tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-08-15 23:08:34 +02:00
Code Issues Packages Projects Releases Wiki Activity
10,348 Commits 6 Branches 22 Tags
Commit Graph

10348 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
djm@openbsd.org
46925ae28e upstream: mention ssh-ed25519-cert-v01@openssh.com in list of cert 
key type at start of doc

OpenBSD-Commit-ID: b46b0149256d67f05f2d5d01e160634ed1a67324
 2018-11-16 13:50:32 +11:00
Darren Tucker
8d8340e2c2 Remove fallback check for /usr/local/ssl. 
If configure could not find a working OpenSSL installation it would
fall back to checking in /usr/local/ssl.  This made sense back when
systems did not ship with OpenSSL, but most do and OpenSSL 1.1 doesn't
use that as a default any more.  The fallback behaviour also meant
that if you pointed --with-ssl-dir at a specific directory and it
didn't work, it would silently use either the system libs or the ones
in /usr/local/ssl.  If you want to use /usr/local/ssl you'll need to
pass configure --with-ssl-dir=/usr/local/ssl.  ok djm@
 2018-11-16 13:32:13 +11:00
Darren Tucker
ce93472134 Fix check for OpenSSL 1.0.1 exactly. 
Both INSTALL and configure.ac claim OpenSSL >= 1.0.1 is supported; fix
compile-time check for 1.0.1 to match.
 2018-11-16 12:44:01 +11:00
Manoj Ampalam
83bff88b24
Fix Console handle leaks (#357) 
Issue: Earlier change missed "return" calls that will end up ignoring singleton logic and re-running console handle generation logic multiple times, leaking previously created handles in the process.

Fix: Add the missing "return" calls
 2018-11-15 13:33:22 -08:00
bagajjal
4666c11e0e
Use kernerl32.dll instead of kernelbase.dll for checking conpty support (#356) 2018-11-14 14:49:24 -08:00
Darren Tucker
f2970868f8 Improve warnings in cygwin service setup. 
bz#2922, patch from vinschen at redhat.com.
 2018-11-11 15:58:20 +11:00
Darren Tucker
bd2d54fc1e Remove hardcoded service name in cygwin setup. 
bz#2922, patch from Christian.Lupien at USherbrooke.ca, sanity check
by vinschen at redhat.com.
 2018-11-11 15:54:54 +11:00
Dag-Erling Smørgrav
d0153c77bf AC_CHECK_SIZEOF() no longer needs a second argument. 2018-11-10 19:45:14 +11:00
Manoj Ampalam
9b47b083ca Fix error message w/out nistp521. 
Correct error message when OpenSSL doesn't support certain ECDSA key
lengths.
 2018-11-10 19:17:55 +11:00
Eneas U de Queiroz
624d19ac2d fix compilation with openssl built without ECC 
ECDSA code in openssh-compat.h and libressl-api-compat.c needs to be
guarded by OPENSSL_HAS_ECC

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
 2018-11-09 14:19:24 +11:00
Darren Tucker
1801cd11d9 Simplify OpenSSL 1.1 function checks. 
Replace AC_SEARCH_LIBS checks for OpenSSL 1.1 functions with a single
AC_CHECK_FUNCS.  ok djm@
 2018-11-08 15:03:11 +11:00
Manoj Ampalam
5faac25142
Fixes to PTY session regressions 
With recent changes, PTY sessions are no longer working. The issue is due to TTY code in ssh.exe assuming that stdin and stdout are console handles. The reality could be different since these handles always are dup'ed or closed for other reasons.
Fix involves extracting console handles via CreateFile(CONIN\CONOUT).
 2018-11-07 12:30:57 -08:00
bagajjal
6cacff8a74 dynamically check for conpty support (#352) 2018-11-07 12:29:29 -08:00
Yanbing
a75116b6f8 Fix of 1211 and 1082 (#349) 
PowerShell/Win32-OpenSSH#1211
PowerShell/Win32-OpenSSH#1082

