CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2024/06/20 02:23:18 Modified files: regress/usr.bin/ssh: dropbear-ciphers.sh Log message: Work around dbclient cipher and mac query bug. Unlike earlier versions, recent Dropbear (at least v2024.85) requires a host arg when querying supported ciphers and macs via "-c/-m help". Earlier versions accept but do not require it, so always provide it. If these queries fail, skip the test with a warning.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2024/06/20 02:18:34 Modified files: regress/usr.bin/ssh: test-exec.sh Log message: Remove dropbear key types not supported by current OpenSSH. Allows subsequent test runs to work if OpenSSH is rebuilt w/out OpenSSL.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2024/06/19 04:15:51 Modified files: regress/usr.bin/ssh: dropbear-ciphers.sh Log message: Provide defaults for ciphers and macs if querying for them fails since on some versions of Dropbear (at least v2024.85) "-m help" doesn't seem to work. Enable all supported pubkey algorithms in the server.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2024/06/19 04:10:46 Modified files: regress/usr.bin/ssh: dropbear-kex.sh Log message: Use ed25519 keys for kex tests since that's supported by OpenSSH even when built without OpenSSL. Only test diffie-hellman kex if OpenSSH is compiled with support for it.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2024/06/19 04:08:34 Modified files: regress/usr.bin/ssh: test-exec.sh Log message: Rework dropbear key setup to always generate ed25519 keys, other types only if OpenSSH has support for the corresponding key type.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2024/06/18 02:11:48 Modified files: regress/usr.bin/ssh: test-exec.sh Log message: Re-enable ssh-dss tests if ssh is compiled with DSA support
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2024/03/29 04:40:07 Modified files: regress/usr.bin/ssh: sftp-cmds.sh Log message: Use egrep instead of grep -E. Some plaforms don't have the latter so this makes things easier in -portable.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2024/03/26 02:09:16 Modified files: regress/usr.bin/ssh: sftp-cmds.sh Log message: test -h is the POSIXly way of testing for a symlink. Reduces diff vs Portable.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2024/03/25 19:23:11 Modified files: etc: moduli usr.bin/ssh/moduli-gen: moduli.2048 moduli.3072 moduli.4096 moduli.6144 moduli.7680 moduli.8192 Log message: Import regenerated moduli.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2024/03/25 00:05:42 Modified files: regress/usr.bin/ssh: sftp-cmds.sh Log message: Verify string returned from local shell command.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2024/03/24 21:30:31 Modified files: regress/usr.bin/ssh: sftp-cmds.sh Log message: Improve shell portability: grep -q is not portable so redirect stdout, and use printf instead of relying on echo to do \n substitution. Reduces diff vs Portable.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2024/03/24 20:07:08 Modified files: regress/usr.bin/ssh: key-options.sh Log message: Save error code from SSH for use inside case statement, from portable. In some shells, "case" will reset the value of $?, so save it first.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2024/03/24 19:40:47 Modified files: regress/usr.bin/ssh: cfgmatchlisten.sh Log message: Increase timeout. Resyncs with portable where some of the test VMs are slow enough for this to matter.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2024/03/24 19:28:29 Modified files: regress/usr.bin/ssh: test-exec.sh Log message: In PuTTY interop test, don't assume the PuTTY major version is 0. Patch from cjwatson at debian.org via bz#3671.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2024/03/08 04:34:10 Modified files: regress/usr.bin/ssh: test-exec.sh dynamic-forward.sh Log message: Invoke ProxyCommand that uses stderr redirection via $TEST_SHELL. Fixes test when run by a user whose login shell is tcsh. Found by vinschen at redhat.com.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2024/02/19 02:25:52 Modified files: regress/usr.bin/ssh: test-exec.sh Log message: Always define puttysetup function.