From nobody Mon Apr 14 19:25:29 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Zby1P5T9Xz5tKmm; Mon, 14 Apr 2025 19:25:29 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Zby1P2fkdz3DHC; Mon, 14 Apr 2025 19:25:29 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1744658729; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=XcvEDN9AHH7SAJyL8arcDLu+jJVYojrctu5Hp0qbANA=; b=QFnJvQrrb1nPt9NSDi0+6bIxnms+9meMex7fpFhjJ0pUCyI/bGsGIY0ZIfgpz+zm7NNLO9 lFIHBRpxcpz3xKPAO0ifhqKcojPoo8DMDagN7aqA8A3ZtByDvD6SfRAx+FIvbjiVMnVhR5 Chkt0Hru2yPafEHexzovFeSIcm4e4+Q9LuAzvV7HF3ShOKuxn87R+uANSpM3305dmlHm5M zhBzaH3UFqgY9LKIKIbf5tVx1ZF1zwrUWaacSBkiPr3XlL/s+Erj6gfviidxUqgkPOllTl j7KS92ZIo90MOqu0AsRCNsxvdM/BI0t3TdqWfcp/XrWxCPW4vRPpqQMMzLGKkw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1744658729; a=rsa-sha256; cv=none; b=b2FCZrmDp3G6AE0ej+ahbSFumx7lZI8On5IZ5YgmuuYexLicuWeMxwnlVO+3IzA1fasCXq LPQ7nBTOIrcRyznuK3SF4VZa+EjD4wcwJe66+4dklc8yip7Yf9ZVyMYEguDrx+TcTaS2wx XftDReoXtZ7YqX4ozmQZeDHZ1j8jmW8V18xpsW8MMW2rpDCOD5e4CZ4TRq5elGZkeKcVB2 TtGk3WYnz8mr+VC4dzKwo70PrsXIbFqvso956x6sHD6sYUy0HGXaeDhHPQ2RiywlT2AjmM /xWc0/NHcnC5jRwxq1EOIVsmSaJpLKfLnJkDTYHZWRjpgl3jLHaaMFQERitUZA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1744658729; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=XcvEDN9AHH7SAJyL8arcDLu+jJVYojrctu5Hp0qbANA=; b=EpcKyw7FqKofXMKPrCCHhVNsOdl7UIBQcKraKOO5WVOQu0NALpcHlCwePmkLuyobIaTCH+ JC+o7w/UGZFupNV3s8p+zSMRliHb2rvScbUDnuuhMS3tdC5kmkgF/CVJaU4hSnpBbDj/BB D39C40UyAFOW5TxhwHlxai2gZoGia6jqs9I/Q6+U8vjqAzjAYQvbSDRVRB1yP7d9bJqXB7 dAO8twf6/mX9xyFdK5XC77kZuAuiBPTapFAAKdmy2hx8IjSf9ZvRY7TllUbyN29V0LAL8v aCzqIM7bt4GFNRuICTpnvTlB2B8G6sFNuavnN6bkGe7MvST9FRo0X2FEvJUYVA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Zby1P2Fv3z11wv; Mon, 14 Apr 2025 19:25:29 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 53EJPTjN030980; Mon, 14 Apr 2025 19:25:29 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 53EJPTcY030977; Mon, 14 Apr 2025 19:25:29 GMT (envelope-from git) Date: Mon, 14 Apr 2025 19:25:29 GMT Message-Id: <202504141925.53EJPTcY030977@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: c976df712c0f - stable/13 - OpenSSH: Fix logic error in DisableForwarding option List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: c976df712c0f64d43970be7036301ce7cf558a78 Auto-Submitted: auto-generated The branch stable/13 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=c976df712c0f64d43970be7036301ce7cf558a78 commit c976df712c0f64d43970be7036301ce7cf558a78 Author: Ed Maste AuthorDate: 2025-04-09 14:54:46 +0000 Commit: Ed Maste CommitDate: 2025-04-14 19:25:13 +0000 OpenSSH: Fix logic error in DisableForwarding option This option was documented as disabling X11 and agent forwarding but it failed to do so. Spotted by Tim Rice. Obtained from: OpenBSD d31ec64016fc Sponsored by: The FreeBSD Foundation (cherry picked from commit 3620d70511dc8bf45752028dac0af6f157ec6146) (cherry picked from commit fcda475ccfcabe6f70e6ef25ccd507ac4b92c1ee) --- crypto/openssh/session.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/crypto/openssh/session.c b/crypto/openssh/session.c index 591f1e329a8d..03a20f9d9648 100644 --- a/crypto/openssh/session.c +++ b/crypto/openssh/session.c @@ -2194,7 +2194,8 @@ session_auth_agent_req(struct ssh *ssh, Session *s) if ((r = sshpkt_get_end(ssh)) != 0) sshpkt_fatal(ssh, r, "%s: parse packet", __func__); if (!auth_opts->permit_agent_forwarding_flag || - !options.allow_agent_forwarding) { + !options.allow_agent_forwarding || + options.disable_forwarding) { debug_f("agent forwarding disabled"); return 0; } @@ -2589,7 +2590,7 @@ session_setup_x11fwd(struct ssh *ssh, Session *s) ssh_packet_send_debug(ssh, "X11 forwarding disabled by key options."); return 0; } - if (!options.x11_forwarding) { + if (!options.x11_forwarding || options.disable_forwarding) { debug("X11 forwarding disabled in server configuration file."); return 0; }