RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2024-12-19 00:24:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
12,358 Commits 69 Branches 157 Tags 27 MiB
e612376427
Commit Graph

12358 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
anton@openbsd.org
e612376427
upstream: make use of bsd.regress.mk in extra and interop targets; ok 
dtucker@

OpenBSD-Regress-ID: 7ea21b5f6fc4506165093b2123d88d20ff13a4f0
 2023-10-29 17:32:47 +11:00
dtucker@openbsd.org
ea00391739
upstream: Skip conch interop tests when not enabled instead of fatal. 
OpenBSD-Regress-ID: b0abf81c24ac6c21f367233663228ba16fa96a46
 2023-10-27 00:02:26 +11:00
dtucker@openbsd.org
d220b9ed54
upstream: Import regenerated moduli. 
OpenBSD-Commit-ID: 95f5dd6107e8902b87dc5b005ef2b53f1ff378b8
 2023-10-26 23:46:03 +11:00
anton@openbsd.org
a611e4db40
upstream: ssh conch interop tests requires a controlling terminal; 
ok dtucker@

OpenBSD-Regress-ID: cbf2701bc347c2f19d907f113779c666f1ecae4a
 2023-10-26 23:44:53 +11:00
anton@openbsd.org
da951b5e08
upstream: Use private key that is allowed by sshd defaults in conch 
interop tests.

ok dtucker@

OpenBSD-Regress-ID: 3b7f65c8f409c328bcd4b704f60cb3d31746f045
 2023-10-26 23:34:29 +11:00
Darren Tucker
1ca166dbb3
Install Dropbear for interop testing. 2023-10-20 20:43:00 +11:00
Darren Tucker
f993bb5835
Resync PuTTY and Conch path handling with upstream. 
Now that configure finds these for us we can remove these -portable
specific changes.
 2023-10-20 20:39:03 +11:00
Darren Tucker
ff85becd5f
Have configure find PuTTY and Conch binaries. 
This will let us remove some -portable specific changes from
test-exec.sh.
 2023-10-20 20:35:46 +11:00
dtucker@openbsd.org
c54a50359b
upstream: Allow overriding the locations of the Dropbear binaries 
similar to what we do for the PuTTY ones.

OpenBSD-Regress-ID: 7de0e00518fb0c8fdc5f243b7f82f523c936049c
 2023-10-20 20:28:20 +11:00
dtucker@openbsd.org
fbaa707d45
upstream: Add interop test with Dropbear. 
Right now this is only dbclient not the Dropbear server since it won't
currently run as a ProxyCommand.

OpenBSD-Regress-ID: 8cb898c414fcdb252ca6328896b0687acdaee496
 2023-10-20 18:35:32 +11:00
Fabio Pedretti
c2003d0dbd
Update openssl-devel dependency in RPM spec. 
Since openssh 9.4p1, openssl >= 1.1.1 is required, so
build with --without-openssl elsewhere.
According to https://repology.org/project/openssl/versions
openssl 1.1.1 is available on fedora >= 29 and rhel >= 8.
Successfully build tested, installed and run on rhel 6
 2023-10-16 21:40:01 +11:00
Fabio Pedretti
064e09cd63
Remove reference of dropped sshd.pam.old file 
The file was removed in openssh 8.8
 2023-10-16 20:14:04 +11:00
dtucker@openbsd.org
62db354b69
upstream: Move declaration of "len" into the block where it's used. 
This lets us compile Portable with -Werror with when OpenSSL doesn't have
Ed25519 support.

OpenBSD-Commit-ID: e02e4b4af351946562a7caee905da60eff16ba29
 2023-10-16 20:13:41 +11:00
Damien Miller
6eee8c972d
run t-extra regress tests 
This exposes the t-extra regress tests (including agent-pkcs11.sh) as
a new extra-tests target in the top level Makefile and runs them by
default. ok dtucker@
 2023-10-13 15:15:05 +11:00
Darren Tucker
637624dbba
Don't use make -j2. 
While we have 2 cores available on github runners, not using it means
that the most recent log message is the actual failure, rather than
having to search back through the log for it.
 2023-10-12 22:01:23 +11:00
Darren Tucker
971e0cfcfd
Correct arg order for ED255519 AC_LINK_IFELSE test. 2023-10-12 16:23:05 +11:00
djm@openbsd.org
c616e64688
upstream: typos and extra debug trace calls 
OpenBSD-Regress-ID: 98a2a6b9333743274359e3c0f0e65cf919a591d1
 2023-10-12 14:52:46 +11:00
djm@openbsd.org
c49a3fbf10
upstream: ensure logs are owned by correct user; feedback/ok 
dtucker@

