From git+noreply at mindrot.org Wed Apr 3 14:42:19 2024 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Wed, 03 Apr 2024 14:42:19 +1100 Subject: [openssh-commits] [openssh] branch master updated: notify systemd on listen and reload Message-ID: <171211573920.47865.7325093350199189429@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. The following commit(s) were added to refs/heads/master by this push: new 08f57923 notify systemd on listen and reload 08f57923 is described below commit 08f579231cd38a1c657aaa6ddeb8ab57a1fd4f5c Author: Damien Miller AuthorDate: Wed Apr 3 14:40:32 2024 +1100 notify systemd on listen and reload Standalone implementation that does not depend on libsystemd. With assistance from Luca Boccassi, and feedback/testing from Colin Watson. bz2641 --- configure.ac | 1 + openbsd-compat/port-linux.c | 97 ++++++++++++++++++++++++++++++++++++++++++++- openbsd-compat/port-linux.h | 5 +++ platform.c | 11 +++++ platform.h | 1 + sshd.c | 2 + 6 files changed, 115 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index c04349f3..2cf16b46 100644 --- a/configure.ac +++ b/configure.ac @@ -915,6 +915,7 @@ int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) AC_DEFINE([USE_BTMP]) AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) + AC_DEFINE([SYSTEMD_NOTIFY], [1], [Have sshd notify systemd on start/reload]) inet6_default_4in6=yes case `uname -r` in 1.*|2.0.*) diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c index 0457e28d..df729024 100644 --- a/openbsd-compat/port-linux.c +++ b/openbsd-compat/port-linux.c @@ -21,16 +21,23 @@ #include "includes.h" -#if defined(WITH_SELINUX) || defined(LINUX_OOM_ADJUST) +#if defined(WITH_SELINUX) || defined(LINUX_OOM_ADJUST) || \ + defined(SYSTEMD_NOTIFY) +#include +#include + #include +#include #include #include #include #include +#include #include "log.h" #include "xmalloc.h" #include "port-linux.h" +#include "misc.h" #ifdef WITH_SELINUX #include @@ -310,4 +317,90 @@ oom_adjust_restore(void) return; } #endif /* LINUX_OOM_ADJUST */ -#endif /* WITH_SELINUX || LINUX_OOM_ADJUST */ + +#ifdef SYSTEMD_NOTIFY + +static void ssh_systemd_notify(const char *, ...) + __attribute__((__format__ (printf, 1, 2))) __attribute__((__nonnull__ (1))); + +static void +ssh_systemd_notify(const char *fmt, ...) +{ + char *s = NULL; + const char *path; + struct stat sb; + struct sockaddr_un addr; + int fd = -1; + va_list ap; + + if ((path = getenv("NOTIFY_SOCKET")) == NULL || strlen(path) == 0) + return; + + va_start(ap, fmt); + xvasprintf(&s, fmt, ap); + va_end(ap); + + /* Only AF_UNIX is supported, with path or abstract sockets */ + if (path[0] != '/' && path[0] != '@') { + error_f("socket \"%s\" is not compatible with AF_UNIX", path); + goto out; + } + + if (path[0] == '/' && stat(path, &sb) != 0) { + error_f("socket \"%s\" stat: %s", path, strerror(errno)); + goto out; + } + + memset(&addr, 0, sizeof(addr)); + addr.sun_family = AF_UNIX; + if (strlcpy(addr.sun_path, path, + sizeof(addr.sun_path)) >= sizeof(addr.sun_path)) { + error_f("socket path \"%s\" too long", path); + goto out; + } + /* Support for abstract socket */ + if (addr.sun_path[0] == '@') + addr.sun_path[0] = 0; + if ((fd = socket(PF_UNIX, SOCK_DGRAM, 0)) == -1) { + error_f("socket \"%s\": %s", path, strerror(errno)); + goto out; + } + if (connect(fd, &addr, sizeof(addr)) != 0) { + error_f("socket \"%s\" connect: %s", path, strerror(errno)); + goto out; + } + if (write(fd, s, strlen(s)) != (ssize_t)strlen(s)) { + error_f("socket \"%s\" write: %s", path, strerror(errno)); + goto out; + } + debug_f("socket \"%s\" notified %s", path, s); + out: + if (fd != -1) + close(fd); + free(s); +} + +void +ssh_systemd_notify_ready(void) +{ + ssh_systemd_notify("READY=1"); +} + +void +ssh_systemd_notify_reload(void) +{ + struct timespec now; + + monotime_ts(&now); + if (now.tv_sec < 0 || now.tv_nsec < 0) { + error_f("monotime returned negative value"); + ssh_systemd_notify("RELOADING=1"); + } else { + ssh_systemd_notify("RELOADING=1\nMONOTONIC_USEC=%llu", + ((uint64_t)now.tv_sec * 1000000ULL) + + ((uint64_t)now.tv_nsec / 1000ULL)); + } +} +#endif /* SYSTEMD_NOTIFY */ + +#endif /* WITH_SELINUX || LINUX_OOM_ADJUST || SYSTEMD_NOTIFY */ diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h index 3c22a854..14064f87 100644 --- a/openbsd-compat/port-linux.h +++ b/openbsd-compat/port-linux.h @@ -30,4 +30,9 @@ void oom_adjust_restore(void); void oom_adjust_setup(void); #endif +#ifdef SYSTEMD_NOTIFY +void ssh_systemd_notify_ready(void); +void ssh_systemd_notify_reload(void); +#endif + #endif /* ! _PORT_LINUX_H */ diff --git a/platform.c b/platform.c index 4fe8744e..9cf81815 100644 --- a/platform.c +++ b/platform.c @@ -44,6 +44,14 @@ platform_pre_listen(void) #endif } +void +platform_post_listen(void) +{ +#ifdef SYSTEMD_NOTIFY + ssh_systemd_notify_ready(); +#endif +} + void platform_pre_fork(void) { @@ -55,6 +63,9 @@ platform_pre_fork(void) void platform_pre_restart(void) { +#ifdef SYSTEMD_NOTIFY + ssh_systemd_notify_reload(); +#endif #ifdef LINUX_OOM_ADJUST oom_adjust_restore(); #endif diff --git a/platform.h b/platform.h index 7fef8c98..5dec2327 100644 --- a/platform.h +++ b/platform.h @@ -21,6 +21,7 @@ void platform_pre_listen(void); void platform_pre_fork(void); void platform_pre_restart(void); +void platform_post_listen(void); void platform_post_fork_parent(pid_t child_pid); void platform_post_fork_child(void); int platform_privileged_uidswap(void); diff --git a/sshd.c b/sshd.c index b4f2b974..865331b4 100644 --- a/sshd.c +++ b/sshd.c @@ -2077,6 +2077,8 @@ main(int ac, char **av) ssh_signal(SIGTERM, sigterm_handler); ssh_signal(SIGQUIT, sigterm_handler); + platform_post_listen(); + /* * Write out the pid file after the sigterm handler * is setup and the listen sockets are bound -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Sat Apr 6 08:18:03 2024 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Sat, 06 Apr 2024 08:18:03 +1100 Subject: [openssh-commits] [openssh] branch master updated: Fix missing header for systemd notification Message-ID: <171235188340.7813.5114645843465010103@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. The following commit(s) were added to refs/heads/master by this push: new 88351eca Fix missing header for systemd notification 88351eca is described below commit 88351eca17dcc55189991ba60e50819b6d4193c1 Author: 90 AuthorDate: Fri Apr 5 19:36:06 2024 +0100 Fix missing header for systemd notification --- openbsd-compat/port-linux.c | 1 + 1 file changed, 1 insertion(+) diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c index df729024..4c024c6d 100644 --- a/openbsd-compat/port-linux.c +++ b/openbsd-compat/port-linux.c @@ -33,6 +33,7 @@ #include #include #include +#include #include "log.h" #include "xmalloc.h" -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Thu Apr 25 13:24:03 2024 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Thu, 25 Apr 2024 13:24:03 +1000 Subject: [openssh-commits] [openssh] branch master updated (88351eca -> 2eded551) Message-ID: <171401544310.51103.809562157511217451@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a change to branch master in repository openssh. from 88351eca Fix missing header for systemd notification new 70d43049 Update LibreSSL and OpenSSL versions tested. new 86732459 Remove 9.6 branch from status page. new 2eded551 Merge flags for OpenSSL 3.x versions. The 3 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit 2eded551ba96e66bc3afbbcc883812c2eac02bd7 Author: Darren Tucker Date: Thu Apr 25 13:20:19 2024 +1000 Merge flags for OpenSSL 3.x versions. OpenSSL has moved to 3.4 which we don't currently accept. Based on the OpenSSL versioning policy[0] it looks like all of the 3.x versions should work with OpenSSH, so remove the distinction in configure and accept all of them. [0] https://openssl.org/policies/general/versioning-policy.html commit 8673245918081c6d1dc7fb3733c8eb2c5a902c5e Author: Darren Tucker Date: Thu Apr 25 13:19:03 2024 +1000 Remove 9.6 branch from status page. commit 70d43049747fa3c66cf876d52271859407cec2fa Author: Darren Tucker Date: Thu Apr 25 13:16:58 2024 +1000 Update LibreSSL and OpenSSL versions tested. Update LibreSSL versions to current releases (3.8.4 & 3.9.1). Add newly-released OpenSSL 3.3.0, and add tests against the 3.1 and 3.3 branches. Summary of changes: .github/ci-status.md | 4 ---- .github/workflows/c-cpp.yml | 7 +++++-- configure.ac | 7 ++----- 3 files changed, 7 insertions(+), 11 deletions(-) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Thu Apr 25 13:24:04 2024 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Thu, 25 Apr 2024 13:24:04 +1000 Subject: [openssh-commits] [openssh] 01/03: Update LibreSSL and OpenSSL versions tested. In-Reply-To: <171401544310.51103.809562157511217451@fuyu.mindrot.org> References: <171401544310.51103.809562157511217451@fuyu.mindrot.org> Message-ID: <8cbdcdcf24805390@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit 70d43049747fa3c66cf876d52271859407cec2fa Author: Darren Tucker AuthorDate: Thu Apr 25 13:16:58 2024 +1000 Update LibreSSL and OpenSSL versions tested. Update LibreSSL versions to current releases (3.8.4 & 3.9.1). Add newly-released OpenSSL 3.3.0, and add tests against the 3.1 and 3.3 branches. --- .github/workflows/c-cpp.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml index 3a1fd035..ff510e34 100644 --- a/.github/workflows/c-cpp.yml +++ b/.github/workflows/c-cpp.yml @@ -64,8 +64,8 @@ jobs: - { target: ubuntu-latest, config: libressl-3.5.3 } - { target: ubuntu-latest, config: libressl-3.6.1 } - { target: ubuntu-latest, config: libressl-3.7.2 } - - { target: ubuntu-latest, config: libressl-3.8.3 } - - { target: ubuntu-latest, config: libressl-3.9.0 } + - { target: ubuntu-latest, config: libressl-3.8.4 } + - { target: ubuntu-latest, config: libressl-3.9.1 } - { target: ubuntu-latest, config: openssl-master } - { target: ubuntu-latest, config: openssl-noec } - { target: ubuntu-latest, config: openssl-1.1.1 } @@ -76,9 +76,12 @@ jobs: - { target: ubuntu-latest, config: openssl-3.1.0 } - { target: ubuntu-latest, config: openssl-3.1.5 } - { target: ubuntu-latest, config: openssl-3.2.1 } + - { target: ubuntu-latest, config: openssl-3.3.0 } - { target: ubuntu-latest, config: openssl-1.1.1_stable } - { target: ubuntu-latest, config: openssl-3.0 } # stable branch + - { target: ubuntu-latest, config: openssl-3.1 } # stable branch - { target: ubuntu-latest, config: openssl-3.2 } # stable branch + - { target: ubuntu-latest, config: openssl-3.3 } # stable branch - { target: ubuntu-latest, config: putty-0.71 } - { target: ubuntu-latest, config: putty-0.72 } - { target: ubuntu-latest, config: putty-0.73 } -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Thu Apr 25 13:24:05 2024 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Thu, 25 Apr 2024 13:24:05 +1000 Subject: [openssh-commits] [openssh] 02/03: Remove 9.6 branch from status page. In-Reply-To: <171401544310.51103.809562157511217451@fuyu.mindrot.org> References: <171401544310.51103.809562157511217451@fuyu.mindrot.org> Message-ID: <8cbdcdd1df15cce4@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit 8673245918081c6d1dc7fb3733c8eb2c5a902c5e Author: Darren Tucker AuthorDate: Thu Apr 25 13:19:03 2024 +1000 Remove 9.6 branch from status page. --- .github/ci-status.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/ci-status.md b/.github/ci-status.md index 7659506c..fbf7c5fd 100644 --- a/.github/ci-status.md +++ b/.github/ci-status.md @@ -9,7 +9,3 @@ master : 9.7 : [![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_7)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_7) [![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_7)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_7) - -9.6 : -[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_6)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_6) -[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_6)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_6) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Thu Apr 25 13:24:06 2024 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Thu, 25 Apr 2024 13:24:06 +1000 Subject: [openssh-commits] [openssh] 03/03: Merge flags for OpenSSL 3.x versions. In-Reply-To: <171401544310.51103.809562157511217451@fuyu.mindrot.org> References: <171401544310.51103.809562157511217451@fuyu.mindrot.org> Message-ID: <8cbdcdd303a13f13@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit 2eded551ba96e66bc3afbbcc883812c2eac02bd7 Author: Darren Tucker AuthorDate: Thu Apr 25 13:20:19 2024 +1000 Merge flags for OpenSSL 3.x versions. OpenSSL has moved to 3.4 which we don't currently accept. Based on the OpenSSL versioning policy[0] it looks like all of the 3.x versions should work with OpenSSH, so remove the distinction in configure and accept all of them. [0] https://openssl.org/policies/general/versioning-policy.html --- configure.ac | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/configure.ac b/configure.ac index 2cf16b46..717fef83 100644 --- a/configure.ac +++ b/configure.ac @@ -2878,12 +2878,9 @@ if test "x$openssl" = "xyes" ; then *) ;; # Assume all other versions are good. esac ;; - 300*) + 30*) # OpenSSL 3; we use the 1.1x API - CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L" - ;; - 301*|302*|303*) - # OpenSSL development branch; request 1.1x API + # https://openssl.org/policies/general/versioning-policy.html CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L" ;; *) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Thu Apr 25 13:34:28 2024 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Thu, 25 Apr 2024 13:34:28 +1000 Subject: [openssh-commits] [openssh] branch master updated: Shell syntax fix (leftover from a sync). Message-ID: <171401606804.65458.6475250505618369758@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. The following commit(s) were added to refs/heads/master by this push: new 00e63688 Shell syntax fix (leftover from a sync). 