fix merge conflict
This commit is contained in:
commit
0d44bc9b49
|
@ -59,17 +59,18 @@ jobs:
|
||||||
- { target: ubuntu-latest, config: libressl-3.5.3 }
|
- { target: ubuntu-latest, config: libressl-3.5.3 }
|
||||||
- { target: ubuntu-latest, config: libressl-3.6.1 }
|
- { target: ubuntu-latest, config: libressl-3.6.1 }
|
||||||
- { target: ubuntu-latest, config: libressl-3.7.2 }
|
- { target: ubuntu-latest, config: libressl-3.7.2 }
|
||||||
- { target: ubuntu-latest, config: libressl-3.8.2 }
|
- { target: ubuntu-latest, config: libressl-3.8.3 }
|
||||||
|
- { target: ubuntu-latest, config: libressl-3.9.0 }
|
||||||
- { target: ubuntu-latest, config: openssl-master }
|
- { target: ubuntu-latest, config: openssl-master }
|
||||||
- { target: ubuntu-latest, config: openssl-noec }
|
- { target: ubuntu-latest, config: openssl-noec }
|
||||||
- { target: ubuntu-latest, config: openssl-1.1.1 }
|
- { target: ubuntu-latest, config: openssl-1.1.1 }
|
||||||
- { target: ubuntu-latest, config: openssl-1.1.1t }
|
- { target: ubuntu-latest, config: openssl-1.1.1t }
|
||||||
- { target: ubuntu-latest, config: openssl-1.1.1w }
|
- { target: ubuntu-latest, config: openssl-1.1.1w }
|
||||||
- { target: ubuntu-latest, config: openssl-3.0.0 }
|
- { target: ubuntu-latest, config: openssl-3.0.0 }
|
||||||
- { target: ubuntu-latest, config: openssl-3.0.12 }
|
- { target: ubuntu-latest, config: openssl-3.0.13 }
|
||||||
- { target: ubuntu-latest, config: openssl-3.1.0 }
|
- { target: ubuntu-latest, config: openssl-3.1.0 }
|
||||||
- { target: ubuntu-latest, config: openssl-3.1.4 }
|
- { target: ubuntu-latest, config: openssl-3.1.5 }
|
||||||
- { target: ubuntu-latest, config: openssl-3.2.0 }
|
- { target: ubuntu-latest, config: openssl-3.2.1 }
|
||||||
- { target: ubuntu-latest, config: openssl-1.1.1_stable }
|
- { target: ubuntu-latest, config: openssl-1.1.1_stable }
|
||||||
- { target: ubuntu-latest, config: openssl-3.0 } # stable branch
|
- { target: ubuntu-latest, config: openssl-3.0 } # stable branch
|
||||||
- { target: ubuntu-latest, config: openssl-3.2 } # stable branch
|
- { target: ubuntu-latest, config: openssl-3.2 } # stable branch
|
||||||
|
|
2
README
2
README
|
@ -1,4 +1,4 @@
|
||||||
See https://www.openssh.com/releasenotes.html#9.6p1 for the release
|
See https://www.openssh.com/releasenotes.html#9.7p1 for the release
|
||||||
notes.
|
notes.
