]>
git.ipfire.org Git - thirdparty/openssh-portable.git/log
djm@openbsd.org [Mon, 21 Jan 2019 22:18:24 +0000 (22:18 +0000)]
upstream: switch sntrup implementation source from supercop to
libpqcrypto; the latter is almost identical but doesn't rely on signed
underflow to implement an optimised integer sort; from markus@
OpenBSD-Commit-ID:
cd09bbf0e0fcef1bedca69fdf7990dc360567cf8
Damien Miller [Mon, 21 Jan 2019 13:02:23 +0000 (00:02 +1100)]
new files need includes.h
djm@openbsd.org [Mon, 21 Jan 2019 12:53:35 +0000 (12:53 +0000)]
upstream: add "-v" flags to ssh-add and ssh-pkcs11-helper to turn up
debug verbosity.
Make ssh-agent turn on ssh-pkcs11-helper's verbosity when it is run
in debug mode ("ssh-agent -d"), so we get to see errors from the
PKCS#11 code.
ok markus@
OpenBSD-Commit-ID:
0a798643c6a92a508df6bd121253ba1c8bee659d
djm@openbsd.org [Mon, 21 Jan 2019 12:50:12 +0000 (12:50 +0000)]
upstream: adapt to changes in KEX APIs and file removals
OpenBSD-Regress-ID:
54d6857e7c58999c7a6d40942ab0fed3529f43ca
djm@openbsd.org [Mon, 21 Jan 2019 12:35:20 +0000 (12:35 +0000)]
upstream: adapt to changes in KEX API and file removals
OpenBSD-Regress-ID:
92cad022d3b0d11e08f3e0055d6a14b8f994c0d7
djm@openbsd.org [Mon, 21 Jan 2019 12:29:35 +0000 (12:29 +0000)]
upstream: adapt to bignum1 API removal and bignum2 API change
OpenBSD-Regress-ID:
cea6ff270f3d560de86b355a87a2c95b55a5ca63
djm@openbsd.org [Mon, 21 Jan 2019 09:13:41 +0000 (09:13 +0000)]
upstream: remove hack to use non-system libcrypto
OpenBSD-Regress-ID:
ce72487327eee4dfae1ab0212a1f33871fe0809f
Damien Miller [Mon, 21 Jan 2019 12:14:04 +0000 (23:14 +1100)]
depend
djm@openbsd.org [Mon, 21 Jan 2019 12:08:13 +0000 (12:08 +0000)]
upstream: fix reversed arguments to kex_load_hostkey(); manifested as
errors in cert-hostkey.sh regress failures.
OpenBSD-Commit-ID:
12dab63850b844f84d5a67e86d9e21a42fba93ba
djm@openbsd.org [Mon, 21 Jan 2019 11:22:00 +0000 (11:22 +0000)]
upstream: forgot to cvs add this file in previous series of commits;
grrr
OpenBSD-Commit-ID:
bcff316c3e7da8fd15333e05d244442c3aaa66b0
djm@openbsd.org [Mon, 21 Jan 2019 10:44:21 +0000 (10:44 +0000)]
upstream: nothing shall escape this purge
OpenBSD-Commit-ID:
4795b0ff142b45448f7e15f3c2f77a947191b217
djm@openbsd.org [Mon, 21 Jan 2019 10:40:11 +0000 (10:40 +0000)]
upstream: rename kex->kem_client_pub -> kex->client_pub now that
KEM has been renamed to kexgen
from markus@ ok djm@
OpenBSD-Commit-ID:
fac6da5dc63530ad0da537db022a9a4cfbe8bed8
djm@openbsd.org [Mon, 21 Jan 2019 10:38:54 +0000 (10:38 +0000)]
upstream: merge kexkem[cs] into kexgen
from markus@ ok djm@
OpenBSD-Commit-ID:
87d886b7f1812ff9355fda1435f6ea9b71a0ac89
djm@openbsd.org [Mon, 21 Jan 2019 10:35:09 +0000 (10:35 +0000)]
upstream: pass values used in KEX hash computation as sshbuf
rather than pointer+len
suggested by me; implemented by markus@ ok me
OpenBSD-Commit-ID:
994f33c464f4a9e0f1d21909fa3e379f5a0910f0
djm@openbsd.org [Mon, 21 Jan 2019 10:33:49 +0000 (10:33 +0000)]
upstream: remove kex_derive_keys_bn wrapper; no unused since the
DH-like KEX methods have moved to KEM
from markus@ ok djm@
OpenBSD-Commit-ID:
bde9809103832f349545e4f5bb733d316db9a060
djm@openbsd.org [Mon, 21 Jan 2019 10:29:56 +0000 (10:29 +0000)]
upstream: use KEM API for vanilla ECDH
from markus@ ok djm@