00e63688 is described below commit 00e63688920905e326d8667cb47f17a156b6dc8f Author: renmingshuai AuthorDate: Fri Apr 12 10:20:49 2024 +0800 Shell syntax fix (leftover from a sync). Signed-off-by: renmingshuai --- regress/yes-head.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/regress/yes-head.sh b/regress/yes-head.sh index 1bde504f..9885501a 100644 --- a/regress/yes-head.sh +++ b/regress/yes-head.sh @@ -6,7 +6,7 @@ tid="yes pipe head" lines=`${SSH} -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -2000"' | (sleep 3 ; wc -l)` if [ $? -ne 0 ]; then fail "yes|head test failed" -+ lines=0 + lines=0 fi if [ $lines -ne 2000 ]; then fail "yes|head returns $lines lines instead of 2000" -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Apr 30 12:39:37 2024 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 30 Apr 2024 12:39:37 +1000 Subject: [openssh-commits] [openssh] branch master updated (00e63688 -> 16d0b82f) Message-ID: <171444477791.47131.3066015604415297852@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a change to branch master in repository openssh. from 00e63688 Shell syntax fix (leftover from a sync). new bf7bf50b upstream: new-style relink kit for sshd. The old scheme created new 8231ca04 upstream: also create a relink kit for ssh-agent, since it is a new 019a5f48 upstream: Use strtonum() instead of severely non-idomatic new c7fec708 upstream: Replace non-idiomatic strtoul(, 16) to parse a region new 8673137f upstream: Remove unused ptr[3] char array in pkcs11_decode_hex. new 9f543d70 upstream: rewrite convtime() to use a isdigit-scanner and new 8176e1a6 upstream: can shortcut by returning strtonum() value directly; ok new ec78c314 upstream: for parse_ipqos(), use strtonum() instead of mostly new 54343a26 upstream: Oops, incorrect hex conversion spotted by claudio. new fd3cb8a8 upstream: set right mode on ssh-agent at boot-time new 5b28096d upstream: correct indentation; no functional change ok tb@ new 80fb0eb2 upstream: add explict check for server hostkey type against new 66aaa678 upstream: correctly restore sigprocmask around ppoll() reported new 16d0b82f depend The 14 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit 16d0b82fa08038f35f1b3630c70116979f49784f Author: Damien Miller Date: Tue Apr 30 12:39:34 2024 +1000 depend commit 66aaa678dbe59aa21d0d9d89a3596ecedde0254b Author: djm at openbsd.org Date: Tue Apr 30 02:14:10 2024 +0000 upstream: correctly restore sigprocmask around ppoll() reported by T?ivo Leedj?rv; ok deraadt@ OpenBSD-Commit-ID: c0c0f89de5294a166578f071eade2501929c4686 commit 80fb0eb21551aed3aebb009ab20aeffeb01e44e0 Author: djm at openbsd.org Date: Tue Apr 30 02:10:49 2024 +0000 upstream: add explict check for server hostkey type against HostkeyAlgorithms. Allows HostkeyAlgorithms to disable implicit fallback from certificate keys to plain keys. ok markus@ OpenBSD-Commit-ID: 364087e4a395ff9b2f42bf3aefdb2090bb23643a commit 5b28096d31ff7d80748fc845553a4aef5bb05d86 Author: jsg at openbsd.org Date: Tue Apr 23 13:34:50 2024 +0000 upstream: correct indentation; no functional change ok tb@ OpenBSD-Commit-ID: dd9702fd43de546bc6a3f4f025c74d6f3692a0d4 commit fd3cb8a82784e05f621dea5b56ac6f89bc53c067 Author: semarie at openbsd.org Date: Thu Apr 4 16:00:51 2024 +0000 upstream: set right mode on ssh-agent at boot-time which sthen@ ok deraadt@ OpenBSD-Commit-ID: 662b5056a2c6171563e1626f9c69f27862b5e7af commit 54343a260e3aa4bceca1852dde31cd08e2abd82b Author: deraadt at openbsd.org Date: Tue Apr 2 12:22:38 2024 +0000 upstream: Oops, incorrect hex conversion spotted by claudio. While here try to improve how it reads a bit better. Surprising the regression tests didn't spot this error, maybe it fails to roundtrip the values. OpenBSD-Commit-ID: 866cfcc1955aef8f3fc32da0b70c353a1b859f2e commit ec78c31409590ad74efc194f886273ed080a545a Author: deraadt at openbsd.org Date: Tue Apr 2 10:02:08 2024 +0000 upstream: for parse_ipqos(), use strtonum() instead of mostly idiomatic strtoul(), but wow it's so gross. ok djm OpenBSD-Commit-ID: cec14a76af2eb7b225300c80fc0e21052be67b05 commit 8176e1a6c2e6da9361a7abb6fbf6c23c299f495b Author: deraadt at openbsd.org Date: Tue Apr 2 09:56:58 2024 +0000 upstream: can shortcut by returning strtonum() value directly; ok djm OpenBSD-Commit-ID: 7bb2dd3d6d1f288dac14247d1de446e3d7ba8b8e commit 9f543d7022a781f80bb696f9d73f1d1c6f9e31d6 Author: deraadt at openbsd.org Date: Tue Apr 2 09:52:14 2024 +0000 upstream: rewrite convtime() to use a isdigit-scanner and strtonum() instead of strange strtoul can might be fooled by garage characters. passes regress/usr.bin/ssh/unittests/misc ok djm OpenBSD-Commit-ID: 4b1ef826bb16047aea3f3bdcb385b72ffd450abc commit 8673137f780d8d9e4cda3c4605cb5d88d5cea271 Author: claudio at openbsd.org Date: Tue Apr 2 09:48:24 2024 +0000 upstream: Remove unused ptr[3] char array in pkcs11_decode_hex. OK deraadt@ OpenBSD-Commit-ID: 3d14433e39fd558f662d3b0431c4c555ef920481 commit c7fec708f331f108343d69e4d74c9a5d86d6cfe7 Author: deraadt at openbsd.org Date: Tue Apr 2 09:32:28 2024 +0000 upstream: Replace non-idiomatic strtoul(, 16) to parse a region of 2-character hex sequences with a low-level replacement designed just for the task. ok djm OpenBSD-Commit-ID: 67bab8b8a4329a19a0add5085eacd6f4cc215e85 commit 019a5f483b0f588da6270ec401d0b4bb35032f3f Author: deraadt at openbsd.org Date: Tue Apr 2 09:29:31 2024 +0000 upstream: Use strtonum() instead of severely non-idomatic strtoul() In particular this will now reject trailing garbage, ie. '12garbage'. ok djm OpenBSD-Commit-ID: c82d95e3ccbfedfc91a8041c2f8bf0cf987d1501 commit 8231ca046fa39ea4eb99b79e0a6e09dec50ac952 Author: deraadt at openbsd.org Date: Mon Apr 1 15:50:17 2024 +0000 upstream: also create a relink kit for ssh-agent, since it is a long-running setgid program carrying keys with some (not very powerful) communication channels. solution for testing the binary from dtucker. agreement from djm. Will add it into /etc/rc in a few days. OpenBSD-Commit-ID: 2fe8d707ae35ba23c7916adcb818bb5b66837ba0 commit bf7bf50bd6a14e49c9c243cb8f4de31e555a5a2e Author: deraadt at openbsd.org Date: Mon Apr 1 15:48:16 2024 +0000 upstream: new-style relink kit for sshd. The old scheme created a Makefile by concatenating two Makefiles and was incredibly fragile. In the new way a narrow-purposed install.sh script is created