]>
git.ipfire.org Git - thirdparty/openssh-portable.git/log
djm@openbsd.org [Tue, 30 Apr 2024 06:23:51 +0000 (06:23 +0000)]
upstream: fix home-directory extension implementation, it always
returned the current user's home directory contrary to the spec.
Patch from Jakub Jelen via GHPR477
OpenBSD-Commit-ID:
5afd775eab7f9cbe222d7fbae4c793de6c3b3d28
djm@openbsd.org [Tue, 30 Apr 2024 06:16:55 +0000 (06:16 +0000)]
upstream: flush stdout after writing "sftp>" prompt when not using
editline.
From Alpine Linux via GHPR480
OpenBSD-Commit-ID:
80bdc7ffe0358dc090eb9b93e6dedb2b087b24cd
djm@openbsd.org [Tue, 30 Apr 2024 05:53:03 +0000 (05:53 +0000)]
upstream: stricter validation of messaging socket fd number; disallow
usage of stderr. Based on GHPR492 by RealHurrison
OpenBSD-Commit-ID:
73dbbe82ea16f73ce1d044d3232bc869ae2f2ce8
djm@openbsd.org [Tue, 30 Apr 2024 05:45:56 +0000 (05:45 +0000)]
upstream: add missing reserved fields to key constraint protocol
documentation.
from Wiktor Kwapisiewicz via GHPR487
OpenBSD-Commit-ID:
0dfb69998cfdb3fa00cbb0e7809e7d2f6126e3df
Damien Miller [Tue, 30 Apr 2024 02:39:34 +0000 (12:39 +1000)]
depend
djm@openbsd.org [Tue, 30 Apr 2024 02:14:10 +0000 (02:14 +0000)]
upstream: correctly restore sigprocmask around ppoll() reported
by Tõivo Leedjärv; ok deraadt@
OpenBSD-Commit-ID:
c0c0f89de5294a166578f071eade2501929c4686
djm@openbsd.org [Tue, 30 Apr 2024 02:10:49 +0000 (02:10 +0000)]
upstream: add explict check for server hostkey type against
HostkeyAlgorithms. Allows HostkeyAlgorithms to disable implicit fallback from
certificate keys to plain keys. ok markus@
OpenBSD-Commit-ID:
364087e4a395ff9b2f42bf3aefdb2090bb23643a
jsg@openbsd.org [Tue, 23 Apr 2024 13:34:50 +0000 (13:34 +0000)]
upstream: correct indentation; no functional change ok tb@
OpenBSD-Commit-ID:
dd9702fd43de546bc6a3f4f025c74d6f3692a0d4
semarie@openbsd.org [Thu, 4 Apr 2024 16:00:51 +0000 (16:00 +0000)]
upstream: set right mode on ssh-agent at boot-time
which sthen@
ok deraadt@
OpenBSD-Commit-ID:
662b5056a2c6171563e1626f9c69f27862b5e7af
deraadt@openbsd.org [Tue, 2 Apr 2024 12:22:38 +0000 (12:22 +0000)]
upstream: Oops, incorrect hex conversion spotted by claudio.
While here try to improve how it reads a bit better. Surprising the
regression tests didn't spot this error, maybe it fails to roundtrip the
values.
OpenBSD-Commit-ID:
866cfcc1955aef8f3fc32da0b70c353a1b859f2e
deraadt@openbsd.org [Tue, 2 Apr 2024 10:02:08 +0000 (10:02 +0000)]
upstream: for parse_ipqos(), use strtonum() instead of mostly
idiomatic strtoul(), but wow it's so gross. ok djm
OpenBSD-Commit-ID:
cec14a76af2eb7b225300c80fc0e21052be67b05
deraadt@openbsd.org [Tue, 2 Apr 2024 09:56:58 +0000 (09:56 +0000)]
upstream: can shortcut by returning strtonum() value directly; ok
djm
OpenBSD-Commit-ID:
7bb2dd3d6d1f288dac14247d1de446e3d7ba8b8e
deraadt@openbsd.org [Tue, 2 Apr 2024 09:52:14 +0000 (09:52 +0000)]
upstream: rewrite convtime() to use a isdigit-scanner and
strtonum() instead of strange strtoul can might be fooled by garage
characters. passes regress/usr.bin/ssh/unittests/misc ok djm
OpenBSD-Commit-ID:
4b1ef826bb16047aea3f3bdcb385b72ffd450abc
claudio@openbsd.org [Tue, 2 Apr 2024 09:48:24 +0000 (09:48 +0000)]
upstream: Remove unused ptr[3] char array in pkcs11_decode_hex.
