RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2025-01-02 15:52:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
11,616 Commits 69 Branches 157 Tags 27 MiB
16ea8b8583
Commit Graph

11616 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
djm@openbsd.org
16ea8b8583 upstream: don't leak argument list; bz3404, reported by Balu 
Gajjala ok dtucker@

OpenBSD-Commit-ID: fddc32d74e5dd5cff1a49ddd6297b0867eae56a6
 2022-03-20 19:54:35 +11:00
djm@openbsd.org
a72bde294f upstream: make addargs() and replacearg() a little more robust and 
improve error reporting

make freeargs(NULL) a noop like the other free functions

ok dtucker as part of bz3403

OpenBSD-Commit-ID: 15f86da83176978b4d1d288caa24c766dfa2983d
 2022-03-20 19:54:35 +11:00
djm@openbsd.org
731087d261 upstream: don't try to resolve ListenAddress directives in the sshd 
re-exec path - we're never going to use the result and if the operation fails
then it can prevent connections from being accepted. Reported by Aaron
Poffenberger; with / ok dtucker@

OpenBSD-Commit-ID: 44c53a43909a328e2f5ab26070fdef3594eded60
 2022-03-20 19:54:35 +11:00
djm@openbsd.org
1c83c08212 upstream: remove blank line 
OpenBSD-Commit-ID: d5e0182965b2fbfb03ad5f256d1a1ce5706bcddf
 2022-03-20 19:54:35 +11:00
djm@openbsd.org
807be68684 upstream: helpful comment 
OpenBSD-Commit-ID: e3315a45cb04e7feeb614d76ec80a9fe4ca0e8c7
 2022-03-18 13:33:36 +11:00
djm@openbsd.org
a0b5816f8f upstream: ssh-keygen -Y check-novalidate requires namespace or SEGV 
will ensue. Patch from Mateusz Adamowski via GHPR#307

OpenBSD-Commit-ID: 99e8ec38f9feb38bce6de240335be34aedeba5fd
 2022-03-18 13:33:36 +11:00
djm@openbsd.org
5a252d54a6 upstream: improve DEBUG_CHANNEL_POLL debugging message 
OpenBSD-Commit-ID: 2275eb7bc4707d019b1a0194b9c92c0b78da848f
 2022-03-18 13:33:36 +11:00
cheloha@openbsd.org
ce324cf58b upstream: ssh: xstrdup(): use memcpy(3) 
Copying the given string into the buffer with strlcpy(3) confers no
benefit in this context because we have already determined the
string's length with strlen(3) in order to allocate that buffer.

Thread: https://marc.info/?l=openbsd-tech&m=164687525802691&w=2

ok dtucker@ millert@

OpenBSD-Commit-ID: f8bfc082e36e2d2dc4e1feece02fe274155ca11a
 2022-03-18 13:33:36 +11:00
Darren Tucker
2893c5e764 Resync fmt_scaled. with OpenBSD. 
Fixes underflow reported in bz#3401.
 2022-03-11 18:43:58 +11:00
Darren Tucker
5ae31a0fdd Provide killpg implementation. 
Based on github PR#301 for Tandem NonStop.
 2022-03-09 09:41:56 +11:00
Darren Tucker
c41c84b439 Check for missing ftruncate prototype. 
From github PR#301 in conjunction with rsbeckerca.
 2022-03-09 09:29:30 +11:00
Darren Tucker
8cf5275452 Default to not using sandbox when cross compiling. 
On most systems poll(2) does not work when the number of FDs is reduced
with setrlimit, so assume it doesn't when cross compiling and we can't
run the test.  bz#3398.
 2022-03-08 20:04:06 +11:00
djm@openbsd.org
379b30120d upstream: pack pollfd array before server_accept_loop() ppoll() 
call, and terminate sshd if ppoll() returns errno==EINVAL

avoids spin in ppoll when MaxStartups > RLIMIT_NOFILE, reported by
Daniel Micay

feedback/ok deraadt

OpenBSD-Commit-ID: dbab1c24993ac977ec24d83283b8b7528f7c2c15
 2022-03-01 13:01:01 +11:00
naddy@openbsd.org
eceafbe0bd upstream: include rejected signature algorithm in error message and 
not the (useless) key type; ok djm@

OpenBSD-Commit-ID: d0c0f552a4d9161203e07e95d58a76eb602a76ff
 2022-03-01 13:00:26 +11:00
dtucker@openbsd.org
f2f3269423 upstream: Remove the char * casts from arguments to do_lstat, 
do_readdir and do_stat paths since the underlying functions now take a const
char *. Patch from vapier at gentoo.org.