|
||||||
|
|
||||||
Please read https://www.openssh.com/report.html for bug reporting
|
Please read https://www.openssh.com/report.html for bug reporting
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: channels.c,v 1.436 2024/01/09 22:19:00 djm Exp $ */
|
/* $OpenBSD: channels.c,v 1.437 2024/03/06 02:59:59 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -3254,9 +3254,8 @@ channel_proxy_downstream(struct ssh *ssh, Channel *downstream)
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
/* Record that connection to this host/port is permitted. */
|
/* Record that connection to this host/port is permitted. */
|
||||||
permission_set_add(ssh, FORWARD_USER, FORWARD_LOCAL, "<mux>", -1,
|
permission_set_add(ssh, FORWARD_USER, FORWARD_LOCAL, "<mux>",
|
||||||
listen_host, NULL, (int)listen_port, downstream);
|
-1, listen_host, NULL, (int)listen_port, downstream);
|
||||||
listen_host = NULL;
|
|
||||||
break;
|
break;
|
||||||
case SSH2_MSG_CHANNEL_CLOSE:
|
case SSH2_MSG_CHANNEL_CLOSE:
|
||||||
if (have < 4)
|
if (have < 4)
|
||||||
|
|
22
configure.ac
22
configure.ac
|
@ -149,6 +149,7 @@ fi
|
||||||
|
|
||||||
use_stack_protector=1
|
use_stack_protector=1
|
||||||
use_toolchain_hardening=1
|
use_toolchain_hardening=1
|
||||||
|
use_retpoline=1
|
||||||
AC_ARG_WITH([stackprotect],
|
AC_ARG_WITH([stackprotect],
|
||||||
[ --without-stackprotect Don't use compiler's stack protection], [
|
[ --without-stackprotect Don't use compiler's stack protection], [
|
||||||
if test "x$withval" = "xno"; then
|
if test "x$withval" = "xno"; then
|
||||||
|
@ -159,6 +160,11 @@ AC_ARG_WITH([hardening],
|
||||||
if test "x$withval" = "xno"; then
|
if test "x$withval" = "xno"; then
|
||||||
use_toolchain_hardening=0
|
use_toolchain_hardening=0
|
||||||
fi ])
|
fi ])
|
||||||
|
AC_ARG_WITH([retpoline],
|
||||||
|
[ --without-retpoline Enable retpoline spectre mitigation], [
|
||||||
|
if test "x$withval" = "xno"; then
|
||||||
|
use_retpoline=0
|
||||||
|
fi ])
|
||||||
|
|
||||||
# We use -Werror for the tests only so that we catch warnings like "this is
|
# We use -Werror for the tests only so that we catch warnings like "this is
|
||||||
# on by default" for things like -fPIE.
|
# on by default" for things like -fPIE.
|
||||||
|
@ -216,8 +222,6 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
|
||||||
OSSH_CHECK_CFLAG_COMPILE([-Wbitwise-instead-of-logical])
|
OSSH_CHECK_CFLAG_COMPILE([-Wbitwise-instead-of-logical])
|
||||||
OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
|
OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
|
||||||
if test "x$use_toolchain_hardening" = "x1"; then
|
if test "x$use_toolchain_hardening" = "x1"; then
|
||||||
OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang
|
|
||||||
OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt])
|
|
||||||
OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
|
OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
|
||||||
OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
|
OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
|
||||||
OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
|
OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
|
||||||
|
@ -240,6 +244,10 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
|
||||||
esac
|
esac
|
||||||
OSSH_CHECK_CFLAG_COMPILE([-ftrivial-auto-var-init=zero])
|
OSSH_CHECK_CFLAG_COMPILE([-ftrivial-auto-var-init=zero])
|
||||||
fi
|
fi
|
||||||
|
if test "x$use_retpoline" = "x1"; then
|
||||||
|
OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang
|
||||||
|
OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt])
|
||||||
|
fi
|
||||||
|
|
||||||
AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
|
AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
|
||||||
saved_CFLAGS="$CFLAGS"
|
saved_CFLAGS="$CFLAGS"
|
||||||
|
@ -2735,7 +2743,15 @@ AC_ARG_WITH([ssl-dir],
|
||||||
else
|
else
|
||||||
CPPFLAGS="-I${withval} ${CPPFLAGS}"
|
CPPFLAGS="-I${withval} ${CPPFLAGS}"
|
||||||
fi
|
fi
|
||||||
openssl_bin_PATH="${PATH}${PATH_SEPARATOR}${withval}/bin${PATH_SEPARATOR}${withval}/apps"
|
dnl Ensure specified openssl binary works, eg it can
|
||||||
|
dnl find its runtime libraries, before trying to use.
