tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,649 Commits 6 Branches 20 Tags 99 MiB
Commit Graph

9649 Commits

Author SHA1 Message Date
Darren Tucker c77bc73c91 Explicitly include openssl before zlib. 
Some versions of OpenSSL have "free_func" in their headers, which zlib
typedefs.  Including openssl after zlib (eg via sshkey.h) results in
"syntax error before `free_func'", which this fixes.
 2018-07-20 13:48:51 +10:00
dtucker@openbsd.org 95d41e90ea upstream: Deprecate UsePrivilegedPort now that support for running 
ssh(1) setuid has been removed, remove supporting code and clean up
references to it in the man pages

We have not shipped ssh(1) the setuid bit since 2002.  If ayone
really needs to make connections from a low port number this can
be implemented via a small setuid ProxyCommand.

ok markus@ jmc@ djm@

OpenBSD-Commit-ID: d03364610b7123ae4c6792f5274bd147b6de717e
 2018-07-19 21:44:21 +10:00
dtucker@openbsd.org 258dc8bb07 upstream: Remove support for running ssh(1) setuid and fatal if 
attempted. Do not link uidwap.c into ssh any more.  Neuters
UsePrivilegedPort, which will be marked as deprecated shortly. ok markus@
djm@

OpenBSD-Commit-ID: c4ba5bf9c096f57a6ed15b713a1d7e9e2e373c42
 2018-07-19 21:41:42 +10:00
dtucker@openbsd.org ac590760b2 upstream: Slot 0 in the hostbased key array was previously RSA1, 
but that is now gone and the slot is unused so remove it.  Remove two
now-unused macros, and add an array bounds check to the two remaining ones
(array is statically sized, so mostly a safety check on future changes). ok
markus@

OpenBSD-Commit-ID: 2e4c0ca6cc1d8daeccead2aa56192a3f9d5e1e7a
 2018-07-19 20:17:33 +10:00
dtucker@openbsd.org 26efc2f5df upstream: Remove support for loading HostBasedAuthentication keys 
directly in ssh(1) and always use ssh-keysign.  This removes one of the few
remaining reasons why ssh(1) might be setuid.  ok markus@

OpenBSD-Commit-ID: 97f01e1448707129a20d75f86bad5d27c3cf0b7d
 2018-07-19 20:17:33 +10:00
djm@openbsd.org 3eb7f1038d upstream: keep options.identity_file_userprovided array in sync when we 
load keys, fixing some spurious error messages; ok markus

OpenBSD-Commit-ID: c63e3d5200ee2cf9e35bda98de847302566c6a00
 2018-07-16 17:08:13 +10:00
djm@openbsd.org 2f131e1b34 upstream: memleak in unittest; found by valgrind 
OpenBSD-Regress-ID: 168c23b0fb09fc3d0b438628990d3fd9260a8a5e
 2018-07-16 13:12:28 +10:00
djm@openbsd.org de2997a4cf upstream: memleaks; found by valgrind 
OpenBSD-Commit-ID: 6c3ba22be53e753c899545f771e8399fc93cd844
 2018-07-16 13:12:20 +10:00
Darren Tucker 61cc0003eb Undef a few new macros in sys-queue.h. 
Prevents macro redefinition warnings on OSX.
 2018-07-14 16:49:01 +10:00
Darren Tucker 30a2c21387 Include unistd.h for geteuid declaration. 2018-07-13 13:40:20 +10:00
Darren Tucker 1dd32c23f2 Fallout from buffer conversion in AUDIT_EVENTS. 
Supply missing "int r" and fix error path for sshbuf_new().
 2018-07-13 13:38:10 +10:00
djm@openbsd.org 7449c178e9 upstream: make this use ssh_proxy rather than starting/stopping a 
daemon for each testcase

OpenBSD-Regress-ID: 608b7655ea65b1ba8fff5a13ce9caa60ef0c8166
 2018-07-13 12:14:38 +10:00
djm@openbsd.org dbab02f920 upstream: fix leaks in unit test; with this, all unit tests are 
leak free (as far as valgrind can spot anyway)

