summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* upstream: include SHA2-variant RSA key algorithms in KEX proposal;djm@openbsd.org2019-07-121-2/+7
| | | | | | | allows ssh-keyscan to harvest keys from servers that disable olde SHA1 ssh-rsa. bz#3029 from Jakub Jelen OpenBSD-Commit-ID: 9f95ebf76a150c2f727ca4780fb2599d50bbab7a
* upstream: print explicit "not modified" message if a file wasdjm@openbsd.org2019-07-121-3/+6
| | | | | | | | requested for resumed download but was considered already complete. bz#2978 ok dtucker OpenBSD-Commit-ID: f32084b26a662f16215ee4ca4a403d67e49ab986
* upstream: Fix a typo and make <esc><right> move right to thetb@openbsd.org2019-07-121-2/+2
| | | | | | | | | closest end of a word just like <esc><left> moves left to the closest beginning of a word. ok djm OpenBSD-Commit-ID: 6afe01b05ed52d8b12eb1fda6e9af5afb5e198ee
* fix typo that prevented detection of Linux VRFDamien Miller2019-07-101-1/+1
| | | | Reported by hexiaowen AT huawei.com
* upstream: cap the number of permiopen/permitlisten directives we'redjm@openbsd.org2019-07-092-3/+6
| | | | | | willing to parse on a single authorized_keys line; ok deraadt@ OpenBSD-Commit-ID: a43a752c2555d26aa3fc754805a476f6e3e30f46
* Move log.h include inside ifdefs.Darren Tucker2019-07-081-2/+2
| | | | | Fixes build on some other platforms that don't have va_list immediately available (eg NetBSD).
* Include log.h for debug() and friends.Darren Tucker2019-07-081-0/+2
| | | | Should fix some compiler warnings on IRIX (bz#3032).
* sftp-realpath.c needs includes.hDamien Miller2019-07-081-0/+2
|
* remove realpath() compat replacementDamien Miller2019-07-087-277/+3
| | | | | | | | | | | | We shipped a BSD implementation of realpath() because sftp-server depended on its behaviour. OpenBSD is now moving to a more strictly POSIX-compliant realpath(2), so sftp-server now unconditionally requires its own BSD-style realpath implementation. As such, there is no need to carry another independant implementation in openbsd-compat. ok dtucker@
* upstream: Remove some set but never used variables. ok daraadt@dtucker@openbsd.org2019-07-085-18/+12
| | | | OpenBSD-Commit-ID: 824baf9c59afc66a4637017e397b9b74a41684e7
* upstream: still compile uuencode.c, unbreaks buildderaadt@openbsd.org2019-07-081-0/+1
| | | | OpenBSD-Commit-ID: 5ea3d63ab972691f43e9087ab5fd8376d48e898f
* upstream: revert header removal that snuck into previousdjm@openbsd.org2019-07-081-1/+2
| | | | OpenBSD-Commit-ID: 3919cdd58989786660b8269b325646ef8856428e
* upstream: add a local implementation of BSD realpath() fordjm@openbsd.org2019-07-084-6/+231
| | | | | | | | sftp-server use ahead of OpenBSD's realpath changing to match POSIX; ok deraadt@ (thanks for snaps testing) OpenBSD-Commit-ID: 4f8cbf7ed8679f6237264301d104ecec64885d55
* Add prototype for strnlen to prevent warnings.Darren Tucker2019-07-061-0/+4
|
* Cast *ID types to unsigned long when printing.Darren Tucker2019-07-062-8/+8
| | | | | UID and GID types vary by platform so cast to u_long and use %lu when printing them to prevent warnings.
