summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* Also retest OpenBSD upstream on .yml changes.Darren Tucker2022-05-061-1/+1
|
* Note that, for now, we need variadic macros.Darren Tucker2022-05-061-3/+4
|
* Add ubsan minimal testcase on OpenBSD.Darren Tucker2022-05-061-5/+7
| | | | As suggested by djm@.
* upstream: sshkey_unshield_private() contains a exact duplicate ofdjm@openbsd.org2022-05-051-40/+32
| | | | | | | the code in private2_check_padding(). Pull private2_check_padding() up so the code can be reused. From Martin Vahlensieck, ok deraadt@ OpenBSD-Commit-ID: 876884c3f0e62e8fd8d1594bab06900f971c9c85
* upstream: channel_new no longer frees remote_name. So update thedjm@openbsd.org2022-05-052-6/+6
| | | | | | | comment accordingly. As remote_name is not modified, it can be const as well. From Martin Vahlensieck OpenBSD-Commit-ID: e4e10dc8dc9f40c166ea5a8e991942bedc75a76a
* upstream: mux.c: mark argument as const; from Martin Vahlensieckdjm@openbsd.org2022-05-051-2/+2
| | | | OpenBSD-Commit-ID: 69a1a93a55986c7c2ad9f733c093b46a47184341
* upstream: make sure stdout is non-blocking; ok djm@markus@openbsd.org2022-05-051-4/+9
| | | | OpenBSD-Commit-ID: 64940fffbd1b882eda2d7c8c7a43c79368309c0d
* upstream: Add FIDO AUTHENTICATOR section and explain a bit how FIDOflorian@openbsd.org2022-05-051-52/+78
| | | | | | | | | | | | works. The wording came mostly from the 8.2 OpenSSH release notes, addapted to fit the man page. Then move the -O bits into the new section as is already done for CERTIFICATES and MODULI GENERATION. Finally we can explain the trade-offs of resident keys. While here, consistently refer to the FIDO thingies as "FIDO authenticators", not "FIDO tokens". input & OK jmc, naddy OpenBSD-Commit-ID: dd98748d7644df048f78dcf793b3b63db9ab1d25
* upstream: remove an obsolete rsa1 format example from an example;jmc@openbsd.org2022-05-051-3/+2
| | | | | | | from megan batty ok djm OpenBSD-Commit-ID: db2c89879c29bf083df996bd830abfb1e70d62bf
* upstream: fix some integer overflows in sieve_large() that show up whendjm@openbsd.org2022-05-021-7/+7
| | | | | | | trying to generate modp groups > 16k bits. Reported via GHPR#306 by Bertram Felgenhauer, but fixed in a different way. feedback/ok tb@ OpenBSD-Commit-ID: 81cbc6dd3a21c57bd6fadea10e44afe37bca558e
* upstream: be stricter in which characters will be accepted indjm@openbsd.org2022-05-021-2/+2
| | | | | | | specifying a mask length; allow only 0-9. From khaleesicodes via GHPR#278; ok dtucker@ OpenBSD-Commit-ID: e267746c047ea86665cdeccef795a8a56082eeb2
* Add Mac OS X 12 test target.Darren Tucker2022-04-301-2/+3
|
* Only run tests when source files change.Darren Tucker2022-04-293-2/+6
| | | | Also run tests on changes to V_9_0 branch.
