]>
git.ipfire.org Git - thirdparty/openssh-portable.git/log
djm@openbsd.org [Fri, 3 Apr 2020 02:40:32 +0000 (02:40 +0000)]
upstream: make failures when establishing "Tunnel" forwarding terminate
the connection when ExitOnForwardFailure is enabled; bz3116; ok dtucker
OpenBSD-Commit-ID:
ef4b4808de0a419c17579b1081da768625c1d735
dtucker@openbsd.org [Fri, 3 Apr 2020 02:27:12 +0000 (02:27 +0000)]
upstream: Make with config keywords support which
percent_expansions more consistent. - %C is moved into its own function and
added to Match Exec. - move the common (global) options into a macro. This
is ugly but it's the least-ugly way I could come up with. - move
IdentityAgent and ForwardAgent percent expansion to before the config dump
to make it regression-testable. - document all of the above
ok jmc@ for man page bits, "makes things less terrible" djm@ for the rest.
OpenBSD-Commit-ID:
4b65664bd6d8ae2a9afaf1a2438ddd1b614b1d75
djm@openbsd.org [Fri, 3 Apr 2020 02:26:56 +0000 (02:26 +0000)]
upstream: give ssh-keygen the ability to dump the contents of a
binary key revocation list: ssh-keygen -lQf /path bz#3132; ok dtucker
OpenBSD-Commit-ID:
b76afc4e3b74ab735dbde4e5f0cfa1f02356033b
djm@openbsd.org [Fri, 3 Apr 2020 02:25:21 +0000 (02:25 +0000)]
upstream: add allocating variant of the safe utf8 printer; ok
dtucker as part of a larger diff
OpenBSD-Commit-ID:
037e2965bd50eacc2ffb49889ecae41552744fa0
dtucker@openbsd.org [Mon, 16 Mar 2020 02:17:02 +0000 (02:17 +0000)]
upstream: Cast lifetime to u_long for comparison to prevent unsigned
comparison warning on 32bit arches. Spotted by deraadt, ok djm.
OpenBSD-Commit-ID:
7a75b2540bff5ab4fa00b4d595db1df13bb0515a
Darren Tucker [Sat, 14 Mar 2020 09:58:46 +0000 (20:58 +1100)]
Include fido.h when checking for fido/credman.h.
djm@openbsd.org [Fri, 13 Mar 2020 03:18:45 +0000 (03:18 +0000)]
upstream: some more speeling mistakes from
OpenBSD-Regress-ID:
02471c079805471c546b7a69d9ab1d34e9a57443
djm@openbsd.org [Fri, 13 Mar 2020 04:16:27 +0000 (04:16 +0000)]
upstream: improve error messages for some common PKCS#11 C_Login
failure cases; based on patch from Jacob Hoffman-Andrews in bz3130; ok
dtucker
OpenBSD-Commit-ID:
b8b849621b4a98e468942efd0a1c519c12ce089e
djm@openbsd.org [Fri, 13 Mar 2020 04:01:56 +0000 (04:01 +0000)]
upstream: use sshpkt_fatal() for kex_exchange_identification()
errors. This ensures that the logged errors are consistent with other
transport- layer errors and that the relevant IP addresses are logged. bz3129
ok dtucker@
OpenBSD-Commit-ID:
2c22891f0b9e1a6cd46771cedbb26ac96ec2e6ab
dtucker@openbsd.org [Fri, 13 Mar 2020 03:24:49 +0000 (03:24 +0000)]
upstream: Don't clear alarm timers in listening sshd. Previously
these timers were used for regenerating the SSH1 ephemeral host keys but
those are now gone so there's no need to clear the timers either. ok
deraadt@
