summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2021-10-06clean regress/misc/sk-dummy in cleandir targetDamien Miller
2021-10-06upstream: Dynamically allocate encoded HashKnownHosts and free asdtucker@openbsd.org
appropriate. Saves 1k of static storage and prevents snprintf "possible truncation" warnings from newer compilers (although in this case it's false positive since the actual sizes are limited by the output size of the SHA1). ok djm@ OpenBSD-Commit-ID: e254ae723f7e3dce352c7d5abc4b6d87faf61bf4
2021-10-06upstream: use libc SHA256 functions; make this work when compileddjm@openbsd.org
!WITH_OPENSSL OpenBSD-Regress-ID: fda0764c1097cd42f979ace29b07eb3481259890
2021-10-06upstream: Add test for ssh hashed known_hosts handling.dtucker@openbsd.org
OpenBSD-Regress-ID: bcef3b3cd5a1ad9899327b4b2183de2541aaf9cf
2021-10-06fix broken OPENSSL_HAS_ECC testDamien Miller
spotted by dtucker
2021-10-01make sk-dummy.so work without libcrypto installedDamien Miller
2021-10-01make OPENSSL_HAS_ECC checks more thoroughDamien Miller
ok dtucker
2021-10-01fix FIDO key support for !OPENSSL_HAS_ECC caseDamien Miller
ok dtucker
2021-10-01enable security key support for --without-opensslDamien Miller
2021-10-01need stdlib.h for free(3)Damien Miller
2021-10-01upstream: Fix up whitespace left by previousdtucker@openbsd.org
change removing privsep. No other changes. OpenBSD-Regress-ID: 87adec225d8afaee4d6a91b2b71203f52bf14b15
2021-10-01upstream: Remove references to privsep.dtucker@openbsd.org
This removes several do..while loops but does not change the indentation of the now-shallower loops, which will be done in a separate whitespace-only commit to keep changes of style and substance separate. OpenBSD-Regress-ID: 4bed1a0249df7b4a87c965066ce689e79472a8f7
2021-10-01upstream: Use "skip" instead of "fatal"dtucker@openbsd.org
if SUDO isn't set for the *-command tests. This means running "make tests" without SUDO set will perform all of the tests that it can instead of failing on the ones it cannot run. OpenBSD-Regress-ID: bd4dbbb02f34b2e8c890558ad4a696248def763a
2021-10-01upstream: unbreak FIDO sk-ed25519 key enrollment for OPENSSL=no builds;djm@openbsd.org
ok dtucker@ OpenBSD-Commit-ID: 6323a5241728626cbb2bf0452cf6a5bcbd7ff709
2021-09-29Include stdlib.h for arc4random_uniform prototype.Darren Tucker
2021-09-29Look for clang after cc and gcc.Darren Tucker
2021-09-29Use backticks instead of $(..) for portability.Darren Tucker
Older shells (eg /bin/sh on Solaris 10) don't support $() syntax.
2021-09-29Skip file-based tests by default on Mac OS.Darren Tucker
The file-based tests need OpenSSL so skip them.
2021-09-29Build without OpenSSL on Mac OS.Darren Tucker
Modern versions don't ship enough libcrypto to build against.
2021-09-29Remove TEST_SSH_ECC.Darren Tucker
Convert the only remaining user of it to runtime detection using ssh -Q.
2021-09-29Split c89 test openssl setting out.Darren Tucker
2021-09-29Expand TEST_SHELL consistently with other vars.Darren Tucker
2021-09-29Replace `pwd` with make variable in regress cmd.Darren Tucker
2021-09-29Get BUILDDIR from autoconf.Darren Tucker
Use this to replace `pwd`s in regress test command line.
