summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* upstream: some language improvements; ok markusdjm@openbsd.org2020-07-1515-79/+79
| | | | OpenBSD-Commit-ID: 939d787d571b4d5da50b3b721fd0b2ac236acaa8
* upstream: update setproctitle after re-exec; ok djmmarkus@openbsd.org2020-07-151-1/+2
| | | | OpenBSD-Commit-ID: bc92d122f9184ec2a9471ade754b80edd034ce8b
* upstream: keep ignoring HUP after fork+exec; ok djmmarkus@openbsd.org2020-07-151-1/+2
| | | | OpenBSD-Commit-ID: 7679985a84ee5ceb09839905bb6f3ddd568749a2
* upstream: don't exit the listener on send_rexec_state errors; okmarkus@openbsd.org2020-07-151-2/+2
| | | | | | djm OpenBSD-Commit-ID: 57cbd757d130d3f45b7d41310b3a15eeec137d5c
* upstream: Use $OBJ to find key files. Fixes test when run on an objdtucker@openbsd.org2020-07-151-5/+5
| | | | | | directory (on OpenBSD) or out of tree (in Portable). OpenBSD-Regress-ID: 938fa8ac86adaa527d64a305bd2135cfbb1c0a17
* Wrap stdint.h in ifdef HAVE_STDINT_H.Darren Tucker2020-07-041-0/+2
|
* upstream: put back the mux_ctx memleak fix, but only for channels ofdjm@openbsd.org2020-07-031-1/+5
| | | | | | | type SSH_CHANNEL_MUX_LISTENER; Specifically SSH_CHANNEL_MUX_PROXY channels should not have this structure freed. OpenBSD-Commit-ID: f3b213ae60405f77439e2b06262f054760c9d325
* upstream: revert r1.399 - the lifetime of c->mux_ctx is more complex;djm@openbsd.org2020-07-031-3/+1
| | | | | | simply freeing it here causes other problems OpenBSD-Commit-ID: c6fee8ca94e2485faa783839541962be2834c5ed
* upstream: avoid tilde_expand_filename() in expanding ~/.ssh/rc - ifdjm@openbsd.org2020-07-031-2/+2
| | | | | | | sshd is in chroot mode, the likely absence of a password database will cause tilde_expand_filename() to fatal; ok dtucker@ OpenBSD-Commit-ID: e20aee6159e8b79190d18dba1513fc1b7c8b7ee1
* upstream: when redirecting sshd's log output to a file, undo thisdjm@openbsd.org2020-07-032-2/+13
| | | | | | redirection after the session child process is forked(); ok dtucker@ OpenBSD-Commit-ID: 6df86dd653c91f5bc8ac1916e7680d9d24690865
* upstream: start ClientAliveInterval bookkeeping before first passdjm@openbsd.org2020-07-031-1/+3
| | | | | | | through select() loop; fixed theoretical case where busy sshd may ignore timeouts from client; inspired by and ok dtucker OpenBSD-Commit-ID: 96bfc4b1f86c7da313882a84755b2b47eb31957f
* add check for fido_cred_set_prot() to configureDamien Miller2020-07-031-0/+3
|
* upstream: Only reset the serveralive check when we receive traffic fromdtucker@openbsd.org2020-07-031-14/+22
| | | | | | | | | the server and ignore traffic from a port forwarding client, preventing a client from keeping a connection alive when it should be terminated. Based on a patch from jxraynor at gmail.com via openssh-unix-dev and bz#2265, ok djm@ OpenBSD-Commit-ID: a941a575a5cbc244c0ef5d7abd0422bbf02c2dcd
* sync sys-queue.h with OpenBSD upstreamDamien Miller2020-07-031-147/+113
| | | | needed for TAILQ_CONCAT
* upstream: fix memory leak of mux_ctx; patch from Sergiy Lozovskydjm@openbsd.org2020-07-031-1/+3
| | | | | | via bz3189 ok dtucker OpenBSD-Commit-ID: db249bd4526fd42d0f4f43f72f7b8b7705253bde
* upstream: free kex in ssh_packet_close; ok djm semariemarkus@openbsd.org2020-07-032-5/+5
| | | | OpenBSD-Commit-ID: dbc181e90d3d32fd97b10d75e68e374270e070a2