OK deraadt@
OpenBSD-Commit-ID:
3d14433e39fd558f662d3b0431c4c555ef920481
deraadt@openbsd.org [Tue, 2 Apr 2024 09:32:28 +0000 (09:32 +0000)]
upstream: Replace non-idiomatic strtoul(, 16) to parse a region
of 2-character hex sequences with a low-level replacement designed just for
the task. ok djm
OpenBSD-Commit-ID:
67bab8b8a4329a19a0add5085eacd6f4cc215e85
deraadt@openbsd.org [Tue, 2 Apr 2024 09:29:31 +0000 (09:29 +0000)]
upstream: Use strtonum() instead of severely non-idomatic
strtoul() In particular this will now reject trailing garbage, ie.
'12garbage'. ok djm
OpenBSD-Commit-ID:
c82d95e3ccbfedfc91a8041c2f8bf0cf987d1501
deraadt@openbsd.org [Mon, 1 Apr 2024 15:50:17 +0000 (15:50 +0000)]
upstream: also create a relink kit for ssh-agent, since it is a
long-running setgid program carrying keys with some (not very powerful)
communication channels. solution for testing the binary from dtucker.
agreement from djm. Will add it into /etc/rc in a few days.
OpenBSD-Commit-ID:
2fe8d707ae35ba23c7916adcb818bb5b66837ba0
deraadt@openbsd.org [Mon, 1 Apr 2024 15:48:16 +0000 (15:48 +0000)]
upstream: new-style relink kit for sshd. The old scheme created
a Makefile by concatenating two Makefiles and was incredibly fragile. In the
new way a narrow-purposed install.sh script is created and shipped with the
objects. A recently commited /etc/rc script understands these files.
OpenBSD-Commit-ID:
ef9341d5a50f0d33e3a6fbe995e92964bc7ef2d3
renmingshuai [Fri, 12 Apr 2024 02:20:49 +0000 (10:20 +0800)]
Shell syntax fix (leftover from a sync).
Signed-off-by: renmingshuai <renmingshuai@huawei.com>
Darren Tucker [Thu, 25 Apr 2024 03:20:19 +0000 (13:20 +1000)]
Merge flags for OpenSSL 3.x versions.
OpenSSL has moved to 3.4 which we don't currently accept. Based on
the OpenSSL versioning policy[0] it looks like all of the 3.x versions
should work with OpenSSH, so remove the distinction in configure and
accept all of them.
[0] https://openssl.org/policies/general/versioning-policy.html
Darren Tucker [Thu, 25 Apr 2024 03:19:03 +0000 (13:19 +1000)]
Remove 9.6 branch from status page.
Darren Tucker [Thu, 25 Apr 2024 03:16:58 +0000 (13:16 +1000)]
Update LibreSSL and OpenSSL versions tested.
Update LibreSSL versions to current releases (3.8.4 & 3.9.1).
Add newly-released OpenSSL 3.3.0, and add tests against the 3.1 and
3.3 branches.
90 [Fri, 5 Apr 2024 18:36:06 +0000 (19:36 +0100)]
Fix missing header for systemd notification
Damien Miller [Wed, 3 Apr 2024 03:40:32 +0000 (14:40 +1100)]
notify systemd on listen and reload
Standalone implementation that does not depend on libsystemd.
With assistance from Luca Boccassi, and feedback/testing from Colin
Watson. bz2641
Darren Tucker [Sun, 31 Mar 2024 10:51:57 +0000 (21:51 +1100)]
Port changes from selfhosted to upstream tests.
Should get them working again.
Darren Tucker [Sat, 30 Mar 2024 07:20:16 +0000 (18:20 +1100)]
Check if OpenSSL implementation supports DSA.
