RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2024-12-29 05:32:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
10,623 Commits 69 Branches 157 Tags 27 MiB
32c63e75a7
Commit Graph

10623 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Damien Miller
32c63e75a7 wrap a declaration in the same ifdefs as its use 
avoids warnings on NetBSD
 2020-08-04 14:59:21 +10:00
Damien Miller
c9e3be9f4b undef TAILQ_CONCAT and friends 
Needed for NetBSD. etc that supply these macros
 2020-08-04 14:58:46 +10:00
djm@openbsd.org
2d8a3b7e8b upstream: ensure that certificate extensions are lexically sorted. 
Previously if the user specified a custom extension then the everything would
be in order except the custom ones. bz3198 ok dtucker markus

OpenBSD-Commit-ID: d97deb90587b06cb227c66ffebb2d9667bf886f0
 2020-08-03 14:27:59 +10:00
djm@openbsd.org
a8732d74cb upstream: allow -A to explicitly enable agent forwarding in scp and 
sftp. The default remains to not forward an agent, even when ssh_config
enables it. ok jmc dtucker markus

OpenBSD-Commit-ID: 36cc526aa3b0f94e4704b8d7b969dd63e8576822
 2020-08-03 14:27:59 +10:00
deraadt@openbsd.org
ab9105470a upstream: clang -Wimplicit-fallthrough does not recognise /* 
FALLTHROUGH */ comments, which is the style we currently use, and gives too
many boring warnings. ok djm

OpenBSD-Commit-ID: 07b5031e9f49f2b69ac5e85b8da4fc9e393992a0
 2020-08-03 14:27:50 +10:00
dtucker@openbsd.org
ced327b9fb upstream: Also compare username when checking for JumpHost loops. 
bz#3057, ok djm@

OpenBSD-Commit-ID: 9bbc1d138adb34c54f3c03a15a91f75dbf418782
 2020-08-03 14:27:18 +10:00
Darren Tucker
ae7527010c Remove AC_REVISION. 
It hasn't been useful since we switched to git in 2014.  ok djm@
 2020-07-31 15:19:56 +10:00
Darren Tucker
89fc3f414b Use argv in OSSH_CHECK_CFLAG_COMPILE test. 
configure.ac is not detecting -Wextra in compilers that implement the
option. The problem is that -Wextra implies -Wunused-parameter, and the
C excerpt used by aclocal.m4 does not use argv.  Patch from pedro at
ambientworks.net, ok djm@
 2020-07-28 19:40:30 +10:00
Darren Tucker
62c81ef531 Skip ECDSA-SK webauthn test when built w/out ECC 2020-07-20 22:12:07 +10:00
Damien Miller
3ec9a6d731 Add ssh-sk-helper and manpage to RPM spec file 
Based on patch from Fabio Pedretti
 2020-07-20 13:09:25 +10:00
dtucker@openbsd.org
a2855c048b upstream: Add %k to the TOKENs for Match Exec for consistency with 
the other keywords that recently got %k.

OpenBSD-Commit-ID: 1857d1c40f270cbc254fca91e66110641dddcfdb
 2020-07-17 18:03:28 +10:00
jmc@openbsd.org
69860769fa upstream: fix macro slip in previous; 
OpenBSD-Commit-ID: 624e47ab209450ad9ad5c69f54fa69244de5ed9a
 2020-07-17 18:03:28 +10:00
dtucker@openbsd.org
40649bd082 upstream: Add test for '%k' (HostKeyAlias) TOKEN. 
OpenBSD-Regress-ID: 8ed1ba1a811790031aad3fcea860a34ad7910456
 2020-07-17 18:03:12 +10:00
dtucker@openbsd.org
6736fe6807 upstream: Add tests for expansions on UserKnownHostsFile. 
OpenBSD-Regress-ID: bccf8060306c841bbcceb1392644f906a4d6ca51
 2020-07-17 13:53:04 +10:00
djm@openbsd.org
287dc6396e upstream: log error message for process_write() write failures 
OpenBSD-Commit-ID: f733d7b3b05e3c68967dc18dfe39b9e8fad29851
 2020-07-17 13:52:46 +10:00
dtucker@openbsd.org
8df5774a42 upstream: Add a '%k' TOKEN that expands to the effective HostKey of 
the destination.  This allows, eg, keeping host keys in individual files
using "UserKnownHostsFile ~/.ssh/known_hosts.d/%k". bz#1654, ok djm@, jmc@
(man page bits)

OpenBSD-Commit-ID: 7084d723c9cc987a5c47194219efd099af5beadc
 2020-07-17 13:52:46 +10:00
dtucker@openbsd.org
c4f239944a upstream: Add %-TOKEN, environment variable and tilde expansion to 
UserKnownHostsFile, allowing the file to be automagically split up in the
configuration (eg bz#1654).  ok djm@, man page parts jmc@

