https://bugzilla.mindrot.org/show_bug.cgi?id=3603
Bug ID: 3603
Summary: ssh clients can't communicate with server with default
cipher when fips is enabled at server end
Product: Portable OpenSSH
Version: 9.4p1
Hardware:
https://bugzilla.mindrot.org/show_bug.cgi?id=3602
Bug ID: 3602
Summary: Limit artificial delay to some reasonable limit
Product: Portable OpenSSH
Version: 9.4p1
Hardware: Other
OS: Linux
Status: NEW
https://bugzilla.mindrot.org/show_bug.cgi?id=3601
Darren Tucker changed:
What|Removed |Added
CC||dtuc...@dtucker.net
--- Comment #1 from
https://bugzilla.mindrot.org/show_bug.cgi?id=3601
Bug ID: 3601
Summary: Cannot change password if no password is given
Product: Portable OpenSSH
Version: 8.1p1
Hardware: 68k
OS: Mac OS X
Status: NEW
https://bugzilla.mindrot.org/show_bug.cgi?id=3599
--- Comment #7 from Shreenidhi Shedi ---
Hi Damien Miller,
Any inputs on when this will get merged? I mean when will this be a
part of github repo? Thanks.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You
https://bugzilla.mindrot.org/show_bug.cgi?id=3599
--- Comment #6 from Shreenidhi Shedi ---
Okay, that looks fine. I was expecting these new pointers to get freed
programmatically, if we are delegating that job to system, that's fine
too. Thanks for the response.
--
You are receiving this mail
https://bugzilla.mindrot.org/show_bug.cgi?id=3599
--- Comment #5 from Damien Miller ---
It won't until the program exits. It will be around for the life of the
process because it's needed for the life of the process
--
You are receiving this mail because:
You are watching the assignee of the
https://bugzilla.mindrot.org/show_bug.cgi?id=3599
--- Comment #4 from Shreenidhi Shedi ---
One query, take this for example.
```
macs = xstrdup(optarg + 5);
```
When will macs get freed?
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are
https://bugzilla.mindrot.org/show_bug.cgi?id=3599
--- Comment #3 from Shreenidhi Shedi ---
Awesome, yes. These additional changes makes this fix complete for now.
Thanks a lot.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the
https://bugzilla.mindrot.org/show_bug.cgi?id=3598
--- Comment #12 from Damien Miller ---
> This seems like a bit too large of a change to go in so close to a release?
oh sure, not proposing this for 9.4 but afterwards
--
You are receiving this mail because:
You are watching the assignee of
https://bugzilla.mindrot.org/show_bug.cgi?id=3598
Damien Miller changed:
What|Removed |Added
Attachment #3714|0 |1
is obsolete|
https://bugzilla.mindrot.org/show_bug.cgi?id=3236
Michael Yagliyan changed:
What|Removed |Added
CC||burnsmellfact...@gmail.com
--
You
https://bugzilla.mindrot.org/show_bug.cgi?id=3598
Damien Miller changed:
What|Removed |Added
Attachment #3714|ok?(dtuc...@dtucker.net)|
Flags|
https://bugzilla.mindrot.org/show_bug.cgi?id=3598
Damien Miller changed:
What|Removed |Added
Attachment #3711|ok?(dtuc...@dtucker.net)|
Flags|
https://bugzilla.mindrot.org/show_bug.cgi?id=3600
Bug ID: 3600
Summary: please make ssh-keygen symlink aware for proper
handling of hosts removal in symlinked known_hosts
Product: Portable OpenSSH
Version: 9.3p2
Hardware:
https://bugzilla.mindrot.org/show_bug.cgi?id=3595
--- Comment #4 from Darren Tucker ---
(In reply to soup_79 from comment #3)
> It is a gentoo based system.
then why are you installing mixed library and header versions?
I don't think we would be interested in relaxing the default checks as
it
https://bugzilla.mindrot.org/show_bug.cgi?id=3599
--- Comment #1 from Shreenidhi Shedi ---
Created attachment 3713
--> https://bugzilla.mindrot.org/attachment.cgi?id=3713=edit
attempt to fix.
Tried fixing the issue. PTAL.
I'm unaware of the development process in this project, so raised a
https://bugzilla.mindrot.org/show_bug.cgi?id=3599
Shreenidhi Shedi changed:
What|Removed |Added
CC||d...@mindrot.org,
|
https://bugzilla.mindrot.org/show_bug.cgi?id=3599
Bug ID: 3599
Summary: How to scan for keys when sshd server has fips
enabled?
