Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Commits on Mar 24, 2023

  1. Github testing support for BoringSSL

    @djmdjm
    djmdjm committed Mar 24, 2023
    021ea5c

  2. BoringSSL doesn't support EC_POINT_point2bn() 

    so don't invoke it in unittest
    @djmdjm
    djmdjm committed Mar 24, 2023
    9a97cd1

  3. another ERR_load_CRYPTO_strings() vestige

    @djmdjm
    djmdjm committed Mar 24, 2023
    cc5969c

  4. don't use obsolete ERR_load_CRYPTO_strings() 

    OpenSSL (and elsewhere in OpenSSH) uses ERR_load_crypto_strings()
    @djmdjm
    djmdjm committed Mar 24, 2023
    4974293

  5. Allow building with BoringSSL

    @djmdjm
    djmdjm committed Mar 24, 2023
    3c527d5

  6. put back SSLeay_version compat in configure test 

    Needed to detect old versions and give good "your version is bad"
messages at configure time; spotted by dtucker@
    @djmdjm
    djmdjm committed Mar 24, 2023
    b7e27cf

  7. remove support for old libcrypto 

    OpenSSH now requires LibreSSL 3.1.0 or greater or
OpenSSL 1.1.1 or greater

with/ok dtucker@
    @djmdjm
    djmdjm committed Mar 24, 2023
    7280401

Commits on Mar 19, 2023

  1. Test latest OpenSSL 1.1, 3.0 and LibreSSL 3.7.

    @daztucker
    daztucker committed Mar 19, 2023
    abda22f

Commits on Mar 16, 2023

  1. Show 9.3 branch instead of 9.2.

    @daztucker
    daztucker committed Mar 16, 2023
    610ac1c

Commits on Mar 15, 2023

  1. depend

    @djmdjm
    djmdjm committed Mar 15, 2023
    cb30fbd

  2. crank version

    @djmdjm
    djmdjm committed Mar 15, 2023
    1dba63e

  3. upstream: openssh-9.3 

    OpenBSD-Commit-ID: 8011495f2449c1029bb316bd015eab2e00509848
    @djmdjm
    djmdjm committed Mar 15, 2023
    ba7532d

Commits on Mar 14, 2023

  1. upstream: Free KRL ptr in addition to its contents. 

    From Coverity CID 291841, ok djm@

OpenBSD-Commit-ID: f146ba08b1b43af4e0d7ad8c4dae3748b4fa31b6
    @daztucker
    daztucker committed Mar 14, 2023
    6fd4daa

  2. upstream: Check pointer for NULL before deref. 

    None of the existing callers seem to do that, but it's worth checking.
From Coverity CID 291834, ok djm@

OpenBSD-Commit-ID: a0a97113f192a7cb1a2c97b932f677f573cda7a4
    @daztucker
    daztucker committed Mar 14, 2023
    1d270bd

Commits on Mar 12, 2023

  1. upstream: Limit number of entries in SSH2_MSG_EXT_INFO 

    request. This is already constrained by the maximum SSH packet size but this
makes it explicit.  Prompted by Coverity CID 291868, ok djm@ markus@

OpenBSD-Commit-ID: aea023819aa44a2dcb9dd0fbec10561896fc3a09
    @daztucker
    daztucker committed Mar 12, 2023
    d95af50

  2. upstream: calloc can return NULL but xcalloc can't. 

    From Coverity CID 291881, ok djm@

OpenBSD-Commit-ID: 50204b755f66b2ec7ac3cfe379d07d85ca161d2b
    @daztucker
    daztucker committed Mar 12, 2023
    8f287ba

  3. upstream: Explicitly ignore return from fcntl 

    (... FD_CLOEXEC) here too.  Coverity CID 291853.

OpenBSD-Commit-ID: 99d8b3da9d0be1d07ca8dd8e98800a890349e9b5
    @daztucker
    daztucker committed Mar 12, 2023
    83a56a4

Commits on Mar 10, 2023

  1. bounds checking for getrrsetbyname() replacement; 

    Spotted by Coverity in CID 405033; ok millert@
    @djmdjm
    djmdjm committed Mar 10, 2023
    0fda9d7

  2. upstream: Plug mem leak on error path. Coverity CID 405026, ok djm@. 