2021-09-29Add make clean step to tests.Darren Tucker
2021-09-29Test all available clang and gcc versions.Darren Tucker
2021-09-29upstream: Test certificate hostkeys held in ssh-agent too. Would havedjm@openbsd.org
caught regression fixed in sshd r1.575 ok markus@ OpenBSD-Regress-ID: 1f164d7bd89f83762db823eec4ddf2d2556145ed
2021-09-29upstream: add some debug output showing how many key file/command linesdjm@openbsd.org
were processed. Useful to see whether a file or command actually has keys present OpenBSD-Commit-ID: 0bd9ff94e84e03a22df8e6c12f6074a95d27f23c
2021-09-29upstream: Make prototype for rijndaelEncrypt match functiondtucker@openbsd.org
including the bounds. Fixes error in portable where GCC>=11 takes notice of the bounds. ok deraadt@ OpenBSD-Commit-ID: cdd2f05fd1549e1786a70871e513cf9e9cf099a6
2021-09-29upstream: Import regenerated moduli.dtucker@openbsd.org
OpenBSD-Commit-ID: 4bec5db13b736b64b06a0fca704cbecc2874c8e1
2021-09-29Add new compiler hardening flags.Darren Tucker
Add -fzero-call-used-regs and -ftrivial-auto-var-init to the list of compiler hardening flags that configure checks for. These are supported by clang and gcc, and make ROP gadgets less useful and mitigate stack-based infoleaks respectively. ok djm@
2021-09-27initgroups needs grp.hV_8_8_P1V_8_8Damien Miller
2021-09-27upstream: openssh-8.8djm@openbsd.org
OpenBSD-Commit-ID: 12357794602ac979eb7312a1fb190c453f492ec4
2021-09-27upstream: need initgroups() before setresgid(); reported by anton@,djm@openbsd.org
ok deraadt@ OpenBSD-Commit-ID: 6aa003ee658b316960d94078f2a16edbc25087ce
2021-09-26update version numbers for releaseDamien Miller
2021-09-26upstream: RSA/SHA-1 is not used by default anymorekn@openbsd.org
OK dtucker deraadt djm OpenBSD-Commit-ID: 055c51a221c3f099dd75c95362f902da1b8678c6
2021-09-24Move the fgrep replacement to hostkey-rotate.sh.Darren Tucker
The fgrep replacement for buggy greps doesn't work in the sftp-glob test so move it to just where we know it's needed.
2021-09-24Replacement function for buggy fgrep.Darren Tucker
GNU (f)grep <=2.18, as shipped by FreeBSD<=12 and NetBSD<=9 will occasionally fail to find ssh host keys in the hostkey-rotate test. If we have those versions, use awk instead.
2021-09-24Don't prompt for yes/no questions.David Manouchehri
2021-09-21upstream: fix missing -s in SYNOPSYS and usage() as well as adjm@openbsd.org
capitalisation mistake; spotted by jmc@ OpenBSD-Commit-ID: 0ed8ee085c7503c60578941d8b45f3a61d4c9710
2021-09-20upstream: Fix "Allocated port" debug messagedtucker@openbsd.org
for unix domain sockets. From peder.stray at gmail.com via github PR#272, ok deraadt@ OpenBSD-Commit-ID: 8d5ef3fbdcdd29ebb0792b5022a4942db03f017e
2021-09-20upstream: Switch scp back to use the old protocol by default, ahead ofdjm@openbsd.org
release. We'll wait a little longer for people to pick up sftp-server(8) that supports the extension that scp needs for ~user paths to continue working in SFTP protocol mode. Discussed with deraadt@ OpenBSD-Commit-ID: f281f603a705fba317ff076e7b11bcf2df941871
2021-09-19upstream: better error message for ~user failures when thedjm@openbsd.org
sftp-server lacks the expand-path extension; ok deraadt@ OpenBSD-Commit-ID: 9c1d965d389411f7e86f0a445158bf09b8f9e4bc
2021-09-19upstream: make some more scp-in-SFTP mode better match Unix idiomsdjm@openbsd.org
suggested by deraadt@ OpenBSD-Commit-ID: 0f2439404ed4cf0b0be8bf49a1ee734836e1ac87
2021-09-19upstream: allow log_stderr==2 to prefix log messages with argv[0]djm@openbsd.org
use this to make scp's SFTP mode error messages more scp-like prompted by and ok deraadt@ OpenBSD-Commit-ID: 0e821dbde423fc2280e47414bdc22aaa5b4e0733
2021-09-17Test against LibreSSL 3.2.6, 3.3.4, 3.4.0.Darren Tucker
2021-09-16upstream: missing space character in ssh -G output broke thedjm@openbsd.org
t-sshcfgparse regression test; spotted by anton@ OpenBSD-Commit-ID: bcc36fae2f233caac4baa8e58482da4aa350eed0
2021-09-16upstream: allow CanonicalizePermittedCNAMEs=none in ssh_config; okdjm@openbsd.org
markus@ OpenBSD-Commit-ID: 668a82ba8e56d731b26ffc5703213bfe071df623
2021-09-15upstream: put back the mux_ctx memleak fix for SSH_CHANNEL_MUX_CLIENTmbuhl@openbsd.org
OK mfriedl@ OpenBSD-Commit-ID: 1aba1da828956cacaadb81a637338734697d9798
2021-09-11upstream: Do not ignore SIGINT while waiting for input if editline(3)schwarze@openbsd.org
is not used. Instead, in non-interactive mode, exit sftp(1), like for other serious errors. As pointed out by dtucker@, when compiled without editline(3) support in portable OpenSSH, the el == NULL branch is also used for interactive mode. In that case, discard the input line and provide a fresh prompt to the user just like in the case where editline(3) is used. OK djm@ OpenBSD-Commit-ID: 7d06f4d3ebba62115527fafacf38370d09dfb393
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-09 13:30:57 +0000