summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Enable specific ioctl call for EP11 crypto card (s390)Eduardo Barretto2019-10-051-0/+2
| | | | | | | The EP11 crypto card needs to make an ioctl call, which receives an specific argument. This crypto card is for s390 only. Signed-off-by: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
* upstream: fix memory leak in error path; bz#3074 patch fromdjm@openbsd.org2019-10-041-3/+2
| | | | | | krishnaiah.bommu@intel.com, ok dtucker OpenBSD-Commit-ID: d031853f3ecf47b35a0669588f4d9d8e3b307b3c
* upstream: spacedjm@openbsd.org2019-10-041-2/+2
| | | | OpenBSD-Commit-ID: 350648bcf00a2454e7ef998b7d88e42552b348ac
* upstream: more sshsig regress tests: check key revocation, thedjm@openbsd.org2019-10-041-3/+59
| | | | | | | | check-novalidate signature test mode and signing keys in ssh-agent. From Sebastian Kinne (slightly tweaked) OpenBSD-Regress-ID: b39566f5cec70140674658cdcedf38752a52e2e2
* upstream: Check for gmtime failure in moduli generation. Based ondtucker@openbsd.org2019-10-041-1/+3
| | | | | | patch from krishnaiah.bommu@intel.com, ok djm@ OpenBSD-Commit-ID: 4c6a4cde0022188ac83737de08da0e875704eeaa
* upstream: use a more common options order in SYNOPSIS and syncjmc@openbsd.org2019-10-042-35/+33
| | | | | | | | usage(); while here, no need for Bk/Ek; ok dtucker OpenBSD-Commit-ID: 38715c3f10b166f599a2283eb7bc14860211bb90
* upstream: thinko in previous; spotted by Mantasdjm@openbsd.org2019-10-021-2/+2
| | | | | | | | | =?UTF-8?q?=20Mikul=C4=97nas?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenBSD-Commit-ID: ffa3f5a45e09752fc47d9041e2203ee2ec15b24d
* upstream: make signature format match PROTOCOdjm@openbsd.org2019-10-021-2/+2
| | | | | | | | | | =?UTF-8?q?=20as=20a=20string,=20not=20raw=20bytes.=20Spotted=20by=20Manta?= =?UTF-8?q?s=20Mikul=C4=97nas?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenBSD-Commit-ID: 80fcc6d52893f80c6de2bedd65353cebfebcfa8f
* upstream: ban empty namespace strings for sdjm@openbsd.org2019-10-021-2/+2
| | | | | | | | | =?UTF-8?q?shsig;=20spotted=20by=20Mantas=20Mikul=C4=97nas?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenBSD-Commit-ID: 7c5bcf40bed8f4e826230176f4aa353c52aeb698
* Put ssherr.h back as it's actually needed.Darren Tucker2019-10-021-0/+2
|
* Deny (non-fatal) shmget/shmat/shmdt in preauth privsep child.Lonnie Abelbeck2019-10-021-0/+9
| | | | | New wait_random_seeded() function on OpenSSL 1.1.1d uses shmget, shmat, and shmdt in the preauth codepath, deny (non-fatal) in seccomp_filter sandbox.
