| commit | 365bb75cc641be51625304177207218b3ed62378 | [log] [tgz] |
|---|---|---|
| author | global-integration-roller <global-integration-roller@fuchsia-infra.iam.gserviceaccount.com> | Sat Apr 13 00:25:22 2024 +0000 |
| committer | Copybara-Service <copybara-worker@google.com> | Fri Apr 12 17:26:23 2024 -0700 |
| tree | f73541d305ecad9b7551a4f05926fc6d6723d71f | |
| parent | 96cecd8450da597ec8890bc165626faa65205ef1 [diff] |
[roll] Roll third_party/openssh-portable 250f64e..9907b3e (100 commits) 9907b3e:https://fuchsia-review.googlesource.com/c/third_party/openssh-portable/+/970777 Merge remote-tracking branch 'origin/upstream/V_9_6' into HEAD 95cd4a0 better detection of broken -fzero-call-used-regs 8241b9c crank versions 2f2c65c depend e48cdee upstream: regress test for agent PKCS#11-backed certificates 2f512f8 upstream: regress test for constrained PKCS#11 keys cdddd66 upstream: openssh-9.6 6d51fea upstream: ssh-agent: record failed session-bind attempts 7ef3787 upstream: ban user/hostnames with most shell metacharacters 0cb50ee upstream: stricter handling of channel window limits 4448a29 upstream: Make it possible to load certs from PKCS#11 tokens 881d9c6 upstream: apply destination constraints to all p11 keys a7ed931 upstream: add "ext-info-in-auth@openssh.com" extension 1edb00c upstream: implement "strict key exchange" in ssh and sshd 59d691b better detection of broken -fzero-call-used-regs aa7b217 upstream: when invoking KnownHostsCommand to determine the order of 4086bd6 upstream: prevent leak in sshsig_match_principals; ok djm@ 19d3ee2 upstream: short circuit debug log processing early if we're not going 947affa Add tests for OpenSSL 3.2.0 and 3.2 stable branch. 747dce3 Use non-zero arg in compiler test program. 3d44a5c upstream: Plug mem leak of msg when processing a quit message. 1d7f9b6 upstream: Include existing mux path in debug message. f299340 Add an Ubuntu 22.04 test VM. a93284a Add gcc-12 -Werror test on Ubuntu 22.04. 670f5a6 Check return value from write to prevent warning. cea007d Run compiler test program when compiling natively. ee0d305 Factor out compiler test program into a macro. de304c7 Add fbsd14 VM to test pool. 99a2df5 Expand -fzero-call-used-regs test to cover gcc 11. ff220d4 Stop using -fzero-call-used-regs=all 2a19e02 Allow for vendor prefix on clang version numbers. c52db01 upstream: set errno=EAFNOSUPPORT when filtering addresses that don't 26f3f3b upstream: when connecting via socket (the default case), filter 050c335 upstream: when deciding whether to enable keystroke timing 676377c upstream: Make sure sftp_get_limits() only returns 0 if 'limits' 64e0600 Test current releases of LibreSSL and OpenSSL. c8ed7cc upstream: Specify ssh binary to use e9fc2c4 Put long-running test targets on hipri runners. 7ddf276 upstream: add some tests of forced commands overriding Subsystem fb06f9b upstream: Don't try to use sudo inside sshd log wrapper. fc3cc33 upstream: Only try to chmod logfile if we have sudo. If we don't have 3a50659 upstream: move PKCS#11 setup code to test-exec.sh so it can be reused f82fa22 upstream: tidy and refactor PKCS#11 setup code 3cf698c Add obsd74 test VM and retire obsd69 and obsd70. 3e21d58 Add OpenSSL 3.3.0 as a known dev version. 