* Remove now-empty int32_minmax.inc.Darren Tucker2022-04-291-0/+0
|
* upstream: mention that the helpers are used by ssh(1), ssh-agent(1)djm@openbsd.org2022-04-292-18/+28
| | | | | | | and ssh-keygen(1). Previously only ssh(1) was mentioned. From Pedro Martelletto OpenBSD-Commit-ID: 30f880f989d4b329589c1c404315685960a5f153
* upstream: Don't leak SK device. Patch from Pedro Martelletto viadtucker@openbsd.org2022-04-292-2/+4
| | | | | | github PR#316. ok djm@ OpenBSD-Commit-ID: 17d11327545022e727d95fd08b213171c5a4585d
* upstream: fix memleak on session-bind path; from Pedro Martelletto, okdjm@openbsd.org2022-04-291-1/+2
| | | | | | dtucker@ OpenBSD-Commit-ID: e85899a26ba402b4c0717b531317e8fc258f0a7e
* upstream: avoid printing hash algorithm twice; from lucas AT sexy.isdjm@openbsd.org2022-04-281-2/+2
| | | | OpenBSD-Commit-ID: 9d24671e10a84141b7c504396cabad600e47a941
* upstream: Add authfd path to debug output. ok markus@dtucker@openbsd.org2022-04-271-1/+2
| | | | OpenBSD-Commit-ID: f735a17d1a6f2bee63bfc609d76ef8db8c090890
* upstream: Check sshauthopt_new() for NULL. bz#3425, fromdtucker@openbsd.org2022-04-271-2/+3
| | | | | | tessgauthier at microsoft.com. ok djm@ OpenBSD-Commit-ID: af0315bc3e44aa406daa7e0ae7c2d719a974483f
* upstream: Remove unnecessary includes: openssl/hmac.h andmillert@openbsd.org2022-04-271-4/+1
| | | | | | openssl/evp.h. From Martin Vahlensieck. OpenBSD-Commit-ID: a6debb5fb0c8a44e43e8d5ca7cc70ad2f3ea31c3
* upstream: Add missing includes of stdlib.h and stdint.h. We needmillert@openbsd.org2022-04-271-1/+3
| | | | | | | | stdlib.h for malloc(3) and stdint.h for SIZE_MAX. Unlike the other xmss files, ssh-xmss.c does not include xmss_commons.h so ssh-xmss.c must include those headers itself. From Martin Vahlensieck OpenBSD-Commit-ID: 70e28a9818cee3da1be2ef6503d4b396dd421e6b
* upstream: Avoid an unnecessary xstrdup in rm_env() when matchingmillert@openbsd.org2022-04-271-7/+3
| | | | | | | | patterns. Since match_pattern() doesn't modify its arguments (they are const), there is no need to make an extra copy of the strings in options->send_env. From Martin Vahlensieck OpenBSD-Commit-ID: 2c9db31e3f4d3403b49642c64ee048b2a0a39351
* Add debian-riscv64 test target.Darren Tucker2022-04-261-0/+1
|
* Update OpenSSL and LibreSSL versions in tests.Darren Tucker2022-04-251-5/+5
|
* Include stdlib.h for free() prototype.Darren Tucker2022-04-231-0/+1
| | | | ... which is used inside the CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG block.
* Cache timezone data in capsicum sandbox.Darren Tucker2022-04-232-1/+16
| | | | | From emaste at freebsd.org, originally part of FreeBSD commit r339216 / fc3c19a9 with autoconf bits added by me.
* upstream: It looks like we can't completely avoiddtucker@openbsd.org2022-04-211-7/+18
| | | | | | | waiting for processes to exit so retrieve the pid via controlmaster and use that. OpenBSD-Regress-ID: 8246f00f22b14e49d2ff1744c94897ead33d457b
* upstream: Use ssh -f and ControlPersist ..dtucker@openbsd.org2022-04-201-13/+11
| | | | | | | to start up test forwards and ssh -O stop to shut them down intead of sleep loops. This speeds up the test by an order of magnitude. OpenBSD-Regress-ID: eb3db5f805100919b092a3b2579c611fba3e83e7
* upstream: Simplify forward-control test.dtucker@openbsd.org2022-04-201-25/+9
| | | | | | | | Since we no longer need to support SSH1 we don't need to run shell commands on the other end of the connection and can use ssh -N instead. This also makes the test less racy. OpenBSD-Regress-ID: 32e94ce272820cc398f30b848b2b0f080d10302c
* upstream: regression test for sftp cp commanddjm@openbsd.org2022-04-201-1/+6
| | | | OpenBSD-Regress-ID: c96bea9edde3a384b254785e7f9b2b24a81cdf82
* upstream: Import regenerated modulidtucker@openbsd.org2022-04-201-382/+419
| | | | OpenBSD-Commit-ID: f9a0726d957cf10692a231996a1f34e7f9cdfeb0
* upstream: Try to continue running local I/O for channels in statedjm@openbsd.org2022-04-203-13/+10
| | | | | | | | OPEN during SSH transport rekeying. The most visible benefit is that it should make ~-escapes work in the client (e.g. to exit) if the connection happened to have stalled during a rekey event. Based work by and ok dtucker@ OpenBSD-Commit-ID: a66e8f254e92edd4ce09c9f750883ec8f1ea5f45
* upstream: Import regenerated modulidtucker@openbsd.org2022-04-201-0/+1
| | | | OpenBSD-Commit-ID: f9a0726d957cf10692a231996a1f34e7f9cdfeb0
* upstream: list the correct version numbertj@openbsd.org2022-04-161-4/+4
| | | | | | | for when usage of the sftp protocol became default and fix a typo from ed maste OpenBSD-Commit-ID: 24e1795ed2283fdeacf16413c2f07503bcdebb31
* upstream: Correct path for system known hosts file in descriptiondtucker@openbsd.org2022-04-161-3/+3
| | | | | | of IgnoreUserKnownHosts. Patch from Martin Vahlensieck via tech@ OpenBSD-Commit-ID: 9b7784f054fa5aa4d63cb36bd563889477127215
* Resync moduli.5 with upstream.Darren Tucker2022-04-161-5/+4
| | | | | 1.18: remove duplicate publication year; carsten dot kunze at arcor dot de 1.19: ssh-keygen's -G/-T have been replaced with -M generate/screen.