Product: Portable OpenSSH
Version: 9.3p2
Hardware: All
OS: Linux
https://bugzilla.mindrot.org/show_bug.cgi?id=3566
--- Comment #1 from Shreenidhi Shedi ---
Probably the attached patch is incorrect, if you think this is a valid
issue; I'll try to come up with a better solution and inputs welcome.
--
Shedi
--
You are receiving this mail because:
You are
https://bugzilla.mindrot.org/show_bug.cgi?id=3566
Shreenidhi Shedi changed:
What|Removed |Added
CC||d...@mindrot.org
--
You are
https://bugzilla.mindrot.org/show_bug.cgi?id=3566
Shreenidhi Shedi changed:
What|Removed |Added
CC||dtuc...@dtucker.net
--
You are
https://bugzilla.mindrot.org/show_bug.cgi?id=3595
--- Comment #3 from soup...@hotmail.com ---
It is a gentoo based system.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
https://bugzilla.mindrot.org/show_bug.cgi?id=1975
--- Comment #2 from Damien Miller ---
Implemented in https://github.com/djmdjm/openssh-wip/pull/23
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
https://bugzilla.mindrot.org/show_bug.cgi?id=3598
--- Comment #5 from Damien Miller ---
nerfing sigdie would mean that we lose the following log messages:
auth-pam.c: sigdie("PAM: authentication thread exited
unexpectedly");
auth-pam.c: sigdie("PAM: authentication thread
https://bugzilla.mindrot.org/show_bug.cgi?id=3598
Damien Miller changed:
What|Removed |Added
CC||d...@mindrot.org
--- Comment #3 from
https://bugzilla.mindrot.org/show_bug.cgi?id=3598
--- Comment #2 from mzhan017 ---
Darren,
Yes, you're correct.
We could be blocked in the first syslog call, even without the dead
lock.
But still could face the issue of the number of process/memory usage
kept increasing.
Is it possible to
https://bugzilla.mindrot.org/show_bug.cgi?id=3598
Darren Tucker changed:
What|Removed |Added
CC||dtuc...@dtucker.net
--- Comment #1 from
https://bugzilla.mindrot.org/show_bug.cgi?id=3598
Bug ID: 3598
Summary: Dead lock of sshd and Defunct of sshd
Product: Portable OpenSSH
Version: 9.1p1
Hardware: ix86
OS: Linux
Status: NEW
Severity: normal
https://bugzilla.mindrot.org/show_bug.cgi?id=3597
--- Comment #3 from Damien Miller ---
> For lower version, before openssh-8.9p1, only checking the
> value of remote_add_provider is stricter, although it may
> cause some problems else.
That won't work. Older versions have no way of telling
https://bugzilla.mindrot.org/show_bug.cgi?id=3597
--- Comment #2 from renmingshuai ---
(In reply to Damien Miller from comment #1)
> remote_add_provider indicates whether the user has allowed remote
> ssh-agent clients to add PKCS#11 providers.
>
> e->nsession_ids>0 indicates that a session is
https://bugzilla.mindrot.org/show_bug.cgi?id=3597
Damien Miller changed:
What|Removed |Added
Resolution|--- |WORKSFORME
Status|NEW
https://bugzilla.mindrot.org/show_bug.cgi?id=3597
Bug ID: 3597
Summary: Why do we check both nsession_ids and
remote_add_provider when judging whether allow remote
addition of FIDO/PKCS11 provider libraries is
https://bugzilla.mindrot.org/show_bug.cgi?id=3596
Bug ID: 3596
Summary: Add support of RADIUS for AAA (Authentication,
Authorization, Accounting)
Product: Portable OpenSSH
Version: -current
Hardware: All
https://bugzilla.mindrot.org/show_bug.cgi?id=3595
Darren Tucker changed:
What|Removed |Added
CC||dtuc...@dtucker.net
--- Comment #2 from
https://bugzilla.mindrot.org/show_bug.cgi?id=3595
--- Comment #1 from soup...@hotmail.com ---
The versions in question are
Version: openssh-9.3_p2
Openssl: OpenSSL 3.0.8 7 Feb 2023 (Library: OpenSSL 3.1.1 30 May 2023)
--
You are receiving this mail because:
You are watching the assignee of the
https://bugzilla.mindrot.org/show_bug.cgi?id=3595
Bug ID: 3595
Summary: Configure.ac Check Header Versions
Product: Portable OpenSSH
Version: 9.3p1
Hardware: amd64
OS: Linux
Status: NEW
Severity:
https://bugzilla.mindrot.org/show_bug.cgi?id=3594
--- Comment #3 from Marc Deslauriers ---
Yes, I cherry picked that commit when fixing Ubuntu.
Thanks for your response, I just wanted to make sure this change was
intentional.