917ba18 Restore nopasswd sudo rule on Mac OS X. c5698ab Don't exit early when setting up on Mac OS X. 1d6a878 upstream: Only try to chown logfiles that exist to prevent spurious e612376 upstream: make use of bsd.regress.mk in extra and interop targets; ok ea00391 upstream: Skip conch interop tests when not enabled instead of fatal. d220b9e upstream: Import regenerated moduli. a611e4d upstream: ssh conch interop tests requires a controlling terminal; da951b5 upstream: Use private key that is allowed by sshd defaults in conch 1ca166d Install Dropbear for interop testing. f993bb5 Resync PuTTY and Conch path handling with upstream. ff85bec Have configure find PuTTY and Conch binaries. c54a503 upstream: Allow overriding the locations of the Dropbear binaries fbaa707 upstream: Add interop test with Dropbear. c2003d0 Update openssl-devel dependency in RPM spec. 064e09c Remove reference of dropped sshd.pam.old file 62db354 upstream: Move declaration of "len" into the block where it's used. 6eee8c9 run t-extra regress tests 637624d Don't use make -j2. 971e0cf Correct arg order for ED255519 AC_LINK_IFELSE test. c616e64 upstream: typos and extra debug trace calls c49a3fb upstream: ensure logs are owned by correct user; feedback/ok 5ec0ed7 upstream: 64 %-expansion keys ought to be enough for anybody; ok f59a94e upstream: don't dereference NULL pointer when hashing jumphost 281c791 Solaris: prefer PRIV_XPOLICY to PRIV_LIMIT 98fc34d upstream: add %j token that expands to the configured ProxyJump 7f3180b upstream: release GSS OIDs only at end of authentication; bz2982, a612b93 upstream: mask SIGINT/TERM/QUIT/HUP before checking quit_pending 531b27a upstream: sync usage() with ssh.1; spotted by kn@ 64f7ca8 upstream: ssh -Q does not make sense with other command-line options, a752a6c upstream: add ChannelTimeout support to the client, mirroring the 76e91e7 upstream: add support for reading ED25519 private keys in PEM PKCS8 fc77c8e upstream: mention "none" is a valid argument to IdentityFile; bz3080 c97520d upstream: in olde rcp/scp protocol mode, when rejecting a path from the 208c2b7 upstream: s/%.100s/%s/ in SSH- banner construction as there's no 0354790 upstream: Garbage collect cipher_get_keyiv_len() 8d29ee4 upstream: Reserve a range of "local extension" message numbers that 90b0d73 upstream: typo in error message e84517f upstream: Perform the softhsm2 setup as discrete steps rather than cb54bec upstream: REGRESS_FAIL_EARLY defaults to yes now. So no need to f01f513 upstream: spelling fix; 80a2f64 crank version numbers f65f187 upstream: openssh-9.5 ffe27e5 upstream: add some cautionary text about % token expansion and 60ec3d5 upstream: fix link to agent draft; spotted by Jann Horn 12e2d4b use portable provider allowlist path in manpage 6c2c6ff upstream: typo; from Jim Spath b6b4913 upstream: rename remote_glob() -> sftp_glob() to match other API 21b79af upstream: typo in comment 41232d2 Use zero-call-used-regs=used with Apple compilers. 90ccc59 upstream: randomise keystroke obfuscation intervals and average bd1b9e5 upstream: fix sizeof(*ptr) instead sizeof(ptr) in realloc (pointer here c4f9664 upstream: regress test recursive remote-remote directories copies where 5e1dfe5 upstream: fix recursive remote-remote copies of directories that 7c0ce2b upstream: regress test for recursive copies of directories containing 2de9901 upstream: the sftp code was one of my first contributions to GitOrigin-RevId: 6893b7991b3ad2af3b139eaa92f88113d12626fe Change-Id: I0b75b870bbe3417ffc2dce83736b4a506f69c1f8
This repository contains Fuchsia's Global Integration manifest files.
All changes should be made to the internal version of this repository. Our infrastructure automatically updates this version when the internal one changes.
Currently all changes must be made by a Google employee. Non-Google employees wishing to make a change can ask for assistance via the IRC channel #fuchsia on Freenode.
First install Jiri.
Next run:
$ jiri init $ jiri import minimal https://fuchsia.googlesource.com/integration $ jiri update
Third party projects should have their own subdirectory in ./third_party.