summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* upstream: Remove unused prototypes for ssh1 RSA functions.HEADmasterdtucker@openbsd.org2023-05-101-4/+1
| | | | | | From lengyijun via github PR#396. OpenBSD-Commit-ID: 379a5afa8b7a0f3cba0c8a9bcceb4e5e33a5c1ef
* main(void) to prevent unused variable warning.Darren Tucker2023-05-091-1/+1
|
* Remove warning pragma since clang doesn't like it.Darren Tucker2023-05-091-3/+0
|
* Suppress warning for snprintf truncation test.Darren Tucker2023-05-091-2/+7
|
* Update OpenSSL compat test for 3.x.Darren Tucker2023-05-091-9/+20
|
* Add macos13 PAM test target.Darren Tucker2023-05-081-0/+1
|
* Skip agent-peereid test on macos13.Darren Tucker2023-05-081-1/+7
| | | | | sudo -S nobody doesn't work on the github runners (probably a permission issue) so skip that test.
* Include config.guess in debug output.Darren Tucker2023-05-081-1/+3
|
* Handle OpenSSL >=3 ABI compatibility.Darren Tucker2023-05-081-9/+11
| | | | | | Beyond OpenSSL 3.0, the ABI compatibility guarantees are wider (only major must match instead of major and minor in earlier versions). bz#3548, ok djm@
* upstream: Import regenerated moduli.dtucker@openbsd.org2023-05-011-424/+444
| | | | OpenBSD-Commit-ID: 3d5f811cfcaed8cc4a97e1db49ac61bdf118113c
* Add macos-13 test target.Darren Tucker2023-05-011-1/+8
| | | | Also flatten OS list for clarity.
* upstream: adjust ftruncate() logic to handle servers that reorderdjm@openbsd.org2023-05-011-11/+39
| | | | | | | | | | | | | | | | | | requests. sftp/scp will ftruncate the destination file after a transfer completes, to deal with the case where a longer destination file already existed. We tracked the highest contiguous block transferred to deal with this case, but our naive tracking doesn't deal with servers that reorder requests - a misfeature strictly permitted by the protocol but seldom implemented. Adjust the logic to ftruncate() at the highest absolute block received when the transfer is successful. feedback deraadt@ ok markus@ prompted by https://github.com/openssh/openssh-portable/commit/9b733#commitcomment-110679778 OpenBSD-Commit-ID: 4af7fac75958ad8507b4fea58706f3ff0cfddb1b
* upstream: Check for ProxyJump=none in CanonicalizeHostname logic.djm@openbsd.org2023-04-261-3/+3
| | | | | | | | | Previously ssh would incorrectly refuse to canonicalise the hostname if ProxyJump was explicitly set to "none" when CanonicalizeHostname=yes bz3567; ok dtucker OpenBSD-Commit-ID: 80a58e43c3a32f97361282f756ec8d3f37989efd
* upstream: remove duplicate signal.h includejsg@openbsd.org2023-04-171-2/+1
| | | | OpenBSD-Commit-ID: 30c0a34d74d91ddd0e6992525da70d3293392f70
* upstream: fix double words ok dtucker@jsg@openbsd.org2023-04-174-8/+8
| | | | OpenBSD-Commit-ID: 44d3223902fbce5276422bdc8063ab72a4078489
* Test against LibreSSL 3.7.2.Darren Tucker2023-04-111-1/+1
|
* remove unused upper-case const strings in fmtfpDamien Miller2023-04-061-4/+4
| | | | | no float format that uses upper-case is supported nor are hex floats. ok dtucker
* upstream: simplify sshsig_find_principals() similar to what happened todjm@openbsd.org2023-04-061-4/+3
| | | | | | sshsig_check_allowed_keys() in r1.31, removing some dead code OpenBSD-Commit-ID: a493e628d4d6c08f878c276d998f4313ba61702d
