Module Name: src
Committed By: christos
Date: Fri Apr 15 14:00:07 UTC 2022
Modified Files:
src/crypto/external/bsd/openssh/dist: PROTOCOL auth-rhosts.c
auth2-pubkey.c channels.c channels.h misc.c monitor.c myproposal.h
scp.1 scp.c servconf.c servconf.h sftp-client.c sftp-client.h
sftp-glob.c sftp-server.c sftp.1 sftp.c ssh-agent.1 ssh-keygen.c
ssh-keysign.8 ssh.1 ssh.c ssh_config.5 sshd.8 sshd.c sshd_config.5
sshsig.c version.h xmalloc.c
Log Message:
merge conflicts between OpenSSH-8.9 and OpenSSH-9.0
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 src/crypto/external/bsd/openssh/dist/PROTOCOL
cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/auth-rhosts.c
cvs rdiff -u -r1.30 -r1.31 \
src/crypto/external/bsd/openssh/dist/auth2-pubkey.c \
src/crypto/external/bsd/openssh/dist/misc.c \
src/crypto/external/bsd/openssh/dist/sftp-client.c
cvs rdiff -u -r1.35 -r1.36 src/crypto/external/bsd/openssh/dist/channels.c
cvs rdiff -u -r1.21 -r1.22 src/crypto/external/bsd/openssh/dist/channels.h
cvs rdiff -u -r1.39 -r1.40 src/crypto/external/bsd/openssh/dist/monitor.c \
src/crypto/external/bsd/openssh/dist/servconf.c \
src/crypto/external/bsd/openssh/dist/ssh.c \
src/crypto/external/bsd/openssh/dist/version.h
cvs rdiff -u -r1.23 -r1.24 src/crypto/external/bsd/openssh/dist/myproposal.h
cvs rdiff -u -r1.26 -r1.27 src/crypto/external/bsd/openssh/dist/scp.1 \
src/crypto/external/bsd/openssh/dist/servconf.h \
src/crypto/external/bsd/openssh/dist/sftp-server.c \
src/crypto/external/bsd/openssh/dist/sshd.8
cvs rdiff -u -r1.34 -r1.35 src/crypto/external/bsd/openssh/dist/scp.c \
src/crypto/external/bsd/openssh/dist/sftp.c
cvs rdiff -u -r1.15 -r1.16 src/crypto/external/bsd/openssh/dist/sftp-client.h
cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/sftp-glob.c \
src/crypto/external/bsd/openssh/dist/xmalloc.c
cvs rdiff -u -r1.25 -r1.26 src/crypto/external/bsd/openssh/dist/sftp.1
cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssh/dist/ssh-agent.1
cvs rdiff -u -r1.42 -r1.43 src/crypto/external/bsd/openssh/dist/ssh-keygen.c
cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssh/dist/ssh-keysign.8
cvs rdiff -u -r1.32 -r1.33 src/crypto/external/bsd/openssh/dist/ssh.1
cvs rdiff -u -r1.33 -r1.34 src/crypto/external/bsd/openssh/dist/ssh_config.5
cvs rdiff -u -r1.45 -r1.46 src/crypto/external/bsd/openssh/dist/sshd.c
cvs rdiff -u -r1.37 -r1.38 src/crypto/external/bsd/openssh/dist/sshd_config.5
cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/openssh/dist/sshsig.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/openssh/dist/PROTOCOL
diff -u src/crypto/external/bsd/openssh/dist/PROTOCOL:1.18 src/crypto/external/bsd/openssh/dist/PROTOCOL:1.19
--- src/crypto/external/bsd/openssh/dist/PROTOCOL:1.18 Wed Feb 23 14:07:20 2022
+++ src/crypto/external/bsd/openssh/dist/PROTOCOL Fri Apr 15 10:00:06 2022
@@ -492,7 +492,7 @@ This request asks the server to call fsy
string "fs...@openssh.com"
string handle
-One receiving this request, a server will call fsync(handle_fd) and will
+On receiving this request, a server will call fsync(handle_fd) and will
respond with a SSH_FXP_STATUS message.
This extension is advertised in the SSH_FXP_VERSION hello with version
@@ -576,6 +576,43 @@ Its reply is the same format as that of
This extension is advertised in the SSH_FXP_VERSION hello with version
"1".
+4.10. sftp: Extension request "copy-data"
+
+This request asks the server to copy data from one open file handle and
+write it to a different open file handle. This avoids needing to transfer
+the data across the network twice (a download followed by an upload).
+
+ byte SSH_FXP_EXTENDED
+ uint32 id
+ string "copy-data"
+ string read-from-handle
+ uint64 read-from-offset
+ uint64 read-data-length
+ string write-to-handle
+ uint64 write-to-offset
+
+The server will copy read-data-length bytes starting from
+read-from-offset from the read-from-handle and write them to
+write-to-handle starting from write-to-offset, and then respond with a
+SSH_FXP_STATUS message.
+
+It's equivalent to issuing a series of SSH_FXP_READ requests on
+read-from-handle and a series of requests of SSH_FXP_WRITE on
+write-to-handle.
+
+If read-from-handle and write-to-handle are the same, the server will
+fail the request and respond with a SSH_FX_INVALID_PARAMETER message.
+
+If read-data-length is 0, then the server will read data from the
+read-from-handle until EOF is reached.
+
+This extension is advertised in the SSH_FXP_VERSION hello with version
+"1".
+
+This request is identical to the "copy-data" request documented in:
+
+https://tools.ietf.org/html/draft-ietf-secsh-filexfer-extensions-00#section-7
+
5. Miscellaneous changes
5.1 Public key format
@@ -612,5 +649,5 @@ master instance and later clients.
OpenSSH extends the usual agent protocol. These changes are documented
in the PROTOCOL.agent file.
-$OpenBSD: PROTOCOL,v 1.43 2021/12/19 22:15:42 djm Exp $
-$NetBSD: PROTOCOL,v 1.18 2022/02/23 19:07:20 christos Exp $
+$OpenBSD: PROTOCOL,v 1.44 2022/03/31 03:05:49 djm Exp $
+$NetBSD: PROTOCOL,v 1.19 2022/04/15 14:00:06 christos Exp $
Index: src/crypto/external/bsd/openssh/dist/auth-rhosts.c
diff -u src/crypto/external/bsd/openssh/dist/auth-rhosts.c:1.14 src/crypto/external/bsd/openssh/dist/auth-rhosts.c:1.15
--- src/crypto/external/bsd/openssh/dist/auth-rhosts.c:1.14 Wed Feb 23 14:07:20 2022
+++ src/crypto/external/bsd/openssh/dist/auth-rhosts.c Fri Apr 15 10:00:06 2022
@@ -1,5 +1,5 @@
-/* $NetBSD: auth-rhosts.c,v 1.14 2022/02/23 19:07:20 christos Exp $ */
-/* $OpenBSD: auth-rhosts.c,v 1.55 2022/02/23 11:15:57 djm Exp $ */
+/* $NetBSD: auth-rhosts.c,v 1.15 2022/04/15 14:00:06 christos Exp $ */
+/* $OpenBSD: auth-rhosts.c,v 1.56 2022/02/23 21:21:49 djm Exp $ */
/*
* Author: Tatu Ylonen <y...@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <y...@cs.hut.fi>, Espoo, Finland
@@ -16,7 +16,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: auth-rhosts.c,v 1.14 2022/02/23 19:07:20 christos Exp $");
+__RCSID("$NetBSD: auth-rhosts.c,v 1.15 2022/04/15 14:00:06 christos Exp $");
#include <sys/types.h>
#include <sys/stat.h>
@@ -26,6 +26,7 @@ __RCSID("$NetBSD: auth-rhosts.c,v 1.14 2
#include <stdio.h>
#include <string.h>
#include <stdarg.h>
+#include <stdlib.h>
#include <unistd.h>
#include "packet.h"
Index: src/crypto/external/bsd/openssh/dist/auth2-pubkey.c
diff -u src/crypto/external/bsd/openssh/dist/auth2-pubkey.c:1.30 src/crypto/external/bsd/openssh/dist/auth2-pubkey.c:1.31
--- src/crypto/external/bsd/openssh/dist/auth2-pubkey.c:1.30 Wed Feb 23 14:07:20 2022
+++ src/crypto/external/bsd/openssh/dist/auth2-pubkey.c Fri Apr 15 10:00:06 2022
@@ -1,5 +1,5 @@
-/* $NetBSD: auth2-pubkey.c,v 1.30 2022/02/23 19:07:20 christos Exp $ */
-/* $OpenBSD: auth2-pubkey.c,v 1.112 2021/12/19 22:12:30 djm Exp $ */
+/* $NetBSD: auth2-pubkey.c,v 1.31 2022/04/15 14:00:06 christos Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.113 2022/02/27 01:33:59 naddy Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -25,7 +25,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: auth2-pubkey.c,v 1.30 2022/02/23 19:07:20 christos Exp $");
+__RCSID("$NetBSD: auth2-pubkey.c,v 1.31 2022/04/15 14:00:06 christos Exp $");
#include <sys/types.h>
#include <sys/stat.h>
@@ -171,8 +171,8 @@ userauth_pubkey(struct ssh *ssh, const c
goto done;
}
if (match_pattern_list(pkalg, options.pubkey_accepted_algos, 0) != 1) {
- logit_f("key type %s not in PubkeyAcceptedAlgorithms",
- sshkey_ssh_name(key));
+ logit_f("signature algorithm %s not in "
+ "PubkeyAcceptedAlgorithms", pkalg);
goto done;
}
if ((r = sshkey_check_cert_sigtype(key,
Index: src/crypto/external/bsd/openssh/dist/misc.c
diff -u src/crypto/external/bsd/openssh/dist/misc.c:1.30 src/crypto/external/bsd/openssh/dist/misc.c:1.31
--- src/crypto/external/bsd/openssh/dist/misc.c:1.30 Sat Feb 26 08:30:19 2022
+++ src/crypto/external/bsd/openssh/dist/misc.c Fri Apr 15 10:00:06 2022
@@ -1,5 +1,5 @@
-/* $NetBSD: misc.c,v 1.30 2022/02/26 13:30:19 christos Exp $ */
-/* $OpenBSD: misc.c,v 1.174 2022/02/11 00:43:56 dtucker Exp $ */
+/* $NetBSD: misc.c,v 1.31 2022/04/15 14:00:06 christos Exp $ */
+/* $OpenBSD: misc.c,v 1.175 2022/03/20 08:51:21 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2005-2020 Damien Miller. All rights reserved.