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2024/02/09 01:56:59 Modified files: regress/usr.bin/ssh: putty-ciphers.sh putty-kex.sh Log message: Expand the set of ciphers, MACs and KEX methods in the PuTTY interop tests.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2024/02/09 01:47:42 Modified files: regress/usr.bin/ssh: putty-ciphers.sh putty-kex.sh putty-transfer.sh test-exec.sh Log message: Factor out PuTTY setup and call when needed. This allows us to avoid PuTTY key setup when it's not needed, which speeds up the overall test run by a couple of percent.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2024/01/04 02:51:49 Modified files: etc: moduli usr.bin/ssh/moduli-gen: moduli.2048 moduli.3072 moduli.4096 moduli.6144 moduli.7680 moduli.8192 Log message: Import regenerated moduli.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/11/23 17:31:30 Modified files: usr.bin/ssh: clientloop.c Log message: Plug mem leak of msg when processing a quit message. Coverity CID#427852, ok djm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/11/22 20:37:05 Modified files: usr.bin/ssh: mux.c Log message: Include existing mux path in debug message.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/10/29 00:22:07 Modified files: regress/usr.bin/ssh: test-exec.sh Log message: Only try to chown logfiles that exist to prevent spurious errors.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/10/26 06:44:07 Modified files: regress/usr.bin/ssh: conch-ciphers.sh Log message: Skip conch interop tests when not enabled instead of fatal.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/10/24 23:38:09 Modified files: etc: moduli usr.bin/ssh/moduli-gen: moduli.2048 moduli.3072 moduli.4096 moduli.6144 moduli.7680 moduli.8192 Log message: Import regenerated moduli.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/10/20 01:37:07 Modified files: regress/usr.bin/ssh: test-exec.sh Log message: Allow overriding the locations of the Dropbear binaries similar to what we do for the PuTTY ones.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/10/20 00:56:45 Modified files: regress/usr.bin/ssh: Makefile test-exec.sh Added files: regress/usr.bin/ssh: dropbear-ciphers.sh dropbear-kex.sh Log message: Add interop test with Dropbear. Right now this is only dbclient not the Dropbear server since it won't currently run as a ProxyCommand.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/10/16 02:40:01 Modified files: usr.bin/ssh: sshkey.c Log message: Move declaration of "len" into the block where it's used. This lets us compile Portable with -Werror with when OpenSSL doesn't have Ed25519 support.
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: dtuc...@cvs.openbsd.org 2023/10/10 16:14:54 Modified files: . : 74.html Log message: Remove errant .
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: dtuc...@cvs.openbsd.org 2023/10/10 16:11:09 Modified files: . : 74.html Log message: Add OpenSSH 9.4. Remove mux timeout bugfix from list since it was added then deleted between OpenBSD releases and wasn't in any OpenBSD release.
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: dtuc...@cvs.openbsd.org 2023/10/10 15:40:23 Modified files: . : 74.html Log message: Add OpenSSH 9.5 changes.
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: dtuc...@cvs.openbsd.org 2023/09/06 05:47:38 Modified files: openssh: specs.html Log message: List 512 bit version of cert protocol instead of listing 256 bit twice. Reported by Milos.KLOUCEK at nku.cz.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/08/04 00:32:40 Modified files: usr.bin/ssh: misc.c mux.c Log message: Apply ConnectTimeout to multiplexing local socket connections. If the multiplex socket exists but the connection times out, ssh will fall back to a direct connection the same way it would if the socket did not exist at all. ok djm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/08/01 02:15:04 Modified files: usr.bin/ssh: sshconnect2.c Log message: remove unnecessary if statement. github PR#422 from eyalasulin999, ok djm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/07/14 01:44:21 Modified files: usr.bin/ssh: misc.c auth-options.c Log message: Include stdint.h for SIZE_MAX. Fixes OPENSSL=no build.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/07/06 16:17:59 Modified files: usr.bin/ssh: ssh-add.c Log message: minleft and maxsign are u_int so cast appropriately. Prompted by github PR#410, ok deraadt.
