src - OpenBSD base system

Age	Commit message (Collapse)	Author
2020-06-05	unbreak "sshd -ddd" - close of config passing fd happened too early.	Damien Miller
	ok markus@
2020-06-05	make sshbuf_putb(b, NULL) a no-op	Damien Miller

2020-06-05	make sshbuf_dump() args const	Damien Miller

2020-06-05	wrap long line	Damien Miller

2020-06-05	Correct historical comment: provos@ modified OpenSSH to work with SSLeay	Darren Tucker
	(very quickly replaced by OpenSSL) not SSL in general. ok deraadt, historical context markus@
2020-06-03	Import regenerated moduli file.	Darren Tucker

2020-06-01	Remove now-unused proto_spec and associated definitions. ok djm@	Darren Tucker

2020-05-29	Fix error message on close(2) and add printf format attributes.	Todd C. Miller
	From Christos Zoulas, OK markus@
2020-05-29	Make dollar_expand variadic and pass a real va_list to vdollar_percent_expand.	Darren Tucker
	Fixes build error on arm64 spotted by otto@.
2020-05-29	Pass a NULL instead of zeroed out va_list from dollar_expand. The original	Darren Tucker
	intent was in case there's some platform where va_list is not a pointer equivalent, but on i386 this chokes on the memset. This unbreaks that build, but will require further consideration.
2020-05-29	remove a stray .El;	Jason McIntyre

2020-05-29	mention that wildcards are processed in lexical order; bz#3165	Damien Miller

2020-05-29	Allow some keywords to expand shell-style ${ENV} environment	Darren Tucker
	variables on the client side. The supported keywords are CertificateFile, ControlPath, IdentityAgent and IdentityFile, plus LocalForward and RemoteForward when used for Unix domain socket paths. This would for example allow forwarding of Unix domain socket paths that change at runtime. bz#3140, ok djm@
2020-05-29	fix compilation on !HAVE_DLOPEN platforms; stub function was not	Damien Miller
	updated to match API change. From Dale Rahn via beck@ ok markus@
2020-05-29	fix exit status for downloading of FIDO resident keys; from	Damien Miller
	Pedro Martelletto, ok markus@
2020-05-29	Fix multiplier in convtime when handling seconds after other units.	Darren Tucker
	bz#3171, spotted by ronf at timeheart.net, ok djm@.
2020-05-27	fix Include before Match in sshd_config; bz#3122 patch from Jakub Jelen	Damien Miller

2020-05-27	Do not call process_queued_listen_addrs() for every included file	Damien Miller
	from sshd_config; patch from Jakub Jelen
2020-05-27	fix crash in recallocarray when deleting SendEnv variables;	Damien Miller
	spotted by & ok sthen@
2020-05-26	fix memleak of signature; from Pedro Martelletto	Damien Miller

2020-05-26	Restrict ssh-agent from signing web challenges for FIDO keys.	Damien Miller
	When signing messages in ssh-agent using a FIDO key that has an application string that does not start with "ssh:", ensure that the message being signed is one of the forms expected for the SSH protocol (currently pubkey authentication and sshsig signatures). This prevents ssh-agent forwarding on a host that has FIDO keys attached granting the ability for the remote side to sign challenges for web authentication using those keys too. Note that the converse case of web browsers signing SSH challenges is already precluded because no web RP can have the "ssh:" prefix in the application string that we require. ok markus@
2020-05-26	improve logging for MaxStartups connection throttling: have sshd log	Damien Miller
	when it starts and stops throttling and periodically while in this state. bz#3055 ok markus@
2020-05-26	add fmt_timeframe() (from bgpd) to format a time interval in a human-	Damien Miller
	friendly format. Switch copyright for this file from BSD to MIT to make it easier to add Henning's copyright for this function. ok markus@
2020-05-18	avoid possible NULL deref; from Pedro Martelletto	Damien Miller