OpenBSD-Commit-ID:
280d2b885e4a1ce404632e8cc38fcb17be7dafc0
djm@openbsd.org [Fri, 13 Mar 2020 03:17:07 +0000 (03:17 +0000)]
upstream: spelling errors in comments; no code change from
OpenBSD-Commit-ID:
166ea64f6d84f7bac5636dbd38968592cb5eb924
djm@openbsd.org [Fri, 13 Mar 2020 03:12:17 +0000 (03:12 +0000)]
upstream: when downloading FIDO2 resident keys from a token, don't
prompt for a PIN until the token has told us that it needs one. Avoids
double-prompting on devices that implement on-device authentication (e.g. a
touchscreen PIN pad on the Trezor Model T). ok dtucker@
OpenBSD-Commit-ID:
38b78903dd4422d7d3204095a31692fb69130817
Damien Miller [Fri, 13 Mar 2020 03:30:16 +0000 (14:30 +1100)]
sync fnmatch.c with upstream to fix another typo
Damien Miller [Fri, 13 Mar 2020 03:24:23 +0000 (14:24 +1100)]
another spelling error in comment
Damien Miller [Fri, 13 Mar 2020 03:23:07 +0000 (14:23 +1100)]
spelling mistakes
markus@openbsd.org [Fri, 6 Mar 2020 18:29:54 +0000 (18:29 +0000)]
upstream: fix relative includes in sshd_config; ok djm
OpenBSD-Commit-ID:
fa29b0da3c93cbc3a1d4c6bcd58af43c00ffeb5b
markus@openbsd.org [Fri, 6 Mar 2020 18:29:14 +0000 (18:29 +0000)]
upstream: fix use-after-free in do_download_sk; ok djm
OpenBSD-Commit-ID:
96b49623d297797d4fc069f1f09e13c8811f8863
markus@openbsd.org [Fri, 6 Mar 2020 18:28:50 +0000 (18:28 +0000)]
upstream: do not leak oprincipals; ok djm
OpenBSD-Commit-ID:
4691d9387eab36f8fda48f5d8009756ed13a7c4c
markus@openbsd.org [Fri, 6 Mar 2020 18:28:27 +0000 (18:28 +0000)]
upstream: initialize seconds for debug message; ok djm
OpenBSD-Commit-ID:
293fbefe6d00b4812a180ba02e26170e4c855b81
markus@openbsd.org [Fri, 6 Mar 2020 18:27:50 +0000 (18:27 +0000)]
upstream: correct return code; ok djm
OpenBSD-Commit-ID:
319d09e3b7f4b2bc920c67244d9ff6426b744810
markus@openbsd.org [Fri, 6 Mar 2020 18:27:15 +0000 (18:27 +0000)]
upstream: principalsp is optional, pubkey required; ok djm
OpenBSD-Commit-ID:
2cc3ea5018c28ed97edaccd7f17d2cc796f01024
markus@openbsd.org [Fri, 6 Mar 2020 18:26:21 +0000 (18:26 +0000)]
upstream: remove unused variables in ssh-pkcs11-helper; ok djm
OpenBSD-Commit-ID:
13e572846d0d1b28f1251ddd2165e9cf18135ae1
markus@openbsd.org [Fri, 6 Mar 2020 18:25:48 +0000 (18:25 +0000)]
upstream: return correct error in sshsk_ed25519_sig; ok djm
OpenBSD-Commit-ID:
52bf733df220303c260fee4f165ec64b4a977625
markus@openbsd.org [Fri, 6 Mar 2020 18:25:12 +0000 (18:25 +0000)]
upstream: fix possible null-deref in check_key_not_revoked; ok
djm
OpenBSD-Commit-ID:
80855e9d7af42bb6fcc16c074ba69876bfe5e3bf
markus@openbsd.org [Fri, 6 Mar 2020 18:24:39 +0000 (18:24 +0000)]
upstream: ssh_fetch_identitylist() returns the return value from
ssh_request_reply() so we should also check against != 0 ok djm
OpenBSD-Commit-ID:
28d0028769d03e665688c61bb5fd943e18614952
markus@openbsd.org [Fri, 6 Mar 2020 18:23:17 +0000 (18:23 +0000)]
