Branch :
| Author | Commit | Date | CI | Message |
|---|---|---|---|---|
| 2dfc98f4 | 2019-12-04 09:51:07 | libc's authentication privsep layer performed insufficient username validation. Repair work mostly by markus and millert, first of all solving the primary problem, then adding some additional validation points. And then futher validation in login and su. This will be 6.5/021_libcauth.patch.sig and 6.6/010_libcauth.patch.sig Reported by Qualys | ||
| 0925375c | 2019-12-03 10:47:22 | Style nits in function arguments. | ||
| e8a72117 | 2019-12-03 09:14:37 | With -R and an implicit ".", don't prepend file paths with "./" Looks nicer and matches the output of GNU grep. ok millert@ deraadt@ visa@ miod@ | ||
| ef8fff59 | 2019-12-03 08:48:49 | Document implicit "." default file for -R OK visa deraadt | ||
| ba697fea | 2019-12-02 22:32:18 | Tweak inaccurate comment | ||
| aa8fed3a | 2019-12-02 22:23:19 | Tweak previous, using fputs here was fine | ||
| 5fbd5e42 | 2019-12-02 22:17:32 | Use getline(3) to handle lines longer than 8192 bytes in patch files Spotted by jsg@ when working on mesa. Diff tested by sthen@ in a partial i386 bulk. Input from and ok jsg@ millert@ | ||
| c1cbe94b | 2019-12-02 21:50:11 | With -R assume that "." was passed instead of printing a warning Saner default behavior that matches GNU grep. Diff from miod@, support from espie@, ok visa@ millert@ | ||
| fa9a3d3a | 2019-12-02 19:25:52 | Remove client menu, I don't think it adds anything. | ||
| 9f5f6f88 | 2019-12-02 15:35:35 | update currency exchange rates; | ||
| 083d4b5c | 2019-11-30 14:01:45 | After fork(2) the pledge(2) in the parent proc can be reduced to "stdio rpath sendfd" so that it can call {l,}stat/open and sendfd for imsg_* in order to send fds to the child proc which is already pledged by recvfd to receive them OK brynet@ deraadt@ | ||
| 1890c57d | 2019-11-30 07:07:59 | tweak the Nd lines for a bit of consistency; ok markus | ||
| 1e388329 | 2019-11-29 16:04:07 | If a window appears in only one attached session, there is no point in worrying about which is the latest client (there is only one). | ||
| 65ac2342 | 2019-11-29 03:12:35 | at(1): ctime comparison: subtraction is not comparison; ok millert@ | ||
| a2f7fe09 | 2019-11-29 00:11:21 | perform hashing directly in crypto_hash_sha512() using libcrypto or libc SHA512 functions rather than calling ssh_digest_memory(); avoids many dependencies on ssh code that complicate standalone use of ed25519, as we want to do in sk-dummy.so | ||
| 5ae34e9e | 2019-11-28 21:18:38 | Do not crash when a format doesn't exist, reported by Thomas Sattler. | ||
| 68acdce2 | 2019-11-28 16:27:25 | ks_mapblocks is gone | ||
| 4499ca0c | 2019-11-28 12:24:31 | improve the text for -A a little; input from naddy and djm | ||
| 40e92372 | 2019-11-28 12:23:25 | reshuffle the text to read better; input from naddy, djmc, and dtucker | ||
| d8fa3dd1 | 2019-11-28 11:21:33 | Add manual for openssl(1) cms ok and comments jmc@ | ||
| 449be3e3 | 2019-11-28 10:55:45 | Missing after-kill-pane option. | ||
| 2afb856a | 2019-11-28 10:17:22 | Parse out DA features. | ||
| 21e62bdb | 2019-11-28 09:56:25 | Long lines and spacing fixes. | ||
| 18b1287e | 2019-11-28 09:51:58 | Add xrecallocarray. | ||
| d7dc1b61 | 2019-11-28 09:50:09 | Bump the escape sequence timeout to five seconds to allow for longer legitimate sequences. | ||