* Retire fbsd6 test VM.Darren Tucker2022-04-161-2/+0
| | | | | It's long since out of support, relatively slow (it's i686) and the compiler has trouble with PIE.
* upstream: clear io_want/io_ready flags at start of poll() cycle;djm@openbsd.org2022-04-121-2/+7
| | | | | | | avoids plausible spin during rekeying if channel io_want flags are reused across cycles. ok markus@ deraadt@ OpenBSD-Commit-ID: 91034f855b7c73cd2591657c49ac30f10322b967
* upstream: Note that curve25519-sha256 was later published indtucker@openbsd.org2022-04-121-1/+3
| | | | | | RFC8731. ok djm@ OpenBSD-Commit-ID: 2ac2b5d642d4cf5918eaec8653cad9a4460b2743
* upstream: two defensive changes from Tobias Stoeckmann via GHPR287djm@openbsd.org2022-04-121-3/+6
| | | | | | | | | | enforce stricter invarient for sshbuf_set_parent() - never allow a buffer to have a previously-set parent changed. In sshbuf_reset(), if the reallocation fails, then zero the entire buffer and not the (potentially smaller) default initial alloc size. OpenBSD-Commit-ID: 14583203aa5d50ad38d2e209ae10abaf8955e6a9
* Revert "update build-aux files to match autoconf-2.71"Damien Miller2022-04-113-1917/+2044
| | | | | | | | This reverts commit 0a8ca39fac6ad19096b6c263436f8b2dd51606f2. It turns out that the checked-in copies of these files are actually newer than autoconf-2.71's copies, so this was effectively a downgrade. Spotted by Bo Anderson via github
* update build-aux files to match autoconf-2.71Damien Miller2022-04-083-2044/+1917
| | | | i.e. config.guess, config.sub and install-sh
* update version numbers for releaseV_9_0_P1Damien Miller2022-04-063-3/+3
|
* upstream: openssh-9.0djm@openbsd.org2022-04-061-2/+2
| | | | OpenBSD-Commit-ID: 0dfb461188f4513ec024c1534da8c1ce14c20b64
* upstream: ssh: document sntrup761x25519-sha512@openssh.com asnaddy@openbsd.org2022-04-062-5/+5
| | | | | | default KEX OpenBSD-Commit-ID: 12545bfa10bcbf552d04d9d9520d0f4e98b0e171
* upstream: man pages: add missing commas between subordinate andnaddy@openbsd.org2022-04-066-21/+21
| | | | | | | | | | | main clauses jmc@ dislikes a comma before "then" in a conditional, so leave those untouched. ok jmc@ OpenBSD-Commit-ID: 9520801729bebcb3c9fe43ad7f9776ab4dd05ea3
* Disable security key on fbsd6 test host.Darren Tucker2022-04-041-0/+4
|
* Specify TEST_SHELL=bash on AIX.Darren Tucker2022-04-041-1/+3
| | | | | | The system shells cause the agent-restrict test to fail due to some quoting so explicitly specify bash until we can get configure to autmatically work around that.
* Only return events from ppoll that were requested.Darren Tucker2022-04-011-3/+3
| | | | | | | | If the underlying system's select() returns bits that were not in the request set, our ppoll() implementation can return revents for events not requested, which can apparently cause a hang. Only return revents for activity in the requested event set. bz#3416, analysis and fix by yaroslav.kuzmin at vmssoftware com, ok djm@
View Lorry Controller Status