summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* upstream: include a little more information about the status anddjm@openbsd.org2018-10-044-29/+64
| | | | | | | disposition of channel's extended (stderr) fd; makes debugging some things a bit easier. No behaviour change. OpenBSD-Commit-ID: 483eb6467dc7d5dbca8eb109c453e7a43075f7ce
* upstream: explicit_bzero here to be consistent with other kex*.c;djm@openbsd.org2018-10-041-1/+2
| | | | | | report from coolbugcheckers AT gmail.com OpenBSD-Commit-ID: a90f146c5b5f5b1408700395e394f70b440856cb
* upstream: Allow ssh_config IdentityAgent directive to acceptdjm@openbsd.org2018-10-036-16/+72
| | | | | | environment variable names as well as explicit paths. ok dtucker@ OpenBSD-Commit-ID: 2f0996e103876c53d8c9dd51dcce9889d700767b
* upstream: mention INFO@openssh.com for sending SIGINFOdjm@openbsd.org2018-10-021-1/+8
| | | | OpenBSD-Commit-ID: 132471eeb0df658210afd27852fe65131b26e900
* only support SIGINFO on systems with SIGINFODamien Miller2018-10-021-0/+2
|
* upstream: Add server support for signalling sessions via the SSHdjm@openbsd.org2018-10-022-2/+77
| | | | | | | | | | | | channel/ session protocol. Signalling is only supported to sesssions that are not subsystems and were not started with a forced command. Long requested in bz#1424 Based on a patch from markus@ and reworked by dtucker@; ok markus@ dtucker@ OpenBSD-Commit-ID: 4bea826f575862eaac569c4bedd1056a268be1c3
* upstream: remove big ugly TODO comment from start of file. Some ofdjm@openbsd.org2018-09-261-14/+1
| | | | | | | the mentioned tasks are obsolete and, of the remainder, most are already captured in PROTOCOL.mux where they better belong OpenBSD-Commit-ID: 16d9d76dee42a5bb651c9d6740f7f0ef68aeb407
* upstream: Document mux proxy mode; added by Markus in openssh-7.4djm@openbsd.org2018-09-261-37/+107
| | | | | | Also add a little bit of information about the overall packet format OpenBSD-Commit-ID: bdb6f6ea8580ef96792e270cae7857786ad84a95
* upstream: s/process_mux_master/mux_master_process/ in mux masterdjm@openbsd.org2018-09-261-36/+38
| | | | | | | | | | | | | function names, Gives better symmetry with the existing mux_client_*() names and makes it more obvious when a message comes from the master vs client (they are interleved in ControlMaster=auto mode). no functional change beyond prefixing a could of log messages with __func__ where they were previously lacking. OpenBSD-Commit-ID: b01f7c3fdf92692e1713a822a89dc499333daf75
* Remove unused variable in _ssh_compat_fflush.Darren Tucker2018-09-221-4/+4
|
* Import updated moduli.Darren Tucker2018-09-221-437/+427
|
* upstream: Allow ssh_config ForwardX11Timeout=0 to disable thedjm@openbsd.org2018-09-212-16/+33
| | | | | | timeout and allow X11 connections in untrusted mode indefinitely. ok dtucker@ OpenBSD-Commit-ID: ea1ceed3f540b48e5803f933e59a03b20db10c69
* upstream: when compiled with GSSAPI support, cache supported methoddjm@openbsd.org2018-09-211-3/+2
| | | | | | | | | | | | | | | OIDs by calling ssh_gssapi_prepare_supported_oids() regardless of whether GSSAPI authentication is enabled in the main config. This avoids sandbox violations for configurations that enable GSSAPI auth later, e.g. Match user djm GSSAPIAuthentication yes bz#2107; ok dtucker@ OpenBSD-Commit-ID: a5dd42d87c74e27cfb712b15b0f97ab20e0afd1d
* upstream: In sshkey_in_file(), ignore keys that are considered fordjm@openbsd.org2018-09-211-4/+10
| | | | | | | | | | being too short (i.e. SSH_ERR_KEY_LENGTH). These keys will not be considered to be "in the file". This allows key revocation lists to contain short keys without the entire revocation list being considered invalid. bz#2897; ok dtucker OpenBSD-Commit-ID: d9f3d857d07194a42ad7e62889a74dc3f9d9924b
* upstream: Treat connections with ProxyJump specified the same as onesdjm@openbsd.org2018-09-212-7/+8
