tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-28 08:14:24 +02:00
Code Issues Packages Projects Releases Wiki Activity
10,435 Commits 6 Branches 22 Tags
Commit Graph

10435 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Damien Miller
e83c989bfd use SC_ALLOW_ARG_MASK to limit mmap protections 
Restrict to PROT_(READ|WRITE|NONE), i.e. exclude PROT_EXEC
 2019-08-23 10:19:30 +10:00
Damien Miller
f6906f9bf1 allow mprotect(2) with PROT_(READ|WRITE|NONE) only 
Used by some hardened heap allocators. Requested by Yegor
Timoshenko in https://github.com/openssh/openssh-portable/pull/142
 2019-08-23 10:10:03 +10:00
djm@openbsd.org
e3b6c966b7 upstream: switch percent_expand() to use sshbuf instead of a limited 
fixed buffer; ok markus@

OpenBSD-Commit-ID: 3f9ef20bca5ef5058b48c1cac67c53b9a1d15711
 2019-08-16 16:14:30 +10:00
djm@openbsd.org
9ab5b94747 upstream: produce a useful error message if the user's shell is set 
incorrectly during "match exec" processing. bz#2791 reported by Dario
Bertini; ok dtucker

OpenBSD-Commit-ID: cf9eddd6a6be726cb73bd9c3936f3888cd85c03d
 2019-08-09 15:11:30 +10:00
dtucker@openbsd.org
8fdbc7247f upstream: Change description of TCPKeepAlive from "inactive" to 
"unresponsive" to clarify what it checks for.  Patch from jblaine at
kickflop.net via github pr#129, ok djm@.

OpenBSD-Commit-ID: 3682f8ec7227f5697945daa25d11ce2d933899e9
 2019-08-09 15:11:30 +10:00
dtucker@openbsd.org
7afc45c3ed upstream: Allow the maximimum uint32 value for the argument passed to 
-b which allows better error messages from later validation.  bz#3050, ok
djm@

OpenBSD-Commit-ID: 10adf6876b2401b3dc02da580ebf67af05861673
 2019-08-08 20:01:39 +10:00
naddy@openbsd.org
c31e4f5fb3 upstream: Many key types are supported now, so take care to check 
the size restrictions and apply the default size only to the matching key
type. tweak and ok dtucker@

OpenBSD-Commit-ID: b825de92d79cc4cba19b298c61e99909488ff57e
 2019-08-08 16:40:09 +10:00
dtucker@openbsd.org
6b39a7b49e upstream: Remove now-redundant perm_ok arg since 
sshkey_load_private_type will now return SSH_ERR_KEY_BAD_PERMISSIONS in that
case.  Patch from jitendra.sharma at intel.com, ok djm@

OpenBSD-Commit-ID: 07916a17ed0a252591b71e7fb4be2599cb5b0c77
 2019-08-08 16:40:09 +10:00
Darren Tucker
d46075b923 Fix mem leak in unit test. 
Patch from jitendra.sharma at intel.com.
 2019-08-05 21:36:48 +10:00
djm@openbsd.org
c4ffb72593 upstream: fix some memleaks in test_helper code 
bz#3037 from Jitendra Sharma

OpenBSD-Regress-ID: 71440fa9186f5842a65ce9a27159385c6cb6f751
 2019-08-02 11:42:26 +10:00
djm@openbsd.org
6e76e69dc0 upstream: typo; from Christian Hesse 
OpenBSD-Commit-ID: 82f6de7438ea7ee5a14f44fdf5058ed57688fdc3
 2019-08-02 11:25:46 +10:00
djm@openbsd.org
49fa065a1b upstream: let sshbuf_find/cmp take a void* for the 
search/comparison argument, instead of a u_char*. Saves callers needing to
cast.

OpenBSD-Commit-ID: d63b69b7c5dd570963e682f758f5a47b825605ed
 2019-07-30 15:06:27 +10:00
mestre@openbsd.org
7adf6c430d upstream: When using a combination of a Yubikey+GnuPG+remote 
forwarding the gpg-agent (and options ControlMaster+RemoteForward in
ssh_config(5)) then the codepath taken will call mux_client_request_session
-> mm_send_fd -> sendmsg(2). Since sendmsg(2) is not allowed in that codepath
then pledge(2) kills the process.

The solution is to add "sendfd" to pledge(2), which is not too bad considering
a little bit later we reduce pledge(2) to only "stdio proc tty" in that
codepath.

Problem reported and diff provided by Timothy Brown <tbrown at freeshell.org>

OK deraadt@

OpenBSD-Commit-ID: 7ce38b6542bbec00e441595d0a178e970a9472ac
 2019-07-30 15:06:27 +10:00
dtucker@openbsd.org
0e2fe18acc upstream: Fix typo in CASignatureAlgorithms wherein what should be 
a comma is a dot. Patch from hnj2 via github pr#141.

OpenBSD-Commit-ID: 01f5a460438ff1af09aab483c0a70065309445f0
 2019-07-30 15:06:27 +10:00
Darren Tucker
e93ffd1a19 Report success of individual tests as well as all. 
This puts the "all tests passed" message back at the end where the
test harnesses can find it.
 2019-07-29 16:34:19 +10:00
Damien Miller
2ad5b36b18 convert to UTF-8; from Mike Frysinger 2019-07-29 09:49:23 +10:00
dtucker@openbsd.org
d31e7c937b upstream: Restrict limit-keytype to types supported by build. This 
means we have to skip a couple tests when only one key type is supported.

OpenBSD-Regress-ID: 22d05befb9c7ce21ce8dc22acf1ffe9e2ef2e95e
 2019-07-26 14:51:25 +10:00
Darren Tucker
0967a233b8 Remove override disabling DH-GEX. 
The DH-GEX override doesn't work when build without OpenSSL, and
we'll prefer curve25519 these days, removing the need for it.
 2019-07-25 20:11:45 +10:00
dtucker@openbsd.org
061407efc1 upstream: Only use supported key types during KRL test, preferring 
ed25519 since it's supported by both OpenSSL and non-OpenSSL builds.

OpenBSD-Regress-ID: 9f2bb3eadd50fcc8245b1bd8fd6f0e53602f71aa
 2019-07-25 20:09:06 +10:00
dtucker@openbsd.org
47f8ff1fa5 upstream: Switch keys-command test from rsa to ed25519 since it's 
supported for both OpenSSL and non-OpenSSL builds.

OpenBSD-Regress-ID: 174be4be876edd493e4a5c851e5bc579885e7a0a
 2019-07-25 20:01:19 +10:00
dtucker@openbsd.org
1e94afdfa8 upstream: Make certificate tests work with the supported key 
algorithms.  Allows tests to pass when built without OpenSSL.

OpenBSD-Regress-ID: 617169a6dd9d06db3697a449d9a26c284eca20fc
 2019-07-25 20:01:19 +10:00
dtucker@openbsd.org
26bf693661 upstream: Construct list of key types to test based on the types 
supported by the binaries.

OpenBSD-Regress-ID: fcbd115efacec8ab0ecbdb3faef79ac696cb1d62
 2019-07-24 16:51:17 +10:00
dtucker@openbsd.org
773c55b3d1 upstream: Only use DSA key type in tests if binaries support it. 
OpenBSD-Regress-ID: 770e31fe61dc33ed8eea9c04ce839b33ddb4dc96
 2019-07-24 16:47:58 +10:00
Darren Tucker
159e987a54 Split test targets further. 
Splits test into file-tests, t-exec, unit and interop-tests and their
respective dependencies.  Should allow running any set individually
without having to build the other dependencies that are not needed
for that specific test.
 2019-07-24 14:21:19 +10:00
Darren Tucker
520d4550a2 Add lib dependencies for regress binary targets. 2019-07-24 11:20:18 +10:00
Darren Tucker
4e8d0dd78d Make "unit" a dependency of "test". 2019-07-24 00:12:51 +10:00
Darren Tucker
4317b2a048 upstream rev 1.28: fix comment typo. 2019-07-23 23:24:47 +10:00
Darren Tucker
e0055af2bd Split regress-binaries into two targets. 
Split the binaries for the unit tests out into a regress-unit-binaries
target, and add a dependency on it for only the unit tests.  This allows
us to run the integration tests only ("make t-exec") without building
the unit tests, which allows us to run a subset of the tests when
building --without-openssl without trying (and failing) to build the
unit tests.

This means there are two targets for "unit" which I *think* is valid
(it works in testing, and makedepend will generate Makefiles of this
form)a but I could be wrong.
 2019-07-23 23:18:17 +10:00
dtucker@openbsd.org
7cdf9fdcf1 upstream: Skip DH group generation test if binaries don't support 
DH-GEX.

OpenBSD-Regress-ID: 7c918230d969ecf7656babd6191a74526bffbffd
 2019-07-23 22:51:22 +10:00
dtucker@openbsd.org
3a3eab8bb0 upstream: Only test conversion of key types supported by the 
binaries.

OpenBSD-Regress-ID: e3f0938a0a7407e2dfbb90abc3ec979ab6e8eeea
 2019-07-23 22:51:22 +10:00
dtucker@openbsd.org
7e66b7d98c upstream: Only add ssh-dss to allowed key types if it's supported 
by the binary.

OpenBSD-Regress-ID: 395a54cab16e9e4ece9aec047ab257954eebd413
 2019-07-23 22:51:22 +10:00
Darren Tucker
fd0684b319 Remove sys/cdefs.h include. 
It's not needed on -portable (that's handled by includes.h) and not all
platforms have it.
 2019-07-23 22:36:39 +10:00
Darren Tucker
9634ffbf29 Add headers to prevent warnings w/out OpenSSL. 2019-07-23 22:26:20 +10:00
Darren Tucker
2ea60312e1 Include stdlib.h for free() and calloc(). 2019-07-23 22:11:50 +10:00
Darren Tucker
11cba2a452 Re-apply portability changes to current sha2.{c,h}. 
Rather than attempt to apply 14 years' worth of changes to OpenBSD's sha2
I imported the current versions directly then re-applied the portability
changes.  This also allowed re-syncing digest-libc.c against upstream.
 2019-07-23 22:06:24 +10:00
Darren Tucker
09159594a3 Import current sha2.c and sha2.h from OpenBSD. 
These are not changed from their original state, the next commit will
re-apply the portable changes.
 2019-07-23 22:06:24 +10:00
Darren Tucker
2e6035b900 Rename valgrind "errors" to "failures". 
When valgrind is enabled, test-exec.sh counts the number of invocations
that valgrind detects failures in, not the total number of errors detected.
This makes the name to be more accurate.
 2019-07-23 08:11:22 +10:00
Darren Tucker
e82c9bb9ff Skip running sftp-chroot under Valgrind. 2019-07-20 22:14:46 +10:00
dtucker@openbsd.org
41e22c2e05 upstream: Remove the sleeps and thus races from the forwarding 
test.  They were originally required to work with Protocol 1, but now we can
use ssh -N and the control socket without the sleeps. While there, suppress
output fro the control exit commands.

OpenBSD-Regress-ID: 4c51a1d651242f12c90074c18c61008a74c1c790
 2019-07-20 22:13:40 +10:00
dtucker@openbsd.org
0423043c5e upstream: Allow SLEEPTIME to be overridden. 
OpenBSD-Regress-ID: 1596ab168729954be3d219933b2d01cc93687e76
 2019-07-20 22:12:24 +10:00
dtucker@openbsd.org
d466b6a5cf upstream: Move sleep time into a variable so that we can increase 
it for platforms or configurations that are much slower then usual.

OpenBSD-Regress-ID: 88586cabc800062c260d0b876bdcd4ca3f58a872
 2019-07-20 22:11:00 +10:00
djm@openbsd.org
b4a7c9d2b5 upstream: add regression tests for scp for out-of-destination path file 
creation by Harry Sintonen via Jakub Jelen in bz3007

OpenBSD-Regress-ID: 01ae5fbc6ce400b2df5a84dc3152a9e31f354c07
 2019-07-19 13:53:27 +10:00
djm@openbsd.org
bca0582063 upstream: Accept the verbose flag when searching for host keys in known 
hosts (i.e. "ssh-keygen -vF host") to print the matching host's random- art
signature too. bz#3003 "amusing, pretty" deraadt@

OpenBSD-Commit-ID: 686221a5447d6507f40a2ffba5393984d889891f
 2019-07-19 13:53:27 +10:00
Darren Tucker
5299a09fa2 Revert one dependency per line change. 
It turns out that having such a large number of lines in the .depend
file will cause the memory usage of awk during AC_SUBST to blow up on at
least NetBSD's awk, causing configure to fail.
 2019-07-19 13:52:41 +10:00
Damien Miller
01dddb231f fix SIGWINCH delivery of Solaris for mux sessions 
Remove PRIV_PROC_SESSION which was limiting ability to send SIGWINCH
signals to other sessions.  bz#3030; report and fix from Darren Moffat
 2019-07-19 13:22:16 +10:00
Darren Tucker
05500af21d Force dependencies one per line. 
Force makedepend to output one dependency per line, which will make
reading diffs against it much easier.  ok djm@
 2019-07-19 13:20:03 +10:00
Darren Tucker
b5bc5d016b make depend. 2019-07-19 13:18:07 +10:00
Darren Tucker
65333f7454 Show when skipping valgrind for a test. 2019-07-19 13:16:11 +10:00
Darren Tucker
fccb7eb343 Enable connect-privsep test with valgrind. 
connect-privsep seems to work OK with valgrind now so don't skip
valgrind on it.
 2019-07-19 10:41:56 +10:00
Darren Tucker
d742301726 Show valgrind results and error counts. 2019-07-19 07:43:07 +10:00