+commit 6ebc4dd77a479892d5ca0cd2a567a651f70aad82
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Feb 18 19:03:42 2025 +1100
+
+ openssh-9.9p2
+
+commit 38df39ecf278a7ab5794fb03c01286f2cfe82c0d
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Feb 18 08:02:48 2025 +0000
+
+ upstream: Fix cases where error codes were not correctly set
+
+ Reported by the Qualys Security Advisory team. ok markus@
+
+ OpenBSD-Commit-ID: 7bcd4ffe0fa1e27ff98d451fb9c22f5fae6e610d
+
+commit 5e07dee272c34e193362fba8eda0e3c453f3c773
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Feb 18 08:02:12 2025 +0000
+
+ upstream: Don't reply to PING in preauth phase or during KEX
+
+ Reported by the Qualys Security Advisory team. ok markus@
+
+ OpenBSD-Commit-ID: c656ac4abd1504389d1733d85152044b15830217
+
+commit fb071011fb843142282b8b8a69cbb15e9b0b9485
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Feb 10 23:00:29 2025 +0000
+
+ upstream: fix "Match invalid-user" from incorrectly being activated
+
+ in initial configuration pass when no other predicates were present on the
+ match line
+
+ OpenBSD-Commit-ID: 02703b4bd207fafd03788bc4e7774bf80be6c9a8
+
+commit 729a26a978dd39db60d4625bdfb5405baa629e59
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Oct 30 14:25:14 2024 +1100
+
+ fix uint64_t types; reported by Tom G. Christensen
+
+commit 33c5f384ae03a5d1a0bd46ca0fac3c62e4eaf784
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Oct 27 13:28:11 2024 +1100
+
+ htole64() etc for systems without endian.h
+
+commit fe8d28a7ebbaa35cfc04a21263627f05c237e460
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sun Oct 27 02:06:59 2024 +0000
+
+ upstream: explicitly include endian.h
+
+ OpenBSD-Commit-ID: 13511fdef7535bdbc35b644c90090013da43a318
+
+commit 11f348196b3fb51c3d8d1f4f36db9d73f03149ed
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sun Oct 27 02:06:01 2024 +0000
+
+ upstream: fix ML-KEM768x25519 KEX on big-endian systems; spotted by
+
+ jsg@ feedback/ok deraadt@
+
+ OpenBSD-Commit-ID: 26d81a430811672bc762687166986cad40d28cc0
+
+commit 19bcb2d90c6caf14abf386b644fb24eb7afab889
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Thu Sep 26 23:55:08 2024 +0000
+
+ upstream: fix previous change to ssh_config Match, which broken on
+
+ negated Matches; spotted by phessler@ ok deraadt@
+
+ OpenBSD-Commit-ID: b1c6acec66cd5bd1252feff1d02ad7129ced37c7
+
+commit 66878e12a207fa9746dee3e2bdcca29b704cf035
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Sep 25 01:24:04 2024 +0000
+
+ upstream: fix regression introduced when I switched the "Match"
+
+ criteria tokeniser to a more shell-like one. Apparently the old tokeniser
+ (accidentally?) allowed "Match criteria=argument" as well as the "Match
+ criteria argument" syntax that we tested for.
+
+ People were using this syntax so this adds back support for
+ "Match criteria=argument"
+
+ bz3739 ok dtucker
+
+ OpenBSD-Commit-ID: d1eebedb8c902002b75b75debfe1eeea1801f58a
+
+commit ff2cd1dd5711ff88efdf26662d6189d980439a1f
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Sep 25 11:15:45 2024 +1000
+
+ gss-serv.c needs sys/param.h
+
+ From Void Linux
+
+commit 2c12ae8cf9b0b7549ae097c4123abeda0ee63e5b
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Sep 25 11:13:05 2024 +1000
+
+ build construct_utmp() when USE_BTMP is set
+
+ Fixes compile error on Void Linux/Musl
+
+commit c7fda601186ff28128cfe3eab9c9c0622de096e1
+Author: Christoph Ostarek <christoph@zededa.com>
+Date: Wed Jul 3 12:46:59 2024 +0200
+
+ fix utmpx ifdef
+
+ 02e16ad95fb1f56ab004b01a10aab89f7103c55d did a copy-paste for
+ utmpx, but forgot to change the ifdef appropriately
+
+commit 7cf4dc414de689c467e58e49fb83f6609c3ed36b
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Mon Sep 23 20:54:26 2024 +1000
+
+ Remove non-9.9 branch statuses.
+
+commit 8513f4d30ae85d17b3b08da6bc3be76f8c73123c
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Mon Sep 23 20:52:31 2024 +1000
+
+ Add 9.9 branch to CI status console.
+
+commit 53a80baaebda180f46e6e8571f3ff800e1f5c496
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Sep 20 08:20:48 2024 +1000
+
+ autogenerated files for release
+
commit 46d1fb16b20e971b9ac15e86a3d3e350b49c9ad6
Author: Damien Miller <djm@mindrot.org>
Date: Fri Sep 20 08:20:13 2024 +1000
This fixes tests on platforms that do not have the openssl tool
installed at all.
-
-commit 2a7e3449908571af601a4c2d12ab140096442e47
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Fri Feb 17 04:22:50 2023 +0000
-
- upstream: Remove now-unused compat bit SSH_BUG_RSASIGMD5. The code
-
- to set this was removed in OpenSSH 7.7 when support for SSH implementations
- dating back to before RFC standardization were removed. "burn it all" djm@
-
- OpenBSD-Commit-ID: 6330935fbe23dd00be79891505e06d1ffdac7cda
-
-commit 0833ccf2c8b7ae08b296c06f17bd53e3ab94b0b0
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Fri Feb 17 03:06:18 2023 +0000
-
- upstream: Remove now-unused compat bit SSH_BUG_BIGENDIANAES. This
-
- was previously set for OpenSSH 2.3 (released in 2000) but this check was
- removed in OpenSSH 7.7 (2018). ok djm@ deraadt@
-
- OpenBSD-Commit-ID: 326426ea328707fc9e83305291ab135c87f678af
-
-commit c81c2bea6e828d52b62b448b4ffdd3c163177975
-Author: Damien Miller <djm@mindrot.org>
-Date: Fri Feb 17 10:12:40 2023 +1100
-
- whitespace fixes
-
-commit 500f90b39db5f0014e6b0c49ff1f45c994b69293
-Author: Damien Miller <djm@mindrot.org>
-Date: Fri Feb 17 10:02:08 2023 +1100
-
- whitespace at EOL
-
-commit 68350152406339170721c15e97afdf827a5e4001
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Thu Feb 16 10:10:00 2023 +0000
-
- upstream: Remove SSH_BUG_PASSWORDPAD compat bit
-
- since it's no longer used. ok markus@
-
- OpenBSD-Commit-ID: b92c21f56fe4b7f9a54790d6a9650725c226820b
-
-commit 537cccd804eaf65f32bdce037cc31db4e0ab0f44
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Thu Feb 16 07:55:15 2023 +0000
-
- upstream: Remove SSH_BUG_IGNOREMSG compat flag
-
- since it's only applicable to SSH1 and thus no longer used. ok markus@
- "kill it with fire" djm@
-
- OpenBSD-Commit-ID: ea13318b1937795d9db4790d3ce0a6ed01584dab
-
-commit 285cf6cd4b91a0a0ce33193c358c99085af33e43
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date: Fri Feb 10 06:41:53 2023 +0000
-
- upstream: space between macro and punctuation; sort usage();
-
- OpenBSD-Commit-ID: 6141610cfca037700730e41f868d1d9124958f8c
-
-commit d39a96f70f81878c77336ed35f5c648c1804b71a
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date: Fri Feb 10 06:40:48 2023 +0000
-
- upstream: space between macro and punctuation;
-
- OpenBSD-Commit-ID: abc95e550be9e6d9a7ff64b65c104c7be21ab19e
-
-commit 16e82bf53fc34e43e3b948d43b68d5b27a7335e6
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date: Fri Feb 10 06:39:27 2023 +0000
-
- upstream: sort SYNOPSIS;
-
- OpenBSD-Commit-ID: dacd9da33277d5669a51213d880632599c890c1e
-
-commit d9685121ff6d57b8797411f3cb123884a4b96e30
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Sat Feb 11 12:32:19 2023 +1100
-
- Improve seccomp compat on older systems.
-
- Check if flags to mmap and madvise are defined before using them.
- Should fix problems building on older Linux systems that don't have
- these. bz#3537, with & ok djm@.