OpenBSD-Commit-ID:
6fbff96339a929835536b5730585d1d6057a352c
Damien Miller [Mon, 21 Jan 2019 12:11:21 +0000 (23:11 +1100)]
fixup missing ssherr.h
djm@openbsd.org [Mon, 21 Jan 2019 10:28:01 +0000 (10:28 +0000)]
upstream: use KEM API for vanilla DH KEX
from markus@ ok djm@
OpenBSD-Commit-ID:
af56466426b08a8be275412ae2743319e3d277c9
djm@openbsd.org [Mon, 21 Jan 2019 10:24:09 +0000 (10:24 +0000)]
upstream: use KEM API for vanilla c25519 KEX
OpenBSD-Commit-ID:
38d937b85ff770886379dd66a8f32ab0c1c35c1f
djm@openbsd.org [Mon, 21 Jan 2019 10:20:12 +0000 (10:20 +0000)]
upstream: Add support for a PQC KEX/KEM:
sntrup4591761x25519-sha512@tinyssh.org using the Streamlined NTRU Prime
4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not
enabled by default.
introduce KEM API; a simplified framework for DH-ish KEX methods.
from markus@ feedback & ok djm@
OpenBSD-Commit-ID:
d687f76cffd3561dd73eb302d17a1c3bf321d1a7
djm@openbsd.org [Mon, 21 Jan 2019 10:07:22 +0000 (10:07 +0000)]
upstream: factor out kex_verify_hostkey() - again, duplicated
almost exactly across client and server for several KEX methods.
from markus@ ok djm@
OpenBSD-Commit-ID:
4e4a16d949dadde002a0aacf6d280a684e20829c
djm@openbsd.org [Mon, 21 Jan 2019 10:05:09 +0000 (10:05 +0000)]
upstream: factor out kex_load_hostkey() - this is duplicated in
both the client and server implementations for most KEX methods.
from markus@ ok djm@
OpenBSD-Commit-ID:
8232fa7c21fbfbcaf838313b0c166dc6c8762f3c
djm@openbsd.org [Mon, 21 Jan 2019 10:03:37 +0000 (10:03 +0000)]
upstream: factor out kex_dh_compute_key() - it's shared between
plain DH KEX and DH GEX in both the client and server implementations
from markus@ ok djm@
OpenBSD-Commit-ID:
12186e18791fffcd4642c82e7e0cfdd7ea37e2ec
djm@openbsd.org [Mon, 21 Jan 2019 10:00:23 +0000 (10:00 +0000)]
upstream: factor out DH keygen; it's identical between the client
and the server
from markus@ ok djm@
OpenBSD-Commit-ID:
2be57f6a0d44f1ab2c8de2b1b5d6f530c387fae9
djm@openbsd.org [Mon, 21 Jan 2019 09:55:52 +0000 (09:55 +0000)]
upstream: save the derived session id in kex_derive_keys() rather
than making each kex method implementation do it.
from markus@ ok djm@
OpenBSD-Commit-ID:
d61ade9c8d1e13f665f8663c552abff8c8a30673
djm@openbsd.org [Mon, 21 Jan 2019 09:54:11 +0000 (09:54 +0000)]
upstream: Make sshpkt_get_bignum2() allocate the bignum it is
parsing rather than make the caller do it. Saves a lot of boilerplate code.
from markus@ ok djm@
OpenBSD-Commit-ID:
576bf784f9a240f5a1401f7005364e59aed3bce9
djm@openbsd.org [Mon, 21 Jan 2019 09:52:25 +0000 (09:52 +0000)]
upstream: remove obsolete (SSH v.1) sshbuf_get/put_bignum1
functions
from markus@ ok djm@
OpenBSD-Commit-ID:
0380b1b2d9de063de3c5a097481a622e6a04943e
djm@openbsd.org [Mon, 21 Jan 2019 09:49:37 +0000 (09:49 +0000)]
upstream: fix all-zero check in kexc25519_shared_key
from markus@ ok djm@
OpenBSD-Commit-ID:
60b1d364e0d9d34d1d1ef1620cb92e36cf06712d
jmc@openbsd.org [Mon, 21 Jan 2019 07:09:10 +0000 (07:09 +0000)]
upstream: - -T was added to the first synopsis by mistake - since
"..." denotes optional, no need to surround it in []
ok djm
OpenBSD-Commit-ID:
918f6d8eed4e0d8d9ef5eadae1b8983d796f0e25
Darren Tucker [Mon, 21 Jan 2019 10:28:27 +0000 (21:28 +1100)]
Make --with-rpath take a flag instead of yes/no.