OpenBSD-Commit-ID: 7e1b406caf147638bb51558836a72d6cc0bd1b18
 2020-07-17 13:52:46 +10:00
solene@openbsd.org
dbaaa01dae upstream: - Add [-a rounds] in ssh-keygen man page and usage() - 
Reorder parameters list in the first usage() case - Sentence rewording

ok dtucker@
jmc@ noticed usage() missed -a flag too

OpenBSD-Commit-ID: f06b9afe91cc96f260b929a56e9930caecbde246
 2020-07-17 13:23:34 +10:00
jmc@openbsd.org
69924a92c3 upstream: start sentence with capital letter; 
OpenBSD-Commit-ID: ab06581d51b2b4cc1b4aab781f7f3cfa56cad973
 2020-07-17 13:23:34 +10:00
Damien Miller
5b56bd0aff detect Linux/X32 systems 
This is a frankenstein monster of AMD64 instructions/calling conventions
but with a 4GB address space. Allegedly deprecated but people still run
into it causing weird sandbox failures, e.g. bz#3085
 2020-07-17 13:21:56 +10:00
dtucker@openbsd.org
9c9ddc1391 upstream: Fix previous by calling the correct function. 
OpenBSD-Regress-ID: 821cdd1dff9c502cceff4518b6afcb81767cad5a
 2020-07-15 17:11:08 +10:00
dtucker@openbsd.org
f1a4798941 upstream: Update test to match recent change in match.c 
OpenBSD-Regress-ID: 965bda1f95f09a765050707340c73ad755f41167
 2020-07-15 16:01:29 +10:00
Darren Tucker
d7e71be4fd Adjust portable code to match changes in 939d787d, 2020-07-15 15:30:43 +10:00
dtucker@openbsd.org
fec89f32a8 upstream: Add default for number of rounds (-a). ok djm@ 
OpenBSD-Commit-ID: cb7e9aa04ace01a98e63e4bd77f34a42ab169b15
 2020-07-15 15:08:10 +10:00
djm@openbsd.org
aaa8b609a7 upstream: allow some additional control over the use of ssh-askpass 
via $SSH_ASKPASS_REQUIRE, including force-enable/disable. bz#69 ok markus@

OpenBSD-Commit-ID: 3a1e6cbbf6241ddc4405c4246caa2c249f149eb2
 2020-07-15 15:08:10 +10:00
deraadt@openbsd.org
6368022cd4 upstream: correct recently broken comments 
OpenBSD-Commit-ID: 964d9a88f7de1d0eedd3f8070b43fb6e426351f1
 2020-07-15 15:08:10 +10:00
djm@openbsd.org
6d755706a0 upstream: some language improvements; ok markus 
OpenBSD-Commit-ID: 939d787d571b4d5da50b3b721fd0b2ac236acaa8
 2020-07-15 15:07:42 +10:00
markus@openbsd.org
b0c1e8384d upstream: update setproctitle after re-exec; ok djm 
OpenBSD-Commit-ID: bc92d122f9184ec2a9471ade754b80edd034ce8b
 2020-07-15 15:06:44 +10:00
markus@openbsd.org
cd119a5ec2 upstream: keep ignoring HUP after fork+exec; ok djm 
OpenBSD-Commit-ID: 7679985a84ee5ceb09839905bb6f3ddd568749a2
 2020-07-15 15:06:44 +10:00
markus@openbsd.org
8af4a74369 upstream: don't exit the listener on send_rexec_state errors; ok 
djm

OpenBSD-Commit-ID: 57cbd757d130d3f45b7d41310b3a15eeec137d5c
 2020-07-15 15:06:44 +10:00
dtucker@openbsd.org
03da4c2b70 upstream: Use $OBJ to find key files. Fixes test when run on an obj 
directory (on OpenBSD) or out of tree (in Portable).

OpenBSD-Regress-ID: 938fa8ac86adaa527d64a305bd2135cfbb1c0a17
 2020-07-15 15:02:52 +10:00
Darren Tucker
73f20f195a Wrap stdint.h in ifdef HAVE_STDINT_H. 2020-07-04 23:11:59 +10:00
djm@openbsd.org
aa6fa4bf30 upstream: put back the mux_ctx memleak fix, but only for channels of 
type SSH_CHANNEL_MUX_LISTENER; Specifically SSH_CHANNEL_MUX_PROXY channels
should not have this structure freed.