If --enable/disable-dsa-keys is not specified, set based on what OpenSSL
supports. If specified as enabled, but not supported by OpenSSL error
out. ok djm@
djm@openbsd.org [Sat, 30 Mar 2024 05:56:22 +0000 (05:56 +0000)]
upstream: in OpenSSH private key format, correct type for subsequent
private keys in blob. From Jakub Jelen via GHPR430
OpenBSD-Commit-ID:
d17dbf47554de2d752061592f95b5d772baab50b
Eero Häkkinen [Fri, 15 Sep 2023 21:55:08 +0000 (00:55 +0300)]
Expose SSH_AUTH_INFO_0 always to PAM auth modules.
This changes SSH_AUTH_INFO_0 to be exposed to PAM auth modules also
when a password authentication method is in use and not only
when a keyboard-interactive authentication method is in use.
Darren Tucker [Wed, 27 Mar 2024 06:42:58 +0000 (17:42 +1100)]
Rearrange selfhosted VM scheduling.
Instead of trying to infer the type of the self hosted tests in each of
the driver scripts (inconsistently...), set one of the following
variables to "true" in the workflow:
VM: tests run in a virtual machine.
EPHEMERAL: tests run on an ephemeral virtual machine.
PERSISTENT: tests run on a persistent virtual machine
REMOTE: tests run on a physical remote host.
EPHEMERAL VMs can have multiple instances of any given VM can exist
simultaneously and are run by a runner pool. The other types have a
dedicated runner instance and can only run a single test at a time.
Other settings:
SSHFS: We need to sshfs mount over the repo so the workflow can collect
build artifacts. This also implies the tests must be run over ssh.
DEBUG_ACTIONS: enable "set -x" in scripts for debugging.
Damien Miller [Sat, 30 Mar 2024 05:05:59 +0000 (16:05 +1100)]
add new token-based signing key for dtucker@
Verified in person and via signature with old key.
Will remove old key in a bit.
Alkaid [Tue, 12 Mar 2024 10:59:12 +0000 (03:59 -0700)]
Fix OpenSSL
ED25519 support detection
Wrong function signature in configure.ac prevents openssh from enabling
the recently new support for
ED25519 priv keys in PEM PKCS8 format.
djm@openbsd.org [Sat, 30 Mar 2024 04:27:44 +0000 (04:27 +0000)]
upstream: allow WAYLAND_DISPLAY to enable SSH_ASKPASS
From dkg via GHPR479; ok dtucker@
OpenBSD-Commit-ID:
1ac1f9c45da44eabbae89375393c662349239257
dtucker@openbsd.org [Fri, 29 Mar 2024 10:40:07 +0000 (10:40 +0000)]
upstream: Use egrep instead of grep -E.
Some plaforms don't have the latter so this makes things easier
in -portable.
OpenBSD-Regress-ID:
ff82260eb0db1f11130200b25d820cf73753bbe3
dtucker@openbsd.org [Tue, 26 Mar 2024 08:09:16 +0000 (08:09 +0000)]
upstream: test -h is the POSIXly way of testing for a symlink. Reduces
diff vs Portable.
OpenBSD-Regress-ID:
6f31cd6e231e3b8c5c2ca0307573ccb7484bff7d
Darren Tucker [Tue, 26 Mar 2024 07:58:58 +0000 (18:58 +1100)]
Fix name of OpenBSD upstream CI jobs.
Darren Tucker [Tue, 26 Mar 2024 07:55:33 +0000 (18:55 +1100)]
Resync with upstream: ${} around DATAFILE.
djm@openbsd.org [Mon, 25 Mar 2024 19:28:09 +0000 (19:28 +0000)]
upstream: optional debugging
OpenBSD-Regress-ID:
b4852bf97ac8fb2e3530f2d5f999edd66058d7bc
dtucker@openbsd.org [Mon, 25 Mar 2024 06:05:42 +0000 (06:05 +0000)]
upstream: Verify string returned from local shell command.
