Skip to content
Permalink
jjelen-pkcs11
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Commits on Aug 17, 2020

  1. PKCS#11 URI from Fedora

     * Print PKCS#11 URIs from ssh-keygen
     * Accept PKCS#11 URIs in -i argument to ssh
     * Allow PKCS#11 URI specification in ssh_config
     * Fallback to p11-kit-proxy
     * PKCS#11 URI support for ssh-add and ssh-agent
      * internal representation is URI
     * Allow to specify pin-value in URI to avoid interactive prompts
    
    Currently recognized and used parts of PKCS#11 URI:
     * path (optional)
      * token
      * id
      * manufacturer
      * (library-manufacturer)
     * query (optional)
      * module-path
      * pin-value
    
    Unit test for PKCS#11 URIs
    
     * test PKCS#11 URI parser, generator
     * test percent_encodeer and decoder
    
    Regression tests for PKCS#11 URI support
    
     * soft-pkcs11.so  from people.su.se/~lha/soft-pkcs11
      * Return correct CKR for unknown attributes
      * Adjust and build it with regress tests (allowing agent-pkcs11 test)
     * Test PKCS#11 URIs support with soft-pkcs11
      * Direct usage from commandline (URI, provider and combination)
      * Usage from configuration files
      * Usage in ssh-agent (add, sign, remove)
      * Make sure it is built with correct paths
    Jakuje committed Aug 17, 2020

Commits on Aug 10, 2020

  1. sync memmem.c with OpenBSD

    djmdjm committed Aug 10, 2020

Commits on Aug 7, 2020

  1. Always send any PAM account messages.

    If the PAM account stack reaturns any messages, send them to the user
    not just if the check succeeds.  bz#2049, ok djm@
    daztucker committed Aug 7, 2020

Commits on Aug 5, 2020

  1. Add CI with prepare script

    * Only use heimdal kerberos implementation
    * Fetch yubico/libfido2 (see: https://github.com/Yubico/libfido2)
    * Add one target for
        * all features
        * each feature alone
        * no features
    dns2utf8 committed Aug 5, 2020

Commits on Aug 4, 2020

  1. support NetBSD's utmpx.ut_ss address field

    bz#960, ok dtucker
    djmdjm committed Aug 4, 2020
  2. wrap a declaration in the same ifdefs as its use

    avoids warnings on NetBSD
    djmdjm committed Aug 4, 2020
  3. undef TAILQ_CONCAT and friends

    Needed for NetBSD. etc that supply these macros
    djmdjm committed Aug 4, 2020

Commits on Aug 3, 2020

  1. upstream: ensure that certificate extensions are lexically sorted.

    Previously if the user specified a custom extension then the everything would
    be in order except the custom ones. bz3198 ok dtucker markus
    
    OpenBSD-Commit-ID: d97deb90587b06cb227c66ffebb2d9667bf886f0
    djmdjm committed Aug 3, 2020
  2. upstream: allow -A to explicitly enable agent forwarding in scp and

    sftp. The default remains to not forward an agent, even when ssh_config
    enables it. ok jmc dtucker markus
    
    OpenBSD-Commit-ID: 36cc526aa3b0f94e4704b8d7b969dd63e8576822
    djmdjm committed Aug 3, 2020
  3. upstream: clang -Wimplicit-fallthrough does not recognise /*

    FALLTHROUGH */ comments, which is the style we currently use, and gives too
    many boring warnings. ok djm
    
    OpenBSD-Commit-ID: 07b5031e9f49f2b69ac5e85b8da4fc9e393992a0
    deraadt@openbsd.org authored and djmdjm committed Aug 3, 2020
  4. upstream: Also compare username when checking for JumpHost loops.

    bz#3057, ok djm@
    
    OpenBSD-Commit-ID: 9bbc1d138adb34c54f3c03a15a91f75dbf418782
    daztucker authored and djmdjm committed Aug 3, 2020

Commits on Jul 31, 2020

  1. Remove AC_REVISION.

    It hasn't been useful since we switched to git in 2014.  ok djm@
    daztucker committed Jul 31, 2020

Commits on Jul 28, 2020

  1. Use argv in OSSH_CHECK_CFLAG_COMPILE test.

    configure.ac is not detecting -Wextra in compilers that implement the
    option. The problem is that -Wextra implies -Wunused-parameter, and the
    C excerpt used by aclocal.m4 does not use argv.  Patch from pedro at
    ambientworks.net, ok djm@
    daztucker committed Jul 28, 2020

Commits on Jul 20, 2020

  1. Add ssh-sk-helper and manpage to RPM spec file

    Based on patch from Fabio Pedretti
    djmdjm committed Jul 20, 2020

Commits on Jul 17, 2020

  1. upstream: Add %k to the TOKENs for Match Exec for consistency with

    the other keywords that recently got %k.
    
    OpenBSD-Commit-ID: 1857d1c40f270cbc254fca91e66110641dddcfdb
    daztucker committed Jul 17, 2020
  2. upstream: fix macro slip in previous;

    OpenBSD-Commit-ID: 624e47ab209450ad9ad5c69f54fa69244de5ed9a
    jmc@openbsd.org authored and daztucker committed Jul 17, 2020
  3. upstream: Add test for '%k' (HostKeyAlias) TOKEN.

    OpenBSD-Regress-ID: 8ed1ba1a811790031aad3fcea860a34ad7910456
    daztucker committed Jul 17, 2020
  4. upstream: Add tests for expansions on UserKnownHostsFile.

    OpenBSD-Regress-ID: bccf8060306c841bbcceb1392644f906a4d6ca51
    daztucker authored and djmdjm committed Jul 17, 2020
  5. upstream: log error message for process_write() write failures

    OpenBSD-Commit-ID: f733d7b3b05e3c68967dc18dfe39b9e8fad29851
    djmdjm committed Jul 17, 2020
  6. upstream: Add a '%k' TOKEN that expands to the effective HostKey of

    the destination.  This allows, eg, keeping host keys in individual files
    using "UserKnownHostsFile ~/.ssh/known_hosts.d/%k". bz#1654, ok djm@, jmc@
    (man page bits)
    
    OpenBSD-Commit-ID: 7084d723c9cc987a5c47194219efd099af5beadc
    daztucker authored and djmdjm committed Jul 17, 2020
  7. upstream: Add %-TOKEN, environment variable and tilde expansion to

    UserKnownHostsFile, allowing the file to be automagically split up in the
    configuration (eg bz#1654).  ok djm@, man page parts jmc@
    
    OpenBSD-Commit-ID: 7e1b406caf147638bb51558836a72d6cc0bd1b18
    daztucker authored and djmdjm committed Jul 17, 2020
  8. upstream: - Add [-a rounds] in ssh-keygen man page and usage() -

    Reorder parameters list in the first usage() case - Sentence rewording
    
    ok dtucker@
    jmc@ noticed usage() missed -a flag too
    
    OpenBSD-Commit-ID: f06b9afe91cc96f260b929a56e9930caecbde246
    rapenne-s authored and djmdjm committed Jul 17, 2020
  9. upstream: start sentence with capital letter;

    OpenBSD-Commit-ID: ab06581d51b2b4cc1b4aab781f7f3cfa56cad973
    jmc@openbsd.org authored and djmdjm committed Jul 17, 2020
  10. detect Linux/X32 systems

    This is a frankenstein monster of AMD64 instructions/calling conventions
    but with a 4GB address space. Allegedly deprecated but people still run
    into it causing weird sandbox failures, e.g. bz#3085
    djmdjm committed Jul 17, 2020

Commits on Jul 15, 2020

  1. upstream: Fix previous by calling the correct function.

    OpenBSD-Regress-ID: 821cdd1dff9c502cceff4518b6afcb81767cad5a
    daztucker committed Jul 15, 2020
  2. upstream: Update test to match recent change in match.c

    OpenBSD-Regress-ID: 965bda1f95f09a765050707340c73ad755f41167
    daztucker committed Jul 15, 2020
  3. upstream: Add default for number of rounds (-a). ok djm@

    OpenBSD-Commit-ID: cb7e9aa04ace01a98e63e4bd77f34a42ab169b15
    daztucker committed Jul 15, 2020
Older