OpenBSD-Commit-ID: 9e4d964dbfb0ed683a2a2900711b88e7f1c0297b
 2022-03-01 13:00:26 +11:00
djm@openbsd.org
4a66dac052 upstream: save an unneccessary alloc/free, based on patch from 
Martin Vahlensieck; ok dtucker@

OpenBSD-Commit-ID: 90ffbf1f837e509742f2c31a1fbf2c0fd376fd5f
 2022-03-01 13:00:26 +11:00
Darren Tucker
6f117cb151 Remove unused ivbits argument from chacha_keysetup 2022-03-01 09:02:06 +11:00
Darren Tucker
15974235dd Add OPENBSD ORIGINAL marker. 2022-03-01 09:00:20 +11:00
Darren Tucker
f2ff669347 No unused param warnings for clang-12 and gcc-11. 
These have too many false positives in -Werror tests on the github CI
since we often provide empty stub functions for functionality not needed
for particular configurations.
 2022-02-28 22:21:36 +11:00
Darren Tucker
96558ecd87 Add debian-i386 test target. 2022-02-26 14:10:41 +11:00
Darren Tucker
284b6e5394 Allow ppoll_time64 in seccomp sandbox. 
Should fix sandbox violations on (some? at least i386 and armhf) 32bit
Linux platforms.  Patch from chutzpahu at gentoo.org and cjwatson at
debian.org via bz#3396.
 2022-02-26 14:06:14 +11:00
Darren Tucker
0132056efa Improve handling of _getshort and _getlong. 
If the system native ones are exactly as required then use them,
otherwise use the local versions mapped to another name to prevent
name collisions.
 2022-02-25 19:47:48 +11:00
Darren Tucker
8e206e0dd6 Constify utimes in compat library to match specs. 
Patch from vapier at chromium.org.
 2022-02-25 15:14:22 +11:00
Darren Tucker
1b2920e3b6 ANSIfy getshort and getlong. 
These functions appear to have come from OpenBSD's lib/libc/net/res_comp.c
which made this change in 2005.
 2022-02-25 13:50:56 +11:00
Darren Tucker
54a86f4f6e Use PICFLAG instead of hard coding -fPIC. 2022-02-25 13:23:04 +11:00
Darren Tucker
3016ba4703 Add tests for latest releases of {Libre,Open}SSL. 2022-02-25 11:39:34 +11:00
Colin Watson
f107467179 Improve detection of -fzero-call-used-regs=all support 
GCC doesn't tell us whether this option is supported unless it runs into
the situation where it would need to emit corresponding code.
 2022-02-25 11:24:04 +11:00
djm@openbsd.org
3383b2cac0 upstream: free(3) wants stdlib.h 
OpenBSD-Commit-ID: 227a8c70a95b4428c49e46863c9ef4bd318a3b8a
 2022-02-24 08:24:17 +11:00
djm@openbsd.org
a4537e79ab upstream: put back the scp manpage changes for SFTP mode too 
OpenBSD-Commit-ID: 05dc53921f927e1b5e5694e1f3aa314549f2e768
 2022-02-24 08:23:13 +11:00
deraadt@openbsd.org
449bcb8403 upstream: and we go back to testing sftp-scp after the 8.9 
release...

