request they do not follow symlinks. Requires recently-committed
lsetstat@openssh.com extension on the server side.
ok markus@ dtucker@
OpenBSD-Commit-ID: f93bb3f6f7eb2fb7ef1e59126e72714f1626d604
Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually
supports it.
Move all libcrypto initialisation to a single function, and call that
from seed_rng() that is called early in each tool's main().
Prompted by patch from Rosen Penev
failing. The sftp program terminated with the wrong exit code as sftp called
fatal() instad of exit(0). So when the sigchld handler waits for the child,
remember that it was found. Then don't expect that main() can wait again. OK
dtucker@
OpenBSD-Commit-ID: bfafd940c0de5297940c71ddf362053db0232266
allow "cd" and "lcd" commands with no explicit path
argument. lcd will change to the local user's home directory as usual. cd
will change to the starting directory for session (because the protocol
offers no way to obtain the remote user's home directory). bz#2760 ok
dtucker@
OpenBSD-Commit-ID: 15333f5087cee8c1ed1330cac1bd0a3e6a767393
Add URI support to ssh, sftp and scp. For example
ssh://user@host or sftp://user@host/path. The connection parameters
described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since
the ssh fingerprint format in the draft uses md5 with no way to specify the
hash function type. OK djm@
Upstream-ID: 4ba3768b662d6722de59e6ecb00abf2d4bf9cacc
Include replacement timespeccmp() for systems that lack it.
Support time_t struct stat->st_mtime in addition to
timespec stat->st_mtim, as well as unsorted fallback.
fix division by zero crash in "df" output when server
returns zero total filesystem blocks/inodes. Spotted by Guido Vranken; ok
dtucker@
Upstream-ID: 6fb6c2ae6b289aa07b6232dbc0be54682ef5419f
Turkish locales are unique in their handling of the letters 'i' and
'I' (yes, they are different letters) and OpenSSH isn't remotely
prepared to deal with that. For now, the best we can do is to force
OpenSSH to use the C/POSIX locale and try to preserve the UTF-8
encoding if possible.
ok dtucker@
Install a signal handler for tty-generated signals and
wait for the ssh child to suspend before suspending sftp. This lets ssh
restore the terminal mode as needed when it is suspended at the password
prompt. OK dtucker@
Upstream-ID: a31c1f42aa3e2985dcc91e46e6a17bd22e372d69
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then
use those definitions rather than pulling <sys/param.h> and unknown namespace
pollution. ok djm markus dtucker
Upstream-ID: 712cafa816c9f012a61628b66b9fbd5687223fb8
To prevent screwing up terminal settings when printing to
the terminal, for ASCII and UTF-8, escape bytes not forming characters and
bytes forming non-printable characters with vis(3) VIS_OCTAL. For other
character sets, abort printing of the current string in these cases. In
particular, * let scp(1) respect the local user's LC_CTYPE locale(1); *
sanitize data received from the remote host; * sanitize filenames, usernames,
and similar data even locally; * take character display widths into account
for the progressmeter.
This is believed to be sufficient to keep the local terminal safe
on OpenBSD, but bad things can still happen on other systems with
state-dependent locales because many places in the code print
unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@,
various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
Upstream-ID: e66afbc94ee396ddcaffd433b9a3b80f387647e0
Add a function to enable security-related malloc_options.
With and ok deraadt@, something similar has been in the snaps for a while.
Upstream-ID: 43a95523b832b7f3b943d2908662191110c380ed
[sftp.c]
Don't attempt to append a nul quote char to the filename. Should prevent
fatal'ing with "el_insertstr failed" when there's a single quote char
somewhere in the string. bz#2238, ok markus@
[PROTOCOL sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c]
fsync@openssh.com protocol extension for sftp-server
client support to allow calling fsync() faster successful transfer
patch mostly by imorgan AT nas.nasa.gov; bz#1798
"fine" markus@ "grumble OK" deraadt@ "doesn't sound bad to me" millert@
[sftp-client.c sftp-client.h sftp.c]
add a "-l" flag for the rename command to force it to use the silly
standard SSH_FXP_RENAME command instead of the POSIX-rename- like
posix-rename@openssh.com extension.
intended for use in regress tests, so no documentation.
[sftp-client.c sftp-client.h sftp.1 sftp.c]
sftp support for resuming partial downloads; patch mostly by Loganaden
Velvindron/AfriNIC with some tweaks by me; feedback and ok dtucker@
[sftp.c]
Make sftp's libedit interface marginally multibyte aware by building up
the quoted string by character instead of by byte. Prevents failures
when linked against a libedit built with wide character support (bz#1990).
"looks ok" djm
tb@openbsd.org
djm@openbsd.org
Damien Miller
dtucker@openbsd.org
bluhm@openbsd.org
djm@openbsd.org@openbsd.org
millert@openbsd.org
deraadt@openbsd.org
schwarze@openbsd.org
Darren Tucker