OpenBSD-Regress-ID:
5039bde24d33d809aebfa8d3ad7fe9053224e6f8
dtucker@openbsd.org [Mon, 25 Mar 2024 03:30:31 +0000 (03:30 +0000)]
upstream: Improve shell portability: grep -q is not portable so
redirect stdout, and use printf instead of relying on echo to do \n
substitution. Reduces diff vs Portable.
Also resync somewhat with upstream.
OpenBSD-Regress-ID:
9ae876a8ec4c4725f1e9820a0667360ee2398337
dtucker@openbsd.org [Mon, 25 Mar 2024 02:07:08 +0000 (02:07 +0000)]
upstream: Save error code from SSH for use inside case statement,
from portable. In some shells, "case" will reset the value of $?, so save it
first.
OpenBSD-Regress-ID:
da32e5be19299cb4f0f7de7f29c11257a62d6949
dtucker@openbsd.org [Mon, 25 Mar 2024 01:40:47 +0000 (01:40 +0000)]
upstream: Increase timeout. Resyncs with portable where some of
the test VMs are slow enough for this to matter.
OpenBSD-Regress-ID:
6a83a693602eb0312f06a4ad2cd6f40d99d24b26
dtucker@openbsd.org [Mon, 25 Mar 2024 01:28:29 +0000 (01:28 +0000)]
upstream: In PuTTY interop test, don't assume the PuTTY major
version is 0. Patch from cjwatson at debian.org via bz#3671.
OpenBSD-Regress-ID:
835ed03c1b04ad46be82e674495521f11b840191
Darren Tucker [Tue, 26 Mar 2024 07:38:14 +0000 (18:38 +1100)]
Really mkdir /usr/local/etc in CI tests.
Darren Tucker [Tue, 26 Mar 2024 06:19:09 +0000 (17:19 +1100)]
Better short name for OpenBSD upstream CI jobs too.
Darren Tucker [Tue, 26 Mar 2024 06:13:52 +0000 (17:13 +1100)]
Ensure /usr/local/etc exists before using in tests.
Darren Tucker [Tue, 26 Mar 2024 05:50:46 +0000 (16:50 +1100)]
Be more specific about when to rerun workflows.
Darren Tucker [Tue, 26 Mar 2024 05:35:27 +0000 (16:35 +1100)]
Add short names for test jobs on github CI.
Darren Tucker [Tue, 26 Mar 2024 05:26:14 +0000 (16:26 +1100)]
If we're using xpg4's id, remember to pass args.
dtucker@openbsd.org [Tue, 26 Mar 2024 01:23:11 +0000 (01:23 +0000)]
upstream: Import regenerated moduli.
OpenBSD-Commit-ID:
ad3d1486d105b008c93e952d158e5af4d9d4c531
job@openbsd.org [Thu, 14 Mar 2024 06:23:14 +0000 (06:23 +0000)]
upstream: Clarify how literal IPv6 addresses can be used in -J mode
OK djm@
OpenBSD-Commit-ID:
524ddae97746b3563ad4a887dfd0a6e6ba114c50
Darren Tucker [Mon, 25 Mar 2024 05:14:21 +0000 (16:14 +1100)]
Add Mac OS X 14 test targets.
Darren Tucker [Mon, 25 Mar 2024 03:05:40 +0000 (14:05 +1100)]
Move xpg4 'id' handling into test-exec.sh.
Handle replacement of 'id' the same way as we do other Portable specific
replacements in test-exec.sh. This brings percent.sh back into sync
with upstream.
Darren Tucker [Sun, 24 Mar 2024 23:38:03 +0000 (10:38 +1100)]
Update branches shown on ci-status to 9.7 and 9.6.
Darren Tucker [Sun, 24 Mar 2024 22:28:02 +0000 (09:28 +1100)]
Improve detection of -fzero-call-used-regs=used.
Should better detect problems with gcc 13 on m68k. bz#3673 from Colin
Watson via bz#3673 and https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110934
Signed-off-by: Darren Tucker <dtucker@dtucker.net>
Damien Miller [Mon, 11 Mar 2024 05:20:49 +0000 (16:20 +1100)]
version number in README
Damien Miller [Mon, 11 Mar 2024 05:20:08 +0000 (16:20 +1100)]
crank RPM spec versions
djm@openbsd.org [Mon, 11 Mar 2024 04:59:47 +0000 (04:59 +0000)]
upstream: openssh-9.7
OpenBSD-Commit-ID:
618ececf58b8cdae016b149787af06240f7b0cbc
Darren Tucker [Mon, 11 Mar 2024 01:59:26 +0000 (12:59 +1100)]
Test against current OpenSSL and LibreSSL releases.
