summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2022-01-18Remove line leftover from upstream sync.Darren Tucker
2022-01-18upstream: when decompressing zlib compressed packets, usedjm@openbsd.org
Z_SYNC_FLUSH instead of Z_PARTIAL_FLUSH as the latter is not actually specified as a valid mode for inflate(). There should be no practical change in behaviour as the compression side ensures a flush that should make all data available to the receiver in all cases. repoted by lamm AT ibm.com via bz3372; ok markus OpenBSD-Commit-ID: 67cfc1fa8261feae6d2cc0c554711c97867cc81b
2022-01-18upstream: make most of the sftp errors more idiomatic, followingdjm@openbsd.org
the general form of "[local/remote] operation path: error message"; ok markus OpenBSD-Commit-ID: 61364cd5f3a9fecaf8d63b4c38a42c0c91f8b571
2022-01-18upstream: when transferring multiple files in SFTP mode, create thedjm@openbsd.org
destination directory if it doesn't already exist to match olde-scp(1) behaviour. noticed by deraadt@ ok markus@ OpenBSD-Commit-ID: cf44dfa231d4112f697c24ff39d7ecf2e6311407
2022-01-18upstream: allow pin-required FIDO keys to be added to ssh-agent(1).djm@openbsd.org
ssh-askpass will be used to request the PIN at authentication time. From Pedro Martelletto, ok djm OpenBSD-Commit-ID: de8189fcd35b45f632484864523c1655550e2950
2022-01-14upstream: ssh-sk: free a resident key's user iddjm@openbsd.org
From Pedro Martelletto; ok dtucker & me OpenBSD-Commit-ID: 47be40d602b7a6458c4c71114df9b53d149fc2e9
2022-01-14upstream: sshsk_load_resident: don't preallocate respdjm@openbsd.org
resp is allocated by client_converse(), at which point we lose the original pointer. From Pedro Martelletto; ok dtucker & me OpenBSD-Commit-ID: 1f1b5ea3282017d6584dfed4f8370dc1db1f44b1
2022-01-14upstream: sshsk_sign: trim call to sshkey_fingerprint()djm@openbsd.org
the resulting fingerprint doesn't appear to be used for anything, and we end up leaking it. from Pedro Martelletto; ok dtucker & me OpenBSD-Commit-ID: 5625cf6c68f082bc2cbbd348e69a3ed731d2f9b7
2022-01-14upstream: use status error message to communicate ~user expansiondjm@openbsd.org
failures; provides better experience for scp in sftp mode, where ~user paths are more likely to be used; spotted jsg, feedback jsg & deraadt ok jsg & markus (forgot to include this file in previous commit) OpenBSD-Commit-ID: d37cc4c8c861ce48cd6ea9899e96aaac3476847b
2022-01-14fix edge case in poll(2) wrapperDamien Miller
Correct handling of select(2) exceptfds. These should only be consulted for POLLPRI flagged pfds and not unconditionally converted to POLLERR. with and ok dtucker@
2022-01-14Wrap OpenSSL includes in unit tests in ifdef.Darren Tucker
Fixes unit test on systems that do not have OpenSSL headers installed.
2022-01-13Remove sort wrapper.Darren Tucker
agent-restrict now takes care of this itself.
