summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Fix typos in INSTALL: s/avilable/available/ s/suppports/supports/HARUYAMA Seigo2020-02-181-2/+2
|
* upstream: Ensure that the key lifetime provided fits within thedtucker@openbsd.org2020-02-181-6/+7
| | | | | | | values allowed by the wire format (u32). Prevents integer wraparound of the timeout values. bz#3119, ok markus@ djm@ OpenBSD-Commit-ID: 8afe6038b5cdfcf63360788f012a7ad81acc46a2
* upstream: Detect and prevent simple configuration loops when usingdtucker@openbsd.org2020-02-181-1/+9
| | | | | | ProxyJump. bz#3057, ok djm@ OpenBSD-Commit-ID: 077d21c564c886c98309d871ed6f8ef267b9f037
* upstream: document -F none; with jmc@naddy@openbsd.org2020-02-181-2/+5
| | | | OpenBSD-Commit-ID: 0eb93b75473d2267aae9200e02588e57778c84f2
* Remove unused variable warning.Darren Tucker2020-02-171-1/+4
|
* Constify aix_krb5_get_principal_name.Darren Tucker2020-02-172-5/+7
| | | | Prevents warning about discarding type qualifiers on AIX.
* Check if TILDE is already defined and undef.Darren Tucker2020-02-171-0/+4
| | | | Prevents redefinition warning on AIX.
* Prevent unused variable warning.Darren Tucker2020-02-171-0/+2
|
* Check if getpeereid is actually declared.Darren Tucker2020-02-172-2/+3
| | | | | Check in sys/socket.h (AIX) and unistd.h (FreeBSD, DragonFLy and OS X). Prevents undeclared function warning on at least some versions of AIX.
* upstream: openssh-8.2V_8_2_P1djm@openbsd.org2020-02-141-2/+2
| | | | OpenBSD-Commit-ID: 0a1340ff65fad0d84b997ac58dd1b393dec7c19b
* crank version numbersDamien Miller2020-02-123-3/+3
|
* Minor documentation update:Darren Tucker2020-02-113-24/+14
| | | | | - remove duplication of dependency information (it's all in INSTALL). - SSHFP is now an RFC.
* Check if UINT32_MAX is defined before redefining.Darren Tucker2020-02-091-3/+5
|
* typo; reported by Phil PennockDamien Miller2020-02-071-1/+1
|
* upstream: sync the description of the $SSH_SK_PROVIDER environmentdjm@openbsd.org2020-02-072-6/+10
| | | | | | | variable with that of the SecurityKeyProvider ssh/sshd_config(5) directive, as the latter was more descriptive. OpenBSD-Commit-ID: 0488f09530524a7e53afca6b6e1780598022552f
* upstream: Add ssh -Q key-sig for all key and signature types.dtucker@openbsd.org2020-02-074-17/+34
| | | | | | | Teach ssh -Q to accept ssh_config(5) and sshd_config(5) algorithm keywords as an alias for the corresponding query. Man page help jmc@, ok djm@. OpenBSD-Commit-ID: 1e110aee3db2fc4bc5bee2d893b7128fd622e0f8
* upstream: fix two PIN entry bugs on FIDO keygen: 1) it would allow moredjm@openbsd.org2020-02-071-6/+12
| | | | | | | than the intended number of prompts (3) and 2) it would SEGV too many incorrect PINs were entered; based on patch by Gabriel Kihlman OpenBSD-Commit-ID: 9c0011f28ba8bd8adf2014424b64960333da1718
* upstream: When using HostkeyAlgorithms to merely append or removedjm@openbsd.org2020-02-071-15/+26
| | | | | | | | algorithms from the default set (i.e. HostkeyAlgorithms=+/-...), retain the default behaviour of preferring those algorithms that have existing keys in known_hosts; ok markus OpenBSD-Commit-ID: 040e7fcc38ea00146b5d224ce31ce7a1795ee6ed
* upstream: expand HostkeyAlgorithms prior to config dump, matchingdjm@openbsd.org2020-02-071-3/+15
| | | | | | other algorithm lists; ok markus@ OpenBSD-Commit-ID: a66f0fca8cc5ce30405a2867bc115fff600671d0
* upstream: Add Include to the list of permitted keywords after anaddy@openbsd.org2020-02-071-2/+3
| | | | | | Match keyword. ok markus@ OpenBSD-Commit-ID: 342e940538b13dd41e0fa167dc9ab192b9f6e2eb
* upstream: Replace "security key" with "authenticator" in programnaddy@openbsd.org2020-02-078-39/+40
| | | | | | | | | | | messages. This replaces "security key" in error/usage/verbose messages and distinguishes between "authenticator" and "authenticator-hosted key". ok djm@ OpenBSD-Commit-ID: 7c63800e9c340c59440a054cde9790a78f18592e
* Don't look for UINT32_MAX in inttypes.hDarren Tucker2020-02-061-3/+0
| | | | | | ... unless we are actually going to use it. Fixes build on HP-UX without the potential impact to other platforms of a header change shortly before release.