-
-commit 6180b0fa4f7996687678702806257e661fd5931e
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Feb 10 05:06:03 2023 +0000
-
- upstream: test -Ohashalg=... and that the default output contains both
-
- specified hash algorithms; prompted by dtucker@
-
- OpenBSD-Regress-ID: 26f309208c8d8b8fa9c5f419767b85f1e9b22f51
-
-commit d651f5c9fe37e61491eee46c49ba9fa03dbc0e6a
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Feb 10 04:56:30 2023 +0000
-
- upstream: let ssh-keygen and ssh-keyscan accept
-
- -Ohashalg=sha1|sha256 when outputting SSHFP fingerprints to allow algorithm
- selection. bz3493 ok dtucker@
-
- OpenBSD-Commit-ID: e6e07fe21318a873bd877f333e189eb963a11b3d
-
-commit 18938d11a90b74d63c20b2d3c965d5bd64786ab1
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Feb 10 04:47:19 2023 +0000
-
- upstream: add a `sshd -G` option that parses and prints the
-
- effective configuration without attempting to load private keys and perform
- other checks. This allows usage of the option before keys have been
- generated.
-
- bz3460 feedback/ok dtucker@
-
- OpenBSD-Commit-ID: 774504f629023fc25a559ab1d95401adb3a7fb29
-
-commit df7d3dbf7194db8e97730ee0425d4d9d7bdb8b10
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Feb 10 04:40:28 2023 +0000
-
- upstream: make `ssh -Q CASignatureAlgorithms` work as the manpage says
-
- it should bz3532
-
- OpenBSD-Commit-ID: 0ddb17b3fcbd99bfb5baea4ac5e449620cbd3adc
-
-commit d3b8d4198b6595f23b5859d43dc8fc701f97429b
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Fri Feb 10 14:26:44 2023 +1100
-
- Add CentOS 7 test targets.
-
-commit 22efb01e355bba4755b730ed417f91c081445bfc
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Thu Feb 9 09:55:33 2023 +0000
-
- upstream: Test adding terminating newline to known_hosts.
-
- OpenBSD-Regress-ID: 5fc3010ac450195b3fbdeb68e875564968800365
-
-commit caec6da1a583ed8c32c6ad3b81bbcaab46ac8b61
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Wed Feb 8 08:06:03 2023 +0000
-
- upstream: ssh-agent doesn't actually take -v,
-
- so the recently-added ones will result in the test not cleaning up
- after itself. Patch from cjwatson at debian.org vi bz#3536.
-
- OpenBSD-Regress-ID: 1fc8283568f5bf2f918517c2c1e778072cf61b1a
-
-commit 3c379c9a849a635cc7f05cbe49fe473ccf469ef9
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Thu Feb 9 09:54:11 2023 +0000
-
- upstream: Ensure that there is a terminating newline when adding a new
-
- entry to known_hosts. bz#3529, with git+openssh at limpsquid.nl, ok deraadt@
- markus@
-
- OpenBSD-Commit-ID: fa8d90698da1886570512b96f051e266eac105e0
-
-commit 95b6bbd2553547260b324b39d602061c88b774bc
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Tue Feb 7 08:43:47 2023 +1100
-
- Replace 9.1 with 9.2 on CI status page.
-
-commit 195313dfe10a23c82e9d56d5fdd2f59beee1bdcf
-Author: Damien Miller <djm@mindrot.org>
-Date: Fri Feb 3 16:33:09 2023 +1100
-
- harden Linux seccomp sandbox
-
- Linux mmap(2) and madvise(2) syscalls support quite a number of funky
- flags that we don't expect that sshd/libc will ever need. We can
- exclude this kernel attack surface by filtering the mmap(2) flags
- and the madvise(2) advice arguments.
-
- Similarly, the sandboxed process in sshd is a single-threaded program
- that does not use shared memory for synchronisation or communication.
- Therefore, there should be no reason for the advanced priority
- inheritance futex(2) operations to be necessary. These can also be
- excluded.
-
- Motivated by Jann Horn pointing out that there have been kernel bugs
- in nearby Linux kernel code, e.g. CVE-2020-29368, CVE-2020-29374 and
- CVE-2022-42703.
-
- Feedback Jann Horn, ok dtucker@
-
-commit 6dfb65de949cdd0a5d198edee9a118f265924f33
-Author: Damien Miller <djm@mindrot.org>
-Date: Thu Feb 2 23:21:54 2023 +1100
-
- crank versions in RPM specs
-
-commit d07cfb11a0ca574eb68a3931d8c46fbe862a2021
-Author: Damien Miller <djm@mindrot.org>
-Date: Thu Feb 2 23:21:45 2023 +1100
-
- update version in README
-
-commit 9fe207565b4ab0fe5d1ac5bb85e39188d96fb214
-Author: Damien Miller <djm@mindrot.org>
-Date: Thu Feb 2 23:17:49 2023 +1100
-
- adapt compat_kex_proposal() test to portable
-
-commit 903c556b938fff2d7bff8da2cc460254430963c5
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Feb 2 12:12:52 2023 +0000
-
- upstream: test compat_kex_proposal(); by dtucker@
-
- OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2
-
-commit 405fba71962dec8409c0c962408e09049e5624b5
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Thu Jan 19 07:53:45 2023 +0000
-
- upstream: Check if we can copy sshd or need to use sudo to do so
-
- during reexec test. Skip test if neither can work. Patch from anton@, tweaks
- from me.
-
- OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d
-
-commit b2a2a8f69fd7737ea17dc044353c514f2f962f35
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Feb 2 12:10:22 2023 +0000
-
- upstream: openssh-9.2
-
- OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923
-
-commit 12da7823336434a403f25c7cc0c2c6aed0737a35
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Feb 2 12:10:05 2023 +0000
-
- upstream: fix double-free caused by compat_kex_proposal(); bz3522
-
- by dtucker@, ok me
-
- OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80
-
-commit 79efd95ab5ff99f4cb3a955e2d713b3f54fb807e
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Wed Feb 1 17:17:26 2023 +1100
-
- Skip connection-timeout test on minix3.
-
- Minix 3's Unix domain sockets don't seem to work the way we expect, so
- skip connection-timeout test on that platform. While there, group
- together all similarly skipped tests and explicitly comment.
-
-commit 6b508c4e039619842bcf5a16f8a6b08dd6bec44a
-Author: Damien Miller <djm@mindrot.org>
-Date: Wed Feb 1 12:12:05 2023 +1100
-
- fix libfido2 detection without pkg-config
-
- Place libfido2 before additional libraries (that it may depend upon)
- and not after. bz3530 from James Zhang; ok dtucker@
-
-commit 358e300fed5e6def233a2c06326e51e20ebed621
-Author: deraadt@openbsd.org <deraadt@openbsd.org>
-Date: Wed Jan 18 20:56:36 2023 +0000
-
- upstream: delete useless dependency
-
- OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad
-
-commit a4cb9be1b021b511e281ee55c356f964487d9e82
-Author: deraadt@openbsd.org <deraadt@openbsd.org>
-Date: Wed Jan 18 20:43:15 2023 +0000
-
- upstream: Create and install sshd random relink kit.
-
- ../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't
- be too fragile, we'll see if we need a different approach. The resulting sshd
- binary is tested with the new sshd -V option before installation. As the
- binary layout is now semi-unknown (meaning relative, fixed, and gadget
- offsets are not precisely known), change the filesystem permissions to 511 to
- prevent what I call "logged in BROP". I have ideas for improving this further
- but this is a first step ok djm
-
- OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8
-
-commit bc7de6f91a9a0ae2f148a9d31a4027d441a51999
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date: Wed Jan 18 06:55:32 2023 +0000
-
- upstream: tweak previous; ok djm
-
- OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3
-
-commit a20b7e999773e6333c8aa9b0a7fa41966e63b037
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Tue Jan 31 19:35:44 2023 +1100
-
- Skip connection-timeout test under Valgrind.
-
- Valgrind slows things down so much that the timeout test fails. Skip
- this test until we figure out if we can make it work.
-
-commit c3ffb54b4fc5e608206037921db6ccbc2f5ab25f
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Wed Jan 25 21:58:40 2023 +1100
-
- Skip connection-timeout when missing FD passing.
-
- This tests uses multiplexing which uses file descriptor passing, so
- skip it if we don't have that. Fixes test failures on Cygwin.
