Branch :
| Author | Commit | Date | CI | Message |
|---|---|---|---|---|
| 74d38529 | 2023-03-02 06:41:56 | Ensure we always call fclose when writing checkpoints. In the case of an fprintf failure we would not call fclose which would leak the FILE pointer. While we're there, try to clean up the temp file on failure. Spotted by Coverity, ok djm@ | ||
| 520304af | 2023-02-28 21:31:50 | fatal out if allocating banner string fails to avoid potential null deref later in sscanf. Spotted by Coverity, ok deraadt@ | ||
| a4a4354d | 2023-02-28 08:45:24 | Explicitly ignore return from fchmod similar to other calls to prevent warning. | ||
| deb51e2e | 2023-02-27 22:12:40 | Plug mem leak on globbed ls error path. Spotted by Coverity, ok deraadt@ | ||
| c1e2a033 | 2023-02-23 14:55:54 | openssl speed: avoid bad plural Remedy a case of twitching eyes caused by seeing "Doing ... rsa's for 10s". If this breaks someone's script, so be it. ok jsing sthen | ||
| 28ee9a64 | 2023-02-22 03:56:43 | fix progressmeter corruption on wide displays; bz3534 feedback/ok dtucker@ | ||
| 0a857551 | 2023-02-21 14:31:07 | for process kills due to execve from non-pinned syscall address, export a new AEXECVE bit to acct(4), and print it in lastcomm(8) ok bluhm | ||
| 2598ede8 | 2023-02-21 06:48:18 | fseek to end of known_hosts before writing to it. POSIX and ANSI C require that applications call fseek or similar between read and writing to a RW file. OpenBSD doesn't enforce this, but some (System V derived) platforms need this to prevent it from writing a spurious extra byte (in this case, a newline). ok djm@ deraadt@ | ||
| 0132222b | 2023-02-17 18:01:26 | KTRC_CODE__SYSCALL is never set anymore, because __syscall() is gone. | ||
| 95ca2293 | 2023-02-17 18:00:35 | Remove redundant assignment; ok millert@ | ||
| 1a0a232e | 2023-02-17 17:59:36 | Remove unused variables; ok millert@ | ||
| ffc379c2 | 2023-02-17 04:22:50 | Remove now-unused compat bit SSH_BUG_RSASIGMD5. The code to set this was removed in OpenSSH 7.7 when support for SSH implementations dating back to before RFC standardization were removed. "burn it all" djm@ | ||
| 9cf8803a | 2023-02-17 03:06:18 | Remove now-unused compat bit SSH_BUG_BIGENDIANAES. This was previously set for OpenSSH 2.3 (released in 2000) but this check was removed in OpenSSH 7.7 (2018). ok djm@ deraadt@ | ||
| 32b32022 | 2023-02-16 10:10:00 | Remove SSH_BUG_PASSWORDPAD compat bit since it's no longer used. ok markus@ | ||
| 04444b3a | 2023-02-16 07:55:15 | Remove SSH_BUG_IGNOREMSG compat flag since it's only applicable to SSH1 and thus no longer used. ok markus@ "kill it with fire" djm@ | ||
| 786202c1 | 2023-02-14 17:15:15 | Fix handling of port numbers in rsync://host[:port]/module URLs With and OK tb@ | ||
| a7969b8b | 2023-02-10 14:01:43 | Fix cursor position after zero width space, GitHub issue 3469. | ||
| 22a9c15e | 2023-02-10 06:41:53 | space between macro and punctuation; sort usage(); | ||
| 56802a7f | 2023-02-10 06:40:48 | space between macro and punctuation; | ||
| d921b99c | 2023-02-10 06:39:27 | sort SYNOPSIS; | ||
| 16d9a131 | 2023-02-10 04:56:30 | let ssh-keygen and ssh-keyscan accept -Ohashalg=sha1|sha256 when outputting SSHFP fingerprints to allow algorithm selection. bz3493 ok dtucker@ | ||
| dab22c7c | 2023-02-10 04:47:19 | add a `sshd -G` option that parses and prints the effective configuration without attempting to load private keys and perform other checks. This allows usage of the option before keys have been generated. bz3460 feedback/ok dtucker@ | ||
| 6d26ad42 | 2023-02-10 04:40:28 | make `ssh -Q CASignatureAlgorithms` work as the manpage says it should bz3532 | ||
| 5344d6be | 2023-02-09 09:54:11 | Ensure that there is a terminating newline when adding a new entry to known_hosts. bz#3529, with git+openssh at limpsquid.nl, ok deraadt@ markus@ | ||
| ef6913ff | 2023-02-08 15:56:32 | Use _nc_tparm_analyze() instead of trying to do it ourselves in process(). This fixes tput when used with a capability that uses push/pop. OK gkoehler@ | ||
| ae17c7f7 | 2023-02-08 08:24:29 | finger/mail: two trivial functions were missed in earlier ansi passes | ||
| e777735b | 2023-02-08 08:22:44 | telnet: fix prototypes for two signal handlers to make clang 15 happy | ||