OpenBSD-Regress-ID: b824d8b27998365379963440e5d18b95ca03aa17
 2018-07-13 12:14:38 +10:00
Damien Miller 2f6accff50 Enable leak checks for unit tests with valgrind 
Leave the leak checking on unconditionally when running with valgrind.
The unit tests are leak-free and I want them to stay that way.
 2018-07-13 11:41:33 +10:00
Damien Miller e46cfbd9db increase timeout to match cfgmatch.sh 
lets test pass under valgrind (on my workstation at least)
 2018-07-13 11:41:33 +10:00
Damien Miller 6aa1bf475c rm regress/misc/kexfuzz/*.o in distclean target 2018-07-13 11:41:33 +10:00
Damien Miller eef1447ddb repair !WITH_OPENSSL build 2018-07-13 11:41:33 +10:00
Damien Miller 4d3b2f36fd missing headers 2018-07-13 11:41:33 +10:00
Darren Tucker 3f420a692b Remove key.h from portable files too. 
Commit 5467fbcb removed key.h so stop including it in portable files
too.  Fixes builds on lots of platforms.
 2018-07-12 14:57:46 +10:00
djm@openbsd.org e2c4af3115 upstream: remove prototype to long-gone function 
OpenBSD-Commit-ID: 0414642ac7ce01d176b9f359091a66a8bbb640bd
 2018-07-12 14:36:12 +10:00
markus@openbsd.org 394a842e60 upstream: treat ssh_packet_write_wait() errors as fatal; ok djm@ 
OpenBSD-Commit-ID: f88ba43c9d54ed2d911218aa8d3f6285430629c3
 2018-07-12 13:18:25 +10:00
markus@openbsd.org 5467fbcb09 upstream: remove legacy key emulation layer; ok djm@ 
OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
 2018-07-12 13:18:25 +10:00
martijn@openbsd.org 5dc4c59d54 upstream: s/wuth/with/ in comment 
OpenBSD-Commit-ID: 9de41468afd75f54a7f47809d2ad664aa577902c
 2018-07-12 11:47:57 +10:00
Darren Tucker 1c688801e9 Include stdlib.h for declaration of free. 
Fixes build with -Werror on at least Fedora and probably others.
 2018-07-11 12:14:09 +10:00
Damien Miller fccfa239de VALGRIND_CHECK_LEAKS logic was backwards :( 2018-07-11 10:19:56 +10:00
Darren Tucker 416287d45f Fix sshbuf_new error path in skey. 2018-07-11 10:11:17 +10:00
Darren Tucker 7aab109b8b Supply missing third arg in skey. 
During the change to the new buffer api the third arg to
sshbuf_get_cstring was ommitted.  Fixes build when configured with skey.
 2018-07-11 10:11:17 +10:00
Darren Tucker 380320bb72 Supply some more missing "int r" in skey 2018-07-11 10:11:17 +10:00
Damien Miller d20720d373 disable valgrind memleak checking by default 
Add VALGRIND_CHECK_LEAKS knob to turn it back on.
 2018-07-11 09:57:44 +10:00
Darren Tucker 79c9d35018 Supply missing "int r" in skey code. 2018-07-11 09:54:00 +10:00
sf@openbsd.org 984bacfaac upstream: re-remove some pre-auth compression bits 
This time, make sure to not remove things that are necessary for
pre-auth compression on the client. Add a comment that pre-auth
compression is still supported in the client.

ok markus@

OpenBSD-Commit-ID: 282c6fec7201f18a5c333bbb68d9339734d2f784
 2018-07-11 09:52:08 +10:00
Damien Miller 120a1ec74e Adapt portable to legacy buffer API removal 2018-07-10 19:39:52 +10:00
djm@openbsd.org 0f3958c1e6 upstream: kerberos/gssapi fixes for buffer removal 
OpenBSD-Commit-ID: 1cdf56fec95801e4563c47f21696f04cd8b60c4c
 2018-07-10 19:15:35 +10:00
djm@openbsd.org c74ae8e7c4 upstream: buffer.[ch] and bufaux.c are no more 
OpenBSD-Commit-ID: d1a1852284e554f39525eb4d4891b207cfb3d3a0
 2018-07-10 18:07:49 +10:00
djm@openbsd.org a881e5a133 upstream: one mention of Buffer that almost got away :) 
OpenBSD-Commit-ID: 30d7c27a90b4544ad5dfacf654595710cd499f02
 2018-07-10 18:07:49 +10:00
markus@openbsd.org 49f47e656b upstream: replace cast with call to sshbuf_mutable_ptr(); ok djm@ 
OpenBSD-Commit-ID: 4dfe9d29fa93d9231645c89084f7217304f7ba29
 2018-07-10 16:44:17 +10:00
markus@openbsd.org cb30cd4704 upstream: remove legacy buffer API emulation layer; ok djm@ 
OpenBSD-Commit-ID: 2dd5dc17cbc23195be4299fa93be2707a0e08ad9
 2018-07-10 16:44:17 +10:00
markus@openbsd.org 235c7c4e3b upstream: sshd: switch monitor to sshbuf API; lots of help & ok 
djm@

