13355 Commits

Author SHA1 Message Date
Tess Gauthier
209dad58c7
add sshd-session to ci artifacts 2024-08-06 14:22:58 -04:00
Tess Gauthier
9787cad03a fix compilation error 2024-08-06 11:43:29 -04:00
Tess Gauthier
cfd259fcf1 fix merge conflict properly 2024-08-05 16:29:51 -04:00
Tess Gauthier
442c43da10 disable upstream workflows 2024-08-02 17:44:45 -04:00
Tess Gauthier
9a0bf7d05d
Merge branch 'latestw_all' into merge-9.8 2024-08-02 17:41:45 -04:00
Tess Gauthier
6384372160 merge the rest of the 9.8 changes from upstream 2024-08-02 17:22:58 -04:00
Tess Gauthier
d5d6a52338 fix win32 sshd and sshd-session 2024-08-02 14:21:01 -04:00
djm@openbsd.org
9c25d37697 upstream: missing files from previous
OpenBSD-Commit-ID: 4b7be4434d8799f02365552b641a7a70a7ebeb2f
2024-08-02 14:21:00 -04:00
Tess Gauthier
7906ad4cda continue merge - not compiling 2024-08-02 14:20:51 -04:00
Tess Gauthier
57149fe90d
revert Win32 change (#732) 2024-08-01 14:09:20 -04:00
Tess Gauthier
43c6e39474
remove getrnd() to sync with upstream (#735) 2024-08-01 14:04:37 -04:00
Tess Gauthier
429419ba38 start merge - not compiling 2024-07-24 10:25:43 -04:00
LexaPrime
e829ad267c
Fix _rs_init split in half during merge (#734) 2024-07-22 16:27:38 -04:00
djm@openbsd.org
c21fc9d953
upstream: correct keyword; from Yatao Su via GHPR509
OpenBSD-Commit-ID: 81c778c76dea7ef407603caa157eb0c381c52ad2
2024-07-11 08:30:18 +10:00
Darren Tucker
b35a64dd7d
Cast to sockaddr * in systemd interface.
Fixes build with musl libx.  bz#3707.
2024-07-07 18:47:54 +10:00
Darren Tucker
34f7a962f9
Add 9.8 branch to ci-status page. 2024-07-04 20:12:26 +10:00
Samuel Thibault
20950a7c04
Fix detection of setres*id on GNU/Hurd
Like Linux, proper _SOURCE macros need to be set to get declarations of
various standard functions, notably setres*id. Now that Debian is using
-Werror=implicit-function-declaration this is really required. While at
it, define other _SOURCE macros like on GNU/Linux, since GNU/Hurd uses
the same glibc.
2024-07-03 19:25:07 +10:00
Damien Miller
6849957945
autogenerated files for release 2024-07-01 14:36:28 +10:00
Damien Miller
fa41f6592f
version numbers 2024-07-01 14:33:26 +10:00
djm@openbsd.org
bfebb8a513
upstream: openssh-9.8
OpenBSD-Commit-ID: 5f8b89e38a4c5f7c6d52ffa19f796d49f36fab19
2024-07-01 14:32:51 +10:00
djm@openbsd.org
146c420d29
upstream: when sending ObscureKeystrokeTiming chaff packets, we
can't rely on channel_did_enqueue to tell that there is data to send. This
flag indicates that the channels code enqueued a packet on _this_ ppoll()
iteration, not that data was enqueued in _any_ ppoll() iteration in the
timeslice. ok markus@

OpenBSD-Commit-ID: 009b74fd2769b36b5284a0188ade182f00564136
2024-07-01 14:32:45 +10:00
djm@openbsd.org
637e4dfea4
upstream: use "lcd" to change directory before "lls" rather then "cd",
since the directory we're trying to list is local. Spotted by Corinna
Vinschen

OpenBSD-Regress-ID: 821feca4a4bebe491944e624c8f7f2990b891415
2024-07-01 14:32:39 +10:00
djm@openbsd.org
c8cfe258ce
upstream: delete obsolete comment
OpenBSD-Commit-ID: 5fb04f298ed155053f3fbfdf0c6fe7cdf84bbfa2
2024-06-28 09:07:27 +10:00
djm@openbsd.org
94b9d37100
upstream: retire unused API
OpenBSD-Commit-ID: 3e30d7b0615e2707f6bbe70f61b1c2f72f78161b
2024-06-28 08:37:11 +10:00
jmc@openbsd.org
268c3a7f57
upstream: ssl(8) no longer contains a HISTORY section;
OpenBSD-Commit-ID: 83b7ff34433d79595e9c2a5d2a561a6660251245
2024-06-28 08:36:16 +10:00
djm@openbsd.org
12b6cc09ce
upstream: move child process waitpid() loop out of SIGCHLD handler;
ok deraadt

OpenBSD-Commit-ID: 65815a39564e431414aed7c5ace8076f4e9ca741
2024-06-28 08:36:15 +10:00
deraadt@openbsd.org
d6bcd13297
upstream: Instead of using possibly complex ssh_signal(), write all
the parts of the grace_alarm_handler() using the exact things allowed by the
signal-safe rules.  This is a good rule of thumb: Handlers should be written
to either set a global volatile sig_atomic_t inspected from outside, and/or
directly perform only safe operations listed in our sigaction(2) manual page.
ok djm markus

OpenBSD-Commit-ID: 14168ae8368aab76e4ed79e17a667cb46f404ecd
2024-06-28 08:34:49 +10:00
deraadt@openbsd.org
b8793e2b08
upstream: save_errno wrappers inside two small signal handlers that
perform system calls, for systems with libc that do perform libc sigtramps.
ok djm markus

