diff options
73 files changed, 2313 insertions, 3033 deletions
diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog index d48aba3..48f648d 100644 --- a/crypto/openssh/ChangeLog +++ b/crypto/openssh/ChangeLog @@ -1,3 +1,1174 @@ +commit d38f05dbdd291212bc95ea80648b72b7177e9f4e +Author: Darren Tucker <dtucker@zip.com.au> +Date: Mon Mar 20 13:38:27 2017 +1100 + + Add llabs() implementation. + +commit 72536316a219b7394996a74691a5d4ec197480f7 +Author: Damien Miller <djm@mindrot.org> +Date: Mon Mar 20 12:23:04 2017 +1100 + + crank version numbers + +commit 3be52bc36bdfd24ded7e0f46999e7db520fb4e3f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Mar 20 01:18:59 2017 +0000 + + upstream commit + + openssh-7.5 + + Upstream-ID: b8b9a4a949427c393cd868215e1724ceb3467ee5 + +commit db84e52fe9cfad57f22e7e23c5fbf00092385129 +Author: Damien Miller <djm@mindrot.org> +Date: Mon Mar 20 12:07:20 2017 +1100 + + I'm a doofus. + + Unbreak obvious syntax error. + +commit 89f04852db27643717c9c3a2b0dde97ae50099ee +Author: Damien Miller <djm@mindrot.org> +Date: Mon Mar 20 11:53:34 2017 +1100 + + on Cygwin, check paths from server for backslashes + + Pointed out by Jann Horn of Google Project Zero + +commit 7ef1f9bafc2cc8d97ff2fbd4f280002b6e8ea5d9 +Author: Damien Miller <djm@mindrot.org> +Date: Mon Mar 20 11:48:34 2017 +1100 + + Yet another synonym for ASCII: "646" + + Used by NetBSD; this unbreaks mprintf() and friends there for the C + locale (caught by dtucker@ and his menagerie of test systems). + +commit 9165abfea3f68a0c684a6ed2e575e59bc31a3a6b +Author: Damien Miller <djm@mindrot.org> +Date: Mon Mar 20 09:58:34 2017 +1100 + + create test mux socket in /tmp + + Creating the socket in $OBJ could blow past the (quite limited) + path limit for Unix domain sockets. As a bandaid for bz#2660, + reported by Colin Watson; ok dtucker@ + +commit 2adbe1e63bc313d03e8e84e652cc623af8ebb163 +Author: markus@openbsd.org <markus@openbsd.org> +Date: Wed Mar 15 07:07:39 2017 +0000 + + upstream commit + + disallow KEXINIT before NEWKEYS; ok djm; report by + vegard.nossum at oracle.com + + Upstream-ID: 3668852d1f145050e62f1da08917de34cb0c5234 + +commit 2fbf91684d76d38b9cf06550b69c9e41bca5a71c +Author: Darren Tucker <dtucker@zip.com.au> +Date: Thu Mar 16 14:05:46 2017 +1100 + + Include includes.h for compat bits. + +commit b55f634e96b9c5b0cd991e23a9ca181bec4bdbad +Author: Darren Tucker <dtucker@zip.com.au> +Date: Thu Mar 16 13:45:17 2017 +1100 + + Wrap stdint.h in #ifdef HAVE_STDINT_H + +commit 55a1117d7342a0bf8b793250cf314bab6b482b99 +Author: Damien Miller <djm@mindrot.org> +Date: Thu Mar 16 11:22:42 2017 +1100 + + Adapt Cygwin config script to privsep knob removal + + Patch from Corinna Vinschen. + +commit 1a321bfdb91defe3c4d9cca5651724ae167e5436 +Author: deraadt@openbsd.org <deraadt@openbsd.org> +Date: Wed Mar 15 03:52:30 2017 +0000 + + upstream commit + + accidents happen to the best of us; ok djm + + Upstream-ID: b7a9dbd71011ffde95e06f6945fe7197dedd1604 + +commit 25f837646be8c2017c914d34be71ca435dfc0e07 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Mar 15 02:25:09 2017 +0000 + + upstream commit + + fix regression in 7.4: deletion of PKCS#11-hosted keys + would fail unless they were specified by full physical pathname. Report and + fix from Jakub Jelen via bz#2682; ok dtucker@ + + Upstream-ID: 5b5bc20ca11cacb5d5eb29c3f93fd18425552268 + +commit a8c5eeacf032a7d3408957e45dd7603cc1baf55f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Mar 15 02:19:09 2017 +0000 + + upstream commit + + Fix segfault when sshd attempts to load RSA1 keys (can + only happen when protocol v.1 support is enabled for the client). Reported by + Jakub Jelen in bz#2686; ok dtucker + + Upstream-ID: 8fdaec2ba4b5f65db1d094f6714ce64b25d871d7 + +commit 66705948c0639a7061a0d0753266da7685badfec +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Mar 14 07:19:07 2017 +0000 + + upstream commit + + Mark the sshd_config UsePrivilegeSeparation option as + deprecated, effectively making privsep mandatory in sandboxing mode. ok + markus@ deraadt@ + + (note: this doesn't remove the !privsep code paths, though that will + happen eventually). + + Upstream-ID: b4c52666256c4dd865f8ce9431af5d6ce2d74a0a + +commit f86586b03fe6cd8f595289bde200a94bc2c191af +Author: Damien Miller <djm@mindrot.org> +Date: Tue Mar 14 18:26:29 2017 +1100 + + Make seccomp-bpf sandbox work on Linux/X32 + + Allow clock_gettime syscall with X32 bit masked off. Apparently + this is required for at least some kernel versions. bz#2142 + Patch mostly by Colin Watson. ok dtucker@ + +commit 2429cf78dd2a9741ce27ba25ac41c535274a0af6 +Author: Damien Miller <djm@mindrot.org> +Date: Tue Mar 14 18:01:52 2017 +1100 + + require OpenSSL >=1.0.1 + +commit e3ea335abeab731c68f2b2141bee85a4b0bf680f +Author: Damien Miller <djm@mindrot.org> +Date: Tue Mar 14 17:48:43 2017 +1100 + + Remove macro trickery; no binary change + + This stops the SC_ALLOW(), SC_ALLOW_ARG() and SC_DENY() macros + prepending __NR_ to the syscall number parameter and just makes + them explicit in the macro invocations. + + No binary change in stripped object file before/after. + +commit 5f1596e11d55539678c41f68aed358628d33d86f +Author: Damien Miller <djm@mindrot.org> +Date: Tue Mar 14 13:15:18 2017 +1100 + + support ioctls for ICA crypto card on Linux/s390 + + Based on patch from Eduardo Barretto; ok dtucker@ + +commit b1b22dd0df2668b322dda174e501dccba2cf5c44 +Author: Darren Tucker <dtucker@zip.com.au> +Date: Tue Mar 14 14:19:36 2017 +1100 + + Plumb conversion test into makefile. + +commit f57783f1ddfb4cdfbd612c6beb5ec01cb5b9a6b9 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Mar 14 01:20:29 2017 +0000 + + upstream commit + + Add unit test for convtime(). + + Upstream-Regress-ID: 8717bc0ca4c21120f6dd3a1d3b7a363f707c31e1 + +commit 8884b7247d094cd11ff9e39c325ba928c5bdbc6c +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Mar 14 01:10:07 2017 +0000 + + upstream commit + + Add ASSERT_LONG_* helpers. + + Upstream-Regress-ID: fe15beaea8f5063c7f21b0660c722648e3d76431 + +commit c6774d21185220c0ba11e8fd204bf0ad1a432071 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Mar 14 00:55:37 2017 +0000 + + upstream commit + + Fix convtime() overflow test on boundary condition, + spotted by & ok djm. + + Upstream-ID: 51f14c507ea87a3022e63f574100613ab2ba5708 + +commit f5746b40cfe6d767c8e128fe50c43274b31cd594 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Mar 14 00:25:03 2017 +0000 + + upstream commit + + Check for integer overflow when parsing times in + convtime(). Reported by nicolas.iooss at m4x.org, ok djm@ + + Upstream-ID: 35e6a4e98f6fa24df50bfb8ba1307cf70e966f13 + +commit f5907982f42a8d88a430b8a46752cbb7859ba979 +Author: Darren Tucker <dtucker@zip.com.au> +Date: Tue Mar 14 13:38:15 2017 +1100 + + Add a "unit" target to run only unit tests. + +commit 9e96b41682aed793fadbea5ccd472f862179fb02 +Author: Damien Miller <djm@mindrot.org> +Date: Tue Mar 14 12:24:47 2017 +1100 + + Fix weakness in seccomp-bpf sandbox arg inspection + + Syscall arguments are passed via an array of 64-bit values in struct + seccomp_data, but we were only inspecting the bottom 32 bits and not + even those correctly for BE systems. + + Fortunately, the only case argument inspection was used was in the + socketcall filtering so using this for sandbox escape seems + impossible. + + ok dtucker + +commit 8ff3fc3f2f7c13e8968717bc2b895ee32c441275 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Mar 11 23:44:16 2017 +0000 + + upstream commit + + regress tests for loading certificates without public keys; + bz#2617 based on patch from Adam Eijdenberg; ok markus@ dtucker@ + + Upstream-Regress-ID: 0145d19328ed995b73fe2d9da33596b17429d0d0 + +commit 1e24552716194db8f2f620587b876158a9ef56ad +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Mar 11 23:40:26 2017 +0000 + + upstream commit + + allow ssh to use certificates accompanied by a private + key file but no corresponding plain *.pub public key. bz#2617 based on patch + from Adam Eijdenberg; ok dtucker@ markus@ + + Upstream-ID: 295668dca2c39505281577217583ddd2bd4b00b9 + +commit 0fb1a617a07b8df5de188dd5a0c8bf293d4bfc0e +Author: markus@openbsd.org <markus@openbsd.org> +Date: Sat Mar 11 13:07:35 2017 +0000 + + upstream commit + + Don't count the initial block twice when computing how + many bytes to discard for the work around for the attacks against CBC-mode. + ok djm@; report from Jean Paul, Kenny, Martin and Torben @ RHUL + + Upstream-ID: f445f509a4e0a7ba3b9c0dae7311cb42458dc1e2 + +commit ef653dd5bd5777132d9f9ee356225f9ee3379504 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 10 07:18:32 2017 +0000 + + upstream commit + + krl.c + + Upstream-ID: fc5e695d5d107d730182e2da7b23f00b489e0ee1 + +commit d94c1dfef2ea30ca67b1204ada7c3b537c54f4d0 +Author: Damien Miller <djm@mindrot.org> +Date: Sun Mar 12 10:48:14 2017 +1100 + + sync fmt_scaled.c with OpenBSD + + revision 1.13 + date: 2017/03/11 23:37:23; author: djm; state: Exp; lines: +14 -1; commitid: jnFKyHkB3CEiEZ2R; + fix signed integer overflow in scan_scaled. Found by Nicolas Iooss + using AFL against ssh_config. ok deraadt@ millert@ + ---------------------------- + revision 1.12 + date: 2013/11/29 19:00:51; author: deraadt; state: Exp; lines: +6 -5; + fairly simple unsigned char casts for ctype + ok krw + ---------------------------- + revision 1.11 + date: 2012/11/12 14:07:20; author: halex; state: Exp; lines: +4 -2; + make scan_scaled set errno to EINVAL rather than ERANGE if it encounters + an invalid multiplier, like the man page says it should + + "looks sensible" deraadt@, ok ian@ + ---------------------------- + revision 1.10 + date: 2009/06/20 15:00:04; author: martynas; state: Exp; lines: +4 -4; + use llabs instead of the home-grown version; and some comment changes + ok ian@, millert@ + ---------------------------- + +commit 894221a63fa061e52e414ca58d47edc5fe645968 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 10 05:01:13 2017 +0000 + + upstream commit + + When updating hostkeys, accept RSA keys if + HostkeyAlgorithms contains any RSA keytype. Previously, ssh could ignore RSA + keys when any of the ssh-rsa-sha2-* methods was enabled in HostkeyAlgorithms + nit ssh-rsa (SHA1 signatures) was not. bz#2650 reported by Luis Ressel; ok + dtucker@ + + Upstream-ID: c5e8cfee15c42f4a05d126158a0766ea06da79d2 + +commit dd3e2298663f4cc1a06bc69582d00dcfee27d73c +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 10 04:24:55 2017 +0000 + + upstream commit + + make hostname matching really insensitive to case; + bz#2685, reported by Petr Cerny; ok dtucker@ + + Upstream-ID: e467622ff154269e36ba8b6c9e3d105e1c4a9253 + +commit 77a9be9446697fe8b5499fe651f4a82a71a4b51f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 10 03:52:48 2017 +0000 + + upstream commit + + reword a comment to make it fit 80 columns + + Upstream-ID: 4ef509a66b96c7314bbcc87027c2af71fa9d0ba4 + +commit 61b8ef6a66efaec07e023342cb94a10bdc2254dc +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 10 04:27:32 2017 +0000 + + upstream commit + + better match sshd config parser behaviour: fatal() if + line is overlong, increase line buffer to match sshd's; bz#2651 reported by + Don Fong; ok dtucker@ + + Upstream-ID: b175ae7e0ba403833f1ee566edf10f67443ccd18 + +commit db2597207e69912f2592cd86a1de8e948a9d7ffb +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 10 04:26:06 2017 +0000 + + upstream commit + + ensure hostname is lower-case before hashing it; + bz#2591 reported by Griff Miller II; ok dtucker@ + + Upstream-ID: c3b8b93804f376bd00d859b8bcd9fc0d86b4db17 + +commit df9936936c695f85c1038bd706d62edf752aca4b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 10 04:24:55 2017 +0000 + + upstream commit + + make hostname matching really insensitive to case; + bz#2685, reported by Petr Cerny; ok dtucker@ + + Upstream-ID: e632b7a9bf0d0558d5ff56dab98b7cca6c3db549 + +commit 67eed24bfa7645d88fa0b883745fccb22a0e527e +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 10 04:11:00 2017 +0000 + + upstream commit + + Remove old null check from config dumper. Patch from + jjelen at redhat.com vi bz#2687, ok djm@ + + Upstream-ID: 824ab71467b78c4bab0dd1b3a38e8bc5f63dd528 + +commit 183ba55aaaecca0206184b854ad6155df237adbe +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 10 04:07:20 2017 +0000 + + upstream commit + + fix regression in 7.4 server-sig-algs, where we were + accidentally excluding SHA2 RSA signature methods. bz#2680, patch from Nuno + Goncalves; ok dtucker@ + + Upstream-ID: 81ac8bfb30960447740b9b8f6a214dcf322f12e8 + +commit 66be4fe8c4435af5bbc82998501a142a831f1181 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 10 03:53:11 2017 +0000 + + upstream commit + + Check for NULL return value from key_new. Patch from + jjelen at redhat.com via bz#2687, ok djm@ + + Upstream-ID: 059e33cd43cba88dc8caf0b1936fd4dd88fd5b8e + +commit ec2892b5c7fea199914cb3a6afb3af38f84990bf +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 10 03:52:48 2017 +0000 + + upstream commit + + reword a comment to make it fit 80 columns + + Upstream-ID: b4b48b4487c0821d16e812c40c9b09f03b28e349 + +commit 7fadbb6da3f4122de689165651eb39985e1cba85 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 10 03:48:57 2017 +0000 + + upstream commit + + Check for NULL argument to sshkey_read. Patch from + jjelen at redhat.com via bz#2687, ok djm@ + + Upstream-ID: c2d00c2ea50c4861d271d0a586f925cc64a87e0e + +commit 5a06b9e019e2b0b0f65a223422935b66f3749de3 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 10 03:45:40 2017 +0000 + + upstream commit + + Plug some mem leaks mostly on error paths. From jjelen + at redhat.com via bz#2687, ok djm@ + + Upstream-ID: 3fb030149598957a51b7c8beb32bf92cf30c96f2 + +commit f6edbe9febff8121f26835996b1229b5064d31b7 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 10 03:24:48 2017 +0000 + + upstream commit + + Plug mem leak on GLOB_NOMATCH case. From jjelen at + redhat.com via bz#2687, ok djm@ + + Upstream-ID: 8016a7ae97719d3aa55fb723fc2ad3200058340d + +commit 566b3a46e89a2fda2db46f04f2639e92da64a120 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 10 03:22:40 2017 +0000 + + upstream commit + + Plug descriptor leaks of auth_sock. From jjelen at + redhat.com via bz#2687, ok djm@ + + Upstream-ID: 248acb99a5ed2fdca37d1aa33c0fcee7be286d88 + +commit 8a2834454c73dfc1eb96453c0e97690595f3f4c2 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 10 03:18:24 2017 +0000 + + upstream commit + + correctly hash hosts with a port number. Reported by Josh + Powers in bz#2692; ok dtucker@ + + Upstream-ID: 468e357ff143e00acc05bdd2803a696b3d4b6442 + +commit 9747b9c742de409633d4753bf1a752cbd211e2d3 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 10 03:15:58 2017 +0000 + + upstream commit + + don't truncate off \r\n from long stderr lines; bz#2688, + reported by Brian Dyson; ok dtucker@ + + Upstream-ID: cdfdc4ba90639af807397ce996153c88af046ca4 + +commit 4a4b75adac862029a1064577eb5af299b1580cdd +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 10 02:59:51 2017 +0000 + + upstream commit + + Validate digest arg in ssh_digest_final; from jjelen at + redhat.com via bz#2687, ok djm@ + + Upstream-ID: dbe5494dfddfe523fab341a3dab5a79e7338f878 + +commit bee0167be2340d8de4bdc1ab1064ec957c85a447 +Author: Darren Tucker <dtucker@zip.com.au> +Date: Fri Mar 10 13:40:18 2017 +1100 + + Check for NULL from malloc. + + Part of bz#2687, from jjelen at redhat.com. + +commit da39b09d43b137a5a3d071b51589e3efb3701238 +Author: Darren Tucker <dtucker@zip.com.au> +Date: Fri Mar 10 13:22:32 2017 +1100 + + If OSX is using launchd, remove screen no. + + Check for socket with and without screen number. From Apple and Jakob + Schlyter via bz#2341, with contributions from Ron Frederick, ok djm@ + +commit 8fb15311a011517eb2394bb95a467c209b8b336c +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Mar 8 12:07:47 2017 +0000 + + upstream commit + + quote [host]:port in generated ProxyJump commandline; the + [ / ] characters can confuse some shells (e.g. zsh). Reported by Lauri + Tirkkonen via bugs@ + + Upstream-ID: 65cdd161460e1351c3d778e974c1c2a4fa4bc182 + +commit 18501151cf272a15b5f2c5e777f2e0933633c513 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Mar 6 02:03:20 2017 +0000 + + upstream commit + + Check l->hosts before dereferencing; fixes potential null + pointer deref. ok djm@ + + Upstream-ID: 81c0327c6ec361da794b5c680601195cc23d1301 + +commit d072370793f1a20f01ad827ba8fcd3b8f2c46165 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Mar 6 00:44:51 2017 +0000 + + upstream commit + + linenum is unsigned long so use %lu in log formats. ok + deraadt@ + + Upstream-ID: 9dc582d9bb887ebe0164e030d619fc20b1a4ea08 + +commit 12d3767ba4c84c32150cbe6ff6494498780f12c9 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 3 06:13:11 2017 +0000 + + upstream commit + + fix ssh-keygen -H accidentally corrupting known_hosts that + contained already-hashed entries. HKF_MATCH_HOST_HASHED is only set by + hostkeys_foreach() when hostname matching is in use, so we need to look for + the hash marker explicitly. + + Upstream-ID: da82ad653b93e8a753580d3cf5cd448bc2520528 + +commit d7abb771bd5a941b26144ba400a34563a1afa589 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Feb 28 06:10:08 2017 +0000 + + upstream commit + + small memleak: free fd_set on connection timeout (though + we are heading to exit anyway). From Tom Rix in bz#2683 + + Upstream-ID: 10e3dadbb8199845b66581473711642d9e6741c4 + +commit 78142e3ab3887e53a968d6e199bcb18daaf2436e +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Mon Feb 27 14:30:33 2017 +0000 + + upstream commit + + errant dot; from klemens nanni + + Upstream-ID: 83d93366a5acf47047298c5d3ebc5e7426f37921 + +commit 8071a6924c12bb51406a9a64a4b2892675112c87 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Feb 24 03:16:34 2017 +0000 + + upstream commit + + might as well set the listener socket CLOEXEC + + Upstream-ID: 9c538433d6a0ca79f5f21decc5620e46fb68ab57 + +commit d5499190559ebe374bcdfa8805408646ceffad64 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Feb 19 00:11:29 2017 +0000 + + upstream commit + + add test cases for C locale; ok schwarze@ + + Upstream-Regress-ID: 783d75de35fbc923d46e2a5e6cee30f8f381ba87 + +commit 011c8ffbb0275281a0cf330054cf21be10c43e37 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Feb 19 00:10:57 2017 +0000 + + upstream commit + + Add a common nl_langinfo(CODESET) alias for US-ASCII + "ANSI_X3.4-1968" that is used by Linux. Fixes mprintf output truncation for + non-UTF-8 locales on Linux spotted by dtucker@; ok deraadt@ schwarze@ + + Upstream-ID: c6808956ebffd64066f9075d839f74ff0dd60719 + +commit 0c4430a19b73058a569573492f55e4c9eeaae67b +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Feb 7 23:03:11 2017 +0000 + + upstream commit + + Remove deprecated SSH1 options RSAAuthentication and + RhostsRSAAuthentication from regression test sshd_config. + + Upstream-Regress-ID: 8066b753d9dce7cf02ff87af5c727ff680d99491 + +commit 3baa4cdd197c95d972ec3d07f1c0d08f2d7d9199 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Feb 17 02:32:05 2017 +0000 + + upstream commit + + Do not show rsa1 key type in usage when compiled without + SSH1 support. + + Upstream-ID: 068b5c41357a02f319957746fa4e84ea73960f57 + +commit ecc35893715f969e98fee118481f404772de4132 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Feb 17 02:31:14 2017 +0000 + + upstream commit + + ifdef out "rsa1" from the list of supported keytypes when + compiled without SSH1 support. Found by kdunlop at guralp.com, ok djm@ + + Upstream-ID: cea93a26433d235bb1d64b1d990f19a9c160a70f + +commit 10577c6d96a55b877a960b2d0b75edef1b9945af +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Feb 17 02:04:15 2017 +0000 + + upstream commit + + For ProxyJump/-J, surround host name with brackets to + allow literal IPv6 addresses. From Dick Visser; ok dtucker@ + + Upstream-ID: 3a5d3b0171250daf6a5235e91bce09c1d5746bf1 + +commit b2afdaf1b52231aa23d2153f4a8c5a60a694dda4 +Author: jsg@openbsd.org <jsg@openbsd.org> +Date: Wed Feb 15 23:38:31 2017 +0000 + + upstream commit + + Fix memory leaks in match_filter_list() error paths. + + ok dtucker@ markus@ + + Upstream-ID: c7f96ac0877f6dc9188bbc908100a8d246cc7f0e + +commit 6d5a41b38b55258213ecfaae9df7a758caa752a1 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Feb 15 01:46:47 2017 +0000 + + upstream commit + + fix division by zero crash in "df" output when server + returns zero total filesystem blocks/inodes. Spotted by Guido Vranken; ok + dtucker@ + + Upstream-ID: 6fb6c2ae6b289aa07b6232dbc0be54682ef5419f + +commit bd5d7d239525d595ecea92765334af33a45d9d63 +Author: Darren Tucker <dtucker@zip.com.au> +Date: Sun Feb 12 15:45:15 2017 +1100 + + ifdef out EVP_R_PRIVATE_KEY_DECODE_ERROR + + EVP_R_PRIVATE_KEY_DECODE_ERROR was added in OpenSSL 1.0.0 so ifdef out + for the benefit of OpenSSL versions prior to that. + +commit 155d540d00ff55f063421ec182ec8ff2b7ab6cbe +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Feb 10 04:34:50 2017 +0000 + + upstream commit + + bring back r1.34 that was backed out for problems loading + public keys: + + translate OpenSSL error codes to something more + meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@ + + with additional fix from Jakub Jelen to solve the backout. + bz#2525 bz#2523 re-ok dtucker@ + + Upstream-ID: a9d5bc0306f4473d9b4f4484f880e95f3c1cc031 + +commit a287c5ad1e0bf9811c7b9221979b969255076019 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Feb 10 03:36:40 2017 +0000 + + upstream commit + + Sanitise escape sequences in key comments sent to printf + but preserve valid UTF-8 when the locale supports it; bz#2520 ok dtucker@ + + Upstream-ID: e8eed28712ba7b22d49be534237eed019875bd1e + +commit e40269be388972848aafcca7060111c70aab5b87 +Author: millert@openbsd.org <millert@openbsd.org> +Date: Wed Feb 8 20:32:43 2017 +0000 + + upstream commit + + Avoid printf %s NULL. From semarie@, OK djm@ + + Upstream-ID: 06beef7344da0208efa9275d504d60d2a5b9266c + +commit 5b90709ab8704dafdb31e5651073b259d98352bc +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Feb 6 09:22:51 2017 +0000 + + upstream commit + + Restore \r\n newline sequence for server ident string. The CR + got lost in the flensing of SSHv1. Pointed out by Stef Bon + + Upstream-ID: 5333fd43ce5396bf5999496096fac5536e678fac + +commit 97c31c46ee2e6b46dfffdfc4f90bbbf188064cbc +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Feb 3 23:01:42 2017 +0000 + + upstream commit + + unit test for match_filter_list() function; still want a + better name for this... + + Upstream-Regress-ID: 840ad6118552c35111f0a897af9c8d93ab8de92a + +commit f1a193464a7b77646f0d0cedc929068e4a413ab4 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Feb 3 23:05:57 2017 +0000 + + upstream commit + + use ssh_packet_set_log_preamble() to include connection + username in packet log messages, e.g. + + Connection closed by invalid user foo 10.1.1.1 port 44056 [preauth] + + ok markus@ bz#113 + + Upstream-ID: 3591b88bdb5416d6066fb3d49d8fff2375bf1a15 + +commit 07edd7e9537ab32aa52abb5fb2a915c350fcf441 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Feb 