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: dtuc...@cvs.openbsd.org 2023/07/03 03:17:48 Modified files: build/openssh : releases.pl openssh: releasenotes.html Log message: Mark up links to ssh-keyscan and ssh-keysign too. Mark up complete "GHPR#" links instead of partial ones.
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: dtuc...@cvs.openbsd.org 2023/05/16 02:01:18 Modified files: openssh: security.html Log message: The ssh-add smartcard bug is fixed in 9.3 and not 9.2.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/05/10 04:04:20 Modified files: usr.bin/ssh: monitor.c Log message: Remove now-unused prototypes for ssh1 RSA functions. From lengyijun via github PR#396.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/05/01 02:57:30 Modified files: etc: moduli usr.bin/ssh/moduli-gen: moduli.2048 moduli.3072 moduli.4096 moduli.6144 moduli.7680 moduli.8192 Log message: Import regenerated moduli.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/04/03 02:10:54 Modified files: usr.bin/ssh: clientloop.c Log message: Move null check up and simplify process_escapes. Based on Coverity CID 291863 which points out we check the channel pointer for NULLness after dereferencing it. Move this to the start of the function, and while there simplify initialization of efc a bit. ok djm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/30 23:56:36 Modified files: usr.bin/ssh: scp.c Log message: Explicitly ignore return from waitpid here too.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/30 22:45:08 Modified files: usr.bin/ssh: scp.c sftp.c ssh-agent.c Log message: Explictly ignore return codes where we don't check them. From Dmitry Belyavskiy via github PR#238, ok djm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/30 22:42:29 Modified files: usr.bin/ssh: canohost.c Log message: Return immediately from get_sock_port if sock <0 so we don't call getsockname on a negative FD. From Coverity CID 291840, ok djm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/30 18:44:29 Modified files: usr.bin/ssh: monitor_wrap.c Log message: Check fd against >=0 instead of >0 in error path. The dup could in theory return fd 0 although currently it doesn't in practice. >From Dmitry Belyavskiy vi github PR#238.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/30 01:19:50 Modified files: usr.bin/ssh: ssh.c Log message: Ignore return value from muxclient(). It normally loops without returning, but it if returns on failure we immediately exit. Coverity CID 405050.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/29 18:49:37 Modified files: usr.bin/ssh: monitor_wrap.c Log message: Remove dead code from inside if block. The only way the if statement can be true is if both dup()s fail, and in that case the tmp2 can never be set. Coverity CID 291805, ok djm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/28 19:07:48 Modified files: usr.bin/ssh: kexgexs.c Log message: Explicitly ignore return value from sshpkt_disconnect since we set our own return value for the function. Coverity CID 291797, ok djm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/28 18:59:08 Modified files: usr.bin/ssh: sftp.c Log message: Plug another potential mem leak in process_put. It allocates abs_dst inside a loop but only frees it on exit, so free inside the loop if necessary. Coverity CID 291837, ok djm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/28 01:44:32 Modified files: usr.bin/ssh: sftp-client.c sftp.c Log message: Plug more mem leaks in sftp by making make_absolute_pwd_glob work in the same way as make_absolute: you pass it a dynamically allocated string and it either returns it, or frees it and allocates a new one. Patch from emaste at freebsd.org and https://reviews.freebsd.org/D37253 ok djm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/28 00:12:38 Modified files: usr.bin/ssh: sk-usbhid.c Log message: Remove compatibility code for OpenSSL versions prior to 1.1.* since -portable no longer supports them.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/27 17:56:54 Modified files: regress/usr.bin/ssh/misc/sk-dummy: sk-dummy.c Log message: Remove compatibility code for OpenSSL 1.0.* versions now that -portable has dropped support for those versions.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/26 21:56:50 Modified files: regress/usr.bin/ssh: percent.sh Log message: Add RevokedHostKeys to percent expansion test.