Branch :
| Author | Commit | Date | CI | Message |
|---|---|---|---|---|
| 6541b77c | 2023-08-11 05:02:21 | Switch rcs_{get,set}_mtime() from returning and taking a time_t to doing so with a struct timespec and then use tv_nsec = UTIME_OMIT instead of a (time_t)-1 as a "do nothing" value. They can then fully preserve the timestamp ok millert@ | ||
| fd71e6a3 | 2023-08-11 04:48:14 | cvs_file_copy() used futimes(), but only set the tv_sec fields, which presumably meant passing stack garbage in the tv_usec and failing with EINVAL, whee. Switch to futimens() and set the full timespecs from the incoming struct stat ok millert@ | ||
| 79b54589 | 2023-08-11 04:45:05 | Replace use of the old BSD st_*timespec members in struct stat with the POSIX-standard st_*tim members. ok millert@ | ||
| 03d5d688 | 2023-08-11 04:44:28 | When used by itself, replace use of the old BSD st_mtimespec.tv_sec member in struct stat with for-all-time st_mtime member. ok millert@ | ||
| 3e579263 | 2023-08-10 23:05:48 | better debug logging of sessions' exit status | ||
| f17d0bb0 | 2023-08-10 14:37:32 | drop a wayward comma, ok jmc@ | ||
| 90e9bc0b | 2023-08-10 10:56:34 | document .VARIABLES | ||
| d4eb5638 | 2023-08-10 10:52:43 | Add support for .VARIABLES, to which I have use. This is an extension but also exists in gnu-make. okay millert@, kn@, thfr@ (I've added an XXX comment on top of the patch you've seen, no actual further code change) | ||
| 4bd1fa4c | 2023-08-10 01:01:07 | openssh-9.4 | ||
| e49f8566 | 2023-08-08 08:21:29 | Add flag to next-prompt/previous-prompt to go to command output instead, from Magnus Gross. | ||
| 17d7ce67 | 2023-08-08 08:08:47 | Add options and flags for menu styles similar to those existing for popups, from Alexis Hildebrandt. GitHub issue 3650. | ||
| e340e6cc | 2023-08-08 07:41:04 | Extend the menu drawing function to support custom characters and styles, from Alexis Hildebrandt. | ||
| 47712579 | 2023-08-08 07:19:48 | Fix a couple of rounded border characters, from Alexis Hildebrandt. | ||
| 4b5f3832 | 2023-08-07 10:52:00 | Free title earlier, from Alexis Hildebrandt. | ||
| 0803d750 | 2023-08-07 10:04:29 | Trim can generate strings longer than the original if there are many #s, so create a bigger buffer. Reported by Robert Morris. | ||
| fa7c2eee | 2023-08-06 19:36:13 | Prefer the POSIX standard st_*tim struct timespec members over the older BSD st_*timespec names. ok millert@ | ||
| a4b17896 | 2023-08-06 19:33:54 | Apply rev 1.29 from NetBSD: ----- Don't printf time_t with %d; fixes PR 44128 from yamt. With this change it successfully prints mtimes after 2038. ----- ok millert@ | ||
| 1fa342e1 | 2023-08-04 06:32:40 | Apply ConnectTimeout to multiplexing local socket connections. If the multiplex socket exists but the connection times out, ssh will fall back to a direct connection the same way it would if the socket did not exist at all. ok djm@ | ||
| 270e7910 | 2023-08-02 23:04:38 | CheckHostIP has defaulted to 'no' for a while; make the commented- out config option match. From Ed Maste | ||
| bc597a2f | 2023-08-01 08:15:04 | remove unnecessary if statement. github PR#422 from eyalasulin999, ok djm@ | ||
| f7c26a86 | 2023-07-29 17:15:45 | Drop unused conf, pem, and x509 headers, add unistd for pledge | ||
| 3829959e | 2023-07-28 05:42:36 | %C is a callable macro in mdoc(7) so, as we do for %D, escape it; | ||
| 2c6bff6f | 2023-07-27 22:26:49 | don't incorrectly truncate logged strings retrieved from PKCS#11 modules; based on GHPR406 by Jakub Jelen; ok markus | ||
| ce44d278 | 2023-07-27 22:25:17 | make sshd_config AuthorizedPrincipalsCommand and AuthorizedKeysCommand accept the %D (routing domain) and a new %C (connection address/port 4-tuple) as expansion sequences; ok markus | ||
