6c435bd499
Stop on first test failure to minimize logs.
2022-01-13 09:01:05 +11:00
4bc2ba6095
upstream: Use egrep when searching for an anchored string.
...
OpenBSD-Regress-ID: dd114a2ac27ac4b06f9e4a586d3f6320c54aeeb4
2022-01-12 18:31:45 +11:00
6bf2efa267
Add "rev" command replacement if needed.
2022-01-12 18:25:06 +11:00
72bcd7993d
upstream: Don't log NULL hostname in restricted agent code,
...
printf("%s", NULL) is not safe on all platforms. with & ok djm
OpenBSD-Commit-ID: faf10cdae4adde00cdd668cd1f6e05d0a0e32a02
2022-01-12 15:19:21 +11:00
acabefe3f8
upstream: remove hardcoded domain and use window.location.host, so this
...
can be run anywhere
OpenBSD-Regress-ID: 2ac2ade3b6227d9c547351d3ccdfe671e62b7f92
2022-01-12 09:36:01 +11:00
96da0946e4
upstream: "void" functions should not return anything. From Tim Rice
...
via -portable.
OpenBSD-Commit-ID: ce6616304f4c9881b46413e616b226c306830e2a
2022-01-12 09:35:50 +11:00
a882a09722
upstream: suppress "Connection to xxx closed" messages at LogLevel >=
...
error bz3378; ok dtucker@
OpenBSD-Commit-ID: d5bf457d5d2eb927b81d0663f45248a31028265c
2022-01-12 09:33:35 +11:00
61a1a6af22
OS X poll(2) is broken; use compat replacement
...
Darwin's poll(2) implementation is broken. For character-special
devices like /dev/null, it returns POLLNVAL when polled with
POLLIN.
Apparently this is Apple bug 3710161, which is AFAIK not public,
but a websearch will find other OSS projects rediscovering it
periodically since it was first identified in 2005 (!!)
2022-01-12 09:02:36 +11:00
613a6545fc
libhardended_malloc.so moved into out dir.
2022-01-11 20:56:01 +11:00
61761340be
Make USL compilers happy
...
UX:acomp: ERROR: "sftp-server.c", line 567: void function cannot return value
2022-01-10 11:07:04 -08:00
3ef403f351
Add wrapper for "sort" to set LC_ALL=C.
...
Found by djm, this should make sorts stable and reduce test flakiness.
2022-01-10 21:07:38 +11:00
bd69e29f57
upstream: Remove errant "set -x" left over from debugging.
...
OpenBSD-Regress-ID: cd989268e034264cec5df97be7581549032c87dc
2022-01-08 19:01:43 +11:00
1a7c88e26f
upstream: Enable all supported hostkey algorithms (but no others).
...
Allows hostbased test to pass when built without OpenSSL.
OpenBSD-Regress-ID: 5ddd677a68b672517e1e78460dc6ca2ccc0a9562
2022-01-08 18:42:01 +11:00
12b457c2a4
upstream: use status error message to communicate ~user expansion
...
failures; provides better experience for scp in sftp mode, where ~user paths
are more likely to be used; spotted jsg, feedback jsg & deraadt ok jsg &
markus
OpenBSD-Commit-ID: fc610ce00ca0cdc2ecdabbd49ce7cb82033f905f
2022-01-08 18:38:50 +11:00
63670d4e90
upstream: fix some corner-case bugs in scp sftp-mode handling of
...
~-prefixed paths; spotted by jsg; feedback jsg & deraadt, ok jsg & markus
OpenBSD-Commit-ID: d1697dbaaa9f0f5649d69be897eab25c7d37c222
2022-01-08 18:38:50 +11:00
e14940bbec
upstream: more idiomatic error messages; spotted by jsg & deraadt
...
ok jsg & markus
OpenBSD-Commit-ID: 43618c692f3951747b4151c477c7df22afe2bcc8
2022-01-08 18:38:49 +11:00
9acddcd591
upstream: add a variant of send_status() that allows overriding the
...
default, generic error message. feedback/ok markus & jsg
OpenBSD-Commit-ID: 81f251e975d759994131b717ee7c0b439659c40f
2022-01-08 18:38:49 +11:00
9614113377
upstream: refactor tilde_expand_filename() and make it handle ~user
...
paths with no trailing slash; feedback/ok markus and jsg
OpenBSD-Commit-ID: a2ab365598a902f0f14ba6a4f8fb2d07a9b5d51d
2022-01-08 18:38:49 +11:00
dc38236ab6
upstream: Don't explicitly set HostbasedAuthentication in
...
sshd_config. It defaults to "no", and not explicitly setting it allows us to
enable it for the (optional) hostbased test.
