Dev minor #106
Merged
Dev minor #106
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Like Linux, proper _SOURCE macros need to be set to get declarations of various standard functions, notably setres*id. Now that Debian is using -Werror=implicit-function-declaration this is really required. While at it, define other _SOURCE macros like on GNU/Linux, since GNU/Hurd uses the same glibc.
Fixes build with musl libx. bz#3707.
lists" OpenBSD-Commit-ID: f3c844763398faa9800687e8ff6621225498202a
OpenBSD-Commit-ID: 42d322d37f13aa075ae7b1ad9eef591e20b89717
OpenBSD-Commit-ID: 81c778c76dea7ef407603caa157eb0c381c52ad2
If the following functions are available, add an additional check if users are allowed to login imposed by login class. * auth_hostok(3) * auth_timeok(3) These functions are implemented on FreeBSD.
OpenBSD-Commit-ID: e6aff005914fa350b896d2be030be3d3b56ec0e8
OpenBSD-Commit-ID: fd77a77779f06d316a314e4540dc57c93fc3369a
If a mux started with ControlPersist then later has a forwarding added using mux proxy connection and the forwarding was used, then when the mux proxy session terminates, the mux master process will send a channel close to the server with a bad channel ID and crash the connection. This was caused by my stupidly reusing c->remote_id for mux channel associations when I should have just added another member to struct channel. ok markus@ OpenBSD-Commit-ID: c9f474e0124e3fe456c5e43749b97d75e65b82b2
A single forgotton login that times out should be below the penalty threshold. ok deraadt/claudio OpenBSD-Commit-ID: cee1f7d17597c97bff8e5092af5d136fdb08f81d
Should fix CI tests for cygwin default config.
OpenBSD-Commit-ID: 9b63e0e3599d524ddc10edc4f978081382c3548b
grace login time. ok deraadt@ djm@ OpenBSD-Commit-ID: abd3c57aaa5861517529b322df79b6be35ee67f4
Spotted with Benny Baumann (BenBE at geshi dot org). ok djm@ OpenBSD-Commit-ID: 829160ac8ef3ad3409695ce3a3ade835061cae57
It has the same meaning as the current pair of calling explicit_bzero and free. Spotted with Benny Baumann (BenBE at geshi dot org). ok djm@ OpenBSD-Commit-ID: 939fbe9ccf52d0d48c5fa53694d6f3bb9927970c
Multiple sshbuf structs can be linked through a parent/child relationship. Make sure that a single sshbuf cannot be its own parent. If this would ever happen, it would result in reference counting issues. This is a cheap way of testing this with very little overhead. It does not detect A->B->A linkages though for performance reason and the fact that it takes a programming error for this to occur anyway. Authored with Benny Baumann (BenBE at geshi dot org). ok djm@ OpenBSD-Commit-ID: fb3fa9ee2cad3c7e842ebadfd7f5db220c4aaf16
The first argument should be the amount, the second argument should be the element size. Fixing this also silences some gcc compiler warnings for portable. Spotted with Benny Baumann (BenBE at geshi dot org). ok djm@ OpenBSD-Commit-ID: 711ad6f7bd7fb48bf52208f2cf9f108cddb6d41a
DSA remains unconverted as it will be removed within six months. Based on patches originally from Dmitry Belyavskiy, but significantly reworked based on feedback from Bob Beck, Joel Sing and especially Theo Buehler (apologies to anyone I've missed). ok tb@ OpenBSD-Commit-ID: d098744e89f1dc7e5952a6817bef234eced648b5
OpenBSD-Regress-ID: 2edfc980628cfef3550649cab8d69fa23b5cd6c4
OpenBSD-Regress-ID: 0e2d4efb0ed0e392e23cd8fda183fe56531ac446
libressl prior to 3.4.x lack support for the EVP_DigestSign and EVP_DigestVerify APIs that we need now that sshkey is converted to EVP_PKEY. If someone makes a good case for why we should support these versions then we could bring back support with wrappers.
- Previously no identity file is shown in "ssh" command output on the line "Now try logging into the..." - This commit makes sure whenever "ssh-copy-id" with "-i" is invoked, it also reflects in "ssh" command SSH-Copy-ID-Upstream: 58e022ec26cb2315eb3be581d01e0ba787082428
SSH-Copy-ID-Upstream: 335e44d7be78b03962a54c3a5c99a2ff45294a54
too; ok markus@ OpenBSD-Commit-ID: b74b5b0385f2e0379670e2b869318a65b0bc3923
If set, this will terminate the connection at the first authentication request (this is the earliest we can evaluate sshd_config Match blocks) ok markus@ OpenBSD-Commit-ID: 43cc2533984074c44d0d2f92eb93f661e7a0b09c
PerSourcePenalties This allows penalising connection sources that have had connections dropped by the RefuseConnection option. ok markus@ OpenBSD-Commit-ID: 3c8443c427470bb3eac1880aa075cb4864463cb6
options. This allows writing Match conditions that trigger for invalid username. E.g. PerSourcePenalties refuseconnection:90s Match invalid-user RefuseConnection yes Will effectively penalise bots try to guess passwords for bogus accounts, at the cost of implicitly revealing which accounts are invalid. feedback markus@ OpenBSD-Commit-ID: 93d3a46ca04bbd9d84a94d1e1d9d3a21073fbb07
OpenBSD-Commit-ID: 2c84a9b517283e9711e2812c1f268081dcb02081
implementation in SUPERCOP 20201130 to the "compact" implementation in SUPERCOP 20240808. The new version is substantially faster. Thanks to Daniel J Bernstein for pointing out the new implementation (and of course for writing it). tested in snaps/ok deraadt@ OpenBSD-Commit-ID: bf1a77924c125ecdbf03e2f3df8ad13bd3dafdcb
Simpler and removes some code with the old-style BSD license.
OpenBSD-Commit-ID: d899c13b0e8061d209298eaf58fe53e3643e967c
OpenBSD-Commit-ID: 1c81f37b138b8b66abba811fec836388a0f3e6da
relies on using -fwrapv to provide defined over/underflow behaviour, but we use -ftrapv to catch integer errors and abort the program. ok dtucker@ OpenBSD-Commit-ID: 8933369b33c17b5f02479503d0a92d87bc3a574b
key values need to be static to persist across invocations; spotted by the Qualys Security Advisory team.
OpenBSD-Commit-ID: 303417285f1a73b9cb7a2ae78d3f493bbbe31f98
The only parts of the merge that conflicted were in the document dates of some of the man pages and some CI config files. This has not yet passed regression or functionality tests.
…an architectures. A one line fix provided by Mattias Ellert. See #93 for the PR.
The none MAC is valid in HPN-SSH but it's not enabled by default in sshd_config. So when the rekey tests tries to test it then it will fail. This doesn't occur in all scenarious but absolutely under OSX and other cases in which openssl is disabled.
It's easier and less error prone to just filter the none MAC from the list of MACs to test.
|
Note: Mitch is not available for a code review so I'll be pushing this out without his review. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Integrate OpenSSH 9.9 into HPN-SSH.
This doesn't introduce new functionality on the HPN-SSH side of things. No notable changes were required to merge OpenSSH. The only change of any note was a modification to umac.c to extend support to big-endian architectures like s390x systems.