Added support for posix_spawnp that executes the command directly instead of appending path. (SH_ASKPASS and proxy command use this). Refactored posix spawn commandline building logic to automatically account for Windows CRT escaping rules on all arguments.
 2018-11-05 12:22:20 -08:00
Darren Tucker
bc32f118d4 Fix pasto for HAVE_EVP_CIPHER_CTX_SET_IV. 
Prevents unnecessary redefinition.  Patch from mforney at mforney.org.
 2018-11-05 17:31:24 +11:00
Darren Tucker
3719df60c6 Import new moduli. 2018-10-31 22:21:03 +11:00
Manoj Ampalam
cc16f80123
Converge fork and upstream branches 
- Removed #ifdef WINDOWS blocks in base code where the feature support can be conveyed by a failed POSIX API call
- Refactored password authentication code
- Other misc changes - Removed DebugBreak on Release Builds
 2018-10-30 14:54:13 -07:00
Darren Tucker
595605d4ab Update check for minimum OpenSSL version. 2018-10-28 15:18:13 +11:00
Darren Tucker
6ab75aba34 Update required OpenSSL versions to match current. 2018-10-28 15:16:31 +11:00
Darren Tucker
c801b0e38e Use detected version functions in openssl compat. 
Use detected functions in compat layer instead of guessing based on
versions.  Really fixes builds with LibreSSL, not just configure.
 2018-10-28 14:34:12 +11:00
Darren Tucker
262d81a259 Check for the existence of openssl version funcs. 
Check for the existence of openssl version functions and use the ones
detected instead of trying to guess based on the int32 version
identifier.  Fixes builds with LibreSSL.
 2018-10-27 16:45:59 +11:00
bagajjal
8ff5517c3a
Fix unicode rendering issue at ssh client (#338) 2018-10-26 10:31:38 -07:00
Damien Miller
406a24b25d fix builds on OpenSSL <= 1.0.x 
I thought OpenSSL 1.0.x offered the new-style OpenSSL_version_num() API
to obtain version number, but they don't.
 2018-10-26 13:43:28 +11:00
Manoj Ampalam
d74ae2e5dd Ported V7.9 changes 2018-10-25 12:22:09 -07:00
Manoj Ampalam
456c5fc72b Merge branch 'V_7_9' of https://github.com/openssh/openssh-portable 2018-10-25 11:55:02 -07:00
Manoj Ampalam
77a35d0b0d
Remove sshd account dependency (#348) 
In Windows, unprivileged worker runs as a runtime generated virtual account. There should be no requirement to have a real account under the name of unprivileged user (sshd).
 2018-10-23 22:31:08 +05:30
Damien Miller
859754bdeb remove remaining references to SSLeay 
Prompted by Rosen Penev
 2018-10-23 17:10:41 +11:00
Damien Miller
b9fea45a68 regen depend 2018-10-23 17:10:35 +11:00
djm@openbsd.org
a65784c9f9 upstream: refer to OpenSSL not SSLeay; 
we're old, but we don't have to act it

OpenBSD-Commit-ID: 9ca38d11f8ed19e61a55108d1e892d696cee08ec
 2018-10-23 16:57:54 +11:00
Damien Miller
c0a3526590 fix compile for openssl 1.0.x w/ --with-ssl-engine 
bz#2921, patch from cotequeiroz
 2018-10-23 16:19:56 +11:00
Darren Tucker
55d7cdda4d Include openssl compatibility. 
Patch from rosenp at gmail.com via openssh-unix-dev.
 2018-10-22 20:07:09 +11:00
Darren Tucker
31b4952516 Include openssl compatibility. 
Patch from rosenp at gmail.com via openssh-unix-dev.
 2018-10-22 20:05:18 +11:00
Damien Miller
631165f6c4 fix compile for openssl 1.0.x w/ --with-ssl-engine 
bz#2921, patch from cotequeiroz
 2018-10-22 11:23:42 +11:00
djm@openbsd.org
a4fc253f5f upstream: when printing certificate contents "ssh-keygen -Lf 
/path/certificate", include the algorithm that the CA used to sign the cert.