* upstream: remove redundant ssh!=NULL check; we'd alreadydjm@openbsd.org2023-04-061-2/+2
| | | | | | dereferenced it OpenBSD-Commit-ID: 852bf12591ec5a9fb12dcbde9b1fd3945ad0df3c
* upstream: match_user() shouldn't be called with user==NULL unlessdjm@openbsd.org2023-04-061-1/+4
| | | | | | host and ipaddr are also NULL OpenBSD-Commit-ID: fa3518346c21483e9e01a2e4b9436ae501daf8ea
* upstream: don't care about glob() return value here.djm@openbsd.org2023-04-061-2/+2
| | | | OpenBSD-Commit-ID: 85bb82fea90478a482e9f65a1bec0aa24227fd66
* upstream: Move up null check and simplify process_escapes.dtucker@openbsd.org2023-04-031-7/+5
| | | | | | | | | Based on Coverity CID 291863 which points out we check the channel pointer for NULLness after dereferencing it. Move this to the start of the function, and while there simplify initialization of efc a bit. ok djm@ OpenBSD-Commit-ID: de36e5ad6fde0fe263ca134e986b9095dc59380a
* need va_end() after va_copy(); ok dtuckerDamien Miller2023-04-031-10/+13
| | | | spotted by Coverity
* upstream: Explicitly ignore return from waitpid here too.dtucker@openbsd.org2023-03-311-3/+3
| | | | OpenBSD-Commit-ID: eef2403df083c61028969fc679ee370373eacacb
* upstream: Explictly ignore return codesdtucker@openbsd.org2023-03-313-8/+8
| | | | | | where we don't check them. OpenBSD-Commit-ID: 1ffb03038ba1b6b72667be50cf5e5e396b5f2740
* upstream: Return immediately from get_sock_portdtucker@openbsd.org2023-03-311-1/+3
| | | | | | | if sock <0 so we don't call getsockname on a negative FD. From Coverity CID 291840, ok djm@ OpenBSD-Commit-ID: de1c1130646230c2eda559831fc6bfd1b61d9618
* upstream: don't leak arg2 on parse_pubkey_algos error path; okdjm@openbsd.org2023-03-311-1/+2
| | | | | | dtucker@ OpenBSD-Commit-ID: 7d0270ad3dd102412ca76add2b3760518abdef75
* upstream: clamp max number of GSSAPI mechanisms to 2048; ok dtuckerdjm@openbsd.org2023-03-311-3/+9
| | | | OpenBSD-Commit-ID: ce66db603a913d3dd57063e330cb5494d70722c4
* upstream: don't print key if printing hostname failed; with/okdjm@openbsd.org2023-03-311-4/+5
| | | | | | dtucker@ OpenBSD-Commit-ID: ad42971a6ee5a46feab2d79f7f656f8cf4b119f3
* upstream: remove redundant testdjm@openbsd.org2023-03-311-2/+2
| | | | OpenBSD-Commit-ID: 6a0b719f9b1ae9d42ad8c5b144c7962c93792f7c
* upstream: don't attempt to decode a ridiculous number ofdjm@openbsd.org2023-03-311-1/+3
| | | | | | attributes; harmless because of bounds elsewhere, but better to be explicit OpenBSD-Commit-ID: 1a34f4b6896155b80327d15dc7ccf294b538a9f2
* upstream: remove unused variable; prompted by Coverity CID 291879djm@openbsd.org2023-03-311-4/+1
| | | | OpenBSD-Commit-ID: 4c7d20ef776887b0ba1aabcfc1b14690e4ad0a40
* upstream: Check fd against >=0 instead of >0 in error path. Thedtucker@openbsd.org2023-03-311-2/+2
| | | | | | | dup could in theory return fd 0 although currently it doesn't in practice. From Dmitry Belyavskiy vi github PR#238. OpenBSD-Commit-ID: 4a95f3f7330394dffee5c749d52713cbf3b54846
* upstream: Ignore return value from muxclient(). It normally loopsdtucker@openbsd.org2023-03-311-2/+2
| | | | | | | without returning, but it if returns on failure we immediately exit. Coverity CID 405050. OpenBSD-Commit-ID: ab3fde6da384ea588226037c38635a6b2e015295
* don't call connect() on negative socketDamien Miller2023-03-311-1/+3
