[wip] merge#842
Open
tgauth wants to merge 277 commits into
Open
Conversation
OpenBSD-Commit-ID: 65577596a15ad6dd9a1ab3fc24c1c31303ee6e2b
OpenBSD-Regress-ID: 7260fb672de5738c17dec06c71a5be0186bb2b09
OpenBSD-Regress-ID: 4f71f8f122eac4cbf7f1d2088a9be45317dd3e4a
OpenBSD-Regress-ID: 4424d2eaf0bce3887318ef6d18de6c06f3617d6e
This makes things easier in -portable, where on Solaris an derivatives "sun" is defined to "1", causing compilation errors. ok deraadt@. OpenBSD-Commit-ID: 0669043afb49856b57b382f0489221bd98305d3b
On those, the subsequent stat() should catch the sockets.
When the ssh-agent service is configured to be launched under systemd
socket-activation, the user can inspect the status of the agent with
something like:
systemctl --user status ssh-agent.service
If the user does:
systemctl --user stop ssh-agent.service
it causes the `systemd --user` supervisor to send a SIGTERM to the
agent, which terminates while leaving the systemd-managed socket in
place. That's good, and as expected. (If the user wants to close the
socket, they can do "systemctl --user stop ssh-agent.socket" instead)
But because ssh-agent exits with code 2 in response to a SIGTERM, the
supervisor marks the service as "failed", even though the state of the
supervised service is exactly the same as during session startup (not
running, ready to launch when a client connects to the socket).
This change makes ssh-agent exit cleanly (code 0) in response to a
SIGTERM when launched under socket activation. This aligns the systemd
supervisor's understanding of the state of supervised ssh-agent with
reality.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Fixes build on pre-POSIX.1 2008 systems.
Some platforms (eg Old BSDs) in some configurations define DIR to "void *", which causes compile errors in the no-op implementation.
Should fix oss-fuzz test.
It's needed by the fuzzer.
For testing, you can set the repo variable RUN_ONLY_TEST in your repo (Repo -> Settings -> Security -> Actions -> Variables) to run only that test.
(instead of hard coding it, wrongly).
It fails but at this time it's not clear why.
Fails at the hardlink step.
Should reduce the need to scroll back to find out which test actually failed.
The most recent version of the Github ubuntu-latest image sets the password field to "!" which sshd considers to be a locked account, breaking most of the tests.
OpenBSD-Commit-ID: 1c9e01ba1a9ccf442a9cdf10f222077f66885f1f
when not initialised; spotted by tb@ feedback/ok tb@ deraadt@ OpenBSD-Commit-ID: a9fda1ee08a24c62e0981ff6d15ca93b63467038
It is available in all supported OpenSSL flavors/versions and the _GFp variants will be removed from LibreSSL. ok hshoexer jsing OpenBSD-Commit-ID: ecedca0e1ffa80e0c9ef7c787bc6a972882c596b
It is available in all supported OpenSSL flavors/versions and the _GFp variants will be removed from LibreSSL. ok hshoexer jsing OpenBSD-Regress-ID: 66cf1561e7b6c49002978f2d6720956f33a882f0
LibreSSL <3.4 does not have EC_POINT_[gs]et_affine_coordinates but does have the now-deprecated _GFp variantes. We still support LibreSSL back as far as 3.2.x so add a compat shim.
Fixes tests on platforms using older LibreSSL releases prior to 3.4.
LOGNAME is specified by POSIX, but Windows (or at least, github's Windows images) don't set it.
... now that we've fixed ci-setup on Cygwin.
…merge-v10.3P1-20260420
…merge-v10.3P1-20260420
…merge-v10.3P1-20260420
…merge-v10.3P1-20260420
…merge-v10.3P1-20260420
…merge-v10.3P1-20260420
…merge-v10.3P1-20260420
…merge-v10.3P1-20260420
Commit 0cf38d7 added #include monitor_wrap.h to sshd.c. On Windows GSSAPI is defined for the sshd listener (sshd.vcxproj), so monitor_wrap.h references Gssctxt/gss_OID, which require ssh-gss.h to be included first. sshd-session.c and sshd-auth.c already include ssh-gss.h before monitor_wrap.h; mirror that pattern in sshd.c (guarded by #ifdef GSSAPI).
…merge-v10.3P1-20260420
…merge-v10.3P1-20260420
Collaborator
Author
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
…merge-v10.3P1-20260420
…merge-v10.3P1-20260420
…merge-v10.3P1-20260420
…merge-v10.3P1-20260420
…ey registry and init label Restore the Windows ssh-agent in-memory key registry (add_key/del_all_keys/lookup_key with pkcs11_keylist TAILQ) that keyagent-request.c links against; these were dropped when ssh-pkcs11-client.c adopted upstream's rewritten architecture. Also TAILQ_INIT the keylist in pkcs11_init and initialize label=NULL in pkcs11_add_provider to satisfy MSVC C4703 (fatal_fr noreturn not recognized).
Collaborator
Author
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
…merge-v10.3P1-20260420
…merge-v10.3P1-20260420
…merge-v10.3P1-20260420
…merge-v10.3P1-20260420
…merge-v10.3P1-20260420
…gauth/openssh-portable into scratch-merge-v10.3P1-20260420
Collaborator
Author
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
PR Summary
PR Context