* remove duplicate #includesDamien Miller2019-10-0214-33/+8
| | | | Prompted by Jakub Jelen
* typo in commentDamien Miller2019-10-021-1/+1
|
* upstream: remove some duplicate #includesdjm@openbsd.org2019-10-025-10/+5
| | | | OpenBSD-Commit-ID: ed6827ab921eff8027669848ef4f70dc1da4098c
* upstream: revert unconditional forced login implemented in r1.41 ofdjm@openbsd.org2019-10-011-26/+5
| | | | | | | | | | ssh-pkcs11.c; r1.45 added a forced login as a fallback for cases where the token returns no objects and this is less disruptive for users of tokens directly in ssh (rather than via ssh-agent) and in ssh-keygen bz3006, patch from Jakub Jelen; ok markus OpenBSD-Commit-ID: 33d6df589b072094384631ff93b1030103b3d02e
* upstream: group and sort single letter options; ok deraadtjmc@openbsd.org2019-10-012-11/+9
| | | | OpenBSD-Commit-ID: e1480e760a2b582f79696cdcff70098e23fc603f
* upstream: fix the DH-GEX text in -a; because this required a comma,jmc@openbsd.org2019-10-011-5/+5
| | | | | | i added a comma to the first part, for balance... OpenBSD-Commit-ID: 2c3464e9e82a41e8cdfe8f0a16d94266e43dbb58
* upstream: identity_file[] should be PATH_MAX, not the arbitraryderaadt@openbsd.org2019-10-011-2/+2
| | | | | | number 1024 OpenBSD-Commit-ID: e775f94ad47ce9ab37bd1410d7cf3b7ea98b11b7
* upstream: new sentence, new line;jmc@openbsd.org2019-10-011-3/+4
| | | | OpenBSD-Commit-ID: c35ca5ec07be460e95e7406af12eee04a77b6698
* Include stdio.h for snprintf.Darren Tucker2019-09-301-0/+1
| | | | Patch from vapier@gentoo.org.
* Add SKIP_LTESTS for skipping specific tests.Darren Tucker2019-09-302-2/+11
|
* upstream: Test for empty result in expected bits. Remove CRs from logdtucker@openbsd.org2019-09-271-4/+8
| | | | | | as they confuse tools on some platforms. Re-enable the 3des-cbc test. OpenBSD-Regress-ID: edf536d4f29fc1ba412889b37247a47f1b49d250
* Re-enable dhgex test.Darren Tucker2019-09-271-1/+1
| | | | | Since we've added larger fallback groups to dh.c this test will pass even if there is no moduli file installed on the system.
* Add more ToS bits, currently only used by netcat.Darren Tucker2019-09-241-0/+9
|
* Privsep is now required.Darren Tucker2019-09-192-11/+8
|
* upstream: Allow testing signature syntax and validity without verifyingdjm@openbsd.org2019-09-162-10/+44
| | | | | | | | | | that a signature came from a trusted signer. To discourage accidental or unintentional use, this is invoked by the deliberately ugly option name "check-novalidate" from Sebastian Kinne OpenBSD-Commit-ID: cea42c36ab7d6b70890e2d8635c1b5b943adcc0b
* upstream: clarify that IdentitiesOnly also applies to the defaultdjm@openbsd.org2019-09-131-4/+4
| | | | | | ~/.ssh/id_* keys; bz#3062 OpenBSD-Commit-ID: 604be570e04646f0f4a17026f8b2aada6a585dfa
* upstream: Plug mem leaks on error paths, based in part on githubdtucker@openbsd.org2019-09-132-16/+21
| | | | | | pr#120 from David Carlier. ok djm@. OpenBSD-Commit-ID: c57adeb1022a8148fc86e5a88837b3b156dbdb7e
* upstream: whitespacedjm@openbsd.org2019-09-131-3/+3
| | | | OpenBSD-Commit-ID: 57a71dd5f4cae8d61e0ac631a862589fb2bfd700
* upstream: allow %n to be expanded in ProxyCommand stringsdjm@openbsd.org2019-09-134-22/+28
| | | | | | | From Zachary Harmany via github.com/openssh/openssh-portable/pull/118 ok dtucker@ OpenBSD-Commit-ID: 7eebf1b7695f50c66d42053d352a4db9e8fb84b6
* upstream: clarify that ConnectTimeout applies both to the TCPdjm@openbsd.org2019-09-131-4/+4
| | | | | | | connection and to the protocol handshake/KEX. From Jean-Charles Longuet via Github PR140 OpenBSD-Commit-ID: ce1766abc6da080f0d88c09c2c5585a32b2256bf