| 49771933 | 2023-07-27 22:23:05 | increase default KDF work-factor for OpenSSH format private keys from 16 to 24; { feedback ok } x { deraadt markus } | ||
| 418576f2 | 2023-07-27 07:01:50 | Remove antiquated options output This is uninteresting and rather meaningless except for the implementer. No need to have several hundred lines of code backing half a dozen symbols in the public API for this. ok jsing | ||
| e39a844e | 2023-07-26 23:06:00 | make ssh -f (fork after authentication) work properly in multiplexed cases (inc. ControlPersist). bz3589 bz3589 Based on patches by Peter Chubb; ok dtucker@ | ||
| 935597db | 2023-07-23 20:04:45 | man page typos; ok jmc@ | ||
| 440d1414 | 2023-07-23 11:39:29 | sprinkle some void between () in function definitions | ||
| 3228b0c4 | 2023-07-23 11:20:11 | Remove -stats option from openssl(1) errstr. This is the only consumer of ERR_get_string_table(), which will go away. ok jsing | ||
| 646fc284 | 2023-07-20 05:43:39 | tweak the allow-remote-pkcs11 text; | ||
| c3ac409d | 2023-07-19 14:03:45 | Separate ssh-pkcs11-helpers for each p11 module Make ssh-pkcs11-client start an independent helper for each provider, providing better isolation between modules and reliability if a single module misbehaves. This also implements reference counting of PKCS#11-hosted keys, allowing ssh-pkcs11-helper subprocesses to be automatically reaped when no remaining keys reference them. This fixes some bugs we have that make PKCS11 keys unusable after they have been deleted, e.g. https://bugzilla.mindrot.org/show_bug.cgi?id=3125 ok markus@ | ||
| f8f5a6b0 | 2023-07-19 14:02:27 | Ensure FIDO/PKCS11 libraries contain expected symbols This checks via nlist(3) that candidate provider libraries contain one of the symbols that we will require prior to dlopen(), which can cause a number of side effects, including execution of constructors. Feedback deraadt; ok markus | ||
| 7bc29a9d | 2023-07-19 13:56:33 | Disallow remote addition of FIDO/PKCS11 provider libraries to ssh-agent by default. The old behaviour of allowing remote clients from loading providers can be restored using `ssh-agent -O allow-remote-pkcs11`. Detection of local/remote clients requires a ssh(1) that supports the `session-bind@openssh.com` extension. Forwarding access to a ssh-agent socket using non-OpenSSH tools may circumvent this control. ok markus@ | ||
| f03a4faa | 2023-07-19 13:55:53 | terminate process if requested to load a PKCS#11 provider that isn't a PKCS#11 provider; from / ok markus@ | ||
| 311f4bd0 | 2023-07-19 13:26:20 | Partially fix interactive mode in patch If ask() can't open /dev/tty for reading, it assumes the default answer and carries on. Add missing unveil, so that ask() waits for an answer. This isn't a full fix since it won't allow giving paths outside the tree rooted at the current directory, but that's expected by the recent change. Questions are only asked outside of force or batch mode. fix suggested by op and semarie ok deraadt florian | ||
| bdc25a05 | 2023-07-19 13:03:36 | Correct visited flag when the last window list is rebuilt by renumbering windows, appears to fix hang reported by Mark Kelly. | ||
| fdddc64a | 2023-07-17 06:16:33 | missing match localnetwork negation check | ||
| 66d544a9 | 2023-07-17 05:41:53 | - add -P to usage() - sync the arg name to -J in usage() with that in ssh.1 - reformat usage() to match what "man ssh" does on 80width | ||
| a6e39761 | 2023-07-17 05:38:10 | -P before -p in SYNOPSIS; | ||
| 75e4a6d8 | 2023-07-17 05:36:14 | configuation -> configuration | ||
| 254cc503 | 2023-07-17 05:26:38 | move other RCSIDs to before their respective license blocks too no code change | ||