@@ -19,7 +19,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: misc.c,v 1.30 2022/02/26 13:30:19 christos Exp $");
+__RCSID("$NetBSD: misc.c,v 1.31 2022/04/15 14:00:06 christos Exp $");
#include <sys/types.h>
#include <sys/ioctl.h>
@@ -1034,16 +1034,21 @@ addargs(arglist *args, const char *fmt,
r = vasprintf(&cp, fmt, ap);
va_end(ap);
if (r == -1)
- fatal("addargs: argument too long");
+ fatal_f("argument too long");
nalloc = args->nalloc;
if (args->list == NULL) {
nalloc = 32;
args->num = 0;
- } else if (args->num+2 >= nalloc)
+ } else if (args->num > (256 * 1024))
+ fatal_f("too many arguments");
+ else if (args->num >= args->nalloc)
+ fatal_f("arglist corrupt");
+ else if (args->num+2 >= nalloc)
nalloc *= 2;
- args->list = xrecallocarray(args->list, args->nalloc, nalloc, sizeof(char *));
+ args->list = xrecallocarray(args->list, args->nalloc,
+ nalloc, sizeof(char *));
args->nalloc = nalloc;
args->list[args->num++] = cp;
args->list[args->num] = NULL;
@@ -1060,10 +1065,12 @@ replacearg(arglist *args, u_int which, c
r = vasprintf(&cp, fmt, ap);
va_end(ap);
if (r == -1)
- fatal("replacearg: argument too long");
+ fatal_f("argument too long");
+ if (args->list == NULL || args->num >= args->nalloc)
+ fatal_f("arglist corrupt");
if (which >= args->num)
- fatal("replacearg: tried to replace invalid arg %d >= %d",
+ fatal_f("tried to replace invalid arg %d >= %d",
which, args->num);
free(args->list[which]);
args->list[which] = cp;
@@ -1074,13 +1081,15 @@ freeargs(arglist *args)
{
u_int i;
- if (args->list != NULL) {
+ if (args == NULL)
+ return;
+ if (args->list != NULL && args->num < args->nalloc) {
for (i = 0; i < args->num; i++)
free(args->list[i]);
free(args->list);
- args->nalloc = args->num = 0;
- args->list = NULL;
}
+ args->nalloc = args->num = 0;
+ args->list = NULL;
}
/*
Index: src/crypto/external/bsd/openssh/dist/sftp-client.c
diff -u src/crypto/external/bsd/openssh/dist/sftp-client.c:1.30 src/crypto/external/bsd/openssh/dist/sftp-client.c:1.31
--- src/crypto/external/bsd/openssh/dist/sftp-client.c:1.30 Wed Feb 23 14:07:20 2022
+++ src/crypto/external/bsd/openssh/dist/sftp-client.c Fri Apr 15 10:00:06 2022
@@ -1,5 +1,5 @@
-/* $NetBSD: sftp-client.c,v 1.30 2022/02/23 19:07:20 christos Exp $ */
-/* $OpenBSD: sftp-client.c,v 1.161 2022/01/17 21:41:04 djm Exp $ */
+/* $NetBSD: sftp-client.c,v 1.31 2022/04/15 14:00:06 christos Exp $ */
+/* $OpenBSD: sftp-client.c,v 1.162 2022/03/31 03:07:03 djm Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <d...@openbsd.org>
*
@@ -22,7 +22,7 @@
/* XXX: copy between two remote sites */
#include "includes.h"
-__RCSID("$NetBSD: sftp-client.c,v 1.30 2022/02/23 19:07:20 christos Exp $");
+__RCSID("$NetBSD: sftp-client.c,v 1.31 2022/04/15 14:00:06 christos Exp $");
#include <sys/param.h> /* MIN MAX */
#include <sys/types.h>
@@ -88,6 +88,7 @@ struct sftp_conn {
#define SFTP_EXT_LSETSTAT 0x00000020
#define SFTP_EXT_LIMITS 0x00000040
#define SFTP_EXT_PATH_EXPAND 0x00000080
+#define SFTP_EXT_COPY_DATA 0x00000100
u_int exts;
u_int64_t limit_kbps;
struct bwlimit bwlimit_in, bwlimit_out;
@@ -519,6 +520,10 @@ do_init(int fd_in, int fd_out, u_int tra
strcmp((char *)value, "1") == 0) {
ret->exts |= SFTP_EXT_PATH_EXPAND;
known = 1;
+ } else if (strcmp(name, "copy-data") == 0 &&
+ strcmp((char *)value, "1") == 0) {
+ ret->exts |= SFTP_EXT_COPY_DATA;
+ known = 1;
}
if (known) {
debug2("Server supports extension \"%s\" revision %s",
@@ -1064,6 +1069,121 @@ do_expand_path(struct sftp_conn *conn, c
}
int
+do_copy(struct sftp_conn *conn, const char *oldpath, const char *newpath)
+{
+ Attrib junk, *a;
+ struct sshbuf *msg;
+ u_char *old_handle, *new_handle;
+ u_int mode, status, id;
+ size_t old_handle_len, new_handle_len;
+ int r;
+
+ /* Return if the extension is not supported */
+ if ((conn->exts & SFTP_EXT_COPY_DATA) == 0) {
+ error("Server does not support copy-data extension");
+ return -1;
+ }
+
+ /* Make sure the file exists, and we can copy its perms */
+ if ((a = do_stat(conn, oldpath, 0)) == NULL)
+ return -1;
+
+ /* Do not preserve set[ug]id here, as we do not preserve ownership */
+ if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
+ mode = a->perm & 0777;
+
+ if (!S_ISREG(a->perm)) {
+ error("Cannot copy non-regular file: %s", oldpath);
+ return -1;
+ }
+ } else {
+ /* NB: The user's umask will apply to this */
+ mode = 0666;
+ }
+
+ /* Set up the new perms for the new file */
+ attrib_clear(a);
+ a->perm = mode;
+ a->flags |= SSH2_FILEXFER_ATTR_PERMISSIONS;
+
+ if ((msg = sshbuf_new()) == NULL)
+ fatal("%s: sshbuf_new failed", __func__);
+
+ attrib_clear(&junk); /* Send empty attributes */
+
+ /* Open the old file for reading */
+ id = conn->msg_id++;
+ if ((r = sshbuf_put_u8(msg, SSH2_FXP_OPEN)) != 0 ||
+ (r = sshbuf_put_u32(msg, id)) != 0 ||
+ (r = sshbuf_put_cstring(msg, oldpath)) != 0 ||
+ (r = sshbuf_put_u32(msg, SSH2_FXF_READ)) != 0 ||
+ (r = encode_attrib(msg, &junk)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ send_msg(conn, msg);
+ debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, oldpath);
+
+ sshbuf_reset(msg);
+
+ old_handle = get_handle(conn, id, &old_handle_len,
+ "remote open(\"%s\")", oldpath);
+ if (old_handle == NULL) {
+ sshbuf_free(msg);
+ return -1;
+ }
+
+ /* Open the new file for writing */
+ id = conn->msg_id++;
+ if ((r = sshbuf_put_u8(msg, SSH2_FXP_OPEN)) != 0 ||
+ (r = sshbuf_put_u32(msg, id)) != 0 ||
+ (r = sshbuf_put_cstring(msg, newpath)) != 0 ||
+ (r = sshbuf_put_u32(msg, SSH2_FXF_WRITE|SSH2_FXF_CREAT|
+ SSH2_FXF_TRUNC)) != 0 ||
+ (r = encode_attrib(msg, a)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ send_msg(conn, msg);
+ debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, newpath);
+
+ sshbuf_reset(msg);
+
+ new_handle = get_handle(conn, id, &new_handle_len,
+ "remote open(\"%s\")", newpath);
+ if (new_handle == NULL) {
+ sshbuf_free(msg);
+ free(old_handle);
+ return -1;
+ }
+
+ /* Copy the file data */
+ id = conn->msg_id++;
+ if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
+ (r = sshbuf_put_u32(msg, id)) != 0 ||
+ (r = sshbuf_put_cstring(msg, "copy-data")) != 0 ||
+ (r = sshbuf_put_string(msg, old_handle, old_handle_len)) != 0 ||
+ (r = sshbuf_put_u64(msg, 0)) != 0 ||
+ (r = sshbuf_put_u64(msg, 0)) != 0 ||
+ (r = sshbuf_put_string(msg, new_handle, new_handle_len)) != 0 ||
+ (r = sshbuf_put_u64(msg, 0)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ send_msg(conn, msg);
+ debug3("Sent message copy-data \"%s\" 0 0 -> \"%s\" 0",
+ oldpath, newpath);
+
+ status = get_status(conn, id);
+ if (status != SSH2_FX_OK)
+ error("Couldn't copy file \"%s\" to \"%s\": %s", oldpath,
+ newpath, fx2txt(status));
+
+ /* Clean up everything */
+ sshbuf_free(msg);
+ do_close(conn, old_handle, old_handle_len);
+ do_close(conn, new_handle, new_handle_len);
+ free(old_handle);
+ free(new_handle);
+
+ return status == SSH2_FX_OK ? 0 : -1;
+}
+
+int
do_rename(struct sftp_conn *conn, const char *oldpath, const char *newpath,
int force_legacy)
{
Index: src/crypto/external/bsd/openssh/dist/channels.c
diff -u src/crypto/external/bsd/openssh/dist/channels.c:1.35 src/crypto/external/bsd/openssh/dist/channels.c:1.36
--- src/crypto/external/bsd/openssh/dist/channels.c:1.35 Wed Feb 23 14:07:20 2022
+++ src/crypto/external/bsd/openssh/dist/channels.c Fri Apr 15 10:00:06 2022
@@ -1,5 +1,5 @@
-/* $NetBSD: channels.c,v 1.35 2022/02/23 19:07:20 christos Exp $ */
-/* $OpenBSD: channels.c,v 1.413 2022/02/17 10:58:27 djm Exp $ */
+/* $NetBSD: channels.c,v 1.36 2022/04/15 14:00:06 christos Exp $ */
+/* $OpenBSD: channels.c,v 1.415 2022/03/30 21:10:25 djm Exp $ */
/*
* Author: Tatu Ylonen <y...@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <y...@cs.hut.fi>, Espoo, Finland
@@ -41,7 +41,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: channels.c,v 1.35 2022/02/23 19:07:20 christos Exp $");
+__RCSID("$NetBSD: channels.c,v 1.36 2022/04/15 14:00:06 christos Exp $");
#include <sys/param.h>
#include <sys/types.h>
#include <sys/stat.h>
@@ -432,21 +432,25 @@ channel_close_fd(struct ssh *ssh, Channe
c->io_want &= ~SSH_CHAN_IO_RFD;
c->io_ready &= ~SSH_CHAN_IO_RFD;
c->rfd = -1;
+ c->pfds[0] = -1;
}
if (*fdp == c->wfd) {
c->io_want &= ~SSH_CHAN_IO_WFD;
c->io_ready &= ~SSH_CHAN_IO_WFD;
c->wfd = -1;
+ c->pfds[1] = -1;
}
if (*fdp == c->efd) {
c->io_want &= ~SSH_CHAN_IO_EFD;
c->io_ready &= ~SSH_CHAN_IO_EFD;
c->efd = -1;
+ c->pfds[2] = -1;
}
if (*fdp == c->sock) {
c->io_want &= ~SSH_CHAN_IO_SOCK;
c->io_ready &= ~SSH_CHAN_IO_SOCK;
c->sock = -1;
+ c->pfds[3] = -1;
}
ret = close(fd);
@@ -2480,10 +2484,13 @@ dump_channel_poll(const char *func, cons
u_int pollfd_offset, struct pollfd *pfd)
{
#ifdef DEBUG_CHANNEL_POLL
- debug3_f("channel %d: rfd r%d w%d e%d s%d "
- "pfd[%u].fd=%d want 0x%02x ev 0x%02x ready 0x%02x rev 0x%02x",
- c->self, c->rfd, c->wfd, c->efd, c->sock, pollfd_offset, pfd->fd,
- c->io_want, pfd->events, c->io_ready, pfd->revents);
+ debug3("%s: channel %d: %s r%d w%d e%d s%d c->pfds [ %d %d %d %d ] "
+ "io_want 0x%02x io_ready 0x%02x pfd[%u].fd=%d "
+ "pfd.ev 0x%02x pfd.rev 0x%02x", func, c->self, what,
+ c->rfd, c->wfd, c->efd, c->sock,
+ c->pfds[0], c->pfds[1], c->pfds[2], c->pfds[3],
+ c->io_want, c->io_ready,
+ pollfd_offset, pfd->fd, pfd->events, pfd->revents);
#endif
}
@@ -2492,7 +2499,7 @@ static void
channel_prepare_pollfd(Channel *c, u_int *next_pollfd,
struct pollfd *pfd, u_int npfd)
{
- u_int p = *next_pollfd;
+ u_int ev, p = *next_pollfd;
if (c == NULL)
return;
@@ -2501,7 +2508,7 @@ channel_prepare_pollfd(Channel *c, u_int
fatal_f("channel %d: bad pfd offset %u (max %u)",
c->self, p, npfd);
}
- c->pollfd_offset = -1;
+ c->pfds[0] = c->pfds[1] = c->pfds[2] = c->pfds[3] = -1;
/*
* prepare c->rfd
*
@@ -2510,69 +2517,82 @@ channel_prepare_pollfd(Channel *c, u_int
* IO too.