Add LibreSSL 3.9.0, bump older branches to their respective current
releases.
Damien Miller [Sun, 10 Mar 2024 05:24:57 +0000 (16:24 +1100)]
quote regexes used to test for algorithm support
Fixes test failures on Solaris 8 reported by Tom G. Christensen
djm@openbsd.org [Sat, 9 Mar 2024 05:12:13 +0000 (05:12 +0000)]
upstream: avoid logging in signal handler by converting mainloop to
ppoll() bz3670, reported by Ben Hamilton; ok dtucker@
OpenBSD-Commit-ID:
e58f18042b86425405ca09e6e9d7dfa1df9f5f7f
djm@openbsd.org [Fri, 8 Mar 2024 22:16:32 +0000 (22:16 +0000)]
upstream: skip more whitespace, fixes find-principals on
allowed_signers files with blank lines; reported by Wiktor Kwapisiewicz
OpenBSD-Commit-ID:
b3a22a2afd753d70766f34bc7f309c03706b5298
dtucker@openbsd.org [Fri, 8 Mar 2024 11:34:10 +0000 (11:34 +0000)]
upstream: Invoke ProxyCommand that uses stderr redirection via
$TEST_SHELL. Fixes test when run by a user whose login shell is tcsh.
Found by vinschen at redhat.com.
OpenBSD-Regress-ID:
f68d79e7f00caa8d216ebe00ee5f0adbb944062a
Darren Tucker [Thu, 7 Mar 2024 06:18:14 +0000 (17:18 +1100)]
Prefer openssl binary from --with-ssl-dir directory.
Use openssl in the directory specified by --with-ssl-dir as long
as it's functional. Reported by The Doctor.
djm@openbsd.org [Wed, 6 Mar 2024 02:59:59 +0000 (02:59 +0000)]
upstream: fix memory leak in mux proxy mode when requesting forwarding.
found by RASU JSC, reported by Maks Mishin in GHPR#467
OpenBSD-Commit-ID:
97d96a166b1ad4b8d229864a553e3e56d3116860
djm@openbsd.org [Wed, 6 Mar 2024 00:31:04 +0000 (00:31 +0000)]
upstream: wrap a few PKCS#11-specific bits in ENABLE_PKCS11
OpenBSD-Commit-ID:
463e4a69eef3426a43a2b922c4e7b2011885d923
Damien Miller [Wed, 6 Mar 2024 00:31:36 +0000 (11:31 +1100)]
disable RSA tests when algorithm is not supported
Unbreaks "make test" when compiled --without-openssl.
Similar treatment to how we do DSA and ECDSA.
Damien Miller [Tue, 5 Mar 2024 23:33:20 +0000 (10:33 +1100)]
add a --without-retpoline configure option
discussed with deraadt and dtucker a while ago
djm@openbsd.org [Mon, 4 Mar 2024 04:13:18 +0000 (04:13 +0000)]
upstream: fix leak of CanonicalizePermittedCNAMEs on error path;
spotted by Coverity (CID 438039)
OpenBSD-Commit-ID:
208839699939721f452a4418afc028a9f9d3d8af
djm@openbsd.org [Mon, 4 Mar 2024 02:16:11 +0000 (02:16 +0000)]
upstream: Separate parsing of string array options from applying them
to the active configuration. This fixes the config parser from erroneously
rejecting cases like:
AuthenticationMethods password
Match User ivy
AuthenticationMethods any
bz3657 ok markus@
OpenBSD-Commit-ID:
7f196cba634c2a3dba115f3fac3c4635a2199491
Darren Tucker [Thu, 22 Feb 2024 06:59:35 +0000 (17:59 +1100)]
Add nbsd10 test target.