-
-commit 35253af01d8c0ab444c8377402121816e71c71f5
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Jan 18 02:00:10 2023 +0000
-
- upstream: when restoring non-blocking mode to stdio fds, restore
-
- exactly the flags that ssh started with and don't just clobber them with
- zero, as this could also remove the append flag from the set;
-
- bz3523; ok dtucker@
-
- OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0
-
-commit 7d17ea151c0b2519f023bd9cc7f141128833ac47
-Author: millert@openbsd.org <millert@openbsd.org>
-Date: Wed Jan 18 01:50:21 2023 +0000
-
- upstream: Add a -V (version) option to sshd like the ssh client
-
- has. OK markus@ deraadt@
-
- OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e
-
-commit 62360feb7f08f2a4c6fc36f3b3449309203c42c9
-Author: millert@openbsd.org <millert@openbsd.org>
-Date: Tue Jan 17 18:52:44 2023 +0000
-
- upstream: For "ssh -V" always exit 0, there is no need to check opt
-
- again. This was missed when the fallthrough in the switch case above it was
- removed. OK deraadt@
-
- OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120
-
-commit 12492c0abf1eb415d08a897cc1d8b9e789888230
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Jan 17 10:15:10 2023 +0000
-
- upstream: also check that an active session inhibits
-
- UnusedConnectionTimeout idea markus@
-
- OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003
-
-commit cef2593c33ac46a58238ff998818754eabdf64ff
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Jan 17 10:02:34 2023 +0000
-
- upstream: regression test for UnusedConnectionTimeout
-
- OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084
-
-commit aff9493a89c71d6a080419b49ac64eead9730491
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Jan 16 04:11:29 2023 +0000
-
- upstream: unbreak test: cannot access shell positional parameters
-
- past $9 without wrapping the position in braces (i.e. need ${10}, etc.)
-
- OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac
-
-commit 0293c19807f83141cdf33b443154459f9ee471f6
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Jan 17 09:44:48 2023 +0000
-
- upstream: Add a sshd_config UnusedConnectionTimeout option to terminate
-
- client connections that have no open channels for some length of time. This
- complements the recently-added ChannelTimeout option that terminates inactive
- channels after a timeout.
-
- ok markus@
-
- OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9
-
-commit 8ec2e3123802d2beeca06c1644b0b647f6d36dab
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Sun Jan 15 23:35:10 2023 +0000
-
- upstream: adapt to ed25519 changes in src/usr.bin/ssh
-
- OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5
-
-commit 9fbbfeca1ce4c7ec0001c827bbf4189a3ba0964b
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Sun Jan 15 23:05:32 2023 +0000
-
- upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP
-
- (20221122) and change the import approach to the same one we use for
- Streamlined NTRUPrime: use a shell script to extract the bits we need from
- SUPERCOP, make some minor adjustments and squish them all into a single file.
-
- ok tb@ tobhe@
-
- OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b
-
-commit 6283f4bd83eee714d0f5fc55802eff836b06fea8
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Sat Jan 14 22:02:44 2023 +1100
-
- Allow writev is seccomp sandbox.
-
- This seems to be used by recent glibcs at least in some configurations.
- From bz#3512, ok djm@
-
-commit 923c3f437f439cfca238fba37e97a7041782f615
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Sat Jan 14 10:05:54 2023 +0000
-
- upstream: Shell syntax fix. From ren mingshuai vi github PR#369.
-
- OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9
-
-commit 4d87a00f704e0365e11c3c38b170c1275ec461fc
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Sat Jan 14 09:57:08 2023 +0000
-
- upstream: Instead of skipping the all-tokens test if we don't have
-
- OpenSSL (since we use it to compute the hash), put the hash at the end and
- just omit it if we don't have it. Prompted by bz#3521.
-
- OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea
-
-commit b05406d6f93b8c8ec11ec8b27e7c76cc7a5a55fb
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date: Fri Jan 13 07:13:40 2023 +0000
-
- upstream: fix double phrase in previous;
-
- OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2
-
-commit 40564812b659c530eb1f4b62d09e85612aef3107
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Fri Jan 13 03:16:29 2023 +0000
-
- upstream: Document "UserKnownHostsFile none". ok djm@
-
- OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5
-
-commit d03e245e034019a37388f6f5f893ce848ab6d2e2
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Fri Jan 13 23:02:34 2023 +1100
-
- Retry package installation 3 times.
-
- When setting up the CI environment, retry package installation 3 times
- before going up. Should help prevent spurious failures during
- infrastructure issues.
-
-commit 625f6bc39840167dafb3bf5b6a3e18503ac986e8
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Fri Jan 13 04:47:34 2023 +0000
-
- upstream: Move scp path setting to a helper function. The previous
-
- commit to add scp to the test sshd's path causes the t-envpass test to fail
- when the test scp is given using a fully qualified path. Put this in a
- helper function and only call it from the scp tests.
-
- OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4
-
-commit 6e6f88647042b3cde54a628545c2f5fb656a9327
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Fri Jan 13 04:23:00 2023 +0000
-
- upstream: Add scp's path to test sshd's PATH.
-
- If the scp we're testing is fully qualified (eg it's not in the system
- PATH) then add its path to the under-test sshd's PATH so we can find
- it. Prompted by bz#3518.
-
- OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0
-
-commit 8a5e99a70fcf9b022a8aa175ebf6a71f58511da3
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Fri Jan 13 15:49:48 2023 +1100
-
- Remove skipping test when scp not in path.
-
- An upcoming change renders this obsolete by adding scp's path to the
- test sshd's PATH, and removing this first will make the subsequent sync
- easier.
-
-commit 41f36dd896c8fb8337d403fcf476762986976e9d
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Fri Jan 13 02:58:20 2023 +0000
-
- upstream: Add a "Host" line to the output of ssh -G showing the
-
- original host arg. Inspired by patch from vincent at bernat.ch via bz#3343,
- ok djm@
-
- OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883
-
-commit f673b49f3be3eb51074fbb8a405beb6cd0f7d93e
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Jan 13 02:44:02 2023 +0000
-
- upstream: avoid printf("%s", NULL) if using ssh
-
- -oUserKnownHostsFile=none and a hostkey in one of the system known hosts file
- changes; ok dtucker@
-
- OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614
-
-commit 93fc7c576563e3d88a1dc019dd213f65607784cc
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Jan 11 05:39:38 2023 +0000
-
- upstream: clamp the minimum buffer lengths and number of inflight
-
- requests too
-
- OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56
-
-commit 48bf234322e639d279c5a28435eae50155e9b514
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Jan 11 05:36:50 2023 +0000
-
- upstream: ignore bogus upload/download buffer lengths in the limits
-
- extension
-
- OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8
-
-commit 36b00d31833ca74cb0f7c7d8eda1bde55700f929
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Jan 11 02:13:52 2023 +0000
-
- upstream: remove whitespace at EOL from code extracted from SUPERCOP
-
- OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4
-
-commit d888de06c5e4d7dbf2f2b85f2b5bf028c570cf78
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Jan 11 00:51:27 2023 +0000
-
- upstream: rewrite this test to use a multiplexed ssh session so we can
-
- control its lifecycle without risk of race conditions; fixes some of the
- Github integration tests for openssh-portable
-
- OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969
-
-commit 4bcc737a35fdd9cc4af7423d6c23dfd0c7ef4786
-Author: Damien Miller <djm@mindrot.org>
-Date: Wed Jan 11 11:45:17 2023 +1100
-
- remove buffer len workaround for NetBSD 4.x
-
- Switching to from pipes to a socketpair for communicating with the
- ssh process avoids the (kernel bug?) problem.
-
-commit f5154d2aac3e6a32a1b13dec23a701a087850cdc
-Author: Damien Miller <djm@mindrot.org>
-Date: Wed Jan 11 11:44:19 2023 +1100
-
- add back use of pipes in scp.c under USE_PIPES
-
- This matches sftp.c which prefers socketpair but uses pipes on
- some older platforms.
-
-commit eec737b59cf13841de46134967a206607000acd4
-Author: millert@openbsd.org <millert@openbsd.org>
-Date: Tue Jan 10 23:22:15 2023 +0000
-
- upstream: Switch scp from using pipes to a socketpair for
-
- communication with it's ssh sub-processes. We no longer need to reserve two
- descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is
- handled by sanitise_stdfd() in main(). Based on an original diff from djm@.
- OK deraadt@ djm@
-
- OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d
-
-commit d213d126a4a343abd3a1eb13687d39c1891fe5c8
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date: Fri Jan 6 08:44:11 2023 +0000
-
- upstream: tweak previous; ok djm
-
- OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858
-
-commit 4a5590a5ee47b7dfd49773e9fdba48ad3089fe64
-Author: Damien Miller <djm@mindrot.org>
-Date: Mon Jan 9 16:33:56 2023 +1100
-
- try to improve logging for dynamic-forward test
-
- previously the logs from the ssh used to exercise the forwarding
- channel would clobber the logs from the ssh actually doing the
- forwarding
-
-commit 715bc25dcfccf9fb2bee820155fe071d01a618db
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Sat Jan 7 23:24:50 2023 +1100
-
- Skip dynamic-forward test on minix3.
-
- This test relies on loopback addresses which minix does not have.
- Previously the test would not run at all since it also doesn't have
- netcat, but now we use our own netcat it tries and fails.
-
-commit dd1249bd5c45128a908395c61b26996a70f82205
-Author: Damien Miller <djm@mindrot.org>
-Date: Sun Jan 8 12:08:59 2023 +1100
-
- don't test IPv6 addresses if platform lacks support
-
-commit d77fc611a62f2dfee0b654c31a50a814b13310dd
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Fri Jan 6 12:33:33 2023 +0000
-
- upstream: When OpenSSL is not available, skip parts of percent test
-
- that require it. Based on github pr#368 from ren mingshuai.
