From git+noreply at mindrot.org Mon Aug 2 19:31:13 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Mon, 02 Aug 2021 19:31:13 +1000 Subject: [openssh-commits] [openssh] branch master updated (a1f78e08 -> 1e11fb24) Message-ID: <162789667327.94937.9426297658999951545@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a change to branch master in repository openssh. from a1f78e08 Move SUDO to "make test" command line. new 0f494236 lastenv is only used in setenv. new 1e11fb24 Check for RLIMIT_NOFILE before trying to use it. The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit 1e11fb24066f3fc259ee30db3dbb2a3127e05956 Author: Darren Tucker Date: Mon Aug 2 18:56:29 2021 +1000 Check for RLIMIT_NOFILE before trying to use it. commit 0f494236b49fb48c1ef33669f14822ca4f3ce2f4 Author: Darren Tucker Date: Tue Jul 27 17:45:34 2021 +1000 lastenv is only used in setenv. Prevents an unused variable warning on platforms that have setenv but not unsetenv. Summary of changes: openbsd-compat/setenv.c | 2 ++ sftp-server.c | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Mon Aug 2 19:31:14 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Mon, 02 Aug 2021 19:31:14 +1000 Subject: [openssh-commits] [openssh] 01/02: lastenv is only used in setenv. In-Reply-To: <162789667327.94937.9426297658999951545@fuyu.mindrot.org> References: <162789667327.94937.9426297658999951545@fuyu.mindrot.org> Message-ID: <5ca126fc92363920@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit 0f494236b49fb48c1ef33669f14822ca4f3ce2f4 Author: Darren Tucker Date: Tue Jul 27 17:45:34 2021 +1000 lastenv is only used in setenv. Prevents an unused variable warning on platforms that have setenv but not unsetenv. --- openbsd-compat/setenv.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/openbsd-compat/setenv.c b/openbsd-compat/setenv.c index 373b701d..86954c28 100644 --- a/openbsd-compat/setenv.c +++ b/openbsd-compat/setenv.c @@ -39,7 +39,9 @@ #include extern char **environ; +#ifndef HAVE_SETENV static char **lastenv; /* last value of environ */ +#endif /* OpenSSH Portable: __findenv is from getenv.c rev 1.8, made static */ /* -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Mon Aug 2 19:31:15 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Mon, 02 Aug 2021 19:31:15 +1000 Subject: [openssh-commits] [openssh] 02/02: Check for RLIMIT_NOFILE before trying to use it. In-Reply-To: <162789667327.94937.9426297658999951545@fuyu.mindrot.org> References: <162789667327.94937.9426297658999951545@fuyu.mindrot.org> Message-ID: <5ca126fe789170df@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit 1e11fb24066f3fc259ee30db3dbb2a3127e05956 Author: Darren Tucker Date: Mon Aug 2 18:56:29 2021 +1000 Check for RLIMIT_NOFILE before trying to use it. --- sftp-server.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sftp-server.c b/sftp-server.c index 4972b2a6..c89c1f42 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -1491,13 +1491,13 @@ process_extended_limits(u_int32_t id) struct sshbuf *msg; int r; uint64_t nfiles = 0; -#ifdef HAVE_GETRLIMIT +#if defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE) struct rlimit rlim; #endif debug("request %u: limits", id); -#ifdef HAVE_GETRLIMIT +#if defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE) if (getrlimit(RLIMIT_NOFILE, &rlim) != -1 && rlim.rlim_cur > 5) nfiles = rlim.rlim_cur - 5; /* stdio(3) + syslog + spare */ #endif -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Aug 3 11:17:09 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 03 Aug 2021 11:17:09 +1000 Subject: [openssh-commits] [openssh] branch master updated (1e11fb24 -> af5d8094) Message-ID: <162795342900.20655.18384892023897049908@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a change to branch master in repository openssh. from 1e11fb24 Check for RLIMIT_NOFILE before trying to use it. new efad4deb upstream: standardise the grammar in the options list; issue new bec42933 upstream: word fix; reported by debian at helgefjell de new 4455aec2 upstream: no need to talk about version 2 with the -Q option, so new c7cd347a upstream: fix a formatting error and mark up known_hosts new dd533c7a upstream: fix a formatting error and add some Xr; from debian at new 197e29f1 upstream: support for using the SFTP protocol for file transfers in new e4673b7f upstream: Treat doas with arguments as a valid SUDO variable. new af5d8094 upstream: regression tests for scp SFTP protocol support; mostly by The 8 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit af5d8094d8b755e1daaf2e20ff1dc252800b4c9b Author: djm at openbsd.org Date: Tue Aug 3 01:05:24 2021 +0000 upstream: regression tests for scp SFTP protocol support; mostly by Jakub Jelen in GHPR#194 ok markus OpenBSD-Regress-ID: 36f1458525bcb111741ec8547eaf58b13cddc715 commit e4673b7f67ae7740131a4ecea29a846593049a91 Author: anton at openbsd.org Date: Thu Jul 29 15:34:09 2021 +0000 upstream: Treat doas with arguments as a valid SUDO variable. Allows one to specify SUDO="doas -n" which I do while running make regress. ok dtucker@ OpenBSD-Regress-ID: 4fe5814b5010dbf0885500d703bea06048d11005 commit 197e29f1cca190d767c4b2b63a662f9a9e5da0b3 Author: djm at openbsd.org Date: Mon Aug 2 23:38:27 2021 +0000 upstream: support for using the SFTP protocol for file transfers in scp, via a new "-M sftp" option. Marked as experimental for now. Some corner-cases exist, in particular there is no attempt to provide bug-compatibility with scp's weird "double shell" quoting rules. Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@ Thanks jmc@ for improving the scp.1 bits. OpenBSD-Commit-ID: 6ce4c9157ff17b650ace571c9f7793d92874051c commit dd533c7ab79d61a7796b77b64bd81b098e0d7f9f Author: jmc at openbsd.org Date: Fri Jul 30 14:28:13 2021 +0000 upstream: fix a formatting error and add some Xr; from debian at helgefjell de removed references to rlogin etc. as no longer relevant; suggested by djm ok djm dtucker OpenBSD-Commit-ID: 3c431c303068d3aec5bb18573a0bd5e0cd77c5ae commit c7cd347a8823819411222c1e10a0d26747d0fd5c Author: jmc at openbsd.org Date: Fri Jul 30 14:25:01 2021 +0000 upstream: fix a formatting error and mark up known_hosts consistently; issues reported by debian at helgefjell de ok djm dtucker OpenBSD-Commit-ID: a1fd8d21dc77f507685443832df0c9700481b0ce commit 4455aec2e4fc90f64ae4fc47e78ebc9c18721738 Author: jmc at openbsd.org Date: Wed Jul 28 05:57:42 2021 +0000 upstream: no need to talk about version 2 with the -Q option, so rewrite the text to read better; issue reported by debian at helgefjell de ok djm dtucker OpenBSD-Commit-ID: 59fe2e8219c37906740ad062e0fdaea487dbe9cf commit bec429338e9b30d2c7668060e82608286a8a4777 Author: jmc at openbsd.org Date: Tue Jul 27 14:28:46 2021 +0000 upstream: word fix; reported by debian at helgefjell de OpenBSD-Commit-ID: 0c6fd22142422a25343c5bd1a618f31618f41ece commit efad4deb5a1f1cf79ebefd63c6625059060bfbe1 Author: jmc at openbsd.org Date: Tue Jul 27 14:14:25 2021 +0000 upstream: standardise the grammar in the options list; issue reported by debian at helgefjell de ok dtucker djm OpenBSD-Commit-ID: 7ac15575045d82f4b205a42cc7d5207fe4c3f8e6 Summary of changes: .depend | 2 +- Makefile.in | 6 +- regress/agent-getpeereid.sh | 2 +- regress/scp-uri.sh | 82 ++++++------ regress/scp.sh | 188 ++++++++++++++------------- scp.1 | 21 ++- scp.c | 304 ++++++++++++++++++++++++++++++++++++++++---- sftp-server.8 | 12 +- ssh.1 | 9 +- ssh_config.5 | 11 +- sshd.8 | 16 ++- sshd_config.5 | 6 +- 12 files changed, 476 insertions(+), 183 deletions(-) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Aug 3 11:17:10 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 03 Aug 2021 11:17:10 +1000 Subject: [openssh-commits] [openssh] 01/08: upstream: standardise the grammar in the options list; issue In-Reply-To: <162795342900.20655.18384892023897049908@fuyu.mindrot.org> References: <162795342900.20655.18384892023897049908@fuyu.mindrot.org> Message-ID: <5ca12713c309b355@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit efad4deb5a1f1cf79ebefd63c6625059060bfbe1 Author: jmc at openbsd.org Date: Tue Jul 27 14:14:25 2021 +0000 upstream: standardise the grammar in the options list; issue reported by debian at helgefjell de ok dtucker djm OpenBSD-Commit-ID: 7ac15575045d82f4b205a42cc7d5207fe4c3f8e6 --- sftp-server.8 | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/sftp-server.8 b/sftp-server.8 index f057da3b..5311bf92 100644 --- a/sftp-server.8 +++ b/sftp-server.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp-server.8,v 1.30 2020/06/22 06:36:40 jmc Exp $ +.\" $OpenBSD: sftp-server.8,v 1.31 2021/07/27 14:14:25 jmc Exp $ .\" .\" Copyright (c) 2000 Markus Friedl. All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 22 2020 $ +.Dd $Mdocdate: July 27 2021 $ .Dt SFTP-SERVER 8 .Os .Sh NAME @@ -64,7 +64,7 @@ for more information. Valid options are: .Bl -tag -width Ds .It Fl d Ar start_directory -specifies an alternate starting directory for users. +Specifies an alternate starting directory for users. The pathname may contain the following tokens that are expanded at runtime: %% is replaced by a literal '%', %d is replaced by the home directory of the user being authenticated, @@ -100,7 +100,7 @@ DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher levels of debugging output. The default is ERROR. .It Fl P Ar denied_requests -Specify a comma-separated list of SFTP protocol requests that are banned by +Specifies a comma-separated list of SFTP protocol requests that are banned by the server. .Nm will reply to any denied request with a failure. @@ -110,7 +110,7 @@ flag can be used to determine the supported request types. If both denied and allowed lists are specified, then the denied list is applied before the allowed list. .It Fl p Ar allowed_requests -Specify a comma-separated list of SFTP protocol requests that are permitted +Specifies a comma-separated list of SFTP protocol requests that are permitted by the server. All request types that are not on the allowed list will be logged and replied to with a failure message. @@ -118,7 +118,7 @@ to with a failure message. Care must be taken when using this feature to ensure that requests made implicitly by SFTP clients are permitted. .It Fl Q Ar protocol_feature -Query protocol features supported by +Queries protocol features supported by .Nm . At present the only feature that may be queried is .Dq requests , -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Aug 3 11:17:11 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 03 Aug 2021 11:17:11 +1000 Subject: [openssh-commits] [openssh] 02/08: upstream: word fix; reported by debian at helgefjell de In-Reply-To: <162795342900.20655.18384892023897049908@fuyu.mindrot.org> References: <162795342900.20655.18384892023897049908@fuyu.mindrot.org> Message-ID: <5ca12715512823de@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit bec429338e9b30d2c7668060e82608286a8a4777 Author: jmc at openbsd.org Date: Tue Jul 27 14:28:46 2021 +0000 upstream: word fix; reported by debian at helgefjell de OpenBSD-Commit-ID: 0c6fd22142422a25343c5bd1a618f31618f41ece --- sshd_config.5 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sshd_config.5 b/sshd_config.5 index faa0a0f3..6aab3382 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.332 2021/07/02 05:11:21 dtucker Exp $ -.Dd $Mdocdate: July 2 2021 $ +.\" $OpenBSD: sshd_config.5,v 1.333 2021/07/27 14:28:46 jmc Exp $ +.Dd $Mdocdate: July 27 2021 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -1599,7 +1599,7 @@ For more information on KRLs, see the KEY REVOCATION LISTS section in .It Cm RDomain Specifies an explicit routing domain that is applied after authentication has completed. -The user session, as well and any forwarded or listening IP sockets, +The user session, as well as any forwarded or listening IP sockets, will be bound to this .Xr rdomain 4 . If the routing domain is set to -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Aug 3 11:17:12 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 03 Aug 2021 11:17:12 +1000 Subject: [openssh-commits] [openssh] 03/08: upstream: no need to talk about version 2 with the -Q option, so In-Reply-To: <162795342900.20655.18384892023897049908@fuyu.mindrot.org> References: <162795342900.20655.18384892023897049908@fuyu.mindrot.org> Message-ID: <5ca1271783304e85@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit 4455aec2e4fc90f64ae4fc47e78ebc9c18721738 Author: jmc at openbsd.org Date: Wed Jul 28 05:57:42 2021 +0000 upstream: no need to talk about version 2 with the -Q option, so rewrite the text to read better; issue reported by debian at helgefjell de ok djm dtucker OpenBSD-Commit-ID: 59fe2e8219c37906740ad062e0fdaea487dbe9cf --- ssh.1 | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/ssh.1 b/ssh.1 index 46ad55ad..77502515 100644 --- a/ssh.1 +++ b/ssh.1 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.424 2021/07/23 04:04:52 djm Exp $ -.Dd $Mdocdate: July 23 2021 $ +.\" $OpenBSD: ssh.1,v 1.425 2021/07/28 05:57:42 jmc Exp $ +.Dd $Mdocdate: July 28 2021 $ .Dt SSH 1 .Os .Sh NAME @@ -585,10 +585,7 @@ This can be specified on a per-host basis in the configuration file. .Pp .It Fl Q Ar query_option -Queries -.Nm -for the algorithms supported for the specified version 2. -The available features are: +Queries for the algorithms supported by one of the following features: .Ar cipher (supported symmetric ciphers), .Ar cipher-auth -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Aug 3 11:17:13 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 03 Aug 2021 11:17:13 +1000 Subject: [openssh-commits] [openssh] 04/08: upstream: fix a formatting error and mark up known_hosts In-Reply-To: <162795342900.20655.18384892023897049908@fuyu.mindrot.org> References: <162795342900.20655.18384892023897049908@fuyu.mindrot.org> Message-ID: <5ca12719e220ad6e@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit c7cd347a8823819411222c1e10a0d26747d0fd5c Author: jmc at openbsd.org Date: Fri Jul 30 14:25:01 2021 +0000 upstream: fix a formatting error and mark up known_hosts consistently; issues reported by debian at helgefjell de ok djm dtucker OpenBSD-Commit-ID: a1fd8d21dc77f507685443832df0c9700481b0ce --- ssh_config.5 | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/ssh_config.5 b/ssh_config.5 index 94a7ea14..84bec59b 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.359 2021/07/23 04:04:52 djm Exp $ -.Dd $Mdocdate: July 23 2021 $ +.\" $OpenBSD: ssh_config.5,v 1.360 2021/07/30 14:25:01 jmc Exp $ +.Dd $Mdocdate: July 30 2021 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -1773,8 +1773,9 @@ add all new hosts. .Pp If this flag is set to .Dq accept-new -then ssh will automatically add new host keys to the user -known hosts files, but will not permit connections to hosts with +then ssh will automatically add new host keys to the user's +.Pa known_hosts +file, but will not permit connections to hosts with changed host keys. If this flag is set to .Dq no @@ -2068,7 +2069,7 @@ tunnel forwarding was requested, or otherwise. .It %t The type of the server host key, e.g. -.Cm ssh-ed25519 +.Cm ssh-ed25519 . .It %u The local username. .El -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Aug 3 11:17:14 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 03 Aug 2021 11:17:14 +1000 Subject: [openssh-commits] [openssh] 05/08: upstream: fix a formatting error and add some Xr; from debian at In-Reply-To: <162795342900.20655.18384892023897049908@fuyu.mindrot.org> References: <162795342900.20655.18384892023897049908@fuyu.mindrot.org> Message-ID: <5ca1271bf706e5d4@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit dd533c7ab79d61a7796b77b64bd81b098e0d7f9f Author: jmc at openbsd.org Date: Fri Jul 30 14:28:13 2021 +0000 upstream: fix a formatting error and add some Xr; from debian at helgefjell de removed references to rlogin etc. as no longer relevant; suggested by djm ok djm dtucker OpenBSD-Commit-ID: 3c431c303068d3aec5bb18573a0bd5e0cd77c5ae --- sshd.8 | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/sshd.8 b/sshd.8 index 3f4ab8f3..53296ddb 100644 --- a/sshd.8 +++ b/sshd.8 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.315 2021/06/04 05:59:18 djm Exp $ -.Dd $Mdocdate: June 4 2021 $ +.\" $OpenBSD: sshd.8,v 1.316 2021/07/30 14:28:13 jmc Exp $ +.Dd $Mdocdate: July 30 2021 $ .Dt SSHD 8 .Os .Sh NAME @@ -58,8 +58,7 @@ .Nm (OpenSSH Daemon) is the daemon program for .Xr ssh 1 . -Together these programs replace rlogin and rsh, -and provide secure encrypted communications between two untrusted hosts +It provides secure encrypted communications between two untrusted hosts over an insecure network. .Pp .Nm @@ -107,7 +106,7 @@ supplied in any order, either with multiple .Fl C options or as a comma-separated list. The keywords are -.Dq addr, +.Dq addr , .Dq user , .Dq host , .Dq laddr , @@ -135,7 +134,9 @@ This allows easy monitoring of Debug mode. The server sends verbose debug output to standard error, and does not put itself in the background. -The server also will not fork and will only process one connection. +The server also will not +.Xr fork 2 +and will only process one connection. This option is only intended for debugging for the server. Multiple .Fl d @@ -355,7 +356,8 @@ exists and the option is set, runs it; else if .Pa /etc/ssh/sshrc exists, runs -it; otherwise runs xauth. +it; otherwise runs +.Xr xauth 1 . The .Dq rc files are given the X11 -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Aug 3 11:17:15 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 03 Aug 2021 11:17:15 +1000 Subject: [openssh-commits] [openssh] 06/08: upstream: support for using the SFTP protocol for file transfers in In-Reply-To: <162795342900.20655.18384892023897049908@fuyu.mindrot.org> References: <162795342900.20655.18384892023897049908@fuyu.mindrot.org> Message-ID: <5ca1271d50b6ee3d@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit 197e29f1cca190d767c4b2b63a662f9a9e5da0b3 Author: djm at openbsd.org Date: Mon Aug 2 23:38:27 2021 +0000 upstream: support for using the SFTP protocol for file transfers in scp, via a new "-M sftp" option. Marked as experimental for now. Some corner-cases exist, in particular there is no attempt to provide bug-compatibility with scp's weird "double shell" quoting rules. Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@ Thanks jmc@ for improving the scp.1 bits. OpenBSD-Commit-ID: 6ce4c9157ff17b650ace571c9f7793d92874051c --- .depend | 2 +- Makefile.in | 6 +- scp.1 | 21 ++++- scp.c | 304 +++++++++++++++++++++++++++++++++++++++++++++++++++++++----- 4 files changed, 305 insertions(+), 28 deletions(-) diff --git a/.depend b/.depend index 78629a54..6a532f4c 100644 --- a/.depend +++ b/.depend @@ -110,7 +110,7 @@ sandbox-seccomp-filter.o: includes.h config.h defines.h platform.h openbsd-compa sandbox-solaris.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd [...] sandbox-systrace.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bs [...] sc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid [...] -scp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h o [...] +scp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h o [...] servconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpi [...] servconf.o: kex.h mac.h crypto_api.h match.h channels.h groupaccess.h canohost.h packet.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h myproposal.h digest.h serverloop.o: cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h loginrec.h session.h auth-options.h serverloop.h diff --git a/Makefile.in b/Makefile.in index fc15a2ee..abf51d0e 100644 --- a/Makefile.in +++ b/Makefile.in @@ -131,7 +131,9 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \ sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \ sandbox-solaris.o uidswap.o $(SKOBJS) -SCP_OBJS= scp.o progressmeter.o +SFTP_CLIENT_OBJS=sftp-common.o sftp-client.o sftp-glob.o + +SCP_OBJS= scp.o progressmeter.o $(SFTP_CLIENT_OBJS) SSHADD_OBJS= ssh-add.o $(SKOBJS) @@ -149,7 +151,7 @@ SSHKEYSCAN_OBJS=ssh-keyscan.o $(SKOBJS) SFTPSERVER_OBJS=sftp-common.o sftp-server.o sftp-server-main.o -SFTP_OBJS= sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o +SFTP_OBJS= sftp.o progressmeter.o $(SFTP_CLIENT_OBJS) MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-sk-helper.8.out sshd_config.5.out ssh_config.5.out MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-sk-helper.8 sshd_config.5 ssh_config.5 diff --git a/scp.1 b/scp.1 index d9a9bb92..54285b70 100644 --- a/scp.1 +++ b/scp.1 @@ -8,9 +8,9 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.96 2021/07/02 05:11:21 dtucker Exp $ +.\" $OpenBSD: scp.1,v 1.97 2021/08/02 23:38:27 djm Exp $ .\" -.Dd $Mdocdate: July 2 2021 $ +.Dd $Mdocdate: August 2 2021 $ .Dt SCP 1 .Os .Sh NAME @@ -20,10 +20,12 @@ .Nm scp .Op Fl 346ABCpqrTv .Op Fl c Ar cipher +.Op Fl D Ar sftp_server_path .Op Fl F Ar ssh_config .Op Fl i Ar identity_file .Op Fl J Ar destination .Op Fl l Ar limit +.Op Fl M Ar scp | sftp .Op Fl o Ar ssh_option .Op Fl P Ar port .Op Fl S Ar program @@ -108,6 +110,13 @@ to enable compression. Selects the cipher to use for encrypting the data transfer. This option is directly passed to .Xr ssh 1 . +.It Fl D Ar sftp_server_path +When using the experimental SFTP protocol support via +.Fl M , +connect directly to a local SFTP server program rather than a +remote one via +.Xr ssh 1 . +This option may be useful in debugging the client and server. .It Fl F Ar ssh_config Specifies an alternative per-user configuration file for @@ -134,6 +143,14 @@ This option is directly passed to .Xr ssh 1 . .It Fl l Ar limit Limits the used bandwidth, specified in Kbit/s. +.It Fl M Ar scp | sftp +Specifies a mode which will be used to transfer files. +The default is to use the original +.Cm scp +protocol. +Alternately, experimental support for using the +.Cm sftp +protocol is available. .It Fl o Ar ssh_option Can be used to pass options to .Nm ssh diff --git a/scp.c b/scp.c index cc2dcc37..8ff7180b 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.215 2021/07/05 00:25:42 djm Exp $ */ +/* $OpenBSD: scp.c,v 1.216 2021/08/02 23:38:27 djm Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -97,6 +97,10 @@ #ifdef HAVE_FNMATCH_H #include #endif +#include +#ifdef HAVE_LIBGEN_H +#include +#endif #include #include #include @@ -123,12 +127,17 @@ #include "progressmeter.h" #include "utf8.h" +#include "sftp-common.h" +#include "sftp-client.h" + extern char *__progname; #define COPY_BUFLEN 16384 -int do_cmd(char *host, char *remuser, int port, char *cmd, int *fdin, int *fdout); -int do_cmd2(char *host, char *remuser, int port, char *cmd, int fdin, int fdout); +int do_cmd(char *program, char *host, char *remuser, int port, char *cmd, + int *fdin, int *fdout); +int do_cmd2(char *host, char *remuser, int port, char *cmd, + int fdin, int fdout); /* Struct for addargs */ arglist args; @@ -143,6 +152,7 @@ char *curfile; /* This is set to non-zero to enable verbose mode. */ int verbose_mode = 0; +LogLevel log_level = SYSLOG_LEVEL_INFO; /* This is set to zero if the progressmeter is not desired. */ int showprogress = 1; @@ -162,6 +172,12 @@ char *ssh_program = _PATH_SSH_PROGRAM; /* This is used to store the pid of ssh_program */ pid_t do_cmd_pid = -1; +/* Needed for sftp */ +volatile sig_atomic_t interrupted = 0; + +int remote_glob(struct sftp_conn *, const char *, int, + int (*)(const char *, int), glob_t *); /* proto for sftp-glob.c */ + static void killchild(int signo) { @@ -238,14 +254,15 @@ do_local_cmd(arglist *a) */ int -do_cmd(char *host, char *remuser, int port, char *cmd, int *fdin, int *fdout) +do_cmd(char *program, char *host, char *remuser, int port, char *cmd, + int *fdin, int *fdout) { int pin[2], pout[2], reserved[2]; if (verbose_mode) fmprintf(stderr, "Executing: program %s host %s, user %s, command %s\n", - ssh_program, host, + program, host, remuser ? remuser : "(unspecified)", cmd); if (port == -1) @@ -283,7 +300,7 @@ do_cmd(char *host, char *remuser, int port, char *cmd, int *fdin, int *fdout) close(pin[0]); close(pout[1]); - replacearg(&args, 0, "%s", ssh_program); + replacearg(&args, 0, "%s", program); if (port != -1) { addargs(&args, "-p"); addargs(&args, "%d", port); @@ -296,8 +313,8 @@ do_cmd(char *host, char *remuser, int port, char *cmd, int *fdin, int *fdout) addargs(&args, "%s", host); addargs(&args, "%s", cmd); - execvp(ssh_program, args.list); - perror(ssh_program); + execvp(program, args.list); + perror(program); exit(1); } else if (do_cmd_pid == -1) { fatal("fork: %s", strerror(errno)); @@ -388,22 +405,33 @@ int Tflag, pflag, iamremote, iamrecursive, targetshouldbedirectory; #define CMDNEEDS 64 char cmd[CMDNEEDS]; /* must hold "rcp -r -p -d\0" */ +enum scp_mode_e { + MODE_SCP, + MODE_SFTP +}; + int response(void); void rsource(char *, struct stat *); void sink(int, char *[], const char *); void source(int, char *[]); -void tolocal(int, char *[]); -void toremote(int, char *[]); +void tolocal(int, char *[], enum scp_mode_e, char *sftp_direct); +void toremote(int, char *[], enum scp_mode_e, char *sftp_direct); void usage(void); +void source_sftp(int, char *, char *, struct sftp_conn *, char **); +void sink_sftp(int, char *, const char *, struct sftp_conn *); + int main(int argc, char **argv) { int ch, fflag, tflag, status, n; - char **newargv; + char **newargv, *argv0; const char *errstr; extern char *optarg; extern int optind; + /* For now, keep SCP as default */ + enum scp_mode_e mode = MODE_SCP; + char *sftp_direct = NULL; /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); @@ -413,6 +441,7 @@ main(int argc, char **argv) msetlocale(); /* Copy argv, because we modify it */ + argv0 = argv[0]; newargv = xcalloc(MAXIMUM(argc + 1, 1), sizeof(*newargv)); for (n = 0; n < argc; n++) newargv[n] = xstrdup(argv[n]); @@ -432,7 +461,7 @@ main(int argc, char **argv) fflag = Tflag = tflag = 0; while ((ch = getopt(argc, argv, - "12346ABCTdfpqrtvF:J:P:S:c:i:l:o:")) != -1) { + "12346ABCTdfpqrtvD:F:J:M:P:S:c:i:l:o:")) != -1) { switch (ch) { /* User-visible flags. */ case '1': @@ -448,6 +477,9 @@ main(int argc, char **argv) addargs(&args, "-%c", ch); addargs(&remote_remote_args, "-%c", ch); break; + case 'D': + sftp_direct = optarg; + break; case '3': throughlocal = 1; break; @@ -470,6 +502,14 @@ main(int argc, char **argv) addargs(&remote_remote_args, "-oBatchmode=yes"); addargs(&args, "-oBatchmode=yes"); break; + case 'M': + if (strcmp(optarg, "sftp") == 0) + mode = MODE_SFTP; + else if (strcmp(optarg, "scp") == 0) + mode = MODE_SCP; + else + usage(); + break; case 'l': limit_kbps = strtonum(optarg, 1, 100 * 1024 * 1024, &errstr); @@ -490,6 +530,10 @@ main(int argc, char **argv) case 'v': addargs(&args, "-v"); addargs(&remote_remote_args, "-v"); + if (verbose_mode == 0) + log_level = SYSLOG_LEVEL_DEBUG1; + else if (log_level < SYSLOG_LEVEL_DEBUG3) + log_level++; verbose_mode = 1; break; case 'q': @@ -523,9 +567,17 @@ main(int argc, char **argv) argc -= optind; argv += optind; + log_init(argv0, log_level, SYSLOG_FACILITY_USER, 1); + /* Do this last because we want the user to be able to override it */ addargs(&args, "-oForwardAgent=no"); + if (mode != MODE_SFTP && sftp_direct != NULL) + fatal("SFTP direct can be used only in SFTP mode"); + + if (mode == MODE_SFTP && iamremote) + fatal("The server can not be ran in SFTP mode"); + if ((pwd = getpwuid(userid = getuid())) == NULL) fatal("unknown user %u", (u_int) userid); @@ -572,11 +624,11 @@ main(int argc, char **argv) (void) ssh_signal(SIGPIPE, lostconn); if (colon(argv[argc - 1])) /* Dest is remote host. */ - toremote(argc, argv); + toremote(argc, argv, mode, sftp_direct); else { if (targetshouldbedirectory) verifydir(argv[argc - 1]); - tolocal(argc, argv); /* Dest is local host. */ + tolocal(argc, argv, mode, sftp_direct); /* Dest is local host. */ } /* * Finally check the exit status of the ssh process, if one was forked @@ -887,12 +939,33 @@ brace_expand(const char *pattern, char ***patternsp, size_t *npatternsp) return ret; } +static struct sftp_conn * +do_sftp_connect(char *host, char *user, int port, char *sftp_direct) +{ + if (sftp_direct == NULL) { + addargs(&args, "-s"); + if (do_cmd(ssh_program, host, user, port, "sftp", + &remin, &remout) < 0) + return NULL; + + } else { + args.list = NULL; + addargs(&args, "sftp-server"); + if (do_cmd(sftp_direct, host, NULL, -1, "sftp", + &remin, &remout) < 0) + return NULL; + } + return do_init(remin, remout, 32768, 64, limit_kbps); +} + void -toremote(int argc, char **argv) +toremote(int argc, char **argv, enum scp_mode_e mode, char *sftp_direct) { char *suser = NULL, *host = NULL, *src = NULL; char *bp, *tuser, *thost, *targ; + char *remote_path = NULL; int sport = -1, tport = -1; + struct sftp_conn *conn = NULL; arglist alist; int i, r; u_int j; @@ -935,9 +1008,15 @@ toremote(int argc, char **argv) continue; } if (host && throughlocal) { /* extended remote to remote */ + if (mode == MODE_SFTP) { + /* TODO */ + fatal("Extended remote to remote through local " + "is not yet supported with SFTP"); + } xasprintf(&bp, "%s -f %s%s", cmd, *src == '-' ? "-- " : "", src); - if (do_cmd(host, suser, sport, bp, &remin, &remout) < 0) + if (do_cmd(ssh_program, host, suser, sport, bp, + &remin, &remout) < 0) exit(1); free(bp); xasprintf(&bp, "%s -t %s%s", cmd, @@ -985,6 +1064,14 @@ toremote(int argc, char **argv) addargs(&alist, "--"); addargs(&alist, "%s", host); addargs(&alist, "%s", cmd); + /* + * This will work only if the first remote scp + * supports sftp mode + */ + if (mode == MODE_SFTP) { + addargs(&alist, "-M"); + addargs(&alist, "sftp"); + } addargs(&alist, "%s", src); addargs(&alist, "%s%s%s:%s", tuser ? tuser : "", tuser ? "@" : "", @@ -992,11 +1079,28 @@ toremote(int argc, char **argv) if (do_local_cmd(&alist) != 0) errs = 1; } else { /* local to remote */ + if (mode == MODE_SFTP) { + if (remin == -1) { + /* Connect to remote now */ + conn = do_sftp_connect(thost, tuser, + tport, sftp_direct); + if (conn == NULL) { + fatal("Unable to open sftp " + "connection"); + } + } + + /* The protocol */ + source_sftp(1, argv[i], targ, conn, + &remote_path); + continue; + } + /* SCP */ if (remin == -1) { xasprintf(&bp, "%s -t %s%s", cmd, *targ == '-' ? "-- " : "", targ); - if (do_cmd(thost, tuser, tport, bp, &remin, - &remout) < 0) + if (do_cmd(ssh_program, thost, tuser, tport, bp, + &remin, &remout) < 0) exit(1); if (response() < 0) exit(1); @@ -1006,6 +1110,10 @@ toremote(int argc, char **argv) } } out: + if (mode == MODE_SFTP) { + free(remote_path); + free(conn); + } free(tuser); free(thost); free(targ); @@ -1015,10 +1123,11 @@ out: } void -tolocal(int argc, char **argv) +tolocal(int argc, char **argv, enum scp_mode_e mode, char *sftp_direct) { char *bp, *host = NULL, *src = NULL, *suser = NULL; arglist alist; + struct sftp_conn *conn = NULL; int i, r, sport = -1; memset(&alist, '\0', sizeof(alist)); @@ -1055,9 +1164,29 @@ tolocal(int argc, char **argv) continue; } /* Remote to local. */ + if (mode == MODE_SFTP) { + conn = do_sftp_connect(host, suser, sport, sftp_direct); + if (conn == NULL) { + error("Couldn't make sftp connection " + "to server"); + ++errs; + continue; + } + + /* The protocol */ + sink_sftp(1, argv[argc - 1], src, conn); + + free(conn); + (void) close(remin); + (void) close(remout); + remin = remout = -1; + continue; + } + /* SCP */ xasprintf(&bp, "%s -f %s%s", cmd, *src == '-' ? "-- " : "", src); - if (do_cmd(host, suser, sport, bp, &remin, &remout) < 0) { + if (do_cmd(ssh_program, host, suser, sport, bp, &remin, + &remout) < 0) { free(bp); ++errs; continue; @@ -1072,6 +1201,53 @@ tolocal(int argc, char **argv) free(src); } +void +source_sftp(int argc, char *src, char *targ, + struct sftp_conn *conn, char **remote_path) +{ + char *target = NULL, *filename = NULL, *abs_dst = NULL; + int target_is_dir; + + if (*remote_path == NULL) { + *remote_path = do_realpath(conn, "."); + if (*remote_path == NULL) + fatal("Unable to determine remote working directory"); + } + + if ((filename = basename(src)) == NULL) + fatal("basename %s: %s", src, strerror(errno)); + + /* + * No need to glob here - the local shell already took care of + * the expansions + */ + target = xstrdup(targ); + target = make_absolute(target, *remote_path); + target_is_dir = remote_is_dir(conn, target); + if (targetshouldbedirectory && !target_is_dir) { + fatal("Target is not a directory, but more files selected " + "for upload"); + } + if (target_is_dir) + abs_dst = path_append(target, filename); + else { + abs_dst = target; + target = NULL; + } + debug3_f("copying local %s to remote %s", src, abs_dst); + + if (local_is_dir(src) && iamrecursive) { + if (upload_dir(conn, src, abs_dst, pflag, 1, 0, 0) != 0) { + fatal("failed to upload directory %s to %s", + src, abs_dst); + } + } else if (do_upload(conn, src, abs_dst, pflag, 0, 0) != 0) + fatal("failed to upload file %s to %s", src, abs_dst); + + free(abs_dst); + free(target); +} + void source(int argc, char **argv) { @@ -1233,6 +1409,88 @@ rsource(char *name, struct stat *statp) (void) response(); } +void +sink_sftp(int argc, char *dst, const char *src, struct sftp_conn *conn) +{ + char *abs_src = NULL; + char *abs_dst = NULL; + glob_t g; + char *filename, *tmp = NULL, *remote_path = NULL; + int i, r, err = 0; + + /* + * Here, we need remote glob as SFTP can not depend on remote shell + * expansions + */ + + remote_path = do_realpath(conn, "."); + if (remote_path == NULL) { + error("Could not obtain remote working directory"); + /* TODO - gracefully degrade by using relative paths ? */ + err = -1; + goto out; + } + + abs_src = xstrdup(src); + abs_src = make_absolute(abs_src, remote_path); + free(remote_path); + memset(&g, 0, sizeof(g)); + + debug3_f("copying remote %s to local %s", abs_src, dst); + if ((r = remote_glob(conn, abs_src, GLOB_MARK, NULL, &g)) != 0) { + if (r == GLOB_NOSPACE) + error("Too many glob matches for \"%s\".", abs_src); + else + error("File \"%s\" not found.", abs_src); + err = -1; + goto out; + } + + if (g.gl_matchc > 1 && !local_is_dir(dst)) { + error("Multiple files match pattern, but destination " + "\"%s\" is not a directory", dst); + err = -1; + goto out; + } + + for (i = 0; g.gl_pathv[i] && !interrupted; i++) { + tmp = xstrdup(g.gl_pathv[i]); + if ((filename = basename(tmp)) == NULL) { + error("basename %s: %s", tmp, strerror(errno)); + free(tmp); + err = -1; + goto out; + } + free(tmp); + + if (local_is_dir(dst)) + abs_dst = path_append(dst, filename); + else + abs_dst = xstrdup(dst); + + debug("Fetching %s to %s\n", g.gl_pathv[i], abs_dst); + if (globpath_is_dir(g.gl_pathv[i]) && iamrecursive) { + if (download_dir(conn, g.gl_pathv[i], abs_dst, NULL, + pflag, 1, 0, 0) == -1) + err = -1; + } else { + if (do_download(conn, g.gl_pathv[i], abs_dst, NULL, + pflag, 0, 0) == -1) + err = -1; + } + free(abs_dst); + abs_dst = NULL; + } + +out: + free(abs_src); + globfree(&g); + if (err == -1) { + fatal("Failed to download file '%s'", src); + } +} + + #define TYPE_OVERFLOW(type, val) \ ((sizeof(type) == 4 && (val) > INT32_MAX) || \ (sizeof(type) == 8 && (val) > INT64_MAX) || \ @@ -1600,9 +1858,9 @@ void usage(void) { (void) fprintf(stderr, - "usage: scp [-346ABCpqrTv] [-c cipher] [-F ssh_config] [-i identity_file]\n" - " [-J destination] [-l limit] [-o ssh_option] [-P port]\n" - " [-S program] source ... target\n"); + "usage: scp [-346ABCpqrTv] [-c cipher] [-D sftp_server_path] [-F ssh_config]\n" + " [-i identity_file] [-J destination] [-l limit] [-M scp|sftp]\n" + " [-o ssh_option] [-P port] [-S program] source ... target\n"); exit(1); } -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Aug 3 11:17:16 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 03 Aug 2021 11:17:16 +1000 Subject: [openssh-commits] [openssh] 07/08: upstream: Treat doas with arguments as a valid SUDO variable. In-Reply-To: <162795342900.20655.18384892023897049908@fuyu.mindrot.org> References: <162795342900.20655.18384892023897049908@fuyu.mindrot.org> Message-ID: <5ca1271fbc6fdc98@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit e4673b7f67ae7740131a4ecea29a846593049a91 Author: anton at openbsd.org Date: Thu Jul 29 15:34:09 2021 +0000 upstream: Treat doas with arguments as a valid SUDO variable. Allows one to specify SUDO="doas -n" which I do while running make regress. ok dtucker@ OpenBSD-Regress-ID: 4fe5814b5010dbf0885500d703bea06048d11005 --- regress/agent-getpeereid.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/regress/agent-getpeereid.sh b/regress/agent-getpeereid.sh index 52434081..ddeef01f 100644 --- a/regress/agent-getpeereid.sh +++ b/regress/agent-getpeereid.sh @@ -15,7 +15,7 @@ else fi case "x$SUDO" in xsudo) sudo=1;; - xdoas) ;; + xdoas|xdoas\ *) ;; x) echo "need SUDO to switch to uid $UNPRIV" echo SKIPPED -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Aug 3 11:17:17 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 03 Aug 2021 11:17:17 +1000 Subject: [openssh-commits] [openssh] 08/08: upstream: regression tests for scp SFTP protocol support; mostly by In-Reply-To: <162795342900.20655.18384892023897049908@fuyu.mindrot.org> References: <162795342900.20655.18384892023897049908@fuyu.mindrot.org> Message-ID: <5ca127214d8330c5@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit af5d8094d8b755e1daaf2e20ff1dc252800b4c9b Author: djm at openbsd.org Date: Tue Aug 3 01:05:24 2021 +0000 upstream: regression tests for scp SFTP protocol support; mostly by Jakub Jelen in GHPR#194 ok markus OpenBSD-Regress-ID: 36f1458525bcb111741ec8547eaf58b13cddc715 --- regress/scp-uri.sh | 82 ++++++++++++----------- regress/scp.sh | 186 ++++++++++++++++++++++++++++------------------------- 2 files changed, 142 insertions(+), 126 deletions(-) diff --git a/regress/scp-uri.sh b/regress/scp-uri.sh index c03d8bbe..faf5095a 100644 --- a/regress/scp-uri.sh +++ b/regress/scp-uri.sh @@ -1,4 +1,4 @@ -# $OpenBSD: scp-uri.sh,v 1.2 2017/12/11 11:41:56 dtucker Exp $ +# $OpenBSD: scp-uri.sh,v 1.3 2021/08/03 01:05:24 djm Exp $ # Placed in the Public Domain. tid="scp-uri" @@ -12,7 +12,6 @@ DIR2=${COPY}.dd2 SRC=`dirname ${SCRIPT}` cp ${SRC}/scp-ssh-wrapper.sh ${OBJ}/scp-ssh-wrapper.scp chmod 755 ${OBJ}/scp-ssh-wrapper.scp -scpopts="-q -S ${OBJ}/scp-ssh-wrapper.scp" export SCP # used in scp-ssh-wrapper.scp scpclean() { @@ -24,47 +23,56 @@ scpclean() { cp $OBJ/ssh_config $OBJ/ssh_config.orig egrep -v '^ +(Port|User) +.