tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,350 Commits 6 Branches 20 Tags 98 MiB
Commit Graph

12350 Commits

Author SHA1 Message Date
Darren Tucker 99668f2e6e
Configure with --target instead of deprecated form. 2023-03-28 09:50:06 +11:00
Darren Tucker f751d9306c
Pass rpath when building 64bit Solaris. 2023-03-27 22:18:49 +11:00
Darren Tucker a64b935cd4
Explicitly disable OpenSSL on AIX test VM. 2023-03-27 22:18:46 +11:00
dtucker@openbsd.org 7ebc6f060f
upstream: Add RevokedHostKeys to percent expansion test. 
OpenBSD-Regress-ID: c077fd12a38005dd53d878c5b944154dec88d2ff
 2023-03-27 15:04:36 +11:00
dtucker@openbsd.org f1a17de150
upstream: Add tilde and environment variable expansion to 
RevokedHostKeys. bz#3552, ok djm@

OpenBSD-Commit-ID: ce5d8e0219b63cded594c17d4c2958c06918ec0d
 2023-03-27 15:03:53 +11:00
djm@openbsd.org 009eb4cb48
upstream: fix test: getnameinfo returns a non-zero value on error, not 
(neccessarily) -1. From GHPR#384

OpenBSD-Commit-ID: d35e2b71268f66f5543a7ea68751972b3ae22b25
 2023-03-27 14:31:57 +11:00
djm@openbsd.org 4f0a676486
upstream: scp: when copying local->remote, check that source file 
exists before opening SFTP connection to the server. Based on GHPR#370 ok
dtucker, markus

OpenBSD-Commit-ID: b4dd68e15bfe22ce4fac9960a1066a2b721e54fb
 2023-03-27 14:28:00 +11:00
Darren Tucker 154d8baf63
Also look for gdb error message from OpenIndiana. 2023-03-27 12:22:30 +11:00
Darren Tucker fbd3811ddb
Explicitly disable security key test on aix51 VM. 
We don't know how to build the shared objects required for the security
key tests so skip them.
 2023-03-27 11:08:00 +11:00
Darren Tucker 4922ac3be8
Split libcrypto and other config flags. 
This should allow the automatic OpenSSL version selection in the tests
to work better.
 2023-03-26 14:49:43 +11:00
Darren Tucker 4a948b1469
Specify test target if we build without OpenSSL. 
When we decide we can't use the versions of OpenSSL available, also
restrict the tests we run to avoid the ones that need OpenSSL.
 2023-03-26 14:39:45 +11:00
Darren Tucker b308c636f5
Find suitable OpenSSL version. 
Check the installed OpenSSL versions for a suitable one, and if there
isn't (and we don't have a specific version configured) then build
without OpenSSL.
 2023-03-26 14:22:53 +11:00
Damien Miller 021ea5c286
Github testing support for BoringSSL 2023-03-24 15:39:48 +11:00
Damien Miller 9a97cd1064
BoringSSL doesn't support EC_POINT_point2bn() 
so don't invoke it in unittest
 2023-03-24 15:39:48 +11:00
Damien Miller cc5969c033
another ERR_load_CRYPTO_strings() vestige 2023-03-24 15:39:47 +11:00
Damien Miller 4974293899
don't use obsolete ERR_load_CRYPTO_strings() 
OpenSSL (and elsewhere in OpenSSH) uses ERR_load_crypto_strings()
 2023-03-24 15:26:27 +11:00
Damien Miller 3c527d55f9
Allow building with BoringSSL 2023-03-24 15:26:26 +11:00
Damien Miller b7e27cfd7f
put back SSLeay_version compat in configure test 
Needed to detect old versions and give good "your version is bad"
messages at configure time; spotted by dtucker@
 2023-03-24 15:26:26 +11:00
Damien Miller 7280401bdd
remove support for old libcrypto 
OpenSSH now requires LibreSSL 3.1.0 or greater or
OpenSSL 1.1.1 or greater