OpenBSD-Regress-ID: c3297af8f07717f1d400a5d34529962f1a76b5a3
 2023-10-12 14:52:45 +11:00
djm@openbsd.org
5ec0ed79ac
upstream: 64 %-expansion keys ought to be enough for anybody; ok 
dtucker (we just hit the previous limit in some cases)

OpenBSD-Commit-ID: 84070f8001ec22ff5d669f836b62f206e08c5787
 2023-10-12 14:37:52 +11:00
djm@openbsd.org
f59a94e22e
upstream: don't dereference NULL pointer when hashing jumphost 
OpenBSD-Commit-ID: 251c0263e1759a921341c7efe7f1d4c73e1c70f4
 2023-10-12 13:58:19 +11:00
Damien Miller
281c79168e
Solaris: prefer PRIV_XPOLICY to PRIV_LIMIT 
If the system support PRIV_XPOLICY and one is set, then don't
modify PRIV_LIMIT. bz2833, patch from Ron Jordan, ok dtucker@
 2023-10-12 13:20:01 +11:00
djm@openbsd.org
98fc34df83
upstream: add %j token that expands to the configured ProxyJump 
hostname (or the empty string if this option is not being used). bz3610, ok
dtucker

OpenBSD-Commit-ID: ce9983f7efe6a178db90dc5c1698df025df5e339
 2023-10-12 13:19:41 +11:00
djm@openbsd.org
7f3180be8a
upstream: release GSS OIDs only at end of authentication; bz2982, 
ok dtucker@

OpenBSD-Commit-ID: 0daa41e0525ae63cae4483519ecaa37ac485d94c
 2023-10-12 13:19:41 +11:00
djm@openbsd.org
a612b93de5
upstream: mask SIGINT/TERM/QUIT/HUP before checking quit_pending 
and use ppoll() to unmask them in the mainloop. Avoids race condition between
signaling ssh to exit and polling. bz3531; ok dtucker

OpenBSD-Commit-ID: 5c14e1aabcddedb95cdf972283d9c0d5083229e7
 2023-10-12 13:19:40 +11:00
djm@openbsd.org
531b27a006
upstream: sync usage() with ssh.1; spotted by kn@ 
OpenBSD-Commit-ID: 191a85639477dcb5fa1616d270d93b7c8d5c1dfd
 2023-10-12 13:19:40 +11:00
djm@openbsd.org
64f7ca881b
upstream: ssh -Q does not make sense with other command-line options, 
so give it its own line in the manpage

OpenBSD-Commit-ID: 00a747f0655c12122bbb77c2796be0013c105361
 2023-10-12 10:15:47 +11:00
djm@openbsd.org
a752a6c0e1
upstream: add ChannelTimeout support to the client, mirroring the 
same option in the server. ok markus@

OpenBSD-Commit-ID: 55630b26f390ac063980cfe7ad8c54b03284ef02
 2023-10-12 10:00:13 +11:00
djm@openbsd.org
76e91e7238
upstream: add support for reading ED25519 private keys in PEM PKCS8 
format; ok markus@ tb@

OpenBSD-Commit-ID: 01b85c91757e6b057e9b23b8a23f96415c3c7174
 2023-10-12 09:59:44 +11:00
djm@openbsd.org
fc77c8e352
upstream: mention "none" is a valid argument to IdentityFile; bz3080 
OpenBSD-Commit-ID: 1b4fb590ef731099349a7d468b77f02b240ac926
 2023-10-11 17:41:52 +11:00
djm@openbsd.org
c97520d23d
upstream: in olde rcp/scp protocol mode, when rejecting a path from the 
server as not matching the glob that the client sent, log (at debug level)
the received pathname as well as the list of possible expected paths expanded
from the glob. bz2966

OpenBSD-Commit-ID: 0bd8db8a595334ca86bca8f36e23fc0395315765
 2023-10-11 16:44:40 +11:00
djm@openbsd.org
208c2b7198
upstream: s/%.100s/%s/ in SSH- banner construction as there's no 
reason to limit its size: the version string bring included is a compile time
constant going into an allocated banner string.

OpenBSD-Commit-ID: 0ef73304b9bf3e534c60900cd84ab699f859ebcd
 2023-10-11 15:57:09 +11:00
tb@openbsd.org
0354790826
upstream: Garbage collect cipher_get_keyiv_len() 
This is a compat20 leftover, unused since 2017.

ok djm

OpenBSD-Commit-ID: 91fa5497c9dc6883064624ac27813a567883fdce
 2023-10-11 15:57:08 +11:00
djm@openbsd.org
8d29ee4115
upstream: Reserve a range of "local extension" message numbers that 
OpenSSH promises not to use (comment change only)

OpenBSD-Commit-ID: e61795b453d4892d2c99ce1039112c4a00250e03
 2023-10-10 14:58:55 +11:00
djm@openbsd.org
90b0d73d63
upstream: typo in error message 
OpenBSD-Regress-ID: 6a8edf0dc39941298e3780b147b10c0a600b4fee
 2023-10-06 14:33:37 +11:00
djm@openbsd.org
e84517f515
upstream: Perform the softhsm2 setup as discrete steps rather than 
as a long shell pipeline. Makes it easier to figure out what has happened
when it breaks.