*$' $OBJ/ssh_config.orig > $OBJ/ssh_config -verbose "$tid: simple copy local file to remote file" -scpclean -$SCP $scpopts ${DATA} "scp://${USER}@somehost:${PORT}/${COPY}" || fail "copy failed" -cmp ${DATA} ${COPY} || fail "corrupted copy" +for mode in scp sftp ; do + if test $mode = scp ; then + scpopts="-M scp -q -S ${OBJ}/scp-ssh-wrapper.scp" + tag="$tid" + else + scpopts="-M sftp -D ${SFTPSERVER}" + tag="$tid: sftp mode" + fi + verbose "$tag: simple copy local file to remote file" + scpclean + $SCP $scpopts ${DATA} "scp://${USER}@somehost:${PORT}/${COPY}" || fail "copy failed" + cmp ${DATA} ${COPY} || fail "corrupted copy" -verbose "$tid: simple copy remote file to local file" -scpclean -$SCP $scpopts "scp://${USER}@somehost:${PORT}/${DATA}" ${COPY} || fail "copy failed" -cmp ${DATA} ${COPY} || fail "corrupted copy" + verbose "$tag: simple copy remote file to local file" + scpclean + $SCP $scpopts "scp://${USER}@somehost:${PORT}/${DATA}" ${COPY} || fail "copy failed" + cmp ${DATA} ${COPY} || fail "corrupted copy" -verbose "$tid: simple copy local file to remote dir" -scpclean -cp ${DATA} ${COPY} -$SCP $scpopts ${COPY} "scp://${USER}@somehost:${PORT}/${DIR}" || fail "copy failed" -cmp ${COPY} ${DIR}/copy || fail "corrupted copy" + verbose "$tag: simple copy local file to remote dir" + scpclean + cp ${DATA} ${COPY} + $SCP $scpopts ${COPY} "scp://${USER}@somehost:${PORT}/${DIR}" || fail "copy failed" + cmp ${COPY} ${DIR}/copy || fail "corrupted copy" -verbose "$tid: simple copy remote file to local dir" -scpclean -cp ${DATA} ${COPY} -$SCP $scpopts "scp://${USER}@somehost:${PORT}/${COPY}" ${DIR} || fail "copy failed" -cmp ${COPY} ${DIR}/copy || fail "corrupted copy" + verbose "$tag: simple copy remote file to local dir" + scpclean + cp ${DATA} ${COPY} + $SCP $scpopts "scp://${USER}@somehost:${PORT}/${COPY}" ${DIR} || fail "copy failed" + cmp ${COPY} ${DIR}/copy || fail "corrupted copy" -verbose "$tid: recursive local dir to remote dir" -scpclean -rm -rf ${DIR2} -cp ${DATA} ${DIR}/copy -$SCP $scpopts -r ${DIR} "scp://${USER}@somehost:${PORT}/${DIR2}" || fail "copy failed" -for i in $(cd ${DIR} && echo *); do - cmp ${DIR}/$i ${DIR2}/$i || fail "corrupted copy" -done + verbose "$tag: recursive local dir to remote dir" + scpclean + rm -rf ${DIR2} + cp ${DATA} ${DIR}/copy + $SCP $scpopts -r ${DIR} "scp://${USER}@somehost:${PORT}/${DIR2}" || fail "copy failed" + for i in $(cd ${DIR} && echo *); do + cmp ${DIR}/$i ${DIR2}/$i || fail "corrupted copy" + done -verbose "$tid: recursive remote dir to local dir" -scpclean -rm -rf ${DIR2} -cp ${DATA} ${DIR}/copy -$SCP $scpopts -r "scp://${USER}@somehost:${PORT}/${DIR}" ${DIR2} || fail "copy failed" -for i in $(cd ${DIR} && echo *); do - cmp ${DIR}/$i ${DIR2}/$i || fail "corrupted copy" -done + verbose "$tag: recursive remote dir to local dir" + scpclean + rm -rf ${DIR2} + cp ${DATA} ${DIR}/copy + $SCP $scpopts -r "scp://${USER}@somehost:${PORT}/${DIR}" ${DIR2} || fail "copy failed" + for i in $(cd ${DIR} && echo *); do + cmp ${DIR}/$i ${DIR2}/$i || fail "corrupted copy" + done -# TODO: scp -3 + # TODO: scp -3 +done scpclean rm -f ${OBJ}/scp-ssh-wrapper.exe diff --git a/regress/scp.sh b/regress/scp.sh index 62400efa..bb044282 100644 --- a/regress/scp.sh +++ b/regress/scp.sh @@ -1,4 +1,4 @@ -# $OpenBSD: scp.sh,v 1.11 2019/07/19 03:45:44 djm Exp $ +# $OpenBSD: scp.sh,v 1.12 2021/08/03 01:05:24 djm Exp $ # Placed in the Public Domain. tid="scp" @@ -19,7 +19,6 @@ DIR2=${COPY}.dd2 SRC=`dirname ${SCRIPT}` cp ${SRC}/scp-ssh-wrapper.sh ${OBJ}/scp-ssh-wrapper.scp chmod 755 ${OBJ}/scp-ssh-wrapper.scp -scpopts="-q -S ${OBJ}/scp-ssh-wrapper.scp" export SCP # used in scp-ssh-wrapper.scp scpclean() { @@ -28,109 +27,118 @@ scpclean() { chmod 755 ${DIR} ${DIR2} } -verbose "$tid: simple copy local file to local file" -scpclean -$SCP $scpopts ${DATA} ${COPY} || fail "copy failed" -cmp ${DATA} ${COPY} || fail "corrupted copy" - -verbose "$tid: simple copy local file to remote file" -scpclean -$SCP $scpopts ${DATA} somehost:${COPY} || fail "copy failed" -cmp ${DATA} ${COPY} || fail "corrupted copy" - -verbose "$tid: simple copy remote file to local file" -scpclean -$SCP $scpopts somehost:${DATA} ${COPY} || fail "copy failed" -cmp ${DATA} ${COPY} || fail "corrupted copy" - -verbose "$tid: simple copy local file to remote dir" -scpclean -cp ${DATA} ${COPY} -$SCP $scpopts ${COPY} somehost:${DIR} || fail "copy failed" -cmp ${COPY} ${DIR}/copy || fail "corrupted copy" - -verbose "$tid: simple copy local file to local dir" -scpclean -cp ${DATA} ${COPY} -$SCP $scpopts ${COPY} ${DIR} || fail "copy failed" -cmp ${COPY} ${DIR}/copy || fail "corrupted copy" +for mode in scp sftp ; do + if test $mode = scp ; then + scpopts="-M scp -q -S ${OBJ}/scp-ssh-wrapper.scp" + tag="$tid" + else + scpopts="-M sftp -D ${SFTPSERVER}" + tag="$tid: sftp mode" + fi + verbose "tid: simple copy local file to local file" + scpclean + $SCP $scpopts ${DATA} ${COPY} || fail "copy failed" + cmp ${DATA} ${COPY} || fail "corrupted copy" -verbose "$tid: simple copy remote file to local dir" -scpclean -cp ${DATA} ${COPY} -$SCP $scpopts somehost:${COPY} ${DIR} || fail "copy failed" -cmp ${COPY} ${DIR}/copy || fail "corrupted copy" + verbose "$tag: simple copy local file to remote file" + scpclean + $SCP $scpopts ${DATA} somehost:${COPY} || fail "copy failed" + cmp ${DATA} ${COPY} || fail "corrupted copy" -verbose "$tid: recursive local dir to remote dir" -scpclean -rm -rf ${DIR2} -cp ${DATA} ${DIR}/copy -$SCP $scpopts -r ${DIR} somehost:${DIR2} || fail "copy failed" -diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy" + verbose "$tag: simple copy remote file to local file" + scpclean + $SCP $scpopts somehost:${DATA} ${COPY} || fail "copy failed" + cmp ${DATA} ${COPY} || fail "corrupted copy" -verbose "$tid: recursive local dir to local dir" -scpclean -rm -rf ${DIR2} -cp ${DATA} ${DIR}/copy -$SCP $scpopts -r ${DIR} ${DIR2} || fail "copy failed" -diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy" + verbose "$tag: simple copy local file to remote dir" + scpclean + cp ${DATA} ${COPY} + $SCP $scpopts ${COPY} somehost:${DIR} || fail "copy failed" + cmp ${COPY} ${DIR}/copy || fail "corrupted copy" -verbose "$tid: recursive remote dir to local dir" -scpclean -rm -rf ${DIR2} -cp ${DATA} ${DIR}/copy -$SCP $scpopts -r somehost:${DIR} ${DIR2} || fail "copy failed" -diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy" + verbose "$tag: simple copy local file to local dir" + scpclean + cp ${DATA} ${COPY} + $SCP $scpopts ${COPY} ${DIR} || fail "copy failed" + cmp ${COPY} ${DIR}/copy || fail "corrupted copy" -verbose "$tid: shell metacharacters" -scpclean -(cd ${DIR} && \ -touch '`touch metachartest`' && \ -$SCP $scpopts *metachar* ${DIR2} 2>/dev/null; \ -[ ! -f metachartest ] ) || fail "shell metacharacters" + verbose "$tag: simple copy remote file to local dir" + scpclean + cp ${DATA} ${COPY} + $SCP $scpopts somehost:${COPY} ${DIR} || fail "copy failed" + cmp ${COPY} ${DIR}/copy || fail "corrupted copy" -if [ ! -z "$SUDO" ]; then - verbose "$tid: skipped file after scp -p with failed chown+utimes" + verbose "$tag: recursive local dir to remote dir" scpclean - cp -p ${DATA} ${DIR}/copy - cp -p ${DATA} ${DIR}/copy2 - cp ${DATA} ${DIR2}/copy - chmod 660 ${DIR2}/copy - $SUDO chown root ${DIR2}/copy - $SCP -p $scpopts somehost:${DIR}/\* ${DIR2} >/dev/null 2>&1 - $SUDO diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy" - $SUDO rm ${DIR2}/copy -fi + rm -rf ${DIR2} + cp ${DATA} ${DIR}/copy + $SCP $scpopts -r ${DIR} somehost:${DIR2} || fail "copy failed" + diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy" -for i in 0 1 2 3 4 5 6 7; do - verbose "$tid: disallow bad server #$i" - SCPTESTMODE=badserver_$i - export DIR SCPTESTMODE + verbose "$tag: recursive local dir to local dir" scpclean - $SCP $scpopts somehost:${DATA} ${DIR} >/dev/null 2>/dev/null - [ -d {$DIR}/rootpathdir ] && fail "allows dir relative to root dir" - [ -d ${DIR}/dotpathdir ] && fail "allows dir creation in non-recursive mode" + rm -rf ${DIR2} + cp ${DATA} ${DIR}/copy + $SCP $scpopts -r ${DIR} ${DIR2} || fail "copy failed" + diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy" + verbose "$tag: recursive remote dir to local dir" scpclean - $SCP -r $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null - [ -d ${DIR}/dotpathdir ] && fail "allows dir creation outside of subdir" + rm -rf ${DIR2} + cp ${DATA} ${DIR}/copy + $SCP $scpopts -r somehost:${DIR} ${DIR2} || fail "copy failed" + diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy" + verbose "$tag: shell metacharacters" scpclean - $SCP -pr $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null - [ ! -w ${DIR2} ] && fail "allows target root attribute change" + (cd ${DIR} && \ + touch '`touch metachartest`' && \ + $SCP $scpopts *metachar* ${DIR2} 2>/dev/null; \ + [ ! -f metachartest ] ) || fail "shell metacharacters" + + if [ ! -z "$SUDO" ]; then + verbose "$tag: skipped file after scp -p with failed chown+utimes" + scpclean + cp -p ${DATA} ${DIR}/copy + cp -p ${DATA} ${DIR}/copy2 + cp ${DATA} ${DIR2}/copy + chmod 660 ${DIR2}/copy + $SUDO chown root ${DIR2}/copy + $SCP -p $scpopts somehost:${DIR}/\* ${DIR2} >/dev/null 2>&1 + $SUDO diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy" + $SUDO rm ${DIR2}/copy + fi + + for i in 0 1 2 3 4 5 6 7; do + verbose "$tag: disallow bad server #$i" + SCPTESTMODE=badserver_$i + export DIR SCPTESTMODE + scpclean + $SCP $scpopts somehost:${DATA} ${DIR} >/dev/null 2>/dev/null + [ -d {$DIR}/rootpathdir ] && fail "allows dir relative to root dir" + [ -d ${DIR}/dotpathdir ] && fail "allows dir creation in non-recursive mode" + + scpclean + $SCP -r $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null + [ -d ${DIR}/dotpathdir ] && fail "allows dir creation outside of subdir" + + scpclean + $SCP -pr $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null + [ ! -w ${DIR2} ] && fail "allows target root attribute change" + + scpclean + $SCP $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null + [ -e ${DIR2}/extrafile ] && fail "allows unauth object creation" + rm -f ${DIR2}/extrafile + done + verbose "$tag: detect non-directory target" scpclean - $SCP $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null - [ -e ${DIR2}/extrafile ] && fail "allows unauth object creation" - rm -f ${DIR2}/extrafile + echo a > ${COPY} + echo b > ${COPY2} + $SCP $scpopts ${DATA} ${COPY} ${COPY2} + cmp ${COPY} ${COPY2} >/dev/null && fail "corrupt target" done -verbose "$tid: detect non-directory target" -scpclean -echo a > ${COPY} -echo b > ${COPY2} -$SCP $scpopts ${DATA} ${COPY} ${COPY2} -cmp ${COPY} ${COPY2} >/dev/null && fail "corrupt target" - scpclean rm -f ${OBJ}/scp-ssh-wrapper.scp -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Aug 3 21:03:51 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 03 Aug 2021 21:03:51 +1000 Subject: [openssh-commits] [openssh] branch master updated (af5d8094 -> 9ebd1828) Message-ID: <162798863137.17887.15406121059769752081@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a change to branch master in repository openssh. from af5d8094 upstream: regression tests for scp SFTP protocol support; mostly by new 0fd3f62e Avoid lines >80 chars. From jmc@ new 9ebd1828 Missing space between macro arg and punctuation. The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit 9ebd1828881dfc9014a344587934a5ce7db6fa1b Author: Darren Tucker Date: Tue Aug 3 21:03:23 2021 +1000 Missing space between macro arg and punctuation. From jmc@ commit 0fd3f62eddc7cf54dcc9053be6f58998f3eb926a Author: Darren Tucker Date: Tue Aug 3 21:02:33 2021 +1000 Avoid lines >80 chars. From jmc@ Summary of changes: ssh-agent.1 | 3 ++- sshd_config.5 | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Aug 3 21:03:52 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 03 Aug 2021 21:03:52 +1000 Subject: [openssh-commits] [openssh] 01/02: Avoid lines >80 chars. From jmc@ In-Reply-To: <162798863137.17887.15406121059769752081@fuyu.mindrot.org> References: <162798863137.17887.15406121059769752081@fuyu.mindrot.org> Message-ID: <5ca1272c240df9cb@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit 0fd3f62eddc7cf54dcc9053be6f58998f3eb926a Author: Darren Tucker Date: Tue Aug 3 21:02:33 2021 +1000 Avoid lines >80 chars. From jmc@ --- ssh-agent.1 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ssh-agent.1 b/ssh-agent.1 index 2cf46160..ed8c8709 100644 --- a/ssh-agent.1 +++ b/ssh-agent.1 @@ -157,7 +157,8 @@ which in turn can be evaluated in the calling shell, for example .Pp In both cases, .Xr ssh 1 -looks at these environment variables and uses them to establish a connection to the agent. +looks at these environment variables +and uses them to establish a connection to the agent. .Pp The agent initially does not have any private keys. Keys are added using -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Aug 3 21:03:53 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 03 Aug 2021 21:03:53 +1000 Subject: [openssh-commits] [openssh] 02/02: Missing space between macro arg and punctuation. In-Reply-To: <162798863137.17887.15406121059769752081@fuyu.mindrot.org> References: <162798863137.17887.15406121059769752081@fuyu.mindrot.org> Message-ID: <5ca1272e53543e89@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit 9ebd1828881dfc9014a344587934a5ce7db6fa1b Author: Darren Tucker Date: Tue Aug 3 21:03:23 2021 +1000 Missing space between macro arg and punctuation. From jmc@ --- sshd_config.5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sshd_config.5 b/sshd_config.5 index 6aab3382..a33280e1 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -1755,7 +1755,7 @@ Because PAM keyboard-interactive authentication usually serves an equivalent role to password authentication, you should disable either .Cm PasswordAuthentication or -.Cm KbdInteractiveAuthentication. +.Cm KbdInteractiveAuthentication . .Pp If .Cm UsePAM -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Wed Aug 4 11:05:26 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Wed, 04 Aug 2021 11:05:26 +1000 Subject: [openssh-commits] [openssh] branch master updated (9ebd1828 -> 6df1fecb) Message-ID: <162803912675.90703.1718625317372137812@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a change to branch master in repository openssh. from 9ebd1828 Missing space between macro arg and punctuation. new 6df1fecb use openbsd-compat glob.h is required The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit 6df1fecb5d3e51f3a8027a74885c3a44f6cbfcbd Author: Damien Miller Date: Wed Aug 4 11:05:11 2021 +1000 use openbsd-compat glob.h is required Summary of changes: .depend | 98 +++++++++++++++++++++++++++++++++-------------------------------- scp.c | 6 +++- 2 files changed, 55 insertions(+), 49 deletions(-) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Wed Aug 4 12:04:50 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Wed, 04 Aug 2021 12:04:50 +1000 Subject: [openssh-commits] [openssh] branch master updated (6df1fecb -> 911ec641) Message-ID: <162804269038.29222.6706458793172571865@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a change to branch master in repository openssh. from 6df1fecb use openbsd-compat glob.h is required new 911ec641 upstream: Allow for different (but POSIX compliant) behaviour of The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit 911ec6411821bda535d09778df7503b92f0eafab Author: dtucker at openbsd.org Date: Wed Aug 4 01:34:55 2021 +0000 upstream: Allow for different (but POSIX compliant) behaviour of basename(3) and prevent a use-after-free in that case in the new sftp-compat code. POSIX allows basename(3) to either return a pointer to static storage or modify the passed string and return a pointer to that. OpenBSD does the former and works as is, but on other platforms "filename" points into "tmp" which was just freed. This makes the freeing of tmp consistent with the other variable in the loop. Pinpointed by the -portable Valgrind regress test. ok djm@ deraadt@ OpenBSD-Commit-ID: 750f3c19bd4440e4210e30dd5d7367386e833374 Summary of changes: scp.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Wed Aug 4 12:04:51 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Wed, 04 Aug 2021 12:04:51 +1000 Subject: [openssh-commits] [openssh] 01/01: upstream: Allow for different (but POSIX compliant) behaviour of In-Reply-To: <162804269038.29222.6706458793172571865@fuyu.mindrot.org> References: <162804269038.29222.6706458793172571865@fuyu.mindrot.org> Message-ID: <5ca12749c170a427@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit 911ec6411821bda535d09778df7503b92f0eafab Author: dtucker at openbsd.org Date: Wed Aug 4 01:34:55 2021 +0000 upstream: Allow for different (but POSIX compliant) behaviour of basename(3) and prevent a use-after-free in that case in the new sftp-compat code. POSIX allows basename(3) to either return a pointer to static storage or modify the passed string and return a pointer to that. OpenBSD does the former and works as is, but on other platforms "filename" points into "tmp" which was just freed. This makes the freeing of tmp consistent with the other variable in the loop. Pinpointed by the -portable Valgrind regress test. ok djm@ deraadt@ OpenBSD-Commit-ID: 750f3c19bd4440e4210e30dd5d7367386e833374 --- scp.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/scp.c b/scp.c index 682d062f..9cfcfd84 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.216 2021/08/02 23:38:27 djm Exp $ */ +/* $OpenBSD: scp.c,v 1.217 2021/08/04 01:34:55 dtucker Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -1461,11 +1461,9 @@ sink_sftp(int argc, char *dst, const char *src, struct sftp_conn *conn) tmp = xstrdup(g.gl_pathv[i]); if ((filename = basename(tmp)) == NULL) { error("basename %s: %s", tmp, strerror(errno)); - free(tmp); err = -1; goto out; } - free(tmp); if (local_is_dir(dst)) abs_dst = path_append(dst, filename); @@ -1484,10 +1482,13 @@ sink_sftp(int argc, char *dst, const char *src, struct sftp_conn *conn) } free(abs_dst); abs_dst = NULL; + free(tmp); + tmp = NULL; } out: free(abs_src); + free(tmp); globfree(&g); if (err == -1) { fatal("Failed to download file '%s'", src); -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Fri Aug 6 16:57:50 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Fri, 06 Aug 2021 16:57:50 +1000 Subject: [openssh-commits] [openssh] branch master updated (911ec641 -> d247a73c) Message-ID: <162823307026.30808.3147243407933014388@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a change to branch master in repository openssh. from 911ec641 upstream: Allow for different (but POSIX compliant) behaviour of new 35c8e41a upstream: Document "ProxyJump none". bz#3334. new d247a73c upstream: regression test for scp -3 The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit d247a73ce27b460138599648d9c637c6f2b77605 Author: djm at openbsd.org Date: Wed Aug 4 21:28:00 2021 +0000 upstream: regression test for scp -3 OpenBSD-Regress-ID: b44375d125c827754a1f722ec6b6b75b634de05d commit 35c8e41a6f6d8ad76f8d1cd81ac2ea23d0d993b2 Author: dtucker at openbsd.org Date: Fri Aug 6 05:04:42 2021 +0000 upstream: Document "ProxyJump none". bz#3334. OpenBSD-Commit-ID: f78cc6f55731f2cd35c3a41d5352ac1ee419eba7 Summary of changes: regress/Makefile | 3 ++- regress/scp3.sh | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ssh_config.5 | 9 +++++++-- 3 files changed, 67 insertions(+), 3 deletions(-) create mode 100644 regress/scp3.sh -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Fri Aug 6 16:57:52 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Fri, 06 Aug 2021 16:57:52 +1000 Subject: [openssh-commits] [openssh] 02/02: upstream: regression test for scp -3 In-Reply-To: <162823307026.30808.3147243407933014388@fuyu.mindrot.org> References: <162823307026.30808.3147243407933014388@fuyu.mindrot.org> Message-ID: <5ca1276fc26ebc7b@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit d247a73ce27b460138599648d9c637c6f2b77605 Author: djm at openbsd.org Date: Wed Aug 4 21:28:00 2021 +0000 upstream: regression test for scp -3 OpenBSD-Regress-ID: b44375d125c827754a1f722ec6b6b75b634de05d --- regress/Makefile | 3 ++- regress/scp3.sh | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 60 insertions(+), 1 deletion(-) diff --git a/regress/Makefile b/regress/Makefile index faf26ee2..810d74ce 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.115 2021/07/25 12:27:37 dtucker Exp $ +# $OpenBSD: Makefile,v 1.116 2021/08/04 21:28:00 djm Exp $ tests: prep file-tests t-exec unit @@ -52,6 +52,7 @@ LTESTS= connect \ keygen-sshfp \ key-options \ scp \ + scp3 \ scp-uri \ sftp \ sftp-chroot \ diff --git a/regress/scp3.sh b/regress/scp3.sh new file mode 100644 index 00000000..e5493ee8 --- /dev/null +++ b/regress/scp3.sh @@ -0,0 +1,58 @@ +# $OpenBSD: scp3.sh,v 1.1 2021/08/04 21:28:00 djm Exp $ +# Placed in the Public Domain. + +tid="scp3" + +#set -x + +COPY2=${OBJ}/copy2 +DIR=${COPY}.dd +DIR2=${COPY}.dd2 + +SRC=`dirname ${SCRIPT}` +cp ${SRC}/scp-ssh-wrapper.sh ${OBJ}/scp-ssh-wrapper.scp +chmod 755 ${OBJ}/scp-ssh-wrapper.scp +export SCP # used in scp-ssh-wrapper.scp + +scpclean() { + rm -rf ${COPY} ${COPY2} ${DIR} ${DIR2} + mkdir ${DIR} ${DIR2} + chmod 755 ${DIR} ${DIR2} +} + +# XXX sftp too once it's ready +for mode in scp ; do + scpopts="-F${OBJ}/ssh_proxy -S ${SSH} -q" + tag="$tid: $mode mode" +# if test $mode = scp ; then +# scpopts="$scpopts -O" +# fi + + verbose "$tag: simple copy remote file to remote file" + scpclean + $SCP $scpopts -3 hostA:${DATA} hostB:${COPY} || fail "copy failed" + cmp ${DATA} ${COPY} || fail "corrupted copy" + + verbose "$tag: simple copy remote file to remote dir" + scpclean + cp ${DATA} ${COPY} + $SCP $scpopts -3 hostA:${COPY} hostB:${DIR} || fail "copy failed" + cmp ${COPY} ${DIR}/copy || fail "corrupted copy" + + verbose "$tag: recursive remote dir to remote dir" + scpclean + rm -rf ${DIR2} + cp ${DATA} ${DIR}/copy + $SCP $scpopts -3r hostA:${DIR} hostB:${DIR2} || fail "copy failed" + diff -rN ${DIR} ${DIR2} || fail "corrupted copy" + + verbose "$tag: detect non-directory target" + scpclean + echo a > ${COPY} + echo b > ${COPY2} + $SCP $scpopts -3 hostA:${DATA} hostA:${COPY} hostB:${COPY2} + cmp ${COPY} ${COPY2} >/dev/null && fail "corrupt target" +done + +scpclean +rm -f ${OBJ}/scp-ssh-wrapper.exe -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Fri Aug 6 16:57:51 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Fri, 06 Aug 2021 16:57:51 +1000 Subject: [openssh-commits] [openssh] 01/02: upstream: Document "ProxyJump none". bz#3334. In-Reply-To: <162823307026.30808.3147243407933014388@fuyu.mindrot.org> References: <162823307026.30808.3147243407933014388@fuyu.mindrot.org> Message-ID: <5ca1276d355c1f80@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit 35c8e41a6f6d8ad76f8d1cd81ac2ea23d0d993b2 Author: dtucker at openbsd.org Date: Fri Aug 6 05:04:42 2021 +0000 upstream: Document "ProxyJump none". bz#3334. OpenBSD-Commit-ID: f78cc6f55731f2cd35c3a41d5352ac1ee419eba7 --- ssh_config.5 | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/ssh_config.5 b/ssh_config.5 index 84bec59b..199fd608 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.360 2021/07/30 14:25:01 jmc Exp $ -.Dd $Mdocdate: July 30 2021 $ +.\" $OpenBSD: ssh_config.5,v 1.361 2021/08/06 05:04:42 dtucker Exp $ +.Dd $Mdocdate: August 6 2021 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -341,6 +341,11 @@ again using the new target name to pick up any new configuration in matching and .Cm Match stanzas. +A value of +.Cm none +disables the use of a +.Cm ProxyJump +host. .It Cm CanonicalizeMaxDots Specifies the maximum number of dot characters in a hostname before canonicalization is disabled. -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Fri Aug 6 19:34:45 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Fri, 06 Aug 2021 19:34:45 +1000 Subject: [openssh-commits] [openssh] branch master updated (d247a73c -> 395d8fbd) Message-ID: <162824248528.92015.2970166766670439085@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a change to branch master in repository openssh. from d247a73c upstream: regression test for scp -3 new 395d8fbd upstream: Make diff invocation more portable. The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit 395d8fbdb094497211e1461cf0e2f80af5617e0a Author: dtucker at openbsd.org Date: Fri Aug 6 09:00:18 2021 +0000 upstream: Make diff invocation more portable. POSIX does not require diff to have -N, so compare in both directions with just -r, which should catch missing files in either directory. OpenBSD-Regress-ID: 0e2ec8594556a6f369ed5a0a90c6806419b845f7 Summary of changes: regress/scp3.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Fri Aug 6 19:34:46 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Fri, 06 Aug 2021 19:34:46 +1000 Subject: [openssh-commits] [openssh] 01/01: upstream: Make diff invocation more portable. In-Reply-To: <162824248528.92015.2970166766670439085@fuyu.mindrot.org> References: <162824248528.92015.2970166766670439085@fuyu.mindrot.org> Message-ID: <5ca12776f30d93b0@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit 395d8fbdb094497211e1461cf0e2f80af5617e0a Author: dtucker at openbsd.org Date: Fri Aug 6 09:00:18 2021 +0000 upstream: Make diff invocation more portable. POSIX does not require diff to have -N, so compare in both directions with just -r, which should catch missing files in either directory. OpenBSD-Regress-ID: 0e2ec8594556a6f369ed5a0a90c6806419b845f7 --- regress/scp3.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/regress/scp3.sh b/regress/scp3.sh index e5493ee8..53db81d2 100644 --- a/regress/scp3.sh +++ b/regress/scp3.sh @@ -1,4 +1,4 @@ -# $OpenBSD: scp3.sh,v 1.1 2021/08/04 21:28:00 djm Exp $ +# $OpenBSD: scp3.sh,v 1.2 2021/08/06 09:00:18 dtucker Exp $ # Placed in the Public Domain. tid="scp3" @@ -44,7 +44,8 @@ for mode in scp ; do rm -rf ${DIR2} cp ${DATA} ${DIR}/copy $SCP $scpopts -3r hostA:${DIR} hostB:${DIR2} || fail "copy failed" - diff -rN ${DIR} ${DIR2} || fail "corrupted copy" + diff -r ${DIR} ${DIR2} || fail "corrupted copy" + diff -r ${DIR2} ${DIR} || fail "corrupted copy" verbose "$tag: detect non-directory target" scpclean -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Sat Aug 7 10:27:14 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Sat, 07 Aug 2021 10:27:14 +1000 Subject: [openssh-commits] [openssh] branch master updated (395d8fbd -> a9e2c533) Message-ID: <162829603414.13967.17408255365157811656@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a change to branch master in repository openssh. from 395d8fbd upstream: Make diff invocation more portable. new e3c0ba05 upstream: prepare for scp -3 implemented via sftp new a50bd036 upstream: factor our SSH2_FXP_OPEN calls into their own function; new de7115b3 upstream: support for "cross"-loading files/directories, i.e. new 318c06bb upstream: use sftp_client crossloading to implement scp -3 new 48cd39b7 upstream: factor out a structure duplicated between downloading new c677e653 upstream: make scp(1) in SFTP mode output better match original new 98b59244 upstream: a bit more debugging of file attributes being new 133b44e5 upstream: fix incorrect directory permissions on scp -3 new 7b1cbcb7 upstream: make scp(1) in SFTP mode follow symlinks like new a9e2c533 upstream: do_upload() used a near-identical structure for The 10 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit a9e2c533195f28627f205682482d9da384c4c52e Author: djm at openbsd.org Date: Sat Aug 7 00:14:17 2021 +0000 upstream: do_upload() used a near-identical structure for tracking expected status replies from the server to what do_download() was using. Refactor it to use the same structure and factor out some common code into helper functions. OpenBSD-Commit-ID: 0c167df8ab6df4a5292c32421922b0cf379e9054 commit 7b1cbcb7599d9f6a3bbad79d412604aa1203b5ee Author: djm at openbsd.org Date: Sat Aug 7 00:12:09 2021 +0000 upstream: make scp(1) in SFTP mode follow symlinks like traditional scp(1) ok markus@ OpenBSD-Commit-ID: 97255e55be37e8e26605e4ba1e69f9781765d231 commit 133b44e500422df68c9c25c3b6de35c0263132f1 Author: djm at openbsd.org Date: Sat Aug 7 00:10:49 2021 +0000 upstream: fix incorrect directory permissions on scp -3 transfers; ok markus@ OpenBSD-Commit-ID: 64b2abaa5635a2be65ee2e77688ad9bcebf576c2 commit 98b59244ca10e62ff67a420856770cb700164f59 Author: djm at openbsd.org Date: Sat Aug 7 00:09:57 2021 +0000 upstream: a bit more debugging of file attributes being sent/received over the wire OpenBSD-Commit-ID: f68c4e207b08ef95200a8b2de499d422808e089b commit c677e65365d6f460c084e41e0c4807bb8a9cf601 Author: djm at openbsd.org Date: Sat Aug 7 00:08:52 2021 +0000 upstream: make scp(1) in SFTP mode output better match original scp(1) by suppressing "Retrieving [path]" lines that were emitted to support the interactive sftp(1) client. ok markus@ OpenBSD-Commit-ID: 06be293df5f156a18f366079be2f33fa68001acc commit 48cd39b7a4e5e7c25101c6d1179f98fe544835cd Author: djm at openbsd.org Date: Sat Aug 7 00:07:18 2021 +0000 upstream: factor out a structure duplicated between downloading and crossloading; ok markus@ OpenBSD-Commit-ID: 96eede24d520569232086a129febe342e4765d39 commit 318c06bb04ee21a0cfa6b6022a201eacaa53f388 Author: djm at openbsd.org Date: Sat Aug 7 00:06:30 2021 +0000 upstream: use sftp_client crossloading to implement scp -3 feedback/ok markus@ OpenBSD-Commit-ID: 7db4c0086cfc12afc9cfb71d4c2fd3c7e9416ee9 commit de7115b373ba0be3861c65de9b606a3e0e9d29a3 Author: djm at openbsd.org Date: Sat Aug 7 00:02:41 2021 +0000 upstream: support for "cross"-loading files/directories, i.e. downloading from one SFTP server while simultaneously uploading to another. feedback & ok markus@ OpenBSD-Commit-ID: 3982878e29d8df0fa4ddc502f5ff6126ac714235 commit a50bd0367ff2063bbc70a387740a2aa6914de094 Author: djm at openbsd.org Date: Sat Aug 7 00:01:29 2021 +0000 upstream: factor our SSH2_FXP_OPEN calls into their own function; "looks fine" markus@ OpenBSD-Commit-ID: d3dea2153f08855c6d9dacc01973248944adeffb commit e3c0ba05873cf3d3f7d19d595667a251026b2d84 Author: djm at openbsd.org Date: Sat Aug 7 00:00:33 2021 +0000 upstream: prepare for scp -3 implemented via sftp OpenBSD-Commit-ID: 194aac0dd87cb175334b71c2a30623a5ad55bb44 Summary of changes: scp.c | 251 +++++++++++++++++----- sftp-client.c | 663 +++++++++++++++++++++++++++++++++++++++++++++++++--------- sftp-client.h | 29 ++- sftp.c | 8 +- 4 files changed, 791 insertions(+), 160 deletions(-) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Sat Aug 7 10:27:15 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Sat, 07 Aug 2021 10:27:15 +1000 Subject: [openssh-commits] [openssh] 01/10: upstream: prepare for scp -3 implemented via sftp In-Reply-To: <162829603414.13967.17408255365157811656@fuyu.mindrot.org> References: <162829603414.13967.17408255365157811656@fuyu.mindrot.org> Message-ID: <5ca12786e94be978@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit e3c0ba05873cf3d3f7d19d595667a251026b2d84 Author: djm at openbsd.org Date: Sat Aug 7 00:00:33 2021 +0000 upstream: prepare for scp -3 implemented via sftp OpenBSD-Commit-ID: 194aac0dd87cb175334b71c2a30623a5ad55bb44 --- scp.c | 25 ++++++------------------- 1 file changed, 6 insertions(+), 19 deletions(-) diff --git a/scp.c b/scp.c index 9cfcfd84..3125d336 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.217 2021/08/04 01:34:55 dtucker Exp $ */ +/* $OpenBSD: scp.c,v 1.218 2021/08/07 00:00:33 djm Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -453,6 +453,8 @@ main(int argc, char **argv) __progname = ssh_get_progname(argv[0]); + log_init(argv0, log_level, SYSLOG_FACILITY_USER, 1); + memset(&args, '\0', sizeof(args)); memset(&remote_remote_args, '\0', sizeof(remote_remote_args)); args.list = remote_remote_args.list = NULL; @@ -576,11 +578,8 @@ main(int argc, char **argv) /* Do this last because we want the user to be able to override it */ addargs(&args, "-oForwardAgent=no"); - if (mode != MODE_SFTP && sftp_direct != NULL) - fatal("SFTP direct can be used only in SFTP mode"); - - if (mode == MODE_SFTP && iamremote) - fatal("The server can not be ran in SFTP mode"); + if (iamremote) + mode = MODE_SCP; if ((pwd = getpwuid(userid = getuid())) == NULL) fatal("unknown user %u", (u_int) userid); @@ -1012,11 +1011,7 @@ toremote(int argc, char **argv, enum scp_mode_e mode, char *sftp_direct) continue; } if (host && throughlocal) { /* extended remote to remote */ - if (mode == MODE_SFTP) { - /* TODO */ - fatal("Extended remote to remote through local " - "is not yet supported with SFTP"); - } + /* XXX uses scp; need to support SFTP remote-remote */ xasprintf(&bp, "%s -f %s%s", cmd, *src == '-' ? "-- " : "", src); if (do_cmd(ssh_program, host, suser, sport, bp, @@ -1068,14 +1063,6 @@ toremote(int argc, char **argv, enum scp_mode_e mode, char *sftp_direct) addargs(&alist, "--"); addargs(&alist, "%s", host); addargs(&alist, "%s", cmd); - /* - * This will work only if the first remote scp - * supports sftp mode - */ - if (mode == MODE_SFTP) { - addargs(&alist, "-M"); - addargs(&alist, "sftp"); - } addargs(&alist, "%s", src); addargs(&alist, "%s%s%s:%s", tuser ? tuser : "", tuser ? "@" : "", -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Sat Aug 7 10:27:16 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Sat, 07 Aug 2021 10:27:16 +1000 Subject: [openssh-commits] [openssh] 02/10: upstream: factor our SSH2_FXP_OPEN calls into their own function; In-Reply-To: <162829603414.13967.17408255365157811656@fuyu.mindrot.org> References: <162829603414.13967.17408255365157811656@fuyu.mindrot.org> Message-ID: <5ca12788430f4c0b@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit a50bd0367ff2063bbc70a387740a2aa6914de094 Author: djm at openbsd.org Date: Sat Aug 7 00:01:29 2021 +0000 upstream: factor our SSH2_FXP_OPEN calls into their own function; "looks fine" markus@ OpenBSD-Commit-ID: d3dea2153f08855c6d9dacc01973248944adeffb --- sftp-client.c | 98 +++++++++++++++++++++++++++++++++-------------------------- 1 file changed, 55 insertions(+), 43 deletions(-) diff --git a/sftp-client.c b/sftp-client.c index 1167027f..d16b0c44 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.143 2021/06/06 03:17:02 djm Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.144 2021/08/07 00:01:29 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -147,6 +147,7 @@ get_msg_extended(struct sftp_conn *conn, struct sshbuf *m, int initial) u_char *p; int r; + sshbuf_reset(m); if ((r = sshbuf_reserve(m, 4, &p)) != 0) fatal_fr(r, "reserve"); if (atomicio6(read, conn->fd_in, p, 4, sftpio, @@ -1283,12 +1284,52 @@ send_read_request(struct sftp_conn *conn, u_int id, u_int64_t offset, sshbuf_free(msg); } +static int +send_open(struct sftp_conn *conn, const char *path, const char *tag, + u_int openmode, Attrib *a, u_char **handlep, size_t *handle_lenp) +{ + Attrib junk; + u_char *handle; + size_t handle_len; + struct sshbuf *msg; + int r; + u_int id; + + *handlep = NULL; + *handle_lenp = 0; + + if (a == NULL) { + attrib_clear(&junk); /* Send empty attributes */ + a = &junk; + } + /* Send open request */ + if ((msg = sshbuf_new()) == NULL) + fatal_f("sshbuf_new failed"); + id = conn->msg_id++; + if ((r = sshbuf_put_u8(msg, SSH2_FXP_OPEN)) != 0 || + (r = sshbuf_put_u32(msg, id)) != 0 || + (r = sshbuf_put_cstring(msg, path)) != 0 || + (r = sshbuf_put_u32(msg, openmode)) != 0 || + (r = encode_attrib(msg, a)) != 0) + fatal_fr(r, "compose %s open", tag); + send_msg(conn, msg); + sshbuf_free(msg); + debug3("Sent %s message SSH2_FXP_OPEN I:%u P:%s M:0x%04x", + tag, id, path, openmode); + if ((handle = get_handle(conn, id, &handle_len, + "%s open(\"%s\")", tag, path)) == NULL) + return -1; + /* success */ + *handlep = handle; + *handle_lenp = handle_len; + return 0; +} + int do_download(struct sftp_conn *conn, const char *remote_path, const char *local_path, Attrib *a, int preserve_flag, int resume_flag, int fsync_flag) { - Attrib junk; struct sshbuf *msg; u_char *handle; int local_fd = -1, write_error; @@ -1331,28 +1372,11 @@ do_download(struct sftp_conn *conn, const char *remote_path, size = 0; buflen = conn->download_buflen; - if ((msg = sshbuf_new()) == NULL) - fatal_f("sshbuf_new failed"); - - attrib_clear(&junk); /* Send empty attributes */ /* Send open request */ - id = conn->msg_id++; - if ((r = sshbuf_put_u8(msg, SSH2_FXP_OPEN)) != 0 || - (r = sshbuf_put_u32(msg, id)) != 0 || - (r = sshbuf_put_cstring(msg, remote_path)) != 0 || - (r = sshbuf_put_u32(msg, SSH2_FXF_READ)) != 0 || - (r = encode_attrib(msg, &junk)) != 0) - fatal_fr(r, "compose"); - send_msg(conn, msg); - debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, remote_path); - - handle = get_handle(conn, id, &handle_len, - "remote open(\"%s\")", remote_path); - if (handle == NULL) { - sshbuf_free(msg); - return(-1); - } + if (send_open(conn, remote_path, "remote", SSH2_FXF_READ, NULL, + &handle, &handle_len) != 0) + return -1; local_fd = open(local_path, O_WRONLY | O_CREAT | (resume_flag ? 