tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,473 Commits 6 Branches 20 Tags 99 MiB
Commit Graph

11473 Commits

Author SHA1 Message Date
Darren Tucker c8d92d3d4f Add make clean step to tests. 2021-09-29 13:28:56 +10:00
Darren Tucker 360fb41ef8 Test all available clang and gcc versions. 2021-09-29 12:05:50 +10:00
djm@openbsd.org 4fb49899d7 upstream: Test certificate hostkeys held in ssh-agent too. Would have 
caught regression fixed in sshd r1.575

ok markus@

OpenBSD-Regress-ID: 1f164d7bd89f83762db823eec4ddf2d2556145ed
 2021-09-29 11:35:18 +10:00
djm@openbsd.org ce4854e12e upstream: add some debug output showing how many key file/command lines 
were processed. Useful to see whether a file or command actually has keys
present

OpenBSD-Commit-ID: 0bd9ff94e84e03a22df8e6c12f6074a95d27f23c
 2021-09-29 11:35:11 +10:00
dtucker@openbsd.org 15abdd5235 upstream: Make prototype for rijndaelEncrypt match function 
including the bounds. Fixes error in portable where GCC>=11 takes notice of
the bounds. ok deraadt@

OpenBSD-Commit-ID: cdd2f05fd1549e1786a70871e513cf9e9cf099a6
 2021-09-29 11:09:27 +10:00
dtucker@openbsd.org d1d29ea1d1 upstream: Import regenerated moduli. 
OpenBSD-Commit-ID: 4bec5db13b736b64b06a0fca704cbecc2874c8e1
 2021-09-29 11:00:50 +10:00
Darren Tucker 39f2111b1d Add new compiler hardening flags. 
Add -fzero-call-used-regs and -ftrivial-auto-var-init to the list of
compiler hardening flags that configure checks for.  These are supported
by clang and gcc, and make ROP gadgets less useful and mitigate
stack-based infoleaks respectively.  ok djm@
 2021-09-29 10:53:55 +10:00
Damien Miller bf944e3794 initgroups needs grp.h 2021-09-27 00:03:19 +10:00
djm@openbsd.org 8c5b565514 upstream: openssh-8.8 
OpenBSD-Commit-ID: 12357794602ac979eb7312a1fb190c453f492ec4
 2021-09-27 00:03:12 +10:00
djm@openbsd.org f3cbe43e28 upstream: need initgroups() before setresgid(); reported by anton@, 
ok deraadt@

OpenBSD-Commit-ID: 6aa003ee658b316960d94078f2a16edbc25087ce
 2021-09-27 00:02:42 +10:00
Damien Miller 8acaff41f7 update version numbers for release 2021-09-26 22:16:36 +10:00
kn@openbsd.org d39039ddc0 upstream: RSA/SHA-1 is not used by default anymore 
OK dtucker deraadt djm

OpenBSD-Commit-ID: 055c51a221c3f099dd75c95362f902da1b8678c6
 2021-09-26 21:13:28 +10:00
Darren Tucker 9b2ee74e3a Move the fgrep replacement to hostkey-rotate.sh. 
The fgrep replacement for buggy greps doesn't work in the sftp-glob test
so move it to just where we know it's needed.
 2021-09-24 11:08:03 +10:00
Darren Tucker f703954157 Replacement function for buggy fgrep. 
GNU (f)grep <=2.18, as shipped by FreeBSD<=12 and NetBSD<=9 will
occasionally fail to find ssh host keys in the hostkey-rotate test.
If we have those versions, use awk instead.
 2021-09-24 08:06:48 +10:00
David Manouchehri f6a660e5bf Don't prompt for yes/no questions. 2021-09-24 07:52:04 +10:00
djm@openbsd.org 7ed1a3117c upstream: fix missing -s in SYNOPSYS and usage() as well as a 
capitalisation mistake; spotted by jmc@

OpenBSD-Commit-ID: 0ed8ee085c7503c60578941d8b45f3a61d4c9710
 2021-09-21 08:06:09 +10:00
dtucker@openbsd.org 8c07170135 upstream: Fix "Allocated port" debug message 
for unix domain sockets. From peder.stray at gmail.com via github PR#272,
ok deraadt@

OpenBSD-Commit-ID: 8d5ef3fbdcdd29ebb0792b5022a4942db03f017e
 2021-09-20 14:31:57 +10:00
djm@openbsd.org 277d3c6adf upstream: Switch scp back to use the old protocol by default, ahead of 
release. We'll wait a little longer for people to pick up sftp-server(8) that
supports the extension that scp needs for ~user paths to continue working in
SFTP protocol mode. Discussed with deraadt@

OpenBSD-Commit-ID: f281f603a705fba317ff076e7b11bcf2df941871
 2021-09-20 12:03:17 +10:00
djm@openbsd.org ace19b34cc upstream: better error message for ~user failures when the 
sftp-server lacks the expand-path extension; ok deraadt@