| 4b7c5037 | 2023-02-08 08:18:11 | sed: add missing void to avoid -Wstrict-prototype with clang 15 | ||
| ce9c3de3 | 2023-02-08 07:59:24 | openssl(1) pkcs7 avoid crash on malformed files When printing certificates or CRLs, check signed and signedAndEnveloped before dereferencing them. Prevents crash on inspecting malformed PKCS7 files. ok jsing | ||
| 49828476 | 2023-02-07 10:56:04 | Remove old buffer when renaming rather than complaining, GitHub issue 3467 from Jean-Philippe Paradis. | ||
| 0da56a05 | 2023-02-07 10:21:01 | Add an L modifier like P, W, S to loop over clients. Also fix some long lines in tmux(1). | ||
| 6c1aad9d | 2023-02-06 09:20:30 | Add -f to list-clients like the other list commands, from Andy Walker in GitHub issue 3449. | ||
| 422252e0 | 2023-02-05 21:26:48 | Do not allow multiple line separators in a row. | ||
| 1dd5a954 | 2023-02-05 21:15:32 | Extend display-message to work for control clients. GitHub issue 3449. | ||
| a114beb5 | 2023-02-03 15:55:59 | Fix tput when compiled with clang-15 -O2 For some reason clang-15 doesn't like passing the uninitialized array of pointers nargv[] to the vararg function tparm(). With -O2 it optimizes the for loop preceding the tparm() call strangely, with the result that the argv[i] == NULL error is hit in most real-world usage. This broke naddy's fancy shell prompt among other things. Initialize nargv[] to appease the insatiable undefined behavior exploiter. ok jca millert | ||
| f829cebc | 2023-02-03 13:10:57 | Add ASPA to Looking Glass OK claudio@ | ||
| 42717716 | 2023-02-02 12:10:22 | openssh-9.2 | ||
| bc85b416 | 2023-02-02 12:10:05 | fix double-free caused by compat_kex_proposal(); bz3522 by dtucker@, ok me | ||
| 08d1f2ca | 2023-02-02 09:24:59 | Add a missing error message which causes an invalid layout name to crash. | ||
| e069d6d1 | 2023-02-02 09:06:44 | Tweak note for D key binding, from Clark Wang. | ||
| 13c74f85 | 2023-02-01 00:03:38 | Print the pid in lastcomm(1) output for post mortem analysis. Put it in brackets after the command name, like syslogd does it in log files. A while ago the process id was added to process accounting in the kernel, so no ABI break this time. OK deraadt@ | ||
| e8de1577 | 2023-01-31 21:38:01 | Fix a typo in a comment and spacing from weerd@ | ||
| 698cd879 | 2023-01-29 09:28:57 | Fix ^^D and 0^D description; pointed out by Tomas Rippl; ok jmc@ | ||
| 99a8c03e | 2023-01-25 19:06:50 | Fix CVE-2023-24056, unbounded variable expansion in pkg-config. We now die with an error when trying to expand a variable that is already longer than 64K. This was never a buffer overflow in our pkg-config, but rather an unbounded memory allocation that would eventually run up against resource limits. OK sthen@ jasper@ | ||
| 6981b792 | 2023-01-23 09:33:51 | Too many \s in example, GitHub issue 3445. | ||
| 009dd187 | 2023-01-20 21:36:00 | Add a flag to display-menu to select the manu item chosen first, GitHub issue 3442. | ||
| 7c5efb42 | 2023-01-18 20:56:36 | delete useless dependency | ||
| 89841209 | 2023-01-18 20:43:15 | Create and install sshd random relink kit. ../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't be too fragile, we'll see if we need a different approach. The resulting sshd binary is tested with the new sshd -V option before installation. As the binary layout is now semi-unknown (meaning relative, fixed, and gadget offsets are not precisely known), change the filesystem permissions to 511 to prevent what I call "logged in BROP". I have ideas for improving this further but this is a first step ok djm | ||
| 59586997 | 2023-01-18 06:55:32 | tweak previous; ok djm | ||
| a35e5d14 | 2023-01-18 02:00:10 | when restoring non-blocking mode to stdio fds, restore exactly the flags that ssh started with and don't just clobber them with zero, as this could also remove the append flag from the set; bz3523; ok dtucker@ | ||
| 93d238a6 | 2023-01-18 01:50:21 | Add a -V (version) option to sshd like the ssh client has. OK markus@ deraadt@ | ||
| dc4459a6 | 2023-01-17 18:52:44 | For "ssh -V" always exit 0, there is no need to check opt again. This was missed when the fallthrough in the switch case above it was removed. OK deraadt@ | ||
