RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2024-12-30 06:02:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
10,593 Commits 69 Branches 157 Tags 27 MiB
03da4c2b70
Commit Graph

10593 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dtucker@openbsd.org
03da4c2b70 upstream: Use $OBJ to find key files. Fixes test when run on an obj 
directory (on OpenBSD) or out of tree (in Portable).

OpenBSD-Regress-ID: 938fa8ac86adaa527d64a305bd2135cfbb1c0a17
 2020-07-15 15:02:52 +10:00
Darren Tucker
73f20f195a Wrap stdint.h in ifdef HAVE_STDINT_H. 2020-07-04 23:11:59 +10:00
djm@openbsd.org
aa6fa4bf30 upstream: put back the mux_ctx memleak fix, but only for channels of 
type SSH_CHANNEL_MUX_LISTENER; Specifically SSH_CHANNEL_MUX_PROXY channels
should not have this structure freed.

OpenBSD-Commit-ID: f3b213ae60405f77439e2b06262f054760c9d325
 2020-07-03 17:26:23 +10:00
djm@openbsd.org
d8195914eb upstream: revert r1.399 - the lifetime of c->mux_ctx is more complex; 
simply freeing it here causes other problems

OpenBSD-Commit-ID: c6fee8ca94e2485faa783839541962be2834c5ed
 2020-07-03 17:22:28 +10:00
djm@openbsd.org
20b5fab9f7 upstream: avoid tilde_expand_filename() in expanding ~/.ssh/rc - if 
sshd is in chroot mode, the likely absence of a password database will cause
tilde_expand_filename() to fatal; ok dtucker@

OpenBSD-Commit-ID: e20aee6159e8b79190d18dba1513fc1b7c8b7ee1
 2020-07-03 17:03:54 +10:00
djm@openbsd.org
c8935081db upstream: when redirecting sshd's log output to a file, undo this 
redirection after the session child process is forked(); ok dtucker@

OpenBSD-Commit-ID: 6df86dd653c91f5bc8ac1916e7680d9d24690865
 2020-07-03 17:03:54 +10:00
djm@openbsd.org
183c4aaef9 upstream: start ClientAliveInterval bookkeeping before first pass 
through select() loop; fixed theoretical case where busy sshd may ignore
timeouts from client; inspired by and ok dtucker

OpenBSD-Commit-ID: 96bfc4b1f86c7da313882a84755b2b47eb31957f
 2020-07-03 17:03:53 +10:00
Damien Miller
6fcfd303d6 add check for fido_cred_set_prot() to configure 2020-07-03 15:28:27 +10:00
dtucker@openbsd.org
f11b233463 upstream: Only reset the serveralive check when we receive traffic from 
the server and ignore traffic from a port forwarding client, preventing a
client from keeping a connection alive when it should be terminated.  Based
on a patch from jxraynor at gmail.com via openssh-unix-dev and bz#2265, ok
djm@

OpenBSD-Commit-ID: a941a575a5cbc244c0ef5d7abd0422bbf02c2dcd
 2020-07-03 15:16:37 +10:00
Damien Miller
adfdbf1211 sync sys-queue.h with OpenBSD upstream 
needed for TAILQ_CONCAT
 2020-07-03 15:15:15 +10:00
djm@openbsd.org
1b90ddde49 upstream: fix memory leak of mux_ctx; patch from Sergiy Lozovsky 
via bz3189 ok dtucker

OpenBSD-Commit-ID: db249bd4526fd42d0f4f43f72f7b8b7705253bde
 2020-07-03 15:12:31 +10:00
markus@openbsd.org
55ef3e9cbd upstream: free kex in ssh_packet_close; ok djm semarie 
OpenBSD-Commit-ID: dbc181e90d3d32fd97b10d75e68e374270e070a2
 2020-07-03 15:12:31 +10:00
bket@openbsd.org
e1c401109b upstream: Replace TAILQ concatenation loops with TAILQ_CONCAT 
OK djm@

OpenBSD-Commit-ID: 454b40e09a117ddb833794358970a65b14c431ef
 2020-07-03 15:12:31 +10:00
semarie@openbsd.org
14beca57ac upstream: backout 1.293 fix kex mem-leak in ssh_packet_close at markus 
request

the change introduced a NULL deref in sshpkt_vfatal() (uses of ssh->kex after
calling ssh_packet_clear_keys())

OpenBSD-Commit-ID: 9c9a6721411461b0b1c28dc00930d7251a798484
 2020-06-27 20:23:27 +10:00
Damien Miller
598c3a5e38 document a PAM spec problem in a frustrated comment 2020-06-26 16:07:24 +10:00
djm@openbsd.org
976c4f8628 upstream: avoid spurious error message when ssh-keygen creates files 
outside ~/.ssh; with dtucker@

