openssh

mirror of git://anongit.mindrot.org/openssh.git synced 2024-12-18 08:04:40 +00:00

Author	SHA1	Message	Date
Darren Tucker	a07664646b	Source configs script so setup_ci can use settings	2021-10-22 14:00:05 +11:00
Darren Tucker	34df52c201	Install libedit and pam based on config flags.	2021-10-22 09:42:14 +11:00
Darren Tucker	8c626cc563	Don't use 'here string", it's not POSIX.	2021-10-21 16:53:39 +11:00
Darren Tucker	086a4b5977	Remove -Werror from compiler package to install.	2021-10-21 15:33:27 +11:00
Darren Tucker	5a7a468750	Build with -Werror on most recent gcc and clang.	2021-10-21 15:18:34 +11:00
Darren Tucker	4d2cbdb525	Include string.h and stdio.h for strerror.	2021-10-15 12:59:06 +11:00
Darren Tucker	fff13aaa26	Include error reason if trace disabling fails.	2021-10-15 12:43:36 +11:00
Darren Tucker	d4b38144c0	Add tcmalloc test target.	2021-10-12 23:01:40 +11:00
dtucker@openbsd.org	002d65b0a3	upstream: Document that CASignatureAlgorithms, ExposeAuthInfo and PubkeyAuthOptions can be used in a Match block. Patch from eehakkin via github PR#277. OpenBSD-Commit-ID: c0a63f5f52e918645967ac022b28392da4b866aa	2021-10-09 22:01:49 +11:00
Darren Tucker	40bd3709dd	Skip SK unit tests when built without security-key	2021-10-07 15:55:49 +11:00
Darren Tucker	482f73be10	Include relevant env vars on command line. Makes it easier to reproduce a build by cut/pasting the configure line.	2021-10-07 15:55:04 +11:00
Darren Tucker	ef5916b8ac	Only enable sk-* key types if ENABLE_SK is defined	2021-10-07 14:28:02 +11:00
Darren Tucker	52d4232b49	Disable security key on minix3. The test doesn't work so disable.	2021-10-06 18:14:37 +11:00
Darren Tucker	7cd062c3a2	Add USE_LIBC_SHA2 for (at least) NetBSD 9.	2021-10-06 17:45:28 +11:00
Darren Tucker	639c440f6c	Define OPENSSL_NO_SHA including OpenSSL from test. We don't use SHA256 from OpenSSL in the sk-dummy module and the definitions can conflict with system sha2.h (eg on NetBSD) so define OPENSSL_NO_SHA so we don't attempt to redefine them.	2021-10-06 17:09:31 +11:00
Darren Tucker	8f4be526a3	Disable security key on NetBSD4 test. sk-dummy used for the security key test includes both sha2.h and OpenSSL causing the definitions conflict so disable security key support on this platform.	2021-10-06 15:40:58 +11:00
Damien Miller	3b353ae58a	clean regress/misc/sk-dummy in cleandir target	2021-10-06 15:07:01 +11:00
dtucker@openbsd.org	57680a2ab4	upstream: Dynamically allocate encoded HashKnownHosts and free as appropriate. Saves 1k of static storage and prevents snprintf "possible truncation" warnings from newer compilers (although in this case it's false positive since the actual sizes are limited by the output size of the SHA1). ok djm@ OpenBSD-Commit-ID: e254ae723f7e3dce352c7d5abc4b6d87faf61bf4	2021-10-06 14:40:32 +11:00
djm@openbsd.org	e3e62deb54	upstream: use libc SHA256 functions; make this work when compiled !WITH_OPENSSL OpenBSD-Regress-ID: fda0764c1097cd42f979ace29b07eb3481259890	2021-10-06 14:40:26 +11:00
dtucker@openbsd.org	12937d8670	upstream: Add test for ssh hashed known_hosts handling. OpenBSD-Regress-ID: bcef3b3cd5a1ad9899327b4b2183de2541aaf9cf	2021-10-06 14:39:32 +11:00
Damien Miller	5a37cc118f	fix broken OPENSSL_HAS_ECC test spotted by dtucker	2021-10-06 13:16:21 +11:00
Damien Miller	16a25414f3	make sk-dummy.so work without libcrypto installed	2021-10-01 22:40:06 +10:00
Damien Miller	dee22129bb	make OPENSSL_HAS_ECC checks more thorough ok dtucker	2021-10-01 16:36:24 +10:00
Damien Miller	872595572b	fix FIDO key support for !OPENSSL_HAS_ECC case ok dtucker	2021-10-01 16:36:24 +10:00
Damien Miller	489741dc68	enable security key support for --without-openssl	2021-10-01 16:36:24 +10:00
Damien Miller	c978565c85	need stdlib.h for free(3)	2021-10-01 16:36:24 +10:00
dtucker@openbsd.org	76a398edfb	upstream: Fix up whitespace left by previous change removing privsep. No other changes. OpenBSD-Regress-ID: 87adec225d8afaee4d6a91b2b71203f52bf14b15	2021-10-01 14:55:12 +10:00
