1196d7f49d
upstream: ssh-keyscan(1): simplify conloop() with timercmp(3),
...
timersub(3); ok djm@
OpenBSD-Commit-ID: a102acb544f840d33ad73d40088adab4a687fa27
2020-08-27 11:27:01 +10:00
d0a195c89e
upstream: let ssh_config(5)'s AddKeysToAgent keyword accept a time
...
limit for keys in addition to its current flag options. Time-limited keys
will automatically be removed from ssh-agent after their expiry time has
passed; ok markus@
OpenBSD-Commit-ID: 792e71cacbbc25faab5424cf80bee4a006119f94
2020-08-27 11:27:01 +10:00
e9c2002891
upstream: let the "Confirm user presence for key ..." ssh-askpass
...
notification respect $SSH_ASKPASS_REQUIRE; ok markus@
OpenBSD-Commit-ID: 7c1a616b348779bda3b9ad46bf592741f8e206c1
2020-08-27 11:26:26 +10:00
eaf8672b1b
Remove check for 'ent' command.
...
It was added in 8d1fd57a9
2020-08-21 00:07:48 +10:00
05c215de8d
Wrap stdint.h include in ifdef HAVE_STDINT_H.
2020-08-17 21:34:32 +10:00
eaf2765efe
sync memmem.c with OpenBSD
2020-08-10 13:24:20 +10:00
ed6bef77f5
Always send any PAM account messages.
...
If the PAM account stack reaturns any messages, send them to the user
not just if the check succeeds. bz#2049, ok djm@
2020-08-07 17:14:56 +10:00
a09e98dcae
Output test debug logs on failure.
2020-08-07 15:37:37 +10:00
eb122b1eeb
Add ability to specify exact test target.
2020-08-07 15:24:55 +10:00
c2ec7a07f8
Document --without-openssl and --without-zlib.
2020-08-07 14:26:20 +10:00
651bb3a319
Add without-openssl without-zlib test target.
2020-08-07 14:26:20 +10:00
9499f2bb01
Add CI with prepare script
...
* Only use heimdal kerberos implementation
* Fetch yubico/libfido2 (see: https://github.com/Yubico/libfido2 )
* Add one target for
* all features
* each feature alone
* no features
2020-08-06 00:01:41 +02:00
ea1f649046
support NetBSD's utmpx.ut_ss address field
...
bz#960, ok dtucker
2020-08-05 08:58:57 +10:00
32c63e75a7
wrap a declaration in the same ifdefs as its use
...
avoids warnings on NetBSD
2020-08-04 14:59:21 +10:00
c9e3be9f4b
undef TAILQ_CONCAT and friends
...
Needed for NetBSD. etc that supply these macros
2020-08-04 14:58:46 +10:00
2d8a3b7e8b
upstream: ensure that certificate extensions are lexically sorted.
...
Previously if the user specified a custom extension then the everything would
be in order except the custom ones. bz3198 ok dtucker markus
OpenBSD-Commit-ID: d97deb90587b06cb227c66ffebb2d9667bf886f0
2020-08-03 14:27:59 +10:00
a8732d74cb
upstream: allow -A to explicitly enable agent forwarding in scp and
...
sftp. The default remains to not forward an agent, even when ssh_config
enables it. ok jmc dtucker markus
OpenBSD-Commit-ID: 36cc526aa3b0f94e4704b8d7b969dd63e8576822
2020-08-03 14:27:59 +10:00
ab9105470a
upstream: clang -Wimplicit-fallthrough does not recognise /*
...
FALLTHROUGH */ comments, which is the style we currently use, and gives too
many boring warnings. ok djm
OpenBSD-Commit-ID: 07b5031e9f49f2b69ac5e85b8da4fc9e393992a0
2020-08-03 14:27:50 +10:00
ced327b9fb
upstream: Also compare username when checking for JumpHost loops.
...
bz#3057, ok djm@
OpenBSD-Commit-ID: 9bbc1d138adb34c54f3c03a15a91f75dbf418782
2020-08-03 14:27:18 +10:00
ae7527010c
Remove AC_REVISION.
...