upstream: sshkey_cert_check_authority requires reason to be set;
ok djm
OpenBSD-Commit-ID:
6f7a6f19540ed5749763c2f9530c0897c94aa552
markus@openbsd.org [Fri, 6 Mar 2020 18:21:28 +0000 (18:21 +0000)]
upstream: passphrase depends on kdfname, not ciphername (possible
null-deref); ok djm
OpenBSD-Commit-ID:
0d39668edf5e790b5837df4926ee1141cec5471c
markus@openbsd.org [Fri, 6 Mar 2020 18:20:44 +0000 (18:20 +0000)]
upstream: consistently check packet_timeout_ms against 0; ok djm
OpenBSD-Commit-ID:
e8fb8cb2c96c980f075069302534eaf830929928
markus@openbsd.org [Fri, 6 Mar 2020 18:20:02 +0000 (18:20 +0000)]
upstream: initialize cname in case ai_canonname is NULL or too
long; ok djm
OpenBSD-Commit-ID:
c27984636fdb1035d1642283664193e91aab6e37
markus@openbsd.org [Fri, 6 Mar 2020 18:19:21 +0000 (18:19 +0000)]
upstream: fix uninitialized pointers for forward_cancel; ok djm
OpenBSD-Commit-ID:
612778e6d87ee865d0ba97d0a335f141cee1aa37
markus@openbsd.org [Fri, 6 Mar 2020 18:16:21 +0000 (18:16 +0000)]
upstream: exit on parse failures in input_service_request; ok djm
OpenBSD-Commit-ID:
6a7e1bfded26051d5aa893c030229b1ee6a0d5d2
markus@openbsd.org [Fri, 6 Mar 2020 18:15:38 +0000 (18:15 +0000)]
upstream: fix null-deref on calloc failure; ok djm
OpenBSD-Commit-ID:
a313519579b392076b7831ec022dfdefbec8724a
markus@openbsd.org [Fri, 6 Mar 2020 18:15:04 +0000 (18:15 +0000)]
upstream: exit if ssh_krl_revoke_key_sha256 fails; ok djm
OpenBSD-Commit-ID:
0864ad4fe8bf28ab21fd1df766e0365c11bbc0dc
markus@openbsd.org [Fri, 6 Mar 2020 18:14:13 +0000 (18:14 +0000)]
upstream: pkcs11_register_provider: return < 0 on error; ok djm
OpenBSD-Commit-ID:
cfc8321315b787e4d40da4bdb2cbabd4154b0d97
markus@openbsd.org [Fri, 6 Mar 2020 18:13:29 +0000 (18:13 +0000)]
upstream: sshsig: return correct error, fix null-deref; ok djm
OpenBSD-Commit-ID:
1d1af7cd538b8b23e621cf7ab84f11e7a923edcd
markus@openbsd.org [Fri, 6 Mar 2020 18:12:55 +0000 (18:12 +0000)]
upstream: vasnmprintf allocates str and returns -1; ok djm
OpenBSD-Commit-ID:
dae4c9e83d88471bf3b3f89e3da7a107b44df11c
markus@openbsd.org [Fri, 6 Mar 2020 18:11:10 +0000 (18:11 +0000)]
upstream: sshpkt_fatal() does not return; ok djm
OpenBSD-Commit-ID:
7dfe847e28bd78208eb227b37f29f4a2a0929929
djm@openbsd.org [Fri, 28 Feb 2020 01:07:28 +0000 (01:07 +0000)]
upstream: no-touch-required certificate option should be an
extension, not a critical option.
OpenBSD-Commit-ID:
626b22c5feb7be8a645e4b9a9bef89893b88600d
djm@openbsd.org [Fri, 28 Feb 2020 01:06:05 +0000 (01:06 +0000)]
upstream: better error message when trying to use a FIDO key
function and SecurityKeyProvider is empty
OpenBSD-Commit-ID:
e56602c2ee8c82f835d30e4dc8ee2e4a7896be24
dtucker@openbsd.org [Thu, 27 Feb 2020 02:32:37 +0000 (02:32 +0000)]
upstream: Drop leading space from line count that was confusing
ssh-keygen's screen mode.