| c842d149 | 2023-01-17 13:03:22 | Arguments may contain more than one variable assignment `make FOO=1 BAR=2 ...' works as expected and lots of things wouldn't work if make only accepted a single assignment, as currently documented. Fix SYNOPSIS and usage to match reality and POSIX spec (thanks jmc). OK jmc | ||
| 1e415b51 | 2023-01-17 10:40:51 | Support -1 without -N for list-keys. | ||
| f98a6cf6 | 2023-01-17 09:44:48 | Add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for some length of time. This complements the recently-added ChannelTimeout option that terminates inactive channels after a timeout. ok markus@ | ||
| bf31d21b | 2023-01-17 06:50:55 | Update palette when moving a pane, GitHub issue 3437. | ||
| c79c3b80 | 2023-01-16 11:26:14 | Mark keys sent by command and skip paste handling for them. | ||
| e2c8dd8b | 2023-01-16 05:32:04 | we spent far too long debugging a weird go library problem (incorrect arguments to mmap) because it was using syscall(2) and that callpath is invisible in ktrace. make it visible, it will now show "(via syscall)" and such. ok guenther | ||
| 938209f1 | 2023-01-15 23:05:32 | update OpenSSH's Ed25519 code to the last version of SUPERCOP (20221122) and change the import approach to the same one we use for Streamlined NTRUPrime: use a shell script to extract the bits we need from SUPERCOP, make some minor adjustments and squish them all into a single file. ok tb@ tobhe@ | ||
| 93d5a0ee | 2023-01-15 06:55:12 | fix text error; from jan stary | ||
| 293b7b88 | 2023-01-13 15:14:24 | Use extended header format for .wav files. According to Microsoft docs, it is needed if bits > 16 or if there are more than 2 channels, which aucat supports and is the defaut. Fixes errors reported by audio/sox port when trying to play .wav files generated by aucat. Reported by John Rigg <obsd at jrigg.co.uk> and others on misc@ | ||
| 9917671c | 2023-01-13 07:13:40 | fix double phrase in previous; | ||
| 8074af79 | 2023-01-13 06:53:04 | timeout(1): sig_atomic_t variables must also be 'volatile'; ok job@ | ||
| d6bc16de | 2023-01-13 03:16:29 | Document "UserKnownHostsFile none". ok djm@ | ||
| 61d6691f | 2023-01-13 02:58:20 | Add a "Host" line to the output of ssh -G showing the original host arg. Inspired by patch from vincent at bernat.ch via bz#3343, ok djm@ | ||
| bf25c7a3 | 2023-01-13 02:44:02 | avoid printf("%s", NULL) if using ssh -oUserKnownHostsFile=none and a hostkey in one of the system known hosts file changes; ok dtucker@ | ||
| 25f2c821 | 2023-01-12 18:49:11 | Have tmux recognise pasted texts wrapped in bracket paste sequences, rather than only forwarding them to the program inside. From Andrew Onyshchuk in GitHub issue 3431. | ||
| 77a16aa3 | 2023-01-12 14:08:39 | diff from sobrado to use a full argument name for -s: after some discussion we used "signal", as per pkill/pgrep; also lift the descriptive text from kill.1 to clarify that both signal name and number are accepted; ok sobrado job | ||
| f66d30ff | 2023-01-11 05:39:38 | clamp the minimum buffer lengths and number of inflight requests too | ||
| d28b3eb2 | 2023-01-11 05:36:50 | ignore bogus upload/download buffer lengths in the limits extension | ||
| 6d197b35 | 2023-01-11 02:13:52 | remove whitespace at EOL from code extracted from SUPERCOP | ||
| 0903cde6 | 2023-01-10 23:22:15 | Switch scp from using pipes to a socketpair for communication with it's ssh sub-processes. We no longer need to reserve two descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is handled by sanitise_stdfd() in main(). Based on an original diff from djm@. OK deraadt@ djm@ | ||
| 03a52c9b | 2023-01-10 21:10:37 | oops, fix a bad edit in previous; | ||
| 78dcb75a | 2023-01-10 20:48:34 | Fix device name in the MIDI control section For MMC to work, the MIDI sequencer must send MMC to subdevices registered with -tslave. From Dirk-Wilhelm Peters <peters at schwertfisch.de>, thanks. | ||
| 846b88a7 | 2023-01-10 14:19:12 | Add short options for --foreground and --preserve-status Align with upcoming POSIX spec: https://www.austingroupbugs.net/view.php?id=1586 OK jmc@ | ||
