Commit Graph

67 Commits

Author SHA1 Message Date
Damien Miller
e962f9b318
depend 2023-08-10 20:17:07 +10:00
Damien Miller
edc2ef4e41
depend 2023-07-20 12:53:44 +10:00
Damien Miller
cb30fbdbee
depend 2023-03-16 08:28:19 +11:00
djm@openbsd.org
9fbbfeca1c
upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP
(20221122) and change the import approach to the same one we use for
Streamlined NTRUPrime: use a shell script to extract the bits we need from
SUPERCOP, make some minor adjustments and squish them all into a single file.

ok tb@ tobhe@

OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b
2023-01-16 10:57:41 +11:00
Damien Miller
0ffb46f2ee
update .depend 2022-10-04 01:51:42 +11:00
Darren Tucker
800c2483e6 Remove workarounds for OpenSSL missing AES-CTR.
We have some compatibility hacks that were added to support OpenSSL
versions that do not support AES CTR mode.  Since that time, however,
the minimum OpenSSL version that we support has moved to 1.0.1 which
*does* have CTR, so this is no longer needed.  ok djm@
2022-07-25 21:49:04 +10:00
Damien Miller
b275818065 depend 2022-03-31 14:11:36 +11:00
Damien Miller
166456ceda makedepend 2022-02-23 22:31:11 +11:00
Damien Miller
29a76994e2 depend 2022-01-25 11:52:34 +11:00
Damien Miller
a48533a8da depend 2022-01-07 09:24:26 +11:00
Damien Miller
e8976d92a4 depend 2021-11-29 12:29:29 +11:00
Damien Miller
fcd8d895bb update depends 2021-11-18 10:16:44 +11:00
Damien Miller
2e6f5f24dd depend 2021-10-28 16:24:44 +11:00
Damien Miller
e1a596186c depend 2021-08-20 14:03:49 +10:00
djm@openbsd.org
2b67932bb3 upstream: on fatal errors, make scp wait for ssh connection before
exiting avoids LogLevel=verbose (or greater) messages from ssh appearing
after scp has returned exited and control has returned to the shell; ok
markus@

OpenBSD-Commit-ID: ef9dab5ef5ae54a6a4c3b15d380568e94263456c
2021-08-10 12:47:39 +10:00
Damien Miller
6df1fecb5d use openbsd-compat glob.h is required 2021-08-04 11:05:11 +10:00
djm@openbsd.org
197e29f1cc upstream: support for using the SFTP protocol for file transfers in
scp, via a new "-M sftp" option. Marked as experimental for now.

Some corner-cases exist, in particular there is no attempt to
provide bug-compatibility with scp's weird "double shell" quoting
rules.

Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@
Thanks jmc@ for improving the scp.1 bits.

OpenBSD-Commit-ID: 6ce4c9157ff17b650ace571c9f7793d92874051c
2021-08-03 11:03:09 +10:00
Damien Miller
e86968280e depend 2021-04-16 13:55:25 +10:00
Damien Miller
d2afd717e6 update depend 2021-03-02 21:31:47 +11:00
djm@openbsd.org
2c71cec020 upstream: Update/replace the experimental post-quantim hybrid key
exchange method based on Streamlined NTRU Prime (coupled with X25519).

The previous sntrup4591761x25519-sha512@tinyssh.org method is
replaced with sntrup761x25519-sha512@openssh.com. Per the authors,
sntrup4591761 was replaced almost two years ago by sntrup761.

The sntrup761 implementaion, like sntrup4591761 before it, is public
domain code extracted from the SUPERCOP cryptography benchmark
suite (https://bench.cr.yp.to/supercop.html).

Thanks for Daniel J Bernstein for guidance on algorithm selection.
Patch from Tobias Heider; feedback & ok markus@ and myself

(note this both the updated method and the one that it replaced are
disabled by default)

OpenBSD-Commit-ID: 2bf582b772d81ee24e911bb6f4b2aecfd39338ae
2020-12-29 12:38:53 +11:00
djm@openbsd.org
816036f142 upstream: use the new variant log macros instead of prepending
__func__ and appending ssh_err(r) manually; ok markus@

OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
2020-10-18 23:46:29 +11:00
Damien Miller
53a33a0d74 .depend 2020-09-20 16:16:47 +10:00
Damien Miller
c9bab1d3a9 depend 2020-05-29 14:49:16 +10:00
Damien Miller
83a6dc6ba1 make depend 2020-05-13 12:03:42 +10:00
Darren Tucker
c697e46c31 Update .depend. 2020-05-02 18:34:47 +10:00
Darren Tucker
67697e4a82 Update .depend. 2020-04-24 11:10:18 +10:00
Damien Miller
a2437f8ed0 depend 2020-02-06 12:02:22 +11:00
Damien Miller
6a10760635 depend 2020-01-26 10:28:21 +11:00
Damien Miller
10ecc647fc depend 2020-01-21 12:20:05 +11:00
Darren Tucker
acaf9e0585 Update depend to remove rmd160.h. 2020-01-14 12:43:03 +11:00
Darren Tucker
7652a57662 Remove auth-skey.c.
S/Key support was removed in OpenSSH 7.8 but this file was missed.
2020-01-06 08:56:46 +11:00
Damien Miller
c4b2664be7 refresh depend 2019-12-30 21:04:09 +11:00
Damien Miller
7b47b40b17 adapt Makefile to ssh-sk-client everywhere 2019-12-14 08:40:58 +11:00
Darren Tucker
ad8cd42079 Sort depends. 2019-12-11 13:13:14 +11:00
Darren Tucker
5df9d1f5c0 Update depend to include sk files. 2019-12-11 13:06:43 +11:00
djm@openbsd.org
6bff9521ab upstream: directly support U2F/FIDO2 security keys in OpenSSH by
linking against the (previously external) USB HID middleware. The dlopen()
capability still exists for alternate middlewares, e.g. for Bluetooth, NFC
and test/debugging.

OpenBSD-Commit-ID: 14446cf170ac0351f0d4792ba0bca53024930069
2019-11-15 09:57:30 +11:00
Darren Tucker
19cb64c4b4 Rebuild .depend. 2019-11-02 22:46:22 +11:00
Damien Miller
3420e0464b depend 2019-11-01 09:46:10 +11:00
Damien Miller
8ca491d29f depend 2019-10-09 11:06:37 +11:00
djm@openbsd.org
670104b923 upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@
OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f
2019-09-06 17:54:21 +10:00
Darren Tucker
5299a09fa2 Revert one dependency per line change.
It turns out that having such a large number of lines in the .depend
file will cause the memory usage of awk during AC_SUBST to blow up on at
least NetBSD's awk, causing configure to fail.
2019-07-19 13:52:41 +10:00
Darren Tucker
05500af21d Force dependencies one per line.
Force makedepend to output one dependency per line, which will make
reading diffs against it much easier.  ok djm@
2019-07-19 13:20:03 +10:00
Darren Tucker
b5bc5d016b make depend. 2019-07-19 13:18:07 +10:00
Damien Miller
e44e4ad119 depend 2019-07-16 23:26:53 +10:00
Damien Miller
4efe1adf05 remove realpath() compat replacement
We shipped a BSD implementation of realpath() because sftp-server
depended on its behaviour.

OpenBSD is now moving to a more strictly POSIX-compliant realpath(2),
so sftp-server now unconditionally requires its own BSD-style realpath
implementation. As such, there is no need to carry another independant
implementation in openbsd-compat.

ok dtucker@
2019-07-08 13:38:39 +10:00
dtucker@openbsd.org
5696512d7a upstream: Remove crc32.{c,h} which were only used by the now-gone
SSH1 protocol. Patch from yumkam at gmail.com, ok deraadt.

OpenBSD-Commit-ID: cceda5876c5ba6b4d8abcd52335329198cee3240
2019-05-08 18:42:03 +10:00
Damien Miller
fd0fa130ec makedepend 2019-04-18 08:52:57 +10:00
djm@openbsd.org
9b61130fbd upstream: openssh-7.9 accidentally reused the server's algorithm lists
in the client for KEX, ciphers and MACs. The ciphers and MACs were identical
between the client and server, but the error accidentially disabled the
diffie-hellman-group-exchange-sha1 KEX method.

This fixes the client code to use the correct method list, but
because nobody complained, it also disables the
diffie-hellman-group-exchange-sha1 KEX method.

Reported by nuxi AT vault24.org via bz#2697; ok dtucker

OpenBSD-Commit-ID: e30c33a23c10fd536fefa120e86af1842e33fd57
2019-02-24 10:51:46 +11:00
Damien Miller
2265402dc7 depend 2019-01-23 13:03:16 +11:00
Damien Miller
4dc06bd579 depend 2019-01-21 23:14:04 +11:00