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/26 21:56:11 Modified files: usr.bin/ssh: ssh.c ssh_config.5 Log message: Add tilde and environment variable expansion to RevokedHostKeys. bz#3552, ok djm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/14 01:28:47 Modified files: usr.bin/ssh: krl.c Log message: Free KRL itself in addition to its contents. From Coverity CID 291841, ok djm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/14 01:26:25 Modified files: usr.bin/ssh: authfile.c Log message: Check pointer for NULL before attempting to deref. None of the existing callers seem to do that, but it's worth checking. From Coverity CID 291834, ok djm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/12 04:40:39 Modified files: usr.bin/ssh: kex.c Log message: Put upper bound on number of entries in SSH2_MSG_EXT_INFO request. This is already constrained by the maximum SSH packet size but this makes it explicit. Prompted by Coverity CID 291868, ok djm@ markus@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/12 03:41:18 Modified files: usr.bin/ssh: sftp.c Log message: calloc can return NULL but xcalloc cannot. From Coverity CID 291881, ok djm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/10 00:17:08 Modified files: usr.bin/ssh: sshconnect.c Log message: Explicitly ignore return from fcntl(... FD_CLOEXEC) here too. Coverity CID 291853.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/09 21:06:21 Modified files: usr.bin/ssh: dns.c Log message: Plug mem leak on error path. Coverity CID 405026, ok djm@.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/09 20:01:51 Modified files: usr.bin/ssh: channels.c Log message: Expliticly ignore return code from fcntl(.. FD_CLOEXEC) since there's not much we can do anyway. From Coverity CID 291857, ok djm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/09 19:24:56 Modified files: usr.bin/ssh: readconf.c Log message: Remove no-op (int) > INT_MAX checks since they can never be true. >From Coverity CID 405031, ok djm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/09 00:11:05 Modified files: usr.bin/ssh: sshconnect2.c Log message: Re-split the merge of the reorder-hostkeys test. In the kex_proposal_populate_entries change I merged the the check for reordering hostkeys with the actual reordering, but kex_assemble_names mutates options.hostkeyalgorithms which renders the check ineffective. Put the check back where it was. Spotted and tested by jsg@, ok djm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/07 23:21:32 Modified files: usr.bin/ssh: sftp.c Log message: Plug mem leak. Coverity CID 405196, ok djm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/06 23:09:14 Modified files: usr.bin/ssh: session.c Log message: Fix mem leak in environment setup. From jjelen at redhat.com via bz#2687, ok djm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/06 05:15:47 Modified files: regress/usr.bin/ssh/unittests/kex: test_proposal.c tests.c Log message: Unit test for kex_proposal_populate_entries.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/06 05:14:48 Modified files: usr.bin/ssh: compat.c compat.h kex.c kex.h sshconnect2.c sshd.c Log message: Refactor creation of KEX proposal. This adds kex_proposal_populate_entries (and corresponding free) which populates the KEX proposal array with dynamically allocated strings. This replaces the previous mix of static and dynamic that has been the source of previous leaks and bugs. Remove unused compat functions. With & ok djm@.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/05 02:24:35 Modified files: usr.bin/ssh: ssh-keygen.c Log message: Fix mem and FILE leaks in moduli screening. If multiple -Ocheckpoint= options are passed, the earlier ones would be overwritten and leaked. If we use an input file that wasn't stdin, close that. From Coverity CIDs 291884 and 291894.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/05 01:18:58 Modified files: usr.bin/ssh: ssh-keygen.c Log message: Plug mem leak in moduli checkpoint option parsing. >From Coverity CID 291894.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/04 22:34:09 Modified files: usr.bin/ssh: auth.c auth2-hostbased.c auth2-none.c auth2-pubkeyfile.c auth2.c authfd.c dispatch.c kexgexs.c readconf.c servconf.c serverloop.c session.c ssh-agent.c ssh-dss.c ssh-rsa.c sshconnect.c Log message: Remove unused compat.h includes. We've previously removed a lot of the really old compatibility code, and with it went the need to include compat.h in most of the files that have it.