|
||||||
|
if test -x "${withval}/bin/openssl" && \
|
||||||
|
"${withval}/bin/openssl" version >/dev/null 2>&1; then
|
||||||
|
openssl_bin_PATH="${withval}/bin${PATH_SEPARATOR}${PATH}"
|
||||||
|
elif test -x "${withval}/apps/openssl" && \
|
||||||
|
"${withval}/apps/openssl" version >/dev/null 2>&1; then
|
||||||
|
openssl_bin_PATH="${withval}/apps${PATH_SEPARATOR}${PATH}"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
%global ver 9.6p1
|
%global ver 9.7p1
|
||||||
%global rel 1%{?dist}
|
%global rel 1%{?dist}
|
||||||
|
|
||||||
# OpenSSH privilege separation requires a user & group ID
|
# OpenSSH privilege separation requires a user & group ID
|
||||||
|
|
|
@ -13,7 +13,7 @@
|
||||||
|
|
||||||
Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
|
Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
|
||||||
Name: openssh
|
Name: openssh
|
||||||
Version: 9.6p1
|
Version: 9.7p1
|
||||||
URL: https://www.openssh.com/
|
URL: https://www.openssh.com/
|
||||||
Release: 1
|
Release: 1
|
||||||
Source0: openssh-%{version}.tar.gz
|
Source0: openssh-%{version}.tar.gz
|
||||||
|
|
|
@ -156,31 +156,40 @@ TEST_SSH_SSHKEYGEN?=ssh-keygen
|
||||||
CPPFLAGS=-I..
|
CPPFLAGS=-I..
|
||||||
|
|
||||||
t1:
|
t1:
|
||||||
${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/rsa_ssh2.prv | diff - ${.CURDIR}/rsa_openssh.prv
|
set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-rsa" ; then \
|
||||||
tr '\n' '\r' <${.CURDIR}/rsa_ssh2.prv > ${.OBJDIR}/rsa_ssh2_cr.prv
|
${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/rsa_ssh2.prv | diff - ${.CURDIR}/rsa_openssh.prv ; \
|
||||||
${TEST_SSH_SSHKEYGEN} -if ${.OBJDIR}/rsa_ssh2_cr.prv | diff - ${.CURDIR}/rsa_openssh.prv
|
tr '\n' '\r' <${.CURDIR}/rsa_ssh2.prv > ${.OBJDIR}/rsa_ssh2_cr.prv ; \
|
||||||
awk '{print $$0 "\r"}' ${.CURDIR}/rsa_ssh2.prv > ${.OBJDIR}/rsa_ssh2_crnl.prv
|
${TEST_SSH_SSHKEYGEN} -if ${.OBJDIR}/rsa_ssh2_cr.prv | diff - ${.CURDIR}/rsa_openssh.prv ; \
|
||||||
${TEST_SSH_SSHKEYGEN} -if ${.OBJDIR}/rsa_ssh2_crnl.prv | diff - ${.CURDIR}/rsa_openssh.prv
|
awk '{print $$0 "\r"}' ${.CURDIR}/rsa_ssh2.prv > ${.OBJDIR}/rsa_ssh2_crnl.prv ; \
|
||||||
|
${TEST_SSH_SSHKEYGEN} -if ${.OBJDIR}/rsa_ssh2_crnl.prv | diff - ${.CURDIR}/rsa_openssh.prv ; \
|
||||||
|
fi
|
||||||
|
|
||||||
t2:
|
t2:
|
||||||
cat ${.CURDIR}/rsa_openssh.prv > $(OBJ)/t2.out
|
set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-rsa" ; then \
|
||||||
chmod 600 $(OBJ)/t2.out
|
cat ${.CURDIR}/rsa_openssh.prv > $(OBJ)/t2.out ; \
|
||||||
${TEST_SSH_SSHKEYGEN} -yf $(OBJ)/t2.out | diff - ${.CURDIR}/rsa_openssh.pub
|
chmod 600 $(OBJ)/t2.out ; \
|
||||||
|
${TEST_SSH_SSHKEYGEN} -yf $(OBJ)/t2.out | diff - ${.CURDIR}/rsa_openssh.pub ; \
|
||||||
|
fi
|
||||||
|
|
||||||
t3:
|
t3:
|
||||||
${TEST_SSH_SSHKEYGEN} -ef ${.CURDIR}/rsa_openssh.pub >$(OBJ)/t3.out
