summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* missed OPENSSL_HAS_ECC caseDamien Miller2024-08-151-0/+2
|
* retire testing aginst older LibreSSL versionsDamien Miller2024-08-151-2/+0
| | | | | | | | | libressl prior to 3.4.x lack support for the EVP_DigestSign and EVP_DigestVerify APIs that we need now that sshkey is converted to EVP_PKEY. If someone makes a good case for why we should support these versions then we could bring back support with wrappers.
* sync TEST_MALLOC_OPTIONS for OpenBSDDamien Miller2024-08-151-1/+1
|
* remove gratuitious difference from OpenBSDDamien Miller2024-08-151-6/+6
|
* upstream: adapt to EVP_PKEY conversiondjm@openbsd.org2024-08-153-25/+30
| | | | OpenBSD-Regress-ID: 0e2d4efb0ed0e392e23cd8fda183fe56531ac446
* upstream: test transfers in mux proxy mode toodjm@openbsd.org2024-08-151-14/+15
| | | | OpenBSD-Regress-ID: 2edfc980628cfef3550649cab8d69fa23b5cd6c4
* upstream: Convert RSA and ECDSA key to the libcrypto EVP_PKEY API.djm@openbsd.org2024-08-1514-522/+749
| | | | | | | | | | | | DSA remains unconverted as it will be removed within six months. Based on patches originally from Dmitry Belyavskiy, but significantly reworked based on feedback from Bob Beck, Joel Sing and especially Theo Buehler (apologies to anyone I've missed). ok tb@ OpenBSD-Commit-ID: d098744e89f1dc7e5952a6817bef234eced648b5
* upstream: Reorder calloc argumentstobias@openbsd.org2024-08-152-5/+5
| | | | | | | | | | | | The first argument should be the amount, the second argument should be the element size. Fixing this also silences some gcc compiler warnings for portable. Spotted with Benny Baumann (BenBE at geshi dot org). ok djm@ OpenBSD-Commit-ID: 711ad6f7bd7fb48bf52208f2cf9f108cddb6d41a
* upstream: Extend sshbuf validationtobias@openbsd.org2024-08-151-2/+4
| | | | | | | | | | | | | | | | Multiple sshbuf structs can be linked through a parent/child relationship. Make sure that a single sshbuf cannot be its own parent. If this would ever happen, it would result in reference counting issues. This is a cheap way of testing this with very little overhead. It does not detect A->B->A linkages though for performance reason and the fact that it takes a programming error for this to occur anyway. Authored with Benny Baumann (BenBE at geshi dot org). ok djm@ OpenBSD-Commit-ID: fb3fa9ee2cad3c7e842ebadfd7f5db220c4aaf16
* upstream: Use freezero for better readabilitytobias@openbsd.org2024-08-151-5/+3
| | | | | | | | | It has the same meaning as the current pair of calling explicit_bzero and free. Spotted with Benny Baumann (BenBE at geshi dot org). ok djm@ OpenBSD-Commit-ID: 939fbe9ccf52d0d48c5fa53694d6f3bb9927970c
* upstream: Fix typo in commenttobias@openbsd.org2024-08-151-2/+2
| | | | | | | | Spotted with Benny Baumann (BenBE at geshi dot org). ok djm@ OpenBSD-Commit-ID: 829160ac8ef3ad3409695ce3a3ade835061cae57
* upstream: add a random amount of time (up to 4 seconds) to thedlg@openbsd.org2024-08-151-4/+17
| | | | | | | | grace login time. ok deraadt@ djm@ OpenBSD-Commit-ID: abd3c57aaa5861517529b322df79b6be35ee67f4
* upstream: document the reduced logingrace penaltynaddy@openbsd.org2024-08-151-3/+3
| | | | OpenBSD-Commit-ID: 9b63e0e3599d524ddc10edc4f978081382c3548b
* Explicitly install libssl-devel cygwin.Darren Tucker2024-07-281-1/+1
| | | | Should fix CI tests for cygwin default config.
