From 10577c6d96a55b877a960b2d0b75edef1b9945af Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 17 Feb 2017 02:04:15 +0000 Subject: upstream commit For ProxyJump/-J, surround host name with brackets to allow literal IPv6 addresses. From Dick Visser; ok dtucker@ Upstream-ID: 3a5d3b0171250daf6a5235e91bce09c1d5746bf1 --- ssh.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'ssh.c') diff --git a/ssh.c b/ssh.c index ee0b16dc2..0b34edffa 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.448 2016/12/06 07:48:01 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.449 2017/02/17 02:04:15 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1103,7 +1103,7 @@ main(int ac, char **av) options.proxy_use_fdpass = 0; snprintf(port_s, sizeof(port_s), "%d", options.jump_port); xasprintf(&options.proxy_command, - "ssh%s%s%s%s%s%s%s%s%s%.*s -W %%h:%%p %s", + "ssh%s%s%s%s%s%s%s%s%s%.*s -W [%%h]:%%p %s", /* Optional "-l user" argument if jump_user set */ options.jump_user == NULL ? "" : " -l ", options.jump_user == NULL ? "" : options.jump_user, -- cgit v1.2.3 From 8fb15311a011517eb2394bb95a467c209b8b336c Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Wed, 8 Mar 2017 12:07:47 +0000 Subject: upstream commit quote [host]:port in generated ProxyJump commandline; the [ / ] characters can confuse some shells (e.g. zsh). Reported by Lauri Tirkkonen via bugs@ Upstream-ID: 65cdd161460e1351c3d778e974c1c2a4fa4bc182 --- ssh.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'ssh.c') diff --git a/ssh.c b/ssh.c index 0b34edffa..1e222b384 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.449 2017/02/17 02:04:15 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.450 2017/03/08 12:07:47 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1103,7 +1103,7 @@ main(int ac, char **av) options.proxy_use_fdpass = 0; snprintf(port_s, sizeof(port_s), "%d", options.jump_port); xasprintf(&options.proxy_command, - "ssh%s%s%s%s%s%s%s%s%s%.*s -W [%%h]:%%p %s", + "ssh%s%s%s%s%s%s%s%s%s%.*s -W '[%%h]:%%p' %s", /* Optional "-l user" argument if jump_user set */ options.jump_user == NULL ? "" : " -l ", options.jump_user == NULL ? "" : options.jump_user, -- cgit v1.2.3 From 183ba55aaaecca0206184b854ad6155df237adbe Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 10 Mar 2017 04:07:20 +0000 Subject: upstream commit fix regression in 7.4 server-sig-algs, where we were accidentally excluding SHA2 RSA signature methods. bz#2680, patch from Nuno Goncalves; ok dtucker@ Upstream-ID: 81ac8bfb30960447740b9b8f6a214dcf322f12e8 --- kex.c | 4 ++-- ssh.c | 8 ++++---- sshkey.c | 8 +++++--- sshkey.h | 4 ++-- 4 files changed, 13 insertions(+), 11 deletions(-) (limited to 'ssh.c') diff --git a/kex.c b/kex.c index 5b42518d3..8ac00299c 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.129 2017/03/10 03:45:40 dtucker Exp $ */ +/* $OpenBSD: kex.c,v 1.130 2017/03/10 04:07:20 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -350,7 +350,7 @@ kex_send_ext_info(struct ssh *ssh) int r; char *algs; - if ((algs = sshkey_alg_list(0, 1, ',')) == NULL) + if ((algs = sshkey_alg_list(0, 1, 1, ',')) == NULL) return SSH_ERR_ALLOC_FAIL; if ((r = sshpkt_start(ssh, SSH2_MSG_EXT_INFO)) != 0 || (r = sshpkt_put_u32(ssh, 1)) != 0 || diff --git a/ssh.c b/ssh.c index 1e222b384..32b27bbc2 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.450 2017/03/08 12:07:47 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.451 2017/03/10 04:07:20 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -684,11 +684,11 @@ main(int ac, char **av) else if (strcmp(optarg, "kex") == 0) cp = kex_alg_list('\n'); else if (strcmp(optarg, "key") == 0) - cp = sshkey_alg_list(0, 0, '\n'); + cp = sshkey_alg_list(0, 0, 0, '\n'); else if (strcmp(optarg, "key-cert") == 0) - cp = sshkey_alg_list(1, 0, '\n'); + cp = sshkey_alg_list(1, 0, 0, '\n'); else if (strcmp(optarg, "key-plain") == 0) - cp = sshkey_alg_list(0, 1, '\n'); + cp = sshkey_alg_list(0, 1, 0, '\n'); else if (strcmp(optarg, "protocol-version") == 0) { #ifdef WITH_SSH1 cp = xstrdup("1\n2"); diff --git a/sshkey.c b/sshkey.c index 06e11c6c6..53a7674b5 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.44 2017/03/10 03:48:57 dtucker Exp $ */ +/* $OpenBSD: sshkey.c,v 1.45 2017/03/10 04:07:20 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -197,14 +197,16 @@ sshkey_ecdsa_nid_from_name(const char *name) } char * -sshkey_alg_list(int certs_only, int plain_only, char sep) +sshkey_alg_list(int certs_only, int plain_only, int include_sigonly, char sep) { char *tmp, *ret = NULL; size_t nlen, rlen = 0; const struct keytype *kt; for (kt = keytypes; kt->type != -1; kt++) { - if (kt->name == NULL || kt->sigonly) + if (kt->name == NULL) + continue; + if (!include_sigonly && kt->sigonly) continue; if ((certs_only && !kt->cert) || (plain_only && kt->cert)) continue; diff --git a/sshkey.h b/sshkey.h index f39363842..1b9e42f45 100644 --- a/sshkey.h +++ b/sshkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.14 2016/09/12 23:31:27 djm Exp $ */ +/* $OpenBSD: sshkey.h,v 1.15 2017/03/10 04:07:20 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -156,7 +156,7 @@ int sshkey_ec_validate_private(const EC_KEY *); const char *sshkey_ssh_name(const struct sshkey *); const char *sshkey_ssh_name_plain(const struct sshkey *); int sshkey_names_valid2(const char *, int); -char *sshkey_alg_list(int, int, char); +char *sshkey_alg_list(int, int, int, char); int sshkey_from_blob(const u_char *, size_t, struct sshkey **); int sshkey_fromb(struct sshbuf *, struct sshkey **); -- cgit v1.2.3