*/
if (c->rfd != -1) {
- if (c->pollfd_offset == -1)
- c->pollfd_offset = p;
- pfd[p].fd = c->rfd;
- pfd[p].events = 0;
+ ev = 0;
if ((c->io_want & SSH_CHAN_IO_RFD) != 0)
- pfd[p].events |= POLLIN;
+ ev |= POLLIN;
/* rfd == wfd */
- if (c->wfd == c->rfd &&
- (c->io_want & SSH_CHAN_IO_WFD) != 0)
- pfd[p].events |= POLLOUT;
+ if (c->wfd == c->rfd) {
+ if ((c->io_want & SSH_CHAN_IO_WFD) != 0)
+ ev |= POLLOUT;
+ }
/* rfd == efd */
- if (c->efd == c->rfd &&
- (c->io_want & SSH_CHAN_IO_EFD_R) != 0)
- pfd[p].events |= POLLIN;
- if (c->efd == c->rfd &&
- (c->io_want & SSH_CHAN_IO_EFD_W) != 0)
- pfd[p].events |= POLLOUT;
+ if (c->efd == c->rfd) {
+ if ((c->io_want & SSH_CHAN_IO_EFD_R) != 0)
+ ev |= POLLIN;
+ if ((c->io_want & SSH_CHAN_IO_EFD_W) != 0)
+ ev |= POLLOUT;
+ }
/* rfd == sock */
- if (c->sock == c->rfd &&
- (c->io_want & SSH_CHAN_IO_SOCK_R) != 0)
- pfd[p].events |= POLLIN;
- if (c->sock == c->rfd &&
- (c->io_want & SSH_CHAN_IO_SOCK_W) != 0)
- pfd[p].events |= POLLOUT;
- dump_channel_poll(__func__, "rfd", c, p, &pfd[p]);
- p++;
+ if (c->sock == c->rfd) {
+ if ((c->io_want & SSH_CHAN_IO_SOCK_R) != 0)
+ ev |= POLLIN;
+ if ((c->io_want & SSH_CHAN_IO_SOCK_W) != 0)
+ ev |= POLLOUT;
+ }
+ /* Pack a pfd entry if any event armed for this fd */
+ if (ev != 0) {
+ c->pfds[0] = p;
+ pfd[p].fd = c->rfd;
+ pfd[p].events = ev;
+ dump_channel_poll(__func__, "rfd", c, p, &pfd[p]);
+ p++;
+ }
}
- /* prepare c->wfd (if not already handled above) */
+ /* prepare c->wfd if wanting IO and not already handled above */
if (c->wfd != -1 && c->rfd != c->wfd) {
- if (c->pollfd_offset == -1)
- c->pollfd_offset = p;
- pfd[p].fd = c->wfd;
- pfd[p].events = 0;
- if ((c->io_want & SSH_CHAN_IO_WFD) != 0)
- pfd[p].events = POLLOUT;
- dump_channel_poll(__func__, "wfd", c, p, &pfd[p]);
- p++;
+ ev = 0;
+ if ((c->io_want & SSH_CHAN_IO_WFD))
+ ev |= POLLOUT;
+ /* Pack a pfd entry if any event armed for this fd */
+ if (ev != 0) {
+ c->pfds[1] = p;
+ pfd[p].fd = c->wfd;
+ pfd[p].events = ev;
+ dump_channel_poll(__func__, "wfd", c, p, &pfd[p]);
+ p++;
+ }
}
- /* prepare c->efd (if not already handled above) */
+ /* prepare c->efd if wanting IO and not already handled above */
if (c->efd != -1 && c->rfd != c->efd) {
- if (c->pollfd_offset == -1)
- c->pollfd_offset = p;
- pfd[p].fd = c->efd;
- pfd[p].events = 0;
+ ev = 0;
if ((c->io_want & SSH_CHAN_IO_EFD_R) != 0)
- pfd[p].events |= POLLIN;
+ ev |= POLLIN;
if ((c->io_want & SSH_CHAN_IO_EFD_W) != 0)
- pfd[p].events |= POLLOUT;
- dump_channel_poll(__func__, "efd", c, p, &pfd[p]);
- p++;
+ ev |= POLLOUT;
+ /* Pack a pfd entry if any event armed for this fd */
+ if (ev != 0) {
+ c->pfds[2] = p;
+ pfd[p].fd = c->efd;
+ pfd[p].events = ev;
+ dump_channel_poll(__func__, "efd", c, p, &pfd[p]);
+ p++;
+ }
}
- /* prepare c->sock (if not already handled above) */
+ /* prepare c->sock if wanting IO and not already handled above */
if (c->sock != -1 && c->rfd != c->sock) {
- if (c->pollfd_offset == -1)
- c->pollfd_offset = p;
- pfd[p].fd = c->sock;
- pfd[p].events = 0;
+ ev = 0;
if ((c->io_want & SSH_CHAN_IO_SOCK_R) != 0)
- pfd[p].events |= POLLIN;
+ ev |= POLLIN;
if ((c->io_want & SSH_CHAN_IO_SOCK_W) != 0)
- pfd[p].events |= POLLOUT;
- dump_channel_poll(__func__, "sock", c, p, &pfd[p]);
- p++;
+ ev |= POLLOUT;
+ /* Pack a pfd entry if any event armed for this fd */
+ if (ev != 0) {
+ c->pfds[3] = p;
+ pfd[p].fd = c->sock;
+ pfd[p].events = 0;
+ dump_channel_poll(__func__, "sock", c, p, &pfd[p]);
+ p++;
+ }
}
*next_pollfd = p;
}
@@ -2619,13 +2639,15 @@ channel_prepare_poll(struct ssh *ssh, st
}
static void
-fd_ready(Channel *c, u_int p, struct pollfd *pfds, int fd,
+fd_ready(Channel *c, int p, struct pollfd *pfds, u_int npfd, int fd,
const char *what, u_int revents_mask, u_int ready)
{
struct pollfd *pfd = &pfds[p];
if (fd == -1)
return;
+ if (p == -1 || (u_int)p >= npfd)
+ fatal_f("channel %d: bad pfd %d (max %u)", c->self, p, npfd);
dump_channel_poll(__func__, what, c, p, pfd);
if (pfd->fd != fd) {
fatal("channel %d: inconsistent %s fd=%d pollfd[%u].fd %d "
@@ -2648,11 +2670,12 @@ void
channel_after_poll(struct ssh *ssh, struct pollfd *pfd, u_int npfd)
{
struct ssh_channels *sc = ssh->chanctxt;
- u_int i, p;
+ u_int i;
+ int p;
Channel *c;
#ifdef DEBUG_CHANNEL_POLL
- for (p = 0; p < npfd; p++) {
+ for (p = 0; p < (int)npfd; p++) {
if (pfd[p].revents == 0)
continue;
debug_f("pfd[%u].fd %d rev 0x%04x",
@@ -2663,13 +2686,8 @@ channel_after_poll(struct ssh *ssh, stru
/* Convert pollfd into c->io_ready */
for (i = 0; i < sc->channels_alloc; i++) {
c = sc->channels[i];
- if (c == NULL || c->pollfd_offset < 0)
+ if (c == NULL)
continue;
- if ((u_int)c->pollfd_offset >= npfd) {
- /* shouldn't happen */
- fatal_f("channel %d: (before) bad pfd %u (max %u)",
- c->self, c->pollfd_offset, npfd);
- }
/* if rfd is shared with efd/sock then wfd should be too */
if (c->rfd != -1 && c->wfd != -1 && c->rfd != c->wfd &&
(c->rfd == c->efd || c->rfd == c->sock)) {
@@ -2678,56 +2696,52 @@ channel_after_poll(struct ssh *ssh, stru
c->self, c->rfd, c->wfd, c->efd, c->sock);
}
c->io_ready = 0;
- p = c->pollfd_offset;
/* rfd, potentially shared with wfd, efd and sock */
- if (c->rfd != -1) {
- fd_ready(c, p, pfd, c->rfd, "rfd", POLLIN,
- SSH_CHAN_IO_RFD);
+ if (c->rfd != -1 && (p = c->pfds[0]) != -1) {
+ fd_ready(c, p, pfd, npfd, c->rfd,
+ "rfd", POLLIN, SSH_CHAN_IO_RFD);
if (c->rfd == c->wfd) {
- fd_ready(c, p, pfd, c->wfd, "wfd/r", POLLOUT,
- SSH_CHAN_IO_WFD);
+ fd_ready(c, p, pfd, npfd, c->wfd,
+ "wfd/r", POLLOUT, SSH_CHAN_IO_WFD);
}
if (c->rfd == c->efd) {
- fd_ready(c, p, pfd, c->efd, "efdr/r", POLLIN,
- SSH_CHAN_IO_EFD_R);
- fd_ready(c, p, pfd, c->efd, "efdw/r", POLLOUT,
- SSH_CHAN_IO_EFD_W);
+ fd_ready(c, p, pfd, npfd, c->efd,
+ "efdr/r", POLLIN, SSH_CHAN_IO_EFD_R);
+ fd_ready(c, p, pfd, npfd, c->efd,
+ "efdw/r", POLLOUT, SSH_CHAN_IO_EFD_W);
}
if (c->rfd == c->sock) {
- fd_ready(c, p, pfd, c->sock, "sockr/r", POLLIN,
- SSH_CHAN_IO_SOCK_R);
- fd_ready(c, p, pfd, c->sock, "sockw/r", POLLOUT,
- SSH_CHAN_IO_SOCK_W);
+ fd_ready(c, p, pfd, npfd, c->sock,
+ "sockr/r", POLLIN, SSH_CHAN_IO_SOCK_R);
+ fd_ready(c, p, pfd, npfd, c->sock,
+ "sockw/r", POLLOUT, SSH_CHAN_IO_SOCK_W);
}
- p++;
+ dump_channel_poll(__func__, "rfd", c, p, pfd);
}
/* wfd */
- if (c->wfd != -1 && c->wfd != c->rfd) {
- fd_ready(c, p, pfd, c->wfd, "wfd", POLLOUT,
- SSH_CHAN_IO_WFD);
- p++;
+ if (c->wfd != -1 && c->wfd != c->rfd &&
+ (p = c->pfds[1]) != -1) {
+ fd_ready(c, p, pfd, npfd, c->wfd,
+ "wfd", POLLOUT, SSH_CHAN_IO_WFD);
+ dump_channel_poll(__func__, "wfd", c, p, pfd);
}
/* efd */
- if (c->efd != -1 && c->efd != c->rfd) {
- fd_ready(c, p, pfd, c->efd, "efdr", POLLIN,
- SSH_CHAN_IO_EFD_R);
- fd_ready(c, p, pfd, c->efd, "efdw", POLLOUT,
- SSH_CHAN_IO_EFD_W);
- p++;
+ if (c->efd != -1 && c->efd != c->rfd &&
+ (p = c->pfds[2]) != -1) {
+ fd_ready(c, p, pfd, npfd, c->efd,
+ "efdr", POLLIN, SSH_CHAN_IO_EFD_R);
+ fd_ready(c, p, pfd, npfd, c->efd,
+ "efdw", POLLOUT, SSH_CHAN_IO_EFD_W);
+ dump_channel_poll(__func__, "efd", c, p, pfd);
}
/* sock */
- if (c->sock != -1 && c->sock != c->rfd) {
- fd_ready(c, p, pfd, c->sock, "sockr", POLLIN,
- SSH_CHAN_IO_SOCK_R);
- fd_ready(c, p, pfd, c->sock, "sockw", POLLOUT,
- SSH_CHAN_IO_SOCK_W);
- p++;
- }
-
- if (p > npfd) {
- /* shouldn't happen */
- fatal_f("channel %d: (after) bad pfd %u (max %u)",
- c->self, c->pollfd_offset, npfd);
+ if (c->sock != -1 && c->sock != c->rfd &&
+ (p = c->pfds[3]) != -1) {
+ fd_ready(c, p, pfd, npfd, c->sock,
+ "sockr", POLLIN, SSH_CHAN_IO_SOCK_R);
+ fd_ready(c, p, pfd, npfd, c->sock,
+ "sockw", POLLOUT, SSH_CHAN_IO_SOCK_W);
+ dump_channel_poll(__func__, "sock", c, p, pfd);
}
}
channel_handler(ssh, CHAN_POST, NULL);
Index: src/crypto/external/bsd/openssh/dist/channels.h
diff -u src/crypto/external/bsd/openssh/dist/channels.h:1.21 src/crypto/external/bsd/openssh/dist/channels.h:1.22
--- src/crypto/external/bsd/openssh/dist/channels.h:1.21 Wed Feb 23 14:07:20 2022
+++ src/crypto/external/bsd/openssh/dist/channels.h Fri Apr 15 10:00:06 2022
@@ -1,5 +1,5 @@
-/* $NetBSD: channels.h,v 1.21 2022/02/23 19:07:20 christos Exp $ */
-/* $OpenBSD: channels.h,v 1.141 2022/01/22 00:49:34 djm Exp $ */
