aboutsummaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorDag-Erling Smørgrav <des@FreeBSD.org>2017-09-02 23:39:51 +0000
committerDag-Erling Smørgrav <des@FreeBSD.org>2017-09-02 23:39:51 +0000
commit7c039ebc5cd383bacddf10790b46d17295226470 (patch)
tree0ad6b552b5cee69d3a46a71e4f906a8b18024b1d /crypto
parentede8014b82c863ff8d26ea78704592273a5375d2 (diff)
downloadsrc-7c039ebc5cd383bacddf10790b46d17295226470.tar.gz
src-7c039ebc5cd383bacddf10790b46d17295226470.zip
MFH (r322052): Upgrade OpenSSH to 7.5p1.
Notes
Notes: svn path=/stable/11/; revision=323136
Diffstat (limited to 'crypto')
-rw-r--r--crypto/openssh/ChangeLog3214
-rw-r--r--crypto/openssh/INSTALL3
-rw-r--r--crypto/openssh/Makefile.in19
-rw-r--r--crypto/openssh/README2
-rw-r--r--crypto/openssh/auth-pam.c2
-rw-r--r--crypto/openssh/auth1.c448
-rw-r--r--crypto/openssh/auth2-pubkey.c23
-rw-r--r--crypto/openssh/auth2.c14
-rw-r--r--crypto/openssh/channels.c81
-rw-r--r--crypto/openssh/channels.h5
-rw-r--r--crypto/openssh/clientloop.c29
-rw-r--r--crypto/openssh/compat.c48
-rw-r--r--crypto/openssh/config.h5
-rw-r--r--crypto/openssh/configure.ac66
-rw-r--r--crypto/openssh/contrib/cygwin/ssh-host-config43
-rw-r--r--crypto/openssh/contrib/redhat/openssh.spec2
-rw-r--r--crypto/openssh/contrib/suse/openssh.spec2
-rw-r--r--crypto/openssh/digest-openssl.c4
-rwxr-xr-xcrypto/openssh/freebsd-configure.sh2
-rw-r--r--crypto/openssh/hostfile.c19
-rw-r--r--crypto/openssh/kex.c41
-rw-r--r--crypto/openssh/krl.c7
-rw-r--r--crypto/openssh/log.c5
-rw-r--r--crypto/openssh/match.c46
-rw-r--r--crypto/openssh/match.h3
-rw-r--r--crypto/openssh/misc.c17
-rw-r--r--crypto/openssh/monitor.c7
-rw-r--r--crypto/openssh/mux.c7
-rw-r--r--crypto/openssh/openbsd-compat/bsd-misc.c8
-rw-r--r--crypto/openssh/openbsd-compat/bsd-misc.h4
-rw-r--r--crypto/openssh/openbsd-compat/fmt_scaled.c34
-rw-r--r--crypto/openssh/packet.c80
-rw-r--r--crypto/openssh/packet.h9
-rw-r--r--crypto/openssh/pathnames.h9
-rw-r--r--crypto/openssh/readconf.c104
-rw-r--r--crypto/openssh/regress/Makefile1
-rw-r--r--crypto/openssh/regress/agent-getpeereid.sh8
-rw-r--r--crypto/openssh/regress/allow-deny-users.sh2
-rwxr-xr-xcrypto/openssh/regress/cert-file.sh53
-rw-r--r--crypto/openssh/regress/forwarding.sh44
-rwxr-xr-xcrypto/openssh/regress/integrity.sh5
-rw-r--r--crypto/openssh/regress/test-exec.sh4
-rw-r--r--crypto/openssh/regress/unittests/Makefile7
-rw-r--r--crypto/openssh/regress/unittests/conversion/Makefile10
-rw-r--r--crypto/openssh/regress/unittests/conversion/tests.c51
-rw-r--r--crypto/openssh/regress/unittests/match/tests.c21
-rw-r--r--crypto/openssh/regress/unittests/test_helper/test_helper.c13
-rw-r--r--crypto/openssh/regress/unittests/test_helper/test_helper.h17
-rw-r--r--crypto/openssh/regress/unittests/utf8/tests.c65
-rw-r--r--crypto/openssh/sandbox-seccomp-filter.c110
-rw-r--r--crypto/openssh/servconf.c35
-rw-r--r--crypto/openssh/serverloop.c36
-rw-r--r--crypto/openssh/session.c8
-rw-r--r--crypto/openssh/sftp-client.c13
-rw-r--r--crypto/openssh/sftp.c40
-rw-r--r--crypto/openssh/ssh-agent.c21
-rw-r--r--crypto/openssh/ssh-keygen.c42
-rw-r--r--crypto/openssh/ssh-keyscan.c20
-rw-r--r--crypto/openssh/ssh.c10
-rw-r--r--crypto/openssh/ssh_config2
-rw-r--r--crypto/openssh/ssh_config.532
-rw-r--r--crypto/openssh/ssh_namespace.h5
-rw-r--r--crypto/openssh/sshconnect.c4
-rw-r--r--crypto/openssh/sshconnect1.c8
-rw-r--r--crypto/openssh/sshconnect2.c77
-rw-r--r--crypto/openssh/sshd.86
-rw-r--r--crypto/openssh/sshd.c24
-rw-r--r--crypto/openssh/sshd_config8
-rw-r--r--crypto/openssh/sshd_config.552
-rw-r--r--crypto/openssh/sshkey.c64
-rw-r--r--crypto/openssh/sshkey.h4
-rw-r--r--crypto/openssh/utf8.c6
-rw-r--r--crypto/openssh/version.h6
73 files changed, 2313 insertions, 3033 deletions
diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog
index d48aba33cfcf..48f648d78fe3 100644
--- a/crypto/openssh/ChangeLog
+++ b/crypto/openssh/ChangeLog
@@ -1,3 +1,1174 @@
+commit d38f05dbdd291212bc95ea80648b72b7177e9f4e
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Mon Mar 20 13:38:27 2017 +1100
+
+ Add llabs() implementation.
+
+commit 72536316a219b7394996a74691a5d4ec197480f7
+Author: Damien Miller <djm@mindrot.org>
+Date: Mon Mar 20 12:23:04 2017 +1100
+
+ crank version numbers
+
+commit 3be52bc36bdfd24ded7e0f46999e7db520fb4e3f
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Mar 20 01:18:59 2017 +0000
+
+ upstream commit
+
+ openssh-7.5
+
+ Upstream-ID: b8b9a4a949427c393cd868215e1724ceb3467ee5
+
+commit db84e52fe9cfad57f22e7e23c5fbf00092385129
+Author: Damien Miller <djm@mindrot.org>
+Date: Mon Mar 20 12:07:20 2017 +1100
+
+ I'm a doofus.
+
+ Unbreak obvious syntax error.
+
+commit 89f04852db27643717c9c3a2b0dde97ae50099ee
+Author: Damien Miller <djm@mindrot.org>
+Date: Mon Mar 20 11:53:34 2017 +1100
+
+ on Cygwin, check paths from server for backslashes
+
+ Pointed out by Jann Horn of Google Project Zero
+
+commit 7ef1f9bafc2cc8d97ff2fbd4f280002b6e8ea5d9
+Author: Damien Miller <djm@mindrot.org>
+Date: Mon Mar 20 11:48:34 2017 +1100
+
+ Yet another synonym for ASCII: "646"
+
+ Used by NetBSD; this unbreaks mprintf() and friends there for the C
+ locale (caught by dtucker@ and his menagerie of test systems).
+
+commit 9165abfea3f68a0c684a6ed2e575e59bc31a3a6b
+Author: Damien Miller <djm@mindrot.org>
+Date: Mon Mar 20 09:58:34 2017 +1100
+
+ create test mux socket in /tmp
+
+ Creating the socket in $OBJ could blow past the (quite limited)
+ path limit for Unix domain sockets. As a bandaid for bz#2660,
+ reported by Colin Watson; ok dtucker@
+
+commit 2adbe1e63bc313d03e8e84e652cc623af8ebb163
+Author: markus@openbsd.org <markus@openbsd.org>
+Date: Wed Mar 15 07:07:39 2017 +0000
+
+ upstream commit
+
+ disallow KEXINIT before NEWKEYS; ok djm; report by
+ vegard.nossum at oracle.com
+
+ Upstream-ID: 3668852d1f145050e62f1da08917de34cb0c5234
+
+commit 2fbf91684d76d38b9cf06550b69c9e41bca5a71c
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Mar 16 14:05:46 2017 +1100
+
+ Include includes.h for compat bits.
+
+commit b55f634e96b9c5b0cd991e23a9ca181bec4bdbad
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Thu Mar 16 13:45:17 2017 +1100
+
+ Wrap stdint.h in #ifdef HAVE_STDINT_H
+
+commit 55a1117d7342a0bf8b793250cf314bab6b482b99
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Mar 16 11:22:42 2017 +1100
+
+ Adapt Cygwin config script to privsep knob removal
+
+ Patch from Corinna Vinschen.
+
+commit 1a321bfdb91defe3c4d9cca5651724ae167e5436
+Author: deraadt@openbsd.org <deraadt@openbsd.org>
+Date: Wed Mar 15 03:52:30 2017 +0000
+
+ upstream commit
+
+ accidents happen to the best of us; ok djm
+
+ Upstream-ID: b7a9dbd71011ffde95e06f6945fe7197dedd1604
+
+commit 25f837646be8c2017c914d34be71ca435dfc0e07
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Mar 15 02:25:09 2017 +0000
+
+ upstream commit
+
+ fix regression in 7.4: deletion of PKCS#11-hosted keys
+ would fail unless they were specified by full physical pathname. Report and
+ fix from Jakub Jelen via bz#2682; ok dtucker@
+
+ Upstream-ID: 5b5bc20ca11cacb5d5eb29c3f93fd18425552268
+
+commit a8c5eeacf032a7d3408957e45dd7603cc1baf55f
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Mar 15 02:19:09 2017 +0000
+
+ upstream commit
+
+ Fix segfault when sshd attempts to load RSA1 keys (can
+ only happen when protocol v.1 support is enabled for the client). Reported by
+ Jakub Jelen in bz#2686; ok dtucker
+
+ Upstream-ID: 8fdaec2ba4b5f65db1d094f6714ce64b25d871d7
+
+commit 66705948c0639a7061a0d0753266da7685badfec
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Mar 14 07:19:07 2017 +0000
+
+ upstream commit
+
+ Mark the sshd_config UsePrivilegeSeparation option as
+ deprecated, effectively making privsep mandatory in sandboxing mode. ok
+ markus@ deraadt@
+
+ (note: this doesn't remove the !privsep code paths, though that will
+ happen eventually).
+
+ Upstream-ID: b4c52666256c4dd865f8ce9431af5d6ce2d74a0a
+
+commit f86586b03fe6cd8f595289bde200a94bc2c191af
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Mar 14 18:26:29 2017 +1100
+
+ Make seccomp-bpf sandbox work on Linux/X32
+
+ Allow clock_gettime syscall with X32 bit masked off. Apparently
+ this is required for at least some kernel versions. bz#2142
+ Patch mostly by Colin Watson. ok dtucker@
+
+commit 2429cf78dd2a9741ce27ba25ac41c535274a0af6
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Mar 14 18:01:52 2017 +1100
+
+ require OpenSSL >=1.0.1
+
+commit e3ea335abeab731c68f2b2141bee85a4b0bf680f
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Mar 14 17:48:43 2017 +1100
+
+ Remove macro trickery; no binary change
+
+ This stops the SC_ALLOW(), SC_ALLOW_ARG() and SC_DENY() macros
+ prepending __NR_ to the syscall number parameter and just makes
+ them explicit in the macro invocations.
+
+ No binary change in stripped object file before/after.
+
+commit 5f1596e11d55539678c41f68aed358628d33d86f
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Mar 14 13:15:18 2017 +1100
+
+ support ioctls for ICA crypto card on Linux/s390
+
+ Based on patch from Eduardo Barretto; ok dtucker@
+
+commit b1b22dd0df2668b322dda174e501dccba2cf5c44
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Tue Mar 14 14:19:36 2017 +1100
+
+ Plumb conversion test into makefile.
+
+commit f57783f1ddfb4cdfbd612c6beb5ec01cb5b9a6b9
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Tue Mar 14 01:20:29 2017 +0000
+
+ upstream commit
+
+ Add unit test for convtime().
+
+ Upstream-Regress-ID: 8717bc0ca4c21120f6dd3a1d3b7a363f707c31e1
+
+commit 8884b7247d094cd11ff9e39c325ba928c5bdbc6c
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Tue Mar 14 01:10:07 2017 +0000
+
+ upstream commit
+
+ Add ASSERT_LONG_* helpers.
+
+ Upstream-Regress-ID: fe15beaea8f5063c7f21b0660c722648e3d76431
+
+commit c6774d21185220c0ba11e8fd204bf0ad1a432071
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Tue Mar 14 00:55:37 2017 +0000
+
+ upstream commit
+
+ Fix convtime() overflow test on boundary condition,
+ spotted by & ok djm.
+
+ Upstream-ID: 51f14c507ea87a3022e63f574100613ab2ba5708
+
+commit f5746b40cfe6d767c8e128fe50c43274b31cd594
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Tue Mar 14 00:25:03 2017 +0000
+
+ upstream commit
+
+ Check for integer overflow when parsing times in
+ convtime(). Reported by nicolas.iooss at m4x.org, ok djm@
+
+ Upstream-ID: 35e6a4e98f6fa24df50bfb8ba1307cf70e966f13
+
+commit f5907982f42a8d88a430b8a46752cbb7859ba979
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Tue Mar 14 13:38:15 2017 +1100
+
+ Add a "unit" target to run only unit tests.
+
+commit 9e96b41682aed793fadbea5ccd472f862179fb02
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Mar 14 12:24:47 2017 +1100
+
+ Fix weakness in seccomp-bpf sandbox arg inspection
+
+ Syscall arguments are passed via an array of 64-bit values in struct
+ seccomp_data, but we were only inspecting the bottom 32 bits and not
+ even those correctly for BE systems.
+
+ Fortunately, the only case argument inspection was used was in the
+ socketcall filtering so using this for sandbox escape seems
+ impossible.
+
+ ok dtucker
+
+commit 8ff3fc3f2f7c13e8968717bc2b895ee32c441275
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sat Mar 11 23:44:16 2017 +0000
+
+ upstream commit
+
+ regress tests for loading certificates without public keys;
+ bz#2617 based on patch from Adam Eijdenberg; ok markus@ dtucker@
+
+ Upstream-Regress-ID: 0145d19328ed995b73fe2d9da33596b17429d0d0
+
+commit 1e24552716194db8f2f620587b876158a9ef56ad
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sat Mar 11 23:40:26 2017 +0000
+
+ upstream commit
+
+ allow ssh to use certificates accompanied by a private
+ key file but no corresponding plain *.pub public key. bz#2617 based on patch
+ from Adam Eijdenberg; ok dtucker@ markus@
+
+ Upstream-ID: 295668dca2c39505281577217583ddd2bd4b00b9
+
+commit 0fb1a617a07b8df5de188dd5a0c8bf293d4bfc0e
+Author: markus@openbsd.org <markus@openbsd.org>
+Date: Sat Mar 11 13:07:35 2017 +0000
+
+ upstream commit
+
+ Don't count the initial block twice when computing how
+ many bytes to discard for the work around for the attacks against CBC-mode.
+ ok djm@; report from Jean Paul, Kenny, Martin and Torben @ RHUL
+
+ Upstream-ID: f445f509a4e0a7ba3b9c0dae7311cb42458dc1e2
+
+commit ef653dd5bd5777132d9f9ee356225f9ee3379504
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri Mar 10 07:18:32 2017 +0000
+
+ upstream commit
+
+ krl.c
+
+ Upstream-ID: fc5e695d5d107d730182e2da7b23f00b489e0ee1
+
+commit d94c1dfef2ea30ca67b1204ada7c3b537c54f4d0
+Author: Damien Miller <djm@mindrot.org>
+Date: Sun Mar 12 10:48:14 2017 +1100
+
+ sync fmt_scaled.c with OpenBSD
+
+ revision 1.13
+ date: 2017/03/11 23:37:23; author: djm; state: Exp; lines: +14 -1; commitid: jnFKyHkB3CEiEZ2R;
+ fix signed integer overflow in scan_scaled. Found by Nicolas Iooss
+ using AFL against ssh_config. ok deraadt@ millert@
+ ----------------------------
+ revision 1.12
+ date: 2013/11/29 19:00:51; author: deraadt; state: Exp; lines: +6 -5;
+ fairly simple unsigned char casts for ctype
+ ok krw
+ ----------------------------
+ revision 1.11
+ date: 2012/11/12 14:07:20; author: halex; state: Exp; lines: +4 -2;
+ make scan_scaled set errno to EINVAL rather than ERANGE if it encounters
+ an invalid multiplier, like the man page says it should
+
+ "looks sensible" deraadt@, ok ian@
+ ----------------------------
+ revision 1.10
+ date: 2009/06/20 15:00:04; author: martynas; state: Exp; lines: +4 -4;
+ use llabs instead of the home-grown version; and some comment changes
+ ok ian@, millert@
+ ----------------------------
+
+commit 894221a63fa061e52e414ca58d47edc5fe645968
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Mar 10 05:01:13 2017 +0000
+
+ upstream commit
+
+ When updating hostkeys, accept RSA keys if
+ HostkeyAlgorithms contains any RSA keytype. Previously, ssh could ignore RSA
+ keys when any of the ssh-rsa-sha2-* methods was enabled in HostkeyAlgorithms
+ nit ssh-rsa (SHA1 signatures) was not. bz#2650 reported by Luis Ressel; ok
+ dtucker@
+
+ Upstream-ID: c5e8cfee15c42f4a05d126158a0766ea06da79d2
+
+commit dd3e2298663f4cc1a06bc69582d00dcfee27d73c
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Mar 10 04:24:55 2017 +0000
+
+ upstream commit
+
+ make hostname matching really insensitive to case;
+ bz#2685, reported by Petr Cerny; ok dtucker@
+
+ Upstream-ID: e467622ff154269e36ba8b6c9e3d105e1c4a9253
+
+commit 77a9be9446697fe8b5499fe651f4a82a71a4b51f
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Mar 10 03:52:48 2017 +0000
+
+ upstream commit
+
+ reword a comment to make it fit 80 columns
+
+ Upstream-ID: 4ef509a66b96c7314bbcc87027c2af71fa9d0ba4
+
+commit 61b8ef6a66efaec07e023342cb94a10bdc2254dc
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Mar 10 04:27:32 2017 +0000
+
+ upstream commit
+
+ better match sshd config parser behaviour: fatal() if
+ line is overlong, increase line buffer to match sshd's; bz#2651 reported by
+ Don Fong; ok dtucker@
+
+ Upstream-ID: b175ae7e0ba403833f1ee566edf10f67443ccd18
+
+commit db2597207e69912f2592cd86a1de8e948a9d7ffb
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Mar 10 04:26:06 2017 +0000
+
+ upstream commit
+
+ ensure hostname is lower-case before hashing it;
+ bz#2591 reported by Griff Miller II; ok dtucker@
+
+ Upstream-ID: c3b8b93804f376bd00d859b8bcd9fc0d86b4db17
+
+commit df9936936c695f85c1038bd706d62edf752aca4b
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Mar 10 04:24:55 2017 +0000
+
+ upstream commit
+
+ make hostname matching really insensitive to case;
+ bz#2685, reported by Petr Cerny; ok dtucker@
+
+ Upstream-ID: e632b7a9bf0d0558d5ff56dab98b7cca6c3db549
+
+commit 67eed24bfa7645d88fa0b883745fccb22a0e527e
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri Mar 10 04:11:00 2017 +0000
+
+ upstream commit
+
+ Remove old null check from config dumper. Patch from
+ jjelen at redhat.com vi bz#2687, ok djm@
+
+ Upstream-ID: 824ab71467b78c4bab0dd1b3a38e8bc5f63dd528
+
+commit 183ba55aaaecca0206184b854ad6155df237adbe
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Mar 10 04:07:20 2017 +0000
+
+ upstream commit
+
+ fix regression in 7.4 server-sig-algs, where we were
+ accidentally excluding SHA2 RSA signature methods. bz#2680, patch from Nuno
+ Goncalves; ok dtucker@
+
+ Upstream-ID: 81ac8bfb30960447740b9b8f6a214dcf322f12e8
+
+commit 66be4fe8c4435af5bbc82998501a142a831f1181
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri Mar 10 03:53:11 2017 +0000
+
+ upstream commit
+
+ Check for NULL return value from key_new. Patch from
+ jjelen at redhat.com via bz#2687, ok djm@
+
+ Upstream-ID: 059e33cd43cba88dc8caf0b1936fd4dd88fd5b8e
+
+commit ec2892b5c7fea199914cb3a6afb3af38f84990bf
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Mar 10 03:52:48 2017 +0000
+
+ upstream commit
+
+ reword a comment to make it fit 80 columns
+
+ Upstream-ID: b4b48b4487c0821d16e812c40c9b09f03b28e349
+
+commit 7fadbb6da3f4122de689165651eb39985e1cba85
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri Mar 10 03:48:57 2017 +0000
+
+ upstream commit
+
+ Check for NULL argument to sshkey_read. Patch from
+ jjelen at redhat.com via bz#2687, ok djm@
+
+ Upstream-ID: c2d00c2ea50c4861d271d0a586f925cc64a87e0e
+
+commit 5a06b9e019e2b0b0f65a223422935b66f3749de3
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri Mar 10 03:45:40 2017 +0000
+
+ upstream commit
+
+ Plug some mem leaks mostly on error paths. From jjelen
+ at redhat.com via bz#2687, ok djm@
+
+ Upstream-ID: 3fb030149598957a51b7c8beb32bf92cf30c96f2
+
+commit f6edbe9febff8121f26835996b1229b5064d31b7
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri Mar 10 03:24:48 2017 +0000
+
+ upstream commit
+
+ Plug mem leak on GLOB_NOMATCH case. From jjelen at
+ redhat.com via bz#2687, ok djm@
+
+ Upstream-ID: 8016a7ae97719d3aa55fb723fc2ad3200058340d
+
+commit 566b3a46e89a2fda2db46f04f2639e92da64a120
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri Mar 10 03:22:40 2017 +0000
+
+ upstream commit
+
+ Plug descriptor leaks of auth_sock. From jjelen at
+ redhat.com via bz#2687, ok djm@
+
+ Upstream-ID: 248acb99a5ed2fdca37d1aa33c0fcee7be286d88
+
+commit 8a2834454c73dfc1eb96453c0e97690595f3f4c2
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Mar 10 03:18:24 2017 +0000
+
+ upstream commit
+
+ correctly hash hosts with a port number. Reported by Josh
+ Powers in bz#2692; ok dtucker@
+
+ Upstream-ID: 468e357ff143e00acc05bdd2803a696b3d4b6442
+
+commit 9747b9c742de409633d4753bf1a752cbd211e2d3
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Mar 10 03:15:58 2017 +0000
+
+ upstream commit
+
+ don't truncate off \r\n from long stderr lines; bz#2688,
+ reported by Brian Dyson; ok dtucker@
+
+ Upstream-ID: cdfdc4ba90639af807397ce996153c88af046ca4
+
+commit 4a4b75adac862029a1064577eb5af299b1580cdd
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri Mar 10 02:59:51 2017 +0000
+
+ upstream commit
+
+ Validate digest arg in ssh_digest_final; from jjelen at
+ redhat.com via bz#2687, ok djm@
+
+ Upstream-ID: dbe5494dfddfe523fab341a3dab5a79e7338f878
+
+commit bee0167be2340d8de4bdc1ab1064ec957c85a447
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri Mar 10 13:40:18 2017 +1100
+
+ Check for NULL from malloc.
+
+ Part of bz#2687, from jjelen at redhat.com.
+
+commit da39b09d43b137a5a3d071b51589e3efb3701238
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri Mar 10 13:22:32 2017 +1100
+
+ If OSX is using launchd, remove screen no.
+
+ Check for socket with and without screen number. From Apple and Jakob
+ Schlyter via bz#2341, with contributions from Ron Frederick, ok djm@
+
+commit 8fb15311a011517eb2394bb95a467c209b8b336c
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Mar 8 12:07:47 2017 +0000
+
+ upstream commit
+
+ quote [host]:port in generated ProxyJump commandline; the
+ [ / ] characters can confuse some shells (e.g. zsh). Reported by Lauri
+ Tirkkonen via bugs@
+
+ Upstream-ID: 65cdd161460e1351c3d778e974c1c2a4fa4bc182
+
+commit 18501151cf272a15b5f2c5e777f2e0933633c513
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Mon Mar 6 02:03:20 2017 +0000
+
+ upstream commit
+
+ Check l->hosts before dereferencing; fixes potential null
+ pointer deref. ok djm@
+
+ Upstream-ID: 81c0327c6ec361da794b5c680601195cc23d1301
+
+commit d072370793f1a20f01ad827ba8fcd3b8f2c46165
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Mon Mar 6 00:44:51 2017 +0000
+
+ upstream commit
+
+ linenum is unsigned long so use %lu in log formats. ok
+ deraadt@
+
+ Upstream-ID: 9dc582d9bb887ebe0164e030d619fc20b1a4ea08
+
+commit 12d3767ba4c84c32150cbe6ff6494498780f12c9
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Mar 3 06:13:11 2017 +0000
+
+ upstream commit
+
+ fix ssh-keygen -H accidentally corrupting known_hosts that
+ contained already-hashed entries. HKF_MATCH_HOST_HASHED is only set by
+ hostkeys_foreach() when hostname matching is in use, so we need to look for
+ the hash marker explicitly.
+
+ Upstream-ID: da82ad653b93e8a753580d3cf5cd448bc2520528
+
+commit d7abb771bd5a941b26144ba400a34563a1afa589
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Feb 28 06:10:08 2017 +0000
+
+ upstream commit
+
+ small memleak: free fd_set on connection timeout (though
+ we are heading to exit anyway). From Tom Rix in bz#2683
+
+ Upstream-ID: 10e3dadbb8199845b66581473711642d9e6741c4
+
+commit 78142e3ab3887e53a968d6e199bcb18daaf2436e
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date: Mon Feb 27 14:30:33 2017 +0000
+
+ upstream commit
+
+ errant dot; from klemens nanni
+
+ Upstream-ID: 83d93366a5acf47047298c5d3ebc5e7426f37921
+
+commit 8071a6924c12bb51406a9a64a4b2892675112c87
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Feb 24 03:16:34 2017 +0000
+
+ upstream commit
+
+ might as well set the listener socket CLOEXEC
+
+ Upstream-ID: 9c538433d6a0ca79f5f21decc5620e46fb68ab57
+
+commit d5499190559ebe374bcdfa8805408646ceffad64
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sun Feb 19 00:11:29 2017 +0000
+
+ upstream commit
+
+ add test cases for C locale; ok schwarze@
+
+ Upstream-Regress-ID: 783d75de35fbc923d46e2a5e6cee30f8f381ba87
+
+commit 011c8ffbb0275281a0cf330054cf21be10c43e37
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sun Feb 19 00:10:57 2017 +0000
+
+ upstream commit
+
+ Add a common nl_langinfo(CODESET) alias for US-ASCII
+ "ANSI_X3.4-1968" that is used by Linux. Fixes mprintf output truncation for
+ non-UTF-8 locales on Linux spotted by dtucker@; ok deraadt@ schwarze@
+
+ Upstream-ID: c6808956ebffd64066f9075d839f74ff0dd60719
+
+commit 0c4430a19b73058a569573492f55e4c9eeaae67b
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Tue Feb 7 23:03:11 2017 +0000
+
+ upstream commit
+
+ Remove deprecated SSH1 options RSAAuthentication and
+ RhostsRSAAuthentication from regression test sshd_config.
+
+ Upstream-Regress-ID: 8066b753d9dce7cf02ff87af5c727ff680d99491
+
+commit 3baa4cdd197c95d972ec3d07f1c0d08f2d7d9199
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri Feb 17 02:32:05 2017 +0000
+
+ upstream commit
+
+ Do not show rsa1 key type in usage when compiled without
+ SSH1 support.
+
+ Upstream-ID: 068b5c41357a02f319957746fa4e84ea73960f57
+
+commit ecc35893715f969e98fee118481f404772de4132
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri Feb 17 02:31:14 2017 +0000
+
+ upstream commit
+
+ ifdef out "rsa1" from the list of supported keytypes when
+ compiled without SSH1 support. Found by kdunlop at guralp.com, ok djm@
+
+ Upstream-ID: cea93a26433d235bb1d64b1d990f19a9c160a70f
+
+commit 10577c6d96a55b877a960b2d0b75edef1b9945af
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Feb 17 02:04:15 2017 +0000
+
+ upstream commit
+
+ For ProxyJump/-J, surround host name with brackets to
+ allow literal IPv6 addresses. From Dick Visser; ok dtucker@
+
+ Upstream-ID: 3a5d3b0171250daf6a5235e91bce09c1d5746bf1
+
+commit b2afdaf1b52231aa23d2153f4a8c5a60a694dda4
+Author: jsg@openbsd.org <jsg@openbsd.org>
+Date: Wed Feb 15 23:38:31 2017 +0000
+
+ upstream commit
+
+ Fix memory leaks in match_filter_list() error paths.
+
+ ok dtucker@ markus@
+
+ Upstream-ID: c7f96ac0877f6dc9188bbc908100a8d246cc7f0e
+
+commit 6d5a41b38b55258213ecfaae9df7a758caa752a1
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Feb 15 01:46:47 2017 +0000
+
+ upstream commit
+
+ fix division by zero crash in "df" output when server
+ returns zero total filesystem blocks/inodes. Spotted by Guido Vranken; ok
+ dtucker@
+
+ Upstream-ID: 6fb6c2ae6b289aa07b6232dbc0be54682ef5419f
+
+commit bd5d7d239525d595ecea92765334af33a45d9d63
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Sun Feb 12 15:45:15 2017 +1100
+
+ ifdef out EVP_R_PRIVATE_KEY_DECODE_ERROR
+
+ EVP_R_PRIVATE_KEY_DECODE_ERROR was added in OpenSSL 1.0.0 so ifdef out
+ for the benefit of OpenSSL versions prior to that.
+
+commit 155d540d00ff55f063421ec182ec8ff2b7ab6cbe
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Feb 10 04:34:50 2017 +0000
+
+ upstream commit
+
+ bring back r1.34 that was backed out for problems loading
+ public keys:
+
+ translate OpenSSL error codes to something more
+ meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@
+
+ with additional fix from Jakub Jelen to solve the backout.
+ bz#2525 bz#2523 re-ok dtucker@
+
+ Upstream-ID: a9d5bc0306f4473d9b4f4484f880e95f3c1cc031
+
+commit a287c5ad1e0bf9811c7b9221979b969255076019
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Feb 10 03:36:40 2017 +0000
+
+ upstream commit
+
+ Sanitise escape sequences in key comments sent to printf
+ but preserve valid UTF-8 when the locale supports it; bz#2520 ok dtucker@
+
+ Upstream-ID: e8eed28712ba7b22d49be534237eed019875bd1e
+
+commit e40269be388972848aafcca7060111c70aab5b87
+Author: millert@openbsd.org <millert@openbsd.org>
+Date: Wed Feb 8 20:32:43 2017 +0000
+
+ upstream commit
+
+ Avoid printf %s NULL. From semarie@, OK djm@
+
+ Upstream-ID: 06beef7344da0208efa9275d504d60d2a5b9266c
+
+commit 5b90709ab8704dafdb31e5651073b259d98352bc
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Feb 6 09:22:51 2017 +0000
+
+ upstream commit
+
+ Restore \r\n newline sequence for server ident string. The CR
+ got lost in the flensing of SSHv1. Pointed out by Stef Bon
+
+ Upstream-ID: 5333fd43ce5396bf5999496096fac5536e678fac
+
+commit 97c31c46ee2e6b46dfffdfc4f90bbbf188064cbc
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Feb 3 23:01:42 2017 +0000
+
+ upstream commit
+
+ unit test for match_filter_list() function; still want a
+ better name for this...
+
+ Upstream-Regress-ID: 840ad6118552c35111f0a897af9c8d93ab8de92a
+
+commit f1a193464a7b77646f0d0cedc929068e4a413ab4
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Feb 3 23:05:57 2017 +0000
+
+ upstream commit
+
+ use ssh_packet_set_log_preamble() to include connection
+ username in packet log messages, e.g.
+
+ Connection closed by invalid user foo 10.1.1.1 port 44056 [preauth]
+
+ ok markus@ bz#113
+
+ Upstream-ID: 3591b88bdb5416d6066fb3d49d8fff2375bf1a15
+
+commit 07edd7e9537ab32aa52abb5fb2a915c350fcf441
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Feb 3 23:03:33 2017 +0000
+
+ upstream commit
+
+ add ssh_packet_set_log_preamble() to allow inclusion of a
+ preamble string in disconnect messages; ok markus@
+
+ Upstream-ID: 34cb41182cd76d414c214ccb01c01707849afead
+
+commit 68bc8cfa7642d3ccbf2cd64281c16b8b9205be59
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Feb 3 23:01:19 2017 +0000
+
+ upstream commit
+
+ support =- for removing methods from algorithms lists,
+ e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671 "I like
+ it" markus@
+
+ Upstream-ID: c78c38f9f81a963b33d0eade559f6048add24a6d
+
+commit c924b2ef941028a1f31e6e94f54dfeeeef462a4e
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Feb 3 05:05:56 2017 +0000
+
+ upstream commit
+
+ allow form-feed characters at EOL; bz#2431 ok dtucker@
+
+ Upstream-ID: 1f453afaba6da2ae69d6afdf1ae79a917552f1a2
+
+commit 523db8540b720c4d21ab0ff6f928476c70c38aab
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Feb 3 16:01:22 2017 +1100
+
+ prefer to use ldns-config to find libldns
+
+ Should fix bz#2603 - "Build with ldns and without kerberos support
+ fails if ldns compiled with kerberos support" by including correct
+ cflags/libs
+
+ ok dtucker@
+
+commit c998bf0afa1a01257a53793eba57941182e9e0b7
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri Feb 3 02:56:00 2017 +0000
+
+ upstream commit
+
+ Make ssh_packet_set_rekey_limits take u32 for the number of
+ seconds until rekeying (negative values are rejected at config parse time).
+ This allows the removal of some casts and a signed vs unsigned comparison
+ warning.
+
+ rekey_time is cast to int64 for the comparison which is a no-op
+ on OpenBSD, but should also do the right thing in -portable on
+ anything still using 32bit time_t (until the system time actually
+ wraps, anyway).
+
+ some early guidance deraadt@, ok djm@
+
+ Upstream-ID: c9f18613afb994a07e7622eb326f49de3d123b6c
+
+commit 3ec5fa4ba97d4c4853620daea26a33b9f1fe3422
+Author: jsg@openbsd.org <jsg@openbsd.org>
+Date: Thu Feb 2 10:54:25 2017 +0000
+
+ upstream commit
+
+ In vasnmprintf() return an error if malloc fails and
+ don't set a function argument to the address of free'd memory.
+
+ ok djm@
+
+ Upstream-ID: 1efffffff2f51d53c9141f245b90ac23d33b9779
+
+commit 858252fb1d451ebb0969cf9749116c8f0ee42753
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Wed Feb 1 02:59:09 2017 +0000
+
+ upstream commit
+
+ Return true reason for port forwarding failures where
+ feasible rather than always "administratively prohibited". bz#2674, ok djm@
+
+ Upstream-ID: d901d9887951774e604ca970e1827afaaef9e419
+
+commit 6ba9f893838489add6ec4213c7a997b425e4a9e0
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Mon Jan 30 23:27:39 2017 +0000
+
+ upstream commit
+
+ Small correction to the known_hosts section on when it is
+ updated. Patch from lkppo at free.fr some time ago, pointed out by smallm at
+ sdf.org
+
+ Upstream-ID: 1834d7af179dea1a12ad2137f84566664af225d5
+
+commit c61d5ec3c11e7ff9779b6127421d9f166cf10915
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Fri Feb 3 14:10:34 2017 +1100
+
+ Remove _XOPEN_SOURCE from wide char detection.
+
+ Having _XOPEN_SOURCE unconditionally causes problems on some platforms
+ and configurations, notably Solaris 64-bit binaries. It was there for
+ the benefit of Linux put the required bits in the *-*linux* section.
+
+ Patch from yvoinov at gmail.com.