-
- OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2
-
-commit 1cd2aac312af9172f1b5cb06c2e1cd090abb83cf
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Sat Jan 7 23:01:11 2023 +1100
-
- Use our own netcat for dynamic-forward test.
-
- That way we can be surer about its behaviour rather than trying to
- second-guess the behaviour of various netcat implementations.
-
-commit 26cab41c05d7b0859d2a1ea5b6ed253d91848a80
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Sat Jan 7 14:30:43 2023 +1100
-
- Use autoconf to find openssl binary.
-
- It's possible to install an OpenSSL in a path not in the system's
- default library search path. OpenSSH can still use this (eg if you
- specify an rpath) but the openssl binary there may not work. If one is
- available on the system path just use that.
-
-commit 5532e010a0eeb6aa264396514f9aed7948471538
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Sat Jan 7 10:34:18 2023 +1100
-
- Check openssl_bin path is executable before using.
-
-commit 5d7b16cff48598d5908db970bfdc9ff9326142c8
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Fri Jan 6 23:19:07 2023 +1100
-
- Set OPENSSL_BIN from OpenSSL directory.
-
-commit 344a0e8240eaf08da5d46a5e3a9ecad6e4f64c35
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Fri Jan 6 08:50:33 2023 +0000
-
- upstream: Save debug logs from ssh for debugging purposes.
-
- OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0
-
-commit e1ef172646f7f49c80807eea90225ef5e0be55a8
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Jan 6 08:07:39 2023 +0000
-
- upstream: regression test for ChannelTimeout
-
- OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685
-
-commit 2393ea8daf25853459eb07a528d7577688847777
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Jan 6 07:18:18 2023 +0000
-
- upstream: fix typo in verbose logging
-
- OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9
-
-commit 161a5378a3cc2e7aa3f9674cb7f4686ae6ce9586
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Jan 6 02:59:50 2023 +0000
-
- upstream: unit tests for misc.c:ptimeout_* API
-
- OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94
-
-commit 018d671d78145f03d6f07ae9d64d51321da70325
-Author: tb@openbsd.org <tb@openbsd.org>
-Date: Wed Jan 4 22:48:57 2023 +0000
-
- upstream: Copy bytes from the_banana[] rather than banana()
-
- Fixes test failure due to segfault seen on arm64 with xonly snap.
-
- ok djm
-
- OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046
-
-commit ab6bb69e251faa8b24f81b25c72ec0120f20cad4
-Author: Damien Miller <djm@mindrot.org>
-Date: Fri Jan 6 19:13:36 2023 +1100
-
- unbreak scp on NetBSD 4.x
-
- e555d5cad5 effectively increased the default copy buffer size for SFTP
- transfers. This caused NetBSD 4.x to hang during the "copy local file to
- remote file in place" scp.sh regression test.
-
- This puts back the original 32KB copy buffer size until we can properly
- figure out why.
-
- lots of debugging assistance from dtucker@
-
-commit 2d1ff2b9431393ad99ef496d5e3b9dd0d4f5ac8c
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Jan 6 02:47:18 2023 +0000
-
- upstream: Implement channel inactivity timeouts
-
- This adds a sshd_config ChannelTimeouts directive that allows channels that
- have not seen traffic in a configurable interval to be automatically closed.
- Different timeouts may be applied to session, X11, agent and TCP forwarding
- channels.
-
- Note: this only affects channels over an opened SSH connection and not
- the connection itself. Most clients close the connection when their channels
- go away, with a notable exception being ssh(1) in multiplexing mode.
-
- ok markus dtucker
-
- OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8
-
-commit 0e34348d0bc0b1522f75d6212a53d6d1d1367980
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Jan 6 02:42:34 2023 +0000
-
- upstream: Add channel_set_xtype()
-
- This sets an "extended" channel type after channel creation (e.g.
- "session:subsystem:sftp") that will be used for setting channel inactivity
- timeouts.
-
- ok markus dtucker
-
- OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca
-
-commit ceedf09b2977f3a756c759a6e7eb8f8e9db86a18
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Jan 6 02:41:49 2023 +0000
-
- upstream: tweak channel ctype names
-
- These are now used by sshd_config:ChannelTimeouts to specify timeouts by
- channel type, so force them all to use a similar format without whitespace.
-
- ok dtucker markus
-
- OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65
-
-commit c60438158ad4b2f83d8504257aba1be7d0b0bb4b
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Jan 6 02:39:59 2023 +0000
-
- upstream: Add channel_force_close()
-
- This will forcibly close an open channel by simulating read/write errors,
- draining the IO buffers and calling the detach function.
-
- Previously the detach function was only ever called during channel garbage
- collection, but there was no way to signal the user of a channel (e.g.
- session.c) that its channel was being closed deliberately (vs. by the
- usual state-machine logic). So this adds an extra "force" argument to the
- channel cleanup callback to indicate this condition.
-
- ok markus dtucker
-
- OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b
-
-commit d478cdc7ad6edd4b1bcd1e86fb2f23194ff33d5a
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Jan 6 02:38:23 2023 +0000
-
- upstream: replace manual poll/ppoll timeout math with ptimeout API
-
- feedback markus / ok markus dtucker
-
- OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2
-
-commit 4adf3817a24efe99b06e62630577d683c7cd8065
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Jan 6 02:37:04 2023 +0000
-
- upstream: add ptimeout API for keeping track of poll/ppoll
-
- timeouts; ok dtucker markus
-
- OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead
-
-commit 8c7c69d32375d2f3ce9da0109c9bffc560842316
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Jan 5 05:49:13 2023 +0000
-
- upstream: suppress "Connection closed" message when in quiet mode
-
- OpenBSD-Commit-ID: 8a3ab7176764da55f60bfacfeae9b82d84e3908f
-
-commit 845ceecea2ac311b0c267f9ecbd34862e1876fc6
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Jan 2 07:03:57 2023 +0000
-
- upstream: regression test for PermitRemoteOpen
-
- OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c
-
-commit b3daa8dc582348d6ab8150bc1e571b7aa08c5388
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Jan 2 07:03:30 2023 +0000
-
- upstream: fix bug in PermitRemoteOpen which caused it to ignore its
-
- first argument unless it was one of the special keywords "any" or "none".
-
- Reported by Georges Chaudy in bz3515; ok dtucker@
-
- OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5
-
-commit 0872663a7be0301bcc3d49acdbc9b740a3d972d4
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date: Mon Dec 26 19:16:03 2022 +0000
-
- upstream: spelling fixes; from paul tagliamonte amendments to his
-
- diff are noted on tech
-
- OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a
-
-commit 797da2812a71785b34890bb6eb44767a7d09cd34
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Dec 16 07:13:22 2022 +0000
-
- upstream: Mention that scp uses the SFTP protocol and remove
-
- reference to legacy flag. Spotted by, feedback and ok jmc@
-
- OpenBSD-Commit-ID: 9dfe04966f52e941966b46c7a2972147f95281b3
-
-commit 93f2ce8c050a7a2a628646c00b40b9b53fef93ef
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Dec 16 06:56:47 2022 +0000
-
- upstream: Clear signal mask early in main(); sshd may have been
-
- started with one or more signals masked (sigprocmask(2) is not cleared
- on fork/exec) and this could interfere with various things, e.g. the
- login grace timer.
-
- Execution environments that fail to clear the signal mask before running
- sshd are clearly broken, but apparently they do exist.
-
- Reported by Sreedhar Balasubramanian; ok dtucker@
-
- OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae
-
-commit 4acfaabfae41badb9d334a2ee88c5c6ad041c0d5
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date: Fri Dec 16 06:52:48 2022 +0000
-
- upstream: add -X to usage();
-
- OpenBSD-Commit-ID: 1bdc3df7de11d766587b0428318336dbffe4a9d0
-
-commit e555d5cad5afae7d5ef2bbc02ca591178fe16fed
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Dec 16 03:40:03 2022 +0000
-
- upstream: add a -X option to both scp(1) and sftp(1) to allow
-
- control over some SFTP protocol knobs: the copy buffer length and
- the number of inflight requests, both of which are used during
- upload/download.
-
- Previously these could be controlled in sftp(1) using the -b/-R options.
- This makes them available in both SFTP protocol clients using the same
- option character sequence.