| f981e348 | 2023-07-17 05:22:30 | Move RCSID to before license block and away from #includes, where it caused merge conflict in -portable for each commit :( | ||
| 83e109d2 | 2023-07-17 05:20:15 | return SSH_ERR_KRL_BAD_MAGIC when a KRL doesn't contain a valid magic number and not SSH_ERR_MESSAGE_INCOMPLETE; the former is needed to fall back to text revocation lists in some cases; fixes t-cert-hostkey. | ||
| e41e10e3 | 2023-07-17 04:08:31 | Add support for configuration tags to ssh(1). This adds a ssh_config(5) "Tag" directive and corresponding "Match tag" predicate that may be used to select blocks of configuration similar to the pf.conf(5) keywords of the same name. ok markus | ||
| af0d252a | 2023-07-17 04:04:36 | add a "match localnetwork" predicate. This allows matching on the addresses of available network interfaces and may be used to vary the effective client configuration based on network location (e.g. to use a ProxyJump when not on a particular network). ok markus@ | ||
| a63bc561 | 2023-07-17 04:01:10 | remove vestigal support for KRL signatures When the KRL format was originally defined, it included support for signing of KRL objects. However, the code to sign KRLs and verify KRL signatues was never completed in OpenSSH. Now, some years later, we have SSHSIG support in ssh-keygen that is more general, well tested and actually works. So this removes the semi-finished KRL signing/verification support from OpenSSH and refactors the remaining code to realise the benefit - primarily, we no longer need to perform multiple parsing passes over KRL objects. ok markus@ | ||
| 95561aef | 2023-07-17 03:57:21 | Support for KRL extensions. This defines wire formats for optional KRL extensions and implements parsing of the new submessages. No actual extensions are supported at this point. ok markus | ||
| cea35e79 | 2023-07-16 03:01:31 | Make the mbstat preserve the same size which is actually used. Also revert the previous that the mbstat is located on the stack. ok claudio | ||
| 4d951e93 | 2023-07-15 10:42:54 | Prevent patch(1) from scribbling all over the place. Arguably the only sensible use of patch(1) is changing files in the current working directory and subdirectories. However, patch(1) has this anti-feature, or dare I say bug, where it will happily follow "../" upwards and outside of the current working directory to find files to change. All it takes is a line like +++ ../../../../home/florian/.ssh/authorized_keys in the patchfile. patch(1) operates on untrusted input and it already pledge(2)'ed to not execute arbitrary programs, but of course it needs to write files. A simple unveil(".", "rwc") restricts patch(1) to its current working directory. We also need to allow /tmp and potentially the output file and reject file if given on the command line. But those paths are safe. input op, deraadt OK millert, sthen | ||
| b514c1a1 | 2023-07-14 19:32:59 | Set extended keys flag again after reset, from Eric T Johnson. | ||
| 1557ddea | 2023-07-14 07:44:21 | Include stdint.h for SIZE_MAX. Fixes OPENSSL=no build. | ||
| eacd9bb8 | 2023-07-14 05:31:44 | add defence-in-depth checks for some unreachable integer overflows reported by Yair Mizrahi @ JFrog; feedback/ok millert@ | ||
| f353bcb0 | 2023-07-13 06:03:48 | Use 8 for underscore colour defaults instead of 0 which is less confusing, and fix writing tge default colour. GitHub issue 3627. | ||
| f344f57b | 2023-07-12 15:45:34 | Don't run off the end of path if it ends in /. OK op, sthen | ||
| ce198a4a | 2023-07-12 15:44:47 | basename(3) can fail, prevent segfault in strlen(3). OK tb, sthen | ||