3 23:03:33 2017 +0000 + + upstream commit + + add ssh_packet_set_log_preamble() to allow inclusion of a + preamble string in disconnect messages; ok markus@ + + Upstream-ID: 34cb41182cd76d414c214ccb01c01707849afead + +commit 68bc8cfa7642d3ccbf2cd64281c16b8b9205be59 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Feb 3 23:01:19 2017 +0000 + + upstream commit + + support =- for removing methods from algorithms lists, + e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671 "I like + it" markus@ + + Upstream-ID: c78c38f9f81a963b33d0eade559f6048add24a6d + +commit c924b2ef941028a1f31e6e94f54dfeeeef462a4e +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Feb 3 05:05:56 2017 +0000 + + upstream commit + + allow form-feed characters at EOL; bz#2431 ok dtucker@ + + Upstream-ID: 1f453afaba6da2ae69d6afdf1ae79a917552f1a2 + +commit 523db8540b720c4d21ab0ff6f928476c70c38aab +Author: Damien Miller <djm@mindrot.org> +Date: Fri Feb 3 16:01:22 2017 +1100 + + prefer to use ldns-config to find libldns + + Should fix bz#2603 - "Build with ldns and without kerberos support + fails if ldns compiled with kerberos support" by including correct + cflags/libs + + ok dtucker@ + +commit c998bf0afa1a01257a53793eba57941182e9e0b7 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Feb 3 02:56:00 2017 +0000 + + upstream commit + + Make ssh_packet_set_rekey_limits take u32 for the number of + seconds until rekeying (negative values are rejected at config parse time). + This allows the removal of some casts and a signed vs unsigned comparison + warning. + + rekey_time is cast to int64 for the comparison which is a no-op + on OpenBSD, but should also do the right thing in -portable on + anything still using 32bit time_t (until the system time actually + wraps, anyway). + + some early guidance deraadt@, ok djm@ + + Upstream-ID: c9f18613afb994a07e7622eb326f49de3d123b6c + +commit 3ec5fa4ba97d4c4853620daea26a33b9f1fe3422 +Author: jsg@openbsd.org <jsg@openbsd.org> +Date: Thu Feb 2 10:54:25 2017 +0000 + + upstream commit + + In vasnmprintf() return an error if malloc fails and + don't set a function argument to the address of free'd memory. + + ok djm@ + + Upstream-ID: 1efffffff2f51d53c9141f245b90ac23d33b9779 + +commit 858252fb1d451ebb0969cf9749116c8f0ee42753 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Feb 1 02:59:09 2017 +0000 + + upstream commit + + Return true reason for port forwarding failures where + feasible rather than always "administratively prohibited". bz#2674, ok djm@ + + Upstream-ID: d901d9887951774e604ca970e1827afaaef9e419 + +commit 6ba9f893838489add6ec4213c7a997b425e4a9e0 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Jan 30 23:27:39 2017 +0000 + + upstream commit + + Small correction to the known_hosts section on when it is + updated. Patch from lkppo at free.fr some time ago, pointed out by smallm at + sdf.org + + Upstream-ID: 1834d7af179dea1a12ad2137f84566664af225d5 + +commit c61d5ec3c11e7ff9779b6127421d9f166cf10915 +Author: Darren Tucker <dtucker@zip.com.au> +Date: Fri Feb 3 14:10:34 2017 +1100 + + Remove _XOPEN_SOURCE from wide char detection. + + Having _XOPEN_SOURCE unconditionally causes problems on some platforms + and configurations, notably Solaris 64-bit binaries. It was there for + the benefit of Linux put the required bits in the *-*linux* section. + + Patch from yvoinov at gmail.com. + +commit f25ee13b3e81fd80efeb871dc150fe49d7fc8afd +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jan 30 05:22:14 2017 +0000 + + upstream commit + + fully unbreak: some $SSH invocations did not have -F + specified and could pick up the ~/.ssh/config of the user running the tests + + Upstream-Regress-ID: f362d1892c0d3e66212d5d3fc02d915c58ef6b89 + +commit 6956e21fb26652887475fe77ea40d2efcf25908b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jan 30 04:54:07 2017 +0000 + + upstream commit + + partially unbreak: was not specifying hostname on some + $SSH invocations + + Upstream-Regress-ID: bc8a5e98e57bad0a92ef4f34ed91c1d18294e2cc + +commit 52763dd3fe0a4678dafdf7aeb32286e514130afc +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jan 30 01:03:00 2017 +0000 + + upstream commit + + revise keys/principals command hang fix (bz#2655) to + consume entire output, avoiding sending SIGPIPE to subprocesses early; ok + dtucker@ + + Upstream-ID: 7cb04b31a61f8c78c4e48ceededcd2fd5c4ee1bc + +commit 381a2615a154a82c4c53b787f4a564ef894fe9ac +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jan 30 00:38:50 2017 +0000 + + upstream commit + + small cleanup post SSHv1 removal: + + remove SSHv1-isms in commented examples + + reorder token table to group deprecated and compile-time conditional tokens + better + + fix config dumping code for some compile-time conditional options that + weren't being correctly skipped (SSHv1 and PKCS#11) + + Upstream-ID: f2e96b3cb3158d857c5a91ad2e15925df3060105 + +commit 4833d01591b7eb049489d9558b65f5553387ed43 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jan 30 00:34:01 2017 +0000 + + upstream commit + + some explicit NULL tests when dumping configured + forwardings; from Karsten Weiss + + Upstream-ID: 40957b8dea69672b0e50df6b4a91a94e3e37f72d + +commit 326e2fae9f2e3e067b5651365eba86b35ee5a6b2 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jan 30 00:32:28 2017 +0000 + + upstream commit + + misplaced braces in test; from Karsten Weiss + + Upstream-ID: f7b794074d3aae8e35b69a91d211c599c94afaae + +commit 3e032a95e46bfaea9f9e857678ac8fa5f63997fb +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jan 30 00:32:03 2017 +0000 + + upstream commit + + don't dereference authctxt before testing != NULL, it + causes compilers to make assumptions; from Karsten Weiss + + Upstream-ID: 794243aad1e976ebc717885b7a97a25e00c031b2 + +commit 01cfaa2b1cfb84f3cdd32d1bf82b120a8d30e057 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 6 02:51:16 2017 +0000 + + upstream commit + + use correct ssh-add program; bz#2654, from Colin Watson + + Upstream-Regress-ID: 7042a36e1bdaec6562f6e57e9d047efe9c7a6030 + +commit e5c7ec67cdc42ae2584085e0fc5cc5ee91133cf5 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jan 6 02:26:10 2017 +0000 + + upstream commit + + Account for timeouts in the integrity tests as failures. + + If the first test in a series for a given MAC happens to modify the low + bytes of a packet length, then ssh will time out and this will be + interpreted as a test failure. Patch from cjwatson at debian.org via + bz#2658. + + Upstream-Regress-ID: e7467613b0badedaa300bc6fc7495ec2f44e2fb9 + +commit dbaf599b61bd6e0f8469363a8c8e7f633b334018 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jan 6 02:09:25 2017 +0000 + + upstream commit + + Make forwarding test less racy by using unix domain + sockets instead of TCP ports where possible. Patch from cjwatson at + debian.org via bz#2659. + + Upstream-Regress-ID: 4756375aac5916ef9d25452a1c1d5fa9e90299a9 + +commit 9390b0031ebd6eb5488d3bc4d4333c528dffc0a6 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sun Jan 29 21:35:23 2017 +0000 + + upstream commit + + Fix typo in ~C error message for bad port forward + cancellation. bz#2672, from Brad Marshall via Colin Watson and Ubuntu's + bugtracker. + + Upstream-ID: 0d4a7e5ead6cc59c9a44b4c1e5435ab3aada09af + +commit 4ba15462ca38883b8a61a1eccc093c79462d5414 +Author: guenther@openbsd.org <guenther@openbsd.org> +Date: Sat Jan 21 11:32:04 2017 +0000 + + upstream commit + + The POSIX APIs that that sockaddrs all ignore the s*_len + field in the incoming socket, so userspace doesn't need to set it unless it + has its own reasons for tracking the size along with the sockaddr. + + ok phessler@ deraadt@ florian@ + + Upstream-ID: ca6e49e2f22f2b9e81d6d924b90ecd7e422e7437 + +commit a1187bd3ef3e4940af849ca953a1b849dae78445 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Fri Jan 6 16:28:12 2017 +0000 + + upstream commit + + keep the tokens list sorted; + + Upstream-ID: b96239dae4fb3aa94146bb381afabcc7740a1638 + +commit b64077f9767634715402014f509e58decf1e140d +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 6 09:27:52 2017 +0000 + + upstream commit + + fix previous + + Upstream-ID: c107d6a69bc22325d79fbf78a2a62e04bcac6895 + +commit 5e820e9ea2e949aeb93071fe31c80b0c42f2b2de +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 6 03:53:58 2017 +0000 + + upstream commit + + show a useful error message when included config files + can't be opened; bz#2653, ok dtucker@ + + Upstream-ID: f598b73b5dfe497344cec9efc9386b4e5a3cb95b + +commit 13bd2e2d622d01dc85d22b94520a5b243d006049 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 6 03:45:41 2017 +0000 + + upstream commit + + sshd_config is documented to set + GSSAPIStrictAcceptorCheck=yes by default, so actually make it do this. + bz#2637 ok dtucker + + Upstream-ID: 99ef8ac51f17f0f7aec166cb2e34228d4d72a665 + +commit f89b928534c9e77f608806a217d39a2960cc7fd0 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 6 03:41:58 2017 +0000 + + upstream commit + + Avoid confusing error message when attempting to use + ssh-keyscan built without SSH protocol v.1 to scan for v.1 keys; bz#2583 + + Upstream-ID: 5d214abd3a21337d67c6dcc5aa6f313298d0d165 + +commit 0999533014784579aa6f01c2d3a06e3e8804b680 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jan 6 02:34:54 2017 +0000 + + upstream commit + + Re-add '%k' token for AuthorizedKeysCommand which was + lost during the re-org in rev 1.235. bz#2656, from jboning at gmail.com. + + Upstream-ID: 2884e203c02764d7b3fe7472710d9c24bdc73e38 + +commit 51045869fa084cdd016fdd721ea760417c0a3bf3 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jan 4 05:37:40 2017 +0000 + + upstream commit + + unbreak Unix domain socket forwarding for root; ok + markus@ + + Upstream-ID: 6649c76eb7a3fa15409373295ca71badf56920a2 + +commit 58fca12ba967ea5c768653535604e1522d177e44 +Author: Darren Tucker <dtucker@zip.com.au> +Date: Mon Jan 16 09:08:32 2017 +1100 + + Remove LOGIN_PROGRAM. + + UseLogin is gone, remove leftover. bz#2665, from cjwatson at debian.org + +commit b108ce92aae0ca0376dce9513d953be60e449ae1 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jan 4 02:21:43 2017 +0000 + + upstream commit + + relax PKCS#11 whitelist a bit to allow libexec as well as + lib directories. + + Upstream-ID: cf5617958e2e2d39f8285fd3bc63b557da484702 + +commit c7995f296b9222df2846f56ecf61e5ae13d7a53d +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Jan 3 05:46:51 2017 +0000 + + upstream commit + + check number of entries in SSH2_FXP_NAME response; avoids + unreachable overflow later. Reported by Jann Horn + + Upstream-ID: b6b2b434a6d6035b1644ca44f24cd8104057420f + +commit ddd3d34e5c7979ca6f4a3a98a7d219a4ed3d98c2 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Dec 30 22:08:02 2016 +0000 + + upstream commit + + fix deadlock when keys/principals command produces a lot of + output and a key is matched early; bz#2655, patch from jboning AT gmail.com + + Upstream-ID: e19456429bf99087ea994432c16d00a642060afe + +commit 30eee7d1b2fec33c14870cc11910610be5d2aa6f +Author: Darren Tucker <dtucker@zip.com.au> +Date: Tue Dec 20 12:16:11 2016 +1100 + + Re-add missing "Prerequisites" header and fix typo + + Patch from HARUYAMA Seigo <haruyama at unixuser org>. + +commit c8c60f3663165edd6a52632c6ddbfabfce1ca865 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Dec 19 22:35:23 2016 +0000 + + upstream commit + + use standard /bin/sh equality test; from Mike Frysinger + + Upstream-Regress-ID: 7b6f0b63525f399844c8ac211003acb8e4b0bec2 + commit 4a354fc231174901f2629437c2a6e924a2dd6772 Author: Damien Miller <djm@mindrot.org> Date: Mon Dec 19 15:59:26 2016 +1100 @@ -8221,2046 +9392,3 @@ Date: Wed Mar 11 00:48:39 2015 +0000 add back the changes from rev 1.206, djm reverted this by mistake in rev 1.207 - -commit 4d24b3b6a4a6383e05e7da26d183b79fa8663697 -Author: Damien Miller <djm@mindrot.org> -Date: Fri Mar 20 09:11:59 2015 +1100 - - remove error() accidentally inserted for debugging - - pointed out by Christian Hesse - -commit 9f82e5a9042f2d872e98f48a876fcab3e25dd9bb -Author: Tim Rice <tim@multitalents.net> -Date: Mon Mar 16 22:49:20 2015 -0700 - - portability fix: Solaris systems may not have a grep that understands -q - -commit 8ef691f7d9ef500257a549d0906d78187490668f -Author: Damien Miller <djm@google.com> -Date: Wed Mar 11 10:35:26 2015 +1100 - - fix compile with clang - -commit 4df590cf8dc799e8986268d62019b487a8ed63ad -Author: Damien Miller <djm@google.com> -Date: Wed Mar 11 10:02:39 2015 +1100 - - make unit tests work for !OPENSSH_HAS_ECC - -commit 307bb40277ca2c32e97e61d70d1ed74b571fd6ba -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Mar 7 04:41:48 2015 +0000 - - upstream commit - - unbreak for w/SSH1 (default) case; ok markus@ deraadt@ - -commit b44ee0c998fb4c5f3c3281f2398af5ce42840b6f -Author: Damien Miller <djm@mindrot.org> -Date: Thu Mar 5 18:39:20 2015 -0800 - - unbreak hostkeys test for w/ SSH1 case - -commit 55e5bdeb519cb60cc18b7ba0545be581fb8598b4 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Mar 6 01:40:56 2015 +0000 - - upstream commit - - fix sshkey_certify() return value for unsupported key types; - ok markus@ deraadt@ - -commit be8f658e550a434eac04256bfbc4289457a24e99 -Author: Damien Miller <djm@mindrot.org> -Date: Wed Mar 4 15:38:03 2015 -0800 - - update version numbers to match version.h - -commit ac5e8acefa253eb5e5ba186e34236c0e8007afdc -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Mar 4 23:22:35 2015 +0000 - - upstream commit - - make these work with !SSH1; ok markus@ deraadt@ - -commit 2f04af92f036b0c87a23efb259c37da98cd81fe6 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Mar 4 21:12:59 2015 +0000 - - upstream commit - - make ssh-add -D work with !SSH1 agent - -commit a05adf95d2af6abb2b7826ddaa7a0ec0cdc1726b -Author: Damien Miller <djm@mindrot.org> -Date: Wed Mar 4 00:55:48 2015 -0800 - - netcat needs poll.h portability goop - -commit dad2b1892b4c1b7e58df483a8c5b983c4454e099 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Tue Mar 3 22:35:19 2015 +0000 - - upstream commit - - make it possible to run tests w/o ssh1 support; ok djm@ - -commit d48a22601bdd3eec054794c535f4ae8d8ae4c6e2 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Mar 4 18:53:53 2015 +0000 - - upstream commit - - crank; ok markus, deraadt - -commit bbffb23daa0b002dd9f296e396a9ab8a5866b339 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Mar 3 13:50:27 2015 -0800 - - more --without-ssh1 fixes - -commit 6c2039286f503e2012a58a1d109e389016e7a99b -Author: Damien Miller <djm@mindrot.org> -Date: Tue Mar 3 13:48:48 2015 -0800 - - fix merge both that broke --without-ssh1 compile - -commit 111dfb225478a76f89ecbcd31e96eaf1311b59d3 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Mar 3 21:21:13 2015 +0000 - - upstream commit - - add SSH1 Makefile knob to make it easier to build without - SSH1 support; ok markus@ - -commit 3f7f5e6c5d2aa3f6710289c1a30119e534e56c5c -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Mar 3 20:42:49 2015 +0000 - - upstream commit - - expand __unused to full __attribute__ for better portability - -commit 2fab9b0f8720baf990c931e3f68babb0bf9949c6 -Author: Damien Miller <djm@mindrot.org> -Date: Wed Mar 4 07:41:27 2015 +1100 - - avoid warning - -commit d1bc844322461f882b4fd2277ba9a8d4966573d2 -Author: Damien Miller <djm@mindrot.org> -Date: Wed Mar 4 06:31:45 2015 +1100 - - Revert "define __unused to nothing if not already defined" - - This reverts commit 1598419e38afbaa8aa5df8dd6b0af98301e2c908. - - Some system headers have objects named __unused - -commit 00797e86b2d98334d1bb808f65fa1fd47f328ff1 -Author: Damien Miller <djm@mindrot.org> -Date: Wed Mar 4 05:02:45 2015 +1100 - - check for crypt and DES_crypt in openssl block - - fixes builds on systems that use DES_crypt; based on patch - from Roumen Petrov - -commit 1598419e38afbaa8aa5df8dd6b0af98301e2c908 -Author: Damien Miller <djm@mindrot.org> -Date: Wed Mar 4 04:59:13 2015 +1100 - - define __unused to nothing if not already defined - - fixes builds on BSD/OS - -commit d608a51daad4f14ad6ab43d7cf74ef4801cc3fe9 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Mar 3 17:53:40 2015 +0000 - - upstream commit - - reorder logic for better portability; patch from Roumen - Petrov - -commit 68d2dfc464fbcdf8d6387884260f9801f4352393 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Mar 3 06:48:58 2015 +0000 - - upstream commit - - Allow "ssh -Q protocol-version" to list supported SSH - protocol versions. Useful for detecting builds without SSH v.1 support; idea - and ok markus@ - -commit 39e2f1229562e1195169905607bc12290d21f021 -Author: millert@openbsd.org <millert@openbsd.org> -Date: Sun Mar 1 15:44:40 2015 +0000 - - upstream commit - - Make sure we only call getnameinfo() for AF_INET or AF_INET6 - sockets. getpeername() of a Unix domain socket may return without error on - some systems without actually setting ss_family so getnameinfo() was getting - called with ss_family set to AF_UNSPEC. OK djm@ - -commit e47536ba9692d271b8ad89078abdecf0a1c11707 -Author: Damien Miller <djm@mindrot.org> -Date: Sat Feb 28 08:20:11 2015 -0800 - - portability fixes for regress/netcat.c - - Mostly avoiding "err(1, NULL)" - -commit 02973ad5f6f49d8420e50a392331432b0396c100 -Author: Damien Miller <djm@mindrot.org> -Date: Sat Feb 28 08:05:27 2015 -0800 - - twiddle another test for portability - - from Tom G. Christensen - -commit f7f3116abf2a6e2f309ab096b08c58d19613e5d0 -Author: Damien Miller <djm@mindrot.org> -Date: Fri Feb 27 15:52:49 2015 -0800 - - twiddle test for portability - -commit 1ad3a77cc9d5568f5437ff99d377aa7a41859b83 -Author: Damien Miller <djm@mindrot.org> -Date: Thu Feb 26 20:33:22 2015 -0800 - - make regress/netcat.c fd passing (more) portable - -commit 9e1cfca7e1fe9cf8edb634fc894e43993e4da1ea -Author: Damien Miller <djm@mindrot.org> -Date: Thu Feb 26 20:32:58 2015 -0800 - - create OBJ/valgrind-out before running unittests - -commit bd58853102cee739f0e115e6d4b5334332ab1442 -Author: Damien Miller <djm@mindrot.org> -Date: Wed Feb 25 16:58:22 2015 -0800 - - valgrind support - -commit f43d17269194761eded9e89f17456332f4c83824 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Feb 26 20:45:47 2015 +0000 - - upstream commit - - don't printf NULL key comments; reported by Tom Christensen - -commit 6e6458b476ec854db33e3e68ebf4f489d0ab3df8 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Feb 25 23:05:47 2015 +0000 - - upstream commit - - zero cmsgbuf before use; we initialise the bits we use - but valgrind still spams warning on it - -commit a63cfa26864b93ab6afefad0b630e5358ed8edfa -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Feb 25 19:54:02 2015 +0000 - - upstream commit - - fix small memory leak when UpdateHostkeys=no - -commit e6b950341dd75baa8526f1862bca39e52f5b879b -Author: Tim Rice <tim@multitalents.net> -Date: Wed Feb 25 09:56:48 2015 -0800 - - Revert "Work around finicky USL linker so netcat will build." - - This reverts commit d1db656021d0cd8c001a6692f772f1de29b67c8b. - - No longer needed with commit 678e473e2af2e4802f24dd913985864d9ead7fb3 - -commit 6f621603f9cff2a5d6016a404c96cb2f8ac2dec0 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Feb 25 17:29:38 2015 +0000 - - upstream commit - - don't leak validity of user in "too many authentication - failures" disconnect message; reported by Sebastian Reitenbach - -commit 6288e3a935494df12519164f52ca5c8c65fc3ca5 -Author: naddy@openbsd.org <naddy@openbsd.org> -Date: Tue Feb 24 15:24:05 2015 +0000 - - upstream commit - - add -v (show ASCII art) to -l's synopsis; ok djm@ - -commit 678e473e2af2e4802f24dd913985864d9ead7fb3 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Thu Feb 26 04:12:58 2015 +1100 - - Remove dependency on xmalloc. - - Remove ssh_get_progname's dependency on xmalloc, which should reduce - link order problems. ok djm@ - -commit 5d5ec165c5b614b03678afdad881f10e25832e46 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Wed Feb 25 15:32:49 2015 +1100 - - Restrict ECDSA and ECDH tests. - - ifdef out some more ECDSA and ECDH tests when built against an OpenSSL - that does not have eliptic curve functionality. - -commit 1734e276d99b17e92d4233fac7aef3a3180aaca7 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Wed Feb 25 13:40:45 2015 +1100 - - Move definition of _NSIG. - - _NSIG is only unsed in one file, so move it there prevent redefinition - warnings reported by Kevin Brott. - -commit a47ead7c95cfbeb72721066c4da2312e5b1b9f3d -Author: Darren Tucker <dtucker@zip.com.au> -Date: Wed Feb 25 13:17:40 2015 +1100 - - Add includes.h for compatibility stuff. - -commit 38806bda6d2e48ad32812b461eebe17672ada771 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Feb 24 16:50:06 2015 -0800 - - include netdb.h to look for MAXHOSTNAMELEN; ok tim - -commit d1db656021d0cd8c001a6692f772f1de29b67c8b -Author: Tim Rice <tim@multitalents.net> -Date: Tue Feb 24 10:42:08 2015 -0800 - - Work around finicky USL linker so netcat will build. - -commit cb030ce25f555737e8ba97bdd7883ac43f3ff2a3 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Feb 24 09:23:04 2015 -0800 - - include includes.h to avoid build failure on AIX - -commit 13af342458f5064144abbb07e5ac9bbd4eb42567 -Author: Tim Rice <tim@multitalents.net> -Date: Tue Feb 24 07:56:47 2015 -0800 - - Original portability patch from djm@ for platforms missing err.h. - Fix name space clash on Solaris 10. Still more to do for Solaris 10 - to deal with msghdr structure differences. ok djm@ - -commit 910209203d0cd60c5083901cbcc0b7b44d9f48d2 -Author: Tim Rice <tim@multitalents.net> -Date: Mon Feb 23 22:06:56 2015 -0800 - - cleaner way fix dispatch.h portion of commit - a88dd1da119052870bb2654c1a32c51971eade16 - (some systems have sig_atomic_t in signal.h, some in sys/signal.h) - Sounds good to me djm@ - -commit 676c38d7cbe65b76bbfff796861bb6615cc6a596 -Author: Tim Rice <tim@multitalents.net> -Date: Mon Feb 23 21:51:33 2015 -0800 - - portability fix: if we can't dind a better define for HOST_NAME_MAX, use 255 - -commit 1221b22023dce38cbc90ba77eae4c5d78c77a5e6 -Author: Tim Rice <tim@multitalents.net> -Date: Mon Feb 23 21:50:34 2015 -0800 - - portablity fix: s/__inline__/inline/ - -commit 4c356308a88d309c796325bb75dce90ca16591d5 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Tue Feb 24 13:49:31 2015 +1100 - - Wrap stdint.h includes in HAVE_STDINT_H. - -commit c9c88355c6a27a908e7d1e5003a2b35ea99c1614 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Tue Feb 24 13:43:57 2015 +1100 - - Add AI_NUMERICSERV to fake-rfc2553. - - Our getaddrinfo implementation always returns numeric values already. - -commit ef342ab1ce6fb9a4b30186c89c309d0ae9d0eeb4 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Tue Feb 24 13:39:57 2015 +1100 - - Include OpenSSL's objects.h before bn.h. - - Prevents compile errors on some platforms (at least old GCCs and AIX's - XLC compilers). - -commit dcc8997d116f615195aa7c9ec019fb36c28c6228 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Tue Feb 24 12:30:59 2015 +1100 - - Convert two macros into functions. - - Convert packet_send_debug and packet_disconnect from macros to - functions. Some older GCCs (2.7.x, 2.95.x) see