+/* $NetBSD: channels.h,v 1.22 2022/04/15 14:00:06 christos Exp $ */
+/* $OpenBSD: channels.h,v 1.142 2022/03/30 21:10:25 djm Exp $ */
/*
* Author: Tatu Ylonen <y...@cs.hut.fi>
@@ -140,7 +140,7 @@ struct Channel {
int sock; /* sock fd */
u_int io_want; /* bitmask of SSH_CHAN_IO_* */
u_int io_ready; /* bitmask of SSH_CHAN_IO_* */
- int pollfd_offset; /* base offset into pollfd array (or -1) */
+ int pfds[4]; /* pollfd entries for rfd/wfd/efd/sock */
int ctl_chan; /* control channel (multiplexed connections) */
int isatty; /* rfd is a tty */
int client_tty; /* (client) TTY has been requested */
Index: src/crypto/external/bsd/openssh/dist/monitor.c
diff -u src/crypto/external/bsd/openssh/dist/monitor.c:1.39 src/crypto/external/bsd/openssh/dist/monitor.c:1.40
--- src/crypto/external/bsd/openssh/dist/monitor.c:1.39 Wed Feb 23 14:07:20 2022
+++ src/crypto/external/bsd/openssh/dist/monitor.c Fri Apr 15 10:00:06 2022
@@ -1,5 +1,5 @@
-/* $NetBSD: monitor.c,v 1.39 2022/02/23 19:07:20 christos Exp $ */
-/* $OpenBSD: monitor.c,v 1.231 2022/01/28 06:18:42 guenther Exp $ */
+/* $NetBSD: monitor.c,v 1.40 2022/04/15 14:00:06 christos Exp $ */
+/* $OpenBSD: monitor.c,v 1.232 2022/02/25 02:09:27 djm Exp $ */
/*
* Copyright 2002 Niels Provos <pro...@citi.umich.edu>
* Copyright 2002 Markus Friedl <mar...@openbsd.org>
@@ -27,7 +27,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: monitor.c,v 1.39 2022/02/23 19:07:20 christos Exp $");
+__RCSID("$NetBSD: monitor.c,v 1.40 2022/04/15 14:00:06 christos Exp $");
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/socket.h>
@@ -689,7 +689,6 @@ mm_answer_sign(struct ssh *ssh, int sock
int
mm_answer_pwnamallow(struct ssh *ssh, int sock, struct sshbuf *m)
{
- char *username;
struct passwd *pwent;
int r, allowed = 0;
u_int i;
@@ -700,14 +699,12 @@ mm_answer_pwnamallow(struct ssh *ssh, in
if (authctxt->attempt++ != 0)
fatal_f("multiple attempts for getpwnam");
- if ((r = sshbuf_get_cstring(m, &username, NULL)) != 0)
+ if ((r = sshbuf_get_cstring(m, &authctxt->user, NULL)) != 0)
fatal_fr(r, "parse");
- pwent = getpwnamallow(ssh, username);
+ pwent = getpwnamallow(ssh, authctxt->user);
- authctxt->user = xstrdup(username);
- setproctitle("%s [priv]", pwent ? username : "unknown");
- free(username);
+ setproctitle("%s [priv]", pwent ? authctxt->user : "unknown");
sshbuf_reset(m);
Index: src/crypto/external/bsd/openssh/dist/servconf.c
diff -u src/crypto/external/bsd/openssh/dist/servconf.c:1.39 src/crypto/external/bsd/openssh/dist/servconf.c:1.40
--- src/crypto/external/bsd/openssh/dist/servconf.c:1.39 Wed Feb 23 14:07:20 2022
+++ src/crypto/external/bsd/openssh/dist/servconf.c Fri Apr 15 10:00:06 2022
@@ -1,6 +1,6 @@
-/* $NetBSD: servconf.c,v 1.39 2022/02/23 19:07:20 christos Exp $ */
+/* $NetBSD: servconf.c,v 1.40 2022/04/15 14:00:06 christos Exp $ */
-/* $OpenBSD: servconf.c,v 1.383 2022/02/08 08:59:12 dtucker Exp $ */
+/* $OpenBSD: servconf.c,v 1.384 2022/03/18 04:04:11 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <y...@cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -13,7 +13,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: servconf.c,v 1.39 2022/02/23 19:07:20 christos Exp $");
+__RCSID("$NetBSD: servconf.c,v 1.40 2022/04/15 14:00:06 christos Exp $");
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/queue.h>
@@ -2796,7 +2796,7 @@ parse_server_match_config(ServerOptions
initialize_server_options(&mo);
parse_server_config(&mo, "reprocess config", cfg, includes,
- connectinfo);
+ connectinfo, 0);
copy_set_server_options(options, &mo, 0);
}
@@ -2974,12 +2974,13 @@ parse_server_config_depth(ServerOptions
void
parse_server_config(ServerOptions *options, const char *filename,
struct sshbuf *conf, struct include_list *includes,
- struct connection_info *connectinfo)
+ struct connection_info *connectinfo, int reexec)
{
int active = connectinfo ? 0 : 1;
parse_server_config_depth(options, filename, conf, includes,
connectinfo, (connectinfo ? SSHCFG_MATCH_ONLY : 0), &active, 0);
- process_queued_listen_addrs(options);
+ if (!reexec)
+ process_queued_listen_addrs(options);
}
static const char *
Index: src/crypto/external/bsd/openssh/dist/ssh.c
diff -u src/crypto/external/bsd/openssh/dist/ssh.c:1.39 src/crypto/external/bsd/openssh/dist/ssh.c:1.40
--- src/crypto/external/bsd/openssh/dist/ssh.c:1.39 Wed Feb 23 14:07:20 2022
+++ src/crypto/external/bsd/openssh/dist/ssh.c Fri Apr 15 10:00:06 2022
@@ -1,5 +1,5 @@
-/* $NetBSD: ssh.c,v 1.39 2022/02/23 19:07:20 christos Exp $ */
-/* $OpenBSD: ssh.c,v 1.573 2022/02/08 08:59:12 dtucker Exp $ */
+/* $NetBSD: ssh.c,v 1.40 2022/04/15 14:00:06 christos Exp $ */
+/* $OpenBSD: ssh.c,v 1.574 2022/03/30 04:33:09 djm Exp $ */
/*
* Author: Tatu Ylonen <y...@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <y...@cs.hut.fi>, Espoo, Finland
@@ -42,7 +42,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: ssh.c,v 1.39 2022/02/23 19:07:20 christos Exp $");
+__RCSID("$NetBSD: ssh.c,v 1.40 2022/04/15 14:00:06 christos Exp $");
#include <sys/types.h>
#include <sys/param.h>
#include <sys/ioctl.h>
@@ -677,7 +677,7 @@ main(int ac, char **av)
again:
while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
- "AB:CD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
+ "AB:CD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { /* HUZdhjruz */
switch (opt) {
case '1':
fatal("SSH protocol v.1 is no longer supported");
Index: src/crypto/external/bsd/openssh/dist/version.h
diff -u src/crypto/external/bsd/openssh/dist/version.h:1.39 src/crypto/external/bsd/openssh/dist/version.h:1.40
--- src/crypto/external/bsd/openssh/dist/version.h:1.39 Wed Feb 23 14:07:20 2022
+++ src/crypto/external/bsd/openssh/dist/version.h Fri Apr 15 10:00:06 2022
@@ -1,8 +1,8 @@
-/* $NetBSD: version.h,v 1.39 2022/02/23 19:07:20 christos Exp $ */
-/* $OpenBSD: version.h,v 1.93 2022/02/23 11:07:09 djm Exp $ */
+/* $NetBSD: version.h,v 1.40 2022/04/15 14:00:06 christos Exp $ */
+/* $OpenBSD: version.h,v 1.94 2022/04/04 22:45:25 djm Exp $ */
-#define __OPENSSH_VERSION "OpenSSH_8.9"
-#define __NETBSDSSH_VERSION "NetBSD_Secure_Shell-20220223"
+#define __OPENSSH_VERSION "OpenSSH_9.0"
+#define __NETBSDSSH_VERSION "NetBSD_Secure_Shell-20220415"
#define SSH_HPN "-hpn13v14"
#define SSH_LPK "-lpk"
/*
Index: src/crypto/external/bsd/openssh/dist/myproposal.h
diff -u src/crypto/external/bsd/openssh/dist/myproposal.h:1.23 src/crypto/external/bsd/openssh/dist/myproposal.h:1.24
--- src/crypto/external/bsd/openssh/dist/myproposal.h:1.23 Wed Feb 23 14:07:20 2022
+++ src/crypto/external/bsd/openssh/dist/myproposal.h Fri Apr 15 10:00:06 2022
@@ -1,5 +1,5 @@
-/* $NetBSD: myproposal.h,v 1.23 2022/02/23 19:07:20 christos Exp $ */
-/* $OpenBSD: myproposal.h,v 1.70 2021/11/10 06:29:25 djm Exp $ */
+/* $NetBSD: myproposal.h,v 1.24 2022/04/15 14:00:06 christos Exp $ */
+/* $OpenBSD: myproposal.h,v 1.71 2022/03/30 21:13:23 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -26,12 +26,12 @@
*/
#define KEX_SERVER_KEX \
+ "sntrup761x25519-sha...@openssh.com," \
"curve25519-sha256," \
"curve25519-sha...@libssh.org," \
"ecdh-sha2-nistp256," \
"ecdh-sha2-nistp384," \
"ecdh-sha2-nistp521," \
- "sntrup761x25519-sha...@openssh.com," \
"diffie-hellman-group-exchange-sha256," \
"diffie-hellman-group16-sha512," \
"diffie-hellman-group18-sha512," \
Index: src/crypto/external/bsd/openssh/dist/scp.1
diff -u src/crypto/external/bsd/openssh/dist/scp.1:1.26 src/crypto/external/bsd/openssh/dist/scp.1:1.27
--- src/crypto/external/bsd/openssh/dist/scp.1:1.26 Wed Feb 23 14:07:20 2022
+++ src/crypto/external/bsd/openssh/dist/scp.1 Fri Apr 15 10:00:06 2022
@@ -1,4 +1,4 @@
-.\" $NetBSD: scp.1,v 1.26 2022/02/23 19:07:20 christos Exp $
+.\" $NetBSD: scp.1,v 1.27 2022/04/15 14:00:06 christos Exp $
.\" -*- nroff -*-
.\"
.\" scp.1
@@ -10,9 +10,9 @@
.\"
.\" Created: Sun May 7 00:14:37 1995 ylo
.\"
-.\" $OpenBSD: scp.1,v 1.107 2022/02/10 04:12:38 djm Exp $
+.\" $OpenBSD: scp.1,v 1.108 2022/02/23 21:21:16 djm Exp $
.\"
-.Dd February 10 2022
+.Dd February 23 2022
.Dt SCP 1
.Os
.Sh NAME
@@ -78,7 +78,9 @@ The options are as follows:
Copies between two remote hosts are transferred through the local host.
