forked from pool/openssh
03fc1a6def
- Update to openssh 9.3p1
* No changes for askpass, see main package changelog for
details
- Update to openssh 9.3p1:
= Security
* ssh-add(1): when adding smartcard keys to ssh-agent(1) with the
per-hop destination constraints (ssh-add -h ...) added in
OpenSSH 8.9, a logic error prevented the constraints from being
communicated to the agent. This resulted in the keys being added
without constraints. The common cases of non-smartcard keys and
keys without destination constraints are unaffected. This
problem was reported by Luci Stanescu.
* ssh(1): Portable OpenSSH provides an implementation of the
getrrsetbyname(3) function if the standard library does not
provide it, for use by the VerifyHostKeyDNS feature. A
specifically crafted DNS response could cause this function to
perform an out-of-bounds read of adjacent stack data, but this
condition does not appear to be exploitable beyond denial-of-
service to the ssh(1) client.
The getrrsetbyname(3) replacement is only included if the
system's standard library lacks this function and portable
OpenSSH was not compiled with the ldns library (--with-ldns).
getrrsetbyname(3) is only invoked if using VerifyHostKeyDNS to
fetch SSHFP records. This problem was found by the Coverity
static analyzer.
= New features
* ssh-keygen(1), ssh-keyscan(1): accept -Ohashalg=sha1|sha256
when outputting SSHFP fingerprints to allow algorithm
selection. bz3493
OBS-URL: https://build.opensuse.org/request/show/1087770
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=247
61 lines
1.7 KiB
Diff
61 lines
1.7 KiB
Diff
# HG changeset patch
|
|
# Parent 60bdbe6dd8d6bc011883472363d56e1d97f68835
|
|
Put back sftp client diagnostic messages in batch mode
|
|
|
|
Index: openssh-8.8p1/sftp.1
|
|
===================================================================
|
|
--- openssh-8.8p1.orig/sftp.1
|
|
+++ openssh-8.8p1/sftp.1
|
|
@@ -287,6 +287,9 @@ Specifies the port to connect to on the
|
|
.It Fl p
|
|
Preserves modification times, access times, and modes from the
|
|
original files transferred.
|
|
+.It Fl Q
|
|
+Not-so-quiet batch mode: forces printing of diagnostic messages
|
|
+in batch mode.
|
|
.It Fl q
|
|
Quiet mode: disables the progress meter as well as warning and
|
|
diagnostic messages from
|
|
Index: openssh-8.8p1/sftp.c
|
|
===================================================================
|
|
--- openssh-8.8p1.orig/sftp.c
|
|
+++ openssh-8.8p1/sftp.c
|
|
@@ -82,6 +82,9 @@ static volatile pid_t sshpid = -1;
|
|
/* Suppress diagnostic messages */
|
|
int quiet = 0;
|
|
|
|
+/* Force diagnositic messages in batch mode */
|
|
+int loud = 0;
|
|
+
|
|
/* This is set to 0 if the progressmeter is not desired. */
|
|
int showprogress = 1;
|
|
|
|
@@ -2381,7 +2384,7 @@ main(int argc, char **argv)
|
|
infile = stdin;
|
|
|
|
while ((ch = getopt(argc, argv,
|
|
- "1246AafhNpqrvCc:D:i:l:o:s:S:b:B:F:J:P:R:X:")) != -1) {
|
|
+ "1246AafhNpQqrvCc:D:i:l:o:s:S:b:B:F:J:P:R:X:")) != -1) {
|
|
switch (ch) {
|
|
/* Passed through to ssh(1) */
|
|
case 'A':
|
|
@@ -2399,6 +2402,9 @@ main(int argc, char **argv)
|
|
addargs(&args, "-%c", ch);
|
|
addargs(&args, "%s", optarg);
|
|
break;
|
|
+ case 'Q':
|
|
+ loud = 1;
|
|
+ break;
|
|
case 'q':
|
|
ll = SYSLOG_LEVEL_ERROR;
|
|
quiet = 1;
|
|
@@ -2483,6 +2489,8 @@ main(int argc, char **argv)
|
|
usage();
|
|
}
|
|
}
|
|
+ if (batchmode && loud)
|
|
+ quiet = 0;
|
|
|
|
/* Do this last because we want the user to be able to override it */
|
|
addargs(&args, "-oForwardAgent no");
|