2020-05-15	sshd listener must not block if reexecd sshd exits early:	Markus Friedl
	the call to send_rexec_state() in the parent sshd will block forever in write(2) on config_s[0] if the forked child exits early before finishing recv_rexec_state (e.g. with fatal()) because config_s[1] stays open in the parent. this prevents the parent from accepting new connections. ok djm, deraadt
2020-05-15	fix off-by-one error that caused sftp downloads to make one more	Damien Miller
	concurrent request that desired. This prevented using sftp(1) in unpipelined request/response mode, which is useful when debugging. Patch from Stephen Goetze in bz#3054
2020-05-13	we are still aiming for pre-C99 ...	Theo de Raadt

2020-05-13	Enable credProtect extension when generating a resident key.	Damien Miller
	The FIDO 2.1 Client to Authenticator Protocol introduced a "credProtect" feature to better protect resident keys. This option allows (amone other possibilities) requiring a PIN prior to all operations that may retrieve the key handle. Patch by Pedro Martelletto; ok djm and markus
2020-05-13	always call fido_init(); previous behaviour only called fido_init() when	Damien Miller
	SK_DEBUG was defined. Harmless with current libfido2, but this isn't guaranteed in the future.
2020-05-13	preserve group/world read permission on known_hosts file across runs of	Damien Miller
	"ssh-keygen -Rf /path". The old behaviour was to remove all rights for group/other. bz#3146 ok dtucker@
2020-05-13	when ordering the hostkey algorithms to request from a server,	Damien Miller
	prefer certificate types if the known_hosts files contain a key marked as a @cert-authority; bz#3157 ok markus@
2020-05-12	fix non-ASCII quote that snuck in; spotted by Gabriel Kihlman	Damien Miller

2020-05-11	clarify role of FIDO tokens in multi-factor authentictation;	Damien Miller
	mostly from Pedro Martelletto
2020-05-08	fix compilation with DEBUG_KEXDH; bz#3160 ok dtucker@	Damien Miller

2020-05-06	openssh-8.3; ok deraadt@	Damien Miller

2020-05-06	another case where a utimes() failure could make scp send a	Damien Miller
	desynchronising error; reminded by Aymeric Vincent ok deraadt markus
2020-05-02	we have a sshkey_save_public() function to save public keys; use it	Damien Miller
	and save a bunch of redundant code. Patch from loic AT venez.fr; ok markus@ djm@
2020-05-01	when receving a file in sink(), be careful to send at most a single	Damien Miller
	error response after the file has been opened. Otherwise the source() and sink() can become desyncronised. Reported by Daniel Goujot, Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache. ok deraadt@ markus@
2020-05-01	expose vasnmprintf(); ok (as part of other commit) markus deraadt	Damien Miller

2020-05-01	avoid NULL dereference when attempting to convert invalid ssh.com	Damien Miller
	private keys using "ssh-keygen -i"; spotted by Michael Forney
2020-04-30	tweak previous; ok markus	Jason McIntyre

2020-04-30	bring back debug() removed in rev 1.74; noted by pradeep kumar	Markus Friedl

2020-04-30	run the 2nd ssh with BatchMode for scp -3	Markus Friedl

2020-04-28	when signing a challenge using a FIDO toke, perform the hashing in the	Damien Miller
	middleware layer rather than in ssh code. This allows middlewares that call APIs that perform the hashing implicitly (including Microsoft's AFAIK). ok markus@
2020-04-26	Fix comment typo. Patch from mforney at mforney.org.	Darren Tucker

2020-04-25	We've standardized on memset over bzero, replace a couple that had slipped	Darren Tucker
	in. ok deraadt markus djm.
2020-04-24	Fix incorrect error message for "too many known hosts files." bz#3149, patch	Darren Tucker
	from jjelen at redhat.com.
2020-04-24	Remove leave_non_blocking() which is now dead code because nothing sets	Darren Tucker
	in_non_blocking_mode any more. Patch from michaael.meeks at collabora.com, ok djm@
2020-04-23	ce examples of "Ar arg Ar arg" with "Ar arg arg" and stop the spread;	Jason McIntyre

2020-04-20	fix a bug I introduced in r1.406: when printing private key fingerprint	Damien Miller
	of old-format key, key comments were not being displayed. Spotted by loic AT venez.fr, ok dtucker