[openssh-commits] [openssh] branch master updated (da9f9aca -> a0231389)
git+noreply at mindrot.org
git+noreply at mindrot.org
Tue Jun 8 17:17:33 AEST 2021
This is an automated email from the git hooks/post-receive script.
djm pushed a change to branch master
in repository openssh.
from da9f9aca Save logs on failure for upstream test
new aae4b4d3 upstream: Allow argv_split() to optionally terminate tokenisation
new d7864249 upstream: Check if IPQoS or TunnelDevice are already set before
new ea9e45c8 upstream: Switch ssh_config parsing to use argv_split()
new a10f929d upstream: switch sshd_config parsing to argv_split()
new 9018bd82 upstream: prepare for stricter sshd_config parsing that will refuse
new ce04dd4e upstream: test AuthenticationMethods inside a Match block as well
new acc9c32d upstream: more descriptive failure message
new 660cea10 upstream: sprinkle some "# comment" at end of configuration lines
new a0231389 upstream: Add testcases from bz#3319 for IPQoS and TunnelDevice
The 9 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.
Detailed log of new commits:
commit a023138957ea2becf1c7f93fcc42b0aaac6f2b03
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date: Tue Jun 8 07:05:27 2021 +0000
upstream: Add testcases from bz#3319 for IPQoS and TunnelDevice
being overridden on the command line.
OpenBSD-Regress-ID: 801674d5d2d02abd58274a78cab2711f11de14a8
commit 660cea10b2cdc11f13ba99c89b1bbb368a4d9ff2
Author: djm at openbsd.org <djm at openbsd.org>
Date: Tue Jun 8 06:52:43 2021 +0000
upstream: sprinkle some "# comment" at end of configuration lines
to test comment handling
OpenBSD-Regress-ID: cb82fbf40bda5c257a9f742c63b1798e5a8fdda7
commit acc9c32dcb6def6c7d3688bceb4c0e59bd26b411
Author: djm at openbsd.org <djm at openbsd.org>
Date: Tue Jun 8 06:51:47 2021 +0000
upstream: more descriptive failure message
OpenBSD-Regress-ID: 5300f6faf1d9e99c0cd10827b51756c5510e3509
commit ce04dd4eae23d1c9cf7c424a702f48ee78573bc1
Author: djm at openbsd.org <djm at openbsd.org>
Date: Mon Jun 7 01:16:34 2021 +0000
upstream: test AuthenticationMethods inside a Match block as well
as in the main config section
OpenBSD-Regress-ID: ebe0a686621b7cb8bb003ac520975279c28747f7
commit 9018bd821fca17e26e92f7a7e51d9b24cd62f2db
Author: djm at openbsd.org <djm at openbsd.org>
Date: Mon Jun 7 00:00:50 2021 +0000
upstream: prepare for stricter sshd_config parsing that will refuse
a config that has {Allow,Deny}{Users,Groups} on a line with no subsequent
arguments. Such lines are permitted but are nonsensical noops ATM
OpenBSD-Regress-ID: ef65463fcbc0bd044e27f3fe400ea56eb4b8f650
commit a10f929d1ce80640129fc5b6bc1acd9bf689169e
Author: djm at openbsd.org <djm at openbsd.org>
Date: Tue Jun 8 07:09:42 2021 +0000
upstream: switch sshd_config parsing to argv_split()
similar to the previous commit, this switches sshd_config parsing to
the newer tokeniser. Config parsing will be a little stricter wrt
quote correctness and directives appearing without arguments.
feedback and ok markus@
tested in snaps for the last five or so days - thanks Theo and those who
caught bugs
OpenBSD-Commit-ID: 9c4305631d20c2d194661504ce11e1f68b20d93e
commit ea9e45c89a4822d74a9d97fef8480707d584da4d
Author: djm at openbsd.org <djm at openbsd.org>
Date: Tue Jun 8 07:07:15 2021 +0000
upstream: Switch ssh_config parsing to use argv_split()
This fixes a couple of problems with the previous tokeniser,
strdelim()
1. strdelim() is permissive wrt accepting '=' characters. This is
intended to allow it to tokenise "Option=value" but because it
cannot keep state, it will incorrectly split "Opt=val=val2".
2. strdelim() has rudimentry handling of quoted strings, but it
is incomplete and inconsistent. E.g. it doesn't handle escaped
quotes inside a quoted string.
3. It has no support for stopping on a (unquoted) comment. Because
of this readconf.c r1.343 added chopping of lines at '#', but
this caused a regression because these characters may legitimately
appear inside quoted strings.
The new tokeniser is stricter is a number of cases, including #1 above
but previously it was also possible for some directives to appear
without arguments. AFAIK these were nonsensical in all cases, and the
new tokeniser refuses to accept them.
The new code handles quotes much better, permitting quoted space as
well as escaped closing quotes. Finally, comment handling should be
fixed - the tokeniser will terminate only on unquoted # characters.
feedback & ok markus@
tested in snaps for the last five or so days - thanks Theo and those who
caught bugs
OpenBSD-Commit-ID: dc72fd12af9d5398f4d9e159d671f9269c5b14d5
commit d786424986c04d1d375f231fda177c8408e05c3e
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date: Tue Jun 8 07:02:46 2021 +0000
upstream: Check if IPQoS or TunnelDevice are already set before
overriding. Prevents values in config files from overriding values supplied
on the command line. bz#3319, ok markus.
OpenBSD-Commit-ID: f3b08b898c324debb9195e6865d8999406938f74
commit aae4b4d3585b9f944d7dbd3c9e5ba0006c55e457
Author: djm at openbsd.org <djm at openbsd.org>
Date: Tue Jun 8 06:54:40 2021 +0000
upstream: Allow argv_split() to optionally terminate tokenisation
when it encounters an unquoted comment.
Add some additional utility function for working with argument
vectors, since we'll be switching to using them to parse
ssh/sshd_config shortly.
ok markus@ as part of a larger diff; tested in snaps
OpenBSD-Commit-ID: fd9c108cef2f713f24e3bc5848861d221bb3a1ac
Summary of changes:
auth2-pubkey.c | 7 +-
misc.c | 55 +++-
misc.h | 9 +-
readconf.c | 420 +++++++++++++++++++-----------
regress/allow-deny-users.sh | 8 +-
regress/cfginclude.sh | 24 +-
regress/cfgmatch.sh | 8 +-
regress/multipubkey.sh | 19 +-
regress/servcfginclude.sh | 8 +-
regress/sshcfgparse.sh | 15 +-
servconf.c | 614 ++++++++++++++++++++++++--------------------
ssh.c | 9 +-
sshconnect.c | 4 +-
13 files changed, 719 insertions(+), 481 deletions(-)
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list