* dependDamien Miller2020-02-061-5/+5
|
* Fix sha2 MAKE_CLONE no-op definitionMichael Forney2020-02-061-1/+1
| | | | | | | The point of the dummy declaration is so that MAKE_CLONE(...) can have a trailing semicolon without introducing an empty declaration. So, the macro replacement text should *not* have a trailing semicolon, just like DEF_WEAK.
* upstream: require FIDO application strings to start with "ssh:"; okdjm@openbsd.org2020-02-042-3/+9
| | | | | | markus@ OpenBSD-Commit-ID: 94e9c1c066d42b76f035a3d58250a32b14000afb
* upstream: revert enabling UpdateHostKeys by default - there are stilldjm@openbsd.org2020-02-041-14/+3
| | | | | | corner cases we need to address; ok markus OpenBSD-Commit-ID: ff7ad941bfdc49fb1d8baa95fd0717a61adcad57
* upstream: use better markup for challenge and write-attestation, andjmc@openbsd.org2020-02-041-9/+7
| | | | | | | | rejig the challenge text a little; ok djm OpenBSD-Commit-ID: 9f351e6da9edfdc907d5c3fdaf2e9ff3ab0a7a6f
* mention libfido2 in dependencies sectionDamien Miller2020-02-031-1/+3
|
* add clock_gettime64(2) to sandbox allowed syscallsDamien Miller2020-02-031-0/+3
| | | | bz3093
* upstream: Output (none) in debug in the case in the CheckHostIP=no casedtucker@openbsd.org2020-02-021-2/+2
| | | | | | as suggested by markus@ OpenBSD-Commit-ID: 4ab9117ee5261cbbd1868717fcc3142eea6385cf
* upstream: Prevent possible null pointer deref of ip_str in debug.dtucker@openbsd.org2020-02-021-2/+3
| | | | OpenBSD-Commit-ID: 37b252e2e6f690efed6682437ef75734dbc8addf
* upstream: shuffle the challenge keyword to keep the -O list sorted;jmc@openbsd.org2020-02-021-10/+10
| | | | OpenBSD-Commit-ID: 08efad608b790949a9a048d65578fae9ed5845fe
* upstream: tweak previous;jmc@openbsd.org2020-02-021-4/+4
| | | | OpenBSD-Commit-ID: 0c42851cdc88583402b4ab2b110a6348563626d3
* Use sys-queue.h from compat library.Darren Tucker2020-02-011-1/+1
| | | | Fixes build on platforms that don't have sys/queue.h (eg MUSL).