It hasn't been useful since we switched to git in 2014. ok djm@
2020-07-31 15:19:56 +10:00
89fc3f414b
Use argv in OSSH_CHECK_CFLAG_COMPILE test.
...
configure.ac is not detecting -Wextra in compilers that implement the
option. The problem is that -Wextra implies -Wunused-parameter, and the
C excerpt used by aclocal.m4 does not use argv. Patch from pedro at
ambientworks.net, ok djm@
2020-07-28 19:40:30 +10:00
62c81ef531
Skip ECDSA-SK webauthn test when built w/out ECC
2020-07-20 22:12:07 +10:00
3ec9a6d731
Add ssh-sk-helper and manpage to RPM spec file
...
Based on patch from Fabio Pedretti
2020-07-20 13:09:25 +10:00
a2855c048b
upstream: Add %k to the TOKENs for Match Exec for consistency with
...
the other keywords that recently got %k.
OpenBSD-Commit-ID: 1857d1c40f270cbc254fca91e66110641dddcfdb
2020-07-17 18:03:28 +10:00
69860769fa
upstream: fix macro slip in previous;
...
OpenBSD-Commit-ID: 624e47ab209450ad9ad5c69f54fa69244de5ed9a
2020-07-17 18:03:28 +10:00
40649bd082
upstream: Add test for '%k' (HostKeyAlias) TOKEN.
...
OpenBSD-Regress-ID: 8ed1ba1a811790031aad3fcea860a34ad7910456
2020-07-17 18:03:12 +10:00
6736fe6807
upstream: Add tests for expansions on UserKnownHostsFile.
...
OpenBSD-Regress-ID: bccf8060306c841bbcceb1392644f906a4d6ca51
2020-07-17 13:53:04 +10:00
287dc6396e
upstream: log error message for process_write() write failures
...
OpenBSD-Commit-ID: f733d7b3b05e3c68967dc18dfe39b9e8fad29851
2020-07-17 13:52:46 +10:00
8df5774a42
upstream: Add a '%k' TOKEN that expands to the effective HostKey of
...
the destination. This allows, eg, keeping host keys in individual files
using "UserKnownHostsFile ~/.ssh/known_hosts.d/%k". bz#1654, ok djm@, jmc@
(man page bits)
OpenBSD-Commit-ID: 7084d723c9cc987a5c47194219efd099af5beadc
2020-07-17 13:52:46 +10:00
c4f239944a
upstream: Add %-TOKEN, environment variable and tilde expansion to
...
UserKnownHostsFile, allowing the file to be automagically split up in the
configuration (eg bz#1654). ok djm@, man page parts jmc@
OpenBSD-Commit-ID: 7e1b406caf147638bb51558836a72d6cc0bd1b18
2020-07-17 13:52:46 +10:00
dbaaa01dae
upstream: - Add [-a rounds] in ssh-keygen man page and usage() -
...
Reorder parameters list in the first usage() case - Sentence rewording
ok dtucker@
jmc@ noticed usage() missed -a flag too
OpenBSD-Commit-ID: f06b9afe91cc96f260b929a56e9930caecbde246
2020-07-17 13:23:34 +10:00
69924a92c3
upstream: start sentence with capital letter;
...
OpenBSD-Commit-ID: ab06581d51b2b4cc1b4aab781f7f3cfa56cad973
2020-07-17 13:23:34 +10:00
5b56bd0aff
detect Linux/X32 systems
...
This is a frankenstein monster of AMD64 instructions/calling conventions
but with a 4GB address space. Allegedly deprecated but people still run
into it causing weird sandbox failures, e.g. bz#3085
2020-07-17 13:21:56 +10:00
9c9ddc1391
upstream: Fix previous by calling the correct function.
...
OpenBSD-Regress-ID: 821cdd1dff9c502cceff4518b6afcb81767cad5a
2020-07-15 17:11:08 +10:00
f1a4798941
upstream: Update test to match recent change in match.c
...
OpenBSD-Regress-ID: 965bda1f95f09a765050707340c73ad755f41167
2020-07-15 16:01:29 +10:00
d7e71be4fd
Adjust portable code to match changes in 939d787d,
2020-07-15 15:30:43 +10:00
fec89f32a8
upstream: Add default for number of rounds (-a). ok djm@
...