+
+commit f25ee13b3e81fd80efeb871dc150fe49d7fc8afd
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Jan 30 05:22:14 2017 +0000
+
+ upstream commit
+
+ fully unbreak: some $SSH invocations did not have -F
+ specified and could pick up the ~/.ssh/config of the user running the tests
+
+ Upstream-Regress-ID: f362d1892c0d3e66212d5d3fc02d915c58ef6b89
+
+commit 6956e21fb26652887475fe77ea40d2efcf25908b
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Jan 30 04:54:07 2017 +0000
+
+ upstream commit
+
+ partially unbreak: was not specifying hostname on some
+ $SSH invocations
+
+ Upstream-Regress-ID: bc8a5e98e57bad0a92ef4f34ed91c1d18294e2cc
+
+commit 52763dd3fe0a4678dafdf7aeb32286e514130afc
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Jan 30 01:03:00 2017 +0000
+
+ upstream commit
+
+ revise keys/principals command hang fix (bz#2655) to
+ consume entire output, avoiding sending SIGPIPE to subprocesses early; ok
+ dtucker@
+
+ Upstream-ID: 7cb04b31a61f8c78c4e48ceededcd2fd5c4ee1bc
+
+commit 381a2615a154a82c4c53b787f4a564ef894fe9ac
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Jan 30 00:38:50 2017 +0000
+
+ upstream commit
+
+ small cleanup post SSHv1 removal:
+
+ remove SSHv1-isms in commented examples
+
+ reorder token table to group deprecated and compile-time conditional tokens
+ better
+
+ fix config dumping code for some compile-time conditional options that
+ weren't being correctly skipped (SSHv1 and PKCS#11)
+
+ Upstream-ID: f2e96b3cb3158d857c5a91ad2e15925df3060105
+
+commit 4833d01591b7eb049489d9558b65f5553387ed43
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Jan 30 00:34:01 2017 +0000
+
+ upstream commit
+
+ some explicit NULL tests when dumping configured
+ forwardings; from Karsten Weiss
+
+ Upstream-ID: 40957b8dea69672b0e50df6b4a91a94e3e37f72d
+
+commit 326e2fae9f2e3e067b5651365eba86b35ee5a6b2
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Jan 30 00:32:28 2017 +0000
+
+ upstream commit
+
+ misplaced braces in test; from Karsten Weiss
+
+ Upstream-ID: f7b794074d3aae8e35b69a91d211c599c94afaae
+
+commit 3e032a95e46bfaea9f9e857678ac8fa5f63997fb
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Jan 30 00:32:03 2017 +0000
+
+ upstream commit
+
+ don't dereference authctxt before testing != NULL, it
+ causes compilers to make assumptions; from Karsten Weiss
+
+ Upstream-ID: 794243aad1e976ebc717885b7a97a25e00c031b2
+
+commit 01cfaa2b1cfb84f3cdd32d1bf82b120a8d30e057
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Jan 6 02:51:16 2017 +0000
+
+ upstream commit
+
+ use correct ssh-add program; bz#2654, from Colin Watson
+
+ Upstream-Regress-ID: 7042a36e1bdaec6562f6e57e9d047efe9c7a6030
+
+commit e5c7ec67cdc42ae2584085e0fc5cc5ee91133cf5
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri Jan 6 02:26:10 2017 +0000
+
+ upstream commit
+
+ Account for timeouts in the integrity tests as failures.
+
+ If the first test in a series for a given MAC happens to modify the low
+ bytes of a packet length, then ssh will time out and this will be
+ interpreted as a test failure. Patch from cjwatson at debian.org via
+ bz#2658.
+
+ Upstream-Regress-ID: e7467613b0badedaa300bc6fc7495ec2f44e2fb9
+
+commit dbaf599b61bd6e0f8469363a8c8e7f633b334018
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri Jan 6 02:09:25 2017 +0000
+
+ upstream commit
+
+ Make forwarding test less racy by using unix domain
+ sockets instead of TCP ports where possible. Patch from cjwatson at
+ debian.org via bz#2659.
+
+ Upstream-Regress-ID: 4756375aac5916ef9d25452a1c1d5fa9e90299a9
+
+commit 9390b0031ebd6eb5488d3bc4d4333c528dffc0a6
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Sun Jan 29 21:35:23 2017 +0000
+
+ upstream commit
+
+ Fix typo in ~C error message for bad port forward
+ cancellation. bz#2672, from Brad Marshall via Colin Watson and Ubuntu's
+ bugtracker.
+
+ Upstream-ID: 0d4a7e5ead6cc59c9a44b4c1e5435ab3aada09af
+
+commit 4ba15462ca38883b8a61a1eccc093c79462d5414
+Author: guenther@openbsd.org <guenther@openbsd.org>
+Date: Sat Jan 21 11:32:04 2017 +0000
+
+ upstream commit
+
+ The POSIX APIs that that sockaddrs all ignore the s*_len
+ field in the incoming socket, so userspace doesn't need to set it unless it
+ has its own reasons for tracking the size along with the sockaddr.
+
+ ok phessler@ deraadt@ florian@
+
+ Upstream-ID: ca6e49e2f22f2b9e81d6d924b90ecd7e422e7437
+
+commit a1187bd3ef3e4940af849ca953a1b849dae78445
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date: Fri Jan 6 16:28:12 2017 +0000
+
+ upstream commit
+
+ keep the tokens list sorted;
+
+ Upstream-ID: b96239dae4fb3aa94146bb381afabcc7740a1638
+
+commit b64077f9767634715402014f509e58decf1e140d
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Jan 6 09:27:52 2017 +0000
+
+ upstream commit
+
+ fix previous
+
+ Upstream-ID: c107d6a69bc22325d79fbf78a2a62e04bcac6895
+
+commit 5e820e9ea2e949aeb93071fe31c80b0c42f2b2de
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Jan 6 03:53:58 2017 +0000
+
+ upstream commit
+
+ show a useful error message when included config files
+ can't be opened; bz#2653, ok dtucker@
+
+ Upstream-ID: f598b73b5dfe497344cec9efc9386b4e5a3cb95b
+
+commit 13bd2e2d622d01dc85d22b94520a5b243d006049
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Jan 6 03:45:41 2017 +0000
+
+ upstream commit
+
+ sshd_config is documented to set
+ GSSAPIStrictAcceptorCheck=yes by default, so actually make it do this.
+ bz#2637 ok dtucker
+
+ Upstream-ID: 99ef8ac51f17f0f7aec166cb2e34228d4d72a665
+
+commit f89b928534c9e77f608806a217d39a2960cc7fd0
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Jan 6 03:41:58 2017 +0000
+
+ upstream commit
+
+ Avoid confusing error message when attempting to use
+ ssh-keyscan built without SSH protocol v.1 to scan for v.1 keys; bz#2583
+
+ Upstream-ID: 5d214abd3a21337d67c6dcc5aa6f313298d0d165
+
+commit 0999533014784579aa6f01c2d3a06e3e8804b680
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri Jan 6 02:34:54 2017 +0000
+
+ upstream commit
+
+ Re-add '%k' token for AuthorizedKeysCommand which was
+ lost during the re-org in rev 1.235. bz#2656, from jboning at gmail.com.
+
+ Upstream-ID: 2884e203c02764d7b3fe7472710d9c24bdc73e38
+
+commit 51045869fa084cdd016fdd721ea760417c0a3bf3
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Jan 4 05:37:40 2017 +0000
+
+ upstream commit
+
+ unbreak Unix domain socket forwarding for root; ok
+ markus@
+
+ Upstream-ID: 6649c76eb7a3fa15409373295ca71badf56920a2
+
+commit 58fca12ba967ea5c768653535604e1522d177e44
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Mon Jan 16 09:08:32 2017 +1100
+
+ Remove LOGIN_PROGRAM.
+
+ UseLogin is gone, remove leftover. bz#2665, from cjwatson at debian.org
+
+commit b108ce92aae0ca0376dce9513d953be60e449ae1
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Jan 4 02:21:43 2017 +0000
+
+ upstream commit
+
+ relax PKCS#11 whitelist a bit to allow libexec as well as
+ lib directories.
+
+ Upstream-ID: cf5617958e2e2d39f8285fd3bc63b557da484702
+
+commit c7995f296b9222df2846f56ecf61e5ae13d7a53d
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Jan 3 05:46:51 2017 +0000
+
+ upstream commit
+
+ check number of entries in SSH2_FXP_NAME response; avoids
+ unreachable overflow later. Reported by Jann Horn
+
+ Upstream-ID: b6b2b434a6d6035b1644ca44f24cd8104057420f
+
+commit ddd3d34e5c7979ca6f4a3a98a7d219a4ed3d98c2
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Dec 30 22:08:02 2016 +0000
+
+ upstream commit
+
+ fix deadlock when keys/principals command produces a lot of
+ output and a key is matched early; bz#2655, patch from jboning AT gmail.com
+
+ Upstream-ID: e19456429bf99087ea994432c16d00a642060afe
+
+commit 30eee7d1b2fec33c14870cc11910610be5d2aa6f
+Author: Darren Tucker <dtucker@zip.com.au>
+Date: Tue Dec 20 12:16:11 2016 +1100
+
+ Re-add missing "Prerequisites" header and fix typo
+
+ Patch from HARUYAMA Seigo <haruyama at unixuser org>.
+
+commit c8c60f3663165edd6a52632c6ddbfabfce1ca865
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Dec 19 22:35:23 2016 +0000
+
+ upstream commit
+
+ use standard /bin/sh equality test; from Mike Frysinger
+
+ Upstream-Regress-ID: 7b6f0b63525f399844c8ac211003acb8e4b0bec2
+
commit 4a354fc231174901f2629437c2a6e924a2dd6772
Author: Damien Miller <djm@mindrot.org>
Date: Mon Dec 19 15:59:26 2016 +1100
@@ -8221,2046 +9392,3 @@ Date: Wed Mar 11 00:48:39 2015 +0000
add back the changes from rev 1.206, djm reverted this by
mistake in rev 1.207
-
-commit 4d24b3b6a4a6383e05e7da26d183b79fa8663697
-Author: Damien Miller <djm@mindrot.org>
-Date: Fri Mar 20 09:11:59 2015 +1100
-
- remove error() accidentally inserted for debugging
-
- pointed out by Christian Hesse
-
-commit 9f82e5a9042f2d872e98f48a876fcab3e25dd9bb
-Author: Tim Rice <tim@multitalents.net>
-Date: Mon Mar 16 22:49:20 2015 -0700
-
- portability fix: Solaris systems may not have a grep that understands -q
-
-commit 8ef691f7d9ef500257a549d0906d78187490668f
-Author: Damien Miller <djm@google.com>
-Date: Wed Mar 11 10:35:26 2015 +1100
-
- fix compile with clang
-
-commit 4df590cf8dc799e8986268d62019b487a8ed63ad
-Author: Damien Miller <djm@google.com>
-Date: Wed Mar 11 10:02:39 2015 +1100
-
- make unit tests work for !OPENSSH_HAS_ECC
-
-commit 307bb40277ca2c32e97e61d70d1ed74b571fd6ba
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Sat Mar 7 04:41:48 2015 +0000
-
- upstream commit
-
- unbreak for w/SSH1 (default) case; ok markus@ deraadt@
-
-commit b44ee0c998fb4c5f3c3281f2398af5ce42840b6f
-Author: Damien Miller <djm@mindrot.org>
-Date: Thu Mar 5 18:39:20 2015 -0800
-
- unbreak hostkeys test for w/ SSH1 case
-
-commit 55e5bdeb519cb60cc18b7ba0545be581fb8598b4
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Mar 6 01:40:56 2015 +0000
-
- upstream commit
-
- fix sshkey_certify() return value for unsupported key types;
- ok markus@ deraadt@
-
-commit be8f658e550a434eac04256bfbc4289457a24e99
-Author: Damien Miller <djm@mindrot.org>
-Date: Wed Mar 4 15:38:03 2015 -0800
-
- update version numbers to match version.h
-
-commit ac5e8acefa253eb5e5ba186e34236c0e8007afdc
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Mar 4 23:22:35 2015 +0000
-
- upstream commit
-
- make these work with !SSH1; ok markus@ deraadt@
-
-commit 2f04af92f036b0c87a23efb259c37da98cd81fe6
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Mar 4 21:12:59 2015 +0000
-
- upstream commit
-
- make ssh-add -D work with !SSH1 agent
-
-commit a05adf95d2af6abb2b7826ddaa7a0ec0cdc1726b
-Author: Damien Miller <djm@mindrot.org>
-Date: Wed Mar 4 00:55:48 2015 -0800
-
- netcat needs poll.h portability goop
-
-commit dad2b1892b4c1b7e58df483a8c5b983c4454e099
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Tue Mar 3 22:35:19 2015 +0000
-
- upstream commit
-
- make it possible to run tests w/o ssh1 support; ok djm@
-
-commit d48a22601bdd3eec054794c535f4ae8d8ae4c6e2
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Mar 4 18:53:53 2015 +0000
-
- upstream commit
-
- crank; ok markus, deraadt
-
-commit bbffb23daa0b002dd9f296e396a9ab8a5866b339
-Author: Damien Miller <djm@mindrot.org>
-Date: Tue Mar 3 13:50:27 2015 -0800
-
- more --without-ssh1 fixes
-
-commit 6c2039286f503e2012a58a1d109e389016e7a99b
-Author: Damien Miller <djm@mindrot.org>
-Date: Tue Mar 3 13:48:48 2015 -0800
-
- fix merge both that broke --without-ssh1 compile
-
-commit 111dfb225478a76f89ecbcd31e96eaf1311b59d3
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Mar 3 21:21:13 2015 +0000
-
- upstream commit
-
- add SSH1 Makefile knob to make it easier to build without
- SSH1 support; ok markus@
-
-commit 3f7f5e6c5d2aa3f6710289c1a30119e534e56c5c
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Mar 3 20:42:49 2015 +0000
-
- upstream commit
-
- expand __unused to full __attribute__ for better portability
-
-commit 2fab9b0f8720baf990c931e3f68babb0bf9949c6
-Author: Damien Miller <djm@mindrot.org>
-Date: Wed Mar 4 07:41:27 2015 +1100
-
- avoid warning
-
-commit d1bc844322461f882b4fd2277ba9a8d4966573d2
-Author: Damien Miller <djm@mindrot.org>
-Date: Wed Mar 4 06:31:45 2015 +1100
-
- Revert "define __unused to nothing if not already defined"
-
- This reverts commit 1598419e38afbaa8aa5df8dd6b0af98301e2c908.
-
- Some system headers have objects named __unused
-
-commit 00797e86b2d98334d1bb808f65fa1fd47f328ff1
-Author: Damien Miller <djm@mindrot.org>
-Date: Wed Mar 4 05:02:45 2015 +1100
-
- check for crypt and DES_crypt in openssl block
-
- fixes builds on systems that use DES_crypt; based on patch
- from Roumen Petrov
-
-commit 1598419e38afbaa8aa5df8dd6b0af98301e2c908
-Author: Damien Miller <djm@mindrot.org>
-Date: Wed Mar 4 04:59:13 2015 +1100
-
- define __unused to nothing if not already defined
-
- fixes builds on BSD/OS
-
-commit d608a51daad4f14ad6ab43d7cf74ef4801cc3fe9
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Mar 3 17:53:40 2015 +0000
-
- upstream commit
-
- reorder logic for better portability; patch from Roumen
- Petrov
-
-commit 68d2dfc464fbcdf8d6387884260f9801f4352393
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Mar 3 06:48:58 2015 +0000
-
- upstream commit
-
- Allow "ssh -Q protocol-version" to list supported SSH
- protocol versions. Useful for detecting builds without SSH v.1 support; idea
- and ok markus@
-
-commit 39e2f1229562e1195169905607bc12290d21f021
-Author: millert@openbsd.org <millert@openbsd.org>
-Date: Sun Mar 1 15:44:40 2015 +0000
-
- upstream commit
-
- Make sure we only call getnameinfo() for AF_INET or AF_INET6
- sockets. getpeername() of a Unix domain socket may return without error on
- some systems without actually setting ss_family so getnameinfo() was getting
- called with ss_family set to AF_UNSPEC. OK djm@
-
-commit e47536ba9692d271b8ad89078abdecf0a1c11707
-Author: Damien Miller <djm@mindrot.org>
-Date: Sat Feb 28 08:20:11 2015 -0800
-
- portability fixes for regress/netcat.c
-
- Mostly avoiding "err(1, NULL)"
-
-commit 02973ad5f6f49d8420e50a392331432b0396c100
-Author: Damien Miller <djm@mindrot.org>
-Date: Sat Feb 28 08:05:27 2015 -0800
-
- twiddle another test for portability
-
- from Tom G. Christensen
-
-commit f7f3116abf2a6e2f309ab096b08c58d19613e5d0
-Author: Damien Miller <djm@mindrot.org>
-Date: Fri Feb 27 15:52:49 2015 -0800
-
- twiddle test for portability
-
-commit 1ad3a77cc9d5568f5437ff99d377aa7a41859b83
-Author: Damien Miller <djm@mindrot.org>
-Date: Thu Feb 26 20:33:22 2015 -0800
-
- make regress/netcat.c fd passing (more) portable
-
-commit 9e1cfca7e1fe9cf8edb634fc894e43993e4da1ea
-Author: Damien Miller <djm@mindrot.org>
-Date: Thu Feb 26 20:32:58 2015 -0800
-
- create OBJ/valgrind-out before running unittests
-
-commit bd58853102cee739f0e115e6d4b5334332ab1442
-Author: Damien Miller <djm@mindrot.org>
-Date: Wed Feb 25 16:58:22 2015 -0800
-
- valgrind support
-
-commit f43d17269194761eded9e89f17456332f4c83824
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Feb 26 20:45:47 2015 +0000
-
- upstream commit
-
- don't printf NULL key comments; reported by Tom Christensen
-
-commit 6e6458b476ec854db33e3e68ebf4f489d0ab3df8
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Feb 25 23:05:47 2015 +0000
-
- upstream commit
-
- zero cmsgbuf before use; we initialise the bits we use
- but valgrind still spams warning on it
-
-commit a63cfa26864b93ab6afefad0b630e5358ed8edfa
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Feb 25 19:54:02 2015 +0000
-
- upstream commit
-
- fix small memory leak when UpdateHostkeys=no
-
-commit e6b950341dd75baa8526f1862bca39e52f5b879b
-Author: Tim Rice <tim@multitalents.net>
-Date: Wed Feb 25 09:56:48 2015 -0800
-
- Revert "Work around finicky USL linker so netcat will build."
-
- This reverts commit d1db656021d0cd8c001a6692f772f1de29b67c8b.
-
- No longer needed with commit 678e473e2af2e4802f24dd913985864d9ead7fb3
-
-commit 6f621603f9cff2a5d6016a404c96cb2f8ac2dec0
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Feb 25 17:29:38 2015 +0000
-
- upstream commit
-
- don't leak validity of user in "too many authentication
- failures" disconnect message; reported by Sebastian Reitenbach
-
-commit 6288e3a935494df12519164f52ca5c8c65fc3ca5
-Author: naddy@openbsd.org <naddy@openbsd.org>
-Date: Tue Feb 24 15:24:05 2015 +0000
-
- upstream commit
-
- add -v (show ASCII art) to -l's synopsis; ok djm@
-
-commit 678e473e2af2e4802f24dd913985864d9ead7fb3
-Author: Darren Tucker <dtucker@zip.com.au>
-Date: Thu Feb 26 04:12:58 2015 +1100
-
- Remove dependency on xmalloc.
-
- Remove ssh_get_progname's dependency on xmalloc, which should reduce
- link order problems. ok djm@
-
-commit 5d5ec165c5b614b03678afdad881f10e25832e46
-Author: Darren Tucker <dtucker@zip.com.au>
-Date: Wed Feb 25 15:32:49 2015 +1100
-
- Restrict ECDSA and ECDH tests.
-
- ifdef out some more ECDSA and ECDH tests when built against an OpenSSL
- that does not have eliptic curve functionality.
-
-commit 1734e276d99b17e92d4233fac7aef3a3180aaca7
-Author: Darren Tucker <dtucker@zip.com.au>
-Date: Wed Feb 25 13:40:45 2015 +1100
-
- Move definition of _NSIG.
-
- _NSIG is only unsed in one file, so move it there prevent redefinition
- warnings reported by Kevin Brott.
-
-commit a47ead7c95cfbeb72721066c4da2312e5b1b9f3d
-Author: Darren Tucker <dtucker@zip.com.au>
-Date: Wed Feb 25 13:17:40 2015 +1100
-
- Add includes.h for compatibility stuff.
-
-commit 38806bda6d2e48ad32812b461eebe17672ada771
-Author: Damien Miller <djm@mindrot.org>
-Date: Tue Feb 24 16:50:06 2015 -0800
-
- include netdb.h to look for MAXHOSTNAMELEN; ok tim
-
-commit d1db656021d0cd8c001a6692f772f1de29b67c8b
-Author: Tim Rice <tim@multitalents.net>
-Date: Tue Feb 24 10:42:08 2015 -0800
-
- Work around finicky USL linker so netcat will build.
-
-commit cb030ce25f555737e8ba97bdd7883ac43f3ff2a3
-Author: Damien Miller <djm@mindrot.org>
-Date: Tue Feb 24 09:23:04 2015 -0800
-
- include includes.h to avoid build failure on AIX
-
-commit 13af342458f5064144abbb07e5ac9bbd4eb42567
-Author: Tim Rice <tim@multitalents.net>
-Date: Tue Feb 24 07:56:47 2015 -0800
-
- Original portability patch from djm@ for platforms missing err.h.
- Fix name space clash on Solaris 10. Still more to do for Solaris 10
- to deal with msghdr structure differences. ok djm@
-
-commit 910209203d0cd60c5083901cbcc0b7b44d9f48d2
-Author: Tim Rice <tim@multitalents.net>
-Date: Mon Feb 23 22:06:56 2015 -0800
-
- cleaner way fix dispatch.h portion of commit
- a88dd1da119052870bb2654c1a32c51971eade16
- (some systems have sig_atomic_t in signal.h, some in sys/signal.h)
- Sounds good to me djm@
-
-commit 676c38d7cbe65b76bbfff796861bb6615cc6a596
-Author: Tim Rice <tim@multitalents.net>
-Date: Mon Feb 23 21:51:33 2015 -0800
-
- portability fix: if we can't dind a better define for HOST_NAME_MAX, use 255
-
-commit 1221b22023dce38cbc90ba77eae4c5d78c77a5e6
-Author: Tim Rice <tim@multitalents.net>
-Date: Mon Feb 23 21:50:34 2015 -0800
-
- portablity fix: s/__inline__/inline/
-
-commit 4c356308a88d309c796325bb75dce90ca16591d5
-Author: Darren Tucker <dtucker@zip.com.au>
-Date: Tue Feb 24 13:49:31 2015 +1100
-
- Wrap stdint.h includes in HAVE_STDINT_H.
-
-commit c9c88355c6a27a908e7d1e5003a2b35ea99c1614
-Author: Darren Tucker <dtucker@zip.com.au>
-Date: Tue Feb 24 13:43:57 2015 +1100
-
- Add AI_NUMERICSERV to fake-rfc2553.
-
- Our getaddrinfo implementation always returns numeric values already.
-
-commit ef342ab1ce6fb9a4b30186c89c309d0ae9d0eeb4
-Author: Darren Tucker <dtucker@zip.com.au>
-Date: Tue Feb 24 13:39:57 2015 +1100
-
- Include OpenSSL's objects.h before bn.h.
-
- Prevents compile errors on some platforms (at least old GCCs and AIX's
- XLC compilers).
-
-commit dcc8997d116f615195aa7c9ec019fb36c28c6228
-Author: Darren Tucker <dtucker@zip.com.au>
-Date: Tue Feb 24 12:30:59 2015 +1100
-
- Convert two macros into functions.
-
- Convert packet_send_debug and packet_disconnect from macros to
- functions. Some older GCCs (2.7.x, 2.95.x) see to have problems with
- variadic macros with only one argument so we convert these two into
- functions. ok djm@
-
-commit 2285c30d51b7e2052c6526445abe7e7cc7e170a1
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Feb 23 22:21:21 2015 +0000
-
- upstream commit
-
- further silence spurious error message even when -v is
- specified (e.g. to get visual host keys); reported by naddy@
-
-commit 9af21979c00652029e160295e988dea40758ece2
-Author: Damien Miller <djm@mindrot.org>
-Date: Tue Feb 24 09:04:32 2015 +1100
-
- don't include stdint.h unless HAVE_STDINT_H set
-
-commit 62f678dd51660d6f8aee1da33d3222c5de10a89e
-Author: Damien Miller <djm@mindrot.org>
-Date: Tue Feb 24 09:02:54 2015 +1100
-
- nother sys/queue.h -> sys-queue.h fix
-
- spotted by Tom Christensen
-
-commit b3c19151cba2c0ed01b27f55de0d723ad07ca98f
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Feb 23 20:32:15 2015 +0000
-
- upstream commit
-
- fix a race condition by using a mux socket rather than an
- ineffectual wait statement
-
-commit a88dd1da119052870bb2654c1a32c51971eade16
-Author: Damien Miller <djm@mindrot.org>
-Date: Tue Feb 24 06:30:29 2015 +1100
-
- various include fixes for portable
-
-commit 5248429b5ec524d0a65507cff0cdd6e0cb99effd
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Feb 23 16:55:51 2015 +0000
-
- upstream commit
-
- add an XXX to remind me to improve sshkey_load_public
-
-commit e94e4b07ef2eaead38b085a60535df9981cdbcdb
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Feb 23 16:55:31 2015 +0000
-
- upstream commit
-
- silence a spurious error message when listing
- fingerprints for known_hosts; bz#2342
-
-commit f2293a65392b54ac721f66bc0b44462e8d1d81f8
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Feb 23 16:33:25 2015 +0000
-
- upstream commit
-
- fix setting/clearing of TTY raw mode around
- UpdateHostKeys=ask confirmation question; reported by Herb Goldman
-
-commit f2004cd1adf34492eae0a44b1ef84e0e31b06088
-Author: Darren Tucker <dtucker@zip.com.au>
-Date: Mon Feb 23 05:04:21 2015 +1100
-
- Repair for non-ECC OpenSSL.
-
- Ifdef out the ECC parts when building with an OpenSSL that doesn't have
- it.
-
-commit 37f9220db8d1a52c75894c3de1e5f2ae5bd71b6f
-Author: Darren Tucker <dtucker@zip.com.au>
-Date: Mon Feb 23 03:07:24 2015 +1100
-
- Wrap stdint.h includes in ifdefs.
-
-commit f81f1bbc5b892c8614ea740b1f92735652eb43f0
-Author: Tim Rice <tim@multitalents.net>
-Date: Sat Feb 21 18:12:10 2015 -0800
-
- out of tree build fix
-
-commit 2e13a1e4d22f3b503c3bfc878562cc7386a1d1ae
-Author: Tim Rice <tim@multitalents.net>
-Date: Sat Feb 21 18:08:51 2015 -0800
-
- mkdir kex unit test directory so testing out of tree builds works
-
-commit 1797f49b1ba31e8700231cd6b1d512d80bb50d2c
-Author: halex@openbsd.org <halex@openbsd.org>
-Date: Sat Feb 21 21:46:57 2015 +0000
-
- upstream commit
-
- make "ssh-add -d" properly remove a corresponding
- certificate, and also not whine and fail if there is none
-
- ok djm@
-
-commit 7faaa32da83a609059d95dbfcb0649fdb04caaf6
-Author: Damien Miller <djm@mindrot.org>
-Date: Sun Feb 22 07:57:27 2015 +1100
-
- mkdir hostkey and bitmap unit test directories
-
-commit bd49da2ef197efac5e38f5399263a8b47990c538
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Feb 20 23:46:01 2015 +0000
-
- upstream commit
-
- sort options useable under Match case-insensitively; prodded
- jmc@
-
-commit 1a779a0dd6cd8b4a1a40ea33b5415ab8408128ac
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Sat Feb 21 20:51:02 2015 +0000
-
- upstream commit
-
- correct paths to configuration files being written/updated;
- they live in $OBJ not cwd; some by Roumen Petrov
-
-commit 28ba006c1acddff992ae946d0bc0b500b531ba6b
-Author: Darren Tucker <dtucker@zip.com.au>
-Date: Sat Feb 21 15:41:07 2015 +1100
-
- More correct checking of HAVE_DECL_AI_NUMERICSERV.
-
-commit e50e8c97a9cecae1f28febccaa6ca5ab3bc10f54
-Author: Darren Tucker <dtucker@zip.com.au>
-Date: Sat Feb 21 15:10:33 2015 +1100
-
- Add null declaration of AI_NUMERICINFO.
-
- Some platforms (older FreeBSD and DragonFly versions) do have
- getaddrinfo() but do not have AI_NUMERICINFO. so define it to zero
- in those cases.
-
-commit 18a208d6a460d707a45916db63a571e805f5db46
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Feb 20 22:40:32 2015 +0000
-
- upstream commit
-
- more options that are available under Match; bz#2353 reported
- by calestyo AT scientia.net
-
-commit 44732de06884238049f285f1455b2181baa7dc82
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Feb 20 22:17:21 2015 +0000
-
- upstream commit
-
- UpdateHostKeys fixes:
-
- I accidentally changed the format of the hostkeys@openssh.com messages
- last week without changing the extension name, and this has been causing
- connection failures for people who are running -current. First reported
- by sthen@
-
- s/hostkeys@openssh.com/hostkeys-00@openssh.com/
- Change the name of the proof message too, and reorder it a little.
-
- Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY
- available to read the response) so disable UpdateHostKeys if it is in
- ask mode and ControlPersist is active (and document this)
-
-commit 13a39414d25646f93e6d355521d832a03aaaffe2
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Feb 17 00:14:05 2015 +0000
-
- upstream commit
-
- Regression: I broke logging of public key fingerprints in
- 1.46. Pointed out by Pontus Lundkvist
-
-commit 773dda25e828c4c9a52f7bdce6e1e5924157beab
-Author: Damien Miller <djm@mindrot.org>
-Date: Fri Jan 30 23:10:17 2015 +1100
-
- repair --without-openssl; broken in refactor
-
-commit e89c780886b23600de1e1c8d74aabd1ff61f43f0
-Author: Damien Miller <djm@google.com>
-Date: Tue Feb 17 10:04:55 2015 +1100
-
- hook up hostkeys unittest to portable Makefiles
-
-commit 0abf41f99aa16ff09b263bead242d6cb2dbbcf99
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Feb 16 22:21:03 2015 +0000
-
- upstream commit
-
- enable hostkeys unit tests
-
-commit 68a5d647ccf0fb6782b2f749433a1eee5bc9044b
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Feb 16 22:20:50 2015 +0000
-
- upstream commit
-
- check string/memory compare arguments aren't NULL
-
-commit ef575ef20d09f20722e26b45dab80b3620469687
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Feb 16 22:18:34 2015 +0000
-
- upstream commit
-
- unit tests for hostfile.c code, just hostkeys_foreach so
- far
-
-commit 8ea3365e6aa2759ccf5c76eaea62cbc8a280b0e7
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Sat Feb 14 12:43:16 2015 +0000
-
- upstream commit
-
- test server rekey limit
-
-commit ce63c4b063c39b2b22d4ada449c9e3fbde788cb3
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Feb 16 22:30:03 2015 +0000
-
- upstream commit
-
- partial backout of:
-
- revision 1.441
- date: 2015/01/31 20:30:05; author: djm; state: Exp; lines: +17 -10; commitid
- : x8klYPZMJSrVlt3O;
- Let sshd load public host keys even when private keys are missing.
- Allows sshd to advertise additional keys for future key rotation.
- Also log fingerprint of hostkeys loaded; ok markus@
-
- hostkey updates now require access to the private key, so we can't
- load public keys only. The improved log messages (fingerprints of keys
- loaded) are kept.
-
-commit 523463a3a2a9bfc6cfc5afa01bae9147f76a37cc
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Feb 16 22:13:32 2015 +0000
-
- upstream commit
-
- Revise hostkeys@openssh.com hostkey learning extension.
-
- The client will not ask the server to prove ownership of the private
- halves of any hitherto-unseen hostkeys it offers to the client.
-
- Allow UpdateHostKeys option to take an 'ask' argument to let the
- user manually review keys offered.
-
- ok markus@
-
-commit 6c5c949782d86a6e7d58006599c7685bfcd01685
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Feb 16 22:08:57 2015 +0000
-
- upstream commit
-
- Refactor hostkeys_foreach() and dependent code Deal with
- IP addresses (i.e. CheckHostIP) Don't clobber known_hosts when nothing
- changed ok markus@ as part of larger commit
-
-commit 51b082ccbe633dc970df1d1f4c9c0497115fe721
-Author: miod@openbsd.org <miod@openbsd.org>
-Date: Mon Feb 16 18:26:26 2015 +0000
-
- upstream commit
-
- Declare ge25519_base as extern, to prevent it from
- becoming a common. Gets us rid of ``lignment 4 of symbol
- `crypto_sign_ed25519_ref_ge25519_base' in mod_ge25519.o is smaller than 16 in
- mod_ed25519.o'' warnings at link time.
-
-commit 02db468bf7e3281a8e3c058ced571b38b6407c34
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Fri Feb 13 18:57:00 2015 +0000
-
- upstream commit
-
- make rekey_limit for sshd w/privsep work; ok djm@
- dtucker@
-
-commit 8ec67d505bd23c8bf9e17b7a364b563a07a58ec8
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Thu Feb 12 20:34:19 2015 +0000
-
- upstream commit
-
- Prevent sshd spamming syslog with
- "ssh_dispatch_run_fatal: disconnected". ok markus@
-
-commit d4c0295d1afc342057ba358237acad6be8af480b
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Feb 11 01:20:38 2015 +0000
-
- upstream commit
-
- Some packet error messages show the address of the peer,
- but might be generated after the socket to the peer has suffered a TCP reset.
- In these cases, getpeername() won't work so cache the address earlier.
-
- spotted in the wild via deraadt@ and tedu@
-
-commit 4af1709cf774475ce5d1bc3ddcc165f6c222897d
-Author: jsg@openbsd.org <jsg@openbsd.org>
-Date: Mon Feb 9 23:22:37 2015 +0000
-
- upstream commit
-
- fix some leaks in error paths ok markus@
-
-commit fd36834871d06a03e1ff8d69e41992efa1bbf85f
-Author: millert@openbsd.org <millert@openbsd.org>
-Date: Fri Feb 6 23:21:59 2015 +0000
-
- upstream commit
-
- SIZE_MAX is standard, we should be using it in preference to
- the obsolete SIZE_T_MAX. OK miod@ beck@
-
-commit 1910a286d7771eab84c0b047f31c0a17505236fa
-Author: millert@openbsd.org <millert@openbsd.org>
-Date: Thu Feb 5 12:59:57 2015 +0000
-
- upstream commit
-
- Include stdint.h, not limits.h to get SIZE_MAX. OK guenther@
-
-commit ce4f59b2405845584f45e0b3214760eb0008c06c
-Author: deraadt@openbsd.org <deraadt@openbsd.org>
-Date: Tue Feb 3 08:07:20 2015 +0000
-
- upstream commit
-
- missing ; djm and mlarkin really having great
- interactions recently
-
-commit 5d34aa94938abb12b877a25be51862757f25d54b
-Author: halex@openbsd.org <halex@openbsd.org>
-Date: Tue Feb 3 00:34:14 2015 +0000
-
- upstream commit
-
- slightly extend the passphrase prompt if running with -c
- in order to give the user a chance to notice if unintentionally running
- without it
-
- wording tweak and ok djm@
-
-commit cb3bde373e80902c7d5d0db429f85068d19b2918
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Feb 2 22:48:53 2015 +0000
-
- upstream commit
-
- handle PKCS#11 C_Login returning
- CKR_USER_ALREADY_LOGGED_IN; based on patch from Yuri Samoilenko; ok markus@
-
-commit 15ad750e5ec3cc69765b7eba1ce90060e7083399
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Feb 2 07:41:40 2015 +0000
-
- upstream commit
-
- turn UpdateHostkeys off by default until I figure out
- mlarkin@'s warning message; requested by deraadt@
-
-commit 3cd5103c1e1aaa59bd66f7f52f6ebbcd5deb12f9
-Author: deraadt@openbsd.org <deraadt@openbsd.org>
-Date: Mon Feb 2 01:57:44 2015 +0000
-
- upstream commit
-
- increasing encounters with difficult DNS setups in
- darknets has convinced me UseDNS off by default is better ok djm
-
-commit 6049a548a8a68ff0bbe581ab1748ea6a59ecdc38
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Sat Jan 31 20:30:05 2015 +0000
-
- upstream commit
-
- Let sshd load public host keys even when private keys are
- missing. Allows sshd to advertise additional keys for future key rotation.
- Also log fingerprint of hostkeys loaded; ok markus@
-
-commit 46347ed5968f582661e8a70a45f448e0179ca0ab
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Jan 30 11:43:14 2015 +0000
-
- upstream commit
-
- Add a ssh_config HostbasedKeyType option to control which
- host public key types are tried during hostbased authentication.
-
- This may be used to prevent too many keys being sent to the server,
- and blowing past its MaxAuthTries limit.
