RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2024-12-19 08:34:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
12,358 Commits 69 Branches 157 Tags 27 MiB
e612376427
Commit Graph

12358 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dtucker@openbsd.org
c3da05d959
upstream: Plug potential mem leak in process_put. 
It allocates abs_dst inside a loop but only frees it on exit, so free
inside the loop if necessary.  Coverity CID 291837, ok djm@

OpenBSD-Commit-ID: a01616503a185519b16f00dde25d34ceaf4ae1a3
 2023-03-29 12:22:33 +11:00
djm@openbsd.org
13ae327eae
upstream: fix memory leak; Coverity CID 291848 
with/ok dtucker@

OpenBSD-Commit-ID: 37f80cb5d075ead5a00ad1b74175684ab1156ff8
 2023-03-29 12:22:23 +11:00
dtucker@openbsd.org
9ffa76e128
upstream: Plug more mem leaks in sftp by making 
make_absolute_pwd_glob work in the same way as make_absolute: you
pass it a dynamically allocated string and it either returns it, or
frees it and allocates a new one. Patch from emaste at freebsd.org and
https://reviews.freebsd.org/D37253 ok djm@

OpenBSD-Commit-ID: 85f7404e9d47fd28b222fbc412678f3361d2dffc
 2023-03-28 19:03:54 +11:00
dtucker@openbsd.org
82b2b83269
upstream: Remove compat code for OpenSSL < 1.1.* 
since -portable no longer supports them.

OpenBSD-Commit-ID: ea2893783331947cd29a67612b4e56f818f185ff
 2023-03-28 19:03:29 +11:00
dtucker@openbsd.org
b500afcf00
upstream: Remove compat code for OpenSSL 1.0.* 
versions now that -portable has dropped support for those versions.

OpenBSD-Regress-ID: 82a8eacd87aec28e4aa19f17246ddde9d5ce7fe7
 2023-03-28 19:03:10 +11:00
Darren Tucker
727560e601
Prevent conflicts between Solaris SHA2 and OpenSSL. 
We used to prevent conflicts between native SHA2 headers and OpenSSL's
by setting OPENSSL_NO_SHA but that was removed prior to OpenSSL 1.1.0
 2023-03-28 19:03:03 +11:00
Darren Tucker
46db8e14b7
Remove HEADER_SHA_H from previous... 
since it causes more problems than it solves.
 2023-03-28 12:44:03 +11:00
Darren Tucker
72bd68d373
Replace OPENSSL_NO_SHA with HEADER_SHA_H. 
Since this test doesn't use OpenSSL's SHA2 and may cause conflicts we
don't want to include it, but OPENSSL_NO_SHA was removed beginning in
OpenSSL's 1.1 series.
 2023-03-28 10:35:18 +11:00
Darren Tucker
99668f2e6e
Configure with --target instead of deprecated form. 2023-03-28 09:50:06 +11:00
Darren Tucker
f751d9306c
Pass rpath when building 64bit Solaris. 2023-03-27 22:18:49 +11:00
Darren Tucker
a64b935cd4
Explicitly disable OpenSSL on AIX test VM. 2023-03-27 22:18:46 +11:00
dtucker@openbsd.org
7ebc6f060f
upstream: Add RevokedHostKeys to percent expansion test. 
OpenBSD-Regress-ID: c077fd12a38005dd53d878c5b944154dec88d2ff
 2023-03-27 15:04:36 +11:00
dtucker@openbsd.org
f1a17de150
upstream: Add tilde and environment variable expansion to 
RevokedHostKeys. bz#3552, ok djm@

OpenBSD-Commit-ID: ce5d8e0219b63cded594c17d4c2958c06918ec0d
 2023-03-27 15:03:53 +11:00
djm@openbsd.org
009eb4cb48
upstream: fix test: getnameinfo returns a non-zero value on error, not 
(neccessarily) -1. From GHPR#384

OpenBSD-Commit-ID: d35e2b71268f66f5543a7ea68751972b3ae22b25
 2023-03-27 14:31:57 +11:00
djm@openbsd.org
4f0a676486
upstream: scp: when copying local->remote, check that source file 
exists before opening SFTP connection to the server. Based on GHPR#370 ok
dtucker, markus

