tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-30 17:25:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
11,518 Commits 6 Branches 22 Tags
Commit Graph

11518 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Damien Miller
a1d42a6ce0 fix edge case in poll(2) wrapper 
Correct handling of select(2) exceptfds. These should only be consulted
for POLLPRI flagged pfds and not unconditionally converted to POLLERR.

with and ok dtucker@
 2022-01-14 14:09:38 +11:00
Darren Tucker
976b9588b4 Wrap OpenSSL includes in unit tests in ifdef. 
Fixes unit test on systems that do not have OpenSSL headers installed.
 2022-01-14 13:47:27 +11:00
Darren Tucker
c171879374 Remove sort wrapper. 
agent-restrict now takes care of this itself.
 2022-01-13 16:01:41 +11:00
dtucker@openbsd.org
9cc2654403 upstream: Set LC_ALL in both local and remote shells so that sorted 
output matches regardless of what the user's shell sets it to.  ok djm@

OpenBSD-Regress-ID: 4e97dd69a68b05872033175a4c2315345d01837f
 2022-01-13 16:01:41 +11:00
dtucker@openbsd.org
7a75f748cb upstream: Avoid %'s in commands (not used in OpenBSD, but used in 
-portable's Valgrind test) being interpretted as printf format strings.

OpenBSD-Regress-ID: dc8655db27ac4acd2c386c4681bf42a10d80b043
 2022-01-13 15:49:38 +11:00
Darren Tucker
6c435bd499 Stop on first test failure to minimize logs. 2022-01-13 09:01:05 +11:00
dtucker@openbsd.org
4bc2ba6095 upstream: Use egrep when searching for an anchored string. 
OpenBSD-Regress-ID: dd114a2ac27ac4b06f9e4a586d3f6320c54aeeb4
 2022-01-12 18:31:45 +11:00
Darren Tucker
6bf2efa267 Add "rev" command replacement if needed. 2022-01-12 18:25:06 +11:00
dtucker@openbsd.org
72bcd7993d upstream: Don't log NULL hostname in restricted agent code, 
printf("%s", NULL) is not safe on all platforms.  with & ok djm

OpenBSD-Commit-ID: faf10cdae4adde00cdd668cd1f6e05d0a0e32a02
 2022-01-12 15:19:21 +11:00
djm@openbsd.org
acabefe3f8 upstream: remove hardcoded domain and use window.location.host, so this 
can be run anywhere

OpenBSD-Regress-ID: 2ac2ade3b6227d9c547351d3ccdfe671e62b7f92
 2022-01-12 09:36:01 +11:00
dtucker@openbsd.org
96da0946e4 upstream: "void" functions should not return anything. From Tim Rice 
via -portable.

OpenBSD-Commit-ID: ce6616304f4c9881b46413e616b226c306830e2a
 2022-01-12 09:35:50 +11:00
djm@openbsd.org
a882a09722 upstream: suppress "Connection to xxx closed" messages at LogLevel >= 
error bz3378; ok dtucker@

OpenBSD-Commit-ID: d5bf457d5d2eb927b81d0663f45248a31028265c
 2022-01-12 09:33:35 +11:00
Damien Miller
61a1a6af22 OS X poll(2) is broken; use compat replacement 
Darwin's poll(2) implementation is broken. For character-special
devices like /dev/null, it returns POLLNVAL when polled with
POLLIN.

Apparently this is Apple bug 3710161, which is AFAIK not public,
but a websearch will find other OSS projects rediscovering it
periodically since it was first identified in 2005 (!!)
 2022-01-12 09:02:36 +11:00
Darren Tucker
613a6545fc libhardended_malloc.so moved into out dir. 2022-01-11 20:56:01 +11:00
Tim Rice
61761340be Make USL compilers happy 
UX:acomp: ERROR: "sftp-server.c", line 567: void function cannot return value
 2022-01-10 11:07:04 -08:00
Darren Tucker
3ef403f351 Add wrapper for "sort" to set LC_ALL=C. 
Found by djm, this should make sorts stable and reduce test flakiness.
 2022-01-10 21:07:38 +11:00
dtucker@openbsd.org
bd69e29f57 upstream: Remove errant "set -x" left over from debugging. 
OpenBSD-Regress-ID: cd989268e034264cec5df97be7581549032c87dc
 2022-01-08 19:01:43 +11:00
dtucker@openbsd.org
1a7c88e26f upstream: Enable all supported hostkey algorithms (but no others). 
Allows hostbased test to pass when built without OpenSSL.

