Commit Graph

10454 Commits

Author SHA1 Message Date
djm@openbsd.org 7b4d8999f2 upstream: the tunnel-forwarding vs ExitOnForwardFailure fix that I
committed earlier had an off-by-one. Fix this and add some debugging that
would have made it apparent sooner.

OpenBSD-Commit-ID: 082f8f72b1423bd81bbdad750925b906e5ac6910
2020-04-03 15:35:28 +11:00
dtucker@openbsd.org eece243666 upstream: %C expansion just added to Match Exec should include
remote user not local user.

OpenBSD-Commit-ID: 80f1d976938f2a55ee350c11d8b796836c8397e2
2020-04-03 15:35:28 +11:00
dtucker@openbsd.org d5318a784d upstream: Add regression test for percent expansions where possible.
OpenBSD-Regress-ID: 7283be8b2733ac1cbefea3048a23d02594485288
2020-04-03 13:43:10 +11:00
djm@openbsd.org 663e84bb53 upstream: make failures when establishing "Tunnel" forwarding terminate
the connection when ExitOnForwardFailure is enabled; bz3116; ok dtucker

OpenBSD-Commit-ID: ef4b4808de0a419c17579b1081da768625c1d735
2020-04-03 13:42:33 +11:00
dtucker@openbsd.org ed833da176 upstream: Make with config keywords support which
percent_expansions more consistent.  - %C is moved into its own function and
added to Match Exec.  - move the common (global) options into a macro.  This
is ugly but it's    the least-ugly way I could come up with.  - move
IdentityAgent and ForwardAgent percent expansion to before the    config dump
to make it regression-testable.  - document all of the above

ok jmc@ for man page bits, "makes things less terrible" djm@ for the rest.

OpenBSD-Commit-ID: 4b65664bd6d8ae2a9afaf1a2438ddd1b614b1d75
2020-04-03 13:33:37 +11:00
djm@openbsd.org 6ec7457171 upstream: give ssh-keygen the ability to dump the contents of a
binary key revocation list: ssh-keygen -lQf /path bz#3132; ok dtucker

OpenBSD-Commit-ID: b76afc4e3b74ab735dbde4e5f0cfa1f02356033b
2020-04-03 13:33:25 +11:00
djm@openbsd.org af628b8a6c upstream: add allocating variant of the safe utf8 printer; ok
dtucker as part of a larger diff

OpenBSD-Commit-ID: 037e2965bd50eacc2ffb49889ecae41552744fa0
2020-04-03 13:32:50 +11:00
dtucker@openbsd.org d8ac9af645 upstream: Cast lifetime to u_long for comparison to prevent unsigned
comparison warning on 32bit arches.  Spotted by deraadt, ok djm.

OpenBSD-Commit-ID: 7a75b2540bff5ab4fa00b4d595db1df13bb0515a
2020-03-17 09:48:36 +11:00
Darren Tucker 0eaca933ae Include fido.h when checking for fido/credman.h.
It's required for fido_dev_t, otherwise configure fails with
when given --with-security-key-builtin.
2020-03-14 20:58:46 +11:00
djm@openbsd.org c7c099060f upstream: some more speeling mistakes from
OpenBSD-Regress-ID: 02471c079805471c546b7a69d9ab1d34e9a57443
2020-03-14 19:40:16 +11:00
djm@openbsd.org 1d89232a4a upstream: improve error messages for some common PKCS#11 C_Login
failure cases; based on patch from Jacob Hoffman-Andrews in bz3130; ok
dtucker

OpenBSD-Commit-ID: b8b849621b4a98e468942efd0a1c519c12ce089e
2020-03-14 19:39:30 +11:00
djm@openbsd.org 5becbec023 upstream: use sshpkt_fatal() for kex_exchange_identification()
errors. This ensures that the logged errors are consistent with other
transport- layer errors and that the relevant IP addresses are logged. bz3129
ok dtucker@

OpenBSD-Commit-ID: 2c22891f0b9e1a6cd46771cedbb26ac96ec2e6ab
2020-03-14 19:39:30 +11:00
dtucker@openbsd.org eef88418f9 upstream: Don't clear alarm timers in listening sshd. Previously
these timers were used for regenerating the SSH1 ephemeral host keys but
those are now gone so there's no need to clear the timers either.  ok
deraadt@

OpenBSD-Commit-ID: 280d2b885e4a1ce404632e8cc38fcb17be7dafc0
2020-03-14 19:39:30 +11:00
djm@openbsd.org d081f017c2 upstream: spelling errors in comments; no code change from
OpenBSD-Commit-ID: 166ea64f6d84f7bac5636dbd38968592cb5eb924
2020-03-14 19:39:09 +11:00
djm@openbsd.org c084a2d040 upstream: when downloading FIDO2 resident keys from a token, don't
prompt for a PIN until the token has told us that it needs one. Avoids
double-prompting on devices that implement on-device authentication (e.g. a
touchscreen PIN pad on the Trezor Model T). ok dtucker@