|
set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-rsa" ; then \
|
||||||
${TEST_SSH_SSHKEYGEN} -if $(OBJ)/t3.out | diff - ${.CURDIR}/rsa_openssh.pub
|
${TEST_SSH_SSHKEYGEN} -ef ${.CURDIR}/rsa_openssh.pub >$(OBJ)/t3.out ; \
|
||||||
|
${TEST_SSH_SSHKEYGEN} -if $(OBJ)/t3.out | diff - ${.CURDIR}/rsa_openssh.pub ; \
|
||||||
|
fi
|
||||||
|
|
||||||
t4:
|
t4:
|
||||||
${TEST_SSH_SSHKEYGEN} -E md5 -lf ${.CURDIR}/rsa_openssh.pub |\
|
set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-rsa" ; then \
|
||||||
awk '{print $$2}' | diff - ${.CURDIR}/t4.ok
|
${TEST_SSH_SSHKEYGEN} -E md5 -lf ${.CURDIR}/rsa_openssh.pub |\
|
||||||
|
awk '{print $$2}' | diff - ${.CURDIR}/t4.ok ; \
|
||||||
|
fi
|
||||||
|
|
||||||
t5:
|
t5:
|
||||||
${TEST_SSH_SSHKEYGEN} -Bf ${.CURDIR}/rsa_openssh.pub |\
|
set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-rsa" ; then \
|
||||||
awk '{print $$2}' | diff - ${.CURDIR}/t5.ok
|
${TEST_SSH_SSHKEYGEN} -Bf ${.CURDIR}/rsa_openssh.pub |\
|
||||||
|
awk '{print $$2}' | diff - ${.CURDIR}/t5.ok ; \
|
||||||
|
fi
|
||||||
t6:
|
t6:
|
||||||
set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q ^ssh-dss ; then \
|
set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-dss" ; then \
|
||||||
${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/dsa_ssh2.prv > $(OBJ)/t6.out1 ; \
|
${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/dsa_ssh2.prv > $(OBJ)/t6.out1 ; \
|
||||||
${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/dsa_ssh2.pub > $(OBJ)/t6.out2 ; \
|
${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/dsa_ssh2.pub > $(OBJ)/t6.out2 ; \
|
||||||
chmod 600 $(OBJ)/t6.out1 ; \
|
chmod 600 $(OBJ)/t6.out1 ; \
|
||||||
|
@ -188,19 +197,23 @@ t6:
|
||||||
fi
|
fi
|
||||||
|
|
||||||
$(OBJ)/t7.out:
|
$(OBJ)/t7.out:
|
||||||
${TEST_SSH_SSHKEYGEN} -q -t rsa -N '' -f $@
|
set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-dss" ; then \
|
||||||
|
${TEST_SSH_SSHKEYGEN} -q -t rsa -N '' -f $@ ; \
|
||||||
|
fi
|
||||||
|
|
||||||
t7: $(OBJ)/t7.out
|
t7: $(OBJ)/t7.out
|
||||||
${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t7.out > /dev/null
|
set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-dss" ; then \
|
||||||
${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t7.out > /dev/null
|
${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t7.out > /dev/null ; \
|
||||||
|
${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t7.out > /dev/null ; \
|
||||||
|
fi
|
||||||
|
|
||||||
$(OBJ)/t8.out:
|
$(OBJ)/t8.out:
|
||||||
set -xe ; if ssh -Q key | grep -q ^ssh-dss ; then \
|
set -xe ; if ssh -Q key | grep -q "^ssh-dss" ; then \
|
||||||
${TEST_SSH_SSHKEYGEN} -q -t dsa -N '' -f $@ ; \
|
${TEST_SSH_SSHKEYGEN} -q -t dsa -N '' -f $@ ; \
|
||||||
fi
|
fi
|
||||||
|
|
||||||
t8: $(OBJ)/t8.out
|