| | | | | | | | | | with a ProxyCommand set with regards to hostname canonicalisation (i.e. don't try to canonicalise the hostname unless CanonicalizeHostname is set to 'always'). Patch from Sven Wegener via bz#2896 OpenBSD-Commit-ID: 527ff501cf98bf65fb4b29ed0cb847dda10f4d37
* upstream: actually make CASignatureAlgorithms available as a configdjm@openbsd.org2018-09-211-1/+2
| | | | | | option OpenBSD-Commit-ID: 93fa7ff58314ed7b1ab7744090a6a91232e6ae52
* upstream: Import updated moduli.dtucker@openbsd.org2018-09-211-0/+1
| | | | OpenBSD-Commit-ID: 04431e8e7872f49a2129bf080a6b73c19d576d40
* upstream: reorder CASignatureAlgorithms, and add them to thejmc@openbsd.org2018-09-214-19/+22
| | | | | | various -o lists; ok djm OpenBSD-Commit-ID: ecb88baecc3c54988b4d1654446ea033da359288
* upstream: fix "ssh -Q sig" to show correct signature algorithm listdjm@openbsd.org2018-09-201-2/+2
| | | | | | (it was erroneously showing certificate algorithms); prompted by markus@ OpenBSD-Commit-ID: 1cdee002f2f0c21456979deeb887fc889afb154d
* upstream: add CASignatureAlgorithms option for the client, allowingdjm@openbsd.org2018-09-204-10/+42
| | | | | | | it to specify which signature algorithms may be used by CAs when signing certificates. Useful if you want to ban RSA/SHA1; ok markus@ OpenBSD-Commit-ID: 9159e5e9f67504829bf53ff222057307a6e3230f
* upstream: Add sshd_config CASignatureAlgorithms option to allowdjm@openbsd.org2018-09-205-9/+45
| | | | | | | | | | control over which signature algorithms a CA may use when signing certificates. In particular, this allows a sshd to ban certificates signed with RSA/SHA1. ok markus@ OpenBSD-Commit-ID: b05c86ef8b52b913ed48d54a9b9c1a7714d96bac
* upstream: Make "ssh-add -q" do what it says on the tin: silencedjm@openbsd.org2018-09-201-23/+39
| | | | | | | | output from successful operations. Based on patch from Thijs van Dijk; ok dtucker@ deraadt@ OpenBSD-Commit-ID: c4f754ecc055c10af166116ce7515104aa8522e1
* upstream: When choosing a prime from the moduli file, avoidmillert@openbsd.org2018-09-201-6/+8
| | | | | | | | | re-using the linenum variable for something that is not a line number to avoid the confusion that resulted in the bug in rev. 1.64. This also lets us pass the actual linenum to parse_prime() so the error messages include the correct line number. OK markus@ some time ago. OpenBSD-Commit-ID: 4d8e5d3e924d6e8eb70053e3defa23c151a00084
* Fix openssl-1.1 fallout for --without-openssl.Darren Tucker2018-09-151-0/+4
| | | | ok djm@
* add futex(2) syscall to seccomp sandboxDamien Miller2018-09-151-0/+3
| | | | | | Apparently needed for some glibc/openssl combinations. Patch from Arkadiusz Miƛkiewicz
* really add source for authopt_fuzz this timeDamien Miller2018-09-151-0/+33
|
* remove accidentally checked-in authopt_fuzz binaryDamien Miller2018-09-151-0/+0
|
* upstream: second try, deals properly with missing and private-onlydjm@openbsd.org2018-09-141-26/+53
| | | | | | | | | | | Use consistent format in debug log for keys readied, offered and received during public key authentication. This makes it a little easier to see what is going on, as each message now contains (where available) the key filename, its type and fingerprint, and whether the key is hosted in an agent or a token. OpenBSD-Commit-ID: f1c6a8e9cfc4e108c359db77f24f9a40e1e25ea7
* fuzzer harness for authorized_keys option parsingDamien Miller2018-09-142-2/+5
|
* upstream: revert following; deals badly with agent keysdjm@openbsd.org2018-09-141-47/+26
| | | | | | | | | | | | | revision 1.285 date: 2018/09/14 04:17:12; author: djm; state: Exp; lines: +47 -26; commitid: lflGFcNb2X2HebaK; Use consistent format in debug log for keys readied, offered and received during public key authentication. This makes it a little easier to see what is going on, as each message now contains the key filename, its type and fingerprint, and whether the key is hosted in an agent or a token. OpenBSD-Commit-ID: e496bd004e452d4b051f33ed9ae6a54ab918f56d