OpenBSD-Commit-ID: ac0c662d44607e00ec78c266ee60752beb1c7e08
 2020-06-26 15:44:47 +10:00
Damien Miller
32b2502a9d missing ifdef SELINUX; spotted by dtucker 2020-06-26 15:30:06 +10:00
djm@openbsd.org
e073106f37 upstream: regress test for ssh-add -d; ok dtucker@ 
OpenBSD-Regress-ID: 3a2e044be616afc7dd4f56c100179e83b33d8abf
 2020-06-26 15:25:58 +10:00
markus@openbsd.org
c809daaa1b upstream: add test for mux w/-Oproxy; ok djm 
OpenBSD-Regress-ID: 764d5c696e2a259f1316a056e225e50023abb027
 2020-06-26 15:25:57 +10:00
djm@openbsd.org
3d06ff4bbd upstream: handle EINTR in waitfd() and timeout_connect() helpers; 
bz#3071; ok dtucker@

OpenBSD-Commit-ID: 08fa87be50070bd8b754d9b1ebb1138d7bc9d8ee
 2020-06-26 15:25:24 +10:00
djm@openbsd.org
fe2ec0b9c1 upstream: allow "ssh-add -d -" to read keys to be deleted from 
stdin bz#3180; ok dtucker@

OpenBSD-Commit-ID: 15c7f10289511eb19fce7905c9cae8954e3857ff
 2020-06-26 15:24:28 +10:00
djm@openbsd.org
a3e0c376ff upstream: constify a few things; ok dtucker (as part of another 
diff)

OpenBSD-Commit-ID: 7c17fc987085994d752304bd20b1ae267a9bcdf6
 2020-06-26 15:24:28 +10:00
dtucker@openbsd.org
74344c3ca4 upstream: Defer creation of ~/.ssh by ssh(1) until we attempt to 
write to it so we don't leave an empty .ssh directory when it's not needed.
Use the same function to replace the code in ssh-keygen that does the same
thing. bz#3156, ok djm@

OpenBSD-Commit-ID: 59c073b569be1a60f4de36f491a4339bc4ae870f
 2020-06-26 15:24:27 +10:00
dtucker@openbsd.org
c9e24daac6 upstream: Expand path to ~/.ssh/rc rather than relying on it 
being relative to the current directory, so that it'll still be found if the
shell startup changes its directory.  Since the path is potentially longer,
make the cmd buffer that uses it dynamically sized.  bz#3185, with & ok djm@

OpenBSD-Commit-ID: 36e33ff01497af3dc8226d0c4c1526fc3a1e46bf
 2020-06-26 15:18:45 +10:00
markus@openbsd.org
07f5f369a2 upstream: fix kex mem-leak in ssh_packet_close; ok djm 
OpenBSD-Commit-ID: e2e9533f393620383afd0b68ef435de8d5e8abe4
 2020-06-26 15:18:44 +10:00
markus@openbsd.org
e35995088c upstream: fix ssh -O proxy w/mux which got broken by no longer 
making ssh->kex optional in packet.c revision 1.278 ok djm@

OpenBSD-Commit-ID: 2b65df04a064c2c6277359921d2320c90ab7d917
 2020-06-26 15:18:44 +10:00
markus@openbsd.org
250246fef2 upstream: support loading big sshd_config files w/o realloc; ok 
djm

OpenBSD-Commit-ID: ba9238e810074ac907f0cf8cee1737ac04983171
 2020-06-26 15:18:44 +10:00
markus@openbsd.org
89b54900ac upstream: allow sshd_config longer than 256k; ok djm 
OpenBSD-Commit-ID: 83f40dd5457a64c1d3928eb4364461b22766beb3
 2020-06-26 15:18:07 +10:00
markus@openbsd.org
e3fa6249e6 upstream: only call sshkey_xmss_init() once for KEY_XMSS_CERT; ok 
djm

OpenBSD-Commit-ID: d0002ffb7f20f538b014d1d0735facd5a81ff096
 2020-06-26 15:18:07 +10:00
djm@openbsd.org
37f2da069c upstream: some clarifying comments 
OpenBSD-Commit-ID: 5268479000fd97bfa30ab819f3517139daa054a2
 2020-06-26 15:18:07 +10:00
jmc@openbsd.org
b659319a5b upstream: updated argument name for -P in first synopsis was 
missed in previous;

OpenBSD-Commit-ID: 8d84dc3050469884ea91e29ee06a371713f2d0b7
 2020-06-26 15:18:07 +10:00
jmc@openbsd.org
02a9222cbc upstream: supply word missing in previous; 
OpenBSD-Commit-ID: 16a38b049f216108f66c8b699aa046063381bd23
 2020-06-26 15:18:07 +10:00
Damien Miller
5098b3b623 missing files for webauthn/sshsig unit test 2020-06-22 16:54:02 +10:00
djm@openbsd.org
354535ff79 upstream: add support for verification of webauthn sshsig signature, 
and example HTML/JS to generate webauthn signatures in SSH formats (also used
to generate the testdata/* for the test).

