
...
transitively include various system headers (mostly stdlib.h); include them
explicitly
OpenBSD-Commit-ID: 5b522f4f2d844f78bf1cc4f3f4cc392e177b2080
2019-09-06 17:54:21 +10:00
d05aaaaadc
upstream: remove leakmalloc reference; we used this early when
...
refactoring but not since
OpenBSD-Commit-ID: bb28ebda8f7c490b87b37954044a6cdd43a7eb2c
2019-09-06 16:06:22 +10:00
1268f0bcd8
upstream: Check for RSA support before using it for the user key,
...
otherwise use ed25519 which is supported when built without OpenSSL.
OpenBSD-Regress-ID: 3d23ddfe83c5062f00ac845d463f19a2ec78c0f7
2019-09-06 14:37:23 +10:00
fd7a2dec65
Provide explicit path to configure-check.
...
On some platforms (at least OpenBSD) make won't search VPATH for target
files, so building out-of-tree will fail at configure-check. Provide
explicit path. ok djm@
2019-09-06 14:09:41 +10:00
00865c2969
upstream: better error code for bad arguments; inspired by
...
OpenBSD-Commit-ID: dfc263b6041de7f0ed921a1de0b81ddebfab1e0a
2019-09-06 12:01:45 +10:00
afdf27f5ac
revert config.h/config.h.in freshness checks
...
turns out autoreconf and configure don't touch some files if their content
doesn't change, so the mtime can't be relied upon in a makefile rule
2019-09-05 21:38:40 +10:00
Damien Miller
Darren Tucker
dtucker@openbsd.org
Eduardo Barretto
djm@openbsd.org
jmc@openbsd.org
Lonnie Abelbeck
deraadt@openbsd.org
naddy@openbsd.org