| Age | Commit message (Collapse) | Author |
|---|
|
|
|
so create a bigger buffer. Reported by Robert Morris.
|
|
older BSD st_*timespec names.
ok millert@
|
|
-----
Don't printf time_t with %d; fixes PR 44128 from yamt. With this change it
successfully prints mtimes after 2038.
-----
ok millert@
|
|
multiplex socket exists but the connection times out, ssh will fall back
to a direct connection the same way it would if the socket did not exist
at all. ok djm@
|
|
out config option match. From Ed Maste
|
|
ok djm@
|
|
|
|
|
|
modules; based on GHPR406 by Jakub Jelen; ok markus
|
|
accept the %D (routing domain) and a new %C (connection address/port
4-tuple) as expansion sequences; ok markus
|
|
16 to 24; { feedback ok } x { deraadt markus }
|
|
This is uninteresting and rather meaningless except for the implementer.
No need to have several hundred lines of code backing half a dozen symbols
in the public API for this.
ok jsing
|
|
cases (inc. ControlPersist). bz3589 bz3589
Based on patches by Peter Chubb; ok dtucker@
|
|
|
|
|
|
This is the only consumer of ERR_get_string_table(), which will go away.
ok jsing
|
|
|
|
Make ssh-pkcs11-client start an independent helper for each provider,
providing better isolation between modules and reliability if a single
module misbehaves.
This also implements reference counting of PKCS#11-hosted keys,
allowing ssh-pkcs11-helper subprocesses to be automatically reaped
when no remaining keys reference them. This fixes some bugs we have
that make PKCS11 keys unusable after they have been deleted, e.g.
https://bugzilla.mindrot.org/show_bug.cgi?id=3125
ok markus@
|
|
This checks via nlist(3) that candidate provider libraries contain one
of the symbols that we will require prior to dlopen(), which can cause
a number of side effects, including execution of constructors.
Feedback deraadt; ok markus
|
|
ssh-agent by default.
The old behaviour of allowing remote clients from loading providers
can be restored using `ssh-agent -O allow-remote-pkcs11`.
Detection of local/remote clients requires a ssh(1) that supports
the `session-bind@openssh.com` extension. Forwarding access to a
ssh-agent socket using non-OpenSSH tools may circumvent this control.
ok markus@
|
|
isn't a PKCS#11 provider; from / ok markus@
|
|
If ask() can't open /dev/tty for reading, it assumes the default answer
and carries on. Add missing unveil, so that ask() waits for an answer.
This isn't a full fix since it won't allow giving paths outside the tree
rooted at the current directory, but that's expected by the recent change.
Questions are only asked outside of force or batch mode.
fix suggested by op and semarie
ok deraadt florian
|
|
windows, appears to fix hang reported by Mark Kelly.
|
|
|
|
- sync the arg name to -J in usage() with that in ssh.1
- reformat usage() to match what "man ssh" does on 80width
|
|
|
|
|
|
no code change
|
|
it caused merge conflict in -portable for each commit :(
|
|
magic number and not SSH_ERR_MESSAGE_INCOMPLETE; the former is
needed to fall back to text revocation lists in some cases;
fixes t-cert-hostkey.
|
|
This adds a ssh_config(5) "Tag" directive and corresponding
"Match tag" predicate that may be used to select blocks of
configuration similar to the pf.conf(5) keywords of the same
name.
ok markus
|
|
This allows matching on the addresses of available network interfaces
and may be used to vary the effective client configuration based on
network location (e.g. to use a ProxyJump when not on a particular
network).
ok markus@
|
|
When the KRL format was originally defined, it included support for
signing of KRL objects. However, the code to sign KRLs and verify KRL
signatues was never completed in OpenSSH.
Now, some years later, we have SSHSIG support in ssh-keygen that is
more general, well tested and actually works. So this removes the
semi-finished KRL signing/verification support from OpenSSH and
refactors the remaining code to realise the benefit - primarily, we
no longer need to perform multiple parsing passes over KRL objects.
ok markus@
|
|
This defines wire formats for optional KRL extensions and implements
parsing of the new submessages. No actual extensions are supported at
this point.
ok markus
|
|
revert the previous that the mbstat is located on the stack.
ok claudio
|
|
Arguably the only sensible use of patch(1) is changing files in the
current working directory and subdirectories.
However, patch(1) has this anti-feature, or dare I say bug, where it
will happily follow "../" upwards and outside of the current working
directory to find files to change. All it takes is a line like
+++ ../../../../home/florian/.ssh/authorized_keys
in the patchfile.
patch(1) operates on untrusted input and it already pledge(2)'ed to
not execute arbitrary programs, but of course it needs to write
files.
A simple unveil(".", "rwc") restricts patch(1) to its current working
directory.
We also need to allow /tmp and potentially the output file and reject
file if given on the command line. But those paths are safe.
input op, deraadt
OK millert, sthen
|
|
|
|
|
|
reported by Yair Mizrahi @ JFrog; feedback/ok millert@
|
|
confusing, and fix writing tge default colour. GitHub issue 3627.
|
|
OK op, sthen
|
|
OK tb, sthen
|
|
sthen hit a binary patch containing a 'line' of length > 32kB. This made
the short used for storing the line length wrap and resulted in a buffer
underflow and segfault. This uses a larger type, which doesn't actually
fix the problem, but makes it much less likely to be hit.
ok florian otto sthen
|
|
|
|
|
|
blocked around daemon(), and doing so causes trouble with newer libevent
(it cannot restore the original handler). Reported by Azat Khuzhin in
GitHub issue 3626.
|
|
|
|
|
|
GitHub issue 3588.
|