OpenBSD-Regress-ID: aa8e3548eb5793721641d26e56c29f363b767c0c
2022-01-07 09:50:07 +11:00
e12d912ddf
upstream: Add test for hostbased auth. It requires some external
...
setup (see comments at the top) and thus is disabled unless
TEST_SSH_HOSTBASED_AUTH and SUDO are set.
OpenBSD-Regress-ID: 3ec8ba3750c5b595fc63e7845d13483065a4827a
2022-01-07 09:50:07 +11:00
a48533a8da
depend
2022-01-07 09:24:26 +11:00
d9dbb5d9a0
upstream: allow hostbased auth to select RSA keys when only
...
RSA/SHA2 are configured (this is the default case); ok markus@
OpenBSD-Commit-ID: 411c18c7bde40c60cc6dfb7017968577b4d4a827
2022-01-07 09:21:39 +11:00
fdb1d58d0d
upstream: add a helper function to match a key type to a list of
...
signature algorithms. RSA keys can make signatures with multiple algorithms,
so some special handling is required. ok markus@
OpenBSD-Commit-ID: 03b41b2bda06fa4cd9c84cef6095033b9e49b6ff
2022-01-07 09:21:38 +11:00
11e8c4309a
upstream: log some details on hostkeys that ssh loads for
...
hostbased authn ok markus@
OpenBSD-Commit-ID: da17061fa1f0e58cb31b88478a40643e18233e38
2022-01-07 09:21:38 +11:00
c6706f6617
upstream: log signature algorithm during verification by monitor;
...
ok markus
OpenBSD-Commit-ID: 02b92bb42c4d4bf05a051702a56eb915151d9ecc
2022-01-07 09:21:38 +11:00
8832402bd5
upstream: piece of UpdateHostkeys client strictification: when
...
updating known_hosts with new keys, ignore NULL keys (forgot to include in
prior commit)
OpenBSD-Commit-ID: 49d2eda6379490e1ceec40c3b670b973f63dea08
2022-01-07 09:21:38 +11:00
c2d9ced1da
upstream: include rejected signature algorithm in error message
...
and not the (useless) key type; ok markus
OpenBSD-Commit-ID: 4180b5ec7ab347b43f84e00b1972515296dab023
2022-01-07 09:21:38 +11:00
7aa7b096cf
upstream: make ssh-keysign use the requested signature algorithm
...
and not the default for the keytype. Part of unbreaking hostbased auth for
RSA/SHA2 keys. ok markus@
OpenBSD-Commit-ID: b5639a14462948970da3a8020dc06f9a80ecccdc
2022-01-07 09:21:38 +11:00
291721bc7c
upstream: stricter UpdateHostkey signature verification logic on
...
the client- side. Require RSA/SHA2 signatures for RSA hostkeys except when
RSA/SHA1 was explicitly negotiated during initial KEX; bz3375
ok markus@
OpenBSD-Commit-ID: 46e75e8dfa2c813781805b842580dcfbd888cf29
2022-01-07 09:21:38 +11:00
0fa3368322
upstream: Fix signature algorithm selection logic for
...
UpdateHostkeys on the server side. The previous code tried to prefer RSA/SHA2
for hostkey proofs of RSA keys, but missed some cases. This will use RSA/SHA2
signatures for RSA keys if the client proposed these algorithms in initial
KEX. bz3375
Mostly by Dmitry Belyavskiy with some tweaks by me.
ok markus@
OpenBSD-Commit-ID: c17ba0c3236340d2c6a248158ebed042ac6a8029
2022-01-07 09:21:38 +11:00
17877bc81d
upstream: convert ssh, sshd mainloops from select() to poll();
...
feedback & ok deraadt@ and markus@ has been in snaps for a few months
OpenBSD-Commit-ID: a77e16a667d5b194dcdb3b76308b8bba7fa7239c
2022-01-07 09:21:38 +11:00
5c79952dfe
upstream: prepare for conversion of ssh, sshd mainloop from
...
select() to poll() by moving FD_SET construction out of channel handlers into
separate functions. ok markus
OpenBSD-Commit-ID: 937fbf2a4de12b19fb9d5168424e206124807027
2022-01-07 09:11:58 +11:00
24c5187edf
upstream: add a comment so I don't make this mistake again
...
OpenBSD-Commit-ID: 69c7f2362f9de913bb29b6318580c5a1b52c921e
2022-01-07 09:10:42 +11:00
7369900441
upstream: fix cut-and-pasto in error message
...
