openssh bugs - Jan 2006 - [Bug 1094] Local to local copy (and also remote to remote) uses shell expansion twice

http://bugzilla.mindrot.org/show_bug.cgi?id=1094


vapier at gentoo.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |vapier at gentoo.org






------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1094


dtucker at zip.com.au changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #971 is|0                           |1
           obsolete|                            |




------- Comment #2 from dtucker at zip.com.au  2006-01-26 12:01 -------
Created an attachment (id=1053)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=1053&action=view)
rework patch for OpenBSD, with djm.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1094





------- Comment #3 from dtucker at zip.com.au  2006-01-26 12:02 -------
Created an attachment (id=1054)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=1054&action=view)
Same patch as #1053 for OpenSSH 4.2p1




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1094





------- Comment #4 from dtucker at zip.com.au  2006-01-26 12:03 -------
Created an attachment (id=1055)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=1055&action=view)
Regress test for this bug




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1094


djm at mindrot.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #1056|                            |ok?
               Flag|                            |




------- Comment #5 from djm at mindrot.org  2006-01-26 20:50 -------
Created an attachment (id=1056)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=1056&action=view)
regress test for normal local/local copies

Add some regress tests for local -> local copies




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1094


djm at mindrot.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
Attachment #1053 is|0                           |1
           obsolete|                            |




------- Comment #6 from djm at mindrot.org  2006-01-26 20:54 -------
Created an attachment (id=1057)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=1057&action=view)
Updated patch for OpenBSD

Fix a compile problems (bad memset in sftp) and use vasprintf() instead of
snprintf/xstrdup




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1094





------- Comment #7 from t8m at centrum.cz  2006-01-26 21:05 -------
There are two xfree(bp) calls left in your patch (lines 459 an 475 of scp.c) -
they must be removed.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1094


djm at mindrot.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
Attachment #1057 is|0                           |1
           obsolete|                            |




------- Comment #8 from djm at mindrot.org  2006-01-26 21:11 -------
Created an attachment (id=1058)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=1058&action=view)
OpenBSD patch v.3

doh, yes. patch updated




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1094





------- Comment #9 from djm at mindrot.org  2006-01-26 21:13 -------
(From update of attachment 1055)
scpclean should clean up *metachar* too i think




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1094


dtucker at zip.com.au changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #1056|                            |ok+
               Flag|                            |






------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1094





------- Comment #10 from dtucker at zip.com.au  2006-01-26 23:07 -------
(In reply to comment #9)
> scpclean should clean up *metachar* too i think
Not necessary: it's created in a scratch directory that's deleted
entirely by
scpclean.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1094


djm at mindrot.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #1055|                            |ok+
               Flag|                            |




------- Comment #11 from djm at mindrot.org  2006-01-27 17:48 -------
(From update of attachment 1055)
oh yes, ok by me to commit after the fix is




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1094


cjwatson at debian.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |cjwatson at debian.org






------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1094


djm at mindrot.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED




------- Comment #12 from djm at mindrot.org  2006-01-31 21:35 -------
fix and regress test committed, will be in 4.3 (real soon now)




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1094





------- Comment #13 from dtucker at zip.com.au  2006-02-02 18:28 -------
For the record, this was CVE-2006-0225.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.