    OpenBSD-Commit-ID: 8212ca05d01966fb5e72205c592b2257708a2aac
    @daztucker
    daztucker committed Mar 10, 2023
    89b8df5

  3. Add prototypes for mkstemp replacements. 

    Should prevent warnings due to our wrapper function.
    @daztucker
    daztucker committed Mar 10, 2023
    bf4dae0

  4. upstream: Expliticly ignore return code from fcntl(.. FD_CLOEXEC) since 

    there's not much we can do anyway.  From Coverity CID 291857, ok djm@

OpenBSD-Commit-ID: 051429dd07af8db3fec10d82cdc78d90bb051729
    @daztucker
    daztucker committed Mar 10, 2023
    4e04d68

  5. upstream: Like sshd_config, some ssh_config options are not 

    first-match-wins. sshd_config.5 was fixed in r1.348, this is the same for
this file

OpenBSD-Commit-ID: 7be55b9351cde449b136afcc52d07aa4113b215e
    @djmdjm @daztucker
    djmdjm authored and daztucker committed Mar 10, 2023
    d6d38fd

  6. upstream: Remove no-op (int) > INT_MAX checks 

    since they can never be true. From Coverity CID 405031, ok djm@

OpenBSD-Commit-ID: 9df3783b181e056595e2bb9edf7ed41d61cf8e84
    @daztucker
    daztucker committed Mar 10, 2023
    7187d3f

  7. Wrap mkstemp calls with umask set/restore. 

    glibc versions 2.06 and earlier did not set a umask on files created by
mkstemp created the world-writable.  Wrap mkstemp to set and restore
the umask.  From Coverity (CIDs 291826 291886 291891), ok djm@
    @daztucker
    daztucker committed Mar 10, 2023
    77adde4

Commits on Mar 9, 2023

  1. upstream: modify parentheses in conditionals to make it clearer what is 

    being assigned and what is being checked

ok djm dtucker

OpenBSD-Commit-ID: 19c10baa46ae559474409f75a5cb3d0eade7a9b8
    @jcs @djmdjm
    jcs authored and djmdjm committed Mar 9, 2023
    633d3dc

  2. upstream: Re-split the merge of the reorder-hostkeys test. 

    In the kex_proposal_populate_entries change I merged the the check for
reordering hostkeys with the actual reordering, but kex_assemble_names
mutates options.hostkeyalgorithms which renders the check ineffective.
Put the check back where it was.  Spotted and tested by jsg@, ok djm@

OpenBSD-Commit-ID: a7469f25a738db5567395d1881e32479a7ffc9de
    @daztucker
    daztucker committed Mar 9, 2023
    7330308

  3. upstream: include destination constraints for smartcard keys too. 

    Spotted by Luci Stanescu; ok deraadt@ markus@

OpenBSD-Commit-ID: add879fac6903a1cb1d1e42c4309e5359c3d870f
    @djmdjm @daztucker
    djmdjm authored and daztucker committed Mar 9, 2023
    54ac4ab

  4. Limit the number of PAM environment variables. 

    xcalloc has its own limits, but these are specific to PAM.  From
Coverity CID 405198, ok djm@
    @daztucker
    daztucker committed Mar 9, 2023
    bfd1ad0

  5. Limit the number of PAM environment variables. 

    From Coverity CID 405194, tweaks and ok djm@
    @daztucker
    daztucker committed Mar 9, 2023
    a231414

Commits on Mar 8, 2023

  1. upstream: Plug mem leak. Coverity CID 405196, ok djm@ 

    OpenBSD-Commit-ID: 175f09349387c292f626da68f65f334faaa085f2
    @daztucker
    daztucker committed Mar 8, 2023
    36c6c3e

  2. upstream: ssh-pkcs11: synchronize error messages with errors 

    A handful of error messages contained incorrect function names or
otherwise inaccurate descriptions. Fix them to match reality.

input/ok djm

OpenBSD-Commit-ID: 165a15db52f75b31e1804b043480c36af09f3411
    @botovq @daztucker
    botovq authored and daztucker committed Mar 8, 2023
    dfb9b73

  3. upstream: Delete obsolete /* ARGSUSED */ lint comments. 

    ok miod@ millert@

OpenBSD-Commit-ID: 7be168a570264d59e96a7d2d22e927d45fee0e4c
    @daztucker
    guenther@openbsd.org authored and daztucker committed Mar 8, 2023
    5187589

  4. Extra brackets to prevent warning.

    @daztucker
    daztucker committed Mar 8, 2023
    a76085b

  5. upstream: use RSA/SHA256 when testing usability of private key in 

    agent; with/ok dtucker

OpenBSD-Commit-ID: fe1382e2fdf23fcae631308e72342bad56066a56
    @djmdjm
    djmdjm committed Mar 8, 2023
    147ae57

  6. upstream: use RSA/SHA256 when testing usability of private key; 

    based on fix in bz3546 by Dmitry Belyavskiy; with/ok dtucker

OpenBSD-Commit-ID: 0ef414cc363a832f9fab92a5da0234448bce2eba
    @djmdjm
    djmdjm committed Mar 8, 2023
    27fd251
Older