| 4a8b0ea5 | 2019-11-28 09:45:15 | Make a best effort to set xpixel and ypixel for each pane and add formats for them. | ||
| 8002856b | 2019-11-28 09:05:34 | Store xpixel/ypixel from TIOCGWINSZ and add formats. | ||
| 57b78c22 | 2019-11-28 08:38:04 | status-left and status-right need push-default also, reported by Eric Pruitt in GitHub issue 1989. | ||
| 9b45e825 | 2019-11-28 05:20:54 | tweak wording | ||
| 33e48bcd | 2019-11-27 22:32:11 | remove stray semicolon after closing brace of function; from Michael Forney | ||
| 2490d52d | 2019-11-27 20:54:30 | REG_STARTEND is not portable, but it turns out we don't actually need it. From Evan Green, GitHub issue 1982. | ||
| b8c0aef4 | 2019-11-27 16:50:21 | use _PATH_PROTOCOLS from netdb.h instead | ||
| 4c0d1d38 | 2019-11-27 08:18:22 | Initialize nfds fields of new file structures. Fixes a possible crash when a new file structure is added in the time-out processing code-path. | ||
| 0c034787 | 2019-11-27 05:38:43 | Revert previous commit. The channels code still uses int in many places for channel ids so the INT_MAX check still makes sense. | ||
| da06e094 | 2019-11-27 05:00:17 | use error()+_exit() instead of fatal() to avoid running cleanup handlers in child process; spotted via weird regress failures in portable | ||
| 2bf2fb2b | 2019-11-27 03:34:04 | Make channel_id u_int32_t and remove unnecessary check and cast that were left over from the type conversion. Noted by t-hashida@amiya.co.jp in bz#3098, ok markus@ djm@ | ||
| bffdb0b7 | 2019-11-26 22:42:26 | tweak previous; | ||
| 9b3d3828 | 2019-11-26 17:51:33 | Prevent divide-by zero in tcpbench(1). Found while testing iwm(4). #0 0x000004c27b9051a9 in udp_process_slice (fd=<optimized out>, event=<optimized out>, v_sc=0x4c55279f500) at /usr/src/usr.bin/tcpbench/tcpbench.c:606 606 pps = (sc->udp_slice_pkts * 1000) / since_last; (gdb) p since_last $1 = 0 ok benno@ | ||
| 7f0389c5 | 2019-11-26 15:35:56 | Add default # and * binding with vi(1) keys. | ||
| 8625808f | 2019-11-26 09:43:49 | kdump reads /etc/protocols to translate proto numbers into names; ok sthen@ gilles@ | ||
| 584bea6c | 2019-11-26 03:04:27 | more debugging; behind DEBUG_SK | ||
| e104123d | 2019-11-25 22:38:36 | Don't use motion flag uninitialized. | ||
| 99faff9b | 2019-11-25 20:43:32 | Fix a warning in previous. | ||
| 4bd94dea | 2019-11-25 20:42:18 | Do not clear search marks on cursor movement with vi(1) keys, from Eric Pruitt in GitHub issue 1985. | ||
| a318a7fa | 2019-11-25 15:04:15 | Add p format modifier for padding to width. | ||
| 144aa191 | 2019-11-25 15:02:48 | Allow multiple substitutions in a single format. | ||
| a84762ce | 2019-11-25 10:23:36 | redundant test | ||
| d70f2191 | 2019-11-25 00:57:51 | document the "no-touch-required" certificate extension; ok markus, feedback deraadt | ||
| 093f1094 | 2019-11-25 00:57:27 | Print a key touch reminder when generating a security key. Most keys require a touch to authorize the operation. | ||
| 40f04aad | 2019-11-25 00:55:58 | allow "ssh-keygen -x no-touch-required" when generating a security key keypair to request one that does not require a touch for each authentication attempt. The default remains to require touch. feedback deraadt; ok markus@ | ||