-
- bz#2211 based on patch by Iain Morgan; ok markus@
-
-commit 802660cb70453fa4d230cb0233bc1bbdf8328de1
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Jan 30 10:44:49 2015 +0000
-
- upstream commit
-
- set a timeout to prevent hangs when talking to busted
- servers; ok markus@
-
-commit 86936ec245a15c7abe71a0722610998b0a28b194
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Jan 30 01:11:39 2015 +0000
-
- upstream commit
-
- regression test for 'wildcard CA' serial/key ID revocations
-
-commit 4509b5d4a4fa645a022635bfa7e86d09b285001f
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Jan 30 01:13:33 2015 +0000
-
- upstream commit
-
- avoid more fatal/exit in the packet.c paths that
- ssh-keyscan uses; feedback and "looks good" markus@
-
-commit 669aee994348468af8b4b2ebd29b602cf2860b22
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Jan 30 01:10:33 2015 +0000
-
- upstream commit
-
- permit KRLs that revoke certificates by serial number or
- key ID without scoping to a particular CA; ok markus@
-
-commit 7a2c368477e26575d0866247d3313da4256cb2b5
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Jan 30 00:59:19 2015 +0000
-
- upstream commit
-
- missing parentheses after if in do_convert_from() broke
- private key conversion from other formats some time in 2010; bz#2345 reported
- by jjelen AT redhat.com
-
-commit 25f5f78d8bf5c22d9cea8b49de24ebeee648a355
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Jan 30 00:22:25 2015 +0000
-
- upstream commit
-
- fix ssh protocol 1, spotted by miod@
-
-commit 9ce86c926dfa6e0635161b035e3944e611cbccf0
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Jan 28 22:36:00 2015 +0000
-
- upstream commit
-
- update to new API (key_fingerprint => sshkey_fingerprint)
- check sshkey_fingerprint return values; ok markus
-
-commit 9125525c37bf73ad3ee4025520889d2ce9d10f29
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Jan 28 22:05:31 2015 +0000
-
- upstream commit
-
- avoid fatal() calls in packet code makes ssh-keyscan more
- reliable against server failures ok dtucker@ markus@
-
-commit fae7bbe544cba7a9e5e4ab47ff6faa3d978646eb
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Jan 28 21:15:47 2015 +0000
-
- upstream commit
-
- avoid fatal() calls in packet code makes ssh-keyscan more
- reliable against server failures ok dtucker@ markus@
-
-commit 1a3d14f6b44a494037c7deab485abe6496bf2c60
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Jan 28 11:07:25 2015 +0000
-
- upstream commit
-
- remove obsolete comment
-
-commit 80c25b7bc0a71d75c43a4575d9a1336f589eb639
-Author: okan@openbsd.org <okan@openbsd.org>
-Date: Tue Jan 27 12:54:06 2015 +0000
-
- upstream commit
-
- Since r1.2 removed the use of PRI* macros, inttypes.h is
- no longer required.
-
- ok djm@
-
-commit 69ff64f69615c2a21c97cb5878a0996c21423257
-Author: Damien Miller <djm@mindrot.org>
-Date: Tue Jan 27 23:07:43 2015 +1100
-
- compile on systems without TCP_MD5SIG (e.g. OSX)
-
-commit 358964f3082fb90b2ae15bcab07b6105cfad5a43
-Author: Damien Miller <djm@mindrot.org>
-Date: Tue Jan 27 23:07:25 2015 +1100
-
- use ssh-keygen under test rather than system's
-
-commit a2c95c1bf33ea53038324d1fdd774bc953f98236
-Author: Damien Miller <djm@mindrot.org>
-Date: Tue Jan 27 23:06:59 2015 +1100
-
- OSX lacks HOST_NAME_MAX, has _POSIX_HOST_NAME_MAX
-
-commit ade31d7b6f608a19b85bee29a7a00b1e636a2919
-Author: Damien Miller <djm@mindrot.org>
-Date: Tue Jan 27 23:06:23 2015 +1100
-
- these need active_state defined to link on OSX
-
- temporary measure until active_state goes away entirely
-
-commit e56aa87502f22c5844918c10190e8b4f785f067b
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Jan 27 12:01:36 2015 +0000
-
- upstream commit
-
- use printf instead of echo -n to reduce diff against
- -portable
-
-commit 9f7637f56eddfaf62ce3c0af89c25480f2cf1068
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date: Mon Jan 26 13:55:29 2015 +0000
-
- upstream commit
-
- sort previous;
-
-commit 3076ee7d530d5b16842fac7a6229706c7e5acd26
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Jan 26 13:36:53 2015 +0000
-
- upstream commit
-
- properly restore umask
-
-commit d411d395556b73ba1b9e451516a0bd6697c4b03d
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Jan 26 06:12:18 2015 +0000
-
- upstream commit
-
- regression test for host key rotation
-
-commit fe8a3a51699afbc6407a8fae59b73349d01e49f8
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Jan 26 06:11:28 2015 +0000
-
- upstream commit
-
- adapt to sshkey API tweaks
-
-commit 7dd355fb1f0038a3d5cdca57ebab4356c7a5b434
-Author: miod@openbsd.org <miod@openbsd.org>
-Date: Sat Jan 24 10:39:21 2015 +0000
-
- upstream commit
-
- Move -lz late in the linker commandline for things to
- build on static arches.
-
-commit 0dad3b806fddb93c475b30853b9be1a25d673a33
-Author: miod@openbsd.org <miod@openbsd.org>
-Date: Fri Jan 23 21:21:23 2015 +0000
-
- upstream commit
-
- -Wpointer-sign is supported by gcc 4 only.
-
-commit 2b3b1c1e4bd9577b6e780c255c278542ea66c098
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Jan 20 22:58:57 2015 +0000
-
- upstream commit
-
- use SUBDIR to recuse into unit tests; makes "make obj"
- actually work
-
-commit 1d1092bff8db27080155541212b420703f8b9c92
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Jan 26 12:16:36 2015 +0000
-
- upstream commit
-
- correct description of UpdateHostKeys in ssh_config.5 and
- add it to -o lists for ssh, scp and sftp; pointed out by jmc@
-
-commit 5104db7cbd6cdd9c5971f4358e74414862fc1022
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Jan 26 06:10:03 2015 +0000
-
- upstream commit
-
- correctly match ECDSA subtype (== curve) for
- offered/recevied host keys. Fixes connection-killing host key mismatches when
- a server offers multiple ECDSA keys with different curve type (an extremely
- unlikely configuration).
-
- ok markus, "looks mechanical" deraadt@
-
-commit 8d4f87258f31cb6def9b3b55b6a7321d84728ff2
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Jan 26 03:04:45 2015 +0000
-
- upstream commit
-
- Host key rotation support.
-
- Add a hostkeys@openssh.com protocol extension (global request) for
- a server to inform a client of all its available host key after
- authentication has completed. The client may record the keys in
- known_hosts, allowing it to upgrade to better host key algorithms
- and a server to gracefully rotate its keys.
-
- The client side of this is controlled by a UpdateHostkeys config
- option (default on).
-
- ok markus@
-
-commit 60b1825262b1f1e24fc72050b907189c92daf18e
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Jan 26 02:59:11 2015 +0000
-
- upstream commit
-
- small refactor and add some convenience functions; ok
- markus
-
-commit a5a3e3328ddce91e76f71ff479022d53e35c60c9
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date: Thu Jan 22 21:00:42 2015 +0000
-
- upstream commit
-
- heirarchy -> hierarchy;
-
-commit dcff5810a11195c57e1b3343c0d6b6f2b9974c11
-Author: deraadt@openbsd.org <deraadt@openbsd.org>
-Date: Thu Jan 22 20:24:41 2015 +0000
-
- upstream commit
-
- Provide a warning about chroot misuses (which sadly, seem
- to have become quite popular because shiny). sshd cannot detect/manage/do
- anything about these cases, best we can do is warn in the right spot in the
- man page. ok markus
-
-commit 087266ec33c76fc8d54ac5a19efacf2f4a4ca076
-Author: deraadt@openbsd.org <deraadt@openbsd.org>
-Date: Tue Jan 20 23:14:00 2015 +0000
-
- upstream commit
-
- Reduce use of <sys/param.h> and transition to <limits.h>
- throughout. ok djm markus
-
-commit 57e783c8ba2c0797f93977e83b2a8644a03065d8
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Tue Jan 20 20:16:21 2015 +0000
-
- upstream commit
-
- kex_setup errors are fatal()
-
-commit 1d6424a6ff94633c221297ae8f42d54e12a20912
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Jan 20 08:02:33 2015 +0000
-
- upstream commit
-
- this test would accidentally delete agent.sh if run without
- obj/
-
-commit 12b5f50777203e12575f1b08568281e447249ed3
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Jan 20 07:56:44 2015 +0000
-
- upstream commit
-
- make this compile with KERBEROS5 enabled
-
-commit e2cc6bef08941256817d44d146115b3478586ad4
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Jan 20 07:55:33 2015 +0000
-
- upstream commit
-
- fix hostkeys in agent; ok markus@
-
-commit 1ca3e2155aa5d3801a7ae050f85c71f41fcb95b1
-Author: Damien Miller <djm@mindrot.org>
-Date: Tue Jan 20 10:11:31 2015 +1100
-
- fix kex test
-
-commit c78a578107c7e6dcf5d30a2f34cb6581bef14029
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Mon Jan 19 20:45:25 2015 +0000
-
- upstream commit
-
- finally enable the KEX tests I wrote some years ago...
-
-commit 31821d7217e686667d04935aeec99e1fc4a46e7e
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Mon Jan 19 20:42:31 2015 +0000
-
- upstream commit
-
- adapt to new error message (SSH_ERR_MAC_INVALID)
-
-commit d3716ca19e510e95d956ae14d5b367e364bff7f1
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Jan 19 17:31:13 2015 +0000
-
- upstream commit
-
- this test was broken in at least two ways, such that it
- wasn't checking that a KRL was not excluding valid keys
-
-commit 3f797653748e7c2b037dacb57574c01d9ef3b4d3
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Mon Jan 19 20:32:39 2015 +0000
-
- upstream commit
-
- switch ssh-keyscan from setjmp to multiple ssh transport
- layer instances ok djm@
-
-commit f582f0e917bb0017b00944783cd5f408bf4b0b5e
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Mon Jan 19 20:30:23 2015 +0000
-
- upstream commit
-
- add experimental api for packet layer; ok djm@
-
-commit 48b3b2ba75181f11fca7f327058a591f4426cade
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Mon Jan 19 20:20:20 2015 +0000
-
- upstream commit
-
- store compat flags in struct ssh; ok djm@
-
-commit 57d10cbe861a235dd269c74fb2fe248469ecee9d
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Mon Jan 19 20:16:15 2015 +0000
-
- upstream commit
-
- adapt kex to sshbuf and struct ssh; ok djm@
-
-commit 3fdc88a0def4f86aa88a5846ac079dc964c0546a
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Mon Jan 19 20:07:45 2015 +0000
-
- upstream commit
-
- move dispatch to struct ssh; ok djm@
-
-commit 091c302829210c41e7f57c3f094c7b9c054306f0
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Mon Jan 19 19:52:16 2015 +0000
-
- upstream commit
-
- update packet.c & isolate, introduce struct ssh a) switch
- packet.c to buffer api and isolate per-connection info into struct ssh b)
- (de)serialization of the state is moved from monitor to packet.c c) the old
- packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and
- integrated into packet.c with and ok djm@
-
-commit 4e62cc68ce4ba20245d208b252e74e91d3785b74
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Jan 19 17:35:48 2015 +0000
-
- upstream commit
-
- fix format strings in (disabled) debugging
-
-commit d85e06245907d49a2cd0cfa0abf59150ad616f42
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Jan 19 06:01:32 2015 +0000
-
- upstream commit
-
- be a bit more careful in these tests to ensure that
- known_hosts is clean
-
-commit 7947810eab5fe0ad311f32a48f4d4eb1f71be6cf
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Sun Jan 18 22:00:18 2015 +0000
-
- upstream commit
-
- regression test for known_host file editing using
- ssh-keygen (-H / -R / -F) after hostkeys_foreach() change; feedback and ok
- markus@
-
-commit 3a2b09d147a565d8a47edf37491e149a02c0d3a3
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Sun Jan 18 19:54:46 2015 +0000
-
- upstream commit
-
- more and better key tests
-
- test signatures and verification
- test certificate generation
- flesh out nested cert test
-
- removes most of the XXX todo markers
-
-commit 589e69fd82724cfc9738f128e4771da2e6405d0d
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Sun Jan 18 19:53:58 2015 +0000
-
- upstream commit
-
- make the signature fuzzing test much more rigorous:
- ensure that the fuzzed input cases do not match the original (using new
- fuzz_matches_original() function) and check that the verification fails in
- each case
-
-commit 80603c0daa2538c349c1c152405580b164d5475f
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Sun Jan 18 19:52:44 2015 +0000
-
- upstream commit
-
- add a fuzz_matches_original() function to the fuzzer to
- detect fuzz cases that are identical to the original data. Hacky
- implementation, but very useful when you need the fuzz to be different, e.g.
- when verifying signature
-
-commit 87d5495bd337e358ad69c524fcb9495208c0750b
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Sun Jan 18 19:50:55 2015 +0000
-
- upstream commit
-
- better dumps from the fuzzer (shown on errors) -
- include the original data as well as the fuzzed copy.
-
-commit d59ec478c453a3fff05badbbfd96aa856364f2c2
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Sun Jan 18 19:47:55 2015 +0000
-
- upstream commit
-
- enable hostkey-agent.sh test
-
-commit 26b3425170bf840e4b095e1c10bf25a0a3e3a105
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Sat Jan 17 18:54:30 2015 +0000
-
- upstream commit
-
- unit test for hostkeys in ssh-agent
-
-commit 9e06a0fb23ec55d9223b26a45bb63c7649e2f2f2
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Thu Jan 15 23:41:29 2015 +0000
-
- upstream commit
-
- add kex unit tests
-
-commit d2099dec6da21ae627f6289aedae6bc1d41a22ce
-Author: deraadt@openbsd.org <deraadt@openbsd.org>
-Date: Mon Jan 19 00:32:54 2015 +0000
-
- upstream commit
-
- djm, your /usr/include tree is old
-
-commit 2b3c3c76c30dc5076fe09d590f5b26880f148a54
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Sun Jan 18 21:51:19 2015 +0000
-
- upstream commit
-
- some feedback from markus@: comment hostkeys_foreach()
- context and avoid a member in it.
-
-commit cecb30bc2ba6d594366e657d664d5c494b6c8a7f
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Sun Jan 18 21:49:42 2015 +0000
-
- upstream commit
-
- make ssh-keygen use hostkeys_foreach(). Removes some
- horrendous code; ok markus@
-
-commit ec3d065df3a9557ea96b02d061fd821a18c1a0b9
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Sun Jan 18 21:48:09 2015 +0000
-
- upstream commit
-
- convert load_hostkeys() (hostkey ordering and
- known_host matching) to use the new hostkey_foreach() iterator; ok markus
-
-commit c29811cc480a260e42fd88849fc86a80c1e91038
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Sun Jan 18 21:40:23 2015 +0000
-
- upstream commit
-
- introduce hostkeys_foreach() to allow iteration over a
- known_hosts file or controlled subset thereof. This will allow us to pull out
- some ugly and duplicated code, and will be used to implement hostkey rotation
- later.
-
- feedback and ok markus
-
-commit f101d8291da01bbbfd6fb8c569cfd0cc61c0d346
-Author: deraadt@openbsd.org <deraadt@openbsd.org>
-Date: Sun Jan 18 14:01:00 2015 +0000
-
- upstream commit
-
- string truncation due to sizeof(size) ok djm markus
-
-commit 35d6022b55b7969fc10c261cb6aa78cc4a5fcc41
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Sun Jan 18 13:33:34 2015 +0000
-
- upstream commit
-
- avoid trailing ',' in host key algorithms
-
-commit 7efb455789a0cb76bdcdee91c6060a3dc8f5c007
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Sun Jan 18 13:22:28 2015 +0000
-
- upstream commit
-
- infer key length correctly when user specified a fully-
- qualified key name instead of using the -b bits option; ok markus@
-
-commit 83f8ffa6a55ccd0ce9d8a205e3e7439ec18fedf5
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Sat Jan 17 18:53:34 2015 +0000
-
- upstream commit
-
- fix hostkeys on ssh agent; found by unit test I'm about
- to commit
-
-commit 369d61f17657b814124268f99c033e4dc6e436c1
-Author: schwarze@openbsd.org <schwarze@openbsd.org>
-Date: Fri Jan 16 16:20:23 2015 +0000
-
- upstream commit
-
- garbage collect empty .No macros mandoc warns about
-
-commit bb8b442d32dbdb8521d610e10d8b248d938bd747
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Jan 16 15:55:07 2015 +0000
-
- upstream commit
-
- regression: incorrect error message on
- otherwise-successful ssh-keygen -A. Reported by Dmitry Orlov, via deraadt@
-
-commit 9010902954a40b59d0bf3df3ccbc3140a653e2bc
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Jan 16 07:19:48 2015 +0000
-
- upstream commit
-
- when hostname canonicalisation is enabled, try to parse
- hostnames as addresses before looking them up for canonicalisation. fixes
- bz#2074 and avoids needless DNS lookups in some cases; ok markus
-
-commit 2ae4f337b2a5fb2841b6b0053b49496fef844d1c
-Author: deraadt@openbsd.org <deraadt@openbsd.org>
-Date: Fri Jan 16 06:40:12 2015 +0000
-
- upstream commit
-
- Replace <sys/param.h> with <limits.h> and other less
- dirty headers where possible. Annotate <sys/param.h> lines with their
- current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1,
- LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of
- MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution.
- These are the files confirmed through binary verification. ok guenther,
- millert, doug (helped with the verification protocol)
-
-commit 3c4726f4c24118e8f1bb80bf75f1456c76df072c
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Thu Jan 15 21:38:50 2015 +0000
-
- upstream commit
-
- remove xmalloc, switch to sshbuf
-
-commit e17ac01f8b763e4b83976b9e521e90a280acc097
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Thu Jan 15 21:37:14 2015 +0000
-
- upstream commit
-
- switch to sshbuf
-
-commit ddef9995a1fa6c7a8ff3b38bfe6cf724bebf13d0
-Author: naddy@openbsd.org <naddy@openbsd.org>
-Date: Thu Jan 15 18:32:54 2015 +0000
-
- upstream commit
-
- handle UMAC128 initialization like UMAC; ok djm@ markus@
-
-commit f14564c1f7792446bca143580aef0e7ac25dcdae
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Jan 15 11:04:36 2015 +0000
-
- upstream commit
-
- fix regression reported by brad@ for passworded keys without
- agent present
-
-commit 45c0fd70bb2a88061319dfff20cb12ef7b1bc47e
-Author: Damien Miller <djm@mindrot.org>
-Date: Thu Jan 15 22:08:23 2015 +1100
-
- make bitmap test compile
-
-commit d333f89abf7179021e5c3f28673f469abe032062
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Jan 15 07:36:28 2015 +0000
-
- upstream commit
-
- unit tests for KRL bitmap
-
-commit 7613f828f49c55ff356007ae9645038ab6682556
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Wed Jan 14 09:58:21 2015 +0000
-
- upstream commit
-
- re-add comment about full path
-
-commit 6c43b48b307c41cd656b415621a644074579a578
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Wed Jan 14 09:54:38 2015 +0000
-
- upstream commit
-
- don't reset to the installed sshd; connect before
- reconfigure, too
-
-commit 771bb47a1df8b69061f09462e78aa0b66cd594bf
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Jan 13 14:51:51 2015 +0000
-
- upstream commit
-
- implement a SIGINFO handler so we can discern a stuck
- fuzz test from a merely glacial one; prompted by and ok markus
-
-commit cfaa57962f8536f3cf0fd7daf4d6a55d6f6de45f
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Jan 13 08:23:26 2015 +0000
-
- upstream commit
-
- use $SSH instead of installed ssh to allow override;
- spotted by markus@
-
-commit 0920553d0aee117a596b03ed5b49b280d34a32c5
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Jan 13 07:49:49 2015 +0000
-
- upstream commit
-
- regress test for PubkeyAcceptedKeyTypes; ok markus@
-
-commit 27ca1a5c0095eda151934bca39a77e391f875d17
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Mon Jan 12 20:13:27 2015 +0000
-
- upstream commit
-
- unbreak parsing of pubkey comments; with gerhard; ok
- djm/deraadt
-
-commit 55358f0b4e0b83bc0df81c5f854c91b11e0bb4dc
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Jan 12 11:46:32 2015 +0000
-
- upstream commit
-
- fatal if soft-PKCS11 library is missing rather (rather
- than continue and fail with a more cryptic error)
-
-commit c3554cdd2a1a62434b8161017aa76fa09718a003
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Jan 12 11:12:38 2015 +0000
-
- upstream commit
-
- let this test all supporte key types; pointed out/ok
- markus@
-
-commit 1129dcfc5a3e508635004bcc05a3574cb7687167
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Jan 15 09:40:00 2015 +0000
-
- upstream commit
-
- sync ssh-keysign, ssh-keygen and some dependencies to the
- new buffer/key API; mostly mechanical, ok markus@
-
-commit e4ebf5586452bf512da662ac277aaf6ecf0efe7c
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Jan 15 07:57:08 2015 +0000
-
- upstream commit
-
- remove commented-out test code now that it has moved to a
- proper unit test
-
-commit e81cba066c1e9eb70aba0f6e7c0ff220611b370f
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Jan 14 20:54:29 2015 +0000
-
- upstream commit
-
- whitespace
-
-commit 141efe49542f7156cdbc2e4cd0a041d8b1aab622
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Jan 14 20:05:27 2015 +0000
-
- upstream commit
-
- move authfd.c and its tentacles to the new buffer/key
- API; ok markus@
-
-commit 0088c57af302cda278bd26d8c3ae81d5b6f7c289
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Jan 14 19:33:41 2015 +0000
-
- upstream commit
-
- fix small regression: ssh-agent would return a success
- message but an empty signature if asked to sign using an unknown key; ok
- markus@
-
-commit b03ebe2c22b8166e4f64c37737f4278676e3488d
-Author: Damien Miller <djm@mindrot.org>
-Date: Thu Jan 15 03:08:58 2015 +1100
-
- more --without-openssl
-
- fix some regressions caused by upstream merges
-
- enable KRLs now that they no longer require BIGNUMs
-
-commit bc42cc6fe784f36df225c44c93b74830027cb5a2
-Author: Damien Miller <djm@mindrot.org>
-Date: Thu Jan 15 03:08:29 2015 +1100
-
- kludge around tun API mismatch betterer
-
-commit c332110291089b624fa0951fbf2d1ee6de525b9f
-Author: Damien Miller <djm@mindrot.org>
-Date: Thu Jan 15 02:59:51 2015 +1100
-
- some systems lack SO_REUSEPORT
-
-commit 83b9678a62cbdc74eb2031cf1e1e4ffd58e233ae
-Author: Damien Miller <djm@mindrot.org>
-Date: Thu Jan 15 02:35:50 2015 +1100
-
- fix merge botch
-
-commit 0cdc5a3eb6fb383569a4da2a30705d9b90428d6b
-Author: Damien Miller <djm@mindrot.org>
-Date: Thu Jan 15 02:35:33 2015 +1100
-
- unbreak across API change
-
-commit 6e2549ac2b5e7f96cbc2d83a6e0784b120444b47
-Author: Damien Miller <djm@mindrot.org>
-Date: Thu Jan 15 02:30:18 2015 +1100
-
- need includes.h for portable OpenSSH
-
-commit 72ef7c148c42db7d5632a29f137f8b87b579f2d9
-Author: Damien Miller <djm@mindrot.org>
-Date: Thu Jan 15 02:21:31 2015 +1100
-
- support --without-openssl at configure time
-
- Disables and removes dependency on OpenSSL. Many features don't
- work and the set of crypto options is greatly restricted. This
- will only work on system with native arc4random or /dev/urandom.
-
- Considered highly experimental for now.
-
-commit 4f38c61c68ae7e3f9ee4b3c38bc86cd39f65ece9
-Author: Damien Miller <djm@mindrot.org>
-Date: Thu Jan 15 02:28:00 2015 +1100
-
- add files missed in last commit
-
-commit a165bab605f7be55940bb8fae977398e8c96a46d
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Jan 14 15:02:39 2015 +0000
-
- upstream commit
-
- avoid BIGNUM in KRL code by using a simple bitmap;
- feedback and ok markus
-
-commit 7d845f4a0b7ec97887be204c3760e44de8bf1f32
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Jan 14 13:54:13 2015 +0000
-
- upstream commit
-
- update sftp client and server to new buffer API. pretty
- much just mechanical changes; with & ok markus
-
-commit 139ca81866ec1b219c717d17061e5e7ad1059e2a
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Wed Jan 14 13:09:09 2015 +0000
-
- upstream commit
-
- switch to sshbuf/sshkey; with & ok djm@
-
-commit 81bfbd0bd35683de5d7f2238b985e5f8150a9180
-Author: Damien Miller <djm@mindrot.org>
-Date: Wed Jan 14 21:48:18 2015 +1100
-
- support --without-openssl at configure time
-
- Disables and removes dependency on OpenSSL. Many features don't
- work and the set of crypto options is greatly restricted. This
- will only work on system with native arc4random or /dev/urandom.
-
- Considered highly experimental for now.
-
-commit 54924b53af15ccdcbb9f89984512b5efef641a31
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Jan 14 10:46:28 2015 +0000
-
- upstream commit
-
- avoid an warning for the !OPENSSL case
-
-commit ae8b463217f7c9b66655bfc3945c050ffdaeb861
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Wed Jan 14 10:30:34 2015 +0000
-
- upstream commit
-
- swith auth-options to new sshbuf/sshkey; ok djm@
-
-commit 540e891191b98b89ee90aacf5b14a4a68635e763
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Jan 14 10:29:45 2015 +0000
-
- upstream commit
-
- make non-OpenSSL aes-ctr work on sshd w/ privsep; ok
- markus@
-
-commit 60c2c4ea5e1ad0ddfe8b2877b78ed5143be79c53
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Wed Jan 14 10:24:42 2015 +0000
-
- upstream commit
-
- remove unneeded includes, sync my copyright across files
- & whitespace; ok djm@
-
-commit 128343bcdb0b60fc826f2733df8cf979ec1627b4
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Tue Jan 13 19:31:40 2015 +0000
-
- upstream commit
-
- adapt mac.c to ssherr.h return codes (de-fatal) and
- simplify dependencies ok djm@
-
-commit e7fd952f4ea01f09ceb068721a5431ac2fd416ed
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Jan 13 19:04:35 2015 +0000
-
- upstream commit
-
- sync changes from libopenssh; prepared by markus@ mostly
- debug output tweaks, a couple of error return value changes and some other
- minor stuff
-
-commit 76c0480a85675f03a1376167cb686abed01a3583
-Author: Damien Miller <djm@mindrot.org>
-Date: Tue Jan 13 19:38:18 2015 +1100
-
- add --without-ssh1 option to configure
-
- Allows disabling support for SSH protocol 1.
-
-commit 1f729f0614d1376c3332fa1edb6a5e5cec7e9e03
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Jan 13 07:39:19 2015 +0000
-
- upstream commit
-
- add sshd_config HostbasedAcceptedKeyTypes and
- PubkeyAcceptedKeyTypes options to allow sshd to control what public key types
- will be accepted. Currently defaults to all. Feedback & ok markus@
-
-commit 816d1538c24209a93ba0560b27c4fda57c3fff65
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Mon Jan 12 20:13:27 2015 +0000
-
- upstream commit
-
- unbreak parsing of pubkey comments; with gerhard; ok
- djm/deraadt
-
-commit 0097565f849851812df610b7b6b3c4bd414f6c62
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Mon Jan 12 19:22:46 2015 +0000
-
- upstream commit
-
- missing error assigment on sshbuf_put_string()
-
-commit a7f49dcb527dd17877fcb8d5c3a9a6f550e0bba5
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Jan 12 15:18:07 2015 +0000
-
- upstream commit
-
- apparently memcpy(x, NULL, 0) is undefined behaviour
- according to C99 (cf. sections 7.21.1 and 7.1.4), so check skip memcpy calls
- when length==0; ok markus@
-
-commit 905fe30fca82f38213763616d0d26eb6790bde33
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Mon Jan 12 14:05:19 2015 +0000
-
- upstream commit
-
- free->sshkey_free; ok djm@
-
-commit f067cca2bc20c86b110174c3fef04086a7f57b13
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Mon Jan 12 13:29:27 2015 +0000
-
- upstream commit
-
- allow WITH_OPENSSL w/o WITH_SSH1; ok djm@
-
-commit c4bfafcc2a9300d9cfb3c15e75572d3a7d74670d
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Jan 8 13:10:58 2015 +0000
-
- upstream commit
-
- adjust for sshkey_load_file() API change
-
-commit e752c6d547036c602b89e9e704851463bd160e32
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Jan 8 13:44:36 2015 +0000
-
- upstream commit
-
- fix ssh_config FingerprintHash evaluation order; from Petr
- Lautrbach
-
-commit ab24ab847b0fc94c8d5e419feecff0bcb6d6d1bf
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Jan 8 10:15:45 2015 +0000
-
- upstream commit
-
- reorder hostbased key attempts to better match the
- default hostkey algorithms order in myproposal.h; ok markus@
-
-commit 1195f4cb07ef4b0405c839293c38600b3e9bdb46
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Jan 8 10:14:08 2015 +0000
-
- upstream commit
-
- deprecate key_load_private_pem() and
- sshkey_load_private_pem() interfaces. Refactor the generic key loading API to
- not require pathnames to be specified (they weren't really used).
-
- Fixes a few other things en passant:
-
- Makes ed25519 keys work for hostbased authentication (ssh-keysign
- previously used the PEM-only routines).
-
- Fixes key comment regression bz#2306: key pathnames were being lost as
- comment fields.
-
- ok markus@
-
-commit febbe09e4e9aff579b0c5cc1623f756862e4757d
-Author: tedu@openbsd.org <tedu@openbsd.org>
-Date: Wed Jan 7 18:15:07 2015 +0000
-
- upstream commit
-
- workaround for the Meyer, et al, Bleichenbacher Side
- Channel Attack. fake up a bignum key before RSA decryption. discussed/ok djm
- markus
-
-commit 5191df927db282d3123ca2f34a04d8d96153911a
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Dec 23 22:42:48 2014 +0000
-
- upstream commit
-
- KNF and add a little more debug()
-
-commit 8abd80315d3419b20e6938f74d37e2e2b547f0b7
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date: Mon Dec 22 09:26:31 2014 +0000
-
- upstream commit
-
- add fingerprinthash to the options list;
-
-commit 296ef0560f60980da01d83b9f0e1a5257826536f
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date: Mon Dec 22 09:24:59 2014 +0000
-
- upstream commit
-
- tweak previous;
-
-commit 462082eacbd37778a173afb6b84c6f4d898a18b5
-Author: Damien Miller <djm@google.com>
-Date: Tue Dec 30 08:16:11 2014 +1100
-
- avoid uninitialised free of ldns_res
-
- If an invalid rdclass was passed to getrrsetbyname() then
- this would execute a free on an uninitialised pointer.
- OpenSSH only ever calls this with a fixed and valid rdclass.
-
- Reported by Joshua Rogers
-
-commit 01b63498801053f131a0740eb9d13faf35d636c8
-Author: Damien Miller <djm@google.com>
-Date: Mon Dec 29 18:10:18 2014 +1100
-
- pull updated OpenBSD BCrypt PBKDF implementation
-
- Includes fix for 1 byte output overflow for large key length
- requests (not reachable in OpenSSH).
-
- Pointed out by Joshua Rogers
-
-commit c528c1b4af2f06712177b3de9b30705752f7cbcb
-Author: Damien Miller <djm@google.com>
-Date: Tue Dec 23 15:26:13 2014 +1100
-
- fix variable name for IPv6 case in construct_utmpx
-
- patch from writeonce AT midipix.org via bz#2296
-
-commit 293cac52dcda123244b2e594d15592e5e481c55e
-Author: Damien Miller <djm@google.com>
-Date: Mon Dec 22 16:30:42 2014 +1100
-
- include and use OpenBSD netcat in regress/
-
-commit 8f6784f0cb56dc4fd00af3e81a10050a5785228d
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Dec 22 09:05:17 2014 +0000
-
- upstream commit
-
- mention ssh -Q feature to list supported { MAC, cipher,
- KEX, key } algorithms in more places and include the query string used to
- list the relevant information; bz#2288
-
-commit 449e11b4d7847079bd0a2daa6e3e7ea03d8ef700
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date: Mon Dec 22 08:24:17 2014 +0000
-
- upstream commit
-
- tweak previous;
-
-commit 4bea0ab3290c0b9dd2aa199e932de8e7e18062d6
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Dec 22 08:06:03 2014 +0000
-
- upstream commit
-
- regression test for multiple required pubkey authentication;
- ok markus@
-
-commit f1c4d8ec52158b6f57834b8cd839605b0a33e7f2
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Dec 22 08:04:23 2014 +0000
-
- upstream commit
-
- correct description of what will happen when a
- AuthorizedKeysCommand is specified but AuthorizedKeysCommandUser is not (sshd
- will refuse to start)
-
-commit 161cf419f412446635013ac49e8c660cadc36080
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Dec 22 07:55:51 2014 +0000
-
- upstream commit
-
- make internal handling of filename arguments of "none"
- more consistent with ssh. "none" arguments are now replaced with NULL when
- the configuration is finalised.
-
- Simplifies checking later on (just need to test not-NULL rather than
- that + strcmp) and cleans up some inconsistencies. ok markus@
-
-commit f69b69b8625be447b8826b21d87713874dac25a6
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Dec 22 07:51:30 2014 +0000
-
- upstream commit
-
- remember which public keys have been used for
- authentication and refuse to accept previously-used keys.
-
- This allows AuthenticationMethods=publickey,publickey to require
- that users authenticate using two _different_ pubkeys.
-
- ok markus@
-
-commit 46ac2ed4677968224c4ca825bc98fc68dae183f0
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Dec 22 07:24:11 2014 +0000
-
- upstream commit
-
- fix passing of wildcard forward bind addresses when
- connection multiplexing is in use; patch from Sami Hartikainen via bz#2324;
- ok dtucker@
-
-commit 0d1b241a262e4d0a6bbfdd595489ab1b853c43a1
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Dec 22 06:14:29 2014 +0000
-
- upstream commit
-
- make this slightly easier to diff against portable
-
-commit 0715bcdddbf68953964058f17255bf54734b8737
-Author: Damien Miller <djm@mindrot.org>
-Date: Mon Dec 22 13:47:07 2014 +1100
-
- add missing regress output file
-
-commit 1e30483c8ad2c2f39445d4a4b6ab20c241e40593
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Dec 22 02:15:52 2014 +0000
-
- upstream commit
-
- adjust for new SHA256 key fingerprints and
- slightly-different MD5 hex fingerprint format
-
-commit 6b40567ed722df98593ad8e6a2d2448fc2b4b151
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Dec 22 01:14:49 2014 +0000
-
- upstream commit
-
- poll changes to netcat (usr.bin/netcat.c r1.125) broke
- this test; fix it by ensuring more stdio fds are sent to devnull
-
-commit a5375ccb970f49dddf7d0ef63c9b713ede9e7260
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date: Sun Dec 21 23:35:14 2014 +0000
-
- upstream commit
-
- tweak previous;
-
-commit b79efde5c3badf5ce4312fe608d8307eade533c5
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Sun Dec 21 23:12:42 2014 +0000
-
- upstream commit
-
- document FingerprintHash here too
-
-commit d16bdd8027dd116afa01324bb071a4016cdc1a75
-Author: Damien Miller <djm@mindrot.org>
-Date: Mon Dec 22 10:18:09 2014 +1100
-
- missing include for base64 encoding
-
-commit 56d1c83cdd1ac76f1c6bd41e01e80dad834f3994
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Sun Dec 21 22:27:55 2014 +0000
-
- upstream commit
-
- Add FingerprintHash option to control algorithm used for
- key fingerprints. Default changes from MD5 to SHA256 and format from hex to
- base64.
