tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,764 Commits 6 Branches 20 Tags 97 MiB
Commit Graph

10764 Commits

Author SHA1 Message Date
dtucker@openbsd.org 85cceda21f upstream: Specify that the KDF function is bcrypt. Based on github 
PR#214 from rafork, ok markus@, mdoc correction jmc@

OpenBSD-Commit-ID: d8f2853e7edbcd483f31b50da77ab80ffa18b4ef
 2020-11-17 22:34:57 +11:00
djm@openbsd.org 5b9720f9ad upstream: revert r1.341; it breaks ProxyJump; reported by sthen@ 
OpenBSD-Commit-ID: 6ac2f945b26cb86d936eed338f77861d6da8356a
 2020-11-16 09:36:05 +11:00
djm@openbsd.org 04088725ec upstream: scrub keyboard-interactive authentication prompts coming 
from the server through asmprintf() prior to display; suggested by and ok
dtucker@

OpenBSD-Commit-ID: 31fe93367645c37fbfe4691596bf6cf1e3972a58
 2020-11-13 18:32:24 +11:00
djm@openbsd.org 5442b491d0 upstream: prefix keyboard interactive prompts with (user@host) to 
make it easier to determine which connection they are associated with in
cases like scp -3, ProxyJump, etc. bz#3224 ok dtucker

OpenBSD-Commit-ID: 67e6189b04b46c867662f8a6759cf3ecb5f59170
 2020-11-13 18:32:24 +11:00
Darren Tucker 2992e4e701 Remove use of TIME_WITH_SYS_TIME. 
It was only set by the recently removed AC_HEADER_TIME macro, replace
with simple inclusions of both sys/time.h and time.h.  Should prevent
mis-detection of struct timespec.
 2020-11-13 17:56:11 +11:00
Damien Miller e3f27006f1 Revert "detect Linux/X32 systems" 
This reverts commit 5b56bd0aff.

The approach used was incorrect; discussion in bz#3085
 2020-11-13 14:20:43 +11:00
Damien Miller e51dc7fab6 SELinux has deprecated security_context_t 
(it was only ever a char* anyway)
 2020-11-13 13:46:28 +11:00
Darren Tucker b79add37d1 Remove obsolete AC_HEADER_TIME macro. 
AC_HEADER_TIME is marked as obsolete in autoconf-2.70 and as far as I
can tell everything we have that might be old enough to need it doesn't.
 2020-11-13 13:43:30 +11:00
djm@openbsd.org d5d05cdb3d upstream: when prompting the user to accept a new hostkey, display 
any other host names/addresses already associated with the key. E.g.

> The authenticity of host 'test (10.0.0.1)' can't be established.
> ECDSA key fingerprint is SHA256:milU4MODXm8iJQI18wlsbPG7Yup+34fuNNmV08qDnax.
> This host key is known by the following other names/addresses:
>     ~/.ssh/known_hosts:1: host.example.org,10.0.0.1
>     ~/.ssh/known_hosts:2: [hashed name]
>     ~/.ssh/known_hosts:3: [hashed name]
>     ~/.ssh/known_hosts:4: host
>     ~/.ssh/known_hosts:5: [host]:2222
> Are you sure you want to continue connecting (yes/no/[fingerprint])?

feedback and ok markus@

OpenBSD-Commit-ID: f6f58a77b49f1368b5883b3a1f776447cfcc7ef4
 2020-11-13 09:58:55 +11:00
dtucker@openbsd.org 819b44e8b9 upstream: Prevent integer overflow when ridiculously large 
ConnectTimeout is specified, capping the effective value (for most platforms)
at 24 days. bz#3229, ok djm@

OpenBSD-Commit-ID: 62d4c4b7b87d111045f8e9f28b5b532d17ac5bc0
 2020-11-13 09:58:55 +11:00
djm@openbsd.org add926dd1b upstream: fix logic error that broke URI parsing in ProxyJump 
directives; ok dtucker@

OpenBSD-Commit-ID: 96d48839b1704882a0e9a77898f5e14b2d222705
 2020-11-12 10:53:03 +11:00
claudio@openbsd.org 4340dd4392 upstream: Free the previously allocated msg buffer after writing it 
out. OK djm@

OpenBSD-Commit-ID: 18c055870fc75e4cb9f926c86c7543e2e21d7fa4
 2020-11-12 10:53:03 +11:00
Darren Tucker fcf429a4c6 Prevent excessively long username going to PAM. 
This is a mitigation for a buffer overflow in Solaris' PAM username
handling (CVE-2020-14871), and is only enabled for Sun-derived PAM
implementations.  This is not a problem in sshd itself, it only
prevents sshd from being used as a vector to attack Solaris' PAM.
It does not prevent the bug in PAM from being exploited via some other
PAM application.