OpenBSD-Commit-ID:
3bcae7a754db3fc5ad3cab63dd46774edb35b8ae
jsg@openbsd.org [Wed, 26 Feb 2020 13:40:09 +0000 (13:40 +0000)]
upstream: change explicit_bzero();free() to freezero()
While freezero() returns early if the pointer is NULL the tests for
NULL in callers are left to avoid warnings about passing an
uninitialised size argument across a function boundry.
ok deraadt@ djm@
OpenBSD-Commit-ID:
2660fa334fcc7cd05ec74dd99cb036f9ade6384a
dtucker@openbsd.org [Wed, 26 Feb 2020 11:46:51 +0000 (11:46 +0000)]
upstream: Have sftp reject "-1" in the same way as ssh(1) and
scp(1) do instead of accepting and silently ignoring it since protocol 1
support has been removed. Spotted by shivakumar2696 at gmail.com, ok
deraadt@
OpenBSD-Commit-ID:
b79f95559a1c993214f4ec9ae3c34caa87e9d5de
dtucker@openbsd.org [Wed, 26 Feb 2020 01:31:47 +0000 (01:31 +0000)]
upstream: Remove obsolete XXX comment. ok deraadt@
OpenBSD-Commit-ID:
bc462cc843947feea26a2e21c750b3a7469ff01b
dtucker@openbsd.org [Mon, 24 Feb 2020 04:27:58 +0000 (04:27 +0000)]
upstream: Fix typo. Patch from itoama at live.jp via github PR#173.
OpenBSD-Commit-ID:
5cdaafab38bbdea0d07e24777d00bfe6f972568a
Nico Kadel-Garcia [Sat, 12 Oct 2019 21:51:01 +0000 (17:51 -0400)]
Switch %define to %global for redhat/openssh.spec
mkontani [Thu, 20 Feb 2020 15:54:49 +0000 (00:54 +0900)]
fix some typos and sentence
dtucker@openbsd.org [Fri, 21 Feb 2020 00:04:43 +0000 (00:04 +0000)]
upstream: Fix some typos and an incorrect word in docs. Patch from
itoama at live.jp via github PR#172.
OpenBSD-Commit-ID:
166ee8f93a7201fef431b9001725ab8b269d5874
dtucker@openbsd.org [Thu, 20 Feb 2020 05:58:08 +0000 (05:58 +0000)]
upstream: Update moduli generation script to new ssh-keygen
generation and screening command line flags.
OpenBSD-Commit-ID:
5010ff08f7ad92082e87dde098b20f5c24921a8f
dtucker@openbsd.org [Thu, 20 Feb 2020 05:41:51 +0000 (05:41 +0000)]
upstream: Import regenerated moduli.
OpenBSD-Commit-ID:
7b7b619c1452a459310b0cf4391c5757c6bdbc0f
Darren Tucker [Thu, 20 Feb 2020 05:42:50 +0000 (16:42 +1100)]
Import regenerated moduli.
HARUYAMA Seigo [Fri, 14 Feb 2020 07:14:23 +0000 (16:14 +0900)]
Fix typos in INSTALL: s/avilable/available/ s/suppports/supports/
dtucker@openbsd.org [Tue, 18 Feb 2020 08:58:33 +0000 (08:58 +0000)]
upstream: Ensure that the key lifetime provided fits within the
values allowed by the wire format (u32). Prevents integer wraparound of the
timeout values. bz#3119, ok markus@ djm@
OpenBSD-Commit-ID:
8afe6038b5cdfcf63360788f012a7ad81acc46a2
dtucker@openbsd.org [Tue, 18 Feb 2020 08:49:49 +0000 (08:49 +0000)]
upstream: Detect and prevent simple configuration loops when using
ProxyJump. bz#3057, ok djm@
OpenBSD-Commit-ID:
077d21c564c886c98309d871ed6f8ef267b9f037
naddy@openbsd.org [Sun, 16 Feb 2020 21:15:43 +0000 (21:15 +0000)]
upstream: document -F none; with jmc@
OpenBSD-Commit-ID:
0eb93b75473d2267aae9200e02588e57778c84f2
Darren Tucker [Mon, 17 Feb 2020 11:55:51 +0000 (22:55 +1100)]
Remove unused variable warning.
Darren Tucker [Mon, 17 Feb 2020 11:53:24 +0000 (22:53 +1100)]
Constify aix_krb5_get_principal_name.