to have problems with - variadic macros with only one argument so we convert these two into - functions. ok djm@ - -commit 2285c30d51b7e2052c6526445abe7e7cc7e170a1 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Feb 23 22:21:21 2015 +0000 - - upstream commit - - further silence spurious error message even when -v is - specified (e.g. to get visual host keys); reported by naddy@ - -commit 9af21979c00652029e160295e988dea40758ece2 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Feb 24 09:04:32 2015 +1100 - - don't include stdint.h unless HAVE_STDINT_H set - -commit 62f678dd51660d6f8aee1da33d3222c5de10a89e -Author: Damien Miller <djm@mindrot.org> -Date: Tue Feb 24 09:02:54 2015 +1100 - - nother sys/queue.h -> sys-queue.h fix - - spotted by Tom Christensen - -commit b3c19151cba2c0ed01b27f55de0d723ad07ca98f -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Feb 23 20:32:15 2015 +0000 - - upstream commit - - fix a race condition by using a mux socket rather than an - ineffectual wait statement - -commit a88dd1da119052870bb2654c1a32c51971eade16 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Feb 24 06:30:29 2015 +1100 - - various include fixes for portable - -commit 5248429b5ec524d0a65507cff0cdd6e0cb99effd -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Feb 23 16:55:51 2015 +0000 - - upstream commit - - add an XXX to remind me to improve sshkey_load_public - -commit e94e4b07ef2eaead38b085a60535df9981cdbcdb -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Feb 23 16:55:31 2015 +0000 - - upstream commit - - silence a spurious error message when listing - fingerprints for known_hosts; bz#2342 - -commit f2293a65392b54ac721f66bc0b44462e8d1d81f8 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Feb 23 16:33:25 2015 +0000 - - upstream commit - - fix setting/clearing of TTY raw mode around - UpdateHostKeys=ask confirmation question; reported by Herb Goldman - -commit f2004cd1adf34492eae0a44b1ef84e0e31b06088 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Mon Feb 23 05:04:21 2015 +1100 - - Repair for non-ECC OpenSSL. - - Ifdef out the ECC parts when building with an OpenSSL that doesn't have - it. - -commit 37f9220db8d1a52c75894c3de1e5f2ae5bd71b6f -Author: Darren Tucker <dtucker@zip.com.au> -Date: Mon Feb 23 03:07:24 2015 +1100 - - Wrap stdint.h includes in ifdefs. - -commit f81f1bbc5b892c8614ea740b1f92735652eb43f0 -Author: Tim Rice <tim@multitalents.net> -Date: Sat Feb 21 18:12:10 2015 -0800 - - out of tree build fix - -commit 2e13a1e4d22f3b503c3bfc878562cc7386a1d1ae -Author: Tim Rice <tim@multitalents.net> -Date: Sat Feb 21 18:08:51 2015 -0800 - - mkdir kex unit test directory so testing out of tree builds works - -commit 1797f49b1ba31e8700231cd6b1d512d80bb50d2c -Author: halex@openbsd.org <halex@openbsd.org> -Date: Sat Feb 21 21:46:57 2015 +0000 - - upstream commit - - make "ssh-add -d" properly remove a corresponding - certificate, and also not whine and fail if there is none - - ok djm@ - -commit 7faaa32da83a609059d95dbfcb0649fdb04caaf6 -Author: Damien Miller <djm@mindrot.org> -Date: Sun Feb 22 07:57:27 2015 +1100 - - mkdir hostkey and bitmap unit test directories - -commit bd49da2ef197efac5e38f5399263a8b47990c538 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Feb 20 23:46:01 2015 +0000 - - upstream commit - - sort options useable under Match case-insensitively; prodded - jmc@ - -commit 1a779a0dd6cd8b4a1a40ea33b5415ab8408128ac -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Feb 21 20:51:02 2015 +0000 - - upstream commit - - correct paths to configuration files being written/updated; - they live in $OBJ not cwd; some by Roumen Petrov - -commit 28ba006c1acddff992ae946d0bc0b500b531ba6b -Author: Darren Tucker <dtucker@zip.com.au> -Date: Sat Feb 21 15:41:07 2015 +1100 - - More correct checking of HAVE_DECL_AI_NUMERICSERV. - -commit e50e8c97a9cecae1f28febccaa6ca5ab3bc10f54 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Sat Feb 21 15:10:33 2015 +1100 - - Add null declaration of AI_NUMERICINFO. - - Some platforms (older FreeBSD and DragonFly versions) do have - getaddrinfo() but do not have AI_NUMERICINFO. so define it to zero - in those cases. - -commit 18a208d6a460d707a45916db63a571e805f5db46 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Feb 20 22:40:32 2015 +0000 - - upstream commit - - more options that are available under Match; bz#2353 reported - by calestyo AT scientia.net - -commit 44732de06884238049f285f1455b2181baa7dc82 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Feb 20 22:17:21 2015 +0000 - - upstream commit - - UpdateHostKeys fixes: - - I accidentally changed the format of the hostkeys@openssh.com messages - last week without changing the extension name, and this has been causing - connection failures for people who are running -current. First reported - by sthen@ - - s/hostkeys@openssh.com/hostkeys-00@openssh.com/ - Change the name of the proof message too, and reorder it a little. - - Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY - available to read the response) so disable UpdateHostKeys if it is in - ask mode and ControlPersist is active (and document this) - -commit 13a39414d25646f93e6d355521d832a03aaaffe2 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Feb 17 00:14:05 2015 +0000 - - upstream commit - - Regression: I broke logging of public key fingerprints in - 1.46. Pointed out by Pontus Lundkvist - -commit 773dda25e828c4c9a52f7bdce6e1e5924157beab -Author: Damien Miller <djm@mindrot.org> -Date: Fri Jan 30 23:10:17 2015 +1100 - - repair --without-openssl; broken in refactor - -commit e89c780886b23600de1e1c8d74aabd1ff61f43f0 -Author: Damien Miller <djm@google.com> -Date: Tue Feb 17 10:04:55 2015 +1100 - - hook up hostkeys unittest to portable Makefiles - -commit 0abf41f99aa16ff09b263bead242d6cb2dbbcf99 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Feb 16 22:21:03 2015 +0000 - - upstream commit - - enable hostkeys unit tests - -commit 68a5d647ccf0fb6782b2f749433a1eee5bc9044b -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Feb 16 22:20:50 2015 +0000 - - upstream commit - - check string/memory compare arguments aren't NULL - -commit ef575ef20d09f20722e26b45dab80b3620469687 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Feb 16 22:18:34 2015 +0000 - - upstream commit - - unit tests for hostfile.c code, just hostkeys_foreach so - far - -commit 8ea3365e6aa2759ccf5c76eaea62cbc8a280b0e7 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Sat Feb 14 12:43:16 2015 +0000 - - upstream commit - - test server rekey limit - -commit ce63c4b063c39b2b22d4ada449c9e3fbde788cb3 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Feb 16 22:30:03 2015 +0000 - - upstream commit - - partial backout of: - - revision 1.441 - date: 2015/01/31 20:30:05; author: djm; state: Exp; lines: +17 -10; commitid - : x8klYPZMJSrVlt3O; - Let sshd load public host keys even when private keys are missing. - Allows sshd to advertise additional keys for future key rotation. - Also log fingerprint of hostkeys loaded; ok markus@ - - hostkey updates now require access to the private key, so we can't - load public keys only. The improved log messages (fingerprints of keys - loaded) are kept. - -commit 523463a3a2a9bfc6cfc5afa01bae9147f76a37cc -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Feb 16 22:13:32 2015 +0000 - - upstream commit - - Revise hostkeys@openssh.com hostkey learning extension. - - The client will not ask the server to prove ownership of the private - halves of any hitherto-unseen hostkeys it offers to the client. - - Allow UpdateHostKeys option to take an 'ask' argument to let the - user manually review keys offered. - - ok markus@ - -commit 6c5c949782d86a6e7d58006599c7685bfcd01685 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Feb 16 22:08:57 2015 +0000 - - upstream commit - - Refactor hostkeys_foreach() and dependent code Deal with - IP addresses (i.e. CheckHostIP) Don't clobber known_hosts when nothing - changed ok markus@ as part of larger commit - -commit 51b082ccbe633dc970df1d1f4c9c0497115fe721 -Author: miod@openbsd.org <miod@openbsd.org> -Date: Mon Feb 16 18:26:26 2015 +0000 - - upstream commit - - Declare ge25519_base as extern, to prevent it from - becoming a common. Gets us rid of ``lignment 4 of symbol - `crypto_sign_ed25519_ref_ge25519_base' in mod_ge25519.o is smaller than 16 in - mod_ed25519.o'' warnings at link time. - -commit 02db468bf7e3281a8e3c058ced571b38b6407c34 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Fri Feb 13 18:57:00 2015 +0000 - - upstream commit - - make rekey_limit for sshd w/privsep work; ok djm@ - dtucker@ - -commit 8ec67d505bd23c8bf9e17b7a364b563a07a58ec8 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Thu Feb 12 20:34:19 2015 +0000 - - upstream commit - - Prevent sshd spamming syslog with - "ssh_dispatch_run_fatal: disconnected". ok markus@ - -commit d4c0295d1afc342057ba358237acad6be8af480b -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Feb 11 01:20:38 2015 +0000 - - upstream commit - - Some packet error messages show the address of the peer, - but might be generated after the socket to the peer has suffered a TCP reset. - In these cases, getpeername() won't work so cache the address earlier. - - spotted in the wild via deraadt@ and tedu@ - -commit 4af1709cf774475ce5d1bc3ddcc165f6c222897d -Author: jsg@openbsd.org <jsg@openbsd.org> -Date: Mon Feb 9 23:22:37 2015 +0000 - - upstream commit - - fix some leaks in error paths ok markus@ - -commit fd36834871d06a03e1ff8d69e41992efa1bbf85f -Author: millert@openbsd.org <millert@openbsd.org> -Date: Fri Feb 6 23:21:59 2015 +0000 - - upstream commit - - SIZE_MAX is standard, we should be using it in preference to - the obsolete SIZE_T_MAX. OK miod@ beck@ - -commit 1910a286d7771eab84c0b047f31c0a17505236fa -Author: millert@openbsd.org <millert@openbsd.org> -Date: Thu Feb 5 12:59:57 2015 +0000 - - upstream commit - - Include stdint.h, not limits.h to get SIZE_MAX. OK guenther@ - -commit ce4f59b2405845584f45e0b3214760eb0008c06c -Author: deraadt@openbsd.org <deraadt@openbsd.org> -Date: Tue Feb 3 08:07:20 2015 +0000 - - upstream commit - - missing ; djm and mlarkin really having great - interactions recently - -commit 5d34aa94938abb12b877a25be51862757f25d54b -Author: halex@openbsd.org <halex@openbsd.org> -Date: Tue Feb 3 00:34:14 2015 +0000 - - upstream commit - - slightly extend the passphrase prompt if running with -c - in order to give the user a chance to notice if unintentionally running - without it - - wording tweak and ok djm@ - -commit cb3bde373e80902c7d5d0db429f85068d19b2918 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Feb 2 22:48:53 2015 +0000 - - upstream commit - - handle PKCS#11 C_Login returning - CKR_USER_ALREADY_LOGGED_IN; based on patch from Yuri Samoilenko; ok markus@ - -commit 15ad750e5ec3cc69765b7eba1ce90060e7083399 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Feb 2 07:41:40 2015 +0000 - - upstream commit - - turn UpdateHostkeys off by default until I figure out - mlarkin@'s warning message; requested by deraadt@ - -commit 3cd5103c1e1aaa59bd66f7f52f6ebbcd5deb12f9 -Author: deraadt@openbsd.org <deraadt@openbsd.org> -Date: Mon Feb 2 01:57:44 2015 +0000 - - upstream commit - - increasing encounters with difficult DNS setups in - darknets has convinced me UseDNS off by default is better ok djm - -commit 6049a548a8a68ff0bbe581ab1748ea6a59ecdc38 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Jan 31 20:30:05 2015 +0000 - - upstream commit - - Let sshd load public host keys even when private keys are - missing. Allows sshd to advertise additional keys for future key rotation. - Also log fingerprint of hostkeys loaded; ok markus@ - -commit 46347ed5968f582661e8a70a45f448e0179ca0ab -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jan 30 11:43:14 2015 +0000 - - upstream commit - - Add a ssh_config HostbasedKeyType option to control which - host public key types are tried during hostbased authentication. - - This may be used to prevent too many keys being sent to the server, - and blowing past its MaxAuthTries limit. - - bz#2211 based on patch by Iain Morgan; ok markus@ - -commit 802660cb70453fa4d230cb0233bc1bbdf8328de1 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jan 30 10:44:49 2015 +0000 - - upstream commit - - set a timeout to prevent hangs when talking to busted - servers; ok markus@ - -commit 86936ec245a15c7abe71a0722610998b0a28b194 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jan 30 01:11:39 2015 +0000 - - upstream commit - - regression test for 'wildcard CA' serial/key ID revocations - -commit 4509b5d4a4fa645a022635bfa7e86d09b285001f -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jan 30 01:13:33 2015 +0000 - - upstream commit - - avoid more fatal/exit in the packet.c paths that - ssh-keyscan uses; feedback and "looks good" markus@ - -commit 669aee994348468af8b4b2ebd29b602cf2860b22 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jan 30 01:10:33 2015 +0000 - - upstream commit - - permit KRLs that revoke certificates by serial number or - key ID without scoping to a particular CA; ok markus@ - -commit 7a2c368477e26575d0866247d3313da4256cb2b5 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jan 30 00:59:19 2015 +0000 - - upstream commit - - missing parentheses after if in do_convert_from() broke - private key conversion from other formats some time in 2010; bz#2345 reported - by jjelen AT redhat.com - -commit 25f5f78d8bf5c22d9cea8b49de24ebeee648a355 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jan 30 00:22:25 2015 +0000 - - upstream commit - - fix ssh protocol 1, spotted by miod@ - -commit 9ce86c926dfa6e0635161b035e3944e611cbccf0 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jan 28 22:36:00 2015 +0000 - - upstream commit - - update to new API (key_fingerprint => sshkey_fingerprint) - check sshkey_fingerprint return values; ok markus - -commit 9125525c37bf73ad3ee4025520889d2ce9d10f29 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jan 28 22:05:31 2015 +0000 - - upstream commit - - avoid fatal() calls in packet code makes ssh-keyscan more - reliable against server failures ok dtucker@ markus@ - -commit fae7bbe544cba7a9e5e4ab47ff6faa3d978646eb -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jan 28 21:15:47 2015 +0000 - - upstream commit - - avoid fatal() calls in packet code makes ssh-keyscan more - reliable against server failures ok dtucker@ markus@ - -commit 1a3d14f6b44a494037c7deab485abe6496bf2c60 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jan 28 11:07:25 2015 +0000 - - upstream commit - - remove obsolete comment - -commit 80c25b7bc0a71d75c43a4575d9a1336f589eb639 -Author: okan@openbsd.org <okan@openbsd.org> -Date: Tue Jan 27 12:54:06 2015 +0000 - - upstream commit - - Since r1.2 removed the use of PRI* macros, inttypes.h is - no longer required. - - ok djm@ - -commit 69ff64f69615c2a21c97cb5878a0996c21423257 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Jan 27 23:07:43 2015 +1100 - - compile on systems without TCP_MD5SIG (e.g. OSX) - -commit 358964f3082fb90b2ae15bcab07b6105cfad5a43 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Jan 27 23:07:25 2015 +1100 - - use ssh-keygen under test rather than system's - -commit a2c95c1bf33ea53038324d1fdd774bc953f98236 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Jan 27 23:06:59 2015 +1100 - - OSX lacks HOST_NAME_MAX, has _POSIX_HOST_NAME_MAX - -commit ade31d7b6f608a19b85bee29a7a00b1e636a2919 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Jan 27 23:06:23 2015 +1100 - - these need active_state defined to link on OSX - - temporary measure until active_state goes away entirely - -commit e56aa87502f22c5844918c10190e8b4f785f067b -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jan 27 12:01:36 2015 +0000 - - upstream commit - - use printf instead of echo -n to reduce diff against - -portable - -commit 9f7637f56eddfaf62ce3c0af89c25480f2cf1068 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Mon Jan 26 13:55:29 2015 +0000 - - upstream commit - - sort previous; - -commit 3076ee7d530d5b16842fac7a6229706c7e5acd26 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jan 26 13:36:53 2015 +0000 - - upstream commit - - properly restore umask - -commit d411d395556b73ba1b9e451516a0bd6697c4b03d -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jan 26 06:12:18 2015 +0000 - - upstream commit - - regression test for host key rotation - -commit fe8a3a51699afbc6407a8fae59b73349d01e49f8 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jan 26 06:11:28 2015 +0000 - - upstream commit - - adapt to sshkey API tweaks - -commit 7dd355fb1f0038a3d5cdca57ebab4356c7a5b434 -Author: miod@openbsd.org <miod@openbsd.org> -Date: Sat Jan 24 10:39:21 2015 +0000 - - upstream commit - - Move -lz late in the linker commandline for things to - build on static arches. - -commit 0dad3b806fddb93c475b30853b9be1a25d673a33 -Author: miod@openbsd.org <miod@openbsd.org> -Date: Fri Jan 23 21:21:23 2015 +0000 - - upstream commit - - -Wpointer-sign is supported by gcc 4 only. - -commit 2b3b1c1e4bd9577b6e780c255c278542ea66c098 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jan 20 22:58:57 2015 +0000 - - upstream commit - - use SUBDIR to recuse into unit tests; makes "make obj" - actually work - -commit 1d1092bff8db27080155541212b420703f8b9c92 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jan 26 12:16:36 2015 +0000 - - upstream commit - - correct description of UpdateHostKeys in ssh_config.5 and - add it to -o lists for ssh, scp and sftp; pointed out by jmc@ - -commit 5104db7cbd6cdd9c5971f4358e74414862fc1022 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jan 26 06:10:03 2015 +0000 - - upstream commit - - correctly match ECDSA subtype (== curve) for - offered/recevied host keys. Fixes connection-killing host key mismatches when - a server offers multiple ECDSA keys with different curve type (an extremely - unlikely configuration). - - ok markus, "looks mechanical" deraadt@ - -commit 8d4f87258f31cb6def9b3b55b6a7321d84728ff2 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jan 26 03:04:45 2015 +0000 - - upstream commit - - Host key rotation support. - - Add a hostkeys@openssh.com protocol extension (global request) for - a server to inform a client of all its available host key after - authentication has completed. The client may record the keys in - known_hosts, allowing it to upgrade to better host key algorithms - and a server to gracefully rotate its keys. - - The client side of this is controlled by a UpdateHostkeys config - option (default on). - - ok markus@ - -commit 60b1825262b1f1e24fc72050b907189c92daf18e -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jan 26 02:59:11 2015 +0000 - - upstream commit - - small refactor and add some convenience functions; ok - markus - -commit a5a3e3328ddce91e76f71ff479022d53e35c60c9 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Thu Jan 22 21:00:42 2015 +0000 - - upstream commit - - heirarchy -> hierarchy; - -commit dcff5810a11195c57e1b3343c0d6b6f2b9974c11 -Author: deraadt@openbsd.org <deraadt@openbsd.org> -Date: Thu Jan 22 20:24:41 2015 +0000 - - upstream commit - - Provide a warning about chroot misuses (which sadly, seem - to have become quite popular because shiny). sshd cannot detect/manage/do - anything about these cases, best we can do is warn in the right spot in the - man page. ok markus - -commit 087266ec33c76fc8d54ac5a19efacf2f4a4ca076 -Author: deraadt@openbsd.org <deraadt@openbsd.org> -Date: Tue Jan 20 23:14:00 2015 +0000 - - upstream commit - - Reduce use of <sys/param.h> and transition to <limits.h> - throughout. ok djm markus - -commit 57e783c8ba2c0797f93977e83b2a8644a03065d8 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Tue Jan 20 20:16:21 2015 +0000 - - upstream commit - - kex_setup errors are fatal() - -commit 1d6424a6ff94633c221297ae8f42d54e12a20912 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jan 20 08:02:33 2015 +0000 - - upstream commit - - this test would accidentally delete agent.sh if run without - obj/ - -commit 12b5f50777203e12575f1b08568281e447249ed3 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jan 20 07:56:44 2015 +0000 - - upstream commit - - make this compile with KERBEROS5 enabled - -commit e2cc6bef08941256817d44d146115b3478586ad4 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jan 20 07:55:33 2015 +0000 - - upstream commit - - fix hostkeys in agent; ok markus@ - -commit 1ca3e2155aa5d3801a7ae050f85c71f41fcb95b1 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Jan 20 10:11:31 2015 +1100 - - fix kex test - -commit c78a578107c7e6dcf5d30a2f34cb6581bef14029 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jan 19 20:45:25 2015 +0000 - - upstream commit - - finally enable the KEX tests I wrote some years ago... - -commit 31821d7217e686667d04935aeec99e1fc4a46e7e -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jan 19 20:42:31 2015 +0000 - - upstream commit - - adapt to new error message (SSH_ERR_MAC_INVALID) - -commit d3716ca19e510e95d956ae14d5b367e364bff7f1 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jan 19 17:31:13 2015 +0000 - - upstream commit - - this test was broken in at least two ways, such that it - wasn't checking that a KRL was not excluding valid keys - -commit 3f797653748e7c2b037dacb57574c01d9ef3b4d3 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jan 19 20:32:39 2015 +0000 - - upstream commit - - switch ssh-keyscan from setjmp to multiple ssh transport - layer instances ok djm@ - -commit f582f0e917bb0017b00944783cd5f408bf4b0b5e -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jan 19 20:30:23 2015 +0000 - - upstream commit - - add experimental api for packet layer; ok djm@ - -commit 48b3b2ba75181f11fca7f327058a591f4426cade -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jan 19 20:20:20 2015 +0000 - - upstream commit - - store compat flags in struct ssh; ok djm@ - -commit 57d10cbe861a235dd269c74fb2fe248469ecee9d -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jan 19 20:16:15 2015 +0000 - - upstream commit - - adapt kex to sshbuf and struct ssh; ok djm@ - -commit 3fdc88a0def4f86aa88a5846ac079dc964c0546a -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jan 19 20:07:45 2015 +0000 - - upstream commit - - move dispatch to struct ssh; ok djm@ - -commit 091c302829210c41e7f57c3f094c7b9c054306f0 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jan 19 19:52:16 2015 +0000 - - upstream commit - - update packet.c & isolate, introduce struct ssh a) switch - packet.c to buffer api and isolate per-connection info into struct ssh b) - (de)serialization of the state is moved from monitor to packet.c c) the old - packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and - integrated into packet.c with and ok djm@ - -commit 4e62cc68ce4ba20245d208b252e74e91d3785b74 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jan 19 17:35:48 2015 +0000 - - upstream commit - - fix format strings in (disabled) debugging - -commit d85e06245907d49a2cd0cfa0abf59150ad616f42 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jan 19 06:01:32 2015 +0000 - - upstream commit - - be a bit more careful in these tests to ensure that - known_hosts is clean - -commit 7947810eab5fe0ad311f32a48f4d4eb1f71be6cf -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Jan 18 22:00:18 2015 +0000 - - upstream commit - - regression test for known_host file editing using - ssh-keygen (-H / -R / -F) after hostkeys_foreach() change; feedback and ok - markus@ - -commit 3a2b09d147a565d8a47edf37491e149a02c0d3a3 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Jan 18 19:54:46 2015 +0000 - - upstream commit - - more and better key tests - - test signatures and verification - test certificate generation - flesh out nested cert test - - removes most of the XXX todo markers - -commit 589e69fd82724cfc9738f128e4771da2e6405d0d -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Jan 18 19:53:58 2015 +0000 - - upstream commit - - make the signature fuzzing test much more rigorous: - ensure that the fuzzed input cases do not match the original (using new - fuzz_matches_original() function) and check that the verification fails in - each case - -commit 80603c0daa2538c349c1c152405580b164d5475f -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Jan 18 19:52:44 2015 +0000 - - upstream commit - - add a fuzz_matches_original() function to the fuzzer to - detect fuzz cases that are identical to the original data. Hacky - implementation, but very useful when you need the fuzz to be different, e.g. - when verifying signature - -commit 87d5495bd337e358ad69c524fcb9495208c0750b -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Jan 18 19:50:55 2015 +0000 - - upstream commit - - better dumps from the fuzzer (shown on errors) - - include the original data as well as the fuzzed copy. - -commit d59ec478c453a3fff05badbbfd96aa856364f2c2 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Jan 18 19:47:55 2015 +0000 - - upstream commit - - enable hostkey-agent.sh test - -commit 26b3425170bf840e4b095e1c10bf25a0a3e3a105 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Jan 17 18:54:30 2015 +0000 - - upstream commit - - unit test for hostkeys in ssh-agent - -commit 9e06a0fb23ec55d9223b26a45bb63c7649e2f2f2 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Thu Jan 15 23:41:29 2015 +0000 - - upstream commit - - add kex unit tests - -commit d2099dec6da21ae627f6289aedae6bc1d41a22ce -Author: deraadt@openbsd.org <deraadt@openbsd.org> -Date: Mon Jan 19 00:32:54 2015 +0000 - - upstream commit - - djm, your /usr/include tree is old - -commit 2b3c3c76c30dc5076fe09d590f5b26880f148a54 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Jan 18 21:51:19 2015 +0000 - - upstream commit - - some feedback from markus@: comment hostkeys_foreach() - context and avoid a member in it. - -commit cecb30bc2ba6d594366e657d664d5c494b6c8a7f -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Jan 18 21:49:42 2015 +0000 - - upstream commit - - make ssh-keygen use hostkeys_foreach(). Removes some - horrendous code; ok markus@ - -commit ec3d065df3a9557ea96b02d061fd821a18c1a0b9 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Jan 18 21:48:09 2015 +0000 - - upstream commit - - convert load_hostkeys() (hostkey ordering and - known_host matching) to use the new hostkey_foreach() iterator; ok markus - -commit c29811cc480a260e42fd88849fc86a80c1e91038 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Jan 18 21:40:23 2015 +0000 - - upstream commit - - introduce hostkeys_foreach() to allow iteration over a - known_hosts file or controlled subset thereof. This will allow us to pull out - some ugly and duplicated code, and will be used to implement hostkey rotation - later. - - feedback and ok markus - -commit f101d8291da01bbbfd6fb8c569cfd0cc61c0d346 -Author: deraadt@openbsd.org <deraadt@openbsd.org> -Date: Sun Jan 18 14:01:00 2015 +0000 - - upstream commit - - string truncation due to sizeof(size) ok djm markus - -commit 35d6022b55b7969fc10c261cb6aa78cc4a5fcc41 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Jan 18 13:33:34 2015 +0000 - - upstream commit - - avoid trailing ',' in host key algorithms - -commit 7efb455789a0cb76bdcdee91c6060a3dc8f5c007 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Jan 18 13:22:28 2015 +0000 - - upstream commit - - infer key length correctly when user specified a fully- - qualified key name instead of using the -b bits option; ok markus@ - -commit 83f8ffa6a55ccd0ce9d8a205e3e7439ec18fedf5 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Jan 17 18:53:34 2015 +0000 - - upstream commit - - fix hostkeys on ssh agent; found by unit test I'm about - to commit - -commit 369d61f17657b814124268f99c033e4dc6e436c1 -Author: schwarze@openbsd.org <schwarze@openbsd.org> -Date: Fri Jan 16 16:20:23 2015 +0000 - - upstream commit - - garbage collect empty .No macros mandoc warns about - -commit bb8b442d32dbdb8521d610e10d8b248d938bd747 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jan 16 15:55:07 2015 +0000 - - upstream commit - - regression: incorrect error message on - otherwise-successful ssh-keygen -A. Reported by Dmitry Orlov, via deraadt@ - -commit 9010902954a40b59d0bf3df3ccbc3140a653e2bc -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jan 16 07:19:48 2015 +0000 - - upstream commit - - when hostname canonicalisation is enabled, try to parse - hostnames as addresses before looking them up for canonicalisation. fixes - bz#2074 and avoids needless DNS lookups in some cases; ok markus - -commit 2ae4f337b2a5fb2841b6b0053b49496fef844d1c -Author: deraadt@openbsd.org <deraadt@openbsd.org> -Date: Fri Jan 16 06:40:12 2015 +0000 - - upstream commit - - Replace <sys/param.h> with <limits.h> and other less - dirty headers where possible. Annotate <sys/param.h> lines with their - current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, - LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of - MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. - These are the files confirmed through binary verification. ok guenther, - millert, doug (helped with the verification protocol) - -commit 3c4726f4c24118e8f1bb80bf75f1456c76df072c -Author: markus@openbsd.org <markus@openbsd.org> -Date: Thu Jan 15 21:38:50 2015 +0000 - - upstream commit - - remove xmalloc, switch to sshbuf - -commit e17ac01f8b763e4b83976b9e521e90a280acc097 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Thu Jan 15 21:37:14 2015 +0000 - - upstream commit - - switch to sshbuf - -commit ddef9995a1fa6c7a8ff3b38bfe6cf724bebf13d0 -Author: naddy@openbsd.org <naddy@openbsd.org> -Date: Thu Jan 15 18:32:54 2015 +0000 - - upstream commit - - handle UMAC128 initialization like UMAC; ok djm@ markus@ - -commit f14564c1f7792446bca143580aef0e7ac25dcdae -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jan 15 11:04:36 2015 +0000 - - upstream commit - - fix regression reported by brad@ for passworded keys without - agent present - -commit 45c0fd70bb2a88061319dfff20cb12ef7b1bc47e -Author: Damien Miller <djm@mindrot.org> -Date: Thu Jan 15 22:08:23 2015 +1100 - - make bitmap test compile - -commit d333f89abf7179021e5c3f28673f469abe032062 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jan 15 07:36:28 2015 +0000 - - upstream commit - - unit tests for KRL bitmap - -commit 7613f828f49c55ff356007ae9645038ab6682556 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Wed Jan 14 09:58:21 2015 +0000 - - upstream commit - - re-add comment about full path - -commit 6c43b48b307c41cd656b415621a644074579a578 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Wed Jan 14 09:54:38 2015 +0000 - - upstream commit - - don't reset to the installed sshd; connect before - reconfigure, too - -commit 771bb47a1df8b69061f09462e78aa0b66cd594bf -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jan 13 14:51:51 2015 +0000 - - upstream commit - - implement a SIGINFO handler so we can discern a stuck - fuzz test from a merely glacial one; prompted by and ok markus - -commit cfaa57962f8536f3cf0fd7daf4d6a55d6f6de45f -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jan 13 08:23:26 2015 +0000 - - upstream commit - - use $SSH instead of installed ssh to allow override; - spotted by markus@ - -commit 0920553d0aee117a596b03ed5b49b280d34a32c5 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jan 13 07:49:49 2015 +0000 - - upstream commit - - regress test for PubkeyAcceptedKeyTypes; ok markus@ - -commit 27ca1a5c0095eda151934bca39a77e391f875d17 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jan 12 20:13:27 2015 +0000 - - upstream commit - - unbreak parsing of pubkey comments; with gerhard; ok - djm/deraadt - -commit 55358f0b4e0b83bc0df81c5f854c91b11e0bb4dc -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jan 12 11:46:32 2015 +0000 - - upstream commit - - fatal if soft-PKCS11 library is missing rather (rather - than continue and fail with a more cryptic error) - -commit c3554cdd2a1a62434b8161017aa76fa09718a003 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jan 12 11:12:38 2015 +0000 - - upstream commit - - let this test all supporte key types; pointed out/ok - markus@ - -commit 1129dcfc5a3e508635004bcc05a3574cb7687167 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jan 15 09:40:00 2015 +0000 - - upstream commit - - sync ssh-keysign, ssh-keygen and some dependencies to the - new buffer/key API; mostly mechanical, ok markus@ - -commit e4ebf5586452bf512da662ac277aaf6ecf0efe7c -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jan 15 07:57:08 2015 +0000 - - upstream commit - - remove commented-out test code now that it has moved to a - proper unit test - -commit e81cba066c1e9eb70aba0f6e7c0ff220611b370f -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jan 14 20:54:29 2015 +0000 - - upstream commit - - whitespace - -commit 141efe49542f7156cdbc2e4cd0a041d8b1aab622 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jan 14 20:05:27 2015 +0000 - - upstream commit - - move authfd.c and its tentacles to the new buffer/key - API; ok markus@ - -commit 0088c57af302cda278bd26d8c3ae81d5b6f7c289 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jan 14 19:33:41 2015 +0000 - - upstream commit - - fix small regression: ssh-agent would return a success - message but an empty signature if asked to sign using an unknown key; ok - markus@ - -commit b03ebe2c22b8166e4f64c37737f4278676e3488d -Author: Damien Miller <djm@mindrot.org> -Date: Thu Jan 15 03:08:58 2015 +1100 - - more --without-openssl - - fix some regressions caused by upstream merges - - enable KRLs now that they no longer require BIGNUMs - -commit bc42cc6fe784f36df225c44c93b74830027cb5a2 -Author: Damien Miller <djm@mindrot.org> -Date: Thu Jan 15 03:08:29 2015 +1100 - - kludge around tun API mismatch betterer - -commit c332110291089b624fa0951fbf2d1ee6de525b9f -Author: Damien Miller <djm@mindrot.org> -Date: Thu Jan 15 02:59:51 2015 +1100 - - some systems lack SO_REUSEPORT - -commit 83b9678a62cbdc74eb2031cf1e1e4ffd58e233ae -Author: Damien Miller <djm@mindrot.org> -Date: Thu Jan 15 02:35:50 2015 +1100 - - fix merge botch - -commit 0cdc5a3eb6fb383569a4da2a30705d9b90428d6b -Author: Damien Miller <djm@mindrot.org> -Date: Thu Jan 15 02:35:33 2015 +1100 - - unbreak across API change - -commit 6e2549ac2b5e7f96cbc2d83a6e0784b120444b47 -Author: Damien Miller <djm@mindrot.org> -Date: Thu Jan 15 02:30:18 2015 +1100 - - need includes.h for portable OpenSSH - -commit 72ef7c148c42db7d5632a29f137f8b87b579f2d9 -Author: Damien Miller <djm@mindrot.org> -Date: Thu Jan 15 02:21:31 2015 +1100 - - support --without-openssl at configure time - - Disables and removes dependency on OpenSSL. Many features don't - work and the set of crypto options is greatly restricted. This - will only work on system with native arc4random or /dev/urandom. - - Considered highly experimental for now. - -commit 4f38c61c68ae7e3f9ee4b3c38bc86cd39f65ece9 -Author: Damien Miller <djm@mindrot.org> -Date: Thu Jan 15 02:28:00 2015 +1100 - - add files missed in last commit - -commit a165bab605f7be55940bb8fae977398e8c96a46d -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jan 14 15:02:39 2015 +0000 - - upstream commit - - avoid BIGNUM in KRL code by using a simple bitmap; - feedback and ok markus - -commit 7d845f4a0b7ec97887be204c3760e44de8bf1f32 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jan 14 13:54:13 2015 +0000 - - upstream commit - - update sftp client and server to new buffer API. pretty - much just mechanical changes; with & ok markus - -commit 139ca81866ec1b219c717d17061e5e7ad1059e2a -Author: markus@openbsd.org <markus@openbsd.org> -Date: Wed Jan 14 13:09:09 2015 +0000 - - upstream commit - - switch to sshbuf/sshkey; with & ok djm@ - -commit 81bfbd0bd35683de5d7f2238b985e5f8150a9180 -Author: Damien Miller <djm@mindrot.org> -Date: Wed Jan 14 21:48:18 2015 +1100 - - support --without-openssl at configure time - - Disables and removes dependency on OpenSSL. Many features don't - work and the set of crypto options is greatly restricted. This - will only work on system with native arc4random or /dev/urandom. - - Considered highly experimental for now. - -commit 54924b53af15ccdcbb9f89984512b5efef641a31 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jan 14 10:46:28 2015 +0000 - - upstream commit - - avoid an warning for the !OPENSSL case - -commit ae8b463217f7c9b66655bfc3945c050ffdaeb861 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Wed Jan 14 10:30:34 2015 +0000 - - upstream commit - - swith auth-options to new sshbuf/sshkey; ok djm@ - -commit 540e891191b98b89ee90aacf5b14a4a68635e763 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jan 14 10:29:45 2015 +0000 - - upstream commit - - make non-OpenSSL aes-ctr work on sshd w/ privsep; ok - markus@ - -commit 60c2c4ea5e1ad0ddfe8b2877b78ed5143be79c53 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Wed Jan 14 10:24:42 2015 +0000 - - upstream commit - - remove unneeded includes, sync my copyright across files - & whitespace; ok djm@ - -commit 128343bcdb0b60fc826f2733df8cf979ec1627b4 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Tue Jan 13 19:31:40 2015 +0000 - - upstream commit - - adapt mac.c to ssherr.h return codes (de-fatal) and - simplify dependencies ok djm@ - -commit e7fd952f4ea01f09ceb068721a5431ac2fd416ed -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jan 13 19:04:35 2015 +0000 - - upstream commit - - sync changes from libopenssh; prepared by markus@ mostly - debug output tweaks, a couple of error return value changes and some other - minor stuff - -commit 76c0480a85675f03a1376167cb686abed01a3583 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Jan 13 19:38:18 2015 +1100 - - add --without-ssh1 option to configure - - Allows disabling support for SSH protocol 1. - -commit 1f729f0614d1376c3332fa1edb6a5e5cec7e9e03 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jan 13 07:39:19 2015 +0000 - - upstream commit - - add sshd_config HostbasedAcceptedKeyTypes and - PubkeyAcceptedKeyTypes options to allow sshd to control what public key types - will be accepted. Currently defaults to all. Feedback & ok markus@ - -commit 816d1538c24209a93ba0560b27c4fda57c3fff65 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jan 12 20:13:27 2015 +0000 - - upstream commit - - unbreak parsing of pubkey comments; with gerhard; ok - djm/deraadt - -commit 0097565f849851812df610b7b6b3c4bd414f6c62 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jan 12 19:22:46 2015 +0000 - - upstream commit - - missing error assigment on sshbuf_put_string() - -commit a7f49dcb527dd17877fcb8d5c3a9a6f550e0bba5 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jan 12 15:18:07 2015 +0000 - - upstream commit - - apparently memcpy(x, NULL, 0) is undefined behaviour - according to C99 (cf. sections 7.21.1 and 7.1.4), so check skip memcpy calls - when length==0; ok markus@ - -commit 905fe30fca82f38213763616d0d26eb6790bde33 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jan 12 14:05:19 2015 +0000 - - upstream commit - - free->sshkey_free; ok djm@ - -commit f067cca2bc20c86b110174c3fef04086a7f57b13 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jan 12 13:29:27 2015 +0000 - - upstream commit - - allow WITH_OPENSSL w/o WITH_SSH1; ok djm@ - -commit c4bfafcc2a9300d9cfb3c15e75572d3a7d74670d -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jan 8 13:10:58 2015 +0000 - - upstream commit - - adjust for sshkey_load_file() API change - -commit e752c6d547036c602b89e9e704851463bd160e32 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jan 8 13:44:36 2015 +0000 - - upstream commit - - fix ssh_config FingerprintHash evaluation order; from Petr - Lautrbach - -commit ab24ab847b0fc94c8d5e419feecff0bcb6d6d1bf -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jan 8 10:15:45 2015 +0000 - - upstream commit - - reorder hostbased key attempts to better match the - default hostkey algorithms order in myproposal.h; ok markus@ - -commit 1195f4cb07ef4b0405c839293c38600b3e9bdb46 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jan 8 10:14:08 2015 +0000 - - upstream commit - - deprecate key_load_private_pem() and - sshkey_load_private_pem() interfaces. Refactor the generic key loading API to - not require pathnames to be specified (they weren't really used). - - Fixes a few other things en passant: - - Makes ed25519 keys work for hostbased authentication (ssh-keysign - previously used the PEM-only routines). - - Fixes key comment regression bz#2306: key pathnames were being lost as - comment fields. - - ok markus@ - -commit febbe09e4e9aff579b0c5cc1623f756862e4757d -Author: tedu@openbsd.org <tedu@openbsd.org> -Date: Wed Jan 7 18:15:07 2015 +0000 - - upstream commit - - workaround for the Meyer, et al, Bleichenbacher Side - Channel Attack. fake up a bignum key before RSA decryption. discussed/ok djm - markus - -commit 5191df927db282d3123ca2f34a04d8d96153911a -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Dec 23 22:42:48 2014 +0000 - - upstream commit - - KNF and add a little more debug() - -commit 8abd80315d3419b20e6938f74d37e2e2b547f0b7 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Mon Dec 22 09:26:31 2014 +0000 - - upstream commit - - add fingerprinthash to the options list; - -commit 296ef0560f60980da01d83b9f0e1a5257826536f -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Mon Dec 22 09:24:59 2014 +0000 - - upstream commit - - tweak previous; - -commit 462082eacbd37778a173afb6b84c6f4d898a18b5 -Author: Damien Miller <djm@google.com> -Date: Tue Dec 30 08:16:11 2014 +1100 - - avoid uninitialised free of ldns_res - - If an invalid rdclass was passed to getrrsetbyname() then - this would execute a free on an uninitialised pointer. - OpenSSH only ever calls this with a fixed and valid rdclass. - - Reported by Joshua Rogers - -commit 01b63498801053f131a0740eb9d13faf35d636c8 -Author: Damien Miller <djm@google.com> -Date: Mon Dec 29 18:10:18 2014 +1100 - - pull updated OpenBSD BCrypt PBKDF implementation - - Includes fix for 1 byte output overflow for large key length - requests (not reachable in OpenSSH). - - Pointed out by Joshua Rogers - -commit c528c1b4af2f06712177b3de9b30705752f7cbcb -Author: Damien Miller <djm@google.com> -Date: Tue Dec 23 15:26:13 2014 +1100 - - fix variable name for IPv6 case in construct_utmpx - - patch from writeonce AT midipix.org via bz#2296 - -commit 293cac52dcda123244b2e594d15592e5e481c55e -Author: Damien Miller <djm@google.com> -Date: Mon Dec 22 16:30:42 2014 +1100 - - include and use OpenBSD netcat in regress/ - -commit 8f6784f0cb56dc4fd00af3e81a10050a5785228d -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Dec 22 09:05:17 2014 +0000 - - upstream commit - - mention ssh -Q feature to list supported { MAC, cipher, - KEX, key } algorithms in more places and include the query string used to - list the relevant information; bz#2288 - -commit 449e11b4d7847079bd0a2daa6e3e7ea03d8ef700 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Mon Dec 22 08:24:17 2014 +0000 - - upstream commit - - tweak previous; - -commit 4bea0ab3290c0b9dd2aa199e932de8e7e18062d6 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Dec 22 08:06:03 2014 +0000 - - upstream commit - - regression test for multiple required pubkey authentication; - ok markus@ - -commit f1c4d8ec52158b6f57834b8cd839605b0a33e7f2 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Dec 22 08:04:23 2014 +0000 - - upstream commit - - correct description of what will happen when a - AuthorizedKeysCommand is specified but AuthorizedKeysCommandUser is not (sshd - will refuse to start) - -commit 161cf419f412446635013ac49e8c660cadc36080 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Dec 22 07:55:51 2014 +0000 - - upstream commit - - make internal handling of filename arguments of "none" - more consistent with ssh. "none" arguments are now replaced with NULL when - the configuration is finalised. - - Simplifies checking later on (just need to test not-NULL rather than - that + strcmp) and cleans up some inconsistencies. ok markus@ - -commit f69b69b8625be447b8826b21d87713874dac25a6 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Dec 22 07:51:30 2014 +0000 - - upstream commit - - remember which public keys have been used for - authentication and refuse to accept previously-used keys. - - This allows AuthenticationMethods=publickey,publickey to require - that users authenticate using two _different_ pubkeys. - - ok markus@ - -commit 46ac2ed4677968224c4ca825bc98fc68dae183f0 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Dec 22 07:24:11 2014 +0000 - - upstream commit - - fix passing of wildcard forward bind addresses when - connection multiplexing is in use; patch from Sami Hartikainen via bz#2324; - ok dtucker@ - -commit 0d1b241a262e4d0a6bbfdd595489ab1b853c43a1 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Dec 22 06:14:29 2014 +0000 - - upstream commit - - make this slightly easier to diff against portable - -commit 0715bcdddbf68953964058f17255bf54734b8737 -Author: Damien Miller <djm@mindrot.org> -Date: Mon Dec 22 13:47:07 2014 +1100 - - add missing regress output file - -commit 1e30483c8ad2c2f39445d4a4b6ab20c241e40593 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Dec 22 02:15:52 2014 +0000 - - upstream commit - - adjust for new SHA256 key fingerprints and - slightly-different MD5 hex fingerprint format - -commit 6b40567ed722df98593ad8e6a2d2448fc2b4b151 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Dec 22 01:14:49 2014 +0000 - - upstream commit - - poll changes to netcat (usr.bin/netcat.c r1.125) broke - this test; fix it by ensuring more stdio fds are sent to devnull - -commit a5375ccb970f49dddf7d0ef63c9b713ede9e7260 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Sun Dec 21 23:35:14 2014 +0000 - - upstream commit - - tweak previous; - -commit b79efde5c3badf5ce4312fe608d8307eade533c5 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Dec 21 23:12:42 2014 +0000 - - upstream commit - - document FingerprintHash here too - -commit d16bdd8027dd116afa01324bb071a4016cdc1a75 -Author: Damien Miller <djm@mindrot.org> -Date: Mon Dec 22 10:18:09 2014 +1100 - - missing include for base64 encoding - -commit 56d1c83cdd1ac76f1c6bd41e01e80dad834f3994 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Dec 21 22:27:55 2014 +0000 - - upstream commit - - Add FingerprintHash option to control algorithm used for - key fingerprints. Default changes from MD5 to SHA256 and