summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* fix utmpx ifdefChristoph Ostarek2024-09-241-2/+2
| | | | | 02e16ad95fb1f56ab004b01a10aab89f7103c55d did a copy-paste for utmpx, but forgot to change the ifdef appropriately
* upstream: remove some unused defines; ok djm@jsg@openbsd.org2024-09-244-12/+4
| | | | OpenBSD-Commit-ID: 81869ee6356fdbff19dae6ff757095e6b24de712
* upstream: remove unneeded semicolons; checked by millert@jsg@openbsd.org2024-09-242-5/+5
| | | | OpenBSD-Commit-ID: 3fb621a58e04b759a875ad6a33f35bb57ca80231
* Add 9.9 branch to CI status console.Darren Tucker2024-09-231-0/+4
|
* update version numbersDamien Miller2024-09-203-3/+3
|
* upstream: openssh-9.9djm@openbsd.org2024-09-201-2/+2
| | | | OpenBSD-Commit-ID: 303417285f1a73b9cb7a2ae78d3f493bbbe31f98
* include openbsd-compat/base64.c license in LICENSEDamien Miller2024-09-181-0/+41
|
* conditionally include mman.h in arc4random codeDamien Miller2024-09-182-2/+4
|
* fix bug in recently-added sntrup761 fuzzerDamien Miller2024-09-171-2/+2
| | | | | key values need to be static to persist across invocations; spotted by the Qualys Security Advisory team.
* upstream: use 64 bit math to avoid signed underflow. upstream codedjm@openbsd.org2024-09-162-8/+13
| | | | | | | relies on using -fwrapv to provide defined over/underflow behaviour, but we use -ftrapv to catch integer errors and abort the program. ok dtucker@ OpenBSD-Commit-ID: 8933369b33c17b5f02479503d0a92d87bc3a574b
* upstream: minor grammar/sort fixes for refuseconnection; ok djmjmc@openbsd.org2024-09-161-4/+4
| | | | OpenBSD-Commit-ID: 1c81f37b138b8b66abba811fec836388a0f3e6da
* avoid gcc warning in fuzz testDamien Miller2024-09-151-1/+1
|
* upstream: bad whitespace in config dump outputdjm@openbsd.org2024-09-151-2/+2
| | | | OpenBSD-Commit-ID: d899c13b0e8061d209298eaf58fe53e3643e967c
* use construct_utmp to construct btmp recordsDamien Miller2024-09-151-63/+26
| | | | Simpler and removes some code with the old-style BSD license.
* upstream: update the Streamlined NTRU Prime code from the "ref"djm@openbsd.org2024-09-153-1022/+1925
| | | | | | | | | | | implementation in SUPERCOP 20201130 to the "compact" implementation in SUPERCOP 20240808. The new version is substantially faster. Thanks to Daniel J Bernstein for pointing out the new implementation (and of course for writing it). tested in snaps/ok deraadt@ OpenBSD-Commit-ID: bf1a77924c125ecdbf03e2f3df8ad13bd3dafdcb
* upstream: document Match invalid-userdjm@openbsd.org2024-09-151-2/+6
| | | | OpenBSD-Commit-ID: 2c84a9b517283e9711e2812c1f268081dcb02081
* upstream: add a "Match invalid-user" predicate to sshd_config Matchdjm@openbsd.org2024-09-154-8/+25
| | | | | | | | | | | | | | | | | | options. This allows writing Match conditions that trigger for invalid username. E.g. PerSourcePenalties refuseconnection:90s Match invalid-user RefuseConnection yes Will effectively penalise bots try to guess passwords for bogus accounts, at the cost of implicitly revealing which accounts are invalid. feedback markus@ OpenBSD-Commit-ID: 93d3a46ca04bbd9d84a94d1e1d9d3a21073fbb07
* upstream: Add a "refuseconnection" penalty class to sshd_configdjm@openbsd.org2024-09-156-11/+42
| | | | | | | | | PerSourcePenalties This allows penalising connection sources that have had connections dropped by the RefuseConnection option. ok markus@ OpenBSD-Commit-ID: 3c8443c427470bb3eac1880aa075cb4864463cb6
* upstream: Add a sshd_config "RefuseConnection" optiondjm@openbsd.org2024-09-155-6/+38
| | | | | | | | | If set, this will terminate the connection at the first authentication request (this is the earliest we can evaluate sshd_config Match blocks) ok markus@ OpenBSD-Commit-ID: 43cc2533984074c44d0d2f92eb93f661e7a0b09c
* upstream: switch sshd_config Match processing to the argv tokeniserdjm@openbsd.org2024-09-151-20/+16
| | | | | | too; ok markus@ OpenBSD-Commit-ID: b74b5b0385f2e0379670e2b869318a65b0bc3923
* upstream: switch "Match" directive processing over to the argvdjm@openbsd.org2024-09-151-21/+14
| | | | | | | string tokeniser, making it possible to use shell-like quoting in Match directives, particularly "Match exec". ok markus@ OpenBSD-Commit-ID: 0877309650b76f624b2194c35dbacaf065e769a5
* upstream: include pathname in some of the ssh-keygen passphrasedjm@openbsd.org2024-09-151-9/+17
| | | | | | | prompts. Helps the user know what's going on when ssh-keygen is invoked via other tools. Requested in GHPR503 OpenBSD-Commit-ID: 613b0bb6cf845b7e787d69a5b314057ceda6a8b6
* upstream: Do not apply authorized_keys options when signaturedjm@openbsd.org2024-09-151-2/+2
| | | | | | | verification fails. Prevents restrictive key options being incorrectly applied to subsequent keys in authorized_keys. bz3733, ok markus@ OpenBSD-Commit-ID: ba3776d9da4642443c19dbc015a1333622eb5a4e
* Fix without_openssl always being set to 1Wu Weixin2024-09-131-2/+2
| | | | | In Fedora systems, %{?rhel} is empty. In RHEL systems, %{?fedora} is empty. Therefore, the original code always sets without_openssl to 1.