| 24f68354 | 2023-07-12 11:26:13 | Use ssize_t instead of short for line lengths sthen hit a binary patch containing a 'line' of length > 32kB. This made the short used for storing the line length wrap and resulted in a buffer underflow and segfault. This uses a larger type, which doesn't actually fix the problem, but makes it much less likely to be hit. ok florian otto sthen | ||
| 9b09dd35 | 2023-07-11 16:09:09 | Remove Ns and Li and change Nm to Ic, suggested by jmc. | ||
| 23aaa182 | 2023-07-11 07:34:23 | Add descriptions of copy mode commands, from Michael Bianco. | ||
| eb36563f | 2023-07-10 12:00:08 | It should no longer be necessary to ignore SIGCHLD because it is now blocked around daemon(), and doing so causes trouble with newer libevent (it cannot restore the original handler). Reported by Azat Khuzhin in GitHub issue 3626. | ||
| bc5de943 | 2023-07-10 09:35:46 | Loop around waitpid in client, from Azat Khuzhin. | ||
| da9bce4f | 2023-07-10 09:29:48 | finish v5.36, UList was a bit more work | ||
| a0aa010a | 2023-07-10 09:24:53 | Use a stack for last panes line windows, from Thomas Bertschinger in GitHub issue 3588. | ||
| 611ae5ac | 2023-07-10 04:51:26 | misplaced debug message | ||
| b3dc7a2c | 2023-07-09 22:54:52 | Call closefrom after removing signals because newer libevent doesn't like its signal fd being closed Azat Khuzhin. | ||
| ea5a4cac | 2023-07-08 21:51:45 | max_processes -> max_jobs in usage(); | ||
| 93d8fa4c | 2023-07-08 18:42:27 | nitpicking: singular of children is child | ||
| 301af155 | 2023-07-08 18:02:00 | talk about "jobs" because that's make knows, and mention the heuristics about the recursive non exploding kitten recursive behavior outside of BUGS. okay naddy@, jca@ | ||
| 209510b6 | 2023-07-08 08:45:54 | cosmetic clean-up of UList.pm, no signatures yet remove prototype that's actually unused, since method call | ||
| 0a6aab58 | 2023-07-08 08:15:32 | move everyone besides UList to use v5.36 | ||
| 032e1cec | 2023-07-07 14:17:34 | Expand the counters in struct mbstat from u_short to u_long. ok blumn mvs | ||
| f1b80c89 | 2023-07-07 09:15:13 | Use "llu%" for printing the uint64_t fields in tcpcb. ok blumn | ||
| 228cff34 | 2023-07-06 22:17:59 | minleft and maxsign are u_int so cast appropriately. Prompted by github PR#410, ok deraadt. | ||
| f41ccc36 | 2023-07-06 08:29:26 | start moving a few files to use v5.36; (this went through a full bulk) | ||
| d2364f60 | 2023-07-04 11:34:19 | The recent change to DIOCGETRULE allows applications which periodically read rules from pf(4) to consume all kernel memory. The bug has been discovered and root caused by florian@. In this particular case it was snmpd(8) what ate all kernel memory. This commit introduces DIOCXEND to pf(4) so applications such as snmpd(8) and systat(1) to close ticket/transaction when they are done with fetching the rules. This change also updates snmpd(8) and systat(1) to use newly introduced DIOCXEND ioctl(2). OK claudio@, deraadt@, kn@ | ||
| fe20b749 | 2023-07-04 03:59:21 | add support for unix domain sockets to ssh -W ok djm@ dtucker@ | ||
| cbbd91a4 | 2023-07-03 16:47:43 | Add support for marking lines with a shell prompt based on the OSC 133 extension, from Munif Tanjim in GitHub issue 3596. | ||
| 2cba1c74 | 2023-07-03 10:48:26 | Do not risk writing over the end of the buffer when it ends in # (because strchr \0 will be non-NULL), reported by Robert Morris in GitHub issue 3610. | ||
| fb770183 | 2023-07-03 08:37:22 | some minor fix up; | ||
| 423d19d0 | 2023-07-03 08:37:14 | Another warning fix for GCC from Thomas Klausner. | ||
| b5c24d4f | 2023-07-03 08:03:56 | Bring back no_tls1 and no_tls1_1 as undocumented silently discarded opitons While I'm here, change the no_ssl2 and no_ssl3 options to use OPTION_DISCARD as well instead of continuing to set a no-op option flag. ok jsing@ tb@ | ||
