| 8075fccb | 24-Jan-2020 |
djm@openbsd.org |
upstream: add xextendf() to extend a string with a format
(reallocating as necessary). ok aja@ as part of a larger diff
OpenBSD-Commit-ID: 30796b50d330b3e0e201747fe40cdf9aa70a77f9 |
| d15c8adf | 24-Jan-2020 |
djm@openbsd.org |
upstream: minor tweaks to ssh-keygen -Y find-principals:
emit matched principals one per line to stdout rather than as comma-
separated and with a free-text preamble (easy confusion oppo
upstream: minor tweaks to ssh-keygen -Y find-principals:
emit matched principals one per line to stdout rather than as comma-
separated and with a free-text preamble (easy confusion opportunity)
emit "not found" error to stderr
fix up argument testing for -Y operations and improve error message for
unsupported operations
OpenBSD-Commit-ID: 3d9c9a671ab07fc04a48f543edfa85eae77da69c
show more ...
|
| c3368a5d | 23-Jan-2020 |
djm@openbsd.org |
upstream: remove ssh-rsa (SHA1) from the list of allowed CA
signature algorithms ok markus
OpenBSD-Commit-ID: da3481fca8c81e6951f319a86b7be67502237f57 |
| 4a41d245 | 23-Jan-2020 |
djm@openbsd.org |
upstream: when signing a certificate with an RSA key, default to
a safe signature algorithm (rsa-sha-512) if not is explicitly specified by
the user; ok markus@
OpenBSD-Commit-I
upstream: when signing a certificate with an RSA key, default to
a safe signature algorithm (rsa-sha-512) if not is explicitly specified by
the user; ok markus@
OpenBSD-Commit-ID: e05f638f0be6c0266e1d3d799716b461011e83a9
show more ...
|
| 8dfb6a20 | 23-Jan-2020 |
djm@openbsd.org |
upstream: allow PEM export of DSA and ECDSA keys; bz3091, patch
from Jakub Jelen ok markus@
OpenBSD-Commit-ID: a58edec8b9f07acab4b962a71a5125830d321b51 |
| 72a8bea2 | 23-Jan-2020 |
djm@openbsd.org |
upstream: ssh-keygen -Y find-principals fixes based on feedback
from Markus:
use "principals" instead of principal, as allowed_signers lines may list
multiple.
When the
upstream: ssh-keygen -Y find-principals fixes based on feedback
from Markus:
use "principals" instead of principal, as allowed_signers lines may list
multiple.
When the signing key is a certificate, emit only principals that match
the certificate principal list.
NB. the command -Y name changes: "find-principal" => "find-principals"
ok markus@
OpenBSD-Commit-ID: ab575946ff9a55624cd4e811bfd338bf3b1d0faf
show more ...
|
| 0585b569 | 23-Jan-2020 |
dtucker@openbsd.org |
upstream: Do not warn about permissions on symlinks.
OpenBSD-Regress-ID: 339d4cbae224bd8743ffad9c3afb0cf3cb66c357 |
| 41519234 | 23-Jan-2020 |
dtucker@openbsd.org |
upstream: Handle zlib compression being disabled now that it's
optional.
OpenBSD-Regress-ID: 0af4fbc5168e62f89d0350de524bff1cb00e707a |
| fbce7c1a | 23-Jan-2020 |
dtucker@openbsd.org |
upstream: Fix typo in comment.
OpenBSD-Commit-ID: d1d7a6553208bf439378fd1cf686a828aceb353a |
| ba247af8 | 23-Jan-2020 |
dtucker@openbsd.org |
upstream: When checking for unsafe directories, ignore non-directories
(ie symlinks, where permissions are not relevant).
OpenBSD-Regress-ID: fb6cfc8b022becb62b2dcb99ed3f072b3326e501 |
| 74deb702 | 23-Jan-2020 |
Darren Tucker |
zlib is now optional. |
| 633a2af4 | 23-Jan-2020 |
Darren Tucker |
Plumb WITH_ZLIB into configure.