OpenBSD-Commit-ID: f3b213ae60405f77439e2b06262f054760c9d325
 2020-07-03 17:26:23 +10:00
djm@openbsd.org
d8195914eb upstream: revert r1.399 - the lifetime of c->mux_ctx is more complex; 
simply freeing it here causes other problems

OpenBSD-Commit-ID: c6fee8ca94e2485faa783839541962be2834c5ed
 2020-07-03 17:22:28 +10:00
djm@openbsd.org
20b5fab9f7 upstream: avoid tilde_expand_filename() in expanding ~/.ssh/rc - if 
sshd is in chroot mode, the likely absence of a password database will cause
tilde_expand_filename() to fatal; ok dtucker@

OpenBSD-Commit-ID: e20aee6159e8b79190d18dba1513fc1b7c8b7ee1
 2020-07-03 17:03:54 +10:00
djm@openbsd.org
c8935081db upstream: when redirecting sshd's log output to a file, undo this 
redirection after the session child process is forked(); ok dtucker@

OpenBSD-Commit-ID: 6df86dd653c91f5bc8ac1916e7680d9d24690865
 2020-07-03 17:03:54 +10:00
djm@openbsd.org
183c4aaef9 upstream: start ClientAliveInterval bookkeeping before first pass 
through select() loop; fixed theoretical case where busy sshd may ignore
timeouts from client; inspired by and ok dtucker

OpenBSD-Commit-ID: 96bfc4b1f86c7da313882a84755b2b47eb31957f
 2020-07-03 17:03:53 +10:00
Damien Miller
6fcfd303d6 add check for fido_cred_set_prot() to configure 2020-07-03 15:28:27 +10:00
dtucker@openbsd.org
f11b233463 upstream: Only reset the serveralive check when we receive traffic from 
the server and ignore traffic from a port forwarding client, preventing a
client from keeping a connection alive when it should be terminated.  Based
on a patch from jxraynor at gmail.com via openssh-unix-dev and bz#2265, ok
djm@

OpenBSD-Commit-ID: a941a575a5cbc244c0ef5d7abd0422bbf02c2dcd
 2020-07-03 15:16:37 +10:00
Damien Miller
adfdbf1211 sync sys-queue.h with OpenBSD upstream 
needed for TAILQ_CONCAT
 2020-07-03 15:15:15 +10:00
djm@openbsd.org
1b90ddde49 upstream: fix memory leak of mux_ctx; patch from Sergiy Lozovsky 
via bz3189 ok dtucker

OpenBSD-Commit-ID: db249bd4526fd42d0f4f43f72f7b8b7705253bde
 2020-07-03 15:12:31 +10:00
markus@openbsd.org
55ef3e9cbd upstream: free kex in ssh_packet_close; ok djm semarie 
OpenBSD-Commit-ID: dbc181e90d3d32fd97b10d75e68e374270e070a2
 2020-07-03 15:12:31 +10:00
bket@openbsd.org
e1c401109b upstream: Replace TAILQ concatenation loops with TAILQ_CONCAT 
OK djm@

OpenBSD-Commit-ID: 454b40e09a117ddb833794358970a65b14c431ef
 2020-07-03 15:12:31 +10:00
semarie@openbsd.org
14beca57ac upstream: backout 1.293 fix kex mem-leak in ssh_packet_close at markus 
request

the change introduced a NULL deref in sshpkt_vfatal() (uses of ssh->kex after
calling ssh_packet_clear_keys())

OpenBSD-Commit-ID: 9c9a6721411461b0b1c28dc00930d7251a798484
 2020-06-27 20:23:27 +10:00
Damien Miller
598c3a5e38 document a PAM spec problem in a frustrated comment 2020-06-26 16:07:24 +10:00
djm@openbsd.org
976c4f8628 upstream: avoid spurious error message when ssh-keygen creates files 
outside ~/.ssh; with dtucker@

OpenBSD-Commit-ID: ac0c662d44607e00ec78c266ee60752beb1c7e08
 2020-06-26 15:44:47 +10:00
Damien Miller
32b2502a9d missing ifdef SELINUX; spotted by dtucker 2020-06-26 15:30:06 +10:00
djm@openbsd.org
e073106f37 upstream: regress test for ssh-add -d; ok dtucker@ 
OpenBSD-Regress-ID: 3a2e044be616afc7dd4f56c100179e83b33d8abf
 2020-06-26 15:25:58 +10:00
markus@openbsd.org
c809daaa1b upstream: add test for mux w/-Oproxy; ok djm 
OpenBSD-Regress-ID: 764d5c696e2a259f1316a056e225e50023abb027
 2020-06-26 15:25:57 +10:00
djm@openbsd.org
3d06ff4bbd upstream: handle EINTR in waitfd() and timeout_connect() helpers; 
bz#3071; ok dtucker@

OpenBSD-Commit-ID: 08fa87be50070bd8b754d9b1ebb1138d7bc9d8ee
 2020-06-26 15:25:24 +10:00