format from hex to - base64. - - Feedback and ok naddy@ markus@ - -commit 058f839fe15c51be8b3a844a76ab9a8db550be4f -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Dec 18 23:58:04 2014 +0000 - - upstream commit - - don't count partial authentication success as a failure - against MaxAuthTries; ok deraadt@ diff --git a/crypto/openssh/INSTALL b/crypto/openssh/INSTALL index 71581d4..d257e28 100644 --- a/crypto/openssh/INSTALL +++ b/crypto/openssh/INSTALL @@ -1,3 +1,4 @@ +1. Prerequisites ---------------- A C compiler. Any C89 or better compiler should work. Where supported, @@ -243,7 +244,7 @@ manually using the following commands: ssh-keygen -t [type] -f /etc/ssh/ssh_host_key -N "" -for each of the types you wish to generate (rsa, dsa or ecdsaa) or +for each of the types you wish to generate (rsa, dsa or ecdsa) or ssh-keygen -A diff --git a/crypto/openssh/Makefile.in b/crypto/openssh/Makefile.in index e10f374..5870e9e 100644 --- a/crypto/openssh/Makefile.in +++ b/crypto/openssh/Makefile.in @@ -236,6 +236,8 @@ clean: regressclean rm -f regress/unittests/sshkey/test_sshkey rm -f regress/unittests/bitmap/*.o rm -f regress/unittests/bitmap/test_bitmap + rm -f regress/unittests/conversion/*.o + rm -f regress/unittests/conversion/test_conversion rm -f regress/unittests/hostkeys/*.o rm -f regress/unittests/hostkeys/test_hostkeys rm -f regress/unittests/kex/*.o @@ -262,6 +264,8 @@ distclean: regressclean rm -f regress/unittests/sshkey/test_sshkey rm -f regress/unittests/bitmap/*.o rm -f regress/unittests/bitmap/test_bitmap + rm -f regress/unittests/conversion/*.o + rm -f regress/unittests/conversion/test_conversion rm -f regress/unittests/hostkeys/*.o rm -f regress/unittests/hostkeys/test_hostkeys rm -f regress/unittests/kex/*.o @@ -426,6 +430,8 @@ regress-prep: mkdir -p `pwd`/regress/unittests/sshkey [ -d `pwd`/regress/unittests/bitmap ] || \ mkdir -p `pwd`/regress/unittests/bitmap + [ -d `pwd`/regress/unittests/conversion ] || \ + mkdir -p `pwd`/regress/unittests/conversion [ -d `pwd`/regress/unittests/hostkeys ] || \ mkdir -p `pwd`/regress/unittests/hostkeys [ -d `pwd`/regress/unittests/kex ] || \ @@ -503,6 +509,16 @@ regress/unittests/bitmap/test_bitmap$(EXEEXT): ${UNITTESTS_TEST_BITMAP_OBJS} \ regress/unittests/test_helper/libtest_helper.a \ -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) +UNITTESTS_TEST_CONVERSION_OBJS=\ + regress/unittests/conversion/tests.o + +regress/unittests/conversion/test_conversion$(EXEEXT): \ + ${UNITTESTS_TEST_CONVERSION_OBJS} \ + regress/unittests/test_helper/libtest_helper.a libssh.a + $(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_CONVERSION_OBJS) \ + regress/unittests/test_helper/libtest_helper.a \ + -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) + UNITTESTS_TEST_KEX_OBJS=\ regress/unittests/kex/tests.o \ regress/unittests/kex/test_kex.o @@ -558,13 +574,14 @@ regress-binaries: regress/modpipe$(EXEEXT) \ regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \ regress/unittests/sshkey/test_sshkey$(EXEEXT) \ regress/unittests/bitmap/test_bitmap$(EXEEXT) \ + regress/unittests/conversion/test_conversion$(EXEEXT) \ regress/unittests/hostkeys/test_hostkeys$(EXEEXT) \ regress/unittests/kex/test_kex$(EXEEXT) \ regress/unittests/match/test_match$(EXEEXT) \ regress/unittests/utf8/test_utf8$(EXEEXT) \ regress/misc/kexfuzz/kexfuzz$(EXEEXT) -tests interop-tests t-exec: regress-prep regress-binaries $(TARGETS) +tests interop-tests t-exec unit: regress-prep regress-binaries $(TARGETS) BUILDDIR=`pwd`; \ TEST_SSH_SCP="$${BUILDDIR}/scp"; \ TEST_SSH_SSH="$${BUILDDIR}/ssh"; \ diff --git a/crypto/openssh/README b/crypto/openssh/README index 60594ee..bda8525 100644 --- a/crypto/openssh/README +++ b/crypto/openssh/README @@ -1,4 +1,4 @@ -See https://www.openssh.com/releasenotes.html#7.4p1 for the release notes. +See https://www.openssh.com/releasenotes.html#7.5p1 for the release notes. Please read https://www.openssh.com/report.html for bug reporting instructions and note that we do not use Github for bug reporting or diff --git a/crypto/openssh/auth-pam.c b/crypto/openssh/auth-pam.c index 77e9e2b..2dfb509 100644 --- a/crypto/openssh/auth-pam.c +++ b/crypto/openssh/auth-pam.c @@ -833,6 +833,8 @@ fake_password(const char *wire_password) fatal("%s: password length too long: %zu", __func__, l); ret = malloc(l + 1); + if (ret == NULL) + return NULL; for (i = 0; i < l; i++) ret[i] = junk[i % (sizeof(junk) - 1)]; ret[i] = '\0'; diff --git a/crypto/openssh/auth1.c b/crypto/openssh/auth1.c deleted file mode 100644 index 1899544..0000000 --- a/crypto/openssh/auth1.c +++ /dev/null @@ -1,448 +0,0 @@ -/* $OpenBSD: auth1.c,v 1.82 2014/07/15 15:54:14 millert Exp $ */ -/* - * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland - * All rights reserved - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - */ - -#include "includes.h" - -#ifdef WITH_SSH1 - -#include <sys/types.h> - -#include <stdarg.h> -#include <stdio.h> -#include <string.h> -#include <unistd.h> -#include <pwd.h> - -#include "openbsd-compat/sys-queue.h" -#include "xmalloc.h" -#include "rsa.h" -#include "ssh1.h" -#include "packet.h" -#include "buffer.h" -#include "log.h" -#include "misc.h" -#include "servconf.h" -#include "compat.h" -#include "key.h" -#include "hostfile.h" -#include "auth.h" -#include "channels.h" -#include "session.h" -#include "uidswap.h" -#ifdef GSSAPI -#include "ssh-gss.h" -#endif -#include "monitor_wrap.h" -#include "buffer.h" -#include "blacklist_client.h" - -/* import */ -extern ServerOptions options; -extern Buffer loginmsg; - -static int auth1_process_password(Authctxt *); -static int auth1_process_rsa(Authctxt *); -static int auth1_process_rhosts_rsa(Authctxt *); -static int auth1_process_tis_challenge(Authctxt *); -static int auth1_process_tis_response(Authctxt *); - -static char *client_user = NULL; /* Used to fill in remote user for PAM */ - -struct AuthMethod1 { - int type; - char *name; - int *enabled; - int (*method)(Authctxt *); -}; - -const struct AuthMethod1 auth1_methods[] = { - { - SSH_CMSG_AUTH_PASSWORD, "password", - &options.password_authentication, auth1_process_password - }, - { - SSH_CMSG_AUTH_RSA, "rsa", - &options.rsa_authentication, auth1_process_rsa - }, - { - SSH_CMSG_AUTH_RHOSTS_RSA, "rhosts-rsa", - &options.rhosts_rsa_authentication, auth1_process_rhosts_rsa - }, - { - SSH_CMSG_AUTH_TIS, "challenge-response", - &options.challenge_response_authentication, - auth1_process_tis_challenge - }, - { - SSH_CMSG_AUTH_TIS_RESPONSE, "challenge-response", - &options.challenge_response_authentication, - auth1_process_tis_response - }, - { -1, NULL, NULL, NULL} -}; - -static const struct AuthMethod1 -*lookup_authmethod1(int type) -{ - int i; - - for (i = 0; auth1_methods[i].name != NULL; i++) - if (auth1_methods[i].type == type) - return (&(auth1_methods[i])); - - return (NULL); -} - -static char * -get_authname(int type) -{ - const struct AuthMethod1 *a; - static char buf[64]; - - if ((a = lookup_authmethod1(type)) != NULL) - return (a->name); - snprintf(buf, sizeof(buf), "bad-auth-msg-%d", type); - return (buf); -} - -/*ARGSUSED*/ -static int -auth1_process_password(Authctxt *authctxt) -{ - int authenticated = 0; - char *password; - u_int dlen; - - /* - * Read user password. It is in plain text, but was - * transmitted over the encrypted channel so it is - * not visible to an outside observer. - */ - password = packet_get_string(&dlen); - packet_check_eom(); - - /* Try authentication with the password. */ - authenticated = PRIVSEP(auth_password(authctxt, password)); - - explicit_bzero(password, dlen); - free(password); - - return (authenticated); -} - -/*ARGSUSED*/ -static int -auth1_process_rsa(Authctxt *authctxt) -{ - int authenticated = 0; - BIGNUM *n; - - /* RSA authentication requested. */ - if ((n = BN_new()) == NULL) - fatal("do_authloop: BN_new failed"); - packet_get_bignum(n); - packet_check_eom(); - authenticated = auth_rsa(authctxt, n); - BN_clear_free(n); - - return (authenticated); -} - -/*ARGSUSED*/ -static int -auth1_process_rhosts_rsa(Authctxt *authctxt) -{ - int keybits, authenticated = 0; - u_int bits; - Key *client_host_key; - u_int ulen; - - /* - * Get client user name. Note that we just have to - * trust the client; root on the client machine can - * claim to be any user. - */ - client_user = packet_get_cstring(&ulen); - - /* Get the client host key. */ - client_host_key = key_new(KEY_RSA1); - bits = packet_get_int(); - packet_get_bignum(client_host_key->rsa->e); - packet_get_bignum(client_host_key->rsa->n); - - keybits = BN_num_bits(client_host_key->rsa->n); - if (keybits < 0 || bits != (u_int)keybits) { - verbose("Warning: keysize mismatch for client_host_key: " - "actual %d, announced %d", - BN_num_bits(client_host_key->rsa->n), bits); - } - packet_check_eom(); - - authenticated = auth_rhosts_rsa(authctxt, client_user, - client_host_key); - key_free(client_host_key); - - auth_info(authctxt, "ruser %.100s", client_user); - - return (authenticated); -} - -/*ARGSUSED*/ -static int -auth1_process_tis_challenge(Authctxt *authctxt) -{ - char *challenge; - - if ((challenge = get_challenge(authctxt)) == NULL) - return (0); - - debug("sending challenge '%s'", challenge); - packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE); - packet_put_cstring(challenge); - free(challenge); - packet_send(); - packet_write_wait(); - - return (-1); -} - -/*ARGSUSED*/ -static int -auth1_process_tis_response(Authctxt *authctxt) -{ - int authenticated = 0; - char *response; - u_int dlen; - - response = packet_get_string(&dlen); - packet_check_eom(); - authenticated = verify_response(authctxt, response); - explicit_bzero(response, dlen); - free(response); - - return (authenticated); -} - -/* - * read packets, try to authenticate the user and - * return only if authentication is successful - */ -static void -do_authloop(Authctxt *authctxt) -{ - int authenticated = 0; - int prev = 0, type = 0; - const struct AuthMethod1 *meth; - - debug("Attempting authentication for %s%.100s.", - authctxt->valid ? "" : "invalid user ", authctxt->user); - - /* If the user has no password, accept authentication immediately. */ - if (options.permit_empty_passwd && options.password_authentication && -#ifdef KRB5 - (!options.kerberos_authentication || options.kerberos_or_local_passwd) && -#endif - PRIVSEP(auth_password(authctxt, ""))) { -#ifdef USE_PAM - if (options.use_pam && (PRIVSEP(do_pam_account()))) -#endif - { - auth_log(authctxt, 1, 0, "without authentication", - NULL); - return; - } - } - - /* Indicate that authentication is needed. */ - packet_start(SSH_SMSG_FAILURE); - packet_send(); - packet_write_wait(); - - for (;;) { - /* default to fail */ - authenticated = 0; - - - /* Get a packet from the client. */ - prev = type; - type = packet_read(); - - /* - * If we started challenge-response authentication but the - * next packet is not a response to our challenge, release - * the resources allocated by get_challenge() (which would - * normally have been released by verify_response() had we - * received such a response) - */ - if (prev == SSH_CMSG_AUTH_TIS && - type != SSH_CMSG_AUTH_TIS_RESPONSE) - abandon_challenge_response(authctxt); - - if (authctxt->failures >= options.max_authtries) - goto skip; - if ((meth = lookup_authmethod1(type)) == NULL) { - logit("Unknown message during authentication: " - "type %d", type); - goto skip; - } - - if (!*(meth->enabled)) { - verbose("%s authentication disabled.", meth->name); - goto skip; - } - - authenticated = meth->method(authctxt); - if (authenticated == -1) - continue; /* "postponed" */ - -#ifdef BSD_AUTH - if (authctxt->as) { - auth_close(authctxt->as); - authctxt->as = NULL; - } -#endif - if (!authctxt->valid && authenticated) - fatal("INTERNAL ERROR: authenticated invalid user %s", - authctxt->user); - -#ifdef _UNICOS - if (authenticated && cray_access_denied(authctxt->user)) { - authenticated = 0; - fatal("Access denied for user %s.",authctxt->user); - } -#endif /* _UNICOS */ - -#ifndef HAVE_CYGWIN - /* Special handling for root */ - if (authenticated && authctxt->pw->pw_uid == 0 && - !auth_root_allowed(meth->name)) { - authenticated = 0; -# ifdef SSH_AUDIT_EVENTS - PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED)); -# endif - } -#endif - -#ifdef USE_PAM - if (options.use_pam && authenticated && - !PRIVSEP(do_pam_account())) { - char *msg; - size_t len; - - BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, "ssh"); - error("Access denied for user %s by PAM account " - "configuration", authctxt->user); - len = buffer_len(&loginmsg); - buffer_append(&loginmsg, "\0", 1); - msg = buffer_ptr(&loginmsg); - /* strip trailing newlines */ - if (len > 0) - while (len > 0 && msg[--len] == '\n') - msg[len] = '\0'; - else - msg = "Access denied."; - packet_disconnect("%s", msg); - } -#endif - - skip: - /* Log before sending the reply */ - auth_log(authctxt, authenticated, 0, get_authname(type), NULL); - - free(client_user); - client_user = NULL; - - if (authenticated) - return; - - BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, "ssh"); - if (++authctxt->failures >= options.max_authtries) { -#ifdef SSH_AUDIT_EVENTS - PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); -#endif - auth_maxtries_exceeded(authctxt); - } - - packet_start(SSH_SMSG_FAILURE); - packet_send(); - packet_write_wait(); - } -} - -/* - * Performs authentication of an incoming connection. Session key has already - * been exchanged and encryption is enabled. - */ -void -do_authentication(Authctxt *authctxt) -{ - u_int ulen; - char *user, *style = NULL; - - /* Get the name of the user that we wish to log in as. */ - packet_read_expect(SSH_CMSG_USER); - - /* Get the user name. */ - user = packet_get_cstring(&ulen); - packet_check_eom(); - - if ((style = strchr(user, ':')) != NULL) - *style++ = '\0'; - - authctxt->user = user; - authctxt->style = style; - - /* Verify that the user is a valid user. */ - if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL) - authctxt->valid = 1; - else { - debug("do_authentication: invalid user %s", user); - authctxt->pw = fakepw(); - BLACKLIST_NOTIFY(BLACKLIST_BAD_USER, user); - } - - /* Configuration may have changed as a result of Match */ - if (options.num_auth_methods != 0) - fatal("AuthenticationMethods is not supported with SSH " - "protocol 1"); - - setproctitle("%s%s", authctxt->valid ? user : "unknown", - use_privsep ? " [net]" : ""); - -#ifdef USE_PAM - if (options.use_pam) - PRIVSEP(start_pam(authctxt)); -#endif - - /* - * If we are not running as root, the user must have the same uid as - * the server. - */ -#ifndef HAVE_CYGWIN - if (!use_privsep && getuid() != 0 && authctxt->pw && - authctxt->pw->pw_uid != getuid()) - packet_disconnect("Cannot change user when server not running as root."); -#endif - - /* - * Loop until the user has been authenticated or the connection is - * closed, do_authloop() returns only if authentication is successful - */ - do_authloop(authctxt); - - /* The user has been authenticated and accepted. */ - packet_start(SSH_SMSG_SUCCESS); - packet_send(); - packet_write_wait(); -} - -#endif /* WITH_SSH1 */ diff --git a/crypto/openssh/auth2-pubkey.c b/crypto/openssh/auth2-pubkey.c index 20f3309..3e5706f 100644 --- a/crypto/openssh/auth2-pubkey.c +++ b/crypto/openssh/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.60 2016/11/30 02:57:40 djm Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.62 2017/01/30 01:03:00 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -564,9 +564,12 @@ process_principals(FILE *f, char *file, struct passwd *pw, { char line[SSH_MAX_PUBKEY_BYTES], *cp, *ep, *line_opts; u_long linenum = 0; - u_int i; + u_int i, found_principal = 0; while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { + /* Always consume entire input */ + if (found_principal) + continue; /* Skip leading whitespace. */ for (cp = line; *cp == ' ' || *cp == '\t'; cp++) ; @@ -599,11 +602,12 @@ process_principals(FILE *f, char *file, struct passwd *pw, if (auth_parse_options(pw, line_opts, file, linenum) != 1) continue; - return 1; + found_principal = 1; + continue; } } } - return 0; + return found_principal; } static int @@ -727,6 +731,9 @@ match_principals_command(struct passwd *user_pw, const struct sshkey *key) ok = process_principals(f, NULL, pw, cert); + fclose(f); + f = NULL; + if (exited_cleanly(pid, "AuthorizedPrincipalsCommand", command) != 0) goto out; @@ -768,6 +775,9 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) char *cp, *key_options = NULL, *fp = NULL; const char *reason = NULL; + /* Always consume entrire file */ + if (found_key) + continue; if (found != NULL) key_free(found); found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); @@ -854,7 +864,7 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) file, linenum, key_type(found), fp); free(fp); found_key = 1; - break; + continue; } } if (found != NULL) @@ -1050,6 +1060,9 @@ user_key_command_allowed2(struct passwd *user_pw, Key *key) ok = check_authkeys_file(f, options.authorized_keys_command, key, pw); + fclose(f); + f = NULL; + if (exited_cleanly(pid, "AuthorizedKeysCommand", command) != 0) goto out; diff --git a/crypto/openssh/auth2.c b/crypto/openssh/auth2.c index b6695f7..30e52d2 100644 --- a/crypto/openssh/auth2.c +++ b/crypto/openssh/auth2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.136 2016/05/02 08:49:03 djm Exp $ */ +/* $OpenBSD: auth2.c,v 1.137 2017/02/03 23:05:57 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -214,15 +214,16 @@ input_service_request(int type, u_int32_t seq, void *ctxt) static int input_userauth_request(int type, u_int32_t seq, void *ctxt) { + struct ssh *ssh = active_state; /* XXX */ Authctxt *authctxt = ctxt; Authmethod *m = NULL; char *user, *service, *method, *style = NULL; int authenticated = 0; #ifdef HAVE_LOGIN_CAP - struct ssh *ssh = active_state; /* XXX */ login_cap_t *lc; const char *from_host, *from_ip; #endif + if (authctxt == NULL) fatal("input_userauth_request: no authctxt"); @@ -241,9 +242,10 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) authctxt->user = xstrdup(user); if (authctxt->pw && strcmp(service, "ssh-connection")==0) { authctxt->valid = 1; - debug2("input_userauth_request: setting up authctxt for %s", user); + debug2("%s: setting up authctxt for %s", + __func__, user); } else { - logit("input_userauth_request: invalid user %s", user); + /* Invalid user, fake password information */ authctxt->pw = fakepw(); #ifdef SSH_AUDIT_EVENTS PRIVSEP(audit_event(SSH_INVALID_USER)); @@ -253,6 +255,8 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) if (options.use_pam) PRIVSEP(start_pam(authctxt)); #endif + ssh_packet_set_log_preamble(ssh, "%suser %s", + authctxt->valid ? "authenticating " : "invalid ", user); setproctitle("%s%s", authctxt->valid ? user : "unknown", use_privsep ? " [net]" : ""); authctxt->service = xstrdup(service); @@ -320,6 +324,7 @@ void userauth_finish(Authctxt *authctxt, int authenticated, const char *method, const char *submethod) { + struct ssh *ssh = active_state; /* XXX */ char *methods; int partial = 0; @@ -381,6 +386,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method, packet_write_wait(); /* now we can break out */ authctxt->success = 1; + ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user); } else { /* Allow initial try of "none" auth without failure penalty */ diff --git a/crypto/openssh/channels.c b/crypto/openssh/channels.c index bef8ad6..d030fcd 100644 --- a/crypto/openssh/channels.c +++ b/crypto/openssh/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.356 2016/10/18 17:32:54 dtucker Exp $ */ +/* $OpenBSD: channels.c,v 1.357 2017/02/01 02:59:09 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -3065,7 +3065,7 @@ channel_input_port_open(int type, u_int32_t seq, void *ctxt) } packet_check_eom(); c = channel_connect_to_port(host, host_port, - "connected socket", originator_string); + "connected socket", originator_string, NULL, NULL); free(originator_string); free(host); if (c == NULL) { @@ -4026,9 +4026,13 @@ channel_connect_ctx_free(struct channel_connect *cctx) memset(cctx, 0, sizeof(*cctx)); } -/* Return CONNECTING channel to remote host:port or local socket path */ +/* + * Return CONNECTING channel to remote host:port or local socket path, + * passing back the failure reason if appropriate. + */ static Channel * -connect_to(const char *name, int port, char *ctype, char *rname) +connect_to_reason(const char *name, int port, char *ctype, char *rname, + int *reason, const char **errmsg) { struct addrinfo hints; int gaierr; @@ -4069,7 +4073,12 @@ connect_to(const char *name, int port, char *ctype, char *rname) hints.ai_family = IPv4or6; hints.ai_socktype = SOCK_STREAM; snprintf(strport, sizeof strport, "%d", port); - if ((gaierr = getaddrinfo(name, strport, &hints, &cctx.aitop)) != 0) { + if ((gaierr = getaddrinfo(name, strport, &hints, &cctx.aitop)) + != 0) { + if (errmsg != NULL) + *errmsg = ssh_gai_strerror(gaierr); + if (reason != NULL) + *reason = SSH2_OPEN_CONNECT_FAILED; error("connect_to %.100s: unknown host (%s)", name, ssh_gai_strerror(gaierr)); return NULL; @@ -4092,6 +4101,13 @@ connect_to(const char *name, int port, char *ctype, char *rname) return c; } +/* Return CONNECTING channel to remote host:port or local socket path */ +static Channel * +connect_to(const char *name, int port, char *ctype, char *rname) +{ + return connect_to_reason(name, port, ctype, rname, NULL, NULL); +} + /* * returns either the newly connected channel or the downstream channel * that needs to deal with this connection. @@ -4136,7 +4152,8 @@ channel_connect_by_listen_path(const char *path, char *ctype, char *rname) /* Check if connecting to that port is permitted and connect. */ Channel * -channel_connect_to_port(const char *host, u_short port, char *ctype, char *rname) +channel_connect_to_port(const char *host, u_short port, char *ctype, + char *rname, int *reason, const char **errmsg) { int i, permit, permit_adm = 1; @@ -4161,9 +4178,11 @@ channel_connect_to_port(const char *host, u_short port, char *ctype, char *rname if (!permit || !permit_adm) { logit("Received request to connect to host %.100s port %d, " "but the request was denied.", host, port); + if (reason != NULL) + *reason = SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED; return NULL; } - return connect_to(host, port, ctype, rname); + return connect_to_reason(host, port, ctype, rname, reason, errmsg); } /* Check if connecting to that path is permitted and connect. */ @@ -4354,6 +4373,33 @@ connect_local_xsocket(u_int dnr) return connect_local_xsocket_path(buf); } +#ifdef __APPLE__ +static int +is_path_to_xsocket(const char *display, char *path, size_t pathlen) +{ + struct stat sbuf; + + if (strlcpy(path, display, pathlen) >= pathlen) { + error("%s: display path too long", __func__); + return 0; + } + if (display[0] != '/') + return 0; + if (stat(path, &sbuf) == 0) { + return 1; + } else { + char *dot = strrchr(path, '.'); + if (dot != NULL) { + *dot = '\0'; + if (stat(path, &sbuf) == 0) { + return 1; + } + } + } + return 0; +} +#endif + int x11_connect_display(void) { @@ -4375,15 +4421,22 @@ x11_connect_display(void) * connection