-
- ok dtucker@
-
- OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c
-
-commit 5a7a7acab2f466dc1d7467b5d05d35268c3137aa
-Author: deraadt@openbsd.org <deraadt@openbsd.org>
-Date: Thu Dec 15 18:20:39 2022 +0000
-
- upstream: The idiomatic way of coping with signed char vs unsigned
-
- char (which did not come from stdio read functions) in the presence of
- ctype macros, is to always cast to (unsigned char). casting to (int)
- for a "macro" which is documented to take int, is weird. And sadly wrong,
- because of the sing extension risk.. same diff from florian
-
- OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea
-
-commit b0b58222c7cc62efd8212c4fb65a545f58ebb22d
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Mon Dec 19 18:49:51 2022 +1100
-
- Simply handling of SSH_CONNECTION PAM env var.
-
- Prompted by bz#3508: there's no need to cache the value of
- sshpam_conninfo so remove the global. While there, add check of
- return value from pam_putenv. ok djm@
-
-commit ed8444572ae684fdb892f97bae342c6cb6456f04
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Mon Dec 19 18:42:34 2022 +1100
-
- Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s.
-
-commit abb9a8aaddfcacbd12641f6e4f203da0fa85a287
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Sun Dec 18 21:36:25 2022 +1100
-
- Use sudo when resetting perms on directories.
-
-commit 2f5664c5908d84697cbe91302d5d5c4d83cb2121
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Sun Dec 18 21:19:33 2022 +1100
-
- Set group perms on regress dir.
-
- This ensures that the tests don't fail due to StrictMode checks.
-
-commit 137196300fc1540affadde880210f02ba6cb4abf
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Sun Dec 18 21:13:42 2022 +1100
-
- Fetch regress logs from obj dir.
-
-commit 5f93c4836527d9fda05de8944a1c7b4a205080c7
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Tue Dec 13 20:59:54 2022 +1100
-
- obsdsnap test VMs runs-on libvirt too.
-
-commit 8386886fb1ab7fda73069fb0db1dbe0e5a52f758
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Tue Dec 13 20:55:37 2022 +1100
-
- Run upstream obsdsnap tests on ephemeral runners.
-
-commit b6e01459b55ece85d7f296b2bc719d1841e1009e
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Tue Dec 13 20:48:56 2022 +1100
-
- Move obsdsnap test VMs to ephemeral runners.
-
-commit ea6fdf9a1aa71a411f7db218a986392c4fb55693
-Author: Damien Miller <djm@mindrot.org>
-Date: Fri Dec 9 18:00:21 2022 +1100
-
- use calloc for allocating arc4random structs
-
- ok dtucker
-
-commit 4403b62f5548e91389cb3339d26a9d0c4bb07b34
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Fri Dec 9 00:22:29 2022 +0000
-
- upstream: Warn if no host keys for hostbased auth can be loaded.
-
- OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977
-
-commit a6183e25e3f1842e21999fe88bc40bb99b121dc3
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Fri Dec 9 00:17:40 2022 +0000
-
- upstream: Add server debugging for hostbased auth.
-
- auth_debug_add queues messages about the auth process which is sent to
- the client after successful authentication. This also sends those to
- the server debug log to aid in debugging. From bz#3507, ok djm@
-
- OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a
-
-commit b85c3581c16aaf6e83b9a797c80705a56b1f312e
-Author: cheloha@openbsd.org <cheloha@openbsd.org>
-Date: Sun Dec 4 23:50:49 2022 +0000
-
- upstream: remove '?' from getopt(3) loops
-
- userspace: remove vestigial '?' cases from top-level getopt(3) loops
-
- getopt(3) returns '?' when it encounters a flag not present in the in
- the optstring or if a flag is missing its option argument. We can
- handle this case with the "default" failure case with no loss of
- legibility. Hence, remove all the redundant "case '?':" lines.
-
- Prompted by dlg@. With help from dlg@ and millert@.
-
- Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2
-
- ok naddy@ millert@ dlg@
-
- OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e
-
-commit 9a067e8d28a2249fd73f004961e30c113ee85e5d
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Wed Dec 7 11:45:43 2022 +0000
-
- upstream: Fix comment typo.
-
- OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03
-
-commit ce3c3e78ce45d68a82c7c8dc89895f297a67f225
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Wed Dec 7 18:58:25 2022 +1100
-
- Add SANDBOX_DEBUG to the kitchensink test build.
-
-commit bc234605fa3eb10f56bf0d74c8ecb0d91ada9d05
-Author: Damien Miller <djm@mindrot.org>
-Date: Wed Dec 7 18:38:25 2022 +1100
-
- disable SANDBOX_SECCOMP_FILTER_DEBUG
-
- It was mistakenly enabled in 2580916e4872
-
- Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net
-
-commit b087c5cfa011b27992e01589314fec830266f99d
-Author: Rose <83477269+AtariDreams@users.noreply.github.com>
-Date: Tue Nov 29 15:12:54 2022 -0500
-
- Update autotools
-
- Regenerate config files using latest autotools
-
-commit d63f5494978a185c7421d492b9c2f6f05bb54138
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Tue Dec 6 12:22:36 2022 +1100
-
- Fix typo in comment. Spotted by tim@
-
-commit 73dcca12115aa12ed0d123b914d473c384e52651
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Sun Dec 4 11:03:11 2022 +0000
-
- upstream: Remove duplicate includes.
-
- Patch from AtariDreams via github PR#364.
-
- OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea
-
-commit 3cec15543010bc8d6997d896b1717a650afb7e92
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Dec 2 04:40:27 2022 +0000
-
- upstream: make struct sshbuf private
-
- and remove an unused field; ok dtucker
-
- OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3
-
-commit 5796bf8ca9535f9fa7d01829a540d2550e05c860
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Fri Dec 2 11:43:36 2022 +1100
-
- Restore ssh-agent permissions on exit.
-
- ...enough that subsequent builds can overwrite ssh-agent if necessary.
-
-commit ccf5a13868cbb4659107458cac1e017c98abcbda
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Thu Dec 1 02:22:13 2022 +0000
-
- upstream: Clean up ssh-add and ssh-agent logs.
-
- OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c
-
-commit 7a8b40cf6a5eda80173140cc6750a6db8412fa87
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Thu Dec 1 02:19:29 2022 +0000
-
- upstream: Log output of ssh-agent and ssh-add
-
- This should make debugging easier.
-
- OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8
-
-commit 4a1805d532616233dd6072e5cd273b96dd3062e6
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Tue Nov 29 22:41:14 2022 +0000
-
- upstream: Add void to client_repledge args to fix compiler warning. ok djm@
-
- OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866
-
-commit 815c4704930aa449edf6e812e99d69e9ffd31f01
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Nov 28 01:38:22 2022 +0000
-
- upstream: tighten pledge(2) after session establishment
-
- feedback, ok & testing in snaps deraadt@
-
- OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58
-
-commit f7cebbbf407d772ed71403d314343766782fe540
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Nov 28 01:37:36 2022 +0000
-
- upstream: New EnableEscapeCommandline ssh_config(5) option
-
- This option (default "no") controls whether the ~C escape is available.
- Turning it off by default means we will soon be able to use a stricter
- default pledge(2) in the client.
-
- feedback deraadt@ dtucker@; tested in snaps for a while
-
- OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a
-
-commit d323f7ecf52e3d4ec1f4939bf31693e02f891dca
-Author: mbuhl@openbsd.org <mbuhl@openbsd.org>
-Date: Fri Nov 18 19:47:40 2022 +0000
-
- upstream: In channel_request_remote_forwarding the parameters for
-
- permission_set_add are leaked as they are also duplicated in the call. Found
- by CodeChecker. ok djm
-
- OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e
-
-commit 62cc33e6eed847aafdc29e34aa69e9bd82a0ee16
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Wed Nov 30 11:23:11 2022 +1100
-
- Use -fzero-call-used-regs=used on clang 15.
-
- clang 15 seems to have a problem with -fzero-call-used-reg=all which
- causes spurious "incorrect signature" failures with ED25519. On those
- versions, use -fzero-call-used-regs=used instead. (We may add exceptions
- later if specific versions prove to be OK). Also move the GCC version
- check to match.
-
- Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround
- suggested by Bill Wendling (morbo at google com). bz#3475, ok djm@
-
-commit f84b9cffd52c9c5c359a54a1929f9948e803ab1d
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Mon Nov 28 21:09:28 2022 +1100
-
- Skip unit tests on slow riscv64 hardware.
-
-commit 9f2747e0bed3faca92679eae69aef10c95dc82f5
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Sun Nov 27 15:26:22 2022 +1100
-
- Rework how selfhosted tests interact with runners.
-
- Previously there was one runner per test target (mostly VMs). This had
- a few limitations:
- - multiple tests that ran on the same target (eg multiple build
- configs) were serialized on availability or that runner.
- - it needed manual balancing of VMs over host machines.
-
- To address this, make VMs that use ephemeral disks (ie most of them)
- all use a pool of runners with the "libvirt" label. This requires that
- we distinguish between "host" and "target" for those. Native runners
- and VMs with persistent disks (eg the constantly-updated snapshot ones)
- specify the same host and target.
-
- This should improve test throughput.