OpenBSD-Regress-ID: 5ddd677a68b672517e1e78460dc6ca2ccc0a9562
 2022-01-08 18:42:01 +11:00
djm@openbsd.org
12b457c2a4 upstream: use status error message to communicate ~user expansion 
failures; provides better experience for scp in sftp mode, where ~user paths
are more likely to be used; spotted jsg, feedback jsg & deraadt ok jsg &
markus

OpenBSD-Commit-ID: fc610ce00ca0cdc2ecdabbd49ce7cb82033f905f
 2022-01-08 18:38:50 +11:00
djm@openbsd.org
63670d4e90 upstream: fix some corner-case bugs in scp sftp-mode handling of 
~-prefixed paths; spotted by jsg; feedback jsg & deraadt, ok jsg & markus

OpenBSD-Commit-ID: d1697dbaaa9f0f5649d69be897eab25c7d37c222
 2022-01-08 18:38:50 +11:00
djm@openbsd.org
e14940bbec upstream: more idiomatic error messages; spotted by jsg & deraadt 
ok jsg & markus

OpenBSD-Commit-ID: 43618c692f3951747b4151c477c7df22afe2bcc8
 2022-01-08 18:38:49 +11:00
djm@openbsd.org
9acddcd591 upstream: add a variant of send_status() that allows overriding the 
default, generic error message. feedback/ok markus & jsg

OpenBSD-Commit-ID: 81f251e975d759994131b717ee7c0b439659c40f
 2022-01-08 18:38:49 +11:00
djm@openbsd.org
9614113377 upstream: refactor tilde_expand_filename() and make it handle ~user 
paths with no trailing slash; feedback/ok markus and jsg

OpenBSD-Commit-ID: a2ab365598a902f0f14ba6a4f8fb2d07a9b5d51d
 2022-01-08 18:38:49 +11:00
dtucker@openbsd.org
dc38236ab6 upstream: Don't explicitly set HostbasedAuthentication in 
sshd_config. It defaults to "no", and not explicitly setting it allows us to
enable it for the (optional) hostbased test.

OpenBSD-Regress-ID: aa8e3548eb5793721641d26e56c29f363b767c0c
 2022-01-07 09:50:07 +11:00
dtucker@openbsd.org
e12d912ddf upstream: Add test for hostbased auth. It requires some external 
setup (see comments at the top) and thus is disabled unless
TEST_SSH_HOSTBASED_AUTH and SUDO are set.

OpenBSD-Regress-ID: 3ec8ba3750c5b595fc63e7845d13483065a4827a
 2022-01-07 09:50:07 +11:00
Damien Miller
a48533a8da depend 2022-01-07 09:24:26 +11:00
djm@openbsd.org
d9dbb5d9a0 upstream: allow hostbased auth to select RSA keys when only 
RSA/SHA2 are configured (this is the default case); ok markus@

OpenBSD-Commit-ID: 411c18c7bde40c60cc6dfb7017968577b4d4a827
 2022-01-07 09:21:39 +11:00
djm@openbsd.org
fdb1d58d0d upstream: add a helper function to match a key type to a list of 
signature algorithms. RSA keys can make signatures with multiple algorithms,
so some special handling is required. ok markus@

OpenBSD-Commit-ID: 03b41b2bda06fa4cd9c84cef6095033b9e49b6ff
 2022-01-07 09:21:38 +11:00
djm@openbsd.org
11e8c4309a upstream: log some details on hostkeys that ssh loads for 
hostbased authn ok markus@

OpenBSD-Commit-ID: da17061fa1f0e58cb31b88478a40643e18233e38
 2022-01-07 09:21:38 +11:00
djm@openbsd.org
c6706f6617 upstream: log signature algorithm during verification by monitor; 
ok markus

OpenBSD-Commit-ID: 02b92bb42c4d4bf05a051702a56eb915151d9ecc
 2022-01-07 09:21:38 +11:00
djm@openbsd.org
8832402bd5 upstream: piece of UpdateHostkeys client strictification: when 
updating known_hosts with new keys, ignore NULL keys (forgot to include in
prior commit)

OpenBSD-Commit-ID: 49d2eda6379490e1ceec40c3b670b973f63dea08
 2022-01-07 09:21:38 +11:00
djm@openbsd.org
c2d9ced1da upstream: include rejected signature algorithm in error message 
and not the (useless) key type; ok markus

OpenBSD-Commit-ID: 4180b5ec7ab347b43f84e00b1972515296dab023
 2022-01-07 09:21:38 +11:00
djm@openbsd.org
7aa7b096cf upstream: make ssh-keysign use the requested signature algorithm 
and not the default for the keytype. Part of unbreaking hostbased auth for
RSA/SHA2 keys. ok markus@