OpenBSD-Commit-ID: b4dd68e15bfe22ce4fac9960a1066a2b721e54fb
 2023-03-27 14:28:00 +11:00
Darren Tucker
154d8baf63
Also look for gdb error message from OpenIndiana. 2023-03-27 12:22:30 +11:00
Darren Tucker
fbd3811ddb
Explicitly disable security key test on aix51 VM. 
We don't know how to build the shared objects required for the security
key tests so skip them.
 2023-03-27 11:08:00 +11:00
Darren Tucker
4922ac3be8
Split libcrypto and other config flags. 
This should allow the automatic OpenSSL version selection in the tests
to work better.
 2023-03-26 14:49:43 +11:00
Darren Tucker
4a948b1469
Specify test target if we build without OpenSSL. 
When we decide we can't use the versions of OpenSSL available, also
restrict the tests we run to avoid the ones that need OpenSSL.
 2023-03-26 14:39:45 +11:00
Darren Tucker
b308c636f5
Find suitable OpenSSL version. 
Check the installed OpenSSL versions for a suitable one, and if there
isn't (and we don't have a specific version configured) then build
without OpenSSL.
 2023-03-26 14:22:53 +11:00
Damien Miller
021ea5c286
Github testing support for BoringSSL 2023-03-24 15:39:48 +11:00
Damien Miller
9a97cd1064
BoringSSL doesn't support EC_POINT_point2bn() 
so don't invoke it in unittest
 2023-03-24 15:39:48 +11:00
Damien Miller
cc5969c033
another ERR_load_CRYPTO_strings() vestige 2023-03-24 15:39:47 +11:00
Damien Miller
4974293899
don't use obsolete ERR_load_CRYPTO_strings() 
OpenSSL (and elsewhere in OpenSSH) uses ERR_load_crypto_strings()
 2023-03-24 15:26:27 +11:00
Damien Miller
3c527d55f9
Allow building with BoringSSL 2023-03-24 15:26:26 +11:00
Damien Miller
b7e27cfd7f
put back SSLeay_version compat in configure test 
Needed to detect old versions and give good "your version is bad"
messages at configure time; spotted by dtucker@
 2023-03-24 15:26:26 +11:00
Damien Miller
7280401bdd
remove support for old libcrypto 
OpenSSH now requires LibreSSL 3.1.0 or greater or
OpenSSL 1.1.1 or greater

with/ok dtucker@
 2023-03-24 13:56:25 +11:00
Darren Tucker
abda22fb48
Test latest OpenSSL 1.1, 3.0 and LibreSSL 3.7. 2023-03-19 15:36:13 +11:00
Darren Tucker
610ac1cb07
Show 9.3 branch instead of 9.2. 2023-03-16 21:38:04 +11:00
Damien Miller
cb30fbdbee
depend 2023-03-16 08:28:19 +11:00
Damien Miller
1dba63eb10
crank version 2023-03-16 08:27:54 +11:00
djm@openbsd.org
ba7532d0da
upstream: openssh-9.3 
OpenBSD-Commit-ID: 8011495f2449c1029bb316bd015eab2e00509848
 2023-03-16 08:21:56 +11:00
dtucker@openbsd.org
6fd4daafb9
upstream: Free KRL ptr in addition to its contents. 
From Coverity CID 291841, ok djm@

OpenBSD-Commit-ID: f146ba08b1b43af4e0d7ad8c4dae3748b4fa31b6
 2023-03-14 18:35:50 +11:00
dtucker@openbsd.org
1d270bd303
upstream: Check pointer for NULL before deref. 
None of the existing callers seem to do that, but it's worth checking.
From Coverity CID 291834, ok djm@

OpenBSD-Commit-ID: a0a97113f192a7cb1a2c97b932f677f573cda7a4
 2023-03-14 18:35:31 +11:00
dtucker@openbsd.org
d95af508e7
upstream: Limit number of entries in SSH2_MSG_EXT_INFO 
request. This is already constrained by the maximum SSH packet size but this
makes it explicit.  Prompted by Coverity CID 291868, ok djm@ markus@

OpenBSD-Commit-ID: aea023819aa44a2dcb9dd0fbec10561896fc3a09
 2023-03-12 22:02:18 +11:00
dtucker@openbsd.org
8f287ba60d
upstream: calloc can return NULL but xcalloc can't. 
From Coverity CID 291881, ok djm@

OpenBSD-Commit-ID: 50204b755f66b2ec7ac3cfe379d07d85ca161d2b
 2023-03-12 22:01:57 +11:00
dtucker@openbsd.org
83a56a49fd
upstream: Explicitly ignore return from fcntl 
(... FD_CLOEXEC) here too.  Coverity CID 291853.