Damien Miller [Mon, 21 Jan 2019 04:05:43 +0000 (15:05 +1100)]
fix previous test
Darren Tucker [Mon, 21 Jan 2019 02:50:17 +0000 (13:50 +1100)]
Wrap ECC static globals in EC_KEY_METHOD_NEW too.
Damien Miller [Mon, 21 Jan 2019 01:53:40 +0000 (12:53 +1100)]
pass TEST_SSH_SSHPKCS11HELPER to regress tests
Damien Miller [Mon, 21 Jan 2019 01:31:29 +0000 (12:31 +1100)]
make agent-pkcs11 search harder for softhsm2.so
djm@openbsd.org [Mon, 21 Jan 2019 02:05:38 +0000 (02:05 +0000)]
upstream: always print the caller's error message in ossl_error(),
even when there are no libcrypto errors to report.
OpenBSD-Commit-ID:
09ebaa8f706e0eccedd209775baa1eee2ada806a
djm@openbsd.org [Mon, 21 Jan 2019 02:01:03 +0000 (02:01 +0000)]
upstream: get the ex_data (pkcs11_key object) back from the keys at
the index at which it was inserted, rather than assuming index 0
OpenBSD-Commit-ID:
1f3a6ce0346c8014e895e50423bef16401510aa8
djm@openbsd.org [Mon, 21 Jan 2019 01:05:00 +0000 (01:05 +0000)]
upstream: GSSAPI code got missed when converting to new packet API
OpenBSD-Commit-ID:
37e4f06ab4a0f4214430ff462ba91acba28b7851
Damien Miller [Mon, 21 Jan 2019 00:57:21 +0000 (11:57 +1100)]
Fix -Wunused when compiling PKCS#11 without ECDSA
djm@openbsd.org [Sun, 20 Jan 2019 23:26:44 +0000 (23:26 +0000)]
upstream: allow override of ssh-pkcs11-helper binary via
$TEST_SSH_SSHPKCS11HELPER from markus@
OpenBSD-Regress-ID:
7382a3d76746f5a792d106912a5819fd5e49e469
djm@openbsd.org [Sun, 20 Jan 2019 23:25:25 +0000 (23:25 +0000)]
upstream: adapt agent-pkcs11.sh test to softhsm2 and add support
for ECDSA keys
work by markus@, ok djm@
OpenBSD-Regress-ID:
1ebc2be0e88eff1b6d8be2f9c00cdc60723509fe
djm@openbsd.org [Sun, 20 Jan 2019 23:24:19 +0000 (23:24 +0000)]
upstream: add "extra:" target to run some extra tests that are not
enabled by default (currently includes agent-pkcs11.sh); from markus@
OpenBSD-Regress-ID:
9a969e1adcd117fea174d368dcb9c61eb50a2a3c
djm@openbsd.org [Mon, 21 Jan 2019 00:47:34 +0000 (00:47 +0000)]
upstream: use ECDSA_SIG_set0() instead of poking signature values into
structure directly; the latter works on LibreSSL but not on OpenSSL. From
portable.
OpenBSD-Commit-ID:
5b22a1919d9cee907d3f8a029167f70a481891c6
Damien Miller [Mon, 21 Jan 2019 00:44:19 +0000 (11:44 +1100)]
remove HAVE_DLOPEN that snuck in
Damien Miller [Mon, 21 Jan 2019 00:32:28 +0000 (11:32 +1100)]
conditionalise ECDSA PKCS#11 support
djm@openbsd.org [Sun, 20 Jan 2019 23:12:35 +0000 (23:12 +0000)]
upstream: we use singleton pkcs#11 RSA_METHOD and EC_KEY_METHOD
now, so there is no need to keep a copy of each in the pkcs11_key object.
