[openssh-commits] [openssh] branch master updated (d8b806a2e -> df2b28163)

git+noreply at mindrot.org git+noreply at mindrot.org
Mon Feb 16 12:20:32 AEDT 2026 

This is an automated email from the git hooks/post-receive script.

dtucker pushed a change to branch master
in repository openssh.

    from d8b806a2e Remove obsolete comment referencing auth-chall.c.
     new 07c6413e7 upstream: remove unneeded includes; ok dtucker@
     new c5cee49a0 upstream: Add basic test for keyboard-interactive auth.
     new 7a59f55e6 upstream: Reorder headers to match KNF and Portable.
     new a1158bba4 fix duplicate PAM msgs, missing loginmsg reset
     new b9a6dd4d6 auth-pam: Immediately report interactive instructions to clients
     new df2b28163 Remove "draining" of PAM prompts.

The 6 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Detailed log of new commits:

commit df2b28163ac75e023837de445d6492dc57359105
Author: Darren Tucker <dtucker at dtucker.net>
Date:   Sun Feb 15 14:16:56 2026 -0500

    Remove "draining" of PAM prompts.
    
    With the previous commit, both prompts and info/error error messages are
    returned to keyboard-interactive immedately and none are accumulated, so
    there will never be any un-drained prompts.  ok djm@

commit b9a6dd4d66ee14577494d550b396d0452bf05e1e
Author: Marco Trevisan (Treviño) <mail at 3v1n0.net>
Date:   Tue Oct 17 04:27:32 2023 +0200

    auth-pam: Immediately report interactive instructions to clients
    
    SSH keyboard-interactive authentication method supports instructions but
    sshd didn't show them until an user prompt was requested.
    
    This is quite inconvenient for various PAM modules that need to notify
    an user without requiring for their explicit input.
    
    So, properly implement RFC4256 making instructions to be shown to users
    when they are requested from PAM.
    
    Closes: https://bugzilla.mindrot.org/show_bug.cgi?id=2876

commit a1158bba43e00240c00c530596de2d4e1d405b50
Author: Matthew Heller <hellermf at accre.vanderbilt.edu>
Date:   Mon Oct 14 09:25:41 2024 -0500

    fix duplicate PAM msgs, missing loginmsg reset
    
    without this change in mm_answer_pam_account all messages added in
    auth-pam.c sshpam_query(...) case PAM_SUCCESS end up sent here, then are
    still sitting in the loginmsg buffer and printed a second time in
    session.c do_login(...)

commit 7a59f55e621c841aab187c96e0f3271c5c799709
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date:   Mon Feb 16 00:45:41 2026 +0000

    upstream: Reorder headers to match KNF and Portable.
    
    ID sync only.
    
    OpenBSD-Commit-ID: b7f9700d07b532eb3720f7bd722b952e31b1752f

commit c5cee49a0c5721532716365f32977fc02eeea1d5
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date:   Sun Feb 15 22:29:30 2026 +0000

    upstream: Add basic test for keyboard-interactive auth.
    
    Not enabled by default since it requires some setup on the host.
    
    OpenBSD-Regress-ID: aa8a9608a2ea2e5aaa094c5a5cc453e4797cd902

commit 07c6413e7bf08b7bfc6fd543eded9da68898e230
Author: jsg at openbsd.org <jsg at openbsd.org>
Date:   Sat Feb 14 00:18:34 2026 +0000

    upstream: remove unneeded includes; ok dtucker@
    
    OpenBSD-Commit-ID: bba6e85492276c30c7a9d27dfd3c4c55fa033335

Summary of changes:
 addrmatch.c                   |  5 +--
 auth-pam.c                    | 64 +++++++++----------------------
 authfd.c                      |  6 +--
 authfile.c                    |  8 +---
 canohost.c                    |  3 +-
 channels.c                    |  5 +--
 cipher-chachapoly-libcrypto.c |  4 +-
 cipher.c                      |  3 +-
 clientloop.c                  |  8 +---
 compat.c                      |  3 +-
 dns.c                         |  3 +-
 hmac.c                        |  3 +-
 kex-names.c                   |  4 +-
 kex.c                         |  4 +-
 kexdh.c                       |  7 +---
 kexecdh.c                     |  4 +-
 kexgex.c                      |  2 +-
 kexgexc.c                     |  3 +-
 krl.c                         |  5 +--
 log.c                         |  3 +-
 monitor.c                     |  1 +
 msg.c                         |  5 +--
 mux.c                         | 10 +----
 nchan.c                       |  4 +-
 packet.c                      |  6 +--
 readconf.c                    |  5 +--
 readpass.c                    |  3 +-
 regress/Makefile              |  3 +-
 regress/kbdint.sh             | 87 +++++++++++++++++++++++++++++++++++++++++++
 ssh-ecdsa.c                   |  6 +--
 ssh-ed25519-sk.c              |  4 +-
 ssh-ed25519.c                 |  3 +-
 ssh-pkcs11.c                  |  3 +-
 ssh-rsa.c                     |  6 +--
 ssh-sk-client.c               |  4 +-
 ssh.c                         | 12 +-----
 sshconnect.c                  |  9 +----
 sshconnect2.c                 |  5 +--
 ttymodes.c                    |  3 +-
 umac.c                        |  3 +-
 40 files changed, 147 insertions(+), 182 deletions(-)
 create mode 100644 regress/kbdint.sh

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list