* upstream: Replace TAILQ concatenation loops with TAILQ_CONCATbket@openbsd.org2020-07-031-9/+3
| | | | | | OK djm@ OpenBSD-Commit-ID: 454b40e09a117ddb833794358970a65b14c431ef
* upstream: backout 1.293 fix kex mem-leak in ssh_packet_close at markussemarie@openbsd.org2020-06-271-3/+1
| | | | | | | | | request the change introduced a NULL deref in sshpkt_vfatal() (uses of ssh->kex after calling ssh_packet_clear_keys()) OpenBSD-Commit-ID: 9c9a6721411461b0b1c28dc00930d7251a798484
* document a PAM spec problem in a frustrated commentDamien Miller2020-06-261-1/+5
|
* upstream: avoid spurious error message when ssh-keygen creates filesdjm@openbsd.org2020-06-263-13/+8
| | | | | | outside ~/.ssh; with dtucker@ OpenBSD-Commit-ID: ac0c662d44607e00ec78c266ee60752beb1c7e08
* missing ifdef SELINUX; spotted by dtuckerDamien Miller2020-06-261-0/+4
|
* upstream: regress test for ssh-add -d; ok dtucker@djm@openbsd.org2020-06-261-5/+68
| | | | OpenBSD-Regress-ID: 3a2e044be616afc7dd4f56c100179e83b33d8abf
* upstream: add test for mux w/-Oproxy; ok djmmarkus@openbsd.org2020-06-261-6/+8
| | | | OpenBSD-Regress-ID: 764d5c696e2a259f1316a056e225e50023abb027
* upstream: handle EINTR in waitfd() and timeout_connect() helpers;djm@openbsd.org2020-06-261-8/+13
| | | | | | bz#3071; ok dtucker@ OpenBSD-Commit-ID: 08fa87be50070bd8b754d9b1ebb1138d7bc9d8ee
* upstream: allow "ssh-add -d -" to read keys to be deleted fromdjm@openbsd.org2020-06-262-19/+61
| | | | | | stdin bz#3180; ok dtucker@ OpenBSD-Commit-ID: 15c7f10289511eb19fce7905c9cae8954e3857ff
* upstream: constify a few things; ok dtucker (as part of anotherdjm@openbsd.org2020-06-262-6/+6
| | | | | | diff) OpenBSD-Commit-ID: 7c17fc987085994d752304bd20b1ae267a9bcdf6
* upstream: Defer creation of ~/.ssh by ssh(1) until we attempt todtucker@openbsd.org2020-06-264-37/+44
| | | | | | | | write to it so we don't leave an empty .ssh directory when it's not needed. Use the same function to replace the code in ssh-keygen that does the same thing. bz#3156, ok djm@ OpenBSD-Commit-ID: 59c073b569be1a60f4de36f491a4339bc4ae870f
* upstream: Expand path to ~/.ssh/rc rather than relying on itdtucker@openbsd.org2020-06-261-8/+12
| | | | | | | | being relative to the current directory, so that it'll still be found if the shell startup changes its directory. Since the path is potentially longer, make the cmd buffer that uses it dynamically sized. bz#3185, with & ok djm@ OpenBSD-Commit-ID: 36e33ff01497af3dc8226d0c4c1526fc3a1e46bf
* upstream: fix kex mem-leak in ssh_packet_close; ok djmmarkus@openbsd.org2020-06-261-1/+3
| | | | OpenBSD-Commit-ID: e2e9533f393620383afd0b68ef435de8d5e8abe4
* upstream: fix ssh -O proxy w/mux which got broken by no longermarkus@openbsd.org2020-06-261-2/+5
| | | | | | making ssh->kex optional in packet.c revision 1.278 ok djm@ OpenBSD-Commit-ID: 2b65df04a064c2c6277359921d2320c90ab7d917
* upstream: support loading big sshd_config files w/o realloc; okmarkus@openbsd.org2020-06-261-1/+7
| | | | | | djm OpenBSD-Commit-ID: ba9238e810074ac907f0cf8cee1737ac04983171
* upstream: allow sshd_config longer than 256k; ok djmmarkus@openbsd.org2020-06-261-2/+2
| | | | OpenBSD-Commit-ID: 83f40dd5457a64c1d3928eb4364461b22766beb3
* upstream: only call sshkey_xmss_init() once for KEY_XMSS_CERT; okmarkus@openbsd.org2020-06-261-2/+4
| | | | | | djm OpenBSD-Commit-ID: d0002ffb7f20f538b014d1d0735facd5a81ff096
