| Age | Commit message (Collapse) | Author |
|---|
|
The change in proc.c can be further simplified once imsg_free() takes
care of unclaimed file descriptors.
OK nicm@
|
|
OK nicm@
|
|
The -set_issuer, -set_subject, and -force_pubkey features can be used to
'rechain' PKIs, for more information see https://labs.apnic.net/nro-ta/
and https://blog.apnic.net/2023/12/14/models-of-trust-for-the-rpki/
OK tb@
|
|
|
|
ok markus@
|
|
|
|
all open channels and will close all open channels if there is no
traffic on any of them for the specified interval. This is in addition
to the existing per-channel timeouts added a few releases ago.
This supports use-cases like having a session + x11 forwarding channel
open where one may be idle for an extended period but the other is
actively used. The global timeout would allow closing both channels when
both have been idle for too long.
ok dtucker@
|
|
from markus@ ok me
|
|
Port forward close by control master is already implemented
by `mux_master_process_close_fwd` in `mux.c`
GHPR442 from bigb4ng
|
|
GHPR441 from TJ Saunders
|
|
messages not strictly required in KEX
|
|
|
|
|
|
Flicken von Lennart Jablonka <humm bei ljabl Punkt com>
|
|
|
|
This undocumented, incomplete public function has never done anything
useful. It will be removed from libssl. Removing it from openssl(1)
clears the way for this.
ok jsing
|
|
ok jsing
|
|
|
|
that modifier keys with flags work correctly, GitHub issue 3764.
|
|
mdoc, so escaped versions have to be used instead. From Alexis
Hildebrandt in GitHub issue 3762.
|
|
|
|
|
|
rsync compares e.g. the first mtime against 0, if the mtime is the epoch
then rsync will skip this field and openrsync will choke when receiving it.
So if there is no first element but a FLIST_XYZ_SAME flag is use 0 as
value.
Problem noticed by job@
OK tb@ job@ and yoda@ for fixing the if statements
|
|
r1.69 introduced -C in 2008 "to continue multiple transfers";
'ftp -C ftp://ftp.eu.openbsd.org/' lands in "ftp> " and turns "mget"
into "reget" by default.
r1.139 -C/resume without "proc exec" thusly was too strict.
Instead, now after recent cleanups/tweaks, prevent execution with -o.
OK millert
|
|
|
|
Previously, these fields would be skipped. From Hiltjo Posthuma.
|
|
ok krw@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Record failed attempts to session-bind a connection and refuse signing
operations on that connection henceforth.
Prevents a future situation where we add a new hostkey type that is not
recognised by an older ssh-agent, that consequently causes session-bind
to fail (this situation is only likely to arise when people mix ssh(1)
and ssh-agent(1) of different versions on the same host). Previously,
after such a failure the agent socket would be considered unbound and
not subject to restriction.
Spotted by Jann Horn
|
|
This makes ssh(1) refuse user or host names provided on the
commandline that contain most shell metacharacters.
Some programs that invoke ssh(1) using untrusted data do not filter
metacharacters in arguments they supply. This could create
interactions with user-specified ProxyCommand and other directives
that allow shell injection attacks to occur.
It's a mistake to invoke ssh(1) with arbitrary untrusted arguments,
but getting this stuff right can be tricky, so this should prevent
most obvious ways of creating risky situations. It however is not
and cannot be perfect: ssh(1) has no practical way of interpreting
what shell quoting rules are in use and how they interact with the
user's specified ProxyCommand.
To allow configurations that use strange user or hostnames to
continue to work, this strictness is applied only to names coming
from the commandline. Names specified using User or Hostname
directives in ssh_config(5) are not affected.
feedback/ok millert@ markus@ dtucker@ deraadt@
|
|
This makes ssh/sshd more strict in handling non-compliant peers that
send more data than the advertised channel window allows. Previously
the additional data would be silently discarded. This change will
cause ssh/sshd to terminate the connection if the channel window is
exceeded by more than a small grace allowance.
ok markus@
|
|
Adds a protocol extension to allow grafting certificates supplied by
ssh-add to keys loaded from PKCS#11 tokens in the agent.
feedback/ok markus@
|
|
Previously applied only to the first key returned from each token.
ok markus@
|
|
This adds another transport protocol extension to allow a sshd to send
SSH2_MSG_EXT_INFO during user authentication, after the server has
learned the username that is being logged in to.
This lets sshd to update the acceptable signature algoritms for public
key authentication, and allows these to be varied via sshd_config(5)
"Match" directives, which are evaluated after the server learns the
username being authenticated.
Full details in the PROTOCOL file
|
|
This adds a protocol extension to improve the integrity of the SSH
transport protocol, particular in and around the initial key exchange
(KEX) phase.
Full details of the extension are in the PROTOCOL file.
with markus@
|
|
(not used yet, because the pinsyscall changes are still being worked on)
ok kettenis
|
|
After r1.140 and r1.144 fixed -o '' and clenaed up option handling,
respectively, avoid the "ftp> " shell if any output file was specified.
OK millert
|
|
algorithms to request, ensure that the hostname passed to the command
is decorated with the port number for ports other than 22.
This matches the behaviour of KnownHostsCommand when invoked to look
up the actual host key.
bz3643, ok dtucker@
|
|
ftp(1) says -o is about a single file/URL, but option handling takes the
empty string as "reset previous -o value", which makes little sense, is
undocumented and counter-intuitively works as if no -o was specified.
OK millert
|
|
it is a dangerous alternative entry point for all system calls, and thus
incompatible with the precision system call entry point scheme we are
heading towards. This has been a 3-year mission:
First perl needed a code-generated wrapper to fake syscall(2) as a giant
switch table, then all the ports were cleaned with relatively minor fixes,
except for "go". "go" required two fixes -- 1) a framework issue with
old library versions, and 2) like perl, a fake syscall(2) wrapper to
handle ioctl(2) and sysctl(2) because "syscall(SYS_ioctl" occurs all over
the place in the "go" ecosystem because the "go developers" are plan9-loving
unix-hating folk who tried to build an ecosystem without allowing "ioctl".
ok kettenis, jsing, afresh1, sthen
|
|
|
|
ok kn@
|
|
|
|
log anything. From Kobe Housen
|
|
Regardless of SMALL and other command flags, 'ftp -o - URL [file|URL ...]'
only processes the first URL and exists.
Only standard output is written to and modifying 'struct stat' properties
as per pledge(2) "fattr" don't apply.
OK millert
|
