Commit Graph

53 Commits

Author SHA1 Message Date
djm@openbsd.org
2b67932bb3 upstream: on fatal errors, make scp wait for ssh connection before
exiting avoids LogLevel=verbose (or greater) messages from ssh appearing
after scp has returned exited and control has returned to the shell; ok
markus@

OpenBSD-Commit-ID: ef9dab5ef5ae54a6a4c3b15d380568e94263456c
2021-08-10 12:47:39 +10:00
Damien Miller
6df1fecb5d use openbsd-compat glob.h is required 2021-08-04 11:05:11 +10:00
djm@openbsd.org
197e29f1cc upstream: support for using the SFTP protocol for file transfers in
scp, via a new "-M sftp" option. Marked as experimental for now.

Some corner-cases exist, in particular there is no attempt to
provide bug-compatibility with scp's weird "double shell" quoting
rules.

Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@
Thanks jmc@ for improving the scp.1 bits.

OpenBSD-Commit-ID: 6ce4c9157ff17b650ace571c9f7793d92874051c
2021-08-03 11:03:09 +10:00
Damien Miller
e86968280e depend 2021-04-16 13:55:25 +10:00
Damien Miller
d2afd717e6 update depend 2021-03-02 21:31:47 +11:00
djm@openbsd.org
2c71cec020 upstream: Update/replace the experimental post-quantim hybrid key
exchange method based on Streamlined NTRU Prime (coupled with X25519).

The previous sntrup4591761x25519-sha512@tinyssh.org method is
replaced with sntrup761x25519-sha512@openssh.com. Per the authors,
sntrup4591761 was replaced almost two years ago by sntrup761.

The sntrup761 implementaion, like sntrup4591761 before it, is public
domain code extracted from the SUPERCOP cryptography benchmark
suite (https://bench.cr.yp.to/supercop.html).

Thanks for Daniel J Bernstein for guidance on algorithm selection.
Patch from Tobias Heider; feedback & ok markus@ and myself

(note this both the updated method and the one that it replaced are
disabled by default)

OpenBSD-Commit-ID: 2bf582b772d81ee24e911bb6f4b2aecfd39338ae
2020-12-29 12:38:53 +11:00
djm@openbsd.org
816036f142 upstream: use the new variant log macros instead of prepending
__func__ and appending ssh_err(r) manually; ok markus@

OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
2020-10-18 23:46:29 +11:00
Damien Miller
53a33a0d74 .depend 2020-09-20 16:16:47 +10:00
Damien Miller
c9bab1d3a9 depend 2020-05-29 14:49:16 +10:00
Damien Miller
83a6dc6ba1 make depend 2020-05-13 12:03:42 +10:00
Darren Tucker
c697e46c31 Update .depend. 2020-05-02 18:34:47 +10:00
Darren Tucker
67697e4a82 Update .depend. 2020-04-24 11:10:18 +10:00
Damien Miller
a2437f8ed0 depend 2020-02-06 12:02:22 +11:00
Damien Miller
6a10760635 depend 2020-01-26 10:28:21 +11:00
Damien Miller
10ecc647fc depend 2020-01-21 12:20:05 +11:00
Darren Tucker
acaf9e0585 Update depend to remove rmd160.h. 2020-01-14 12:43:03 +11:00
Darren Tucker
7652a57662 Remove auth-skey.c.
S/Key support was removed in OpenSSH 7.8 but this file was missed.
2020-01-06 08:56:46 +11:00
Damien Miller
c4b2664be7 refresh depend 2019-12-30 21:04:09 +11:00
Damien Miller
7b47b40b17 adapt Makefile to ssh-sk-client everywhere 2019-12-14 08:40:58 +11:00
Darren Tucker
ad8cd42079 Sort depends. 2019-12-11 13:13:14 +11:00
Darren Tucker
5df9d1f5c0 Update depend to include sk files. 2019-12-11 13:06:43 +11:00
djm@openbsd.org
6bff9521ab upstream: directly support U2F/FIDO2 security keys in OpenSSH by
linking against the (previously external) USB HID middleware. The dlopen()
capability still exists for alternate middlewares, e.g. for Bluetooth, NFC
and test/debugging.