-
-commit d664ddaec87bdc7385be8ef7f1337793e1679d48
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Sun Nov 27 12:19:37 2022 +1100
-
- Run vmstartup from temp dir.
-
- This will allow us to create ephemeral disk images per-runner.
-
-commit 0fa16e952b1fc1c4cf65e3dd138b0e87003e2e45
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Sun Nov 27 12:14:00 2022 +1100
-
- Make "config" in matrix singular and pass in env.
-
- This will allow the startup scripts to adapt their behaviour based on
- the type and config.
-
-commit e8857043af54809187be1e8b06749db61112899f
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Sun Nov 27 11:42:22 2022 +1100
-
- Add "libvirt" label to dfly30.
-
-commit 9775473d84902dc37753686cd10ae71fbe67efda
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Sun Nov 27 09:28:20 2022 +1100
-
- Rename "os" in matrix to "target".
-
- This is in preparation to distinguish this from the host that the runner
- runs on in case where they are separate (eg VMs).
-
-commit 04fd00ceff39f4544ced6f5342060abe584835d0
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Sun Nov 27 09:23:04 2022 +1100
-
- Remove unused self-hosted test targets.
-
-commit c9d9fcad2a11c1cd1550a541f44091d65f0b5584
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Sun Nov 27 09:16:15 2022 +1100
-
- Remove explicit "default" test config argument.
-
- Not specifying the test config implicitly selects default args.
-
-commit 15a01cf15f396f87c6d221c5a6af98331c818962
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Wed Nov 23 13:18:54 2022 +1100
-
- Add fallback for old platforms w/out MAP_ANON.
-
-commit 6b9bbbfe8b26db6e9a30a7e08c223e85421aed98
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Wed Nov 23 13:09:11 2022 +1100
-
- If we haven't found it yet, recheck for sys/stat.h.
-
- On some very old platforms, sys/stat.h needs sys/types.h, however
- autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the
- opposite order, which in combination with modern autoconf's
- "present but cannot be compiled" behaviour causes it to not be
- detected.
-
-commit 8926956f22639132a9f2433fcd25224e01b900f5
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Fri Nov 11 11:25:37 2022 +1100
-
- Add dfly62 test target.
-
-commit 650de7ecd3567b5a5dbf16dd1eb598bd8c20bca8
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Thu Nov 10 23:03:10 2022 +0000
-
- upstream: Handle dynamic remote port forwarding in escape commandline's
-
- -R processing. bz#3499, ok djm@
-
- OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208
-
-commit 5372db7e7985ba2c00f20fdff8942145ca99e033
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Thu Nov 10 12:44:51 2022 +1100
-
- Remove seed passing over reexec.
-
- This was added for the benefit of platforms using ssh-rand-helper to
- prevent a delay on each connection as sshd reseeded itself.
-
- ssh-random-helper is long gone, and since the re-exec happens before the
- chroot the re-execed sshd can reseed itself normally. ok djm@
-
-commit ca98d3f8c64cfc51af81e1b01c36a919d5947ec2
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Wed Nov 9 20:59:20 2022 +1100
-
- Skip reexec test on OpenSSL 1.1.1 specifically.
-
- OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip
- that test. See bz#3483 for details.
-
-commit 5ec4ebc2548e5f7f1b55b2a5cef5b67bdca8146f
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Wed Nov 9 09:04:12 2022 +0000
-
- upstream: Fix typo in fatal error message.
-
- Patch from vapier at chromium.org.
-
- OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf
-
-commit e6abafe9a6d809422d3432b95b3f9747b0acaa71
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Wed Nov 9 09:01:52 2022 +0000
-
- upstream: Remove errant colon and simplify format
-
- string in error messages. Patch from vapier at chromium.org.
-
- OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3
-
-commit db2027a687516f87c3fb141e87154bb3d8a7807c
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Nov 9 01:37:44 2022 +0000
-
- upstream: rename client_global_hostkeys_private_confirm() to
-
- client_global_hostkeys_prove_confirm(), as it handles the
- "hostkeys-prove00@openssh.com" message; no functional change
-
- OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d
-
-commit 1c2be7c2004cf1abcd172fee9fe3eab57cd4c426
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Nov 9 00:15:59 2022 +0000
-
- upstream: typo in comment
-
- OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a
-
-commit cf1a9852d7fc93e4abc4168aed09529a57427cdc
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Wed Nov 9 09:23:47 2022 +1100
-
- Defer seed_rng until after closefrom call.
-
- seed_rng will initialize OpenSSL, and some engine providers (eg Intel's
- QAT) will open descriptors for their own use. bz#3483, patch from
- joel.d.schuetze at intel.com, ok djm@
-
-commit dffa64480163fbf76af7e4fb62c26bb0dd6642aa
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Wed Nov 9 08:27:47 2022 +1100
-
- Fix comment text. From emaste at freebsd.org.
-
-commit d9df5689c29823ab830ec4f54c83c6cc3c0077ad
-Author: Pierre Ossman <ossman@cendio.se>
-Date: Wed Jul 6 13:52:10 2022 +0200
-
- Avoid assuming layout of fd_set
-
- POSIX doesn't specify the internal layout of the fd_set object, so let's
- not assume it is just a bit mask. This increases compatibility with
- systems that have a different layout.
-
- The assumption is also worthless as we already refuse to use file
- descriptors over FD_SETSIZE anyway. Meaning that the default size of
- fd_set is quite sufficient.
-
-commit 419aa8a312e8d8f491933ca3d5933e602cb05aae
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Tue Nov 8 12:42:52 2022 +1100
-
- Shutdown any VM before trying to check out repo.
-
- In the case where the previous run did not clean up, the checkout will
- fail as it'll leave a stale mount.
-
-commit a32c07cbb78f65d8527642b96474a83b413f8108
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Tue Nov 8 11:33:25 2022 +1100
-
- Run vm startup and shutdown from runner temp dir.
-
- Should work even if the github workspace dir is on a stale sshfs mount.
-
-commit 2b40a7dfcdb8e616155b9504145aa52b271455aa
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Tue Nov 8 11:03:31 2022 +1100
-
- Add valrind-5 test here too.
-
-commit 2ea03d1f6d0a05ee2b63ed2dc0f2d54f1e4655a1
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Tue Nov 8 09:21:10 2022 +1100
-
- Update checkout and upload actions.
-
- Update actions/checkout and actions/upload-artifact to main branch for
- compatibility with node.js v16.
-
-commit 4e316ff0f18a118232bb9ac6512ee62773a9e8ea
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Tue Nov 8 09:17:04 2022 +1100
-
- Split out rekey test since it runs the longest.
-
-commit 21625a6424258a92a96a3bb73ae6aabc5ed8a6b4
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Mon Nov 7 10:09:28 2022 +0000
-
- upstream: The IdentityFile option in ssh_config can also be used to
-
- specify a public key file, as documented in ssh.1 for the -i option. Document
- this also for IdentityFile in ssh_config.5, for documentation completeness.
- From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@
-
- OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b
-
-commit 747691604d3325ed2b62bad85b6fd8563ad32f6c
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Mon Nov 7 10:05:38 2022 +0000
-
- upstream: Remove some set but otherwise unused variables, spotted
-
- in -portable by clang 16's -Wunused-but-set-variable. ok djm@
-
- OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982
-
-commit 1d78d25653805aefc7a8dd9d86cd7359ada3823c
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Mon Nov 7 10:02:59 2022 +0000
-
- upstream: Check for and disallow MaxStartups values less than or
-
- equal to zero during config parsing, rather than faling later at runtime.
- bz#3489, ok djm@
-
- OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b
-
-commit a00f59a645072e5f5a8d207af15916a7b23e2642
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Nov 7 04:04:40 2022 +0000
-
- upstream: fix parsing of hex cert expiry time; was checking whether the
-
- start time began with "0x", not the expiry time.
-
- from Ed Maste
-
- OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739
-
-commit f58acaf8c7315483f4ac87d46a1aa2142a713cd8
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Mon Nov 7 15:10:59 2022 +1100
-
- Fix merge conflict.
-
-commit 162e5741020a8d996c0c12b988b118e71ed728e6
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Mon Nov 7 15:04:33 2022 +1100
-
- Branch-specific links for master status badges.
-
-commit e4b7c12ab24579312aa3ed38ce7041a439ec2d56
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Mon Nov 7 14:46:38 2022 +1100
-
- Add CIFuzz status badge.
-
-commit b496b9f831acd1e5bcd875e26e797488beef494a
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Mon Nov 7 14:45:16 2022 +1100
-
- Do not run CIFuzz on selfhosted tree.
-
- We already run it on the regular tree, no need to double up.
-
-commit 2138b1c4ddb300129a41a5104627b0d561184c7b
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Mon Nov 7 14:41:58 2022 +1100
-
- Whitespace change to trigger CIFuzz workflow.