-
- Feedback and ok naddy@ markus@
-
-commit 058f839fe15c51be8b3a844a76ab9a8db550be4f
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Dec 18 23:58:04 2014 +0000
-
- upstream commit
-
- don't count partial authentication success as a failure
- against MaxAuthTries; ok deraadt@
diff --git a/crypto/openssh/INSTALL b/crypto/openssh/INSTALL
index 71581d4e0c77..d257e28fc178 100644
--- a/crypto/openssh/INSTALL
+++ b/crypto/openssh/INSTALL
@@ -1,3 +1,4 @@
+1. Prerequisites
----------------
A C compiler. Any C89 or better compiler should work. Where supported,
@@ -243,7 +244,7 @@ manually using the following commands:
ssh-keygen -t [type] -f /etc/ssh/ssh_host_key -N ""
-for each of the types you wish to generate (rsa, dsa or ecdsaa) or
+for each of the types you wish to generate (rsa, dsa or ecdsa) or
ssh-keygen -A
diff --git a/crypto/openssh/Makefile.in b/crypto/openssh/Makefile.in
index e10f3742a855..5870e9e6e6b9 100644
--- a/crypto/openssh/Makefile.in
+++ b/crypto/openssh/Makefile.in
@@ -236,6 +236,8 @@ clean: regressclean
rm -f regress/unittests/sshkey/test_sshkey
rm -f regress/unittests/bitmap/*.o
rm -f regress/unittests/bitmap/test_bitmap
+ rm -f regress/unittests/conversion/*.o
+ rm -f regress/unittests/conversion/test_conversion
rm -f regress/unittests/hostkeys/*.o
rm -f regress/unittests/hostkeys/test_hostkeys
rm -f regress/unittests/kex/*.o
@@ -262,6 +264,8 @@ distclean: regressclean
rm -f regress/unittests/sshkey/test_sshkey
rm -f regress/unittests/bitmap/*.o
rm -f regress/unittests/bitmap/test_bitmap
+ rm -f regress/unittests/conversion/*.o
+ rm -f regress/unittests/conversion/test_conversion
rm -f regress/unittests/hostkeys/*.o
rm -f regress/unittests/hostkeys/test_hostkeys
rm -f regress/unittests/kex/*.o
@@ -426,6 +430,8 @@ regress-prep:
mkdir -p `pwd`/regress/unittests/sshkey
[ -d `pwd`/regress/unittests/bitmap ] || \
mkdir -p `pwd`/regress/unittests/bitmap
+ [ -d `pwd`/regress/unittests/conversion ] || \
+ mkdir -p `pwd`/regress/unittests/conversion
[ -d `pwd`/regress/unittests/hostkeys ] || \
mkdir -p `pwd`/regress/unittests/hostkeys
[ -d `pwd`/regress/unittests/kex ] || \
@@ -503,6 +509,16 @@ regress/unittests/bitmap/test_bitmap$(EXEEXT): ${UNITTESTS_TEST_BITMAP_OBJS} \
regress/unittests/test_helper/libtest_helper.a \
-lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+UNITTESTS_TEST_CONVERSION_OBJS=\
+ regress/unittests/conversion/tests.o
+
+regress/unittests/conversion/test_conversion$(EXEEXT): \
+ ${UNITTESTS_TEST_CONVERSION_OBJS} \
+ regress/unittests/test_helper/libtest_helper.a libssh.a
+ $(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_CONVERSION_OBJS) \
+ regress/unittests/test_helper/libtest_helper.a \
+ -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+
UNITTESTS_TEST_KEX_OBJS=\
regress/unittests/kex/tests.o \
regress/unittests/kex/test_kex.o
@@ -558,13 +574,14 @@ regress-binaries: regress/modpipe$(EXEEXT) \
regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \
regress/unittests/sshkey/test_sshkey$(EXEEXT) \
regress/unittests/bitmap/test_bitmap$(EXEEXT) \
+ regress/unittests/conversion/test_conversion$(EXEEXT) \
regress/unittests/hostkeys/test_hostkeys$(EXEEXT) \
regress/unittests/kex/test_kex$(EXEEXT) \
regress/unittests/match/test_match$(EXEEXT) \
regress/unittests/utf8/test_utf8$(EXEEXT) \
regress/misc/kexfuzz/kexfuzz$(EXEEXT)
-tests interop-tests t-exec: regress-prep regress-binaries $(TARGETS)
+tests interop-tests t-exec unit: regress-prep regress-binaries $(TARGETS)
BUILDDIR=`pwd`; \
TEST_SSH_SCP="$${BUILDDIR}/scp"; \
TEST_SSH_SSH="$${BUILDDIR}/ssh"; \
diff --git a/crypto/openssh/README b/crypto/openssh/README
index 60594eeb92b4..bda852548a2a 100644
--- a/crypto/openssh/README
+++ b/crypto/openssh/README
@@ -1,4 +1,4 @@
-See https://www.openssh.com/releasenotes.html#7.4p1 for the release notes.
+See https://www.openssh.com/releasenotes.html#7.5p1 for the release notes.
Please read https://www.openssh.com/report.html for bug reporting
instructions and note that we do not use Github for bug reporting or
diff --git a/crypto/openssh/auth-pam.c b/crypto/openssh/auth-pam.c
index 77e9e2bae7d3..2dfb5094ddc7 100644
--- a/crypto/openssh/auth-pam.c
+++ b/crypto/openssh/auth-pam.c
@@ -833,6 +833,8 @@ fake_password(const char *wire_password)
fatal("%s: password length too long: %zu", __func__, l);
ret = malloc(l + 1);
+ if (ret == NULL)
+ return NULL;
for (i = 0; i < l; i++)
ret[i] = junk[i % (sizeof(junk) - 1)];
ret[i] = '\0';
diff --git a/crypto/openssh/auth1.c b/crypto/openssh/auth1.c
deleted file mode 100644
index 189954425ac2..000000000000
--- a/crypto/openssh/auth1.c
+++ /dev/null
@@ -1,448 +0,0 @@
-/* $OpenBSD: auth1.c,v 1.82 2014/07/15 15:54:14 millert Exp $ */
-/*
- * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
- * All rights reserved
- *
- * As far as I am concerned, the code I have written for this software
- * can be used freely for any purpose. Any derived versions of this
- * software must be clearly marked as such, and if the derived work is
- * incompatible with the protocol description in the RFC file, it must be
- * called by a name other than "ssh" or "Secure Shell".
- */
-
-#include "includes.h"
-
-#ifdef WITH_SSH1
-
-#include <sys/types.h>
-
-#include <stdarg.h>
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-#include <pwd.h>
-
-#include "openbsd-compat/sys-queue.h"
-#include "xmalloc.h"
-#include "rsa.h"
-#include "ssh1.h"
-#include "packet.h"
-#include "buffer.h"
-#include "log.h"
-#include "misc.h"
-#include "servconf.h"
-#include "compat.h"
-#include "key.h"
-#include "hostfile.h"
-#include "auth.h"
-#include "channels.h"
-#include "session.h"
-#include "uidswap.h"
-#ifdef GSSAPI
-#include "ssh-gss.h"
-#endif
-#include "monitor_wrap.h"
-#include "buffer.h"
-#include "blacklist_client.h"
-
-/* import */
-extern ServerOptions options;
-extern Buffer loginmsg;
-
-static int auth1_process_password(Authctxt *);
-static int auth1_process_rsa(Authctxt *);
-static int auth1_process_rhosts_rsa(Authctxt *);
-static int auth1_process_tis_challenge(Authctxt *);
-static int auth1_process_tis_response(Authctxt *);
-
-static char *client_user = NULL; /* Used to fill in remote user for PAM */
-
-struct AuthMethod1 {
- int type;
- char *name;
- int *enabled;
- int (*method)(Authctxt *);
-};
-
-const struct AuthMethod1 auth1_methods[] = {
- {
- SSH_CMSG_AUTH_PASSWORD, "password",
- &options.password_authentication, auth1_process_password
- },
- {
- SSH_CMSG_AUTH_RSA, "rsa",
- &options.rsa_authentication, auth1_process_rsa
- },
- {
- SSH_CMSG_AUTH_RHOSTS_RSA, "rhosts-rsa",
- &options.rhosts_rsa_authentication, auth1_process_rhosts_rsa
- },
- {
- SSH_CMSG_AUTH_TIS, "challenge-response",
- &options.challenge_response_authentication,
- auth1_process_tis_challenge
- },
- {
- SSH_CMSG_AUTH_TIS_RESPONSE, "challenge-response",
- &options.challenge_response_authentication,
- auth1_process_tis_response
- },
- { -1, NULL, NULL, NULL}
-};
-
-static const struct AuthMethod1
-*lookup_authmethod1(int type)
-{
- int i;
-
- for (i = 0; auth1_methods[i].name != NULL; i++)
- if (auth1_methods[i].type == type)
- return (&(auth1_methods[i]));
-
- return (NULL);
-}
-
-static char *
-get_authname(int type)
-{
- const struct AuthMethod1 *a;
- static char buf[64];
-
- if ((a = lookup_authmethod1(type)) != NULL)
- return (a->name);
- snprintf(buf, sizeof(buf), "bad-auth-msg-%d", type);
- return (buf);
-}
-
-/*ARGSUSED*/
-static int
-auth1_process_password(Authctxt *authctxt)
-{
- int authenticated = 0;
- char *password;
- u_int dlen;
-
- /*
- * Read user password. It is in plain text, but was
- * transmitted over the encrypted channel so it is
- * not visible to an outside observer.
- */
- password = packet_get_string(&dlen);
- packet_check_eom();
-
- /* Try authentication with the password. */
- authenticated = PRIVSEP(auth_password(authctxt, password));
-
- explicit_bzero(password, dlen);
- free(password);
-
- return (authenticated);
-}
-
-/*ARGSUSED*/
-static int
-auth1_process_rsa(Authctxt *authctxt)
-{
- int authenticated = 0;
- BIGNUM *n;
-
- /* RSA authentication requested. */
- if ((n = BN_new()) == NULL)
- fatal("do_authloop: BN_new failed");
- packet_get_bignum(n);
- packet_check_eom();
- authenticated = auth_rsa(authctxt, n);
- BN_clear_free(n);
-
- return (authenticated);
-}
-
-/*ARGSUSED*/
-static int
-auth1_process_rhosts_rsa(Authctxt *authctxt)
-{
- int keybits, authenticated = 0;
- u_int bits;
- Key *client_host_key;
- u_int ulen;
-
- /*
- * Get client user name. Note that we just have to
- * trust the client; root on the client machine can
- * claim to be any user.
- */
- client_user = packet_get_cstring(&ulen);
-
- /* Get the client host key. */
- client_host_key = key_new(KEY_RSA1);
- bits = packet_get_int();
- packet_get_bignum(client_host_key->rsa->e);
- packet_get_bignum(client_host_key->rsa->n);
-
- keybits = BN_num_bits(client_host_key->rsa->n);
- if (keybits < 0 || bits != (u_int)keybits) {
- verbose("Warning: keysize mismatch for client_host_key: "
- "actual %d, announced %d",
- BN_num_bits(client_host_key->rsa->n), bits);
- }
- packet_check_eom();
-
- authenticated = auth_rhosts_rsa(authctxt, client_user,
- client_host_key);
- key_free(client_host_key);
-
- auth_info(authctxt, "ruser %.100s", client_user);
-
- return (authenticated);
-}
-
-/*ARGSUSED*/
-static int
-auth1_process_tis_challenge(Authctxt *authctxt)
-{
- char *challenge;
-
- if ((challenge = get_challenge(authctxt)) == NULL)
- return (0);
-
- debug("sending challenge '%s'", challenge);
- packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE);
- packet_put_cstring(challenge);
- free(challenge);
- packet_send();
- packet_write_wait();
-
- return (-1);
-}
-
-/*ARGSUSED*/
-static int
-auth1_process_tis_response(Authctxt *authctxt)
-{
- int authenticated = 0;
- char *response;
- u_int dlen;
-
- response = packet_get_string(&dlen);
- packet_check_eom();
- authenticated = verify_response(authctxt, response);
- explicit_bzero(response, dlen);
- free(response);
-
- return (authenticated);
-}
-
-/*
- * read packets, try to authenticate the user and
- * return only if authentication is successful
- */
-static void
-do_authloop(Authctxt *authctxt)
-{
- int authenticated = 0;
- int prev = 0, type = 0;
- const struct AuthMethod1 *meth;
-
- debug("Attempting authentication for %s%.100s.",
- authctxt->valid ? "" : "invalid user ", authctxt->user);
-
- /* If the user has no password, accept authentication immediately. */
- if (options.permit_empty_passwd && options.password_authentication &&
-#ifdef KRB5
- (!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
-#endif
- PRIVSEP(auth_password(authctxt, ""))) {
-#ifdef USE_PAM
- if (options.use_pam && (PRIVSEP(do_pam_account())))
-#endif
- {
- auth_log(authctxt, 1, 0, "without authentication",
- NULL);
- return;
- }
- }
-
- /* Indicate that authentication is needed. */
- packet_start(SSH_SMSG_FAILURE);
- packet_send();
- packet_write_wait();
-
- for (;;) {
- /* default to fail */
- authenticated = 0;
-
-
- /* Get a packet from the client. */
- prev = type;
- type = packet_read();
-
- /*
- * If we started challenge-response authentication but the
- * next packet is not a response to our challenge, release
- * the resources allocated by get_challenge() (which would
- * normally have been released by verify_response() had we
- * received such a response)
- */
- if (prev == SSH_CMSG_AUTH_TIS &&
- type != SSH_CMSG_AUTH_TIS_RESPONSE)
- abandon_challenge_response(authctxt);
-
- if (authctxt->failures >= options.max_authtries)
- goto skip;
- if ((meth = lookup_authmethod1(type)) == NULL) {
- logit("Unknown message during authentication: "
- "type %d", type);
- goto skip;
- }
-
- if (!*(meth->enabled)) {
- verbose("%s authentication disabled.", meth->name);
- goto skip;
- }
-
- authenticated = meth->method(authctxt);
- if (authenticated == -1)
- continue; /* "postponed" */
-
-#ifdef BSD_AUTH
- if (authctxt->as) {
- auth_close(authctxt->as);
- authctxt->as = NULL;
- }
-#endif
- if (!authctxt->valid && authenticated)
- fatal("INTERNAL ERROR: authenticated invalid user %s",
- authctxt->user);
-
-#ifdef _UNICOS
- if (authenticated && cray_access_denied(authctxt->user)) {
- authenticated = 0;
- fatal("Access denied for user %s.",authctxt->user);
- }
-#endif /* _UNICOS */
-
-#ifndef HAVE_CYGWIN
- /* Special handling for root */
- if (authenticated && authctxt->pw->pw_uid == 0 &&
- !auth_root_allowed(meth->name)) {
- authenticated = 0;
-# ifdef SSH_AUDIT_EVENTS
- PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED));
-# endif
- }
-#endif
-
-#ifdef USE_PAM
- if (options.use_pam && authenticated &&
- !PRIVSEP(do_pam_account())) {
- char *msg;
- size_t len;
-
- BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, "ssh");
- error("Access denied for user %s by PAM account "
- "configuration", authctxt->user);
- len = buffer_len(&loginmsg);
- buffer_append(&loginmsg, "\0", 1);
- msg = buffer_ptr(&loginmsg);
- /* strip trailing newlines */
- if (len > 0)
- while (len > 0 && msg[--len] == '\n')
- msg[len] = '\0';
- else
- msg = "Access denied.";
- packet_disconnect("%s", msg);
- }
-#endif
-
- skip:
- /* Log before sending the reply */
- auth_log(authctxt, authenticated, 0, get_authname(type), NULL);
-
- free(client_user);
- client_user = NULL;
-
- if (authenticated)
- return;
-
- BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, "ssh");
- if (++authctxt->failures >= options.max_authtries) {
-#ifdef SSH_AUDIT_EVENTS
- PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
-#endif
- auth_maxtries_exceeded(authctxt);
- }
-
- packet_start(SSH_SMSG_FAILURE);
- packet_send();
- packet_write_wait();
- }
-}
-
-/*
- * Performs authentication of an incoming connection. Session key has already
- * been exchanged and encryption is enabled.
- */
-void
-do_authentication(Authctxt *authctxt)
-{
- u_int ulen;
- char *user, *style = NULL;
-
- /* Get the name of the user that we wish to log in as. */
- packet_read_expect(SSH_CMSG_USER);
-
- /* Get the user name. */
- user = packet_get_cstring(&ulen);
- packet_check_eom();
-
- if ((style = strchr(user, ':')) != NULL)
- *style++ = '\0';
-
- authctxt->user = user;
- authctxt->style = style;
-
- /* Verify that the user is a valid user. */
- if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
- authctxt->valid = 1;
- else {
- debug("do_authentication: invalid user %s", user);
- authctxt->pw = fakepw();
- BLACKLIST_NOTIFY(BLACKLIST_BAD_USER, user);
- }
-
- /* Configuration may have changed as a result of Match */
- if (options.num_auth_methods != 0)
- fatal("AuthenticationMethods is not supported with SSH "
- "protocol 1");
-
- setproctitle("%s%s", authctxt->valid ? user : "unknown",
- use_privsep ? " [net]" : "");
-
-#ifdef USE_PAM
- if (options.use_pam)
- PRIVSEP(start_pam(authctxt));
-#endif
-
- /*
- * If we are not running as root, the user must have the same uid as
- * the server.
- */
-#ifndef HAVE_CYGWIN
- if (!use_privsep && getuid() != 0 && authctxt->pw &&
- authctxt->pw->pw_uid != getuid())
- packet_disconnect("Cannot change user when server not running as root.");
-#endif
-
- /*
- * Loop until the user has been authenticated or the connection is
- * closed, do_authloop() returns only if authentication is successful
- */
- do_authloop(authctxt);
-
- /* The user has been authenticated and accepted. */
- packet_start(SSH_SMSG_SUCCESS);
- packet_send();
- packet_write_wait();
-}
-
-#endif /* WITH_SSH1 */
diff --git a/crypto/openssh/auth2-pubkey.c b/crypto/openssh/auth2-pubkey.c
index 20f3309e1828..3e5706f4dbef 100644
--- a/crypto/openssh/auth2-pubkey.c
+++ b/crypto/openssh/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.60 2016/11/30 02:57:40 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.62 2017/01/30 01:03:00 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -564,9 +564,12 @@ process_principals(FILE *f, char *file, struct passwd *pw,
{
char line[SSH_MAX_PUBKEY_BYTES], *cp, *ep, *line_opts;
u_long linenum = 0;
- u_int i;
+ u_int i, found_principal = 0;
while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
+ /* Always consume entire input */
+ if (found_principal)
+ continue;
/* Skip leading whitespace. */
for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
;
@@ -599,11 +602,12 @@ process_principals(FILE *f, char *file, struct passwd *pw,
if (auth_parse_options(pw, line_opts,
file, linenum) != 1)
continue;
- return 1;
+ found_principal = 1;
+ continue;
}
}
}
- return 0;
+ return found_principal;
}
static int
@@ -727,6 +731,9 @@ match_principals_command(struct passwd *user_pw, const struct sshkey *key)
ok = process_principals(f, NULL, pw, cert);
+ fclose(f);
+ f = NULL;
+
if (exited_cleanly(pid, "AuthorizedPrincipalsCommand", command) != 0)
goto out;
@@ -768,6 +775,9 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
char *cp, *key_options = NULL, *fp = NULL;
const char *reason = NULL;
+ /* Always consume entrire file */
+ if (found_key)
+ continue;
if (found != NULL)
key_free(found);
found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type);
@@ -854,7 +864,7 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
file, linenum, key_type(found), fp);
free(fp);
found_key = 1;
- break;
+ continue;
}
}
if (found != NULL)
@@ -1050,6 +1060,9 @@ user_key_command_allowed2(struct passwd *user_pw, Key *key)
ok = check_authkeys_file(f, options.authorized_keys_command, key, pw);
+ fclose(f);
+ f = NULL;
+
if (exited_cleanly(pid, "AuthorizedKeysCommand", command) != 0)
goto out;
diff --git a/crypto/openssh/auth2.c b/crypto/openssh/auth2.c
index b6695f79d0aa..30e52d26fb10 100644
--- a/crypto/openssh/auth2.c
+++ b/crypto/openssh/auth2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.136 2016/05/02 08:49:03 djm Exp $ */
+/* $OpenBSD: auth2.c,v 1.137 2017/02/03 23:05:57 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -214,15 +214,16 @@ input_service_request(int type, u_int32_t seq, void *ctxt)
static int
input_userauth_request(int type, u_int32_t seq, void *ctxt)
{
+ struct ssh *ssh = active_state; /* XXX */
Authctxt *authctxt = ctxt;
Authmethod *m = NULL;
char *user, *service, *method, *style = NULL;
int authenticated = 0;
#ifdef HAVE_LOGIN_CAP
- struct ssh *ssh = active_state; /* XXX */
login_cap_t *lc;
const char *from_host, *from_ip;
#endif
+
if (authctxt == NULL)
fatal("input_userauth_request: no authctxt");
@@ -241,9 +242,10 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
authctxt->user = xstrdup(user);
if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
authctxt->valid = 1;
- debug2("input_userauth_request: setting up authctxt for %s", user);
+ debug2("%s: setting up authctxt for %s",
+ __func__, user);
} else {
- logit("input_userauth_request: invalid user %s", user);
+ /* Invalid user, fake password information */
authctxt->pw = fakepw();
#ifdef SSH_AUDIT_EVENTS
PRIVSEP(audit_event(SSH_INVALID_USER));
@@ -253,6 +255,8 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
if (options.use_pam)
PRIVSEP(start_pam(authctxt));
#endif
+ ssh_packet_set_log_preamble(ssh, "%suser %s",
+ authctxt->valid ? "authenticating " : "invalid ", user);
setproctitle("%s%s", authctxt->valid ? user : "unknown",
use_privsep ? " [net]" : "");
authctxt->service = xstrdup(service);
@@ -320,6 +324,7 @@ void
userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
const char *submethod)
{
+ struct ssh *ssh = active_state; /* XXX */
char *methods;
int partial = 0;
@@ -381,6 +386,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
packet_write_wait();
/* now we can break out */
authctxt->success = 1;
+ ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user);
} else {
/* Allow initial try of "none" auth without failure penalty */
diff --git a/crypto/openssh/channels.c b/crypto/openssh/channels.c
index bef8ad6aa2b3..d030fcdd9010 100644
--- a/crypto/openssh/channels.c
+++ b/crypto/openssh/channels.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.356 2016/10/18 17:32:54 dtucker Exp $ */
+/* $OpenBSD: channels.c,v 1.357 2017/02/01 02:59:09 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -3065,7 +3065,7 @@ channel_input_port_open(int type, u_int32_t seq, void *ctxt)
}
packet_check_eom();
c = channel_connect_to_port(host, host_port,
- "connected socket", originator_string);
+ "connected socket", originator_string, NULL, NULL);
free(originator_string);
free(host);
if (c == NULL) {
@@ -4026,9 +4026,13 @@ channel_connect_ctx_free(struct channel_connect *cctx)
memset(cctx, 0, sizeof(*cctx));
}
-/* Return CONNECTING channel to remote host:port or local socket path */
+/*
+ * Return CONNECTING channel to remote host:port or local socket path,
+ * passing back the failure reason if appropriate.
+ */
static Channel *
-connect_to(const char *name, int port, char *ctype, char *rname)
+connect_to_reason(const char *name, int port, char *ctype, char *rname,
+ int *reason, const char **errmsg)
{
struct addrinfo hints;
int gaierr;
@@ -4069,7 +4073,12 @@ connect_to(const char *name, int port, char *ctype, char *rname)
hints.ai_family = IPv4or6;
hints.ai_socktype = SOCK_STREAM;
snprintf(strport, sizeof strport, "%d", port);
- if ((gaierr = getaddrinfo(name, strport, &hints, &cctx.aitop)) != 0) {
+ if ((gaierr = getaddrinfo(name, strport, &hints, &cctx.aitop))
+ != 0) {
+ if (errmsg != NULL)
+ *errmsg = ssh_gai_strerror(gaierr);
+ if (reason != NULL)
+ *reason = SSH2_OPEN_CONNECT_FAILED;
error("connect_to %.100s: unknown host (%s)", name,
ssh_gai_strerror(gaierr));
return NULL;
@@ -4092,6 +4101,13 @@ connect_to(const char *name, int port, char *ctype, char *rname)
return c;
}
+/* Return CONNECTING channel to remote host:port or local socket path */
+static Channel *
+connect_to(const char *name, int port, char *ctype, char *rname)
+{
+ return connect_to_reason(name, port, ctype, rname, NULL, NULL);
+}
+
/*
* returns either the newly connected channel or the downstream channel
* that needs to deal with this connection.
@@ -4136,7 +4152,8 @@ channel_connect_by_listen_path(const char *path, char *ctype, char *rname)
/* Check if connecting to that port is permitted and connect. */
Channel *
-channel_connect_to_port(const char *host, u_short port, char *ctype, char *rname)
+channel_connect_to_port(const char *host, u_short port, char *ctype,
+ char *rname, int *reason, const char **errmsg)
{
int i, permit, permit_adm = 1;
@@ -4161,9 +4178,11 @@ channel_connect_to_port(const char *host, u_short port, char *ctype, char *rname
if (!permit || !permit_adm) {
logit("Received request to connect to host %.100s port %d, "
"but the request was denied.", host, port);
+ if (reason != NULL)
+ *reason = SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED;
return NULL;
}
- return connect_to(host, port, ctype, rname);
+ return connect_to_reason(host, port, ctype, rname, reason, errmsg);
}
/* Check if connecting to that path is permitted and connect. */
@@ -4354,6 +4373,33 @@ connect_local_xsocket(u_int dnr)
return connect_local_xsocket_path(buf);
}
+#ifdef __APPLE__
+static int
+is_path_to_xsocket(const char *display, char *path, size_t pathlen)
+{
+ struct stat sbuf;
+
+ if (strlcpy(path, display, pathlen) >= pathlen) {
+ error("%s: display path too long", __func__);
+ return 0;
+ }
+ if (display[0] != '/')
+ return 0;
+ if (stat(path, &sbuf) == 0) {
+ return 1;
+ } else {
+ char *dot = strrchr(path, '.');
+ if (dot != NULL) {
+ *dot = '\0';
+ if (stat(path, &sbuf) == 0) {
+ return 1;
+ }
+ }
+ }
+ return 0;
+}
+#endif
+
int
x11_connect_display(void)
{
@@ -4375,15 +4421,22 @@ x11_connect_display(void)
* connection to the real X server.
*/
- /* Check if the display is from launchd. */
#ifdef __APPLE__
- if (strncmp(display, "/tmp/launch", 11) == 0) {
- sock = connect_local_xsocket_path(display);
- if (sock < 0)
- return -1;
+ /* Check if display is a path to a socket (as set by launchd). */
+ {
+ char path[PATH_MAX];
- /* OK, we now have a connection to the display. */
- return sock;
+ if (is_path_to_xsocket(display, path, sizeof(path))) {
+ debug("x11_connect_display: $DISPLAY is launchd");
+
+ /* Create a socket. */
+ sock = connect_local_xsocket_path(path);
+ if (sock < 0)
+ return -1;
+
+ /* OK, we now have a connection to the display. */
+ return sock;
+ }
}
#endif
/*
diff --git a/crypto/openssh/channels.h b/crypto/openssh/channels.h
index 09c3c36557df..ce43236d5459 100644
--- a/crypto/openssh/channels.h
+++ b/crypto/openssh/channels.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.h,v 1.120 2016/10/18 17:32:54 dtucker Exp $ */
+/* $OpenBSD: channels.h,v 1.121 2017/02/01 02:59:09 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -275,7 +275,8 @@ void channel_update_permitted_opens(int, int);
void channel_clear_permitted_opens(void);
void channel_clear_adm_permitted_opens(void);
void channel_print_adm_permitted_opens(void);
-Channel *channel_connect_to_port(const char *, u_short, char *, char *);
+Channel *channel_connect_to_port(const char *, u_short, char *, char *, int *,
+ const char **);
Channel *channel_connect_to_path(const char *, char *, char *);
Channel *channel_connect_stdio_fwd(const char*, u_short, int, int);
Channel *channel_connect_by_listen_address(const char *, u_short,
diff --git a/crypto/openssh/clientloop.c b/crypto/openssh/clientloop.c
index 4289a40812bc..0648162341f7 100644
--- a/crypto/openssh/clientloop.c
+++ b/crypto/openssh/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.289 2016/09/30 09:19:13 markus Exp $ */
+/* $OpenBSD: clientloop.c,v 1.291 2017/03/10 05:01:13 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -991,7 +991,7 @@ process_cmdline(void)
CHANNEL_CANCEL_PORT_STATIC,
&options.fwd_opts) > 0;
if (!ok) {
- logit("Unkown port forwarding.");
+ logit("Unknown port forwarding.");
goto out;
}
logit("Canceled forwarding.");
@@ -2391,6 +2391,26 @@ client_global_hostkeys_private_confirm(int type, u_int32_t seq, void *_ctx)
}
/*
+ * Returns non-zero if the key is accepted by HostkeyAlgorithms.
+ * Made slightly less trivial by the multiple RSA signature algorithm names.
+ */
+static int
+key_accepted_by_hostkeyalgs(const struct sshkey *key)
+{
+ const char *ktype = sshkey_ssh_name(key);
+ const char *hostkeyalgs = options.hostkeyalgorithms != NULL ?
+ options.hostkeyalgorithms : KEX_DEFAULT_PK_ALG;
+
+ if (key == NULL || key->type == KEY_UNSPEC)
+ return 0;
+ if (key->type == KEY_RSA &&
+ (match_pattern_list("rsa-sha2-256", hostkeyalgs, 0) == 1 ||
+ match_pattern_list("rsa-sha2-512", hostkeyalgs, 0) == 1))
+ return 1;
+ return match_pattern_list(ktype, hostkeyalgs, 0) == 1;
+}
+
+/*
* Handle hostkeys-00@openssh.com global request to inform the client of all
* the server's hostkeys. The keys are checked against the user's
* HostkeyAlgorithms preference before they are accepted.
@@ -2436,10 +2456,7 @@ client_input_hostkeys(void)
sshkey_type(key), fp);
free(fp);
- /* Check that the key is accepted in HostkeyAlgorithms */
- if (match_pattern_list(sshkey_ssh_name(key),
- options.hostkeyalgorithms ? options.hostkeyalgorithms :
- KEX_DEFAULT_PK_ALG, 0) != 1) {
+ if (!key_accepted_by_hostkeyalgs(key)) {
debug3("%s: %s key not permitted by HostkeyAlgorithms",
__func__, sshkey_ssh_name(key));
continue;
diff --git a/crypto/openssh/compat.c b/crypto/openssh/compat.c
index 69a104fbfe5b..1e80cfa9a73a 100644
--- a/crypto/openssh/compat.c
+++ b/crypto/openssh/compat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: compat.c,v 1.99 2016/05/24 02:31:57 dtucker Exp $ */
+/* $OpenBSD: compat.c,v 1.100 2017/02/03 23:01:19 djm Exp $ */
/*
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
*
@@ -37,6 +37,7 @@
#include "compat.h"
#include "log.h"
#include "match.h"
+#include "kex.h"
int compat13 = 0;
int compat20 = 0;
@@ -250,42 +251,14 @@ proto_spec(const char *spec)
return ret;
}
-/*
- * Filters a proposal string, excluding any algorithm matching the 'filter'
- * pattern list.
- */
-static char *
-filter_proposal(char *proposal, const char *filter)
-{
- Buffer b;
- char *orig_prop, *fix_prop;
- char *cp, *tmp;
-
- buffer_init(&b);
- tmp = orig_prop = xstrdup(proposal);
- while ((cp = strsep(&tmp, ",")) != NULL) {
- if (match_pattern_list(cp, filter, 0) != 1) {
- if (buffer_len(&b) > 0)
- buffer_append(&b, ",", 1);
- buffer_append(&b, cp, strlen(cp));
- } else
- debug2("Compat: skipping algorithm \"%s\"", cp);
- }
- buffer_append(&b, "\0", 1);
- fix_prop = xstrdup((char *)buffer_ptr(&b));
- buffer_free(&b);
- free(orig_prop);
-
- return fix_prop;
-}
-
char *
compat_cipher_proposal(char *cipher_prop)
{
if (!(datafellows & SSH_BUG_BIGENDIANAES))
return cipher_prop;
debug2("%s: original cipher proposal: %s", __func__, cipher_prop);
- cipher_prop = filter_proposal(cipher_prop, "aes*");
+ if ((cipher_prop = match_filter_list(cipher_prop, "aes*")) == NULL)
+ fatal("match_filter_list failed");
debug2("%s: compat cipher proposal: %s", __func__, cipher_prop);
if (*cipher_prop == '\0')
fatal("No supported ciphers found");
@@ -298,7 +271,8 @@ compat_pkalg_proposal(char *pkalg_prop)
if (!(datafellows & SSH_BUG_RSASIGMD5))
return pkalg_prop;
debug2("%s: original public key proposal: %s", __func__, pkalg_prop);
- pkalg_prop = filter_proposal(pkalg_prop, "ssh-rsa");
+ if ((pkalg_prop = match_filter_list(pkalg_prop, "ssh-rsa")) == NULL)
+ fatal("match_filter_list failed");
debug2("%s: compat public key proposal: %s", __func__, pkalg_prop);
if (*pkalg_prop == '\0')
fatal("No supported PK algorithms found");
@@ -312,10 +286,14 @@ compat_kex_proposal(char *p)
return p;
debug2("%s: original KEX proposal: %s", __func__, p);
if ((datafellows & SSH_BUG_CURVE25519PAD) != 0)
- p = filter_proposal(p, "curve25519-sha256@libssh.org");
+ if ((p = match_filter_list(p,
+ "curve25519-sha256@libssh.org")) == NULL)
+ fatal("match_filter_list failed");
if ((datafellows & SSH_OLD_DHGEX) != 0) {
- p = filter_proposal(p, "diffie-hellman-group-exchange-sha256");
- p = filter_proposal(p, "diffie-hellman-group-exchange-sha1");
+ if ((p = match_filter_list(p,
+ "diffie-hellman-group-exchange-sha256,"
+ "diffie-hellman-group-exchange-sha1")) == NULL)
+ fatal("match_filter_list failed");
}
debug2("%s: compat KEX proposal: %s", __func__, p);
if (*p == '\0')
diff --git a/crypto/openssh/config.h b/crypto/openssh/config.h
index 77c4fe97d060..824c844ef0d9 100644
--- a/crypto/openssh/config.h
+++ b/crypto/openssh/config.h
@@ -737,6 +737,9 @@
/* Define to 1 if you have the <linux/seccomp.h> header file. */
/* #undef HAVE_LINUX_SECCOMP_H */
+/* Define to 1 if you have the `llabs' function. */
+#define HAVE_LLABS 1
+
/* Define to 1 if you have the <locale.h> header file. */
#define HAVE_LOCALE_H 1
@@ -1438,7 +1441,7 @@
/* #undef LASTLOG_WRITE_PUTUTXLINE */
/* Define if you want TCP Wrappers support */
-#define LIBWRAP 1
+/* #undef LIBWRAP */
/* Define to whatever link() returns for "not supported" if it doesn't return
EOPNOTSUPP. */
diff --git a/crypto/openssh/configure.ac b/crypto/openssh/configure.ac
index cedc4c53ab78..f303107e1506 100644
--- a/crypto/openssh/configure.ac
+++ b/crypto/openssh/configure.ac
@@ -747,6 +747,9 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
use_pie=auto
check_for_libcrypt_later=1
check_for_openpty_ctty_bug=1
+ dnl Target SUSv3/POSIX.1-2001 plus BSD specifics.
+ dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE
+ CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE"
AC_DEFINE([PAM_TTY_KLUDGE], [1],
[Work around problematic Linux PAM modules handling of PAM_TTY])
AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
@@ -1523,7 +1526,6 @@ int deny_severity = 0, allow_severity = 0;
TCPW_MSG="yes"
], [
AC_MSG_ERROR([*** libwrap missing])
-
])
LIBS="$saved_LIBS"
fi
@@ -1534,36 +1536,47 @@ int deny_severity = 0, allow_severity = 0;
LDNS_MSG="no"
AC_ARG_WITH(ldns,
[ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)],
- [
- if test "x$withval" != "xno" ; then
-
- if test "x$withval" != "xyes" ; then
- CPPFLAGS="$CPPFLAGS -I${withval}/include"
- LDFLAGS="$LDFLAGS -L${withval}/lib"
- fi
-
- AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
- LIBS="-lldns $LIBS"
- LDNS_MSG="yes"
+ [
+ ldns=""
+ if test "x$withval" = "xyes" ; then
+ AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no])
+ if test "x$PKGCONFIG" = "xno"; then
+ CPPFLAGS="$CPPFLAGS -I${withval}/include"
+ LDFLAGS="$LDFLAGS -L${withval}/lib"
+ LIBS="-lldns $LIBS"
+ ldns=yes
+ else
+ LIBS="$LIBS `$LDNSCONFIG --libs`"
+ CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`"
+ fi
+ elif test "x$withval" != "xno" ; then
+ CPPFLAGS="$CPPFLAGS -I${withval}/include"
+ LDFLAGS="$LDFLAGS -L${withval}/lib"
+ LIBS="-lldns $LIBS"
+ ldns=yes
+ fi
- AC_MSG_CHECKING([for ldns support])
- AC_LINK_IFELSE(
- [AC_LANG_SOURCE([[
+ # Verify that it works.