Without this option the data is copied directly between the two remote
hosts.
-Note that, when using the original SCP protocol (the default), this option
+Note that, when using the legacy SCP protocol (via the
+.Fl O
+flag), this option
selects batch mode for the second host as
.Nm
cannot ask for passwords or passphrases for both hosts.
@@ -111,7 +113,7 @@ This option is directly passed to
.Xr ssh 1 .
.It Fl D Ar sftp_server_path
When using the SFTP protocol support via
-.Fl s ,
+.Fl M ,
connect directly to a local SFTP server program rather than a
remote one via
.Xr ssh 1 .
@@ -143,13 +145,12 @@ This option is directly passed to
.It Fl l Ar limit
Limits the used bandwidth, specified in Kbit/s.
.It Fl O
-Use the original SCP protocol for file transfers instead of the SFTP protocol.
+Use the legacy SCP protocol for file transfers instead of the SFTP protocol.
Forcing the use of the SCP protocol may be necessary for servers that do
not implement SFTP, for backwards-compatibility for particular filename
wildcard patterns and for expanding paths with a
.Sq ~
prefix for older SFTP servers.
-This mode is the default.
.It Fl o Ar ssh_option
Can be used to pass options to
.Nm ssh
@@ -259,8 +260,6 @@ to use for the encrypted connection.
The program must understand
.Xr ssh 1
options.
-.It Fl s
-Use the SFTP protocol for transfers rather than the original scp protocol.
.It Fl T
Disable strict filename checking.
By default when copying files from a remote host to a local directory
@@ -297,12 +296,17 @@ debugging connection, authentication, an
is based on the rcp program in
.Bx
source code from the Regents of the University of California.
+.Pp
+Since OpenSSH 8.8,
+.Nm
+has use the SFTP protocol for transfers by default.
.Sh AUTHORS
.An Timo Rinne Aq Mt t...@iki.fi
.An Tatu Ylonen Aq Mt y...@cs.hut.fi
.Sh CAVEATS
-The original SCP protocol (used by default) requires execution of the
-remote user's shell to perform
+The legacy SCP protocol (selected by the
+.Fl O
+flag) requires execution of the remote user's shell to perform
.Xr glob 3
pattern matching.
This requires careful quoting of any characters that have special meaning to
Index: src/crypto/external/bsd/openssh/dist/servconf.h
diff -u src/crypto/external/bsd/openssh/dist/servconf.h:1.26 src/crypto/external/bsd/openssh/dist/servconf.h:1.27
--- src/crypto/external/bsd/openssh/dist/servconf.h:1.26 Thu Sep 2 07:26:18 2021
+++ src/crypto/external/bsd/openssh/dist/servconf.h Fri Apr 15 10:00:06 2022
@@ -1,5 +1,5 @@
-/* $NetBSD: servconf.h,v 1.26 2021/09/02 11:26:18 christos Exp $ */
-/* $OpenBSD: servconf.h,v 1.155 2021/07/02 05:11:21 dtucker Exp $ */
+/* $NetBSD: servconf.h,v 1.27 2022/04/15 14:00:06 christos Exp $ */
+/* $OpenBSD: servconf.h,v 1.156 2022/03/18 04:04:11 djm Exp $ */
/*
* Author: Tatu Ylonen <y...@cs.hut.fi>
@@ -317,7 +317,7 @@ int process_server_config_line(ServerOp
void process_permitopen(struct ssh *ssh, ServerOptions *options);
void load_server_config(const char *, struct sshbuf *);
void parse_server_config(ServerOptions *, const char *, struct sshbuf *,
- struct include_list *includes, struct connection_info *);
+ struct include_list *includes, struct connection_info *, int);
void parse_server_match_config(ServerOptions *,
struct include_list *includes, struct connection_info *);
int parse_server_match_testspec(struct connection_info *, char *);
Index: src/crypto/external/bsd/openssh/dist/sftp-server.c
diff -u src/crypto/external/bsd/openssh/dist/sftp-server.c:1.26 src/crypto/external/bsd/openssh/dist/sftp-server.c:1.27
--- src/crypto/external/bsd/openssh/dist/sftp-server.c:1.26 Wed Feb 23 14:07:20 2022
+++ src/crypto/external/bsd/openssh/dist/sftp-server.c Fri Apr 15 10:00:06 2022
@@ -1,5 +1,5 @@
-/* $NetBSD: sftp-server.c,v 1.26 2022/02/23 19:07:20 christos Exp $ */
-/* $OpenBSD: sftp-server.c,v 1.139 2022/02/01 23:32:51 djm Exp $ */
+/* $NetBSD: sftp-server.c,v 1.27 2022/04/15 14:00:06 christos Exp $ */
+/* $OpenBSD: sftp-server.c,v 1.140 2022/03/31 03:05:49 djm Exp $ */
/*
* Copyright (c) 2000-2004 Markus Friedl. All rights reserved.