Based on github PR#212 from Mike Scott but implemented slightly
differently.  ok tim@ djm@
 2020-11-11 14:05:30 +11:00
djm@openbsd.org 10dce8ff68 upstream: unbreak; missing NULL check 
OpenBSD-Commit-ID: 6613dfab488123f454d348ef496824476b8c11c0
 2020-11-09 10:20:13 +11:00
djm@openbsd.org d5a0cd4fc4 upstream: when requesting a security key touch on stderr, inform the 
user once the touch has been recorded; requested by claudio@ ok markus@

OpenBSD-Commit-ID: 3b76ee444490e546b9ea7f879e4092ee0d256233
 2020-11-09 09:39:22 +11:00
Darren Tucker 292bcb2479 Remove preprocessor directive from log macro calls. 
Preprocessor directives inside macro calls, such as the new log macros,
are undefined behaviour and do not work with, eg old GCCs.  Put the
entire log call inside the ifdef for OPENSSL_HAS_NISTP521.
 2020-11-09 00:33:35 +11:00
dtucker@openbsd.org 71693251b7 upstream: Add a comment documenting the source of the moduli group 
sizes.

OpenBSD-Commit-ID: aec0725ce607630caaa62682624c6763b350391c
 2020-11-09 00:02:27 +11:00
dtucker@openbsd.org 4d94b031ff upstream: Replace WITH_OPENSSL ifdefs in log calls with a macro. 
The log calls are themselves now macros, and preprocessor directives inside
macro arguments are undefined behaviour which some compilers (eg old GCCs)
choke on.  It also makes the code tidier.  ok deraadt@

OpenBSD-Commit-ID: cc12a9029833d222043aecd252d654965c351a69
 2020-11-09 00:02:27 +11:00
Darren Tucker 6d2564b94e Fix function body for variadic macro test. 
AC_LANG_PROGRAM puts its second argument inside main() so we don't need
to do it ourselves.
 2020-11-06 17:11:16 +11:00
Darren Tucker 586f9bd2f5 Remove AC_PROC_CC_C99 obsoleted in autoconf 2.70. 
Since we only use it to make sure we can handle variadic macros,
explicitly check only for that.  with & ok djm@
 2020-11-06 16:53:24 +11:00
Darren Tucker a019e353df Replace AC_TRY_COMPILE obsoleted in autoconf 2.70. 
Replace with the equivalent AC_COMPILE_IFELSE.
 2020-11-06 13:56:41 +11:00
Darren Tucker 771b7795c0 Move AC_PROG_CC_C99 to immediately afer AC_PROG_CC. 
This puts the related C version selection output in the same place.
 2020-11-06 13:55:33 +11:00
Darren Tucker e5591161f2 AC_CHECK_HEADER() is obsoleted in autoconf 2.70. 
Replace with the non-obsoleted AC_CHECK_HEADERS().
 2020-11-06 13:54:17 +11:00
djm@openbsd.org 05bcd0cadf upstream: fold consecutive '*' wildcards to mitigate combinatorial 
explosion of recursive searches; ok dtucker

OpenBSD-Commit-ID: d18bcb39c40fb8a1ab61153db987e7d11dd3792b
 2020-11-04 10:09:25 +11:00
djm@openbsd.org 7d680448db upstream: print reason in fatal error message when 
kex_assemble_namelist() fails

OpenBSD-Commit-ID: a9975ee8db6c98d6f32233d88051b2077ca63dab
 2020-11-04 10:09:25 +11:00
djm@openbsd.org 95d1109fec upstream: fix sshd_config SetEnv directive inside Match blocks; part of 
github PR#201 from github user manuelm

OpenBSD-Commit-ID: 9772e3748abff3ad65ae8fc43d026ed569b1d2bc
 2020-10-29 14:15:35 +11:00
djm@openbsd.org b12b835dc0 upstream: fix type of nid in type_bits_valid(); github PR#202 from 
github user thingsconnected

OpenBSD-Commit-ID: 769d2b040dec7ab32d323daf54b854dd5dcb5485
 2020-10-29 14:03:03 +11:00
djm@openbsd.org 1a14c13147 upstream: whitespace; no code change 
OpenBSD-Commit-ID: efefc1c47e880887bdee8cd2127ca93177eaad79
 2020-10-29 13:54:13 +11:00
djm@openbsd.org 815209abfd upstream: UpdateHostkeys: fixed/better detection of host keys that 
exist under other names and addresses; spotted by and debugged with lots of
help from jca@