to the real X server. */ - /* Check if the display is from launchd. */ #ifdef __APPLE__ - if (strncmp(display, "/tmp/launch", 11) == 0) { - sock = connect_local_xsocket_path(display); - if (sock < 0) - return -1; + /* Check if display is a path to a socket (as set by launchd). */ + { + char path[PATH_MAX]; - /* OK, we now have a connection to the display. */ - return sock; + if (is_path_to_xsocket(display, path, sizeof(path))) { + debug("x11_connect_display: $DISPLAY is launchd"); + + /* Create a socket. */ + sock = connect_local_xsocket_path(path); + if (sock < 0) + return -1; + + /* OK, we now have a connection to the display. */ + return sock; + } } #endif /* diff --git a/crypto/openssh/channels.h b/crypto/openssh/channels.h index 09c3c36..ce43236 100644 --- a/crypto/openssh/channels.h +++ b/crypto/openssh/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.120 2016/10/18 17:32:54 dtucker Exp $ */ +/* $OpenBSD: channels.h,v 1.121 2017/02/01 02:59:09 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -275,7 +275,8 @@ void channel_update_permitted_opens(int, int); void channel_clear_permitted_opens(void); void channel_clear_adm_permitted_opens(void); void channel_print_adm_permitted_opens(void); -Channel *channel_connect_to_port(const char *, u_short, char *, char *); +Channel *channel_connect_to_port(const char *, u_short, char *, char *, int *, + const char **); Channel *channel_connect_to_path(const char *, char *, char *); Channel *channel_connect_stdio_fwd(const char*, u_short, int, int); Channel *channel_connect_by_listen_address(const char *, u_short, diff --git a/crypto/openssh/clientloop.c b/crypto/openssh/clientloop.c index 4289a40..06481623 100644 --- a/crypto/openssh/clientloop.c +++ b/crypto/openssh/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.289 2016/09/30 09:19:13 markus Exp $ */ +/* $OpenBSD: clientloop.c,v 1.291 2017/03/10 05:01:13 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -991,7 +991,7 @@ process_cmdline(void) CHANNEL_CANCEL_PORT_STATIC, &options.fwd_opts) > 0; if (!ok) { - logit("Unkown port forwarding."); + logit("Unknown port forwarding."); goto out; } logit("Canceled forwarding."); @@ -2391,6 +2391,26 @@ client_global_hostkeys_private_confirm(int type, u_int32_t seq, void *_ctx) } /* + * Returns non-zero if the key is accepted by HostkeyAlgorithms. + * Made slightly less trivial by the multiple RSA signature algorithm names. + */ +static int +key_accepted_by_hostkeyalgs(const struct sshkey *key) +{ + const char *ktype = sshkey_ssh_name(key); + const char *hostkeyalgs = options.hostkeyalgorithms != NULL ? + options.hostkeyalgorithms : KEX_DEFAULT_PK_ALG; + + if (key == NULL || key->type == KEY_UNSPEC) + return 0; + if (key->type == KEY_RSA && + (match_pattern_list("rsa-sha2-256", hostkeyalgs, 0) == 1 || + match_pattern_list("rsa-sha2-512", hostkeyalgs, 0) == 1)) + return 1; + return match_pattern_list(ktype, hostkeyalgs, 0) == 1; +} + +/* * Handle hostkeys-00@openssh.com global request to inform the client of all * the server's hostkeys. The keys are checked against the user's * HostkeyAlgorithms preference before they are accepted. @@ -2436,10 +2456,7 @@ client_input_hostkeys(void) sshkey_type(key), fp); free(fp); - /* Check that the key is accepted in HostkeyAlgorithms */ - if (match_pattern_list(sshkey_ssh_name(key), - options.hostkeyalgorithms ? options.hostkeyalgorithms : - KEX_DEFAULT_PK_ALG, 0) != 1) { + if (!key_accepted_by_hostkeyalgs(key)) { debug3("%s: %s key not permitted by HostkeyAlgorithms", __func__, sshkey_ssh_name(key)); continue; diff --git a/crypto/openssh/compat.c b/crypto/openssh/compat.c index 69a104f..1e80cfa 100644 --- a/crypto/openssh/compat.c +++ b/crypto/openssh/compat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.c,v 1.99 2016/05/24 02:31:57 dtucker Exp $ */ +/* $OpenBSD: compat.c,v 1.100 2017/02/03 23:01:19 djm Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * @@ -37,6 +37,7 @@ #include "compat.h" #include "log.h" #include "match.h" +#include "kex.h" int compat13 = 0; int compat20 = 0; @@ -250,42 +251,14 @@ proto_spec(const char *spec) return ret; } -/* - * Filters a proposal string, excluding any algorithm matching the 'filter' - * pattern list. - */ -static char * -filter_proposal(char *proposal, const char *filter) -{ - Buffer b; - char *orig_prop, *fix_prop; - char *cp, *tmp; - - buffer_init(&b); - tmp = orig_prop = xstrdup(proposal); - while ((cp = strsep(&tmp, ",")) != NULL) { - if (match_pattern_list(cp, filter, 0) != 1) { - if (buffer_len(&b) > 0) - buffer_append(&b, ",", 1); - buffer_append(&b, cp, strlen(cp)); - } else - debug2("Compat: skipping algorithm \"%s\"", cp); - } - buffer_append(&b, "\0", 1); - fix_prop = xstrdup((char *)buffer_ptr(&b)); - buffer_free(&b); - free(orig_prop); - - return fix_prop; -} - char * compat_cipher_proposal(char *cipher_prop) { if (!(datafellows & SSH_BUG_BIGENDIANAES)) return cipher_prop; debug2("%s: original cipher proposal: %s", __func__, cipher_prop); - cipher_prop = filter_proposal(cipher_prop, "aes*"); + if ((cipher_prop = match_filter_list(cipher_prop, "aes*")) == NULL) + fatal("match_filter_list failed"); debug2("%s: compat cipher proposal: %s", __func__, cipher_prop); if (*cipher_prop == '\0') fatal("No supported ciphers found"); @@ -298,7 +271,8 @@ compat_pkalg_proposal(char *pkalg_prop) if (!(datafellows & SSH_BUG_RSASIGMD5)) return pkalg_prop; debug2("%s: original public key proposal: %s", __func__, pkalg_prop); - pkalg_prop = filter_proposal(pkalg_prop, "ssh-rsa"); + if ((pkalg_prop = match_filter_list(pkalg_prop, "ssh-rsa")) == NULL) + fatal("match_filter_list failed"); debug2("%s: compat public key proposal: %s", __func__, pkalg_prop); if (*pkalg_prop == '\0') fatal("No supported PK algorithms found"); @@ -312,10 +286,14 @@ compat_kex_proposal(char *p) return p; debug2("%s: original KEX proposal: %s", __func__, p); if ((datafellows & SSH_BUG_CURVE25519PAD) != 0) - p = filter_proposal(p, "curve25519-sha256@libssh.org"); + if ((p = match_filter_list(p, + "curve25519-sha256@libssh.org")) == NULL) + fatal("match_filter_list failed"); if ((datafellows & SSH_OLD_DHGEX) != 0) { - p = filter_proposal(p, "diffie-hellman-group-exchange-sha256"); - p = filter_proposal(p, "diffie-hellman-group-exchange-sha1"); + if ((p = match_filter_list(p, + "diffie-hellman-group-exchange-sha256," + "diffie-hellman-group-exchange-sha1")) == NULL) + fatal("match_filter_list failed"); } debug2("%s: compat KEX proposal: %s", __func__, p); if (*p == '\0') diff --git a/crypto/openssh/config.h b/crypto/openssh/config.h index 77c4fe9..824c844 100644 --- a/crypto/openssh/config.h +++ b/crypto/openssh/config.h @@ -737,6 +737,9 @@ /* Define to 1 if you have the <linux/seccomp.h> header file. */ /* #undef HAVE_LINUX_SECCOMP_H */ +/* Define to 1 if you have the `llabs' function. */ +#define HAVE_LLABS 1 + /* Define to 1 if you have the <locale.h> header file. */ #define HAVE_LOCALE_H 1 @@ -1438,7 +1441,7 @@ /* #undef LASTLOG_WRITE_PUTUTXLINE */ /* Define if you want TCP Wrappers support */ -#define LIBWRAP 1 +/* #undef LIBWRAP */ /* Define to whatever link() returns for "not supported" if it doesn't return EOPNOTSUPP. */ diff --git a/crypto/openssh/configure.ac b/crypto/openssh/configure.ac index cedc4c5..f303107 100644 --- a/crypto/openssh/configure.ac +++ b/crypto/openssh/configure.ac @@ -747,6 +747,9 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) use_pie=auto check_for_libcrypt_later=1 check_for_openpty_ctty_bug=1 + dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. + dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE + CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" AC_DEFINE([PAM_TTY_KLUDGE], [1], [Work around problematic Linux PAM modules handling of PAM_TTY]) AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], @@ -1523,7 +1526,6 @@ int deny_severity = 0, allow_severity = 0; TCPW_MSG="yes" ], [ AC_MSG_ERROR([*** libwrap missing]) - ]) LIBS="$saved_LIBS" fi @@ -1534,36 +1536,47 @@ int deny_severity = 0, allow_severity = 0; LDNS_MSG="no" AC_ARG_WITH(ldns, [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], - [ - if test "x$withval" != "xno" ; then - - if test "x$withval" != "xyes" ; then - CPPFLAGS="$CPPFLAGS -I${withval}/include" - LDFLAGS="$LDFLAGS -L${withval}/lib" - fi - - AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) - LIBS="-lldns $LIBS" - LDNS_MSG="yes" + [ + ldns="" + if test "x$withval" = "xyes" ; then + AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) + if test "x$PKGCONFIG" = "xno"; then + CPPFLAGS="$CPPFLAGS -I${withval}/include" + LDFLAGS="$LDFLAGS -L${withval}/lib" + LIBS="-lldns $LIBS" + ldns=yes + else + LIBS="$LIBS `$LDNSCONFIG --libs`" + CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" + fi + elif test "x$withval" != "xno" ; then + CPPFLAGS="$CPPFLAGS -I${withval}/include" + LDFLAGS="$LDFLAGS -L${withval}/lib" + LIBS="-lldns $LIBS" + ldns=yes + fi - AC_MSG_CHECKING([for ldns support]) - AC_LINK_IFELSE( - [AC_LANG_SOURCE([[ + # Verify that it works. + if test "x$ldns" = "xyes" ; then + AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) + LDNS_MSG="yes" + AC_MSG_CHECKING([for ldns support]) + AC_LINK_IFELSE( + [AC_LANG_SOURCE([[ #include <stdio.h> #include <stdlib.h> #include <stdint.h> #include <ldns/ldns.h> int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } - ]]) - ], - [AC_MSG_RESULT(yes)], + ]]) + ], + [AC_MSG_RESULT(yes)], [ AC_MSG_RESULT(no) AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) ]) - fi - ] -) + fi +]) # Check whether user wants libedit support LIBEDIT_MSG="no" @@ -1766,6 +1779,7 @@ AC_CHECK_FUNCS([ \ inet_ntoa \ inet_ntop \ innetgr \ + llabs \ login_getcapbool \ md5_crypt \ memmove \ @@ -1834,11 +1848,8 @@ AC_CHECK_FUNCS([ \ warn \ ]) -dnl Wide character support. Linux man page says it needs _XOPEN_SOURCE. -saved_CFLAGS="$CFLAGS" -CFLAGS="$CFLAGS -D_XOPEN_SOURCE" +dnl Wide character support. AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) -CFLAGS="$saved_CFLAGS" TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} AC_MSG_CHECKING([for utf8 locale support]) @@ -2583,8 +2594,8 @@ if test "x$openssl" = "xyes" ; then ssl_library_ver=`cat conftest.ssllibver` # Check version is supported. case "$ssl_library_ver" in - 0090[[0-7]]*|009080[[0-5]]*) - AC_MSG_ERROR([OpenSSL >= 0.9.8f required (have "$ssl_library_ver")]) + 10000*|0*) + AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) ;; *) ;; esac @@ -5147,6 +5158,7 @@ echo " S/KEY support: $SKEY_MSG" echo " TCP Wrappers support: $TCPW_MSG" echo " MD5 password support: $MD5_MSG" echo " libedit support: $LIBEDIT_MSG" +echo " libldns support: $LDNS_MSG" echo " Solaris process contract support: $SPC_MSG" echo " Solaris project support: $SP_MSG" echo " Solaris privilege support: $SPP_MSG" diff --git a/crypto/openssh/contrib/cygwin/ssh-host-config b/crypto/openssh/contrib/cygwin/ssh-host-config index d934d09..db6aaa0 100644 --- a/crypto/openssh/contrib/cygwin/ssh-host-config +++ b/crypto/openssh/contrib/cygwin/ssh-host-config @@ -63,7 +63,6 @@ sshd_config_configured=no port_number=22 service_name=sshd strictmodes=yes -privsep_used=yes cygwin_value="" user_account= password_value= @@ -140,33 +139,21 @@ sshd_strictmodes() { # ====================================================================== # Routine: sshd_privsep -# MODIFIES: privsep_used +# Try to create ssshd user account # ====================================================================== sshd_privsep() { local ret=0 if [ "${sshd_config_configured}" != "yes" ] then - echo - csih_inform "Privilege separation is set to 'sandbox' by default since" - csih_inform "OpenSSH 6.1. This is unsupported by Cygwin and has to be set" - csih_inform "to 'yes' or 'no'." - csih_inform "However, using privilege separation requires a non-privileged account" - csih_inform "called 'sshd'." - csih_inform "For more info on privilege separation read /usr/share/doc/openssh/README.privsep." - if csih_request "Should privilege separation be used?" + if ! csih_create_unprivileged_user sshd then - privsep_used=yes - if ! csih_create_unprivileged_user sshd - then - csih_error_recoverable "Couldn't create user 'sshd'!" - csih_error_recoverable "Privilege separation set to 'no' again!" - csih_error_recoverable "Check your ${SYSCONFDIR}/sshd_config file!" - let ++ret - privsep_used=no - fi - else - privsep_used=no + csih_error_recoverable "Could not create user 'sshd'!" + csih_error_recoverable "You will not be able to run an sshd service" + csih_error_recoverable "under a privileged account successfully." + csih_error_recoverable "Make sure to create a non-privileged user 'sshd'" + csih_error_recoverable "manually before trying to run the service!" + let ++ret fi fi return $ret @@ -202,18 +189,6 @@ sshd_config_tweak() { let ++ret fi fi - if [ "${sshd_config_configured}" != "yes" ] - then - /usr/bin/sed -i -e " - s/^#\?UsePrivilegeSeparation .*/UsePrivilegeSeparation ${privsep_used}/" \ - ${SYSCONFDIR}/sshd_config - if [ $? -ne 0 ] - then - csih_warning "Setting privilege separation failed!" - csih_warning "Check your ${SYSCONFDIR}/sshd_config file!" - let ++ret - fi - fi return $ret } # --- End of sshd_config_tweak --- # @@ -693,7 +668,7 @@ then fi fi -# handle sshd_config (and privsep) +# handle sshd_config csih_install_config "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults" || let ++warning_cnt if ! /usr/bin/cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1 then diff --git a/crypto/openssh/contrib/redhat/openssh.spec b/crypto/openssh/contrib/redhat/openssh.spec index 666097c..7de4545 100644 --- a/crypto/openssh/contrib/redhat/openssh.spec +++ b/crypto/openssh/contrib/redhat/openssh.spec @@ -1,4 +1,4 @@ -%define ver 7.4p1 +%define ver 7.5p1 %define rel 1 # OpenSSH privilege separation requires a user & group ID diff --git a/crypto/openssh/contrib/suse/openssh.spec b/crypto/openssh/contrib/suse/openssh.spec index 4c4bbb6..e62be39 100644 --- a/crypto/openssh/contrib/suse/openssh.spec +++ b/crypto/openssh/contrib/suse/openssh.spec @@ -13,7 +13,7 @@ Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation Name: openssh -Version: 7.4p1 +Version: 7.5p1 URL: https://www.openssh.com/ Release: 1 Source0: openssh-%{version}.tar.gz diff --git a/crypto/openssh/digest-openssl.c b/crypto/openssh/digest-openssl.c index 13b63c2..c55ceb9 100644 --- a/crypto/openssh/digest-openssl.c +++ b/crypto/openssh/digest-openssl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: digest-openssl.c,v 1.5 2014/12/21 22:27:56 djm Exp $ */ +/* $OpenBSD: digest-openssl.c,v 1.6 2017/03/10 02:59:51 dtucker Exp $ */ /* * Copyright (c) 2013 Damien Miller <djm@mindrot.org> * @@ -158,7 +158,7 @@ ssh_digest_final(struct ssh_digest_ctx *ctx, u_char *d, size_t dlen) const struct ssh_digest *digest = ssh_digest_by_alg(ctx->alg); u_int l = dlen; - if (dlen > UINT_MAX) + if (digest == NULL || dlen > UINT_MAX) return SSH_ERR_INVALID_ARGUMENT; if (dlen < digest->digest_len) /* No truncation allowed */ return SSH_ERR_INVALID_ARGUMENT; diff --git a/crypto/openssh/freebsd-configure.sh b/crypto/openssh/freebsd-configure.sh index e9420c7..d2c63e1 100755 --- a/crypto/openssh/freebsd-configure.sh +++ b/crypto/openssh/freebsd-configure.sh @@ -12,7 +12,7 @@ configure_args=" --with-libedit --with-ssl-engine --without-xauth -" +" set -e diff --git a/crypto/openssh/hostfile.c b/crypto/openssh/hostfile.c index 4548fba..e23faa9 100644 --- a/crypto/openssh/hostfile.c +++ b/crypto/openssh/hostfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hostfile.c,v 1.67 2016/09/17 18:00:27 tedu Exp $ */ +/* $OpenBSD: hostfile.c,v 1.68 2017/03/10 04:26:06 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -419,19 +419,24 @@ write_host_entry(FILE *f, const char *host, const char *ip, const struct sshkey *key, int store_hash) { int r, success = 0; - char *hashed_host = NULL; + char *hashed_host = NULL, *lhost; + + lhost = xstrdup(host); + lowercase(lhost); if (store_hash) { - if ((hashed_host = host_hash(host, NULL, 0)) == NULL) { + if ((hashed_host = host_hash(lhost, NULL, 0)) == NULL) { error("%s: host_hash failed", __func__); + free(lhost); return 0; } fprintf(f, "%s ", hashed_host); } else if (ip != NULL) - fprintf(f, "%s,%s ", host, ip); - else - fprintf(f, "%s ", host); - + fprintf(f, "%s,%s ", lhost, ip); + else { + fprintf(f, "%s ", lhost); + } + free(lhost); if ((r = sshkey_write(key, f)) == 0) success = 1; else diff --git a/crypto/openssh/kex.c b/crypto/openssh/kex.c index 6a94bc5..cf4ac0d 100644 --- a/crypto/openssh/kex.c +++ b/crypto/openssh/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.127 2016/10/10 19:28:48 markus Exp $ */ +/* $OpenBSD: kex.c,v 1.131 2017/03/15 07:07:39 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -178,7 +178,7 @@ kex_names_valid(const char *names) char * kex_names_cat(const char *a, const char *b) { - char *ret = NULL, *tmp = NULL, *cp, *p; + char *ret = NULL, *tmp = NULL, *cp, *p, *m; size_t len; if (a == NULL || *a == '\0') @@ -195,8 +195,10 @@ kex_names_cat(const char *a, const char *b) } strlcpy(ret, a, len); for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) { - if (match_list(ret, p, NULL) != NULL) + if ((m = match_list(ret, p, NULL)) != NULL) { + free(m); continue; /* Algorithm already present */ + } if (strlcat(ret, ",", len) >= len || strlcat(ret, p, len) >= len) { free(tmp); @@ -211,7 +213,8 @@ kex_names_cat(const char *a, const char *b) /* * Assemble a list of algorithms from a default list and a string from a * configuration file. The user-provided string may begin with '+' to - * indicate that it should be appended to the default. + * indicate that it should be appended to the default or '-' that the + * specified names should be removed. */ int kex_assemble_names(const char *def, char **list) @@ -222,14 +225,18 @@ kex_assemble_names(const char *def, char **list) *list = strdup(def); return 0; } - if (**list != '+') { - return 0; + if (**list == '+') { + if ((ret = kex_names_cat(def, *list + 1)) == NULL) + return SSH_ERR_ALLOC_FAIL; + free(*list); + *list = ret; + } else if (**list == '-') { + if ((ret = match_filter_list(def, *list + 1)) == NULL) + return SSH_ERR_ALLOC_FAIL; + free(*list); + *list = ret; } - if ((ret = kex_names_cat(def, *list + 1)) == NULL) - return SSH_ERR_ALLOC_FAIL; - free(*list); - *list = ret; return 0; } @@ -334,7 +341,6 @@ kex_reset_dispatch(struct ssh *ssh) { ssh_dispatch_range(ssh, SSH2_MSG_TRANSPORT_MIN, SSH2_MSG_TRANSPORT_MAX, &kex_protocol_error); - ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit); } static int @@ -343,7 +349,7 @@ kex_send_ext_info(struct ssh *ssh) int r; char *algs; - if ((algs = sshkey_alg_list(0, 1, ',')) == NULL) + if ((algs = sshkey_alg_list(0, 1, 1, ',')) == NULL) return SSH_ERR_ALLOC_FAIL; if ((r = sshpkt_start(ssh, SSH2_MSG_EXT_INFO)) != 0 || (r = sshpkt_put_u32(ssh, 1)) != 0 || @@ -424,6 +430,7 @@ kex_input_newkeys(int type, u_int32_t seq, void *ctxt) debug("SSH2_MSG_NEWKEYS received"); ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_protocol_error); + ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit); if ((r = sshpkt_get_end(ssh)) != 0) return r; if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0) @@ -538,6 +545,7 @@ kex_new(struct ssh *ssh, char *proposal[PROPOSAL_MAX], struct kex **kexp) goto out; kex->done = 0; kex_reset_dispatch(ssh); + ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit); r = 0; *kexp = kex; out: @@ -646,8 +654,10 @@ choose_enc(struct sshenc *enc, char *client, char *server) if (name == NULL) return SSH_ERR_NO_CIPHER_ALG_MATCH; - if ((enc->cipher = cipher_by_name(name)) == NULL) + if ((enc->cipher = cipher_by_name(name)) == NULL) { + free(name); return SSH_ERR_INTERNAL_ERROR; + } enc->name = name; enc->enabled = 0; enc->iv = NULL; @@ -665,8 +675,10 @@ choose_mac(struct ssh *ssh, struct sshmac *mac, char *client, char *server) if (name == NULL) return SSH_ERR_NO_MAC_ALG_MATCH; - if (mac_setup(mac, name) < 0) + if (mac_setup(mac, name) < 0) { + free(name); return SSH_ERR_INTERNAL_ERROR; + } /* truncate the key */ if (ssh->compat & SSH_BUG_HMAC) mac->key_len = 16; @@ -690,6 +702,7 @@ choose_comp(struct sshcomp *comp, char *client, char *server) } else if (strcmp(name, "none") == 0) { comp->type = COMP_NONE; } else { + free(name); return SSH_ERR_INTERNAL_ERROR; } comp->name = name; diff --git a/crypto/openssh/krl.c b/crypto/openssh/krl.c index e271a19..3f28178 100644 --- a/crypto/openssh/krl.c +++ b/crypto/openssh/krl.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $OpenBSD: krl.c,v 1.38 2016/09/12 01:22:38 deraadt Exp $ */ +/* $OpenBSD: krl.c,v 1.39 2017/03/10 07:18:32 dtucker Exp $ */ #include "includes.h" @@ -1089,7 +1089,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp, break; case KRL_SECTION_SIGNATURE: /* Handled above, but still need to stay in synch */ - sshbuf_reset(sect); + sshbuf_free(sect); sect = NULL; if ((r = sshbuf_skip_string(copy)) != 0) goto out; @@ -1288,7 +1288,8 @@ ssh_krl_file_contains_key(const char *path, const struct sshkey *key) debug2("%s: checking KRL %s", __func__, path); r = ssh_krl_check_key(krl, key); out: - close(fd); + if (fd != -1) + close(fd); sshbuf_free(krlbuf); ssh_krl_free(krl); if (r != 0) diff --git a/crypto/openssh/log.c b/crypto/openssh/log.c index 2b59c42..d0f86cf 100644 --- a/crypto/openssh/log.c +++ b/crypto/openssh/log.c @@ -1,4 +1,4 @@ -/* $OpenBSD: log.c,v 1.48 2016/07/15 05:01:58 dtucker Exp $ */ +/* $OpenBSD: log.c,v 1.49 2017/03/10 03:15:58 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -453,7 +453,8 @@ do_log(LogLevel level, const char *fmt, va_list args) tmp_handler(level, fmtbuf, log_handler_ctx); log_handler = tmp_handler; } else if (log_on_stderr) { - snprintf(msgbuf, sizeof msgbuf, "%s\r\n", fmtbuf); + snprintf(msgbuf, sizeof msgbuf, "%.