remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server
sending unexpected filenames, but it comes at a risk of rejecting wanted
files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen
fix approach suggested by markus@;
has been in snaps for ~1wk courtesy deraadt@
OpenBSD-Commit-ID: 00f44b50d2be8e321973f3c6d014260f8f7a8eda
when accepting an unknown host key. This allows you to paste a fingerprint
obtained out of band into the yes/no prompt and have the client do the
comparison for you. ok markus@ djm@
OpenBSD-Commit-ID: 3c47d10b9f43d3d345e044fd9ec09709583a2767
end of each transfer. Fixes the problem recently introduces where very quick
transfers do not display the progressmeter at all. Spotted by naddy@
OpenBSD-Commit-ID: 68dc46c259e8fdd4f5db3ec2a130f8e4590a7a9a
in OpenBSD (they are the same value) but makes things easier in -portable
where they may be distinct values. "sigh ok" deraadt@
(ID sync only, portable already had this change).
OpenBSD-Commit-ID: 91f2bc7c0ecec905915ed59fa37feb9cc90e17d7
*ONLY IF* there's a delimiter. If there's not (the common case) it checked
uninitialized memory, which usually passed, but if not would cause spurious
failures when the uninitialized memory happens to contain "/". ok deraadt.
OpenBSD-Commit-ID: 4291611eaf2a53d4c92f4a57c7f267c9f944e0d3
host/port was added in 2001 as an alternative to host:port syntax for
the benefit of IPv6 users. These days there are establised standards
for this like [::1]:22 and the slash syntax is easily mistaken for CIDR
notation, which OpenSSH now supports for some things. Remove the slash
notation from ListenAddress and PermitOpen. bz#2335, patch from jjelen
at redhat.com, ok markus@
OpenBSD-Commit-ID: fae5f4e23c51a368d6b2d98376069ac2b10ad4b7
generation. It's not mentioned in RFC4419 and it's not possible for
Sophie-Germain primes greater than 5. bz#2330, from Christian Wittenhorst ,
ok djm@ tb@
OpenBSD-Commit-ID: 1467652e6802ad3333b0959282d8d49dfe22c8cd
the progressmeter formatting outside of signal handler context and have the
atomicio callback called for EINTR too. bz#2434 with contributions from djm
and jjelen at redhat.com, ok djm@
OpenBSD-Commit-ID: 1af61c1f70e4f3bd8ab140b9f1fa699481db57d8
In the cases where we can't compare to read or readv function pointers
for some reason we currently ifdef out the poll() used to block while
waiting for reads or writes, falling back to busy waiting. This restores
the poll() in this case, but has it always check for read or write,
removing an inline ifdef in the process.
input buffer is too full to read one, or if the output buffer is too full to
enqueue a response; feedback & ok dtucker@
OpenBSD-Commit-ID: df3c5b6d57c968975875de40d8955cbfed05a6c8
initial login, the attempt at reading the PIN could be skipped in some cases
especially on devices with integrated PIN readers.
based on patch from Daniel Kucera in bz#2652; ok markus@
OpenBSD-Commit-ID: fad70a61c60610afe8bb0db538c90e343e75e58e
requring a fresh login after the C_SignInit operation.
based on patch from Jakub Jelen in bz#2638; ok markus
OpenBSD-Commit-ID: a76e66996ba7c0923b46b74d46d499b811786661
support it
Be more explicit in the description of -m about where it may be used
Prompted by Jakub Jelen in bz2904
OpenBSD-Commit-ID: 3b398ac5e05d8a6356710d0ff114536c9d71046c
libpqcrypto; the latter is almost identical but doesn't rely on signed
underflow to implement an optimised integer sort; from markus@
OpenBSD-Commit-ID: cd09bbf0e0fcef1bedca69fdf7990dc360567cf8
debug verbosity.
Make ssh-agent turn on ssh-pkcs11-helper's verbosity when it is run
in debug mode ("ssh-agent -d"), so we get to see errors from the
PKCS#11 code.
ok markus@
OpenBSD-Commit-ID: 0a798643c6a92a508df6bd121253ba1c8bee659d
