basename(3) and prevent a use-after-free in that case in the new sftp-compat
code.
POSIX allows basename(3) to either return a pointer to static storage
or modify the passed string and return a pointer to that. OpenBSD does
the former and works as is, but on other platforms "filename" points
into "tmp" which was just freed. This makes the freeing of tmp
consistent with the other variable in the loop.
Pinpointed by the -portable Valgrind regress test. ok djm@ deraadt@
OpenBSD-Commit-ID: 750f3c19bd4440e4210e30dd5d7367386e833374
scp, via a new "-M sftp" option. Marked as experimental for now.
Some corner-cases exist, in particular there is no attempt to
provide bug-compatibility with scp's weird "double shell" quoting
rules.
Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@
Thanks jmc@ for improving the scp.1 bits.
OpenBSD-Commit-ID: 6ce4c9157ff17b650ace571c9f7793d92874051c
helgefjell de
removed references to rlogin etc. as no longer relevant;
suggested by djm
ok djm dtucker
OpenBSD-Commit-ID: 3c431c303068d3aec5bb18573a0bd5e0cd77c5ae
openssl binary with OPENSSL_BIN. This will allow us to use the OPENSSL
variable from mk.conf or the make(1) command line indicating if we're
building with our without OpenSSL, and ultimately get the regress tests
working in the OPENSSL=no configuration.
OpenBSD-Regress-ID: 2d788fade3264d7803e5b54cae8875963f688c4e
without OpenSSL since those are not available, similar to what we currently
do with the moduli screening options. We can also use this to skip the
conversion regression tests in this case.
OpenBSD-Commit-ID: 3c82caa398cf99cd4518c23bba5a2fc66b16bafe
the config file to do the same thing as -n does on the ssh(1) commandline.
Patch from Volker Diels-Grabsch via GHPR231; ok dtucker
OpenBSD-Commit-ID: 66ddf3f15c76796d4dcd22ff464aed1edd62468e
first-match-wins and more strictly limit their maximum number; prompted by
OOM reported by OSS-fuzz (35470).
feedback and ok dtucker@
OpenBSD-Commit-ID: 01f63fc10dcd995e7aed9c378ad879161af83121
signatures support key lifetimes, and allow the verification mode to specify
a signature time to check at. This is intended for use by git to support
signing objects using ssh keys. ok dtucker@
OpenBSD-Commit-ID: 3e2c67b7dcd94f0610194d1e8e4907829a40cf31
name and hostkey type match instead of only one. While there, simplify the
code somewhat and add some debugging. Based on discussion in bz#3322, ok
djm@.
OpenBSD-Commit-ID: 0a6a0a476eb7f9dfe8fe2c05a1a395e3e9b22ee4
requires some external setup to operate so is disabled by default (see
comments in sshfp-connect.sh).
OpenBSD-Regress-ID: c52c461bd1df3a803d17498917d156ef64512fd9
client and server mainloops.
Previously the rekey timeout could expire but rekeying would not start
until a packet was sent or received. This could cause us to spin in
select() on the rekey timeout if the connection was quiet.
ok markus@
OpenBSD-Commit-ID: 4356cf50d7900f3df0a8f2117d9e07c91b9ff987
djm@openbsd.org
dtucker@openbsd.org
Damien Miller
Darren Tucker
anton@openbsd.org
jmc@openbsd.org