+ if test "x$ldns" = "xyes" ; then
+ AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
+ LDNS_MSG="yes"
+ AC_MSG_CHECKING([for ldns support])
+ AC_LINK_IFELSE(
+ [AC_LANG_SOURCE([[
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <ldns/ldns.h>
int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
- ]])
- ],
- [AC_MSG_RESULT(yes)],
+ ]])
+ ],
+ [AC_MSG_RESULT(yes)],
[
AC_MSG_RESULT(no)
AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
])
- fi
- ]
-)
+ fi
+])
# Check whether user wants libedit support
LIBEDIT_MSG="no"
@@ -1766,6 +1779,7 @@ AC_CHECK_FUNCS([ \
inet_ntoa \
inet_ntop \
innetgr \
+ llabs \
login_getcapbool \
md5_crypt \
memmove \
@@ -1834,11 +1848,8 @@ AC_CHECK_FUNCS([ \
warn \
])
-dnl Wide character support. Linux man page says it needs _XOPEN_SOURCE.
-saved_CFLAGS="$CFLAGS"
-CFLAGS="$CFLAGS -D_XOPEN_SOURCE"
+dnl Wide character support.
AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth])
-CFLAGS="$saved_CFLAGS"
TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes}
AC_MSG_CHECKING([for utf8 locale support])
@@ -2583,8 +2594,8 @@ if test "x$openssl" = "xyes" ; then
ssl_library_ver=`cat conftest.ssllibver`
# Check version is supported.
case "$ssl_library_ver" in
- 0090[[0-7]]*|009080[[0-5]]*)
- AC_MSG_ERROR([OpenSSL >= 0.9.8f required (have "$ssl_library_ver")])
+ 10000*|0*)
+ AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")])
;;
*) ;;
esac
@@ -5147,6 +5158,7 @@ echo " S/KEY support: $SKEY_MSG"
echo " TCP Wrappers support: $TCPW_MSG"
echo " MD5 password support: $MD5_MSG"
echo " libedit support: $LIBEDIT_MSG"
+echo " libldns support: $LDNS_MSG"
echo " Solaris process contract support: $SPC_MSG"
echo " Solaris project support: $SP_MSG"
echo " Solaris privilege support: $SPP_MSG"
diff --git a/crypto/openssh/contrib/cygwin/ssh-host-config b/crypto/openssh/contrib/cygwin/ssh-host-config
index d934d09b5430..db6aaa08a032 100644
--- a/crypto/openssh/contrib/cygwin/ssh-host-config
+++ b/crypto/openssh/contrib/cygwin/ssh-host-config
@@ -63,7 +63,6 @@ sshd_config_configured=no
port_number=22
service_name=sshd
strictmodes=yes
-privsep_used=yes
cygwin_value=""
user_account=
password_value=
@@ -140,33 +139,21 @@ sshd_strictmodes() {
# ======================================================================
# Routine: sshd_privsep
-# MODIFIES: privsep_used
+# Try to create ssshd user account
# ======================================================================
sshd_privsep() {
local ret=0
if [ "${sshd_config_configured}" != "yes" ]
then
- echo
- csih_inform "Privilege separation is set to 'sandbox' by default since"
- csih_inform "OpenSSH 6.1. This is unsupported by Cygwin and has to be set"
- csih_inform "to 'yes' or 'no'."
- csih_inform "However, using privilege separation requires a non-privileged account"
- csih_inform "called 'sshd'."
- csih_inform "For more info on privilege separation read /usr/share/doc/openssh/README.privsep."
- if csih_request "Should privilege separation be used?"
+ if ! csih_create_unprivileged_user sshd
then
- privsep_used=yes
- if ! csih_create_unprivileged_user sshd
- then
- csih_error_recoverable "Couldn't create user 'sshd'!"
- csih_error_recoverable "Privilege separation set to 'no' again!"
- csih_error_recoverable "Check your ${SYSCONFDIR}/sshd_config file!"
- let ++ret
- privsep_used=no
- fi
- else
- privsep_used=no
+ csih_error_recoverable "Could not create user 'sshd'!"
+ csih_error_recoverable "You will not be able to run an sshd service"
+ csih_error_recoverable "under a privileged account successfully."
+ csih_error_recoverable "Make sure to create a non-privileged user 'sshd'"
+ csih_error_recoverable "manually before trying to run the service!"
+ let ++ret
fi
fi
return $ret
@@ -202,18 +189,6 @@ sshd_config_tweak() {
let ++ret
fi
fi
- if [ "${sshd_config_configured}" != "yes" ]
- then
- /usr/bin/sed -i -e "
- s/^#\?UsePrivilegeSeparation .*/UsePrivilegeSeparation ${privsep_used}/" \
- ${SYSCONFDIR}/sshd_config
- if [ $? -ne 0 ]
- then
- csih_warning "Setting privilege separation failed!"
- csih_warning "Check your ${SYSCONFDIR}/sshd_config file!"
- let ++ret
- fi
- fi
return $ret
} # --- End of sshd_config_tweak --- #
@@ -693,7 +668,7 @@ then
fi
fi
-# handle sshd_config (and privsep)
+# handle sshd_config
csih_install_config "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults" || let ++warning_cnt
if ! /usr/bin/cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1
then
diff --git a/crypto/openssh/contrib/redhat/openssh.spec b/crypto/openssh/contrib/redhat/openssh.spec
index 666097c5e619..7de45457a742 100644
--- a/crypto/openssh/contrib/redhat/openssh.spec
+++ b/crypto/openssh/contrib/redhat/openssh.spec
@@ -1,4 +1,4 @@
-%define ver 7.4p1
+%define ver 7.5p1
%define rel 1
# OpenSSH privilege separation requires a user & group ID
diff --git a/crypto/openssh/contrib/suse/openssh.spec b/crypto/openssh/contrib/suse/openssh.spec
index 4c4bbb69cb3e..e62be39d0aac 100644
--- a/crypto/openssh/contrib/suse/openssh.spec
+++ b/crypto/openssh/contrib/suse/openssh.spec
@@ -13,7 +13,7 @@
Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
Name: openssh
-Version: 7.4p1
+Version: 7.5p1
URL: https://www.openssh.com/
Release: 1
Source0: openssh-%{version}.tar.gz
diff --git a/crypto/openssh/digest-openssl.c b/crypto/openssh/digest-openssl.c
index 13b63c2f006d..c55ceb93f9d4 100644
--- a/crypto/openssh/digest-openssl.c
+++ b/crypto/openssh/digest-openssl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: digest-openssl.c,v 1.5 2014/12/21 22:27:56 djm Exp $ */
+/* $OpenBSD: digest-openssl.c,v 1.6 2017/03/10 02:59:51 dtucker Exp $ */
/*
* Copyright (c) 2013 Damien Miller <djm@mindrot.org>
*
@@ -158,7 +158,7 @@ ssh_digest_final(struct ssh_digest_ctx *ctx, u_char *d, size_t dlen)
const struct ssh_digest *digest = ssh_digest_by_alg(ctx->alg);
u_int l = dlen;
- if (dlen > UINT_MAX)
+ if (digest == NULL || dlen > UINT_MAX)
return SSH_ERR_INVALID_ARGUMENT;
if (dlen < digest->digest_len) /* No truncation allowed */
return SSH_ERR_INVALID_ARGUMENT;
diff --git a/crypto/openssh/freebsd-configure.sh b/crypto/openssh/freebsd-configure.sh
index e9420c7580c7..d2c63e170ffe 100755
--- a/crypto/openssh/freebsd-configure.sh
+++ b/crypto/openssh/freebsd-configure.sh
@@ -12,7 +12,7 @@ configure_args="
--with-libedit
--with-ssl-engine
--without-xauth
-"
+"
set -e
diff --git a/crypto/openssh/hostfile.c b/crypto/openssh/hostfile.c
index 4548fbab3d80..e23faa9696af 100644
--- a/crypto/openssh/hostfile.c
+++ b/crypto/openssh/hostfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: hostfile.c,v 1.67 2016/09/17 18:00:27 tedu Exp $ */
+/* $OpenBSD: hostfile.c,v 1.68 2017/03/10 04:26:06 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -419,19 +419,24 @@ write_host_entry(FILE *f, const char *host, const char *ip,
const struct sshkey *key, int store_hash)
{
int r, success = 0;
- char *hashed_host = NULL;
+ char *hashed_host = NULL, *lhost;
+
+ lhost = xstrdup(host);
+ lowercase(lhost);
if (store_hash) {
- if ((hashed_host = host_hash(host, NULL, 0)) == NULL) {
+ if ((hashed_host = host_hash(lhost, NULL, 0)) == NULL) {
error("%s: host_hash failed", __func__);
+ free(lhost);
return 0;
}
fprintf(f, "%s ", hashed_host);
} else if (ip != NULL)
- fprintf(f, "%s,%s ", host, ip);
- else
- fprintf(f, "%s ", host);
-
+ fprintf(f, "%s,%s ", lhost, ip);
+ else {
+ fprintf(f, "%s ", lhost);
+ }
+ free(lhost);
if ((r = sshkey_write(key, f)) == 0)
success = 1;
else
diff --git a/crypto/openssh/kex.c b/crypto/openssh/kex.c
index 6a94bc535bd7..cf4ac0dc574d 100644
--- a/crypto/openssh/kex.c
+++ b/crypto/openssh/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.127 2016/10/10 19:28:48 markus Exp $ */
+/* $OpenBSD: kex.c,v 1.131 2017/03/15 07:07:39 markus Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
*
@@ -178,7 +178,7 @@ kex_names_valid(const char *names)
char *
kex_names_cat(const char *a, const char *b)
{
- char *ret = NULL, *tmp = NULL, *cp, *p;
+ char *ret = NULL, *tmp = NULL, *cp, *p, *m;
size_t len;
if (a == NULL || *a == '\0')
@@ -195,8 +195,10 @@ kex_names_cat(const char *a, const char *b)
}
strlcpy(ret, a, len);
for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) {
- if (match_list(ret, p, NULL) != NULL)
+ if ((m = match_list(ret, p, NULL)) != NULL) {
+ free(m);
continue; /* Algorithm already present */
+ }
if (strlcat(ret, ",", len) >= len ||
strlcat(ret, p, len) >= len) {
free(tmp);
@@ -211,7 +213,8 @@ kex_names_cat(const char *a, const char *b)
/*
* Assemble a list of algorithms from a default list and a string from a
* configuration file. The user-provided string may begin with '+' to
- * indicate that it should be appended to the default.
+ * indicate that it should be appended to the default or '-' that the
+ * specified names should be removed.
*/
int
kex_assemble_names(const char *def, char **list)
@@ -222,14 +225,18 @@ kex_assemble_names(const char *def, char **list)
*list = strdup(def);
return 0;
}
- if (**list != '+') {
- return 0;
+ if (**list == '+') {
+ if ((ret = kex_names_cat(def, *list + 1)) == NULL)
+ return SSH_ERR_ALLOC_FAIL;
+ free(*list);
+ *list = ret;
+ } else if (**list == '-') {
+ if ((ret = match_filter_list(def, *list + 1)) == NULL)
+ return SSH_ERR_ALLOC_FAIL;
+ free(*list);
+ *list = ret;
}
- if ((ret = kex_names_cat(def, *list + 1)) == NULL)
- return SSH_ERR_ALLOC_FAIL;
- free(*list);
- *list = ret;
return 0;
}
@@ -334,7 +341,6 @@ kex_reset_dispatch(struct ssh *ssh)
{
ssh_dispatch_range(ssh, SSH2_MSG_TRANSPORT_MIN,
SSH2_MSG_TRANSPORT_MAX, &kex_protocol_error);
- ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit);
}
static int
@@ -343,7 +349,7 @@ kex_send_ext_info(struct ssh *ssh)
int r;
char *algs;
- if ((algs = sshkey_alg_list(0, 1, ',')) == NULL)
+ if ((algs = sshkey_alg_list(0, 1, 1, ',')) == NULL)
return SSH_ERR_ALLOC_FAIL;
if ((r = sshpkt_start(ssh, SSH2_MSG_EXT_INFO)) != 0 ||
(r = sshpkt_put_u32(ssh, 1)) != 0 ||
@@ -424,6 +430,7 @@ kex_input_newkeys(int type, u_int32_t seq, void *ctxt)
debug("SSH2_MSG_NEWKEYS received");
ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_protocol_error);
+ ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit);
if ((r = sshpkt_get_end(ssh)) != 0)
return r;
if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0)
@@ -538,6 +545,7 @@ kex_new(struct ssh *ssh, char *proposal[PROPOSAL_MAX], struct kex **kexp)
goto out;
kex->done = 0;
kex_reset_dispatch(ssh);
+ ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit);
r = 0;
*kexp = kex;
out:
@@ -646,8 +654,10 @@ choose_enc(struct sshenc *enc, char *client, char *server)
if (name == NULL)
return SSH_ERR_NO_CIPHER_ALG_MATCH;
- if ((enc->cipher = cipher_by_name(name)) == NULL)
+ if ((enc->cipher = cipher_by_name(name)) == NULL) {
+ free(name);
return SSH_ERR_INTERNAL_ERROR;
+ }
enc->name = name;
enc->enabled = 0;
enc->iv = NULL;
@@ -665,8 +675,10 @@ choose_mac(struct ssh *ssh, struct sshmac *mac, char *client, char *server)
if (name == NULL)
return SSH_ERR_NO_MAC_ALG_MATCH;
- if (mac_setup(mac, name) < 0)
+ if (mac_setup(mac, name) < 0) {
+ free(name);
return SSH_ERR_INTERNAL_ERROR;
+ }
/* truncate the key */
if (ssh->compat & SSH_BUG_HMAC)
mac->key_len = 16;
@@ -690,6 +702,7 @@ choose_comp(struct sshcomp *comp, char *client, char *server)
} else if (strcmp(name, "none") == 0) {
comp->type = COMP_NONE;
} else {
+ free(name);
return SSH_ERR_INTERNAL_ERROR;
}
comp->name = name;
diff --git a/crypto/openssh/krl.c b/crypto/openssh/krl.c
index e271a1934407..3f28178b7b3c 100644
--- a/crypto/openssh/krl.c
+++ b/crypto/openssh/krl.c
@@ -14,7 +14,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $OpenBSD: krl.c,v 1.38 2016/09/12 01:22:38 deraadt Exp $ */
+/* $OpenBSD: krl.c,v 1.39 2017/03/10 07:18:32 dtucker Exp $ */
#include "includes.h"
@@ -1089,7 +1089,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
break;
case KRL_SECTION_SIGNATURE:
/* Handled above, but still need to stay in synch */
- sshbuf_reset(sect);
+ sshbuf_free(sect);
sect = NULL;
if ((r = sshbuf_skip_string(copy)) != 0)
goto out;
@@ -1288,7 +1288,8 @@ ssh_krl_file_contains_key(const char *path, const struct sshkey *key)
debug2("%s: checking KRL %s", __func__, path);
r = ssh_krl_check_key(krl, key);
out:
- close(fd);
+ if (fd != -1)
+ close(fd);
sshbuf_free(krlbuf);
ssh_krl_free(krl);
if (r != 0)
diff --git a/crypto/openssh/log.c b/crypto/openssh/log.c
index 2b59c4274454..d0f86cf6fb40 100644
--- a/crypto/openssh/log.c
+++ b/crypto/openssh/log.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: log.c,v 1.48 2016/07/15 05:01:58 dtucker Exp $ */
+/* $OpenBSD: log.c,v 1.49 2017/03/10 03:15:58 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -453,7 +453,8 @@ do_log(LogLevel level, const char *fmt, va_list args)
tmp_handler(level, fmtbuf, log_handler_ctx);
log_handler = tmp_handler;
} else if (log_on_stderr) {
- snprintf(msgbuf, sizeof msgbuf, "%s\r\n", fmtbuf);
+ snprintf(msgbuf, sizeof msgbuf, "%.*s\r\n",
+ (int)sizeof msgbuf - 3, fmtbuf);
(void)write(log_stderr_fd, msgbuf, strlen(msgbuf));
} else {
#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT)
diff --git a/crypto/openssh/match.c b/crypto/openssh/match.c
index c15dcd1ef30f..3cf40306b025 100644
--- a/crypto/openssh/match.c
+++ b/crypto/openssh/match.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: match.c,v 1.33 2016/11/06 05:46:37 djm Exp $ */
+/* $OpenBSD: match.c,v 1.37 2017/03/10 04:24:55 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -42,9 +42,11 @@
#include <ctype.h>
#include <stdlib.h>
#include <string.h>
+#include <stdio.h>
#include "xmalloc.h"
#include "match.h"
+#include "misc.h"
/*
* Returns true if the given string matches the pattern (which may contain ?
@@ -145,7 +147,7 @@ match_pattern_list(const char *string, const char *pattern, int dolower)
if (subi >= sizeof(sub) - 1)
return 0;
- /* If the subpattern was terminated by a comma, skip the comma. */
+ /* If the subpattern was terminated by a comma, then skip it. */
if (i < len && pattern[i] == ',')
i++;
@@ -177,7 +179,13 @@ match_pattern_list(const char *string, const char *pattern, int dolower)
int
match_hostname(const char *host, const char *pattern)
{
- return match_pattern_list(host, pattern, 1);
+ char *hostcopy = xstrdup(host);
+ int r;
+
+ lowercase(hostcopy);
+ r = match_pattern_list(hostcopy, pattern, 1);
+ free(hostcopy);
+ return r;
}
/*
@@ -284,3 +292,35 @@ match_list(const char *client, const char *server, u_int *next)
free(s);
return NULL;
}
+
+/*
+ * Filters a comma-separated list of strings, excluding any entry matching
+ * the 'filter' pattern list. Caller must free returned string.
+ */
+char *
+match_filter_list(const char *proposal, const char *filter)
+{
+ size_t len = strlen(proposal) + 1;
+ char *fix_prop = malloc(len);
+ char *orig_prop = strdup(proposal);
+ char *cp, *tmp;
+
+ if (fix_prop == NULL || orig_prop == NULL) {
+ free(orig_prop);
+ free(fix_prop);
+ return NULL;
+ }
+
+ tmp = orig_prop;
+ *fix_prop = '\0';
+ while ((cp = strsep(&tmp, ",")) != NULL) {
+ if (match_pattern_list(cp, filter, 0) != 1) {
+ if (*fix_prop != '\0')
+ strlcat(fix_prop, ",", len);
+ strlcat(fix_prop, cp, len);
+ }
+ }
+ free(orig_prop);
+ return fix_prop;
+}
+
diff --git a/crypto/openssh/match.h b/crypto/openssh/match.h
index db97ca8f7a28..937ba0412770 100644
--- a/crypto/openssh/match.h
+++ b/crypto/openssh/match.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: match.h,v 1.16 2015/05/04 06:10:48 djm Exp $ */
+/* $OpenBSD: match.h,v 1.17 2017/02/03 23:01:19 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -20,6 +20,7 @@ int match_hostname(const char *, const char *);
int match_host_and_ip(const char *, const char *, const char *);
int match_user(const char *, const char *, const char *, const char *);
char *match_list(const char *, const char *, u_int *);
+char *match_filter_list(const char *, const char *);
/* addrmatch.c */
int addr_match_list(const char *, const char *);
diff --git a/crypto/openssh/misc.c b/crypto/openssh/misc.c
index 8f320340b17c..3ec74c7954f0 100644
--- a/crypto/openssh/misc.c
+++ b/crypto/openssh/misc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.107 2016/11/30 00:28:31 dtucker Exp $ */
+/* $OpenBSD: misc.c,v 1.109 2017/03/14 00:55:37 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2005,2006 Damien Miller. All rights reserved.
@@ -307,7 +307,7 @@ a2tun(const char *s, int *remote)
long
convtime(const char *s)
{
- long total, secs;
+ long total, secs, multiplier = 1;
const char *p;
char *endp;
@@ -334,23 +334,28 @@ convtime(const char *s)
break;
case 'm':
case 'M':
- secs *= MINUTES;
+ multiplier = MINUTES;
break;
case 'h':
case 'H':
- secs *= HOURS;
+ multiplier = HOURS;
break;
case 'd':
case 'D':
- secs *= DAYS;
+ multiplier = DAYS;
break;
case 'w':
case 'W':
- secs *= WEEKS;
+ multiplier = WEEKS;
break;
default:
return -1;
}
+ if (secs >= LONG_MAX / multiplier)
+ return -1;
+ secs *= multiplier;
+ if (total >= LONG_MAX - secs)
+ return -1;
total += secs;
if (total < 0)
return -1;
diff --git a/crypto/openssh/monitor.c b/crypto/openssh/monitor.c
index 43f484709b8b..96d22b7e40e9 100644
--- a/crypto/openssh/monitor.c
+++ b/crypto/openssh/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.166 2016/09/28 16:33:06 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.167 2017/02/03 23:05:57 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -283,6 +283,7 @@ monitor_permit_authentications(int permit)
void
monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
{
+ struct ssh *ssh = active_state; /* XXX */
struct mon_table *ent;
int authenticated = 0, partial = 0;
@@ -356,6 +357,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
debug("%s: %s has been authenticated by privileged process",
__func__, authctxt->user);
+ ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user);
mm_get_keystate(pmonitor);
@@ -695,6 +697,7 @@ mm_answer_sign(int sock, Buffer *m)
int
mm_answer_pwnamallow(int sock, Buffer *m)
{
+ struct ssh *ssh = active_state; /* XXX */
char *username;
struct passwd *pwent;
int allowed = 0;
@@ -739,6 +742,8 @@ mm_answer_pwnamallow(int sock, Buffer *m)
buffer_put_cstring(m, pwent->pw_shell);
out:
+ ssh_packet_set_log_preamble(ssh, "%suser %s",
+ authctxt->valid ? "authenticating" : "invalid ", authctxt->user);
buffer_put_string(m, &options, sizeof(options));
#define M_CP_STROPT(x) do { \
diff --git a/crypto/openssh/mux.c b/crypto/openssh/mux.c
index b21df1562e3d..74644a27844a 100644
--- a/crypto/openssh/mux.c
+++ b/crypto/openssh/mux.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mux.c,v 1.63 2016/10/19 23:21:56 dtucker Exp $ */
+/* $OpenBSD: mux.c,v 1.64 2017/01/21 11:32:04 guenther Exp $ */
/*
* Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
*
@@ -2162,7 +2162,6 @@ int
muxclient(const char *path)
{
struct sockaddr_un addr;
- socklen_t sun_len;
int sock;
u_int pid;
@@ -2186,8 +2185,6 @@ muxclient(const char *path)
memset(&addr, '\0', sizeof(addr));
addr.sun_family = AF_UNIX;
- sun_len = offsetof(struct sockaddr_un, sun_path) +
- strlen(path) + 1;
if (strlcpy(addr.sun_path, path,
sizeof(addr.sun_path)) >= sizeof(addr.sun_path))
@@ -2197,7 +2194,7 @@ muxclient(const char *path)
if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
fatal("%s socket(): %s", __func__, strerror(errno));
- if (connect(sock, (struct sockaddr *)&addr, sun_len) == -1) {
+ if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
switch (muxclient_command) {
case SSHMUX_COMMAND_OPEN:
case SSHMUX_COMMAND_STDIO_FWD:
diff --git a/crypto/openssh/openbsd-compat/bsd-misc.c b/crypto/openssh/openbsd-compat/bsd-misc.c
index 6f3bc8f1d4f0..cfd73260ae18 100644
--- a/crypto/openssh/openbsd-compat/bsd-misc.c
+++ b/crypto/openssh/openbsd-compat/bsd-misc.c
@@ -301,3 +301,11 @@ mbtowc(wchar_t *pwc, const char *s, size_t n)
return 1;
}
#endif
+
+#ifndef HAVE_LLABS
+long long
+llabs(long long j)
+{
+ return (j < 0 ? -j : j);
+}
+#endif
diff --git a/crypto/openssh/openbsd-compat/bsd-misc.h b/crypto/openssh/openbsd-compat/bsd-misc.h
index 6f08b09faaa6..70a538f04e2d 100644
--- a/crypto/openssh/openbsd-compat/bsd-misc.h
+++ b/crypto/openssh/openbsd-compat/bsd-misc.h
@@ -135,4 +135,8 @@ void errx(int, const char *, ...) __attribute__((format(printf, 2, 3)));
void warn(const char *, ...) __attribute__((format(printf, 1, 2)));
#endif
+#ifndef HAVE_LLABS
+long long llabs(long long);
+#endif
+
#endif /* _BSD_MISC_H */
diff --git a/crypto/openssh/openbsd-compat/fmt_scaled.c b/crypto/openssh/openbsd-compat/fmt_scaled.c
index edd682a49823..e5533b2de90c 100644
--- a/crypto/openssh/openbsd-compat/fmt_scaled.c
+++ b/crypto/openssh/openbsd-compat/fmt_scaled.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: fmt_scaled.c,v 1.9 2007/03/20 03:42:52 tedu Exp $ */
+/* $OpenBSD: fmt_scaled.c,v 1.13 2017/03/11 23:37:23 djm Exp $ */
/*
* Copyright (c) 2001, 2002, 2003 Ian F. Darwin. All rights reserved.
@@ -69,7 +69,7 @@ static long long scale_factors[] = {
#define MAX_DIGITS (SCALE_LENGTH * 3) /* XXX strlen(sprintf("%lld", -1)? */
-/** Convert the given input string "scaled" into numeric in "result".
+/* Convert the given input string "scaled" into numeric in "result".
* Return 0 on success, -1 and errno set on error.
*/
int
@@ -81,7 +81,7 @@ scan_scaled(char *scaled, long long *result)
long long scale_fact = 1, whole = 0, fpart = 0;
/* Skip leading whitespace */
- while (isascii(*p) && isspace(*p))
+ while (isascii((unsigned char)*p) && isspace((unsigned char)*p))
++p;
/* Then at most one leading + or - */
@@ -108,7 +108,8 @@ scan_scaled(char *scaled, long long *result)
* (but note that E for Exa might look like e to some!).
* Advance 'p' to end, to get scale factor.
*/
- for (; isascii(*p) && (isdigit(*p) || *p=='.'); ++p) {
+ for (; isascii((unsigned char)*p) &&
+ (isdigit((unsigned char)*p) || *p=='.'); ++p) {
if (*p == '.') {
if (fract_digits > 0) { /* oops, more than one '.' */
errno = EINVAL;
@@ -124,6 +125,10 @@ scan_scaled(char *scaled, long long *result)
/* ignore extra fractional digits */
continue;
fract_digits++; /* for later scaling */
+ if (fpart >= LLONG_MAX / 10) {
+ errno = ERANGE;
+ return -1;
+ }
fpart *= 10;
fpart += i;
} else { /* normal digit */
@@ -131,6 +136,10 @@ scan_scaled(char *scaled, long long *result)
errno = ERANGE;
return -1;
}
+ if (whole >= LLONG_MAX / 10) {
+ errno = ERANGE;
+ return -1;
+ }
whole *= 10;
whole += i;
}
@@ -150,17 +159,22 @@ scan_scaled(char *scaled, long long *result)
/* Validate scale factor, and scale whole and fraction by it. */
for (i = 0; i < SCALE_LENGTH; i++) {
- /** Are we there yet? */
+ /* Are we there yet? */
if (*p == scale_chars[i] ||
- *p == tolower(scale_chars[i])) {
+ *p == tolower((unsigned char)scale_chars[i])) {
/* If it ends with alphanumerics after the scale char, bad. */
- if (isalnum(*(p+1))) {
+ if (isalnum((unsigned char)*(p+1))) {
errno = EINVAL;
return -1;
}
scale_fact = scale_factors[i];
+ if (whole >= LLONG_MAX / scale_fact) {
+ errno = ERANGE;
+ return -1;
+ }
+
/* scale whole part */
whole *= scale_fact;
@@ -181,7 +195,9 @@ scan_scaled(char *scaled, long long *result)
return 0;
}
}
- errno = ERANGE;
+
+ /* Invalid unit or character */
+ errno = EINVAL;
return -1;
}
@@ -196,7 +212,7 @@ fmt_scaled(long long number, char *result)
unsigned int i;
unit_type unit = NONE;
- abval = (number < 0LL) ? -number : number; /* no long long_abs yet */
+ abval = llabs(number);
/* Not every negative long long has a positive representation.
* Also check for numbers that are just too darned big to format
diff --git a/crypto/openssh/packet.c b/crypto/openssh/packet.c
index 9ef5778baffc..b92fc9facb11 100644
--- a/crypto/openssh/packet.c
+++ b/crypto/openssh/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.243 2016/10/11 21:47:45 djm Exp $ */
+/* $OpenBSD: packet.c,v 1.247 2017/03/11 13:07:35 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -355,6 +355,25 @@ ssh_packet_get_mux(struct ssh *ssh)
}
int
+ssh_packet_set_log_preamble(struct ssh *ssh, const char *fmt, ...)
+{
+ va_list args;
+ int r;
+
+ free(ssh->log_preamble);
+ if (fmt == NULL)
+ ssh->log_preamble = NULL;
+ else {
+ va_start(args, fmt);
+ r = vasprintf(&ssh->log_preamble, fmt, args);
+ va_end(args);
+ if (r < 0 || ssh->log_preamble == NULL)
+ return SSH_ERR_ALLOC_FAIL;
+ }
+ return 0;
+}
+
+int
ssh_packet_stop_discard(struct ssh *ssh)
{
struct session_state *state = ssh->state;
@@ -1051,7 +1070,7 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
/* Time-based rekeying */
if (state->rekey_interval != 0 &&
- state->rekey_time + state->rekey_interval <= monotime())
+ (int64_t)state->rekey_time + state->rekey_interval <= monotime())
return 1;
/* Always rekey when MAX_PACKETS sent in either direction */
@@ -1449,8 +1468,10 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
break;
}
}
- if (r == 0)
- return SSH_ERR_CONN_TIMEOUT;
+ if (r == 0) {
+ r = SSH_ERR_CONN_TIMEOUT;
+ goto out;
+ }
/* Read data from the socket. */
len = read(state->connection_in, buf, sizeof(buf));
if (len == 0) {
@@ -1831,11 +1852,11 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
if (r != SSH_ERR_MAC_INVALID)
goto out;
logit("Corrupted MAC on input.");
- if (need > PACKET_MAX_SIZE)
+ if (need + block_size > PACKET_MAX_SIZE)
return SSH_ERR_INTERNAL_ERROR;
return ssh_packet_start_discard(ssh, enc, mac,
sshbuf_len(state->incoming_packet),
- PACKET_MAX_SIZE - need);
+ PACKET_MAX_SIZE - need - block_size);
}
/* Remove MAC from input buffer */
DBG(debug("MAC #%d ok", state->p_read.seqnr));
@@ -2076,27 +2097,36 @@ ssh_packet_send_debug(struct ssh *ssh, const char *fmt,...)
fatal("%s: %s", __func__, ssh_err(r));
}
+static void
+fmt_connection_id(struct ssh *ssh, char *s, size_t l)
+{
+ snprintf(s, l, "%.200s%s%s port %d",
+ ssh->log_preamble ? ssh->log_preamble : "",
+ ssh->log_preamble ? " " : "",
+ ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
+}
+
/*
* Pretty-print connection-terminating errors and exit.
*/
void
sshpkt_fatal(struct ssh *ssh, const char *tag, int r)
{
+ char remote_id[512];
+
+ fmt_connection_id(ssh, remote_id, sizeof(remote_id));
+
switch (r) {
case SSH_ERR_CONN_CLOSED:
- logdie("Connection closed by %.200s port %d",
- ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
+ logdie("Connection closed by %s", remote_id);
case SSH_ERR_CONN_TIMEOUT:
- logdie("Connection %s %.200s port %d timed out",
- ssh->state->server_side ? "from" : "to",
- ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
+ logdie("Connection %s %s timed out",
+ ssh->state->server_side ? "from" : "to", remote_id);
case SSH_ERR_DISCONNECTED:
- logdie("Disconnected from %.200s port %d",
- ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
+ logdie("Disconnected from %s", remote_id);
case SSH_ERR_SYSTEM_ERROR:
if (errno == ECONNRESET)
- logdie("Connection reset by %.200s port %d",
- ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
+ logdie("Connection reset by %s", remote_id);
/* FALLTHROUGH */
case SSH_ERR_NO_CIPHER_ALG_MATCH:
case SSH_ERR_NO_MAC_ALG_MATCH:
@@ -2105,17 +2135,16 @@ sshpkt_fatal(struct ssh *ssh, const char *tag, int r)
case SSH_ERR_NO_HOSTKEY_ALG_MATCH:
if (ssh && ssh->kex && ssh->kex->failed_choice) {
BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, "ssh");
- logdie("Unable to negotiate with %.200s port %d: %s. "
- "Their offer: %s", ssh_remote_ipaddr(ssh),
- ssh_remote_port(ssh), ssh_err(r),
+ logdie("Unable to negotiate with %s: %s. "
+ "Their offer: %s", remote_id, ssh_err(r),
ssh->kex->failed_choice);
}
/* FALLTHROUGH */
default:
- logdie("%s%sConnection %s %.200s port %d: %s",
+ logdie("%s%sConnection %s %s: %s",
tag != NULL ? tag : "", tag != NULL ? ": " : "",
ssh->state->server_side ? "from" : "to",
- ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), ssh_err(r));
+ remote_id, ssh_err(r));
}
}
@@ -2128,7 +2157,7 @@ sshpkt_fatal(struct ssh *ssh, const char *tag, int r)
void
ssh_packet_disconnect(struct ssh *ssh, const char *fmt,...)
{
- char buf[1024];
+ char buf[1024], remote_id[512];
va_list args;
static int disconnecting = 0;
int r;
@@ -2141,12 +2170,13 @@ ssh_packet_disconnect(struct ssh *ssh, const char *fmt,...)
* Format the message. Note that the caller must make sure the
* message is of limited size.
*/
+ fmt_connection_id(ssh, remote_id, sizeof(remote_id));
va_start(args, fmt);
vsnprintf(buf, sizeof(buf), fmt, args);
va_end(args);
/* Display the error locally */
- logit("Disconnecting: %.100s", buf);
+ logit("Disconnecting %s: %.100s", remote_id, buf);
/*
* Send the disconnect message to the other side, and wait
@@ -2399,10 +2429,10 @@ ssh_packet_send_ignore(struct ssh *ssh, int nbytes)
}
void
-ssh_packet_set_rekey_limits(struct ssh *ssh, u_int64_t bytes, time_t seconds)
+ssh_packet_set_rekey_limits(struct ssh *ssh, u_int64_t bytes, u_int32_t seconds)
{
- debug3("rekey after %llu bytes, %d seconds", (unsigned long long)bytes,
- (int)seconds);
+ debug3("rekey after %llu bytes, %u seconds", (unsigned long long)bytes,
+ (unsigned int)seconds);
ssh->state->rekey_limit = bytes;
ssh->state->rekey_interval = seconds;
}
diff --git a/crypto/openssh/packet.h b/crypto/openssh/packet.h
index bfe7da61579a..0d25b352c73f 100644
--- a/crypto/openssh/packet.h
+++ b/crypto/openssh/packet.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.h,v 1.74 2016/10/11 21:47:45 djm Exp $ */
+/* $OpenBSD: packet.h,v 1.76 2017/02/03 23:03:33 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -62,6 +62,9 @@ struct ssh {
char *local_ipaddr;
int local_port;
+ /* Optional preamble for log messages (e.g. username) */
+ char *log_preamble;
+
/* Dispatcher table */
dispatch_fn *dispatch[DISPATCH_MAX];
/* number of packets to ignore in the dispatcher */
@@ -104,6 +107,8 @@ void ssh_packet_set_server(struct ssh *);
void ssh_packet_set_authenticated(struct ssh *);
void ssh_packet_set_mux(struct ssh *);
int ssh_packet_get_mux(struct ssh *);
+int ssh_packet_set_log_preamble(struct ssh *, const char *, ...)