work by markus@, ok djm@
OpenBSD-Commit-ID:
43b4856516e45c0595f17a8e95b2daee05f12faa
djm@openbsd.org [Sun, 20 Jan 2019 23:11:11 +0000 (23:11 +0000)]
upstream: KNF previous; from markus@
OpenBSD-Commit-ID:
3dfe35e25b310c3968b1e4e53a0cb1d03bda5395
djm@openbsd.org [Sun, 20 Jan 2019 23:10:33 +0000 (23:10 +0000)]
upstream: use OpenSSL's RSA reference counting hooks to
implicitly clean up pkcs11_key objects when their owning RSA object's
reference count drops to zero. Simplifies the cleanup path and makes it more
like ECDSA's
work by markus@, ok djm@
OpenBSD-Commit-ID:
74b9c98f405cd78f7148e9e4a4982336cd3df25c
djm@openbsd.org [Sun, 20 Jan 2019 23:08:24 +0000 (23:08 +0000)]
upstream: make the PKCS#11 RSA code more like the new PKCS#11
ECDSA code: use a single custom RSA_METHOD instead of a method per key
suggested by me, but markus@ did all the work.
ok djm@
OpenBSD-Commit-ID:
8aafcebe923dc742fc5537a995cee549d07e4b2e
djm@openbsd.org [Sun, 20 Jan 2019 23:05:52 +0000 (23:05 +0000)]
upstream: fix leak of ECDSA pkcs11_key objects
work by markus, ok djm@
OpenBSD-Commit-ID:
9fc0c4f1d640aaa5f19b8d70f37ea19b8ad284a1
djm@openbsd.org [Sun, 20 Jan 2019 23:03:26 +0000 (23:03 +0000)]
upstream: use EVP_PKEY_get0_EC_KEY() instead of direct access of
EC_KEY internals as that won't work on OpenSSL
work by markus@, feedback and ok djm@
OpenBSD-Commit-ID:
4a99cdb89fbd6f5155ef8c521c99dc66e2612700
djm@openbsd.org [Sun, 20 Jan 2019 23:01:59 +0000 (23:01 +0000)]
upstream: cleanup PKCS#11 ECDSA pubkey loading: the returned
object should never have a DER header
work by markus; feedback and ok djm@
OpenBSD-Commit-ID:
b617fa585eddbbf0b1245b58b7a3c4b8d613db17
djm@openbsd.org [Sun, 20 Jan 2019 23:00:12 +0000 (23:00 +0000)]
upstream: cleanup unnecessary code in ECDSA pkcs#11 signature
work by markus@, feedback and ok djm@
OpenBSD-Commit-ID:
affa5ca7d58d59fbd16169f77771dcdbd2b0306d
djm@openbsd.org [Sun, 20 Jan 2019 22:57:45 +0000 (22:57 +0000)]
upstream: cleanup pkcs#11 client code: use sshkey_new in instead
of stack- allocating a sshkey
work by markus@, ok djm@
OpenBSD-Commit-ID:
a048eb6ec8aa7fa97330af927022c0da77521f91
djm@openbsd.org [Sun, 20 Jan 2019 22:54:30 +0000 (22:54 +0000)]
upstream: allow override of the pkcs#11 helper binary via
$SSH_PKCS11_HELPER; needed for regress tests.
work by markus@, ok me
OpenBSD-Commit-ID:
f78d8185500bd7c37aeaf7bd27336db62f0f7a83
djm@openbsd.org [Sun, 20 Jan 2019 22:51:37 +0000 (22:51 +0000)]
upstream: add support for ECDSA keys in PKCS#11 tokens
Work by markus@ and Pedro Martelletto, feedback and ok me@
OpenBSD-Commit-ID:
a37d651e221341376636056512bddfc16efb4424
djm@openbsd.org [Sun, 20 Jan 2019 22:03:29 +0000 (22:03 +0000)]
upstream: add option to test whether keys in an agent are usable,
by performing a signature and a verification using each key "ssh-add -T
pubkey [...]"
work by markus@, ok djm@
OpenBSD-Commit-ID:
931b888a600b6a883f65375bd5f73a4776c6d19b
tb@openbsd.org [Sun, 20 Jan 2019 02:01:59 +0000 (02:01 +0000)]
upstream: Fix BN_is_prime_* calls in SSH, the API returns -1 on
error.