-
-commit 4670b97ef87c7b0f21283c9b07c7191be88dda05
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Mon Nov 7 14:34:04 2022 +1100
-
- Run cifuzz workflow on the actions as regular CI.
-
-commit 79391e66ce851ace1baf3c6a35e83a23f08ec2ba
-Author: David Korczynski <david@adalogics.com>
-Date: Tue Nov 30 11:45:20 2021 +0000
-
- Add CIFuzz integration
-
-commit c1893364a0be243270014d7d34362a8101d55112
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Mon Nov 7 02:21:22 2022 +0000
-
- upstream: Import regenerated moduli.
-
- OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f
-
-commit 5c3f18fb994ef27e685b205ee2351851b80fdbd1
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Mon Nov 7 01:53:01 2022 +0000
-
- upstream: Fix typo. From pablomh via -portable github PR#344.
-
- OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827
-
-commit e1c6fcc142066417c9832e634463faa3dd5d116c
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Mon Nov 7 12:46:58 2022 +1100
-
- Link to branch-specific queries for V_9_1 status.
-
-commit 4f4a5fad6d8892c3f8ee9cd81ec7de6458210c9f
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Sun Nov 6 10:55:59 2022 +1100
-
- Use "prohibit-password" in -portable comments.
-
- "without-password" is the deprecated alias for "prohibit-password",
- so we should reference the latter. From emaste at freebsd.org.
-
-commit 0f7e1eba55259ec037f515000b4c4afbf446230a
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Sun Nov 6 10:50:01 2022 +1100
-
- Fix tracing disable on FreeBSD.
-
- Some versions of FreeBSD do not support using id 0 to refer to the
- current pid for procctl, so pass getpid() explicitly. From
- emaste at freebsd.org.
-
-commit 32fddb982fd61b11a2f218a115975a87ab126d43
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Mon Nov 7 10:39:01 2022 +1100
-
- Fix setres*id checks to work with clang-16.
-
- glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE,
- and clang 16 will error out on implicit function definitions, so add
- _GNU_SOURCE and the required headers to the configure checks. From
- sam at @gentoo.org via bz#3497.
-
-commit 12af712d116f42164bcfa56db901d06e4fa27199
-Author: Sam James <sam@gentoo.org>
-Date: Sun Nov 6 04:52:38 2022 +0000
-
- configure.ac: Fix -Wstrict-prototypes
-
- Clang 16 now warns on this and it'll be removed in C23, so let's
- just be future proof. It also reduces noise when doing general
- Clang 16 porting work (which is a big job as it is). github PR#355.
-
- Signed-off-by: Sam James <sam@gentoo.org>
-
-commit 40b0a5eb6e3edfa2886b60c09c7803353b0cc7f5
-Author: Sam James <sam@gentoo.org>
-Date: Sun Nov 6 04:47:35 2022 +0000
-
- configure.ac: Add <pty.h> include for openpty
-
- Another Clang 16ish fix (which makes -Wimplicit-function-declaration
- an error by default). github PR#355.
-
- See: 2efd71da49b9cfeab7987058cf5919e473ff466b
- See: be197635329feb839865fdc738e34e24afd1fca8
-
-commit 6b17e128879ec6cc32ca2c28b5d894b4aa72e32d
-Author: Rochdi Nassah <rochdinassah.1998@gmail.com>
-Date: Fri Oct 28 01:26:31 2022 +0100
-
- Fix broken zlib link.
-
-commit 99500df246ccb736ddbdd04160dcc82165d81a77
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Fri Nov 4 16:59:26 2022 +1100
-
- Don't run openbsd-compat tests on Cygwin.
-
- Add "compat-tests" to the default TEST_TARGET so we can override as
- necessary. Override TEST_TARGET for Cygwin as the tests don't currently
- compile there.
-
-commit 3cae9f92a31897409666aa1e6f696f779759332b
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Nov 3 21:59:20 2022 +0000
-
- upstream: replace recently-added valid_domain() check for hostnames
-
- going to known_hosts with a more relaxed check for bad characters; previous
- commit broke address literals. Reported by/feedback from florian@
-
- OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0
-
-commit 9655217231c9056200bea7ae2dffcc9c0c3eb265
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Thu Nov 3 23:07:50 2022 +1100
-
- Rerun tests on changes to Makefile.in in any dir.
-
-commit 3500f0405a3ab16b59a26f3508c4257a3fc3bce6
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Thu Nov 3 23:04:08 2022 +1100
-
- Link libssh into compat tests.
-
- The cygwin compat code uses xmalloc, so add libssh.a so pick up that.
-
-commit ec59effcf65b8a4c85d47ff5a271123259dd0ab8
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Thu Nov 3 21:44:23 2022 +1100
-
- Fix compat regress to work with non-GNU make.
-
-commit 73550a218e7dfbbd599534cbf856309bc924f6fd
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Thu Nov 3 13:41:16 2022 +1100
-
- Increase selfhosted job timeout.
-
- The default job timeout of 360 (6h) is not enough to complete the
- regress tests for some of the slow VMs depending on the load on the host.
- Increase to 600 (10h).
-
-commit db97d8d0b90c6ce52b94b153d6f8f5f7d3b11777
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Thu Nov 3 10:00:43 2022 +1100
-
- Only run opensslver tests if built with OpenSSL.
-
-commit ba053709638dff2f6603df0c1f340352261d63ea
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Wed Nov 2 14:16:04 2022 +1100
-
- Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1.
-
-commit edd24101c7e17d1a8f6576e1aaf62233b47ad6f5
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Thu Nov 3 08:17:39 2022 +1100
-
- Run compat regress tests too.
-
-commit fe88d67e7599b0bc73f6e4524add28d743e7f977
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Thu Nov 3 08:14:05 2022 +1100
-
- Compat tests need libcrypto.
-
- This was moved to CHANNELLIBS during the libs refactor. Spotted by
- rapier at psc.edu.
-
-commit 96b519726b7944eee3c23a54eee3d5c031ba1533
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Thu Nov 3 04:24:39 2022 +1100
-
- Include time.h when defining timegm.
-
- Fixes build on some platforms eg recent AIX.
-
-commit da6038bd5cd55eb212eb2aec1fc8ae79bbf76156
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Tue Nov 1 19:10:30 2022 +1100
-
- Always use compat getentropy.
-
- Have it call native getentropy and fall back as required. Should fix
- issues of platforms where libc has getentropy but it is not implemented
- in the kernel. Based on github PR#354 from simsergey.
-
-commit 5ebe18cab6be3247b44c807ac145164010465b82
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Wed Nov 2 10:51:48 2022 +1100
-
- Check for sockaddr_in.sin_len.
-
- If found, set SOCK_HAS_LEN which is used in addr.c. Should fix keyscan
- tests on platforms with this (eg old NetBSD).
-
-commit a1febadf426536612c2734168d409147c392e7cf
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Sun Oct 30 18:42:07 2022 +0000
-
- upstream: Use variable for diff options
-
- instead of unconditionally specifying "-rN". This will make life easier
- in -portable where not all diff's understand -N.
-
- OpenBSD-Regress-ID: 8b8a407115546be1c6d72d350b1e4f1f960d3cd3
-
-commit f6d3ed9a8a9280cbb68d6a499850cfe810e92bd0
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Mon Oct 31 05:13:02 2022 +1100
-
- OpenSSL dev branch is 302 not 320.
-
- While there, also accept 301 which it shat it was previously.
-
-commit 25c8a2bbcc10c493d27faea57c42a6bf13fa51f2
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Oct 28 02:47:04 2022 +0000
-
- upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak
-
- OPENSSL=no builds
-
- OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e
-
-commit 1192588546c29ceec10775125f396555ea71850f
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Oct 28 02:29:34 2022 +0000
-
- upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g.
-
- ssh-keyscan 192.168.0.0/24
-
- If a CIDR range is passed, then it will be expanded to all possible
- addresses in the range including the all-0s and all-1s addresses.