+ __attribute__((format(printf, 2, 3)));
int ssh_packet_log_type(u_char);
@@ -154,7 +159,7 @@ int ssh_remote_port(struct ssh *);
const char *ssh_local_ipaddr(struct ssh *);
int ssh_local_port(struct ssh *);
-void ssh_packet_set_rekey_limits(struct ssh *, u_int64_t, time_t);
+void ssh_packet_set_rekey_limits(struct ssh *, u_int64_t, u_int32_t);
time_t ssh_packet_get_rekey_timeout(struct ssh *);
void *ssh_packet_get_input(struct ssh *);
diff --git a/crypto/openssh/pathnames.h b/crypto/openssh/pathnames.h
index 44b0ea3cc2a4..c2dc08da9330 100644
--- a/crypto/openssh/pathnames.h
+++ b/crypto/openssh/pathnames.h
@@ -167,15 +167,6 @@
#define _PATH_LS "ls"
#endif
-/* path to login program */
-#ifndef LOGIN_PROGRAM
-# ifdef LOGIN_PROGRAM_FALLBACK
-# define LOGIN_PROGRAM LOGIN_PROGRAM_FALLBACK
-# else
-# define LOGIN_PROGRAM "/usr/bin/login"
-# endif
-#endif /* LOGIN_PROGRAM */
-
/* Askpass program define */
#ifndef ASKPASS_PROGRAM
#define ASKPASS_PROGRAM "/usr/lib/ssh/ssh-askpass"
diff --git a/crypto/openssh/readconf.c b/crypto/openssh/readconf.c
index 4b4ad1ed818a..b4e384d9ff3f 100644
--- a/crypto/openssh/readconf.c
+++ b/crypto/openssh/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.262 2016/10/25 04:08:13 jsg Exp $ */
+/* $OpenBSD: readconf.c,v 1.270 2017/03/10 04:27:32 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -95,7 +95,7 @@ __RCSID("$FreeBSD$");
Host books.com
RemoteForward 9999 shadows.cs.hut.fi:9999
- Cipher 3des
+ Ciphers 3des-cbc
Host fascist.blob.com
Port 23123
@@ -110,7 +110,7 @@ __RCSID("$FreeBSD$");
PublicKeyAuthentication no
Host *.su
- Cipher none
+ Ciphers aes128-ctr
PasswordAuthentication no
Host vpn.fake.com
@@ -183,6 +183,44 @@ static struct {
const char *name;
OpCodes opcode;
} keywords[] = {
+ /* Deprecated options */
+ { "fallbacktorsh", oDeprecated },
+ { "globalknownhostsfile2", oDeprecated },
+ { "rhostsauthentication", oDeprecated },
+ { "userknownhostsfile2", oDeprecated },
+ { "useroaming", oDeprecated },
+ { "usersh", oDeprecated },
+
+ /* Unsupported options */
+ { "afstokenpassing", oUnsupported },
+ { "kerberosauthentication", oUnsupported },
+ { "kerberostgtpassing", oUnsupported },
+
+ /* Sometimes-unsupported options */
+#if defined(GSSAPI)
+ { "gssapiauthentication", oGssAuthentication },
+ { "gssapidelegatecredentials", oGssDelegateCreds },
+# else
+ { "gssapiauthentication", oUnsupported },
+ { "gssapidelegatecredentials", oUnsupported },
+#endif
+#ifdef ENABLE_PKCS11
+ { "smartcarddevice", oPKCS11Provider },
+ { "pkcs11provider", oPKCS11Provider },
+# else
+ { "smartcarddevice", oUnsupported },
+ { "pkcs11provider", oUnsupported },
+#endif
+#ifdef WITH_SSH1
+ { "rsaauthentication", oRSAAuthentication },
+ { "rhostsrsaauthentication", oRhostsRSAAuthentication },
+ { "compressionlevel", oCompressionLevel },
+# else
+ { "rsaauthentication", oUnsupported },
+ { "rhostsrsaauthentication", oUnsupported },
+ { "compressionlevel", oUnsupported },
+#endif
+
{ "forwardagent", oForwardAgent },
{ "forwardx11", oForwardX11 },
{ "forwardx11trusted", oForwardX11Trusted },
@@ -191,30 +229,15 @@ static struct {
{ "xauthlocation", oXAuthLocation },
{ "gatewayports", oGatewayPorts },
{ "useprivilegedport", oUsePrivilegedPort },
- { "rhostsauthentication", oDeprecated },
{ "passwordauthentication", oPasswordAuthentication },
{ "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
{ "kbdinteractivedevices", oKbdInteractiveDevices },
- { "rsaauthentication", oRSAAuthentication },
{ "pubkeyauthentication", oPubkeyAuthentication },
{ "dsaauthentication", oPubkeyAuthentication }, /* alias */
- { "rhostsrsaauthentication", oRhostsRSAAuthentication },
{ "hostbasedauthentication", oHostbasedAuthentication },
{ "challengeresponseauthentication", oChallengeResponseAuthentication },
{ "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
{ "tisauthentication", oChallengeResponseAuthentication }, /* alias */
- { "kerberosauthentication", oUnsupported },
- { "kerberostgtpassing", oUnsupported },
- { "afstokenpassing", oUnsupported },
-#if defined(GSSAPI)
- { "gssapiauthentication", oGssAuthentication },
- { "gssapidelegatecredentials", oGssDelegateCreds },
-#else
- { "gssapiauthentication", oUnsupported },
- { "gssapidelegatecredentials", oUnsupported },
-#endif
- { "fallbacktorsh", oDeprecated },
- { "usersh", oDeprecated },
{ "identityfile", oIdentityFile },
{ "identityfile2", oIdentityFile }, /* obsolete */
{ "identitiesonly", oIdentitiesOnly },
@@ -236,15 +259,12 @@ static struct {
{ "match", oMatch },
{ "escapechar", oEscapeChar },
{ "globalknownhostsfile", oGlobalKnownHostsFile },
- { "globalknownhostsfile2", oDeprecated },
{ "userknownhostsfile", oUserKnownHostsFile },
- { "userknownhostsfile2", oDeprecated },
{ "connectionattempts", oConnectionAttempts },
{ "batchmode", oBatchMode },
{ "checkhostip", oCheckHostIP },
{ "stricthostkeychecking", oStrictHostKeyChecking },
{ "compression", oCompression },
- { "compressionlevel", oCompressionLevel },
{ "tcpkeepalive", oTCPKeepAlive },
{ "keepalive", oTCPKeepAlive }, /* obsolete */
{ "numberofpasswordprompts", oNumberOfPasswordPrompts },
@@ -253,13 +273,6 @@ static struct {
{ "preferredauthentications", oPreferredAuthentications },
{ "hostkeyalgorithms", oHostKeyAlgorithms },
{ "bindaddress", oBindAddress },
-#ifdef ENABLE_PKCS11
- { "smartcarddevice", oPKCS11Provider },
- { "pkcs11provider", oPKCS11Provider },
-#else
- { "smartcarddevice", oUnsupported },
- { "pkcs11provider", oUnsupported },
-#endif
{ "clearallforwardings", oClearAllForwardings },
{ "enablesshkeysign", oEnableSSHKeysign },
{ "verifyhostkeydns", oVerifyHostKeyDNS },
@@ -280,7 +293,6 @@ static struct {
{ "localcommand", oLocalCommand },
{ "permitlocalcommand", oPermitLocalCommand },
{ "visualhostkey", oVisualHostKey },
- { "useroaming", oDeprecated },
{ "kexalgorithms", oKexAlgorithms },
{ "ipqos", oIPQoS },
{ "requesttty", oRequestTTY },
@@ -841,11 +853,11 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host,
activep = &cmdline;
}
- /* Strip trailing whitespace */
+ /* Strip trailing whitespace. Allow \f (form feed) at EOL only */
if ((len = strlen(line)) == 0)
return 0;
for (len--; len > 0; len--) {
- if (strchr(WHITESPACE, line[len]) == NULL)
+ if (strchr(WHITESPACE "\f", line[len]) == NULL)
break;
line[len] = '\0';
}
@@ -1193,7 +1205,7 @@ parse_int:
arg = strdelim(&s);
if (!arg || *arg == '\0')
fatal("%.200s line %d: Missing argument.", filename, linenum);
- if (!ciphers_valid(*arg == '+' ? arg + 1 : arg))
+ if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg))
fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
filename, linenum, arg ? arg : "<NONE>");
if (*activep && options->ciphers == NULL)
@@ -1204,7 +1216,7 @@ parse_int:
arg = strdelim(&s);
if (!arg || *arg == '\0')
fatal("%.200s line %d: Missing argument.", filename, linenum);
- if (!mac_valid(*arg == '+' ? arg + 1 : arg))
+ if (*arg != '-' && !mac_valid(*arg == '+' ? arg + 1 : arg))
fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
filename, linenum, arg ? arg : "<NONE>");
if (*activep && options->macs == NULL)
@@ -1216,7 +1228,8 @@ parse_int:
if (!arg || *arg == '\0')
fatal("%.200s line %d: Missing argument.",
filename, linenum);
- if (!kex_names_valid(*arg == '+' ? arg + 1 : arg))
+ if (*arg != '-' &&
+ !kex_names_valid(*arg == '+' ? arg + 1 : arg))
fatal("%.200s line %d: Bad SSH2 KexAlgorithms '%s'.",
filename, linenum, arg ? arg : "<NONE>");
if (*activep && options->kex_algorithms == NULL)
@@ -1230,7 +1243,8 @@ parse_keytypes:
if (!arg || *arg == '\0')
fatal("%.200s line %d: Missing argument.",
filename, linenum);
- if (!sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1))
+ if (*arg != '-' &&
+ !sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1))
fatal("%s line %d: Bad key types '%s'.",
filename, linenum, arg ? arg : "<NONE>");
if (*activep && *charptr == NULL)
@@ -1497,6 +1511,7 @@ parse_keytypes:
if (r == GLOB_NOMATCH) {
debug("%.200s line %d: include %s matched no "
"files",filename, linenum, arg2);
+ free(arg2);
continue;
} else if (r != 0 || gl.gl_pathc < 0)
fatal("%.200s line %d: glob failed for %s.",
@@ -1513,6 +1528,11 @@ parse_keytypes:
flags | SSHCONF_CHECKPERM |
(oactive ? 0 : SSHCONF_NEVERMATCH),
activep, depth + 1);
+ if (r != 1 && errno != ENOENT) {
+ fatal("Can't open user config file "
+ "%.100s: %.100s", gl.gl_pathv[i],
+ strerror(errno));
+ }
/*
* don't let Match in includes clobber the
* containing file's Match state.
@@ -1727,7 +1747,7 @@ read_config_file_depth(const char *filename, struct passwd *pw,
int flags, int *activep, int depth)
{
FILE *f;
- char line[1024];
+ char line[4096];
int linenum;
int bad_options = 0;
@@ -1757,6 +1777,8 @@ read_config_file_depth(const char *filename, struct passwd *pw,
while (fgets(line, sizeof(line), f)) {
/* Update line number counter. */
linenum++;
+ if (strlen(line) == sizeof(line) - 1)
+ fatal("%s line %d too long", filename, linenum);
if (process_config_line_depth(options, pw, host, original_host,
line, filename, linenum, activep, flags, depth) != 0)
bad_options++;
@@ -2482,10 +2504,10 @@ dump_cfg_forwards(OpCodes code, u_int count, const struct Forward *fwds)
/* oDynamicForward */
for (i = 0; i < count; i++) {
fwd = &fwds[i];
- if (code == oDynamicForward &&
+ if (code == oDynamicForward && fwd->connect_host != NULL &&
strcmp(fwd->connect_host, "socks") != 0)
continue;
- if (code == oLocalForward &&
+ if (code == oLocalForward && fwd->connect_host != NULL &&
strcmp(fwd->connect_host, "socks") == 0)
continue;
printf("%s", lookup_opcode_name(code));
@@ -2558,8 +2580,10 @@ dump_client_config(Options *o, const char *host)
dump_cfg_fmtint(oProxyUseFdpass, o->proxy_use_fdpass);
dump_cfg_fmtint(oPubkeyAuthentication, o->pubkey_authentication);
dump_cfg_fmtint(oRequestTTY, o->request_tty);
+#ifdef WITH_RSA1
dump_cfg_fmtint(oRhostsRSAAuthentication, o->rhosts_rsa_authentication);
dump_cfg_fmtint(oRSAAuthentication, o->rsa_authentication);
+#endif
dump_cfg_fmtint(oStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
dump_cfg_fmtint(oStrictHostKeyChecking, o->strict_host_key_checking);
dump_cfg_fmtint(oTCPKeepAlive, o->tcp_keep_alive);
@@ -2571,7 +2595,9 @@ dump_client_config(Options *o, const char *host)
/* Integer options */
dump_cfg_int(oCanonicalizeMaxDots, o->canonicalize_max_dots);
+#ifdef WITH_SSH1
dump_cfg_int(oCompressionLevel, o->compression_level);
+#endif
dump_cfg_int(oConnectionAttempts, o->connection_attempts);
dump_cfg_int(oForwardX11Timeout, o->forward_x11_timeout);
dump_cfg_int(oNumberOfPasswordPrompts, o->number_of_password_prompts);
@@ -2591,7 +2617,9 @@ dump_client_config(Options *o, const char *host)
dump_cfg_string(oLocalCommand, o->local_command);
dump_cfg_string(oLogLevel, log_level_name(o->log_level));
dump_cfg_string(oMacs, o->macs ? o->macs : KEX_CLIENT_MAC);
+#ifdef ENABLE_PKCS11
dump_cfg_string(oPKCS11Provider, o->pkcs11_provider);
+#endif
dump_cfg_string(oPreferredAuthentications, o->preferred_authentications);
dump_cfg_string(oPubkeyAcceptedKeyTypes, o->pubkey_key_types);
dump_cfg_string(oRevokedHostKeys, o->revoked_host_keys);
diff --git a/crypto/openssh/regress/Makefile b/crypto/openssh/regress/Makefile
index c2dba4fdf5ea..b23496b98417 100644
--- a/crypto/openssh/regress/Makefile
+++ b/crypto/openssh/regress/Makefile
@@ -222,6 +222,7 @@ unit:
$$V ${.OBJDIR}/unittests/sshkey/test_sshkey \
-d ${.CURDIR}/unittests/sshkey/testdata ; \
$$V ${.OBJDIR}/unittests/bitmap/test_bitmap ; \
+ $$V ${.OBJDIR}/unittests/conversion/test_conversion ; \
$$V ${.OBJDIR}/unittests/kex/test_kex ; \
$$V ${.OBJDIR}/unittests/hostkeys/test_hostkeys \
-d ${.CURDIR}/unittests/hostkeys/testdata ; \
diff --git a/crypto/openssh/regress/agent-getpeereid.sh b/crypto/openssh/regress/agent-getpeereid.sh
index 91621a59ca19..34bced154f72 100644
--- a/crypto/openssh/regress/agent-getpeereid.sh
+++ b/crypto/openssh/regress/agent-getpeereid.sh
@@ -1,4 +1,4 @@
-# $OpenBSD: agent-getpeereid.sh,v 1.7 2016/09/26 21:34:38 bluhm Exp $
+# $OpenBSD: agent-getpeereid.sh,v 1.8 2017/01/06 02:51:16 djm Exp $
# Placed in the Public Domain.
tid="disallow agent attach from other uid"
@@ -32,17 +32,17 @@ if [ $r -ne 0 ]; then
else
chmod 644 ${SSH_AUTH_SOCK}
- ssh-add -l > /dev/null 2>&1
+ ${SSHADD} -l > /dev/null 2>&1
r=$?
if [ $r -ne 1 ]; then
fail "ssh-add failed with $r != 1"
fi
if test -z "$sudo" ; then
# doas
- ${SUDO} -n -u ${UNPRIV} ssh-add -l 2>/dev/null
+ ${SUDO} -n -u ${UNPRIV} ${SSHADD} -l 2>/dev/null
else
# sudo
- < /dev/null ${SUDO} -S -u ${UNPRIV} ssh-add -l 2>/dev/null
+ < /dev/null ${SUDO} -S -u ${UNPRIV} ${SSHADD} -l 2>/dev/null
fi
r=$?
if [ $r -lt 2 ]; then
diff --git a/crypto/openssh/regress/allow-deny-users.sh b/crypto/openssh/regress/allow-deny-users.sh
index 32a269afa97c..86805e19322b 100644
--- a/crypto/openssh/regress/allow-deny-users.sh
+++ b/crypto/openssh/regress/allow-deny-users.sh
@@ -4,7 +4,7 @@
tid="AllowUsers/DenyUsers"
me="$LOGNAME"
-if [ "x$me" == "x" ]; then
+if [ "x$me" = "x" ]; then
me=`whoami`
fi
other="nobody"
diff --git a/crypto/openssh/regress/cert-file.sh b/crypto/openssh/regress/cert-file.sh
index b184e7feabce..43b8e02014ce 100755
--- a/crypto/openssh/regress/cert-file.sh
+++ b/crypto/openssh/regress/cert-file.sh
@@ -1,4 +1,4 @@
-# $OpenBSD: cert-file.sh,v 1.4 2016/12/16 02:48:55 djm Exp $
+# $OpenBSD: cert-file.sh,v 1.5 2017/03/11 23:44:16 djm Exp $
# Placed in the Public Domain.
tid="ssh with certificates"
@@ -17,24 +17,59 @@ ${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key1 || \
fatal "ssh-keygen failed"
${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key2 || \
fatal "ssh-keygen failed"
+${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key3 || \
+ fatal "ssh-keygen failed"
+${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key4 || \
+ fatal "ssh-keygen failed"
+${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key5 || \
+ fatal "ssh-keygen failed"
+
# Move the certificate to a different address to better control
# when it is offered.
${SSHKEYGEN} -q -s $OBJ/user_ca_key1 -I "regress user key for $USER" \
-z $$ -n ${USER} $OBJ/user_key1 ||
- fail "couldn't sign user_key1 with user_ca_key1"
+ fatal "couldn't sign user_key1 with user_ca_key1"
mv $OBJ/user_key1-cert.pub $OBJ/cert_user_key1_1.pub
${SSHKEYGEN} -q -s $OBJ/user_ca_key2 -I "regress user key for $USER" \
-z $$ -n ${USER} $OBJ/user_key1 ||
- fail "couldn't sign user_key1 with user_ca_key2"
+ fatal "couldn't sign user_key1 with user_ca_key2"
mv $OBJ/user_key1-cert.pub $OBJ/cert_user_key1_2.pub
+${SSHKEYGEN} -q -s $OBJ/user_ca_key1 -I "regress user key for $USER" \
+ -z $$ -n ${USER} $OBJ/user_key3 ||
+ fatal "couldn't sign user_key3 with user_ca_key1"
+rm $OBJ/user_key3.pub # to test use of private key w/o public half.
+${SSHKEYGEN} -q -s $OBJ/user_ca_key1 -I "regress user key for $USER" \
+ -z $$ -n ${USER} $OBJ/user_key4 ||
+ fatal "couldn't sign user_key4 with user_ca_key1"
+rm $OBJ/user_key4 $OBJ/user_key4.pub # to test no matching pub/private key case.
trace 'try with identity files'
opts="-F $OBJ/ssh_proxy -oIdentitiesOnly=yes"
opts2="$opts -i $OBJ/user_key1 -i $OBJ/user_key2"
echo "cert-authority $(cat $OBJ/user_ca_key1.pub)" > $OBJ/authorized_keys_$USER
+# Make a clean config that doesn't have any pre-added identities.
+cat $OBJ/ssh_proxy | grep -v IdentityFile > $OBJ/no_identity_config
+
+# XXX: verify that certificate used was what we expect. Needs exposure of
+# keys via enviornment variable or similar.
+
for p in ${SSH_PROTOCOLS}; do
+ # Key with no .pub should work - finding the equivalent *-cert.pub.
+ verbose "protocol $p: identity cert with no plain public file"
+ ${SSH} -F $OBJ/no_identity_config -oIdentitiesOnly=yes \
+ -i $OBJ/user_key3 somehost exit 5$p
+ [ $? -ne 5$p ] && fail "ssh failed"
+
+ # CertificateFile matching private key with no .pub file should work.
+ verbose "protocol $p: CertificateFile with no plain public file"
+ ${SSH} -F $OBJ/no_identity_config -oIdentitiesOnly=yes \
+ -oCertificateFile=$OBJ/user_key3-cert.pub \
+ -i $OBJ/user_key3 somehost exit 5$p
+ [ $? -ne 5$p ] && fail "ssh failed"
+
# Just keys should fail
+ verbose "protocol $p: plain keys"
${SSH} $opts2 somehost exit 5$p
r=$?
if [ $r -eq 5$p ]; then
@@ -42,6 +77,7 @@ for p in ${SSH_PROTOCOLS}; do
fi
# Keys with untrusted cert should fail.
+ verbose "protocol $p: untrusted cert"
opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_2.pub"
${SSH} $opts3 somehost exit 5$p
r=$?
@@ -50,6 +86,7 @@ for p in ${SSH_PROTOCOLS}; do
fi
# Good cert with bad key should fail.
+ verbose "protocol $p: good cert, bad key"
opts3="$opts -i $OBJ/user_key2"
opts3="$opts3 -oCertificateFile=$OBJ/cert_user_key1_1.pub"
${SSH} $opts3 somehost exit 5$p
@@ -59,6 +96,7 @@ for p in ${SSH_PROTOCOLS}; do
fi
# Keys with one trusted cert, should succeed.
+ verbose "protocol $p: single trusted"
opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_1.pub"
${SSH} $opts3 somehost exit 5$p
r=$?
@@ -67,6 +105,7 @@ for p in ${SSH_PROTOCOLS}; do
fi
# Multiple certs and keys, with one trusted cert, should succeed.
+ verbose "protocol $p: multiple trusted"
opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_2.pub"
opts3="$opts3 -oCertificateFile=$OBJ/cert_user_key1_1.pub"
${SSH} $opts3 somehost exit 5$p
@@ -74,14 +113,6 @@ for p in ${SSH_PROTOCOLS}; do
if [ $r -ne 5$p ]; then
fail "ssh failed with multiple certs in protocol $p"
fi
-
- #Keys with trusted certificate specified in config options, should succeed.
- opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_1.pub"
- ${SSH} $opts3 somehost exit 5$p
- r=$?
- if [ $r -ne 5$p ]; then
- fail "ssh failed with trusted cert in config in protocol $p"
- fi
done
#next, using an agent in combination with the keys
diff --git a/crypto/openssh/regress/forwarding.sh b/crypto/openssh/regress/forwarding.sh
index 2539db9b754b..45c596d7db99 100644
--- a/crypto/openssh/regress/forwarding.sh
+++ b/crypto/openssh/regress/forwarding.sh
@@ -1,4 +1,4 @@
-# $OpenBSD: forwarding.sh,v 1.16 2016/04/14 23:57:17 djm Exp $
+# $OpenBSD: forwarding.sh,v 1.19 2017/01/30 05:22:14 djm Exp $
# Placed in the Public Domain.
tid="local and remote forwarding"
@@ -10,8 +10,7 @@ start_sshd
base=33
last=$PORT
fwd=""
-CTL=$OBJ/ctl-sock
-rm -f $CTL
+CTL=/tmp/openssh.regress.ctl-sock.$$
for j in 0 1 2; do
for i in 0 1 2; do
@@ -29,7 +28,8 @@ for p in ${SSH_PROTOCOLS}; do
q=$p
fi
trace "start forwarding, fork to background"
- ${SSH} -$p -F $OBJ/ssh_config -f $fwd somehost sleep 10
+ rm -f $CTL
+ ${SSH} -S $CTL -M -$p -F $OBJ/ssh_config -f $fwd somehost sleep 10
trace "transfer over forwarded channels and check result"
${SSH} -$q -F $OBJ/ssh_config -p$last -o 'ConnectionAttempts=4' \
@@ -37,7 +37,7 @@ for p in ${SSH_PROTOCOLS}; do
test -s ${COPY} || fail "failed copy of ${DATA}"
cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}"
- sleep 10
+ ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost
done
for p in ${SSH_PROTOCOLS}; do
@@ -52,7 +52,7 @@ for d in L R; do
-$d ${base}04:127.0.0.1:$PORT \
-oExitOnForwardFailure=yes somehost true
if [ $? != 0 ]; then
- fail "connection failed, should not"
+ fatal "connection failed, should not"
else
# this one should fail
${SSH} -q -$p -F $OBJ/ssh_config \
@@ -75,30 +75,32 @@ for p in ${SSH_PROTOCOLS}; do
${SSH} -$p -F $OBJ/ssh_config -oClearAllForwardings=yes somehost true
trace "clear local forward proto $p"
- ${SSH} -$p -f -F $OBJ/ssh_config -L ${base}01:127.0.0.1:$PORT \
+ rm -f $CTL
+ ${SSH} -S $CTL -M -$p -f -F $OBJ/ssh_config -L ${base}01:127.0.0.1:$PORT \
-oClearAllForwardings=yes somehost sleep 10
if [ $? != 0 ]; then
fail "connection failed with cleared local forwarding"
else
# this one should fail
- ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \
+ ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 somehost true \
>>$TEST_REGRESS_LOGFILE 2>&1 && \
fail "local forwarding not cleared"
fi
- sleep 10
+ ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost
trace "clear remote forward proto $p"
- ${SSH} -$p -f -F $OBJ/ssh_config -R ${base}01:127.0.0.1:$PORT \
+ rm -f $CTL
+ ${SSH} -S $CTL -M -$p -f -F $OBJ/ssh_config -R ${base}01:127.0.0.1:$PORT \
-oClearAllForwardings=yes somehost sleep 10
if [ $? != 0 ]; then
fail "connection failed with cleared remote forwarding"
else
# this one should fail
- ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \
+ ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 somehost true \
>>$TEST_REGRESS_LOGFILE 2>&1 && \
fail "remote forwarding not cleared"
fi
- sleep 10
+ ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost
done
for p in 2; do
@@ -115,6 +117,7 @@ echo "LocalForward ${base}01 127.0.0.1:$PORT" >> $OBJ/ssh_config
echo "RemoteForward ${base}02 127.0.0.1:${base}01" >> $OBJ/ssh_config
for p in ${SSH_PROTOCOLS}; do
trace "config file: start forwarding, fork to background"
+ rm -f $CTL
${SSH} -S $CTL -M -$p -F $OBJ/ssh_config -f somehost sleep 10
trace "config file: transfer over forwarded channels and check result"
@@ -123,21 +126,24 @@ for p in ${SSH_PROTOCOLS}; do
test -s ${COPY} || fail "failed copy of ${DATA}"
cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}"
- ${SSH} -S $CTL -O exit somehost
+ ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost
done
for p in 2; do
trace "transfer over chained unix domain socket forwards and check result"
rm -f $OBJ/unix-[123].fwd
- ${SSH} -f -F $OBJ/ssh_config -R${base}01:[$OBJ/unix-1.fwd] somehost sleep 10
- ${SSH} -f -F $OBJ/ssh_config -L[$OBJ/unix-1.fwd]:[$OBJ/unix-2.fwd] somehost sleep 10
- ${SSH} -f -F $OBJ/ssh_config -R[$OBJ/unix-2.fwd]:[$OBJ/unix-3.fwd] somehost sleep 10
- ${SSH} -f -F $OBJ/ssh_config -L[$OBJ/unix-3.fwd]:127.0.0.1:$PORT somehost sleep 10
+ rm -f $CTL $CTL.[123]
+ ${SSH} -S $CTL -M -f -F $OBJ/ssh_config -R${base}01:[$OBJ/unix-1.fwd] somehost sleep 10
+ ${SSH} -S $CTL.1 -M -f -F $OBJ/ssh_config -L[$OBJ/unix-1.fwd]:[$OBJ/unix-2.fwd] somehost sleep 10
+ ${SSH} -S $CTL.2 -M -f -F $OBJ/ssh_config -R[$OBJ/unix-2.fwd]:[$OBJ/unix-3.fwd] somehost sleep 10
+ ${SSH} -S $CTL.3 -M -f -F $OBJ/ssh_config -L[$OBJ/unix-3.fwd]:127.0.0.1:$PORT somehost sleep 10
${SSH} -F $OBJ/ssh_config -p${base}01 -o 'ConnectionAttempts=4' \
somehost cat ${DATA} > ${COPY}
test -s ${COPY} || fail "failed copy ${DATA}"
cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}"
- #wait
- sleep 10
+ ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost
+ ${SSH} -F $OBJ/ssh_config -S $CTL.1 -O exit somehost
+ ${SSH} -F $OBJ/ssh_config -S $CTL.2 -O exit somehost
+ ${SSH} -F $OBJ/ssh_config -S $CTL.3 -O exit somehost
done
diff --git a/crypto/openssh/regress/integrity.sh b/crypto/openssh/regress/integrity.sh
index 39d310deb09b..1df2924f5f09 100755
--- a/crypto/openssh/regress/integrity.sh
+++ b/crypto/openssh/regress/integrity.sh
@@ -1,12 +1,10 @@
-# $OpenBSD: integrity.sh,v 1.19 2016/11/25 02:56:49 dtucker Exp $
+# $OpenBSD: integrity.sh,v 1.20 2017/01/06 02:26:10 dtucker Exp $
# Placed in the Public Domain.
tid="integrity"
cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
# start at byte 2900 (i.e. after kex) and corrupt at different offsets
-# XXX the test hangs if we modify the low bytes of the packet length
-# XXX and ssh tries to read...
tries=10
startoffset=2900
macs=`${SSH} -Q mac`
@@ -27,6 +25,7 @@ for m in $macs; do
elen=0
epad=0
emac=0
+ etmo=0
ecnt=0
skip=0
for off in `jot $tries $startoffset`; do
diff --git a/crypto/openssh/regress/test-exec.sh b/crypto/openssh/regress/test-exec.sh