| | | | Coverity CID 405037
* upstream: return SSH_ERR_KEY_NOT_FOUND if the allowed_signers filedjm@openbsd.org2023-03-301-3/+3
| | | | | | | is empty, not SSH_ERR_INTERNAL_ERROR. Also remove some dead code spotted by Coverity; with/ok dtucker@ OpenBSD-Commit-ID: 898a1e817cda9869554b1f586a434f67bcc3b650
* upstream: Remove dead code from inside if block.dtucker@openbsd.org2023-03-301-3/+1
| | | | | | | The only way the if statement can be true is if both dup()s fail, and in that case the tmp2 can never be set. Coverity CID 291805, ok djm@ OpenBSD-Commit-ID: c0d6089b3fb725015462040cd94e23237449f0c8
* child_set_eng: verify both env pointer and count.Darren Tucker2023-03-301-0/+2
| | | | | | If child_set env was called with a NULL env pointer and a non-zero count it would end up in a null deref, although we don't currently do this. Prompted by Coverity CID 291850, tweak & ok djm@
* upstream: Ignore return from sshpkt_disconnectdtucker@openbsd.org2023-03-291-2/+2
| | | | | | | since we set our own return value for the function. Coverity CID 291797, ok djm@ OpenBSD-Commit-ID: 710b57ba954c139240895e23feea41f203201f04
* upstream: Plug potential mem leak in process_put.dtucker@openbsd.org2023-03-291-1/+3
| | | | | | | It allocates abs_dst inside a loop but only frees it on exit, so free inside the loop if necessary. Coverity CID 291837, ok djm@ OpenBSD-Commit-ID: a01616503a185519b16f00dde25d34ceaf4ae1a3
* upstream: fix memory leak; Coverity CID 291848djm@openbsd.org2023-03-291-11/+10
| | | | | | with/ok dtucker@ OpenBSD-Commit-ID: 37f80cb5d075ead5a00ad1b74175684ab1156ff8
* upstream: Plug more mem leaks in sftp by makingdtucker@openbsd.org2023-03-282-8/+14
| | | | | | | | | make_absolute_pwd_glob work in the same way as make_absolute: you pass it a dynamically allocated string and it either returns it, or frees it and allocates a new one. Patch from emaste at freebsd.org and https://reviews.freebsd.org/D37253 ok djm@ OpenBSD-Commit-ID: 85f7404e9d47fd28b222fbc412678f3361d2dffc
* upstream: Remove compat code for OpenSSL < 1.1.*dtucker@openbsd.org2023-03-281-9/+1
| | | | | | since -portable no longer supports them. OpenBSD-Commit-ID: ea2893783331947cd29a67612b4e56f818f185ff
* upstream: Remove compat code for OpenSSL 1.0.*dtucker@openbsd.org2023-03-281-9/+0
| | | | | | versions now that -portable has dropped support for those versions. OpenBSD-Regress-ID: 82a8eacd87aec28e4aa19f17246ddde9d5ce7fe7
* Prevent conflicts between Solaris SHA2 and OpenSSL.Darren Tucker2023-03-281-1/+23
| | | | | We used to prevent conflicts between native SHA2 headers and OpenSSL's by setting OPENSSL_NO_SHA but that was removed prior to OpenSSL 1.1.0
* Remove HEADER_SHA_H from previous...Darren Tucker2023-03-281-1/+0
| | | | since it causes more problems than it solves.
* Replace OPENSSL_NO_SHA with HEADER_SHA_H.Darren Tucker2023-03-281-1/+1
| | | | | | Since this test doesn't use OpenSSL's SHA2 and may cause conflicts we don't want to include it, but OPENSSL_NO_SHA was removed beginning in OpenSSL's 1.1 series.
* Configure with --target instead of deprecated form.Darren Tucker2023-03-281-1/+1
|
* Pass rpath when building 64bit Solaris.Darren Tucker2023-03-271-1/+1
|
* Explicitly disable OpenSSL on AIX test VM.Darren Tucker2023-03-271-0/+1
|
View Lorry Controller Status