* upstream: reduce logingrace penalty.djm@openbsd.org2024-07-261-2/+2
| | | | | | | | | A single forgotton login that times out should be below the penalty threshold. ok deraadt/claudio OpenBSD-Commit-ID: cee1f7d17597c97bff8e5092af5d136fdb08f81d
* upstream: Fix proxy multiplexing (-O proxy) bugdjm@openbsd.org2024-07-264-20/+26
| | | | | | | | | | | | | | If a mux started with ControlPersist then later has a forwarding added using mux proxy connection and the forwarding was used, then when the mux proxy session terminates, the mux master process will send a channel close to the server with a bad channel ID and crash the connection. This was caused by my stupidly reusing c->remote_id for mux channel associations when I should have just added another member to struct channel. ok markus@ OpenBSD-Commit-ID: c9f474e0124e3fe456c5e43749b97d75e65b82b2
* upstream: mention mux proxy modedjm@openbsd.org2024-07-261-2/+4
| | | | OpenBSD-Commit-ID: fd77a77779f06d316a314e4540dc57c93fc3369a
* upstream: fix double word; ok dtucker@jsg@openbsd.org2024-07-261-3/+3
| | | | OpenBSD-Commit-ID: e6aff005914fa350b896d2be030be3d3b56ec0e8
* Check for SA_RESTART before using it.Darren Tucker2024-07-251-0/+2
| | | | ok djm@
* Class-imposed login restrictionsYuichiro Naito2024-07-202-0/+20
| | | | | | | | | | If the following functions are available, add an additional check if users are allowed to login imposed by login class. * auth_hostok(3) * auth_timeok(3) These functions are implemented on FreeBSD.
* upstream: correct keyword; from Yatao Su via GHPR509djm@openbsd.org2024-07-101-3/+3
| | | | OpenBSD-Commit-ID: 81c778c76dea7ef407603caa157eb0c381c52ad2
* upstream: don't need return at end of void functiondjm@openbsd.org2024-07-081-2/+1
| | | | OpenBSD-Commit-ID: 42d322d37f13aa075ae7b1ad9eef591e20b89717
* upstream: fix grammar: "a pattern lists" -> "one or more patterndjm@openbsd.org2024-07-082-8/+8
| | | | | | lists" OpenBSD-Commit-ID: f3c844763398faa9800687e8ff6621225498202a
* Cast to sockaddr * in systemd interface.Darren Tucker2024-07-071-1/+1
| | | | Fixes build with musl libx. bz#3707.
* Add 9.8 branch to ci-status page.Darren Tucker2024-07-041-0/+4
|
* Fix detection of setres*id on GNU/HurdSamuel Thibault2024-07-031-0/+7
| | | | | | | | Like Linux, proper _SOURCE macros need to be set to get declarations of various standard functions, notably setres*id. Now that Debian is using -Werror=implicit-function-declaration this is really required. While at it, define other _SOURCE macros like on GNU/Linux, since GNU/Hurd uses the same glibc.
* version numbersDamien Miller2024-07-013-3/+3
|
* upstream: openssh-9.8djm@openbsd.org2024-07-011-2/+2
| | | | OpenBSD-Commit-ID: 5f8b89e38a4c5f7c6d52ffa19f796d49f36fab19
* upstream: when sending ObscureKeystrokeTiming chaff packets, wedjm@openbsd.org2024-07-011-3/+4
| | | | | | | | | can't rely on channel_did_enqueue to tell that there is data to send. This flag indicates that the channels code enqueued a packet on _this_ ppoll() iteration, not that data was enqueued in _any_ ppoll() iteration in the timeslice. ok markus@ OpenBSD-Commit-ID: 009b74fd2769b36b5284a0188ade182f00564136
* upstream: use "lcd" to change directory before "lls" rather then "cd",djm@openbsd.org2024-07-011-2/+2
| | | | | | | since the directory we're trying to list is local. Spotted by Corinna Vinschen OpenBSD-Regress-ID: 821feca4a4bebe491944e624c8f7f2990b891415
* upstream: delete obsolete commentdjm@openbsd.org2024-06-281-20/+2
| | | | OpenBSD-Commit-ID: 5fb04f298ed155053f3fbfdf0c6fe7cdf84bbfa2
* upstream: retire unused APIdjm@openbsd.org2024-06-282-22/+2
| | | | OpenBSD-Commit-ID: 3e30d7b0615e2707f6bbe70f61b1c2f72f78161b
* upstream: ssl(8) no longer contains a HISTORY section;jmc@openbsd.org2024-06-281-5/+2
| | | | OpenBSD-Commit-ID: 83b7ff34433d79595e9c2a5d2a561a6660251245
* upstream: move child process waitpid() loop out of SIGCHLD handler;djm@openbsd.org2024-06-281-21/+18