*s\r\n", + (int)sizeof msgbuf - 3, fmtbuf); (void)write(log_stderr_fd, msgbuf, strlen(msgbuf)); } else { #if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) diff --git a/crypto/openssh/match.c b/crypto/openssh/match.c index c15dcd1..3cf4030 100644 --- a/crypto/openssh/match.c +++ b/crypto/openssh/match.c @@ -1,4 +1,4 @@ -/* $OpenBSD: match.c,v 1.33 2016/11/06 05:46:37 djm Exp $ */ +/* $OpenBSD: match.c,v 1.37 2017/03/10 04:24:55 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -42,9 +42,11 @@ #include <ctype.h> #include <stdlib.h> #include <string.h> +#include <stdio.h> #include "xmalloc.h" #include "match.h" +#include "misc.h" /* * Returns true if the given string matches the pattern (which may contain ? @@ -145,7 +147,7 @@ match_pattern_list(const char *string, const char *pattern, int dolower) if (subi >= sizeof(sub) - 1) return 0; - /* If the subpattern was terminated by a comma, skip the comma. */ + /* If the subpattern was terminated by a comma, then skip it. */ if (i < len && pattern[i] == ',') i++; @@ -177,7 +179,13 @@ match_pattern_list(const char *string, const char *pattern, int dolower) int match_hostname(const char *host, const char *pattern) { - return match_pattern_list(host, pattern, 1); + char *hostcopy = xstrdup(host); + int r; + + lowercase(hostcopy); + r = match_pattern_list(hostcopy, pattern, 1); + free(hostcopy); + return r; } /* @@ -284,3 +292,35 @@ match_list(const char *client, const char *server, u_int *next) free(s); return NULL; } + +/* + * Filters a comma-separated list of strings, excluding any entry matching + * the 'filter' pattern list. Caller must free returned string. + */ +char * +match_filter_list(const char *proposal, const char *filter) +{ + size_t len = strlen(proposal) + 1; + char *fix_prop = malloc(len); + char *orig_prop = strdup(proposal); + char *cp, *tmp; + + if (fix_prop == NULL || orig_prop == NULL) { + free(orig_prop); + free(fix_prop); + return NULL; + } + + tmp = orig_prop; + *fix_prop = '\0'; + while ((cp = strsep(&tmp, ",")) != NULL) { + if (match_pattern_list(cp, filter, 0) != 1) { + if (*fix_prop != '\0') + strlcat(fix_prop, ",", len); + strlcat(fix_prop, cp, len); + } + } + free(orig_prop); + return fix_prop; +} + diff --git a/crypto/openssh/match.h b/crypto/openssh/match.h index db97ca8..937ba04 100644 --- a/crypto/openssh/match.h +++ b/crypto/openssh/match.h @@ -1,4 +1,4 @@ -/* $OpenBSD: match.h,v 1.16 2015/05/04 06:10:48 djm Exp $ */ +/* $OpenBSD: match.h,v 1.17 2017/02/03 23:01:19 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -20,6 +20,7 @@ int match_hostname(const char *, const char *); int match_host_and_ip(const char *, const char *, const char *); int match_user(const char *, const char *, const char *, const char *); char *match_list(const char *, const char *, u_int *); +char *match_filter_list(const char *, const char *); /* addrmatch.c */ int addr_match_list(const char *, const char *); diff --git a/crypto/openssh/misc.c b/crypto/openssh/misc.c index 8f32034..3ec74c7 100644 --- a/crypto/openssh/misc.c +++ b/crypto/openssh/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.107 2016/11/30 00:28:31 dtucker Exp $ */ +/* $OpenBSD: misc.c,v 1.109 2017/03/14 00:55:37 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -307,7 +307,7 @@ a2tun(const char *s, int *remote) long convtime(const char *s) { - long total, secs; + long total, secs, multiplier = 1; const char *p; char *endp; @@ -334,23 +334,28 @@ convtime(const char *s) break; case 'm': case 'M': - secs *= MINUTES; + multiplier = MINUTES; break; case 'h': case 'H': - secs *= HOURS; + multiplier = HOURS; break; case 'd': case 'D': - secs *= DAYS; + multiplier = DAYS; break; case 'w': case 'W': - secs *= WEEKS; + multiplier = WEEKS; break; default: return -1; } + if (secs >= LONG_MAX / multiplier) + return -1; + secs *= multiplier; + if (total >= LONG_MAX - secs) + return -1; total += secs; if (total < 0) return -1; diff --git a/crypto/openssh/monitor.c b/crypto/openssh/monitor.c index 43f4847..96d22b7 100644 --- a/crypto/openssh/monitor.c +++ b/crypto/openssh/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.166 2016/09/28 16:33:06 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.167 2017/02/03 23:05:57 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -283,6 +283,7 @@ monitor_permit_authentications(int permit) void monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) { + struct ssh *ssh = active_state; /* XXX */ struct mon_table *ent; int authenticated = 0, partial = 0; @@ -356,6 +357,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) debug("%s: %s has been authenticated by privileged process", __func__, authctxt->user); + ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user); mm_get_keystate(pmonitor); @@ -695,6 +697,7 @@ mm_answer_sign(int sock, Buffer *m) int mm_answer_pwnamallow(int sock, Buffer *m) { + struct ssh *ssh = active_state; /* XXX */ char *username; struct passwd *pwent; int allowed = 0; @@ -739,6 +742,8 @@ mm_answer_pwnamallow(int sock, Buffer *m) buffer_put_cstring(m, pwent->pw_shell); out: + ssh_packet_set_log_preamble(ssh, "%suser %s", + authctxt->valid ? "authenticating" : "invalid ", authctxt->user); buffer_put_string(m, &options, sizeof(options)); #define M_CP_STROPT(x) do { \ diff --git a/crypto/openssh/mux.c b/crypto/openssh/mux.c index b21df15..74644a2 100644 --- a/crypto/openssh/mux.c +++ b/crypto/openssh/mux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mux.c,v 1.63 2016/10/19 23:21:56 dtucker Exp $ */ +/* $OpenBSD: mux.c,v 1.64 2017/01/21 11:32:04 guenther Exp $ */ /* * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org> * @@ -2162,7 +2162,6 @@ int muxclient(const char *path) { struct sockaddr_un addr; - socklen_t sun_len; int sock; u_int pid; @@ -2186,8 +2185,6 @@ muxclient(const char *path) memset(&addr, '\0', sizeof(addr)); addr.sun_family = AF_UNIX; - sun_len = offsetof(struct sockaddr_un, sun_path) + - strlen(path) + 1; if (strlcpy(addr.sun_path, path, sizeof(addr.sun_path)) >= sizeof(addr.sun_path)) @@ -2197,7 +2194,7 @@ muxclient(const char *path) if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) fatal("%s socket(): %s", __func__, strerror(errno)); - if (connect(sock, (struct sockaddr *)&addr, sun_len) == -1) { + if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == -1) { switch (muxclient_command) { case SSHMUX_COMMAND_OPEN: case SSHMUX_COMMAND_STDIO_FWD: diff --git a/crypto/openssh/openbsd-compat/bsd-misc.c b/crypto/openssh/openbsd-compat/bsd-misc.c index 6f3bc8f..cfd7326 100644 --- a/crypto/openssh/openbsd-compat/bsd-misc.c +++ b/crypto/openssh/openbsd-compat/bsd-misc.c @@ -301,3 +301,11 @@ mbtowc(wchar_t *pwc, const char *s, size_t n) return 1; } #endif + +#ifndef HAVE_LLABS +long long +llabs(long long j) +{ + return (j < 0 ? -j : j); +} +#endif diff --git a/crypto/openssh/openbsd-compat/bsd-misc.h b/crypto/openssh/openbsd-compat/bsd-misc.h index 6f08b09..70a538f 100644 --- a/crypto/openssh/openbsd-compat/bsd-misc.h +++ b/crypto/openssh/openbsd-compat/bsd-misc.h @@ -135,4 +135,8 @@ void errx(int, const char *, ...) __attribute__((format(printf, 2, 3))); void warn(const char *, ...) __attribute__((format(printf, 1, 2))); #endif +#ifndef HAVE_LLABS +long long llabs(long long); +#endif + #endif /* _BSD_MISC_H */ diff --git a/crypto/openssh/openbsd-compat/fmt_scaled.c b/crypto/openssh/openbsd-compat/fmt_scaled.c index edd682a..e5533b2 100644 --- a/crypto/openssh/openbsd-compat/fmt_scaled.c +++ b/crypto/openssh/openbsd-compat/fmt_scaled.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fmt_scaled.c,v 1.9 2007/03/20 03:42:52 tedu Exp $ */ +/* $OpenBSD: fmt_scaled.c,v 1.13 2017/03/11 23:37:23 djm Exp $ */ /* * Copyright (c) 2001, 2002, 2003 Ian F. Darwin. All rights reserved. @@ -69,7 +69,7 @@ static long long scale_factors[] = { #define MAX_DIGITS (SCALE_LENGTH * 3) /* XXX strlen(sprintf("%lld", -1)? */ -/** Convert the given input string "scaled" into numeric in "result". +/* Convert the given input string "scaled" into numeric in "result". * Return 0 on success, -1 and errno set on error. */ int @@ -81,7 +81,7 @@ scan_scaled(char *scaled, long long *result) long long scale_fact = 1, whole = 0, fpart = 0; /* Skip leading whitespace */ - while (isascii(*p) && isspace(*p)) + while (isascii((unsigned char)*p) && isspace((unsigned char)*p)) ++p; /* Then at most one leading + or - */ @@ -108,7 +108,8 @@ scan_scaled(char *scaled, long long *result) * (but note that E for Exa might look like e to some!). * Advance 'p' to end, to get scale factor. */ - for (; isascii(*p) && (isdigit(*p) || *p=='.'); ++p) { + for (; isascii((unsigned char)*p) && + (isdigit((unsigned char)*p) || *p=='.'); ++p) { if (*p == '.') { if (fract_digits > 0) { /* oops, more than one '.' */ errno = EINVAL; @@ -124,6 +125,10 @@ scan_scaled(char *scaled, long long *result) /* ignore extra fractional digits */ continue; fract_digits++; /* for later scaling */ + if (fpart >= LLONG_MAX / 10) { + errno = ERANGE; + return -1; + } fpart *= 10; fpart += i; } else { /* normal digit */ @@ -131,6 +136,10 @@ scan_scaled(char *scaled, long long *result) errno = ERANGE; return -1; } + if (whole >= LLONG_MAX / 10) { + errno = ERANGE; + return -1; + } whole *= 10; whole += i; } @@ -150,17 +159,22 @@ scan_scaled(char *scaled, long long *result) /* Validate scale factor, and scale whole and fraction by it. */ for (i = 0; i < SCALE_LENGTH; i++) { - /** Are we there yet? */ + /* Are we there yet? */ if (*p == scale_chars[i] || - *p == tolower(scale_chars[i])) { + *p == tolower((unsigned char)scale_chars[i])) { /* If it ends with alphanumerics after the scale char, bad. */ - if (isalnum(*(p+1))) { + if (isalnum((unsigned char)*(p+1))) { errno = EINVAL; return -1; } scale_fact = scale_factors[i]; + if (whole >= LLONG_MAX / scale_fact) { + errno = ERANGE; + return -1; + } + /* scale whole part */ whole *= scale_fact; @@ -181,7 +195,9 @@ scan_scaled(char *scaled, long long *result) return 0; } } - errno = ERANGE; + + /* Invalid unit or character */ + errno = EINVAL; return -1; } @@ -196,7 +212,7 @@ fmt_scaled(long long number, char *result) unsigned int i; unit_type unit = NONE; - abval = (number < 0LL) ? -number : number; /* no long long_abs yet */ + abval = llabs(number); /* Not every negative long long has a positive representation. * Also check for numbers that are just too darned big to format diff --git a/crypto/openssh/packet.c b/crypto/openssh/packet.c index 9ef5778..b92fc9f 100644 --- a/crypto/openssh/packet.c +++ b/crypto/openssh/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.243 2016/10/11 21:47:45 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.247 2017/03/11 13:07:35 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -355,6 +355,25 @@ ssh_packet_get_mux(struct ssh *ssh) } int +ssh_packet_set_log_preamble(struct ssh *ssh, const char *fmt, ...) +{ + va_list args; + int r; + + free(ssh->log_preamble); + if (fmt == NULL) + ssh->log_preamble = NULL; + else { + va_start(args, fmt); + r = vasprintf(&ssh->log_preamble, fmt, args); + va_end(args); + if (r < 0 || ssh->log_preamble == NULL) + return SSH_ERR_ALLOC_FAIL; + } + return 0; +} + +int ssh_packet_stop_discard(struct ssh *ssh) { struct session_state *state = ssh->state; @@ -1051,7 +1070,7 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) /* Time-based rekeying */ if (state->rekey_interval != 0 && - state->rekey_time + state->rekey_interval <= monotime()) + (int64_t)state->rekey_time + state->rekey_interval <= monotime()) return 1; /* Always rekey when MAX_PACKETS sent in either direction */ @@ -1449,8 +1468,10 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) break; } } - if (r == 0) - return SSH_ERR_CONN_TIMEOUT; + if (r == 0) { + r = SSH_ERR_CONN_TIMEOUT; + goto out; + } /* Read data from the socket. */ len = read(state->connection_in, buf, sizeof(buf)); if (len == 0) { @@ -1831,11 +1852,11 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) if (r != SSH_ERR_MAC_INVALID) goto out; logit("Corrupted MAC on input."); - if (need > PACKET_MAX_SIZE) + if (need + block_size > PACKET_MAX_SIZE) return SSH_ERR_INTERNAL_ERROR; return ssh_packet_start_discard(ssh, enc, mac, sshbuf_len(state->incoming_packet), - PACKET_MAX_SIZE - need); + PACKET_MAX_SIZE - need - block_size); } /* Remove MAC from input buffer */ DBG(debug("MAC #%d ok", state->p_read.seqnr)); @@ -2076,27 +2097,36 @@ ssh_packet_send_debug(struct ssh *ssh, const char *fmt,...) fatal("%s: %s", __func__, ssh_err(r)); } +static void +fmt_connection_id(struct ssh *ssh, char *s, size_t l) +{ + snprintf(s, l, "%.200s%s%s port %d", + ssh->log_preamble ? ssh->log_preamble : "", + ssh->log_preamble ? " " : "", + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); +} + /* * Pretty-print connection-terminating errors and exit. */ void sshpkt_fatal(struct ssh *ssh, const char *tag, int r) { + char remote_id[512]; + + fmt_connection_id(ssh, remote_id, sizeof(remote_id)); + switch (r) { case SSH_ERR_CONN_CLOSED: - logdie("Connection closed by %.200s port %d", - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); + logdie("Connection closed by %s", remote_id); case SSH_ERR_CONN_TIMEOUT: - logdie("Connection %s %.200s port %d timed out", - ssh->state->server_side ? "from" : "to", - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); + logdie("Connection %s %s timed out", + ssh->state->server_side ? "from" : "to", remote_id); case SSH_ERR_DISCONNECTED: - logdie("Disconnected from %.200s port %d", - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); + logdie("Disconnected from %s", remote_id); case SSH_ERR_SYSTEM_ERROR: if (errno == ECONNRESET) - logdie("Connection reset by %.200s port %d", - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); + logdie("Connection reset by %s", remote_id); /* FALLTHROUGH */ case SSH_ERR_NO_CIPHER_ALG_MATCH: case SSH_ERR_NO_MAC_ALG_MATCH: @@ -2105,17 +2135,16 @@ sshpkt_fatal(struct ssh *ssh, const char *tag, int r) case SSH_ERR_NO_HOSTKEY_ALG_MATCH: if (ssh && ssh->kex && ssh->kex->failed_choice) { BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, "ssh"); - logdie("Unable to negotiate with %.200s port %d: %s. " - "Their offer: %s", ssh_remote_ipaddr(ssh), - ssh_remote_port(ssh), ssh_err(r), + logdie("Unable to negotiate with %s: %s. " + "Their offer: %s", remote_id, ssh_err(r), ssh->kex->failed_choice); } /* FALLTHROUGH */ default: - logdie("%s%sConnection %s %.200s port %d: %s", + logdie("%s%sConnection %s %s: %s", tag != NULL ? tag : "", tag != NULL ? ": " : "", ssh->state->server_side ? "from" : "to", - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), ssh_err(r)); + remote_id, ssh_err(r)); } } @@ -2128,7 +2157,7 @@ sshpkt_fatal(struct ssh *ssh, const char *tag, int r) void ssh_packet_disconnect(struct ssh *ssh, const char *fmt,...) { - char buf[1024]; + char buf[1024], remote_id[512]; va_list args; static int disconnecting = 0; int r; @@ -2141,12 +2170,13 @@ ssh_packet_disconnect(struct ssh *ssh, const char *fmt,...) * Format the message. Note that the caller must make sure the * message is of limited size. */ + fmt_connection_id(ssh, remote_id, sizeof(remote_id)); va_start(args, fmt); vsnprintf(buf, sizeof(buf), fmt, args); va_end(args); /* Display the error locally */ - logit("Disconnecting: %.100s", buf); + logit("Disconnecting %s: %.100s", remote_id, buf); /* * Send the disconnect message to the other side, and wait @@ -2399,10 +2429,10 @@ ssh_packet_send_ignore(struct ssh *ssh, int nbytes) } void -ssh_packet_set_rekey_limits(struct ssh *ssh, u_int64_t bytes, time_t seconds) +ssh_packet_set_rekey_limits(struct ssh *ssh, u_int64_t bytes, u_int32_t seconds) { - debug3("rekey after %llu bytes, %d seconds", (unsigned long long)bytes, - (int)seconds); + debug3("rekey after %llu bytes, %u seconds", (unsigned long long)bytes, + (unsigned int)seconds); ssh->state->rekey_limit = bytes; ssh->state->rekey_interval = seconds; } diff --git a/crypto/openssh/packet.h b/crypto/openssh/packet.h index bfe7da6..0d25b35 100644 --- a/crypto/openssh/packet.h +++ b/crypto/openssh/packet.h @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.74 2016/10/11 21:47:45 djm Exp $ */ +/* $OpenBSD: packet.h,v 1.76 2017/02/03 23:03:33 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -62,6 +62,9 @@ struct ssh { char *local_ipaddr; int local_port; + /* Optional preamble for log messages (e.g. username) */ + char *log_preamble; + /* Dispatcher table */ dispatch_fn *dispatch[DISPATCH_MAX]; /* number of packets to ignore in the dispatcher */ @@ -104,6 +107,8 @@ void ssh_packet_set_server(struct ssh *); void ssh_packet_set_authenticated(struct ssh *); void ssh_packet_set_mux(struct ssh *); int ssh_packet_get_mux(struct ssh *); +int ssh_packet_set_log_preamble(struct ssh *, const char *, ...) + __attribute__((format(printf, 2, 3))); int ssh_packet_log_type(u_char); @@ -154,7 +159,7 @@ int ssh_remote_port(struct ssh *); const char *ssh_local_ipaddr(struct ssh *); int ssh_local_port(struct ssh *); -void ssh_packet_set_rekey_limits(struct ssh *, u_int64_t, time_t); +void ssh_packet_set_rekey_limits(struct ssh *, u_int64_t, u_int32_t); time_t ssh_packet_get_rekey_timeout(struct ssh *); void *ssh_packet_get_input(struct ssh *); diff --git a/crypto/openssh/pathnames.h b/crypto/openssh/pathnames.h index 44b0ea3..c2dc08d 100644 --- a/crypto/openssh/pathnames.h +++ b/crypto/openssh/pathnames.h @@ -167,15 +167,6 @@ #define _PATH_LS "ls" #endif -/* path to login program */ -#ifndef LOGIN_PROGRAM -# ifdef LOGIN_PROGRAM_FALLBACK -# define LOGIN_PROGRAM LOGIN_PROGRAM_FALLBACK -# else -# define LOGIN_PROGRAM "/usr/bin/login" -# endif -#endif /* LOGIN_PROGRAM */ - /* Askpass program define */ #ifndef ASKPASS_PROGRAM #define ASKPASS_PROGRAM "/usr/lib/ssh/ssh-askpass" diff --git a/crypto/openssh/readconf.c b/crypto/openssh/readconf.c index 4b4ad1e..b4e384d 100644 --- a/crypto/openssh/readconf.c +++ b/crypto/openssh/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.262 2016/10/25 04:08:13 jsg Exp $ */ +/* $OpenBSD: readconf.c,v 1.270 2017/03/10 04:27:32 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -95,7 +95,7 @@ __RCSID("$FreeBSD$"); Host books.com RemoteForward 9999 shadows.cs.hut.fi:9999 - Cipher 3des + Ciphers 3des-cbc Host fascist.blob.com Port 23123 @@ -110,7 +110,7 @@ __RCSID("$FreeBSD$"); PublicKeyAuthentication no Host *.su - Cipher none + Ciphers aes128-ctr PasswordAuthentication no Host vpn.fake.com @@ -183,6 +183,44 @@ static struct { const char *name; OpCodes opcode; } keywords[] = { + /* Deprecated options */ + { "fallbacktorsh", oDeprecated }, + { "globalknownhostsfile2", oDeprecated }, + { "rhostsauthentication", oDeprecated }, + { "userknownhostsfile2", oDeprecated }, + { "useroaming", oDeprecated }, + { "usersh", oDeprecated }, + + /* Unsupported options */ + { "afstokenpassing", oUnsupported }, + { "kerberosauthentication", oUnsupported }, + { "kerberostgtpassing", oUnsupported }, + + /* Sometimes-unsupported options */ +#if defined(GSSAPI) + { "gssapiauthentication", oGssAuthentication }, + { "gssapidelegatecredentials", oGssDelegateCreds }, +# else + { "gssapiauthentication", oUnsupported }, + { "gssapidelegatecredentials", oUnsupported }, +#endif +#ifdef ENABLE_PKCS11 + { "smartcarddevice", oPKCS11Provider }, + { "pkcs11provider", oPKCS11Provider }, +# else + { "smartcarddevice", oUnsupported }, + { "pkcs11provider", oUnsupported }, +#endif +#ifdef WITH_SSH1 + { "rsaauthentication", oRSAAuthentication }, + { "rhostsrsaauthentication", oRhostsRSAAuthentication }, + { "compressionlevel", oCompressionLevel }, +# else + { "rsaauthentication", oUnsupported }, + { "rhostsrsaauthentication", oUnsupported }, + { "compressionlevel", oUnsupported }, +#endif + { "forwardagent", oForwardAgent }, { "forwardx11", oForwardX11 }, { "forwardx11trusted", oForwardX11Trusted }, @@ -191,30 +229,15 @@ static struct { { "xauthlocation", oXAuthLocation }, { "gatewayports", oGatewayPorts }, { "useprivilegedport", oUsePrivilegedPort }, - { "rhostsauthentication", oDeprecated }, { "passwordauthentication", oPasswordAuthentication }, { "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, { "kbdinteractivedevices", oKbdInteractiveDevices }, - { "rsaauthentication", oRSAAuthentication }, { "pubkeyauthentication", oPubkeyAuthentication }, { "dsaauthentication", oPubkeyAuthentication }, /* alias */ - { "rhostsrsaauthentication", oRhostsRSAAuthentication }, { "hostbasedauthentication", oHostbasedAuthentication }, { "challengeresponseauthentication", oChallengeResponseAuthentication }, { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */ { "tisauthentication", oChallengeResponseAuthentication }, /* alias */ - { "kerberosauthentication", oUnsupported }, - { "kerberostgtpassing", oUnsupported }, - { "afstokenpassing", oUnsupported }, -#if defined(GSSAPI) - { "gssapiauthentication", oGssAuthentication }, - { "gssapidelegatecredentials", oGssDelegateCreds }, -#else - { "gssapiauthentication", oUnsupported }, - { "gssapidelegatecredentials", oUnsupported }, -#endif - { "fallbacktorsh", oDeprecated }, - { "usersh", oDeprecated }, { "identityfile", oIdentityFile }, { "identityfile2", oIdentityFile }, /* obsolete */ { "identitiesonly", oIdentitiesOnly }, @@ -236,15 +259,12 @@ static struct { { "match", oMatch }, { "escapechar", oEscapeChar }, { "globalknownhostsfile", oGlobalKnownHostsFile }, - { "globalknownhostsfile2", oDeprecated }, { "userknownhostsfile", oUserKnownHostsFile }, - { "userknownhostsfile2", oDeprecated }, { "connectionattempts", oConnectionAttempts }, { "batchmode", oBatchMode }, { "checkhostip", oCheckHostIP }, { "stricthostkeychecking", oStrictHostKeyChecking }, { "compression", oCompression }, - { "compressionlevel", oCompressionLevel }, { "tcpkeepalive", oTCPKeepAlive }, { "keepalive", oTCPKeepAlive }, /* obsolete */ { "numberofpasswordprompts", oNumberOfPasswordPrompts }, @@ -253,13 +273,6 @@ static struct { { "preferredauthentications", oPreferredAuthentications }, { "hostkeyalgorithms", oHostKeyAlgorithms }, { "bindaddress", oBindAddress }, -#ifdef ENABLE_PKCS11 - { "smartcarddevice", oPKCS11Provider }, - { "pkcs11provider", oPKCS11Provider }, -#else - { "smartcarddevice", oUnsupported }, - { "pkcs11provider", oUnsupported }, -#endif { "clearallforwardings", oClearAllForwardings }, { "enablesshkeysign", oEnableSSHKeysign }, { "verifyhostkeydns", oVerifyHostKeyDNS }, @@ -280,7 +293,6 @@ static struct { { "localcommand", oLocalCommand }, { "permitlocalcommand", oPermitLocalCommand }, { "visualhostkey", oVisualHostKey }, - { "useroaming", oDeprecated }, { "kexalgorithms", oKexAlgorithms }, { "ipqos", oIPQoS }, { "requesttty", oRequestTTY }, @@ -841,11 +853,11 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host, activep = &cmdline; } - /* Strip trailing whitespace */ + /* Strip trailing whitespace. Allow \f (form feed) at EOL only */ if ((len = strlen(line)) == 0) return 0; for (len--; len > 0; len--) { - if (strchr(WHITESPACE, line[len]) == NULL) + if (strchr(WHITESPACE "\f", line[len]) == NULL) break; line[len] = '\0'; } @@ -1193,7 +1205,7 @@ parse_int: arg = strdelim(&s); if (!arg || *arg == '\0') fatal("%.200s line %d: Missing argument.", filename, linenum); - if (!ciphers_valid(*arg == '+' ? arg + 1 : arg)) + if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg)) fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.", filename, linenum, arg ? arg : "<NONE>"); if (*activep && options->ciphers == NULL) @@ -1204,7 +1216,7 @@ parse_int: arg = strdelim(&s); if (!arg || *arg == '\0') fatal("%.200s line %d: Missing argument.", filename, linenum); - if (!mac_valid(*arg == '+' ? arg + 1 : arg)) + if (*arg != '-' && !mac_valid(*arg == '+' ? arg + 1 : arg)) fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.", filename, linenum, arg ? arg : "<NONE>"); if (*activep && options->macs == NULL) @@ -1216,7 +1228,8 @@ parse_int: if (!arg || *arg == '\0') fatal("%.200s line %d: Missing argument.", filename, linenum); - if (!kex_names_valid(*arg == '+' ? arg + 1 : arg)) + if (*arg != '-' && + !kex_names_valid(*arg == '+' ? arg + 1 : arg)) fatal("%.200s line %d: Bad SSH2 KexAlgorithms '%s'.", filename, linenum, arg ? arg : "<NONE>"); if (*activep && options->kex_algorithms == NULL) @@ -1230,7 +1243,8 @@ parse_keytypes: if (!arg || *arg == '\0') fatal("%.200s line %d: Missing argument.", filename, linenum); - if (!sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1)) + if (*arg != '-' && + !sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1)) fatal("%s line %d: Bad key types '%s'.", filename, linenum, arg ? arg : "<NONE>"); if (*activep && *charptr == NULL) @@ -1497,6 +1511,7 @@ parse_keytypes: if (r == GLOB_NOMATCH) { debug("%.200s line %d: include %s matched no " "files",filename, linenum, arg2); + free(arg2); continue; } else if (r != 0 || gl.gl_pathc < 0) fatal("%.200s line %d: glob failed for %s.", @@ -1513,6 +1528,11 @@ parse_keytypes: flags | SSHCONF_CHECKPERM | (oactive ? 