--
You are receiving this mail because:
You are watching the
https://bugzilla.mindrot.org/show_bug.cgi?id=3594
--- Comment #2 from Damien Miller ---
I should add that the change that causes this has not been released
yet. It will be part of OpenSSH 9.4 which is due pretty soon. I guess
somebody has mistakenly cherry-picked it somewhere? It is not required
https://bugzilla.mindrot.org/show_bug.cgi?id=3594
Damien Miller changed:
What|Removed |Added
Resolution|--- |WONTFIX
Status|NEW
https://bugzilla.mindrot.org/show_bug.cgi?id=1948
Damien Miller changed:
What|Removed |Added
Status|REOPENED|RESOLVED
Resolution|---
https://bugzilla.mindrot.org/show_bug.cgi?id=3549
Damien Miller changed:
What|Removed |Added
Depends on||3589
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=3549
Bug 3549 depends on bug 3589, which changed state.
Bug 3589 Summary: ControlMaster auto, persist and -f fail.
https://bugzilla.mindrot.org/show_bug.cgi?id=3589
What|Removed |Added
https://bugzilla.mindrot.org/show_bug.cgi?id=3589
Damien Miller changed:
What|Removed |Added
Blocks||3549
Status|ASSIGNED
https://bugzilla.mindrot.org/show_bug.cgi?id=3594
Bug ID: 3594
Summary: PKCS11Provider now requires full paths
Product: Portable OpenSSH
Version: 9.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity:
https://bugzilla.mindrot.org/show_bug.cgi?id=3589
--- Comment #6 from Peter Chubb ---
Yay! the latest patch seems to work (more consistently than my
half-baked ones anyway)
Thanks!
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on
https://bugzilla.mindrot.org/show_bug.cgi?id=3589
Darren Tucker changed:
What|Removed |Added
Attachment #3709|ok?(dtuc...@dtucker.net)|ok+
Flags|
https://bugzilla.mindrot.org/show_bug.cgi?id=3589
Damien Miller changed:
What|Removed |Added
CC||dtuc...@dtucker.net
Attachment #3709|
https://bugzilla.mindrot.org/show_bug.cgi?id=3589
Damien Miller changed:
What|Removed |Added
Assignee|unassigned-b...@mindrot.org |d...@mindrot.org
Status|NEW
https://bugzilla.mindrot.org/show_bug.cgi?id=1948
--- Comment #23 from Damien Miller ---
I don't think that's right, because fork_after_authentication flag is
unconditionally set for ControlPersist sessions and this will cause
them always to daemonise regardless of -f being specified.
I think I
https://bugzilla.mindrot.org/show_bug.cgi?id=1948
Damien Miller changed:
What|Removed |Added
Attachment #3705|application/octet-stream|text/plain
mime type|
https://bugzilla.mindrot.org/show_bug.cgi?id=3589
--- Comment #4 from Peter Chubb ---
https://bugzilla.mindrot.org/attachment.cgi?id=3705
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
https://bugzilla.mindrot.org/show_bug.cgi?id=3589
--- Comment #3 from Peter Chubb ---
For that you need the new patch I appended to
https://bugzilla.mindrot.org/show_bug.cgi?id=1948
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the
https://bugzilla.mindrot.org/show_bug.cgi?id=3589
Damien Miller changed:
What|Removed |Added
CC||d...@mindrot.org
--- Comment #2 from
https://bugzilla.mindrot.org/show_bug.cgi?id=3589
--- Comment #1 from Peter Chubb ---
Created attachment 3708
--> https://bugzilla.mindrot.org/attachment.cgi?id=3708=edit
Possible fix.
--
You are receiving this mail because:
You are watching the assignee of the bug.
https://bugzilla.mindrot.org/show_bug.cgi?id=3593
Bug ID: 3593
Summary: 26/07/2023 4:47Am
Product: Portable OpenSSH
Version: 9.3p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
https://bugzilla.mindrot.org/show_bug.cgi?id=3592
Bug ID: 3592
Summary: 26/07/2023 4:47Am
Product: Portable OpenSSH
Version: 9.3p1
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P5
https://bugzilla.mindrot.org/show_bug.cgi?id=3591
--- Comment #1 from nec...@apple.com ---
Related bugs that contain patches that would add nlink file attributes
extensions:
https://bugzilla.mindrot.org/show_bug.cgi?id=1555
https://bugzilla.mindrot.org/show_bug.cgi?id=2579
--
You are receiving
https://bugzilla.mindrot.org/show_bug.cgi?id=3590
Damien Miller changed:
What|Removed |Added
Status|NEW |RESOLVED
CC|
https://bugzilla.mindrot.org/show_bug.cgi?id=3589
Bug ID: 3589
Summary: ControlMaster auto, persist and -f fail.