0 : O_TRUNC), mode | S_IWUSR); @@ -1377,7 +1401,6 @@ do_download(struct sftp_conn *conn, const char *remote_path, "local file is larger than remote", local_path); fail: do_close(conn, handle, handle_len); - sshbuf_free(msg); free(handle); if (local_fd != -1) close(local_fd); @@ -1394,6 +1417,9 @@ do_download(struct sftp_conn *conn, const char *remote_path, if (showprogress && size != 0) start_progress_meter(remote_path, size, &progress_counter); + if ((msg = sshbuf_new()) == NULL) + fatal_f("sshbuf_new failed"); + while (num_req > 0 || max_req > 0) { u_char *data; size_t len; @@ -1769,31 +1795,15 @@ do_upload(struct sftp_conn *conn, const char *local_path, } } - if ((msg = sshbuf_new()) == NULL) - fatal_f("sshbuf_new failed"); - /* Send open request */ - id = conn->msg_id++; - if ((r = sshbuf_put_u8(msg, SSH2_FXP_OPEN)) != 0 || - (r = sshbuf_put_u32(msg, id)) != 0 || - (r = sshbuf_put_cstring(msg, remote_path)) != 0 || - (r = sshbuf_put_u32(msg, SSH2_FXF_WRITE|SSH2_FXF_CREAT| - (resume ? SSH2_FXF_APPEND : SSH2_FXF_TRUNC))) != 0 || - (r = encode_attrib(msg, &a)) != 0) - fatal_fr(r, "compose"); - send_msg(conn, msg); - debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, remote_path); - - sshbuf_reset(msg); - - handle = get_handle(conn, id, &handle_len, - "remote open(\"%s\")", remote_path); - if (handle == NULL) { + if (send_open(conn, remote_path, "dest", SSH2_FXF_WRITE|SSH2_FXF_CREAT| + (resume ? SSH2_FXF_APPEND : SSH2_FXF_TRUNC), + &a, &handle, &handle_len) != 0) { close(local_fd); - sshbuf_free(msg); return -1; } + id = conn->msg_id; startid = ackid = id + 1; data = xmalloc(conn->upload_buflen); @@ -1803,6 +1813,8 @@ do_upload(struct sftp_conn *conn, const char *local_path, start_progress_meter(local_path, sb.st_size, &progress_counter); + if ((msg = sshbuf_new()) == NULL) + fatal_f("sshbuf_new failed"); for (;;) { int len; -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Sat Aug 7 10:27:17 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Sat, 07 Aug 2021 10:27:17 +1000 Subject: [openssh-commits] [openssh] 03/10: upstream: support for "cross"-loading files/directories, i.e. In-Reply-To: <162829603414.13967.17408255365157811656@fuyu.mindrot.org> References: <162829603414.13967.17408255365157811656@fuyu.mindrot.org> Message-ID: <5ca1278a71aad2d3@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit de7115b373ba0be3861c65de9b606a3e0e9d29a3 Author: djm at openbsd.org Date: Sat Aug 7 00:02:41 2021 +0000 upstream: support for "cross"-loading files/directories, i.e. downloading from one SFTP server while simultaneously uploading to another. feedback & ok markus@ OpenBSD-Commit-ID: 3982878e29d8df0fa4ddc502f5ff6126ac714235 --- sftp-client.c | 425 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++- sftp-client.h | 19 ++- 2 files changed, 442 insertions(+), 2 deletions(-) diff --git a/sftp-client.c b/sftp-client.c index d16b0c44..9f777e43 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.144 2021/08/07 00:01:29 djm Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.145 2021/08/07 00:02:41 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -2048,6 +2048,429 @@ upload_dir(struct sftp_conn *conn, const char *src, const char *dst, return ret; } +static void +handle_dest_replies(struct sftp_conn *to, const char *to_path, int synchronous, + u_int *nreqsp, u_int *write_errorp) +{ + struct sshbuf *msg; + u_char type; + u_int id, status; + int r; + struct pollfd pfd; + + if ((msg = sshbuf_new()) == NULL) + fatal_f("sshbuf_new failed"); + + /* Try to eat replies from the upload side */ + while (*nreqsp > 0) { + debug3_f("%u outstanding replies", *nreqsp); + if (!synchronous) { + /* Bail out if no data is ready to be read */ + pfd.fd = to->fd_in; + pfd.events = POLLIN; + if ((r = poll(&pfd, 1, 0)) == -1) { + if (errno == EINTR) + break; + fatal_f("poll: %s", strerror(errno)); + } else if (r == 0) + break; /* fd not ready */ + } + sshbuf_reset(msg); + get_msg(to, msg); + + if ((r = sshbuf_get_u8(msg, &type)) != 0 || + (r = sshbuf_get_u32(msg, &id)) != 0) + fatal_fr(r, "dest parse"); + debug3("Received dest reply T:%u I:%u R:%u", type, id, *nreqsp); + if (type != SSH2_FXP_STATUS) { + fatal_f("Expected SSH2_FXP_STATUS(%d) packet, got %d", + SSH2_FXP_STATUS, type); + } + if ((r = sshbuf_get_u32(msg, &status)) != 0) + fatal_fr(r, "parse dest status"); + debug3("dest SSH2_FXP_STATUS %u", status); + if (status != SSH2_FX_OK) { + /* record first error */ + if (*write_errorp == 0) + *write_errorp = status; + } + /* + * XXX this doesn't do full reply matching like do_upload and + * so cannot gracefully truncate terminated uploads at a + * high-water mark. ATM the only caller of this function (scp) + * doesn't support transfer resumption, so this doesn't matter + * a whole lot. + * + * To be safe, do_crossload truncates the destination file to + * zero length on upload failure, since we can't trust the + * server not to have reordered replies that could have + * inserted holes where none existed in the source file. + * + * XXX we could get a more accutate progress bar if we updated + * the counter based on the reply from the destination... + */ + (*nreqsp)--; + } + debug3_f("done: %u outstanding replies", *nreqsp); +} + +int +do_crossload(struct sftp_conn *from, struct sftp_conn *to, + const char *from_path, const char *to_path, + Attrib *a, int preserve_flag) +{ + struct sshbuf *msg; + int write_error, read_error, lmodified = 0, r; + u_int64_t offset = 0, size; + u_int id, buflen, num_req, max_req, status = SSH2_FX_OK; + u_int num_upload_req; + off_t progress_counter; + u_char *from_handle, *to_handle; + size_t from_handle_len, to_handle_len; + struct request { + u_int id; + size_t len; + u_int64_t offset; + TAILQ_ENTRY(request) tq; + }; + TAILQ_HEAD(reqhead, request) requests; + struct request *req; + u_char type; + + TAILQ_INIT(&requests); + + if (a == NULL && (a = do_stat(from, from_path, 0)) == NULL) + return -1; + + if ((a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) && + (!S_ISREG(a->perm))) { + error("Cannot download non-regular file: %s", from_path); + return(-1); + } + if (a->flags & SSH2_FILEXFER_ATTR_SIZE) + size = a->size; + else + size = 0; + + buflen = from->download_buflen; + if (buflen > to->upload_buflen) + buflen = to->upload_buflen; + + /* Send open request to read side */ + if (send_open(from, from_path, "origin", SSH2_FXF_READ, NULL, + &from_handle, &from_handle_len) != 0) + return -1; + + /* Send open request to write side */ + a->flags &= ~SSH2_FILEXFER_ATTR_SIZE; + a->flags &= ~SSH2_FILEXFER_ATTR_UIDGID; + a->perm &= 0777; + if (!preserve_flag) + a->flags &= ~SSH2_FILEXFER_ATTR_ACMODTIME; + if (send_open(to, to_path, "dest", + SSH2_FXF_WRITE|SSH2_FXF_CREAT|SSH2_FXF_TRUNC, a, + &to_handle, &to_handle_len) != 0) { + do_close(from, from_handle, from_handle_len); + return -1; + } + + /* Read from remote "from" and write to remote "to" */ + offset = 0; + write_error = read_error = num_req = num_upload_req = 0; + max_req = 1; + progress_counter = 0; + + if (showprogress && size != 0) + start_progress_meter(from_path, size, &progress_counter); + if ((msg = sshbuf_new()) == NULL) + fatal_f("sshbuf_new failed"); + while (num_req > 0 || max_req > 0) { + u_char *data; + size_t len; + + /* + * Simulate EOF on interrupt: stop sending new requests and + * allow outstanding requests to drain gracefully + */ + if (interrupted) { + if (num_req == 0) /* If we haven't started yet... */ + break; + max_req = 0; + } + + /* Send some more requests */ + while (num_req < max_req) { + debug3("Request range %llu -> %llu (%d/%d)", + (unsigned long long)offset, + (unsigned long long)offset + buflen - 1, + num_req, max_req); + req = xcalloc(1, sizeof(*req)); + req->id = from->msg_id++; + req->len = buflen; + req->offset = offset; + offset += buflen; + num_req++; + TAILQ_INSERT_TAIL(&requests, req, tq); + send_read_request(from, req->id, req->offset, + req->len, from_handle, from_handle_len); + } + + /* Try to eat replies from the upload side (nonblocking) */ + handle_dest_replies(to, to_path, 0, + &num_upload_req, &write_error); + + sshbuf_reset(msg); + get_msg(from, msg); + if ((r = sshbuf_get_u8(msg, &type)) != 0 || + (r = sshbuf_get_u32(msg, &id)) != 0) + fatal_fr(r, "parse"); + debug3("Received origin reply T:%u I:%u R:%d", + type, id, max_req); + + /* Find the request in our queue */ + for (req = TAILQ_FIRST(&requests); + req != NULL && req->id != id; + req = TAILQ_NEXT(req, tq)) + ; + if (req == NULL) + fatal("Unexpected reply %u", id); + + switch (type) { + case SSH2_FXP_STATUS: + if ((r = sshbuf_get_u32(msg, &status)) != 0) + fatal_fr(r, "parse status"); + if (status != SSH2_FX_EOF) + read_error = 1; + max_req = 0; + TAILQ_REMOVE(&requests, req, tq); + free(req); + num_req--; + break; + case SSH2_FXP_DATA: + if ((r = sshbuf_get_string(msg, &data, &len)) != 0) + fatal_fr(r, "parse data"); + debug3("Received data %llu -> %llu", + (unsigned long long)req->offset, + (unsigned long long)req->offset + len - 1); + if (len > req->len) + fatal("Received more data than asked for " + "%zu > %zu", len, req->len); + lmodified = 1; + + /* Write this chunk out to the destination */ + sshbuf_reset(msg); + if ((r = sshbuf_put_u8(msg, SSH2_FXP_WRITE)) != 0 || + (r = sshbuf_put_u32(msg, to->msg_id++)) != 0 || + (r = sshbuf_put_string(msg, to_handle, + to_handle_len)) != 0 || + (r = sshbuf_put_u64(msg, req->offset)) != 0 || + (r = sshbuf_put_string(msg, data, len)) != 0) + fatal_fr(r, "compose write"); + send_msg(to, msg); + debug3("Sent message SSH2_FXP_WRITE I:%u O:%llu S:%zu", + id, (unsigned long long)offset, len); + num_upload_req++; + progress_counter += len; + free(data); + + if (len == req->len) { + TAILQ_REMOVE(&requests, req, tq); + free(req); + num_req--; + } else { + /* Resend the request for the missing data */ + debug3("Short data block, re-requesting " + "%llu -> %llu (%2d)", + (unsigned long long)req->offset + len, + (unsigned long long)req->offset + + req->len - 1, num_req); + req->id = from->msg_id++; + req->len -= len; + req->offset += len; + send_read_request(from, req->id, + req->offset, req->len, + from_handle, from_handle_len); + /* Reduce the request size */ + if (len < buflen) + buflen = MAXIMUM(MIN_READ_SIZE, len); + } + if (max_req > 0) { /* max_req = 0 iff EOF received */ + if (size > 0 && offset > size) { + /* Only one request at a time + * after the expected EOF */ + debug3("Finish at %llu (%2d)", + (unsigned long long)offset, + num_req); + max_req = 1; + } else if (max_req < from->num_requests) { + ++max_req; + } + } + break; + default: + fatal("Expected SSH2_FXP_DATA(%u) packet, got %u", + SSH2_FXP_DATA, type); + } + } + + if (showprogress && size) + stop_progress_meter(); + + /* Drain replies from the server (blocking) */ + debug3_f("waiting for %u replies from destination", num_upload_req); + handle_dest_replies(to, to_path, 1, &num_upload_req, &write_error); + + /* Sanity check */ + if (TAILQ_FIRST(&requests) != NULL) + fatal("Transfer complete, but requests still in queue"); + /* Truncate at 0 length on interrupt or error to avoid holes at dest */ + if (read_error || write_error || interrupted) { + debug("truncating \"%s\" at 0", to_path); + do_close(to, to_handle, to_handle_len); + free(to_handle); + if (send_open(to, to_path, "dest", + SSH2_FXF_WRITE|SSH2_FXF_CREAT|SSH2_FXF_TRUNC, a, + &to_handle, &to_handle_len) != 0) { + error("truncation failed for \"%s\"", to_path); + to_handle = NULL; + } + } + if (read_error) { + error("Couldn't read from origin file \"%s\" : %s", + from_path, fx2txt(status)); + status = -1; + do_close(from, from_handle, from_handle_len); + if (to_handle != NULL) + do_close(to, to_handle, to_handle_len); + } else if (write_error) { + error("Couldn't write to \"%s\": %s", + to_path, fx2txt(write_error)); + status = SSH2_FX_FAILURE; + do_close(from, from_handle, from_handle_len); + if (to_handle != NULL) + do_close(to, to_handle, to_handle_len); + } else { + if (do_close(from, from_handle, from_handle_len) != 0 || + interrupted) + status = -1; + else + status = SSH2_FX_OK; + if (to_handle != NULL) { + /* Need to resend utimes after write */ + if (preserve_flag) + do_fsetstat(to, to_handle, to_handle_len, a); + do_close(to, to_handle, to_handle_len); + } + } + sshbuf_free(msg); + free(from_handle); + free(to_handle); + + return status == SSH2_FX_OK ? 0 : -1; +} + +static int +crossload_dir_internal(struct sftp_conn *from, struct sftp_conn *to, + const char *from_path, const char *to_path, + int depth, Attrib *dirattrib, int preserve_flag, int print_flag) +{ + int i, ret = 0; + SFTP_DIRENT **dir_entries; + char *filename, *new_from_path = NULL, *new_to_path = NULL; + mode_t mode = 0777; + + if (depth >= MAX_DIR_DEPTH) { + error("Maximum directory depth exceeded: %d levels", depth); + return -1; + } + + if (dirattrib == NULL && + (dirattrib = do_stat(from, from_path, 1)) == NULL) { + error("Unable to stat remote directory \"%s\"", from_path); + return -1; + } + if (!S_ISDIR(dirattrib->perm)) { + error("\"%s\" is not a directory", from_path); + return -1; + } + if (print_flag) + mprintf("Retrieving %s\n", from_path); + + dirattrib->flags &= ~SSH2_FILEXFER_ATTR_SIZE; + dirattrib->flags &= ~SSH2_FILEXFER_ATTR_UIDGID; + if (dirattrib->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) { + mode = dirattrib->perm & 01777; + dirattrib->perm = mode | (S_IWUSR|S_IXUSR); /* temp */ + } else { + debug("Server did not send permissions for " + "directory \"%s\"", to_path); + } + if (do_mkdir(to, to_path, dirattrib, print_flag) != 0) + return -1; + + if (do_readdir(from, from_path, &dir_entries) == -1) { + error("%s: Failed to get directory contents", from_path); + return -1; + } + + for (i = 0; dir_entries[i] != NULL && !interrupted; i++) { + free(new_from_path); + free(new_to_path); + + filename = dir_entries[i]->filename; + new_from_path = path_append(from_path, filename); + new_to_path = path_append(to_path, filename); + + if (S_ISDIR(dir_entries[i]->a.perm)) { + if (strcmp(filename, ".") == 0 || + strcmp(filename, "..") == 0) + continue; + if (crossload_dir_internal(from, to, + new_from_path, new_to_path, + depth + 1, &(dir_entries[i]->a), preserve_flag, + print_flag) == -1) + ret = -1; + } else if (S_ISREG(dir_entries[i]->a.perm) ) { + if (do_crossload(from, to, new_from_path, new_to_path, + &(dir_entries[i]->a), preserve_flag) == -1) { + error("Transfer of file %s to %s failed", + new_from_path, new_to_path); + ret = -1; + } + } else + logit("%s: not a regular file\n", new_from_path); + + } + free(new_to_path); + free(new_from_path); + + dirattrib->perm = mode; /* original mode */ + do_setstat(to, to_path, dirattrib); + + free_sftp_dirents(dir_entries); + + return ret; +} + +int +crossload_dir(struct sftp_conn *from, struct sftp_conn *to, + const char *from_path, const char *to_path, + Attrib *dirattrib, int preserve_flag, int print_flag) +{ + char *from_path_canon; + int ret; + + if ((from_path_canon = do_realpath(from, from_path)) == NULL) { + error("Unable to canonicalize path \"%s\"", from_path); + return -1; + } + + ret = crossload_dir_internal(from, to, from_path_canon, to_path, 0, + dirattrib, preserve_flag, print_flag); + free(from_path_canon); + return ret; +} + char * path_append(const char *p1, const char *p2) { diff --git a/sftp-client.h b/sftp-client.h index 6f6c49fb..c7fa04f5 100644 --- a/sftp-client.h +++ b/sftp-client.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.h,v 1.30 2021/03/31 22:16:34 djm Exp $ */ +/* $OpenBSD: sftp-client.h,v 1.31 2021/08/07 00:02:41 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller @@ -150,6 +150,23 @@ int do_upload(struct sftp_conn *, const char *, const char *, int, int, int); int upload_dir(struct sftp_conn *, const char *, const char *, int, int, int, int); +/* + * Download a 'from_path' from the 'from' connection and upload it to + * to 'to' connection at 'to_path'. + */ +int +do_crossload(struct sftp_conn *from, struct sftp_conn *to, + const char *from_path, const char *to_path, + Attrib *a, int preserve_flag); + +/* + * Recursively download a directory from 'from_path' from the 'from' + * connection and upload it to 'to' connection at 'to_path'. + */ +int crossload_dir(struct sftp_conn *from, struct sftp_conn *to, + const char *from_path, const char *to_path, + Attrib *dirattrib, int preserve_flag, int print_flag); + /* Concatenate paths, taking care of slashes. Caller must free result. */ char *path_append(const char *, const char *); -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Sat Aug 7 10:27:18 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Sat, 07 Aug 2021 10:27:18 +1000 Subject: [openssh-commits] [openssh] 04/10: upstream: use sftp_client crossloading to implement scp -3 In-Reply-To: <162829603414.13967.17408255365157811656@fuyu.mindrot.org> References: <162829603414.13967.17408255365157811656@fuyu.mindrot.org> Message-ID: <5ca1278c2ef3afaa@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit 318c06bb04ee21a0cfa6b6022a201eacaa53f388 Author: djm at openbsd.org Date: Sat Aug 7 00:06:30 2021 +0000 upstream: use sftp_client crossloading to implement scp -3 feedback/ok markus@ OpenBSD-Commit-ID: 7db4c0086cfc12afc9cfb71d4c2fd3c7e9416ee9 --- scp.c | 229 ++++++++++++++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 189 insertions(+), 40 deletions(-) diff --git a/scp.c b/scp.c index 3125d336..9be41a26 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.218 2021/08/07 00:00:33 djm Exp $ */ +/* $OpenBSD: scp.c,v 1.219 2021/08/07 00:06:30 djm Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -139,7 +139,7 @@ extern char *__progname; #define COPY_BUFLEN 16384 int do_cmd(char *program, char *host, char *remuser, int port, char *cmd, - int *fdin, int *fdout); + int *fdin, int *fdout, pid_t *pidp); int do_cmd2(char *host, char *remuser, int port, char *cmd, int fdin, int fdout); @@ -175,6 +175,7 @@ char *ssh_program = _PATH_SSH_PROGRAM; /* This is used to store the pid of ssh_program */ pid_t do_cmd_pid = -1; +pid_t do_cmd_pid2 = -1; /* Needed for sftp */ volatile sig_atomic_t interrupted = 0; @@ -189,6 +190,10 @@ killchild(int signo) kill(do_cmd_pid, signo ? signo : SIGTERM); waitpid(do_cmd_pid, NULL, 0); } + if (do_cmd_pid2 > 1) { + kill(do_cmd_pid2, signo ? signo : SIGTERM); + waitpid(do_cmd_pid2, NULL, 0); + } if (signo) _exit(1); @@ -196,19 +201,26 @@ killchild(int signo) } static void -suspchild(int signo) +suspone(int pid, int signo) { int status; - if (do_cmd_pid > 1) { - kill(do_cmd_pid, signo); - while (waitpid(do_cmd_pid, &status, WUNTRACED) == -1 && + if (pid > 1) { + kill(pid, signo); + while (waitpid(pid, &status, WUNTRACED) == -1 && errno == EINTR) ; - kill(getpid(), SIGSTOP); } } +static void +suspchild(int signo) +{ + suspone(do_cmd_pid, signo); + suspone(do_cmd_pid2, signo); + kill(getpid(), SIGSTOP); +} + static int do_local_cmd(arglist *a) { @@ -259,7 +271,7 @@ do_local_cmd(arglist *a) int do_cmd(char *program, char *host, char *remuser, int port, char *cmd, - int *fdin, int *fdout) + int *fdin, int *fdout, int *pid) { int pin[2], pout[2], reserved[2]; @@ -294,8 +306,8 @@ do_cmd(char *program, char *host, char *remuser, int port, char *cmd, ssh_signal(SIGTTOU, suspchild); /* Fork a child to execute the command on the remote host using ssh. */ - do_cmd_pid = fork(); - if (do_cmd_pid == 0) { + *pid = fork(); + if (*pid == 0) { /* Child. */ close(pin[1]); close(pout[0]); @@ -320,7 +332,7 @@ do_cmd(char *program, char *host, char *remuser, int port, char *cmd, execvp(program, args.list); perror(program); exit(1); - } else if (do_cmd_pid == -1) { + } else if (*pid == -1) { fatal("fork: %s", strerror(errno)); } /* Parent. Close the other side, and return the local side. */ @@ -340,10 +352,11 @@ do_cmd(char *program, char *host, char *remuser, int port, char *cmd, * This way the input and output of two commands can be connected. */ int -do_cmd2(char *host, char *remuser, int port, char *cmd, int fdin, int fdout) +do_cmd2(char *host, char *remuser, int port, char *cmd, + int fdin, int fdout) { - pid_t pid; int status; + pid_t pid; if (verbose_mode) fmprintf(stderr, @@ -403,7 +416,7 @@ void verifydir(char *); struct passwd *pwd; uid_t userid; -int errs, remin, remout; +int errs, remin, remout, remin2, remout2; int Tflag, pflag, iamremote, iamrecursive, targetshouldbedirectory; #define CMDNEEDS 64 @@ -424,6 +437,8 @@ void usage(void); void source_sftp(int, char *, char *, struct sftp_conn *, char **); void sink_sftp(int, char *, const char *, struct sftp_conn *); +void throughlocal_sftp(struct sftp_conn *, struct sftp_conn *, + char *, char *, char **); int main(int argc, char **argv) @@ -943,22 +958,23 @@ brace_expand(const char *pattern, char ***patternsp, size_t *npatternsp) } static struct sftp_conn * -do_sftp_connect(char *host, char *user, int port, char *sftp_direct) +do_sftp_connect(char *host, char *user, int port, char *sftp_direct, + int *reminp, int *remoutp, int *pidp) { if (sftp_direct == NULL) { addargs(&args, "-s"); if (do_cmd(ssh_program, host, user, port, "sftp", - &remin, &remout) < 0) + reminp, remoutp, pidp) < 0) return NULL; } else { args.list = NULL; addargs(&args, "sftp-server"); if (do_cmd(sftp_direct, host, NULL, -1, "sftp", - &remin, &remout) < 0) + reminp, remoutp, pidp) < 0) return NULL; } - return do_init(remin, remout, 32768, 64, limit_kbps); + return do_init(*reminp, *remoutp, 32768, 64, limit_kbps); } void @@ -968,9 +984,9 @@ toremote(int argc, char **argv, enum scp_mode_e mode, char *sftp_direct) char *bp, *tuser, *thost, *targ; char *remote_path = NULL; int sport = -1, tport = -1; - struct sftp_conn *conn = NULL; + struct sftp_conn *conn = NULL, *conn2 = NULL; arglist alist; - int i, r; + int i, r, status; u_int j; memset(&alist, '\0', sizeof(alist)); @@ -1011,21 +1027,64 @@ toremote(int argc, char **argv, enum scp_mode_e mode, char *sftp_direct) continue; } if (host && throughlocal) { /* extended remote to remote */ - /* XXX uses scp; need to support SFTP remote-remote */ - xasprintf(&bp, "%s -f %s%s", cmd, - *src == '-' ? "-- " : "", src); - if (do_cmd(ssh_program, host, suser, sport, bp, - &remin, &remout) < 0) - exit(1); - free(bp); - xasprintf(&bp, "%s -t %s%s", cmd, - *targ == '-' ? "-- " : "", targ); - if (do_cmd2(thost, tuser, tport, bp, remin, remout) < 0) - exit(1); - free(bp); - (void) close(remin); - (void) close(remout); - remin = remout = -1; + if (mode == MODE_SFTP) { + if (remin == -1) { + /* Connect to dest now */ + conn = do_sftp_connect(thost, tuser, + tport, sftp_direct, + &remin, &remout, &do_cmd_pid); + if (conn == NULL) { + fatal("Unable to open " + "destination connection"); + } + debug3_f("origin in %d out %d pid %ld", + remin, remout, (long)do_cmd_pid); + } + /* + * XXX remember suser/host/sport and only + * reconnect if they change between arguments. + * would save reconnections for cases like + * scp -3 hosta:/foo hosta:/bar hostb: + */ + /* Connect to origin now */ + conn2 = do_sftp_connect(host, suser, + sport, sftp_direct, + &remin2, &remout2, &do_cmd_pid2); + if (conn2 == NULL) { + fatal("Unable to open " + "source connection"); + } + debug3_f("destination in %d out %d pid %ld", + remin2, remout2, (long)do_cmd_pid2); + throughlocal_sftp(conn2, conn, src, targ, + &remote_path); + (void) close(remin2); + (void) close(remout2); + remin2 = remout2 = -1; + if (waitpid(do_cmd_pid2, &status, 0) == -1) + ++errs; + else if (!WIFEXITED(status) || + WEXITSTATUS(status) != 0) + ++errs; + do_cmd_pid2 = -1; + continue; + } else { + xasprintf(&bp, "%s -f %s%s", cmd, + *src == '-' ? "-- " : "", src); + if (do_cmd(ssh_program, host, suser, sport, + bp, &remin, &remout, &do_cmd_pid) < 0) + exit(1); + free(bp); + xasprintf(&bp, "%s -t %s%s", cmd, + *targ == '-' ? "-- " : "", targ); + if (do_cmd2(thost, tuser, tport, bp, + remin, remout) < 0) + exit(1); + free(bp); + (void) close(remin); + (void) close(remout); + remin = remout = -1; + } } else if (host) { /* standard remote to remote */ /* * Second remote user is passed to first remote side @@ -1074,7 +1133,8 @@ toremote(int argc, char **argv, enum scp_mode_e mode, char *sftp_direct) if (remin == -1) { /* Connect to remote now */ conn = do_sftp_connect(thost, tuser, - tport, sftp_direct); + tport, sftp_direct, + &remin, &remout, &do_cmd_pid); if (conn == NULL) { fatal("Unable to open sftp " "connection"); @@ -1091,7 +1151,7 @@ toremote(int argc, char **argv, enum scp_mode_e mode, char *sftp_direct) xasprintf(&bp, "%s -t %s%s", cmd, *targ == '-' ? "-- " : "", targ); if (do_cmd(ssh_program, thost, tuser, tport, bp, - &remin, &remout) < 0) + &remin, &remout, &do_cmd_pid) < 0) exit(1); if (response() < 0) exit(1); @@ -1156,7 +1216,8 @@ tolocal(int argc, char **argv, enum scp_mode_e mode, char *sftp_direct) } /* Remote to local. */ if (mode == MODE_SFTP) { - conn = do_sftp_connect(host, suser, sport, sftp_direct); + conn = do_sftp_connect(host, suser, sport, + sftp_direct, &remin, &remout, &do_cmd_pid); if (conn == NULL) { error("Couldn't make sftp connection " "to server"); @@ -1176,8 +1237,8 @@ tolocal(int argc, char **argv, enum scp_mode_e mode, char *sftp_direct) /* SCP */ xasprintf(&bp, "%s -f %s%s", cmd, *src == '-' ? "-- " : "", src); - if (do_cmd(ssh_program, host, suser, sport, bp, &remin, - &remout) < 0) { + if (do_cmd(ssh_program, host, suser, sport, bp, + &remin, &remout, &do_cmd_pid) < 0) { free(bp); ++errs; continue; @@ -1808,6 +1869,94 @@ screwup: exit(1); } +void +throughlocal_sftp(struct sftp_conn *from, struct sftp_conn *to, + char *src, char *targ, char **to_remote_path) +{ + char *target = NULL, *filename = NULL, *abs_dst = NULL; + char *abs_src = NULL, *tmp = NULL, *from_remote_path; + glob_t g; + int i, r, targetisdir, err = 0; + + if (*to_remote_path == NULL) { + *to_remote_path = do_realpath(to, "."); + if (*to_remote_path == NULL) { + fatal("Unable to determine destination remote " + "working directory"); + } + } + + if ((from_remote_path = do_realpath(from, ".")) == NULL) { + fatal("Unable to determine source remote " + "working directory"); + } + + if ((filename = basename(src)) == NULL) + fatal("basename %s: %s", src, strerror(errno)); + + abs_src = xstrdup(src); + abs_src = make_absolute(abs_src, from_remote_path); + free(from_remote_path); + target = xstrdup(targ); + target = make_absolute(target, *to_remote_path); + memset(&g, 0, sizeof(g)); + + targetisdir = remote_is_dir(to, target); + if (!targetisdir && targetshouldbedirectory) { + error("Destination path \"%s\" is not a directory", target); + err = -1; + goto out; + } + + debug3_f("copying remote %s to remote %s", abs_src, target); + if ((r = remote_glob(from, abs_src, GLOB_MARK, NULL, &g)) != 0) { + if (r == GLOB_NOSPACE) + error("Too many glob matches for \"%s\".", abs_src); + else + error("File \"%s\" not found.", abs_src); + err = -1; + goto out; + } + + for (i = 0; g.gl_pathv[i] && !interrupted; i++) { + tmp = xstrdup(g.gl_pathv[i]); + if ((filename = basename(tmp)) == NULL) { + error("basename %s: %s", tmp, strerror(errno)); + err = -1; + goto out; + } + + if (targetisdir) + abs_dst = path_append(target, filename); + else + abs_dst = xstrdup(target); + + debug("Fetching %s to %s\n", g.gl_pathv[i], abs_dst); + if (globpath_is_dir(g.gl_pathv[i]) && iamrecursive) { + if (crossload_dir(from, to, g.gl_pathv[i], abs_dst, + NULL, pflag, 1) == -1) + err = -1; + } else { + if (do_crossload(from, to, g.gl_pathv[i], abs_dst, NULL, + pflag) == -1) + err = -1; + } + free(abs_dst); + abs_dst = NULL; + free(tmp); + tmp = NULL; + } + +out: + free(abs_src); + free(abs_dst); + free(target); + free(tmp); + globfree(&g); + if (err == -1) + fatal("Failed to download file '%s'", src); +} + int response(void) { -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Sat Aug 7 10:27:19 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Sat, 07 Aug 2021 10:27:19 +1000 Subject: [openssh-commits] [openssh] 05/10: upstream: factor out a structure duplicated between downloading In-Reply-To: <162829603414.13967.17408255365157811656@fuyu.mindrot.org> References: <162829603414.13967.17408255365157811656@fuyu.mindrot.org> Message-ID: <5ca1278e1d286bca@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit 48cd39b7a4e5e7c25101c6d1179f98fe544835cd Author: djm at openbsd.org Date: Sat Aug 7 00:07:18 2021 +0000 upstream: factor out a structure duplicated between downloading and crossloading; ok markus@ OpenBSD-Commit-ID: 96eede24d520569232086a129febe342e4765d39 --- sftp-client.c | 27 ++++++++++++--------------- 1 file changed, 12 insertions(+), 15 deletions(-) diff --git a/sftp-client.c b/sftp-client.c index 9f777e43..dc9a9a80 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.145 2021/08/07 00:02:41 djm Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.146 2021/08/07 00:07:18 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -100,6 +100,15 @@ struct sftp_conn { struct bwlimit bwlimit_in, bwlimit_out; }; +/* Tracks in-progress requests during file transfers */ +struct request { + u_int id; + size_t len; + u_int64_t offset; + TAILQ_ENTRY(request) tq; +}; +TAILQ_HEAD(requests, request); + static u_char * get_handle(struct sftp_conn *conn, u_int expected_id, size_t *len, const char *errfmt, ...) __attribute__((format(printf, 4, 5))); @@ -1339,13 +1348,7 @@ do_download(struct sftp_conn *conn, const char *remote_path, off_t progress_counter; size_t handle_len; struct stat st; - struct request { - u_int id; - size_t len; - u_int64_t offset; - TAILQ_ENTRY(request) tq; - }; - TAILQ_HEAD(reqhead, request) requests; + struct requests requests; struct request *req; u_char type; @@ -2127,13 +2130,7 @@ do_crossload(struct sftp_conn *from, struct sftp_conn *to, off_t progress_counter; u_char *from_handle, *to_handle; size_t from_handle_len, to_handle_len; - struct request { - u_int id; - size_t len; - u_int64_t offset; - TAILQ_ENTRY(request) tq; - }; - TAILQ_HEAD(reqhead, request) requests; + struct requests requests; struct request *req; u_char type; -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Sat Aug 7 10:27:20 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Sat, 07 Aug 2021 10:27:20 +1000 Subject: [openssh-commits] [openssh] 06/10: upstream: make scp(1) in SFTP mode output better match original In-Reply-To: <162829603414.13967.17408255365157811656@fuyu.mindrot.org> References: <162829603414.13967.17408255365157811656@fuyu.mindrot.org> Message-ID: <5ca12790d3de1a14@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit c677e65365d6f460c084e41e0c4807bb8a9cf601 Author: djm at openbsd.org Date: Sat Aug 7 00:08:52 2021 +0000 upstream: make scp(1) in SFTP mode output better match original scp(1) by suppressing "Retrieving [path]" lines that were emitted to support the interactive sftp(1) client. ok markus@ OpenBSD-Commit-ID: 06be293df5f156a18f366079be2f33fa68001acc --- scp.c | 7 ++++--- sftp-client.c | 6 +++--- sftp-client.h | 7 ++++++- 3 files changed, 13 insertions(+), 7 deletions(-) diff --git a/scp.c b/scp.c index 9be41a26..51925455 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.219 2021/08/07 00:06:30 djm Exp $ */ +/* $OpenBSD: scp.c,v 1.220 2021/08/07 00:08:52 djm Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -1289,7 +1289,8 @@ source_sftp(int argc, char *src, char *targ, debug3_f("copying local %s to remote %s", src, abs_dst); if (local_is_dir(src) && iamrecursive) { - if (upload_dir(conn, src, abs_dst, pflag, 1, 0, 0) != 0) { + if (upload_dir(conn, src, abs_dst, pflag, + SFTP_PROGRESS_ONLY, 0, 0) != 0) { fatal("failed to upload directory %s to %s", src, abs_dst); } @@ -1521,7 +1522,7 @@ sink_sftp(int argc, char *dst, const char *src, struct sftp_conn *conn) debug("Fetching %s to %s\n", g.gl_pathv[i], abs_dst); if (globpath_is_dir(g.gl_pathv[i]) && iamrecursive) { if (download_dir(conn, g.gl_pathv[i], abs_dst, NULL, - pflag, 1, 0, 0) == -1) + pflag, SFTP_PROGRESS_ONLY, 0, 0) == -1) err = -1; } else { if (do_download(conn, g.gl_pathv[i], abs_dst, NULL, diff --git a/sftp-client.c b/sftp-client.c index dc9a9a80..2d433056 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.146 2021/08/07 00:07:18 djm Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.147 2021/08/07 00:08:52 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -1633,7 +1633,7 @@ download_dir_internal(struct sftp_conn *conn, const char *src, const char *dst, error("\"%s\" is not a directory", src); return -1; } - if (print_flag) + if (print_flag && print_flag != SFTP_PROGRESS_ONLY) mprintf("Retrieving %s\n", src); if (dirattrib->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) { @@ -1957,7 +1957,7 @@ upload_dir_internal(struct sftp_conn *conn, const char *src, const char *dst, error("\"%s\" is not a directory", src); return -1; } - if (print_flag) + if (print_flag && print_flag != SFTP_PROGRESS_ONLY) mprintf("Entering %s\n", src); attrib_clear(&a); diff --git a/sftp-client.h b/sftp-client.h index c7fa04f5..1de6ba8f 100644 --- a/sftp-client.h +++ b/sftp-client.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.h,v 1.31 2021/08/07 00:02:41 djm Exp $ */ +/* $OpenBSD: sftp-client.h,v 1.32 2021/08/07 00:08:52 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller @@ -61,6 +61,11 @@ struct sftp_limits { u_int64_t open_handles; }; +/* print flag values */ +#define SFTP_QUIET 0 /* be quiet during transfers */ +#define SFTP_PRINT 1 /* list files and show progress bar */ +#define SFTP_PROGRESS_ONLY 2 /* progress bar only */ + /* * Initialise a SSH filexfer connection. Returns NULL on error or * a pointer to a initialized sftp_conn struct on success. -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Sat Aug 7 10:27:21 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Sat, 07 Aug 2021 10:27:21 +1000 Subject: [openssh-commits] [openssh] 07/10: upstream: a bit more debugging of file attributes being In-Reply-To: <162829603414.13967.17408255365157811656@fuyu.mindrot.org> References: <162829603414.13967.17408255365157811656@fuyu.mindrot.org> Message-ID: <5ca12792f5a3f8f5@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit 98b59244ca10e62ff67a420856770cb700164f59 Author: djm at openbsd.org Date: Sat Aug 7 00:09:57 2021 +0000 upstream: a bit more debugging of file attributes being sent/received over the wire OpenBSD-Commit-ID: f68c4e207b08ef95200a8b2de499d422808e089b --- sftp-client.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/sftp-client.c b/sftp-client.c index 2d433056..09b7897c 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.147 2021/08/07 00:08:52 djm Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.148 2021/08/07 00:09:57 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -227,7 +227,8 @@ send_string_attrs_request(struct sftp_conn *conn, u_int id, u_int code, (r = encode_attrib(msg, a)) != 0) fatal_fr(r, "compose"); send_msg(conn, msg); - debug3("Sent message fd %d T:%u I:%u", conn->fd_out, code, id); + debug3("Sent message fd %d T:%u I:%u F:0x%04x M:%05o", + conn->fd_out, code, id, a->flags, a->perm); sshbuf_free(msg); } @@ -323,7 +324,6 @@ get_decode_stat(struct sftp_conn *conn, u_int expected_id, int quiet) (r = sshbuf_get_u32(msg, &id)) != 0) fatal_fr(r, "parse"); - debug3("Received stat reply T:%u I:%u", type, id); if (id != expected_id) fatal("ID mismatch (%u != %u)", id, expected_id); if (type == SSH2_FXP_STATUS) { @@ -346,6 +346,8 @@ get_decode_stat(struct sftp_conn *conn, u_int expected_id, int quiet) sshbuf_free(msg); return NULL; } + debug3("Recevied stat reply T:%u I:%u F:0x%04x M:%05o", + type, id, a.flags, a.perm); sshbuf_free(msg); return &a; -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Sat Aug 7 10:27:22 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Sat, 07 Aug 2021 10:27:22 +1000 Subject: [openssh-commits] [openssh] 08/10: upstream: fix incorrect directory permissions on scp -3 In-Reply-To: <162829603414.13967.17408255365157811656@fuyu.mindrot.org> References: <162829603414.13967.17408255365157811656@fuyu.mindrot.org> Message-ID: <5ca127940664aad6@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit 133b44e500422df68c9c25c3b6de35c0263132f1 Author: djm at openbsd.org Date: Sat Aug 7 00:10:49 2021 +0000 upstream: fix incorrect directory permissions on scp -3 transfers; ok markus@ OpenBSD-Commit-ID: 64b2abaa5635a2be65ee2e77688ad9bcebf576c2 --- sftp-client.c | 42 ++++++++++++++++++++++++++++++------------ 1 file changed, 30 insertions(+), 12 deletions(-) diff --git a/sftp-client.c b/sftp-client.c index 09b7897c..d4ddc94f 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.148 2021/08/07 00:09:57 djm Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.149 2021/08/07 00:10:49 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -307,6 +307,7 @@ get_handle(struct sftp_conn *conn, u_int expected_id, size_t *len, return handle; } +/* XXX returing &static is error-prone. Refactor to fill *Attrib argument */ static Attrib * get_decode_stat(struct sftp_conn *conn, u_int expected_id, int quiet) { @@ -2377,6 +2378,7 @@ crossload_dir_internal(struct sftp_conn *from, struct sftp_conn *to, SFTP_DIRENT **dir_entries; char *filename, *new_from_path = NULL, *new_to_path = NULL; mode_t mode = 0777; + Attrib curdir; if (depth >= MAX_DIR_DEPTH) { error("Maximum directory depth exceeded: %d levels", depth); @@ -2395,17 +2397,34 @@ crossload_dir_internal(struct sftp_conn *from, struct sftp_conn *to, if (print_flag) mprintf("Retrieving %s\n", from_path); - dirattrib->flags &= ~SSH2_FILEXFER_ATTR_SIZE; - dirattrib->flags &= ~SSH2_FILEXFER_ATTR_UIDGID; - if (dirattrib->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) { - mode = dirattrib->perm & 01777; - dirattrib->perm = mode | (S_IWUSR|S_IXUSR); /* temp */ - } else { - debug("Server did not send permissions for " + curdir = *dirattrib; /* dirattrib will be clobbered */ + curdir.flags &= ~SSH2_FILEXFER_ATTR_SIZE; + curdir.flags &= ~SSH2_FILEXFER_ATTR_UIDGID; + if ((curdir.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) == 0) { + debug("Origin did not send permissions for " "directory \"%s\"", to_path); + curdir.perm = S_IWUSR|S_IXUSR; + curdir.flags |= SSH2_FILEXFER_ATTR_PERMISSIONS; } - if (do_mkdir(to, to_path, dirattrib, print_flag) != 0) - return -1; + /* We need to be able to write to the directory while we transfer it */ + mode = curdir.perm & 01777; + curdir.perm = mode | (S_IWUSR|S_IXUSR); + + /* + * sftp lacks a portable status value to match errno EEXIST, + * so if we get a failure back then we must check whether + * the path already existed and is a directory. Ensure we can + * write to the directory we create for the duration of the transfer. + */ + if (do_mkdir(to, to_path, &curdir, 0) != 0) { + if ((dirattrib = do_stat(to, to_path, 0)) == NULL) + return -1; + if (!S_ISDIR(dirattrib->perm)) { + error("\"%s\" exists but is not a directory", to_path); + return -1; + } + } + curdir.perm = mode; if (do_readdir(from, from_path, &dir_entries) == -1) { error("%s: Failed to get directory contents", from_path); @@ -2443,8 +2462,7 @@ crossload_dir_internal(struct sftp_conn *from, struct sftp_conn *to, free(new_to_path); free(new_from_path); - dirattrib->perm = mode; /* original mode */ - do_setstat(to, to_path, dirattrib); + do_setstat(to, to_path, &curdir); free_sftp_dirents(dir_entries); -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Sat Aug 7 10:27:23 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Sat, 07 Aug 2021 10:27:23 +1000 Subject: [openssh-commits] [openssh] 09/10: upstream: make scp(1) in SFTP mode follow symlinks like In-Reply-To: <162829603414.13967.17408255365157811656@fuyu.mindrot.org> References: <162829603414.13967.17408255365157811656@fuyu.mindrot.org> Message-ID: <5ca127960c96fa8a@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit 7b1cbcb7599d9f6a3bbad79d412604aa1203b5ee Author: djm at openbsd.org Date: Sat Aug 7 00:12:09 2021 +0000 upstream: make scp(1) in SFTP mode follow symlinks like traditional scp(1) ok markus@ OpenBSD-Commit-ID: 97255e55be37e8e26605e4ba1e69f9781765d231 --- scp.c | 8 ++++---- sftp-client.c | 58 +++++++++++++++++++++++++++++++++++++++------------------- sftp-client.h | 9 +++++---- sftp.c | 8 +++++--- 4 files changed, 53 insertions(+), 30 deletions(-) diff --git a/scp.c b/scp.c index 51925455..3eb0212b 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.220 2021/08/07 00:08:52 djm Exp $ */ +/* $OpenBSD: scp.c,v 1.221 2021/08/07 00:12:09 djm Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -1290,7 +1290,7 @@ source_sftp(int argc, char *src, char *targ, if (local_is_dir(src) && iamrecursive) { if (upload_dir(conn, src, abs_dst, pflag, - SFTP_PROGRESS_ONLY, 0, 0) != 0) { + SFTP_PROGRESS_ONLY, 0, 0, 1) != 0) { fatal("failed to upload directory %s to %s", src, abs_dst); } @@ -1522,7 +1522,7 @@ sink_sftp(int argc, char *dst, const char *src, struct sftp_conn *conn) debug("Fetching %s to %s\n", g.gl_pathv[i], abs_dst); if (globpath_is_dir(g.gl_pathv[i]) && iamrecursive) { if (download_dir(conn, g.gl_pathv[i], abs_dst, NULL, - pflag, SFTP_PROGRESS_ONLY, 0, 0) == -1) + pflag, SFTP_PROGRESS_ONLY, 0, 0, 1) == -1) err = -1; } else { if (do_download(conn, g.gl_pathv[i], abs_dst, NULL, @@ -1935,7 +1935,7 @@ throughlocal_sftp(struct sftp_conn *from, struct sftp_conn *to, debug("Fetching %s to %s\n", g.gl_pathv[i], abs_dst); if (globpath_is_dir(g.gl_pathv[i]) && iamrecursive) { if (crossload_dir(from, to, g.gl_pathv[i], abs_dst, - NULL, pflag, 1) == -1) + NULL, pflag, SFTP_PROGRESS_ONLY, 1) == -1) err = -1; } else { if (do_crossload(from, to, g.gl_pathv[i], abs_dst, NULL, diff --git a/sftp-client.c b/sftp-client.c index d4ddc94f..40fae328 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.149 2021/08/07 00:10:49 djm Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.150 2021/08/07 00:12:09 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -1615,7 +1615,7 @@ do_download(struct sftp_conn *conn, const char *remote_path, static int download_dir_internal(struct sftp_conn *conn, const char *src, const char *dst, int depth, Attrib *dirattrib, int preserve_flag, int print_flag, - int resume_flag, int fsync_flag) + int resume_flag, int fsync_flag, int follow_link_flag) { int i, ret = 0; SFTP_DIRENT **dir_entries; @@ -1671,12 +1671,20 @@ download_dir_internal(struct sftp_conn *conn, const char *src, const char *dst, continue; if (download_dir_internal(conn, new_src, new_dst, depth + 1, &(dir_entries[i]->a), preserve_flag, - print_flag, resume_flag, fsync_flag) == -1) + print_flag, resume_flag, + fsync_flag, follow_link_flag) == -1) ret = -1; - } else if (S_ISREG(dir_entries[i]->a.perm) ) { + } else if (S_ISREG(dir_entries[i]->a.perm) || + (follow_link_flag && S_ISLNK(dir_entries[i]->a.perm))) { + /* + * If this is a symlink then don't send the link's + * Attrib. do_download() will do a FXP_STAT operation + * and get the link target's attributes. + */ if (do_download(conn, new_src, new_dst, - &(dir_entries[i]->a), preserve_flag, - resume_flag, fsync_flag) == -1) { + S_ISLNK(dir_entries[i]->a.perm) ? NULL : + &(dir_entries[i]->a), + preserve_flag, resume_flag, fsync_flag) == -1) { error("Download of file %s to %s failed", new_src, new_dst); ret = -1; @@ -1714,7 +1722,7 @@ download_dir_internal(struct sftp_conn *conn, const char *src, const char *dst, int download_dir(struct sftp_conn *conn, const char *src, const char *dst, Attrib *dirattrib, int preserve_flag, int print_flag, int resume_flag, - int fsync_flag) + int fsync_flag, int follow_link_flag) { char *src_canon; int ret; @@ -1725,7 +1733,8 @@ download_dir(struct sftp_conn *conn, const char *src, const char *dst, } ret = download_dir_internal(conn, src_canon, dst, 0, - dirattrib, preserve_flag, print_flag, resume_flag, fsync_flag); + dirattrib, preserve_flag, print_flag, resume_flag, fsync_flag, + follow_link_flag); free(src_canon); return ret; } @@ -1936,7 +1945,8 @@ do_upload(struct sftp_conn *conn, const char *local_path, static int upload_dir_internal(struct sftp_conn *conn, const char *src, const char *dst, - int depth, int preserve_flag, int print_flag, int resume, int fsync_flag) + int depth, int preserve_flag, int print_flag, int resume, int fsync_flag, + int follow_link_flag) { int ret = 0; DIR *dirp; @@ -2014,9 +2024,10 @@ upload_dir_internal(struct sftp_conn *conn, const char *src, const char *dst, if (upload_dir_internal(conn, new_src, new_dst, depth + 1, preserve_flag, print_flag, resume, - fsync_flag) == -1) + fsync_flag, follow_link_flag) == -1) ret = -1; - } else if (S_ISREG(sb.st_mode)) { + } else if (S_ISREG(sb.st_mode) || + (follow_link_flag && S_ISLNK(sb.st_mode))) { if (do_upload(conn, new_src, new_dst, preserve_flag, resume, fsync_flag) == -1) { error("Uploading of file %s to %s failed!", @@ -2037,7 +2048,8 @@ upload_dir_internal(struct sftp_conn *conn, const char *src, const char *dst, int upload_dir(struct sftp_conn *conn, const char *src, const char *dst, - int preserve_flag, int print_flag, int resume, int fsync_flag) + int preserve_flag, int print_flag, int resume, int fsync_flag, + int follow_link_flag) { char *dst_canon; int ret; @@ -2048,7 +2060,7 @@ upload_dir(struct sftp_conn *conn, const char *src, const char *dst, } ret = upload_dir_internal(conn, src, dst_canon, 0, preserve_flag, - print_flag, resume, fsync_flag); + print_flag, resume, fsync_flag, follow_link_flag); free(dst_canon); return ret; @@ -2372,7 +2384,8 @@ do_crossload(struct sftp_conn *from, struct sftp_conn *to, static int crossload_dir_internal(struct sftp_conn *from, struct sftp_conn *to, const char *from_path, const char *to_path, - int depth, Attrib *dirattrib, int preserve_flag, int print_flag) + int depth, Attrib *dirattrib, int preserve_flag, int print_flag, + int follow_link_flag) { int i, ret = 0; SFTP_DIRENT **dir_entries; @@ -2394,7 +2407,7 @@ crossload_dir_internal(struct sftp_conn *from, struct sftp_conn *to, error("\"%s\" is not a directory", from_path); return -1; } - if (print_flag) + if (print_flag && print_flag != SFTP_PROGRESS_ONLY) mprintf("Retrieving %s\n", from_path); curdir = *dirattrib; /* dirattrib will be clobbered */ @@ -2446,10 +2459,17 @@ crossload_dir_internal(struct sftp_conn *from, struct sftp_conn *to, if (crossload_dir_internal(from, to, new_from_path, new_to_path, depth + 1, &(dir_entries[i]->a), preserve_flag, - print_flag) == -1) + print_flag, follow_link_flag) == -1) ret = -1; - } else if (S_ISREG(dir_entries[i]->a.perm) ) { + } else if (S_ISREG(dir_entries[i]->a.perm) || + (follow_link_flag && S_ISLNK(dir_entries[i]->a.perm))) { + /* + * If this is a symlink then don't send the link's + * Attrib. do_download() will do a FXP_STAT operation + * and get the link target's attributes. + */ if (do_crossload(from, to, new_from_path, new_to_path, + S_ISLNK(dir_entries[i]->a.perm) ? NULL : &(dir_entries[i]->a), preserve_flag) == -1) { error("Transfer of file %s to %s failed", new_from_path, new_to_path); @@ -2472,7 +2492,7 @@ crossload_dir_internal(struct sftp_conn *from, struct sftp_conn *to, int crossload_dir(struct sftp_conn *from, struct sftp_conn *to, const char *from_path, const char *to_path, - Attrib *dirattrib, int preserve_flag, int print_flag) + Attrib *dirattrib, int preserve_flag, int print_flag, int follow_link_flag) { char *from_path_canon; int ret; @@ -2483,7 +2503,7 @@ crossload_dir(struct sftp_conn *from, struct sftp_conn *to, } ret = crossload_dir_internal(from, to, from_path_canon, to_path, 0, - dirattrib, preserve_flag, print_flag); + dirattrib, preserve_flag, print_flag, follow_link_flag); free(from_path_canon); return ret; } diff --git a/sftp-client.h b/sftp-client.h index 1de6ba8f..00707f7c 100644 --- a/sftp-client.h +++ b/sftp-client.