*
@@ -17,7 +17,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: sftp-server.c,v 1.26 2022/02/23 19:07:20 christos Exp $");
+__RCSID("$NetBSD: sftp-server.c,v 1.27 2022/04/15 14:00:06 christos Exp $");
#include <sys/param.h> /* MIN */
#include <sys/types.h>
@@ -39,6 +39,7 @@ __RCSID("$NetBSD: sftp-server.c,v 1.26 2
#include <unistd.h>
#include <stdarg.h>
+#include "atomicio.h"
#include "xmalloc.h"
#include "sshbuf.h"
#include "ssherr.h"
@@ -114,6 +115,7 @@ static void process_extended_fsync(u_int
static void process_extended_lsetstat(u_int32_t id);
static void process_extended_limits(u_int32_t id);
static void process_extended_expand(u_int32_t id);
+static void process_extended_copy_data(u_int32_t id);
static void process_extended(u_int32_t id);
struct sftp_handler {
@@ -159,6 +161,7 @@ static const struct sftp_handler extende
{ "limits", "lim...@openssh.com", 0, process_extended_limits, 0 },
{ "expand-path", "expand-p...@openssh.com", 0,
process_extended_expand, 0 },
+ { "copy-data", "copy-data", 0, process_extended_copy_data, 1 },
{ NULL, NULL, 0, NULL, 0 }
};
@@ -715,6 +718,7 @@ process_init(void)
compose_extension(msg, "lsets...@openssh.com", "1");
compose_extension(msg, "lim...@openssh.com", "1");
compose_extension(msg, "expand-p...@openssh.com", "1");
+ compose_extension(msg, "copy-data", "1");
send_msg(msg);
sshbuf_free(msg);
@@ -1565,6 +1569,94 @@ process_extended_expand(u_int32_t id)
}
static void
+process_extended_copy_data(u_int32_t id)
+{
+ u_char buf[64*1024];
+ int read_handle, read_fd, write_handle, write_fd;
+ u_int64_t len, read_off, read_len, write_off;
+ int r, copy_until_eof, status = SSH2_FX_OP_UNSUPPORTED;
+ size_t ret;
+
+ if ((r = get_handle(iqueue, &read_handle)) != 0 ||
+ (r = sshbuf_get_u64(iqueue, &read_off)) != 0 ||
+ (r = sshbuf_get_u64(iqueue, &read_len)) != 0 ||
+ (r = get_handle(iqueue, &write_handle)) != 0 ||
+ (r = sshbuf_get_u64(iqueue, &write_off)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
+
+ debug("request %u: copy-data from \"%s\" (handle %d) off %llu len %llu "
+ "to \"%s\" (handle %d) off %llu",
+ id, handle_to_name(read_handle), read_handle,
+ (unsigned long long)read_off, (unsigned long long)read_len,
+ handle_to_name(write_handle), write_handle,
+ (unsigned long long)write_off);
+
+ /* For read length of 0, we read until EOF. */
+ if (read_len == 0) {
+ read_len = (u_int64_t)-1 - read_off;
+ copy_until_eof = 1;
+ } else
+ copy_until_eof = 0;
+
+ read_fd = handle_to_fd(read_handle);
+ write_fd = handle_to_fd(write_handle);
+
+ /* Disallow reading & writing to the same handle or same path or dirs */
+ if (read_handle == write_handle || read_fd < 0 || write_fd < 0 ||
+ !strcmp(handle_to_name(read_handle), handle_to_name(write_handle))) {
+ status = SSH2_FX_FAILURE;
+ goto out;
+ }
+
+ if (lseek(read_fd, read_off, SEEK_SET) < 0) {
+ status = errno_to_portable(errno);
+ error("%s: read_seek failed", __func__);
+ goto out;
+ }
+
+ if ((handle_to_flags(write_handle) & O_APPEND) == 0 &&
+ lseek(write_fd, write_off, SEEK_SET) < 0) {
+ status = errno_to_portable(errno);
+ error("%s: write_seek failed", __func__);
+ goto out;
+ }
+
+ /* Process the request in chunks. */
+ while (read_len > 0 || copy_until_eof) {
+ len = MINIMUM(sizeof(buf), read_len);
+ read_len -= len;
+
+ ret = atomicio(read, read_fd, buf, len);
+ if (ret == 0 && errno == EPIPE) {
+ status = copy_until_eof ? SSH2_FX_OK : SSH2_FX_EOF;
+ break;
+ } else if (ret == 0) {
+ status = errno_to_portable(errno);
+ error("%s: read failed: %s", __func__, strerror(errno));
+ break;
+ }
+ len = ret;
+ handle_update_read(read_handle, len);
+
+ ret = atomicio(vwrite, write_fd, buf, len);
+ if (ret != len) {
+ status = errno_to_portable(errno);
+ error("%s: write failed: %llu != %llu: %s", __func__,
+ (unsigned long long)ret, (unsigned long long)len,
+ strerror(errno));
+ break;
+ }
+ handle_update_write(write_handle, len);
+ }
+
+ if (read_len == 0)
+ status = SSH2_FX_OK;
+
+ out:
+ send_status(id, status);
+}
+
+static void
process_extended(u_int32_t id)
{
char *request;
Index: src/crypto/external/bsd/openssh/dist/sshd.8
diff -u src/crypto/external/bsd/openssh/dist/sshd.8:1.26 src/crypto/external/bsd/openssh/dist/sshd.8:1.27
--- src/crypto/external/bsd/openssh/dist/sshd.8:1.26 Mon Sep 27 13:03:13 2021
+++ src/crypto/external/bsd/openssh/dist/sshd.8 Fri Apr 15 10:00:06 2022
@@ -1,4 +1,4 @@
-.\" $NetBSD: sshd.8,v 1.26 2021/09/27 17:03:13 christos Exp $
+.\" $NetBSD: sshd.8,v 1.27 2022/04/15 14:00:06 christos Exp $
.\" -*- nroff -*-
.\"
.\" Author: Tatu Ylonen <y...@cs.hut.fi>
@@ -35,8 +35,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.317 2021/09/10 11:38:38 dtucker Exp $
-.Dd September 10 2021
+.\" $OpenBSD: sshd.8,v 1.318 2022/03/31 17:27:27 naddy Exp $
+.Dd March 31 2022
.Dt SSHD 8
.Os
.Sh NAME
@@ -625,7 +625,7 @@ Enable all restrictions, i.e. disable po
as well as disabling PTY allocation
and execution of
.Pa ~/.ssh/rc .
-If any future restriction capabilities are added to authorized_keys files
+If any future restriction capabilities are added to authorized_keys files,
they will be included in this set.
.It Cm tunnel="n"
Force a
Index: src/crypto/external/bsd/openssh/dist/scp.c
diff -u src/crypto/external/bsd/openssh/dist/scp.c:1.34 src/crypto/external/bsd/openssh/dist/scp.c:1.35
--- src/crypto/external/bsd/openssh/dist/scp.c:1.34 Wed Feb 23 14:07:20 2022
+++ src/crypto/external/bsd/openssh/dist/scp.c Fri Apr 15 10:00:06 2022
@@ -1,5 +1,5 @@
-/* $NetBSD: scp.c,v 1.34 2022/02/23 19:07:20 christos Exp $ */
-/* $OpenBSD: scp.c,v 1.245 2022/02/10 04:12:38 djm Exp $ */
+/* $NetBSD: scp.c,v 1.35 2022/04/15 14:00:06 christos Exp $ */
+/* $OpenBSD: scp.c,v 1.247 2022/03/20 08:52:17 djm Exp $ */
/*
* scp - secure remote copy. This is basically patched BSD rcp which
* uses ssh to do the data transfer (instead of using rcmd).
@@ -73,7 +73,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: scp.c,v 1.34 2022/02/23 19:07:20 christos Exp $");
+__RCSID("$NetBSD: scp.c,v 1.35 2022/04/15 14:00:06 christos Exp $");
#include <sys/param.h> /* roundup MAX */
#include <sys/types.h>
@@ -434,7 +434,7 @@ main(int argc, char **argv)
const char *errstr;
extern char *optarg;
extern int optind;
- enum scp_mode_e mode = MODE_SCP;
+ enum scp_mode_e mode = MODE_SFTP;
char *sftp_direct = NULL;
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
@@ -948,7 +948,7 @@ do_sftp_connect(char *host, char *user,
return NULL;
} else {
- args.list = NULL;
+ freeargs(&args);
addargs(&args, "sftp-server");
if (do_cmd(sftp_direct, host, NULL, -1, 0, "sftp",
reminp, remoutp, pidp) < 0)
Index: src/crypto/external/bsd/openssh/dist/sftp.c
diff -u src/crypto/external/bsd/openssh/dist/sftp.c:1.34 src/crypto/external/bsd/openssh/dist/sftp.c:1.35
--- src/crypto/external/bsd/openssh/dist/sftp.c:1.34 Mon Sep 27 13:03:13 2021
+++ src/crypto/external/bsd/openssh/dist/sftp.c Fri Apr 15 10:00:06 2022
@@ -1,6 +1,5 @@
-/* $NetBSD: sftp.c,v 1.34 2021/09/27 17:03:13 christos Exp $ */
-/* $OpenBSD: sftp.c,v 1.212 2021/09/11 09:05:50 schwarze Exp $ */
-
+/* $NetBSD: sftp.c,v 1.35 2022/04/15 14:00:06 christos Exp $ */
+/* $OpenBSD: sftp.c,v 1.214 2022/03/31 03:07:03 djm Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <d...@openbsd.org>
*
@@ -18,7 +17,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: sftp.c,v 1.34 2021/09/27 17:03:13 christos Exp $");
+__RCSID("$NetBSD: sftp.c,v 1.35 2022/04/15 14:00:06 christos Exp $");
#include <sys/param.h> /* MIN MAX */
#include <sys/types.h>
@@ -123,6 +122,7 @@ enum sftp_command {
I_CHGRP,
I_CHMOD,
I_CHOWN,
+ I_COPY,
I_DF,
I_GET,
I_HELP,
@@ -166,6 +166,8 @@ static const struct CMD cmds[] = {
{ "chgrp", I_CHGRP, REMOTE },
{ "chmod", I_CHMOD, REMOTE },
{ "chown", I_CHOWN, REMOTE },
+ { "copy", I_COPY, REMOTE },
+ { "cp", I_COPY, REMOTE },
{ "df", I_DF, REMOTE },
{ "dir", I_LS, REMOTE },
{ "exit", I_QUIT, NOARGS },
@@ -272,6 +274,8 @@ help(void)
"chgrp [-h] grp path Change group of file 'path' to 'grp'\n"
"chmod [-h] mode path Change permissions of file 'path' to 'mode'\n"
"chown [-h] own path Change owner of file 'path' to 'own'\n"
+ "copy oldpath newpath Copy remote file\n"
+ "cp oldpath newpath Copy remote file\n"
"df [-hi] [path] Display statistics for current directory or\n"
" filesystem containing 'path'\n"
"exit Quit sftp\n"
@@ -1378,6 +1382,10 @@ parse_args(const char **cpp, int *ignore
if ((optidx = parse_link_flags(cmd, argv, argc, sflag)) == -1)
return -1;
goto parse_two_paths;
+ case I_COPY:
+ if ((optidx = parse_no_flags(cmd, argv, argc)) == -1)
+ return -1;
+ goto parse_two_paths;
case I_RENAME:
if ((optidx = parse_rename_flags(cmd, argv, argc, lflag)) == -1)
return -1;
@@ -1551,6 +1559,11 @@ parse_dispatch_command(struct sftp_conn
err = process_put(conn, path1, path2, *pwd, pflag,
rflag, aflag, fflag);
break;
+ case I_COPY:
+ path1 = make_absolute(path1, *pwd);
+ path2 = make_absolute(path2, *pwd);
+ err = do_copy(conn, path1, path2);
+ break;
case I_RENAME:
path1 = make_absolute(path1, *pwd);
path2 = make_absolute(path2, *pwd);
@@ -2277,9 +2290,7 @@ interactive_loop(struct sftp_conn *conn,
static void
connect_to_server(const char *path, char **args, int *in, int *out)
{
- int c_in, c_out;
-
- int inout[2];
+ int c_in, c_out, inout[2];
if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) == -1)
fatal("socketpair: %s", strerror(errno));
Index: src/crypto/external/bsd/openssh/dist/sftp-client.h
diff -u src/crypto/external/bsd/openssh/dist/sftp-client.h:1.15 src/crypto/external/bsd/openssh/dist/sftp-client.h:1.16
--- src/crypto/external/bsd/openssh/dist/sftp-client.h:1.15 Wed Feb 23 14:07:20 2022