OpenBSD-Commit-ID: b5639a14462948970da3a8020dc06f9a80ecccdc
 2022-01-07 09:21:38 +11:00
djm@openbsd.org
291721bc7c upstream: stricter UpdateHostkey signature verification logic on 
the client- side. Require RSA/SHA2 signatures for RSA hostkeys except when
RSA/SHA1 was explicitly negotiated during initial KEX; bz3375

ok markus@

OpenBSD-Commit-ID: 46e75e8dfa2c813781805b842580dcfbd888cf29
 2022-01-07 09:21:38 +11:00
djm@openbsd.org
0fa3368322 upstream: Fix signature algorithm selection logic for 
UpdateHostkeys on the server side. The previous code tried to prefer RSA/SHA2
for hostkey proofs of RSA keys, but missed some cases. This will use RSA/SHA2
signatures for RSA keys if the client proposed these algorithms in initial
KEX. bz3375

Mostly by Dmitry Belyavskiy with some tweaks by me.

ok markus@

OpenBSD-Commit-ID: c17ba0c3236340d2c6a248158ebed042ac6a8029
 2022-01-07 09:21:38 +11:00
djm@openbsd.org
17877bc81d upstream: convert ssh, sshd mainloops from select() to poll(); 
feedback & ok deraadt@ and markus@ has been in snaps for a few months

OpenBSD-Commit-ID: a77e16a667d5b194dcdb3b76308b8bba7fa7239c
 2022-01-07 09:21:38 +11:00
djm@openbsd.org
5c79952dfe upstream: prepare for conversion of ssh, sshd mainloop from 
select() to poll() by moving FD_SET construction out of channel handlers into
separate functions. ok markus

OpenBSD-Commit-ID: 937fbf2a4de12b19fb9d5168424e206124807027
 2022-01-07 09:11:58 +11:00
djm@openbsd.org
24c5187edf upstream: add a comment so I don't make this mistake again 
OpenBSD-Commit-ID: 69c7f2362f9de913bb29b6318580c5a1b52c921e
 2022-01-07 09:10:42 +11:00
djm@openbsd.org
7369900441 upstream: fix cut-and-pasto in error message 
OpenBSD-Commit-ID: 4cc5c619e4b456cd2e9bb760d17e3a9c84659198
 2022-01-07 09:10:42 +11:00
djm@openbsd.org
294c11b1c7 upstream: select all RSA hostkey algorithms for UpdateHostkeys tests, 
not just RSA-SHA1

OpenBSD-Regress-ID: b40e62b65863f2702a0c10aca583b2fe76772bd8
 2022-01-05 19:31:37 +11:00
djm@openbsd.org
2ea1108c30 upstream: regress test both sshsig message hash algorithms, possible 
now because the algorithm is controllable via the CLI

OpenBSD-Regress-ID: 0196fa87acc3544b2b4fd98de844a571cb09a39f
 2022-01-05 16:06:09 +11:00
djm@openbsd.org
2327c306b5 upstream: allow selection of hash at sshsig signing time; code 
already supported either sha512 (default) or sha256, but plumbing wasn't
there mostly by Linus Nordberg

OpenBSD-Commit-ID: 1b536404b9da74a84b3a1c8d0b05fd564cdc96cd
 2022-01-05 16:06:01 +11:00
djm@openbsd.org
56e941d0a0 upstream: add missing -O option to usage() for ssh-keygen -Y sign; 
from Linus Nordberg

OpenBSD-Commit-ID: 4e78feb4aa830727ab76bb2e3d940440ae1d7af0
 2022-01-05 16:06:01 +11:00
djm@openbsd.org
141a14ec9b upstream: move sig_process_opts() to before sig_sign(); no 
functional code change

OpenBSD-Commit-ID: da02d61f5464f72b4e8b299f83e93c3b657932f9
 2022-01-05 16:06:01 +11:00
djm@openbsd.org
37a14249ec upstream: regression test for find-principals NULL deref; from Fabian 
Stelzer

OpenBSD-Regress-ID: f845a8632a5a7d5ae26978004c93e796270fd3e5
 2022-01-05 15:12:46 +11:00
djm@openbsd.org
eb1f042142 upstream: NULL deref when using find-principals when matching an 
allowed_signers line that contains a namespace restriction, but no
restriction specified on the command-line; report and fix from Fabian Stelzer

OpenBSD-Commit-ID: 4a201b86afb668c908d1a559c6af456a61f4b145
 2022-01-05 15:12:39 +11:00
dtucker@openbsd.org
8f3b180305 upstream: Log command invocation while debugging. 
This will aid in manually reproducing failing commands.

OpenBSD-Regress-ID: b4aba8d5ac5675ceebeeeefa3261ce344e67333a
 2022-01-05 11:51:04 +11:00
Darren Tucker
bbf285164d Always save config.h as build artifact. 
Should allow better comparison between failing and succeeding test
platforms.
 2022-01-05 11:48:58 +11:00
Darren Tucker
03bd4ed0db Add OpenBSD 7.0 target. Retire 6.8. 2022-01-05 11:48:58 +11:00
jsg@openbsd.org
c45a752f0d upstream: spelling 
OpenBSD-Commit-ID: c63e43087a64d0727af13409c708938e05147b62
 2022-01-04 18:22:46 +11:00