| | | | | | ok deraadt OpenBSD-Commit-ID: 65815a39564e431414aed7c5ace8076f4e9ca741
* upstream: Instead of using possibly complex ssh_signal(), write allderaadt@openbsd.org2024-06-281-2/+11
| | | | | | | | | | the parts of the grace_alarm_handler() using the exact things allowed by the signal-safe rules. This is a good rule of thumb: Handlers should be written to either set a global volatile sig_atomic_t inspected from outside, and/or directly perform only safe operations listed in our sigaction(2) manual page. ok djm markus OpenBSD-Commit-ID: 14168ae8368aab76e4ed79e17a667cb46f404ecd
* upstream: save_errno wrappers inside two small signal handlers thatderaadt@openbsd.org2024-06-282-2/+6
| | | | | | | perform system calls, for systems with libc that do perform libc sigtramps. ok djm markus OpenBSD-Commit-ID: 7749b56419a7c9dcfe4c6c04811e429813346c62
* upstream: - uppercase start of sentence - correct sentence grammarjmc@openbsd.org2024-06-281-3/+3
| | | | | | ok djm OpenBSD-Commit-ID: 1ec4b0fdb633a43667f2c8fff1d600bd647dde25
* upstream: mention SshdSessionPath optiondjm@openbsd.org2024-06-281-2/+9
| | | | OpenBSD-Commit-ID: c29734d36c21003973b15c1c9965c35f36cef30c
* Rerun upstream tests on .sh file changes too.Darren Tucker2024-06-201-1/+1
|
* upstream: Work around dbclient cipher/mac query bug.dtucker@openbsd.org2024-06-201-10/+5
| | | | | | | | | Unlike earlier versions, recent Dropbear (at least v2024.85) requires a host arg when querying supported ciphers and macs via "-c/-m help". Earlier versions accept but do not require it, so always provide it. If these queries fail, skip the test with a warning. OpenBSD-Regress-ID: 98eb863a3f0363416922efb273885e6b3c7f68d4
* upstream: Remove dropbear key types not supporteddtucker@openbsd.org2024-06-201-11/+9
| | | | | | | by current OpenSSH. Allows subsequent test runs to work if OpenSSH is rebuilt w/out OpenSSL. OpenBSD-Regress-ID: e0129eb2b1d31771105903a8055216fbba20a770
* upstream: stricter check for overfull tables in penalty record pathdjm@openbsd.org2024-06-201-1/+1
| | | | OpenBSD-Commit-ID: 7df01e648a0723418c554e64a9f2b6d38db060a6
* upstream: put back reaping of preauth child process when writesdjm@openbsd.org2024-06-201-19/+24
| | | | | | | from the monitor fail. Not sure how this got lost in the avalanche of patches. OpenBSD-Commit-ID: eb7eb36371e1ac01050b32b70fb2b3e5d98e72f5
* upstream: remove one more mention of DSAnaddy@openbsd.org2024-06-201-2/+1
| | | | OpenBSD-Commit-ID: 8515f55a15f02836ba657df341415f63c60526ca
* Move -f to the place needed to restart sshd.Darren Tucker2024-06-191-1/+1
|
* Need to supply "-f" to restart sshd.Darren Tucker2024-06-191-1/+1
|
* upstream: Provide defaults for ciphers and macsdtucker@openbsd.org2024-06-191-3/+13
| | | | | | | | if querying for them fails since on some versions of Dropbear (at least v2024.85) "-m help" doesn't seem to work. Enable all supported pubkey algorithms in the server. OpenBSD-Regress-ID: 4f95556a49ee9f621789f25217c367a33d2745ca
* upstream: Use ed25519 keys for kex testsdtucker@openbsd.org2024-06-191-8/+6
| | | | | | | since that's supported by OpenSSH even when built without OpenSSL. Only test diffie-hellman kex if OpenSSH is compiled with support for it. OpenBSD-Regress-ID: a5d09ef9bbd171f9e4ec73ed0d9eeb49a8878e97
* upstream: Rework dropbear key setupdtucker@openbsd.org2024-06-191-8/+16
| | | | | | | to always generate ed25519 keys, other types only if OpenSSH has support for the corresponding key type. OpenBSD-Regress-ID: 8f91f12604cddb9f8d93aa34f3f93a3f6074395d
* Restart sshd after installing it for testing.Darren Tucker2024-06-191-1/+1
| | | | | | When installing an sshd built without OpenSSL the mismatch between the running sshd and newly installed sshd-session will cause the remainder of the test to fail.
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-19 03:35:38 +0100