Darren Tucker [Mon, 17 Feb 2020 11:51:36 +0000 (22:51 +1100)]
Check if TILDE is already defined and undef.
Darren Tucker [Mon, 17 Feb 2020 11:51:00 +0000 (22:51 +1100)]
Prevent unused variable warning.
Darren Tucker [Mon, 17 Feb 2020 11:48:50 +0000 (22:48 +1100)]
Check if getpeereid is actually declared.
djm@openbsd.org [Fri, 14 Feb 2020 00:39:20 +0000 (00:39 +0000)]
upstream: openssh-8.2
OpenBSD-Commit-ID:
0a1340ff65fad0d84b997ac58dd1b393dec7c19b
Damien Miller [Tue, 11 Feb 2020 22:28:35 +0000 (09:28 +1100)]
crank version numbers
Darren Tucker [Tue, 11 Feb 2020 01:51:24 +0000 (12:51 +1100)]
Minor documentation update:
Darren Tucker [Sun, 9 Feb 2020 00:23:35 +0000 (11:23 +1100)]
Check if UINT32_MAX is defined before redefining.
Damien Miller [Fri, 7 Feb 2020 04:07:27 +0000 (15:07 +1100)]
typo; reported by Phil Pennock
djm@openbsd.org [Fri, 7 Feb 2020 03:57:31 +0000 (03:57 +0000)]
upstream: sync the description of the $SSH_SK_PROVIDER environment
variable with that of the SecurityKeyProvider ssh/sshd_config(5) directive,
as the latter was more descriptive.
OpenBSD-Commit-ID:
0488f09530524a7e53afca6b6e1780598022552f
dtucker@openbsd.org [Fri, 7 Feb 2020 03:54:44 +0000 (03:54 +0000)]
upstream: Add ssh -Q key-sig for all key and signature types.
Teach ssh -Q to accept ssh_config(5) and sshd_config(5) algorithm keywords as
an alias for the corresponding query. Man page help jmc@, ok djm@.
OpenBSD-Commit-ID:
1e110aee3db2fc4bc5bee2d893b7128fd622e0f8
djm@openbsd.org [Fri, 7 Feb 2020 03:27:54 +0000 (03:27 +0000)]
upstream: fix two PIN entry bugs on FIDO keygen: 1) it would allow more
than the intended number of prompts (3) and 2) it would SEGV too many
incorrect PINs were entered; based on patch by Gabriel Kihlman
OpenBSD-Commit-ID:
9c0011f28ba8bd8adf2014424b64960333da1718
djm@openbsd.org [Thu, 6 Feb 2020 22:48:23 +0000 (22:48 +0000)]
upstream: When using HostkeyAlgorithms to merely append or remove
algorithms from the default set (i.e. HostkeyAlgorithms=+/-...), retain the
default behaviour of preferring those algorithms that have existing keys in
known_hosts; ok markus
OpenBSD-Commit-ID:
040e7fcc38ea00146b5d224ce31ce7a1795ee6ed
djm@openbsd.org [Thu, 6 Feb 2020 22:46:31 +0000 (22:46 +0000)]
upstream: expand HostkeyAlgorithms prior to config dump, matching
other algorithm lists; ok markus@
OpenBSD-Commit-ID:
a66f0fca8cc5ce30405a2867bc115fff600671d0
naddy@openbsd.org [Thu, 6 Feb 2020 22:34:58 +0000 (22:34 +0000)]
upstream: Add Include to the list of permitted keywords after a
Match keyword. ok markus@
OpenBSD-Commit-ID:
342e940538b13dd41e0fa167dc9ab192b9f6e2eb
naddy@openbsd.org [Thu, 6 Feb 2020 22:30:54 +0000 (22:30 +0000)]
upstream: Replace "security key" with "authenticator" in program
messages.