and shipped with the objects. A recently commited /etc/rc script understands these files. OpenBSD-Commit-ID: ef9341d5a50f0d33e3a6fbe995e92964bc7ef2d3 Summary of changes: .depend | 4 +-- .skipped-commit-ids | 3 +++ addr.c | 12 +++++---- clientloop.c | 25 +++---------------- misc.c | 71 +++++++++++++++++++++++++++++++---------------------- serverloop.c | 4 +-- ssh-pkcs11.c | 27 ++++++++++++++------ sshconnect.c | 34 +++++++++++++++++++++++-- sshconnect.h | 6 ++++- 9 files changed, 115 insertions(+), 71 deletions(-) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Apr 30 12:39:38 2024 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 30 Apr 2024 12:39:38 +1000 Subject: [openssh-commits] [openssh] 01/14: upstream: new-style relink kit for sshd. The old scheme created In-Reply-To: <171444477791.47131.3066015604415297852@fuyu.mindrot.org> References: <171444477791.47131.3066015604415297852@fuyu.mindrot.org> Message-ID: <8cbdce008afef1aa@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit bf7bf50bd6a14e49c9c243cb8f4de31e555a5a2e Author: deraadt at openbsd.org AuthorDate: Mon Apr 1 15:48:16 2024 +0000 upstream: new-style relink kit for sshd. The old scheme created a Makefile by concatenating two Makefiles and was incredibly fragile. In the new way a narrow-purposed install.sh script is created and shipped with the objects. A recently commited /etc/rc script understands these files. OpenBSD-Commit-ID: ef9341d5a50f0d33e3a6fbe995e92964bc7ef2d3 --- .skipped-commit-ids | 1 + 1 file changed, 1 insertion(+) diff --git a/.skipped-commit-ids b/.skipped-commit-ids index 06303955..b4f426e3 100644 --- a/.skipped-commit-ids +++ b/.skipped-commit-ids @@ -29,6 +29,7 @@ f9a0726d957cf10692a231996a1f34e7f9cdfeb0 moduli update 1e0a2692b7e20b126dda60bf04999d1d30d959d8 sshd relinking makefile changes e1dc11143f83082e3154d6094f9136d0dc2637ad more relinking makefile tweaks 5a636f6ca7f25bfe775df4952f7aac90a7fcbbee moduli update +ef9341d5a50f0d33e3a6fbe995e92964bc7ef2d3 Makefile relinking changes Old upstream tree: -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Apr 30 12:39:39 2024 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 30 Apr 2024 12:39:39 +1000 Subject: [openssh-commits] [openssh] 02/14: upstream: also create a relink kit for ssh-agent, since it is a In-Reply-To: <171444477791.47131.3066015604415297852@fuyu.mindrot.org> References: <171444477791.47131.3066015604415297852@fuyu.mindrot.org> Message-ID: <8cbdce027e209d0c@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit 8231ca046fa39ea4eb99b79e0a6e09dec50ac952 Author: deraadt at openbsd.org AuthorDate: Mon Apr 1 15:50:17 2024 +0000 upstream: also create a relink kit for ssh-agent, since it is a long-running setgid program carrying keys with some (not very powerful) communication channels. solution for testing the binary from dtucker. agreement from djm. Will add it into /etc/rc in a few days. OpenBSD-Commit-ID: 2fe8d707ae35ba23c7916adcb818bb5b66837ba0 --- .skipped-commit-ids | 1 + 1 file changed, 1 insertion(+) diff --git a/.skipped-commit-ids b/.skipped-commit-ids index b4f426e3..7a0062b0 100644 --- a/.skipped-commit-ids +++ b/.skipped-commit-ids @@ -30,6 +30,7 @@ f9a0726d957cf10692a231996a1f34e7f9cdfeb0 moduli update e1dc11143f83082e3154d6094f9136d0dc2637ad more relinking makefile tweaks 5a636f6ca7f25bfe775df4952f7aac90a7fcbbee moduli update ef9341d5a50f0d33e3a6fbe995e92964bc7ef2d3 Makefile relinking changes +2fe8d707ae35ba23c7916adcb818bb5b66837ba0 ssh-agent relink kit Old upstream tree: -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Apr 30 12:39:40 2024 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 30 Apr 2024 12:39:40 +1000 Subject: [openssh-commits] [openssh] 03/14: upstream: Use strtonum() instead of severely non-idomatic In-Reply-To: <171444477791.47131.3066015604415297852@fuyu.mindrot.org> References: <171444477791.47131.3066015604415297852@fuyu.mindrot.org> Message-ID: <8cbdce04c2e725f5@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit 019a5f483b0f588da6270ec401d0b4bb35032f3f Author: deraadt at openbsd.org AuthorDate: Tue Apr 2 09:29:31 2024 +0000 upstream: Use strtonum() instead of severely non-idomatic strtoul() In particular this will now reject trailing garbage, ie. '12garbage'. ok djm OpenBSD-Commit-ID: c82d95e3ccbfedfc91a8041c2f8bf0cf987d1501 --- addr.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/addr.c b/addr.c index fa8c6692..0e7cb1df 100644 --- a/addr.c +++ b/addr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: addr.c,v 1.7 2023/03/27 03:31:05 djm Exp $ */ +/* $OpenBSD: addr.c,v 1.8 2024/04/02 09:29:31 deraadt Exp $ */ /* * Copyright (c) 2004-2008 Damien Miller @@ -27,6 +27,7 @@ #include #include #include +#include #include "addr.h" @@ -457,8 +458,9 @@ int addr_pton_cidr(const char *p, struct xaddr *n, u_int *l) { struct xaddr tmp; - long unsigned int masklen = 999; - char addrbuf[64], *mp, *cp; + u_int masklen = 999; + char addrbuf[64], *mp; + const char *errstr; /* Don't modify argument */ if (p == NULL || strlcpy(addrbuf, p, sizeof(addrbuf)) >= sizeof(addrbuf)) @@ -467,8 +469,8 @@ addr_pton_cidr(const char *p, struct xaddr *n, u_int *l) if ((mp = strchr(addrbuf, '/')) != NULL) { *mp = '\0'; mp++; - masklen = strtoul(mp, &cp, 10); - if (*mp < '0' || *mp > '9' || *cp != '\0' || masklen > 128) + masklen = (u_int)strtonum(mp, 0, INT_MAX, &errstr); + if (errstr) return -1; } -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Apr 30 12:39:41 2024 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 30 Apr 2024 12:39:41 +1000 Subject: [openssh-commits] [openssh] 04/14: upstream: Replace non-idiomatic strtoul(, 16) to parse a region In-Reply-To: <171444477791.47131.3066015604415297852@fuyu.mindrot.org> References: <171444477791.47131.3066015604415297852@fuyu.mindrot.org> Message-ID: <8cbdce061f132dcc@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit c7fec708f331f108343d69e4d74c9a5d86d6cfe7 Author: deraadt at openbsd.org AuthorDate: Tue Apr 2 09:32:28 2024 +0000 upstream: Replace non-idiomatic strtoul(, 16) to parse a region of 2-character hex sequences with a low-level replacement designed just for the task. ok djm OpenBSD-Commit-ID: 67bab8b8a4329a19a0add5085eacd6f4cc215e85 --- ssh-pkcs11.c | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index 35e98be7..9d2d99eb 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.c,v 1.59 2023/07/27 22:26:49 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.60 2024/04/02 09:32:28 deraadt Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * Copyright (c) 2014 Pedro Martelletto. All rights reserved. @@ -1385,6 +1385,20 @@ pkcs11_rsa_generate_private_key(struct pkcs11_provider *p, CK_ULONG slotidx, return pkcs11_fetch_rsa_pubkey(p, slotidx, &pubKey); } +static int +h2i(char c) +{ + if (c >= '0' && c <= '9') + c -= '0'; + else if (c >= 'a' && c <= 'f') + c -= 'a'; + else if (c >= 'A' && c <= 'F') + c -= 'A'; + else + return -1; + return c; +} + static int pkcs11_decode_hex(const char *hex, unsigned char **dest, size_t *rlen) { @@ -1404,11 +1418,13 @@ pkcs11_decode_hex(const char *hex, unsigned char **dest, size_t *rlen) ptr[2] = '\0'; for (i = 0; i < len; i++) { - ptr[0] = hex[2 * i]; - ptr[1] = hex[(2 * i) + 1]; - if (!isxdigit(ptr[0]) || !isxdigit(ptr[1])) + int hi, low; + + hi = h2i(hex[2 * i]); + lo = h2i(hex[(2 * i) + 1]); + if (hi == -1 || lo == -1) return -1; - (*dest)[i] = (unsigned char)strtoul(ptr, NULL, 16); + (*dest)[i] = (hi << 4) | lo; } if (rlen) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Apr 30 12:39:42 2024 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 30 Apr 2024 12:39:42 +1000 Subject: [openssh-commits] [openssh] 05/14: upstream: Remove unused ptr[3] char array in pkcs11_decode_hex. In-Reply-To: <171444477791.47131.3066015604415297852@fuyu.mindrot.org> References: <171444477791.47131.3066015604415297852@fuyu.mindrot.org> Message-ID: <8cbdce0854f2c23a@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit 8673137f780d8d9e4cda3c4605cb5d88d5cea271 Author: claudio at openbsd.org AuthorDate: Tue Apr 2 09:48:24 2024 +0000 upstream: Remove unused ptr[3] char array in pkcs11_decode_hex. OK deraadt@ OpenBSD-Commit-ID: 3d14433e39fd558f662d3b0431c4c555ef920481 --- ssh-pkcs11.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index 9d2d99eb..de2dbba5 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.c,v 1.60 2024/04/02 09:32:28 deraadt Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.61 2024/04/02 09:48:24 claudio Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * Copyright (c) 2014 Pedro Martelletto. All rights reserved. @@ -1403,7 +1403,6 @@ static int pkcs11_decode_hex(const char *hex, unsigned char **dest, size_t *rlen) { size_t i, len; - char ptr[3]; if (dest) *dest = NULL; @@ -1416,7 +1415,6 @@ pkcs11_decode_hex(const char *hex, unsigned char **dest, size_t *rlen) *dest = xmalloc(len); - ptr[2] = '\0'; for (i = 0; i < len; i++) { int hi, low; -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Apr 30 12:39:43 2024 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 30 Apr 2024 12:39:43 +1000 Subject: [openssh-commits] [openssh] 06/14: upstream: rewrite convtime() to use a isdigit-scanner and In-Reply-To: <171444477791.47131.3066015604415297852@fuyu.mindrot.org> References: <171444477791.47131.3066015604415297852@fuyu.mindrot.org> Message-ID: <8cbdce0afddd4ca2@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit 9f543d7022a781f80bb696f9d73f1d1c6f9e31d6 Author: deraadt at openbsd.org AuthorDate: Tue Apr 2 09:52:14 2024 +0000 upstream: rewrite convtime() to use a isdigit-scanner and strtonum() instead of strange strtoul can might be fooled by garage characters. passes regress/usr.bin/ssh/unittests/misc ok djm OpenBSD-Commit-ID: 4b1ef826bb16047aea3f3bdcb385b72ffd450abc --- misc.c | 58 ++++++++++++++++++++++++++++++++++++---------------------- 1 file changed, 36 insertions(+), 22 deletions(-) diff --git a/misc.c b/misc.c index 5dc9d54a..a4ae95c9 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.190 2024/03/04 02:16:11 djm Exp $ */ +/* $OpenBSD: misc.c,v 1.191 2024/04/02 09:52:14 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005-2020 Damien Miller. All rights reserved. @@ -563,6 +563,14 @@ a2tun(const char *s, int *remote) #define DAYS (HOURS * 24) #define WEEKS (DAYS * 7) +static char * +scandigits(char *s) +{ + while (isdigit((unsigned char)*s)) + s++; + return s; +} + /* * Convert a time string into seconds; format is * a sequence of: @@ -587,28 +595,31 @@ a2tun(const char *s, int *remote) int convtime(const char *s) { - long total, secs, multiplier; - const char *p; - char *endp; + int secs, total = 0, multiplier; + char *p, *os, *np, c; + const char *errstr; - errno = 0; - total = 0; - p = s; - - if (p == NULL || *p == '\0') + if (s == NULL || *s == '\0') + return -1; + p = os = strdup(s); /* deal with const */ + if (os == NULL) return -1; while (*p) { - secs = strtol(p, &endp, 10); - if (p == endp || - (errno == ERANGE && (secs == INT_MIN || secs == INT_MAX)) || - secs < 0) - return -1; + np = scandigits(p); + if (np) { + c = *np; + *np = '\0'; + } + secs = (int)strtonum(p, 0, INT_MAX, &errstr); + if (errstr) + goto fail; + *np = c; multiplier = 1; - switch (*endp++) { + switch (c) { case '\0': - endp--; + np--; /* back up */ break; case 's': case 'S': @@ -630,20 +641,23 @@ convtime(const char *s) multiplier = WEEKS; break; default: - return -1; + goto fail; } if (secs > INT_MAX / multiplier) - return -1; + goto fail; secs *= multiplier; if (total > INT_MAX - secs) - return -1; + goto fail; total += secs; if (total < 0) - return -1; - p = endp; + goto fail; + p = ++np; } - + free(os); return total; +fail: + free(os); + return -1; } #define TF_BUFS 8 -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Apr 30 12:39:44 2024 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 30 Apr 2024 12:39:44 +1000 Subject: [openssh-commits] [openssh] 07/14: upstream: can shortcut by returning strtonum() value directly; ok In-Reply-To: <171444477791.47131.3066015604415297852@fuyu.mindrot.org> References: <171444477791.47131.3066015604415297852@fuyu.mindrot.org> Message-ID: <8cbdce0c8bceb41a@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit 8176e1a6c2e6da9361a7abb6fbf6c23c299f495b Author: deraadt at openbsd.org AuthorDate: Tue Apr 2 09:56:58 2024 +0000 upstream: can shortcut by returning strtonum() value directly; ok djm OpenBSD-Commit-ID: 7bb2dd3d6d1f288dac14247d1de446e3d7ba8b8e --- misc.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/misc.c b/misc.c index a4ae95c9..fe6c4a51 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.191 2024/04/02 09:52:14 deraadt Exp $ */ +/* $OpenBSD: misc.c,v 1.192 2024/04/02 09:56:58 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005-2020 Damien Miller. All rights reserved. @@ -2428,13 +2428,10 @@ const char * atoi_err(const char *nptr, int *val) { const char *errstr = NULL; - long long num; if (nptr == NULL || *nptr == '\0') return "missing"; - num = strtonum(nptr, 0, INT_MAX, &errstr); - if (errstr == NULL) - *val = (int)num; + *val = strtonum(nptr, 0, INT_MAX, &errstr); return errstr; } -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Apr 30 12:39:45 2024 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 30 Apr 2024 12:39:45 +1000 Subject: [openssh-commits] [openssh] 08/14: upstream: for parse_ipqos(), use strtonum() instead of mostly In-Reply-To: <171444477791.47131.3066015604415297852@fuyu.mindrot.org> References: <171444477791.47131.3066015604415297852@fuyu.mindrot.org> Message-ID: <8cbdce0e16e69fe6@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit ec78c31409590ad74efc194f886273ed080a545a Author: deraadt at openbsd.org AuthorDate: Tue Apr 2 10:02:08 2024 +0000 upstream: for parse_ipqos(), use strtonum() instead of mostly idiomatic strtoul(), but wow it's so gross. ok djm OpenBSD-Commit-ID: cec14a76af2eb7b225300c80fc0e21052be67b05 --- misc.