+++ src/crypto/external/bsd/openssh/dist/sftp-client.h Fri Apr 15 10:00:06 2022
@@ -1,5 +1,5 @@
-/* $NetBSD: sftp-client.h,v 1.15 2022/02/23 19:07:20 christos Exp $ */
-/* $OpenBSD: sftp-client.h,v 1.35 2022/01/01 01:55:30 jsg Exp $ */
+/* $NetBSD: sftp-client.h,v 1.16 2022/04/15 14:00:06 christos Exp $ */
+/* $OpenBSD: sftp-client.h,v 1.36 2022/03/31 03:07:03 djm Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <d...@openbsd.org>
@@ -120,6 +120,9 @@ int do_statvfs(struct sftp_conn *, const
/* Rename 'oldpath' to 'newpath' */
int do_rename(struct sftp_conn *, const char *, const char *, int);
+/* Copy 'oldpath' to 'newpath' */
+int do_copy(struct sftp_conn *, const char *, const char *);
+
/* Link 'oldpath' to 'newpath' */
int do_hardlink(struct sftp_conn *, const char *, const char *);
Index: src/crypto/external/bsd/openssh/dist/sftp-glob.c
diff -u src/crypto/external/bsd/openssh/dist/sftp-glob.c:1.12 src/crypto/external/bsd/openssh/dist/sftp-glob.c:1.13
--- src/crypto/external/bsd/openssh/dist/sftp-glob.c:1.12 Wed Feb 26 19:24:40 2020
+++ src/crypto/external/bsd/openssh/dist/sftp-glob.c Fri Apr 15 10:00:06 2022
@@ -1,5 +1,5 @@
-/* $NetBSD: sftp-glob.c,v 1.12 2020/02/27 00:24:40 christos Exp $ */
-/* $OpenBSD: sftp-glob.c,v 1.29 2019/11/13 04:47:52 deraadt Exp $ */
+/* $NetBSD: sftp-glob.c,v 1.13 2022/04/15 14:00:06 christos Exp $ */
+/* $OpenBSD: sftp-glob.c,v 1.30 2022/02/25 09:46:24 dtucker Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <d...@openbsd.org>
*
@@ -17,7 +17,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: sftp-glob.c,v 1.12 2020/02/27 00:24:40 christos Exp $");
+__RCSID("$NetBSD: sftp-glob.c,v 1.13 2022/04/15 14:00:06 christos Exp $");
#include <sys/types.h>
#include <sys/stat.h>
Index: src/crypto/external/bsd/openssh/dist/xmalloc.c
diff -u src/crypto/external/bsd/openssh/dist/xmalloc.c:1.12 src/crypto/external/bsd/openssh/dist/xmalloc.c:1.13
--- src/crypto/external/bsd/openssh/dist/xmalloc.c:1.12 Wed Feb 26 19:24:40 2020
+++ src/crypto/external/bsd/openssh/dist/xmalloc.c Fri Apr 15 10:00:06 2022
@@ -1,5 +1,5 @@
-/* $NetBSD: xmalloc.c,v 1.12 2020/02/27 00:24:40 christos Exp $ */
-/* $OpenBSD: xmalloc.c,v 1.36 2019/11/12 22:32:48 djm Exp $ */
+/* $NetBSD: xmalloc.c,v 1.13 2022/04/15 14:00:06 christos Exp $ */
+/* $OpenBSD: xmalloc.c,v 1.37 2022/03/13 23:27:54 cheloha Exp $ */
/*
* Author: Tatu Ylonen <y...@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <y...@cs.hut.fi>, Espoo, Finland
@@ -15,7 +15,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: xmalloc.c,v 1.12 2020/02/27 00:24:40 christos Exp $");
+__RCSID("$NetBSD: xmalloc.c,v 1.13 2022/04/15 14:00:06 christos Exp $");
#include <sys/param.h>
#include <stdarg.h>
#include <stdint.h>
@@ -91,8 +91,7 @@ xstrdup(const char *str)
len = strlen(str) + 1;
cp = xmalloc(len);
- strlcpy(cp, str, len);
- return cp;
+ return memcpy(cp, str, len);
}
int
Index: src/crypto/external/bsd/openssh/dist/sftp.1
diff -u src/crypto/external/bsd/openssh/dist/sftp.1:1.25 src/crypto/external/bsd/openssh/dist/sftp.1:1.26
--- src/crypto/external/bsd/openssh/dist/sftp.1:1.25 Thu Sep 2 07:26:18 2021
+++ src/crypto/external/bsd/openssh/dist/sftp.1 Fri Apr 15 10:00:06 2022
@@ -1,5 +1,5 @@
-.\" $NetBSD: sftp.1,v 1.25 2021/09/02 11:26:18 christos Exp $
-.\" $OpenBSD: sftp.1,v 1.138 2021/07/02 05:11:21 dtucker Exp $
+.\" $NetBSD: sftp.1,v 1.26 2022/04/15 14:00:06 christos Exp $
+.\" $OpenBSD: sftp.1,v 1.140 2022/03/31 17:27:27 naddy Exp $
.\"
.\" Copyright (c) 2001 Damien Miller. All rights reserved.
.\"
@@ -23,7 +23,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd July 2 2021
+.Dd March 31 2022
.Dt SFTP 1
.Os
.Sh NAME
@@ -127,7 +127,7 @@ Batch mode reads a series of commands fr
.Ar batchfile
instead of
.Em stdin .
-Since it lacks user interaction it should be used in conjunction with
+Since it lacks user interaction, it should be used in conjunction with
non-interactive authentication to obviate the need to enter a password
at connection time (see
.Xr sshd 8
@@ -145,7 +145,7 @@ will abort if any of the following
commands fail:
.Ic get , put , reget , reput , rename , ln ,
.Ic rm , mkdir , chdir , ls ,
-.Ic lchdir , chmod , chown ,
+.Ic lchdir , copy , cp , chmod , chown ,
.Ic chgrp , lpwd , df , symlink ,
and
.Ic lmkdir .
@@ -402,6 +402,18 @@ If the
flag is specified, then symlinks will not be followed.
Note that this is only supported by servers that implement
the "lsets...@openssh.com" extension.
+.It Ic copy Ar oldpath Ar newpath
+Copy remote file from
+.Ar oldpath
+to
+.Ar newpath .
+.Pp
+Note that this is only supported by servers that implement the "copy-data"
+extension.
+.It Ic cp Ar oldpath Ar newpath
+Alias to
+.Ic copy
+command.
.It Xo Ic df
.Op Fl hi
.Op Ar path
Index: src/crypto/external/bsd/openssh/dist/ssh-agent.1
diff -u src/crypto/external/bsd/openssh/dist/ssh-agent.1:1.16 src/crypto/external/bsd/openssh/dist/ssh-agent.1:1.17
--- src/crypto/external/bsd/openssh/dist/ssh-agent.1:1.16 Fri Dec 4 13:42:50 2020
+++ src/crypto/external/bsd/openssh/dist/ssh-agent.1 Fri Apr 15 10:00:06 2022
@@ -1,5 +1,5 @@
-.\" $NetBSD: ssh-agent.1,v 1.16 2020/12/04 18:42:50 christos Exp $
-.\" $OpenBSD: ssh-agent.1,v 1.72 2020/06/22 05:52:05 djm Exp $
+.\" $NetBSD: ssh-agent.1,v 1.17 2022/04/15 14:00:06 christos Exp $
+.\" $OpenBSD: ssh-agent.1,v 1.73 2022/03/31 17:27:27 naddy Exp $
.\"
.\"
.\" Author: Tatu Ylonen <y...@cs.hut.fi>
@@ -36,7 +36,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd June 22 2020
+.Dd March 31 2022
.Dt SSH-AGENT 1
.Os
.Sh NAME
@@ -84,12 +84,12 @@ This is the default if
looks like it's a csh style of shell.
.It Fl D
Foreground mode.
-When this option is specified
+When this option is specified,
.Nm
will not fork.
.It Fl d
Debug mode.
-When this option is specified
+When this option is specified,
.Nm
will not fork and will write debug information to standard error.
.It Fl E Ar fingerprint_hash
Index: src/crypto/external/bsd/openssh/dist/ssh-keygen.c
diff -u src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.42 src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.43
--- src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.42 Wed Feb 23 14:07:20 2022
+++ src/crypto/external/bsd/openssh/dist/ssh-keygen.c Fri Apr 15 10:00:06 2022
@@ -1,5 +1,5 @@
-/* $NetBSD: ssh-keygen.c,v 1.42 2022/02/23 19:07:20 christos Exp $ */
-/* $OpenBSD: ssh-keygen.c,v 1.448 2022/02/01 23:32:51 djm Exp $ */
+/* $NetBSD: ssh-keygen.c,v 1.43 2022/04/15 14:00:06 christos Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.450 2022/03/18 02:32:22 djm Exp $ */
/*
* Author: Tatu Ylonen <y...@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <y...@cs.hut.fi>, Espoo, Finland
@@ -14,7 +14,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: ssh-keygen.c,v 1.42 2022/02/23 19:07:20 christos Exp $");
+__RCSID("$NetBSD: ssh-keygen.c,v 1.43 2022/04/15 14:00:06 christos Exp $");
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/stat.h>
@@ -3515,6 +3515,13 @@ main(int argc, char **argv)
return sig_sign(identity_file, cert_principals,
argc, argv, opts, nopts);
} else if (strncmp(sign_op, "check-novalidate", 16) == 0) {
+ /* NB. cert_principals is actually namespace, via -n */
+ if (cert_principals == NULL ||
+ *cert_principals == '\0') {
+ error("Too few arguments for check-novalidate: "
+ "missing namespace");
+ exit(1);
+ }
if (ca_key_path == NULL) {
error("Too few arguments for check-novalidate: "
"missing signature file");
Index: src/crypto/external/bsd/openssh/dist/ssh-keysign.8
diff -u src/crypto/external/bsd/openssh/dist/ssh-keysign.8:1.13 src/crypto/external/bsd/openssh/dist/ssh-keysign.8:1.14
--- src/crypto/external/bsd/openssh/dist/ssh-keysign.8:1.13 Wed Feb 26 19:24:40 2020
+++ src/crypto/external/bsd/openssh/dist/ssh-keysign.8 Fri Apr 15 10:00:06 2022
@@ -1,5 +1,5 @@
-.\" $NetBSD: ssh-keysign.8,v 1.13 2020/02/27 00:24:40 christos Exp $
-.\" $OpenBSD: ssh-keysign.8,v 1.16 2019/11/30 07:07:59 jmc Exp $
+.\" $NetBSD: ssh-keysign.8,v 1.14 2022/04/15 14:00:06 christos Exp $
+.\" $OpenBSD: ssh-keysign.8,v 1.17 2022/03/31 17:27:27 naddy Exp $
.\"
.\" Copyright (c) 2002 Markus Friedl. All rights reserved.
.\"
@@ -23,7 +23,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd November 30 2019
+.Dd March 31 2022
.Dt SSH-KEYSIGN 8
.Os
.Sh NAME
@@ -78,7 +78,7 @@ must be set-uid root if host-based authe
.It Pa /etc/ssh/ssh_host_ecdsa_key-cert.pub
.It Pa /etc/ssh/ssh_host_ed25519_key-cert.pub
.It Pa /etc/ssh/ssh_host_rsa_key-cert.pub
-If these files exist they are assumed to contain public certificate
+If these files exist, they are assumed to contain public certificate
information corresponding with the private keys above.
.El
.Sh SEE ALSO
Index: src/crypto/external/bsd/openssh/dist/ssh.1
diff -u src/crypto/external/bsd/openssh/dist/ssh.1:1.32 src/crypto/external/bsd/openssh/dist/ssh.1:1.33
--- src/crypto/external/bsd/openssh/dist/ssh.1:1.32 Wed Feb 23 14:07:20 2022
+++ src/crypto/external/bsd/openssh/dist/ssh.1 Fri Apr 15 10:00:06 2022
@@ -1,4 +1,4 @@
-.\" $NetBSD: ssh.1,v 1.32 2022/02/23 19:07:20 christos Exp $
+.\" $NetBSD: ssh.1,v 1.33 2022/04/15 14:00:06 christos Exp $
.\" -*- nroff -*-
.\"
.\" Author: Tatu Ylonen <y...@cs.hut.fi>
@@ -35,8 +35,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.429 2022/02/06 00:29:03 jsg Exp $
-.Dd February 6 2022
+.\" $OpenBSD: ssh.1,v 1.430 2022/03/31 17:27:27 naddy Exp $
+.Dd March 31 2022
.Dt SSH 1
.Os
.Sh NAME
@@ -707,7 +707,7 @@ argument is
the listen port will be dynamically allocated on the server and reported
to the client at run time.
When used together with
-.Ic -O forward
+.Ic -O forward ,
the allocated port will be printed to the standard output.
