| Age | Commit message (Collapse) | Author |
|---|
|
The Makefile changes to get the compat tests to work went in after
the V_9_1 branch, so don't test those on this branch.
|
|
|
|
|
|
The self-hosted runner setup has been changed recently and the configs
in the V_9_1 branch no longer work with the current runners. Backport
the changes from master so that the tests on this branch work again.
|
|
clang 15 seems to have a problem with -fzero-call-used-reg=all which
causes spurious "incorrect signature" failures with ED25519. On those
versions, use -fzero-call-used-regs=used instead. (We may add exceptions
later if specific versions prove to be OK). Also move the GCC version
check to match.
Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround
suggested by Bill Wendling (morbo at google com). bz#3475, ok djm@
|
|
The requisite fixes did not go into the main branch until after V_9_1
was branched.
|
|
|
|
There have been a number of fixes on the main branch, apply to V_9_1
branch.
|
|
"without-password" is the deprecated alias for "prohibit-password",
so we should reference the latter. From emaste at freebsd.org.
|
|
Some versions of FreeBSD do not support using id 0 to refer to the
current pid for procctl, so pass getpid() explicitly. From
emaste at freebsd.org.
|
|
Fixes build on some platforms eg recent AIX.
|
|
Have it call native getentropy and fall back as required. Should fix
issues of platforms where libc has getentropy but it is not implemented
in the kernel. Based on github PR#354 from simsergey.
|
|
While there, also accept 301 which it what it was previously.
|
|
|
|
Clang 15 -Wimplicit-int defaults to an error in C99 mode and above.
A handful of tests have "main(..." and not "int main(..." which caused
the tests to produce incorrect results.
|
|
Only test OpenBSD upstream on commits to master since that's what it
tracks.
|
|
|
|
|
|
|
|
OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56
|
|
OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497
|
|
-o; spotted by jmc@
OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e
|
|
it also causes portability problems
|
|
|
|
(when available) to fill in user/group names for directory listings.
Implement a client-side cache of see uid/gid=>user/group names. ok markus@
OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e
|
|
users-groups-by-id@openssh.com; ok markus@
OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de
|
|
user/group names; ok markus@
OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0
|
|
extension request that allows the client to obtain user/group names that
correspond to a set of uids/gids.
Will be used to make directory listings more useful and consistent
in sftp(1).
ok markus@
OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3
|
|
OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640
|
|
beneath this limit will be ignored for user and host-based authentication.
Feedback deraadt@ ok markus@
OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1
|
|
ssh(1). User authentication keys that fall beneath this limit will be
ignored. If a host presents a host key beneath this limit then the connection
will be terminated (unfortunately there are no fallbacks in the protocol for
host authentication).
feedback deraadt, Dmitry Belyavskiy; ok markus@
OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a
|
|
length of an RSA key; ok markus@
OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134
|
|
was never actually used. Spotted by Matthew Garrett
OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1
|
|
OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4
|
|
There are commands (e.g. "get" or "put") that accept two
arguments, a local path and a remote path. However, the way
current completion is written doesn't take this distinction into
account and always completes remote or local paths.
By expanding CMD struct and "cmds" array this distinction can be
reflected and with small adjustment to completer code the correct
path can be completed.
By Michal Privoznik, ok dtucker@
OpenBSD-Commit-ID: 1396d921c4eb1befd531f5c4a8ab47e7a74b610b
|
|
non-existent commands
If user entered a non-existent command (e.g. because they made a
typo) there is no point in trying to complete its arguments. Skip
calling complete_match() if that's the case.
From Michal Privoznik
OpenBSD-Commit-ID: cf39c811a68cde2aeb98fc85addea4000ef6b07a
|
|
from response
Now that all FIDO signing calls attempt first without PIN and then
fall back to trying PIN only if that attempt fails, we can remove the
hack^wtrick that removed the UV flag from the keys returned during
enroll.
By Corinna Vinschen
OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f
|
|
OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a
|
|
the error to determine whether a PIN is required and prompt only if
necessary. from Corinna Vinschen
OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd
|
|
tweaked by schwarze
ok schwarze
OpenBSD-Commit-ID: 565046e3ce68b46c2f440a93d67c2a92726de8ed
|
|
OpenBSD-Commit-ID: 6765daefe26a6b648cc15cadbbe337596af709b7
|
|
that ctx!=NULL; from Corinna Vinschen
OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a
|
|
Fixes the following build failure with Clang 15 on musl:
```
bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o
do not support
implicit function declarations [-Wimplicit-function-declaration]
ret = vsnprintf(string, INIT_SZ, fmt, ap2);
^
bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf'
1 error generated.
```
|
|
|
|
This brings us up to current, including djm's random-reseeding change,
as prompted by logan at cyberstorm.mu in bz#3467. It brings the
platform-specific hooks from LibreSSL Portable, simplified to match our
use case. ok djm@.
|
|
Putting this after the copyright statement (which doesn't change)
instead of before the version identifier (which does) prevents merge
conflicts when resyncing changes.
|
|
This was previously moved into its own file (matching OpenBSD) which
prematurely committed in commit 73541f2.
|
|
explicitly test whether the token performs built-in UV (e.g. biometric
tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388
OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd
|
|
|
|
OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232
|