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.h,v 1.32 2021/08/07 00:08:52 djm Exp $ */ +/* $OpenBSD: sftp-client.h,v 1.33 2021/08/07 00:12:09 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller @@ -140,7 +140,7 @@ int do_download(struct sftp_conn *, const char *, const char *, * times if 'pflag' is set */ int download_dir(struct sftp_conn *, const char *, const char *, - Attrib *, int, int, int, int); + Attrib *, int, int, int, int, int); /* * Upload 'local_path' to 'remote_path'. Preserve permissions and times @@ -153,7 +153,7 @@ int do_upload(struct sftp_conn *, const char *, const char *, int, int, int); * times if 'pflag' is set */ int upload_dir(struct sftp_conn *, const char *, const char *, int, int, int, - int); + int, int); /* * Download a 'from_path' from the 'from' connection and upload it to @@ -170,7 +170,8 @@ do_crossload(struct sftp_conn *from, struct sftp_conn *to, */ int crossload_dir(struct sftp_conn *from, struct sftp_conn *to, const char *from_path, const char *to_path, - Attrib *dirattrib, int preserve_flag, int print_flag); + Attrib *dirattrib, int preserve_flag, int print_flag, + int follow_link_flag); /* Concatenate paths, taking care of slashes. Caller must free result. */ char *path_append(const char *, const char *); diff --git a/sftp.c b/sftp.c index 3f46c553..95b2e0b7 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.209 2021/04/03 06:58:30 djm Exp $ */ +/* $OpenBSD: sftp.c,v 1.210 2021/08/07 00:12:09 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -655,10 +655,11 @@ process_get(struct sftp_conn *conn, const char *src, const char *dst, else if (!quiet && !resume) mprintf("Fetching %s to %s\n", g.gl_pathv[i], abs_dst); + /* XXX follow link flag */ if (globpath_is_dir(g.gl_pathv[i]) && (rflag || global_rflag)) { if (download_dir(conn, g.gl_pathv[i], abs_dst, NULL, pflag || global_pflag, 1, resume, - fflag || global_fflag) == -1) + fflag || global_fflag, 0) == -1) err = -1; } else { if (do_download(conn, g.gl_pathv[i], abs_dst, NULL, @@ -748,10 +749,11 @@ process_put(struct sftp_conn *conn, const char *src, const char *dst, else if (!quiet && !resume) mprintf("Uploading %s to %s\n", g.gl_pathv[i], abs_dst); + /* XXX follow_link_flag */ if (globpath_is_dir(g.gl_pathv[i]) && (rflag || global_rflag)) { if (upload_dir(conn, g.gl_pathv[i], abs_dst, pflag || global_pflag, 1, resume, - fflag || global_fflag) == -1) + fflag || global_fflag, 0) == -1) err = -1; } else { if (do_upload(conn, g.gl_pathv[i], abs_dst, -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Sat Aug 7 10:27:24 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Sat, 07 Aug 2021 10:27:24 +1000 Subject: [openssh-commits] [openssh] 10/10: upstream: do_upload() used a near-identical structure for In-Reply-To: <162829603414.13967.17408255365157811656@fuyu.mindrot.org> References: <162829603414.13967.17408255365157811656@fuyu.mindrot.org> Message-ID: <5ca12798c22422f8@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit a9e2c533195f28627f205682482d9da384c4c52e Author: djm at openbsd.org Date: Sat Aug 7 00:14:17 2021 +0000 upstream: do_upload() used a near-identical structure for tracking expected status replies from the server to what do_download() was using. Refactor it to use the same structure and factor out some common code into helper functions. OpenBSD-Commit-ID: 0c167df8ab6df4a5292c32421922b0cf379e9054 --- sftp-client.c | 81 ++++++++++++++++++++++++++++------------------------------- 1 file changed, 39 insertions(+), 42 deletions(-) diff --git a/sftp-client.c b/sftp-client.c index 40fae328..963ad2cc 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.150 2021/08/07 00:12:09 djm Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.151 2021/08/07 00:14:17 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -113,6 +113,32 @@ static u_char * get_handle(struct sftp_conn *conn, u_int expected_id, size_t *len, const char *errfmt, ...) __attribute__((format(printf, 4, 5))); +static struct request * +request_enqueue(struct requests *requests, u_int id, size_t len, + uint64_t offset) +{ + struct request *req; + + req = xcalloc(1, sizeof(*req)); + req->id = id; + req->len = len; + req->offset = offset; + TAILQ_INSERT_TAIL(requests, req, tq); + return req; +} + +static struct request * +request_find(struct requests *requests, u_int id) +{ + struct request *req; + + for (req = TAILQ_FIRST(requests); + req != NULL && req->id != id; + req = TAILQ_NEXT(req, tq)) + ; + return req; +} + /* ARGSUSED */ static int sftpio(void *_bwlimit, size_t amount) @@ -1446,13 +1472,10 @@ do_download(struct sftp_conn *conn, const char *remote_path, (unsigned long long)offset, (unsigned long long)offset + buflen - 1, num_req, max_req); - req = xcalloc(1, sizeof(*req)); - req->id = conn->msg_id++; - req->len = buflen; - req->offset = offset; + req = request_enqueue(&requests, conn->msg_id++, + buflen, offset); offset += buflen; num_req++; - TAILQ_INSERT_TAIL(&requests, req, tq); send_read_request(conn, req->id, req->offset, req->len, handle, handle_len); } @@ -1465,11 +1488,7 @@ do_download(struct sftp_conn *conn, const char *remote_path, debug3("Received reply T:%u I:%u R:%d", type, id, max_req); /* Find the request in our queue */ - for (req = TAILQ_FIRST(&requests); - req != NULL && req->id != id; - req = TAILQ_NEXT(req, tq)) - ; - if (req == NULL) + if ((req = request_find(&requests, id)) == NULL) fatal("Unexpected reply %u", id); switch (type) { @@ -1754,14 +1773,8 @@ do_upload(struct sftp_conn *conn, const char *local_path, Attrib a, *c = NULL; u_int32_t startid; u_int32_t ackid; - struct outstanding_ack { - u_int id; - u_int len; - off_t offset; - TAILQ_ENTRY(outstanding_ack) tq; - }; - TAILQ_HEAD(ackhead, outstanding_ack) acks; - struct outstanding_ack *ack = NULL; + struct request *ack = NULL; + struct requests acks; size_t handle_len; TAILQ_INIT(&acks); @@ -1851,12 +1864,7 @@ do_upload(struct sftp_conn *conn, const char *local_path, strerror(errno)); if (len != 0) { - ack = xcalloc(1, sizeof(*ack)); - ack->id = ++id; - ack->offset = offset; - ack->len = len; - TAILQ_INSERT_TAIL(&acks, ack, tq); - + ack = request_enqueue(&acks, ++id, len, offset); sshbuf_reset(msg); if ((r = sshbuf_put_u8(msg, SSH2_FXP_WRITE)) != 0 || (r = sshbuf_put_u32(msg, ack->id)) != 0 || @@ -1893,15 +1901,11 @@ do_upload(struct sftp_conn *conn, const char *local_path, debug3("SSH2_FXP_STATUS %u", status); /* Find the request in our queue */ - for (ack = TAILQ_FIRST(&acks); - ack != NULL && ack->id != rid; - ack = TAILQ_NEXT(ack, tq)) - ; - if (ack == NULL) + if ((ack = request_find(&acks, rid)) == NULL) fatal("Can't find request for ID %u", rid); TAILQ_REMOVE(&acks, ack, tq); - debug3("In write loop, ack for %u %u bytes at %lld", - ack->id, ack->len, (long long)ack->offset); + debug3("In write loop, ack for %u %zu bytes at %lld", + ack->id, ack->len, (unsigned long long)ack->offset); ++ackid; progress_counter += ack->len; free(ack); @@ -2216,13 +2220,10 @@ do_crossload(struct sftp_conn *from, struct sftp_conn *to, (unsigned long long)offset, (unsigned long long)offset + buflen - 1, num_req, max_req); - req = xcalloc(1, sizeof(*req)); - req->id = from->msg_id++; - req->len = buflen; - req->offset = offset; + req = request_enqueue(&requests, from->msg_id++, + buflen, offset); offset += buflen; num_req++; - TAILQ_INSERT_TAIL(&requests, req, tq); send_read_request(from, req->id, req->offset, req->len, from_handle, from_handle_len); } @@ -2240,11 +2241,7 @@ do_crossload(struct sftp_conn *from, struct sftp_conn *to, type, id, max_req); /* Find the request in our queue */ - for (req = TAILQ_FIRST(&requests); - req != NULL && req->id != id; - req = TAILQ_NEXT(req, tq)) - ; - if (req == NULL) + if ((req = request_find(&requests, id)) == NULL) fatal("Unexpected reply %u", id); switch (type) { -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Sat Aug 7 11:32:31 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Sat, 07 Aug 2021 11:32:31 +1000 Subject: [openssh-commits] [openssh] branch master updated (a9e2c533 -> 397c4d72) Message-ID: <162829995115.16854.16693593198396820420@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a change to branch master in repository openssh. from a9e2c533 upstream: do_upload() used a near-identical structure for new 397c4d72 Include poll.h and friends for struct pollfd. The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit 397c4d72e50023af5fe3aee5cc2ad407a6eb1073 Author: Darren Tucker Date: Sat Aug 7 11:30:57 2021 +1000 Include poll.h and friends for struct pollfd. Summary of changes: sftp-client.c | 7 +++++++ 1 file changed, 7 insertions(+) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Sat Aug 7 11:32:32 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Sat, 07 Aug 2021 11:32:32 +1000 Subject: [openssh-commits] [openssh] 01/01: Include poll.h and friends for struct pollfd. In-Reply-To: <162829995115.16854.16693593198396820420@fuyu.mindrot.org> References: <162829995115.16854.16693593198396820420@fuyu.mindrot.org> Message-ID: <5ca1279f3a96f35c@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit 397c4d72e50023af5fe3aee5cc2ad407a6eb1073 Author: Darren Tucker Date: Sat Aug 7 11:30:57 2021 +1000 Include poll.h and friends for struct pollfd. --- sftp-client.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/sftp-client.c b/sftp-client.c index 963ad2cc..0cfc1f0d 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -37,6 +37,13 @@ #include #include +#ifdef HAVE_POLL_H +#include +#else +# ifdef HAVE_SYS_POLL_H +# include +# endif +#endif #include #include #include -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Sat Aug 7 11:57:20 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Sat, 07 Aug 2021 11:57:20 +1000 Subject: [openssh-commits] [openssh] branch master updated (397c4d72 -> 85de69f6) Message-ID: <162830143986.60450.3077207208721506648@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a change to branch master in repository openssh. from 397c4d72 Include poll.h and friends for struct pollfd. new 85de69f6 upstream: sftp-client.c needs poll.h The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit 85de69f64665245786e28c81ab01fe18b0e2a149 Author: djm at openbsd.org Date: Sat Aug 7 01:55:01 2021 +0000 upstream: sftp-client.c needs poll.h remove unused variable OpenBSD-Commit-ID: 233ac6c012cd23af62f237167a661db391055a16 Summary of changes: sftp-client.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Sat Aug 7 11:57:21 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Sat, 07 Aug 2021 11:57:21 +1000 Subject: [openssh-commits] [openssh] 01/01: upstream: sftp-client.c needs poll.h In-Reply-To: <162830143986.60450.3077207208721506648@fuyu.mindrot.org> References: <162830143986.60450.3077207208721506648@fuyu.mindrot.org> Message-ID: <5ca127a5ac3960cf@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit 85de69f64665245786e28c81ab01fe18b0e2a149 Author: djm at openbsd.org Date: Sat Aug 7 01:55:01 2021 +0000 upstream: sftp-client.c needs poll.h remove unused variable OpenBSD-Commit-ID: 233ac6c012cd23af62f237167a661db391055a16 --- sftp-client.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/sftp-client.c b/sftp-client.c index 0cfc1f0d..943d142f 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.151 2021/08/07 00:14:17 djm Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.152 2021/08/07 01:55:01 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -2149,7 +2149,7 @@ do_crossload(struct sftp_conn *from, struct sftp_conn *to, Attrib *a, int preserve_flag) { struct sshbuf *msg; - int write_error, read_error, lmodified = 0, r; + int write_error, read_error, r; u_int64_t offset = 0, size; u_int id, buflen, num_req, max_req, status = SSH2_FX_OK; u_int num_upload_req; @@ -2271,7 +2271,6 @@ do_crossload(struct sftp_conn *from, struct sftp_conn *to, if (len > req->len) fatal("Received more data than asked for " "%zu > %zu", len, req->len); - lmodified = 1; /* Write this chunk out to the destination */ sshbuf_reset(msg); -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Sat Aug 7 12:11:16 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Sat, 07 Aug 2021 12:11:16 +1000 Subject: [openssh-commits] [openssh] branch master updated (85de69f6 -> cf27810a) Message-ID: <162830227679.16671.742502742533011713@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a change to branch master in repository openssh. from 85de69f6 upstream: sftp-client.c needs poll.h new cf27810a upstream: Fix prototype mismatch for do_cmd. ok djm@ The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit cf27810a649c5cfae60f8ce66eeb25caa53b13bc Author: dtucker at openbsd.org Date: Sat Aug 7 01:57:08 2021 +0000 upstream: Fix prototype mismatch for do_cmd. ok djm@ OpenBSD-Commit-ID: 1c1598bb5237a7ae0be99152f185e0071163714d Summary of changes: scp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Sat Aug 7 12:11:17 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Sat, 07 Aug 2021 12:11:17 +1000 Subject: [openssh-commits] [openssh] 01/01: upstream: Fix prototype mismatch for do_cmd. ok djm@ In-Reply-To: <162830227679.16671.742502742533011713@fuyu.mindrot.org> References: <162830227679.16671.742502742533011713@fuyu.mindrot.org> Message-ID: <5ca127ab93ad7a48@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit cf27810a649c5cfae60f8ce66eeb25caa53b13bc Author: dtucker at openbsd.org Date: Sat Aug 7 01:57:08 2021 +0000 upstream: Fix prototype mismatch for do_cmd. ok djm@ OpenBSD-Commit-ID: 1c1598bb5237a7ae0be99152f185e0071163714d --- scp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scp.c b/scp.c index 3eb0212b..fc97e1e7 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.221 2021/08/07 00:12:09 djm Exp $ */ +/* $OpenBSD: scp.c,v 1.222 2021/08/07 01:57:08 dtucker Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -271,7 +271,7 @@ do_local_cmd(arglist *a) int do_cmd(char *program, char *host, char *remuser, int port, char *cmd, - int *fdin, int *fdout, int *pid) + int *fdin, int *fdout, pid_t *pid) { int pin[2], pout[2], reserved[2]; -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Sun Aug 8 17:41:21 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Sun, 08 Aug 2021 17:41:21 +1000 Subject: [openssh-commits] [openssh] branch master updated (cf27810a -> f2ccf6c9) Message-ID: <162840848148.58451.5574013682018166383@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a change to branch master in repository openssh. from cf27810a upstream: Fix prototype mismatch for do_cmd. ok djm@ new f0aca270 upstream: Drop -q in ssh-log-wrapper.sh to preserve logs. new 71b0eb99 upstream: Move setting of USER further down the startup In portable new f2ccf6c9 Move portable specific settings down. The 3 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit f2ccf6c9f395923695f22345e626dfd691227aaf Author: Darren Tucker Date: Sun Aug 8 17:39:56 2021 +1000 Move portable specific settings down. This brings the top hunk of the file back in sync with OpenBSD so patches to the CVS Id should apply instead of always being rejected. commit 71b0eb997e220b0fc9331635af409ad84979f2af Author: dtucker at openbsd.org Date: Sun Aug 8 07:27:52 2021 +0000 upstream: Move setting of USER further down the startup In portable we have to change this and having it in the same hunk as the CVS Id string means applying changes fails every. single. time. OpenBSD-Regress-ID: 87cd603eb6db58c9b430bf90adacb7f90864429b commit f0aca2706c710a0da1a4be705f825a807cd15400 Author: dtucker at openbsd.org Date: Sun Aug 8 06:38:33 2021 +0000 upstream: Drop -q in ssh-log-wrapper.sh to preserve logs. scp and sftp like to add -q to the command line passed to ssh which overrides the LogLevel we set in the config files and suppresses output to the debug logs so drop any "-q" from the invoked ssh. In the one case where we actually want to use -q in the banner test, call the ssh binary directly bypassing the logging wrapper. OpenBSD-Regress-ID: e2c97d3c964bda33a751374c56f65cdb29755b75 Summary of changes: regress/banner.sh | 6 ++-- regress/test-exec.sh | 91 ++++++++++++++++++++++++++++------------------------ 2 files changed, 53 insertions(+), 44 deletions(-) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Sun Aug 8 17:41:22 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Sun, 08 Aug 2021 17:41:22 +1000 Subject: [openssh-commits] [openssh] 01/03: upstream: Drop -q in ssh-log-wrapper.sh to preserve logs. In-Reply-To: <162840848148.58451.5574013682018166383@fuyu.mindrot.org> References: <162840848148.58451.5574013682018166383@fuyu.mindrot.org> Message-ID: <5ca127c054b4446b@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit f0aca2706c710a0da1a4be705f825a807cd15400 Author: dtucker at openbsd.org Date: Sun Aug 8 06:38:33 2021 +0000 upstream: Drop -q in ssh-log-wrapper.sh to preserve logs. scp and sftp like to add -q to the command line passed to ssh which overrides the LogLevel we set in the config files and suppresses output to the debug logs so drop any "-q" from the invoked ssh. In the one case where we actually want to use -q in the banner test, call the ssh binary directly bypassing the logging wrapper. OpenBSD-Regress-ID: e2c97d3c964bda33a751374c56f65cdb29755b75 --- regress/banner.sh | 6 ++++-- regress/test-exec.sh | 13 +++++++++---- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/regress/banner.sh b/regress/banner.sh index 0d9654fe..a84feb5a 100644 --- a/regress/banner.sh +++ b/regress/banner.sh @@ -1,4 +1,4 @@ -# $OpenBSD: banner.sh,v 1.3 2017/04/30 23:34:55 djm Exp $ +# $OpenBSD: banner.sh,v 1.4 2021/08/08 06:38:33 dtucker Exp $ # Placed in the Public Domain. tid="banner" @@ -37,7 +37,9 @@ done trace "test suppress banner (-q)" verbose "test $tid: suppress banner (-q)" -( ${SSH} -q -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out && \ +# ssh-log-wrapper drops "-q" to preserve debug output so use ssh directly +# for just this test. +( ${REAL_SSH} -q -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out && \ cmp $OBJ/empty.in $OBJ/banner.out ) || \ fail "suppress banner (-q)" diff --git a/regress/test-exec.sh b/regress/test-exec.sh index 706c532b..67136ab6 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: test-exec.sh,v 1.82 2021/06/10 09:37:59 dtucker Exp $ +# $OpenBSD: test-exec.sh,v 1.84 2021/08/08 06:38:33 dtucker Exp $ # Placed in the Public Domain. #SUDO=sudo @@ -254,10 +254,15 @@ fi >$TEST_REGRESS_LOGFILE # Create wrapper ssh with logging. We can't just specify "SSH=ssh -E..." -# because sftp and scp don't handle spaces in arguments. +# because sftp and scp don't handle spaces in arguments. scp and sftp like +# to use -q so we remove those to preserve our debug logging. In the rare +# instance where -q is desirable -qq is equivalent and is not removed. SSHLOGWRAP=$OBJ/ssh-log-wrapper.sh -echo "#!/bin/sh" > $SSHLOGWRAP -echo "exec ${SSH} -E${TEST_SSH_LOGFILE} "'"$@"' >>$SSHLOGWRAP +cat >$SSHLOGWRAP < References: <162840848148.58451.5574013682018166383@fuyu.mindrot.org> Message-ID: <5ca127c29a145cba@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit 71b0eb997e220b0fc9331635af409ad84979f2af Author: dtucker at openbsd.org Date: Sun Aug 8 07:27:52 2021 +0000 upstream: Move setting of USER further down the startup In portable we have to change this and having it in the same hunk as the CVS Id string means applying changes fails every. single. time. OpenBSD-Regress-ID: 87cd603eb6db58c9b430bf90adacb7f90864429b --- regress/test-exec.sh | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/regress/test-exec.sh b/regress/test-exec.sh index 67136ab6..24a2bef6 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: test-exec.sh,v 1.84 2021/08/08 06:38:33 dtucker Exp $ +# $OpenBSD: test-exec.sh,v 1.85 2021/08/08 07:27:52 dtucker Exp $ # Placed in the Public Domain. #SUDO=sudo @@ -27,20 +27,6 @@ if test "x${EGREP}" != "x"; then } fi -if [ -x /usr/ucb/whoami ]; then - USER=`/usr/ucb/whoami` -elif whoami >/dev/null 2>&1; then - USER=`whoami` -elif logname >/dev/null 2>&1; then - USER=`logname` -else - USER=`id -un` -fi -if test -z "$LOGNAME"; then - LOGNAME="${USER}" - export LOGNAME -fi - if [ ! -x "$TEST_SSH_ELAPSED_TIMES" ]; then STARTTIME=`date '+%s'` fi @@ -77,6 +63,20 @@ else fi unset SSH_AUTH_SOCK +if [ -x /usr/ucb/whoami ]; then + USER=`/usr/ucb/whoami` +elif whoami >/dev/null 2>&1; then + USER=`whoami` +elif logname >/dev/null 2>&1; then + USER=`logname` +else + USER=`id -un` +fi +if test -z "$LOGNAME"; then + LOGNAME="${USER}" + export LOGNAME +fi + SRC=`dirname ${SCRIPT}` # defaults -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Sun Aug 8 17:41:24 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Sun, 08 Aug 2021 17:41:24 +1000 Subject: [openssh-commits] [openssh] 03/03: Move portable specific settings down. In-Reply-To: <162840848148.58451.5574013682018166383@fuyu.mindrot.org> References: <162840848148.58451.5574013682018166383@fuyu.mindrot.org> Message-ID: <5ca127c4ea761c16@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit f2ccf6c9f395923695f22345e626dfd691227aaf Author: Darren Tucker Date: Sun Aug 8 17:39:56 2021 +1000 Move portable specific settings down. This brings the top hunk of the file back in sync with OpenBSD so patches to the CVS Id should apply instead of always being rejected. --- regress/test-exec.sh | 50 ++++++++++++++++++++++++++------------------------ 1 file changed, 26 insertions(+), 24 deletions(-) diff --git a/regress/test-exec.sh b/regress/test-exec.sh index 24a2bef6..73512a61 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -3,30 +3,6 @@ #SUDO=sudo -# Unbreak GNU head(1) -_POSIX2_VERSION=199209 -export _POSIX2_VERSION - -case `uname -s 2>/dev/null` in -OSF1*) - BIN_SH=xpg4 - export BIN_SH - ;; -CYGWIN*) - os=cygwin - ;; -esac - -# If configure tells us to use a different egrep, create a wrapper function -# to call it. This means we don't need to change all the tests that depend -# on a good implementation. -if test "x${EGREP}" != "x"; then - egrep () -{ - ${EGREP} "$@" -} -fi - if [ ! -x "$TEST_SSH_ELAPSED_TIMES" ]; then STARTTIME=`date '+%s'` fi @@ -63,6 +39,8 @@ else fi unset SSH_AUTH_SOCK +# Portable-specific settings. + if [ -x /usr/ucb/whoami ]; then USER=`/usr/ucb/whoami` elif whoami >/dev/null 2>&1; then @@ -77,6 +55,30 @@ if test -z "$LOGNAME"; then export LOGNAME fi +# Unbreak GNU head(1) +_POSIX2_VERSION=199209 +export _POSIX2_VERSION + +case `uname -s 2>/dev/null` in +OSF1*) + BIN_SH=xpg4 + export BIN_SH + ;; +CYGWIN*) + os=cygwin + ;; +esac + +# If configure tells us to use a different egrep, create a wrapper function +# to call it. This means we don't need to change all the tests that depend +# on a good implementation. +if test "x${EGREP}" != "x"; then + egrep () +{ + ${EGREP} "$@" +} +fi + SRC=`dirname ${SCRIPT}` # defaults -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Sun Aug 8 18:43:52 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Sun, 08 Aug 2021 18:43:52 +1000 Subject: [openssh-commits] [openssh] branch master updated (f2ccf6c9 -> 86b4cb3a) Message-ID: <162841223199.67510.15886407333466041123@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a change to branch master in repository openssh. from f2ccf6c9 Move portable specific settings down. new 86b4cb3a upstream: Although it's POSIX, not all shells used in Portable support The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit 86b4cb3a884846b358305aad17a6ef53045fa41f Author: dtucker at openbsd.org Date: Sun Aug 8 08:27:28 2021 +0000 upstream: Although it's POSIX, not all shells used in Portable support the implicit 'in "$@"' after 'for i'. OpenBSD-Regress-ID: 3c9aec6bca4868f85d2742b6ba5223fce110bdbc Summary of changes: regress/test-exec.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Sun Aug 8 18:43:53 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Sun, 08 Aug 2021 18:43:53 +1000 Subject: [openssh-commits] [openssh] 01/01: upstream: Although it's POSIX, not all shells used in Portable support In-Reply-To: <162841223199.67510.15886407333466041123@fuyu.mindrot.org> References: <162841223199.67510.15886407333466041123@fuyu.mindrot.org> Message-ID: <5ca127cba553e838@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit 86b4cb3a884846b358305aad17a6ef53045fa41f Author: dtucker at openbsd.org Date: Sun Aug 8 08:27:28 2021 +0000 upstream: Although it's POSIX, not all shells used in Portable support the implicit 'in "$@"' after 'for i'. OpenBSD-Regress-ID: 3c9aec6bca4868f85d2742b6ba5223fce110bdbc --- regress/test-exec.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/regress/test-exec.sh b/regress/test-exec.sh index 73512a61..db6d6161 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: test-exec.sh,v 1.85 2021/08/08 07:27:52 dtucker Exp $ +# $OpenBSD: test-exec.sh,v 1.86 2021/08/08 08:27:28 dtucker Exp $ # Placed in the Public Domain. #SUDO=sudo @@ -262,7 +262,7 @@ fi SSHLOGWRAP=$OBJ/ssh-log-wrapper.sh cat >$SSHLOGWRAP < 724eb900) Message-ID: <162841410161.841.18261878642651441523@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a change to branch master in repository openssh. from 86b4cb3a upstream: Although it's POSIX, not all shells used in Portable support new 724eb900 upstream: xstrdup environment variable used by ForwardAgent. bz#3328 The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit 724eb900ace30661d45db2ba01d0f924d95ecccb Author: dtucker at openbsd.org Date: Sun Aug 8 08:49:09 2021 +0000 upstream: xstrdup environment variable used by ForwardAgent. bz#3328 from goetze at dovetail.com, ok djm@ deraadt@ OpenBSD-Commit-ID: 760320dac1c3b26904284ba417a7d63fccc5e742 Summary of changes: ssh.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Sun Aug 8 19:15:02 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Sun, 08 Aug 2021 19:15:02 +1000 Subject: [openssh-commits] [openssh] 01/01: upstream: xstrdup environment variable used by ForwardAgent. bz#3328 In-Reply-To: <162841410161.841.18261878642651441523@fuyu.mindrot.org> References: <162841410161.841.18261878642651441523@fuyu.mindrot.org> Message-ID: <5ca127d11b9769ce@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit 724eb900ace30661d45db2ba01d0f924d95ecccb Author: dtucker at openbsd.org Date: Sun Aug 8 08:49:09 2021 +0000 upstream: xstrdup environment variable used by ForwardAgent. bz#3328 from goetze at dovetail.com, ok djm@ deraadt@ OpenBSD-Commit-ID: 760320dac1c3b26904284ba417a7d63fccc5e742 --- ssh.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssh.c b/ssh.c index b0b8f82f..533a6aa9 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.565 2021/07/23 05:24:02 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.566 2021/08/08 08:49:09 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1630,7 +1630,7 @@ main(int ac, char **av) fatal("Invalid ForwardAgent environment variable name %s", cp); } if ((p = getenv(cp + 1)) != NULL) - forward_agent_sock_path = p; + forward_agent_sock_path = xstrdup(p); else options.forward_agent = 0; free(cp); -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Aug 10 12:47:58 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 10 Aug 2021 12:47:58 +1000 Subject: [openssh-commits] [openssh] branch master updated (724eb900 -> bfdd4b72) Message-ID: <162856367868.62374.11339246057684655526@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a change to branch master in repository openssh. from 724eb900 upstream: xstrdup environment variable used by ForwardAgent. bz#3328 new 2b67932b upstream: on fatal errors, make scp wait for ssh connection before new 986abe94 upstream: show only the final path component in the progress meter; new 2ae77717 upstream: rever r1.223 - I accidentally committed unrelated changes new b4b3f3da upstream: on fatal errors, make scp wait for ssh connection before new 41b019ac upstream: when scp is in SFTP mode, try to deal better with ~ new 2ab86401 upstream: SFTP protocol extension to allow the server to expand new 2f7a3b51 upstream: make scp in SFTP mode try to use relative paths as much new bfdd4b72 upstream: make scp -3 the default for remote-to-remote copies. It The 8 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit bfdd4b722f124a4fa9173d20dd64dd0fc69856be Author: djm at openbsd.org Date: Mon Aug 9 23:56:36 2021 +0000 upstream: make scp -3 the default for remote-to-remote copies. It provides a much better and more intuitive user experience and doesn't require exposing credentials to the source host. thanks naddy@ for catching the missing argument in usage() "Yes please!" - markus@ "makes a lot of sense" - deraadt@ "the right thing to do" - dtucker@ OpenBSD-Commit-ID: d0d2af5f0965c5192ba5b2fa461c9f9b130e5dd9 commit 2f7a3b51cef689ad9e93d0c6c17db5a194eb5555 Author: djm at openbsd.org Date: Mon Aug 9 23:49:31 2021 +0000 upstream: make scp in SFTP mode try to use relative paths as much as possible. Previosuly, it would try to make relative and ~/-rooted paths absolute before requesting transfers. prompted by and much discussion deraadt@ ok markus@ OpenBSD-Commit-ID: 46639d382ea99546a4914b545fa7b00fa1be5566 commit 2ab864010e0a93c5dd95116fb5ceaf430e2fc23c Author: djm at openbsd.org Date: Mon Aug 9 23:47:44 2021 +0000 upstream: SFTP protocol extension to allow the server to expand ~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept these paths, like scp in rcp mode does. prompted by and much discussion deraadt@ ok markus@ OpenBSD-Commit-ID: 7d794def9e4de348e1e777f6030fc9bafdfff392 commit 41b019ac067f1d1f7d99914d0ffee4d2a547c3d8 Author: djm at openbsd.org Date: Mon Aug 9 23:44:32 2021 +0000 upstream: when scp is in SFTP mode, try to deal better with ~ prefixed paths. ~user paths aren't supported, but ~/ paths will be accepted and prefixed with the SFTP server starting directory (more to come) prompted by and discussed with deraadt@ ok markus@ OpenBSD-Commit-ID: 263a071f14555c045fd03132a8fb6cbd983df00d commit b4b3f3da6cdceb3fd168b5fab69d11fba73bd0ae Author: djm at openbsd.org Date: Mon Aug 9 07:21:01 2021 +0000 upstream: on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@ (this was originally committed as r1.223 along with unrelated stuff that I rolled back in r1.224) OpenBSD-Commit-ID: 1261fd667ad918484889ed3d7aec074f3956a74b commit 2ae7771749e0b4cecb107f9d4860bec16c3f4245 Author: djm at openbsd.org Date: Mon Aug 9 07:19:12 2021 +0000 upstream: rever r1.223 - I accidentally committed unrelated changes OpenBSD-Commit-ID: fb73f3865b2647a27dd94db73d6589506a9625f9 commit 986abe94d481a1e82a01747360bd767b96b41eda Author: djm at openbsd.org Date: Mon Aug 9 07:16:09 2021 +0000 upstream: show only the final path component in the progress meter; more useful with long paths (that may truncate) and better matches traditional scp behaviour; spotted by naddy@ ok deraadt@ OpenBSD-Commit-ID: 26b544d0074f03ebb8a3ebce42317d8d7ee291a3 commit 2b67932bb3176dee4fd447af4368789e04a82b93 Author: djm at openbsd.org Date: Mon Aug 9 07:13:54 2021 +0000 upstream: on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@ OpenBSD-Commit-ID: ef9dab5ef5ae54a6a4c3b15d380568e94263456c Summary of changes: .depend | 96 ++++++++++++++++++++++++------------------------- PROTOCOL | 21 ++++++++++- misc.c | 49 +++++++++++++++++-------- misc.h | 3 +- scp.1 | 20 ++++++++--- scp.c | 113 ++++++++++++++++++++++++++++++---------------------------- sftp-client.c | 91 +++++++++++++++++++++++++++++++++++++--------- sftp-client.h | 10 ++++-- sftp-server.c | 63 +++++++++++++++++++++++++++++++- 9 files changed, 322 insertions(+), 144 deletions(-) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Aug 10 12:48:00 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 10 Aug 2021 12:48:00 +1000 Subject: [openssh-commits] [openssh] 02/08: upstream: show only the final path component in the progress meter; In-Reply-To: <162856367868.62374.11339246057684655526@fuyu.mindrot.org> References: <162856367868.62374.11339246057684655526@fuyu.mindrot.org> Message-ID: <5ca127f7129129f1@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit 986abe94d481a1e82a01747360bd767b96b41eda Author: djm at openbsd.org Date: Mon Aug 9 07:16:09 2021 +0000 upstream: show only the final path component in the progress meter; more useful with long paths (that may truncate) and better matches traditional scp behaviour; spotted by naddy@ ok deraadt@ OpenBSD-Commit-ID: 26b544d0074f03ebb8a3ebce42317d8d7ee291a3 --- sftp-client.c | 34 ++++++++++++++++++++++++++-------- 1 file changed, 26 insertions(+), 8 deletions(-) diff --git a/sftp-client.c b/sftp-client.c index 943d142f..ce31c35a 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.152 2021/08/07 01:55:01 djm Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.153 2021/08/09 07:16:09 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -1370,6 +1370,19 @@ send_open(struct sftp_conn *conn, const char *path, const char *tag, return 0; } +static const char * +progress_meter_path(const char *path) +{ + const char *progresspath; + + if ((progresspath = strrchr(path, '/')) == NULL) + return path; + progresspath++; + if (*progresspath == '\0') + return path; + return progresspath; +} + int do_download(struct sftp_conn *conn, const char *remote_path, const char *local_path, Attrib *a, int preserve_flag, int resume_flag, @@ -1453,8 +1466,10 @@ do_download(struct sftp_conn *conn, const char *remote_path, max_req = 1; progress_counter = offset; - if (showprogress && size != 0) - start_progress_meter(remote_path, size, &progress_counter); + if (showprogress && size != 0) { + start_progress_meter(progress_meter_path(remote_path), + size, &progress_counter); + } if ((msg = sshbuf_new()) == NULL) fatal_f("sshbuf_new failed"); @@ -1844,9 +1859,10 @@ do_upload(struct sftp_conn *conn, const char *local_path, /* Read from local and write to remote */ offset = progress_counter = (resume ? c->size : 0); - if (showprogress) - start_progress_meter(local_path, sb.st_size, - &progress_counter); + if (showprogress) { + start_progress_meter(progress_meter_path(local_path), + sb.st_size, &progress_counter); + } if ((msg = sshbuf_new()) == NULL) fatal_f("sshbuf_new failed"); @@ -2203,8 +2219,10 @@ do_crossload(struct sftp_conn *from, struct sftp_conn *to, max_req = 1; progress_counter = 0; - if (showprogress && size != 0) - start_progress_meter(from_path, size, &progress_counter); + if (showprogress && size != 0) { + start_progress_meter(progress_meter_path(from_path), + size, &progress_counter); + } if ((msg = sshbuf_new()) == NULL) fatal_f("sshbuf_new failed"); while (num_req > 0 || max_req > 0) { -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Aug 10 12:48:01 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 10 Aug 2021 12:48:01 +1000 Subject: [openssh-commits] [openssh] 03/08: upstream: rever r1.223 - I accidentally committed unrelated changes In-Reply-To: <162856367868.62374.11339246057684655526@fuyu.mindrot.org> References: <162856367868.62374.11339246057684655526@fuyu.mindrot.org> Message-ID: <5ca127f91fe48825@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit 2ae7771749e0b4cecb107f9d4860bec16c3f4245 Author: djm at openbsd.org Date: Mon Aug 9 07:19:12 2021 +0000 upstream: rever r1.223 - I accidentally committed unrelated changes OpenBSD-Commit-ID: fb73f3865b2647a27dd94db73d6589506a9625f9 --- scp.c | 89 +++++++++++++++++++------------------------------------------------ 1 file changed, 25 insertions(+), 64 deletions(-) diff --git a/scp.c b/scp.c index c975e1c6..894f4c8e 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.223 2021/08/09 07:13:54 djm Exp $ */ +/* $OpenBSD: scp.c,v 1.224 2021/08/09 07:19:12 djm Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -165,7 +165,7 @@ int showprogress = 1; * This is set to non-zero if remote-remote copy should be piped * through this process. */ -int throughlocal = 1; +int throughlocal = 0; /* Non-standard port to use for the ssh connection or -1. */ int sshport = -1; @@ -448,7 +448,8 @@ main(int argc, char **argv) const char *errstr; extern char *optarg; extern int optind; - enum scp_mode_e mode = MODE_SFTP; + /* For now, keep SCP as default */ + enum scp_mode_e mode = MODE_SCP; char *sftp_direct = NULL; /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ @@ -481,7 +482,7 @@ main(int argc, char **argv) fflag = Tflag = tflag = 0; while ((ch = getopt(argc, argv, - "12346ABCORTdfpqrtvD:F:J:P:S:c:i:l:o:")) != -1) { + "12346ABCTdfpqrtvD:F:J:M:P:S:c:i:l:o:")) != -1) { switch (ch) { /* User-visible flags. */ case '1': @@ -503,9 +504,6 @@ main(int argc, char **argv) case '3': throughlocal = 1; break; - case 'R': - throughlocal = 0; - break; case 'o': case 'c': case 'i': @@ -516,9 +514,6 @@ main(int argc, char **argv) addargs(&args, "-%c", ch); addargs(&args, "%s", optarg); break; - case 'O': - mode = MODE_SCP; - break; case 'P': sshport = a2port(optarg); if (sshport <= 0) @@ -528,6 +523,14 @@ main(int argc, char **argv) addargs(&remote_remote_args, "-oBatchmode=yes"); addargs(&args, "-oBatchmode=yes"); break; + case 'M': + if (strcmp(optarg, "sftp") == 0) + mode = MODE_SFTP; + else if (strcmp(optarg, "scp") == 0) + mode = MODE_SCP; + else + usage(); + break; case 'l': limit_kbps = strtonum(optarg, 1, 100 * 1024 * 1024, &errstr); @@ -1250,29 +1253,6 @@ tolocal(int argc, char **argv, enum scp_mode_e mode, char *sftp_direct) free(src); } -/* Canonicalise a remote path, handling ~ by assuming cwd is the homedir */ -static char * -absolute_remote_path(const char *path, const char *remote_path) -{ - char *ret; - - /* Handle ~ prefixed paths */ - if (*path != '~') - ret = xstrdup(path); - else { - if (strcmp(path, "~") == 0) - ret = xstrdup(""); - else if (strncmp(path, "~/", 2) == 0) - ret = xstrdup(path + 2); - else { - /* XXX could be supported with protocol extension */ - error("~user paths are not currently supported"); - return NULL; - } - } - return make_absolute(ret, remote_path); -} - void source_sftp(int argc, char *src, char *targ, struct sftp_conn *conn, char **remote_path) @@ -1293,8 +1273,8 @@ source_sftp(int argc, char *src, char *targ, * No need to glob here - the local shell already took care of * the expansions */ - if ((target = absolute_remote_path(targ, *remote_path)) == NULL) - cleanup_exit(255); + target = xstrdup(targ); + target = make_absolute(target, *remote_path); target_is_dir = remote_is_dir(conn, target); if (targetshouldbedirectory && !target_is_dir) { fatal("Target is not a directory, but more files selected " @@ -1491,7 +1471,6 @@ sink_sftp(int argc, char *dst, const char *src, struct sftp_conn *conn) char *filename, *tmp = NULL, *remote_path = NULL; int i, r, err = 0; - memset(&g, 0, sizeof(g)); /* * Here, we need remote glob as SFTP can not depend on remote shell * expansions @@ -1505,11 +1484,10 @@ sink_sftp(int argc, char *dst, const char *src, struct sftp_conn *conn) goto out; } - if ((abs_src = absolute_remote_path(src, remote_path)) == NULL) { - err = -1; - goto out; - } + abs_src = xstrdup(src); + abs_src = make_absolute(abs_src, remote_path); free(remote_path); + memset(&g, 0, sizeof(g)); debug3_f("copying remote %s to local %s", abs_src, dst); if ((r = remote_glob(conn, abs_src, GLOB_MARK, NULL, &g)) != 0) { @@ -1917,10 +1895,11 @@ throughlocal_sftp(struct sftp_conn *from, struct sftp_conn *to, if ((filename = basename(src)) == NULL) fatal("basename %s: %s", src, strerror(errno)); - if ((abs_src = absolute_remote_path(src, from_remote_path)) == NULL || - (target = absolute_remote_path(targ, *to_remote_path)) == NULL) - cleanup_exit(255); + abs_src = xstrdup(src); + abs_src = make_absolute(abs_src, from_remote_path); free(from_remote_path); + target = xstrdup(targ); + target = make_absolute(target, *to_remote_path); memset(&g, 0, sizeof(g)); targetisdir = remote_is_dir(to, target); @@ -2021,9 +2000,9 @@ void usage(void) { (void) fprintf(stderr, - "usage: scp [-346ABCOpqrTv] [-c cipher] [-D sftp_server_path] [-F ssh_config]\n" - " [-i identity_file] [-J destination] [-l limit] [-o ssh_option]\n" - " [-P port] [-S program] source ... target\n"); + "usage: scp [-346ABCpqrTv] [-c cipher] [-D sftp_server_path] [-F ssh_config]\n" + " [-i identity_file] [-J destination] [-l limit] [-M scp|sftp]\n" + " [-o ssh_option] [-P port] [-S program] source ... target\n"); exit(1); } @@ -2162,21 +2141,3 @@ lostconn(int signo) else exit(1); } - -void -cleanup_exit(int i) -{ - if (remin > 0) - close(remin); - if (remout > 0) - close(remout); - if (remin2 > 0) - close(remin2); - if (remout2 > 0) - close(remout2); - if (do_cmd_pid > 0) - waitpid(do_cmd_pid, NULL, 0); - if (do_cmd_pid2 > 0) - waitpid(do_cmd_pid2, NULL, 0); - exit(i); -} -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Aug 10 12:48:02 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 10 Aug 2021 12:48:02 +1000 Subject: [openssh-commits] [openssh] 04/08: upstream: on fatal errors, make scp wait for ssh connection before In-Reply-To: <162856367868.62374.11339246057684655526@fuyu.mindrot.org> References: <162856367868.62374.11339246057684655526@fuyu.mindrot.org> Message-ID: <5ca127fbe303c70e@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit b4b3f3da6cdceb3fd168b5fab69d11fba73bd0ae Author: djm at openbsd.org Date: Mon Aug 9 07:21:01 2021 +0000 upstream: on fatal errors, make scp wait for ssh connection before exiting avoids LogLevel=verbose (or greater) messages from ssh appearing after scp has returned exited and control has returned to the shell; ok markus@ (this was originally committed as r1.223 along with unrelated stuff that I rolled back in r1.224) OpenBSD-Commit-ID: 1261fd667ad918484889ed3d7aec074f3956a74b --- scp.