OpenBSD-Regress-ID: dc575be5bb1796fdf4b8aaee0ef52a6671a0f6fb
 2020-06-22 16:33:33 +10:00
djm@openbsd.org
bb52e70fa5 upstream: Add support for FIDO webauthn (verification only). 
webauthn is a standard for using FIDO keys in web browsers. webauthn
signatures are a slightly different format to plain FIDO signatures - this
support allows verification of these. Feedback and ok markus@

OpenBSD-Commit-ID: ab7e3a9fb5782d99d574f408614d833379e564ad
 2020-06-22 16:27:27 +10:00
djm@openbsd.org
64bc121097 upstream: refactor ECDSA-SK verification a little ahead of adding 
support for FIDO webauthn signature verification support; ok markus@

OpenBSD-Commit-ID: c9f478fd8e0c1bd17e511ce8694f010d8e32043e
 2020-06-22 16:11:14 +10:00
djm@openbsd.org
12848191f8 upstream: support for RFC4648 base64url encoding; ok markus 
OpenBSD-Commit-ID: 0ef22c55e772dda05c112c88412c0797fec66eb4
 2020-06-22 16:11:14 +10:00
djm@openbsd.org
473b4af43d upstream: better terminology for permissions; feedback & ok markus@ 
OpenBSD-Commit-ID: ff2a71803b5ea57b83cc3fa9b3be42b70e462fb9
 2020-06-22 16:11:14 +10:00
djm@openbsd.org
fc270baf26 upstream: better terminology for permissions; feedback & ok markus@ 
OpenBSD-Commit-ID: ffb220b435610741dcb4de0e7fc68cbbdc876d2c
 2020-06-22 16:11:14 +10:00
dtucker@openbsd.org
00531bb42f upstream: Correct synopsis and usage for the options accepted when 
passing a command to ssh-agent.  ok jmc@

OpenBSD-Commit-ID: b36f0679cb0cac0e33b361051b3406ade82ea846
 2020-06-22 16:11:14 +10:00
Darren Tucker
b4556c8ad7 Add OPENBSD ORIGINAL marker to bcrypt_pbkdf. 2020-06-19 19:22:00 +10:00
Darren Tucker
1babb8bb14 Extra brackets around sizeof() in bcrypt. 
Prevents following warning from clang 10:
bcrypt_pbkdf.c:94:40: error: expression does not compute the number of
  elements in this array; element type is ´uint32_tÂ[...]
  place parentheses around the ´sizeof(uint64_t)´ expression to
  silence this warning
 2020-06-19 19:10:47 +10:00
Darren Tucker
9e06572959 Add includes.h to new test. 
Fixes warnings eg "´bounded´ attribute directive ignor" from gcc.
 2020-06-19 18:47:56 +10:00
Darren Tucker
e684b1ea36 Skip OpenSSL specific tests w/out OpenSSL. 
Allows unit tests to pass when configure'ed --without-openssl.
 2020-06-19 18:38:39 +10:00
Darren Tucker
80610e97a7 Hook sshsig tests up to Portable Makefiles. 2020-06-19 17:15:27 +10:00
dtucker@openbsd.org
5dba1fcaba upstream: Test that ssh-agent exits when running as as subprocess 
of a specified command (ie "ssh-agent command").  Would have caught bz#3181.

OpenBSD-Regress-ID: 895b4765ba5153eefaea3160a7fe08ac0b6db8b3
 2020-06-19 16:06:53 +10:00
djm@openbsd.org
68e8294f6b upstream: run sshsig unit tests 
OpenBSD-Regress-ID: 706ef17e2b545b64873626e0e35553da7c06052a
 2020-06-19 16:06:06 +10:00
djm@openbsd.org
5edfa1690e upstream: basic unit test for sshsig.[ch], including FIDO keys 
verification only so far

OpenBSD-Regress-ID: fb1f946c8fc59206bc6a6666e577b5d5d7e45896
 2020-06-19 16:06:06 +10:00
djm@openbsd.org
e95c0a0e96 upstream: basic unit test for FIDO kep parsing 
OpenBSD-Regress-ID: 8089b88393dd916d7c95422b442a6fd4cfe00c82
 2020-06-19 15:58:10 +10:00
djm@openbsd.org
7775819c6d upstream: check public host key matches private; ok markus@ (as 
part of previous diff)

OpenBSD-Commit-ID: 65a4f66436028748b59fb88b264cb8c94ce2ba63
 2020-06-19 15:51:04 +10:00