History log of /openssh-portable/ (Results 126 - 150 of 10959)
Revision (<<< Hide revision tags) (Show revision tags >>>)Date Author Comments
(<<< Hide modified files)
(Show modified files >>>)
7d0f8a3310-Jan-2021 dtucker@openbsd.org

upstream: Correct spelling of persourcenetblocksize in config-dump

mode.

OpenBSD-Commit-ID: ecdc49e2b6bde6b6b0e52163d621831f6ac7b13d

ba328bd709-Jan-2021 dtucker@openbsd.org

upstream: Adjust kexfuzz to addr.c/addrmatch.c split.

OpenBSD-Regress-ID: 1d8d23bb548078020be2fb52c4c643efb190f0eb

b08ef25509-Jan-2021 dtucker@openbsd.org

upstream: Update unittests for addr.c/addrmatch.c split.

OpenBSD-Regress-ID: de2b415fb7af084a91c6ef147a90482d8f771eef

6d30673f10-Jan-2021 dtucker@openbsd.org

upstream: Change convtime() from returning long to returning int.

On platforms where sizeof(int) != sizeof(long), convtime could accept values
>MAX_INT which subsequently truncate when s

upstream: Change convtime() from returning long to returning int.

On platforms where sizeof(int) != sizeof(long), convtime could accept values
>MAX_INT which subsequently truncate when stored in an int during config
parsing. bz#3250, ok djm@

OpenBSD-Commit-ID: 8fc932683d6b4660d52f50911d62bd6639c5db31

show more ...

7a57adb809-Jan-2021 jmc@openbsd.org

upstream: add a comma to previous;

OpenBSD-Commit-ID: 9139433701c0aa86a0d3a6c7afe10d1c9c2e0869

3a92312909-Jan-2021 dtucker@openbsd.org

upstream: Add PerSourceMaxStartups and PerSourceNetBlockSize

options which provide more fine grained MaxStartups limits. Man page help
jmc@, feedback & ok djm@

OpenBSD-Commit-I

upstream: Add PerSourceMaxStartups and PerSourceNetBlockSize

options which provide more fine grained MaxStartups limits. Man page help
jmc@, feedback & ok djm@

OpenBSD-Commit-ID: e2f68664e3d02c0895b35aa751c48a2af622047b

show more ...

d9a2bc7109-Jan-2021 dtucker@openbsd.org

upstream: Move address handling functions out into their own file

in order to reuse them for per-source maxstartups limiting. Supplement with
some additional functions from djm's flowto

upstream: Move address handling functions out into their own file

in order to reuse them for per-source maxstartups limiting. Supplement with
some additional functions from djm's flowtools that we'll also need. ok djm@
(as part of a larger diff).

OpenBSD-Commit-ID: e3e7d9ccc6c9b82e25cfef0ec83598e8e2327cbf

show more ...

b744914f08-Jan-2021 Darren Tucker

Add test against Graphene hardened malloc.

6cb52d5b07-Jan-2021 djm@openbsd.org

upstream: make CheckHostIP default to 'no'. It doesn't provide any

perceptible value and makes it much harder for hosts to change host keys,
particularly ones that use IP-based load-bala

upstream: make CheckHostIP default to 'no'. It doesn't provide any

perceptible value and makes it much harder for hosts to change host keys,
particularly ones that use IP-based load-balancing.

ok dtucker@

OpenBSD-Commit-ID: 0db98413e82074f78c7d46784b1286d08aee78f0

show more ...

309b642e07-Jan-2021 Darren Tucker

Run tests with sudo for better coverage.

c336644307-Jan-2021 Darren Tucker

Add Ubuntu 16.04 and 20.04 test targets.

4c7af01f07-Jan-2021 djm@openbsd.org

upstream: If a signature operation on a FIDO key fails with a

"incorrect PIN" reason and no PIN was initially requested from the user, then
request a PIN and retry the operation.

upstream: If a signature operation on a FIDO key fails with a

"incorrect PIN" reason and no PIN was initially requested from the user, then
request a PIN and retry the operation.

This smoothes over a few corner cases including FIDO devices that
require PINs for all hosted credentials, biometric FIDO devices that
fall back to requiring PIN when reading the biometric failed, devices
that don't implement reading credProtect status for downloaded keys
and probably a few more cases that I haven't though of yet.

ok dtucker@

OpenBSD-Commit-ID: 176db8518933d6a5bbf81a2e3cf62447158dc878

show more ...

64ddd0fe07-Jan-2021 djm@openbsd.org

upstream: don't try to use timespeccmp(3) directly as a qsort(3)

comparison function - it returns 0/1 and not the -1/0/1 that qsort expectes.

fixes sftp "ls -ltr" under some circums

upstream: don't try to use timespeccmp(3) directly as a qsort(3)

comparison function - it returns 0/1 and not the -1/0/1 that qsort expectes.

fixes sftp "ls -ltr" under some circumstances.

Based on patch by Masahiro Matsuya via bz3248.

OpenBSD-Commit-ID: 65b5e9f18bb0d10573868c3516de6e5170adb163

show more ...