OpenBSD-Commit-ID: 9c1d965d389411f7e86f0a445158bf09b8f9e4bc
 2021-09-19 17:21:59 +10:00
djm@openbsd.org 6b1238ba97 upstream: make some more scp-in-SFTP mode better match Unix idioms 
suggested by deraadt@

OpenBSD-Commit-ID: 0f2439404ed4cf0b0be8bf49a1ee734836e1ac87
 2021-09-19 17:21:59 +10:00
djm@openbsd.org e694f8ac44 upstream: allow log_stderr==2 to prefix log messages with argv[0] 
use this to make scp's SFTP mode error messages more scp-like

prompted by and ok deraadt@

OpenBSD-Commit-ID: 0e821dbde423fc2280e47414bdc22aaa5b4e0733
 2021-09-19 17:21:59 +10:00
Darren Tucker 8a7a06ee50 Test against LibreSSL 3.2.6, 3.3.4, 3.4.0. 2021-09-17 13:03:31 +10:00
djm@openbsd.org c25c84074a upstream: missing space character in ssh -G output broke the 
t-sshcfgparse regression test; spotted by anton@

OpenBSD-Commit-ID: bcc36fae2f233caac4baa8e58482da4aa350eed0
 2021-09-16 15:38:16 +10:00
djm@openbsd.org a4bee1934b upstream: allow CanonicalizePermittedCNAMEs=none in ssh_config; ok 
markus@

OpenBSD-Commit-ID: 668a82ba8e56d731b26ffc5703213bfe071df623
 2021-09-16 15:38:16 +10:00
mbuhl@openbsd.org d0fffc88c8 upstream: put back the mux_ctx memleak fix for SSH_CHANNEL_MUX_CLIENT 
OK mfriedl@

OpenBSD-Commit-ID: 1aba1da828956cacaadb81a637338734697d9798
 2021-09-15 15:58:18 +10:00
schwarze@openbsd.org 19b3d846f0 upstream: Do not ignore SIGINT while waiting for input if editline(3) 
is not used. Instead, in non-interactive mode, exit sftp(1), like for other
serious errors. As pointed out by dtucker@, when compiled without editline(3)
support in portable OpenSSH, the el == NULL branch is also used for
interactive mode. In that case, discard the input line and provide a fresh
prompt to the user just like in the case where editline(3) is used. OK djm@

OpenBSD-Commit-ID: 7d06f4d3ebba62115527fafacf38370d09dfb393
 2021-09-11 20:26:51 +10:00
djm@openbsd.org ba61123eef upstream: when using SFTP protocol, continue transferring files after a 
transfer error occurs. This matches original scp/rcp behaviour. ok dtucker@

OpenBSD-Commit-ID: dfe4558d71dd09707e9b5d6e7d2e53b793da69fa
 2021-09-11 10:41:39 +10:00
dtucker@openbsd.org b0ec59a708 upstream: Document that non-interactive commands are run via the user's 
shell using the -c flag.  ok jmc@

OpenBSD-Commit-ID: 4f0d912077732eead10423afd1acf4fc0ceec477
 2021-09-10 22:05:35 +10:00
dtucker@openbsd.org 66a658b5d9 upstream: Document behaviour of arguments following non-interactive 
commands. Prompted by github PR#139 from EvanTheB, feedback & ok djm@ jmc@

OpenBSD-Commit-ID: fc758d1fe0471dfab4304fcad6cd4ecc3d79162a
 2021-09-10 20:34:09 +10:00
dtucker@openbsd.org 1d47e28e40 upstream: Clarify which file's attributes -p preserves, and that 
it's specifically the file mode bits. bz#3340 from calestyo at scientia.net,
ok djm@ jmc@

OpenBSD-Commit-ID: f09e6098ed1c4be00c730873049825f8ee7cb884
 2021-09-10 20:34:09 +10:00
djm@openbsd.org b344db7a41 upstream: openssh-7.4 was incorrectly listed twice; spotted by 
Dmitry Belyavskiy, ok dtucker@

OpenBSD-Commit-ID: 4b823ae448f6e899927ce7b04225ac9e489f58ef
 2021-09-10 20:34:09 +10:00
jmc@openbsd.org 9136d6239a upstream: - move CAVEATS to its correct order - use the term 
"legacy" protocol rather than "original", as the latter made the text
misleading - uppercase SCP

ok djm

OpenBSD-Commit-ID: 8479255746d5fa76a358ee59e7340fecf4245ff0
 2021-09-10 20:34:09 +10:00
David Carlier 2d678c5e3b Disable tracing on FreeBSD using procctl. 
Placed at the start of platform_disable_tracing() to prevent declaration
after code errors from strict C89 compilers (in the unlikely event that
more than one method is enabled).
 2021-09-09 18:13:27 +10:00
djm@openbsd.org 73050fa38f upstream: Use the SFTP protocol by default. The original scp/rcp 
protocol remains available via the -O flag.