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/misc.c b/misc.c index fe6c4a51..7a42d498 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.192 2024/04/02 09:56:58 deraadt Exp $ */ +/* $OpenBSD: misc.c,v 1.193 2024/04/02 10:02:08 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005-2020 Damien Miller. All rights reserved. @@ -1873,9 +1873,9 @@ static const struct { int parse_ipqos(const char *cp) { + const char *errstr; u_int i; - char *ep; - long val; + int val; if (cp == NULL) return -1; @@ -1884,8 +1884,8 @@ parse_ipqos(const char *cp) return ipqos[i].value; } /* Try parsing as an integer */ - val = strtol(cp, &ep, 0); - if (*cp == '\0' || *ep != '\0' || val < 0 || val > 255) + val = (int)strtonum(cp, 0, 255, &errstr); + if (errstr) return -1; return val; } -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Apr 30 12:39:46 2024 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 30 Apr 2024 12:39:46 +1000 Subject: [openssh-commits] [openssh] 09/14: upstream: Oops, incorrect hex conversion spotted by claudio. In-Reply-To: <171444477791.47131.3066015604415297852@fuyu.mindrot.org> References: <171444477791.47131.3066015604415297852@fuyu.mindrot.org> Message-ID: <8cbdce1045d3bce7@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit 54343a260e3aa4bceca1852dde31cd08e2abd82b Author: deraadt at openbsd.org AuthorDate: Tue Apr 2 12:22:38 2024 +0000 upstream: Oops, incorrect hex conversion spotted by claudio. While here try to improve how it reads a bit better. Surprising the regression tests didn't spot this error, maybe it fails to roundtrip the values. OpenBSD-Commit-ID: 866cfcc1955aef8f3fc32da0b70c353a1b859f2e --- ssh-pkcs11.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index de2dbba5..1e76e8b2 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.c,v 1.61 2024/04/02 09:48:24 claudio Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.62 2024/04/02 12:22:38 deraadt Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * Copyright (c) 2014 Pedro Martelletto. All rights reserved. @@ -1389,14 +1389,13 @@ static int h2i(char c) { if (c >= '0' && c <= '9') - c -= '0'; + return c - '0'; else if (c >= 'a' && c <= 'f') - c -= 'a'; + return c - 'a' + 10; else if (c >= 'A' && c <= 'F') - c -= 'A'; + return c - 'A' + 10; else return -1; - return c; } static int -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Apr 30 12:39:47 2024 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 30 Apr 2024 12:39:47 +1000 Subject: [openssh-commits] [openssh] 10/14: upstream: set right mode on ssh-agent at boot-time In-Reply-To: <171444477791.47131.3066015604415297852@fuyu.mindrot.org> References: <171444477791.47131.3066015604415297852@fuyu.mindrot.org> Message-ID: <8cbdce12b8d0e5c4@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit fd3cb8a82784e05f621dea5b56ac6f89bc53c067 Author: semarie at openbsd.org AuthorDate: Thu Apr 4 16:00:51 2024 +0000 upstream: set right mode on ssh-agent at boot-time which sthen@ ok deraadt@ OpenBSD-Commit-ID: 662b5056a2c6171563e1626f9c69f27862b5e7af --- .skipped-commit-ids | 1 + 1 file changed, 1 insertion(+) diff --git a/.skipped-commit-ids b/.skipped-commit-ids index 7a0062b0..1fc4378d 100644 --- a/.skipped-commit-ids +++ b/.skipped-commit-ids @@ -31,6 +31,7 @@ e1dc11143f83082e3154d6094f9136d0dc2637ad more relinking makefile tweaks 5a636f6ca7f25bfe775df4952f7aac90a7fcbbee moduli update ef9341d5a50f0d33e3a6fbe995e92964bc7ef2d3 Makefile relinking changes 2fe8d707ae35ba23c7916adcb818bb5b66837ba0 ssh-agent relink kit +866cfcc1955aef8f3fc32da0b70c353a1b859f2e ssh-agent relink changes Old upstream tree: -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Apr 30 12:39:48 2024 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 30 Apr 2024 12:39:48 +1000 Subject: [openssh-commits] [openssh] 11/14: upstream: correct indentation; no functional change ok tb@ In-Reply-To: <171444477791.47131.3066015604415297852@fuyu.mindrot.org> References: <171444477791.47131.3066015604415297852@fuyu.mindrot.org> Message-ID: <8cbdce147cf6fb71@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit 5b28096d31ff7d80748fc845553a4aef5bb05d86 Author: jsg at openbsd.org AuthorDate: Tue Apr 23 13:34:50 2024 +0000 upstream: correct indentation; no functional change ok tb@ OpenBSD-Commit-ID: dd9702fd43de546bc6a3f4f025c74d6f3692a0d4 --- sshconnect.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sshconnect.c b/sshconnect.c index d8efc50c..1e94967d 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.366 2024/01/11 01:45:36 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.367 2024/04/23 13:34:50 jsg Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -647,7 +647,7 @@ get_hostfile_hostname_ipaddr(char *hostname, struct sockaddr *hostaddr, if (options.proxy_command == NULL) { if (getnameinfo(hostaddr, addrlen, ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST) != 0) - fatal_f("getnameinfo failed"); + fatal_f("getnameinfo failed"); *hostfile_ipaddr = put_host_port(ntop, port); } else { *hostfile_ipaddr = xstrdup(" References: <171444477791.47131.3066015604415297852@fuyu.mindrot.org> Message-ID: <8cbdce1618685580@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit 80fb0eb21551aed3aebb009ab20aeffeb01e44e0 Author: djm at openbsd.org AuthorDate: Tue Apr 30 02:10:49 2024 +0000 upstream: add explict check for server hostkey type against HostkeyAlgorithms. Allows HostkeyAlgorithms to disable implicit fallback from certificate keys to plain keys. ok markus@ OpenBSD-Commit-ID: 364087e4a395ff9b2f42bf3aefdb2090bb23643a --- clientloop.c | 23 ++--------------------- sshconnect.c | 32 +++++++++++++++++++++++++++++++- sshconnect.h | 6 +++++- 3 files changed, 38 insertions(+), 23 deletions(-) diff --git a/clientloop.c b/clientloop.c index 8ec36af9..be8bb5fc 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.403 2024/02/21 05:57:34 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.404 2024/04/30 02:10:49 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2441,25 +2441,6 @@ client_global_hostkeys_prove_confirm(struct ssh *ssh, int type, client_repledge(); } -/* - * Returns non-zero if the key is accepted by HostkeyAlgorithms. - * Made slightly less trivial by the multiple RSA signature algorithm names. - */ -static int -key_accepted_by_hostkeyalgs(const struct sshkey *key) -{ - const char *ktype = sshkey_ssh_name(key); - const char *hostkeyalgs = options.hostkeyalgorithms; - - if (key->type == KEY_UNSPEC) - return 0; - if (key->type == KEY_RSA && - (match_pattern_list("rsa-sha2-256", hostkeyalgs, 0) == 1 || - match_pattern_list("rsa-sha2-512", hostkeyalgs, 0) == 1)) - return 1; - return match_pattern_list(ktype, hostkeyalgs, 0) == 1; -} - /* * Handle hostkeys-00 at openssh.com global request to inform the client of all * the server's hostkeys. The keys are checked against the user's @@ -2504,7 +2485,7 @@ client_input_hostkeys(struct ssh *ssh) debug3_f("received %s key %s", sshkey_type(key), fp); free(fp); - if (!key_accepted_by_hostkeyalgs(key)) { + if (!hostkey_accepted_by_hostkeyalgs(key)) { debug3_f("%s key not permitted by " "HostkeyAlgorithms", sshkey_ssh_name(key)); continue; diff --git a/sshconnect.c b/sshconnect.c index 1e94967d..7cf6b638 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.367 2024/04/23 13:34:50 jsg Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.368 2024/04/30 02:10:49 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -57,6 +57,7 @@ #include "sshkey.h" #include "sshconnect.h" #include "log.h" +#include "match.h" #include "misc.h" #include "readconf.h" #include "atomicio.h" @@ -717,6 +718,29 @@ try_tilde_unexpand(const char *path) return ret; } +/* + * Returns non-zero if the key is accepted by HostkeyAlgorithms. + * Made slightly less trivial by the multiple RSA signature algorithm names. + */ +int +hostkey_accepted_by_hostkeyalgs(const struct sshkey *key) +{ + const char *ktype = sshkey_ssh_name(key); + const char *hostkeyalgs = options.hostkeyalgorithms; + + if (key->type == KEY_UNSPEC) + return 0; + if (key->type == KEY_RSA && + (match_pattern_list("rsa-sha2-256", hostkeyalgs, 0) == 1 || + match_pattern_list("rsa-sha2-512", hostkeyalgs, 0) == 1)) + return 1; + if (key->type == KEY_RSA_CERT && + (match_pattern_list("rsa-sha2-512-cert-v01 at openssh.com", hostkeyalgs, 0) == 1 || + match_pattern_list("rsa-sha2-256-cert-v01 at openssh.com", hostkeyalgs, 0) == 1)) + return 1; + return match_pattern_list(ktype, hostkeyalgs, 0) == 1; +} + static int hostkeys_find_by_key_cb(struct hostkey_foreach_line *l, void *_ctx) { @@ -1017,6 +1041,12 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo, } retry: + if (!hostkey_accepted_by_hostkeyalgs(host_key)) { + error("host key %s not permitted by HostkeyAlgorithms", + sshkey_ssh_name(host_key)); + goto fail; + } + /* Reload these as they may have changed on cert->key downgrade */ want_cert = sshkey_is_cert(host_key); type = sshkey_type(host_key); diff --git a/sshconnect.h b/sshconnect.h index 79d35cc1..8b0466f2 100644 --- a/sshconnect.h +++ b/sshconnect.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.h,v 1.47 2023/10/12 02:18:18 djm Exp $ */ +/* $OpenBSD: sshconnect.h,v 1.48 2024/04/30 02:10:49 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -24,6 +24,8 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +struct sshkey; + typedef struct Sensitive Sensitive; struct Sensitive { struct sshkey **keys; @@ -94,3 +96,5 @@ void maybe_add_key_to_agent(const char *, struct sshkey *, void load_hostkeys_command(struct hostkeys *, const char *, const char *, const struct ssh_conn_info *, const struct sshkey *, const char *); + +int hostkey_accepted_by_hostkeyalgs(const struct sshkey *); -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Apr 30 12:39:50 2024 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 30 Apr 2024 12:39:50 +1000 Subject: [openssh-commits] [openssh] 13/14: upstream: correctly restore sigprocmask around ppoll() reported In-Reply-To: <171444477791.47131.3066015604415297852@fuyu.mindrot.org> References: <171444477791.47131.3066015604415297852@fuyu.mindrot.org> Message-ID: <8cbdce18263d0743@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit 66aaa678dbe59aa21d0d9d89a3596ecedde0254b Author: djm at openbsd.org AuthorDate: Tue Apr 30 02:14:10 2024 +0000 upstream: correctly restore sigprocmask around ppoll() reported by T?ivo Leedj?rv; ok deraadt@ OpenBSD-Commit-ID: c0c0f89de5294a166578f071eade2501929c4686 --- clientloop.c | 4 ++-- serverloop.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/clientloop.c b/clientloop.c index be8bb5fc..8ea2ada4 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.404 2024/04/30 02:10:49 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.405 2024/04/30 02:14:10 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1585,7 +1585,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, client_wait_until_can_do_something(ssh, &pfd, &npfd_alloc, &npfd_active, channel_did_enqueue, &osigset, &conn_in_ready, &conn_out_ready); - if (sigprocmask(SIG_UNBLOCK, &bsigset, &osigset) == -1) + if (sigprocmask(SIG_SETMASK, &osigset, NULL) == -1) error_f("osigset sigprocmask: %s", strerror(errno)); if (quit_pending) diff --git a/serverloop.c b/serverloop.c index f3683c2e..94c8943a 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.237 2023/08/21 04:59:54 djm Exp $ */ +/* $OpenBSD: serverloop.c,v 1.238 2024/04/30 02:14:10 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -380,7 +380,7 @@ server_loop2(struct ssh *ssh, Authctxt *authctxt) wait_until_can_do_something(ssh, connection_in, connection_out, &pfd, &npfd_alloc, &npfd_active, &osigset, &conn_in_ready, &conn_out_ready); - if (sigprocmask(SIG_UNBLOCK, &bsigset, &osigset) == -1) + if (sigprocmask(SIG_SETMASK, &osigset, NULL) == -1) error_f("osigset sigprocmask: %s", strerror(errno)); if (received_sigterm) { -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Apr 30 12:39:51 2024 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 30 Apr 2024 12:39:51 +1000 Subject: [openssh-commits] [openssh] 14/14: depend In-Reply-To: <171444477791.47131.3066015604415297852@fuyu.mindrot.org> References: <171444477791.47131.3066015604415297852@fuyu.mindrot.org> Message-ID: <8cbdce1ada095ee8@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit 16d0b82fa08038f35f1b3630c70116979f49784f Author: Damien Miller AuthorDate: Tue Apr 30 12:39:34 2024 +1000 depend --- .depend | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.depend b/.depend index 4897698a..71757cc3 100644 --- a/.depend +++ b/.depend @@ -153,8 +153,8 @@ sshbuf-getput-crypto.o: includes.h config.h defines.h platform.h openbsd-compat/ sshbuf-io.