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/scp.c b/scp.c index 894f4c8e..21467c46 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.224 2021/08/09 07:19:12 djm Exp $ */ +/* $OpenBSD: scp.c,v 1.225 2021/08/09 07:21:01 djm Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -2141,3 +2141,21 @@ lostconn(int signo) else exit(1); } + +void +cleanup_exit(int i) +{ + if (remin > 0) + close(remin); + if (remout > 0) + close(remout); + if (remin2 > 0) + close(remin2); + if (remout2 > 0) + close(remout2); + if (do_cmd_pid > 0) + waitpid(do_cmd_pid, NULL, 0); + if (do_cmd_pid2 > 0) + waitpid(do_cmd_pid2, NULL, 0); + exit(i); +} -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Aug 10 12:48:03 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 10 Aug 2021 12:48:03 +1000 Subject: [openssh-commits] [openssh] 05/08: upstream: when scp is in SFTP mode, try to deal better with ~ In-Reply-To: <162856367868.62374.11339246057684655526@fuyu.mindrot.org> References: <162856367868.62374.11339246057684655526@fuyu.mindrot.org> Message-ID: <5ca127fda9ceb860@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit 41b019ac067f1d1f7d99914d0ffee4d2a547c3d8 Author: djm at openbsd.org Date: Mon Aug 9 23:44:32 2021 +0000 upstream: when scp is in SFTP mode, try to deal better with ~ prefixed paths. ~user paths aren't supported, but ~/ paths will be accepted and prefixed with the SFTP server starting directory (more to come) prompted by and discussed with deraadt@ ok markus@ OpenBSD-Commit-ID: 263a071f14555c045fd03132a8fb6cbd983df00d --- scp.c | 44 ++++++++++++++++++++++++++++++++++---------- 1 file changed, 34 insertions(+), 10 deletions(-) diff --git a/scp.c b/scp.c index 21467c46..fe3ac701 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.225 2021/08/09 07:21:01 djm Exp $ */ +/* $OpenBSD: scp.c,v 1.226 2021/08/09 23:44:32 djm Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -1253,6 +1253,29 @@ tolocal(int argc, char **argv, enum scp_mode_e mode, char *sftp_direct) free(src); } +/* Canonicalise a remote path, handling ~ by assuming cwd is the homedir */ +static char * +absolute_remote_path(const char *path, const char *remote_path) +{ + char *ret; + + /* Handle ~ prefixed paths */ + if (*path != '~') + ret = xstrdup(path); + else { + if (strcmp(path, "~") == 0) + ret = xstrdup(""); + else if (strncmp(path, "~/", 2) == 0) + ret = xstrdup(path + 2); + else { + /* XXX could be supported with protocol extension */ + error("~user paths are not currently supported"); + return NULL; + } + } + return make_absolute(ret, remote_path); +} + void source_sftp(int argc, char *src, char *targ, struct sftp_conn *conn, char **remote_path) @@ -1273,8 +1296,8 @@ source_sftp(int argc, char *src, char *targ, * No need to glob here - the local shell already took care of * the expansions */ - target = xstrdup(targ); - target = make_absolute(target, *remote_path); + if ((target = absolute_remote_path(targ, *remote_path)) == NULL) + cleanup_exit(255); target_is_dir = remote_is_dir(conn, target); if (targetshouldbedirectory && !target_is_dir) { fatal("Target is not a directory, but more files selected " @@ -1471,6 +1494,7 @@ sink_sftp(int argc, char *dst, const char *src, struct sftp_conn *conn) char *filename, *tmp = NULL, *remote_path = NULL; int i, r, err = 0; + memset(&g, 0, sizeof(g)); /* * Here, we need remote glob as SFTP can not depend on remote shell * expansions @@ -1484,10 +1508,11 @@ sink_sftp(int argc, char *dst, const char *src, struct sftp_conn *conn) goto out; } - abs_src = xstrdup(src); - abs_src = make_absolute(abs_src, remote_path); + if ((abs_src = absolute_remote_path(src, remote_path)) == NULL) { + err = -1; + goto out; + } free(remote_path); - memset(&g, 0, sizeof(g)); debug3_f("copying remote %s to local %s", abs_src, dst); if ((r = remote_glob(conn, abs_src, GLOB_MARK, NULL, &g)) != 0) { @@ -1895,11 +1920,10 @@ throughlocal_sftp(struct sftp_conn *from, struct sftp_conn *to, if ((filename = basename(src)) == NULL) fatal("basename %s: %s", src, strerror(errno)); - abs_src = xstrdup(src); - abs_src = make_absolute(abs_src, from_remote_path); + if ((abs_src = absolute_remote_path(src, from_remote_path)) == NULL || + (target = absolute_remote_path(targ, *to_remote_path)) == NULL) + cleanup_exit(255); free(from_remote_path); - target = xstrdup(targ); - target = make_absolute(target, *to_remote_path); memset(&g, 0, sizeof(g)); targetisdir = remote_is_dir(to, target); -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Aug 10 12:48:04 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 10 Aug 2021 12:48:04 +1000 Subject: [openssh-commits] [openssh] 06/08: upstream: SFTP protocol extension to allow the server to expand In-Reply-To: <162856367868.62374.11339246057684655526@fuyu.mindrot.org> References: <162856367868.62374.11339246057684655526@fuyu.mindrot.org> Message-ID: <5ca127ff759aa3d5@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit 2ab864010e0a93c5dd95116fb5ceaf430e2fc23c Author: djm at openbsd.org Date: Mon Aug 9 23:47:44 2021 +0000 upstream: SFTP protocol extension to allow the server to expand ~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept these paths, like scp in rcp mode does. prompted by and much discussion deraadt@ ok markus@ OpenBSD-Commit-ID: 7d794def9e4de348e1e777f6030fc9bafdfff392 --- PROTOCOL | 21 +++++++++++++++++++- misc.c | 49 +++++++++++++++++++++++++++++++++------------- misc.h | 3 ++- scp.c | 17 ++++++++++------ sftp-client.c | 59 +++++++++++++++++++++++++++++++++++++++++++++---------- sftp-client.h | 10 ++++++++-- sftp-server.c | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 7 files changed, 187 insertions(+), 35 deletions(-) diff --git a/PROTOCOL b/PROTOCOL index 0b2ea60a..3141cda6 100644 --- a/PROTOCOL +++ b/PROTOCOL @@ -525,6 +525,25 @@ limits. This extension is advertised in the SSH_FXP_VERSION hello with version "1". +3.9. sftp: Extension request "expand-path at openssh.com" + +This request supports canonicalisation of relative paths and +those that need tilde-expansion, i.e. "~", "~/..." and "~user/..." +These paths are expanded using shell-like rules and the resultant +path is canonicalised similarly to SSH2_FXP_REALPATH. + +It is implemented as a SSH_FXP_EXTENDED request with the following +format: + + uint32 id + string "expand-path at openssh.com" + string path + +Its reply is the same format as that of SSH2_FXP_REALPATH. + +This extension is advertised in the SSH_FXP_VERSION hello with version +"1". + 4. Miscellaneous changes 4.1 Public key format @@ -556,4 +575,4 @@ OpenSSH's connection multiplexing uses messages as described in PROTOCOL.mux over a Unix domain socket for communications between a master instance and later clients. -$OpenBSD: PROTOCOL,v 1.41 2021/02/18 02:49:35 djm Exp $ +$OpenBSD: PROTOCOL,v 1.42 2021/08/09 23:47:44 djm Exp $ diff --git a/misc.c b/misc.c index adfe9033..b8d1040d 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.168 2021/07/12 06:22:57 dtucker Exp $ */ +/* $OpenBSD: misc.c,v 1.169 2021/08/09 23:47:44 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005-2020 Damien Miller. All rights reserved. @@ -1115,29 +1115,37 @@ freeargs(arglist *args) * Expands tildes in the file name. Returns data allocated by xmalloc. * Warning: this calls getpw*. */ -char * -tilde_expand_filename(const char *filename, uid_t uid) +int +tilde_expand(const char *filename, uid_t uid, char **retp) { const char *path, *sep; char user[128], *ret; struct passwd *pw; u_int len, slash; - if (*filename != '~') - return (xstrdup(filename)); + if (*filename != '~') { + *retp = xstrdup(filename); + return 0; + } filename++; path = strchr(filename, '/'); if (path != NULL && path > filename) { /* ~user/path */ slash = path - filename; - if (slash > sizeof(user) - 1) - fatal("tilde_expand_filename: ~username too long"); + if (slash > sizeof(user) - 1) { + error_f("~username too long"); + return -1; + } memcpy(user, filename, slash); user[slash] = '\0'; - if ((pw = getpwnam(user)) == NULL) - fatal("tilde_expand_filename: No such user %s", user); - } else if ((pw = getpwuid(uid)) == NULL) /* ~/path */ - fatal("tilde_expand_filename: No such uid %ld", (long)uid); + if ((pw = getpwnam(user)) == NULL) { + error_f("No such user %s", user); + return -1; + } + } else if ((pw = getpwuid(uid)) == NULL) { /* ~/path */ + error_f("No such uid %ld", (long)uid); + return -1; + } /* Make sure directory has a trailing '/' */ len = strlen(pw->pw_dir); @@ -1150,10 +1158,23 @@ tilde_expand_filename(const char *filename, uid_t uid) if (path != NULL) filename = path + 1; - if (xasprintf(&ret, "%s%s%s", pw->pw_dir, sep, filename) >= PATH_MAX) - fatal("tilde_expand_filename: Path too long"); + if (xasprintf(&ret, "%s%s%s", pw->pw_dir, sep, filename) >= PATH_MAX) { + error_f("Path too long"); + return -1; + } - return (ret); + *retp = ret; + return 0; +} + +char * +tilde_expand_filename(const char *filename, uid_t uid) +{ + char *ret; + + if (tilde_expand(filename, uid, &ret) != 0) + cleanup_exit(255); + return ret; } /* diff --git a/misc.h b/misc.h index dd899a32..2e2dca54 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.97 2021/06/08 06:54:40 djm Exp $ */ +/* $OpenBSD: misc.h,v 1.98 2021/08/09 23:47:44 djm Exp $ */ /* * Author: Tatu Ylonen @@ -71,6 +71,7 @@ int parse_user_host_port(const char *, char **, char **, int *); int parse_uri(const char *, const char *, char **, char **, int *, char **); int convtime(const char *); const char *fmt_timeframe(time_t t); +int tilde_expand(const char *, uid_t, char **); char *tilde_expand_filename(const char *, uid_t); char *dollar_expand(int *, const char *string, ...); diff --git a/scp.c b/scp.c index fe3ac701..a0377c6c 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.226 2021/08/09 23:44:32 djm Exp $ */ +/* $OpenBSD: scp.c,v 1.227 2021/08/09 23:47:44 djm Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -1255,10 +1255,14 @@ tolocal(int argc, char **argv, enum scp_mode_e mode, char *sftp_direct) /* Canonicalise a remote path, handling ~ by assuming cwd is the homedir */ static char * -absolute_remote_path(const char *path, const char *remote_path) +absolute_remote_path(struct sftp_conn *conn, const char *path, + const char *remote_path) { char *ret; + if (can_expand_path(conn)) + return do_expand_path(conn, path); + /* Handle ~ prefixed paths */ if (*path != '~') ret = xstrdup(path); @@ -1296,7 +1300,7 @@ source_sftp(int argc, char *src, char *targ, * No need to glob here - the local shell already took care of * the expansions */ - if ((target = absolute_remote_path(targ, *remote_path)) == NULL) + if ((target = absolute_remote_path(conn, targ, *remote_path)) == NULL) cleanup_exit(255); target_is_dir = remote_is_dir(conn, target); if (targetshouldbedirectory && !target_is_dir) { @@ -1508,7 +1512,7 @@ sink_sftp(int argc, char *dst, const char *src, struct sftp_conn *conn) goto out; } - if ((abs_src = absolute_remote_path(src, remote_path)) == NULL) { + if ((abs_src = absolute_remote_path(conn, src, remote_path)) == NULL) { err = -1; goto out; } @@ -1920,8 +1924,9 @@ throughlocal_sftp(struct sftp_conn *from, struct sftp_conn *to, if ((filename = basename(src)) == NULL) fatal("basename %s: %s", src, strerror(errno)); - if ((abs_src = absolute_remote_path(src, from_remote_path)) == NULL || - (target = absolute_remote_path(targ, *to_remote_path)) == NULL) + if ((abs_src = absolute_remote_path(from, src, + from_remote_path)) == NULL || + (target = absolute_remote_path(to, targ, *to_remote_path)) == NULL) cleanup_exit(255); free(from_remote_path); memset(&g, 0, sizeof(g)); diff --git a/sftp-client.c b/sftp-client.c index ce31c35a..5bfff90d 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.153 2021/08/09 07:16:09 djm Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.154 2021/08/09 23:47:44 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -102,6 +102,7 @@ struct sftp_conn { #define SFTP_EXT_FSYNC 0x00000010 #define SFTP_EXT_LSETSTAT 0x00000020 #define SFTP_EXT_LIMITS 0x00000040 +#define SFTP_EXT_PATH_EXPAND 0x00000080 u_int exts; u_int64_t limit_kbps; struct bwlimit bwlimit_in, bwlimit_out; @@ -529,6 +530,10 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests, strcmp((char *)value, "1") == 0) { ret->exts |= SFTP_EXT_LIMITS; known = 1; + } else if (strcmp(name, "expand-path at openssh.com") == 0 && + strcmp((char *)value, "1") == 0) { + ret->exts |= SFTP_EXT_PATH_EXPAND; + known = 1; } if (known) { debug2("Server supports extension \"%s\" revision %s", @@ -964,8 +969,9 @@ do_fsetstat(struct sftp_conn *conn, const u_char *handle, u_int handle_len, return status == SSH2_FX_OK ? 0 : -1; } -char * -do_realpath(struct sftp_conn *conn, const char *path) +/* Implements both the realpath and expand-path operations */ +static char * +do_realpath_expand(struct sftp_conn *conn, const char *path, int expand) { struct sshbuf *msg; u_int expected_id, count, id; @@ -973,14 +979,26 @@ do_realpath(struct sftp_conn *conn, const char *path) Attrib a; u_char type; int r; + const char *what = "SSH2_FXP_REALPATH"; - expected_id = id = conn->msg_id++; - send_string_request(conn, id, SSH2_FXP_REALPATH, path, - strlen(path)); - + if (expand) + what = "expand-path at openssh.com"; if ((msg = sshbuf_new()) == NULL) fatal_f("sshbuf_new failed"); + expected_id = id = conn->msg_id++; + if (expand) { + if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 || + (r = sshbuf_put_u32(msg, id)) != 0 || + (r = sshbuf_put_cstring(msg, + "expand-path at openssh.com")) != 0 || + (r = sshbuf_put_cstring(msg, path)) != 0) + fatal_fr(r, "compose %s", what); + send_msg(conn, msg); + } else { + send_string_request(conn, id, SSH2_FXP_REALPATH, + path, strlen(path)); + } get_msg(conn, msg); if ((r = sshbuf_get_u8(msg, &type)) != 0 || (r = sshbuf_get_u32(msg, &id)) != 0) @@ -1004,15 +1022,14 @@ do_realpath(struct sftp_conn *conn, const char *path) if ((r = sshbuf_get_u32(msg, &count)) != 0) fatal_fr(r, "parse count"); if (count != 1) - fatal("Got multiple names (%d) from SSH_FXP_REALPATH", count); + fatal("Got multiple names (%d) from %s", count, what); if ((r = sshbuf_get_cstring(msg, &filename, NULL)) != 0 || (r = sshbuf_get_cstring(msg, &longname, NULL)) != 0 || (r = decode_attrib(msg, &a)) != 0) fatal_fr(r, "parse filename/attrib"); - debug3("SSH_FXP_REALPATH %s -> %s size %lu", path, filename, - (unsigned long)a.size); + debug3("%s %s -> %s", what, path, filename); free(longname); @@ -1021,6 +1038,28 @@ do_realpath(struct sftp_conn *conn, const char *path) return(filename); } +char * +do_realpath(struct sftp_conn *conn, const char *path) +{ + return do_realpath_expand(conn, path, 0); +} + +int +can_expand_path(struct sftp_conn *conn) +{ + return (conn->exts & SFTP_EXT_PATH_EXPAND) != 0; +} + +char * +do_expand_path(struct sftp_conn *conn, const char *path) +{ + if (!can_expand_path(conn)) { + debug3_f("no server support, fallback to realpath"); + return do_realpath_expand(conn, path, 0); + } + return do_realpath_expand(conn, path, 1); +} + int do_rename(struct sftp_conn *conn, const char *oldpath, const char *newpath, int force_legacy) diff --git a/sftp-client.h b/sftp-client.h index 00707f7c..7d0bd12a 100644 --- a/sftp-client.h +++ b/sftp-client.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.h,v 1.33 2021/08/07 00:12:09 djm Exp $ */ +/* $OpenBSD: sftp-client.h,v 1.34 2021/08/09 23:47:44 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller @@ -113,11 +113,17 @@ int do_lsetstat(struct sftp_conn *conn, const char *path, Attrib *a); /* Canonicalise 'path' - caller must free result */ char *do_realpath(struct sftp_conn *, const char *); +/* Canonicalisation with tilde expansion (requires server extension) */ +char *do_expand_path(struct sftp_conn *, const char *); + +/* Returns non-zero if server can tilde-expand paths */ +int can_expand_path(struct sftp_conn *); + /* Get statistics for filesystem hosting file at "path" */ int do_statvfs(struct sftp_conn *, const char *, struct sftp_statvfs *, int); /* Rename 'oldpath' to 'newpath' */ -int do_rename(struct sftp_conn *, const char *, const char *, int force_legacy); +int do_rename(struct sftp_conn *, const char *, const char *, int); /* Link 'oldpath' to 'newpath' */ int do_hardlink(struct sftp_conn *, const char *, const char *); diff --git a/sftp-server.c b/sftp-server.c index c89c1f42..18d19491 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server.c,v 1.128 2021/06/06 03:15:39 djm Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.129 2021/08/09 23:47:44 djm Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * @@ -115,6 +115,7 @@ static void process_extended_hardlink(u_int32_t id); static void process_extended_fsync(u_int32_t id); static void process_extended_lsetstat(u_int32_t id); static void process_extended_limits(u_int32_t id); +static void process_extended_expand(u_int32_t id); static void process_extended(u_int32_t id); struct sftp_handler { @@ -158,6 +159,8 @@ static const struct sftp_handler extended_handlers[] = { { "fsync", "fsync at openssh.com", 0, process_extended_fsync, 1 }, { "lsetstat", "lsetstat at openssh.com", 0, process_extended_lsetstat, 1 }, { "limits", "limits at openssh.com", 0, process_extended_limits, 0 }, + { "expand-path", "expand-path at openssh.com", 0, + process_extended_expand, 0 }, { NULL, NULL, 0, NULL, 0 } }; @@ -706,6 +709,7 @@ process_init(void) compose_extension(msg, "fsync at openssh.com", "1"); compose_extension(msg, "lsetstat at openssh.com", "1"); compose_extension(msg, "limits at openssh.com", "1"); + compose_extension(msg, "expand-path at openssh.com", "1"); send_msg(msg); sshbuf_free(msg); @@ -1519,6 +1523,63 @@ process_extended_limits(u_int32_t id) sshbuf_free(msg); } +static void +process_extended_expand(u_int32_t id) +{ + char cwd[PATH_MAX], resolvedname[PATH_MAX]; + char *path, *npath; + int r; + Stat s; + + if ((r = sshbuf_get_cstring(iqueue, &path, NULL)) != 0) + fatal_fr(r, "parse"); + if (getcwd(cwd, sizeof(cwd)) == NULL) { + send_status(id, errno_to_portable(errno)); + goto out; + } + + debug3("request %u: expand, original \"%s\"", id, path); + if (path[0] == '\0') { + /* empty path */ + free(path); + path = xstrdup("."); + } else if (*path == '~') { + /* ~ expand path */ + /* Special-case for "~" and "~/" to respect homedir flag */ + if (strcmp(path, "~") == 0) { + free(path); + path = xstrdup(cwd); + } else if (strncmp(path, "~/", 2) == 0) { + npath = xstrdup(path + 2); + free(path); + xasprintf(&path, "%s/%s", cwd, npath); + } else { + /* ~user expansions */ + if (tilde_expand(path, pw->pw_uid, &npath) != 0) { + send_status(id, errno_to_portable(EINVAL)); + goto out; + } + free(path); + path = npath; + } + } else if (*path != '/') { + /* relative path */ + xasprintf(&npath, "%s/%s", cwd, path); + free(path); + path = npath; + } + verbose("expand \"%s\"", path); + if (sftp_realpath(path, resolvedname) == NULL) { + send_status(id, errno_to_portable(errno)); + goto out; + } + attrib_clear(&s.attrib); + s.name = s.long_name = resolvedname; + send_names(id, 1, &s); + out: + free(path); +} + static void process_extended(u_int32_t id) { -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Aug 10 12:48:05 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 10 Aug 2021 12:48:05 +1000 Subject: [openssh-commits] [openssh] 07/08: upstream: make scp in SFTP mode try to use relative paths as much In-Reply-To: <162856367868.62374.11339246057684655526@fuyu.mindrot.org> References: <162856367868.62374.11339246057684655526@fuyu.mindrot.org> Message-ID: <5ca1280151a4a271@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit 2f7a3b51cef689ad9e93d0c6c17db5a194eb5555 Author: djm at openbsd.org Date: Mon Aug 9 23:49:31 2021 +0000 upstream: make scp in SFTP mode try to use relative paths as much as possible. Previosuly, it would try to make relative and ~/-rooted paths absolute before requesting transfers. prompted by and much discussion deraadt@ ok markus@ OpenBSD-Commit-ID: 46639d382ea99546a4914b545fa7b00fa1be5566 --- scp.c | 97 ++++++++++++++++++------------------------------------------------- 1 file changed, 26 insertions(+), 71 deletions(-) diff --git a/scp.c b/scp.c index a0377c6c..cb8d049b 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.227 2021/08/09 23:47:44 djm Exp $ */ +/* $OpenBSD: scp.c,v 1.228 2021/08/09 23:49:31 djm Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -435,10 +435,10 @@ void tolocal(int, char *[], enum scp_mode_e, char *sftp_direct); void toremote(int, char *[], enum scp_mode_e, char *sftp_direct); void usage(void); -void source_sftp(int, char *, char *, struct sftp_conn *, char **); +void source_sftp(int, char *, char *, struct sftp_conn *); void sink_sftp(int, char *, const char *, struct sftp_conn *); void throughlocal_sftp(struct sftp_conn *, struct sftp_conn *, - char *, char *, char **); + char *, char *); int main(int argc, char **argv) @@ -982,7 +982,6 @@ toremote(int argc, char **argv, enum scp_mode_e mode, char *sftp_direct) { char *suser = NULL, *host = NULL, *src = NULL; char *bp, *tuser, *thost, *targ; - char *remote_path = NULL; int sport = -1, tport = -1; struct sftp_conn *conn = NULL, *conn2 = NULL; arglist alist; @@ -1056,8 +1055,7 @@ toremote(int argc, char **argv, enum scp_mode_e mode, char *sftp_direct) } debug3_f("destination in %d out %d pid %ld", remin2, remout2, (long)do_cmd_pid2); - throughlocal_sftp(conn2, conn, src, targ, - &remote_path); + throughlocal_sftp(conn2, conn, src, targ); (void) close(remin2); (void) close(remout2); remin2 = remout2 = -1; @@ -1142,8 +1140,7 @@ toremote(int argc, char **argv, enum scp_mode_e mode, char *sftp_direct) } /* The protocol */ - source_sftp(1, argv[i], targ, conn, - &remote_path); + source_sftp(1, argv[i], targ, conn); continue; } /* SCP */ @@ -1161,10 +1158,8 @@ toremote(int argc, char **argv, enum scp_mode_e mode, char *sftp_direct) } } out: - if (mode == MODE_SFTP) { - free(remote_path); + if (mode == MODE_SFTP) free(conn); - } free(tuser); free(thost); free(targ); @@ -1253,46 +1248,30 @@ tolocal(int argc, char **argv, enum scp_mode_e mode, char *sftp_direct) free(src); } -/* Canonicalise a remote path, handling ~ by assuming cwd is the homedir */ +/* Prepare remote path, handling ~ by assuming cwd is the homedir */ static char * -absolute_remote_path(struct sftp_conn *conn, const char *path, - const char *remote_path) +prepare_remote_path(struct sftp_conn *conn, const char *path) { - char *ret; - - if (can_expand_path(conn)) - return do_expand_path(conn, path); - /* Handle ~ prefixed paths */ if (*path != '~') - ret = xstrdup(path); - else { - if (strcmp(path, "~") == 0) - ret = xstrdup(""); - else if (strncmp(path, "~/", 2) == 0) - ret = xstrdup(path + 2); - else { - /* XXX could be supported with protocol extension */ - error("~user paths are not currently supported"); - return NULL; - } - } - return make_absolute(ret, remote_path); + return xstrdup(path); + if (*path == '\0' || strcmp(path, "~") == 0) + return xstrdup("."); + if (strncmp(path, "~/", 2) == 0) + return xstrdup(path + 2); + if (can_expand_path(conn)) + return do_expand_path(conn, path); + /* No protocol extension */ + error("~user paths are not currently supported"); + return NULL; } void -source_sftp(int argc, char *src, char *targ, - struct sftp_conn *conn, char **remote_path) +source_sftp(int argc, char *src, char *targ, struct sftp_conn *conn) { char *target = NULL, *filename = NULL, *abs_dst = NULL; int target_is_dir; - if (*remote_path == NULL) { - *remote_path = do_realpath(conn, "."); - if (*remote_path == NULL) - fatal("Unable to determine remote working directory"); - } - if ((filename = basename(src)) == NULL) fatal("basename %s: %s", src, strerror(errno)); @@ -1300,7 +1279,7 @@ source_sftp(int argc, char *src, char *targ, * No need to glob here - the local shell already took care of * the expansions */ - if ((target = absolute_remote_path(conn, targ, *remote_path)) == NULL) + if ((target = prepare_remote_path(conn, targ)) == NULL) cleanup_exit(255); target_is_dir = remote_is_dir(conn, target); if (targetshouldbedirectory && !target_is_dir) { @@ -1495,7 +1474,7 @@ sink_sftp(int argc, char *dst, const char *src, struct sftp_conn *conn) char *abs_src = NULL; char *abs_dst = NULL; glob_t g; - char *filename, *tmp = NULL, *remote_path = NULL; + char *filename, *tmp = NULL; int i, r, err = 0; memset(&g, 0, sizeof(g)); @@ -1504,20 +1483,11 @@ sink_sftp(int argc, char *dst, const char *src, struct sftp_conn *conn) * expansions */ - remote_path = do_realpath(conn, "."); - if (remote_path == NULL) { - error("Could not obtain remote working directory"); - /* TODO - gracefully degrade by using relative paths ? */ + if ((abs_src = prepare_remote_path(conn, src)) == NULL) { err = -1; goto out; } - if ((abs_src = absolute_remote_path(conn, src, remote_path)) == NULL) { - err = -1; - goto out; - } - free(remote_path); - debug3_f("copying remote %s to local %s", abs_src, dst); if ((r = remote_glob(conn, abs_src, GLOB_MARK, NULL, &g)) != 0) { if (r == GLOB_NOSPACE) @@ -1901,34 +1871,19 @@ screwup: void throughlocal_sftp(struct sftp_conn *from, struct sftp_conn *to, - char *src, char *targ, char **to_remote_path) + char *src, char *targ) { char *target = NULL, *filename = NULL, *abs_dst = NULL; - char *abs_src = NULL, *tmp = NULL, *from_remote_path; + char *abs_src = NULL, *tmp = NULL; glob_t g; int i, r, targetisdir, err = 0; - if (*to_remote_path == NULL) { - *to_remote_path = do_realpath(to, "."); - if (*to_remote_path == NULL) { - fatal("Unable to determine destination remote " - "working directory"); - } - } - - if ((from_remote_path = do_realpath(from, ".")) == NULL) { - fatal("Unable to determine source remote " - "working directory"); - } - if ((filename = basename(src)) == NULL) fatal("basename %s: %s", src, strerror(errno)); - if ((abs_src = absolute_remote_path(from, src, - from_remote_path)) == NULL || - (target = absolute_remote_path(to, targ, *to_remote_path)) == NULL) + if ((abs_src = prepare_remote_path(from, src)) == NULL || + (target = prepare_remote_path(to, targ)) == NULL) cleanup_exit(255); - free(from_remote_path); memset(&g, 0, sizeof(g)); targetisdir = remote_is_dir(to, target); -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Aug 10 12:48:06 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 10 Aug 2021 12:48:06 +1000 Subject: [openssh-commits] [openssh] 08/08: upstream: make scp -3 the default for remote-to-remote copies. It In-Reply-To: <162856367868.62374.11339246057684655526@fuyu.mindrot.org> References: <162856367868.62374.11339246057684655526@fuyu.mindrot.org> Message-ID: <5ca12803d79a9b72@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit bfdd4b722f124a4fa9173d20dd64dd0fc69856be Author: djm at openbsd.org Date: Mon Aug 9 23:56:36 2021 +0000 upstream: make scp -3 the default for remote-to-remote copies. It provides a much better and more intuitive user experience and doesn't require exposing credentials to the source host. thanks naddy@ for catching the missing argument in usage() "Yes please!" - markus@ "makes a lot of sense" - deraadt@ "the right thing to do" - dtucker@ OpenBSD-Commit-ID: d0d2af5f0965c5192ba5b2fa461c9f9b130e5dd9 --- scp.1 | 20 +++++++++++++++----- scp.c | 11 +++++++---- 2 files changed, 22 insertions(+), 9 deletions(-) diff --git a/scp.1 b/scp.1 index 54285b70..c06ecf68 100644 --- a/scp.1 +++ b/scp.1 @@ -8,9 +8,9 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.97 2021/08/02 23:38:27 djm Exp $ +.\" $OpenBSD: scp.1,v 1.98 2021/08/09 23:56:36 djm Exp $ .\" -.Dd $Mdocdate: August 2 2021 $ +.Dd $Mdocdate: August 9 2021 $ .Dt SCP 1 .Os .Sh NAME @@ -18,7 +18,7 @@ .Nd OpenSSH secure file copy .Sh SYNOPSIS .Nm scp -.Op Fl 346ABCpqrTv +.Op Fl 346ABCpqRrTv .Op Fl c Ar cipher .Op Fl D Ar sftp_server_path .Op Fl F Ar ssh_config @@ -80,10 +80,11 @@ The options are as follows: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. -Note that this option disables the progress meter and selects batch mode -for the second host, since +Note that, when using the legacy SCP protocol (the default), this option +selects batch mode for the second host as .Nm cannot ask for passwords or passphrases for both hosts. +This mode is the default. .It Fl 4 Forces .Nm @@ -239,6 +240,15 @@ original file. Quiet mode: disables the progress meter as well as warning and diagnostic messages from .Xr ssh 1 . +.It Fl R +Copies between two remote hosts are performed by connecting to the origin +host and executing +.Nm +there. +This requires that +.Nm +running on the origin host can authenticate to the destination host without +requiring a password. .It Fl r Recursively copy entire directories. Note that diff --git a/scp.c b/scp.c index cb8d049b..3eda5483 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.228 2021/08/09 23:49:31 djm Exp $ */ +/* $OpenBSD: scp.c,v 1.229 2021/08/09 23:56:36 djm Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -165,7 +165,7 @@ int showprogress = 1; * This is set to non-zero if remote-remote copy should be piped * through this process. */ -int throughlocal = 0; +int throughlocal = 1; /* Non-standard port to use for the ssh connection or -1. */ int sshport = -1; @@ -482,7 +482,7 @@ main(int argc, char **argv) fflag = Tflag = tflag = 0; while ((ch = getopt(argc, argv, - "12346ABCTdfpqrtvD:F:J:M:P:S:c:i:l:o:")) != -1) { + "12346ABCTdfpqRrtvD:F:J:M:P:S:c:i:l:o:")) != -1) { switch (ch) { /* User-visible flags. */ case '1': @@ -504,6 +504,9 @@ main(int argc, char **argv) case '3': throughlocal = 1; break; + case 'R': + throughlocal = 0; + break; case 'o': case 'c': case 'i': @@ -1984,7 +1987,7 @@ void usage(void) { (void) fprintf(stderr, - "usage: scp [-346ABCpqrTv] [-c cipher] [-D sftp_server_path] [-F ssh_config]\n" + "usage: scp [-346ABCpqRrTv] [-c cipher] [-D sftp_server_path] [-F ssh_config]\n" " [-i identity_file] [-J destination] [-l limit] [-M scp|sftp]\n" " [-o ssh_option] [-P port] [-S program] source ... target\n"); exit(1); -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Aug 10 13:37:36 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 10 Aug 2021 13:37:36 +1000 Subject: [openssh-commits] [openssh] branch master updated (bfdd4b72 -> 931f592f) Message-ID: <162856665627.78602.7187529904502326550@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a change to branch master in repository openssh. from bfdd4b72 upstream: make scp -3 the default for remote-to-remote copies. It new 391ca67f upstream: Prepare for a future where scp(1) uses the SFTP protocol by new 931f592f upstream: adapt to scp -M flag change; make scp3.sh test SFTP mode too The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit 931f592f26239154eea3eb35a086585897b1a185 Author: djm at openbsd.org Date: Tue Aug 10 03:35:45 2021 +0000 upstream: adapt to scp -M flag change; make scp3.sh test SFTP mode too OpenBSD-Regress-ID: 43fea26704a0f0b962b53c1fabcb68179638f9c0 commit 391ca67fb978252c48d20c910553f803f988bd37 Author: djm at openbsd.org Date: Tue Aug 10 03:33:34 2021 +0000 upstream: Prepare for a future where scp(1) uses the SFTP protocol by default. Replace recently added -M option to select the protocol with -O (olde) and -s (SFTP) flags, and label the -s flag with a clear warning that it will be removed in the near future (so no, don't use it in scripts!). prompted by/feedback from deraadt@ OpenBSD-Commit-ID: 92ad72cc6f0023c9be9e316d8b30eb6d8d749cfc Summary of changes: regress/scp-uri.sh | 9 ++++----- regress/scp.sh | 9 ++++----- regress/scp3.sh | 13 +++++++------ scp.1 | 34 +++++++++++++++++++++------------- scp.c | 23 ++++++++++------------- 5 files changed, 46 insertions(+), 42 deletions(-) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Aug 10 13:37:37 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 10 Aug 2021 13:37:37 +1000 Subject: [openssh-commits] [openssh] 01/02: upstream: Prepare for a future where scp(1) uses the SFTP protocol by In-Reply-To: <162856665627.78602.7187529904502326550@fuyu.mindrot.org> References: <162856665627.78602.7187529904502326550@fuyu.mindrot.org> Message-ID: <5ca12809a0120653@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit 391ca67fb978252c48d20c910553f803f988bd37 Author: djm at openbsd.org Date: Tue Aug 10 03:33:34 2021 +0000 upstream: Prepare for a future where scp(1) uses the SFTP protocol by default. Replace recently added -M option to select the protocol with -O (olde) and -s (SFTP) flags, and label the -s flag with a clear warning that it will be removed in the near future (so no, don't use it in scripts!). prompted by/feedback from deraadt@ OpenBSD-Commit-ID: 92ad72cc6f0023c9be9e316d8b30eb6d8d749cfc --- scp.1 | 34 +++++++++++++++++++++------------- scp.c | 23 ++++++++++------------- 2 files changed, 31 insertions(+), 26 deletions(-) diff --git a/scp.1 b/scp.1 index c06ecf68..972269af 100644 --- a/scp.1 +++ b/scp.1 @@ -8,9 +8,9 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.98 2021/08/09 23:56:36 djm Exp $ +.\" $OpenBSD: scp.1,v 1.99 2021/08/10 03:33:34 djm Exp $ .\" -.Dd $Mdocdate: August 9 2021 $ +.Dd $Mdocdate: August 10 2021 $ .Dt SCP 1 .Os .Sh NAME @@ -18,14 +18,13 @@ .Nd OpenSSH secure file copy .Sh SYNOPSIS .Nm scp -.Op Fl 346ABCpqRrTv +.Op Fl 346ABCOpqRrsTv .Op Fl c Ar cipher .Op Fl D Ar sftp_server_path .Op Fl F Ar ssh_config .Op Fl i Ar identity_file .Op Fl J Ar destination .Op Fl l Ar limit -.Op Fl M Ar scp | sftp .Op Fl o Ar ssh_option .Op Fl P Ar port .Op Fl S Ar program @@ -112,7 +111,7 @@ Selects the cipher to use for encrypting the data transfer. This option is directly passed to .Xr ssh 1 . .It Fl D Ar sftp_server_path -When using the experimental SFTP protocol support via +When using the SFTP protocol support via .Fl M , connect directly to a local SFTP server program rather than a remote one via @@ -144,14 +143,12 @@ This option is directly passed to .Xr ssh 1 . .It Fl l Ar limit Limits the used bandwidth, specified in Kbit/s. -.It Fl M Ar scp | sftp -Specifies a mode which will be used to transfer files. -The default is to use the original -.Cm scp -protocol. -Alternately, experimental support for using the -.Cm sftp -protocol is available. +.It Fl O +Use the legacy SCP protocol for file transfers instead of the SFTP protocol. +Forcing the use of the SCP protocol may be necessary for servers that do +not implement SFTP or for backwards-compatibility for particular filename +wildcard patterns. +This mode is the default. .It Fl o Ar ssh_option Can be used to pass options to .Nm ssh @@ -261,6 +258,16 @@ to use for the encrypted connection. The program must understand .Xr ssh 1 options. +.It Fl s +Use the SFTP protocol for file transfers instead of the legacy SCP protocol. +Using SFTP provides avoids invoking a shell on the remote side and provides +more predictable filename handling, as the SCP protocol +relied on the remote shell for expanding +.Xr glob 3 +wildcards. +.Pp +A near-future release of OpenSSH will make the SFTP protocol the default. +This option will be deleted before the end of 2022. .It Fl T Disable strict filename checking. By default when copying files from a remote host to a local directory @@ -290,6 +297,7 @@ debugging connection, authentication, and configuration problems. .Xr ssh-agent 1 , .Xr ssh-keygen 1 , .Xr ssh_config 5 , +.Xr sftp-server 8 , .Xr sshd 8 .Sh HISTORY .Nm diff --git a/scp.c b/scp.c index 3eda5483..e6935436 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.229 2021/08/09 23:56:36 djm Exp $ */ +/* $OpenBSD: scp.c,v 1.230 2021/08/10 03:33:34 djm Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -448,7 +448,6 @@ main(int argc, char **argv) const char *errstr; extern char *optarg; extern int optind; - /* For now, keep SCP as default */ enum scp_mode_e mode = MODE_SCP; char *sftp_direct = NULL; @@ -482,7 +481,7 @@ main(int argc, char **argv) fflag = Tflag = tflag = 0; while ((ch = getopt(argc, argv, - "12346ABCTdfpqRrtvD:F:J:M:P:S:c:i:l:o:")) != -1) { + "12346ABCTdfOpqRrstvD:F:J:M:P:S:c:i:l:o:")) != -1) { switch (ch) { /* User-visible flags. */ case '1': @@ -517,6 +516,12 @@ main(int argc, char **argv) addargs(&args, "-%c", ch); addargs(&args, "%s", optarg); break; + case 'O': + mode = MODE_SCP; + break; + case 's': + mode = MODE_SFTP; + break; case 'P': sshport = a2port(optarg); if (sshport <= 0) @@ -526,14 +531,6 @@ main(int argc, char **argv) addargs(&remote_remote_args, "-oBatchmode=yes"); addargs(&args, "-oBatchmode=yes"); break; - case 'M': - if (strcmp(optarg, "sftp") == 0) - mode = MODE_SFTP; - else if (strcmp(optarg, "scp") == 0) - mode = MODE_SCP; - else - usage(); - break; case 'l': limit_kbps = strtonum(optarg, 1, 100 * 1024 * 1024, &errstr); @@ -1987,8 +1984,8 @@ void usage(void) { (void) fprintf(stderr, - "usage: scp [-346ABCpqRrTv] [-c cipher] [-D sftp_server_path] [-F ssh_config]\n" - " [-i identity_file] [-J destination] [-l limit] [-M scp|sftp]\n" + "usage: scp [-346ABCOpqRrsTv] [-c cipher] [-D sftp_server_path] [-F ssh_config]\n" + " [-i identity_file] [-J destination] [-l limit]\n" " [-o ssh_option] [-P port] [-S program] source ... target\n"); exit(1); } -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Aug 10 13:37:38 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 10 Aug 2021 13:37:38 +1000 Subject: [openssh-commits] [openssh] 02/02: upstream: adapt to scp -M flag change; make scp3.sh test SFTP mode too In-Reply-To: <162856665627.78602.7187529904502326550@fuyu.mindrot.org> References: <162856665627.78602.7187529904502326550@fuyu.mindrot.org> Message-ID: <5ca1280b61575421@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit 931f592f26239154eea3eb35a086585897b1a185 Author: djm at openbsd.org Date: Tue Aug 10 03:35:45 2021 +0000 upstream: adapt to scp -M flag change; make scp3.sh test SFTP mode too OpenBSD-Regress-ID: 43fea26704a0f0b962b53c1fabcb68179638f9c0 --- regress/scp-uri.sh | 9 ++++----- regress/scp.sh | 9 ++++----- regress/scp3.sh | 13 +++++++------ 3 files changed, 15 insertions(+), 16 deletions(-) diff --git a/regress/scp-uri.sh b/regress/scp-uri.sh index faf5095a..20ac3c89 100644 --- a/regress/scp-uri.sh +++ b/regress/scp-uri.sh @@ -1,4 +1,4 @@ -# $OpenBSD: scp-uri.sh,v 1.3 2021/08/03 01:05:24 djm Exp $ +# $OpenBSD: scp-uri.sh,v 1.4 2021/08/10 03:35:45 djm Exp $ # Placed in the Public Domain. tid="scp-uri" @@ -24,12 +24,11 @@ cp $OBJ/ssh_config $OBJ/ssh_config.orig egrep -v '^ +(Port|User) +.