OpenBSD-Commit-ID: 14446cf170ac0351f0d4792ba0bca53024930069
2019-11-15 09:57:30 +11:00
Darren Tucker
19cb64c4b4 Rebuild .depend. 2019-11-02 22:46:22 +11:00
Damien Miller
3420e0464b depend 2019-11-01 09:46:10 +11:00
Damien Miller
8ca491d29f depend 2019-10-09 11:06:37 +11:00
djm@openbsd.org
670104b923 upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@
OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f
2019-09-06 17:54:21 +10:00
Darren Tucker
5299a09fa2 Revert one dependency per line change.
It turns out that having such a large number of lines in the .depend
file will cause the memory usage of awk during AC_SUBST to blow up on at
least NetBSD's awk, causing configure to fail.
2019-07-19 13:52:41 +10:00
Darren Tucker
05500af21d Force dependencies one per line.
Force makedepend to output one dependency per line, which will make
reading diffs against it much easier.  ok djm@
2019-07-19 13:20:03 +10:00
Darren Tucker
b5bc5d016b make depend. 2019-07-19 13:18:07 +10:00
Damien Miller
e44e4ad119 depend 2019-07-16 23:26:53 +10:00
Damien Miller
4efe1adf05 remove realpath() compat replacement
We shipped a BSD implementation of realpath() because sftp-server
depended on its behaviour.

OpenBSD is now moving to a more strictly POSIX-compliant realpath(2),
so sftp-server now unconditionally requires its own BSD-style realpath
implementation. As such, there is no need to carry another independant
implementation in openbsd-compat.

ok dtucker@
2019-07-08 13:38:39 +10:00
dtucker@openbsd.org
5696512d7a upstream: Remove crc32.{c,h} which were only used by the now-gone
SSH1 protocol. Patch from yumkam at gmail.com, ok deraadt.

OpenBSD-Commit-ID: cceda5876c5ba6b4d8abcd52335329198cee3240
2019-05-08 18:42:03 +10:00
Damien Miller
fd0fa130ec makedepend 2019-04-18 08:52:57 +10:00
djm@openbsd.org
9b61130fbd upstream: openssh-7.9 accidentally reused the server's algorithm lists
in the client for KEX, ciphers and MACs. The ciphers and MACs were identical
between the client and server, but the error accidentially disabled the
diffie-hellman-group-exchange-sha1 KEX method.

This fixes the client code to use the correct method list, but
because nobody complained, it also disables the
diffie-hellman-group-exchange-sha1 KEX method.

Reported by nuxi AT vault24.org via bz#2697; ok dtucker

OpenBSD-Commit-ID: e30c33a23c10fd536fefa120e86af1842e33fd57
2019-02-24 10:51:46 +11:00
Damien Miller
2265402dc7 depend 2019-01-23 13:03:16 +11:00
Damien Miller
4dc06bd579 depend 2019-01-21 23:14:04 +11:00
Damien Miller
c327813ea1 depend 2019-01-20 09:45:38 +11:00
djm@openbsd.org
0a843d9a0e upstream: move client/server SSH-* banners to buffers under
ssh->kex and factor out the banner exchange. This eliminates some common code
from the client and server.

Also be more strict about handling \r characters - these should only
be accepted immediately before \n (pointed out by Jann Horn).

Inspired by a patch from Markus Schmidt.
(lots of) feedback and ok markus@

OpenBSD-Commit-ID: 1cc7885487a6754f63641d7d3279b0941890275b
2018-12-27 14:38:22 +11:00
Damien Miller
b9fea45a68 regen depend 2018-10-23 17:10:35 +11:00
Damien Miller
dc8ddcdf1a update depends 2018-10-11 13:08:59 +11:00
Damien Miller
26739cf5bd rebuild dependencies 2018-08-23 13:06:02 +10:00
dtucker@openbsd.org
258dc8bb07 upstream: Remove support for running ssh(1) setuid and fatal if
attempted. Do not link uidwap.c into ssh any more.  Neuters
UsePrivilegedPort, which will be marked as deprecated shortly. ok markus@
djm@

OpenBSD-Commit-ID: c4ba5bf9c096f57a6ed15b713a1d7e9e2e373c42
2018-07-19 21:41:42 +10:00
markus@openbsd.org
5467fbcb09 upstream: remove legacy key emulation layer; ok djm@
OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
2018-07-12 13:18:25 +10:00
Damien Miller
120a1ec74e Adapt portable to legacy buffer API removal 2018-07-10 19:39:52 +10:00
Damien Miller
7d68e26294 depend 2018-07-03 23:27:11 +10:00
djm@openbsd.org
7c85685760 upstream: switch over to the new authorized_keys options API and
remove the legacy one.

Includes a fairly big refactor of auth2-pubkey.c to retain less state
between key file lines.

feedback and ok markus@

OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df
2018-03-03 14:37:16 +11:00
djm@openbsd.org
94b4e2d29a upstream: refactor sshkey_read() to make it a little more, err,
readable. ok markus

OpenBSD-Commit-ID: 2e9247b5762fdac3b6335dc606d3822121714c28
2018-03-02 14:39:16 +11:00
Damien Miller
2e39643936 updatedepend 2018-02-26 11:48:27 +11:00
Darren Tucker
015749e9b1 Regenerate dependencies after UNICOS removal. 2018-02-15 20:04:12 +11:00
Damien Miller
20d53ac283 rebuild depends 2018-01-23 16:49:43 +11:00