* upstream: regress test for sshd_config Include directive; from Jakubdjm@openbsd.org2020-02-013-3/+159
| | | | | | Jelen OpenBSD-Regress-ID: 0d9224de3297c7a5f51ba68d6e3725a2a9345fa4
* upstream: whitespacedjm@openbsd.org2020-02-011-3/+2
| | | | OpenBSD-Commit-ID: 564cf7a5407ecf5da2d94ec15474e07427986772
* upstream: force early logging to stderr if debug_flag (-d) is set;djm@openbsd.org2020-02-011-2/+2
| | | | | | avoids missing messages from re-exec config passing OpenBSD-Commit-ID: 02484b8241c1f49010e7a543a7098e6910a8c9ff
* upstream: mistake in previous: filling the incorrect bufferdjm@openbsd.org2020-02-011-1/+1
| | | | OpenBSD-Commit-ID: 862ee84bd4b97b529f64aec5d800c3dcde952e3a
* upstream: Add a sshd_config "Include" directive to allow inclusiondjm@openbsd.org2020-02-015-44/+232
| | | | | | | | of files. This has sensible semantics wrt Match blocks and accepts glob(3) patterns to specify the included files. Based on patch by Jakub Jelen in bz2468; feedback and ok markus@ OpenBSD-Commit-ID: 36ed0e845b872e33f03355b936a4fff02d5794ff
* upstream: spelling fix;jmc@openbsd.org2020-02-011-3/+3
| | | | OpenBSD-Commit-ID: 3c079523c4b161725a4b15dd06348186da912402
* upstream: document changed default for UpdateHostKeysdjm@openbsd.org2020-01-311-4/+13
| | | | OpenBSD-Commit-ID: 25c390b21d142f78ac0106241d13441c4265fd2c
* upstream: enable UpdateKnownHosts=yes if the configurationdjm@openbsd.org2020-01-311-3/+14
| | | | | | | specifies only the default known_hosts files, otherwise select UpdateKnownHosts=ask; ok markus@ OpenBSD-Commit-ID: ab401a5ec4a33d2e1a9449eae6202e4b6d427df7
* Look in inttypes.h for UINT32_MAX.Darren Tucker2020-01-301-0/+3
| | | | Should prevent warnings on at least some AIX versions.
* upstream: use sshpkt_fatal() instead of plain fatal() fordjm@openbsd.org2020-01-301-4/+5
| | | | | | | ssh_packet_write_poll() failures here too as the former yields better error messages; ok dtucker@ OpenBSD-Commit-ID: 1f7a6ca95bc2b716c2e948fc1370753be772d8e3
* upstream: check the return value of ssh_packet_write_poll() anddjm@openbsd.org2020-01-301-3/+7
| | | | | | | call sshpkt_fatal() if it fails; avoid potential busy-loop under some circumstances. Based on patch by Mike Frysinger; ok dtucker@ OpenBSD-Commit-ID: c79fe5cf4f0cd8074cb6db257c1394d5139408ec
* upstream: have sshpkt_fatal() save/restore errno before wedjm@openbsd.org2020-01-301-1/+4
| | | | | | potentially call strerror() (via ssh_err()); ok dtucker OpenBSD-Commit-ID: 5590df31d21405498c848245b85c24acb84ad787
* upstream: markus suggests a simplification to previousdjm@openbsd.org2020-01-301-7/+4
| | | | OpenBSD-Commit-ID: 10bbfb6607ebbb9a018dcd163f0964941adf58de
* upstream: give more context to UpdateHostKeys messages, mentioningdjm@openbsd.org2020-01-291-3/+20
| | | | | | | that the changes are validated by the existing trusted host key. Prompted by espie@ feedback and ok markus@ OpenBSD-Commit-ID: b3d95f4a45f2692f4143b9e77bb241184dbb8dc5
* upstream: changes to support FIDO attestationdjm@openbsd.org2020-01-295-19/+65
| | | | | | | | | | | | | | | Allow writing to disk the attestation certificate that is generated by the FIDO token at key enrollment time. These certificates may be used by an out-of-band workflow to prove that a particular key is held in trustworthy hardware. Allow passing in a challenge that will be sent to the card during key enrollment. These are needed to build an attestation workflow that resists replay attacks. ok markus@ OpenBSD-Commit-ID: 457dc3c3d689ba39eed328f0817ed9b91a5f78f6
* upstream: disable UpdateHostKeys=ask when in quiet mode; "work fordjm@openbsd.org2020-01-291-1/+4
| | | | | | me" matthieu@ OpenBSD-Commit-ID: 60d7b5eb91accf935ed9852650a826d86db2ddc7
View Lorry Controller Status