* Add prototype for compat strndup.(bz#3032).Darren Tucker2019-07-061-0/+4
|
* Add missing bracket in EGD seeding code.Darren Tucker2019-07-061-3/+4
| | | | | | When configured --with-prngd-socket the code had a missing bracket after an API change. Fix that and a couple of warnings. bz#3032 , from ole.weidner at protonmail.ch
* upstream: Add (recently added) rsa_oldfmt to CLEANFILES.dtucker@openbsd.org2019-07-051-1/+2
| | | | OpenBSD-Regress-ID: 405beda94e32aa6cc9c80969152fab91f7c54bd3
* upstream: Adapt the PuTTY/Conch tests to new key names.dtucker@openbsd.org2019-07-052-8/+8
| | | | | | | | | A recent regress change (2a9b3a2ce411d16cda9c79ab713c55f65b0ec257 in portable) broke the PuTTY and Twisted Conch interop tests, because the key they want to use is now called ssh-rsa rather than rsa. Adapt the tests to the new file names. bz#3020, patch from cjwatson at debian.org. OpenBSD-Regress-ID: fd342a37db4d55aa4ec85316f73082c8eb96e64e
* upstream: Add a sleep to allow forwards to come up.dtucker@openbsd.org2019-07-051-1/+7
| | | | | | | | | Currently when the multiplex client requests a forward it returns once the request has been sent but not necessarily when the forward is up. This causes intermittent text failures due to this race, so add some sleeps to mitigate this until we can fix it properly. OpenBSD-Regress-ID: 384c7d209d2443d25ea941d7f677e932621fb253
* Remove nc stderr redirection to resync w/OpenBSD.Darren Tucker2019-07-051-1/+1
|
* Do not fatal on failed lookup of group "tty".Darren Tucker2019-07-051-1/+1
| | | | | | Some platforms (eg AIX and Cygwin) do not have a "tty" group. In those cases we will fall back to making the tty device the user's primary group, so do not fatal if the group lookup fails. ok djm@
* upstream: fatal() if getgrnam() cannot find "tty"deraadt@openbsd.org2019-07-051-1/+3
| | | | OpenBSD-Commit-ID: d148c1c052fa0ed7d105b5428b5c1bab91630048
* upstream: stat() returns precisely -1 to indicate errorderaadt@openbsd.org2019-07-051-2/+2
| | | | OpenBSD-Commit-ID: 668e8d022ed4ab847747214f64119e5865365fa1
* upstream: snprintf/vsnprintf return < 0 on error, rather than -1.deraadt@openbsd.org2019-07-051-2/+2
| | | | OpenBSD-Commit-ID: a261c421140a0639bb2b66bbceca72bf8239749d
* upstream: When system calls indicate an error they return -1, notderaadt@openbsd.org2019-07-0531-249/+249
| | | | | | | | some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future. OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
* upstream: asprintf returns -1, not an arbitrary value < 0. Alsoderaadt@openbsd.org2019-07-021-2/+2
| | | | | | | | upon error the (very sloppy specification) leaves an undefined value in *ret, so it is wrong to inspect it, the error condition is enough. discussed a little with nicm, and then much more with millert until we were exasperated OpenBSD-Commit-ID: 29258fa51edf8115d244b9d4b84028487bf8923e
* upstream: oops, from asouderaadt@openbsd.org2019-06-281-2/+2
| | | | OpenBSD-Commit-ID: 702e765d1639b732370d8f003bb84a1c71c4d0c6
* upstream: Some asprintf() calls were checked < 0, rather than thederaadt@openbsd.org2019-06-284-14/+14
| | | | | | precise == -1. ok millert nicm tb, etc OpenBSD-Commit-ID: caecf8f57938685c04f125515b9f2806ad408d53
* upstream: fix NULL deference (bzero) on errdjm@openbsd.org2019-06-281-2/+2
| | | | | | | | | | | | =?UTF-8?q?or=20path=20added=20in=20last=20commit;=20spotted=20by=20Reynir?= =?UTF-8?q?=20Bj=C3=B6rnsson?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ok deraadt@ markus@ tb@ OpenBSD-Commit-ID: b11b084bcc551b2c630560eb08618dd501027bbd
* Update README doc to include missing test casesJitendra Sharma2019-06-271-14/+65
| | | | | | Readme regress document is missing various individual tests, which are supported currently. Update README to include those test cases.