* upstream: some clarifying commentsdjm@openbsd.org2020-06-261-2/+9
| | | | OpenBSD-Commit-ID: 5268479000fd97bfa30ab819f3517139daa054a2
* upstream: updated argument name for -P in first synopsis wasjmc@openbsd.org2020-06-261-2/+2
| | | | | | missed in previous; OpenBSD-Commit-ID: 8d84dc3050469884ea91e29ee06a371713f2d0b7
* upstream: supply word missing in previous;jmc@openbsd.org2020-06-261-2/+2
| | | | OpenBSD-Commit-ID: 16a38b049f216108f66c8b699aa046063381bd23
* missing files for webauthn/sshsig unit testDamien Miller2020-06-223-0/+706
|
* upstream: add support for verification of webauthn sshsig signature,djm@openbsd.org2020-06-221-7/+12
| | | | | | | and example HTML/JS to generate webauthn signatures in SSH formats (also used to generate the testdata/* for the test). OpenBSD-Regress-ID: dc575be5bb1796fdf4b8aaee0ef52a6671a0f6fb
* upstream: Add support for FIDO webauthn (verification only).djm@openbsd.org2020-06-223-10/+144
| | | | | | | | webauthn is a standard for using FIDO keys in web browsers. webauthn signatures are a slightly different format to plain FIDO signatures - this support allows verification of these. Feedback and ok markus@ OpenBSD-Commit-ID: ab7e3a9fb5782d99d574f408614d833379e564ad
* upstream: refactor ECDSA-SK verification a little ahead of addingdjm@openbsd.org2020-06-221-21/+23
| | | | | | support for FIDO webauthn signature verification support; ok markus@ OpenBSD-Commit-ID: c9f478fd8e0c1bd17e511ce8694f010d8e32043e
* upstream: support for RFC4648 base64url encoding; ok markusdjm@openbsd.org2020-06-222-2/+47
| | | | OpenBSD-Commit-ID: 0ef22c55e772dda05c112c88412c0797fec66eb4
* upstream: better terminology for permissions; feedback & ok markus@djm@openbsd.org2020-06-221-11/+11
| | | | OpenBSD-Commit-ID: ff2a71803b5ea57b83cc3fa9b3be42b70e462fb9
* upstream: better terminology for permissions; feedback & ok markus@djm@openbsd.org2020-06-223-37/+37
| | | | OpenBSD-Commit-ID: ffb220b435610741dcb4de0e7fc68cbbdc876d2c
* upstream: Correct synopsis and usage for the options accepted whendtucker@openbsd.org2020-06-222-5/+12
| | | | | | passing a command to ssh-agent. ok jmc@ OpenBSD-Commit-ID: b36f0679cb0cac0e33b361051b3406ade82ea846
* Add OPENBSD ORIGINAL marker to bcrypt_pbkdf.Darren Tucker2020-06-191-0/+2
|
* Extra brackets around sizeof() in bcrypt.Darren Tucker2020-06-191-1/+1
| | | | | | | | Prevents following warning from clang 10: bcrypt_pbkdf.c:94:40: error: expression does not compute the number of elements in this array; element type is ´uint32_tÂ[...] place parentheses around the ´sizeof(uint64_t)´ expression to silence this warning
* Add includes.h to new test.Darren Tucker2020-06-191-0/+2
| | | | Fixes warnings eg "´bounded´ attribute directive ignor" from gcc.
* Skip OpenSSL specific tests w/out OpenSSL.Darren Tucker2020-06-192-0/+10
| | | | Allows unit tests to pass when configure'ed --without-openssl.
* Hook sshsig tests up to Portable Makefiles.Darren Tucker2020-06-193-1/+20
|
* upstream: Test that ssh-agent exits when running as as subprocessdtucker@openbsd.org2020-06-192-1/+24
| | | | | | of a specified command (ie "ssh-agent command"). Would have caught bz#3181. OpenBSD-Regress-ID: 895b4765ba5153eefaea3160a7fe08ac0b6db8b3
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-19 01:18:41 +0100