599df78f07-Jan-2021 dtucker@openbsd.org

upstream: Update the sntrup761 creation script and generated code:

- remove unneeded header files and typedefs and rely on crypto_api.h - add
defines to map types used to the crypto_api

upstream: Update the sntrup761 creation script and generated code:

- remove unneeded header files and typedefs and rely on crypto_api.h - add
defines to map types used to the crypto_api ones instead of typedefs. This
prevents typedef name collisions in -portable. - remove CRYPTO_NAMESPACE
entirely instead of making it a no-op - delete unused functions and make the
remaining ones that aren't exported static.

ok djm@

OpenBSD-Commit-ID: 7b9d0cf3acd5a3c1091da8afe00c904d38cf5783

show more ...

16448ff507-Jan-2021 djm@openbsd.org

upstream: mention that DisableForwarding is valid in a sshd_config

Match block reported by Fredrik Eriksson in bz3239

OpenBSD-Commit-ID: 3a71c3d84b597f5e43e4b40d5232797daf0993f6

91bac5e904-Jan-2021 dtucker@openbsd.org

upstream: estructure sntrup761.sh to process all files in a single

list, which will make it easier to reorder. Re-inline int32_MINMAX. ok
tobhe@

OpenBSD-Commit-ID: d145c6c19b0

upstream: estructure sntrup761.sh to process all files in a single

list, which will make it easier to reorder. Re-inline int32_MINMAX. ok
tobhe@

OpenBSD-Commit-ID: d145c6c19b08bb93c9e14bfaa7af589d90f144c0

show more ...

4d96a3eb03-Jan-2021 tobhe@openbsd.org

upstream: Prevent redefinition of `crypto_int32' error with gcc3.

Fixes compilation on luna88k.

Feedback millert@
Found by and ok aoyama@

OpenBSD-Commit-ID: f305ddfe575

upstream: Prevent redefinition of `crypto_int32' error with gcc3.

Fixes compilation on luna88k.

Feedback millert@
Found by and ok aoyama@

OpenBSD-Commit-ID: f305ddfe575a26cc53431af3fde3f4aeebed9ba6

show more ...

a23954ee01-Jan-2021 Darren Tucker

Undef int32 after sort routines.

This prevents typedef'ing crypto_int32 twice, in sntrup761.c and
crypto_api.h, which some compilers (at least some GCCs) don't accept.

148b8a6630-Dec-2020 Damien Miller

fix: missing pieces of previous commit

3d999be730-Dec-2020 tobhe@openbsd.org

upstream: Use int64_t for intermediate values in int32_MINMAX to

prevent signed 32-bit integer overflow.

Found by and ok djm@
ok markus@

OpenBSD-Commit-ID: 4f0704768e34

upstream: Use int64_t for intermediate values in int32_MINMAX to

prevent signed 32-bit integer overflow.

Found by and ok djm@
ok markus@

OpenBSD-Commit-ID: 4f0704768e34cf45fdd792bac4011c6971881bb3

show more ...

5c1953bf28-Dec-2020 Damien Miller

adapt KEX fuzzer to PQ kex change

659864fe28-Dec-2020 djm@openbsd.org

upstream: Adapt to replacement of

sntrup4591761x25519-sha512@tinyssh.org with
sntrup761x25519-sha512@openssh.com.

Also test sntrup761x25519-sha512@openssh.com in unittests/kex

upstream: Adapt to replacement of

sntrup4591761x25519-sha512@tinyssh.org with
sntrup761x25519-sha512@openssh.com.

Also test sntrup761x25519-sha512@openssh.com in unittests/kex

OpenBSD-Regress-ID: cfa3506b2b077a9cac1877fb521efd2641b6030c

show more ...

2c71cec028-Dec-2020 djm@openbsd.org

upstream: Update/replace the experimental post-quantim hybrid key

exchange method based on Streamlined NTRU Prime (coupled with X25519).

The previous sntrup4591761x25519-sha512@tiny

upstream: Update/replace the experimental post-quantim hybrid key

exchange method based on Streamlined NTRU Prime (coupled with X25519).

The previous sntrup4591761x25519-sha512@tinyssh.org method is
replaced with sntrup761x25519-sha512@openssh.com. Per the authors,
sntrup4591761 was replaced almost two years ago by sntrup761.

The sntrup761 implementaion, like sntrup4591761 before it, is public
domain code extracted from the SUPERCOP cryptography benchmark
suite (https://bench.cr.yp.to/supercop.html).

Thanks for Daniel J Bernstein for guidance on algorithm selection.
Patch from Tobias Heider; feedback & ok markus@ and myself

(note this both the updated method and the one that it replaced are
disabled by default)

OpenBSD-Commit-ID: 2bf582b772d81ee24e911bb6f4b2aecfd39338ae

show more ...

09d070cc22-Dec-2020 jmc@openbsd.org

upstream: tweak the description of KnownHostsCommand in ssh_conf.5,

and add entries for it to the -O list in scp.1 and sftp.1;

ok djm

OpenBSD-Commit-ID: aba31ebea03f38f8d21

upstream: tweak the description of KnownHostsCommand in ssh_conf.5,

and add entries for it to the -O list in scp.1 and sftp.1;

ok djm

OpenBSD-Commit-ID: aba31ebea03f38f8d218857f7ce16a500c3e4aff

show more ...

931c933822-Dec-2020 Damien Miller

whitespace at EOL

12345678910>>...439