OpenBSD-Commit-ID: 5113d7f550bbd48243db1705afbf16b63792d4b7
 2020-10-29 13:53:59 +11:00
Duncan Eastoe a575cf44e5 session.c: use "denylist" terminology 
Follow upstream (6d755706a0) language
improvements in this portable-specific code.
 2020-10-29 13:45:10 +11:00
Damien Miller 33267feaff Remove checks for strict POSIX mkdtemp() 
We needed a mkdtemp() that accepted template paths that did not
end in XXXXXX a long time ago for KRB4, but that code is long
deprecated. We no longer need to replace mkdtemp() for strictly
following POSIX. ok dtucker@
 2020-10-27 16:50:38 +11:00
dtucker@openbsd.org 492d70e18b upstream: Minor man page fixes (capitalization, commas) identified by 
the manpage-l10n project via bz#3223.  feedback deraadt@, ok jmc@

OpenBSD-Commit-ID: ab83af0daf18369244a72daaec6c4a58a9eb7e2c
 2020-10-26 12:15:52 +11:00
dtucker@openbsd.org eab2888cfc upstream: Adapt XMSS to new logging infrastructure. With markus@, ok 
djm@.

OpenBSD-Commit-ID: 9c35ec3aa0f710e4e3325187ceff4fa3791686de
 2020-10-20 10:15:02 +11:00
djm@openbsd.org f7bd11e494 upstream: fix SEGV on fatal() errors spotted by dtucker@ 
OpenBSD-Commit-ID: 75f155a1ac61e364ed00dc379e2c42df81067ce2
 2020-10-19 19:09:08 +11:00
Darren Tucker 7715a3b171 Use fatal_fr not fatal_r when passing r. 
Caught by the PAM -Werror tinderbox build.
 2020-10-19 10:54:41 +11:00
djm@openbsd.org 816036f142 upstream: use the new variant log macros instead of prepending 
__func__ and appending ssh_err(r) manually; ok markus@

OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
 2020-10-18 23:46:29 +11:00
djm@openbsd.org 9e2c4f6422 upstream: variants of the log methods that append a ssherr.h string 
from a supplied error code; ok markus@

OpenBSD-Commit-ID: aed98c4435d48d036ae6740300f6a8357b7cc0bf
 2020-10-18 22:34:20 +11:00
djm@openbsd.org 28cb0a4b03 upstream: remove a level of macro indirection; ok markus@ 
OpenBSD-Commit-ID: 0c529d06e902c5d1a6b231e1bec6157f76dc67c9
 2020-10-18 22:33:57 +11:00
djm@openbsd.org 9cac1db52e upstream: add some variant log.h calls that prepend the calling 
function name; ok markus@

OpenBSD-Commit-ID: 4be1b2e2455b271ddb7457bc195c5367644f4e48
 2020-10-18 22:33:57 +11:00
Damien Miller d55dfed34e missing header 2020-10-17 22:55:24 +11:00
Damien Miller 999d7cb79a sync regress/misc/sk-dummy/fatal.c 2020-10-17 22:47:52 +11:00
djm@openbsd.org 3554b4afa3 upstream: make the log functions that exit (sshlogdie(), 
sshfatal(), etc) have identical signatures. Makes things a bit more
consistent...

OpenBSD-Commit-ID: bd0ae124733389d7c0042e135c71ee9091362eb9
 2020-10-17 22:45:37 +11:00
jmc@openbsd.org 616029a85a upstream: add space between macro arg and punctuation; 
OpenBSD-Commit-ID: bb81e2ed5a77832fe62ab30a915ae67cda57633e
 2020-10-17 22:45:37 +11:00
Damien Miller f812a36cee check for and require a C99 capable compiler 
recent logging changes use __VA_ARGS__.
 2020-10-17 12:03:34 +11:00
Damien Miller f9ea651520 logging is now macros, remove function pointers 2020-10-17 11:51:20 +11:00
Damien Miller 0f938f9986 adapt sk-dummy's fatal implementation to changes 2020-10-17 11:42:26 +11:00
Damien Miller afbd9ec9e2 fix netcat build problem 2020-10-17 11:33:13 +11:00
djm@openbsd.org 793b583d09 upstream: LogVerbose keyword for ssh and sshd 
Allows forcing maximum debug logging by file/function/line pattern-
lists.

ok markus@

OpenBSD-Commit-ID: c294c25732d1b4fe7e345cb3e044df00531a6356
 2020-10-17 00:43:17 +11:00
djm@openbsd.org 752250caab upstream: revised log infrastructure for OpenSSH 
log functions receive function, filename and line number of caller.
We can use this to selectively enable logging via pattern-lists.

ok markus@

OpenBSD-Commit-ID: 51a472610cbe37834ce6ce4a3f0e0b1ccc95a349
 2020-10-17 00:42:29 +11:00
djm@openbsd.org acadbb3402 upstream: use do_log2 instead of function pointers to different log 
functions

OpenBSD-Commit-ID: 88077b826d348c58352a6b394755520f4e484480
 2020-10-17 00:37:13 +11:00