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/03 20:22:59 Modified files: usr.bin/ssh: channels.c channels.h Log message: Use time_t instead of u_int for remaining x11 timeout checks for 64bit time_t safety. From Coverity CIDs 405197 and 405028, ok djm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/03 03:23:42 Modified files: usr.bin/ssh: packet.c Log message: Ensure ms_remain is always initialized, similar to what we do in ssh_packet_write_wait. bz#2687, from jjelen at redhat.com.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/03 02:48:51 Modified files: usr.bin/ssh: clientloop.c Log message: Check for non-NULL before string comparison. From jjelen at redhat.com via bz#2687.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/02 20:12:24 Modified files: usr.bin/ssh: scp.c sshd.c Log message: Check return values of dup2. Spotted by Coverity, ok djm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/02 19:37:58 Modified files: usr.bin/ssh: clientloop.c misc.c misc.h Log message: Use time_t for x11_refuse_time timeout. We need SSH_TIME_T_MAX for this, so move from misc.c to misc.h so it's available. Fixes a Coverity warning for 64bit time_t safety, ok djm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/02 19:34:29 Modified files: usr.bin/ssh: sshconnect2.c Log message: Check return value from fctnl and warn on failure. Spotted by Coverity, ok djm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/02 04:10:27 Modified files: regress/usr.bin/ssh: test-exec.sh Log message: Remove SUDO in proxy command wrapper. Anything that needs sudo is already run by it, and it breaks if root isn't in sudoers.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/02 01:24:41 Modified files: regress/usr.bin/ssh: test-exec.sh Log message: Fix breakage on dhgex test. This was due to the sshd logs being written to the wrong log file. While there, make save_debug_logs less verbose, write the name of the tarball to regress.log and use $SUDO to remove the old symlinks (which shouldn't be needed, but won't hurt). Initial problem spotted by anton@.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/02 01:14:52 Modified files: regress/usr.bin/ssh: dhgex.sh Log message: Quote grep and log message better.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/01 23:41:56 Modified files: usr.bin/ssh: moduli.c Log message: Ensure we always call fclose when writing checkpoints. In the case of an fprintf failure we would not call fclose which would leak the FILE pointer. While we're there, try to clean up the temp file on failure. Spotted by Coverity, ok djm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/01 14:54:50 Modified files: regress/usr.bin/ssh: test-exec.sh Log message: Remove old log symlinks before creating new ones. In -portable some platforms don't like overwriting existing symlinks.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/01 02:29:32 Modified files: regress/usr.bin/ssh: Makefile agent-restrict.sh agent.sh integrity.sh multiplex.sh test-exec.sh Added files: regress/usr.bin/ssh: timestamp.c Removed files: regress/usr.bin/ssh: sshd-log-wrapper.sh Log message: Rework logging for the regression tests. Previously we would log to ssh.log and sshd.log, but that is insufficient for tests that have more than one concurent ssh/sshd. Instead, we'll log to separate datestamped files in a $OBJ/log/ and leave a symlink at the previous location pointing at the most recent instance with an entry in regress.log showing which files were created at each point. This should be sufficient to reconstruct what happened even for tests that use multiple instances of each program. If the test fails, tar up all of the logs for later analysis. This will let us also capture the output from some of the other tools which was previously sent to /dev/null although most of those will be in future commits.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/02/28 14:31:50 Modified files: usr.bin/ssh: kex.c Log message: fatal out if allocating banner string fails to avoid potential null deref later in sscanf. Spotted by Coverity, ok deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/02/28 01:45:24 Modified files: usr.bin/ssh: ssh-keygen.c Log message: Explicitly ignore return from fchmod similar to other calls to prevent warning.