index bfa48803b561..dc033cd96203 100644
--- a/crypto/openssh/regress/test-exec.sh
+++ b/crypto/openssh/regress/test-exec.sh
@@ -1,4 +1,4 @@
-# $OpenBSD: test-exec.sh,v 1.58 2016/12/16 01:06:27 dtucker Exp $
+# $OpenBSD: test-exec.sh,v 1.59 2017/02/07 23:03:11 dtucker Exp $
# Placed in the Public Domain.
#SUDO=sudo
@@ -444,12 +444,10 @@ Host *
User $USER
GlobalKnownHostsFile $OBJ/known_hosts
UserKnownHostsFile $OBJ/known_hosts
- RSAAuthentication yes
PubkeyAuthentication yes
ChallengeResponseAuthentication no
HostbasedAuthentication no
PasswordAuthentication no
- RhostsRSAAuthentication no
BatchMode yes
StrictHostKeyChecking yes
LogLevel DEBUG3
diff --git a/crypto/openssh/regress/unittests/Makefile b/crypto/openssh/regress/unittests/Makefile
index e70b16644311..e975f6ca4160 100644
--- a/crypto/openssh/regress/unittests/Makefile
+++ b/crypto/openssh/regress/unittests/Makefile
@@ -1,5 +1,6 @@
-# $OpenBSD: Makefile,v 1.7 2016/08/19 06:44:13 djm Exp $
-REGRESS_FAIL_EARLY= yes
-SUBDIR= test_helper sshbuf sshkey bitmap kex hostkeys utf8 match
+# $OpenBSD: Makefile,v 1.9 2017/03/14 01:20:29 dtucker Exp $
+
+REGRESS_FAIL_EARLY?= yes
+SUBDIR= test_helper sshbuf sshkey bitmap kex hostkeys utf8 match conversion
.include <bsd.subdir.mk>
diff --git a/crypto/openssh/regress/unittests/conversion/Makefile b/crypto/openssh/regress/unittests/conversion/Makefile
new file mode 100644
index 000000000000..cde97dc28a9a
--- /dev/null
+++ b/crypto/openssh/regress/unittests/conversion/Makefile
@@ -0,0 +1,10 @@
+# $OpenBSD: Makefile,v 1.1 2017/03/14 01:20:29 dtucker Exp $
+
+PROG=test_conversion
+SRCS=tests.c
+REGRESS_TARGETS=run-regress-${PROG}
+
+run-regress-${PROG}: ${PROG}
+ env ${TEST_ENV} ./${PROG}
+
+.include <bsd.regress.mk>
diff --git a/crypto/openssh/regress/unittests/conversion/tests.c b/crypto/openssh/regress/unittests/conversion/tests.c
new file mode 100644
index 000000000000..6dd77ef42548
--- /dev/null
+++ b/crypto/openssh/regress/unittests/conversion/tests.c
@@ -0,0 +1,51 @@
+/* $OpenBSD: tests.c,v 1.1 2017/03/14 01:20:29 dtucker Exp $ */
+/*
+ * Regress test for conversions
+ *
+ * Placed in the public domain
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef HAVE_STDINT_H
+#include <stdint.h>
+#endif
+#include <stdlib.h>
+#include <string.h>
+
+#include "../test_helper/test_helper.h"
+
+#include "misc.h"
+
+void
+tests(void)
+{
+ char buf[1024];
+
+ TEST_START("conversion_convtime");
+ ASSERT_LONG_EQ(convtime("0"), 0);
+ ASSERT_LONG_EQ(convtime("1"), 1);
+ ASSERT_LONG_EQ(convtime("1S"), 1);
+ /* from the examples in the comment above the function */
+ ASSERT_LONG_EQ(convtime("90m"), 5400);
+ ASSERT_LONG_EQ(convtime("1h30m"), 5400);
+ ASSERT_LONG_EQ(convtime("2d"), 172800);
+ ASSERT_LONG_EQ(convtime("1w"), 604800);
+
+ /* negative time is not allowed */
+ ASSERT_LONG_EQ(convtime("-7"), -1);
+ ASSERT_LONG_EQ(convtime("-9d"), -1);
+
+ /* overflow */
+ snprintf(buf, sizeof buf, "%llu", (unsigned long long)LONG_MAX + 1);
+ ASSERT_LONG_EQ(convtime(buf), -1);
+
+ /* overflow with multiplier */
+ snprintf(buf, sizeof buf, "%lluM", (unsigned long long)LONG_MAX/60 + 1);
+ ASSERT_LONG_EQ(convtime(buf), -1);
+ ASSERT_LONG_EQ(convtime("1000000000000000000000w"), -1);
+ TEST_DONE();
+}
diff --git a/crypto/openssh/regress/unittests/match/tests.c b/crypto/openssh/regress/unittests/match/tests.c
index 7ff319c162ad..e1593367bf3b 100644
--- a/crypto/openssh/regress/unittests/match/tests.c
+++ b/crypto/openssh/regress/unittests/match/tests.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tests.c,v 1.3 2016/09/21 17:03:54 djm Exp $ */
+/* $OpenBSD: tests.c,v 1.4 2017/02/03 23:01:42 djm Exp $ */
/*
* Regress test for matching functions
*
@@ -103,6 +103,25 @@ tests(void)
/* XXX negated ASSERT_INT_EQ(addr_match_list("127.0.0.1", "!127.0.0.2,10.0.0.1"), 1); */
TEST_DONE();
+#define CHECK_FILTER(string,filter,expected) \
+ do { \
+ char *result = match_filter_list((string), (filter)); \
+ ASSERT_STRING_EQ(result, expected); \
+ free(result); \
+ } while (0)
+
+ TEST_START("match_filter_list");
+ CHECK_FILTER("a,b,c", "", "a,b,c");
+ CHECK_FILTER("a,b,c", "a", "b,c");
+ CHECK_FILTER("a,b,c", "b", "a,c");
+ CHECK_FILTER("a,b,c", "c", "a,b");
+ CHECK_FILTER("a,b,c", "a,b", "c");
+ CHECK_FILTER("a,b,c", "a,c", "b");
+ CHECK_FILTER("a,b,c", "b,c", "a");
+ CHECK_FILTER("a,b,c", "a,b,c", "");
+ CHECK_FILTER("a,b,c", "b,c", "a");
+ CHECK_FILTER("", "a,b,c", "");
+ TEST_DONE();
/*
* XXX TODO
* int match_host_and_ip(const char *, const char *, const char *);
diff --git a/crypto/openssh/regress/unittests/test_helper/test_helper.c b/crypto/openssh/regress/unittests/test_helper/test_helper.c
index 26ca26b5e3b7..f855137fb29f 100644
--- a/crypto/openssh/regress/unittests/test_helper/test_helper.c
+++ b/crypto/openssh/regress/unittests/test_helper/test_helper.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: test_helper.c,v 1.6 2015/03/03 20:42:49 djm Exp $ */
+/* $OpenBSD: test_helper.c,v 1.7 2017/03/14 01:10:07 dtucker Exp $ */
/*
* Copyright (c) 2011 Damien Miller <djm@mindrot.org>
*
@@ -442,6 +442,17 @@ assert_u_int(const char *file, int line, const char *a1, const char *a2,
}
void
+assert_long(const char *file, int line, const char *a1, const char *a2,
+ long aa1, long aa2, enum test_predicate pred)
+{
+ TEST_CHECK(aa1, aa2, pred);
+ test_header(file, line, a1, a2, "LONG", pred);
+ fprintf(stderr, "%12s = %ld / 0x%lx\n", a1, aa1, aa1);
+ fprintf(stderr, "%12s = %ld / 0x%lx\n", a2, aa2, aa2);
+ test_die();
+}
+
+void
assert_long_long(const char *file, int line, const char *a1, const char *a2,
long long aa1, long long aa2, enum test_predicate pred)
{
diff --git a/crypto/openssh/regress/unittests/test_helper/test_helper.h b/crypto/openssh/regress/unittests/test_helper/test_helper.h
index 1d9c66986d5d..615b7832b4dc 100644
--- a/crypto/openssh/regress/unittests/test_helper/test_helper.h
+++ b/crypto/openssh/regress/unittests/test_helper/test_helper.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: test_helper.h,v 1.6 2015/01/18 19:52:44 djm Exp $ */
+/* $OpenBSD: test_helper.h,v 1.7 2017/03/14 01:10:07 dtucker Exp $ */
/*
* Copyright (c) 2011 Damien Miller <djm@mindrot.org>
*
@@ -67,6 +67,9 @@ void assert_size_t(const char *file, int line,
void assert_u_int(const char *file, int line,
const char *a1, const char *a2,
u_int aa1, u_int aa2, enum test_predicate pred);
+void assert_long(const char *file, int line,
+ const char *a1, const char *a2,
+ long aa1, long aa2, enum test_predicate pred);
void assert_long_long(const char *file, int line,
const char *a1, const char *a2,
long long aa1, long long aa2, enum test_predicate pred);
@@ -110,6 +113,8 @@ void assert_u64(const char *file, int line,
assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_EQ)
#define ASSERT_U_INT_EQ(a1, a2) \
assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_EQ)
+#define ASSERT_LONG_EQ(a1, a2) \
+ assert_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_EQ)
#define ASSERT_LONG_LONG_EQ(a1, a2) \
assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_EQ)
#define ASSERT_CHAR_EQ(a1, a2) \
@@ -139,6 +144,8 @@ void assert_u64(const char *file, int line,
assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_NE)
#define ASSERT_U_INT_NE(a1, a2) \
assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_NE)
+#define ASSERT_LONG_NE(a1, a2) \
+ assert_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_NE)
#define ASSERT_LONG_LONG_NE(a1, a2) \
assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_NE)
#define ASSERT_CHAR_NE(a1, a2) \
@@ -166,6 +173,8 @@ void assert_u64(const char *file, int line,
assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LT)
#define ASSERT_U_INT_LT(a1, a2) \
assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LT)
+#define ASSERT_LONG_LT(a1, a2) \
+ assert_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LT)
#define ASSERT_LONG_LONG_LT(a1, a2) \
assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LT)
#define ASSERT_CHAR_LT(a1, a2) \
@@ -193,6 +202,8 @@ void assert_u64(const char *file, int line,
assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LE)
#define ASSERT_U_INT_LE(a1, a2) \
assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LE)
+#define ASSERT_LONG_LE(a1, a2) \
+ assert_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LE)
#define ASSERT_LONG_LONG_LE(a1, a2) \
assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LE)
#define ASSERT_CHAR_LE(a1, a2) \
@@ -220,6 +231,8 @@ void assert_u64(const char *file, int line,
assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GT)
#define ASSERT_U_INT_GT(a1, a2) \
assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GT)
+#define ASSERT_LONG_GT(a1, a2) \
+ assert_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GT)
#define ASSERT_LONG_LONG_GT(a1, a2) \
assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GT)
#define ASSERT_CHAR_GT(a1, a2) \
@@ -247,6 +260,8 @@ void assert_u64(const char *file, int line,
assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GE)
#define ASSERT_U_INT_GE(a1, a2) \
assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GE)
+#define ASSERT_LONG_GE(a1, a2) \
+ assert_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GE)
#define ASSERT_LONG_LONG_GE(a1, a2) \
assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GE)
#define ASSERT_CHAR_GE(a1, a2) \
diff --git a/crypto/openssh/regress/unittests/utf8/tests.c b/crypto/openssh/regress/unittests/utf8/tests.c
index 31f9fe9c3b0c..f0bbca5096f0 100644
--- a/crypto/openssh/regress/unittests/utf8/tests.c
+++ b/crypto/openssh/regress/unittests/utf8/tests.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tests.c,v 1.3 2016/12/19 04:55:18 djm Exp $ */
+/* $OpenBSD: tests.c,v 1.4 2017/02/19 00:11:29 djm Exp $ */
/*
* Regress test for the utf8.h *mprintf() API
*
@@ -15,10 +15,7 @@
#include "utf8.h"
-void badarg(void);
-void one(const char *, const char *, int, int, int, const char *);
-
-void
+static void
badarg(void)
{
char buf[16];
@@ -33,8 +30,8 @@ badarg(void)
TEST_DONE();
}
-void
-one(const char *name, const char *mbs, int width,
+static void
+one(int utf8, const char *name, const char *mbs, int width,
int wantwidth, int wantlen, const char *wants)
{
char buf[16];
@@ -43,7 +40,7 @@ one(const char *name, const char *mbs, int width,
if (wantlen == -2)
wantlen = strlen(wants);
- (void)strlcpy(buf, "utf8_", sizeof(buf));
+ (void)strlcpy(buf, utf8 ? "utf8_" : "c_", sizeof(buf));
(void)strlcat(buf, name, sizeof(buf));
TEST_START(buf);
wp = wantwidth == -2 ? NULL : &width;
@@ -65,19 +62,41 @@ tests(void)
TEST_DONE();
badarg();
- one("empty", "", 2, 0, 0, "");
- one("ascii", "x", -2, -2, -2, "x");
- one("newline", "a\nb", -2, -2, -2, "a\nb");
- one("cr", "a\rb", -2, -2, -2, "a\rb");
- one("tab", "a\tb", -2, -2, -2, "a\tb");
- one("esc", "\033x", -2, -2, -2, "\\033x");
- one("inv_badbyte", "\377x", -2, -2, -2, "\\377x");
- one("inv_nocont", "\341x", -2, -2, -2, "\\341x");
- one("inv_nolead", "a\200b", -2, -2, -2, "a\\200b");
- one("sz_ascii", "1234567890123456", -2, -2, 16, "123456789012345");
- one("sz_esc", "123456789012\033", -2, -2, 16, "123456789012");
- one("width_ascii", "123", 2, 2, -1, "12");
- one("width_double", "a\343\201\201", 2, 1, -1, "a");
- one("double_fit", "a\343\201\201", 3, 3, 4, "a\343\201\201");
- one("double_spc", "a\343\201\201", 4, 3, 4, "a\343\201\201");
+ one(1, "empty", "", 2, 0, 0, "");
+ one(1, "ascii", "x", -2, -2, -2, "x");
+ one(1, "newline", "a\nb", -2, -2, -2, "a\nb");
+ one(1, "cr", "a\rb", -2, -2, -2, "a\rb");
+ one(1, "tab", "a\tb", -2, -2, -2, "a\tb");
+ one(1, "esc", "\033x", -2, -2, -2, "\\033x");
+ one(1, "inv_badbyte", "\377x", -2, -2, -2, "\\377x");
+ one(1, "inv_nocont", "\341x", -2, -2, -2, "\\341x");
+ one(1, "inv_nolead", "a\200b", -2, -2, -2, "a\\200b");
+ one(1, "sz_ascii", "1234567890123456", -2, -2, 16, "123456789012345");
+ one(1, "sz_esc", "123456789012\033", -2, -2, 16, "123456789012");
+ one(1, "width_ascii", "123", 2, 2, -1, "12");
+ one(1, "width_double", "a\343\201\201", 2, 1, -1, "a");
+ one(1, "double_fit", "a\343\201\201", 3, 3, 4, "a\343\201\201");
+ one(1, "double_spc", "a\343\201\201", 4, 3, 4, "a\343\201\201");
+
+ TEST_START("C_setlocale");
+ loc = setlocale(LC_CTYPE, "C");
+ ASSERT_PTR_NE(loc, NULL);
+ TEST_DONE();
+
+ badarg();
+ one(0, "empty", "", 2, 0, 0, "");
+ one(0, "ascii", "x", -2, -2, -2, "x");
+ one(0, "newline", "a\nb", -2, -2, -2, "a\nb");
+ one(0, "cr", "a\rb", -2, -2, -2, "a\rb");
+ one(0, "tab", "a\tb", -2, -2, -2, "a\tb");
+ one(0, "esc", "\033x", -2, -2, -2, "\\033x");
+ one(0, "inv_badbyte", "\377x", -2, -2, -2, "\\377x");
+ one(0, "inv_nocont", "\341x", -2, -2, -2, "\\341x");
+ one(0, "inv_nolead", "a\200b", -2, -2, -2, "a\\200b");
+ one(0, "sz_ascii", "1234567890123456", -2, -2, 16, "123456789012345");
+ one(0, "sz_esc", "123456789012\033", -2, -2, 16, "123456789012");
+ one(0, "width_ascii", "123", 2, 2, -1, "12");
+ one(0, "width_double", "a\343\201\201", 2, 1, -1, "a");
+ one(0, "double_fit", "a\343\201\201", 7, 5, -1, "a\\343");
+ one(0, "double_spc", "a\343\201\201", 13, 13, 13, "a\\343\\201\\201");
}
diff --git a/crypto/openssh/sandbox-seccomp-filter.c b/crypto/openssh/sandbox-seccomp-filter.c
index 2e1ed2c52727..3a1aedce72c2 100644
--- a/crypto/openssh/sandbox-seccomp-filter.c
+++ b/crypto/openssh/sandbox-seccomp-filter.c
@@ -73,19 +73,35 @@
# define SECCOMP_FILTER_FAIL SECCOMP_RET_TRAP
#endif /* SANDBOX_SECCOMP_FILTER_DEBUG */
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+# define ARG_LO_OFFSET 0
+# define ARG_HI_OFFSET sizeof(uint32_t)
+#elif __BYTE_ORDER == __BIG_ENDIAN
+# define ARG_LO_OFFSET sizeof(uint32_t)
+# define ARG_HI_OFFSET 0
+#else
+#error "Unknown endianness"
+#endif
+
/* Simple helpers to avoid manual errors (but larger BPF programs). */
#define SC_DENY(_nr, _errno) \
- BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 1), \
+ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (_nr), 0, 1), \
BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ERRNO|(_errno))
#define SC_ALLOW(_nr) \
- BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 1), \
+ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (_nr), 0, 1), \
BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
#define SC_ALLOW_ARG(_nr, _arg_nr, _arg_val) \
- BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 4), \
- /* load first syscall argument */ \
+ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (_nr), 0, 6), \
+ /* load and test first syscall argument, low word */ \
BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \
- offsetof(struct seccomp_data, args[(_arg_nr)])), \
- BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (_arg_val), 0, 1), \
+ offsetof(struct seccomp_data, args[(_arg_nr)]) + ARG_LO_OFFSET), \
+ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, \
+ ((_arg_val) & 0xFFFFFFFF), 0, 3), \
+ /* load and test first syscall argument, high word */ \
+ BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \
+ offsetof(struct seccomp_data, args[(_arg_nr)]) + ARG_HI_OFFSET), \
+ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, \
+ (((uint32_t)((uint64_t)(_arg_val) >> 32)) & 0xFFFFFFFF), 0, 1), \
BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), \
/* reload syscall number; all rules expect it in accumulator */ \
BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \
@@ -104,108 +120,122 @@ static const struct sock_filter preauth_insns[] = {
/* Syscalls to non-fatally deny */
#ifdef __NR_lstat
- SC_DENY(lstat, EACCES),
+ SC_DENY(__NR_lstat, EACCES),
#endif
#ifdef __NR_lstat64
- SC_DENY(lstat64, EACCES),
+ SC_DENY(__NR_lstat64, EACCES),
#endif
#ifdef __NR_fstat
- SC_DENY(fstat, EACCES),
+ SC_DENY(__NR_fstat, EACCES),
#endif
#ifdef __NR_fstat64
- SC_DENY(fstat64, EACCES),
+ SC_DENY(__NR_fstat64, EACCES),
#endif
#ifdef __NR_open
- SC_DENY(open, EACCES),
+ SC_DENY(__NR_open, EACCES),
#endif
#ifdef __NR_openat
- SC_DENY(openat, EACCES),
+ SC_DENY(__NR_openat, EACCES),
#endif
#ifdef __NR_newfstatat
- SC_DENY(newfstatat, EACCES),
+ SC_DENY(__NR_newfstatat, EACCES),
#endif
#ifdef __NR_stat
- SC_DENY(stat, EACCES),
+ SC_DENY(__NR_stat, EACCES),
#endif
#ifdef __NR_stat64
- SC_DENY(stat64, EACCES),
+ SC_DENY(__NR_stat64, EACCES),
#endif
/* Syscalls to permit */
#ifdef __NR_brk
- SC_ALLOW(brk),
+ SC_ALLOW(__NR_brk),
#endif
#ifdef __NR_clock_gettime
- SC_ALLOW(clock_gettime),
+ SC_ALLOW(__NR_clock_gettime),
#endif
#ifdef __NR_close
- SC_ALLOW(close),
+ SC_ALLOW(__NR_close),
#endif
#ifdef __NR_exit
- SC_ALLOW(exit),
+ SC_ALLOW(__NR_exit),
#endif
#ifdef __NR_exit_group
- SC_ALLOW(exit_group),
+ SC_ALLOW(__NR_exit_group),
#endif
#ifdef __NR_getpgid
- SC_ALLOW(getpgid),
+ SC_ALLOW(__NR_getpgid),
#endif
#ifdef __NR_getpid
- SC_ALLOW(getpid),
+ SC_ALLOW(__NR_getpid),
#endif
#ifdef __NR_getrandom
- SC_ALLOW(getrandom),
+ SC_ALLOW(__NR_getrandom),
#endif
#ifdef __NR_gettimeofday
- SC_ALLOW(gettimeofday),
+ SC_ALLOW(__NR_gettimeofday),
#endif
#ifdef __NR_madvise
- SC_ALLOW(madvise),
+ SC_ALLOW(__NR_madvise),
#endif
#ifdef __NR_mmap
- SC_ALLOW(mmap),
+ SC_ALLOW(__NR_mmap),
#endif
#ifdef __NR_mmap2
- SC_ALLOW(mmap2),
+ SC_ALLOW(__NR_mmap2),
#endif
#ifdef __NR_mremap
- SC_ALLOW(mremap),
+ SC_ALLOW(__NR_mremap),
#endif
#ifdef __NR_munmap
- SC_ALLOW(munmap),
+ SC_ALLOW(__NR_munmap),
#endif
#ifdef __NR__newselect
- SC_ALLOW(_newselect),
+ SC_ALLOW(__NR__newselect),
#endif
#ifdef __NR_poll
- SC_ALLOW(poll),
+ SC_ALLOW(__NR_poll),
#endif
#ifdef __NR_pselect6
- SC_ALLOW(pselect6),
+ SC_ALLOW(__NR_pselect6),
#endif
#ifdef __NR_read
- SC_ALLOW(read),
+ SC_ALLOW(__NR_read),
#endif
#ifdef __NR_rt_sigprocmask
- SC_ALLOW(rt_sigprocmask),
+ SC_ALLOW(__NR_rt_sigprocmask),
#endif
#ifdef __NR_select
- SC_ALLOW(select),
+ SC_ALLOW(__NR_select),
#endif
#ifdef __NR_shutdown
- SC_ALLOW(shutdown),
+ SC_ALLOW(__NR_shutdown),
#endif
#ifdef __NR_sigprocmask
- SC_ALLOW(sigprocmask),
+ SC_ALLOW(__NR_sigprocmask),
#endif
#ifdef __NR_time
- SC_ALLOW(time),
+ SC_ALLOW(__NR_time),
#endif
#ifdef __NR_write
- SC_ALLOW(write),
+ SC_ALLOW(__NR_write),
#endif
#ifdef __NR_socketcall
- SC_ALLOW_ARG(socketcall, 0, SYS_SHUTDOWN),
+ SC_ALLOW_ARG(__NR_socketcall, 0, SYS_SHUTDOWN),
+#endif
+#if defined(__NR_ioctl) && defined(__s390__)
+ /* Allow ioctls for ICA crypto card on s390 */
+ SC_ALLOW_ARG(__NR_ioctl, 1, Z90STAT_STATUS_MASK),
+ SC_ALLOW_ARG(__NR_ioctl, 1, ICARSAMODEXPO),
+ SC_ALLOW_ARG(__NR_ioctl, 1, ICARSACRT),
+#endif
+#if defined(__x86_64__) && defined(__ILP32__) && defined(__X32_SYSCALL_BIT)
+ /*
+ * On Linux x32, the clock_gettime VDSO falls back to the
+ * x86-64 syscall under some circumstances, e.g.
+ * https://bugs.debian.org/849923
+ */
+ SC_ALLOW(__NR_clock_gettime & ~__X32_SYSCALL_BIT);
#endif
/* Default deny */
diff --git a/crypto/openssh/servconf.c b/crypto/openssh/servconf.c
index c3fe9f8502db..bc935fcaead0 100644
--- a/crypto/openssh/servconf.c
+++ b/crypto/openssh/servconf.c
@@ -1,5 +1,5 @@
-/* $OpenBSD: servconf.c,v 1.301 2016/11/30 03:00:05 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.306 2017/03/14 07:19:07 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -279,7 +279,7 @@ fill_default_server_options(ServerOptions *options)
if (options->gss_cleanup_creds == -1)
options->gss_cleanup_creds = 1;
if (options->gss_strict_acceptor == -1)
- options->gss_strict_acceptor = 0;
+ options->gss_strict_acceptor = 1;
if (options->password_authentication == -1)
options->password_authentication = 0;
if (options->kbd_interactive_authentication == -1)
@@ -547,7 +547,7 @@ static struct {
{ "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL },
{ "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL },
{ "authorizedkeysfile2", sDeprecated, SSHCFG_ALL },
- { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL},
+ { "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL},
{ "acceptenv", sAcceptEnv, SSHCFG_ALL },
{ "permittunnel", sPermitTunnel, SSHCFG_ALL },
{ "permittty", sPermitTTY, SSHCFG_ALL },
@@ -983,6 +983,15 @@ process_server_config_line(ServerOptions *options, char *line,
long long val64;
const struct multistate *multistate_ptr;
+ /* Strip trailing whitespace. Allow \f (form feed) at EOL only */
+ if ((len = strlen(line)) == 0)
+ return 0;
+ for (len--; len > 0; len--) {
+ if (strchr(WHITESPACE "\f", line[len]) == NULL)
+ break;
+ line[len] = '\0';
+ }
+
cp = line;
if ((arg = strdelim(&cp)) == NULL)
return 0;
@@ -1185,7 +1194,8 @@ process_server_config_line(ServerOptions *options, char *line,
if (!arg || *arg == '\0')
fatal("%s line %d: Missing argument.",
filename, linenum);
- if (!sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1))
+ if (*arg != '-' &&
+ !sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1))
fatal("%s line %d: Bad key types '%s'.",
filename, linenum, arg ? arg : "<NONE>");
if (*activep && *charptr == NULL)
@@ -1381,11 +1391,6 @@ process_server_config_line(ServerOptions *options, char *line,
intptr = &options->disable_forwarding;
goto parse_flag;
- case sUsePrivilegeSeparation:
- intptr = &use_privsep;
- multistate_ptr = multistate_privsep;
- goto parse_multistate;
-
case sAllowUsers:
while ((arg = strdelim(&cp)) && *arg != '\0') {
if (options->num_allow_users >= MAX_ALLOW_USERS)
@@ -1444,7 +1449,7 @@ process_server_config_line(ServerOptions *options, char *line,
arg = strdelim(&cp);
if (!arg || *arg == '\0')
fatal("%s line %d: Missing argument.", filename, linenum);
- if (!ciphers_valid(*arg == '+' ? arg + 1 : arg))
+ if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg))
fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
filename, linenum, arg ? arg : "<NONE>");
if (options->ciphers == NULL)
@@ -1455,7 +1460,7 @@ process_server_config_line(ServerOptions *options, char *line,
arg = strdelim(&cp);
if (!arg || *arg == '\0')
fatal("%s line %d: Missing argument.", filename, linenum);
- if (!mac_valid(*arg == '+' ? arg + 1 : arg))
+ if (*arg != '-' && !mac_valid(*arg == '+' ? arg + 1 : arg))
fatal("%s line %d: Bad SSH2 mac spec '%s'.",
filename, linenum, arg ? arg : "<NONE>");
if (options->macs == NULL)
@@ -1467,7 +1472,8 @@ process_server_config_line(ServerOptions *options, char *line,
if (!arg || *arg == '\0')
fatal("%s line %d: Missing argument.",
filename, linenum);
- if (!kex_names_valid(*arg == '+' ? arg + 1 : arg))
+ if (*arg != '-' &&
+ !kex_names_valid(*arg == '+' ? arg + 1 : arg))
fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.",
filename, linenum, arg ? arg : "<NONE>");
if (options->kex_algorithms == NULL)
@@ -2117,8 +2123,6 @@ fmt_intarg(ServerOpCodes code, int val)
return fmt_multistate_int(val, multistate_gatewayports);
case sCompression:
return fmt_multistate_int(val, multistate_compression);
- case sUsePrivilegeSeparation:
- return fmt_multistate_int(val, multistate_privsep);
case sAllowTcpForwarding:
return fmt_multistate_int(val, multistate_tcpfwd);
case sAllowStreamLocalForwarding:
@@ -2169,8 +2173,6 @@ dump_cfg_fmtint(ServerOpCodes code, int val)
static void
dump_cfg_string(ServerOpCodes code, const char *val)
{
- if (val == NULL)
- return;
printf("%s %s\n", lookup_opcode_name(code),
val == NULL ? "none" : val);
}
@@ -2296,7 +2298,6 @@ dump_config(ServerOptions *o)
dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding);
dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding);
dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
- dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash);
dump_cfg_fmtint(sUseBlacklist, o->use_blacklist);
diff --git a/crypto/openssh/serverloop.c b/crypto/openssh/serverloop.c
index c4e4699da68c..2976f55943b4 100644
--- a/crypto/openssh/serverloop.c
+++ b/crypto/openssh/serverloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: serverloop.c,v 1.189 2016/12/14 00:36:34 djm Exp $ */
+/* $OpenBSD: serverloop.c,v 1.191 2017/02/01 02:59:09 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -430,7 +430,7 @@ server_input_keep_alive(int type, u_int32_t seq, void *ctxt)
}
static Channel *
-server_request_direct_tcpip(void)
+server_request_direct_tcpip(int *reason, const char **errmsg)
{
Channel *c = NULL;
char *target, *originator;
@@ -449,11 +449,13 @@ server_request_direct_tcpip(void)
if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0 &&
!no_port_forwarding_flag && !options.disable_forwarding) {
c = channel_connect_to_port(target, target_port,
- "direct-tcpip", "direct-tcpip");
+ "direct-tcpip", "direct-tcpip", reason, errmsg);
} else {
logit("refused local port forward: "
"originator %s port %d, target %s port %d",
originator, originator_port, target, target_port);
+ if (reason != NULL)
+ *reason = SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED;
}
free(originator);
@@ -468,6 +470,10 @@ server_request_direct_streamlocal(void)
Channel *c = NULL;
char *target, *originator;
u_short originator_port;
+ struct passwd *pw = the_authctxt->pw;
+
+ if (pw == NULL || !the_authctxt->valid)
+ fatal("server_input_global_request: no/invalid user");
target = packet_get_string(NULL);
originator = packet_get_string(NULL);
@@ -480,7 +486,7 @@ server_request_direct_streamlocal(void)
/* XXX fine grained permissions */
if ((options.allow_streamlocal_forwarding & FORWARD_LOCAL) != 0 &&
!no_port_forwarding_flag && !options.disable_forwarding &&
- use_privsep) {
+ (pw->pw_uid == 0 || use_privsep)) {
c = channel_connect_to_path(target,
"direct-streamlocal@openssh.com", "direct-streamlocal");
} else {
@@ -577,7 +583,8 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt)
{
Channel *c = NULL;
char *ctype;
- int rchan;
+ const char *errmsg = NULL;
+ int rchan, reason = SSH2_OPEN_CONNECT_FAILED;
u_int rmaxpack, rwindow, len;
ctype = packet_get_string(&len);
@@ -591,7 +598,7 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt)
if (strcmp(ctype, "session") == 0) {
c = server_request_session();
} else if (strcmp(ctype, "direct-tcpip") == 0) {
- c = server_request_direct_tcpip();
+ c = server_request_direct_tcpip(&reason, &errmsg);
} else if (strcmp(ctype, "direct-streamlocal@openssh.com") == 0) {
c = server_request_direct_streamlocal();
} else if (strcmp(ctype, "tun@openssh.com") == 0) {
@@ -614,9 +621,9 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt)
debug("server_input_channel_open: failure %s", ctype);
packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE);
packet_put_int(rchan);
- packet_put_int(SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED);
+ packet_put_int(reason);
if (!(datafellows & SSH_BUG_OPENFAILURE)) {
- packet_put_cstring("open failed");
+ packet_put_cstring(errmsg ? errmsg : "open failed");
packet_put_cstring("");
}
packet_send();
@@ -702,6 +709,10 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
int want_reply;
int r, success = 0, allocated_listen_port = 0;
struct sshbuf *resp = NULL;
+ struct passwd *pw = the_authctxt->pw;
+
+ if (pw == NULL || !the_authctxt->valid)
+ fatal("server_input_global_request: no/invalid user");
rtype = packet_get_string(NULL);
want_reply = packet_get_char();
@@ -709,12 +720,8 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
/* -R style forwarding */
if (strcmp(rtype, "tcpip-forward") == 0) {
- struct passwd *pw;
struct Forward fwd;
- pw = the_authctxt->pw;
- if (pw == NULL || !the_authctxt->valid)
- fatal("server_input_global_request: no/invalid user");
memset(&fwd, 0, sizeof(fwd));
fwd.listen_host = packet_get_string(NULL);
fwd.listen_port = (u_short)packet_get_int();
@@ -762,9 +769,10 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
/* check permissions */
if ((options.allow_streamlocal_forwarding & FORWARD_REMOTE) == 0
|| no_port_forwarding_flag || options.disable_forwarding ||
- !use_privsep) {
+ (pw->pw_uid != 0 && !use_privsep)) {
success = 0;
- packet_send_debug("Server has disabled port forwarding.");
+ packet_send_debug("Server has disabled "
+ "streamlocal forwarding.");
} else {
/* Start listening on the socket */
success = channel_setup_remote_fwd_listener(
diff --git a/crypto/openssh/session.c b/crypto/openssh/session.c
index 3a5fc441ba44..1217ad4cbc3c 100644
--- a/crypto/openssh/session.c
+++ b/crypto/openssh/session.c
@@ -1261,7 +1261,8 @@ static void
do_nologin(struct passwd *pw)
{
FILE *f = NULL;
- char buf[1024], *nl, *def_nl = _PATH_NOLOGIN;
+ const char *nl;
+ char buf[1024], *def_nl = _PATH_NOLOGIN;
struct stat sb;
#ifdef HAVE_LOGIN_CAP
@@ -1273,11 +1274,8 @@ do_nologin(struct passwd *pw)
return;
nl = def_nl;
#endif
- if (stat(nl, &sb) == -1) {
- if (nl != def_nl)
- free(nl);
+ if (stat(nl, &sb) == -1)
return;
- }
/* /etc/nologin exists. Print its contents if we can and exit. */
logit("User %.100s not allowed because %s exists", pw->pw_name, nl);
diff --git a/crypto/openssh/sftp-client.c b/crypto/openssh/sftp-client.c
index e65c15c8f728..a6e832270410 100644
--- a/crypto/openssh/sftp-client.c
+++ b/crypto/openssh/sftp-client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-client.c,v 1.125 2016/09/12 01:22:38 deraadt Exp $ */
+/* $OpenBSD: sftp-client.c,v 1.126 2017/01/03 05:46:51 djm Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
*
@@ -67,6 +67,13 @@ extern int showprogress;
/* Maximum depth to descend in directory trees */
#define MAX_DIR_DEPTH 64
+/* Directory separator characters */
+#ifdef HAVE_CYGWIN
+# define SFTP_DIRECTORY_CHARS "/\\"
+#else /* HAVE_CYGWIN */
+# define SFTP_DIRECTORY_CHARS "/"
+#endif /* HAVE_CYGWIN */
+
struct sftp_conn {
int fd_in;
int fd_out;
@@ -587,6 +594,8 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag,
if ((r = sshbuf_get_u32(msg, &count)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ if (count > SSHBUF_SIZE_MAX)
+ fatal("%s: nonsensical number of entries", __func__);
if (count == 0)
break;
debug3("Received %d SSH2_FXP_NAME responses", count);
@@ -617,7 +626,7 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag,
* These can be used to attack recursive ops
* (e.g. send '../../../../etc/passwd')
*/
- if (strchr(filename, '/') != NULL) {
+ if (strpbrk(filename, SFTP_DIRECTORY_CHARS) != NULL) {
error("Server sent suspect path \"%s\" "
"during readdir of \"%s\"", filename, path);
} else if (dir) {
diff --git a/crypto/openssh/sftp.c b/crypto/openssh/sftp.c
index 2b8fdabfb6df..76add3908ca7 100644
--- a/crypto/openssh/sftp.c
+++ b/crypto/openssh/sftp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp.c,v 1.177 2016/10/18 12:41:22 millert Exp $ */
+/* $OpenBSD: sftp.c,v 1.178 2017/02/15 01:46:47 djm Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
*
@@ -969,23 +969,34 @@ static int
do_df(struct sftp_conn *conn, const char *path, int hflag, int iflag)
{
struct sftp_statvfs st;
- char s_used[FMT_SCALED_STRSIZE];
- char s_avail[FMT_SCALED_STRSIZE];
- char s_root[FMT_SCALED_STRSIZE];
- char s_total[FMT_SCALED_STRSIZE];
- unsigned long long ffree;
+ char s_used[FMT_SCALED_STRSIZE], s_avail[FMT_SCALED_STRSIZE];
+ char s_root[FMT_SCALED_STRSIZE], s_total[FMT_SCALED_STRSIZE];
+ char s_icapacity[16], s_dcapacity[16];
if (do_statvfs(conn, path, &st, 1) == -1)
return -1;
+ if (st.f_files == 0)
+ strlcpy(s_icapacity, "ERR", sizeof(s_icapacity));
+ else {
+ snprintf(s_icapacity, sizeof(s_icapacity), "%3llu%%",
+ (unsigned long long)(100 * (st.f_files - st.f_ffree) /
+ st.f_files));
+ }
+ if (st.f_blocks == 0)
+ strlcpy(s_dcapacity, "ERR", sizeof(s_dcapacity));
+ else {
+ snprintf(s_dcapacity, sizeof(s_dcapacity), "%3llu%%",
+ (unsigned long long)(100 * (st.f_blocks - st.f_bfree) /
+ st.f_blocks));
+ }
if (iflag) {
- ffree = st.f_files ? (100 * (st.f_files - st.f_ffree) / st.f_files) : 0;
printf(" Inodes Used Avail "
"(root) %%Capacity\n");
- printf("%11llu %11llu %11llu %11llu %3llu%%\n",
+ printf("%11llu %11llu %11llu %11llu %s\n",
(unsigned long long)st.f_files,
(unsigned long long)(st.f_files - st.f_ffree),
(unsigned long long)st.f_favail,
- (unsigned long long)st.f_ffree, ffree);
+ (unsigned long long)st.f_ffree, s_icapacity);
} else if (hflag) {
strlcpy(s_used, "error", sizeof(s_used));
strlcpy(s_avail, "error", sizeof(s_avail));
@@ -996,21 +1007,18 @@ do_df(struct sftp_conn *conn, const char *path, int hflag, int iflag)
fmt_scaled(st.f_bfree * st.f_frsize, s_root);
fmt_scaled(st.f_blocks * st.f_frsize, s_total);
printf(" Size Used Avail (root) %%Capacity\n");
- printf("%7sB %7sB %7sB %7sB %3llu%%\n",
- s_total, s_used, s_avail, s_root,
- (unsigned long long)(100 * (st.f_blocks - st.f_bfree) /
- st.f_blocks));
+ printf("%7sB %7sB %7sB %7sB %s\n",
+ s_total, s_used, s_avail, s_root, s_dcapacity);
} else {
printf(" Size Used Avail "
"(root) %%Capacity\n");
- printf("%12llu %12llu %12llu %12llu %3llu%%\n",
+ printf("%12llu %12llu %12llu %12llu %s\n",
(unsigned long long)(st.f_frsize * st.f_blocks / 1024),
(unsigned long long)(st.f_frsize *
(st.f_blocks - st.f_bfree) / 1024),
(unsigned long long)(st.f_frsize * st.f_bavail / 1024),
(unsigned long long)(st.f_frsize * st.f_bfree / 1024),
- (unsigned long long)(100 * (st.f_blocks - st.f_bfree) /
- st.f_blocks));
+ s_dcapacity);
}
return 0;
}
diff --git a/crypto/openssh/ssh-agent.c b/crypto/openssh/ssh-agent.c
index 0d2420480ee0..ef5c7f6e4855 100644
--- a/crypto/openssh/ssh-agent.c
+++ b/crypto/openssh/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.215 2016/11/30 03:07:37 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.218 2017/03/15 03:52:30 deraadt Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -90,7 +90,7 @@ __RCSID("$FreeBSD$");
#endif
#ifndef DEFAULT_PKCS11_WHITELIST
-# define DEFAULT_PKCS11_WHITELIST "/usr/lib/*,/usr/local/lib/*"
+# define DEFAULT_PKCS11_WHITELIST "/usr/lib*/*,/usr/local/lib*/*"
#endif
typedef enum {
@@ -841,7 +841,7 @@ send:
static void
process_remove_smartcard_key(SocketEntry *e)
{
- char *provider = NULL, *pin = NULL;
+ char *provider = NULL, *pin = NULL, canonical_provider[PATH_MAX];
int r, version, success = 0;
Identity *id, *nxt;
Idtab *tab;
@@ -851,6 +851,13 @@ process_remove_smartcard_key(SocketEntry *e)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
free(pin);
+ if (realpath(provider, canonical_provider) == NULL) {
+ verbose("failed PKCS#11 add of \"%.100s\": realpath: %s",
+ provider, strerror(errno));
+ goto send;
+ }
+
+ debug("%s: remove %.100s", __func__, canonical_provider);
for (version = 1; version < 3; version++) {
tab = idtab_lookup(version);
for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) {
@@ -858,18 +865,19 @@ process_remove_smartcard_key(SocketEntry *e)
/* Skip file--based keys */
if (id->provider == NULL)
continue;
- if (!strcmp(provider, id->provider)) {
+ if (!strcmp(canonical_provider, id->provider)) {
TAILQ_REMOVE(&tab->idlist, id, next);
free_identity(id);
tab->nentries--;
}
}
}
- if (pkcs11_del_provider(provider) == 0)
+ if (pkcs11_del_provider(canonical_provider) == 0)
success = 1;
else
error("process_remove_smartcard_key:"
" pkcs11_del_provider failed");
+send:
free(provider);
send_status(e, success);
}
@@ -1214,10 +1222,9 @@ static void
usage(void)
{
fprintf(stderr,
- "usage: ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]\n"
+ "usage: ssh-agent [-c | -s] [-Ddx] [-a bind_address] [-E fingerprint_hash]\n"
" [-P pkcs11_whitelist] [-t life] [command [arg ...]]\n"
" ssh-agent [-c | -s] -k\n");
- fprintf(stderr, " -x Exit when the last client disconnects.\n");
exit(1);
}
diff --git a/crypto/openssh/ssh-keygen.c b/crypto/openssh/ssh-keygen.c
index 2a7939bfc6c0..f17af036bbfa 100644
--- a/crypto/openssh/ssh-keygen.c
+++ b/crypto/openssh/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.292 2016/09/12 03:29:16 dtucker Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.299 2017/03/10 04:26:06 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -37,6 +37,7 @@
#include <string.h>
#include <unistd.h>
#include <limits.h>
+#include <locale.h>
#include "xmalloc.h"
#include "sshkey.h"
@@ -57,6 +58,7 @@
#include "atomicio.h"
#include "krl.h"
#include "digest.h"
+#include "utf8.h"
#ifdef WITH_OPENSSL
# define DEFAULT_KEY_TYPE_NAME "rsa"
@@ -843,7 +845,7 @@ fingerprint_one_key(const struct sshkey *public, const char *comment)
ra = sshkey_fingerprint(public, fingerprint_hash, SSH_FP_RANDOMART);
if (fp == NULL || ra == NULL)
fatal("%s: sshkey_fingerprint failed", __func__);
- printf("%u %s %s (%s)\n", sshkey_size(public), fp,
+ mprintf("%u %s %s (%s)\n", sshkey_size(public), fp,
comment ? comment : "no comment", sshkey_type(public));
if (log_level >= SYSLOG_LEVEL_VERBOSE)
printf("%s\n", ra);
@@ -1082,6 +1084,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx;
char *hashed, *cp, *hosts, *ohosts;
int has_wild = l->hosts && strcspn(l->hosts, "*?!") != strlen(l->hosts);
+ int was_hashed = l->hosts && l->hosts[0] == HASH_DELIM;
switch (l->status) {
case HKF_STATUS_OK:
@@ -1090,11 +1093,10 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
* Don't hash hosts already already hashed, with wildcard
* characters or a CA/revocation marker.
