similar to: build problems on the latest portable tree

I believe there has been a bug in KRL signature verification that has been present since the KRL feature was first introduced. It prevents signed KRLs from being loaded by OpenSSH [0]. I believe this bug applies to all versions of OpenSSH, although the majority of my effort has been devoted to (and all of my code snippets come from) openssl-portable. The bug is that an offset is incorrectly

https://bugzilla.mindrot.org/show_bug.cgi?id=2313 Bug ID: 2313 Summary: Corrupt KRL file when using multiple CA. Product: Portable OpenSSH Version: 6.5p1 Hardware: Other OS: Linux Status: NEW Severity: major Priority: P5 Component: ssh-keygen Assignee: unassigned-bugs at

On Sat, Jul 23, 2016 at 2:30 PM, Hisashi T Fujinaka <htodd at twofifty.com> wrote: [...] >> Could you try commenting out the HAVE_REALLOCARRAY line in config.h >> make clean, make and rerun the test? > > That works. Weird how I need that on -current but not on -7. Looks like reallocarray was added after 7: it's in

On Fri, 22 Jul 2016, Hisashi T Fujinaka wrote: > regress/unittests/test_helper/test_helper.c:162 > (gdb) p key > $1 = (struct sshkey *) 0x7037f9b120c0 > (gdb) p key->cert > $2 = (struct sshkey_cert *) 0x7037f9b1b080 > (gdb) p *key->cert > $3 = {certblob = 0x7037f9b162a0, type = 2, serial = 5, key_id = 0x7037f9b18090 > "julius", nprincipals = 1, >

Hello. I am trying to play through the following test scenario about certificate revocation on Ubuntu 18.04, which has OpenSSH of this version: OpenSSH_7.6p1 Ubuntu-4, OpenSSL 1.0.2n? 7 Dec 2017 1. A CA key is created ssh-keygen -t ed25519 -f ca 2. The CA public key is added to ~/.ssh/authorized_keys on some server: cert-authority ssh-ed25519 AAAA...e ca at yoga 3. A user key is created on a

Hi, In ssh_krl_from_blob(), krl.c:984, /* Record keys used to sign the KRL */ xrealloc(ca_used, nca_used + 1, sizeof(*ca_used)); ca_used[nca_used++] = key; The result of `xrealloc' is never assigned to `ca_used', which remains a null pointer. Will ca_used[...] crash?. Did I miss anything? Thanks. - xi

On Tue, 16 Feb 2016, Hisashi T Fujinaka wrote: > On Wed, 17 Feb 2016, Damien Miller wrote: > > > > Core was generated by `test_sshkey'. > > > Program terminated with signal SIGSEGV, Segmentation fault. > > > #0 0x000000000041273e in cert_parse (key=0x7f7ff7b120c0, > > > certbuf=0x7f7ff7b16200, b=0x7f7ff7b161b0) at sshkey.c:1896 > > > 1896

Hi! While reading through PROTOCOL.krl I came across "5. KRL signature sections". If my understanding is correct - and that's basically what I would like to get knocked down for if appropriate ;) - this is a way for SSHDs to ensure they only accept KRLs signed by a trusted CA. However, I cannot seem to find a way to actually _sign_ a KRL with ssh-keygen? The aforementioned

https://bugzilla.mindrot.org/show_bug.cgi?id=3659 Bug ID: 3659 Summary: Certificates are ignored when listing revoked items in a (binary) revocation list Product: Portable OpenSSH Version: 9.2p1 Hardware: All OS: All Status: NEW Severity: minor Priority: P5

I've done a decent size update of the OpenSSH portable from the upstream tree. There is an AES upgrade that needs to take place, but I need people to test and tell me what endedness changes need to be applied (if any). Attached is the patch. It is geared towards the latter snapshots..Unsure how it will patch (if at all) against 2.9pX series. Thanks. - Ben "This is dark day in

Adam Jackson (2): _XDefaultIOError: Reformat to be less ugly _XDefaultIOError: Do better at detecting explicit shutdown Alan Coopersmith (23): Remove documentation of obsolete B16 & B32 tags in specs/libX11 Update README for gitlab migration Import reallocarray() from OpenBSD Convert main src directory to use reallocarray() Convert src/XKB to use

Hi Daminan! Hmmm... thought about a little... when i use -vvv with ssh-keygen -Qf i see "debug1:..." So i think, debug is compiled in. ssh-keygen --help gives me ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number] file ... so... option -z is not the serial of the certificate, it is the version-number of the KRL-File... My openssh-Verision from Debian is

Hi, OpenSSH 9.4 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a bugfix release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at

Hi, It's that time again... OpenSSH 6.2 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD:

https://bugzilla.mindrot.org/show_bug.cgi?id=2687 Bug ID: 2687 Summary: Coverity scan fixes Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at mindrot.org

On 8/12/19 11:08 AM, Richard W.M. Jones wrote: > This adds a C-only semi-private function for freeing various types of > persistent data passed to libnbd. > > There are some similarities with nbd_add_close_callback which we > removed in commit 7f191b150b52ed50098976309a6af883d245fc56. > --- > +=head1 FREE CALLBACKS > + > +B<Note:> The API described in this

Hi there! What am I doing wrong? I created a ssh-certificate id_user_rsa-cert.pub with this dump: id_user_rsa-cert.pub: root at host # ssh-keygen -Lf id_user_rsa-cert.pub ??????? Type: ssh-rsa-cert-v01 at openssh.com user certificate ??????? Public key: RSA-CERT SHA256:kPitwgxblaUH4viBoFoozSPq9Pblubbedk ??????? Signing CA: ED25519 SHA256:8p2foobarQo3Tfcblubb5+I5cboeckvpnktiHdUs ??????? Key ID:

libXfont provides the core of the legacy X11 font system, handling the index files (fonts.dir, fonts.alias, fonts.scale), the various font file formats, and rasterizing them. It is used by the X servers, and will eventually be used by the X Font Server (xfs), but should not be used by normal X11 clients. X11 clients access fonts via either the new APIs in libXft, or the legacy APIs in libX11.

On 26/06/2019 04:38, Praveen Ghimire via samba wrote: > Hi Louis, > > Thank you for that > > I have made the changes as per below , some items might have duplicated. I then reload apparmor restarted the samba-ad-dc and bind9 services and get the same issue. Every time the forward DNS update works but the reverse doesn't > > I found a really interesting samba post going

Hi, OpenSSH 6.7 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a big release containing a number of features, a lot of internal refactoring and some potentially-incompatible changes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: