b7fbc75e11
upstream: space
...
OpenBSD-Commit-ID: 350648bcf00a2454e7ef998b7d88e42552b348ac
2019-10-04 14:34:05 +10:00
643ab68c79
upstream: more sshsig regress tests: check key revocation, the
...
check-novalidate signature test mode and signing keys in ssh-agent.
From Sebastian Kinne (slightly tweaked)
OpenBSD-Regress-ID: b39566f5cec70140674658cdcedf38752a52e2e2
2019-10-04 13:41:03 +10:00
714031a10b
upstream: Check for gmtime failure in moduli generation. Based on
...
patch from krishnaiah.bommu@intel.com , ok djm@
OpenBSD-Commit-ID: 4c6a4cde0022188ac83737de08da0e875704eeaa
2019-10-04 13:40:57 +10:00
6918974405
upstream: use a more common options order in SYNOPSIS and sync
...
usage(); while here, no need for Bk/Ek;
ok dtucker
OpenBSD-Commit-ID: 38715c3f10b166f599a2283eb7bc14860211bb90
2019-10-04 13:40:57 +10:00
feff96b7d4
upstream: thinko in previous; spotted by Mantas
...
=?UTF-8?q?=20Mikul=C4=97nas?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
OpenBSD-Commit-ID: ffa3f5a45e09752fc47d9041e2203ee2ec15b24d
2019-10-02 19:53:40 +10:00
b5a89eec41
upstream: make signature format match PROTOCO
...
=?UTF-8?q?=20as=20a=20string,=20not=20raw=20bytes.=20Spotted=20by=20Manta?=
=?UTF-8?q?s=20Mikul=C4=97nas?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
OpenBSD-Commit-ID: 80fcc6d52893f80c6de2bedd65353cebfebcfa8f
2019-10-02 18:08:17 +10:00
dc6f81ee94
upstream: ban empty namespace strings for s
...
=?UTF-8?q?shsig;=20spotted=20by=20Mantas=20Mikul=C4=97nas?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
OpenBSD-Commit-ID: 7c5bcf40bed8f4e826230176f4aa353c52aeb698
2019-10-02 18:08:17 +10:00
fa5bd8107e
Put ssherr.h back as it's actually needed.
2019-10-02 14:30:55 +10:00
3ef92a6574
Deny (non-fatal) shmget/shmat/shmdt in preauth privsep child.
...
New wait_random_seeded() function on OpenSSL 1.1.1d uses shmget, shmat, and shmdt
in the preauth codepath, deny (non-fatal) in seccomp_filter sandbox.
2019-10-02 12:24:38 +10:00
edd1d3a626
remove duplicate #includes
...
Prompted by Jakub Jelen
2019-10-02 10:54:28 +10:00
13c508dfed
typo in comment
2019-10-02 10:51:15 +10:00
d0c3ac427f
upstream: remove some duplicate #includes
...
OpenBSD-Commit-ID: ed6827ab921eff8027669848ef4f70dc1da4098c
2019-10-02 10:43:47 +10:00
084682786d
upstream: revert unconditional forced login implemented in r1.41 of
...
ssh-pkcs11.c; r1.45 added a forced login as a fallback for cases where the
token returns no objects and this is less disruptive for users of tokens
directly in ssh (rather than via ssh-agent) and in ssh-keygen
bz3006, patch from Jakub Jelen; ok markus
OpenBSD-Commit-ID: 33d6df589b072094384631ff93b1030103b3d02e
2019-10-01 20:24:07 +10:00
6c91d42cce
upstream: group and sort single letter options; ok deraadt
...
OpenBSD-Commit-ID: e1480e760a2b582f79696cdcff70098e23fc603f
2019-10-01 20:24:07 +10:00
3b44bf39ff
upstream: fix the DH-GEX text in -a; because this required a comma,
...
i added a comma to the first part, for balance...
OpenBSD-Commit-ID: 2c3464e9e82a41e8cdfe8f0a16d94266e43dbb58
2019-10-01 20:24:07 +10:00
3e53ef28fa
upstream: identity_file[] should be PATH_MAX, not the arbitrary
...
number 1024
OpenBSD-Commit-ID: e775f94ad47ce9ab37bd1410d7cf3b7ea98b11b7
2019-10-01 20:24:07 +10:00
90d4b2541e
upstream: new sentence, new line;
...