t8: $(OBJ)/t8.out
|
||||||
set -xe ; if ssh -Q key | grep -q ^ssh-dss ; then \
|
set -xe ; if ssh -Q key | grep -q "^ssh-dss" ; then \
|
||||||
${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t8.out > /dev/null ; \
|
${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t8.out > /dev/null ; \
|
||||||
${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t8.out > /dev/null ; \
|
${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t8.out > /dev/null ; \
|
||||||
fi
|
fi
|
||||||
|
@ -224,8 +237,10 @@ t10: $(OBJ)/t10.out
|
||||||
${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t10.out > /dev/null
|
${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t10.out > /dev/null
|
||||||
|
|
||||||
t11:
|
t11:
|
||||||
${TEST_SSH_SSHKEYGEN} -E sha256 -lf ${.CURDIR}/rsa_openssh.pub |\
|
set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-dss" ; then \
|
||||||
awk '{print $$2}' | diff - ${.CURDIR}/t11.ok
|
${TEST_SSH_SSHKEYGEN} -E sha256 -lf ${.CURDIR}/rsa_openssh.pub |\
|
||||||
|
awk '{print $$2}' | diff - ${.CURDIR}/t11.ok ; \
|
||||||
|
fi
|
||||||
|
|
||||||
$(OBJ)/t12.out:
|
$(OBJ)/t12.out:
|
||||||
${TEST_SSH_SSHKEYGEN} -q -t ed25519 -N '' -C 'test-comment-1234' -f $@
|
${TEST_SSH_SSHKEYGEN} -q -t ed25519 -N '' -C 'test-comment-1234' -f $@
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# $OpenBSD: dynamic-forward.sh,v 1.15 2023/01/06 08:50:33 dtucker Exp $
|
# $OpenBSD: dynamic-forward.sh,v 1.17 2024/03/08 11:34:10 dtucker Exp $
|
||||||
# Placed in the Public Domain.
|
# Placed in the Public Domain.
|
||||||
|
|
||||||
tid="dynamic forwarding"
|
tid="dynamic forwarding"
|
||||||
|
@ -26,6 +26,7 @@ start_ssh() {
|
||||||
arg="$2"
|
arg="$2"
|
||||||
n=0
|
n=0
|
||||||
error="1"
|
error="1"
|
||||||
|
# Use a multiplexed ssh so we can control its lifecycle.
|
||||||
trace "start dynamic -$direction forwarding, fork to background"
|
trace "start dynamic -$direction forwarding, fork to background"
|
||||||
(cat $OBJ/ssh_config.orig ; echo "$arg") > $OBJ/ssh_config
|
(cat $OBJ/ssh_config.orig ; echo "$arg") > $OBJ/ssh_config
|
||||||
${REAL_SSH} -vvvnNfF $OBJ/ssh_config -E$TEST_SSH_LOGFILE \
|
${REAL_SSH} -vvvnNfF $OBJ/ssh_config -E$TEST_SSH_LOGFILE \
|
||||||
|
@ -62,9 +63,9 @@ check_socks() {
|
||||||
for s in 4 5; do
|
for s in 4 5; do
|
||||||
for h in 127.0.0.1 localhost; do
|
for h in 127.0.0.1 localhost; do
|
||||||
trace "testing ssh socks version $s host $h (-$direction)"
|
trace "testing ssh socks version $s host $h (-$direction)"
|
||||||
${REAL_SSH} -q -F $OBJ/ssh_config \
|
${REAL_SSH} -q -F $OBJ/ssh_config -o \
|
||||||
-o "ProxyCommand ${proxycmd}${s} $h $PORT 2>/dev/null" \
|
"ProxyCommand ${TEST_SHELL} -c '${proxycmd}${s} $h $PORT 2>/dev/null'" \
|
||||||
somehost cat ${DATA} > ${COPY}
|
somehost cat ${DATA} > ${COPY}
|
||||||
r=$?