OpenBSD-Commit-ID: 38b78903dd4422d7d3204095a31692fb69130817
2020-03-14 19:38:53 +11:00
Damien Miller 955c4cf4c6 sync fnmatch.c with upstream to fix another typo 2020-03-13 14:30:16 +11:00
Damien Miller 397f217e86 another spelling error in comment 2020-03-13 14:24:23 +11:00
Damien Miller def31bc542 spelling mistakes
from https://fossies.org/linux/misc/openssh-8.2p1.tar.gz/codespell.html
2020-03-13 14:23:07 +11:00
markus@openbsd.org 8bdc3bb7cf upstream: fix relative includes in sshd_config; ok djm
OpenBSD-Commit-ID: fa29b0da3c93cbc3a1d4c6bcd58af43c00ffeb5b
2020-03-13 13:18:31 +11:00
markus@openbsd.org e32ef97a56 upstream: fix use-after-free in do_download_sk; ok djm
OpenBSD-Commit-ID: 96b49623d297797d4fc069f1f09e13c8811f8863
2020-03-13 13:18:31 +11:00
markus@openbsd.org 5732d58020 upstream: do not leak oprincipals; ok djm
OpenBSD-Commit-ID: 4691d9387eab36f8fda48f5d8009756ed13a7c4c
2020-03-13 13:18:31 +11:00
markus@openbsd.org 8fae395f34 upstream: initialize seconds for debug message; ok djm
OpenBSD-Commit-ID: 293fbefe6d00b4812a180ba02e26170e4c855b81
2020-03-13 13:18:31 +11:00
markus@openbsd.org 46e5c4c8ff upstream: correct return code; ok djm
OpenBSD-Commit-ID: 319d09e3b7f4b2bc920c67244d9ff6426b744810
2020-03-13 13:18:31 +11:00
markus@openbsd.org 31c39e7840 upstream: principalsp is optional, pubkey required; ok djm
OpenBSD-Commit-ID: 2cc3ea5018c28ed97edaccd7f17d2cc796f01024
2020-03-13 13:18:31 +11:00
markus@openbsd.org e26a31757c upstream: remove unused variables in ssh-pkcs11-helper; ok djm
OpenBSD-Commit-ID: 13e572846d0d1b28f1251ddd2165e9cf18135ae1
2020-03-13 13:18:31 +11:00
markus@openbsd.org 1b378c0d98 upstream: return correct error in sshsk_ed25519_sig; ok djm
OpenBSD-Commit-ID: 52bf733df220303c260fee4f165ec64b4a977625
2020-03-13 13:18:09 +11:00
markus@openbsd.org fbff605e63 upstream: fix possible null-deref in check_key_not_revoked; ok
djm

OpenBSD-Commit-ID: 80855e9d7af42bb6fcc16c074ba69876bfe5e3bf
2020-03-13 13:18:09 +11:00
markus@openbsd.org bc30b44684 upstream: ssh_fetch_identitylist() returns the return value from
ssh_request_reply() so we should also check against != 0 ok djm

OpenBSD-Commit-ID: 28d0028769d03e665688c61bb5fd943e18614952
2020-03-13 13:18:09 +11:00
markus@openbsd.org 7b4f70ddeb upstream: sshkey_cert_check_authority requires reason to be set;
ok djm

OpenBSD-Commit-ID: 6f7a6f19540ed5749763c2f9530c0897c94aa552
2020-03-13 13:18:09 +11:00
markus@openbsd.org 05efe270df upstream: passphrase depends on kdfname, not ciphername (possible
null-deref); ok djm

OpenBSD-Commit-ID: 0d39668edf5e790b5837df4926ee1141cec5471c
2020-03-13 13:18:09 +11:00
markus@openbsd.org 1ddf5682f3 upstream: consistently check packet_timeout_ms against 0; ok djm
OpenBSD-Commit-ID: e8fb8cb2c96c980f075069302534eaf830929928
2020-03-13 13:18:09 +11:00
markus@openbsd.org 31f1ee5496 upstream: initialize cname in case ai_canonname is NULL or too
long; ok djm