OpenBSD-Commit-ID: 7749b56419a7c9dcfe4c6c04811e429813346c62
2024-06-28 08:34:49 +10:00
jmc@openbsd.org
f23e9332c4
upstream: - uppercase start of sentence - correct sentence grammar
ok djm

OpenBSD-Commit-ID: 1ec4b0fdb633a43667f2c8fff1d600bd647dde25
2024-06-28 08:34:48 +10:00
djm@openbsd.org
1839e3eb71
upstream: mention SshdSessionPath option
OpenBSD-Commit-ID: c29734d36c21003973b15c1c9965c35f36cef30c
2024-06-28 08:34:48 +10:00
Darren Tucker
603193e32a
Rerun upstream tests on .sh file changes too. 2024-06-20 18:45:14 +10:00
dtucker@openbsd.org
dbbf9337c1
upstream: Work around dbclient cipher/mac query bug.
Unlike earlier versions, recent Dropbear (at least v2024.85) requires
a host arg when querying supported ciphers and macs via "-c/-m
help".  Earlier versions accept but do not require it, so always
provide it.  If these queries fail, skip the test with a warning.

OpenBSD-Regress-ID: 98eb863a3f0363416922efb273885e6b3c7f68d4
2024-06-20 18:34:50 +10:00
dtucker@openbsd.org
8de2c8cebc
upstream: Remove dropbear key types not supported
by current OpenSSH. Allows subsequent test runs to work if OpenSSH is
rebuilt w/out OpenSSL.

OpenBSD-Regress-ID: e0129eb2b1d31771105903a8055216fbba20a770
2024-06-20 18:34:35 +10:00
djm@openbsd.org
e9b6471c59
upstream: stricter check for overfull tables in penalty record path
OpenBSD-Commit-ID: 7df01e648a0723418c554e64a9f2b6d38db060a6
2024-06-20 10:19:10 +10:00
djm@openbsd.org
d9336d344e
upstream: put back reaping of preauth child process when writes
from the monitor fail. Not sure how this got lost in the avalanche of
patches.

OpenBSD-Commit-ID: eb7eb36371e1ac01050b32b70fb2b3e5d98e72f5
2024-06-20 10:19:10 +10:00
naddy@openbsd.org
579d9adb70
upstream: remove one more mention of DSA
OpenBSD-Commit-ID: 8515f55a15f02836ba657df341415f63c60526ca
2024-06-20 10:19:09 +10:00
Darren Tucker
7089b5f843
Move -f to the place needed to restart sshd. 2024-06-19 23:09:05 +10:00
Darren Tucker
d5f83cfd85
Need to supply "-f" to restart sshd. 2024-06-19 21:04:01 +10:00
dtucker@openbsd.org
fad34b4ca2
upstream: Provide defaults for ciphers and macs
if querying for them fails since on some versions of Dropbear (at least
v2024.85) "-m help" doesn't seem to work.  Enable all supported pubkey
algorithms in the server.

OpenBSD-Regress-ID: 4f95556a49ee9f621789f25217c367a33d2745ca
2024-06-19 20:36:57 +10:00
dtucker@openbsd.org
5521060e35
upstream: Use ed25519 keys for kex tests
since that's supported by OpenSSH even when built without OpenSSL.
Only test diffie-hellman kex if OpenSSH is compiled with support for it.

OpenBSD-Regress-ID: a5d09ef9bbd171f9e4ec73ed0d9eeb49a8878e97
2024-06-19 20:36:57 +10:00
dtucker@openbsd.org
dbd3b833f6
upstream: Rework dropbear key setup
to always generate ed25519 keys, other types only if OpenSSH has support
for the corresponding key type.

OpenBSD-Regress-ID: 8f91f12604cddb9f8d93aa34f3f93a3f6074395d
2024-06-19 20:36:56 +10:00
Darren Tucker
d6218504e1
Restart sshd after installing it for testing.
When installing an sshd built without OpenSSL the mismatch between
the running sshd and newly installed sshd-session will cause the
remainder of the test to fail.
2024-06-19 20:36:54 +10:00
Darren Tucker
786a4465b6
Remove macos-11 runner.
Github is retiring them soon.
2024-06-19 20:36:53 +10:00
Damien Miller
df1c72a55e
PAMServiceName may appear in a Match block 2024-06-19 09:35:23 +10:00
dtucker@openbsd.org
de1c2e70e5
upstream: Re-enable ssh-dss tests
... if ssh is compiled with DSA support

OpenBSD-Regress-ID: bbfaf8c17f2b50a2d46ac35cb97af99b990c990d
2024-06-18 19:57:41 +10:00
anton@openbsd.org
dabc2c7cf3
upstream: Stop using DSA in dropbear interop tests.
OpenBSD-Regress-ID: abfd4457d99d8cc1417fd22ca2c570270f74c1cf
2024-06-18 19:57:36 +10:00
Damien Miller
7614380127
missed a bit of DSA in the fuzzer 2024-06-18 12:29:45 +10:00
Damien Miller
3f9cc47da5
DSA support is disabled, so remove from fuzzers 2024-06-18 09:35:53 +10:00
djm@openbsd.org
00eb95957d
upstream: disable the DSA signature algorithm by default; ok
markus@

(yes, I know this expands to "the Digitial Signature Algorithm
signature algorithm)

OpenBSD-Commit-ID: 961ef594e46dd2dcade8dd5721fa565cee79ffed
2024-06-17 18:48:29 +10:00
djm@openbsd.org
5603befe11
upstream: promote connection-closed messages from verbose to info
log level; they could be the only record of the connection terminating if the
client doesn't send a SSH2_MSG_DISCONNECT message. ok dtucker@

OpenBSD-Commit-ID: 0c8bfaf5e9fdff945cee09ac21e641f6c5d65d3c
2024-06-17 18:31:39 +10:00