|
r=$?
|
||||||
if [ "x$expect_success" = "xY" ] ; then
|
if [ "x$expect_success" = "xY" ] ; then
|
||||||
if [ $r -ne 0 ] ; then
|
if [ $r -ne 0 ] ; then
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# $OpenBSD: test-exec.sh,v 1.107 2024/02/19 09:25:52 dtucker Exp $
|
# $OpenBSD: test-exec.sh,v 1.108 2024/03/08 11:34:10 dtucker Exp $
|
||||||
# Placed in the Public Domain.
|
# Placed in the Public Domain.
|
||||||
|
|
||||||
#SUDO=sudo
|
#SUDO=sudo
|
||||||
|
@ -110,6 +110,9 @@ DBCLIENT=/usr/local/bin/dbclient
|
||||||
DROPBEARKEY=/usr/local/bin/dropbearkey
|
DROPBEARKEY=/usr/local/bin/dropbearkey
|
||||||
DROPBEARCONVERT=/usr/local/bin/dropbearconvert
|
DROPBEARCONVERT=/usr/local/bin/dropbearconvert
|
||||||
|
|
||||||
|
# So we can override this in Portable.
|
||||||
|
TEST_SHELL="${TEST_SHELL:-/bin/sh}"
|
||||||
|
|
||||||
# Tools used by multiple tests
|
# Tools used by multiple tests
|
||||||
NC=$OBJ/netcat
|
NC=$OBJ/netcat
|
||||||
# Always use the one configure tells us to, even if that's empty.
|
# Always use the one configure tells us to, even if that's empty.
|
||||||
|
|
46
ssh-agent.c
46
ssh-agent.c
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: ssh-agent.c,v 1.304 2023/12/18 15:58:56 djm Exp $ */
|
/* $OpenBSD: ssh-agent.c,v 1.306 2024/03/09 05:12:13 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -162,6 +162,8 @@ int max_fd = 0;
|
||||||
pid_t parent_pid = -1;
|
pid_t parent_pid = -1;
|
||||||
time_t parent_alive_interval = 0;
|
time_t parent_alive_interval = 0;
|
||||||
|
|
||||||
|
sig_atomic_t signalled = 0;
|
||||||
|
|
||||||
/* pid of process for which cleanup_socket is applicable */
|
/* pid of process for which cleanup_socket is applicable */
|
||||||
pid_t cleanup_pid = 0;
|
pid_t cleanup_pid = 0;
|
||||||
|
|
||||||
|
@ -250,6 +252,7 @@ free_dest_constraints(struct dest_constraint *dcs, size_t ndcs)
|
||||||
free(dcs);
|
free(dcs);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef ENABLE_PKCS11
|
||||||
static void
|
static void
|
||||||
dup_dest_constraint_hop(const struct dest_constraint_hop *dch,
|
dup_dest_constraint_hop(const struct dest_constraint_hop *dch,
|
||||||
struct dest_constraint_hop *out)
|
struct dest_constraint_hop *out)
|
||||||
|
@ -289,6 +292,7 @@ dup_dest_constraints(const struct dest_constraint *dcs, size_t ndcs)
|
||||||
}
|
}
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
#endif /* ENABLE_PKCS11 */
|
||||||
|
|
||||||
#ifdef DEBUG_CONSTRAINTS
|
#ifdef DEBUG_CONSTRAINTS
|
||||||
static void
|
static void
|
||||||
|
@ -1522,6 +1526,7 @@ no_identities(SocketEntry *e)
|
||||||
sshbuf_free(msg);
|
sshbuf_free(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef ENABLE_PKCS11
|
||||||
/* Add an identity to idlist; takes ownership of 'key' and 'comment' */
|
/* Add an identity to idlist; takes ownership of 'key' and 'comment' */
|
||||||
static void
|
static void
|
