Open
Conversation
In anticipation of davidben and beck making ASN1_STRING opaque in OpenSSL 4 with the aim of enabling surgery to make the X509 data structure less bad [1], we need to use dumb accessors to avoid build breakage. Fortunately only in one spot. This is OpenSSL 1.1 API and available in all members of the fork family. ok beck djm [1]: openssl/openssl#29117 OpenBSD-Commit-ID: 0bcaf691d20624ef43f3515c983cd5aa69547d4f
FIDO application string. This matches the behaviour of ssh-keygen -K From Arian van Putten via GHPR608 OpenBSD-Commit-ID: 3fda54b44ed6a8a6f94cd3e39e69c1e672095712
ssh-agent. Allows testing of PKCS11 modules outside system directories. From Morgan Jones via GHPR602 OpenBSD-Regress-ID: 548d6e0362a8d9f7d1cc01444b697a00811ff488
GHPR602 OpenBSD-Regress-ID: 7d771db2c1d4a422e83c3f632ba1e96f72a262b8
didn't decode it. From Mingjie Shen via GHPR598 OpenBSD-Commit-ID: c722014e735cbd87adb2fa968ce4c47b43cf98b0
GHPR611 OpenBSD-Commit-ID: 253f6f7d729d8636da23ac9925b60b494e85a810
Josh Brobst OpenBSD-Commit-ID: 4f36019a38074b2929335fbe9cb8d9801e3177af
form. GHPR568 from Santiago Vila OpenBSD-Commit-ID: 7e68771f3cad61ec67303607afb3b85639288b29
SSH connection. ok djm@, "I like/want" sthen@ florian@ OpenBSD-Commit-ID: 0483fc0188ec899077e4bc8e1e353f7dfa9f5c1d
option. OpenBSD-Commit-ID: 83424b71fc226ea6b3dc8dda39f993475fdbd775
only display peer information for TCP connections including source address and port This provides enough information to uniquely identify a connection on the host or network. OpenBSD-Commit-ID: aa18a4af2de41c298d1195d2566808585f8ce964
copies; from Colin Watson via bz3900; ok dtucker@ OpenBSD-Commit-ID: 5c09b030e2024651ebc8c1f9af6a8a2d37912150
that shows connection information, similar to the ~I escapechar. This is the first use of the mux extension mechanism, so it should be both forward and backward compatible: a new client talking to an old server will not allow the "conninfo" request to be sent, but everything else should work seamlessly. feedback and ok djm@ OpenBSD-Commit-ID: 50f047a85da277360558cabdfed59cb66f754341
OpenBSD-Regress-ID: e939edc41caad8b6ad00ff294f33b61ed32a1edd
such as "3w2d4h5m10.5s", into a floating point number of seconds. Reimplement the existing convtime() function using convtime_double() (it just drops the fractional seconds) lots of feedback deraadt@ / dtucker@; ok deraadt@ OpenBSD-Commit-ID: 053cdd0c72325a20efc6613caa847473fb89e36f
allowing penalties to be less than a second. This is useful if you need to penalise things you expect to occur at >=1 QPS. feedback dtucker / deraadt; ok deraadt@ OpenBSD-Commit-ID: 89198be755722131b45a52d22d548e4c602201f0
OpenBSD-Regress-ID: d3ba7b894019b4128845d638c78fca37b3b6eecf
OpenBSD-Regress-ID: bceaeb267d49c13e4a797c42e93b8f0cdb14dbd7
Put both of these later in the script so the cvsids don't cause conflicts on every synced patch.
OpenBSD-Regress-ID: cdb5c4e95c0f00efb773ddba4056a49e33702cf9
compression. OpenBSD-Regress-ID: 026db51b2654a949e9a10b908443dab83b64c74a
OpenBSD-Regress-ID: 507cb8c36bb7fc338f60a55bf7040f479536b3f7
OpenBSD-Regress-ID: c78eb430da0ec2c4b6919ff4d27ef8e565ef52ff
they seem to cause portability problems. OpenBSD-Regress-ID: ff001be683de43bf396cd5f9f6a54e0c7a99c3cf
OK stsp@ OpenBSD-Commit-ID: 8019fd6e8c522b4b5f291a2c0e3bf2437cc70dc1
memberships. Reported by Kevin Day via bz3903 OpenBSD-Commit-ID: 772b9aafd5165a7c407f08cb95f8b94cc5a4c1c0
flag that forcing a command doesn't automatically disable forwarding. Add one next to the sshd_config(5) ForceCommand directive too. feedback deraadt@ OpenBSD-Commit-ID: bfe38b4d3cfbadbb8bafe38bc256f5a17a0ee75c
algorithm allowlists: HostKeyAlgorithms, PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms. Previously, if any ECDSA type (say "ecdsa-sha2-nistp521") was present in one of these lists, then all ECDSA algorithms would be permitted. Reported by Christos Papakonstantinou of Cantina and Spearbit. OpenBSD-Commit-ID: c790e2687c35989ae34a00e709be935c55b16a86
the commandline to earlier in main(), specifically before some contexts where a username with shell characters might be expanded by a %u directive in ssh_config. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We continue to recommend against using untrusted input on the SSH commandline. Mitigations like this are not 100% guarantees of safety because we can't control every combination of user shell and configuration where they are used. Reported by Florian Kohnhäuser OpenBSD-Commit-ID: 25ef72223f5ccf1c38d307ae77c23c03f59acc55
OpenBSD-Commit-ID: 05e22de74e090e5a174998fa5799317d70ad19c4
OpenBSD-Regress-ID: d22c66ca60f0d934a75e6ca752c4c11b9f4a5324
Add a fallback to <sys/stat.h> in the win32 compatibility header when the generated SYS_STAT_H macro is not defined. This preserves the new upstream-compatible include indirection without depending on local header-map generation.
Add a fallback to <fcntl.h> in the win32 compatibility header when FCNTL_H is not defined by the generated CRT header map. This keeps the new upstream-compatible include indirection from breaking local Windows builds.
Add a fallback to <time.h> in the win32 compatibility header when the generated TIME_H include path is not usable in the new indirect include form. This preserves the upstream-compatible structure without breaking the Windows build.
- add win32compat wrapper headers for glob/tree/queue - make sftp-usergroup.h include glob.h for glob_t usage - fix Windows scp command loop variable declaration - update sys/types.h fallback include for generated header mapping - include ssherr-libcrypto/ssherr-nolibcrypto split sources in libssh project - align servconf type with upstream u_int
Copy remaining diverged files from scratch-merge-v10.3P1-20260410 to the clean merge branch so the single-merge branch matches the tested scratch conflict/build resolution state.
Add a reviewer-facing summary of conflict-resolution strategies, build fixes, and validation outcomes for both scratch and clean branch merge phases.
Keep banner exchange in sshd-auth for the split 10.3 flow and restore the post-auth monitor message ordering expected by the sshd-session -z child. Also update the V_10_3_P1 conflict resolution notes with the successful elevated entra-id-debug-localhost validation result.
Collaborator
Author
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Collaborator
Author
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
PR Summary
PR Context