| 91e7614a | 2023-07-03 06:22:07 | Remove the tls1.0 and 1.1 related options from the openssl(1) toolkit ok tb@ | ||
| a3c0391f | 2023-07-02 19:59:15 | Use TSO and LRO on the loopback interface to transfer TCP faster. If tcplro is activated on lo(4), ignore the MTU with TCP packets. They are passed along with the information that they have to be chopped in case they are forwarded later. New netstat(1) counter shows that software LRO is in effect. The feature is currently turned off by default. tested by jan@; OK claudio@ jan@ | ||
| df970faa | 2023-07-02 07:08:57 | Teach openssl ca about Ed25519 certificates This adds a few logic curlies to end up setting the EVP_MD to EVP_md_null() as required by the API. This way ASN1_item_sign() now knows how to behave. "ok = (rv == 2);" beck | ||
| d348a60a | 2023-07-02 07:05:14 | Teach openssl req about EdDSA certs After a few things in libcrypto were adjusted, this diff makes issuing certificate requests with Ed25519 work. ok beck | ||
| 6af87e9a | 2023-06-30 21:55:08 | Change a few types to fix warnings, from Thomas Klausner. | ||
| e3eeb0f8 | 2023-06-30 13:19:32 | Get rid of some warnings with GCC 10, from Thomas Klausner. | ||
| 40542d6f | 2023-06-28 17:36:51 | revert makefile change included by mistake in previous | ||
| 1ff56c59 | 2023-06-28 17:35:06 | drop needless strcspn in the header parsing since fetch.c revision 1.211, ftp removes trailingwhitespaces early so there's no need to re-do that when parsing a header. while here, remove an unused variable too. ok tb, millert | ||
| e846c64d | 2023-06-28 11:07:28 | fix parsing of the Last-Modified header Was overlooked in r1.209. diff from 'a dog' (OpenBSD [at] anthropomorphic [dot] dog) ok tb, sthen | ||
| 4807cddd | 2023-06-28 08:37:52 | add `notab' to the list of modes that can be set with set-default-mode specify also that it can be set globally with set-default-mode, as done in the description of the other built-in modes. Diff from Simon Branch (that I got via jmc@), thanks! | ||
| 37e1ec45 | 2023-06-26 08:14:19 | When exiting alternate screen, there is no need to reflow when going back to old size since the contents will be overwritten. GitHub issue 3510. | ||
| f0daa7d1 | 2023-06-26 07:17:40 | Add "us" to styles for underscore colour, GitHub issue 3589. | ||
| c3035900 | 2023-06-25 15:53:07 | SGR 0 should not end hyperlink, reported by Lucas Trzesniewski. | ||
| 80ddc267 | 2023-06-23 15:06:45 | Fix a bug in ex's 's' command with the 'c' flag when 'number' is off. The underlining was positioned in the wrong place. This fixes the problem and matches historic ex behavior. OK op@ | ||
| 0b091dd3 | 2023-06-21 06:28:18 | Check fdopen return value, from Christian Menges. | ||
| fd6d8a57 | 2023-06-21 05:10:26 | better validate CASignatureAlgorithms in ssh_config and sshd_config. Previously this directive would accept certificate algorithm names, but these were unusable in practice as OpenSSH does not support CA chains. part of bz3577; ok dtucker@ | ||
| 7800c160 | 2023-06-21 05:08:32 | make `ssh -Q CASignatureAlgorithms` only list signature algorithms that are valid for CA signing. Previous behaviour was to list all signing algorithms, including certificate algorithms (OpenSSH certificates do not support CA chains). part of bz3577; ok dtucker@ | ||
| cdc6f5c1 | 2023-06-21 05:06:04 | handle rlimits > INT_MAX (rlim_t is u64); ok dtucker bz3581 | ||
| 5f60496e | 2023-06-20 23:59:33 | prepare for support for connecting to unix domain sockets using ssh -W by explicitly decoding PORT_STREAMLOCAL (a negative number) from the u32 that's passed over the multiplexing socket; previously code would just cast, which is UB. |