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/02/27 15:12:40 Modified files: usr.bin/ssh: sftp.c Log message: Plug mem leak on globbed ls error path. Spotted by Coverity, ok deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/02/20 23:48:18 Modified files: usr.bin/ssh: hostfile.c Log message: fseek to end of known_hosts before writing to it. POSIX and ANSI C require that applications call fseek or similar between read and writing to a RW file. OpenBSD doesn't enforce this, but some (System V derived) platforms need this to prevent it from writing a spurious extra byte (in this case, a newline). ok djm@ deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/02/16 21:22:51 Modified files: usr.bin/ssh: auth2-hostbased.c auth2-pubkey.c compat.c compat.h kex.c monitor.c sshconnect2.c Log message: Remove now-unused compat bit SSH_BUG_RSASIGMD5. The code to set this was removed in OpenSSH 7.7 when support for SSH implementations dating back to before RFC standardization were removed. "burn it all" djm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/02/16 20:06:18 Modified files: usr.bin/ssh: compat.c compat.h Log message: Remove now-unused compat bit SSH_BUG_BIGENDIANAES. This was previously set for OpenSSH 2.3 (released in 2000) but this check was removed in OpenSSH 7.7 (2018). ok djm@ deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/02/16 03:10:00 Modified files: usr.bin/ssh: compat.c compat.h Log message: Remove SSH_BUG_PASSWORDPAD compat bit since it's no longer used. ok markus@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/02/16 00:55:15 Modified files: usr.bin/ssh: compat.c compat.h Log message: Remove SSH_BUG_IGNOREMSG compat flag since it's only applicable to SSH1 and thus no longer used. ok markus@ "kill it with fire" djm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/02/09 02:55:33 Modified files: regress/usr.bin/ssh: knownhosts.sh Log message: Test adding terminating newline to known_hosts.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/02/09 02:54:11 Modified files: usr.bin/ssh: hostfile.c Log message: Ensure that there is a terminating newline when adding a new entry to known_hosts. bz#3529, with git+openssh at limpsquid.nl, ok deraadt@ markus@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/02/08 01:06:03 Modified files: regress/usr.bin/ssh: agent-getpeereid.sh Log message: ssh-agent doesn't actually take -v, so the recently-added ones will result in the test not cleaning up after itself. Patch from cjwatson at debian.org vi bz#3536.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/01/19 00:53:45 Modified files: regress/usr.bin/ssh: reexec.sh Log message: Check if we can copy sshd or need to use sudo to do so during reexec test. Skip test if neither can work. Patch from anton@, tweaks from me.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/01/14 03:05:55 Modified files: regress/usr.bin/ssh: yes-head.sh Log message: Shell syntax fix. From ren mingshuai vi github PR#369.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/01/14 02:57:08 Modified files: regress/usr.bin/ssh: percent.sh Log message: Instead of skipping the all-tokens test if we don't have OpenSSL (since we use it to compute the hash), put the hash at the end and just omit it if we don't have it. Prompted by bz#3521.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/01/12 21:47:35 Modified files: regress/usr.bin/ssh: multiplex.sh scp-uri.sh scp.sh scp3.sh test-exec.sh Log message: Move scp path setting to a helper function. The previous commit to add scp to the test sshd's path causes the t-envpass test to fail when the test scp is given using a fully qualified path. Put this in a helper function and only call it from the scp tests.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/01/12 21:23:00 Modified files: regress/usr.bin/ssh: test-exec.sh Log message: Add scp's path to test sshd's PATH. If the scp we're testing is fully qualified (eg it's not in the system PATH) then add its path to the under-test sshd's PATH so we can find it. Prompted by bz#3518.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/01/12 20:16:29 Modified files: usr.bin/ssh: ssh_config.5 Log message: Document "UserKnownHostsFile none". ok djm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/01/12 19:58:20 Modified files: usr.bin/ssh: readconf.c readconf.h ssh.c Log message: Add a "Host" line to the output of ssh -G showing the original host arg. Inspired by patch from vincent at bernat.ch via bz#3343, ok djm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/01/06 05:33:33 Modified files: regress/usr.bin/ssh: percent.sh Log message: When OpenSSL is not available, skip parts of percent test that require it. Based on github pr#368 from ren mingshuai.