Damien Miller [Thu, 22 Feb 2024 01:06:10 +0000 (12:06 +1100)]
more descriptive configure test name
djm@openbsd.org [Wed, 21 Feb 2024 06:17:29 +0000 (06:17 +0000)]
upstream: explain arguments of internal-sftp GHPR#454 from Niklas
Hambüchen
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
OpenBSD-Commit-ID:
0335d641ae6b5b6201b9ffd5dd06345ebbd0a3f3
djm@openbsd.org [Wed, 21 Feb 2024 06:06:43 +0000 (06:06 +0000)]
upstream: clarify permissions requirements for ChrootDirectory Part
of GHPR#454 from Niklas Hambüchen
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
OpenBSD-Commit-ID:
d37bc8786317a11649c62ff5e2936441186ef7a0
djm@openbsd.org [Wed, 21 Feb 2024 06:05:06 +0000 (06:05 +0000)]
upstream: .Cm for a keyword. Part of GHPR#454 from Niklas Hambüchen
OpenBSD-Commit-ID:
d59c52559f926fa82859035d79749fbb4a3ce18a
djm@openbsd.org [Wed, 21 Feb 2024 06:01:13 +0000 (06:01 +0000)]
upstream: fix typo in match directive predicate (s/tagged/tag) GHPR#462
from Tobias Manske
OpenBSD-Commit-ID:
05b23b772677d48aa82eefd7ebebd369ae758908
djm@openbsd.org [Wed, 21 Feb 2024 05:57:34 +0000 (05:57 +0000)]
upstream: fix proxy multiplexing mode, broken when keystroke timing
obfuscation was added. GHPR#463 from montag451
OpenBSD-Commit-ID:
4e412d59b3f557d431f1d81c715a3bc0491cc677
djm@openbsd.org [Tue, 20 Feb 2024 04:10:03 +0000 (04:10 +0000)]
upstream: don't append a gratuitous space to the end of subsystem
arguments; bz3667
OpenBSD-Commit-ID:
e11023aeb3f30b77a674e37b8292c862926d5dc6
dtucker@openbsd.org [Mon, 19 Feb 2024 09:25:52 +0000 (09:25 +0000)]
upstream: Always define puttysetup function.
OpenBSD-Regress-ID:
b4c0ccfa4006a1bc5dfd99ccf21c854d3ce2aee0
dtucker@openbsd.org [Fri, 9 Feb 2024 08:56:59 +0000 (08:56 +0000)]
upstream: Exapnd PuTTY test coverage.
Expand the set of ciphers, MACs and KEX methods in the PuTTY interop
tests.
OpenBSD-Regress-ID:
dd28d97d48efe7329a396d0d505ee2907bf7fc57
dtucker@openbsd.org [Fri, 9 Feb 2024 08:47:42 +0000 (08:47 +0000)]
upstream: Factor out PuTTY setup.
Factor out PuTTY and call only when needed.
This allows us to avoid PuTTY key setup when it's not needed, which
speeds up the overall test run by a couple of percent.
OpenBSD-Regress-ID:
c25eaccc3c91bc874400f7c85ce40e9032358c1c
naddy@openbsd.org [Sat, 10 Feb 2024 11:28:52 +0000 (11:28 +0000)]
upstream: clean sshd random relinking kit; ok miod@
OpenBSD-Commit-ID:
509bb19bb9762a4b3b589af98bac2e730541b6d4
djm@openbsd.org [Fri, 2 Feb 2024 00:13:34 +0000 (00:13 +0000)]
upstream: whitespace
OpenBSD-Commit-ID:
b24680bc755b621ea801ff8edf6f0f02b68edae1
Darren Tucker [Mon, 19 Feb 2024 06:29:31 +0000 (17:29 +1100)]
Improve error message for OpenSSL header check.
bz#3668, ok djm@
Darren Tucker [Wed, 7 Feb 2024 02:45:02 +0000 (13:45 +1100)]
Interop test against PuTTY snapshot and releases.
Darren Tucker [Tue, 6 Feb 2024 05:21:05 +0000 (16:21 +1100)]
Put privsep dir on OS X on /usr/local.
On some runners we can't create /var/empty, so put it some place we can
write. Should fix test breakage on Max OS X 11.