* upstream: garbage-collect moribund ssh_new_private() API.djm@openbsd.org2018-09-143-22/+10
| | | | OpenBSD-Commit-ID: 7c05bf13b094093dfa01848a9306c82eb6e95f6c
* upstream: Use consistent format in debug log for keys readied,djm@openbsd.org2018-09-141-26/+47
| | | | | | | | | | offered and received during public key authentication. This makes it a little easier to see what is going on, as each message now contains the key filename, its type and fingerprint, and whether the key is hosted in an agent or a token. OpenBSD-Commit-ID: 2a01d59285a8a7e01185bb0a43316084b4f06a1f
* upstream: Fix warnings caused by user_from_uid() and group_from_gid()millert@openbsd.org2018-09-141-2/+2
| | | | | | now returning const char *. OpenBSD-Commit-ID: b5fe571ea77cfa7b9035062829ab05eb87d7cc6f
* allow SIGUSR1 as synonym for SIGINFODamien Miller2018-09-142-6/+5
| | | | | Lets users on those unfortunate operating systems that lack SIGINFO still be able to obtain progress information from unit tests :)
* add compat headerDamien Miller2018-09-131-0/+2
|
* upstream: missed a bit of openssl-1.0.x API in this unittestdjm@openbsd.org2018-09-134-65/+96
| | | | OpenBSD-Regress-ID: a73a54d7f7381856a3f3a2d25947bee7a9a5dbc9
* upstream: use only openssl-1.1.x API here toodjm@openbsd.org2018-09-131-38/+67
| | | | OpenBSD-Regress-ID: ae877064597c349954b1b443769723563cecbc8f
* adapt -portable to OpenSSL 1.1x APIDamien Miller2018-09-1320-41/+916
| | | | Polyfill missing API with replacement functions extracted from LibreSSL
* forgot to stage these test files in commit d70d061Damien Miller2018-09-132-2/+32
|
* upstream: hold our collective noses and use the openssl-1.1.x API indjm@openbsd.org2018-09-1320-438/+619
| | | | | | OpenSSH; feedback and ok tb@ jsing@ markus@ OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417
* upstream: Include certs with multiple RSA signature variants indjm@openbsd.org2018-09-126-0/+34
| | | | | | test data Ensure that cert->signature_key is populated correctly OpenBSD-Regress-ID: 56e68f70fe46cb3a193ca207385bdb301fd6603a
* upstream: test revocation by explicit hash and by fingerprintdjm@openbsd.org2018-09-121-15/+34
| | | | OpenBSD-Regress-ID: 079c18a9ab9663f4af419327c759fc1e2bc78fd8
* upstream: s/sshkey_demote/sshkey_from_private/gdjm@openbsd.org2018-09-121-5/+5
| | | | OpenBSD-Regress-ID: 782bde7407d94a87aa8d1db7c23750e09d4443c4
* delete the correct thing; kexfuzz binaryDamien Miller2018-09-121-1/+1
|
* upstream: fix edit mistake; spotted by jmc@djm@openbsd.org2018-09-121-2/+2
| | | | OpenBSD-Commit-ID: dd724e1c52c9d6084f4cd260ec7e1b2b138261c6
* upstream: add SSH_ALLOWED_CA_SIGALGS - the default list ofdjm@openbsd.org2018-09-121-1/+13
| | | | | | | | | signature algorithms that are allowed for CA signatures. Notably excludes ssh-dsa. ok markus@ OpenBSD-Commit-ID: 1628e4181dc8ab71909378eafe5d06159a22deb4
* upstream: add sshkey_check_cert_sigtype() that checks adjm@openbsd.org2018-09-122-2/+24
| | | | | | cert->signature_type against a supplied whitelist; ok markus OpenBSD-Commit-ID: caadb8073292ed7a9535e5adc067d11d356d9302
* upstream: add cert->signature_type field and keep it in sync withdjm@openbsd.org2018-09-122-27/+69
| | | | | | certificate signature wrt loading and certification operations; ok markus@ OpenBSD-Commit-ID: e8b8b9f76b66707a0cd926109c4383db8f664df3
* upstream: Add "ssh -Q sig" to allow listing supported signaturedjm@openbsd.org2018-09-122-6/+19
| | | | | | algorithms ok markus@ OpenBSD-Commit-ID: 7a8c6eb6c249dc37823ba5081fce64876d10fe2b
* upstream: allow key revocation by SHA256 hash and allow ssh-keygendjm@openbsd.org2018-09-125-49/+193
| | | | | | to create KRLs using SHA256/base64 key fingerprints; ok markus@ OpenBSD-Commit-ID: a0590fd34e7f1141f2873ab3acc57442560e6a94
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-19 03:30:01 +0100