with/ok dtucker@
 2023-03-24 13:56:25 +11:00
Darren Tucker abda22fb48
Test latest OpenSSL 1.1, 3.0 and LibreSSL 3.7. 2023-03-19 15:36:13 +11:00
Darren Tucker 610ac1cb07
Show 9.3 branch instead of 9.2. 2023-03-16 21:38:04 +11:00
Damien Miller cb30fbdbee
depend 2023-03-16 08:28:19 +11:00
Damien Miller 1dba63eb10
crank version 2023-03-16 08:27:54 +11:00
djm@openbsd.org ba7532d0da
upstream: openssh-9.3 
OpenBSD-Commit-ID: 8011495f2449c1029bb316bd015eab2e00509848
 2023-03-16 08:21:56 +11:00
dtucker@openbsd.org 6fd4daafb9
upstream: Free KRL ptr in addition to its contents. 
From Coverity CID 291841, ok djm@

OpenBSD-Commit-ID: f146ba08b1b43af4e0d7ad8c4dae3748b4fa31b6
 2023-03-14 18:35:50 +11:00
dtucker@openbsd.org 1d270bd303
upstream: Check pointer for NULL before deref. 
None of the existing callers seem to do that, but it's worth checking.
From Coverity CID 291834, ok djm@

OpenBSD-Commit-ID: a0a97113f192a7cb1a2c97b932f677f573cda7a4
 2023-03-14 18:35:31 +11:00
dtucker@openbsd.org d95af508e7
upstream: Limit number of entries in SSH2_MSG_EXT_INFO 
request. This is already constrained by the maximum SSH packet size but this
makes it explicit.  Prompted by Coverity CID 291868, ok djm@ markus@

OpenBSD-Commit-ID: aea023819aa44a2dcb9dd0fbec10561896fc3a09
 2023-03-12 22:02:18 +11:00
dtucker@openbsd.org 8f287ba60d
upstream: calloc can return NULL but xcalloc can't. 
From Coverity CID 291881, ok djm@

OpenBSD-Commit-ID: 50204b755f66b2ec7ac3cfe379d07d85ca161d2b
 2023-03-12 22:01:57 +11:00
dtucker@openbsd.org 83a56a49fd
upstream: Explicitly ignore return from fcntl 
(... FD_CLOEXEC) here too.  Coverity CID 291853.

OpenBSD-Commit-ID: 99d8b3da9d0be1d07ca8dd8e98800a890349e9b5
 2023-03-12 22:01:44 +11:00
Damien Miller 0fda9d704d
bounds checking for getrrsetbyname() replacement; 
Spotted by Coverity in CID 405033; ok millert@
 2023-03-10 15:59:46 +11:00
dtucker@openbsd.org 89b8df518f
upstream: Plug mem leak on error path. Coverity CID 405026, ok djm@. 
OpenBSD-Commit-ID: 8212ca05d01966fb5e72205c592b2257708a2aac
 2023-03-10 15:42:37 +11:00
Darren Tucker bf4dae0ad1
Add prototypes for mkstemp replacements. 
Should prevent warnings due to our wrapper function.
 2023-03-10 14:46:57 +11:00
dtucker@openbsd.org 4e04d68d6a
upstream: Expliticly ignore return code from fcntl(.. FD_CLOEXEC) since 
there's not much we can do anyway.  From Coverity CID 291857, ok djm@

OpenBSD-Commit-ID: 051429dd07af8db3fec10d82cdc78d90bb051729
 2023-03-10 14:46:25 +11:00
djm@openbsd.org d6d38fd77c
upstream: Like sshd_config, some ssh_config options are not 
first-match-wins. sshd_config.5 was fixed in r1.348, this is the same for
this file

OpenBSD-Commit-ID: 7be55b9351cde449b136afcc52d07aa4113b215e
 2023-03-10 14:02:39 +11:00
dtucker@openbsd.org 7187d3f86b
upstream: Remove no-op (int) > INT_MAX checks 
since they can never be true. From Coverity CID 405031, ok djm@

