[openssh-commits] [openssh] branch master updated (da9f9aca -> a0231389)

git+noreply at mindrot.org git+noreply at mindrot.org
Tue Jun 8 17:17:33 AEST 2021


This is an automated email from the git hooks/post-receive script.

djm pushed a change to branch master
in repository openssh.

      from  da9f9aca  Save logs on failure for upstream test
       new  aae4b4d3  upstream: Allow argv_split() to optionally terminate tokenisation
       new  d7864249  upstream: Check if IPQoS or TunnelDevice are already set before
       new  ea9e45c8  upstream: Switch ssh_config parsing to use argv_split()
       new  a10f929d  upstream: switch sshd_config parsing to argv_split()
       new  9018bd82  upstream: prepare for stricter sshd_config parsing that will refuse
       new  ce04dd4e  upstream: test AuthenticationMethods inside a Match block as well
       new  acc9c32d  upstream: more descriptive failure message
       new  660cea10  upstream: sprinkle some "# comment" at end of configuration lines
       new  a0231389  upstream: Add testcases from bz#3319 for IPQoS and TunnelDevice

The 9 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Detailed log of new commits:

commit a023138957ea2becf1c7f93fcc42b0aaac6f2b03
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date:   Tue Jun 8 07:05:27 2021 +0000

    upstream: Add testcases from bz#3319 for IPQoS and TunnelDevice
    
    being overridden on the command line.
    
    OpenBSD-Regress-ID: 801674d5d2d02abd58274a78cab2711f11de14a8

commit 660cea10b2cdc11f13ba99c89b1bbb368a4d9ff2
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Tue Jun 8 06:52:43 2021 +0000

    upstream: sprinkle some "# comment" at end of configuration lines
    
    to test comment handling
    
    OpenBSD-Regress-ID: cb82fbf40bda5c257a9f742c63b1798e5a8fdda7

commit acc9c32dcb6def6c7d3688bceb4c0e59bd26b411
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Tue Jun 8 06:51:47 2021 +0000

    upstream: more descriptive failure message
    
    OpenBSD-Regress-ID: 5300f6faf1d9e99c0cd10827b51756c5510e3509

commit ce04dd4eae23d1c9cf7c424a702f48ee78573bc1
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon Jun 7 01:16:34 2021 +0000

    upstream: test AuthenticationMethods inside a Match block as well
    
    as in the main config section
    
    OpenBSD-Regress-ID: ebe0a686621b7cb8bb003ac520975279c28747f7

commit 9018bd821fca17e26e92f7a7e51d9b24cd62f2db
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon Jun 7 00:00:50 2021 +0000

    upstream: prepare for stricter sshd_config parsing that will refuse
    
    a config that has {Allow,Deny}{Users,Groups} on a line with no subsequent
    arguments. Such lines are permitted but are nonsensical noops ATM
    
    OpenBSD-Regress-ID: ef65463fcbc0bd044e27f3fe400ea56eb4b8f650

commit a10f929d1ce80640129fc5b6bc1acd9bf689169e
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Tue Jun 8 07:09:42 2021 +0000

    upstream: switch sshd_config parsing to argv_split()
    
    similar to the previous commit, this switches sshd_config parsing to
    the newer tokeniser. Config parsing will be a little stricter wrt
    quote correctness and directives appearing without arguments.
    
    feedback and ok markus@
    
    tested in snaps for the last five or so days - thanks Theo and those who
    caught bugs
    
    OpenBSD-Commit-ID: 9c4305631d20c2d194661504ce11e1f68b20d93e

commit ea9e45c89a4822d74a9d97fef8480707d584da4d
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Tue Jun 8 07:07:15 2021 +0000

    upstream: Switch ssh_config parsing to use argv_split()
    
    This fixes a couple of problems with the previous tokeniser,
    strdelim()
    
    1. strdelim() is permissive wrt accepting '=' characters. This is
      intended to allow it to tokenise "Option=value" but because it
      cannot keep state, it will incorrectly split "Opt=val=val2".
    2. strdelim() has rudimentry handling of quoted strings, but it
      is incomplete and inconsistent. E.g. it doesn't handle escaped
      quotes inside a quoted string.
    3. It has no support for stopping on a (unquoted) comment. Because
      of this readconf.c r1.343 added chopping of lines at '#', but
      this caused a regression because these characters may legitimately
      appear inside quoted strings.
    
    The new tokeniser is stricter is a number of cases, including #1 above
    but previously it was also possible for some directives to appear
    without arguments. AFAIK these were nonsensical in all cases, and the
    new tokeniser refuses to accept them.
    
    The new code handles quotes much better, permitting quoted space as
    well as escaped closing quotes. Finally, comment handling should be
    fixed - the tokeniser will terminate only on unquoted # characters.
    
    feedback & ok markus@
    
    tested in snaps for the last five or so days - thanks Theo and those who
    caught bugs
    
    OpenBSD-Commit-ID: dc72fd12af9d5398f4d9e159d671f9269c5b14d5

commit d786424986c04d1d375f231fda177c8408e05c3e
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date:   Tue Jun 8 07:02:46 2021 +0000

    upstream: Check if IPQoS or TunnelDevice are already set before
    
    overriding. Prevents values in config files from overriding values supplied
    on the command line.  bz#3319, ok markus.
    
    OpenBSD-Commit-ID: f3b08b898c324debb9195e6865d8999406938f74

commit aae4b4d3585b9f944d7dbd3c9e5ba0006c55e457
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Tue Jun 8 06:54:40 2021 +0000

    upstream: Allow argv_split() to optionally terminate tokenisation
    
    when it encounters an unquoted comment.
    
    Add some additional utility function for working with argument
    vectors, since we'll be switching to using them to parse
    ssh/sshd_config shortly.
    
    ok markus@ as part of a larger diff; tested in snaps
    
    OpenBSD-Commit-ID: fd9c108cef2f713f24e3bc5848861d221bb3a1ac

Summary of changes:
 auth2-pubkey.c              |   7 +-
 misc.c                      |  55 +++-
 misc.h                      |   9 +-
 readconf.c                  | 420 +++++++++++++++++++-----------
 regress/allow-deny-users.sh |   8 +-
 regress/cfginclude.sh       |  24 +-
 regress/cfgmatch.sh         |   8 +-
 regress/multipubkey.sh      |  19 +-
 regress/servcfginclude.sh   |   8 +-
 regress/sshcfgparse.sh      |  15 +-
 servconf.c                  | 614 ++++++++++++++++++++++++--------------------
 ssh.c                       |   9 +-
 sshconnect.c                |   4 +-
 13 files changed, 719 insertions(+), 481 deletions(-)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list