| 165474a8 | 2023-01-09 17:13:46 | shorten SYNOPSIS from three versions to two (me) then one (ratchov), plus all the cleanup that goes with; ok ratchov | ||
| affa3703 | 2023-01-09 14:12:41 | Fix behaviour with \007 (used the wrong tree for last change). | ||
| ce2a7883 | 2023-01-09 07:57:14 | Accept \007 as terminator to OSC 10 or 11. | ||
| 461a14bc | 2023-01-08 23:34:46 | Fix parsing of optional arguments so that and accept a - starting an argument. | ||
| ab9ea5e6 | 2023-01-08 22:17:04 | Have client return 1 if process is interrupted to an input pane. | ||
| cc390fd4 | 2023-01-08 22:15:30 | Restore code to handle wcwidth failure so that unknown codepoints still do the most likely right thing. GitHub issue 3427, patch based on an diff from Jesse Luehrs in GitHub issue 3003. | ||
| d89c343e | 2023-01-08 21:00:01 | Quotes are now required in select-layout example. | ||
| bfce157f | 2023-01-08 08:27:17 | - tweak the text relating to -w - sync usage() and SYNOPSIS ok ratchov | ||
| 0c878ce4 | 2023-01-08 06:58:07 | Add -w option to display variables periodically The purpose of -w is to monitor underruns without triggering long kernel code-paths (ex. fork and exec of new audioctl process) that may cause additional underruns than the ones being monitored. ok chehola, edd | ||
| 190bef39 | 2023-01-07 05:26:40 | Add argument and return support for {get,set}thrname() | ||
| cef5a146 | 2023-01-07 05:24:58 | Add {get,set}thrname(2) for putting thread names in the kernel and exposed in a new field returned by sysctl(KERN_PROC). Update pthread_{get,set}_name_np(3) to use the syscalls. Show them, when set, in ps -H and top -H output. libc and libpthread minor bumps ok mpi@, mvs@, deraadt@ | ||
| b9197c8b | 2023-01-06 08:44:11 | tweak previous; ok djm | ||
| 83e2ab13 | 2023-01-06 07:09:27 | If a pane is killed, cancel reading from the file. GitHub issue 3422. | ||
| eb183477 | 2023-01-06 02:47:18 | Implement channel inactivity timeouts This adds a sshd_config ChannelTimeouts directive that allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. Note: this only affects channels over an opened SSH connection and not the connection itself. Most clients close the connection when their channels go away, with a notable exception being ssh(1) in multiplexing mode. ok markus dtucker | ||
| e425622f | 2023-01-06 02:42:34 | Add channel_set_xtype() This sets an "extended" channel type after channel creation (e.g. "session:subsystem:sftp") that will be used for setting channel inactivity timeouts. ok markus dtucker | ||
| c6fd5a4a | 2023-01-06 02:41:49 | tweak channel ctype names These are now used by sshd_config:ChannelTimeouts to specify timeouts by channel type, so force them all to use a similar format without whitespace. ok dtucker markus | ||
| b21c0267 | 2023-01-06 02:39:59 | Add channel_force_close() This will forcibly close an open channel by simulating read/write errors, draining the IO buffers and calling the detach function. Previously the detach function was only ever called during channel garbage collection, but there was no way to signal the user of a channel (e.g. session.c) that its channel was being closed deliberately (vs. by the usual state-machine logic). So this adds an extra "force" argument to the channel cleanup callback to indicate this condition. ok markus dtucker | ||
| 0f30be9a | 2023-01-06 02:38:23 | replace manual poll/ppoll timeout math with ptimeout API feedback markus / ok markus dtucker | ||
| a598e5a3 | 2023-01-06 02:37:04 | add ptimeout API for keeping track of poll/ppoll timeouts; ok dtucker markus | ||
| f2e3f6b6 | 2023-01-05 05:49:13 | suppress "Connection closed" message when in quiet mode | ||
| 998894f5 | 2023-01-05 00:00:44 | Delete remnants of removed "diff -l" option. From Nathan Houghton | ||
| 8305317d | 2023-01-04 19:12:34 | minor text shuffle, for clarity; ok millert | ||
| 5d84952f | 2023-01-04 14:58:04 | Eduardo Horvath agreed to rescind clause 3 and 4 in NetBSD fgen.1 rev 1.9 cpu_in_cksum.S rev 1.2 https://mail-index.netbsd.org/source-changes/2009/10/19/msg002130.html | ||
| 3d2b6224 | 2023-01-04 12:53:38 | ugly white space | ||
| 30b91020 | 2023-01-04 07:33:00 | - use Fl instead of Ar for print0; from josiah frentsos - while here, describe it as a primary rather than an option |