OpenBSD-Commit-ID: c27984636fdb1035d1642283664193e91aab6e37
2020-03-13 13:13:30 +11:00
markus@openbsd.org a6134b02b5 upstream: fix uninitialized pointers for forward_cancel; ok djm
OpenBSD-Commit-ID: 612778e6d87ee865d0ba97d0a335f141cee1aa37
2020-03-13 13:13:30 +11:00
markus@openbsd.org 16d4f9961c upstream: exit on parse failures in input_service_request; ok djm
OpenBSD-Commit-ID: 6a7e1bfded26051d5aa893c030229b1ee6a0d5d2
2020-03-13 13:13:30 +11:00
markus@openbsd.org 5f25afe521 upstream: fix null-deref on calloc failure; ok djm
OpenBSD-Commit-ID: a313519579b392076b7831ec022dfdefbec8724a
2020-03-13 13:13:30 +11:00
markus@openbsd.org ff2acca039 upstream: exit if ssh_krl_revoke_key_sha256 fails; ok djm
OpenBSD-Commit-ID: 0864ad4fe8bf28ab21fd1df766e0365c11bbc0dc
2020-03-13 13:13:30 +11:00
markus@openbsd.org 31c860a021 upstream: pkcs11_register_provider: return < 0 on error; ok djm
OpenBSD-Commit-ID: cfc8321315b787e4d40da4bdb2cbabd4154b0d97
2020-03-13 13:13:30 +11:00
markus@openbsd.org 15be29e1e3 upstream: sshsig: return correct error, fix null-deref; ok djm
OpenBSD-Commit-ID: 1d1af7cd538b8b23e621cf7ab84f11e7a923edcd
2020-03-13 13:13:30 +11:00
markus@openbsd.org 6fb6f186cb upstream: vasnmprintf allocates str and returns -1; ok djm
OpenBSD-Commit-ID: dae4c9e83d88471bf3b3f89e3da7a107b44df11c
2020-03-13 13:13:30 +11:00
markus@openbsd.org 714e1cbca1 upstream: sshpkt_fatal() does not return; ok djm
OpenBSD-Commit-ID: 7dfe847e28bd78208eb227b37f29f4a2a0929929
2020-03-13 13:13:30 +11:00
djm@openbsd.org 9b47bd7b09 upstream: no-touch-required certificate option should be an
extension, not a critical option.

OpenBSD-Commit-ID: 626b22c5feb7be8a645e4b9a9bef89893b88600d
2020-02-28 12:27:41 +11:00
djm@openbsd.org dd992520be upstream: better error message when trying to use a FIDO key
function and SecurityKeyProvider is empty

OpenBSD-Commit-ID: e56602c2ee8c82f835d30e4dc8ee2e4a7896be24
2020-02-28 12:27:41 +11:00
dtucker@openbsd.org b81e66dbe0 upstream: Drop leading space from line count that was confusing
ssh-keygen's screen mode.

OpenBSD-Commit-ID: 3bcae7a754db3fc5ad3cab63dd46774edb35b8ae
2020-02-28 12:27:41 +11:00
jsg@openbsd.org d5ba1c0327 upstream: change explicit_bzero();free() to freezero()
While freezero() returns early if the pointer is NULL the tests for
NULL in callers are left to avoid warnings about passing an
uninitialised size argument across a function boundry.

ok deraadt@ djm@

OpenBSD-Commit-ID: 2660fa334fcc7cd05ec74dd99cb036f9ade6384a
2020-02-28 12:26:28 +11:00
dtucker@openbsd.org 9e3220b585 upstream: Have sftp reject "-1" in the same way as ssh(1) and
scp(1) do instead of accepting and silently ignoring it since protocol 1
support has been removed.  Spotted by shivakumar2696 at gmail.com, ok
deraadt@

OpenBSD-Commit-ID: b79f95559a1c993214f4ec9ae3c34caa87e9d5de
2020-02-26 23:07:02 +11:00
dtucker@openbsd.org ade8e67bb0 upstream: Remove obsolete XXX comment. ok deraadt@
OpenBSD-Commit-ID: bc462cc843947feea26a2e21c750b3a7469ff01b
2020-02-26 23:07:02 +11:00
dtucker@openbsd.org 7eb903f51e upstream: Fix typo. Patch from itoama at live.jp via github PR#173.
OpenBSD-Commit-ID: 5cdaafab38bbdea0d07e24777d00bfe6f972568a
2020-02-24 17:14:00 +11:00
Nico Kadel-Garcia b2491c289d Switch %define to %global for redhat/openssh.spec 2020-02-22 11:48:05 +11:00
mkontani b18dcf6cca fix some typos and sentence 2020-02-21 12:29:05 +11:00
dtucker@openbsd.org 0001576a09 upstream: Fix some typos and an incorrect word in docs. Patch from
itoama at live.jp via github PR#172.

OpenBSD-Commit-ID: 166ee8f93a7201fef431b9001725ab8b269d5874
2020-02-21 12:27:23 +11:00