upstream: whitespace

OpenBSD-Commit-ID: 564cf7a5407ecf5da2d94ec15474e07427986772

upstream: force early logging to stderr if debug_flag (-d) is set;

avoids missing messages from re-exec config passing

OpenBSD-Commit-ID: 02484b8241c1f49010e7a543a7098e6910a8c9ff

upstream: mistake in previous: filling the incorrect buffer

OpenBSD-Commit-ID: 862ee84bd4b97b529f64aec5d800c3dcde952e3a

upstream: Add a sshd_config "Include" directive to allow inclusion

of files. This has sensible semantics wrt Match blocks and accepts glob(3)
patterns to specify the included files. Base

upstream: Add a sshd_config "Include" directive to allow inclusion

of files. This has sensible semantics wrt Match blocks and accepts glob(3)
patterns to specify the included files. Based on patch by Jakub Jelen in
bz2468; feedback and ok markus@

OpenBSD-Commit-ID: 36ed0e845b872e33f03355b936a4fff02d5794ff

show more ...

upstream: spelling fix;

OpenBSD-Commit-ID: 3c079523c4b161725a4b15dd06348186da912402

upstream: document changed default for UpdateHostKeys

OpenBSD-Commit-ID: 25c390b21d142f78ac0106241d13441c4265fd2c

upstream: enable UpdateKnownHosts=yes if the configuration

specifies only the default known_hosts files, otherwise select
UpdateKnownHosts=ask; ok markus@

OpenBSD-Commit-ID: ab4

upstream: enable UpdateKnownHosts=yes if the configuration

specifies only the default known_hosts files, otherwise select
UpdateKnownHosts=ask; ok markus@

OpenBSD-Commit-ID: ab401a5ec4a33d2e1a9449eae6202e4b6d427df7

show more ...

Look in inttypes.h for UINT32_MAX.

Should prevent warnings on at least some AIX versions.

upstream: use sshpkt_fatal() instead of plain fatal() for

ssh_packet_write_poll() failures here too as the former yields better error
messages; ok dtucker@

OpenBSD-Commit-ID: 1f

upstream: use sshpkt_fatal() instead of plain fatal() for

ssh_packet_write_poll() failures here too as the former yields better error
messages; ok dtucker@

OpenBSD-Commit-ID: 1f7a6ca95bc2b716c2e948fc1370753be772d8e3

show more ...

upstream: check the return value of ssh_packet_write_poll() and

call sshpkt_fatal() if it fails; avoid potential busy-loop under some
circumstances. Based on patch by Mike Frysinger; ok

upstream: check the return value of ssh_packet_write_poll() and

call sshpkt_fatal() if it fails; avoid potential busy-loop under some
circumstances. Based on patch by Mike Frysinger; ok dtucker@

OpenBSD-Commit-ID: c79fe5cf4f0cd8074cb6db257c1394d5139408ec

show more ...

upstream: have sshpkt_fatal() save/restore errno before we

potentially call strerror() (via ssh_err()); ok dtucker

OpenBSD-Commit-ID: 5590df31d21405498c848245b85c24acb84ad787

upstream: markus suggests a simplification to previous

OpenBSD-Commit-ID: 10bbfb6607ebbb9a018dcd163f0964941adf58de

upstream: give more context to UpdateHostKeys messages, mentioning

that the changes are validated by the existing trusted host key. Prompted by
espie@ feedback and ok markus@

Op

upstream: give more context to UpdateHostKeys messages, mentioning

that the changes are validated by the existing trusted host key. Prompted by
espie@ feedback and ok markus@

OpenBSD-Commit-ID: b3d95f4a45f2692f4143b9e77bb241184dbb8dc5

show more ...

upstream: changes to support FIDO attestation

Allow writing to disk the attestation certificate that is generated by
the FIDO token at key enrollment time. These certificates may be used

upstream: changes to support FIDO attestation

Allow writing to disk the attestation certificate that is generated by
the FIDO token at key enrollment time. These certificates may be used
by an out-of-band workflow to prove that a particular key is held in
trustworthy hardware.

Allow passing in a challenge that will be sent to the card during
key enrollment. These are needed to build an attestation workflow
that resists replay attacks.

ok markus@

OpenBSD-Commit-ID: 457dc3c3d689ba39eed328f0817ed9b91a5f78f6

show more ...

upstream: disable UpdateHostKeys=ask when in quiet mode; "work for

me" matthieu@

OpenBSD-Commit-ID: 60d7b5eb91accf935ed9852650a826d86db2ddc7

compat for missing IPTOS_DSCP_LE in system headers

upstream: make IPTOS_DSCP_LE available via IPQoS directive; bz2986,

based on patch by veegish AT cyberstorm.mu

OpenBSD-Commit-ID: 9902bf4fbb4ea51de2193ac2b1d965bc5d99c425

upstream: disable UpdateHostKeys=ask if command is specified; ok

djm@ sthen@

OpenBSD-Commit-ID: e5bcc45eadb78896637d4143d289f1e42c2ef5d7

upstream: unbreak unittests for recent API / source file changes

OpenBSD-Regress-ID: 075a899a01bbf7781d38bf0b33d8366faaf6d3c0

Move definition of UINT32_MAX.

This allows us to always define it if needed not just if we also
define the type ourself.

upstream: unbreak unittests for recent API / source file changes

OpenBSD-Regress-ID: 075a899a01bbf7781d38bf0b33d8366faaf6d3c0

Include signal.h to prevent redefintion of _NSIG.

Wrap stdint.h in tests inside HAVE_STDINT_H.

upstream: for UpdateHostKeys, don't report errors for unsupported

key types - just ignore them. spotted by and ok dtucker@

OpenBSD-Commit-ID: 91769e443f6197c983932fc8ae9d39948727d473

upstream: downgrade error() for missing subsequent known_hosts

files to debug() as it was intended to be; spotted by dtucker@

OpenBSD-Commit-ID: 18cfea382cb52f2da761be524e309cc3d535

upstream: downgrade error() for missing subsequent known_hosts

files to debug() as it was intended to be; spotted by dtucker@

OpenBSD-Commit-ID: 18cfea382cb52f2da761be524e309cc3d5354ef9

show more ...