Product: Portable OpenSSH
Version: 9.3p1
Hardware: amd64
OS: Linux
Status: NEW
Severity:
https://bugzilla.mindrot.org/show_bug.cgi?id=1948
Peter Chubb changed:
What|Removed |Added
Version|5.9p1 |9.3p1
--
You are receiving this mail
https://bugzilla.mindrot.org/show_bug.cgi?id=1948
--- Comment #22 from Peter Chubb ---
The fix I propose is not to change the TTY settings if we're
daemonising.
It makes no sense to change terminal settings if we're detaching from
the terminal anyway.
--
You are receiving this mail because:
https://bugzilla.mindrot.org/show_bug.cgi?id=1948
Peter Chubb changed:
What|Removed |Added
CC||peter.ch...@unsw.edu.au
--- Comment #21
https://bugzilla.mindrot.org/show_bug.cgi?id=3048
chr...@fsfe.org changed:
What|Removed |Added
CC||chr...@fsfe.org
--- Comment #3 from
https://bugzilla.mindrot.org/show_bug.cgi?id=3253
Seff changed:
What|Removed |Added
CC||ajdkg...@duck.com
--- Comment #4 from Seff ---
I
https://bugzilla.mindrot.org/show_bug.cgi?id=3588
H. Thiele changed:
What|Removed |Added
CC||thi...@streamline-x.org
--
You are
https://bugzilla.mindrot.org/show_bug.cgi?id=3588
Bug ID: 3588
Summary: Build/Configure with ldns fails if OpenSSL includes
are not in a standard path
Product: Portable OpenSSH
Version: 9.3p1
Hardware: amd64
https://bugzilla.mindrot.org/show_bug.cgi?id=3572
xspielinbox+mind...@protonmail.com changed:
What|Removed |Added
CC|
https://bugzilla.mindrot.org/show_bug.cgi?id=3587
Damien Miller changed:
What|Removed |Added
Resolution|--- |WONTFIX
Status|NEW
https://bugzilla.mindrot.org/show_bug.cgi?id=3587
--- Comment #2 from renmingshuai ---
Some scanning software determines whether OpenSSH has certain
vulnerabilities based on the specific version number, even if the
vulnerabilities have been fixed through patches. Hiding specific
version numbers
https://bugzilla.mindrot.org/show_bug.cgi?id=1672
Damien Miller changed:
What|Removed |Added
CC||d...@mindrot.org
--- Comment #9 from
https://bugzilla.mindrot.org/show_bug.cgi?id=1672
--- Comment #8 from pva ---
What is the status of this patch? It looks like many people don't
realize that without a secure local resolver, SSHFP just hides security
under the carpet: instead of a clear one-time 'yes' it makes this 'yes'
https://bugzilla.mindrot.org/show_bug.cgi?id=3586
Damien Miller changed:
What|Removed |Added
CC||d...@mindrot.org
--- Comment #1 from
https://bugzilla.mindrot.org/show_bug.cgi?id=3587
Damien Miller changed:
What|Removed |Added
CC||d...@mindrot.org
--- Comment #1 from
https://bugzilla.mindrot.org/show_bug.cgi?id=3587
Bug ID: 3587
Summary: Would OpenSSH consider adding a switch to hide the
specific OpenSSH version number?
Product: Portable OpenSSH
Version: -current
Hardware: Other
https://bugzilla.mindrot.org/show_bug.cgi?id=3586
Bug ID: 3586
Summary: Create mechanism for vendor-specific extensions to be
placed in config without breaking other platforms
Product: Portable OpenSSH
Version: 9.0p1
https://bugzilla.mindrot.org/show_bug.cgi?id=2143
Parke changed:
What|Removed |Added
CC||parke.ne...@gmail.com
--
You are receiving this
https://bugzilla.mindrot.org/show_bug.cgi?id=2143
Parke changed:
What|Removed |Added
See Also||https://bugzilla.mindrot.or
|
https://bugzilla.mindrot.org/show_bug.cgi?id=2636
Damien Miller changed:
What|Removed |Added
Status|RESOLVED|CLOSED
Parke changed:
What
https://bugzilla.mindrot.org/show_bug.cgi?id=3585
Bug ID: 3585
Summary: "misc.h" required when build the sk middleware
("sk-usbhid.c") as standalone library
Product: Portable OpenSSH
Version: 9.3p1
Hardware: All
https://bugzilla.mindrot.org/show_bug.cgi?id=3584
--- Comment #9 from Carlo Cabrera ---
Yes, so it looks like `configure.ac` already knows to avoid
`-fzero-call-used-regs=all` when compiling with `clang-15`, except that
Apple clang uses a misleading version scheme.