* upstream: Fix potential truncation warning. ok deraadt.dtucker@openbsd.org2019-09-131-2/+2
| | | | OpenBSD-Commit-ID: d87b7e3a94ec935e8194e7fce41815e22804c3ff
* memleak of buffer in sshpam_queryDamien Miller2019-09-131-0/+5
| | | | coverity report via Ed Maste; ok dtucker@
* explicitly test set[ug]id() return valuesDamien Miller2019-09-131-2/+4
| | | | | Legacy !_POSIX_SAVED_IDS path only; coverity report via Ed Maste ok dtucker@
* upstream: Allow prepending a list of algorithms to the default setnaddy@openbsd.org2019-09-086-19/+80
| | | | | | | | | | | by starting the list with the '^' character, e.g. HostKeyAlgorithms ^ssh-ed25519 Ciphers ^aes128-gcm@openssh.com,aes256-gcm@openssh.com ok djm@ dtucker@ OpenBSD-Commit-ID: 1e1996fac0dc8a4b0d0ff58395135848287f6f97
* upstream: key conversion should fail for !openssl builds, not falldjm@openbsd.org2019-09-081-2/+5
| | | | | | through to the key generation code OpenBSD-Commit-ID: b957436adc43c4941e61d61958a193a708bc83c9
* upstream: typo in previousdjm@openbsd.org2019-09-081-1/+1
| | | | OpenBSD-Commit-ID: 7c3b94110864771a6b80a0d8acaca34037c3c96e
* needs time.h for --without-opensslDamien Miller2019-09-081-0/+1
|
* make unittests pass for no-openssl caseDamien Miller2019-09-0814-31/+120
|
* upstream: avoid compiling certain files that deeply depend ondjm@openbsd.org2019-09-061-0/+1
| | | | | | libcrypto when WITH_OPENSSL isn't set OpenBSD-Commit-ID: 569f08445c27124ec7c7f6c0268d844ec56ac061
* upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@djm@openbsd.org2019-09-0618-65/+112
| | | | OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f
* upstream: lots of things were relying on libcrypto headers todjm@openbsd.org2019-09-0618-17/+42
| | | | | | | transitively include various system headers (mostly stdlib.h); include them explicitly OpenBSD-Commit-ID: 5b522f4f2d844f78bf1cc4f3f4cc392e177b2080
* upstream: remove leakmalloc reference; we used this early whendjm@openbsd.org2019-09-061-5/+1
| | | | | | refactoring but not since OpenBSD-Commit-ID: bb28ebda8f7c490b87b37954044a6cdd43a7eb2c
* upstream: Check for RSA support before using it for the user key,dtucker@openbsd.org2019-09-061-3/+8
| | | | | | otherwise use ed25519 which is supported when built without OpenSSL. OpenBSD-Regress-ID: 3d23ddfe83c5062f00ac845d463f19a2ec78c0f7
* Provide explicit path to configure-check.Darren Tucker2019-09-061-2/+2
| | | | | | On some platforms (at least OpenBSD) make won't search VPATH for target files, so building out-of-tree will fail at configure-check. Provide explicit path. ok djm@
* upstream: better error code for bad arguments; inspired bydjm@openbsd.org2019-09-061-2/+5
| | | | OpenBSD-Commit-ID: dfc263b6041de7f0ed921a1de0b81ddebfab1e0a
* revert config.h/config.h.in freshness checksDamien Miller2019-09-051-7/+3
| | | | | turns out autoreconf and configure don't touch some files if their content doesn't change, so the mtime can't be relied upon in a makefile rule
* extend autoconf freshness testDamien Miller2019-09-051-3/+7
| | | | make it cover config.h.in and config.h separately
* check that configure/config.h is up to dateDamien Miller2019-09-051-1/+6
| | | | Ensure they are newer than the configure.ac / aclocal.m4 source
* upstream: if a PKCS#11 token returns no keys then try to login anddjm@openbsd.org2019-09-051-11/+33
| | | | | | refetch them. Based on patch from Jakub Jelen; bz#2430 ok markus@ OpenBSD-Commit-ID: ab53bd6ddd54dd09e54a8bfbed1a984496f08b43
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-01 01:50:54 +0100