.Pp
.It Fl S Ar ctl_path
@@ -1047,7 +1047,7 @@ the user a normal shell as an interactiv
All communication with
the remote command or shell will be automatically encrypted.
.Pp
-If an interactive session is requested
+If an interactive session is requested,
.Nm
by default will only request a pseudo-terminal (pty) for interactive
sessions when the client has one.
@@ -1057,7 +1057,7 @@ and
.Fl t
can be used to override this behaviour.
.Pp
-If a pseudo-terminal has been allocated the
+If a pseudo-terminal has been allocated, the
user may use the escape characters noted below.
.Pp
If no pseudo-terminal has been allocated,
Index: src/crypto/external/bsd/openssh/dist/ssh_config.5
diff -u src/crypto/external/bsd/openssh/dist/ssh_config.5:1.33 src/crypto/external/bsd/openssh/dist/ssh_config.5:1.34
--- src/crypto/external/bsd/openssh/dist/ssh_config.5:1.33 Wed Feb 23 14:07:20 2022
+++ src/crypto/external/bsd/openssh/dist/ssh_config.5 Fri Apr 15 10:00:06 2022
@@ -1,4 +1,4 @@
-.\" $NetBSD: ssh_config.5,v 1.33 2022/02/23 19:07:20 christos Exp $
+.\" $NetBSD: ssh_config.5,v 1.34 2022/04/15 14:00:06 christos Exp $
.\" -*- nroff -*-
.\"
.\" Author: Tatu Ylonen <y...@cs.hut.fi>
@@ -35,8 +35,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.369 2022/02/15 05:13:36 djm Exp $
-.Dd February 15 2022
+.\" $OpenBSD: ssh_config.5,v 1.371 2022/03/31 17:58:44 naddy Exp $
+.Dd March 31 2022
.Dt SSH_CONFIG 5
.Os
.Sh NAME
@@ -437,7 +437,7 @@ directives will add to the list of certi
authentication.
.It Cm CheckHostIP
If set to
-.Cm yes
+.Cm yes ,
.Xr ssh 1
will additionally check the host IP address in the
.Pa known_hosts
@@ -1168,9 +1168,9 @@ character, then the specified algorithms
default set.
The default is:
.Bd -literal -offset indent
+sntrup761x25519-sha...@openssh.com,
curve25519-sha256,curve25519-sha...@libssh.org,
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
-sntrup761x25519-sha...@openssh.com,
diffie-hellman-group-exchange-sha256,
diffie-hellman-group16-sha512,
diffie-hellman-group18-sha512,
@@ -1584,7 +1584,7 @@ If forwarding to a specific destination
or a Unix domain socket path,
otherwise if no destination argument is specified then the remote forwarding
will be established as a SOCKS proxy.
-When acting as a SOCKS proxy the destination of the connection can be
+When acting as a SOCKS proxy, the destination of the connection can be
restricted by
.Cm PermitRemoteOpen .
.Pp
Index: src/crypto/external/bsd/openssh/dist/sshd.c
diff -u src/crypto/external/bsd/openssh/dist/sshd.c:1.45 src/crypto/external/bsd/openssh/dist/sshd.c:1.46
--- src/crypto/external/bsd/openssh/dist/sshd.c:1.45 Wed Feb 23 14:07:20 2022
+++ src/crypto/external/bsd/openssh/dist/sshd.c Fri Apr 15 10:00:06 2022
@@ -1,5 +1,5 @@
-/* $NetBSD: sshd.c,v 1.45 2022/02/23 19:07:20 christos Exp $ */
-/* $OpenBSD: sshd.c,v 1.583 2022/02/01 07:57:32 dtucker Exp $ */
+/* $NetBSD: sshd.c,v 1.46 2022/04/15 14:00:06 christos Exp $ */
+/* $OpenBSD: sshd.c,v 1.585 2022/03/18 04:04:11 djm Exp $ */
/*
* Author: Tatu Ylonen <y...@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <y...@cs.hut.fi>, Espoo, Finland
@@ -44,7 +44,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: sshd.c,v 1.45 2022/02/23 19:07:20 christos Exp $");
+__RCSID("$NetBSD: sshd.c,v 1.46 2022/04/15 14:00:06 christos Exp $");
#include <sys/types.h>
#include <sys/param.h>
#include <sys/ioctl.h>
@@ -1105,9 +1105,9 @@ static void
server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
{
struct pollfd *pfd = NULL;
- int i, j, ret;
+ int i, j, ret, npfd;
int ostartups = -1, startups = 0, listening = 0, lameduck = 0;
- int startup_p[2] = { -1 , -1 };
+ int startup_p[2] = { -1 , -1 }, *startup_pollfd;
char c = 0;
struct sockaddr_storage from;
socklen_t fromlen;
@@ -1118,6 +1118,7 @@ server_accept_loop(int *sock_in, int *so
/* pipes connected to unauthenticated child sshd processes */
startup_pipes = xcalloc(options.max_startups, sizeof(int));
startup_flags = xcalloc(options.max_startups, sizeof(int));
+ startup_pollfd = xcalloc(options.max_startups, sizeof(int));
for (i = 0; i < options.max_startups; i++)
startup_pipes[i] = -1;
@@ -1134,6 +1135,7 @@ server_accept_loop(int *sock_in, int *so
sigaddset(&nsigset, SIGTERM);
sigaddset(&nsigset, SIGQUIT);
+ /* sized for worst-case */
pfd = xcalloc(num_listen_socks + options.max_startups,
sizeof(struct pollfd));
@@ -1173,24 +1175,31 @@ server_accept_loop(int *sock_in, int *so
pfd[i].fd = listen_socks[i];
pfd[i].events = POLLIN;
}
+ npfd = num_listen_socks;
for (i = 0; i < options.max_startups; i++) {
- pfd[num_listen_socks+i].fd = startup_pipes[i];
- if (startup_pipes[i] != -1)
- pfd[num_listen_socks+i].events = POLLIN;
+ startup_pollfd[i] = -1;
+ if (startup_pipes[i] != -1) {
+ pfd[npfd].fd = startup_pipes[i];
+ pfd[npfd].events = POLLIN;
+ startup_pollfd[i] = npfd++;
+ }
}
/* Wait until a connection arrives or a child exits. */
- ret = ppoll(pfd, num_listen_socks + options.max_startups,
- NULL, &osigset);
- if (ret == -1 && errno != EINTR)
+ ret = ppoll(pfd, npfd, NULL, &osigset);
+ if (ret == -1 && errno != EINTR) {
error("ppoll: %.100s", strerror(errno));
+ if (errno == EINVAL)
+ cleanup_exit(1); /* can't recover */
+ }
sigprocmask(SIG_SETMASK, &osigset, NULL);
if (ret == -1)
continue;
for (i = 0; i < options.max_startups; i++) {
if (startup_pipes[i] == -1 ||
- !(pfd[num_listen_socks+i].revents & (POLLIN|POLLHUP)))
+ startup_pollfd[i] == -1 ||
+ !(pfd[startup_pollfd[i]].revents & (POLLIN|POLLHUP)))
continue;
switch (read(startup_pipes[i], &c, sizeof(c))) {
case -1:
@@ -1675,7 +1684,7 @@ main(int ac, char **av)
load_server_config(config_file_name, cfg);
parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name,
- cfg, &includes, NULL);
+ cfg, &includes, NULL, rexeced_flag);
#ifdef WITH_OPENSSL
if (options.moduli_file != NULL)
Index: src/crypto/external/bsd/openssh/dist/sshd_config.5
diff -u src/crypto/external/bsd/openssh/dist/sshd_config.5:1.37 src/crypto/external/bsd/openssh/dist/sshd_config.5:1.38
--- src/crypto/external/bsd/openssh/dist/sshd_config.5:1.37 Wed Feb 23 14:07:20 2022
+++ src/crypto/external/bsd/openssh/dist/sshd_config.5 Fri Apr 15 10:00:06 2022
@@ -1,4 +1,4 @@
-.\" $NetBSD: sshd_config.5,v 1.37 2022/02/23 19:07:20 christos Exp $
+.\" $NetBSD: sshd_config.5,v 1.38 2022/04/15 14:00:06 christos Exp $
.\" -*- nroff -*-
.\"
.\" Author: Tatu Ylonen <y...@cs.hut.fi>
@@ -35,8 +35,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.339 2021/12/04 00:05:39 naddy Exp $
-.Dd December 4 2021
+.\" $OpenBSD: sshd_config.5,v 1.340 2022/03/31 17:58:44 naddy Exp $
+.Dd March 31 2022
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@@ -964,9 +964,9 @@ sntrup761x25519-sha...@openssh.com
.Pp
The default is:
.Bd -literal -offset indent
+sntrup761x25519-sha...@openssh.com,
curve25519-sha256,curve25519-sha...@libssh.org,
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
-sntrup761x25519-sha...@openssh.com,
diffie-hellman-group-exchange-sha256,
diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,
diffie-hellman-group14-sha256
Index: src/crypto/external/bsd/openssh/dist/sshsig.c
diff -u src/crypto/external/bsd/openssh/dist/sshsig.c:1.8 src/crypto/external/bsd/openssh/dist/sshsig.c:1.9
--- src/crypto/external/bsd/openssh/dist/sshsig.c:1.8 Wed Feb 23 14:07:20 2022
+++ src/crypto/external/bsd/openssh/dist/sshsig.c Fri Apr 15 10:00:06 2022
@@ -1,5 +1,5 @@
-/* $NetBSD: sshsig.c,v 1.8 2022/02/23 19:07:20 christos Exp $ */
-/* $OpenBSD: sshsig.c,v 1.28 2022/02/01 23:34:47 djm Exp $ */
+/* $NetBSD: sshsig.c,v 1.9 2022/04/15 14:00:06 christos Exp $ */
+/* $OpenBSD: sshsig.c,v 1.29 2022/03/30 04:27:51 djm Exp $ */
/*
* Copyright (c) 2019 Google LLC
*
@@ -16,7 +16,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
-__RCSID("$NetBSD: sshsig.c,v 1.8 2022/02/23 19:07:20 christos Exp $");
+__RCSID("$NetBSD: sshsig.c,v 1.9 2022/04/15 14:00:06 christos Exp $");
#include <stdio.h>
#include <stdlib.h>
@@ -740,7 +740,7 @@ parse_principals_key_and_options(const c
return SSH_ERR_KEY_NOT_FOUND; /* blank or all-comment line */
/* format: identity[,identity...] [option[,option...]] key */
- if ((tmp = strdelimw(&cp)) == NULL) {
+ if ((tmp = strdelimw(&cp)) == NULL || cp == NULL) {
error("%s:%lu: invalid line", path, linenum);
r = SSH_ERR_INVALID_FORMAT;
goto out;
@@ -778,6 +778,11 @@ parse_principals_key_and_options(const c
r = SSH_ERR_INVALID_FORMAT;
goto out;
}
+ if (cp == NULL || *cp == '\0') {
+ error("%s:%lu: missing key", path, linenum);
+ r = SSH_ERR_INVALID_FORMAT;
+ goto out;
+ }
*cp++ = '\0';
skip_space(&cp);
if (sshkey_read(key, &cp) != 0) {
