12994 Commits

Author SHA1 Message Date
tgauth@bu.edu
e6fa11e07e openssh-9.5p1
-----BEGIN SSH SIGNATURE-----
 U1NIU0lHAAAAAQAAAH8AAAAic2stZWNkc2Etc2hhMi1uaXN0cDI1NkBvcGVuc3NoLmNvbQ
 AAAAhuaXN0cDI1NgAAAEEEucmjdlUMQ1hkZebm472VTtvSIMWrmAelO7Uxoc9ZMR892/D4
 CMVBD+rliLO4wmRcawx1iZuUkQllgemb0hLtmQAAAARzc2g6AAAAA2dpdAAAAAAAAAAGc2
 hhNTEyAAAAeAAAACJzay1lY2RzYS1zaGEyLW5pc3RwMjU2QG9wZW5zc2guY29tAAAASQAA
 ACEA7WcEKKcqxpjfRRhVOznHOSsf6SlAWbpkBYA01cN3nl0AAAAgIlhw5EaLbGdhj9DaVi
 Mtgw72SsEKJdOA52IQKECVmAQAAAAEDw==
 -----END SSH SIGNATURE-----

resolve merge conflicts; scp and sftp fail to compile
2023-10-30 17:06:35 -04:00
Tess Gauthier
cb23f0d9c0
revert enabling sdl check compiler option for debug builds (#700) 2023-10-16 09:57:03 -04:00
Tess Gauthier
0ffb0ceb64
remove redundant WINDOWS preprocessor definitions (#697) 2023-10-16 09:56:42 -04:00
Tess Gauthier
f72324ffa1
disable adding pkcs11 providers to ssh-agent remotely unless overridden by cli arg (#699) v9.4.0.0 2023-10-11 16:39:05 -04:00
Tess Gauthier
effdb65e40
Enable sdl check (#695)
* enable sdl checks during compilation

* fix sdl errors in Windows code

* fix sdl errors in common code without ifdefs, for now
2023-10-04 13:11:53 -04:00
Tess Gauthier
39bf3d4fce
Enable /CETCOMPAT in x86, x64 Linker Additional Options (#696)
* enable spectre mitigation in vcxproj

* add linker compat option and sdl compile checks where applicable

* add linker switch to x64 and x86 arch
2023-10-04 12:59:38 -04:00
Damien Miller
80a2f64b8c
crank version numbers 2023-10-04 15:34:10 +11:00
djm@openbsd.org
f65f187b10
upstream: openssh-9.5
OpenBSD-Commit-ID: 5e0af680480bd3b6f5560cf840ad032d48fd6b16
2023-10-04 15:33:36 +11:00
djm@openbsd.org
ffe27e54a4
upstream: add some cautionary text about % token expansion and
shell metacharacters; based on report from vinci AT protonmail.ch

OpenBSD-Commit-ID: aa1450a54fcee2f153ef70368d90edb1e7019113
2023-10-04 15:33:27 +11:00
djm@openbsd.org
60ec3d54fd
upstream: fix link to agent draft; spotted by Jann Horn
OpenBSD-Commit-ID: ff5bda21a83ec013db683e282256a85201d2dc4b
2023-10-04 15:30:19 +11:00
Damien Miller
12e2d4b13f
use portable provider allowlist path in manpage
spotted by Jann Horn
2023-10-04 10:54:04 +11:00
Tess Gauthier
4e5f11a82c
enable spectre mitigation in vcxproj (#694) 2023-10-02 15:16:33 -04:00
deraadt@openbsd.org
6c2c6ffde7
upstream: typo; from Jim Spath
OpenBSD-Commit-ID: 2f5fba917b5d4fcf93d9e0b0756c7f63189e228e
2023-10-01 10:57:54 +11:00
Tess Gauthier
96f8702f79
Crank versions (#693)
* Update version.rc

* Update libressl version in paths.targets
2023-09-28 16:39:39 -04:00
Sam Hocevar
1ab66dd3d4
Fix unreasonably small DefaultShellCommandOption size limit (#683) 2023-09-28 14:34:08 -04:00
s911415
1146f366ed
fix session id2 datetype missmatch (#679)
* fix session id2 datetype missmatch