Found thanks to BoringSSL's commit
53409ee3d7595ed37da472bc73b010cd2c8a5ffd
by David Benjamin.
ok djm, dtucker
OpenBSD-Commit-ID:
1ee832be3c44b1337f76b8562ec6d203f3b072f8
dtucker@openbsd.org [Sun, 20 Jan 2019 01:12:40 +0000 (01:12 +0000)]
upstream: DH-GEX min value is now specified in RFC8270. ok djm@
OpenBSD-Commit-ID:
1229d0feb1d0ecefe05bf67a17578b263e991acc
Darren Tucker [Sun, 20 Jan 2019 22:22:36 +0000 (09:22 +1100)]
Check for cc before gcc.
Damien Miller [Sun, 20 Jan 2019 03:55:27 +0000 (14:55 +1100)]
last bits of old packet API / active_state global
Damien Miller [Sat, 19 Jan 2019 23:22:18 +0000 (10:22 +1100)]
remove PAM dependencies on old packet API
Damien Miller [Sat, 19 Jan 2019 22:58:45 +0000 (09:58 +1100)]
remove vestiges of old packet API from loginrec.c
Damien Miller [Sat, 19 Jan 2019 22:45:38 +0000 (09:45 +1100)]
depend
djm@openbsd.org [Sat, 19 Jan 2019 22:30:52 +0000 (22:30 +0000)]
upstream: fix error in refactor: use ssh_packet_disconnect() instead of
sshpkt_error(). The first one logs the error and exits (what we want) instead
of just logging and blundering on.
OpenBSD-Commit-ID:
39f51b43641dce9ce0f408ea6c0e6e077e2e91ae
djm@openbsd.org [Sat, 19 Jan 2019 21:45:31 +0000 (21:45 +0000)]
upstream: remove last traces of old packet API!
with & ok markus@
OpenBSD-Commit-ID:
9bd10437026423eb8245636ad34797a20fbafd7d
djm@openbsd.org [Sat, 19 Jan 2019 21:43:56 +0000 (21:43 +0000)]
upstream: remove last references to active_state
with & ok markus@
OpenBSD-Commit-ID:
78619a50ea7e4ca2f3b54d4658b3227277490ba2
djm@openbsd.org [Sat, 19 Jan 2019 21:43:07 +0000 (21:43 +0000)]
upstream: convert monitor.c to new packet API
with & ok markus@
OpenBSD-Commit-ID:
61ecd154bd9804461a0cf5f495a29d919e0014d5
djm@openbsd.org [Sat, 19 Jan 2019 21:42:30 +0000 (21:42 +0000)]
upstream: convert sshd.c to new packet API
with & ok markus@
OpenBSD-Commit-ID:
ea569d3eaf9b5cf1bad52779fbfa5fa0b28af891
djm@openbsd.org [Sat, 19 Jan 2019 21:41:53 +0000 (21:41 +0000)]
upstream: convert session.c to new packet API
with & ok markus@
OpenBSD-Commit-ID:
fae817207e23099ddd248960c984f7b7f26ea68e
djm@openbsd.org [Sat, 19 Jan 2019 21:41:18 +0000 (21:41 +0000)]
upstream: convert auth.c to new packet API
with & ok markus@
OpenBSD-Commit-ID:
7e10359f614ff522b52a3f05eec576257794e8e4
djm@openbsd.org [Sat, 19 Jan 2019 21:40:48 +0000 (21:40 +0000)]
upstream: convert serverloop.c to new packet API
with & ok markus@
OpenBSD-Commit-ID:
c92dd19b55457541478f95c0d6b318426d86d885
djm@openbsd.org [Sat, 19 Jan 2019 21:40:21 +0000 (21:40 +0000)]
upstream: convert the remainder of sshconnect2.c to new packet
API
with & ok markus@
OpenBSD-Commit-ID:
0986d324f2ceb5e8a12ac21c1bb10b3b4b1e0f71
djm@openbsd.org [Sat, 19 Jan 2019 21:39:12 +0000 (21:39 +0000)]
upstream: convert the remainder of clientloop.c to new packet API
with & ok markus@
OpenBSD-Commit-ID:
ce2fbbacb86a290f31da1e7bf04cddf2bdae3d1e
Damien Miller [Sat, 19 Jan 2019 22:44:53 +0000 (09:44 +1100)]
upstream: convert auth2.c to new packet API
OpenBSD-Commit-ID:
ed831bb95ad228c6791bc18b60ce7a2edef2c999
djm@openbsd.org [Sat, 19 Jan 2019 21:37:48 +0000 (21:37 +0000)]
upstream: convert servconf.c to new packet API
with & ok markus@
OpenBSD-Commit-ID:
126553aecca302c9e02fd77e333b9cb217e623b4
djm@openbsd.org [Sat, 19 Jan 2019 21:37:13 +0000 (21:37 +0000)]
upstream: convert channels.c to new packet API
with & ok markus@
OpenBSD-Commit-ID:
0b8279b56113cbd4011fc91315c0796b63dc862c
