upstream: Defer creation of ~/.ssh by ssh(1) until we attempt to
write to it so we don't leave an empty .ssh directory when it's not needed.
Use the same function to replace the code in ssh-keygen that does the same
thing. bz#3156, ok djm@
upstream: Expand path to ~/.ssh/rc rather than relying on it
being relative to the current directory, so that it'll still be found if the
shell startup changes its directory. Since the path is potentially longer,
make the cmd buffer that uses it dynamically sized. bz#3185, with & ok djm@
djm@openbsd.org [Mon, 22 Jun 2020 05:58:35 +0000 (05:58 +0000)]
upstream: Add support for FIDO webauthn (verification only).
webauthn is a standard for using FIDO keys in web browsers. webauthn
signatures are a slightly different format to plain FIDO signatures - this
support allows verification of these. Feedback and ok markus@
Darren Tucker [Fri, 19 Jun 2020 09:10:47 +0000 (19:10 +1000)]
Extra brackets around sizeof() in bcrypt.
Prevents following warning from clang 10:
bcrypt_pbkdf.c:94:40: error: expression does not compute the number of
elements in this array; element type is ´uint32_tÂ[...]
place parentheses around the ´sizeof(uint64_t)´ expression to
silence this warning
Darren Tucker [Fri, 5 Jun 2020 03:20:10 +0000 (13:20 +1000)]
Test fallthrough in OSSH_CHECK_CFLAG_COMPILE.
clang 10's -Wimplicit-fallthrough does not understand /* FALLTHROUGH */
comments and we don't use the __attribute__((fallthrough)) that it's
looking for. This has the effect of turning off -Wimplicit-fallthrough
where it does not currently help (particularly with -Werror). ok djm@
upstream: Pass a NULL instead of zeroed out va_list from
dollar_expand. The original intent was in case there's some platform where
va_list is not a pointer equivalent, but on i386 this chokes on the memset.
This unbreaks that build, but will require further consideration.
upstream: Allow some keywords to expand shell-style ${ENV}
environment variables on the client side. The supported keywords are
CertificateFile, ControlPath, IdentityAgent and IdentityFile, plus
LocalForward and RemoteForward when used for Unix domain socket paths. This
would for example allow forwarding of Unix domain socket paths that change at
runtime. bz#3140, ok djm@
tobias [Thu, 26 Mar 2015 21:22:50 +0000 (21:22 +0000)]
partial sync of regress/netcat.c with upstream
The code in socks.c writes multiple times in a row to a socket. If the socket becomes invalid between these calls (e.g. connection closed), write will throw SIGPIPE. With this patch, SIGPIPE is ignored so we can handle write's -1 return value (errno will be EPIPE). Ultimately, it leads to program exit, too -- but with nicer error message. :)
djm@openbsd.org [Wed, 27 May 2020 22:35:19 +0000 (22:35 +0000)]
upstream: two new tests for Include in sshd_config, checking whether
Port directives are processed correctly and handling of Include directives
that appear before Match. Both tests currently fail. bz#3122 and bz#3169 -
patch from Jakub Jelen
djm@openbsd.org [Tue, 26 May 2020 01:26:58 +0000 (01:26 +0000)]
upstream: Restrict ssh-agent from signing web challenges for FIDO
keys.
When signing messages in ssh-agent using a FIDO key that has an
application string that does not start with "ssh:", ensure that the
message being signed is one of the forms expected for the SSH protocol
(currently pubkey authentication and sshsig signatures).
This prevents ssh-agent forwarding on a host that has FIDO keys
attached granting the ability for the remote side to sign challenges
for web authentication using those keys too.
Note that the converse case of web browsers signing SSH challenges is
already precluded because no web RP can have the "ssh:" prefix in the
application string that we require.
djm@openbsd.org [Tue, 26 May 2020 01:06:52 +0000 (01:06 +0000)]
upstream: add fmt_timeframe() (from bgpd) to format a time
interval in a human- friendly format. Switch copyright for this file from BSD
to MIT to make it easier to add Henning's copyright for this function. ok
markus@
upstream: sshd listener must not block if reexecd sshd exits
in write(2) on config_s[0] if the forked child exits early before finishing
recv_rexec_state (e.g. with fatal()) because config_s[1] stays open in the
parent. this prevents the parent from accepting new connections. ok djm,
deraadt
djm@openbsd.org [Fri, 15 May 2020 03:57:33 +0000 (03:57 +0000)]
upstream: fix off-by-one error that caused sftp downloads to make
one more concurrent request that desired. This prevented using sftp(1) in
unpipelined request/response mode, which is useful when debugging. Patch from
Stephen Goetze in bz#3054
djm@openbsd.org [Wed, 13 May 2020 10:08:02 +0000 (10:08 +0000)]
upstream: Enable credProtect extension when generating a resident
key.
The FIDO 2.1 Client to Authenticator Protocol introduced a "credProtect"
feature to better protect resident keys. This option allows (amone other
possibilities) requiring a PIN prior to all operations that may retrieve
the key handle.
Damien Miller [Thu, 14 May 2020 02:22:09 +0000 (12:22 +1000)]
prefer ln to cp for temporary copy of sshd
I saw failures on the reexec fallback test on Darwin 19.4 where
fork()ed children of a process that had it's executable removed
would instantly fail. Using ln to preserve the inode avoids this.
Damien Miller [Wed, 13 May 2020 02:08:34 +0000 (12:08 +1000)]
explicitly manage .depend and .depend.bak
Bring back removal of .depend to give the file a known state before
running makedepend, but manually move aside the current .depend file
and restore it as .depend.bak afterwards so the stale .depend check
works as expected.
Damien Miller [Wed, 13 May 2020 02:01:10 +0000 (12:01 +1000)]
revert removal of .depend before makedepend
Commit 83657eac4 started removing .depend before running makedepend
to reset the contents of .depend to a known state. Unfortunately
this broke the depend-check step as now .depend.bak would only ever
be created as an empty file.
Darren Tucker [Fri, 8 May 2020 11:50:43 +0000 (21:50 +1000)]
Ensure SA_SIGNAL test only signals itself.
When the test's child signals its parent and it exits the result of
getppid changes. On Ubuntu 20.04 this results in the ppid being that
of the GDM session, causing it to exit. Analysis and testing from pedro
at ambientworks.net
djm@openbsd.org [Fri, 1 May 2020 04:00:29 +0000 (04:00 +0000)]
upstream: make mktestdata.sh generate old/new format keys that we
expect. This script was written before OpenSSH switched to new-format private
keys by default and was never updated to the change (until now) From Michael
Forney
projects / thirdparty / openssh-portable.git / log