*/
- if ((l->match & HKF_MATCH_HOST_HASHED) != 0 ||
- has_wild || l->marker != MRK_NONE) {
+ if (was_hashed || has_wild || l->marker != MRK_NONE) {
fprintf(ctx->out, "%s\n", l->line);
if (has_wild && !find_host) {
- logit("%s:%ld: ignoring host name "
+ logit("%s:%lu: ignoring host name "
"with wildcard: %.64s", l->path,
l->linenum, l->hosts);
}
@@ -1106,6 +1108,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
*/
ohosts = hosts = xstrdup(l->hosts);
while ((cp = strsep(&hosts, ",")) != NULL && *cp != '\0') {
+ lowercase(cp);
if ((hashed = host_hash(cp, NULL, 0)) == NULL)
fatal("hash_host failed");
fprintf(ctx->out, "%s %s\n", hashed, l->rawkey);
@@ -1116,7 +1119,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
case HKF_STATUS_INVALID:
/* Retain invalid lines, but mark file as invalid. */
ctx->invalid = 1;
- logit("%s:%ld: invalid line", l->path, l->linenum);
+ logit("%s:%lu: invalid line", l->path, l->linenum);
/* FALLTHROUGH */
default:
fprintf(ctx->out, "%s\n", l->line);
@@ -1150,14 +1153,14 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
*/
ctx->found_key = 1;
if (!quiet)
- printf("# Host %s found: line %ld\n",
+ printf("# Host %s found: line %lu\n",
ctx->host, l->linenum);
}
return 0;
} else if (find_host) {
ctx->found_key = 1;
if (!quiet) {
- printf("# Host %s found: line %ld %s\n",
+ printf("# Host %s found: line %lu %s\n",
ctx->host,
l->linenum, l->marker == MRK_CA ? "CA" :
(l->marker == MRK_REVOKE ? "REVOKED" : ""));
@@ -1166,7 +1169,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
known_hosts_hash(l, ctx);
else if (print_fingerprint) {
fp = sshkey_fingerprint(l->key, fptype, rep);
- printf("%s %s %s %s\n", ctx->host,
+ mprintf("%s %s %s %s\n", ctx->host,
sshkey_type(l->key), fp, l->comment);
free(fp);
} else
@@ -1177,7 +1180,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
/* Retain non-matching hosts when deleting */
if (l->status == HKF_STATUS_INVALID) {
ctx->invalid = 1;
- logit("%s:%ld: invalid line", l->path, l->linenum);
+ logit("%s:%lu: invalid line", l->path, l->linenum);
}
fprintf(ctx->out, "%s\n", l->line);
}
@@ -1317,7 +1320,7 @@ do_change_passphrase(struct passwd *pw)
fatal("Failed to load key %s: %s", identity_file, ssh_err(r));
}
if (comment)
- printf("Key has comment '%s'\n", comment);
+ mprintf("Key has comment '%s'\n", comment);
/* Ask the new passphrase (twice). */
if (identity_new_passphrase) {
@@ -1441,7 +1444,10 @@ do_change_comment(struct passwd *pw)
sshkey_free(private);
exit(1);
}
- printf("Key now has comment '%s'\n", comment);
+ if (comment)
+ printf("Key now has comment '%s'\n", comment);
+ else
+ printf("Key now has no comment\n");
if (identity_comment) {
strlcpy(new_comment, identity_comment, sizeof(new_comment));
@@ -2203,11 +2209,17 @@ do_check_krl(struct passwd *pw, int argc, char **argv)
exit(ret);
}
+#ifdef WITH_SSH1
+# define RSA1_USAGE " | rsa1"
+#else
+# define RSA1_USAGE ""
+#endif
+
static void
usage(void)
{
fprintf(stderr,
- "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]\n"
+ "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa%s]\n"
" [-N new_passphrase] [-C comment] [-f output_keyfile]\n"
" ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]\n"
" ssh-keygen -i [-m key_format] [-f input_keyfile]\n"
@@ -2215,7 +2227,7 @@ usage(void)
" ssh-keygen -y [-f input_keyfile]\n"
" ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n"
" ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]\n"
- " ssh-keygen -B [-f input_keyfile]\n");
+ " ssh-keygen -B [-f input_keyfile]\n", RSA1_USAGE);
#ifdef ENABLE_PKCS11
fprintf(stderr,
" ssh-keygen -D pkcs11\n");
@@ -2280,6 +2292,8 @@ main(int argc, char **argv)
seed_rng();
+ msetlocale();
+
/* we need this for the home * directory. */
pw = getpwuid(getuid());
if (!pw)
diff --git a/crypto/openssh/ssh-keyscan.c b/crypto/openssh/ssh-keyscan.c
index c30d54e628f5..1f95239a37c6 100644
--- a/crypto/openssh/ssh-keyscan.c
+++ b/crypto/openssh/ssh-keyscan.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keyscan.c,v 1.106 2016/05/02 10:26:04 djm Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.109 2017/03/10 04:26:06 djm Exp $ */
/*
* Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
*
@@ -321,16 +321,18 @@ keygrab_ssh2(con *c)
}
static void
-keyprint_one(char *host, struct sshkey *key)
+keyprint_one(const char *host, struct sshkey *key)
{
char *hostport;
-
- if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL)
- fatal("host_hash failed");
+ const char *known_host, *hashed;
hostport = put_host_port(host, ssh_port);
+ lowercase(hostport);
+ if (hash_hosts && (hashed = host_hash(host, NULL, 0)) == NULL)
+ fatal("host_hash failed");
+ known_host = hash_hosts ? hashed : hostport;
if (!get_cert)
- fprintf(stdout, "%s ", hostport);
+ fprintf(stdout, "%s ", known_host);
sshkey_write(key, stdout);
fputs("\n", stdout);
free(hostport);
@@ -752,10 +754,13 @@ main(int argc, char **argv)
tname = strtok(optarg, ",");
while (tname) {
int type = sshkey_type_from_name(tname);
+
switch (type) {
+#ifdef WITH_SSH1
case KEY_RSA1:
get_keytypes |= KT_RSA1;
break;
+#endif
case KEY_DSA:
get_keytypes |= KT_DSA;
break;
@@ -769,7 +774,8 @@ main(int argc, char **argv)
get_keytypes |= KT_ED25519;
break;
case KEY_UNSPEC:
- fatal("unknown key type %s", tname);
+ default:
+ fatal("Unknown key type \"%s\"", tname);
}
tname = strtok(NULL, ",");
}
diff --git a/crypto/openssh/ssh.c b/crypto/openssh/ssh.c
index 445c0d5d0ca3..05afc3cf9455 100644
--- a/crypto/openssh/ssh.c
+++ b/crypto/openssh/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.448 2016/12/06 07:48:01 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.451 2017/03/10 04:07:20 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -685,11 +685,11 @@ main(int ac, char **av)
else if (strcmp(optarg, "kex") == 0)
cp = kex_alg_list('\n');
else if (strcmp(optarg, "key") == 0)
- cp = sshkey_alg_list(0, 0, '\n');
+ cp = sshkey_alg_list(0, 0, 0, '\n');
else if (strcmp(optarg, "key-cert") == 0)
- cp = sshkey_alg_list(1, 0, '\n');
+ cp = sshkey_alg_list(1, 0, 0, '\n');
else if (strcmp(optarg, "key-plain") == 0)
- cp = sshkey_alg_list(0, 1, '\n');
+ cp = sshkey_alg_list(0, 1, 0, '\n');
else if (strcmp(optarg, "protocol-version") == 0) {
#ifdef WITH_SSH1
cp = xstrdup("1\n2");
@@ -1099,7 +1099,7 @@ main(int ac, char **av)
options.proxy_use_fdpass = 0;
snprintf(port_s, sizeof(port_s), "%d", options.jump_port);
xasprintf(&options.proxy_command,
- "ssh%s%s%s%s%s%s%s%s%s%.*s -W %%h:%%p %s",
+ "ssh%s%s%s%s%s%s%s%s%s%.*s -W '[%%h]:%%p' %s",
/* Optional "-l user" argument if jump_user set */
options.jump_user == NULL ? "" : " -l ",
options.jump_user == NULL ? "" : options.jump_user,
diff --git a/crypto/openssh/ssh_config b/crypto/openssh/ssh_config
index 76a262397004..76c4482c27b9 100644
--- a/crypto/openssh/ssh_config
+++ b/crypto/openssh/ssh_config
@@ -50,4 +50,4 @@
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
# VerifyHostKeyDNS yes
-# VersionAddendum FreeBSD-20170902
+# VersionAddendum FreeBSD-20170903
diff --git a/crypto/openssh/ssh_config.5 b/crypto/openssh/ssh_config.5
index a8d282080350..c94492c634f0 100644
--- a/crypto/openssh/ssh_config.5
+++ b/crypto/openssh/ssh_config.5
@@ -33,9 +33,9 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.240 2016/10/15 19:56:25 jmc Exp $
+.\" $OpenBSD: ssh_config.5,v 1.242 2017/02/27 14:30:33 jmc Exp $
.\" $FreeBSD$
-.Dd $Mdocdate: October 15 2016 $
+.Dd $Mdocdate: February 27 2017 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME
@@ -417,6 +417,10 @@ If the specified value begins with a
.Sq +
character, then the specified ciphers will be appended to the default set
instead of replacing them.
+If the specified value begins with a
+.Sq -
+character, then the specified ciphers (including wildcards) will be removed
+from the default set instead of replacing them.
.Pp
The supported ciphers are:
.Bd -literal -offset indent
@@ -786,6 +790,10 @@ Alternately if the specified value begins with a
.Sq +
character, then the specified key types will be appended to the default set
instead of replacing them.
+If the specified value begins with a
+.Sq -
+character, then the specified key types (including wildcards) will be removed
+from the default set instead of replacing them.
The default for this option is:
.Bd -literal -offset 3n
ecdsa-sha2-nistp256-cert-v01@openssh.com,
@@ -809,6 +817,10 @@ Alternately if the specified value begins with a
.Sq +
character, then the specified key types will be appended to the default set
instead of replacing them.
+If the specified value begins with a
+.Sq -
+character, then the specified key types (including wildcards) will be removed
+from the default set instead of replacing them.
The default for this option is:
.Bd -literal -offset 3n
ecdsa-sha2-nistp256-cert-v01@openssh.com,
@@ -1029,6 +1041,10 @@ Alternately if the specified value begins with a
.Sq +
character, then the specified methods will be appended to the default set
instead of replacing them.
+If the specified value begins with a
+.Sq -
+character, then the specified methods (including wildcards) will be removed
+from the default set instead of replacing them.
The default is:
.Bd -literal -offset indent
curve25519-sha256,curve25519-sha256@libssh.org,
@@ -1104,6 +1120,10 @@ If the specified value begins with a
.Sq +
character, then the specified algorithms will be appended to the default set
instead of replacing them.
+If the specified value begins with a
+.Sq -
+character, then the specified algorithms (including wildcards) will be removed
+from the default set instead of replacing them.
.Pp
The algorithms that contain
.Qq -etm
@@ -1129,7 +1149,7 @@ However, this option disables host authentication for localhost.
The argument to this keyword must be
.Cm yes
or
-.Cm no .
+.Cm no
(the default).
.It Cm NumberOfPasswordPrompts
Specifies the number of password prompts before giving up.
@@ -1266,6 +1286,10 @@ Alternately if the specified value begins with a
.Sq +
character, then the key types after it will be appended to the default
instead of replacing it.
+If the specified value begins with a
+.Sq -
+character, then the specified key types (including wildcards) will be removed
+from the default set instead of replacing them.
The default for this option is:
.Bd -literal -offset 3n
ecdsa-sha2-nistp256-cert-v01@openssh.com,
@@ -1650,7 +1674,7 @@ in
Specifies a string to append to the regular version string to identify
OS- or site-specific modifications.
The default is
-.Dq FreeBSD-20170902 .
+.Dq FreeBSD-20170903 .
The value
.Cm none
may be used to disable this.
diff --git a/crypto/openssh/ssh_namespace.h b/crypto/openssh/ssh_namespace.h
index 767de28dcc99..ee76f03ae1d4 100644
--- a/crypto/openssh/ssh_namespace.h
+++ b/crypto/openssh/ssh_namespace.h
@@ -255,7 +255,7 @@
#define compat_pkalg_proposal Fssh_compat_pkalg_proposal
#define compress_buffer Fssh_compress_buffer
#define connect_next Fssh_connect_next
-#define connect_to Fssh_connect_to
+#define connect_to_reason Fssh_connect_to_reason
#define convtime Fssh_convtime
#define crypto_hash_sha512 Fssh_crypto_hash_sha512
#define crypto_hashblocks_sha512 Fssh_crypto_hashblocks_sha512
@@ -328,7 +328,6 @@
#define error Fssh_error
#define export_dns_rr Fssh_export_dns_rr
#define fatal Fssh_fatal
-#define filter_proposal Fssh_filter_proposal
#define fingerprint_b64 Fssh_fingerprint_b64
#define fingerprint_hex Fssh_fingerprint_hex
#define fmprintf Fssh_fmprintf
@@ -459,6 +458,7 @@
#define mac_setup Fssh_mac_setup
#define mac_valid Fssh_mac_valid
#define match Fssh_match
+#define match_filter_list Fssh_match_filter_list
#define match_host_and_ip Fssh_match_host_and_ip
#define match_hostname Fssh_match_hostname
#define match_list Fssh_match_list
@@ -693,6 +693,7 @@
#define ssh_packet_set_encryption_key Fssh_ssh_packet_set_encryption_key
#define ssh_packet_set_input_hook Fssh_ssh_packet_set_input_hook
#define ssh_packet_set_interactive Fssh_ssh_packet_set_interactive
+#define ssh_packet_set_log_preamble Fssh_ssh_packet_set_log_preamble
#define ssh_packet_set_maxsize Fssh_ssh_packet_set_maxsize
#define ssh_packet_set_mux Fssh_ssh_packet_set_mux
#define ssh_packet_set_nonblocking Fssh_ssh_packet_set_nonblocking
diff --git a/crypto/openssh/sshconnect.c b/crypto/openssh/sshconnect.c
index 4ae0ed1e61aa..02aee69c5684 100644
--- a/crypto/openssh/sshconnect.c
+++ b/crypto/openssh/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.272 2016/09/12 01:22:38 deraadt Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.273 2017/03/10 03:22:40 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1533,6 +1533,7 @@ maybe_add_key_to_agent(char *authfile, Key *private, char *comment,
if (options.add_keys_to_agent == 2 &&
!ask_permission("Add key %s (%s) to agent?", authfile, comment)) {
debug3("user denied adding this key");
+ close(auth_sock);
return;
}
@@ -1541,4 +1542,5 @@ maybe_add_key_to_agent(char *authfile, Key *private, char *comment,
debug("identity added to agent: %s", authfile);
else
debug("could not add identity to agent: %s (%d)", authfile, r);
+ close(auth_sock);
}
diff --git a/crypto/openssh/sshconnect1.c b/crypto/openssh/sshconnect1.c
index a0453618402b..dc00b4cd04d7 100644
--- a/crypto/openssh/sshconnect1.c
+++ b/crypto/openssh/sshconnect1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect1.c,v 1.79 2016/09/19 07:52:42 natano Exp $ */
+/* $OpenBSD: sshconnect1.c,v 1.80 2017/03/10 03:53:11 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -520,7 +520,8 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
cookie[i] = packet_get_char();
/* Get the public key. */
- server_key = key_new(KEY_RSA1);
+ if ((server_key = key_new(KEY_RSA1)) == NULL)
+ fatal("%s: key_new(KEY_RSA1) failed", __func__);
bits = packet_get_int();
packet_get_bignum(server_key->rsa->e);
packet_get_bignum(server_key->rsa->n);
@@ -532,7 +533,8 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
logit("Warning: This may be due to an old implementation of ssh.");
}
/* Get the host key. */
- host_key = key_new(KEY_RSA1);
+ if ((host_key = key_new(KEY_RSA1)) == NULL)
+ fatal("%s: key_new(KEY_RSA1) failed", __func__);
bits = packet_get_int();
packet_get_bignum(host_key->rsa->e);
packet_get_bignum(host_key->rsa->n);
diff --git a/crypto/openssh/sshconnect2.c b/crypto/openssh/sshconnect2.c
index 103a2b36a7cf..f8a54beea949 100644
--- a/crypto/openssh/sshconnect2.c
+++ b/crypto/openssh/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.251 2016/12/04 23:54:02 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.255 2017/03/11 23:40:26 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -193,8 +193,8 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
}
if (options.rekey_limit || options.rekey_interval)
- packet_set_rekey_limits((u_int32_t)options.rekey_limit,
- (time_t)options.rekey_interval);
+ packet_set_rekey_limits(options.rekey_limit,
+ options.rekey_interval);
/* start key exchange */
if ((r = kex_setup(active_state, myproposal)) != 0)
@@ -934,14 +934,14 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
Authctxt *authctxt = ctxt;
char *info, *lang, *password = NULL, *retype = NULL;
char prompt[150];
- const char *host = options.host_key_alias ? options.host_key_alias :
- authctxt->host;
+ const char *host;
debug2("input_userauth_passwd_changereq");
if (authctxt == NULL)
fatal("input_userauth_passwd_changereq: "
"no authentication context");
+ host = options.host_key_alias ? options.host_key_alias : authctxt->host;
info = packet_get_string(NULL);
lang = packet_get_string(NULL);
@@ -996,11 +996,11 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
}
static const char *
-identity_sign_encode(struct identity *id)
+key_sign_encode(const struct sshkey *key)
{
struct ssh *ssh = active_state;
- if (id->key->type == KEY_RSA) {
+ if (key->type == KEY_RSA) {
switch (ssh->kex->rsa_sha2) {
case 256:
return "rsa-sha2-256";
@@ -1008,7 +1008,7 @@ identity_sign_encode(struct identity *id)
return "rsa-sha2-512";
}
}
- return key_ssh_name(id->key);
+ return key_ssh_name(key);
}
static int
@@ -1017,31 +1017,50 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp,
{
Key *prv;
int ret;
- const char *alg;
-
- alg = identity_sign_encode(id);
/* the agent supports this key */
- if (id->agent_fd != -1)
+ if (id->key != NULL && id->agent_fd != -1)
return ssh_agent_sign(id->agent_fd, id->key, sigp, lenp,
- data, datalen, alg, compat);
+ data, datalen, key_sign_encode(id->key), compat);
/*
* we have already loaded the private key or
* the private key is stored in external hardware
*/
- if (id->isprivate || (id->key->flags & SSHKEY_FLAG_EXT))
- return (sshkey_sign(id->key, sigp, lenp, data, datalen, alg,
- compat));
+ if (id->key != NULL &&
+ (id->isprivate || (id->key->flags & SSHKEY_FLAG_EXT)))
+ return (sshkey_sign(id->key, sigp, lenp, data, datalen,
+ key_sign_encode(id->key), compat));
+
/* load the private key from the file */
if ((prv = load_identity_file(id)) == NULL)
return SSH_ERR_KEY_NOT_FOUND;
- ret = sshkey_sign(prv, sigp, lenp, data, datalen, alg, compat);
+ ret = sshkey_sign(prv, sigp, lenp, data, datalen,
+ key_sign_encode(prv), compat);
sshkey_free(prv);
return (ret);
}
static int
+id_filename_matches(Identity *id, Identity *private_id)
+{
+ const char *suffixes[] = { ".pub", "-cert.pub", NULL };
+ size_t len = strlen(id->filename), plen = strlen(private_id->filename);
+ size_t i, slen;
+
+ if (strcmp(id->filename, private_id->filename) == 0)
+ return 1;
+ for (i = 0; suffixes[i]; i++) {
+ slen = strlen(suffixes[i]);
+ if (len > slen && plen == len - slen &&
+ strcmp(id->filename + (len - slen), suffixes[i]) == 0 &&
+ memcmp(id->filename, private_id->filename, plen) == 0)
+ return 1;
+ }
+ return 0;
+}
+
+static int
sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
{
Buffer b;
@@ -1083,7 +1102,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
} else {
buffer_put_cstring(&b, authctxt->method->name);
buffer_put_char(&b, have_sig);
- buffer_put_cstring(&b, identity_sign_encode(id));
+ buffer_put_cstring(&b, key_sign_encode(id->key));
}
buffer_put_string(&b, blob, bloblen);
@@ -1103,6 +1122,24 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
break;
}
}
+ /*
+ * Exact key matches are preferred, but also allow
+ * filename matches for non-PKCS#11/agent keys that
+ * didn't load public keys. This supports the case
+ * of keeping just a private key file and public
+ * certificate on disk.
+ */
+ if (!matched && !id->isprivate && id->agent_fd == -1 &&
+ (id->key->flags & SSHKEY_FLAG_EXT) == 0) {
+ TAILQ_FOREACH(private_id, &authctxt->keys, next) {
+ if (private_id->key == NULL &&
+ id_filename_matches(id, private_id)) {
+ id = private_id;
+ matched = 1;
+ break;
+ }
+ }
+ }
if (matched) {
debug2("%s: using private key \"%s\"%s for "
"certificate", __func__, id->filename,
@@ -1181,7 +1218,7 @@ send_pubkey_test(Authctxt *authctxt, Identity *id)
packet_put_cstring(authctxt->method->name);
packet_put_char(have_sig);
if (!(datafellows & SSH_BUG_PKAUTH))
- packet_put_cstring(identity_sign_encode(id));
+ packet_put_cstring(key_sign_encode(id->key));
packet_put_string(blob, bloblen);
free(blob);
packet_send();
@@ -1632,7 +1669,7 @@ ssh_keysign(struct sshkey *key, u_char **sigp, size_t *lenp,
if ((b = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__);
/* send # of sock, data to be signed */
- if ((r = sshbuf_put_u32(b, sock) != 0) ||
+ if ((r = sshbuf_put_u32(b, sock)) != 0 ||
(r = sshbuf_put_string(b, data, datalen)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (ssh_msg_send(to[1], version, b) == -1)
diff --git a/crypto/openssh/sshd.8 b/crypto/openssh/sshd.8
index 8608ca26959a..a427f52ff4b0 100644
--- a/crypto/openssh/sshd.8
+++ b/crypto/openssh/sshd.8
@@ -33,9 +33,9 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.287 2016/11/30 02:57:40 djm Exp $
+.\" $OpenBSD: sshd.8,v 1.288 2017/01/30 23:27:39 dtucker Exp $
.\" $FreeBSD$
-.Dd $Mdocdate: November 30 2016 $
+.Dd $Mdocdate: January 30 2017 $
.Dt SSHD 8
.Os
.Sh NAME
@@ -634,7 +634,7 @@ and
files contain host public keys for all known hosts.
The global file should
be prepared by the administrator (optional), and the per-user file is
-maintained automatically: whenever the user connects from an unknown host,
+maintained automatically: whenever the user connects to an unknown host,
its key is added to the per-user file.
.Pp
Each line in these files contains the following fields: markers (optional),
diff --git a/crypto/openssh/sshd.c b/crypto/openssh/sshd.c
index 50d3701e78b2..ac494844430d 100644
--- a/crypto/openssh/sshd.c
+++ b/crypto/openssh/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.480 2016/12/09 03:04:29 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.485 2017/03/15 03:52:30 deraadt Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -383,14 +383,14 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out)
{
u_int i;
int remote_major, remote_minor;
- char *s, *newline = "\n";
+ char *s;
char buf[256]; /* Must not be larger than remote_version. */
char remote_version[256]; /* Must be at least as big as buf. */
- xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
+ xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n",
PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
*options.version_addendum == '\0' ? "" : " ",
- options.version_addendum, newline);
+ options.version_addendum);
/* Send our protocol version identification. */
if (atomicio(vwrite, sock_out, server_version_string,
@@ -1068,6 +1068,11 @@ server_listen(void)
close(listen_sock);
continue;
}
+ if (fcntl(listen_sock, F_SETFD, FD_CLOEXEC) == -1) {
+ verbose("socket: CLOEXEC: %s", strerror(errno));
+ close(listen_sock);
+ continue;
+ }
/*
* Set socket options.
* Allow local port reuse in TIME_WAIT.
@@ -1696,6 +1701,15 @@ main(int ac, char **av)
continue;
key = key_load_private(options.host_key_files[i], "", NULL);
pubkey = key_load_public(options.host_key_files[i], NULL);
+
+ if ((pubkey != NULL && pubkey->type == KEY_RSA1) ||
+ (key != NULL && key->type == KEY_RSA1)) {
+ verbose("Ignoring RSA1 key %s",
+ options.host_key_files[i]);
+ key_free(key);
+ key_free(pubkey);
+ continue;
+ }
if (pubkey == NULL && key != NULL)
pubkey = key_demote(key);
sensitive_data.host_keys[i] = key;
@@ -2227,7 +2241,7 @@ do_ssh2_kex(void)
if (options.rekey_limit || options.rekey_interval)
packet_set_rekey_limits(options.rekey_limit,
- (time_t)options.rekey_interval);
+ options.rekey_interval);
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
list_hostkey_types());
diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config
index e3e21bfad130..b015b9d85c76 100644
--- a/crypto/openssh/sshd_config
+++ b/crypto/openssh/sshd_config
@@ -1,4 +1,4 @@
-# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
+# $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $
# $FreeBSD$
# This is the sshd server system-wide configuration file. See
@@ -42,7 +42,8 @@
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
-#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
@@ -95,7 +96,6 @@
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
-#UsePrivilegeSeparation sandbox
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
@@ -106,7 +106,7 @@
#PermitTunnel no
#ChrootDirectory none
#UseBlacklist no
-#VersionAddendum FreeBSD-20170902
+#VersionAddendum FreeBSD-20170903
# no default banner path
#Banner none
diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5
index e94b93b7fe94..2ecf052b78af 100644
--- a/crypto/openssh/sshd_config.5
+++ b/crypto/openssh/sshd_config.5
@@ -33,9 +33,9 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.239 2016/11/30 03:00:05 djm Exp $
+.\" $OpenBSD: sshd_config.5,v 1.243 2017/03/14 07:19:07 djm Exp $
.\" $FreeBSD$
-.Dd $Mdocdate: November 30 2016 $
+.Dd $Mdocdate: March 14 2017 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@@ -438,6 +438,10 @@ If the specified value begins with a
.Sq +
character, then the specified ciphers will be appended to the default set
instead of replacing them.
+If the specified value begins with a
+.Sq -
+character, then the specified ciphers (including wildcards) will be removed
+from the default set instead of replacing them.
.Pp
The supported ciphers are:
.Pp
@@ -651,6 +655,10 @@ Alternately if the specified value begins with a
.Sq +
character, then the specified key types will be appended to the default set
instead of replacing them.
+If the specified value begins with a
+.Sq -
+character, then the specified key types (including wildcards) will be removed
+from the default set instead of replacing them.
The default for this option is:
.Bd -literal -offset 3n
ecdsa-sha2-nistp256-cert-v01@openssh.com,
@@ -845,6 +853,10 @@ Alternately if the specified value begins with a
.Sq +
character, then the specified methods will be appended to the default set
instead of replacing them.
+If the specified value begins with a
+.Sq -
+character, then the specified methods (including wildcards) will be removed
+from the default set instead of replacing them.
The supported algorithms are:
.Pp
.Bl -item -compact -offset indent
@@ -935,6 +947,10 @@ If the specified value begins with a
.Sq +
character, then the specified algorithms will be appended to the default set
instead of replacing them.
+If the specified value begins with a
+.Sq -
+character, then the specified algorithms (including wildcards) will be removed
+from the default set instead of replacing them.
.Pp
The algorithms that contain
.Qq -etm
@@ -1291,6 +1307,10 @@ Alternately if the specified value begins with a
.Sq +
character, then the specified key types will be appended to the default set
instead of replacing them.
+If the specified value begins with a
+.Sq -
+character, then the specified key types (including wildcards) will be removed
+from the default set instead of replacing them.
The default for this option is:
.Bd -literal -offset 3n
ecdsa-sha2-nistp256-cert-v01@openssh.com,
@@ -1496,33 +1516,11 @@ is enabled, you will not be able to run
as a non-root user.
The default is
.Cm yes .
-.It Cm UsePrivilegeSeparation
-Specifies whether
-.Xr sshd 8
-separates privileges by creating an unprivileged child process
-to deal with incoming network traffic.
-After successful authentication, another process will be created that has
-the privilege of the authenticated user.
-The goal of privilege separation is to prevent privilege
-escalation by containing any corruption within the unprivileged processes.
-The argument must be
-.Cm yes ,
-.Cm no ,
-or
-.Cm sandbox .
-If
-.Cm UsePrivilegeSeparation
-is set to
-.Cm sandbox
-then the pre-authentication unprivileged process is subject to additional
-restrictions.
-The default is
-.Cm sandbox .
.It Cm VersionAddendum
Optionally specifies additional text to append to the SSH protocol banner
sent by the server upon connection.
The default is
-.Qq FreeBSD-20170902 .
+.Qq FreeBSD-20170903 .
The value
.Cm none
may be used to disable this.
@@ -1669,13 +1667,13 @@ The username.
.El
.Pp
.Cm AuthorizedKeysCommand
-accepts the tokens %%, %f, %h, %t, and %u.
+accepts the tokens %%, %f, %h, %k, %t, and %u.
.Pp
.Cm AuthorizedKeysFile
accepts the tokens %%, %h, and %u.
.Pp
.Cm AuthorizedPrincipalsCommand
-accepts the tokens %%, %F, %f, %K, %k, %h, %i, %s, %T, %t, and %u.
+accepts the tokens %%, %F, %f, %h, %i, %K, %k, %s, %T, %t, and %u.
.Pp
.Cm AuthorizedPrincipalsFile
accepts the tokens %%, %h, and %u.
diff --git a/crypto/openssh/sshkey.c b/crypto/openssh/sshkey.c
index c01da6c39b2e..53a7674b5e74 100644
--- a/crypto/openssh/sshkey.c
+++ b/crypto/openssh/sshkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.c,v 1.41 2016/10/24 01:09:17 dtucker Exp $ */
+/* $OpenBSD: sshkey.c,v 1.45 2017/03/10 04:07:20 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Alexander von Gernler. All rights reserved.
@@ -89,7 +89,9 @@ static const struct keytype keytypes[] = {
{ "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT",
KEY_ED25519_CERT, 0, 1, 0 },
#ifdef WITH_OPENSSL
+# ifdef WITH_SSH1
{ NULL, "RSA1", KEY_RSA1, 0, 0, 0 },
+# endif
{ "ssh-rsa", "RSA", KEY_RSA, 0, 0, 0 },
{ "rsa-sha2-256", "RSA", KEY_RSA, 0, 0, 1 },
{ "rsa-sha2-512", "RSA", KEY_RSA, 0, 0, 1 },
@@ -195,14 +197,16 @@ sshkey_ecdsa_nid_from_name(const char *name)
}
char *
-sshkey_alg_list(int certs_only, int plain_only, char sep)
+sshkey_alg_list(int certs_only, int plain_only, int include_sigonly, char sep)
{
char *tmp, *ret = NULL;
size_t nlen, rlen = 0;
const struct keytype *kt;
for (kt = keytypes; kt->type != -1; kt++) {
- if (kt->name == NULL || kt->sigonly)
+ if (kt->name == NULL)
+ continue;
+ if (!include_sigonly && kt->sigonly)
continue;
if ((certs_only && !kt->cert) || (plain_only && kt->cert))
continue;
@@ -1237,6 +1241,9 @@ sshkey_read(struct sshkey *ret, char **cpp)
u_long bits;
#endif /* WITH_SSH1 */
+ if (ret == NULL)
+ return SSH_ERR_INVALID_ARGUMENT;
+
cp = *cpp;
switch (ret->type) {
@@ -3786,7 +3793,46 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type,
if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL,
(char *)passphrase)) == NULL) {
- r = SSH_ERR_KEY_WRONG_PASSPHRASE;
+ unsigned long pem_err = ERR_peek_last_error();
+ int pem_reason = ERR_GET_REASON(pem_err);
+
+ /*
+ * Translate OpenSSL error codes to determine whether
+ * passphrase is required/incorrect.
+ */
+ switch (ERR_GET_LIB(pem_err)) {
+ case ERR_LIB_PEM:
+ switch (pem_reason) {
+ case PEM_R_BAD_PASSWORD_READ:
+ case PEM_R_PROBLEMS_GETTING_PASSWORD:
+ case PEM_R_BAD_DECRYPT:
+ r = SSH_ERR_KEY_WRONG_PASSPHRASE;
+ goto out;
+ default:
+ r = SSH_ERR_INVALID_FORMAT;
+ goto out;
+ }
+ case ERR_LIB_EVP:
+ switch (pem_reason) {
+ case EVP_R_BAD_DECRYPT:
+ r = SSH_ERR_KEY_WRONG_PASSPHRASE;
+ goto out;
+ case EVP_R_BN_DECODE_ERROR:
+ case EVP_R_DECODE_ERROR:
+#ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR
+ case EVP_R_PRIVATE_KEY_DECODE_ERROR:
+#endif
+ r = SSH_ERR_INVALID_FORMAT;
+ goto out;
+ default:
+ r = SSH_ERR_LIBCRYPTO_ERROR;
+ goto out;
+ }
+ case ERR_LIB_ASN1:
+ r = SSH_ERR_INVALID_FORMAT;
+ goto out;
+ }
+ r = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
}
if (pk->type == EVP_PKEY_RSA &&
@@ -3860,6 +3906,8 @@ int
sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type,
const char *passphrase, struct sshkey **keyp, char **commentp)
{
+ int r = SSH_ERR_INTERNAL_ERROR;
+
if (keyp != NULL)
*keyp = NULL;
if (commentp != NULL)
@@ -3882,9 +3930,11 @@ sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type,
return sshkey_parse_private2(blob, type, passphrase,
keyp, commentp);
case KEY_UNSPEC:
- if (sshkey_parse_private2(blob, type, passphrase, keyp,
- commentp) == 0)
- return 0;
+ r = sshkey_parse_private2(blob, type, passphrase, keyp,
+ commentp);
+ /* Do not fallback to PEM parser if only passphrase is wrong. */
+ if (r == 0 || r == SSH_ERR_KEY_WRONG_PASSPHRASE)
+ return r;
#ifdef WITH_OPENSSL
return sshkey_parse_private_pem_fileblob(blob, type,
passphrase, keyp);
diff --git a/crypto/openssh/sshkey.h b/crypto/openssh/sshkey.h
index f39363842df8..1b9e42f45be0 100644
--- a/crypto/openssh/sshkey.h
+++ b/crypto/openssh/sshkey.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.h,v 1.14 2016/09/12 23:31:27 djm Exp $ */
+/* $OpenBSD: sshkey.h,v 1.15 2017/03/10 04:07:20 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -156,7 +156,7 @@ int sshkey_ec_validate_private(const EC_KEY *);
const char *sshkey_ssh_name(const struct sshkey *);
const char *sshkey_ssh_name_plain(const struct sshkey *);
int sshkey_names_valid2(const char *, int);
-char *sshkey_alg_list(int, int, char);
+char *sshkey_alg_list(int, int, int, char);
int sshkey_from_blob(const u_char *, size_t, struct sshkey **);
int sshkey_fromb(struct sshbuf *, struct sshkey **);
diff --git a/crypto/openssh/utf8.c b/crypto/openssh/utf8.c
index 87fa9e89a2b4..dead79b8a252 100644
--- a/crypto/openssh/utf8.c
+++ b/crypto/openssh/utf8.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: utf8.c,v 1.3 2016/05/30 12:57:21 schwarze Exp $ */
+/* $OpenBSD: utf8.c,v 1.5 2017/02/19 00:10:57 djm Exp $ */
/*
* Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
*
@@ -60,7 +60,8 @@ dangerous_locale(void) {
char *loc;
loc = nl_langinfo(CODESET);
- return strcmp(loc, "US-ASCII") && strcmp(loc, "UTF-8");
+ return strcmp(loc, "US-ASCII") != 0 && strcmp(loc, "UTF-8") != 0 &&
+ strcmp(loc, "ANSI_X3.4-1968") != 0 && strcmp(loc, "646") != 0;
}
static int
@@ -116,6 +117,7 @@ vasnmprintf(char **str, size_t maxsz, int *wp, const char *fmt, va_list ap)
sz = strlen(src) + 1;
if ((dst = malloc(sz)) == NULL) {
free(src);
+ ret = -1;
goto fail;
}
diff --git a/crypto/openssh/version.h b/crypto/openssh/version.h
index e46c6ca3bd1e..6285d9a547f6 100644
--- a/crypto/openssh/version.h
+++ b/crypto/openssh/version.h
@@ -1,12 +1,12 @@
-/* $OpenBSD: version.h,v 1.78 2016/12/19 04:55:51 djm Exp $ */
+/* $OpenBSD: version.h,v 1.79 2017/03/20 01:18:59 djm Exp $ */
/* $FreeBSD$ */
-#define SSH_VERSION "OpenSSH_7.4"
+#define SSH_VERSION "OpenSSH_7.5"
#define SSH_PORTABLE "p1"
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
-#define SSH_VERSION_FREEBSD "FreeBSD-20170902"
+#define SSH_VERSION_FREEBSD "FreeBSD-20170903"
#ifdef WITH_OPENSSL
#define OPENSSL_VERSION SSLeay_version(SSLEAY_VERSION)