2022-01-13upstream: Set LC_ALL in both local and remote shells so that sorteddtucker@openbsd.org
output matches regardless of what the user's shell sets it to. ok djm@ OpenBSD-Regress-ID: 4e97dd69a68b05872033175a4c2315345d01837f
2022-01-13upstream: Avoid %'s in commands (not used in OpenBSD, but used indtucker@openbsd.org
-portable's Valgrind test) being interpretted as printf format strings. OpenBSD-Regress-ID: dc8655db27ac4acd2c386c4681bf42a10d80b043
2022-01-13Stop on first test failure to minimize logs.Darren Tucker
2022-01-12upstream: Use egrep when searching for an anchored string.dtucker@openbsd.org
OpenBSD-Regress-ID: dd114a2ac27ac4b06f9e4a586d3f6320c54aeeb4
2022-01-12Add "rev" command replacement if needed.Darren Tucker
2022-01-12upstream: Don't log NULL hostname in restricted agent code,dtucker@openbsd.org
printf("%s", NULL) is not safe on all platforms. with & ok djm OpenBSD-Commit-ID: faf10cdae4adde00cdd668cd1f6e05d0a0e32a02
2022-01-12upstream: remove hardcoded domain and use window.location.host, so thisdjm@openbsd.org
can be run anywhere OpenBSD-Regress-ID: 2ac2ade3b6227d9c547351d3ccdfe671e62b7f92
2022-01-12upstream: "void" functions should not return anything. From Tim Ricedtucker@openbsd.org
via -portable. OpenBSD-Commit-ID: ce6616304f4c9881b46413e616b226c306830e2a
2022-01-12upstream: suppress "Connection to xxx closed" messages at LogLevel >=djm@openbsd.org
error bz3378; ok dtucker@ OpenBSD-Commit-ID: d5bf457d5d2eb927b81d0663f45248a31028265c
2022-01-12OS X poll(2) is broken; use compat replacementDamien Miller
Darwin's poll(2) implementation is broken. For character-special devices like /dev/null, it returns POLLNVAL when polled with POLLIN. Apparently this is Apple bug 3710161, which is AFAIK not public, but a websearch will find other OSS projects rediscovering it periodically since it was first identified in 2005 (!!)
2022-01-11libhardended_malloc.so moved into out dir.Darren Tucker
2022-01-10Make USL compilers happyTim Rice
UX:acomp: ERROR: "sftp-server.c", line 567: void function cannot return value
2022-01-10Add wrapper for "sort" to set LC_ALL=C.Darren Tucker
Found by djm, this should make sorts stable and reduce test flakiness.
2022-01-08upstream: Remove errant "set -x" left over from debugging.dtucker@openbsd.org
OpenBSD-Regress-ID: cd989268e034264cec5df97be7581549032c87dc
2022-01-08upstream: Enable all supported hostkey algorithms (but no others).dtucker@openbsd.org
Allows hostbased test to pass when built without OpenSSL. OpenBSD-Regress-ID: 5ddd677a68b672517e1e78460dc6ca2ccc0a9562
2022-01-08upstream: use status error message to communicate ~user expansiondjm@openbsd.org
failures; provides better experience for scp in sftp mode, where ~user paths are more likely to be used; spotted jsg, feedback jsg & deraadt ok jsg & markus OpenBSD-Commit-ID: fc610ce00ca0cdc2ecdabbd49ce7cb82033f905f
2022-01-08upstream: fix some corner-case bugs in scp sftp-mode handling ofdjm@openbsd.org
~-prefixed paths; spotted by jsg; feedback jsg & deraadt, ok jsg & markus OpenBSD-Commit-ID: d1697dbaaa9f0f5649d69be897eab25c7d37c222
2022-01-08upstream: more idiomatic error messages; spotted by jsg & deraadtdjm@openbsd.org
ok jsg & markus OpenBSD-Commit-ID: 43618c692f3951747b4151c477c7df22afe2bcc8
2022-01-08upstream: add a variant of send_status() that allows overriding thedjm@openbsd.org
default, generic error message. feedback/ok markus & jsg OpenBSD-Commit-ID: 81f251e975d759994131b717ee7c0b439659c40f
2022-01-08upstream: refactor tilde_expand_filename() and make it handle ~userdjm@openbsd.org
paths with no trailing slash; feedback/ok markus and jsg OpenBSD-Commit-ID: a2ab365598a902f0f14ba6a4f8fb2d07a9b5d51d
2022-01-07upstream: Don't explicitly set HostbasedAuthentication indtucker@openbsd.org