OpenBSD-Commit-ID: a80440168258adca543a4607b871327a279c569c
 2022-02-24 08:23:13 +11:00
Damien Miller
166456ceda makedepend 2022-02-23 22:31:11 +11:00
djm@openbsd.org
32ebaa0dbc upstream: avoid integer overflow of auth attempts (harmless, caught 
by monitor)

OpenBSD-Commit-ID: 488ad570b003b21e0cd9e7a00349cfc1003b4d86
 2022-02-23 22:22:20 +11:00
djm@openbsd.org
6e0258c64c upstream: randomise the password used in fakepw 
OpenBSD-Commit-ID: 34e159f73b1fbf0a924a9c042d8d61edde293947
 2022-02-23 22:21:35 +11:00
djm@openbsd.org
bf114d6f0a upstream: use asprintf to construct .rhosts paths 
OpenBSD-Commit-ID: 8286e8d3d2c6ff916ff13d041d1713073f738a8b
 2022-02-23 22:19:56 +11:00
djm@openbsd.org
c07e154fbd upstream: openssh-8.9 
OpenBSD-Commit-ID: 5c5f791c87c483cdab6d9266b43acdd9ca7bde0e
 2022-02-23 22:08:26 +11:00
Darren Tucker
bc16667b4a Extend select+rlimit sanbox test to include poll. 
POSIX specifies that poll() shall fail if "nfds argument is greater
than {OPEN_MAX}".  The setrlimit sandbox sets this to effectively zero
so this causes poll() to fail in the preauth privsep process.

This is likely the underlying cause for the previously observed similar
behaviour of select() on plaforms where it is implement in userspace on
top of poll().
 2022-02-22 15:39:37 +11:00
Darren Tucker
6520c488de Add Alpine Linux test VM. 2022-02-22 13:08:59 +11:00
Darren Tucker
a4b325a3fc Include sys/param.h if present. 
Needed for howmany() on MUSL systems such as Alpine.
 2022-02-22 12:27:07 +11:00
Darren Tucker
5a102e9cb2 Only include sys/poll.h if we don't have poll.h. 
Prevents warnings on MUSL based systems such as Alpine.
 2022-02-22 12:25:52 +11:00
Damien Miller
7c0d4ce911 disable agent-restrict test on minix3 
Minix seems to have a platform-wide limit on the number of
select(2) syscalls that can be concurrently issued. This test
seems to exceed this limit.

Refer to:

https://github.com/Stichting-MINIX-Research-Foundation/minix/blob/R3.3.0/minix/servers/vfs/select.c#L114
https://github.com/Stichting-MINIX-Research-Foundation/minix/blob/R3.3.0/minix/servers/vfs/select.c#L30-L31
 2022-02-22 11:14:51 +11:00
Darren Tucker
81d33d8e3c Skip agent-getpeereid when running as root. 2022-02-21 21:27:20 +11:00
dtucker@openbsd.org
fbd772570a upstream: Aproximate realpath on the expected output by deduping 
leading slashes. Fixes test failure when user's home dir is / which is
possible in some portable configurations.

OpenBSD-Regress-ID: 53b8c53734f8893806961475c7106397f98d9f63
 2022-02-20 15:10:19 +11:00
Darren Tucker
336685d223 Really move DSA to end of list. 
In commit ad16a84e syncing from OpenBSD, RSA was accidentally moved to
the end of the list instead of DSA.  Spotted by andrew at fyfe.gb.net.
 2022-02-20 13:30:52 +11:00
Darren Tucker
63bf4f49ed Add test configs for MUSL C library. 2022-02-18 12:12:21 +11:00
Damien Miller
f7fc6a43f1 minix needs BROKEN_POLL too; chokes on /dev/null 2022-02-17 22:54:19 +11:00
djm@openbsd.org
667fec5d4f upstream: check for EINTR/EAGAIN failures in the rfd fast-path; caught 
by dtucker's minix3 vm :) ok dtucker@

OpenBSD-Commit-ID: 2e2c895a3e82ef347aa6694394a76a438be91361
 2022-02-17 22:17:36 +11:00
Darren Tucker
41417dbda9 Comment hurd test, the VM is currently broken. 2022-02-17 22:05:29 +11:00
Damien Miller
b2aee35a1f find sk-dummy.so when build_dir != src_dir 
spotted by Corinna Vinschen; feedback & ok dtucker@
 2022-02-17 21:15:16 +11:00
Damien Miller
62a2d4e50b update versions in preparation for 8.9 release 2022-02-16 16:26:17 +11:00
djm@openbsd.org
dd6d3dded7 upstream: document the unbound/host-bound options to 
PubkeyAuthentication; spotted by HARUYAMA Seigo

OpenBSD-Commit-ID: 298f681b66a9ecd498f0700082c7a6c46e948981
 2022-02-15 16:14:40 +11:00