OpenBSD-Commit-ID: d89bd02d33974fd35ca0b8940d88572227b34a48
 2018-07-10 16:40:18 +10:00
markus@openbsd.org b8d9214d96 upstream: sshd: switch GSSAPI to sshbuf API; ok djm@ 
OpenBSD-Commit-ID: e48449ab4be3f006f7ba33c66241b7d652973e30
 2018-07-10 15:28:30 +10:00
markus@openbsd.org c7d39ac8dc upstream: sshd: switch authentication to sshbuf API; ok djm@ 
OpenBSD-Commit-ID: 880aa06bce4b140781e836bb56bec34873290641
 2018-07-10 15:27:43 +10:00
markus@openbsd.org c3cb7790e9 upstream: sshd: switch config to sshbuf API; ok djm@ 
OpenBSD-Commit-ID: 72b02017bac7feac48c9dceff8355056bea300bd
 2018-07-10 15:25:25 +10:00
markus@openbsd.org 2808d18ca4 upstream: sshd: switch loginmsg to sshbuf API; ok djm@ 
OpenBSD-Commit-ID: f3cb4e54bff15c593602d95cc43e32ee1a4bac42
 2018-07-10 15:21:58 +10:00
markus@openbsd.org 89dd615b8b upstream: ttymodes: switch to sshbuf API; ok djm@ 
OpenBSD-Commit-ID: 5df340c5965e822c9da21e19579d08dea3cbe429
 2018-07-10 15:19:12 +10:00
markus@openbsd.org f4608a7065 upstream: client: switch mux to sshbuf API; with & ok djm@ 
OpenBSD-Commit-ID: 5948fb98d704f9c4e075b92edda64e0290b5feb2
 2018-07-10 15:14:26 +10:00
markus@openbsd.org cecee2d607 upstream: client: switch to sshbuf API; ok djm@ 
OpenBSD-Commit-ID: 60cb0356114acc7625ab85105f6f6a7cd44a8d05
 2018-07-10 15:14:26 +10:00
markus@openbsd.org ff55f4ad89 upstream: pkcs11: switch to sshbuf API; ok djm@ 
OpenBSD-Commit-ID: 98cc4e800f1617c51caf59a6cb3006f14492db79
 2018-07-10 15:13:41 +10:00
sf@openbsd.org 168b46f405 upstream: Revert previous two commits 
It turns out we still support pre-auth compression on the client.
Therefore revert the previous two commits:

date: 2018/07/06 09:06:14;  author: sf;  commitid: yZVYKIRtUZWD9CmE;
 Rename COMP_DELAYED to COMP_ZLIB

 Only delayed compression is supported nowadays.

 ok markus@

date: 2018/07/06 09:05:01;  author: sf;  commitid: rEGuT5UgI9f6kddP;
 Remove leftovers from pre-authentication compression

 Support for this has been removed in 2016.
 COMP_DELAYED will be renamed in a later commit.

 ok markus@

OpenBSD-Commit-ID: cdfef526357e4e1483c86cf599491b2dafb77772
 2018-07-10 15:13:41 +10:00
sf@openbsd.org ab39267fa1 upstream: Rename COMP_DELAYED to COMP_ZLIB 
Only delayed compression is supported nowadays.

ok markus@

OpenBSD-Commit-ID: 5b1dbaf3d9a4085aaa10fec0b7a4364396561821
 2018-07-10 15:13:40 +10:00
sf@openbsd.org 95db395d2e upstream: Remove leftovers from pre-authentication compression 
Support for this has been removed in 2016.
COMP_DELAYED will be renamed in a later commit.

ok markus@

OpenBSD-Commit-ID: 6a99616c832627157113fcb0cf5a752daf2e6b58
 2018-07-10 15:13:40 +10:00
sf@openbsd.org f28a4d5cd2 upstream: Remove unused ssh_packet_start_compression() 
ok markus@

OpenBSD-Commit-ID: 9d34cf2f59aca5422021ae2857190578187dc2b4
 2018-07-10 15:13:40 +10:00