| 6e27da75 | 2019-11-25 00:54:23 | add a "no-touch-required" option for authorized_keys and a similar extension for certificates. This option disables the default requirement that security key signatures attest that the user touched their key to authorize them. feedback deraadt, ok markus | ||
| 47ce46c8 | 2019-11-25 00:52:46 | Add a sshd_config PubkeyAuthOptions directive This directive has a single valid option "no-touch-required" that causes sshd to skip checking whether user presence was tested before a security key signature was made (usually by the user touching the key). ok markus@ | ||
| 493ad5b0 | 2019-11-25 00:51:37 | Add new structure for signature options This is populated during signature verification with additional fields that are present in and covered by the signature. At the moment, it is only used to record security key-specific options, especially the flags field. with and ok markus@ | ||
| 11c8e95a | 2019-11-25 00:38:17 | memleak in error path | ||
| 9eb62517 | 2019-11-24 18:37:23 | Only substitute patterns starting with ^ once. | ||
| 8cd3d8c5 | 2019-11-22 06:50:30 | Wait for FD to be readable or writeable during a nonblocking connect, not just readable. Prevents a timeout when the server doesn't immediately send a banner (eg multiplexers like sslh) but is also slightly quicker for other connections since, unlike ssh1, ssh2 doesn't specify that the client should parse the server banner before sending its own. Patch from mnissler@chromium.org, ok djm@ | ||
| 494db7cc | 2019-11-20 11:42:51 | Do not check the client readonly flag when there is no client, GitHub issue 1980. | ||
| 039d6aae | 2019-11-19 22:23:19 | adjust on-wire signature encoding for ecdsa-sk keys to better match ec25519-sk keys. Discussed with markus@ and Sebastian Kinne NB. if you are depending on security keys (already?) then make sure you update both your clients and servers. | ||
| 73734971 | 2019-11-19 22:21:15 | a little more information from the monitor when signature verification fails. | ||
| c98bcbbd | 2019-11-19 16:02:32 | revert previous: naddy pointed out what's meant to happen. rethink needed... | ||
| 22150316 | 2019-11-19 14:54:47 | -c and -s do not make sense with -k; reshuffle -k into the main synopsis/usage; ok djm | ||
| d4271273 | 2019-11-19 10:28:18 | More return value check in openssl(1) cms Checking return value of sk_.*_new_null(). ok beck@ jsing@ | ||
| f872ba1d | 2019-11-19 10:20:10 | Add manual descriptions for openssl(1) req -addext ok jmc@ | ||
| 98d39534 | 2019-11-18 23:17:48 | document '$' environment variable expansion for SecurityKeyProvider; ok djm@ | ||
| bfff4a28 | 2019-11-18 23:16:49 | more missing mentions of ed25519-sk; ok djm@ | ||
| d2a7ef38 | 2019-11-18 16:10:05 | additional missing stdarg.h includes when built without WITH_OPENSSL; ok djm@ | ||
| f8cd6cb1 | 2019-11-18 16:08:57 | add the missing WITH_OPENSSL ifdefs after the ED25519-SK addition; ok djm@ | ||
| 514c2dab | 2019-11-18 12:43:27 | Remove typedef and check sk_push return value in openssl(1) cms - Remove typedef and use 'struct cms_key_param' instead - Check return value of sk_X509_push and sk_OPENSSL_STRING_push - Add a blank line to separate variable declarations from code comments from jsing@ | ||
| 99e5b935 | 2019-11-18 11:34:41 | Add -keyopt opiton to openssl(1) cms subcommand This provides rsa_padding_mode:oaep for cms -encrypt, and rsa_padding_mode:pss for cms -sign. ok jsing@ | ||