-
- bz#976 feedback/ok markus@
-
- OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b
-
-commit 64af4209309461c79c39eda2d13f9d77816c6398
-Author: Damien Miller <djm@mindrot.org>
-Date: Fri Oct 28 12:54:35 2022 +1100
-
- fix merge botch
-
-commit 27267642699342412964aa785b98afd69d952c88
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Oct 28 00:44:44 2022 +0000
-
- upstream: refactor sshkey_private_deserialize
-
- feedback/ok markus@
-
- OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f
-
-commit 2519a7077a9332f70935e5242ba91ee670ed6b87
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Oct 28 00:44:17 2022 +0000
-
- upstream: refactor sshkey_private_serialize_opt()
-
- feedback/ok markus@
-
- OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd
-
-commit 11a768adf98371fe4e43f3b06014024c033385d5
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Oct 28 00:43:30 2022 +0000
-
- upstream: refactor certify
-
- feedback/ok markus@
-
- OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6
-
-commit 3fbc58bb249d967cc43ebdc554f6781bb73d4a58
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Oct 28 00:43:08 2022 +0000
-
- upstream: refactor sshkey_sign() and sshkey_verify()
-
- feedback/ok markus@
-
- OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc
-
-commit a1deb6cdbbe6afaab74ecb08fcb62db5739267be
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Oct 28 00:41:52 2022 +0000
-
- upstream: refactor sshkey_from_blob_internal()
-
- feedback/ok markus@
-
- OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283
-
-commit 7d00799c935271ce89300494c5677190779f6453
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Oct 28 00:41:17 2022 +0000
-
- upstream: refactor sshkey_from_private()
-
- feedback/ok markus@
-
- OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53
-
-commit 262647c2e920492ca57f1b9320d74f4a0f6e482b
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Oct 28 00:39:29 2022 +0000
-
- upstream: factor out key generation
-
- feedback/ok markus@
-
- OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb
-
-commit 401c74e7dc15eab60540653d2f94d9306a927bab
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Oct 28 00:38:58 2022 +0000
-
- upstream: refactor and simplify sshkey_read()
-
- feedback/ok markus@
-
- OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971
-
-commit 591fed94e66a016acf87f4b7cd416ce812f2abe8
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Oct 28 00:37:24 2022 +0000
-
- upstream: factor out public key serialization
-
- feedback/ok markus@
-
- OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033
-
-commit 1e78844ae2b2dc01ba735d5ae740904c57e13685
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Oct 28 00:36:31 2022 +0000
-
- upstream: factor out sshkey_equal_public()
-
- feedback/ok markus@
-
- OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94
-
-commit 25de1c01a8b9a2c8ab9b1da22444a03e89c982de
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Oct 28 00:35:40 2022 +0000
-
- upstream: begin big refactor of sshkey
-
- Move keytype data and some of the type-specific code (allocation,
- cleanup, etc) out into each key type's implementation. Subsequent
- commits will move more, with the goal of having each key-*.c file
- owning as much of its keytype's implementation as possible.
-
- lots of feedback + ok markus@
-
- OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec
-
-commit 445363433ba20b8a3e655b113858c836da46a1cb
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Oct 24 22:43:36 2022 +0000
-
- upstream: Be more paranoid with host/domain names coming from the
-
- never write a name with bad characters to a known_hosts file.
-
- reported by David Leadbeater, ok deraadt@
-
- OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad
-
-commit 7190154de2c9fe135f0cc1ad349cb2fa45152b89
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Oct 24 21:52:50 2022 +0000
-
- upstream: regress test for unmatched glob characters; fails before
-
- previous commit but passes now. bz3488; prodded by dtucker@
-
- OpenBSD-Regress-ID: 0cc5cc9ea4a6fd170dc61b9212f15badaafb3bbd
-
-commit a4821a592456c3add3cd325db433110cdaaa3e5c
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Oct 24 21:51:55 2022 +0000
-
- upstream: when scp(1) is using the SFTP protocol for transport (the
-
- default), better match scp/rcp's handling of globs that don't match the
- globbed characters but do match literally (e.g. trying to transfer
- "foo.[1]").
-
- Previously scp(1) in SFTP mode would not match these pathnames but
- legacy scp/rcp mode would.
-
- Reported by Michael Yagliyan in bz3488; ok dtucker@
-
- OpenBSD-Commit-ID: d8a3773f53015ba811fddba7473769a2fd343e11
-
-commit 18376847b8043ba967eabbe23692ef74c9a3fddc
-Author: jsg@openbsd.org <jsg@openbsd.org>
-Date: Thu Oct 13 09:09:28 2022 +0000
-
- upstream: use correct type with sizeof ok djm@
-
- OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143
-
-commit 4a4883664d6b4e9e4e459a8cdc16bd8d4b735de9
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date: Fri Oct 7 06:00:58 2022 +0000
-
- upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here,
-
- wrap a long line
-
- ssh-agent.c:
- - add -O to usage()
-
- OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389
-
-commit 9fd2441113fce2a83fc7470968c3b27809cc7f10
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Oct 7 04:06:26 2022 +0000
-
- upstream: document "-O no-restrict-websafe"; spotted by Ross L
-
- Richardson
-
- OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b
-
-commit 614252b05d70f798a0929b1cd3d213030ad4d007
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Tue Oct 18 06:29:16 2022 +1100
-
- OpenSSL dev branch now identifies as 3.2.0.
-
-commit 195e5a65fd793a738ea8451ebfdd1919db5aff3e
-Author: Damien Miller <djm@mindrot.org>
-Date: Mon Oct 17 09:41:47 2022 +1100
-
- revert c64b62338b4 and guard POLL* defines instead
-
- c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2)
- Spotted by dtucker
-
-commit bc2e480d99613bd59720edae244d1764636544c4
-Author: Damien Miller <djm@mindrot.org>
-Date: Fri Oct 14 14:52:22 2022 +1100
-
- undef _get{short,long} before redefining
-
-commit 5eb796a369c64f18d55a6ae9b1fa9b35eea237fb
-Author: Harmen Stoppels <harmenstoppels@gmail.com>
-Date: Thu Oct 13 16:08:46 2022 +0200
-
- Fix snprintf configure test for clang 15
-
- Clang 15 -Wimplicit-int defaults to an error in C99 mode and above.
- A handful of tests have "main(..." and not "int main(..." which caused
- the tests to produce incorrect results.
-
-commit c64b62338b46ffa08839f05f21ad69fa6234dc17
-Author: Damien Miller <djm@mindrot.org>
-Date: Mon Oct 10 12:32:43 2022 +1100
-
- skip bsd-poll.h if poll.h found; ok dtucker
-
-commit 5ee2b8ccfcf4b606f450eb0ff2305e311f68b0be
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Oct 6 22:42:37 2022 +0000
-
- upstream: honour user's umask if it is more restrictive then the ssh
-
- default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@
-
- OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d
-
-commit a75cffc2700cebd3e2dd9093f7f7388d2be95cb7
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Fri Oct 7 03:54:56 2022 +1100
-
- Add LibreSSL 3.6.0 to test suite.
-
- While there, bump OpenSSL to latest 1.1.1q release.
-
-commit fcc0f0c0e96a30076683fea9a7c9eedc72931742
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Thu Oct 6 21:18:16 2022 +1100
-
- Add 9.1 branch to CI status page.
-
-commit ef211eee63821d894a8bf81f22bfba9f6899d0fe
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Tue Oct 4 23:20:23 2022 +1100
-
- Test commits to all branches of portable.
-
- Only test OpenBSD upstream on commits to master since that's what it
- tracks.
-
-commit fe646de03cafb6593ff4e4954bca9ec4b4b753a8
-Author: Damien Miller <djm@mindrot.org>
-Date: Wed Oct 5 03:47:26 2022 +1100
-
- whitespace at EOL
-
-commit a6e1852d10c63a830196e82168dadd957aaf28ec
-Author: Damien Miller <djm@mindrot.org>
-Date: Wed Oct 5 03:40:01 2022 +1100
-
- mention libfido2 autodetection
-
-commit 7360c2c206f33d309edbaf64036c96fadf74d640
-Author: Damien Miller <djm@mindrot.org>
-Date: Wed Oct 5 03:37:36 2022 +1100
-
- remove mention of --with-security-key-builtin
-
- it is enabled by default when libfido2 is installed
-
-commit 0ffb46f2ee2ffcc4daf45ee679e484da8fcf338c
-Author: Damien Miller <djm@mindrot.org>
-Date: Tue Oct 4 01:51:42 2022 +1100
-
- update .depend
-
-commit 657e676ff696c7bb787bffb0e249ea1be3b474e1
-Author: Damien Miller <djm@mindrot.org>
-Date: Tue Oct 4 01:45:52 2022 +1100
-
- update release notes URL
-
-commit f059da2b29840c0f048448809c317ce2ae014da7
-Author: Damien Miller <djm@mindrot.org>
-Date: Tue Oct 4 01:45:41 2022 +1100
-
- crank versions in RPM spec files
-
-commit b51f3f172d87cbdb80ca4eb7b2149e56a7647557
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Sep 26 22:18:40 2022 +0000
-
- upstream: openssh-9.1
-
- OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56
-
-commit 4cf8d0c0f3030f594a238bab21a0695735515487
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Wed Sep 21 22:26:50 2022 +0000
-
- upstream: Fix typo. From AlexanderStohr via github PR#343.
-
- OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497
-
-commit 8179fed3264d5919899900ed8881d5f9bb57ca33
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Sep 19 21:39:16 2022 +0000
-
- upstream: add RequiredRSASize to the list of keywords accepted by
-
- -o; spotted by jmc@
-
- OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e
projects / thirdparty / openssh-portable.git / commitdiff
