Bugzilla – Attachment 3318 Details for
Bug 3064
Place algorithm at head of default list
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
ssh_prefer.diff
ssh_prefer.diff (text/plain), 10.58 KB, created by
Christian Weisgerber
on 2019-09-05 06:26:39 AEST
(
hide
)
Description:
ssh_prefer.diff
Filename:
MIME Type:
Creator:
Christian Weisgerber
Created:
2019-09-05 06:26:39 AEST
Size:
10.58 KB
patch
obsolete
>Index: kex.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/kex.c,v >retrieving revision 1.150 >diff -u -p -r1.150 kex.c >--- kex.c 21 Jan 2019 12:08:13 -0000 1.150 >+++ kex.c 4 Sep 2019 19:56:01 -0000 >@@ -202,8 +202,9 @@ kex_names_cat(const char *a, const char > /* > * Assemble a list of algorithms from a default list and a string from a > * configuration file. The user-provided string may begin with '+' to >- * indicate that it should be appended to the default or '-' that the >- * specified names should be removed. >+ * indicate that it should be appended to the default, '-' that the >+ * specified names should be removed, or '^' that they should be placed >+ * at the head. > */ > int > kex_assemble_names(char **listp, const char *def, const char *all) >@@ -237,6 +238,14 @@ kex_assemble_names(char **listp, const c > free(list); > /* filtering has already been done */ > return 0; >+ } else if (*list == '^') { >+ /* Place names at head of default list */ >+ if ((tmp = kex_names_cat(list + 1, def)) == NULL) { >+ r = SSH_ERR_ALLOC_FAIL; >+ goto fail; >+ } >+ free(list); >+ list = tmp; > } else { > /* Explicit list, overrides default - just use "list" as is */ > } >Index: readconf.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/readconf.c,v >retrieving revision 1.308 >diff -u -p -r1.308 readconf.c >--- readconf.c 9 Aug 2019 05:05:54 -0000 1.308 >+++ readconf.c 4 Sep 2019 19:57:43 -0000 >@@ -1184,7 +1184,8 @@ parse_int: > arg = strdelim(&s); > if (!arg || *arg == '\0') > fatal("%.200s line %d: Missing argument.", filename, linenum); >- if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg)) >+ if (*arg != '-' && >+ !ciphers_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg)) > fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.", > filename, linenum, arg ? arg : "<NONE>"); > if (*activep && options->ciphers == NULL) >@@ -1195,7 +1196,8 @@ parse_int: > arg = strdelim(&s); > if (!arg || *arg == '\0') > fatal("%.200s line %d: Missing argument.", filename, linenum); >- if (*arg != '-' && !mac_valid(*arg == '+' ? arg + 1 : arg)) >+ if (*arg != '-' && >+ !mac_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg)) > fatal("%.200s line %d: Bad SSH2 MAC spec '%s'.", > filename, linenum, arg ? arg : "<NONE>"); > if (*activep && options->macs == NULL) >@@ -1208,7 +1210,8 @@ parse_int: > fatal("%.200s line %d: Missing argument.", > filename, linenum); > if (*arg != '-' && >- !kex_names_valid(*arg == '+' ? arg + 1 : arg)) >+ !kex_names_valid(*arg == '+' || *arg == '^' ? >+ arg + 1 : arg)) > fatal("%.200s line %d: Bad SSH2 KexAlgorithms '%s'.", > filename, linenum, arg ? arg : "<NONE>"); > if (*activep && options->kex_algorithms == NULL) >@@ -1223,7 +1226,8 @@ parse_keytypes: > fatal("%.200s line %d: Missing argument.", > filename, linenum); > if (*arg != '-' && >- !sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1)) >+ !sshkey_names_valid2(*arg == '+' || *arg == '^' ? >+ arg + 1 : arg, 1)) > fatal("%s line %d: Bad key types '%s'.", > filename, linenum, arg ? arg : "<NONE>"); > if (*activep && *charptr == NULL) >Index: servconf.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/servconf.c,v >retrieving revision 1.351 >diff -u -p -r1.351 servconf.c >--- servconf.c 18 Apr 2019 18:56:16 -0000 1.351 >+++ servconf.c 4 Sep 2019 19:56:01 -0000 >@@ -1381,7 +1381,8 @@ process_server_config_line(ServerOptions > fatal("%s line %d: Missing argument.", > filename, linenum); > if (*arg != '-' && >- !sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1)) >+ !sshkey_names_valid2(*arg == '+' || *arg == '^' ? >+ arg + 1 : arg, 1)) > fatal("%s line %d: Bad key types '%s'.", > filename, linenum, arg ? arg : "<NONE>"); > if (*activep && *charptr == NULL) >@@ -1652,7 +1653,8 @@ process_server_config_line(ServerOptions > arg = strdelim(&cp); > if (!arg || *arg == '\0') > fatal("%s line %d: Missing argument.", filename, linenum); >- if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg)) >+ if (*arg != '-' && >+ !ciphers_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg)) > fatal("%s line %d: Bad SSH2 cipher spec '%s'.", > filename, linenum, arg ? arg : "<NONE>"); > if (options->ciphers == NULL) >@@ -1663,7 +1665,8 @@ process_server_config_line(ServerOptions > arg = strdelim(&cp); > if (!arg || *arg == '\0') > fatal("%s line %d: Missing argument.", filename, linenum); >- if (*arg != '-' && !mac_valid(*arg == '+' ? arg + 1 : arg)) >+ if (*arg != '-' && >+ !mac_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg)) > fatal("%s line %d: Bad SSH2 mac spec '%s'.", > filename, linenum, arg ? arg : "<NONE>"); > if (options->macs == NULL) >@@ -1676,7 +1679,8 @@ process_server_config_line(ServerOptions > fatal("%s line %d: Missing argument.", > filename, linenum); > if (*arg != '-' && >- !kex_names_valid(*arg == '+' ? arg + 1 : arg)) >+ !kex_names_valid(*arg == '+' || *arg == '^' ? >+ arg + 1 : arg)) > fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", > filename, linenum, arg ? arg : "<NONE>"); > if (options->kex_algorithms == NULL) >Index: ssh.