djm@openbsd.org [Sat, 19 Jan 2019 21:36:38 +0000 (21:36 +0000)]
upstream: convert sshconnect.c to new packet API
with & ok markus@
OpenBSD-Commit-ID:
222337cf6c96c347f1022d976fac74b4257c061f
djm@openbsd.org [Sat, 19 Jan 2019 21:36:06 +0000 (21:36 +0000)]
upstream: convert ssh.c to new packet API
with & ok markus@
OpenBSD-Commit-ID:
eb146878b24e85c2a09ee171afa6797c166a2e21
djm@openbsd.org [Sat, 19 Jan 2019 21:35:25 +0000 (21:35 +0000)]
upstream: convert mux.c to new packet API
with & ok markus@
OpenBSD-Commit-ID:
4e3893937bae66416e984b282d8f0f800aafd802
djm@openbsd.org [Sat, 19 Jan 2019 21:34:45 +0000 (21:34 +0000)]
upstream: convert sshconnect2.c to new packet API
with & ok markus@
OpenBSD-Commit-ID:
1cb869e0d6e03539f943235641ea070cae2ebc58
djm@openbsd.org [Sat, 19 Jan 2019 21:33:57 +0000 (21:33 +0000)]
upstream: convert clientloop.c to new packet API
with & ok markus@
OpenBSD-Commit-ID:
497b36500191f452a22abf283aa8d4a9abaee7fa
djm@openbsd.org [Sat, 19 Jan 2019 21:33:13 +0000 (21:33 +0000)]
upstream: allow sshpkt_fatal() to take a varargs format; we'll
use this to give packet-related fatal error messages more context (esp. the
remote endpoint) ok markus@
OpenBSD-Commit-ID:
de57211f9543426b515a8a10a4f481666b2b2a50
djm@openbsd.org [Sat, 19 Jan 2019 21:31:32 +0000 (21:31 +0000)]
upstream: begin landing remaining refactoring of packet parsing
API, started almost exactly six years ago.
This change stops including the old packet_* API by default and makes
each file that requires the old API include it explicitly. We will
commit file-by-file refactoring to remove the old API in consistent
steps.
with & ok markus@
OpenBSD-Commit-ID:
93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4
tb@openbsd.org [Sat, 19 Jan 2019 04:15:56 +0000 (04:15 +0000)]
upstream: Print an \r in front of the password prompt so parts of
a password that was entered too early are likely clobbered by the prompt.
Idea from doas.
from and ok djm
"i like it" deraadt
OpenBSD-Commit-ID:
5fb97c68df6d8b09ab37f77bca1d84d799c4084e
Darren Tucker [Fri, 18 Jan 2019 00:09:01 +0000 (11:09 +1100)]
Add minimal fchownat and fchmodat implementations.
Darren Tucker [Thu, 17 Jan 2019 23:11:42 +0000 (12:11 +1300)]
Add a minimal implementation of utimensat().
djm@openbsd.org [Tue, 1 Jan 2019 22:20:16 +0000 (22:20 +0000)]
upstream: regress bits for banner processing refactor (this test was
depending on ssh returning a particular error message for banner parsing
failure)
reminded by bluhm@
OpenBSD-Regress-ID:
f24fc303d40931157431df589b386abf5e1be575
djm@openbsd.org [Thu, 17 Jan 2019 04:45:09 +0000 (04:45 +0000)]
upstream: tun_fwd_ifnames variable should b
=?UTF-8?q?e=20extern;=20from=20Hanno=20B=C3=B6ck?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
OpenBSD-Commit-ID:
d53dede6e521161bf04d39d09947db6253a38271
djm@openbsd.org [Thu, 17 Jan 2019 04:20:53 +0000 (04:20 +0000)]
upstream: include time.h for time(3)/nanosleep(2); from Ian
McKellar
OpenBSD-Commit-ID:
6412ccd06a88f65b207a1089345f51fa1244ea51
djm@openbsd.org [Thu, 17 Jan 2019 01:50:24 +0000 (01:50 +0000)]
upstream: many of the global variables in this file can be made static;
patch from Markus Schmidt
OpenBSD-Commit-ID:
f3db619f67beb53257b21bac0e92b4fb7d5d5737
djm@openbsd.org [Wed, 16 Jan 2019 23:23:45 +0000 (23:23 +0000)]
upstream: Add "-h" flag to sftp chown/chgrp/chmod commands to
request they do not follow symlinks. Requires recently-committed
lsetstat@openssh.com extension on the server side.