OpenBSD-Commit-ID: 1ea20b5048a851a7a0758dcb9777a211a2c0dddd
 2018-10-22 10:58:06 +11:00
florian@openbsd.org
83b3d99d2b upstream: struct sockaddr_storage is guaranteed to be large enough, 
no need to check the size. OK kn, deraadt

OpenBSD-Commit-ID: 0aa56e92eb49c79f495b31a5093109ec5841f439
 2018-10-22 10:58:06 +11:00
Damien Miller
aede1c3424 Require OpenSSL 1.1.x series 1.1.0g or greater 
Previous versions have a bug with EVP_CipherInit() when passed a
NULL EVP_CIPHER, per https://github.com/openssl/openssl/pull/4613

ok dtucker@
 2018-10-17 11:01:20 +11:00
Damien Miller
08300c2114 unbreak compilation with --with-ssl-engine 
Missing last argument to OPENSSL_init_crypto()
 2018-10-17 08:12:02 +11:00
Darren Tucker
1673274aee Remove gcc spectre mitigation flags. 
Current impementions of the gcc spectre mitigation flags cause
miscompilations when combined with other flags and do not provide much
protection.  Found by fweimer at redhat.com, ok djm@
 2018-10-16 14:45:57 +11:00
Damien Miller
4e23deefd7 Avoid deprecated OPENSSL_config when using 1.1.x 
OpenSSL 1.1.x soft-deprecated OPENSSL_config in favour of
OPENSSL_init_crypto; pointed out by Jakub Jelen
 2018-10-16 10:54:37 +11:00
Darren Tucker
797cdd9c84 Don't avoid our *sprintf replacements. 
Don't let systems with broken printf(3) avoid our replacements
via asprintf(3)/vasprintf(3) calling libc internally.  From djm@
 2018-10-12 16:58:47 +11:00
Darren Tucker
e526127cbd Check if snprintf understands %zu. 
If the platforms snprintf and friends don't understand %zu, use the
compat replacement.  Prevents segfaults on those platforms.
 2018-10-12 16:43:35 +11:00
Damien Miller
cf39f87519 remove stale link, tweak 2018-10-12 09:48:05 +11:00
Damien Miller
a7205e68de update version numbers ahead of release 2018-10-12 09:47:20 +11:00
djm@openbsd.org
1a4a9cf80f upstream: don't send new-style rsa-sha2-*-cert-v01@openssh.com names to 
older OpenSSH that can't handle them. spotted by Adam Eijdenberg; ok dtucker

OpenBSD-Commit-ID: 662bbc402e3d7c9b6c322806269698106a6ae631
 2018-10-12 09:43:30 +11:00
Damien Miller
dc8ddcdf1a update depends 2018-10-11 13:08:59 +11:00
Damien Miller
26841ac265 some more duplicated key algorithm lines 
From Adam Eijdenberg
 2018-10-11 13:02:11 +11:00
Damien Miller
5d9d17603b fix duplicated algorithm specification lines 
Spotted by Adam Eijdenberg
 2018-10-11 11:56:36 +11:00
djm@openbsd.org
ebfafd9c7a upstream: typo in plain RSA algorithm counterpart names for 
certificates; spotted by Adam Eijdenberg; ok dtucker@

OpenBSD-Commit-ID: bfcdeb6f4fc9e7607f5096574c8f118f2e709e00
 2018-10-11 11:55:57 +11:00
Damien Miller
c29b111e7d check pw_passwd != NULL here too 
Again, for systems with broken NIS implementations.

Prompted by coolbugcheckers AT gmail.com
 2018-10-11 11:29:35 +11:00
Damien Miller
fe8e8f349a check for NULL return from shadow_pw() 
probably unreachable on this platform; pointed out by
coolbugcheckers AT gmail.com
 2018-10-11 11:03:54 +11:00