* upstream: Relax absolute path requirement back to what it was prior todjm@openbsd.org2024-09-121-2/+2
| | | | | | | OpenSSH 9.8, which incorrectly required that sshd was started with an absolute path in inetd mode. bz3717, patch from Colin Wilson OpenBSD-Commit-ID: 25c57f22764897242d942853f8cccc5e991ea058
* upstream: document the mlkem768x25519-sha256 key exchange algorithmnaddy@openbsd.org2024-09-112-4/+8
| | | | OpenBSD-Commit-ID: fa18dccdd9753dd287e62ecab189b3de45672521
* Spell omnios test host correctly.Darren Tucker2024-09-101-1/+1
|
* Add omnios test target.Darren Tucker2024-09-101-0/+2
|
* Wrap stdint.h in ifdef.Darren Tucker2024-09-101-0/+2
|
* Also test PAM on dfly64.Darren Tucker2024-09-101-0/+1
|
* stubs for ML-KEM KEX functionsDamien Miller2024-09-091-2/+23
| | | | used for C89 compilers
* declare defeat trying to detect C89 compilersDamien Miller2024-09-092-18/+2
| | | | | | | I can't find a reliable way to detect the features the ML-KEM code requires in configure. Give up for now and use VLA support (that we can detect) as a proxy for "old compiler" and turn off ML-KEM if it isn't supported.
* fix previous; check for C99 compound literalsDamien Miller2024-09-092-8/+9
| | | | | The previous commit was incorrect (or at least insufficient), the ML-KEM code is actually using compound literals, so test for them.
* test for compiler feature needed for ML-KEMDamien Miller2024-09-095-1/+25
| | | | | | | The ML-KEM implementation we uses need the compiler to support C99-style named struct initialisers (e.g foo = {.bar = 1}). We still support (barely) building OpenSSH with older compilers, so add a configure test for this.
* upstream: test mlkem768x25519-sha256djm@openbsd.org2024-09-092-2/+5
| | | | OpenBSD-Regress-ID: 7baf6bc39ae55648db1a2bfdc55a624954847611
* upstream: pull post-quantum ML-KEM/x25519 key exchange out fromdjm@openbsd.org2024-09-0910-40/+9
| | | | | | | | | | | compile-time flag now than an IANA codepoint has been assigned for the algorithm. Add mlkem768x25519-sha256 in 2nd KexAlgorithms preference slot. ok markus@ OpenBSD-Commit-ID: 9f50a0fae7d7ae8b27fcca11f8dc6f979207451a
* upstream: make parsing user@host consistently look for the last '@' indjm@openbsd.org2024-09-062-6/+6
| | | | | | | | | | | | the string rather than the first. This makes it possible to use usernames that contain '@' characters. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Prompted by Max Zettlmeißl; feedback/ok millert@ OpenBSD-Commit-ID: 0b16eec246cda15469ebdcf3b1e2479810e394c5
* upstream: be more strict in parsing key type names. Only allowdjm@openbsd.org2024-09-044-13/+28
| | | | | | | | | shortnames (e.g "rsa") in user-interface code and require full SSH protocol names (e.g. "ssh-rsa") everywhere else. Prompted by bz3725; ok markus@ OpenBSD-Commit-ID: b3d8de9dac37992eab78adbf84fab2fe0d84b187
* upstream: fix RCSID in outputdjm@openbsd.org2024-09-041-2/+2
| | | | OpenBSD-Commit-ID: 889ae07f2d2193ddc4351711919134664951dd76
* upstream: envrionment -> environment;jmc@openbsd.org2024-09-041-2/+2
| | | | OpenBSD-Commit-ID: b719f39c20e8c671ec6135c832d6cc67a595af9c
* add basic fuzzers for our import of sntrup761Damien Miller2024-09-046-16/+265
|
* upstream: regression test for Include variable expansiondjm@openbsd.org2024-09-031-2/+24
| | | | OpenBSD-Regress-ID: 35477da3ba1abd9ca64bc49080c50a9c1350c6ca
* upstream: allow the "Include" directive to expand the same set ofdjm@openbsd.org2024-09-032-47/+95
| | | | | | | | %-tokens that "Match Exec" and environment variables. ok dtucker@ OpenBSD-Commit-ID: 12ef521eaa966a9241e684258564f52f1f3c5d37
* upstream: missing ifdefdjm@openbsd.org2024-09-021-2/+4