* update session_id2_len definition with WINDOWS identifier
2023-09-28 13:17:26 -04:00
Tess Gauthier
24449c64b7
Merge pull request #684 from tgauth/merge-9.4
Merge 9.4
2023-09-27 15:33:29 -04:00
djm@openbsd.org
b6b49130a0
upstream: rename remote_glob() -> sftp_glob() to match other API
OpenBSD-Commit-ID: d9dfb3708d824ec02970a84d96cf5937e0887229
2023-09-11 09:14:02 +10:00
djm@openbsd.org
21b79af6c8
upstream: typo in comment
OpenBSD-Commit-ID: 69285e0ce962a7c6b0ab5f17a293c60a0a360a18
2023-09-11 09:13:42 +10:00
Darren Tucker
41232d2553
Use zero-call-used-regs=used with Apple compilers.
Apple's versions of clang have version numbers that do not match the
corresponding upstream clang versions.  Unfortunately, they do still
have the clang-15 zero-call-used-regs=all bug, so for now use the value
that doesn't result in segfaults.  We could allowlist future versions
that are known to work.  bz#3584 (and probably also our github CI
failures).
2023-09-10 15:45:38 +10:00
djm@openbsd.org
90ccc5918e
upstream: randomise keystroke obfuscation intervals and average
interval rate. ok dtucker@

OpenBSD-Commit-ID: 05f61d051ab418fcfc4857ff306e420037502382
2023-09-10 13:27:40 +10:00
djm@openbsd.org
bd1b9e52f5
upstream: fix sizeof(*ptr) instead sizeof(ptr) in realloc (pointer here
is char**, so harmless); spotted in CID 416964

OpenBSD-Commit-ID: c61caa4a5a667ee20bb1042098861e6c72c69002
2023-09-08 16:35:40 +10:00
djm@openbsd.org
c4f9664829
upstream: regress test recursive remote-remote directories copies where
the directory contains a symlink to another directory.

also remove errant `set -x` that snuck in at some point

OpenBSD-Regress-ID: 1c94a48bdbd633ef2285954ee257725cd7bc456f
2023-09-08 16:12:05 +10:00
djm@openbsd.org
5e1dfe5014
upstream: fix recursive remote-remote copies of directories that
contain symlinks to other directories (similar to bz3611)

OpenBSD-Commit-ID: 7e19d2ae09b4f941bf8eecc3955c9120171da37f
2023-09-08 16:11:58 +10:00
djm@openbsd.org
7c0ce2bf98
upstream: regress test for recursive copies of directories containing
symlinks to other directories. bz3611, ok dtucker@

OpenBSD-Regress-ID: eaa4c29cc5cddff4e72a16bcce14aeb1ecfc94b9
2023-09-08 15:59:21 +10:00
djm@openbsd.org
2de990142a
upstream: the sftp code was one of my first contributions to
OpenSSH and it shows - the function names are terrible.

Rename do_blah() to sftp_blah() to make them less so.

Completely mechanical except for sftp_stat() and sftp_lstat() which
change from returning a pointer to a static variable (error-prone) to
taking a pointer to a caller-provided receiver.

OpenBSD-Commit-ID: eb54d6a72d0bbba4d623e2175cf5cc4c75dc2ba4
2023-09-08 15:59:08 +10:00
djm@openbsd.org
249d8bd047
upstream: fix scp in SFTP mode recursive upload and download of
directories that contain symlinks to other directories. In scp mode, the
links would be followed, but in SFTP mode they were not. bz3611, ok dtucker@

OpenBSD-Commit-ID: 9760fda668eaa94a992250d7670dfbc62a45197c
2023-09-08 15:58:24 +10:00
tgauth@bu.edu
ffd23297ae add comments 2023-09-07 16:59:04 -04:00
Tess Gauthier
ae0f346a7a
fix typo 2023-09-07 14:11:27 -04:00
Tess Gauthier
33f1ab9391
Update codeql.yml (#687) 2023-09-07 10:29:46 -04:00
djm@openbsd.org
0e1f4401c4
upstream: regression test for override of subsystem in match blocks
OpenBSD-Regress-ID: 5f8135da3bfda71067084c048d717b0e8793e87c
2023-09-07 09:58:04 +10:00
djm@openbsd.org
8a1450c620
upstream: allow override of Sybsystem directives in sshd Match
blocks

OpenBSD-Commit-ID: 3911d18a826a2d2fe7e4519075cf3e57af439722
2023-09-07 09:54:47 +10:00
djm@openbsd.org
6e52826e2a
upstream: allocate the subsystems array as necessary and remove the
fixed limit of subsystems. Saves a few kb of memory in the server and makes
it more like the other options.

OpenBSD-Commit-ID: e683dfca6bdcbc3cc339bb6c6517c0c4736a547f
2023-09-07 09:54:01 +10:00
djm@openbsd.org
e19069c9fa
upstream: preserve quoting of Subsystem commands and arguments.
This may change behaviour of exotic configurations, but the most common
subsystem configuration (sftp-server) is unlikely to be affected.

OpenBSD-Commit-ID: 8ffa296aeca981de5b0945242ce75aa6dee479bf
2023-09-07 09:54:01 +10:00
djm@openbsd.org
52dfe3c72d
upstream: downgrade duplicate Subsystem directives from being a
fatal error to being a debug message to match behaviour with just about all
other directives.