OpenBSD-Commit-ID: 99d8b3da9d0be1d07ca8dd8e98800a890349e9b5
 2023-03-12 22:01:44 +11:00
Damien Miller
0fda9d704d
bounds checking for getrrsetbyname() replacement; 
Spotted by Coverity in CID 405033; ok millert@
 2023-03-10 15:59:46 +11:00
dtucker@openbsd.org
89b8df518f
upstream: Plug mem leak on error path. Coverity CID 405026, ok djm@. 
OpenBSD-Commit-ID: 8212ca05d01966fb5e72205c592b2257708a2aac
 2023-03-10 15:42:37 +11:00
Darren Tucker
bf4dae0ad1
Add prototypes for mkstemp replacements. 
Should prevent warnings due to our wrapper function.
 2023-03-10 14:46:57 +11:00
dtucker@openbsd.org
4e04d68d6a
upstream: Expliticly ignore return code from fcntl(.. FD_CLOEXEC) since 
there's not much we can do anyway.  From Coverity CID 291857, ok djm@

OpenBSD-Commit-ID: 051429dd07af8db3fec10d82cdc78d90bb051729
 2023-03-10 14:46:25 +11:00
djm@openbsd.org
d6d38fd77c
upstream: Like sshd_config, some ssh_config options are not 
first-match-wins. sshd_config.5 was fixed in r1.348, this is the same for
this file

OpenBSD-Commit-ID: 7be55b9351cde449b136afcc52d07aa4113b215e
 2023-03-10 14:02:39 +11:00
dtucker@openbsd.org
7187d3f86b
upstream: Remove no-op (int) > INT_MAX checks 
since they can never be true. From Coverity CID 405031, ok djm@

OpenBSD-Commit-ID: 9df3783b181e056595e2bb9edf7ed41d61cf8e84
 2023-03-10 13:45:00 +11:00
Darren Tucker
77adde4305
Wrap mkstemp calls with umask set/restore. 
glibc versions 2.06 and earlier did not set a umask on files created by
mkstemp created the world-writable.  Wrap mkstemp to set and restore
the umask.  From Coverity (CIDs 291826 291886 291891), ok djm@
 2023-03-10 13:27:29 +11:00
jcs@openbsd.org
633d3dc2a1
upstream: modify parentheses in conditionals to make it clearer what is 
being assigned and what is being checked

ok djm dtucker

OpenBSD-Commit-ID: 19c10baa46ae559474409f75a5cb3d0eade7a9b8
 2023-03-10 10:40:02 +11:00
dtucker@openbsd.org
733030840c
upstream: Re-split the merge of the reorder-hostkeys test. 
In the kex_proposal_populate_entries change I merged the the check for
reordering hostkeys with the actual reordering, but kex_assemble_names
mutates options.hostkeyalgorithms which renders the check ineffective.
Put the check back where it was.  Spotted and tested by jsg@, ok djm@

OpenBSD-Commit-ID: a7469f25a738db5567395d1881e32479a7ffc9de
 2023-03-09 18:32:48 +11:00
djm@openbsd.org
54ac4ab2b5
upstream: include destination constraints for smartcard keys too. 
Spotted by Luci Stanescu; ok deraadt@ markus@

OpenBSD-Commit-ID: add879fac6903a1cb1d1e42c4309e5359c3d870f
 2023-03-09 18:32:48 +11:00
Darren Tucker
bfd1ad01d9
Limit the number of PAM environment variables. 
xcalloc has its own limits, but these are specific to PAM.  From
Coverity CID 405198, ok djm@
 2023-03-09 18:32:48 +11:00
Darren Tucker
a231414970
Limit the number of PAM environment variables. 
From Coverity CID 405194, tweaks and ok djm@
 2023-03-09 18:32:48 +11:00
dtucker@openbsd.org
36c6c3eff5
upstream: Plug mem leak. Coverity CID 405196, ok djm@ 
OpenBSD-Commit-ID: 175f09349387c292f626da68f65f334faaa085f2
 2023-03-08 17:31:07 +11:00