*$' $OBJ/ssh_config.orig > $OBJ/ssh_config for mode in scp sftp ; do + tag="$tid: $mode mode" if test $mode = scp ; then - scpopts="-M scp -q -S ${OBJ}/scp-ssh-wrapper.scp" - tag="$tid" + scpopts="-O -q -S ${OBJ}/scp-ssh-wrapper.scp" else - scpopts="-M sftp -D ${SFTPSERVER}" - tag="$tid: sftp mode" + scpopts="-s -D ${SFTPSERVER}" fi verbose "$tag: simple copy local file to remote file" scpclean diff --git a/regress/scp.sh b/regress/scp.sh index bb044282..358a8df6 100644 --- a/regress/scp.sh +++ b/regress/scp.sh @@ -1,4 +1,4 @@ -# $OpenBSD: scp.sh,v 1.12 2021/08/03 01:05:24 djm Exp $ +# $OpenBSD: scp.sh,v 1.13 2021/08/10 03:35:45 djm Exp $ # Placed in the Public Domain. tid="scp" @@ -28,12 +28,11 @@ scpclean() { } for mode in scp sftp ; do + tag="$tid: $mode mode" if test $mode = scp ; then - scpopts="-M scp -q -S ${OBJ}/scp-ssh-wrapper.scp" - tag="$tid" + scpopts="-O -q -S ${OBJ}/scp-ssh-wrapper.scp" else - scpopts="-M sftp -D ${SFTPSERVER}" - tag="$tid: sftp mode" + scpopts="-s -D ${SFTPSERVER}" fi verbose "tid: simple copy local file to local file" scpclean diff --git a/regress/scp3.sh b/regress/scp3.sh index 53db81d2..f71b1567 100644 --- a/regress/scp3.sh +++ b/regress/scp3.sh @@ -1,4 +1,4 @@ -# $OpenBSD: scp3.sh,v 1.2 2021/08/06 09:00:18 dtucker Exp $ +# $OpenBSD: scp3.sh,v 1.3 2021/08/10 03:35:45 djm Exp $ # Placed in the Public Domain. tid="scp3" @@ -20,13 +20,14 @@ scpclean() { chmod 755 ${DIR} ${DIR2} } -# XXX sftp too once it's ready -for mode in scp ; do +for mode in scp sftp ; do scpopts="-F${OBJ}/ssh_proxy -S ${SSH} -q" tag="$tid: $mode mode" -# if test $mode = scp ; then -# scpopts="$scpopts -O" -# fi + if test $mode = scp ; then + scpopts="$scpopts -O" + else + scpopts="-s -D ${SFTPSERVER}" + fi verbose "$tag: simple copy remote file to remote file" scpclean -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Wed Aug 11 09:23:59 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Wed, 11 Aug 2021 09:23:59 +1000 Subject: [openssh-commits] [openssh] branch master updated (931f592f -> 419aa011) Message-ID: <162863783954.29599.17639018494473853398@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a change to branch master in repository openssh. from 931f592f upstream: adapt to scp -M flag change; make scp3.sh test SFTP mode too new 419aa011 Add includes.h to compat tests. The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit 419aa01123db5ff5dbc68b2376ef23b222862338 Author: Darren Tucker Date: Wed Aug 11 09:21:09 2021 +1000 Add includes.h to compat tests. On platforms where closefrom returns void (eg glibc>=2.34) the prototype for closefrom in its compat tests would cause compile errors. Remove this and have the tests pull in the compat headers in the same way as the main code. bz#3336. Summary of changes: openbsd-compat/regress/Makefile.in | 2 +- openbsd-compat/regress/closefromtest.c | 4 ++-- openbsd-compat/regress/opensslvertest.c | 2 ++ openbsd-compat/regress/snprintftest.c | 2 ++ openbsd-compat/regress/strduptest.c | 2 ++ openbsd-compat/regress/strtonumtest.c | 2 ++ openbsd-compat/regress/utimensattest.c | 2 ++ 7 files changed, 13 insertions(+), 3 deletions(-) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Wed Aug 11 09:24:00 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Wed, 11 Aug 2021 09:24:00 +1000 Subject: [openssh-commits] [openssh] 01/01: Add includes.h to compat tests. In-Reply-To: <162863783954.29599.17639018494473853398@fuyu.mindrot.org> References: <162863783954.29599.17639018494473853398@fuyu.mindrot.org> Message-ID: <5ca128205133540d@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit 419aa01123db5ff5dbc68b2376ef23b222862338 Author: Darren Tucker Date: Wed Aug 11 09:21:09 2021 +1000 Add includes.h to compat tests. On platforms where closefrom returns void (eg glibc>=2.34) the prototype for closefrom in its compat tests would cause compile errors. Remove this and have the tests pull in the compat headers in the same way as the main code. bz#3336. --- openbsd-compat/regress/Makefile.in | 2 +- openbsd-compat/regress/closefromtest.c | 4 ++-- openbsd-compat/regress/opensslvertest.c | 2 ++ openbsd-compat/regress/snprintftest.c | 2 ++ openbsd-compat/regress/strduptest.c | 2 ++ openbsd-compat/regress/strtonumtest.c | 2 ++ openbsd-compat/regress/utimensattest.c | 2 ++ 7 files changed, 13 insertions(+), 3 deletions(-) diff --git a/openbsd-compat/regress/Makefile.in b/openbsd-compat/regress/Makefile.in index c5aae61e..dd8cdc4b 100644 --- a/openbsd-compat/regress/Makefile.in +++ b/openbsd-compat/regress/Makefile.in @@ -7,7 +7,7 @@ VPATH=@srcdir@ CC=@CC@ LD=@LD@ CFLAGS=@CFLAGS@ -CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@ +CPPFLAGS=-I. -I.. -I../.. -I$(srcdir) -I$(srcdir)/.. -I$(srcdir)/../.. @CPPFLAGS@ @DEFS@ EXEEXT=@EXEEXT@ LIBCOMPAT=../libopenbsd-compat.a LIBS=@LIBS@ diff --git a/openbsd-compat/regress/closefromtest.c b/openbsd-compat/regress/closefromtest.c index 82ffeb9a..7a69fb2b 100644 --- a/openbsd-compat/regress/closefromtest.c +++ b/openbsd-compat/regress/closefromtest.c @@ -14,6 +14,8 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include "includes.h" + #include #include @@ -24,8 +26,6 @@ #define NUM_OPENS 10 -int closefrom(int); - void fail(char *msg) { diff --git a/openbsd-compat/regress/opensslvertest.c b/openbsd-compat/regress/opensslvertest.c index 5d019b59..43825b24 100644 --- a/openbsd-compat/regress/opensslvertest.c +++ b/openbsd-compat/regress/opensslvertest.c @@ -14,6 +14,8 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include "includes.h" + #include #include diff --git a/openbsd-compat/regress/snprintftest.c b/openbsd-compat/regress/snprintftest.c index 6dc2e222..a3134db1 100644 --- a/openbsd-compat/regress/snprintftest.c +++ b/openbsd-compat/regress/snprintftest.c @@ -17,6 +17,8 @@ #define BUFSZ 2048 +#include "includes.h" + #include #include #include diff --git a/openbsd-compat/regress/strduptest.c b/openbsd-compat/regress/strduptest.c index 7f6d779b..8a3ccf77 100644 --- a/openbsd-compat/regress/strduptest.c +++ b/openbsd-compat/regress/strduptest.c @@ -14,6 +14,8 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include "includes.h" + #include #include diff --git a/openbsd-compat/regress/strtonumtest.c b/openbsd-compat/regress/strtonumtest.c index 50ca5bd2..46bd2b91 100644 --- a/openbsd-compat/regress/strtonumtest.c +++ b/openbsd-compat/regress/strtonumtest.c @@ -17,6 +17,8 @@ /* OPENBSD ORIGINAL: regress/lib/libc/strtonum/strtonumtest.c */ +#include "includes.h" + #include #include #include diff --git a/openbsd-compat/regress/utimensattest.c b/openbsd-compat/regress/utimensattest.c index 24312e5d..bbc66c48 100644 --- a/openbsd-compat/regress/utimensattest.c +++ b/openbsd-compat/regress/utimensattest.c @@ -14,6 +14,8 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include "includes.h" + #include #include -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Wed Aug 11 18:37:37 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Wed, 11 Aug 2021 18:37:37 +1000 Subject: [openssh-commits] [openssh] branch master updated (419aa011 -> 750c1a45) Message-ID: <162867105764.71503.17852691861220394384@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a change to branch master in repository openssh. from 419aa011 Add includes.h to compat tests. new b5aa27b6 upstream: remove a bunch of %p in format strings; leftovers of new 750c1a45 upstream: oops, missed one more %p The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit 750c1a45ba4e8ad63793d49418a0780e77947b9b Author: djm at openbsd.org Date: Wed Aug 11 05:21:32 2021 +0000 upstream: oops, missed one more %p OpenBSD-Commit-ID: e7e62818d1564cc5cd9086eaf7a51cbd1a9701eb commit b5aa27b69ab2e1c13ac2b5ad3f8f7d389bad7489 Author: djm at openbsd.org Date: Wed Aug 11 05:20:17 2021 +0000 upstream: remove a bunch of %p in format strings; leftovers of debuggings past. prompted by Michael Forney, ok dtucker@ OpenBSD-Commit-ID: 4853a0d6c9cecaba9ecfcc19066e52d3a8dcb2ac Summary of changes: monitor.c | 10 ++++------ session.c | 5 ++--- ssh-pkcs11-helper.c | 5 +++-- ssh-pkcs11.c | 18 +++++++++--------- sshbuf-misc.c | 4 ++-- 5 files changed, 20 insertions(+), 22 deletions(-) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Wed Aug 11 18:37:38 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Wed, 11 Aug 2021 18:37:38 +1000 Subject: [openssh-commits] [openssh] 01/02: upstream: remove a bunch of %p in format strings; leftovers of In-Reply-To: <162867105764.71503.17852691861220394384@fuyu.mindrot.org> References: <162867105764.71503.17852691861220394384@fuyu.mindrot.org> Message-ID: <5ca128261377eb46@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit b5aa27b69ab2e1c13ac2b5ad3f8f7d389bad7489 Author: djm at openbsd.org Date: Wed Aug 11 05:20:17 2021 +0000 upstream: remove a bunch of %p in format strings; leftovers of debuggings past. prompted by Michael Forney, ok dtucker@ OpenBSD-Commit-ID: 4853a0d6c9cecaba9ecfcc19066e52d3a8dcb2ac --- monitor.c | 10 ++++------ session.c | 5 ++--- ssh-pkcs11-helper.c | 5 +++-- ssh-pkcs11.c | 18 +++++++++--------- 4 files changed, 18 insertions(+), 20 deletions(-) diff --git a/monitor.c b/monitor.c index 7e7b9830..74c803e1 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.227 2021/07/02 05:11:20 dtucker Exp $ */ +/* $OpenBSD: monitor.c,v 1.228 2021/08/11 05:20:17 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -679,8 +679,8 @@ mm_answer_sign(struct ssh *ssh, int sock, struct sshbuf *m) } else fatal_f("no hostkey from index %d", keyid); - debug3_f("%s signature %p(%zu)", is_proof ? "hostkey proof" : "KEX", - signature, siglen); + debug3_f("%s %s signature len=%zu", alg, + is_proof ? "hostkey proof" : "KEX", siglen); sshbuf_reset(m); if ((r = sshbuf_put_string(m, signature, siglen)) != 0) @@ -1163,8 +1163,6 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m) (r = sshbuf_get_u32(m, &pubkey_auth_attempt)) != 0) fatal_fr(r, "parse"); - debug3_f("key_from_blob: %p", key); - if (key != NULL && authctxt->valid) { /* These should not make it past the privsep child */ if (sshkey_type_plain(key->type) == KEY_RSA && @@ -1434,7 +1432,7 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m) ret = sshkey_verify(key, signature, signaturelen, data, datalen, sigalg, ssh->compat, &sig_details); - debug3_f("%s %p signature %s%s%s", auth_method, key, + debug3_f("%s %s signature %s%s%s", auth_method, sshkey_type(key), (ret == 0) ? "verified" : "unverified", (ret != 0) ? ": " : "", (ret != 0) ? ssh_err(ret) : ""); diff --git a/session.c b/session.c index c02f7d25..5f423f9f 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.328 2021/04/03 06:18:41 djm Exp $ */ +/* $OpenBSD: session.c,v 1.329 2021/08/11 05:20:17 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -1783,12 +1783,11 @@ session_dump(void) for (i = 0; i < sessions_nalloc; i++) { Session *s = &sessions[i]; - debug("dump: used %d next_unused %d session %d %p " + debug("dump: used %d next_unused %d session %d " "channel %d pid %ld", s->used, s->next_unused, s->self, - s, s->chanid, (long)s->pid); } diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c index 41c85cb3..5ca8d03f 100644 --- a/ssh-pkcs11-helper.c +++ b/ssh-pkcs11-helper.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11-helper.c,v 1.24 2020/10/18 11:32:02 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11-helper.c,v 1.25 2021/08/11 05:20:17 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * @@ -98,7 +98,8 @@ lookup_key(struct sshkey *k) struct pkcs11_keyinfo *ki; TAILQ_FOREACH(ki, &pkcs11_keylist, next) { - debug("check %p %s %s", ki, ki->providername, ki->label); + debug("check %s %s %s", sshkey_type(ki->key), + ki->providername, ki->label); if (sshkey_equal(k, ki->key)) return (ki->key); } diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index 4de29b34..37a6b1b5 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.c,v 1.53 2021/06/25 06:30:22 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.54 2021/08/11 05:20:17 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * Copyright (c) 2014 Pedro Martelletto. All rights reserved. @@ -111,8 +111,8 @@ pkcs11_provider_finalize(struct pkcs11_provider *p) CK_RV rv; CK_ULONG i; - debug("pkcs11_provider_finalize: %p refcount %d valid %d", - p, p->refcount, p->valid); + debug_f("provider \"%s\" refcount %d valid %d", + p->name, p->refcount, p->valid); if (!p->valid) return; for (i = 0; i < p->nslots; i++) { @@ -135,10 +135,10 @@ pkcs11_provider_finalize(struct pkcs11_provider *p) static void pkcs11_provider_unref(struct pkcs11_provider *p) { - debug("pkcs11_provider_unref: %p refcount %d", p, p->refcount); + debug_f("provider \"%s\" refcount %d", p->name, p->refcount); if (--p->refcount <= 0) { if (p->valid) - error("pkcs11_provider_unref: %p still valid", p); + error_f("provider \"%s\" still valid", p->name); free(p->name); free(p->slotlist); free(p->slotinfo); @@ -166,7 +166,7 @@ pkcs11_provider_lookup(char *provider_id) struct pkcs11_provider *p; TAILQ_FOREACH(p, &pkcs11_providers, next) { - debug("check %p %s", p, p->name); + debug("check provider \"%s\"", p->name); if (!strcmp(provider_id, p->name)) return (p); } @@ -337,8 +337,8 @@ pkcs11_check_obj_bool_attrib(struct pkcs11_key *k11, CK_OBJECT_HANDLE obj, return (-1); } *val = flag != 0; - debug_f("provider %p slot %lu object %lu: attrib %lu = %d", - k11->provider, k11->slotidx, obj, type, *val); + debug_f("provider \"%s\" slot %lu object %lu: attrib %lu = %d", + k11->provider->name, k11->slotidx, obj, type, *val); return (0); } @@ -430,7 +430,7 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, int rval = -1; if ((k11 = RSA_get_ex_data(rsa, rsa_idx)) == NULL) { - error("RSA_get_ex_data failed for rsa %p", rsa); + error("RSA_get_ex_data failed"); return (-1); } -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Wed Aug 11 18:37:39 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Wed, 11 Aug 2021 18:37:39 +1000 Subject: [openssh-commits] [openssh] 02/02: upstream: oops, missed one more %p In-Reply-To: <162867105764.71503.17852691861220394384@fuyu.mindrot.org> References: <162867105764.71503.17852691861220394384@fuyu.mindrot.org> Message-ID: <5ca12828113e75ce@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit 750c1a45ba4e8ad63793d49418a0780e77947b9b Author: djm at openbsd.org Date: Wed Aug 11 05:21:32 2021 +0000 upstream: oops, missed one more %p OpenBSD-Commit-ID: e7e62818d1564cc5cd9086eaf7a51cbd1a9701eb --- sshbuf-misc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sshbuf-misc.c b/sshbuf-misc.c index afaab8d6..80714d1f 100644 --- a/sshbuf-misc.c +++ b/sshbuf-misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf-misc.c,v 1.16 2020/06/22 05:54:10 djm Exp $ */ +/* $OpenBSD: sshbuf-misc.c,v 1.17 2021/08/11 05:21:32 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -65,7 +65,7 @@ sshbuf_dump_data(const void *s, size_t len, FILE *f) void sshbuf_dump(const struct sshbuf *buf, FILE *f) { - fprintf(f, "buffer %p len = %zu\n", buf, sshbuf_len(buf)); + fprintf(f, "buffer len = %zu\n", sshbuf_len(buf)); sshbuf_dump_data(sshbuf_ptr(buf), sshbuf_len(buf), f); } -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Wed Aug 11 18:56:42 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Wed, 11 Aug 2021 18:56:42 +1000 Subject: [openssh-commits] [openssh] branch master updated (750c1a45 -> 2a2cd007) Message-ID: <162867220275.24606.4747113148815663082@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a change to branch master in repository openssh. from 750c1a45 upstream: oops, missed one more %p new b9f4635e upstream: when verifying sshsig signatures, support an option new 2a2cd007 upstream: test -Oprint-pubkey The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit 2a2cd00783e1da45ee730b7f453408af1358ef5b Author: djm at openbsd.org Date: Wed Aug 11 08:55:04 2021 +0000 upstream: test -Oprint-pubkey OpenBSD-Regress-ID: 3d51afb6d1f287975fb6fddd7a2c00a3bc5094e0 commit b9f4635ea5bc33ed5ebbacf332d79bae463b0f54 Author: djm at openbsd.org Date: Wed Aug 11 08:54:17 2021 +0000 upstream: when verifying sshsig signatures, support an option (-Oprint-pubkey) to dump the full public key to stdout; based on patch from Fabian Stelzer; ok markus@ OpenBSD-Commit-ID: 0598000e5b9adfb45d42afa76ff80daaa12fc3e2 Summary of changes: regress/sshsig.sh | 13 ++++++++++++- ssh-keygen.1 | 6 ++++-- ssh-keygen.c | 23 +++++++++++++++++++---- 3 files changed, 35 insertions(+), 7 deletions(-) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Wed Aug 11 18:56:43 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Wed, 11 Aug 2021 18:56:43 +1000 Subject: [openssh-commits] [openssh] 01/02: upstream: when verifying sshsig signatures, support an option In-Reply-To: <162867220275.24606.4747113148815663082@fuyu.mindrot.org> References: <162867220275.24606.4747113148815663082@fuyu.mindrot.org> Message-ID: <5ca1282eedeab931@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit b9f4635ea5bc33ed5ebbacf332d79bae463b0f54 Author: djm at openbsd.org Date: Wed Aug 11 08:54:17 2021 +0000 upstream: when verifying sshsig signatures, support an option (-Oprint-pubkey) to dump the full public key to stdout; based on patch from Fabian Stelzer; ok markus@ OpenBSD-Commit-ID: 0598000e5b9adfb45d42afa76ff80daaa12fc3e2 --- ssh-keygen.1 | 6 ++++-- ssh-keygen.c | 23 +++++++++++++++++++---- 2 files changed, 23 insertions(+), 6 deletions(-) diff --git a/ssh-keygen.1 b/ssh-keygen.1 index c157186a..f83f515f 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.215 2021/07/23 06:01:17 jmc Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.216 2021/08/11 08:54:17 djm Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 23 2021 $ +.Dd $Mdocdate: August 11 2021 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -537,6 +537,8 @@ When performing signature-related options using the .Fl Y flag, the following options are accepted: .Bl -tag -width Ds +.It Cm print-pubkey +Print the full public key to standard output after signature verification. .It Cm verify-time Ns = Ns Ar timestamp Specifies a time to use when validating signatures instead of the current time. diff --git a/ssh-keygen.c b/ssh-keygen.c index 07910115..18e9f1d1 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.434 2021/07/24 02:51:14 dtucker Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.435 2021/08/11 08:54:17 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -2673,12 +2673,14 @@ done: } static int -sig_process_opts(char * const *opts, size_t nopts, uint64_t *verify_timep) +sig_process_opts(char * const *opts, size_t nopts, uint64_t *verify_timep, + int *print_pubkey) { size_t i; time_t now; *verify_timep = 0; + *print_pubkey = 0; for (i = 0; i < nopts; i++) { if (strncasecmp(opts[i], "verify-time=", 12) == 0) { if (parse_absolute_time(opts[i] + 12, @@ -2686,6 +2688,9 @@ sig_process_opts(char * const *opts, size_t nopts, uint64_t *verify_timep) error("Invalid \"verify-time\" option"); return SSH_ERR_INVALID_ARGUMENT; } + } else if (print_pubkey && + strcasecmp(opts[i], "print-pubkey") == 0) { + *print_pubkey = 1; } else { error("Invalid option \"%s\"", opts[i]); return SSH_ERR_INVALID_ARGUMENT; @@ -2707,13 +2712,14 @@ sig_verify(const char *signature, const char *sig_namespace, char * const *opts, size_t nopts) { int r, ret = -1; + int print_pubkey = 0; struct sshbuf *sigbuf = NULL, *abuf = NULL; struct sshkey *sign_key = NULL; char *fp = NULL; struct sshkey_sig_details *sig_details = NULL; uint64_t verify_time = 0; - if (sig_process_opts(opts, nopts, &verify_time) != 0) + if (sig_process_opts(opts, nopts, &verify_time, &print_pubkey) != 0) goto done; /* error already logged */ memset(&sig_details, 0, sizeof(sig_details)); @@ -2774,6 +2780,15 @@ done: printf("Could not verify signature.\n"); } } + /* Print the signature key if requested */ + if (ret == 0 && print_pubkey && sign_key != NULL) { + if ((r = sshkey_write(sign_key, stdout)) == 0) + fputc('\n', stdout); + else { + error_r(r, "Could not print public key.\n"); + ret = -1; + } + } sshbuf_free(sigbuf); sshbuf_free(abuf); sshkey_free(sign_key); @@ -2792,7 +2807,7 @@ sig_find_principals(const char *signature, const char *allowed_keys, char *principals = NULL, *cp, *tmp; uint64_t verify_time = 0; - if (sig_process_opts(opts, nopts, &verify_time) != 0) + if (sig_process_opts(opts, nopts, &verify_time, NULL) != 0) goto done; /* error already logged */ if ((r = sshbuf_load_file(signature, &abuf)) != 0) { -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Wed Aug 11 18:56:44 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Wed, 11 Aug 2021 18:56:44 +1000 Subject: [openssh-commits] [openssh] 02/02: upstream: test -Oprint-pubkey In-Reply-To: <162867220275.24606.4747113148815663082@fuyu.mindrot.org> References: <162867220275.24606.4747113148815663082@fuyu.mindrot.org> Message-ID: <5ca128306083c0fa@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit 2a2cd00783e1da45ee730b7f453408af1358ef5b Author: djm at openbsd.org Date: Wed Aug 11 08:55:04 2021 +0000 upstream: test -Oprint-pubkey OpenBSD-Regress-ID: 3d51afb6d1f287975fb6fddd7a2c00a3bc5094e0 --- regress/sshsig.sh | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/regress/sshsig.sh b/regress/sshsig.sh index 29601361..fc300a8d 100644 --- a/regress/sshsig.sh +++ b/regress/sshsig.sh @@ -1,4 +1,4 @@ -# $OpenBSD: sshsig.sh,v 1.6 2021/07/23 03:54:55 djm Exp $ +# $OpenBSD: sshsig.sh,v 1.7 2021/08/11 08:55:04 djm Exp $ # Placed in the Public Domain. tid="sshsig" @@ -64,6 +64,17 @@ for t in $SIGNKEYS; do < $DATA >/dev/null 2>&1 || \ fail "failed signature for $t key w/ limited namespace" + (printf "$sig_principal namespaces=\"$sig_namespace,whatever\" "; + cat $pubkey) > $OBJ/allowed_signers + ${SSHKEYGEN} -q -Y verify -s $sigfile -n $sig_namespace \ + -I $sig_principal -f $OBJ/allowed_signers \ + -O print-pubkey \ + < $DATA | cut -d' ' -f1-2 > ${OBJ}/${keybase}-fromsig.pub || \ + fail "failed signature for $t key w/ print-pubkey" + cut -d' ' -f1-2 ${OBJ}/${keybase}.pub > ${OBJ}/${keybase}-strip.pub + diff -r ${OBJ}/${keybase}-strip.pub ${OBJ}/${keybase}-fromsig.pub || \ + fail "print-pubkey differs from signature key" + # Invalid option (printf "$sig_principal octopus " ; cat $pubkey) > $OBJ/allowed_signers ${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \ -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Fri Aug 13 10:01:26 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Fri, 13 Aug 2021 10:01:26 +1000 Subject: [openssh-commits] [openssh] branch master updated (2a2cd007 -> dcce2a2b) Message-ID: <162881288667.21698.8782565723900289280@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a change to branch master in repository openssh. from 2a2cd007 upstream: test -Oprint-pubkey new 49f46f6d upstream: scp: do not spawn ssh with two -s flags for new e1371e4f upstream: scp: tweak man page and error message for -3 by default new 090a8248 upstream: In the editline(3) branch of the sftp(1) event loop, new dcce2a2b upstream: mention that CASignatureAlgorithms accepts +/- similarly to The 4 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit dcce2a2bcf007bf817a2fb0dce3db83fa9201e92 Author: djm at openbsd.org Date: Thu Aug 12 23:59:25 2021 +0000 upstream: mention that CASignatureAlgorithms accepts +/- similarly to the other algorithm list directives; ok jmc bz#3335 OpenBSD-Commit-ID: 0d46b53995817052c78e2dce9dbd133963b073d9 commit 090a82486e5d7a8f7f16613d67e66a673a40367f Author: schwarze at openbsd.org Date: Thu Aug 12 09:59:00 2021 +0000 upstream: In the editline(3) branch of the sftp(1) event loop, handle SIGINT rather than ignoring it, such that the user can use Ctrl-C to discard the currently edited command line and get a fresh prompt, just like in ftp(1), bc(1), and in shells. It is critical to not use ssl_signal() for this particular case because that function unconditionally sets SA_RESTART, but here we need the signal to interrupt the read(2) in the el_gets(3) event loop. OK dtucker@ deraadt@ OpenBSD-Commit-ID: 8025115a773f52e9bb562eaab37ea2e021cc7299 commit e1371e4f58404d6411d9f95eb774b444cea06a26 Author: naddy at openbsd.org Date: Wed Aug 11 14:07:54 2021 +0000 upstream: scp: tweak man page and error message for -3 by default Now that the -3 option is enabled by default, flip the documentation and error message logic from "requires -3" to "blocked by -R". ok djm@ OpenBSD-Commit-ID: a872592118444fb3acda5267b2a8c3d4c4252020 commit 49f46f6d77328a3d10a758522b670a3e8c2235e7 Author: naddy at openbsd.org Date: Wed Aug 11 14:05:19 2021 +0000 upstream: scp: do not spawn ssh with two -s flags for remote-to-remote copies Do not add another "-s" to the argument vector every time an SFTP connection is initiated. Instead, introduce a subsystem flag to do_cmd() and add "-s" when the flag is set. ok djm@ OpenBSD-Commit-ID: 25df69759f323661d31b2e1e790faa22e27966c1 Summary of changes: scp.1 | 10 +++++----- scp.c | 29 ++++++++++++++--------------- sftp.c | 24 ++++++++++++++++++++---- ssh_config.5 | 19 +++++++++++++++---- sshd_config.5 | 19 +++++++++++++++---- 5 files changed, 69 insertions(+), 32 deletions(-) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Fri Aug 13 10:01:27 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Fri, 13 Aug 2021 10:01:27 +1000 Subject: [openssh-commits] [openssh] 01/04: upstream: scp: do not spawn ssh with two -s flags for In-Reply-To: <162881288667.21698.8782565723900289280@fuyu.mindrot.org> References: <162881288667.21698.8782565723900289280@fuyu.mindrot.org> Message-ID: <5ca1286553b845ec@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit 49f46f6d77328a3d10a758522b670a3e8c2235e7 Author: naddy at openbsd.org Date: Wed Aug 11 14:05:19 2021 +0000 upstream: scp: do not spawn ssh with two -s flags for remote-to-remote copies Do not add another "-s" to the argument vector every time an SFTP connection is initiated. Instead, introduce a subsystem flag to do_cmd() and add "-s" when the flag is set. ok djm@ OpenBSD-Commit-ID: 25df69759f323661d31b2e1e790faa22e27966c1 --- scp.c | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/scp.c b/scp.c index e6935436..6c78dd7f 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.230 2021/08/10 03:33:34 djm Exp $ */ +/* $OpenBSD: scp.c,v 1.231 2021/08/11 14:05:19 naddy Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -138,10 +138,8 @@ extern char *__progname; #define COPY_BUFLEN 16384 -int do_cmd(char *program, char *host, char *remuser, int port, char *cmd, - int *fdin, int *fdout, pid_t *pidp); -int do_cmd2(char *host, char *remuser, int port, char *cmd, - int fdin, int fdout); +int do_cmd(char *, char *, char *, int, int, char *, int *, int *, pid_t *); +int do_cmd2(char *, char *, int, char *, int, int); /* Struct for addargs */ arglist args; @@ -270,8 +268,8 @@ do_local_cmd(arglist *a) */ int -do_cmd(char *program, char *host, char *remuser, int port, char *cmd, - int *fdin, int *fdout, pid_t *pid) +do_cmd(char *program, char *host, char *remuser, int port, int subsystem, + char *cmd, int *fdin, int *fdout, pid_t *pid) { int pin[2], pout[2], reserved[2]; @@ -325,6 +323,8 @@ do_cmd(char *program, char *host, char *remuser, int port, char *cmd, addargs(&args, "-l"); addargs(&args, "%s", remuser); } + if (subsystem) + addargs(&args, "-s"); addargs(&args, "--"); addargs(&args, "%s", host); addargs(&args, "%s", cmd); @@ -962,15 +962,14 @@ do_sftp_connect(char *host, char *user, int port, char *sftp_direct, int *reminp, int *remoutp, int *pidp) { if (sftp_direct == NULL) { - addargs(&args, "-s"); - if (do_cmd(ssh_program, host, user, port, "sftp", + if (do_cmd(ssh_program, host, user, port, 1, "sftp", reminp, remoutp, pidp) < 0) return NULL; } else { args.list = NULL; addargs(&args, "sftp-server"); - if (do_cmd(sftp_direct, host, NULL, -1, "sftp", + if (do_cmd(sftp_direct, host, NULL, -1, 0, "sftp", reminp, remoutp, pidp) < 0) return NULL; } @@ -1069,7 +1068,7 @@ toremote(int argc, char **argv, enum scp_mode_e mode, char *sftp_direct) } else { xasprintf(&bp, "%s -f %s%s", cmd, *src == '-' ? "-- " : "", src); - if (do_cmd(ssh_program, host, suser, sport, + if (do_cmd(ssh_program, host, suser, sport, 0, bp, &remin, &remout, &do_cmd_pid) < 0) exit(1); free(bp); @@ -1147,8 +1146,8 @@ toremote(int argc, char **argv, enum scp_mode_e mode, char *sftp_direct) if (remin == -1) { xasprintf(&bp, "%s -t %s%s", cmd, *targ == '-' ? "-- " : "", targ); - if (do_cmd(ssh_program, thost, tuser, tport, bp, - &remin, &remout, &do_cmd_pid) < 0) + if (do_cmd(ssh_program, thost, tuser, tport, 0, + bp, &remin, &remout, &do_cmd_pid) < 0) exit(1); if (response() < 0) exit(1); @@ -1232,7 +1231,7 @@ tolocal(int argc, char **argv, enum scp_mode_e mode, char *sftp_direct) /* SCP */ xasprintf(&bp, "%s -f %s%s", cmd, *src == '-' ? "-- " : "", src); - if (do_cmd(ssh_program, host, suser, sport, bp, + if (do_cmd(ssh_program, host, suser, sport, 0, bp, &remin, &remout, &do_cmd_pid) < 0) { free(bp); ++errs; -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Fri Aug 13 10:01:28 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Fri, 13 Aug 2021 10:01:28 +1000 Subject: [openssh-commits] [openssh] 02/04: upstream: scp: tweak man page and error message for -3 by default In-Reply-To: <162881288667.21698.8782565723900289280@fuyu.mindrot.org> References: <162881288667.21698.8782565723900289280@fuyu.mindrot.org> Message-ID: <5ca12867936fbb6d@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit e1371e4f58404d6411d9f95eb774b444cea06a26 Author: naddy at openbsd.org Date: Wed Aug 11 14:07:54 2021 +0000 upstream: scp: tweak man page and error message for -3 by default Now that the -3 option is enabled by default, flip the documentation and error message logic from "requires -3" to "blocked by -R". ok djm@ OpenBSD-Commit-ID: a872592118444fb3acda5267b2a8c3d4c4252020 --- scp.1 | 10 +++++----- scp.c | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/scp.1 b/scp.1 index 972269af..68aac04b 100644 --- a/scp.1 +++ b/scp.1 @@ -8,9 +8,9 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.99 2021/08/10 03:33:34 djm Exp $ +.\" $OpenBSD: scp.1,v 1.100 2021/08/11 14:07:54 naddy Exp $ .\" -.Dd $Mdocdate: August 10 2021 $ +.Dd $Mdocdate: August 11 2021 $ .Dt SCP 1 .Os .Sh NAME @@ -67,10 +67,10 @@ as host specifiers. .Pp When copying between two remote hosts, if the URI format is used, a .Ar port -may only be specified on the +cannot be specified on the .Ar target if the -.Fl 3 +.Fl R option is used. .Pp The options are as follows: @@ -260,7 +260,7 @@ The program must understand options. .It Fl s Use the SFTP protocol for file transfers instead of the legacy SCP protocol. -Using SFTP provides avoids invoking a shell on the remote side and provides +Using SFTP avoids invoking a shell on the remote side and provides more predictable filename handling, as the SCP protocol relied on the remote shell for expanding .Xr glob 3 diff --git a/scp.c b/scp.c index 6c78dd7f..e039350c 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.231 2021/08/11 14:05:19 naddy Exp $ */ +/* $OpenBSD: scp.c,v 1.232 2021/08/11 14:07:54 naddy Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -1095,7 +1095,7 @@ toremote(int argc, char **argv, enum scp_mode_e mode, char *sftp_direct) if (tport != -1 && tport != SSH_DEFAULT_PORT) { /* This would require the remote support URIs */ fatal("target port not supported with two " - "remote hosts without the -3 option"); + "remote hosts and the -R option"); } freeargs(&alist); -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Fri Aug 13 10:01:29 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Fri, 13 Aug 2021 10:01:29 +1000 Subject: [openssh-commits] [openssh] 03/04: upstream: In the editline(3) branch of the sftp(1) event loop, In-Reply-To: <162881288667.21698.8782565723900289280@fuyu.mindrot.org> References: <162881288667.21698.8782565723900289280@fuyu.mindrot.org> Message-ID: <5ca12869873fb297@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit 090a82486e5d7a8f7f16613d67e66a673a40367f Author: schwarze at openbsd.org Date: Thu Aug 12 09:59:00 2021 +0000 upstream: In the editline(3) branch of the sftp(1) event loop, handle SIGINT rather than ignoring it, such that the user can use Ctrl-C to discard the currently edited command line and get a fresh prompt, just like in ftp(1), bc(1), and in shells. It is critical to not use ssl_signal() for this particular case because that function unconditionally sets SA_RESTART, but here we need the signal to interrupt the read(2) in the el_gets(3) event loop. OK dtucker@ deraadt@ OpenBSD-Commit-ID: 8025115a773f52e9bb562eaab37ea2e021cc7299 --- sftp.c | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/sftp.c b/sftp.c index 95b2e0b7..69f84cdc 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.210 2021/08/07 00:12:09 djm Exp $ */ +/* $OpenBSD: sftp.c,v 1.211 2021/08/12 09:59:00 schwarze Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -252,6 +252,13 @@ cmd_interrupt(int signo) errno = olderrno; } +/* ARGSUSED */ +static void +read_interrupt(int signo) +{ + interrupted = 1; +} + /*ARGSUSED*/ static void sigchld_handler(int sig) @@ -2197,8 +2204,6 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2) interactive = !batchmode && isatty(STDIN_FILENO); err = 0; for (;;) { - ssh_signal(SIGINT, SIG_IGN); - if (el == NULL) { if (interactive) printf("sftp> "); @@ -2211,10 +2216,21 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2) #ifdef USE_LIBEDIT const char *line; int count = 0; + struct sigaction sa; + interrupted = 0; + memset(&sa, 0, sizeof(sa)); + sa.sa_handler = read_interrupt; + if (sigaction(SIGINT, &sa, NULL) == -1) { + debug3("sigaction(%s): %s", + strsignal(SIGINT), strerror(errno)); + break; + } if ((line = el_gets(el, &count)) == NULL || count <= 0) { printf("\n"); + if (interrupted) + continue; break; } history(hl, &hev, H_ENTER, line); -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Fri Aug 13 10:01:30 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Fri, 13 Aug 2021 10:01:30 +1000 Subject: [openssh-commits] [openssh] 04/04: upstream: mention that CASignatureAlgorithms accepts +/- similarly to In-Reply-To: <162881288667.21698.8782565723900289280@fuyu.mindrot.org> References: <162881288667.21698.8782565723900289280@fuyu.mindrot.org> Message-ID: <5ca1286b94eea9f7@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit dcce2a2bcf007bf817a2fb0dce3db83fa9201e92 Author: djm at openbsd.org Date: Thu Aug 12 23:59:25 2021 +0000 upstream: mention that CASignatureAlgorithms accepts +/- similarly to the other algorithm list directives; ok jmc bz#3335 OpenBSD-Commit-ID: 0d46b53995817052c78e2dce9dbd133963b073d9 --- ssh_config.5 | 19 +++++++++++++++---- sshd_config.5 | 19 +++++++++++++++---- 2 files changed, 30 insertions(+), 8 deletions(-) diff --git a/ssh_config.5 b/ssh_config.5 index 199fd608..cd0eea86 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.361 2021/08/06 05:04:42 dtucker Exp $ -.Dd $Mdocdate: August 6 2021 $ +.\" $OpenBSD: ssh_config.5,v 1.362 2021/08/12 23:59:25 djm Exp $ +.Dd $Mdocdate: August 12 2021 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -377,11 +377,22 @@ Specifies which algorithms are allowed for signing of certificates by certificate authorities (CAs). The default is: .Bd -literal -offset indent -ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, -sk-ssh-ed25519 at openssh.com,sk-ecdsa-sha2-nistp256 at openssh.com, +ssh-ed25519,ecdsa-sha2-nistp256, +ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, +sk-ssh-ed25519 at openssh.com, +sk-ecdsa-sha2-nistp256 at openssh.com, rsa-sha2-512,rsa-sha2-256 .Ed .Pp +If the specified list begins with a +.Sq + +character, then the specified algorithms will be appended to the default set +instead of replacing them. +If the specified list begins with a +.Sq - +character, then the specified algorithms (including wildcards) will be removed +from the default set instead of replacing them. +.Pp .Xr ssh 1 will not accept host certificates signed using algorithms other than those specified. diff --git a/sshd_config.5 b/sshd_config.5 index a33280e1..69d55206 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.333 2021/07/27 14:28:46 jmc Exp $ -.Dd $Mdocdate: July 27 2021 $ +.\" $OpenBSD: sshd_config.5,v 1.334 2021/08/12 23:59:25 djm Exp $ +.Dd $Mdocdate: August 12 2021 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -377,11 +377,22 @@ Specifies which algorithms are allowed for signing of certificates by certificate authorities (CAs). The default is: .Bd -literal -offset indent -ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, -sk-ssh-ed25519 at openssh.com,sk-ecdsa-sha2-nistp256 at openssh.com, +ssh-ed25519,ecdsa-sha2-nistp256, +ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, +sk-ssh-ed25519 at openssh.com, +sk-ecdsa-sha2-nistp256 at openssh.com, rsa-sha2-512,rsa-sha2-256 .Ed .Pp +If the specified list begins with a +.Sq + +character, then the specified algorithms will be appended to the default set +instead of replacing them. +If the specified list begins with a +.Sq - +character, then the specified algorithms (including wildcards) will be removed +from the default set instead of replacing them. +.Pp Certificates signed using other algorithms will not be accepted for public key or host-based authentication. .It Cm ChrootDirectory -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Fri Aug 13 13:47:37 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Fri, 13 Aug 2021 13:47:37 +1000 Subject: [openssh-commits] [openssh] branch master updated (dcce2a2b -> e5063564) Message-ID: <162882645706.65453.15206863897567324855@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a change to branch master in repository openssh. from dcce2a2b upstream: mention that CASignatureAlgorithms accepts +/- similarly to new e0ba3886 Skip scp3 test on dragonfly 58 and 60. new e5063564 Test OpenSSH from OpenBSD head on 6.8 and 6.9. The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit e50635640f79920d9375e0155cb3f4adb870eee5 Author: Darren Tucker Date: Fri Aug 13 13:21:00 2021 +1000 Test OpenSSH from OpenBSD head on 6.8 and 6.9. commit e0ba38861c490c680117b7fe0a1d61a181cd00e7 Author: Darren Tucker Date: Fri Aug 13 13:00:14 2021 +1000 Skip scp3 test on dragonfly 58 and 60. The tests hang, so skip until we figure them out. Summary of changes: .github/configs | 4 ++++ .github/workflows/upstream.yml | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Fri Aug 13 13:47:38 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Fri, 13 Aug 2021 13:47:38 +1000 Subject: [openssh-commits] [openssh] 01/02: Skip scp3 test on dragonfly 58 and 60. In-Reply-To: <162882645706.65453.15206863897567324855@fuyu.mindrot.org> References: <162882645706.65453.15206863897567324855@fuyu.mindrot.org> Message-ID: <5ca1287139f54061@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit e0ba38861c490c680117b7fe0a1d61a181cd00e7 Author: Darren Tucker Date: Fri Aug 13 13:00:14 2021 +1000 Skip scp3 test on dragonfly 58 and 60. The tests hang, so skip until we figure them out. --- .github/configs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/configs b/.github/configs index 3a7f6287..f6de7d68 100755 --- a/.github/configs +++ b/.github/configs @@ -114,6 +114,10 @@ case "$config" in esac case "${TARGET_HOST}" in + dfly58|dfly60) + # scp 3-way connection hangs on these so skip until sorted. + SKIP_LTESTS=scp3 + ;; minix3) CC="clang" LIBCRYPTOFLAGS="--without-openssl" -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Fri Aug 13 13:47:39 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Fri, 13 Aug 2021 13:47:39 +1000 Subject: [openssh-commits] [openssh] 02/02: Test OpenSSH from OpenBSD head on 6.8 and 6.9. In-Reply-To: <162882645706.65453.15206863897567324855@fuyu.mindrot.org> References: <162882645706.65453.15206863897567324855@fuyu.mindrot.org> Message-ID: <5ca12873c9d7f612@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit e50635640f79920d9375e0155cb3f4adb870eee5 Author: Darren Tucker Date: Fri Aug 13 13:21:00 2021 +1000 Test OpenSSH from OpenBSD head on 6.8 and 6.9. --- .github/workflows/upstream.