Wikipedia is usually a pretty
https://bugzilla.mindrot.org/show_bug.cgi?id=3584
Michael Cho changed:
What|Removed |Added
CC||ch...@tuta.io
--- Comment #8 from Michael
https://bugzilla.mindrot.org/show_bug.cgi?id=3584
--- Comment #7 from Carlo Cabrera ---
> How do you select specific xcode versions?
You can use `xcode-select --switch /path/to/Xcode.app`. For example, to
use Xcode 14.3.1 on a GitHub macos-13 runner [1], do
```
sudo xcode-select --switch
https://bugzilla.mindrot.org/show_bug.cgi?id=3584
--- Comment #6 from Darren Tucker ---
(In reply to Carlo Cabrera from comment #4)
[...]
> GitHub provides free access to macOS runners for public
> repositories, and these have various versions of Xcode installed.
An interesting idea. We
https://bugzilla.mindrot.org/show_bug.cgi?id=3584
--- Comment #5 from Damien Miller ---
Darren already answered your question but fwiw I didn't suggest
--without-hardening as a workaround, but to determine whether the
compiler bug is with -Os alone or when combined with other flags.
--
You are
https://bugzilla.mindrot.org/show_bug.cgi?id=3584
--- Comment #4 from Carlo Cabrera ---
> IMO you'd be better off with the compiler hardening flags rather
> than -Os. Things like -ftrapv could mitigate what would otherwise
> be a vulnerability.
Ok, sounds good. We (Homebrew) recently had to
https://bugzilla.mindrot.org/show_bug.cgi?id=3584
Darren Tucker changed:
What|Removed |Added
CC||dtuc...@dtucker.net
--- Comment #3 from
https://bugzilla.mindrot.org/show_bug.cgi?id=3584
--- Comment #2 from Carlo Cabrera ---
Yes, at Homebrew, we've also come to the conclusion that this is a
compiler bug (likely in the backend). I'll try to find the time to
report this to Apple.
Passing `--without-hardening` to `configure` also
https://bugzilla.mindrot.org/show_bug.cgi?id=3584
Damien Miller changed:
What|Removed |Added
CC||d...@mindrot.org
--- Comment #1 from
https://bugzilla.mindrot.org/show_bug.cgi?id=3584
Bug ID: 3584
Summary: Segfault when built with optimisations on macOS 13
(x86_64) with Xcode 14.3
Product: Portable OpenSSH
Version: 9.3p1
Hardware: amd64
https://bugzilla.mindrot.org/show_bug.cgi?id=3583
Bug ID: 3583
Summary: server-sig-algs reports incorrect list of algorithms
Product: Portable OpenSSH
Version: 8.7p1
Hardware: Other
OS: Linux
Status: NEW
https://bugzilla.mindrot.org/show_bug.cgi?id=3549
Bug 3549 depends on bug 3581, which changed state.
Bug 3581 Summary: ssh-keyscan fails with `fdlim_get: bad value` with large file
descriptor limit due to type confusion
https://bugzilla.mindrot.org/show_bug.cgi?id=3581
What
https://bugzilla.mindrot.org/show_bug.cgi?id=3581
Damien Miller changed:
What|Removed |Added
Resolution|--- |FIXED
Status|REOPENED
https://bugzilla.mindrot.org/show_bug.cgi?id=3581
Darren Tucker changed:
What|Removed |Added
Attachment #3703|ok?(dtuc...@dtucker.net)|ok+
Flags|
https://bugzilla.mindrot.org/show_bug.cgi?id=3581
Damien Miller changed:
What|Removed |Added
Attachment #3703||ok?(dtuc...@dtucker.net)
https://bugzilla.mindrot.org/show_bug.cgi?id=3582
bluebird090...@proton.me changed:
What|Removed |Added
Summary|Confusing error message |Improve error message when
https://bugzilla.mindrot.org/show_bug.cgi?id=3582
Bug ID: 3582
Summary: Confusing error message when using ProxyJump
Product: Portable OpenSSH
Version: 9.3p1
Hardware: Other
OS: Linux
Status: NEW
https://bugzilla.mindrot.org/show_bug.cgi?id=3549
Darren Tucker changed:
What|Removed |Added
Depends on||3581
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=3162
Darren Tucker changed:
What|Removed |Added
Depends on|3581|
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=3581
Darren Tucker changed:
What|Removed |Added
Blocks|3162|3549
Referenced Bugs:
801 - 900 of 15225 matches
Mail list logo