||||||
add_p11_identity(struct sshkey *key, char *comment, const char *provider,
|
add_p11_identity(struct sshkey *key, char *comment, const char *provider,
|
||||||
|
@ -1548,7 +1553,6 @@ add_p11_identity(struct sshkey *key, char *comment, const char *provider,
|
||||||
idtab->nentries++;
|
idtab->nentries++;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef ENABLE_PKCS11
|
|
||||||
static void
|
static void
|
||||||
process_add_smartcard_key(SocketEntry *e)
|
process_add_smartcard_key(SocketEntry *e)
|
||||||
{
|
{
|
||||||
|
@ -2060,7 +2064,7 @@ after_poll(struct pollfd *pfd, size_t npfd, u_int maxfds)
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
prepare_poll(struct pollfd **pfdp, size_t *npfdp, int *timeoutp, u_int maxfds)
|
prepare_poll(struct pollfd **pfdp, size_t *npfdp, struct timespec *timeoutp, u_int maxfds)
|
||||||
{
|
{
|
||||||
struct pollfd *pfd = *pfdp;
|
struct pollfd *pfd = *pfdp;
|
||||||
size_t i, j, npfd = 0;
|
size_t i, j, npfd = 0;
|
||||||
|
@ -2126,14 +2130,8 @@ prepare_poll(struct pollfd **pfdp, size_t *npfdp, int *timeoutp, u_int maxfds)
|
||||||
if (parent_alive_interval != 0)
|
if (parent_alive_interval != 0)
|
||||||
deadline = (deadline == 0) ? parent_alive_interval :
|
deadline = (deadline == 0) ? parent_alive_interval :
|
||||||
MINIMUM(deadline, parent_alive_interval);
|
MINIMUM(deadline, parent_alive_interval);
|
||||||
if (deadline == 0) {
|
if (deadline != 0)
|
||||||
*timeoutp = -1; /* INFTIM */
|
ptimeout_deadline_sec(timeoutp, deadline);
|
||||||
} else {
|
|
||||||
if (deadline > INT_MAX / 1000)
|
|
||||||
*timeoutp = INT_MAX / 1000;
|
|
||||||
else
|
|
||||||
*timeoutp = deadline * 1000;
|
|
||||||
}
|
|
||||||
return (1);
|
return (1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2153,17 +2151,16 @@ void
|
||||||
cleanup_exit(int i)
|
cleanup_exit(int i)
|
||||||
{
|
{
|
||||||
cleanup_socket();
|
cleanup_socket();
|
||||||
|
#ifdef ENABLE_PKCS11
|
||||||
|
pkcs11_terminate();
|
||||||
|
#endif
|
||||||
_exit(i);
|
_exit(i);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
cleanup_handler(int sig)
|
cleanup_handler(int sig)
|
||||||
{
|
{
|
||||||
cleanup_socket();
|
signalled = sig;
|
||||||
#ifdef ENABLE_PKCS11
|
|
||||||
pkcs11_terminate();
|
|
||||||
#endif
|
|
||||||
_exit(2);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
|
@ -2207,10 +2204,11 @@ main(int ac, char **av)
|
||||||
char pidstrbuf[1 + 3 * sizeof pid];
|
char pidstrbuf[1 + 3 * sizeof pid];
|
||||||
size_t len;
|
size_t len;
|
||||||
mode_t prev_mask;
|
mode_t prev_mask;
|
||||||
int timeout = -1; /* INFTIM */
|
struct timespec timeout;
|
||||||
struct pollfd *pfd = NULL;
|
struct pollfd *pfd = NULL;
|
||||||
size_t npfd = 0;
|
size_t npfd = 0;
|
||||||
u_int maxfds;
|
u_int maxfds;
|
||||||
|
sigset_t nsigset, osigset;
|
||||||
|
|
||||||
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
|