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/upstream.yml b/.github/workflows/upstream.yml index 5004aa83..f0493c12 100644 --- a/.github/workflows/upstream.yml +++ b/.github/workflows/upstream.yml @@ -13,7 +13,7 @@ jobs: strategy: fail-fast: false matrix: - os: [ obsdsnap, obsdsnap-i386 ] + os: [ obsdsnap, obsdsnap-i386, obsd69, obsd68 ] configs: [ default, without-openssl ] steps: - uses: actions/checkout at v2 -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Sun Aug 15 06:09:42 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Sun, 15 Aug 2021 06:09:42 +1000 Subject: [openssh-commits] [openssh] branch master updated (e5063564 -> e65198e5) Message-ID: <162897178273.89285.9847406519139359748@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. tim pushed a change to branch master in repository openssh. from e5063564 Test OpenSSH from OpenBSD head on 6.8 and 6.9. new e65198e5 openbsd-compat/openbsd-compat.h: put bsd-signal.h before bsd-misc.h to get sigset_t from signal.h needed for the pselect replacement. The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit e65198e52cb03534e8c846d1bca74c310b1526de Author: Tim Rice Date: Sat Aug 14 13:08:07 2021 -0700 openbsd-compat/openbsd-compat.h: put bsd-signal.h before bsd-misc.h to get sigset_t from signal.h needed for the pselect replacement. Summary of changes: openbsd-compat/openbsd-compat.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Sun Aug 15 06:09:43 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Sun, 15 Aug 2021 06:09:43 +1000 Subject: [openssh-commits] [openssh] 01/01: openbsd-compat/openbsd-compat.h: put bsd-signal.h before bsd-misc.h to get sigset_t from signal.h needed for the pselect replacement. In-Reply-To: <162897178273.89285.9847406519139359748@fuyu.mindrot.org> References: <162897178273.89285.9847406519139359748@fuyu.mindrot.org> Message-ID: This is an automated email from the git hooks/post-receive script. tim pushed a commit to branch master in repository openssh. commit e65198e52cb03534e8c846d1bca74c310b1526de Author: Tim Rice Date: Sat Aug 14 13:08:07 2021 -0700 openbsd-compat/openbsd-compat.h: put bsd-signal.h before bsd-misc.h to get sigset_t from signal.h needed for the pselect replacement. --- openbsd-compat/openbsd-compat.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index 64c7cdf1..a7209ceb 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -195,9 +195,9 @@ int writev(int, struct iovec *, int); #endif /* Home grown routines */ +#include "bsd-signal.h" #include "bsd-misc.h" #include "bsd-setres_id.h" -#include "bsd-signal.h" #include "bsd-statvfs.h" #include "bsd-waitpid.h" #include "bsd-poll.h" -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Sun Aug 15 12:45:56 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Sun, 15 Aug 2021 12:45:56 +1000 Subject: [openssh-commits] [openssh] branch master updated (e65198e5 -> 7909a566) Message-ID: <162899555675.28285.8281665432594087903@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a change to branch master in repository openssh. from e65198e5 openbsd-compat/openbsd-compat.h: put bsd-signal.h before bsd-misc.h to get sigset_t from signal.h needed for the pselect replacement. new 7909a566 Skip scp3 tests on all dfly58 and 60 configs. The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit 7909a566f6c6a78fcd30708dc49f4e4f9bb80ce3 Author: Darren Tucker Date: Sun Aug 15 12:45:10 2021 +1000 Skip scp3 tests on all dfly58 and 60 configs. Summary of changes: .github/configs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Sun Aug 15 12:45:57 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Sun, 15 Aug 2021 12:45:57 +1000 Subject: [openssh-commits] [openssh] 01/01: Skip scp3 tests on all dfly58 and 60 configs. In-Reply-To: <162899555675.28285.8281665432594087903@fuyu.mindrot.org> References: <162899555675.28285.8281665432594087903@fuyu.mindrot.org> Message-ID: This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit 7909a566f6c6a78fcd30708dc49f4e4f9bb80ce3 Author: Darren Tucker Date: Sun Aug 15 12:45:10 2021 +1000 Skip scp3 tests on all dfly58 and 60 configs. --- .github/configs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/configs b/.github/configs index f6de7d68..813dd0f7 100755 --- a/.github/configs +++ b/.github/configs @@ -114,7 +114,7 @@ case "$config" in esac case "${TARGET_HOST}" in - dfly58|dfly60) + dfly58*|dfly60*) # scp 3-way connection hangs on these so skip until sorted. SKIP_LTESTS=scp3 ;; -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Sun Aug 15 19:37:49 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Sun, 15 Aug 2021 19:37:49 +1000 Subject: [openssh-commits] [openssh] branch master updated (7909a566 -> 7c9115bb) Message-ID: <162902026960.35689.9347279618831848930@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a change to branch master in repository openssh. from 7909a566 Skip scp3 tests on all dfly58 and 60 configs. new 7c9115bb Add hurd test target. The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit 7c9115bbbf958fbf85259a061c1122e2d046aabf Author: Darren Tucker Date: Sun Aug 15 19:37:22 2021 +1000 Add hurd test target. Summary of changes: .github/configs | 3 +++ .github/workflows/selfhosted.yml | 1 + 2 files changed, 4 insertions(+) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Sun Aug 15 19:37:50 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Sun, 15 Aug 2021 19:37:50 +1000 Subject: [openssh-commits] [openssh] 01/01: Add hurd test target. In-Reply-To: <162902026960.35689.9347279618831848930@fuyu.mindrot.org> References: <162902026960.35689.9347279618831848930@fuyu.mindrot.org> Message-ID: This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit 7c9115bbbf958fbf85259a061c1122e2d046aabf Author: Darren Tucker Date: Sun Aug 15 19:37:22 2021 +1000 Add hurd test target. --- .github/configs | 3 +++ .github/workflows/selfhosted.yml | 1 + 2 files changed, 4 insertions(+) diff --git a/.github/configs b/.github/configs index 813dd0f7..bf7b7157 100755 --- a/.github/configs +++ b/.github/configs @@ -118,6 +118,9 @@ case "${TARGET_HOST}" in # scp 3-way connection hangs on these so skip until sorted. SKIP_LTESTS=scp3 ;; + hurd) + SKIP_LTESTS="forwarding multiplex proxy-connect hostkey-agent" + ;; minix3) CC="clang" LIBCRYPTOFLAGS="--without-openssl" diff --git a/.github/workflows/selfhosted.yml b/.github/workflows/selfhosted.yml index a7c2ca66..df6eca71 100644 --- a/.github/workflows/selfhosted.yml +++ b/.github/workflows/selfhosted.yml @@ -26,6 +26,7 @@ jobs: - fbsd10 - fbsd12 - fbsd13 + - hurd - minix3 # - nbsd2 - nbsd3 -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Sun Aug 15 23:25:42 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Sun, 15 Aug 2021 23:25:42 +1000 Subject: [openssh-commits] [openssh] branch master updated (7c9115bb -> 20e6eefc) Message-ID: <162903394243.38916.2141379326816564856@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a change to branch master in repository openssh. from 7c9115bb Add hurd test target. new 20e6eefc Skip agent ptrace test on hurd. The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit 20e6eefcdf78394f05e453d456c1212ffaa6b6a4 Author: Darren Tucker Date: Sun Aug 15 23:25:26 2021 +1000 Skip agent ptrace test on hurd. Summary of changes: .github/configs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Sun Aug 15 23:25:43 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Sun, 15 Aug 2021 23:25:43 +1000 Subject: [openssh-commits] [openssh] 01/01: Skip agent ptrace test on hurd. In-Reply-To: <162903394243.38916.2141379326816564856@fuyu.mindrot.org> References: <162903394243.38916.2141379326816564856@fuyu.mindrot.org> Message-ID: This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit 20e6eefcdf78394f05e453d456c1212ffaa6b6a4 Author: Darren Tucker Date: Sun Aug 15 23:25:26 2021 +1000 Skip agent ptrace test on hurd. --- .github/configs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/configs b/.github/configs index bf7b7157..12578c06 100755 --- a/.github/configs +++ b/.github/configs @@ -119,7 +119,7 @@ case "${TARGET_HOST}" in SKIP_LTESTS=scp3 ;; hurd) - SKIP_LTESTS="forwarding multiplex proxy-connect hostkey-agent" + SKIP_LTESTS="forwarding multiplex proxy-connect hostkey-agent agent-ptrace" ;; minix3) CC="clang" -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Mon Aug 16 21:49:53 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Mon, 16 Aug 2021 21:49:53 +1000 Subject: [openssh-commits] [openssh] branch master updated (20e6eefc -> 6a24567a) Message-ID: <162911459352.24657.5320919780325783465@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a change to branch master in repository openssh. from 20e6eefc Skip agent ptrace test on hurd. new b467cf13 Remove deprecated ubuntu-16.04 test targets. new 6a24567a Improve github test driver script. The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit 6a24567a29bd7b4ab64e1afad859ea845cbc6b8c Author: Darren Tucker Date: Mon Aug 16 14:13:02 2021 +1000 Improve github test driver script. - use a trap to always output any failed regress logs (since the script sets -e, the existing log output is never invoked). - pass LTESTS and SKIP_LTESTS when re-running with sshd options (eg. UsePAM). commit b467cf13705f59ed348b620722ac098fe31879b7 Author: Darren Tucker Date: Mon Aug 16 11:32:23 2021 +1000 Remove deprecated ubuntu-16.04 test targets. Github has deprecated ubuntu-16.04 and it will be removed on 20 September. Summary of changes: .github/run_test.sh | 33 +++++++++++++++++---------------- .github/workflows/c-cpp.yml | 4 +--- 2 files changed, 18 insertions(+), 19 deletions(-) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Mon Aug 16 21:49:54 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Mon, 16 Aug 2021 21:49:54 +1000 Subject: [openssh-commits] [openssh] 01/02: Remove deprecated ubuntu-16.04 test targets. In-Reply-To: <162911459352.24657.5320919780325783465@fuyu.mindrot.org> References: <162911459352.24657.5320919780325783465@fuyu.mindrot.org> Message-ID: This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit b467cf13705f59ed348b620722ac098fe31879b7 Author: Darren Tucker Date: Mon Aug 16 11:32:23 2021 +1000 Remove deprecated ubuntu-16.04 test targets. Github has deprecated ubuntu-16.04 and it will be removed on 20 September. --- .github/workflows/c-cpp.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml index a8234ab8..289b18b7 100644 --- a/.github/workflows/c-cpp.yml +++ b/.github/workflows/c-cpp.yml @@ -13,7 +13,7 @@ jobs: fail-fast: false matrix: # First we test all OSes in the default configuration. - os: [ubuntu-20.04, ubuntu-18.04, ubuntu-16.04, macos-10.15, macos-11.0] + os: [ubuntu-20.04, ubuntu-18.04, macos-10.15, macos-11.0] configs: [default] # Then we include any extra configs we want to test for specific VMs. # Valgrind slows things down quite a bit, so start them first. @@ -47,8 +47,6 @@ jobs: - { os: ubuntu-18.04, configs: selinux } - { os: ubuntu-18.04, configs: kitchensink } - { os: ubuntu-18.04, configs: without-openssl } - - { os: ubuntu-16.04, configs: pam } - - { os: ubuntu-16.04, configs: kitchensink } - { os: macos-10.15, configs: pam } - { os: macos-11.0, configs: pam } runs-on: ${{ matrix.os }} -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Mon Aug 16 21:49:55 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Mon, 16 Aug 2021 21:49:55 +1000 Subject: [openssh-commits] [openssh] 02/02: Improve github test driver script. In-Reply-To: <162911459352.24657.5320919780325783465@fuyu.mindrot.org> References: <162911459352.24657.5320919780325783465@fuyu.mindrot.org> Message-ID: This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit 6a24567a29bd7b4ab64e1afad859ea845cbc6b8c Author: Darren Tucker Date: Mon Aug 16 14:13:02 2021 +1000 Improve github test driver script. - use a trap to always output any failed regress logs (since the script sets -e, the existing log output is never invoked). - pass LTESTS and SKIP_LTESTS when re-running with sshd options (eg. UsePAM). --- .github/run_test.sh | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/.github/run_test.sh b/.github/run_test.sh index 7ef17697..adf2568a 100755 --- a/.github/run_test.sh +++ b/.github/run_test.sh @@ -6,28 +6,29 @@ set -ex +output_failed_logs() { + for i in regress/failed*; do + if [ -f "$i" ]; then + echo ------------------------------------------------------------------------- + echo LOGFILE $i + cat $i + echo ------------------------------------------------------------------------- + fi + done +} +trap output_failed_logs 0 + if [ -z "${LTESTS}" ]; then make ${TEST_TARGET} SKIP_LTESTS="${SKIP_LTESTS}" - result=$? else make ${TEST_TARGET} SKIP_LTESTS="${SKIP_LTESTS}" LTESTS="${LTESTS}" - result=$? fi if [ ! -z "${SSHD_CONFOPTS}" ]; then - echo "rerunning tests with TEST_SSH_SSHD_CONFOPTS='${SSHD_CONFOPTS}'" - make t-exec TEST_SSH_SSHD_CONFOPTS="${SSHD_CONFOPTS}" - result2=$? - if [ "${result2}" -ne 0 ]; then - result="${result2}" + echo "rerunning t-exec with TEST_SSH_SSHD_CONFOPTS='${SSHD_CONFOPTS}'" + if [ -z "${LTESTS}" ]; then + make t-exec SKIP_LTESTS="${SKIP_LTESTS}" TEST_SSH_SSHD_CONFOPTS="${SSHD_CONFOPTS}" + else + make t-exec SKIP_LTESTS="${SKIP_LTESTS}" LTESTS="${LTESTS}" TEST_SSH_SSHD_CONFOPTS="${SSHD_CONFOPTS}" fi fi - -if [ "$result" -ne "0" ]; then - for i in regress/failed*; do - echo ------------------------------------------------------------------------- - echo LOGFILE $i - cat $i - echo ------------------------------------------------------------------------- - done -fi -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Aug 17 08:04:22 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 17 Aug 2021 08:04:22 +1000 Subject: [openssh-commits] [openssh] branch master updated (6a24567a -> b71b2508) Message-ID: <162915146188.53071.731366139043251033@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a change to branch master in repository openssh. from 6a24567a Improve github test driver script. new b71b2508 Put stdint.h inside HAVE_STDINT_H. The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit b71b2508f17c68c5d9dbbe537686d81cedb9a781 Author: Darren Tucker Date: Tue Aug 17 07:59:27 2021 +1000 Put stdint.h inside HAVE_STDINT_H. From Tom G. Christensen. Summary of changes: regress/unittests/authopt/tests.c | 2 ++ regress/unittests/misc/test_argv.c | 2 ++ regress/unittests/misc/test_convtime.c | 2 ++ regress/unittests/misc/test_expand.c | 2 ++ regress/unittests/misc/test_parse.c | 2 ++ regress/unittests/misc/test_strdelim.c | 2 ++ regress/unittests/misc/tests.c | 2 ++ 7 files changed, 14 insertions(+) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Aug 17 08:04:23 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 17 Aug 2021 08:04:23 +1000 Subject: [openssh-commits] [openssh] 01/01: Put stdint.h inside HAVE_STDINT_H. In-Reply-To: <162915146188.53071.731366139043251033@fuyu.mindrot.org> References: <162915146188.53071.731366139043251033@fuyu.mindrot.org> Message-ID: This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit b71b2508f17c68c5d9dbbe537686d81cedb9a781 Author: Darren Tucker Date: Tue Aug 17 07:59:27 2021 +1000 Put stdint.h inside HAVE_STDINT_H. From Tom G. Christensen. --- regress/unittests/authopt/tests.c | 2 ++ regress/unittests/misc/test_argv.c | 2 ++ regress/unittests/misc/test_convtime.c | 2 ++ regress/unittests/misc/test_expand.c | 2 ++ regress/unittests/misc/test_parse.c | 2 ++ regress/unittests/misc/test_strdelim.c | 2 ++ regress/unittests/misc/tests.c | 2 ++ 7 files changed, 14 insertions(+) diff --git a/regress/unittests/authopt/tests.c b/regress/unittests/authopt/tests.c index 4e5526a0..9873c09c 100644 --- a/regress/unittests/authopt/tests.c +++ b/regress/unittests/authopt/tests.c @@ -11,7 +11,9 @@ #include #include #include +#ifdef HAVE_STDINT_H #include +#endif #include #include diff --git a/regress/unittests/misc/test_argv.c b/regress/unittests/misc/test_argv.c index d5c139a4..2cfebf2d 100644 --- a/regress/unittests/misc/test_argv.c +++ b/regress/unittests/misc/test_argv.c @@ -10,7 +10,9 @@ #include #include #include +#ifdef HAVE_STDINT_H #include +#endif #include #include diff --git a/regress/unittests/misc/test_convtime.c b/regress/unittests/misc/test_convtime.c index 5be3ee43..8f9be89f 100644 --- a/regress/unittests/misc/test_convtime.c +++ b/regress/unittests/misc/test_convtime.c @@ -10,7 +10,9 @@ #include #include #include +#ifdef HAVE_STDINT_H #include +#endif #include #include diff --git a/regress/unittests/misc/test_expand.c b/regress/unittests/misc/test_expand.c index c336fb0b..513c69bc 100644 --- a/regress/unittests/misc/test_expand.c +++ b/regress/unittests/misc/test_expand.c @@ -10,7 +10,9 @@ #include #include #include +#ifdef HAVE_STDINT_H #include +#endif #include #include diff --git a/regress/unittests/misc/test_parse.c b/regress/unittests/misc/test_parse.c index dd99068d..727ff3de 100644 --- a/regress/unittests/misc/test_parse.c +++ b/regress/unittests/misc/test_parse.c @@ -10,7 +10,9 @@ #include #include #include +#ifdef HAVE_STDINT_H #include +#endif #include #include diff --git a/regress/unittests/misc/test_strdelim.c b/regress/unittests/misc/test_strdelim.c index 46f46264..1d9133d4 100644 --- a/regress/unittests/misc/test_strdelim.c +++ b/regress/unittests/misc/test_strdelim.c @@ -10,7 +10,9 @@ #include #include #include +#ifdef HAVE_STDINT_H #include +#endif #include #include diff --git a/regress/unittests/misc/tests.c b/regress/unittests/misc/tests.c index 09b8efa1..b0b7cd43 100644 --- a/regress/unittests/misc/tests.c +++ b/regress/unittests/misc/tests.c @@ -10,7 +10,9 @@ #include #include #include +#ifdef HAVE_STDINT_H #include +#endif #include #include -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Wed Aug 18 12:53:43 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Wed, 18 Aug 2021 12:53:43 +1000 Subject: [openssh-commits] [openssh] branch master updated (b71b2508 -> 464ba22f) Message-ID: <162925522281.92660.8261872866130417795@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a change to branch master in repository openssh. from b71b2508 Put stdint.h inside HAVE_STDINT_H. new 7d878679 Remove trailing backslash on regress-unit-binaries new 464ba22f Check compiler for c99 declarations after code. The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit 464ba22f1e38d25402e5ec79a9b8d34a32df5a3f Author: Darren Tucker Date: Wed Aug 18 12:51:30 2021 +1000 Check compiler for c99 declarations after code. The sntrup761 reference code contains c99-style declarations after code so don't try to build that if the compiler doesn't support it. commit 7d878679a4b155a359d32104ff473f789501748d Author: Darren Tucker Date: Tue Aug 17 15:12:04 2021 +1000 Remove trailing backslash on regress-unit-binaries Summary of changes: Makefile.in | 2 +- configure.ac | 10 ++++++++++ defines.h | 6 +++--- 3 files changed, 14 insertions(+), 4 deletions(-) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Wed Aug 18 12:53:44 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Wed, 18 Aug 2021 12:53:44 +1000 Subject: [openssh-commits] [openssh] 01/02: Remove trailing backslash on regress-unit-binaries In-Reply-To: <162925522281.92660.8261872866130417795@fuyu.mindrot.org> References: <162925522281.92660.8261872866130417795@fuyu.mindrot.org> Message-ID: This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit 7d878679a4b155a359d32104ff473f789501748d Author: Darren Tucker Date: Tue Aug 17 15:12:04 2021 +1000 Remove trailing backslash on regress-unit-binaries --- Makefile.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.in b/Makefile.in index abf51d0e..b0293841 100644 --- a/Makefile.in +++ b/Makefile.in @@ -704,7 +704,7 @@ regress-unit-binaries: regress-prep $(REGRESSLIBS) \ regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \ regress/unittests/sshkey/test_sshkey$(EXEEXT) \ regress/unittests/sshsig/test_sshsig$(EXEEXT) \ - regress/unittests/utf8/test_utf8$(EXEEXT) \ + regress/unittests/utf8/test_utf8$(EXEEXT) tests: file-tests t-exec interop-tests unit echo all tests passed -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Wed Aug 18 12:53:45 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Wed, 18 Aug 2021 12:53:45 +1000 Subject: [openssh-commits] [openssh] 02/02: Check compiler for c99 declarations after code. In-Reply-To: <162925522281.92660.8261872866130417795@fuyu.mindrot.org> References: <162925522281.92660.8261872866130417795@fuyu.mindrot.org> Message-ID: This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit 464ba22f1e38d25402e5ec79a9b8d34a32df5a3f Author: Darren Tucker Date: Wed Aug 18 12:51:30 2021 +1000 Check compiler for c99 declarations after code. The sntrup761 reference code contains c99-style declarations after code so don't try to build that if the compiler doesn't support it. --- configure.ac | 10 ++++++++++ defines.h | 6 +++--- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index e728e323..01e7d2a4 100644 --- a/configure.ac +++ b/configure.ac @@ -307,6 +307,16 @@ AC_COMPILE_IFELSE( [ AC_MSG_RESULT([no]) ] ) +AC_MSG_CHECKING([if compiler accepts variable declarations after code]) +AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM([[#include ]], + [[ int a; a = 1; int b = 1; exit(a-b); ]])], + [ AC_MSG_RESULT([yes]) + AC_DEFINE(VARIABLE_DECLARATION_AFTER_CODE, [1], + [compiler variable declarations after code]) ], + [ AC_MSG_RESULT([no]) ] +) + if test "x$no_attrib_nonnull" != "x1" ; then AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) fi diff --git a/defines.h b/defines.h index 7fff562c..857abb8b 100644 --- a/defines.h +++ b/defines.h @@ -901,10 +901,10 @@ struct winsize { #endif /* - * sntrup761 uses variable length arrays, only enable if the compiler - * supports them. + * sntrup761 uses variable length arrays and c99-style declarations after code, + * so only enable if the compiler supports them. */ -#ifdef VARIABLE_LENGTH_ARRAYS +#if defined(VARIABLE_LENGTH_ARRAYS) && defined(VARIABLE_DECLARATION_AFTER_CODE) # define USE_SNTRUP761X25519 1 #endif #endif /* _DEFINES_H */ -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Fri Aug 20 08:40:33 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Fri, 20 Aug 2021 08:40:33 +1000 Subject: [openssh-commits] [openssh] branch master updated (464ba22f -> deaadcb9) Message-ID: <162941283298.88113.10251643683612092343@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a change to branch master in repository openssh. from 464ba22f Check compiler for c99 declarations after code. new 10e45654 Fix race in pselect replacement code. new deaadcb9 Prefix pselect functions to clarify debug messages The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit deaadcb93ca15d4f38aa38fb340156077792ce87 Author: Darren Tucker Date: Fri Aug 20 08:39:33 2021 +1000 Prefix pselect functions to clarify debug messages commit 10e45654cff221ca60fd35ee069df67208fcf415 Author: Darren Tucker Date: Fri Aug 20 08:30:42 2021 +1000 Fix race in pselect replacement code. On the second and subsequent calls to pselect the notify_pipe was not added to the select readset, opening up a race that om G. Christensen discovered on multiprocessor Solaris <=9 systems. Also reinitialize notify_pipe if the pid changes. This will prevent a parent and child from using the same FD, although this is not an issue in the current structure it might be in future. Summary of changes: openbsd-compat/bsd-pselect.c | 47 +++++++++++++++++++++++++++++--------------- 1 file changed, 31 insertions(+), 16 deletions(-) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Fri Aug 20 08:40:34 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Fri, 20 Aug 2021 08:40:34 +1000 Subject: [openssh-commits] [openssh] 01/02: Fix race in pselect replacement code. In-Reply-To: <162941283298.88113.10251643683612092343@fuyu.mindrot.org> References: <162941283298.88113.10251643683612092343@fuyu.mindrot.org> Message-ID: This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit 10e45654cff221ca60fd35ee069df67208fcf415 Author: Darren Tucker Date: Fri Aug 20 08:30:42 2021 +1000 Fix race in pselect replacement code. On the second and subsequent calls to pselect the notify_pipe was not added to the select readset, opening up a race that om G. Christensen discovered on multiprocessor Solaris <=9 systems. Also reinitialize notify_pipe if the pid changes. This will prevent a parent and child from using the same FD, although this is not an issue in the current structure it might be in future. --- openbsd-compat/bsd-pselect.c | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/openbsd-compat/bsd-pselect.c b/openbsd-compat/bsd-pselect.c index da34b41d..983427aa 100644 --- a/openbsd-compat/bsd-pselect.c +++ b/openbsd-compat/bsd-pselect.c @@ -73,6 +73,7 @@ notify_setup_fd(int *fd) * we write to this pipe if a SIGCHLD is caught in order to avoid * the race between select() and child_terminated */ +static pid_t notify_pid; static int notify_pipe[2]; static void notify_setup(void) @@ -81,6 +82,15 @@ notify_setup(void) if (initialized) return; + if (notify_pid == 0) + debug3_f("initializing"); + else { + debug3_f("pid changed, reinitializing"); + if (notify_pipe[0] != -1) + close(notify_pipe[0]); + if (notify_pipe[1] != -1) + close(notify_pipe[1]); + } if (pipe(notify_pipe) == -1) { error("pipe(notify_pipe) failed %s", strerror(errno)); } else if (notify_setup_fd(¬ify_pipe[0]) == -1 || @@ -91,6 +101,9 @@ notify_setup(void) } else { set_nonblock(notify_pipe[0]); set_nonblock(notify_pipe[1]); + notify_pid = getpid(); + debug3_f("pid %d saved %d pipe0 %d pipe1 %d", getpid(), + notify_pid, notify_pipe[0], notify_pipe[1]); initialized = 1; return; } @@ -159,15 +172,16 @@ pselect(int nfds, fd_set *readfds, fd_set *writefds, fd_set *exceptfds, if (sig == SIGKILL || sig == SIGSTOP || sigismember(mask, sig)) continue; if (sigaction(sig, NULL, &sa) == 0 && - sa.sa_handler != SIG_IGN && sa.sa_handler != SIG_DFL && - sa.sa_handler != sig_handler) { + sa.sa_handler != SIG_IGN && sa.sa_handler != SIG_DFL) { + unmasked = 1; + if (sa.sa_handler == sig_handler) + continue; sa.sa_handler = sig_handler; if (sigaction(sig, &sa, &osa) == 0) { debug3_f("installing signal handler for %s, " "previous %p", strsignal(sig), osa.sa_handler); saved_sighandler[sig] = osa.sa_handler; - unmasked = 1; } } } @@ -183,7 +197,8 @@ pselect(int nfds, fd_set *readfds, fd_set *writefds, fd_set *exceptfds, saved_errno = errno; sigprocmask(SIG_SETMASK, &osig, NULL); - notify_done(readfds); + if (unmasked) + notify_done(readfds); errno = saved_errno; return ret; } -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Fri Aug 20 08:40:35 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Fri, 20 Aug 2021 08:40:35 +1000 Subject: [openssh-commits] [openssh] 02/02: Prefix pselect functions to clarify debug messages In-Reply-To: <162941283298.88113.10251643683612092343@fuyu.mindrot.org> References: <162941283298.88113.10251643683612092343@fuyu.mindrot.org> Message-ID: This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit deaadcb93ca15d4f38aa38fb340156077792ce87 Author: Darren Tucker Date: Fri Aug 20 08:39:33 2021 +1000 Prefix pselect functions to clarify debug messages --- openbsd-compat/bsd-pselect.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/openbsd-compat/bsd-pselect.c b/openbsd-compat/bsd-pselect.c index 983427aa..1d4140a5 100644 --- a/openbsd-compat/bsd-pselect.c +++ b/openbsd-compat/bsd-pselect.c @@ -58,7 +58,7 @@ static sighandler_t saved_sighandler[_NSIG]; */ #define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4) static int -notify_setup_fd(int *fd) +pselect_notify_setup_fd(int *fd) { int r; @@ -76,7 +76,7 @@ notify_setup_fd(int *fd) static pid_t notify_pid; static int notify_pipe[2]; static void -notify_setup(void) +pselect_notify_setup(void) { static int initialized; @@ -93,8 +93,8 @@ notify_setup(void) } if (pipe(notify_pipe) == -1) { error("pipe(notify_pipe) failed %s", strerror(errno)); - } else if (notify_setup_fd(¬ify_pipe[0]) == -1 || - notify_setup_fd(¬ify_pipe[1]) == -1) { + } else if (pselect_notify_setup_fd(¬ify_pipe[0]) == -1 || + pselect_notify_setup_fd(¬ify_pipe[1]) == -1) { error("fcntl(notify_pipe, ...) failed %s", strerror(errno)); close(notify_pipe[0]); close(notify_pipe[1]); @@ -111,19 +111,19 @@ notify_setup(void) notify_pipe[1] = -1; /* write end */ } static void -notify_parent(void) +pselect_notify_parent(void) { if (notify_pipe[1] != -1) (void)write(notify_pipe[1], "", 1); } static void -notify_prepare(fd_set *readset) +pselect_notify_prepare(fd_set *readset) { if (notify_pipe[0] != -1) FD_SET(notify_pipe[0], readset); } static void -notify_done(fd_set *readset) +pselect_notify_done(fd_set *readset) { char c; @@ -136,11 +136,11 @@ notify_done(fd_set *readset) /*ARGSUSED*/ static void -sig_handler(int sig) +pselect_sig_handler(int sig) { int save_errno = errno; - notify_parent(); + pselect_notify_parent(); if (saved_sighandler[sig] != NULL) (*saved_sighandler[sig])(sig); /* call original handler */ errno = save_errno; @@ -174,9 +174,9 @@ pselect(int nfds, fd_set *readfds, fd_set *writefds, fd_set *exceptfds, if (sigaction(sig, NULL, &sa) == 0 && sa.sa_handler != SIG_IGN && sa.sa_handler != SIG_DFL) { unmasked = 1; - if (sa.sa_handler == sig_handler) + if (sa.sa_handler == pselect_sig_handler) continue; - sa.sa_handler = sig_handler; + sa.sa_handler = pselect_sig_handler; if (sigaction(sig, &sa, &osa) == 0) { debug3_f("installing signal handler for %s, " "previous %p", strsignal(sig), @@ -186,8 +186,8 @@ pselect(int nfds, fd_set *readfds, fd_set *writefds, fd_set *exceptfds, } } if (unmasked) { - notify_setup(); - notify_prepare(readfds); + pselect_notify_setup(); + pselect_notify_prepare(readfds); nfds = MAX(nfds, notify_pipe[0]); } @@ -198,7 +198,7 @@ pselect(int nfds, fd_set *readfds, fd_set *writefds, fd_set *exceptfds, sigprocmask(SIG_SETMASK, &osig, NULL); if (unmasked) - notify_done(readfds); + pselect_notify_done(readfds); errno = saved_errno; return ret; } -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Fri Aug 20 10:49:03 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Fri, 20 Aug 2021 10:49:03 +1000 Subject: [openssh-commits] [openssh] branch master updated (deaadcb9 -> 9a2ed621) Message-ID: <162942054356.82309.13706548731723605773@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a change to branch master in repository openssh. from deaadcb9 Prefix pselect functions to clarify debug messages new 9a2ed621 Also check pid in pselect_notify_setup. The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit 9a2ed62173cc551b2b5f479460bb015b19499de8 Author: Darren Tucker Date: Fri Aug 20 10:48:13 2021 +1000 Also check pid in pselect_notify_setup. Spotted by djm at . Summary of changes: openbsd-compat/bsd-pselect.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Fri Aug 20 10:49:04 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Fri, 20 Aug 2021 10:49:04 +1000 Subject: [openssh-commits] [openssh] 01/01: Also check pid in pselect_notify_setup. In-Reply-To: <162942054356.82309.13706548731723605773@fuyu.mindrot.org> References: <162942054356.82309.13706548731723605773@fuyu.mindrot.org> Message-ID: This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit 9a2ed62173cc551b2b5f479460bb015b19499de8 Author: Darren Tucker Date: Fri Aug 20 10:48:13 2021 +1000 Also check pid in pselect_notify_setup. Spotted by djm at . --- openbsd-compat/bsd-pselect.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openbsd-compat/bsd-pselect.c b/openbsd-compat/bsd-pselect.c index 1d4140a5..fff1bf54 100644 --- a/openbsd-compat/bsd-pselect.c +++ b/openbsd-compat/bsd-pselect.c @@ -80,7 +80,7 @@ pselect_notify_setup(void) { static int initialized; - if (initialized) + if (initialized && notify_pid == getpid()) return; if (notify_pid == 0) debug3_f("initializing"); -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Fri Aug 20 14:00:14 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Fri, 20 Aug 2021 14:00:14 +1000 Subject: [openssh-commits] [openssh] 01/02: upstream: openssh-8.7 In-Reply-To: <162943201309.29622.11983333727596965614@fuyu.mindrot.org> References: <162943201309.29622.11983333727596965614@fuyu.mindrot.org> Message-ID: This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch V_8_7 in repository openssh. commit feee2384ab8d694c770b7750cfa76a512bdf8246 Author: djm at openbsd.org Date: Fri Aug 20 03:22:55 2021 +0000 upstream: openssh-8.7 OpenBSD-Commit-ID: 8769dff0fd76ae3193d77bf83b439adee0f300cd --- version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/version.h b/version.h index b1cdf851..e699e103 100644 --- a/version.h +++ b/version.h @@ -1,6 +1,6 @@ -/* $OpenBSD: version.h,v 1.90 2021/04/16 03:42:00 djm Exp $ */ +/* $OpenBSD: version.h,v 1.91 2021/08/20 03:22:55 djm Exp $ */ -#define SSH_VERSION "OpenSSH_8.6" +#define SSH_VERSION "OpenSSH_8.7" #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Fri Aug 20 14:00:13 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Fri, 20 Aug 2021 14:00:13 +1000 Subject: [openssh-commits] [openssh] branch V_8_7 created (now 5450606c) Message-ID: <162943201309.29622.11983333727596965614@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a change to branch V_8_7 in repository openssh. at 5450606c update version numbers This branch includes the following new commits: new feee2384 upstream: openssh-8.7 new 5450606c update version numbers The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit 5450606c8f7f7a0d70211cea78bc2dab74ab35d1 Author: Damien Miller Date: Fri Aug 20 13:59:43 2021 +1000 update version numbers commit feee2384ab8d694c770b7750cfa76a512bdf8246 Author: djm at openbsd.org Date: Fri Aug 20 03:22:55 2021 +0000 upstream: openssh-8.7 OpenBSD-Commit-ID: 8769dff0fd76ae3193d77bf83b439adee0f300cd -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Fri Aug 20 14:00:15 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Fri, 20 Aug 2021 14:00:15 +1000 Subject: [openssh-commits] [openssh] 02/02: update version numbers In-Reply-To: <162943201309.29622.11983333727596965614@fuyu.mindrot.org> References: <162943201309.29622.11983333727596965614@fuyu.mindrot.org> Message-ID: This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch V_8_7 in repository openssh. commit 5450606c8f7f7a0d70211cea78bc2dab74ab35d1 Author: Damien Miller Date: Fri Aug 20 13:59:43 2021 +1000 update version numbers --- README | 2 +- contrib/redhat/openssh.spec | 2 +- contrib/suse/openssh.spec | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README b/README index 99fe3477..5c7f8647 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -See https://www.openssh.com/releasenotes.html#8.6p1 for the release notes. +See https://www.openssh.com/releasenotes.html#8.7p1 for the release notes. Please read https://www.openssh.com/report.html for bug reporting instructions and note that we do not use Github for bug reporting or diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index 96972ec4..5fb81ce3 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -1,4 +1,4 @@ -%global ver 8.6p1 +%global ver 8.7p1 %global rel 1%{?dist} # OpenSSH privilege separation requires a user & group ID diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index 827eee6c..6cd222e5 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec @@ -13,7 +13,7 @@ Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation Name: openssh -Version: 8.6p1 +Version: 8.7p1 URL: https://www.openssh.com/ Release: 1 Source0: openssh-%{version}.tar.gz -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Fri Aug 20 14:04:10 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Fri, 20 Aug 2021 14:04:10 +1000 Subject: [openssh-commits] [openssh] branch V_8_7 updated (5450606c -> e1a59618) Message-ID: <162943225063.65305.10462207595124283394@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a change to branch V_8_7 in repository openssh. from 5450606c update version numbers new e1a59618 depend The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit e1a596186c81e65a34ce13076449712d3bf97eb4 Author: Damien Miller Date: Fri Aug 20 14:03:49 2021 +1000 depend Summary of changes: .depend | 316 ++++++++++++++++++++++++++++++++-------------------------------- 1 file changed, 158 insertions(+), 158 deletions(-) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Fri Aug 20 14:04:39 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Fri, 20 Aug 2021 14:04:39 +1000 Subject: [openssh-commits] [openssh] branch master updated (9a2ed621 -> e1a59618) Message-ID: <162943227959.75108.15815030988359539424@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a change to branch master in repository openssh. from 9a2ed621 Also check pid in pselect_notify_setup. adds feee2384 upstream: openssh-8.7 adds 5450606c update version numbers adds e1a59618 depend No new revisions were added by this update. Summary of changes: .depend | 316 ++++++++++++++++++++++---------------------- README | 2 +- contrib/redhat/openssh.spec | 2 +- contrib/suse/openssh.spec | 2 +- version.h | 4 +- 5 files changed, 163 insertions(+), 163 deletions(-) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Fri Aug 20 14:47:40 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Fri, 20 Aug 2021 14:47:40 +1000 Subject: [openssh-commits] [openssh] annotated tag V_8_7_P1 created (now bc08f727) Message-ID: <162943486004.93497.1078909193497247190@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a change to annotated tag V_8_7_P1 in repository openssh. at bc08f727 (tag) tagging e1a596186c81e65a34ce13076449712d3bf97eb4 (commit) replaces V_8_6_P1 tagged by Damien Miller on Fri Aug 20 14:06:15 2021 +1000 - Log ----------------------------------------------------------------- openssh-8.7p1 -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEcWi5g4FaXu9ZpK39Kj9BTnNgYLoFAmEfKj0ACgkQKj9BTnNg YLq7kA//ZlpkBR76fdJMTVcbCtA0HU/8xIC0rlA4kcEOG7e6u1bBkCmTnDbQve1y mKukbXHt5fSGZ3TC9R86fgxe0Il/wqEAP0bH2SRmo7x5wCZIcEPUrH1y5t06o/as F03lism7MFYC4DmUS16YROmYlV7AaQaAwEp8QwB6NppLacupj3JJkUtDMUsyBwsL VHZG96UCyoqFTfCcXtSNZ61pvmi8V23JTZJrvm+o+XM4A6OTNDoYU1vEH2mWHjJC N0mcWruagyZHZAoAdTsyuvMX1skcDnh0i9fGMQifdUMiO8U/2oN94kA7C/ERg6+W zh4plikUyFKRzBGTdtWSMynpsr8iUTJSXcW7pLLCYWCQzxzj2CPdYbsvnHqhgAVv 6axOBx1dR5FIUyHddXi3puLWSURuSNVEHkveUG7qOp27X2sbvtDCZXKRHrpTxAum LhSOmApscAfyttS+SMiHXXw29qikhZY0ko/oln2RZGhcQywHX5Uu0Stjk84R+3d8 FwvOrYPa5TjOVyOp9qihZBDZ+BPu8134Ai+cXAKENTVn6bf+N+e+HWmcNrAayKlP ONCnKS3G1NkAnjd1/bT6UbsmanERTCTc4nHYZyPVmv2thM3JTprn1jek5dsU6tTK DzHwCUWs1lPfFg2xt9tJIVAxs8jWJb7c7Y7UZejRU1bwZ9gfpZY= =bKfD -----END PGP SIGNATURE----- Damien Miller (5): Handle Android libc returning NULL pw->pw_passwd wrap get_random_bytes_prngd() in ifdef use openbsd-compat glob.h is required update version numbers depend Darren Tucker (91): Add fbsd13 target. Add obsd51 target. Add nbsd8 test target. Add win10 test target. Remove now-unused 2nd arg to configs. Don't always set SUDO. Test krb5 on Solaris 11 too. Add openindiana test target. Re-add