summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2023-02-02crank versions in RPM specsV_9_2_P1V_9_2Damien Miller
2023-02-02update version in READMEDamien Miller
2023-02-02adapt compat_kex_proposal() test to portableDamien Miller
2023-02-02upstream: test compat_kex_proposal(); by dtucker@djm@openbsd.org
OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2
2023-02-02upstream: Check if we can copy sshd or need to use sudo to do sodtucker@openbsd.org
during reexec test. Skip test if neither can work. Patch from anton@, tweaks from me. OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d
2023-02-02upstream: openssh-9.2djm@openbsd.org
OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923
2023-02-02upstream: fix double-free caused by compat_kex_proposal(); bz3522djm@openbsd.org
by dtucker@, ok me OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80
2023-02-01Skip connection-timeout test on minix3.Darren Tucker
Minix 3's Unix domain sockets don't seem to work the way we expect, so skip connection-timeout test on that platform. While there, group together all similarly skipped tests and explicitly comment.
2023-02-01fix libfido2 detection without pkg-configDamien Miller
Place libfido2 before additional libraries (that it may depend upon) and not after. bz3530 from James Zhang; ok dtucker@
2023-02-01upstream: delete useless dependencyderaadt@openbsd.org
OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad
2023-02-01upstream: Create and install sshd random relink kit.deraadt@openbsd.org
../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't be too fragile, we'll see if we need a different approach. The resulting sshd binary is tested with the new sshd -V option before installation. As the binary layout is now semi-unknown (meaning relative, fixed, and gadget offsets are not precisely known), change the filesystem permissions to 511 to prevent what I call "logged in BROP". I have ideas for improving this further but this is a first step ok djm OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8
2023-02-01upstream: tweak previous; ok djmjmc@openbsd.org
OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3
2023-01-31Skip connection-timeout test under Valgrind.Darren Tucker
Valgrind slows things down so much that the timeout test fails. Skip this test until we figure out if we can make it work.
2023-01-25Skip connection-timeout when missing FD passing.Darren Tucker
This tests uses multiplexing which uses file descriptor passing, so skip it if we don't have that. Fixes test failures on Cygwin.
2023-01-18upstream: when restoring non-blocking mode to stdio fds, restoredjm@openbsd.org
exactly the flags that ssh started with and don't just clobber them with zero, as this could also remove the append flag from the set; bz3523; ok dtucker@ OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0
2023-01-18upstream: Add a -V (version) option to sshd like the ssh clientmillert@openbsd.org
has. OK markus@ deraadt@ OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e
2023-01-18upstream: For "ssh -V" always exit 0, there is no need to check optmillert@openbsd.org
again. This was missed when the fallthrough in the switch case above it was removed. OK deraadt@ OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120
2023-01-17upstream: also check that an active session inhibitsdjm@openbsd.org
UnusedConnectionTimeout idea markus@ OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003
2023-01-17upstream: regression test for UnusedConnectionTimeoutdjm@openbsd.org
OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084
2023-01-17upstream: unbreak test: cannot access shell positional parametersdjm@openbsd.org
past $9 without wrapping the position in braces (i.e. need ${10}, etc.) OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac
2023-01-17upstream: Add a sshd_config UnusedConnectionTimeout option to terminatedjm@openbsd.org
client connections that have no open channels for some length of time. This complements the recently-added ChannelTimeout option that terminates inactive channels after a timeout. ok markus@ OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9
2023-01-16upstream: adapt to ed25519 changes in src/usr.bin/sshdjm@openbsd.org
OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5
2023-01-16upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOPdjm@openbsd.org
(20221122) and change the import approach to the same one we use for Streamlined NTRUPrime: use a shell script to extract the bits we need from SUPERCOP, make some minor adjustments and squish them all into a single file. ok tb@ tobhe@ OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b
2023-01-14Allow writev is seccomp sandbox.Darren Tucker
This seems to be used by recent glibcs at least in some configurations. From bz#3512, ok djm@
2023-01-14upstream: Shell syntax fix. From ren mingshuai vi github PR#369.dtucker@openbsd.org
OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9
2023-01-14upstream: Instead of skipping the all-tokens test if we don't havedtucker@openbsd.org
OpenSSL (since we use it to compute the hash), put the hash at the end and just omit it if we don't have it. Prompted by bz#3521. OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea
2023-01-14upstream: fix double phrase in previous;jmc@openbsd.org
OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2
2023-01-14upstream: Document "UserKnownHostsFile none". ok djm@dtucker@openbsd.org
OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5
2023-01-13Retry package installation 3 times.Darren Tucker
When setting up the CI environment, retry package installation 3 times before going up. Should help prevent spurious failures during infrastructure issues.