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
|
||||||
sanitise_stdfd();
|
sanitise_stdfd();
|
||||||
|
@ -2446,13 +2444,25 @@ skip:
|
||||||
ssh_signal(SIGHUP, cleanup_handler);
|
ssh_signal(SIGHUP, cleanup_handler);
|
||||||
ssh_signal(SIGTERM, cleanup_handler);
|
ssh_signal(SIGTERM, cleanup_handler);
|
||||||
|
|
||||||
|
sigemptyset(&nsigset);
|
||||||
|
sigaddset(&nsigset, SIGINT);
|
||||||
|
sigaddset(&nsigset, SIGHUP);
|
||||||
|
sigaddset(&nsigset, SIGTERM);
|
||||||
|
|
||||||
if (pledge("stdio rpath cpath unix id proc exec", NULL) == -1)
|
if (pledge("stdio rpath cpath unix id proc exec", NULL) == -1)
|
||||||
fatal("%s: pledge: %s", __progname, strerror(errno));
|
fatal("%s: pledge: %s", __progname, strerror(errno));
|
||||||
platform_pledge_agent();
|
platform_pledge_agent();
|
||||||
|
|
||||||
while (1) {
|
while (1) {
|
||||||
|
sigprocmask(SIG_BLOCK, &nsigset, &osigset);
|
||||||
|
if (signalled != 0) {
|
||||||
|
logit("exiting on signal %d", (int)signalled);
|
||||||
|
cleanup_exit(2);
|
||||||
|
}
|
||||||
|
ptimeout_init(&timeout);
|
||||||
prepare_poll(&pfd, &npfd, &timeout, maxfds);
|
prepare_poll(&pfd, &npfd, &timeout, maxfds);
|
||||||
result = poll(pfd, npfd, timeout);
|
result = ppoll(pfd, npfd, ptimeout_get_tsp(&timeout), &osigset);
|
||||||
|
sigprocmask(SIG_SETMASK, &osigset, NULL);
|
||||||
saved_errno = errno;
|
saved_errno = errno;
|
||||||
if (parent_alive_interval != 0)
|
if (parent_alive_interval != 0)
|
||||||
check_parent_exists();
|
check_parent_exists();
|
||||||
|
|
4
sshsig.c
4
sshsig.c
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: sshsig.c,v 1.34 2023/12/08 09:18:39 markus Exp $ */
|
/* $OpenBSD: sshsig.c,v 1.35 2024/03/08 22:16:32 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2019 Google LLC
|
* Copyright (c) 2019 Google LLC
|
||||||
*
|
*
|
||||||
|
@ -779,7 +779,7 @@ parse_principals_key_and_options(const char *path, u_long linenum, char *line,
|
||||||
*keyp = NULL;
|
*keyp = NULL;
|
||||||
|
|
||||||
cp = line;
|
cp = line;
|
||||||
cp = cp + strspn(cp, " \t"); /* skip leading whitespace */
|
cp = cp + strspn(cp, " \t\n\r"); /* skip leading whitespace */
|
||||||
if (*cp == '#' || *cp == '\0')
|
if (*cp == '#' || *cp == '\0')
|
||||||
return SSH_ERR_KEY_NOT_FOUND; /* blank or all-comment line */
|
return SSH_ERR_KEY_NOT_FOUND; /* blank or all-comment line */
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
/* $OpenBSD: version.h,v 1.100 2023/12/18 14:48:44 djm Exp $ */
|
/* $OpenBSD: version.h,v 1.101 2024/03/11 04:59:47 djm Exp $ */
|
||||||
|
|
||||||
#define SSH_VERSION "OpenSSH_for_Windows_9.6"
|
#define SSH_VERSION "OpenSSH_for_Windows_9.7"
|
||||||
|
|
||||||
#define SSH_PORTABLE "p1"
|
#define SSH_PORTABLE "p1"
|
||||||
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
|
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
|
||||||
|
|
Loading…
Reference in New Issue