upstream: Rename pubkeyacceptedkeytypes to pubkeyacceptedalgorithms in

test to match change to config-dump output.

OpenBSD-Regress-ID: 74c9a4ad50306be873d032819d5e55c24eb74d5d

upstream: Put obsolete aliases for hostbasedalgorithms and

pubkeyacceptedalgorithms after their current names so that the config-dump
mode finds and uses the current names. Spotted by P

upstream: Put obsolete aliases for hostbasedalgorithms and

pubkeyacceptedalgorithms after their current names so that the config-dump
mode finds and uses the current names. Spotted by Phil Pennock.

OpenBSD-Commit-ID: 5dd10e93cccfaff3aaaa09060c917adff04a9b15

show more ...

upstream: lots more s/key types/signature algorithms/ mostly in

HostbasedAcceptedAlgorithms and HostKeyAlgorithms; prompted by Jakub Jelen

OpenBSD-Commit-ID: 3f719de4385b1a89e4323b2

upstream: lots more s/key types/signature algorithms/ mostly in

HostbasedAcceptedAlgorithms and HostKeyAlgorithms; prompted by Jakub Jelen

OpenBSD-Commit-ID: 3f719de4385b1a89e4323b2549c66aae050129cb

show more ...

upstream: Correct reference to signature algorithms as keys; from

Jakub Jelen

OpenBSD-Commit-ID: 36f7ecee86fc811aa0f8e21e7a872eee044b4be5

Add a couple more test VMs.

Valgrind test: split and move up list.

Since the valgrind test takes so long it approaches the limit allowed by
github, move it to the head of the list so it's the first one started and

Valgrind test: split and move up list.

Since the valgrind test takes so long it approaches the limit allowed by
github, move it to the head of the list so it's the first one started and
split the longest tests out into a second instance that runs concurrently
with the first.

show more ...

upstream: warn when the user specifies a ForwardAgent path that does

not exist and exit if ExitOnForwardFailure is set; bz3264

OpenBSD-Commit-ID: 72f7875865e723e464c71bf8692e8311069

upstream: warn when the user specifies a ForwardAgent path that does

not exist and exit if ExitOnForwardFailure is set; bz3264

OpenBSD-Commit-ID: 72f7875865e723e464c71bf8692e83110699bf26

show more ...

Disable rlimit sandbox, doesn't work with valgrind

Only run regress tests, runing unit tests as well makes it run longer
than allowed y github.

Upload valgrind logs on failure.

Rename "vm" to "os" in selfhosted to match c-cpp.

Should make it easier to share code or maybe merge at some point.

Upload regress failure logs in c-cpp too.

Comment out Solaris 64bit PAM build...

until I can figure out why it's failing.

Actually run Valgrind tests.

Add test against Valgrind.

Add fbsd12 test target.

Remove unused arg.

Add DEBUG_SK to kitchensink builds.

Add bbone test target (arm32).

upstream: Fix the hostkeys rotation extension documentation

The documentation was lacking the needed want-reply field in the initial
global request.

https://github.com/openssh/o

upstream: Fix the hostkeys rotation extension documentation

The documentation was lacking the needed want-reply field in the initial
global request.

https://github.com/openssh/openssh-portable/pull/218 by dbussink

OpenBSD-Commit-ID: 051824fd78edf6d647a0b9ac011bf88e28775054

show more ...

upstream: make names in function prototypes match those in

definition from https://github.com/openssh/openssh-portable/pull/225 by
ZenithalHourlyRate

OpenBSD-Commit-ID: 7c736307

upstream: make names in function prototypes match those in

definition from https://github.com/openssh/openssh-portable/pull/225 by
ZenithalHourlyRate

OpenBSD-Commit-ID: 7c736307bf3f2c7cb24d6f82f244eee959485acd

show more ...

upstream: unbreak SK_DEBUG builds

from https://github.com/openssh/openssh-portable/pull/225 by
ZenithalHourlyRate

OpenBSD-Commit-ID: 28d7259ce1b04d025411464decfa2f1a097b43eb

upstream: sftp-server: implement limits@openssh.com extension

This is a simple extension that allows the server to clearly
communicate transfer limits it is imposing so the client doesn'

upstream: sftp-server: implement limits@openssh.com extension

This is a simple extension that allows the server to clearly
communicate transfer limits it is imposing so the client doesn't
have to guess, or force the user to manually tune. This is
particularly useful when an attempt to use too large of a value
causes the server to abort the connection.

Patch from Mike Frysinger; ok dtucker@

OpenBSD-Commit-ID: f96293221e5aa24102d9bf30e4f4ef04d5f4fb51

show more ...

support OpenSSL 3.x cipher IV API change

OpenSSL renamed the "get current CIPHER_CTX" IV operation in 3.x.
This uses the new name if available.

https://github.com/openssl/openss

support OpenSSL 3.x cipher IV API change

OpenSSL renamed the "get current CIPHER_CTX" IV operation in 3.x.
This uses the new name if available.

https://github.com/openssl/openssl/issues/13411

bz#3238 ok dtucker@

show more ...

prefer login_getpwclass() to login_getclass()

FreeBSD has login_getpwclass() that does some special magic for
UID=0. Prefer this to login_getclass() as its easier to emulate
the form

prefer login_getpwclass() to login_getclass()

FreeBSD has login_getpwclass() that does some special magic for
UID=0. Prefer this to login_getclass() as its easier to emulate
the former with the latter.

Based on FreeBSD PR 37416 via Ed Maste; ok dtucker@

show more ...

Fixing quoting for installing moduli on target guest.