This allows zlib support to be disabled by ./configure --without-zlib. |
| 7f8e66fe | 23-Jan-2020 |
dtucker@openbsd.org |
upstream: Make zlib optional. This adds a "ZLIB" build time option
that allows building without zlib compression and associated options. With
feedback from markus@, ok djm@
Ope
upstream: Make zlib optional. This adds a "ZLIB" build time option
that allows building without zlib compression and associated options. With
feedback from markus@, ok djm@
OpenBSD-Commit-ID: 44c6e1133a90fd15a3aa865bdedc53bab28b7910
show more ...
|
| 69ac4e33 | 23-Jan-2020 |
djm@openbsd.org |
upstream: remove trailing period characters from pub/priv key
pathnames - they make them needlessly more difficult to cut and paste without
error; ok markus@ & dtucker@
OpenBSD-
upstream: remove trailing period characters from pub/priv key
pathnames - they make them needlessly more difficult to cut and paste without
error; ok markus@ & dtucker@
OpenBSD-Commit-ID: abdcfd1a5723fcac0711feee7665edc66ae2335a
show more ...
|
| 945bf52c | 23-Jan-2020 |
Darren Tucker |
Fix a couple of mysig_t leftovers. |
| 84226b44 | 23-Jan-2020 |
Darren Tucker |
Remove mysignal wrapper.
We switched the main code to use sigaction(), so the wrapper is no
longer used. |
| 5533c2fb | 23-Jan-2020 |
jmc@openbsd.org |
upstream: new sentence, new line;
OpenBSD-Commit-ID: b6c3f2f36ec77e99198619b38a9f146655281925 |
| 3bf2a6ac | 23-Jan-2020 |
dtucker@openbsd.org |
upstream: Replace all calls to signal(2) with a wrapper around
sigaction(2). This wrapper blocks all other signals during the handler
preventing races between handlers, and sets SA_RESTA
upstream: Replace all calls to signal(2) with a wrapper around
sigaction(2). This wrapper blocks all other signals during the handler
preventing races between handlers, and sets SA_RESTART which should reduce
the potential for short read/write operations.
OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519
show more ...
|
| e027c044 | 22-Jan-2020 |
djm@openbsd.org |
upstream: missing header change from previous; spotted by dtucker@
OpenBSD-Commit-ID: 321ce74c0a5bbd0f02fa3f20cb5cf2a952c6b96f |
| 7e132310 | 22-Jan-2020 |
dtucker@openbsd.org |
upstream: Check for and warn about StrictModes permission problems. ok tb@
OpenBSD-Regress-ID: 4841704ccdee50ee7efc6035bc686695c6ac2991 |
| 84de1c27 | 22-Jan-2020 |
dtucker@openbsd.org |
upstream: Also test PuTTY chacha20.
OpenBSD-Regress-ID: 7af6a0e8763b05f1f8eee6bca5f31fcb16151040 |
| c7ed15a3 | 22-Jan-2020 |
dtucker@openbsd.org |
upstream: Also test PuTTY ecdh kex methods.
OpenBSD-Regress-ID: ec4017dce612131842398a03e93007a869c2c133 |
| c4b3a128 | 22-Jan-2020 |
dtucker@openbsd.org |
upstream: Remove unsupported algorithms from list of defaults at run
time and remove ifdef and distinct settings for OPENSSL=no case.
This will make things much simpler for -portabl
upstream: Remove unsupported algorithms from list of defaults at run
time and remove ifdef and distinct settings for OPENSSL=no case.
This will make things much simpler for -portable where the exact set
of algos depends on the configuration of both OpenSSH and the libcrypto
it's linked against (if any). ok djm@
OpenBSD-Commit-ID: e0116d0183dcafc7a9c40ba5fe9127805c5dfdd2
show more ...
|
| 56cffcc0 | 22-Jan-2020 |
djm@openbsd.org |
upstream: add a new signature operations "find-principal" to look
up the principal associated with a signature from an allowed-signers file.
Work by Sebastian Kinne; ok dtucker@
upstream: add a new signature operations "find-principal" to look
up the principal associated with a signature from an allowed-signers file.
Work by Sebastian Kinne; ok dtucker@
OpenBSD-Commit-ID: 6f782cc7e18e38fcfafa62af53246a1dcfe74e5d
show more ...
|
| 65cf8730 | 22-Jan-2020 |
dtucker@openbsd.org |
upstream: Ignore whitespace when checking explict fingerprint.
When confirming a host key using the fingerprint itself, ignore leading and
trailing whitespace. ok deraadt@ djm@
upstream: Ignore whitespace when checking explict fingerprint.
When confirming a host key using the fingerprint itself, ignore leading and
trailing whitespace. ok deraadt@ djm@
OpenBSD-Commit-ID: cafd7f803bbdcd40c3a8f8f1a77747e6b6d8c011
show more ...
|