This replaces "security key" in error/usage/verbose messages and
distinguishes between "authenticator" and "authenticator-hosted key".
ok djm@
OpenBSD-Commit-ID:
7c63800e9c340c59440a054cde9790a78f18592e
Darren Tucker [Thu, 6 Feb 2020 00:28:14 +0000 (11:28 +1100)]
Don't look for UINT32_MAX in inttypes.h
Damien Miller [Thu, 6 Feb 2020 01:02:22 +0000 (12:02 +1100)]
depend
Michael Forney [Thu, 28 Nov 2019 03:17:26 +0000 (19:17 -0800)]
Fix sha2 MAKE_CLONE no-op definition
djm@openbsd.org [Tue, 4 Feb 2020 09:58:04 +0000 (09:58 +0000)]
upstream: require FIDO application strings to start with "ssh:"; ok
markus@
OpenBSD-Commit-ID:
94e9c1c066d42b76f035a3d58250a32b14000afb
djm@openbsd.org [Mon, 3 Feb 2020 23:47:57 +0000 (23:47 +0000)]
upstream: revert enabling UpdateHostKeys by default - there are still
corner cases we need to address; ok markus
OpenBSD-Commit-ID:
ff7ad941bfdc49fb1d8baa95fd0717a61adcad57
jmc@openbsd.org [Mon, 3 Feb 2020 08:15:37 +0000 (08:15 +0000)]
upstream: use better markup for challenge and write-attestation, and
rejig the challenge text a little;
ok djm
OpenBSD-Commit-ID:
9f351e6da9edfdc907d5c3fdaf2e9ff3ab0a7a6f
Damien Miller [Mon, 3 Feb 2020 10:22:15 +0000 (21:22 +1100)]
mention libfido2 in dependencies section
Damien Miller [Mon, 3 Feb 2020 08:40:12 +0000 (19:40 +1100)]
add clock_gettime64(2) to sandbox allowed syscalls
dtucker@openbsd.org [Sun, 2 Feb 2020 09:45:34 +0000 (09:45 +0000)]
upstream: Output (none) in debug in the case in the CheckHostIP=no case
as suggested by markus@
OpenBSD-Commit-ID:
4ab9117ee5261cbbd1868717fcc3142eea6385cf
dtucker@openbsd.org [Sun, 2 Feb 2020 09:22:22 +0000 (09:22 +0000)]
upstream: Prevent possible null pointer deref of ip_str in debug.
OpenBSD-Commit-ID:
37b252e2e6f690efed6682437ef75734dbc8addf
jmc@openbsd.org [Sun, 2 Feb 2020 07:36:50 +0000 (07:36 +0000)]
upstream: shuffle the challenge keyword to keep the -O list sorted;
OpenBSD-Commit-ID:
08efad608b790949a9a048d65578fae9ed5845fe
jmc@openbsd.org [Sat, 1 Feb 2020 06:53:12 +0000 (06:53 +0000)]
upstream: tweak previous;
OpenBSD-Commit-ID:
0c42851cdc88583402b4ab2b110a6348563626d3
Darren Tucker [Sat, 1 Feb 2020 06:25:09 +0000 (17:25 +1100)]
Use sys-queue.h from compat library.
djm@openbsd.org [Fri, 31 Jan 2020 23:25:08 +0000 (23:25 +0000)]
upstream: regress test for sshd_config Include directive; from Jakub
Jelen
OpenBSD-Regress-ID:
0d9224de3297c7a5f51ba68d6e3725a2a9345fa4
djm@openbsd.org [Fri, 31 Jan 2020 23:13:04 +0000 (23:13 +0000)]
upstream: whitespace
OpenBSD-Commit-ID:
564cf7a5407ecf5da2d94ec15474e07427986772
djm@openbsd.org [Fri, 31 Jan 2020 23:11:25 +0000 (23:11 +0000)]
upstream: force early logging to stderr if debug_flag (-d) is set;
avoids missing messages from re-exec config passing
OpenBSD-Commit-ID:
02484b8241c1f49010e7a543a7098e6910a8c9ff
djm@openbsd.org [Fri, 31 Jan 2020 23:08:08 +0000 (23:08 +0000)]
upstream: mistake in previous: filling the incorrect buffer
OpenBSD-Commit-ID:
862ee84bd4b97b529f64aec5d800c3dcde952e3a
djm@openbsd.org [Fri, 31 Jan 2020 22:42:45 +0000 (22:42 +0000)]
upstream: Add a sshd_config "Include" directive to allow inclusion