* upstream: Remove unneeded unlink of xauthfile odtucker@openbsd.org2019-06-271-2/+1
| | | | | | | | | | =?UTF-8?q?n=20error=20path.=20=20From=20Erik=20Sj=C3=B6lund=20via=20githu?= =?UTF-8?q?b,=20ok=20djm@=20deraadt@?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenBSD-Commit-ID: 62a4893cf83b29a4bbfedc40e7067c25c203e632
* upstream: fix mismatch proto/decl from key shielding change; spotteddjm@openbsd.org2019-06-231-2/+2
| | | | | | via oss-fuzz OpenBSD-Commit-ID: 1ea0ba05ded2c5557507bd844cd446e5c8b5b3b7
* upstream: adapt for key shielding API changes (const removal)djm@openbsd.org2019-06-211-3/+3
| | | | OpenBSD-Regress-ID: 298890bc52f0cd09dba76dc1022fabe89bc0ded6
* upstream: Add protection for private keys at rest in RAM againstdjm@openbsd.org2019-06-2111-41/+324
| | | | | | | | | | | | | | | | | | | | | | | | | speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer and Rambleed. This change encrypts private keys when they are not in use with a symmetic key that is derived from a relatively large "prekey" consisting of random data (currently 16KB). Attackers must recover the entire prekey with high accuracy before they can attempt to decrypt the shielded private key, but the current generation of attacks have bit error rates that, when applied cumulatively to the entire prekey, make this unlikely. Implementation-wise, keys are encrypted "shielded" when loaded and then automatically and transparently unshielded when used for signatures or when being saved/serialised. Hopefully we can remove this in a few years time when computer architecture has become less unsafe. been in snaps for a bit already; thanks deraadt@ ok dtucker@ deraadt@ OpenBSD-Commit-ID: 19767213c312e46f94b303a512ef8e9218a39bd4
* upstream: print the correct AuthorizedPrincipalsCommand rather thandjm@openbsd.org2019-06-211-3/+3
| | | | | | an uninitialised variable; spotted by dtucker@ OpenBSD-Commit-ID: 02802018784250f68202f01c8561de82e17b0638
* upstream: from tim: - for reput, it is remote-path which isjmc@openbsd.org2019-06-212-22/+30
| | | | | | | | | | | | | | | | | | | optional, not local-path - sync help from deraadt: - prefer -R and undocument -r (but add a comment for future editors) from schwarze: - prefer -p and undocument -P (as above. the comment was schwarze's too) more: - add the -f flag to reput and reget - sort help (i can;t remember who suggested this originally) djm and deraadt were ok with earlier versions of this; tim and schwarze ok OpenBSD-Commit-ID: 3c699b53b46111f5c57eed4533f132e7e58bacdd
* upstream: check for convtime() refusing to accept times thatdjm@openbsd.org2019-06-191-1/+3
| | | | | | resolve to LONG_MAX Reported by Kirk Wolf bz2977; ok dtucker OpenBSD-Regress-ID: 15c9fe87be1ec241d24707006a31123d3a3117e0
* upstream: Add unit tests for user@host and URI parsing.dtucker@openbsd.org2019-06-191-2/+2
| | | | OpenBSD-Regress-ID: 69d5b6f278e04ed32377046f7692c714c2d07a68
* upstream: Add tests for sshd -T -C with Match.dtucker@openbsd.org2019-06-191-3/+46
| | | | OpenBSD-Regress-ID: d4c34916fe20d717692f10ef50b5ae5a271c12c7
* Include stdio.h for vsnprintf.Darren Tucker2019-06-161-0/+1
| | | | Patch from mforney at mforney.org.
* upstream rev 1.27: fix integer overflow.Darren Tucker2019-06-141-2/+2
| | | | | | | Cast bitcount to u_in64_t before bit shifting to prevent integer overflow on 32bit platforms which cause incorrect results when adding a block >=512M in size. sha1 patch from ante84 at gmail.com via openssh github, sha2 with djm@, ok tedu@
* upstream rev 1.25: add DEF_WEAK.Darren Tucker2019-06-141-1/+6
| | | | | Wrap blowfish, sha*, md5, and rmd160 so that internal calls go direct ok deraadt@
* upstream rev 1.25: add sys/types.hDarren Tucker2019-06-141-2/+2
|
* upstream: Use explicit_bzero instead of memsetDarren Tucker2019-06-141-2/+2
| | | | in hash Final and End functions. OK deraadt@ djm@
* upstream: slightly more instructive error message when the userdjm@openbsd.org2019-06-141-3/+6
| | | | | | specifies multiple -J options on the commandline. bz3015 ok dtucker@ OpenBSD-Commit-ID: 181c15a65cac3b575819bc8d9a56212c3c748179
* upstream: process agent requests for RSA certificate private keys usingdjm@openbsd.org2019-06-141-1/+6
| | | | | | | correct signature algorithm when requested. Patch from Jakub Jelen in bz3016 ok dtucker markus OpenBSD-Commit-ID: 61f86efbeb4a1857a3e91298c1ccc6cf49b79624
* upstream: for public key authentication, check AuthorizedKeysFilesdjm@openbsd.org2019-06-141-11/+18
| | | | | | files before consulting AuthorizedKeysCommand; ok dtucker markus OpenBSD-Commit-ID: 13652998bea5cb93668999c39c3c48e8429db8b3
* upstream: if passed a bad fd, log what it wasdjm@openbsd.org2019-06-141-2/+2
| | | | OpenBSD-Commit-ID: 582e2bd05854e49365195b58989b68ac67f09140
* upstream: Hostname->HostName cleanup; from lauri tirkkonen okjmc@openbsd.org2019-06-147-22/+22
| | | | | | dtucker OpenBSD-Commit-ID: 4ade73629ede63b691f36f9a929f943d4e7a44e4
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-30 01:58:54 +0100