OpenBSD-Commit-ID: 4cc5c619e4b456cd2e9bb760d17e3a9c84659198
2022-01-07 09:10:42 +11:00
294c11b1c7
upstream: select all RSA hostkey algorithms for UpdateHostkeys tests,
...
not just RSA-SHA1
OpenBSD-Regress-ID: b40e62b65863f2702a0c10aca583b2fe76772bd8
2022-01-05 19:31:37 +11:00
2ea1108c30
upstream: regress test both sshsig message hash algorithms, possible
...
now because the algorithm is controllable via the CLI
OpenBSD-Regress-ID: 0196fa87acc3544b2b4fd98de844a571cb09a39f
2022-01-05 16:06:09 +11:00
2327c306b5
upstream: allow selection of hash at sshsig signing time; code
...
already supported either sha512 (default) or sha256, but plumbing wasn't
there mostly by Linus Nordberg
OpenBSD-Commit-ID: 1b536404b9da74a84b3a1c8d0b05fd564cdc96cd
2022-01-05 16:06:01 +11:00
56e941d0a0
upstream: add missing -O option to usage() for ssh-keygen -Y sign;
...
from Linus Nordberg
OpenBSD-Commit-ID: 4e78feb4aa830727ab76bb2e3d940440ae1d7af0
2022-01-05 16:06:01 +11:00
141a14ec9b
upstream: move sig_process_opts() to before sig_sign(); no
...
functional code change
OpenBSD-Commit-ID: da02d61f5464f72b4e8b299f83e93c3b657932f9
2022-01-05 16:06:01 +11:00
37a14249ec
upstream: regression test for find-principals NULL deref; from Fabian
...
Stelzer
OpenBSD-Regress-ID: f845a8632a5a7d5ae26978004c93e796270fd3e5
2022-01-05 15:12:46 +11:00
eb1f042142
upstream: NULL deref when using find-principals when matching an
...
allowed_signers line that contains a namespace restriction, but no
restriction specified on the command-line; report and fix from Fabian Stelzer
OpenBSD-Commit-ID: 4a201b86afb668c908d1a559c6af456a61f4b145
2022-01-05 15:12:39 +11:00
8f3b180305
upstream: Log command invocation while debugging.
...
This will aid in manually reproducing failing commands.
OpenBSD-Regress-ID: b4aba8d5ac5675ceebeeeefa3261ce344e67333a
2022-01-05 11:51:04 +11:00
bbf285164d
Always save config.h as build artifact.
...
Should allow better comparison between failing and succeeding test
platforms.
2022-01-05 11:48:58 +11:00
03bd4ed0db
Add OpenBSD 7.0 target. Retire 6.8.
2022-01-05 11:48:58 +11:00
c45a752f0d
upstream: spelling
...
OpenBSD-Commit-ID: c63e43087a64d0727af13409c708938e05147b62
2022-01-04 18:22:46 +11:00
c672f83a89
upstream: unbreak test: was picking up system ssh-add instead of the
...
one supposedly being tested. Spotted by dtucker and using his VM zoo (which
includes some systems old enough to lack ed25519 key support)
OpenBSD-Regress-ID: 7976eb3df11cc2ca3af91030a6a8c0cef1590bb5
2022-01-04 18:22:37 +11:00
a23698c308
upstream: fix memleak in process_extension(); oss-fuzz issue #42719
...
OpenBSD-Commit-ID: d8d49f840162fb7b8949e3a5adb8107444b6de1e
2022-01-01 15:19:48 +11:00
cb885178f3
upstream: spelling ok dtucker@
...
OpenBSD-Commit-ID: bfc7ba74c22c928de2e257328b3f1274a3dfdf19
2022-01-01 15:19:48 +11:00
6b977f8080
upstream: split method list search functionality from
...
authmethod_lookup() into a separate authmethod_byname(), for cases where we
don't need to check whether a method is enabled, etc.
use this to fix the "none" authentication method regression reported
by Nam Nguyen via bugs@
ok deraadt@
OpenBSD-Commit-ID: 8cd188dc3a83aa8abe5b7693e762975cd8ea8a17
2021-12-27 10:40:22 +11:00
0074aa2c8d
upstream: sort -H and -h in SYNOPSIS/usage(); tweak the -H text;
...
ok djm
OpenBSD-Commit-ID: 90721643e41e9e09deb5b776aaa0443456ab0965
2021-12-27 10:40:16 +11:00
Darren Tucker
dtucker@openbsd.org
djm@openbsd.org
Damien Miller
Tim Rice
jsg@openbsd.org
jmc@openbsd.org