OpenBSD-Commit-ID: 9df3783b181e056595e2bb9edf7ed41d61cf8e84
 2023-03-10 13:45:00 +11:00
Darren Tucker 77adde4305
Wrap mkstemp calls with umask set/restore. 
glibc versions 2.06 and earlier did not set a umask on files created by
mkstemp created the world-writable.  Wrap mkstemp to set and restore
the umask.  From Coverity (CIDs 291826 291886 291891), ok djm@
 2023-03-10 13:27:29 +11:00
jcs@openbsd.org 633d3dc2a1
upstream: modify parentheses in conditionals to make it clearer what is 
being assigned and what is being checked

ok djm dtucker

OpenBSD-Commit-ID: 19c10baa46ae559474409f75a5cb3d0eade7a9b8
 2023-03-10 10:40:02 +11:00
dtucker@openbsd.org 733030840c
upstream: Re-split the merge of the reorder-hostkeys test. 
In the kex_proposal_populate_entries change I merged the the check for
reordering hostkeys with the actual reordering, but kex_assemble_names
mutates options.hostkeyalgorithms which renders the check ineffective.
Put the check back where it was.  Spotted and tested by jsg@, ok djm@

OpenBSD-Commit-ID: a7469f25a738db5567395d1881e32479a7ffc9de
 2023-03-09 18:32:48 +11:00
djm@openbsd.org 54ac4ab2b5
upstream: include destination constraints for smartcard keys too. 
Spotted by Luci Stanescu; ok deraadt@ markus@

OpenBSD-Commit-ID: add879fac6903a1cb1d1e42c4309e5359c3d870f
 2023-03-09 18:32:48 +11:00
Darren Tucker bfd1ad01d9
Limit the number of PAM environment variables. 
xcalloc has its own limits, but these are specific to PAM.  From
Coverity CID 405198, ok djm@
 2023-03-09 18:32:48 +11:00
Darren Tucker a231414970
Limit the number of PAM environment variables. 
From Coverity CID 405194, tweaks and ok djm@
 2023-03-09 18:32:48 +11:00
dtucker@openbsd.org 36c6c3eff5
upstream: Plug mem leak. Coverity CID 405196, ok djm@ 
OpenBSD-Commit-ID: 175f09349387c292f626da68f65f334faaa085f2
 2023-03-08 17:31:07 +11:00
tb@openbsd.org dfb9b736e1
upstream: ssh-pkcs11: synchronize error messages with errors 
A handful of error messages contained incorrect function names or
otherwise inaccurate descriptions. Fix them to match reality.

input/ok djm

OpenBSD-Commit-ID: 165a15db52f75b31e1804b043480c36af09f3411
 2023-03-08 17:26:57 +11:00
guenther@openbsd.org 51875897b8
upstream: Delete obsolete /* ARGSUSED */ lint comments. 
ok miod@ millert@

OpenBSD-Commit-ID: 7be168a570264d59e96a7d2d22e927d45fee0e4c
 2023-03-08 17:26:53 +11:00
Darren Tucker a76085bda8
Extra brackets to prevent warning. 2023-03-08 17:26:51 +11:00
djm@openbsd.org 147ae57d4d
upstream: use RSA/SHA256 when testing usability of private key in 
agent; with/ok dtucker

OpenBSD-Commit-ID: fe1382e2fdf23fcae631308e72342bad56066a56
 2023-03-08 11:06:57 +11:00
djm@openbsd.org 27fd251bc9
upstream: use RSA/SHA256 when testing usability of private key; 
based on fix in bz3546 by Dmitry Belyavskiy; with/ok dtucker

OpenBSD-Commit-ID: 0ef414cc363a832f9fab92a5da0234448bce2eba
 2023-03-08 11:06:57 +11:00
djm@openbsd.org eee9f3fc3d
upstream: refactor to be more readable top to bottom. Prompted by 
Coverity CID 405048 which was a false-positive fd leak; ok dtucker@

OpenBSD-Commit-ID: fc55ec2af622a017defb9b768bf26faefc792c00
 2023-03-08 11:06:56 +11:00
Darren Tucker 42a06b29a4
Add header changes missed in previous. 2023-03-07 18:34:41 +11:00
dtucker@openbsd.org 4710077096
upstream: Fix mem leak in environment setup. 
From jjelen at redhat.com via bz#2687, ok djm@

OpenBSD-Commit-ID: 9f9e4ba3cac003e6f81da3bcebd1b9ec43e7f353
 2023-03-07 17:32:03 +11:00