| b9f4fd46 | 2019-11-18 09:43:31 | Add -f for full size to join-pane (like split-window), from Theo Buehler. | ||
| 4c8b1ab8 | 2019-11-18 09:42:09 | Keep modifiers on backspace when translating it. | ||
| 3ae5026f | 2019-11-18 06:58:00 | fix a bug that prevented serialisation of ed25519-sk keys | ||
| 0f6aa503 | 2019-11-18 06:39:36 | Fix incorrect error message when key certification fails | ||
| 6350a416 | 2019-11-18 06:39:02 | fix bug that prevented certification of ed25519-sk keys | ||
| fdaabcac | 2019-11-18 06:24:17 | allow *-sk key types to be turned into certificates | ||
| 7d93d597 | 2019-11-18 04:55:02 | mention ed25519-sk key/cert types here too; prompted by jmc@ | ||
| d4a18e60 | 2019-11-18 04:50:45 | mention ed25519-sk in places where it is accepted; prompted by jmc@ | ||
| 544013c6 | 2019-11-18 04:37:35 | various knf and whitespace; ok jca | ||
| 9d61155f | 2019-11-18 04:34:47 | document ed25519-sk pubkey, private key and certificate formats | ||
| 0c5b4bc7 | 2019-11-18 04:29:50 | correct order or ecdsa-sk private key fields | ||
| 3d83e935 | 2019-11-18 04:16:53 | correct description of fields in pub/private keys (was missing curve name); spotted by Sebastian Kinne | ||
| 847074b1 | 2019-11-18 01:59:48 | missing break in getopt switch; spotted by Sebastian Kinne | ||
| 572ca008 | 2019-11-17 17:38:33 | fail to usage if extra argv are present noticed by jsing and beck, ok tedu | ||
| cbee8d56 | 2019-11-16 23:17:20 | tweak debug message | ||
| c6495727 | 2019-11-16 22:42:30 | a little debug() in the security key interface | ||
| 6c1668c6 | 2019-11-16 22:36:48 | always use ssh-sk-helper, even for the internal USB HID support. This avoid the need for a wpath pledge in ssh-agent. reported by jmc@ | ||
| 35f0234c | 2019-11-15 15:41:01 | fix typos in sk_enroll | ||
| a467abc7 | 2019-11-15 11:21:32 | Do not add path if it is NULL, duh. | ||
| e9afa876 | 2019-11-15 11:16:53 | Handle OSC 7 (a VTE extension) and put the result in a new format (pane_path). | ||
| 11497b5d | 2019-11-15 11:16:28 | double word; | ||
| 07b718ed | 2019-11-15 06:00:20 | remove most uses of BN_CTX We weren't following the rules re BN_CTX_start/BN_CTX_end and the places we were using it didn't benefit from its use anyway. ok dtucker@ | ||
| 096d667c | 2019-11-15 05:37:27 | unshield security key privkey before attempting signature in agent. spotted by dtucker@ | ||
| 2b479b17 | 2019-11-15 05:26:56 | rewrite c99-ism | ||
| bc7dc720 | 2019-11-15 05:25:52 | only clang understands those new -W options | ||
| b425d036 | 2019-11-15 04:12:32 | don't consult dlopen whitelist for internal security key provider; spotted by dtucker@ | ||
| 7cf8e58d | 2019-11-15 03:41:57 | U2F tokens may return FIDO_ERR_USER_PRESENCE_REQUIRED when probed to see if they own a key handle. Handle this case so the find_device() look can work for them. Reported by Michael Forney | ||
| 2b753a7a | 2019-11-15 02:38:07 | show the "please touch your security key" notifier when using the (default) build-in security key support. | ||
| 4c7cc78c | 2019-11-15 02:37:24 | close the "touch your security key" notifier on the error path too | ||
| 59959935 | 2019-11-15 02:20:06 | correct function name in debug message | ||
| 6e93bb8e | 2019-11-15 00:32:40 | follow existing askpass logic for security key notifier: fall back to _PATH_SSH_ASKPASS_DEFAULT if no $SSH_ASKPASS environment variable is set. |