OpenBSD-Commit-ID: cb7e9aa04ace01a98e63e4bd77f34a42ab169b15
2020-07-15 15:08:10 +10:00
aaa8b609a7
upstream: allow some additional control over the use of ssh-askpass
...
via $SSH_ASKPASS_REQUIRE, including force-enable/disable. bz#69 ok markus@
OpenBSD-Commit-ID: 3a1e6cbbf6241ddc4405c4246caa2c249f149eb2
2020-07-15 15:08:10 +10:00
6368022cd4
upstream: correct recently broken comments
...
OpenBSD-Commit-ID: 964d9a88f7de1d0eedd3f8070b43fb6e426351f1
2020-07-15 15:08:10 +10:00
6d755706a0
upstream: some language improvements; ok markus
...
OpenBSD-Commit-ID: 939d787d571b4d5da50b3b721fd0b2ac236acaa8
2020-07-15 15:07:42 +10:00
b0c1e8384d
upstream: update setproctitle after re-exec; ok djm
...
OpenBSD-Commit-ID: bc92d122f9184ec2a9471ade754b80edd034ce8b
2020-07-15 15:06:44 +10:00
cd119a5ec2
upstream: keep ignoring HUP after fork+exec; ok djm
...
OpenBSD-Commit-ID: 7679985a84ee5ceb09839905bb6f3ddd568749a2
2020-07-15 15:06:44 +10:00
8af4a74369
upstream: don't exit the listener on send_rexec_state errors; ok
...
djm
OpenBSD-Commit-ID: 57cbd757d130d3f45b7d41310b3a15eeec137d5c
2020-07-15 15:06:44 +10:00
03da4c2b70
upstream: Use $OBJ to find key files. Fixes test when run on an obj
...
directory (on OpenBSD) or out of tree (in Portable).
OpenBSD-Regress-ID: 938fa8ac86adaa527d64a305bd2135cfbb1c0a17
2020-07-15 15:02:52 +10:00
73f20f195a
Wrap stdint.h in ifdef HAVE_STDINT_H.
2020-07-04 23:11:59 +10:00
aa6fa4bf30
upstream: put back the mux_ctx memleak fix, but only for channels of
...
type SSH_CHANNEL_MUX_LISTENER; Specifically SSH_CHANNEL_MUX_PROXY channels
should not have this structure freed.
OpenBSD-Commit-ID: f3b213ae60405f77439e2b06262f054760c9d325
2020-07-03 17:26:23 +10:00
d8195914eb
upstream: revert r1.399 - the lifetime of c->mux_ctx is more complex;
...
simply freeing it here causes other problems
OpenBSD-Commit-ID: c6fee8ca94e2485faa783839541962be2834c5ed
2020-07-03 17:22:28 +10:00
20b5fab9f7
upstream: avoid tilde_expand_filename() in expanding ~/.ssh/rc - if
...
sshd is in chroot mode, the likely absence of a password database will cause
tilde_expand_filename() to fatal; ok dtucker@
OpenBSD-Commit-ID: e20aee6159e8b79190d18dba1513fc1b7c8b7ee1
2020-07-03 17:03:54 +10:00
c8935081db
upstream: when redirecting sshd's log output to a file, undo this
...
redirection after the session child process is forked(); ok dtucker@
OpenBSD-Commit-ID: 6df86dd653c91f5bc8ac1916e7680d9d24690865
2020-07-03 17:03:54 +10:00
183c4aaef9
upstream: start ClientAliveInterval bookkeeping before first pass
...
through select() loop; fixed theoretical case where busy sshd may ignore
timeouts from client; inspired by and ok dtucker
OpenBSD-Commit-ID: 96bfc4b1f86c7da313882a84755b2b47eb31957f
2020-07-03 17:03:53 +10:00
cheloha@openbsd.org
djm@openbsd.org
Darren Tucker
Damien Miller
Stefan Schindler
deraadt@openbsd.org
dtucker@openbsd.org
jmc@openbsd.org
solene@openbsd.org
markus@openbsd.org