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitp [...] sshbuf-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-wai [...] sshbuf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid. [...] -sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-wait [...] -sshconnect.o: kex.h mac.h crypto_api.h +sshconnect.o: authfd.h kex.h mac.h crypto_api.h +sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-wait [...] sshconnect2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-wai [...] sshconnect2.o: sshconnect.h authfile.h dh.h authfd.h log.h ssherr.h misc.h readconf.h match.h canohost.h msg.h pathnames.h uidswap.h hostfile.h utf8.h ssh-sk.h sk-api.h sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h [...] -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Apr 30 15:46:47 2024 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 30 Apr 2024 15:46:47 +1000 Subject: [openssh-commits] [openssh] branch master updated: upstream: add missing reserved fields to key constraint protocol Message-ID: <171445600756.80510.9656136467230475405@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. The following commit(s) were added to refs/heads/master by this push: new da757b02 upstream: add missing reserved fields to key constraint protocol da757b02 is described below commit da757b022bf18c6f7d04e685a10cd96ed00f83da Author: djm at openbsd.org AuthorDate: Tue Apr 30 05:45:56 2024 +0000 upstream: add missing reserved fields to key constraint protocol documentation. from Wiktor Kwapisiewicz via GHPR487 OpenBSD-Commit-ID: 0dfb69998cfdb3fa00cbb0e7809e7d2f6126e3df --- PROTOCOL.agent | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/PROTOCOL.agent b/PROTOCOL.agent index 7637882f..9ae16bf2 100644 --- a/PROTOCOL.agent +++ b/PROTOCOL.agent @@ -49,10 +49,13 @@ Where a constraint consists of: string from_username (must be empty) string from_hostname + string reserved keyspec[] from_hostkeys string to_username string to_hostname + string reserved keyspec[] to_hostkeys + string reserved And a keyspec consists of: @@ -112,4 +115,4 @@ A SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED will return SSH_AGENT_SUCCESS if any key (plain private or certificate) was successfully loaded, or SSH_AGENT_FAILURE if no key was loaded. -$OpenBSD: PROTOCOL.agent,v 1.22 2023/12/20 00:06:25 jsg Exp $ +$OpenBSD: PROTOCOL.agent,v 1.23 2024/04/30 05:45:56 djm Exp $ -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Apr 30 15:53:30 2024 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 30 Apr 2024 15:53:30 +1000 Subject: [openssh-commits] [openssh] branch master updated: upstream: stricter validation of messaging socket fd number; disallow Message-ID: <171445641055.90516.16849635298752735122@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. The following commit(s) were added to refs/heads/master by this push: new 2e69a724 upstream: stricter validation of messaging socket fd number; disallow 2e69a724 is described below commit 2e69a724051488e3fb3cd11531c4b5bc1764945b Author: djm at openbsd.org AuthorDate: Tue Apr 30 05:53:03 2024 +0000 upstream: stricter validation of messaging socket fd number; disallow usage of stderr. Based on GHPR492 by RealHurrison OpenBSD-Commit-ID: 73dbbe82ea16f73ce1d044d3232bc869ae2f2ce8 --- ssh-keysign.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssh-keysign.c b/ssh-keysign.c index c54a4bbb..968344e7 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keysign.c,v 1.73 2024/01/11 01:51:16 djm Exp $ */ +/* $OpenBSD: ssh-keysign.c,v 1.74 2024/04/30 05:53:03 djm Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -268,7 +268,7 @@ main(int argc, char **argv) __progname, rver, version); if ((r = sshbuf_get_u32(b, (u_int *)&fd)) != 0) fatal_r(r, "%s: buffer error", __progname); - if (fd < 0 || fd == STDIN_FILENO || fd == STDOUT_FILENO) + if (fd <= STDERR_FILENO) fatal("%s: bad fd = %d", __progname, fd); if ((host = get_local_name(fd)) == NULL) fatal("%s: cannot get local name for fd", __progname); -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Apr 30 16:17:29 2024 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 30 Apr 2024 16:17:29 +1000 Subject: [openssh-commits] [openssh] branch master updated: upstream: flush stdout after writing "sftp>" prompt when not using Message-ID: <171445784953.22392.10831937993035128100@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. The following commit(s) were added to refs/heads/master by this push: new 14e2b16b upstream: flush stdout after writing "sftp>" prompt when not using 14e2b16b is described below commit 14e2b16bc67ffcc188906f65008667e22f73d103 Author: djm at openbsd.org AuthorDate: Tue Apr 30 06:16:55 2024 +0000 upstream: flush stdout after writing "sftp>" prompt when not using editline. From Alpine Linux via GHPR480 OpenBSD-Commit-ID: 80bdc7ffe0358dc090eb9b93e6dedb2b087b24cd --- sftp.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/sftp.c b/sftp.c index 76ba4de3..c080fba5 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.237 2024/02/01 02:37:33 djm Exp $ */ +/* $OpenBSD: sftp.c,v 1.238 2024/04/30 06:16:55 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -2301,8 +2301,10 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2) break; } if (el == NULL) { - if (interactive) + if (interactive) { printf("sftp> "); + fflush(stdout); + } if (fgets(cmd, sizeof(cmd), infile) == NULL) { if (interactive) printf("\n"); -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Apr 30 16:24:37 2024 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 30 Apr 2024 16:24:37 +1000 Subject: [openssh-commits] [openssh] branch master updated: upstream: fix home-directory extension implementation, it always Message-ID: <171445827719.78542.7476718818946813394@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. The following commit(s) were added to refs/heads/master by this push: new 385ecb31 upstream: fix home-directory extension implementation, it always 385ecb31 is described below commit 385ecb31e147dfea59c1c488a1d2011d3867e60e Author: djm at openbsd.org AuthorDate: Tue Apr 30 06:23:51 2024 +0000 upstream: fix home-directory extension implementation, it always returned the current user's home directory contrary to the spec. Patch from Jakub Jelen via GHPR477 OpenBSD-Commit-ID: 5afd775eab7f9cbe222d7fbae4c793de6c3b3d28 --- sftp-server.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/sftp-server.c b/sftp-server.c index 0466a0f7..a4abb9f7 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server.c,v 1.147 2023/04/12 08:53:54 jsg Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.148 2024/04/30 06:23:51 djm Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * @@ -1706,14 +1706,16 @@ process_extended_home_directory(u_int32_t id) fatal_fr(r, "parse"); debug3("request %u: home-directory \"%s\"", id, username); - if ((user_pw = getpwnam(username)) == NULL) { + if (username[0] == '\0') { + user_pw = pw; + } else if ((user_pw = getpwnam(username)) == NULL) { send_status(id, SSH2_FX_FAILURE); goto out; } - verbose("home-directory \"%s\"", pw->pw_dir); + verbose("home-directory \"%s\"", user_pw->pw_dir); attrib_clear(&s.attrib); - s.name = s.long_name = pw->pw_dir; + s.name = s.long_name = user_pw->pw_dir; send_names(id, 1, &s); out: free(username); -- To stop receiving notification emails like this one, please contact djm at mindrot.org.