OpenBSD-Commit-ID: c35ca5ec07be460e95e7406af12eee04a77b6698
2019-10-01 20:24:07 +10:00
fbec7dba01
Include stdio.h for snprintf.
...
Patch from vapier@gentoo.org .
2019-09-30 18:01:12 +10:00
0a403bfde7
Add SKIP_LTESTS for skipping specific tests.
2019-09-30 14:11:42 +10:00
4d59f7a516
upstream: Test for empty result in expected bits. Remove CRs from log
...
as they confuse tools on some platforms. Re-enable the 3des-cbc test.
OpenBSD-Regress-ID: edf536d4f29fc1ba412889b37247a47f1b49d250
2019-09-27 15:36:22 +10:00
7c817d129e
Re-enable dhgex test.
...
Since we've added larger fallback groups to dh.c this test will pass
even if there is no moduli file installed on the system.
2019-09-27 15:26:22 +10:00
c1e0a32fa8
Add more ToS bits, currently only used by netcat.
2019-09-24 21:17:20 +10:00
5a273a33ca
Privsep is now required.
2019-09-19 15:41:23 +10:00
8aa2aa3cd4
upstream: Allow testing signature syntax and validity without verifying
...
that a signature came from a trusted signer. To discourage accidental or
unintentional use, this is invoked by the deliberately ugly option name
"check-novalidate"
from Sebastian Kinne
OpenBSD-Commit-ID: cea42c36ab7d6b70890e2d8635c1b5b943adcc0b
2019-09-16 13:25:53 +10:00
7047d5afe3
upstream: clarify that IdentitiesOnly also applies to the default
...
~/.ssh/id_* keys; bz#3062
OpenBSD-Commit-ID: 604be570e04646f0f4a17026f8b2aada6a585dfa
2019-09-13 14:53:45 +10:00
b36ee3fcb2
upstream: Plug mem leaks on error paths, based in part on github
...
pr#120 from David Carlier. ok djm@.
OpenBSD-Commit-ID: c57adeb1022a8148fc86e5a88837b3b156dbdb7e
2019-09-13 14:53:45 +10:00
2aefdf1aef
upstream: whitespace
...
OpenBSD-Commit-ID: 57a71dd5f4cae8d61e0ac631a862589fb2bfd700
2019-09-13 14:53:45 +10:00
fbe24b1429
upstream: allow %n to be expanded in ProxyCommand strings
...
From Zachary Harmany via github.com/openssh/openssh-portable/pull/118
ok dtucker@
OpenBSD-Commit-ID: 7eebf1b7695f50c66d42053d352a4db9e8fb84b6
2019-09-13 14:28:44 +10:00
2ce1d11600
upstream: clarify that ConnectTimeout applies both to the TCP
...
connection and to the protocol handshake/KEX. From Jean-Charles Longuet via
Github PR140
OpenBSD-Commit-ID: ce1766abc6da080f0d88c09c2c5585a32b2256bf
2019-09-13 14:09:21 +10:00
df78011427
upstream: Fix potential truncation warning. ok deraadt.
...
OpenBSD-Commit-ID: d87b7e3a94ec935e8194e7fce41815e22804c3ff
2019-09-13 14:09:20 +10:00
ec0e624366
memleak of buffer in sshpam_query
...
coverity report via Ed Maste; ok dtucker@
2019-09-13 13:15:19 +10:00
c17e4638e5
explicitly test set[ug]id() return values
...
Legacy !_POSIX_SAVED_IDS path only; coverity report via Ed Maste
ok dtucker@
2019-09-13 13:15:14 +10:00
91a2135f32
upstream: Allow prepending a list of algorithms to the default set
...
by starting the list with the '^' character, e.g.