| | | | OpenBSD-Commit-ID: 85f09da957dd39fd0abe08fe5ee19393f25c2021
* upstream: Add experimental support for hybrid post-quantum key exchangedjm@openbsd.org2024-09-0216-12/+12812
| | | | | | | | | | | | | | | | | | ML-KEM768 with ECDH/X25519 from the Internet-draft: https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03 This is based on previous patches from markus@ but adapted to use the final FIPS203 standard ML-KEM using a formally-verified implementation from libcrux. Note this key exchange method is still a draft and thus subject to change. It is therefore disabled by default; set MLKEM=yes to build it. We're making it available now to make it easy for other SSH implementations to test against it. ok markus@ deraadt@ OpenBSD-Commit-ID: 02a8730a570b63fa8acd9913ec66353735dea42c
* Don't skip audit before exitting cleanup_exitAntonio Larrosa2024-08-281-3/+3
| | | | | | | | | | | This fixes an issue where the SSH_CONNECTION_ABANDON event is not audited because cleanup_exit overrides the regular _exit too soon and as a result, failed auth attempts are not logged correctly. The problem was introduced in 81c1099d22b81ebfd20a334ce986c4f753b0db29 where the code from upstream was merged before the audit_event call when it should have been merged right before the _exit call in order to honor the comment that just mentions an override of the exit value.
* upstream: fix test: -F is the argument to specify a non-defaultdjm@openbsd.org2024-08-281-3/+3
| | | | | | ssh_config, not -f (this is sadly not a new bug) OpenBSD-Regress-ID: 45a7bda4cf33f2cea218507d8b6a55cddbcfb322
* upstream: As defined in the RFC, the SSH protocol has negotiablederaadt@openbsd.org2024-08-275-15/+10
| | | | | | | | | | | | | | | | | | | | | | compression support (which is requested as the name "zlib"). Compression starts very early in the session. Relative early in OpenSSH lifetime, privsep was added to sshd, and this required a shared-memory hack so the two processes could see what was going on in the dataflow. This shared-memory hack was soon recognized as a tremendous complexity risk, because it put libz (which very much trusts it's memory) in a dangerous place, and a new option ("zlib@openssh.com") was added begins compression after authentication (aka delayed-compression). That change also permitted removal of the shared-memory hack. Despite removal from the server, the old "zlib" support remained in the client, to allow negotiation with non-OpenSSH daemons which lack the delayed-compression option. This commit deletes support for the older "zlib" option in the client. It reduces our featureset in a small way, and encourages other servers to move to a better design. The SSH protocol is different enough that compressed-key-material attacks like BEAST are unlikely, but who wants to take the chance? We encourage other ssh servers who care about optional compression support to add delayed-zlib support. (Some already do "zlib@openssh.com") ok djm markus OpenBSD-Commit-ID: 6df986f38e4ab389f795a6e39e7c6857a763ba72
* upstream: sntrup761x25519-sha512 now has an IANA codepoint assigned, sodjm@openbsd.org2024-08-235-10/+16
| | | | | | | we can make the algorithm available without the @openssh.com suffix too. ok markus@ deraadt@ OpenBSD-Commit-ID: eeed8fcde688143a737729d3d56d20ab4353770f
* Move rekey test into valgrind-2.Darren Tucker2024-08-222-7/+2
| | | | | | | Now that the rekey test has been optimized it's fast enough to not be in its own valgrind test, so move it into valgrind-2, which is currently the quickest of the others, bringing all of them to roughly the same runtime of ~1.1 hours.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 00:36:35 +0100