dtucker@openbsd.org	ddcb53b7a7	upstream: Remove references to privsep. This removes several do..while loops but does not change the indentation of the now-shallower loops, which will be done in a separate whitespace-only commit to keep changes of style and substance separate. OpenBSD-Regress-ID: 4bed1a0249df7b4a87c965066ce689e79472a8f7	2021-10-01 14:55:12 +10:00
dtucker@openbsd.org	ece2fbe486	upstream: Use "skip" instead of "fatal" if SUDO isn't set for the *-command tests. This means running "make tests" without SUDO set will perform all of the tests that it can instead of failing on the ones it cannot run. OpenBSD-Regress-ID: bd4dbbb02f34b2e8c890558ad4a696248def763a	2021-10-01 14:55:12 +10:00
djm@openbsd.org	bb754b470c	upstream: unbreak FIDO sk-ed25519 key enrollment for OPENSSL=no builds; ok dtucker@ OpenBSD-Commit-ID: 6323a5241728626cbb2bf0452cf6a5bcbd7ff709	2021-10-01 14:53:24 +10:00
Darren Tucker	207648d7a6	Include stdlib.h for arc4random_uniform prototype.	2021-09-29 20:03:58 +10:00
Darren Tucker	696aadc854	Look for clang after cc and gcc.	2021-09-29 20:00:30 +10:00
Darren Tucker	a3c6375555	Use backticks instead of $(..) for portability. Older shells (eg /bin/sh on Solaris 10) don't support $() syntax.	2021-09-29 19:30:59 +10:00
Darren Tucker	958aaa0387	Skip file-based tests by default on Mac OS. The file-based tests need OpenSSL so skip them.	2021-09-29 18:53:32 +10:00
Darren Tucker	55c8bdf6e9	Build without OpenSSL on Mac OS. Modern versions don't ship enough libcrypto to build against.	2021-09-29 18:42:47 +10:00
Darren Tucker	c9172193ea	Remove TEST_SSH_ECC. Convert the only remaining user of it to runtime detection using ssh -Q.	2021-09-29 18:33:38 +10:00
Darren Tucker	5e6d28b787	Split c89 test openssl setting out.	2021-09-29 17:48:09 +10:00
Darren Tucker	c4ac7f98e2	Expand TEST_SHELL consistently with other vars.	2021-09-29 17:40:50 +10:00
Darren Tucker	cfe5f7b0eb	Replace `pwd` with make variable in regress cmd.	2021-09-29 17:26:50 +10:00
Darren Tucker	899be59da5	Get BUILDDIR from autoconf. Use this to replace `pwd`s in regress test command line.	2021-09-29 17:14:33 +10:00
Darren Tucker	c8d92d3d4f	Add make clean step to tests.	2021-09-29 13:28:56 +10:00
Darren Tucker	360fb41ef8	Test all available clang and gcc versions.	2021-09-29 12:05:50 +10:00
djm@openbsd.org	4fb49899d7	upstream: Test certificate hostkeys held in ssh-agent too. Would have caught regression fixed in sshd r1.575 ok markus@ OpenBSD-Regress-ID: 1f164d7bd89f83762db823eec4ddf2d2556145ed	2021-09-29 11:35:18 +10:00
djm@openbsd.org	ce4854e12e	upstream: add some debug output showing how many key file/command lines were processed. Useful to see whether a file or command actually has keys present OpenBSD-Commit-ID: 0bd9ff94e84e03a22df8e6c12f6074a95d27f23c	2021-09-29 11:35:11 +10:00
dtucker@openbsd.org	15abdd5235	upstream: Make prototype for rijndaelEncrypt match function including the bounds. Fixes error in portable where GCC>=11 takes notice of the bounds. ok deraadt@ OpenBSD-Commit-ID: cdd2f05fd1549e1786a70871e513cf9e9cf099a6	2021-09-29 11:09:27 +10:00
dtucker@openbsd.org	d1d29ea1d1	upstream: Import regenerated moduli. OpenBSD-Commit-ID: 4bec5db13b736b64b06a0fca704cbecc2874c8e1	2021-09-29 11:00:50 +10:00
Darren Tucker	39f2111b1d	Add new compiler hardening flags. Add -fzero-call-used-regs and -ftrivial-auto-var-init to the list of compiler hardening flags that configure checks for. These are supported by clang and gcc, and make ROP gadgets less useful and mitigate stack-based infoleaks respectively. ok djm@	2021-09-29 10:53:55 +10:00
Damien Miller	bf944e3794	initgroups needs grp.h	2021-09-27 00:03:19 +10:00
djm@openbsd.org	8c5b565514	upstream: openssh-8.8 OpenBSD-Commit-ID: 12357794602ac979eb7312a1fb190c453f492ec4	2021-09-27 00:03:12 +10:00
djm@openbsd.org	f3cbe43e28	upstream: need initgroups() before setresgid(); reported by anton@, ok deraadt@ OpenBSD-Commit-ID: 6aa003ee658b316960d94078f2a16edbc25087ce	2021-09-27 00:02:42 +10:00

1 2 3 4 5 ...

11463 Commits