HostKeyAlgorithms ^ssh-ed25519
Ciphers ^aes128-gcm@openssh.com ,aes256-gcm@openssh.com
ok djm@ dtucker@
OpenBSD-Commit-ID: 1e1996fac0dc8a4b0d0ff58395135848287f6f97
2019-09-08 14:49:04 +10:00
c8bdd2db77
upstream: key conversion should fail for !openssl builds, not fall
...
through to the key generation code
OpenBSD-Commit-ID: b957436adc43c4941e61d61958a193a708bc83c9
2019-09-08 14:49:04 +10:00
823f6c37eb
upstream: typo in previous
...
OpenBSD-Commit-ID: 7c3b94110864771a6b80a0d8acaca34037c3c96e
2019-09-08 14:49:04 +10:00
6a710d3e06
needs time.h for --without-openssl
2019-09-08 14:48:11 +10:00
f61f29afda
make unittests pass for no-openssl case
2019-09-08 10:37:17 +10:00
105e1c9218
upstream: avoid compiling certain files that deeply depend on
...
libcrypto when WITH_OPENSSL isn't set
OpenBSD-Commit-ID: 569f08445c27124ec7c7f6c0268d844ec56ac061
2019-09-06 17:54:21 +10:00
670104b923
upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@
...
OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f
2019-09-06 17:54:21 +10:00
be02d7cbde
upstream: lots of things were relying on libcrypto headers to
...
transitively include various system headers (mostly stdlib.h); include them
explicitly
OpenBSD-Commit-ID: 5b522f4f2d844f78bf1cc4f3f4cc392e177b2080
2019-09-06 17:54:21 +10:00
d05aaaaadc
upstream: remove leakmalloc reference; we used this early when
...
refactoring but not since
OpenBSD-Commit-ID: bb28ebda8f7c490b87b37954044a6cdd43a7eb2c
2019-09-06 16:06:22 +10:00
1268f0bcd8
upstream: Check for RSA support before using it for the user key,
...
otherwise use ed25519 which is supported when built without OpenSSL.
OpenBSD-Regress-ID: 3d23ddfe83c5062f00ac845d463f19a2ec78c0f7
2019-09-06 14:37:23 +10:00
fd7a2dec65
Provide explicit path to configure-check.
...
On some platforms (at least OpenBSD) make won't search VPATH for target
files, so building out-of-tree will fail at configure-check. Provide
explicit path. ok djm@
2019-09-06 14:09:41 +10:00
00865c2969
upstream: better error code for bad arguments; inspired by
...
OpenBSD-Commit-ID: dfc263b6041de7f0ed921a1de0b81ddebfab1e0a
2019-09-06 12:01:45 +10:00
afdf27f5ac
revert config.h/config.h.in freshness checks
...
turns out autoreconf and configure don't touch some files if their content
doesn't change, so the mtime can't be relied upon in a makefile rule
2019-09-05 21:38:40 +10:00
a97609e850
extend autoconf freshness test
...
make it cover config.h.in and config.h separately
2019-09-05 20:54:39 +10:00
182297c10e
check that configure/config.h is up to date
...
Ensure they are newer than the configure.ac / aclocal.m4 source
2019-09-05 20:35:33 +10:00
7d6034bd02
upstream: if a PKCS#11 token returns no keys then try to login and
...
refetch them. Based on patch from Jakub Jelen; bz#2430 ok markus@
OpenBSD-Commit-ID: ab53bd6ddd54dd09e54a8bfbed1a984496f08b43
2019-09-05 20:07:12 +10:00
76f09bd959
upstream: sprinkle in some explicit errors here, otherwise the
...
percolate all the way up to dispatch_run_fatal() and lose all meaninful
context
to help with bz#3063; ok dtucker@
OpenBSD-Commit-ID: 5b2da83bb1c4a3471444b7910b2120ae36438a0a
2019-09-05 20:07:12 +10:00
0ea332497b
upstream: only send ext_info for KEX_INITIAL; bz#2929 ok dtucker
...
OpenBSD-Commit-ID: 00f5c6062f6863769f5447c6346f78c05d2e4a63
2019-09-05 20:07:12 +10:00
djm@openbsd.org
dtucker@openbsd.org
jmc@openbsd.org
Darren Tucker
Lonnie Abelbeck
Damien Miller
deraadt@openbsd.org
naddy@openbsd.org