Darren Tucker [Tue, 6 Feb 2024 00:19:42 +0000 (11:19 +1100)]
Add --disable-fd-passing option.
.. and enable for the minix3 test VM. This will cause it to more reliably
skip tests that need FD passing and should fix the current test breakage.
Darren Tucker [Tue, 6 Feb 2024 00:18:44 +0000 (11:18 +1100)]
Use "skip" function instead doing it ourselves.
Damien Miller [Thu, 1 Feb 2024 03:01:18 +0000 (14:01 +1100)]
ignore some vim droppings
djm@openbsd.org [Thu, 1 Feb 2024 02:37:33 +0000 (02:37 +0000)]
upstream: whitespace
OpenBSD-Commit-ID:
bf9e4a1049562ee4322684fbdce07142f04fdbb7
Damien Miller [Tue, 16 Jan 2024 03:40:18 +0000 (14:40 +1100)]
skip tests that use multiplexing on Windows
Some tests here use multiplexing, skip these if DISABLE_FD_PASSING
is set. Should unbreak tests on Windows.
djm@openbsd.org [Thu, 11 Jan 2024 04:50:28 +0000 (04:50 +0000)]
upstream: don't disable RSA test when DSA is disabled; bug introduced
in last commit
OpenBSD-Regress-ID:
8780a7250bf742b33010e9336359a1c516f2d7b5
djm@openbsd.org [Thu, 11 Jan 2024 01:45:58 +0000 (01:45 +0000)]
upstream: make DSA testing optional, defaulting to on
ok markus
OpenBSD-Regress-ID:
dfc27b5574e3f19dc4043395594cea5f90b8572a
djm@openbsd.org [Thu, 11 Jan 2024 01:51:16 +0000 (01:51 +0000)]
upstream: ensure key_fd is filled when DSA is disabled; spotted by
tb@
OpenBSD-Commit-ID:
9dd417b6eec3cf67e870f147464a8d93f076dce7
djm@openbsd.org [Thu, 11 Jan 2024 01:45:36 +0000 (01:45 +0000)]
upstream: make DSA key support compile-time optional, defaulting to
on
ok markus@
OpenBSD-Commit-ID:
4f8e98fc1fd6de399d0921d5b31b3127a03f581d
jmc@openbsd.org [Wed, 10 Jan 2024 06:33:13 +0000 (06:33 +0000)]
upstream: fix incorrect capitalisation;
OpenBSD-Commit-ID:
cb07eb06e15fa2334660ac73e98f29b6a1931984
djm@openbsd.org [Tue, 9 Jan 2024 22:19:36 +0000 (22:19 +0000)]
upstream: extend ChannelTimeout regression test to exercise multiplexed
connections and the new "global" timeout type. ok dtucker@
OpenBSD-Regress-ID:
f10d19f697024e9941acad7c2057f73d6eacb8a2
djm@openbsd.org [Tue, 9 Jan 2024 22:19:00 +0000 (22:19 +0000)]
upstream: add a "global" ChannelTimeout type to ssh(1) and sshd(8)
that watches all open channels and will close all open channels if there is
no traffic on any of them for the specified interval. This is in addition to
the existing per-channel timeouts added a few releases ago.
This supports use-cases like having a session + x11 forwarding channel
open where one may be idle for an extended period but the other is
actively used. The global timeout would allow closing both channels when
both have been idle for too long.
ok dtucker@
OpenBSD-Commit-ID:
0054157d24d2eaa5dc1a9a9859afefc13d1d7eb3
djm@openbsd.org [Tue, 9 Jan 2024 21:39:14 +0000 (21:39 +0000)]
upstream: adapt ssh_api.c code for kex-strict
from markus@ ok me
OpenBSD-Commit-ID:
4d9f256852af2a5b882b12cae9447f8f00f933ac
Damien Miller [Mon, 8 Jan 2024 05:26:37 +0000 (16:26 +1100)]
nite that recent OSX tun/tap is unsupported
Sevan Janiyan [Wed, 27 Dec 2023 04:57:49 +0000 (04:57 +0000)]
README.platform: update tuntap url