of files. This has sensible semantics wrt Match blocks and accepts glob(3)
patterns to specify the included files. Based on patch by Jakub Jelen in
bz2468; feedback and ok markus@
OpenBSD-Commit-ID:
36ed0e845b872e33f03355b936a4fff02d5794ff
jmc@openbsd.org [Fri, 31 Jan 2020 22:25:59 +0000 (22:25 +0000)]
upstream: spelling fix;
OpenBSD-Commit-ID:
3c079523c4b161725a4b15dd06348186da912402
djm@openbsd.org [Thu, 30 Jan 2020 22:25:34 +0000 (22:25 +0000)]
upstream: document changed default for UpdateHostKeys
OpenBSD-Commit-ID:
25c390b21d142f78ac0106241d13441c4265fd2c
djm@openbsd.org [Thu, 30 Jan 2020 22:19:32 +0000 (22:19 +0000)]
upstream: enable UpdateKnownHosts=yes if the configuration
specifies only the default known_hosts files, otherwise select
UpdateKnownHosts=ask; ok markus@
OpenBSD-Commit-ID:
ab401a5ec4a33d2e1a9449eae6202e4b6d427df7
Darren Tucker [Thu, 30 Jan 2020 07:54:42 +0000 (18:54 +1100)]
Look in inttypes.h for UINT32_MAX.
djm@openbsd.org [Thu, 30 Jan 2020 07:21:38 +0000 (07:21 +0000)]
upstream: use sshpkt_fatal() instead of plain fatal() for
ssh_packet_write_poll() failures here too as the former yields better error
messages; ok dtucker@
OpenBSD-Commit-ID:
1f7a6ca95bc2b716c2e948fc1370753be772d8e3
djm@openbsd.org [Thu, 30 Jan 2020 07:20:57 +0000 (07:20 +0000)]
upstream: check the return value of ssh_packet_write_poll() and
call sshpkt_fatal() if it fails; avoid potential busy-loop under some
circumstances. Based on patch by Mike Frysinger; ok dtucker@
OpenBSD-Commit-ID:
c79fe5cf4f0cd8074cb6db257c1394d5139408ec
djm@openbsd.org [Thu, 30 Jan 2020 07:20:05 +0000 (07:20 +0000)]
upstream: have sshpkt_fatal() save/restore errno before we
potentially call strerror() (via ssh_err()); ok dtucker
OpenBSD-Commit-ID:
5590df31d21405498c848245b85c24acb84ad787
djm@openbsd.org [Wed, 29 Jan 2020 08:17:49 +0000 (08:17 +0000)]
upstream: markus suggests a simplification to previous
OpenBSD-Commit-ID:
10bbfb6607ebbb9a018dcd163f0964941adf58de
djm@openbsd.org [Wed, 29 Jan 2020 07:51:30 +0000 (07:51 +0000)]
upstream: give more context to UpdateHostKeys messages, mentioning
that the changes are validated by the existing trusted host key. Prompted by
espie@ feedback and ok markus@
OpenBSD-Commit-ID:
b3d95f4a45f2692f4143b9e77bb241184dbb8dc5
djm@openbsd.org [Tue, 28 Jan 2020 08:01:34 +0000 (08:01 +0000)]
upstream: changes to support FIDO attestation
Allow writing to disk the attestation certificate that is generated by
the FIDO token at key enrollment time. These certificates may be used
by an out-of-band workflow to prove that a particular key is held in
trustworthy hardware.
Allow passing in a challenge that will be sent to the card during
key enrollment. These are needed to build an attestation workflow
that resists replay attacks.
ok markus@
OpenBSD-Commit-ID:
457dc3c3d689ba39eed328f0817ed9b91a5f78f6
djm@openbsd.org [Tue, 28 Jan 2020 07:24:15 +0000 (07:24 +0000)]
upstream: disable UpdateHostKeys=ask when in quiet mode; "work for
me" matthieu@
OpenBSD-Commit-ID:
60d7b5eb91accf935ed9852650a826d86db2ddc7
projects / thirdparty / openssh-portable.git / log