OpenBSD-Commit-ID: fc90ed2cc0c18d4eb8e33d2c5e98d25f282588ce
2023-09-07 09:54:00 +10:00
djm@openbsd.org
1ee0a16e07
upstream: handle cr+lf (instead of just cr) in sshsig signature
files

OpenBSD-Commit-ID: 647460a212b916540016d066568816507375fd7f
2023-09-07 09:54:00 +10:00
job@openbsd.org
e1c284d60a
upstream: Generate Ed25519 keys when invoked without arguments
Ed25519 public keys are very convenient due to their small size.
OpenSSH has supported Ed25519 since version 6.5 (January 2014).

OK djm@ markus@ sthen@ deraadt@

OpenBSD-Commit-ID: f498beaad19c8cdcc357381a60df4a9c69858b3f
2023-09-07 09:53:59 +10:00
Tess Gauthier
f87f0c57a2
add check for program data folder permissions during sshd service startup (#686) 2023-09-05 12:59:28 -04:00
djm@openbsd.org
694150ad92
upstream: trigger keystroke timing obfucation only if the channels
layer enqueud some data in the last poll() cycle; this avoids triggering the
obfuscatior for non-channels data like ClientAlive probes and also fixes a
related problem were the obfucations would be triggered on fully quiescent
connections.

Based on / tested by naddy@

OpenBSD-Commit-ID: d98f32dc62d7663ff4660e4556e184032a0db123
2023-09-04 10:09:54 +10:00
djm@openbsd.org
b5fd97896b
upstream: avoid bogus "obfuscate_keystroke_timing: stopping ..."
debug messages when keystroke timing obfuscation was never started; spotted
by naddy@

OpenBSD-Commit-ID: 5c270d35f7d2974db5c1646e9c64188f9393be31
2023-09-04 10:09:53 +10:00
djm@openbsd.org
ccf7d913db
upstream: make channel_output_poll() return a flag indicating
whether channel data was enqueued. Will be used to improve keystroke timing
obfuscation. Problem spotted by / tested by naddy@

OpenBSD-Commit-ID: f9776c7b0065ba7c3bbe50431fd3b629f44314d0
2023-09-04 10:09:53 +10:00
djm@openbsd.org
43254b326a
upstream: set interactive mode for ControlPersist sessions if they
originally requested a tty; enables keystroke timing obfuscation for most
ControlPersist sessions. Spotted by naddy@

OpenBSD-Commit-ID: 72783a26254202e2f3f41a2818a19956fe49a772
2023-09-04 10:09:52 +10:00
tgauth@bu.edu
7023264b09 Merge branch 'latestw_all' into merge-9.4 2023-08-31 14:22:13 -04:00
Tess Gauthier
3645eaa30e
Build tools version updates (#677)
* bump platform toolset to v143

* add updated proj files for testing

* add _CRT_DECLARE_NONSTDC_NAMES=0 to projects with posix functions

* revert onecore changes

* fix typo

* use latest sdk in build script

* update build toolset in config proj

* update build script to use latest toolsets

* update paths.targets

* update to win11 sdk in paths.targets

* make build script more robust with VSwhere

* change validity check from count check to null-check

* remove static keyword from auth_debug declaration

* change to ifndef for diff checking

* update string compare

* change msbuild tool search from manual check instead of using vswhere

* update wixproj to work with wix install on new build image

* update 2022 build image and zlib version
2023-08-31 14:19:37 -04:00
tgauth@bu.edu
c769798653 remove dependencies files used for testing 2023-08-31 13:00:59 -04:00
Darren Tucker
ff3eda68ce
Set LLONG_MAX for C89 test.
If we don't have LLONG_MAX, configure will figure out that it can get it
by setting -std=gnu99, at which point we won't be testing C89 any more.
To avoid this, feed it in via CFLAGS.
2023-08-31 23:02:35 +10:00
Tess Gauthier
f7996c7a5c fix stderr tests on Windows 2023-08-29 10:14:40 -04:00
Tess Gauthier
b2ec0cdd33 fix additional tests in keygen-sshfp.sh on Windows 2023-08-29 10:13:43 -04:00
djm@openbsd.org
f98031773d
upstream: make PerSourceMaxStartups first-match-wins; ok dtucker@
OpenBSD-Commit-ID: dac0c24cb709e3c595b8b4f422a0355dc5a3b4e7
2023-08-29 15:01:47 +10:00
djm@openbsd.org
cfa66857db
upstream: descriptive text shouldn't be under .Cm
OpenBSD-Commit-ID: b1afaeb456a52bc8a58f4f9f8b2f9fa8f6bf651b
2023-08-29 15:01:46 +10:00