2023-01-13upstream: Move scp path setting to a helper function. The previousdtucker@openbsd.org
commit to add scp to the test sshd's path causes the t-envpass test to fail when the test scp is given using a fully qualified path. Put this in a helper function and only call it from the scp tests. OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4
2023-01-13upstream: Add scp's path to test sshd's PATH.dtucker@openbsd.org
If the scp we're testing is fully qualified (eg it's not in the system PATH) then add its path to the under-test sshd's PATH so we can find it. Prompted by bz#3518. OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0
2023-01-13Remove skipping test when scp not in path.Darren Tucker
An upcoming change renders this obsolete by adding scp's path to the test sshd's PATH, and removing this first will make the subsequent sync easier.
2023-01-13upstream: Add a "Host" line to the output of ssh -G showing thedtucker@openbsd.org
original host arg. Inspired by patch from vincent at bernat.ch via bz#3343, ok djm@ OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883
2023-01-13upstream: avoid printf("%s", NULL) if using sshdjm@openbsd.org
-oUserKnownHostsFile=none and a hostkey in one of the system known hosts file changes; ok dtucker@ OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614
2023-01-13upstream: clamp the minimum buffer lengths and number of inflightdjm@openbsd.org
requests too OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56
2023-01-13upstream: ignore bogus upload/download buffer lengths in the limitsdjm@openbsd.org
extension OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8
2023-01-11upstream: remove whitespace at EOL from code extracted from SUPERCOPdjm@openbsd.org
OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4
2023-01-11upstream: rewrite this test to use a multiplexed ssh session so we candjm@openbsd.org
control its lifecycle without risk of race conditions; fixes some of the Github integration tests for openssh-portable OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969
2023-01-11remove buffer len workaround for NetBSD 4.xDamien Miller
Switching to from pipes to a socketpair for communicating with the ssh process avoids the (kernel bug?) problem.
2023-01-11add back use of pipes in scp.c under USE_PIPESDamien Miller
This matches sftp.c which prefers socketpair but uses pipes on some older platforms.
2023-01-11upstream: Switch scp from using pipes to a socketpair formillert@openbsd.org
communication with it's ssh sub-processes. We no longer need to reserve two descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is handled by sanitise_stdfd() in main(). Based on an original diff from djm@. OK deraadt@ djm@ OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d
2023-01-11upstream: tweak previous; ok djmjmc@openbsd.org
OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858
2023-01-09try to improve logging for dynamic-forward testDamien Miller
previously the logs from the ssh used to exercise the forwarding channel would clobber the logs from the ssh actually doing the forwarding
2023-01-08Skip dynamic-forward test on minix3.Darren Tucker
This test relies on loopback addresses which minix does not have. Previously the test would not run at all since it also doesn't have netcat, but now we use our own netcat it tries and fails.
2023-01-08don't test IPv6 addresses if platform lacks supportDamien Miller
2023-01-08upstream: When OpenSSL is not available, skip parts of percent testdtucker@openbsd.org
that require it. Based on github pr#368 from ren mingshuai. OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2
2023-01-07Use our own netcat for dynamic-forward test.Darren Tucker
That way we can be surer about its behaviour rather than trying to second-guess the behaviour of various netcat implementations.
2023-01-07Use autoconf to find openssl binary.Darren Tucker
It's possible to install an OpenSSL in a path not in the system's default library search path. OpenSSH can still use this (eg if you specify an rpath) but the openssl binary there may not work. If one is available on the system path just use that.
2023-01-07Check openssl_bin path is executable before using.Darren Tucker
2023-01-06Set OPENSSL_BIN from OpenSSL directory.Darren Tucker
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-13 23:55:41 +0000