Note that ~user/ prefixed paths in SFTP mode require a protocol extension
that was first shipped in OpenSSH 8.7.

ok deraadt, after baking in snaps for a while without incident

OpenBSD-Commit-ID: 23588976e28c281ff5988da0848cb821fec9213c
 2021-09-09 12:35:37 +10:00
Darren Tucker c4565e69ff Really fix test on OpenSSL 1.1.1 stable. 2021-09-08 21:09:49 +10:00
Darren Tucker 79f1bb5f56 Correct OpenSSL 1.1.1 stable identifier. 2021-09-08 18:51:39 +10:00
Darren Tucker b6255593ed Increment nfds when coming from startup_pipe. 
If we have to increase nfds because startup_pipe[0] is above any of the
descriptors passed in the fd_sets, we also need to add 1 to nfds since
select takes highest FD number plus one.  bz#3345 from yaroslav.kuzmin
at vmssoftware.com.
 2021-09-08 18:39:44 +10:00
Darren Tucker a3e92a6794 Tests for OpenSSL 3.0.0 release & 1.1.1 branch. 2021-09-08 13:45:10 +10:00
djm@openbsd.org 4afe431da9 upstream: correct my mistake in previous fix; spotted by halex 
OpenBSD-Commit-ID: 3cc62d92e3f70006bf02468fc146bfc36fffa183
 2021-09-08 13:31:42 +10:00
djm@openbsd.org ca0e455b93 upstream: avoid NULL deref in -Y find-principals. Report and fix 
from Carlo Marcelo Arenas Belón
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

OpenBSD-Commit-ID: 6238486f8ecc888d6ccafcd9ad99e621bb41f1e0
 2021-09-07 16:05:37 +10:00
millert@openbsd.org 37616807f1 upstream: revision 1.381 neglected to remove 
sChallengeResponseAuthentication from the enum.  Noticed by
christos@zoulas.com.  OK dtucker@

OpenBSD-Commit-ID: b533283a4dd6d04a867da411a4c7a8fbc90e34ff
 2021-09-07 16:05:36 +10:00
Darren Tucker 7acb3578cd Correct version_num for OpenSSL dev branch. 2021-09-05 20:45:42 +10:00
Darren Tucker 65bb011113 Test against OpenSSL 3 branch as well as dev. 
Now that OpenSSL development has moved to 3.1, test against the most
recent version of the openssl-3.0 branch too.
 2021-09-05 19:43:13 +10:00
Darren Tucker 864ed0d5e0 OpenSSL development is now 3.1.* 2021-09-05 19:33:22 +10:00
dtucker@openbsd.org a60209a586 upstream: Use .Cm instead of .Dq in StrictHostKeyChecking list for 
consistency. Patch from scop via github PR#257, ok jmc@

OpenBSD-Commit-ID: 3652a91564570779431802c31224fb4a9cf39872
 2021-09-03 18:08:46 +10:00
dtucker@openbsd.org 8d1d9eb6de upstream: Mention using ssh -i for specifying the public key file 
in the case where the private key is loaded into ssh-agent but is not present
locally.  Based on patch from rafork via github PR#215, ok jmc@

OpenBSD-Commit-ID: 2282e83b0ff78d2efbe705883b67240745fa5bb2
 2021-09-03 17:33:08 +10:00
dtucker@openbsd.org eb4362e5e3 upstream: Refer to KEX "algorithms" instead of "methods" to match 
other references and improve consistency.  Patch from scop via github PR#241,
ok djm@

OpenBSD-Commit-ID: 840bc94ff6861b28d8603c8e8c16499bfb65e32c
 2021-09-03 17:33:08 +10:00
dtucker@openbsd.org b3318946ce upstream: Remove redundant attrib_clear in upload_dir_internal. 
The subsequent call to stat_to_attrib clears the struct as its first step
anyway. From pmeinhardt via github PR#220, ok djm@

OpenBSD-Commit-ID: f5234fc6d7425b607e179acb3383f21716f3029e
 2021-09-03 17:32:31 +10:00
dtucker@openbsd.org 7cc3fe2889 upstream: Add test for client termination status on signal. 
Based on patch from Alexxz via github PR#235 with some tweaks, to
match patch in bz#3281.

OpenBSD-Regress-ID: d87c7446fb8b5f8b45894fbbd6875df326e729e2
 2021-09-03 14:35:07 +10:00
deraadt@openbsd.org 5428b0d239 upstream: sys/param.h is not needed for any visible reason 
OpenBSD-Commit-ID: 8bdea2d0c75692e4c5777670ac039d4b01c1f368
 2021-09-03 14:20:22 +10:00