OpenBSD-Regress-ID: b3f1292115fed65765d0a95414df16e27772d81c
 2023-10-06 14:31:20 +11:00
claudio@openbsd.org
cb54becff4
upstream: REGRESS_FAIL_EARLY defaults to yes now. So no need to 
overload the value here anymore. OK tb@ bluhm@

OpenBSD-Regress-ID: f063330f1bebbcd373100afccebc91a965b14496
 2023-10-06 14:31:13 +11:00
jmc@openbsd.org
f01f5137ce
upstream: spelling fix; 
OpenBSD-Commit-ID: 493f95121567e5ab0d9dd1150f873b5535ca0195
 2023-10-06 14:30:35 +11:00
Damien Miller
80a2f64b8c
crank version numbers 2023-10-04 15:34:10 +11:00
djm@openbsd.org
f65f187b10
upstream: openssh-9.5 
OpenBSD-Commit-ID: 5e0af680480bd3b6f5560cf840ad032d48fd6b16
 2023-10-04 15:33:36 +11:00
djm@openbsd.org
ffe27e54a4
upstream: add some cautionary text about % token expansion and 
shell metacharacters; based on report from vinci AT protonmail.ch

OpenBSD-Commit-ID: aa1450a54fcee2f153ef70368d90edb1e7019113
 2023-10-04 15:33:27 +11:00
djm@openbsd.org
60ec3d54fd
upstream: fix link to agent draft; spotted by Jann Horn 
OpenBSD-Commit-ID: ff5bda21a83ec013db683e282256a85201d2dc4b
 2023-10-04 15:30:19 +11:00
Damien Miller
12e2d4b13f
use portable provider allowlist path in manpage 
spotted by Jann Horn
 2023-10-04 10:54:04 +11:00
deraadt@openbsd.org
6c2c6ffde7
upstream: typo; from Jim Spath 
OpenBSD-Commit-ID: 2f5fba917b5d4fcf93d9e0b0756c7f63189e228e
 2023-10-01 10:57:54 +11:00
djm@openbsd.org
b6b49130a0
upstream: rename remote_glob() -> sftp_glob() to match other API 
OpenBSD-Commit-ID: d9dfb3708d824ec02970a84d96cf5937e0887229
 2023-09-11 09:14:02 +10:00
djm@openbsd.org
21b79af6c8
upstream: typo in comment 
OpenBSD-Commit-ID: 69285e0ce962a7c6b0ab5f17a293c60a0a360a18
 2023-09-11 09:13:42 +10:00
Darren Tucker
41232d2553
Use zero-call-used-regs=used with Apple compilers. 
Apple's versions of clang have version numbers that do not match the
corresponding upstream clang versions.  Unfortunately, they do still
have the clang-15 zero-call-used-regs=all bug, so for now use the value
that doesn't result in segfaults.  We could allowlist future versions
that are known to work.  bz#3584 (and probably also our github CI
failures).
 2023-09-10 15:45:38 +10:00
djm@openbsd.org
90ccc5918e
upstream: randomise keystroke obfuscation intervals and average 
interval rate. ok dtucker@

OpenBSD-Commit-ID: 05f61d051ab418fcfc4857ff306e420037502382
 2023-09-10 13:27:40 +10:00
djm@openbsd.org
bd1b9e52f5
upstream: fix sizeof(*ptr) instead sizeof(ptr) in realloc (pointer here 
is char**, so harmless); spotted in CID 416964

OpenBSD-Commit-ID: c61caa4a5a667ee20bb1042098861e6c72c69002
 2023-09-08 16:35:40 +10:00
djm@openbsd.org
c4f9664829
upstream: regress test recursive remote-remote directories copies where 
the directory contains a symlink to another directory.

also remove errant `set -x` that snuck in at some point

OpenBSD-Regress-ID: 1c94a48bdbd633ef2285954ee257725cd7bc456f
 2023-09-08 16:12:05 +10:00
djm@openbsd.org
5e1dfe5014
upstream: fix recursive remote-remote copies of directories that 
contain symlinks to other directories (similar to bz3611)

OpenBSD-Commit-ID: 7e19d2ae09b4f941bf8eecc3955c9120171da37f
 2023-09-08 16:11:58 +10:00