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/ssh.c,v >retrieving revision 1.505 >diff -u -p -r1.505 ssh.c >--- ssh.c 28 Jun 2019 13:35:04 -0000 1.505 >+++ ssh.c 4 Sep 2019 19:56:01 -0000 >@@ -851,7 +851,7 @@ main(int ac, char **av) > } > break; > case 'c': >- if (!ciphers_valid(*optarg == '+' ? >+ if (!ciphers_valid(*optarg == '+' || *optarg == '^' ? > optarg + 1 : optarg)) { > fprintf(stderr, "Unknown cipher type '%s'\n", > optarg); >Index: ssh_config.5 >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/ssh_config.5,v >retrieving revision 1.299 >diff -u -p -r1.299 ssh_config.5 >--- ssh_config.5 16 Aug 2019 11:16:32 -0000 1.299 >+++ ssh_config.5 4 Sep 2019 19:56:01 -0000 >@@ -430,6 +430,10 @@ If the specified list begins with a > .Sq - > character, then the specified ciphers (including wildcards) will be removed > from the default set instead of replacing them. >+If the specified list begins with a >+.Sq ^ >+character, then the specified ciphers will be placed at the head of the >+default set. > .Pp > The supported ciphers are: > .Bd -literal -offset indent >@@ -794,6 +798,10 @@ If the specified value begins with a > .Sq - > character, then the specified key types (including wildcards) will be removed > from the default set instead of replacing them. >+If the specified list begins with a >+.Sq ^ >+character, then the specified key types will be placed at the head of the >+default set. > The default for this option is: > .Bd -literal -offset 3n > ecdsa-sha2-nistp256-cert-v01@openssh.com, >@@ -822,6 +830,10 @@ If the specified value begins with a > .Sq - > character, then the specified key types (including wildcards) will be removed > from the default set instead of replacing them. >+If the specified list begins with a >+.Sq ^ >+character, then the specified key types will be placed at the head of the >+default set. > The default for this option is: > .Bd -literal -offset 3n > ecdsa-sha2-nistp256-cert-v01@openssh.com, >@@ -1052,6 +1064,10 @@ If the specified list begins with a > .Sq - > character, then the specified methods (including wildcards) will be removed > from the default set instead of replacing them. >+If the specified list begins with a >+.Sq ^ >+character, then the specified methods will be placed at the head of the >+default set. > The default is: > .Bd -literal -offset indent > curve25519-sha256,curve25519-sha256@libssh.org, >@@ -1133,6 +1149,10 @@ If the specified list begins with a > .Sq - > character, then the specified algorithms (including wildcards) will be removed > from the default set instead of replacing them. >+If the specified list begins with a >+.Sq ^ >+character, then the specified algorithms will be placed at the head of the >+default set. > .Pp > The algorithms that contain > .Qq -etm >@@ -1290,6 +1310,10 @@ If the specified list begins with a > .Sq - > character, then the specified key types (including wildcards) will be removed > from the default set instead of replacing them. >+If the specified list begins with a >+.Sq ^ >+character, then the specified key types will be placed at the head of the >+default set. > The default for this option is: > .Bd -literal -offset 3n > ecdsa-sha2-nistp256-cert-v01@openssh.com, >Index: sshd_config.5 >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/sshd_config.5,v >retrieving revision 1.288 >diff -u -p -r1.288 sshd_config.5 >--- sshd_config.5 9 Aug 2019 04:24:03 -0000 1.288 >+++ sshd_config.5 4 Sep 2019 19:56:01 -0000 >@@ -464,6 +464,10 @@ If the specified value begins with a > .Sq - > character, then the specified ciphers (including wildcards) will be removed > from the default set instead of replacing them. >+If the specified list begins with a >+.Sq ^ >+character, then the specified ciphers will be placed at the head of the >+default set. > .Pp > The supported ciphers are: > .Pp >@@ -678,6 +682,10 @@ If the specified value begins with a > .Sq - > character, then the specified key types (including wildcards) will be removed > from the default set instead of replacing them. >+If the specified list begins with a >+.Sq ^ >+character, then the specified key types will be placed at the head of the >+default set. > The default for this option is: > .Bd -literal -offset 3n > ecdsa-sha2-nistp256-cert-v01@openssh.com, >@@ -883,6 +891,10 @@ If the specified value begins with a > .Sq - > character, then the specified methods (including wildcards) will be removed > from the default set instead of replacing them. >+If the specified list begins with a >+.Sq ^ >+character, then the specified methods will be placed at the head of the >+default set. > The supported algorithms are: > .Pp > .Bl -item -compact -offset indent >@@ -1000,6 +1012,10 @@ If the specified value begins with a > .Sq - > character, then the specified algorithms (including wildcards) will be removed > from the default set instead of replacing them. >+If the specified list begins with a >+.Sq ^ >+character, then the specified algorithms will be placed at the head of the >+default set. > .Pp > The algorithms that contain > .Qq -etm >@@ -1405,6 +1421,10 @@ If the specified value begins with a > .Sq - > character, then the specified key types (including wildcards) will be removed > from the default set instead of replacing them. >+If the specified list begins with a >+.Sq ^ >+character, then the specified key types will be placed at the head of the >+default set. > The default for this option is: > .Bd -literal -offset 3n > ecdsa-sha2-nistp256-cert-v01@openssh.com,
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3318">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 3064
: 3318