macos-11.0 test target. Add obsd67 test target. Remove dependency on bash. Add obsd68 test target. Add nbsd2 test target. Replace "==" (a bashism) with "=". Add OPENBSD ORIGINAL marker. Comment out nbsd2 test target for now. Add nbsd3, nbsd4 and nbsd9 test targets. Disable compiler hardening on nbsd4. Add fbsd10 test target. Support testing against arbitary libcrytpo vers. Interop test agains PuTTY. Ensure we can still build with C89. Add test against OpenSSL w/out ECC. Add c89 here too. Export CC and CFLAGS for c89 test. Fix custom OpenSSL tests. Always build OpenSSL shared. Use the default VM type for libcrypto ver tests. Test against OpenSSL 1.1.0h instead of 1.1.0g. Add test building upstream OpenBSD source. Add obsdsnap (OpenBSD snapshot) test target. Add status badges for Actions-based tests. Wrap sntrup761x25519 inside ifdef. Add obsd69 test target. Rename README.md to ci-status.md. Add minix3 test target. Include login_cap.h for login_getpwclass override. Put minix3 config in the host-specific block. Add dfly60 target. Check for $OPENSSL in md5 fallback too. Retire fbsd7 test target. Add pselect implementation for platforms without. space->tabs. Clear notify_pipe from readset if present. Add obsdsnap-i386 upstream test target. Save logs on failure for upstream test Handle GIDs > 2^31 in getgrouplist. Split EGD/PRNGD interface into its own file. Try EGD/PRNGD if random device fails. Put second -lssh in link line for sftp-server. Move closefrom() to before first malloc. Add rocky84 test target. Fix ifdefs around get_random_bytes_prngd. Remove now-unused SSHv1 enums. Disable rocky84 to figure out why agent test fails Sync remaining ChallengeResponse removal. Replace remaining references to ChallengeResponse. Remove some whitespace not in upstream. Remove duplicate error on error path. Remove old OpenBSD version marker. Move signal.h up include order to match upstream. Remove reference to ChallengeResponse. Update comments about EGD to include prngd. Add configure-time detection for SSH_TIME_T_MAX. Add ARM64 Linux self-hosted runner. Make whitespace consistent. Add sshfp-connect.sh file missed in previous. Test OpenBSD upstream with and without OpenSSL. Pass OPENSSL=no to make tests too. Set SUDO for tests and cleanup. Move SUDO to "make test" command line. lastenv is only used in setenv. Check for RLIMIT_NOFILE before trying to use it. Avoid lines >80 chars. From jmc@ Missing space between macro arg and punctuation. Include poll.h and friends for struct pollfd. Move portable specific settings down. Add includes.h to compat tests. Skip scp3 test on dragonfly 58 and 60. Test OpenSSH from OpenBSD head on 6.8 and 6.9. Skip scp3 tests on all dfly58 and 60 configs. Add hurd test target. Skip agent ptrace test on hurd. Remove deprecated ubuntu-16.04 test targets. Improve github test driver script. Put stdint.h inside HAVE_STDINT_H. Remove trailing backslash on regress-unit-binaries Check compiler for c99 declarations after code. Fix race in pselect replacement code. Prefix pselect functions to clarify debug messages Also check pid in pselect_notify_setup. John Ericson (2): Support finding Kerberos via pkg-config Re-indent krb5 section after pkg-config addition. Tim Rice (1): openbsd-compat/openbsd-compat.h: put bsd-signal.h before bsd-misc.h Vincent Brillault (1): auth_log: dont log partial successes as failures anton at openbsd.org (1): upstream: Treat doas with arguments as a valid SUDO variable. djm at openbsd.org (82): upstream: a little debugging in the main mux process for status upstream: more debugging for UpdateHostKeys signature failures upstream: correct mistake in spec - the private key blobs are encoded upstream: dump out a usable private key string too; inspired by Tyson upstream: don't sigdie() in signal handler in privsep child process; upstream: include pid in LogVerbose spam upstream: Fix ssh started with ControlPersist incorrectly executing a upstream: fix previous: test saved no_shell_flag, not the one that just upstream: fix breakage of -W forwaring introduced in 1.554; reported by upstream: restore blocking status on stdio fds before close upstream: fix SEGV in UpdateHostkeys debug() message, triggered upstream: Hash challenge supplied by client during FIDO key enrollment upstream: unit test for misc.c:strdelim() that mostly servces to upstream: also check contents of remaining string upstream: fix memleak in test upstream: correct extension name "no-presence-required" => upstream: allow ssh_config SetEnv to override $TERM, which is otherwise upstream: adjust SetEnv description to clarify $TERM handling upstream: rework authorized_keys example section, removing irrelevant upstream: The RB_GENERATE_STATIC(3) macro expands to a series of upstream: the limits at openssh.com extension was incorrectly marked upstream: degrade gracefully if a sftp-server offers the upstream: Client-side workaround for a bug in OpenSSH 7.4: this release upstream: Match host certificates against host public keys, not private upstream: fix debug message when finding a private key to match a upstream: Allow argv_split() to optionally terminate tokenisation upstream: Switch ssh_config parsing to use argv_split() upstream: switch sshd_config parsing to argv_split() upstream: prepare for stricter sshd_config parsing that will refuse upstream: test AuthenticationMethods inside a Match block as well upstream: more descriptive failure message upstream: sprinkle some "# comment" at end of configuration lines upstream: test argv_split() optional termination on comments upstream: fix regression in r1.356: for ssh_config options that upstream: test that UserKnownHostsFile correctly accepts multiple upstream: fix decoding of X.509 subject name; from Leif Thuresson upstream: allow spaces to appear in usernames for local to remote, upstream: silence redundant error message; reported by Fabian Stelzer upstream: fix some broken tests; clean up output upstream: add a SessionType directive to ssh_config, allowing the upstream: Explicitly check for and start time-based rekeying in the upstream: fix sftp on ControlPersist connections, broken by recent upstream: wrap some long lines upstream: Let allowed signers files used by ssh-keygen(1) upstream: make authorized_keys environment="..." directives upstream: Add a StdinNull directive to ssh_config(5) that allows upstream: Add a ForkAfterAuthentication ssh_config(5) counterpart upstream: note successful authentication method in final "Authenticated upstream: regression test for time-limited signature keys upstream: mention in comment that read_passphrase(..., RP_ALLOW_STDIN) upstream: don't leak environment= variable when it is not the first upstream: test for first-match-wins in authorized_keys environment= upstream: support for using the SFTP protocol for file transfers in upstream: regression tests for scp SFTP protocol support; mostly by upstream: regression test for scp -3 upstream: prepare for scp -3 implemented via sftp upstream: factor our SSH2_FXP_OPEN calls into their own function; upstream: support for "cross"-loading files/directories, i.e. upstream: use sftp_client crossloading to implement scp -3 upstream: factor out a structure duplicated between downloading upstream: make scp(1) in SFTP mode output better match original upstream: a bit more debugging of file attributes being upstream: fix incorrect directory permissions on scp -3 upstream: make scp(1) in SFTP mode follow symlinks like upstream: do_upload() used a near-identical structure for upstream: sftp-client.c needs poll.h upstream: on fatal errors, make scp wait for ssh connection before upstream: show only the final path component in the progress meter; upstream: rever r1.223 - I accidentally committed unrelated changes upstream: on fatal errors, make scp wait for ssh connection before upstream: when scp is in SFTP mode, try to deal better with ~ upstream: SFTP protocol extension to allow the server to expand upstream: make scp in SFTP mode try to use relative paths as much upstream: make scp -3 the default for remote-to-remote copies. It upstream: Prepare for a future where scp(1) uses the SFTP protocol by upstream: adapt to scp -M flag change; make scp3.sh test SFTP mode too upstream: remove a bunch of %p in format strings; leftovers of upstream: oops, missed one more %p upstream: when verifying sshsig signatures, support an option upstream: test -Oprint-pubkey upstream: mention that CASignatureAlgorithms accepts +/- similarly to upstream: openssh-8.7 dtucker at openbsd.org (49): upstream: Remove now-unused skey function prototypes leftover from upstream: Don't pass NULL as a string in debugging as it does not work upstream: Increase ConnectionAttempts from 4 to 10 as the tests upstream: Clarify language about moduli. While both ends of the upstream: Regenerate moduli. upstream: Find openssl binary via environment variable. This upstream: Use a default value for $OPENSSL, upstream: Merge back shell portability changes upstream: Switch the listening select loop from select() to upstream: Check if IPQoS or TunnelDevice are already set before upstream: Add testcases from bz#3319 for IPQoS and TunnelDevice upstream: Continue accept loop when pselect upstream: Add regress test for SIGHUP restart upstream: Set umask when creating hostkeys to prevent excessive upstream: Use $SUDO when reading sshd's pidfile in case it was upstream: Use $SUDO when reading sshd's pidfile here too. upstream: Replace SIGCHLD/notify_pipe kludge with pselect. upstream: Use better language to refer to the user. From l1ving upstream: Remove references to ChallengeResponseAuthentication in upstream: Remove obsolete comments about SSHv1 auth methods. ok upstream: Remove comment referencing now-removed upstream: Order includes as per style(9). Portable already has upstream: Fix a couple of whitespace things. Portable already has upstream: Use existing format_absolute_time() function when upstream: Make limit for time_t test unconditional in the upstream: Add test for ssh-keygen printing of SSHFP records. upstream: Group keygen tests together. upstream: Add ed25519 key and test SSHFP export of it. Only test upstream: Add test for host key verification via SSHFP records. This upstream: Id sync only, -portable already has this. upstream: Ensure that all returned SSHFP records for the specified host upstream: Increase time margin for rekey tests. Should help upstream: Use SUDO when setting up hostkey. upstream: Add test for exporting pubkey from a passphrase-protected upstream: Test conversion of ed25519 and ecdsa keys too. upstream: Simplify keygen-convert by using $SSH_KEYTYPES directly. upstream: Exclude key conversion options from usage when built upstream: Don't omit ssh-keygen -y from usage when built without upstream: Skip RFC4716 format import and export tests when built upstream: Replace OPENSSL as the variable that points to the upstream: Skip unit and makefile-based key conversion tests when upstream: Allow for different (but POSIX compliant) behaviour of upstream: Document "ProxyJump none". bz#3334. upstream: Make diff invocation more portable. upstream: Fix prototype mismatch for do_cmd. ok djm@ upstream: Drop -q in ssh-log-wrapper.sh to preserve logs. upstream: Move setting of USER further down the startup In portable upstream: Although it's POSIX, not all shells used in Portable support upstream: xstrdup environment variable used by ForwardAgent. bz#3328 jmc at openbsd.org (7): upstream: reorder SessionType; ok djm upstream: punctuation; upstream: standardise the grammar in the options list; issue upstream: word fix; reported by debian at helgefjell de upstream: no need to talk about version 2 with the -Q option, so upstream: fix a formatting error and mark up known_hosts upstream: fix a formatting error and add some Xr; from debian at naddy at openbsd.org (4): upstream: ssh: The client configuration keyword is upstream: PROTOCOL.certkeys: update reference from IETF draft to upstream: scp: do not spawn ssh with two -s flags for upstream: scp: tweak man page and error message for -3 by default schwarze at openbsd.org (1): upstream: In the editline(3) branch of the sftp(1) event loop, ----------------------------------------------------------------------- No new revisions were added by this update. -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Fri Aug 20 15:40:02 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Fri, 20 Aug 2021 15:40:02 +1000 Subject: [openssh-commits] [openssh] branch master updated (e1a59618 -> d83ec9ed) Message-ID: <162943800272.29309.2327198575369525829@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a change to branch master in repository openssh. from e1a59618 depend new d83ec9ed Remove obsolete Redhat PAM config and init script. The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit d83ec9ed995a76ed1d5c65cf10b447222ec86131 Author: Darren Tucker Date: Fri Aug 20 15:39:05 2021 +1000 Remove obsolete Redhat PAM config and init script. Summary of changes: contrib/redhat/sshd.init.old | 155 ------------------------------------------- contrib/redhat/sshd.pam.old | 8 --- 2 files changed, 163 deletions(-) delete mode 100755 contrib/redhat/sshd.init.old delete mode 100644 contrib/redhat/sshd.pam.old -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Fri Aug 20 15:40:03 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Fri, 20 Aug 2021 15:40:03 +1000 Subject: [openssh-commits] [openssh] 01/01: Remove obsolete Redhat PAM config and init script. In-Reply-To: <162943800272.29309.2327198575369525829@fuyu.mindrot.org> References: <162943800272.29309.2327198575369525829@fuyu.mindrot.org> Message-ID: This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit d83ec9ed995a76ed1d5c65cf10b447222ec86131 Author: Darren Tucker Date: Fri Aug 20 15:39:05 2021 +1000 Remove obsolete Redhat PAM config and init script. --- contrib/redhat/sshd.init.old | 155 ------------------------------------------- contrib/redhat/sshd.pam.old | 8 --- 2 files changed, 163 deletions(-) diff --git a/contrib/redhat/sshd.init.old b/contrib/redhat/sshd.init.old deleted file mode 100755 index 8a30f7da..00000000 --- a/contrib/redhat/sshd.init.old +++ /dev/null @@ -1,155 +0,0 @@ -#!/bin/bash -# -# Init file for OpenSSH server daemon -# -# chkconfig: 2345 55 25 -# description: OpenSSH server daemon -# -# processname: sshd -# config: /etc/ssh/ssh_host_key -# config: /etc/ssh/ssh_host_key.pub -# config: /etc/ssh/ssh_random_seed -# config: /etc/ssh/sshd_config -# pidfile: /var/run/sshd.pid - -# source function library -. /etc/rc.d/init.d/functions - -# pull in sysconfig settings -[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd - -RETVAL=0 -prog="sshd" - -# Some functions to make the below more readable -KEYGEN=/usr/bin/ssh-keygen -SSHD=/usr/sbin/sshd -RSA_KEY=/etc/ssh/ssh_host_rsa_key -DSA_KEY=/etc/ssh/ssh_host_dsa_key -PID_FILE=/var/run/sshd.pid - -my_success() { - local msg - if [ $# -gt 1 ]; then - msg="$2" - else - msg="done" - fi - case "`type -type success`" in - function) - success "$1" - ;; - *) - echo -n "${msg}" - ;; - esac -} -my_failure() { - local msg - if [ $# -gt 1 ]; then - msg="$2" - else - msg="FAILED" - fi - case "`type -type failure`" in - function) - failure "$1" - ;; - *) - echo -n "${msg}" - ;; - esac -} -do_rsa_keygen() { - if [ ! -s $RSA_KEY ]; then - echo -n "Generating SSH2 RSA host key: " - if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then - chmod 600 $RSA_KEY - chmod 644 $RSA_KEY.pub - my_success "RSA key generation" - echo - else - my_failure "RSA key generation" - echo - exit 1 - fi - fi -} -do_dsa_keygen() { - if [ ! -s $DSA_KEY ]; then - echo -n "Generating SSH2 DSA host key: " - if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then - chmod 600 $DSA_KEY - chmod 644 $DSA_KEY.pub - my_success "DSA key generation" - echo - else - my_failure "DSA key generation" - echo - exit 1 - fi - fi -} -do_restart_sanity_check() { - $SSHD -t - RETVAL=$? - if [ ! "$RETVAL" = 0 ]; then - my_failure "Configuration file or keys" - echo - fi -} - - -case "$1" in - start) - # Create keys if necessary - do_rsa_keygen; - do_dsa_keygen; - - echo -n "Starting sshd: " - if [ ! -f $PID_FILE ] ; then - sshd $OPTIONS - RETVAL=$? - if [ "$RETVAL" = "0" ] ; then - my_success "sshd startup" "sshd" - touch /var/lock/subsys/sshd - else - my_failure "sshd startup" "" - fi - fi - echo - ;; - stop) - echo -n "Shutting down sshd: " - if [ -f $PID_FILE ] ; then - killproc sshd - RETVAL=$? - [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sshd - fi - echo - ;; - restart) - do_restart_sanity_check - $0 stop - $0 start - RETVAL=$? - ;; - condrestart) - if [ -f /var/lock/subsys/sshd ] ; then - do_restart_sanity_check - $0 stop - $0 start - RETVAL=$? - fi - ;; - status) - status sshd - RETVAL=$? - ;; - *) - echo "Usage: sshd {start|stop|restart|status|condrestart}" - exit 1 - ;; -esac - -exit $RETVAL diff --git a/contrib/redhat/sshd.pam.old b/contrib/redhat/sshd.pam.old deleted file mode 100644 index 26dcb34d..00000000 --- a/contrib/redhat/sshd.pam.old +++ /dev/null @@ -1,8 +0,0 @@ -#%PAM-1.0 -auth required /lib/security/pam_pwdb.so shadow nodelay -auth required /lib/security/pam_nologin.so -account required /lib/security/pam_pwdb.so -password required /lib/security/pam_cracklib.so -password required /lib/security/pam_pwdb.so shadow nullok use_authtok -session required /lib/security/pam_pwdb.so -session required /lib/security/pam_limits.so -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Fri Aug 20 18:16:54 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Fri, 20 Aug 2021 18:16:54 +1000 Subject: [openssh-commits] [openssh] branch master updated (d83ec9ed -> 95401eea) Message-ID: <162944741419.6643.8405996259593559650@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a change to branch master in repository openssh. from d83ec9ed Remove obsolete Redhat PAM config and init script. new 95401eea Replace shell function with ssh-keygen -A. The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit 95401eea8503943449f712e5f3de52fc0bc612c5 Author: Darren Tucker Date: Fri Aug 20 18:14:13 2021 +1000 Replace shell function with ssh-keygen -A. Prevents the init script in the SysV package from trying (and failing) to generate unsupported key types. Remove now-unused COMMENT_OUT_ECC. ok tim@ Summary of changes: configure.ac | 5 ----- opensshd.init.in | 22 +--------------------- 2 files changed, 1 insertion(+), 26 deletions(-) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Fri Aug 20 18:16:55 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Fri, 20 Aug 2021 18:16:55 +1000 Subject: [openssh-commits] [openssh] 01/01: Replace shell function with ssh-keygen -A. In-Reply-To: <162944741419.6643.8405996259593559650@fuyu.mindrot.org> References: <162944741419.6643.8405996259593559650@fuyu.mindrot.org> Message-ID: This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit 95401eea8503943449f712e5f3de52fc0bc612c5 Author: Darren Tucker Date: Fri Aug 20 18:14:13 2021 +1000 Replace shell function with ssh-keygen -A. Prevents the init script in the SysV package from trying (and failing) to generate unsupported key types. Remove now-unused COMMENT_OUT_ECC. ok tim@ --- configure.ac | 5 ----- opensshd.init.in | 22 +--------------------- 2 files changed, 1 insertion(+), 26 deletions(-) diff --git a/configure.ac b/configure.ac index 01e7d2a4..cbf27db2 100644 --- a/configure.ac +++ b/configure.ac @@ -3100,7 +3100,6 @@ if test "x$openssl" = "xyes" ; then AC_MSG_RESULT([no]) ) - COMMENT_OUT_ECC="#no ecc#" TEST_SSH_ECC=no if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ @@ -3115,7 +3114,6 @@ if test "x$openssl" = "xyes" ; then AC_DEFINE([OPENSSL_HAS_NISTP256], [1], [libcrypto has NID_X9_62_prime256v1]) TEST_SSH_ECC=yes - COMMENT_OUT_ECC="" else unsupported_algorithms="$unsupported_algorithms \ ecdsa-sha2-nistp256 \ @@ -3125,7 +3123,6 @@ if test "x$openssl" = "xyes" ; then if test x$enable_nistp384 = x1; then AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) TEST_SSH_ECC=yes - COMMENT_OUT_ECC="" else unsupported_algorithms="$unsupported_algorithms \ ecdsa-sha2-nistp384 \ @@ -3135,7 +3132,6 @@ if test "x$openssl" = "xyes" ; then if test x$enable_nistp521 = x1; then AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) TEST_SSH_ECC=yes - COMMENT_OUT_ECC="" else unsupported_algorithms="$unsupported_algorithms \ ecdh-sha2-nistp521 \ @@ -3144,7 +3140,6 @@ if test "x$openssl" = "xyes" ; then fi AC_SUBST([TEST_SSH_ECC]) - AC_SUBST([COMMENT_OUT_ECC]) else AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) AC_CHECK_FUNCS([crypt]) diff --git a/opensshd.init.in b/opensshd.init.in index 99e5a51a..25172480 100755 --- a/opensshd.init.in +++ b/opensshd.init.in @@ -17,26 +17,6 @@ PIDFILE=$piddir/sshd.pid PidFile=`grep "^PidFile" ${sysconfdir}/sshd_config | tr "=" " " | awk '{print $2}'` [ X$PidFile = X ] || PIDFILE=$PidFile SSH_KEYGEN=$prefix/bin/ssh-keygen -HOST_KEY_DSA=$sysconfdir/ssh_host_dsa_key -HOST_KEY_RSA=$sysconfdir/ssh_host_rsa_key - at COMMENT_OUT_ECC@HOST_KEY_ECDSA=$sysconfdir/ssh_host_ecdsa_key -HOST_KEY_ED25519=$sysconfdir/ssh_host_ed25519_key - - -checkkeys() { - if [ ! -f $HOST_KEY_DSA ]; then - ${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N "" - fi - if [ ! -f $HOST_KEY_RSA ]; then - ${SSH_KEYGEN} -t rsa -f ${HOST_KEY_RSA} -N "" - fi - at COMMENT_OUT_ECC@ if [ ! -f $HOST_KEY_ECDSA ]; then - at COMMENT_OUT_ECC@ ${SSH_KEYGEN} -t ecdsa -f ${HOST_KEY_ECDSA} -N "" - at COMMENT_OUT_ECC@ fi - if [ ! -f $HOST_KEY_ED25519 ]; then - ${SSH_KEYGEN} -t ed25519 -f ${HOST_KEY_ED25519} -N "" - fi -} stop_service() { if [ -r $PIDFILE -a ! -z ${PIDFILE} ]; then @@ -54,7 +34,7 @@ start_service() { # XXX we will opt out at this time. - Bal # Check to see if we have keys that need to be made - checkkeys + ${SSH_KEYGEN} -A # Start SSHD echo "starting $SSHD... \c" ; $SSHD -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Mon Aug 30 09:58:20 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Mon, 30 Aug 2021 09:58:20 +1000 Subject: [openssh-commits] [openssh] branch master updated (95401eea -> 23447502) Message-ID: <163028150032.55222.7964330377784107613@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a change to branch master in repository openssh. from 95401eea Replace shell function with ssh-keygen -A. new 56c4455d upstream: wrap at 80 columns new 23447502 upstream: After years of forewarning, disable the RSA/SHA-1 The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit 2344750250247111a6c3c6a4fe84ed583a61cc11 Author: djm at openbsd.org Date: Sun Aug 29 23:53:10 2021 +0000 upstream: After years of forewarning, disable the RSA/SHA-1 signature algorithm by default. It is feasible to create colliding SHA1 hashes, so we need to deprecate its use. RSA/SHA-256/512 remains available and will be transparently selected instead of RSA/SHA1 for most SSH servers released in the last five+ years. There is no need to regenerate RSA keys. The use of RSA/SHA1 can be re-enabled by adding "ssh-rsa" to the PubkeyAcceptedAlgorithms directives on the client and server. ok dtucker deraadt OpenBSD-Commit-ID: 189bcc4789c7254e09e23734bdd5def8354ff1d5 commit 56c4455d3b54b7d481c77c82115c830b9c8ce328 Author: djm at openbsd.org Date: Sun Aug 29 23:44:07 2021 +0000 upstream: wrap at 80 columns OpenBSD-Commit-ID: 47ca2286d6b52a9747f34da16d742879e1a37bf0 Summary of changes: clientloop.c | 5 +++-- myproposal.h | 6 ++---- 2 files changed, 5 insertions(+), 6 deletions(-) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Mon Aug 30 09:58:21 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Mon, 30 Aug 2021 09:58:21 +1000 Subject: [openssh-commits] [openssh] 01/02: upstream: wrap at 80 columns In-Reply-To: <163028150032.55222.7964330377784107613@fuyu.mindrot.org> References: <163028150032.55222.7964330377784107613@fuyu.mindrot.org> Message-ID: This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit 56c4455d3b54b7d481c77c82115c830b9c8ce328 Author: djm at openbsd.org Date: Sun Aug 29 23:44:07 2021 +0000 upstream: wrap at 80 columns OpenBSD-Commit-ID: 47ca2286d6b52a9747f34da16d742879e1a37bf0 --- clientloop.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/clientloop.c b/clientloop.c index bfcd50c2..da14d150 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.369 2021/07/23 04:04:52 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.370 2021/08/29 23:44:07 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1405,7 +1405,8 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, * exit status to be returned. In that case, clear error code if the * connection was deliberately terminated at this end. */ - if (options.session_type == SESSION_TYPE_NONE && received_signal == SIGTERM) { + if (options.session_type == SESSION_TYPE_NONE && + received_signal == SIGTERM) { received_signal = 0; exit_status = 0; } -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Mon Aug 30 09:58:22 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Mon, 30 Aug 2021 09:58:22 +1000 Subject: [openssh-commits] [openssh] 02/02: upstream: After years of forewarning, disable the RSA/SHA-1 In-Reply-To: <163028150032.55222.7964330377784107613@fuyu.mindrot.org> References: <163028150032.55222.7964330377784107613@fuyu.mindrot.org> Message-ID: This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit 2344750250247111a6c3c6a4fe84ed583a61cc11 Author: djm at openbsd.org Date: Sun Aug 29 23:53:10 2021 +0000 upstream: After years of forewarning, disable the RSA/SHA-1 signature algorithm by default. It is feasible to create colliding SHA1 hashes, so we need to deprecate its use. RSA/SHA-256/512 remains available and will be transparently selected instead of RSA/SHA1 for most SSH servers released in the last five+ years. There is no need to regenerate RSA keys. The use of RSA/SHA1 can be re-enabled by adding "ssh-rsa" to the PubkeyAcceptedAlgorithms directives on the client and server. ok dtucker deraadt OpenBSD-Commit-ID: 189bcc4789c7254e09e23734bdd5def8354ff1d5 --- myproposal.h | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/myproposal.h b/myproposal.h index f03b7dfd..6d79937b 100644 --- a/myproposal.h +++ b/myproposal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: myproposal.h,v 1.68 2020/10/03 04:15:06 djm Exp $ */ +/* $OpenBSD: myproposal.h,v 1.69 2021/08/29 23:53:10 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -46,7 +46,6 @@ "sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com," \ "rsa-sha2-512-cert-v01 at openssh.com," \ "rsa-sha2-256-cert-v01 at openssh.com," \ - "ssh-rsa-cert-v01 at openssh.com," \ "ssh-ed25519," \ "ecdsa-sha2-nistp256," \ "ecdsa-sha2-nistp384," \ @@ -54,8 +53,7 @@ "sk-ssh-ed25519 at openssh.com," \ "sk-ecdsa-sha2-nistp256 at openssh.com," \ "rsa-sha2-512," \ - "rsa-sha2-256," \ - "ssh-rsa" + "rsa-sha2-256" #define KEX_SERVER_ENCRYPT \ "chacha20-poly1305 at openssh.com," \ -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Mon Aug 30 11:26:07 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Mon, 30 Aug 2021 11:26:07 +1000 Subject: [openssh-commits] [openssh] branch master updated (23447502 -> 7db3e0a9) Message-ID: <163028676745.19820.813028304266545137@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. djm pushed a change to branch master in repository openssh. from 23447502 upstream: After years of forewarning, disable the RSA/SHA-1 new 7db3e0a9 upstream: adapt to RSA/SHA1 deprectation The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit 7db3e0a9e8477c018757b59ee955f7372c0b55fb Author: djm at openbsd.org Date: Mon Aug 30 01:15:45 2021 +0000 upstream: adapt to RSA/SHA1 deprectation OpenBSD-Regress-ID: 952397c39a22722880e4de9d1c50bb1a14f907bb Summary of changes: regress/knownhosts-command.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Mon Aug 30 11:26:08 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Mon, 30 Aug 2021 11:26:08 +1000 Subject: [openssh-commits] [openssh] 01/01: upstream: adapt to RSA/SHA1 deprectation In-Reply-To: <163028676745.19820.813028304266545137@fuyu.mindrot.org> References: <163028676745.19820.813028304266545137@fuyu.mindrot.org> Message-ID: This is an automated email from the git hooks/post-receive script. djm pushed a commit to branch master in repository openssh. commit 7db3e0a9e8477c018757b59ee955f7372c0b55fb Author: djm at openbsd.org Date: Mon Aug 30 01:15:45 2021 +0000 upstream: adapt to RSA/SHA1 deprectation OpenBSD-Regress-ID: 952397c39a22722880e4de9d1c50bb1a14f907bb --- regress/knownhosts-command.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/regress/knownhosts-command.sh b/regress/knownhosts-command.sh index f15df670..8472ec81 100644 --- a/regress/knownhosts-command.sh +++ b/regress/knownhosts-command.sh @@ -1,4 +1,4 @@ -# $OpenBSD: knownhosts-command.sh,v 1.2 2020/12/22 06:47:24 djm Exp $ +# $OpenBSD: knownhosts-command.sh,v 1.3 2021/08/30 01:15:45 djm Exp $ # Placed in the Public Domain. tid="known hosts command " @@ -39,7 +39,9 @@ chmod a+x $OBJ/knownhosts_command ${SSH} -F $OBJ/ssh_proxy x true && fail "ssh connect succeeded with bad exit" for keytype in ${SSH_HOSTKEY_TYPES} ; do + algs=$keytype test "x$keytype" = "xssh-dss" && continue + test "x$keytype" = "xssh-rsa" && algs=ssh-rsa,rsa-sha2-256,rsa-sha2-512 verbose "keytype $keytype" cat > $OBJ/knownhosts_command << _EOF #!/bin/sh @@ -48,6 +50,6 @@ test "x\$1" = "x$keytype" || die "wrong keytype \$1 (expected $keytype)" test "x\$3" = "x$LOGNAME" || die "wrong username \$3 (expected $LOGNAME)" grep -- "\$1.*\$2" $OBJ/known_hosts _EOF - ${SSH} -F $OBJ/ssh_proxy -oHostKeyAlgorithms=$keytype x true || + ${SSH} -F $OBJ/ssh_proxy -oHostKeyAlgorithms=$algs x true || fail "ssh connect failed for keytype $x" done -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Aug 31 12:12:27 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 31 Aug 2021 12:12:27 +1000 Subject: [openssh-commits] [openssh] branch master updated (7db3e0a9 -> e47b82a7) Message-ID: <163037594709.21245.6638100591006591429@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a change to branch master in repository openssh. from 7db3e0a9 upstream: adapt to RSA/SHA1 deprectation new e47b82a7 upstream: Specify hostkeyalgorithms in SSHFP test. The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit e47b82a7bf51021afac218bf59a3be121827653d Author: dtucker at openbsd.org Date: Tue Aug 31 01:25:27 2021 +0000 upstream: Specify hostkeyalgorithms in SSHFP test. Specify host key algorithms in sshd's default set for the SSHFP test, from djm at . Make the reason for when the test is skipped a bit clearer. OpenBSD-Regress-ID: 4f923dfc761480d5411de17ea6f0b30de3e32cea Summary of changes: regress/sshfp-connect.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Aug 31 12:12:28 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 31 Aug 2021 12:12:28 +1000 Subject: [openssh-commits] [openssh] 01/01: upstream: Specify hostkeyalgorithms in SSHFP test. In-Reply-To: <163037594709.21245.6638100591006591429@fuyu.mindrot.org> References: <163037594709.21245.6638100591006591429@fuyu.mindrot.org> Message-ID: This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit e47b82a7bf51021afac218bf59a3be121827653d Author: dtucker at openbsd.org Date: Tue Aug 31 01:25:27 2021 +0000 upstream: Specify hostkeyalgorithms in SSHFP test. Specify host key algorithms in sshd's default set for the SSHFP test, from djm at . Make the reason for when the test is skipped a bit clearer. OpenBSD-Regress-ID: 4f923dfc761480d5411de17ea6f0b30de3e32cea --- regress/sshfp-connect.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/regress/sshfp-connect.sh b/regress/sshfp-connect.sh index 06e91cdb..a6b6fab5 100644 --- a/regress/sshfp-connect.sh +++ b/regress/sshfp-connect.sh @@ -1,4 +1,4 @@ -# $OpenBSD: sshfp-connect.sh,v 1.2 2021/07/19 08:48:33 dtucker Exp $ +# $OpenBSD: sshfp-connect.sh,v 1.3 2021/08/31 01:25:27 dtucker Exp $ # Placed in the Public Domain. # This test requires external setup and thus is skipped unless @@ -24,9 +24,11 @@ tid="sshfp connect" -if [ ! -z "${TEST_SSH_SSHFP_DOMAIN}" ] && \ - $SSH -Q key-plain | grep ssh-rsa >/dev/null; then - +if ! $SSH -Q key-plain | grep ssh-rsa >/dev/null; then + echo SKIPPED: RSA keys not supported. +elif [ -z "${TEST_SSH_SSHFP_DOMAIN}" ]; then + echo SKIPPED: TEST_SSH_SSHFP_DOMAIN not set. +else # Set RSA host key to match fingerprints above. mv $OBJ/sshd_proxy $OBJ/sshd_proxy.orig $SUDO cp $SRC/rsa_openssh.prv $OBJ/host.ssh-rsa @@ -45,7 +47,7 @@ if [ ! -z "${TEST_SSH_SSHFP_DOMAIN}" ] && \ trace "sshfp connect $n good fingerprint" host="${n}.dtucker.net" opts="-F $OBJ/ssh_proxy -o VerifyHostKeyDNS=yes " - opts="$opts -o HostKeyAlgorithms=ssh-rsa" + opts="$opts -o HostKeyAlgorithms=rsa-sha2-512,rsa-sha2-256" host="${n}.${TEST_SSH_SSHFP_DOMAIN}" SSH_CONNECTION=`${SSH} $opts $host 'echo $SSH_CONNECTION'` if [ $? -ne 0 ]; then @@ -61,6 +63,4 @@ if [ ! -z "${TEST_SSH_SSHFP_DOMAIN}" ] && \ fail "sshfp-connect succeeded with bad SSHFP record" fi done -else - echo SKIPPED: TEST_SSH_SSHFP_DOMAIN not set. fi -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Aug 31 17:10:17 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 31 Aug 2021 17:10:17 +1000 Subject: [openssh-commits] [openssh] branch master updated (e47b82a7 -> d22b2991) Message-ID: <163039381726.12681.6527897795511031421@fuyu.mindrot.org> This is an automated email from the git hooks/post-receive script. dtucker pushed a change to branch master in repository openssh. from e47b82a7 upstream: Specify hostkeyalgorithms in SSHFP test. new 87ad70d6 Resync PuTTY interop tests. new d22b2991 upstream: Better compat tests with old PuTTY. The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit d22b299115e27606e846b23490746f69fdd4fb38 Author: dtucker at openbsd.org Date: Tue Aug 31 06:13:23 2021 +0000 upstream: Better compat tests with old PuTTY. When running PuTTY interop tests and using a PuTTY version older than 0.76, re-enable the ssh-rsa host key algorithm (the 256 and 512 variants of RSA were added some time between 0.73 and 0.76). OpenBSD-Regress-ID: e6138d6987aa705fa1e4f216db0bb386e1ff38e1 commit 87ad70d605c3e39c9b8aa275db27120d7cc09b77 Author: Darren Tucker Date: Tue Aug 31 17:04:50 2021 +1000 Resync PuTTY interop tests. Resync behaviour when REGRESS_INTEROP_PUTTY is not set with OpenBSD. Summary of changes: regress/putty-ciphers.sh | 11 ++++++++--- regress/putty-kex.sh | 11 ++++++++--- regress/putty-transfer.sh | 11 ++++++++--- 3 files changed, 24 insertions(+), 9 deletions(-) -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Aug 31 17:10:18 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 31 Aug 2021 17:10:18 +1000 Subject: [openssh-commits] [openssh] 01/02: Resync PuTTY interop tests. In-Reply-To: <163039381726.12681.6527897795511031421@fuyu.mindrot.org> References: <163039381726.12681.6527897795511031421@fuyu.mindrot.org> Message-ID: This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit 87ad70d605c3e39c9b8aa275db27120d7cc09b77 Author: Darren Tucker Date: Tue Aug 31 17:04:50 2021 +1000 Resync PuTTY interop tests. Resync behaviour when REGRESS_INTEROP_PUTTY is not set with OpenBSD. --- regress/putty-ciphers.sh | 3 +-- regress/putty-kex.sh | 3 +-- regress/putty-transfer.sh | 3 +-- 3 files changed, 3 insertions(+), 6 deletions(-) diff --git a/regress/putty-ciphers.sh b/regress/putty-ciphers.sh index 708c288d..ace88271 100644 --- a/regress/putty-ciphers.sh +++ b/regress/putty-ciphers.sh @@ -4,8 +4,7 @@ tid="putty ciphers" if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then - echo "putty interop tests not enabled" - exit 0 + fatal "putty interop tests not enabled" fi for c in aes 3des aes128-ctr aes192-ctr aes256-ctr chacha20 ; do diff --git a/regress/putty-kex.sh b/regress/putty-kex.sh index 686d0e1a..c9214f67 100644 --- a/regress/putty-kex.sh +++ b/regress/putty-kex.sh @@ -4,8 +4,7 @@ tid="putty KEX" if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then - echo "putty interop tests not enabled" - exit 0 + fatal "putty interop tests not enabled" fi for k in dh-gex-sha1 dh-group1-sha1 dh-group14-sha1 ecdh ; do diff --git a/regress/putty-transfer.sh b/regress/putty-transfer.sh index 14b41022..e36e8284 100644 --- a/regress/putty-transfer.sh +++ b/regress/putty-transfer.sh @@ -4,8 +4,7 @@ tid="putty transfer data" if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then - echo "putty interop tests not enabled" - exit 0 + fatal "putty interop tests not enabled" fi if [ "`${SSH} -Q compression`" = "none" ]; then -- To stop receiving notification emails like this one, please contact djm at mindrot.org. From git+noreply at mindrot.org Tue Aug 31 17:10:19 2021 From: git+noreply at mindrot.org (git+noreply at mindrot.org) Date: Tue, 31 Aug 2021 17:10:19 +1000 Subject: [openssh-commits] [openssh] 02/02: upstream: Better compat tests with old PuTTY. In-Reply-To: <163039381726.12681.6527897795511031421@fuyu.mindrot.org> References: <163039381726.12681.6527897795511031421@fuyu.mindrot.org> Message-ID: This is an automated email from the git hooks/post-receive script. dtucker pushed a commit to branch master in repository openssh. commit d22b299115e27606e846b23490746f69fdd4fb38 Author: dtucker at openbsd.org Date: Tue Aug 31 06:13:23 2021 +0000 upstream: Better compat tests with old PuTTY. When running PuTTY interop tests and using a PuTTY version older than 0.76, re-enable the ssh-rsa host key algorithm (the 256 and 512 variants of RSA were added some time between 0.73 and 0.76). OpenBSD-Regress-ID: e6138d6987aa705fa1e4f216db0bb386e1ff38e1 --- regress/putty-ciphers.sh | 8 +++++++- regress/putty-kex.sh | 8 +++++++- regress/putty-transfer.sh | 8 +++++++- 3 files changed, 21 insertions(+), 3 deletions(-) diff --git a/regress/putty-ciphers.sh b/regress/putty-ciphers.sh index ace88271..71755c07 100644 --- a/regress/putty-ciphers.sh +++ b/regress/putty-ciphers.sh @@ -1,4 +1,4 @@ -# $OpenBSD: putty-ciphers.sh,v 1.7 2020/01/23 03:35:07 dtucker Exp $ +# $OpenBSD: putty-ciphers.sh,v 1.8 2021/08/31 06:13:23 dtucker Exp $ # Placed in the Public Domain. tid="putty ciphers" @@ -7,6 +7,12 @@ if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then fatal "putty interop tests not enabled" fi +# Re-enable ssh-rsa on older PuTTY versions. +oldver="`${PLINK} --version | awk '/plink: Release/{if ($3<0.76)print "yes"}'`" +if [ "x$oldver" = "xyes" ]; then + echo "HostKeyalgorithms +ssh-rsa" >> sshd_config +fi + for c in aes 3des aes128-ctr aes192-ctr aes256-ctr chacha20 ; do verbose "$tid: cipher $c" cp ${OBJ}/.putty/sessions/localhost_proxy \ diff --git a/regress/putty-kex.sh b/regress/putty-kex.sh index c9214f67..ba32cf0b 100644 --- a/regress/putty-kex.sh +++ b/regress/putty-kex.sh @@ -1,4 +1,4 @@ -# $OpenBSD: putty-kex.sh,v 1.5 2020/01/23 03:24:38 dtucker Exp $ +# $OpenBSD: putty-kex.sh,v 1.6 2021/08/31 06:13:23 dtucker Exp $ # Placed in the Public Domain. tid="putty KEX" @@ -7,6 +7,12 @@ if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then fatal "putty interop tests not enabled" fi +# Re-enable ssh-rsa on older PuTTY versions. +oldver="`${PLINK} --version | awk '/plink: Release/{if ($3<0.76)print "yes"}'`" +if [ "x$oldver" = "xyes" ]; then + echo "HostKeyalgorithms +ssh-rsa" >> sshd_config +fi + for k in dh-gex-sha1 dh-group1-sha1 dh-group14-sha1 ecdh ; do verbose "$tid: kex $k" cp ${OBJ}/.putty/sessions/localhost_proxy \ diff --git a/regress/putty-transfer.sh b/regress/putty-transfer.sh index e36e8284..d3e75cb5 100644 --- a/regress/putty-transfer.sh +++ b/regress/putty-transfer.sh @@ -1,4 +1,4 @@ -# $OpenBSD: putty-transfer.sh,v 1.7 2020/01/23 11:19:12 dtucker Exp $ +# $OpenBSD: putty-transfer.sh,v 1.8 2021/08/31 06:13:23 dtucker Exp $ # Placed in the Public Domain. tid="putty transfer data" @@ -7,6 +7,12 @@ if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then fatal "putty interop tests not enabled" fi +# Re-enable ssh-rsa on older PuTTY versions. +oldver="`${PLINK} --version | awk '/plink: Release/{if ($3<0.76)print "yes"}'`" +if [ "x$oldver" = "xyes" ]; then + echo "HostKeyalgorithms +ssh-rsa" >> sshd_config +fi + if [ "`${SSH} -Q compression`" = "none" ]; then comp="0" else -- To stop receiving notification emails like this one, please contact djm at mindrot.org.