sshd_config. It defaults to "no", and not explicitly setting it allows us to enable it for the (optional) hostbased test. OpenBSD-Regress-ID: aa8e3548eb5793721641d26e56c29f363b767c0c
2022-01-07upstream: Add test for hostbased auth. It requires some externaldtucker@openbsd.org
setup (see comments at the top) and thus is disabled unless TEST_SSH_HOSTBASED_AUTH and SUDO are set. OpenBSD-Regress-ID: 3ec8ba3750c5b595fc63e7845d13483065a4827a
2022-01-07dependDamien Miller
2022-01-07upstream: allow hostbased auth to select RSA keys when onlydjm@openbsd.org
RSA/SHA2 are configured (this is the default case); ok markus@ OpenBSD-Commit-ID: 411c18c7bde40c60cc6dfb7017968577b4d4a827
2022-01-07upstream: add a helper function to match a key type to a list ofdjm@openbsd.org
signature algorithms. RSA keys can make signatures with multiple algorithms, so some special handling is required. ok markus@ OpenBSD-Commit-ID: 03b41b2bda06fa4cd9c84cef6095033b9e49b6ff
2022-01-07upstream: log some details on hostkeys that ssh loads fordjm@openbsd.org
hostbased authn ok markus@ OpenBSD-Commit-ID: da17061fa1f0e58cb31b88478a40643e18233e38
2022-01-07upstream: log signature algorithm during verification by monitor;djm@openbsd.org
ok markus OpenBSD-Commit-ID: 02b92bb42c4d4bf05a051702a56eb915151d9ecc
2022-01-07upstream: piece of UpdateHostkeys client strictification: whendjm@openbsd.org
updating known_hosts with new keys, ignore NULL keys (forgot to include in prior commit) OpenBSD-Commit-ID: 49d2eda6379490e1ceec40c3b670b973f63dea08
2022-01-07upstream: include rejected signature algorithm in error messagedjm@openbsd.org
and not the (useless) key type; ok markus OpenBSD-Commit-ID: 4180b5ec7ab347b43f84e00b1972515296dab023
2022-01-07upstream: make ssh-keysign use the requested signature algorithmdjm@openbsd.org
and not the default for the keytype. Part of unbreaking hostbased auth for RSA/SHA2 keys. ok markus@ OpenBSD-Commit-ID: b5639a14462948970da3a8020dc06f9a80ecccdc
2022-01-07upstream: stricter UpdateHostkey signature verification logic ondjm@openbsd.org
the client- side. Require RSA/SHA2 signatures for RSA hostkeys except when RSA/SHA1 was explicitly negotiated during initial KEX; bz3375 ok markus@ OpenBSD-Commit-ID: 46e75e8dfa2c813781805b842580dcfbd888cf29
2022-01-07upstream: Fix signature algorithm selection logic fordjm@openbsd.org
UpdateHostkeys on the server side. The previous code tried to prefer RSA/SHA2 for hostkey proofs of RSA keys, but missed some cases. This will use RSA/SHA2 signatures for RSA keys if the client proposed these algorithms in initial KEX. bz3375 Mostly by Dmitry Belyavskiy with some tweaks by me. ok markus@ OpenBSD-Commit-ID: c17ba0c3236340d2c6a248158ebed042ac6a8029
2022-01-07upstream: convert ssh, sshd mainloops from select() to poll();djm@openbsd.org
feedback & ok deraadt@ and markus@ has been in snaps for a few months OpenBSD-Commit-ID: a77e16a667d5b194dcdb3b76308b8bba7fa7239c
2022-01-07upstream: prepare for conversion of ssh, sshd mainloop fromdjm@openbsd.org
select() to poll() by moving FD_SET construction out of channel handlers into separate functions. ok markus OpenBSD-Commit-ID: 937fbf2a4de12b19fb9d5168424e206124807027
2022-01-07upstream: add a comment so I don't make this mistake againdjm@openbsd.org
OpenBSD-Commit-ID: 69c7f2362f9de913bb29b6318580c5a1b52c921e
2022-01-07upstream: fix cut-and-pasto in error messagedjm@openbsd.org
OpenBSD-Commit-ID: 4cc5c619e4b456cd2e9bb760d17e3a9c84659198
2022-01-05upstream: select all RSA hostkey algorithms for UpdateHostkeys tests,djm@openbsd.org
not just RSA-SHA1 OpenBSD-Regress-ID: b40e62b65863f2702a0c10aca583b2fe76772bd8
2022-01-05upstream: regress test both sshsig message hash algorithms, possibledjm@openbsd.org
now because the algorithm is controllable via the CLI OpenBSD-Regress-ID: 0196fa87acc3544b2b4fd98de844a571cb09a39f
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-03 13:27:07 +0000