ok markus@ dtucker@
OpenBSD-Commit-ID:
f93bb3f6f7eb2fb7ef1e59126e72714f1626d604
djm@openbsd.org [Wed, 16 Jan 2019 23:22:10 +0000 (23:22 +0000)]
upstream: add support for a "lsetstat@openssh.com" extension. This
replicates the functionality of the existing SSH2_FXP_SETSTAT operation but
does not follow symlinks. Based on a patch from Bert Haverkamp in bz#2067 but
with more attribute modifications supported.
ok markus@ dtucker@
OpenBSD-Commit-ID:
f7234f6e90db19655d55d936a115ee4ccb6aaf80
djm@openbsd.org [Fri, 4 Jan 2019 03:27:50 +0000 (03:27 +0000)]
upstream: eliminate function-static attempt counters for
passwd/kbdint authmethods by moving them to the client authctxt; Patch from
Markus Schmidt, ok markus@
OpenBSD-Commit-ID:
4df4404a5d5416eb056f68e0e2f4fa91ba3b3f7f
djm@openbsd.org [Fri, 4 Jan 2019 03:23:00 +0000 (03:23 +0000)]
upstream: fix memory leak of ciphercontext when rekeying; bz#2942
Patch from Markus Schmidt; ok markus@
OpenBSD-Commit-ID:
7877f1b82e249986f1ef98d0ae76ce987d332bdd
djm@openbsd.org [Tue, 1 Jan 2019 23:10:53 +0000 (23:10 +0000)]
upstream: static on global vars, const on handler tables that contain
function pointers; from Mike Frysinger
OpenBSD-Commit-ID:
7ef2305e50d3caa6326286db43cf2cfaf03960e0
djm@openbsd.org [Thu, 27 Dec 2018 23:02:11 +0000 (23:02 +0000)]
upstream: Request RSA-SHA2 signatures for
rsa-sha2-{256|512}-cert-v01@openssh.com cert algorithms; ok markus@
OpenBSD-Commit-ID:
afc6f7ca216ccd821656d1c911d2a3deed685033
djm@openbsd.org [Thu, 27 Dec 2018 03:37:49 +0000 (03:37 +0000)]
upstream: ssh_packet_set_state() now frees ssh->kex implicitly, so
don't do explicit kex_free() beforehand
OpenBSD-Regress-ID:
f2f73bad47f62a2040ccba0a72cadcb12eda49cf
tedu@openbsd.org [Sat, 15 Dec 2018 00:50:21 +0000 (00:50 +0000)]
upstream: remove unused and problematic sudo clean. ok espie
OpenBSD-Regress-ID:
ca90c20a15a85b661e13e98b80c10e65cd662f7b
djm@openbsd.org [Thu, 27 Dec 2018 03:25:24 +0000 (03:25 +0000)]
upstream: move client/server SSH-* banners to buffers under
ssh->kex and factor out the banner exchange. This eliminates some common code
from the client and server.
Also be more strict about handling \r characters - these should only
be accepted immediately before \n (pointed out by Jann Horn).
Inspired by a patch from Markus Schmidt.
(lots of) feedback and ok markus@
OpenBSD-Commit-ID:
1cc7885487a6754f63641d7d3279b0941890275b
dtucker@openbsd.org [Fri, 7 Dec 2018 04:36:09 +0000 (04:36 +0000)]
upstream: Fix calculation of initial bandwidth limits. Account for
written bytes before the initial timer check so that the first buffer written
is accounted. Set the threshold after which the timer is checked such that
the limit starts being computed as soon as possible, ie after the second
buffer is written. This prevents an initial burst of traffic and provides a
more accurate bandwidth limit. bz#2927, ok djm.
OpenBSD-Commit-ID:
ff3ef76e4e43040ec198c2718d5682c36b255cb6
projects / thirdparty / openssh-portable.git / log