0 : SSHCONF_NEVERMATCH), activep, depth + 1); + if (r != 1 && errno != ENOENT) { + fatal("Can't open user config file " + "%.100s: %.100s", gl.gl_pathv[i], + strerror(errno)); + } /* * don't let Match in includes clobber the * containing file's Match state. @@ -1727,7 +1747,7 @@ read_config_file_depth(const char *filename, struct passwd *pw, int flags, int *activep, int depth) { FILE *f; - char line[1024]; + char line[4096]; int linenum; int bad_options = 0; @@ -1757,6 +1777,8 @@ read_config_file_depth(const char *filename, struct passwd *pw, while (fgets(line, sizeof(line), f)) { /* Update line number counter. */ linenum++; + if (strlen(line) == sizeof(line) - 1) + fatal("%s line %d too long", filename, linenum); if (process_config_line_depth(options, pw, host, original_host, line, filename, linenum, activep, flags, depth) != 0) bad_options++; @@ -2482,10 +2504,10 @@ dump_cfg_forwards(OpCodes code, u_int count, const struct Forward *fwds) /* oDynamicForward */ for (i = 0; i < count; i++) { fwd = &fwds[i]; - if (code == oDynamicForward && + if (code == oDynamicForward && fwd->connect_host != NULL && strcmp(fwd->connect_host, "socks") != 0) continue; - if (code == oLocalForward && + if (code == oLocalForward && fwd->connect_host != NULL && strcmp(fwd->connect_host, "socks") == 0) continue; printf("%s", lookup_opcode_name(code)); @@ -2558,8 +2580,10 @@ dump_client_config(Options *o, const char *host) dump_cfg_fmtint(oProxyUseFdpass, o->proxy_use_fdpass); dump_cfg_fmtint(oPubkeyAuthentication, o->pubkey_authentication); dump_cfg_fmtint(oRequestTTY, o->request_tty); +#ifdef WITH_RSA1 dump_cfg_fmtint(oRhostsRSAAuthentication, o->rhosts_rsa_authentication); dump_cfg_fmtint(oRSAAuthentication, o->rsa_authentication); +#endif dump_cfg_fmtint(oStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); dump_cfg_fmtint(oStrictHostKeyChecking, o->strict_host_key_checking); dump_cfg_fmtint(oTCPKeepAlive, o->tcp_keep_alive); @@ -2571,7 +2595,9 @@ dump_client_config(Options *o, const char *host) /* Integer options */ dump_cfg_int(oCanonicalizeMaxDots, o->canonicalize_max_dots); +#ifdef WITH_SSH1 dump_cfg_int(oCompressionLevel, o->compression_level); +#endif dump_cfg_int(oConnectionAttempts, o->connection_attempts); dump_cfg_int(oForwardX11Timeout, o->forward_x11_timeout); dump_cfg_int(oNumberOfPasswordPrompts, o->number_of_password_prompts); @@ -2591,7 +2617,9 @@ dump_client_config(Options *o, const char *host) dump_cfg_string(oLocalCommand, o->local_command); dump_cfg_string(oLogLevel, log_level_name(o->log_level)); dump_cfg_string(oMacs, o->macs ? o->macs : KEX_CLIENT_MAC); +#ifdef ENABLE_PKCS11 dump_cfg_string(oPKCS11Provider, o->pkcs11_provider); +#endif dump_cfg_string(oPreferredAuthentications, o->preferred_authentications); dump_cfg_string(oPubkeyAcceptedKeyTypes, o->pubkey_key_types); dump_cfg_string(oRevokedHostKeys, o->revoked_host_keys); diff --git a/crypto/openssh/regress/Makefile b/crypto/openssh/regress/Makefile index c2dba4f..b23496b 100644 --- a/crypto/openssh/regress/Makefile +++ b/crypto/openssh/regress/Makefile @@ -222,6 +222,7 @@ unit: $$V ${.OBJDIR}/unittests/sshkey/test_sshkey \ -d ${.CURDIR}/unittests/sshkey/testdata ; \ $$V ${.OBJDIR}/unittests/bitmap/test_bitmap ; \ + $$V ${.OBJDIR}/unittests/conversion/test_conversion ; \ $$V ${.OBJDIR}/unittests/kex/test_kex ; \ $$V ${.OBJDIR}/unittests/hostkeys/test_hostkeys \ -d ${.CURDIR}/unittests/hostkeys/testdata ; \ diff --git a/crypto/openssh/regress/agent-getpeereid.sh b/crypto/openssh/regress/agent-getpeereid.sh index 91621a5..34bced1 100644 --- a/crypto/openssh/regress/agent-getpeereid.sh +++ b/crypto/openssh/regress/agent-getpeereid.sh @@ -1,4 +1,4 @@ -# $OpenBSD: agent-getpeereid.sh,v 1.7 2016/09/26 21:34:38 bluhm Exp $ +# $OpenBSD: agent-getpeereid.sh,v 1.8 2017/01/06 02:51:16 djm Exp $ # Placed in the Public Domain. tid="disallow agent attach from other uid" @@ -32,17 +32,17 @@ if [ $r -ne 0 ]; then else chmod 644 ${SSH_AUTH_SOCK} - ssh-add -l > /dev/null 2>&1 + ${SSHADD} -l > /dev/null 2>&1 r=$? if [ $r -ne 1 ]; then fail "ssh-add failed with $r != 1" fi if test -z "$sudo" ; then # doas - ${SUDO} -n -u ${UNPRIV} ssh-add -l 2>/dev/null + ${SUDO} -n -u ${UNPRIV} ${SSHADD} -l 2>/dev/null else # sudo - < /dev/null ${SUDO} -S -u ${UNPRIV} ssh-add -l 2>/dev/null + < /dev/null ${SUDO} -S -u ${UNPRIV} ${SSHADD} -l 2>/dev/null fi r=$? if [ $r -lt 2 ]; then diff --git a/crypto/openssh/regress/allow-deny-users.sh b/crypto/openssh/regress/allow-deny-users.sh index 32a269a..86805e1 100644 --- a/crypto/openssh/regress/allow-deny-users.sh +++ b/crypto/openssh/regress/allow-deny-users.sh @@ -4,7 +4,7 @@ tid="AllowUsers/DenyUsers" me="$LOGNAME" -if [ "x$me" == "x" ]; then +if [ "x$me" = "x" ]; then me=`whoami` fi other="nobody" diff --git a/crypto/openssh/regress/cert-file.sh b/crypto/openssh/regress/cert-file.sh index b184e7f..43b8e02 100755 --- a/crypto/openssh/regress/cert-file.sh +++ b/crypto/openssh/regress/cert-file.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cert-file.sh,v 1.4 2016/12/16 02:48:55 djm Exp $ +# $OpenBSD: cert-file.sh,v 1.5 2017/03/11 23:44:16 djm Exp $ # Placed in the Public Domain. tid="ssh with certificates" @@ -17,24 +17,59 @@ ${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key1 || \ fatal "ssh-keygen failed" ${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key2 || \ fatal "ssh-keygen failed" +${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key3 || \ + fatal "ssh-keygen failed" +${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key4 || \ + fatal "ssh-keygen failed" +${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key5 || \ + fatal "ssh-keygen failed" + # Move the certificate to a different address to better control # when it is offered. ${SSHKEYGEN} -q -s $OBJ/user_ca_key1 -I "regress user key for $USER" \ -z $$ -n ${USER} $OBJ/user_key1 || - fail "couldn't sign user_key1 with user_ca_key1" + fatal "couldn't sign user_key1 with user_ca_key1" mv $OBJ/user_key1-cert.pub $OBJ/cert_user_key1_1.pub ${SSHKEYGEN} -q -s $OBJ/user_ca_key2 -I "regress user key for $USER" \ -z $$ -n ${USER} $OBJ/user_key1 || - fail "couldn't sign user_key1 with user_ca_key2" + fatal "couldn't sign user_key1 with user_ca_key2" mv $OBJ/user_key1-cert.pub $OBJ/cert_user_key1_2.pub +${SSHKEYGEN} -q -s $OBJ/user_ca_key1 -I "regress user key for $USER" \ + -z $$ -n ${USER} $OBJ/user_key3 || + fatal "couldn't sign user_key3 with user_ca_key1" +rm $OBJ/user_key3.pub # to test use of private key w/o public half. +${SSHKEYGEN} -q -s $OBJ/user_ca_key1 -I "regress user key for $USER" \ + -z $$ -n ${USER} $OBJ/user_key4 || + fatal "couldn't sign user_key4 with user_ca_key1" +rm $OBJ/user_key4 $OBJ/user_key4.pub # to test no matching pub/private key case. trace 'try with identity files' opts="-F $OBJ/ssh_proxy -oIdentitiesOnly=yes" opts2="$opts -i $OBJ/user_key1 -i $OBJ/user_key2" echo "cert-authority $(cat $OBJ/user_ca_key1.pub)" > $OBJ/authorized_keys_$USER +# Make a clean config that doesn't have any pre-added identities. +cat $OBJ/ssh_proxy | grep -v IdentityFile > $OBJ/no_identity_config + +# XXX: verify that certificate used was what we expect. Needs exposure of +# keys via enviornment variable or similar. + for p in ${SSH_PROTOCOLS}; do + # Key with no .pub should work - finding the equivalent *-cert.pub. + verbose "protocol $p: identity cert with no plain public file" + ${SSH} -F $OBJ/no_identity_config -oIdentitiesOnly=yes \ + -i $OBJ/user_key3 somehost exit 5$p + [ $? -ne 5$p ] && fail "ssh failed" + + # CertificateFile matching private key with no .pub file should work. + verbose "protocol $p: CertificateFile with no plain public file" + ${SSH} -F $OBJ/no_identity_config -oIdentitiesOnly=yes \ + -oCertificateFile=$OBJ/user_key3-cert.pub \ + -i $OBJ/user_key3 somehost exit 5$p + [ $? -ne 5$p ] && fail "ssh failed" + # Just keys should fail + verbose "protocol $p: plain keys" ${SSH} $opts2 somehost exit 5$p r=$? if [ $r -eq 5$p ]; then @@ -42,6 +77,7 @@ for p in ${SSH_PROTOCOLS}; do fi # Keys with untrusted cert should fail. + verbose "protocol $p: untrusted cert" opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_2.pub" ${SSH} $opts3 somehost exit 5$p r=$? @@ -50,6 +86,7 @@ for p in ${SSH_PROTOCOLS}; do fi # Good cert with bad key should fail. + verbose "protocol $p: good cert, bad key" opts3="$opts -i $OBJ/user_key2" opts3="$opts3 -oCertificateFile=$OBJ/cert_user_key1_1.pub" ${SSH} $opts3 somehost exit 5$p @@ -59,6 +96,7 @@ for p in ${SSH_PROTOCOLS}; do fi # Keys with one trusted cert, should succeed. + verbose "protocol $p: single trusted" opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_1.pub" ${SSH} $opts3 somehost exit 5$p r=$? @@ -67,6 +105,7 @@ for p in ${SSH_PROTOCOLS}; do fi # Multiple certs and keys, with one trusted cert, should succeed. + verbose "protocol $p: multiple trusted" opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_2.pub" opts3="$opts3 -oCertificateFile=$OBJ/cert_user_key1_1.pub" ${SSH} $opts3 somehost exit 5$p @@ -74,14 +113,6 @@ for p in ${SSH_PROTOCOLS}; do if [ $r -ne 5$p ]; then fail "ssh failed with multiple certs in protocol $p" fi - - #Keys with trusted certificate specified in config options, should succeed. - opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_1.pub" - ${SSH} $opts3 somehost exit 5$p - r=$? - if [ $r -ne 5$p ]; then - fail "ssh failed with trusted cert in config in protocol $p" - fi done #next, using an agent in combination with the keys diff --git a/crypto/openssh/regress/forwarding.sh b/crypto/openssh/regress/forwarding.sh index 2539db9..45c596d 100644 --- a/crypto/openssh/regress/forwarding.sh +++ b/crypto/openssh/regress/forwarding.sh @@ -1,4 +1,4 @@ -# $OpenBSD: forwarding.sh,v 1.16 2016/04/14 23:57:17 djm Exp $ +# $OpenBSD: forwarding.sh,v 1.19 2017/01/30 05:22:14 djm Exp $ # Placed in the Public Domain. tid="local and remote forwarding" @@ -10,8 +10,7 @@ start_sshd base=33 last=$PORT fwd="" -CTL=$OBJ/ctl-sock -rm -f $CTL +CTL=/tmp/openssh.regress.ctl-sock.$$ for j in 0 1 2; do for i in 0 1 2; do @@ -29,7 +28,8 @@ for p in ${SSH_PROTOCOLS}; do q=$p fi trace "start forwarding, fork to background" - ${SSH} -$p -F $OBJ/ssh_config -f $fwd somehost sleep 10 + rm -f $CTL + ${SSH} -S $CTL -M -$p -F $OBJ/ssh_config -f $fwd somehost sleep 10 trace "transfer over forwarded channels and check result" ${SSH} -$q -F $OBJ/ssh_config -p$last -o 'ConnectionAttempts=4' \ @@ -37,7 +37,7 @@ for p in ${SSH_PROTOCOLS}; do test -s ${COPY} || fail "failed copy of ${DATA}" cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}" - sleep 10 + ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost done for p in ${SSH_PROTOCOLS}; do @@ -52,7 +52,7 @@ for d in L R; do -$d ${base}04:127.0.0.1:$PORT \ -oExitOnForwardFailure=yes somehost true if [ $? != 0 ]; then - fail "connection failed, should not" + fatal "connection failed, should not" else # this one should fail ${SSH} -q -$p -F $OBJ/ssh_config \ @@ -75,30 +75,32 @@ for p in ${SSH_PROTOCOLS}; do ${SSH} -$p -F $OBJ/ssh_config -oClearAllForwardings=yes somehost true trace "clear local forward proto $p" - ${SSH} -$p -f -F $OBJ/ssh_config -L ${base}01:127.0.0.1:$PORT \ + rm -f $CTL + ${SSH} -S $CTL -M -$p -f -F $OBJ/ssh_config -L ${base}01:127.0.0.1:$PORT \ -oClearAllForwardings=yes somehost sleep 10 if [ $? != 0 ]; then fail "connection failed with cleared local forwarding" else # this one should fail - ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \ + ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 somehost true \ >>$TEST_REGRESS_LOGFILE 2>&1 && \ fail "local forwarding not cleared" fi - sleep 10 + ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost trace "clear remote forward proto $p" - ${SSH} -$p -f -F $OBJ/ssh_config -R ${base}01:127.0.0.1:$PORT \ + rm -f $CTL + ${SSH} -S $CTL -M -$p -f -F $OBJ/ssh_config -R ${base}01:127.0.0.1:$PORT \ -oClearAllForwardings=yes somehost sleep 10 if [ $? != 0 ]; then fail "connection failed with cleared remote forwarding" else # this one should fail - ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \ + ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 somehost true \ >>$TEST_REGRESS_LOGFILE 2>&1 && \ fail "remote forwarding not cleared" fi - sleep 10 + ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost done for p in 2; do @@ -115,6 +117,7 @@ echo "LocalForward ${base}01 127.0.0.1:$PORT" >> $OBJ/ssh_config echo "RemoteForward ${base}02 127.0.0.1:${base}01" >> $OBJ/ssh_config for p in ${SSH_PROTOCOLS}; do trace "config file: start forwarding, fork to background" + rm -f $CTL ${SSH} -S $CTL -M -$p -F $OBJ/ssh_config -f somehost sleep 10 trace "config file: transfer over forwarded channels and check result" @@ -123,21 +126,24 @@ for p in ${SSH_PROTOCOLS}; do test -s ${COPY} || fail "failed copy of ${DATA}" cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}" - ${SSH} -S $CTL -O exit somehost + ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost done for p in 2; do trace "transfer over chained unix domain socket forwards and check result" rm -f $OBJ/unix-[123].fwd - ${SSH} -f -F $OBJ/ssh_config -R${base}01:[$OBJ/unix-1.fwd] somehost sleep 10 - ${SSH} -f -F $OBJ/ssh_config -L[$OBJ/unix-1.fwd]:[$OBJ/unix-2.fwd] somehost sleep 10 - ${SSH} -f -F $OBJ/ssh_config -R[$OBJ/unix-2.fwd]:[$OBJ/unix-3.fwd] somehost sleep 10 - ${SSH} -f -F $OBJ/ssh_config -L[$OBJ/unix-3.fwd]:127.0.0.1:$PORT somehost sleep 10 + rm -f $CTL $CTL.[123] + ${SSH} -S $CTL -M -f -F $OBJ/ssh_config -R${base}01:[$OBJ/unix-1.fwd] somehost sleep 10 + ${SSH} -S $CTL.1 -M -f -F $OBJ/ssh_config -L[$OBJ/unix-1.fwd]:[$OBJ/unix-2.fwd] somehost sleep 10 + ${SSH} -S $CTL.2 -M -f -F $OBJ/ssh_config -R[$OBJ/unix-2.fwd]:[$OBJ/unix-3.fwd] somehost sleep 10 + ${SSH} -S $CTL.3 -M -f -F $OBJ/ssh_config -L[$OBJ/unix-3.fwd]:127.0.0.1:$PORT somehost sleep 10 ${SSH} -F $OBJ/ssh_config -p${base}01 -o 'ConnectionAttempts=4' \ somehost cat ${DATA} > ${COPY} test -s ${COPY} || fail "failed copy ${DATA}" cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}" - #wait - sleep 10 + ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost + ${SSH} -F $OBJ/ssh_config -S $CTL.1 -O exit somehost + ${SSH} -F $OBJ/ssh_config -S $CTL.2 -O exit somehost + ${SSH} -F $OBJ/ssh_config -S $CTL.3 -O exit somehost done diff --git a/crypto/openssh/regress/integrity.sh b/crypto/openssh/regress/integrity.sh index 39d310d..1df2924 100755 --- a/crypto/openssh/regress/integrity.sh +++ b/crypto/openssh/regress/integrity.sh @@ -1,12 +1,10 @@ -# $OpenBSD: integrity.sh,v 1.19 2016/11/25 02:56:49 dtucker Exp $ +# $OpenBSD: integrity.sh,v 1.20 2017/01/06 02:26:10 dtucker Exp $ # Placed in the Public Domain. tid="integrity" cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak # start at byte 2900 (i.e. after kex) and corrupt at different offsets -# XXX the test hangs if we modify the low bytes of the packet length -# XXX and ssh tries to read... tries=10 startoffset=2900 macs=`${SSH} -Q mac` @@ -27,6 +25,7 @@ for m in $macs; do elen=0 epad=0 emac=0 + etmo=0 ecnt=0 skip=0 for off in `jot $tries $startoffset`; do diff --git a/crypto/openssh/regress/test-exec.sh b/crypto/openssh/regress/test-exec.sh index bfa4880..dc033cd 100644 --- a/crypto/openssh/regress/test-exec.sh +++ b/crypto/openssh/regress/test-exec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: test-exec.sh,v 1.58 2016/12/16 01:06:27 dtucker Exp $ +# $OpenBSD: test-exec.sh,v 1.59 2017/02/07 23:03:11 dtucker Exp $ # Placed in the Public Domain. #SUDO=sudo @@ -444,12 +444,10 @@ Host * User $USER GlobalKnownHostsFile $OBJ/known_hosts UserKnownHostsFile $OBJ/known_hosts - RSAAuthentication yes PubkeyAuthentication yes ChallengeResponseAuthentication no HostbasedAuthentication no PasswordAuthentication no - RhostsRSAAuthentication no BatchMode yes StrictHostKeyChecking yes LogLevel DEBUG3 diff --git a/crypto/openssh/regress/unittests/Makefile b/crypto/openssh/regress/unittests/Makefile index e70b166..e975f6c 100644 --- a/crypto/openssh/regress/unittests/Makefile +++ b/crypto/openssh/regress/unittests/Makefile @@ -1,5 +1,6 @@ -# $OpenBSD: Makefile,v 1.7 2016/08/19 06:44:13 djm Exp $ -REGRESS_FAIL_EARLY= yes -SUBDIR= test_helper sshbuf sshkey bitmap kex hostkeys utf8 match +# $OpenBSD: Makefile,v 1.9 2017/03/14 01:20:29 dtucker Exp $ + +REGRESS_FAIL_EARLY?= yes +SUBDIR= test_helper sshbuf sshkey bitmap kex hostkeys utf8 match conversion .include <bsd.subdir.mk> diff --git a/crypto/openssh/regress/unittests/conversion/Makefile b/crypto/openssh/regress/unittests/conversion/Makefile new file mode 100644 index 0000000..cde97dc --- /dev/null +++ b/crypto/openssh/regress/unittests/conversion/Makefile @@ -0,0 +1,10 @@ +# $OpenBSD: Makefile,v 1.1 2017/03/14 01:20:29 dtucker Exp $ + +PROG=test_conversion +SRCS=tests.c +REGRESS_TARGETS=run-regress-${PROG} + +run-regress-${PROG}: ${PROG} + env ${TEST_ENV} ./${PROG} + +.include <bsd.regress.mk> diff --git a/crypto/openssh/regress/unittests/conversion/tests.c b/crypto/openssh/regress/unittests/conversion/tests.c new file mode 100644 index 0000000..6dd77ef --- /dev/null +++ b/crypto/openssh/regress/unittests/conversion/tests.c @@ -0,0 +1,51 @@ +/* $OpenBSD: tests.c,v 1.1 2017/03/14 01:20:29 dtucker Exp $ */ +/* + * Regress test for conversions + * + * Placed in the public domain + */ + +#include "includes.h" + +#include <sys/types.h> +#include <sys/param.h> +#include <stdio.h> +#ifdef HAVE_STDINT_H +#include <stdint.h> +#endif +#include <stdlib.h> +#include <string.h> + +#include "../test_helper/test_helper.h" + +#include "misc.h" + +void +tests(void) +{ + char buf[1024]; + + TEST_START("conversion_convtime"); + ASSERT_LONG_EQ(convtime("0"), 0); + ASSERT_LONG_EQ(convtime("1"), 1); + ASSERT_LONG_EQ(convtime("1S"), 1); + /* from the examples in the comment above the function */ + ASSERT_LONG_EQ(convtime("90m"), 5400); + ASSERT_LONG_EQ(convtime("1h30m"), 5400); + ASSERT_LONG_EQ(convtime("2d"), 172800); + ASSERT_LONG_EQ(convtime("1w"), 604800); + + /* negative time is not allowed */ + ASSERT_LONG_EQ(convtime("-7"), -1); + ASSERT_LONG_EQ(convtime("-9d"), -1); + + /* overflow */ + snprintf(buf, sizeof buf, "%llu", (unsigned long long)LONG_MAX + 1); + ASSERT_LONG_EQ(convtime(buf), -1); + + /* overflow with multiplier */ + snprintf(buf, sizeof buf, "%lluM", (unsigned long long)LONG_MAX/60 + 1); + ASSERT_LONG_EQ(convtime(buf), -1); + ASSERT_LONG_EQ(convtime("1000000000000000000000w"), -1); + TEST_DONE(); +} diff --git a/crypto/openssh/regress/unittests/match/tests.c b/crypto/openssh/regress/unittests/match/tests.c index 7ff319c..e159336 100644 --- a/crypto/openssh/regress/unittests/match/tests.c +++ b/crypto/openssh/regress/unittests/match/tests.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tests.c,v 1.3 2016/09/21 17:03:54 djm Exp $ */ +/* $OpenBSD: tests.c,v 1.4 2017/02/03 23:01:42 djm Exp $ */ /* * Regress test for matching functions * @@ -103,6 +103,25 @@ tests(void) /* XXX negated ASSERT_INT_EQ(addr_match_list("127.0.0.1", "!127.0.0.2,10.0.0.1"), 1); */ TEST_DONE(); +#define CHECK_FILTER(string,filter,expected) \ + do { \ + char *result = match_filter_list((string), (filter)); \ + ASSERT_STRING_EQ(result, expected); \ + free(result); \ + } while (0) + + TEST_START("match_filter_list"); + CHECK_FILTER("a,b,c", "", "a,b,c"); + CHECK_FILTER("a,b,c", "a", "b,c"); + CHECK_FILTER("a,b,c", "b", "a,c"); + CHECK_FILTER("a,b,c", "c", "a,b"); + CHECK_FILTER("a,b,c", "a,b", "c"); + CHECK_FILTER("a,b,c", "a,c", "b"); + CHECK_FILTER("a,b,c", "b,c", "a"); + CHECK_FILTER("a,b,c", "a,b,c", ""); + CHECK_FILTER("a,b,c", "b,c", "a"); + CHECK_FILTER("", "a,b,c", ""); + TEST_DONE(); /* * XXX TODO * int match_host_and_ip(const char *, const char *, const char *); diff --git a/crypto/openssh/regress/unittests/test_helper/test_helper.c b/crypto/openssh/regress/unittests/test_helper/test_helper.c index 26ca26b..f855137 100644 --- a/crypto/openssh/regress/unittests/test_helper/test_helper.c +++ b/crypto/openssh/regress/unittests/test_helper/test_helper.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_helper.c,v 1.6 2015/03/03 20:42:49 djm Exp $ */ +/* $OpenBSD: test_helper.c,v 1.7 2017/03/14 01:10:07 dtucker Exp $ */ /* * Copyright (c) 2011 Damien Miller <djm@mindrot.org> * @@ -442,6 +442,17 @@ assert_u_int(const char *file, int line, const char *a1, const char *a2, } void +assert_long(const char *file, int line, const char *a1, const char *a2, + long aa1, long aa2, enum test_predicate pred) +{ + TEST_CHECK(aa1, aa2, pred); + test_header(file, line, a1, a2, "LONG", pred); + fprintf(stderr, "%12s = %ld / 0x%lx\n", a1, aa1, aa1); + fprintf(stderr, "%12s = %ld / 0x%lx\n", a2, aa2, aa2); + test_die(); +} + +void assert_long_long(const char *file, int line, const char *a1, const char *a2, long long aa1, long long aa2, enum test_predicate pred) { diff --git a/crypto/openssh/regress/unittests/test_helper/test_helper.h b/crypto/openssh/regress/unittests/test_helper/test_helper.h index 1d9c669..615b783 100644 --- a/crypto/openssh/regress/unittests/test_helper/test_helper.h +++ b/crypto/openssh/regress/unittests/test_helper/test_helper.h @@ -1,4 +1,4 @@ -/* $OpenBSD: test_helper.h,v 1.6 2015/01/18 19:52:44 djm Exp $ */ +/* $OpenBSD: test_helper.h,v 1.7 2017/03/14 01:10:07 dtucker Exp $ */ /* * Copyright (c) 2011 Damien Miller <djm@mindrot.org> * @@ -67,6 +67,9 @@ void assert_size_t(const char *file, int line, void assert_u_int(const char *file, int line, const char *a1, const char *a2, u_int aa1, u_int aa2, enum test_predicate pred); +void assert_long(const char *file, int line, + const char *a1, const char *a2, + long aa1, long aa2, enum test_predicate pred); void assert_long_long(const char *file, int line, const char *a1, const char *a2, long long aa1, long long aa2, enum test_predicate pred); @@ -110,6 +113,8 @@ void assert_u64(const char *file, int line, assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_EQ) #define ASSERT_U_INT_EQ(a1, a2) \ assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_EQ) +#define ASSERT_LONG_EQ(a1, a2) \ + assert_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_EQ) #define ASSERT_LONG_LONG_EQ(a1, a2) \ assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_EQ) #define ASSERT_CHAR_EQ(a1, a2) \ @@ -139,6 +144,8 @@ void assert_u64(const char *file, int line, assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_NE) #define ASSERT_U_INT_NE(a1, a2) \ assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_NE) +#define ASSERT_LONG_NE(a1, a2) \ + assert_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_NE) #define ASSERT_LONG_LONG_NE(a1, a2) \ assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_NE) #define ASSERT_CHAR_NE(a1, a2) \ @@ -166,6 +173,8 @@ void assert_u64(const char *file, int line, assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LT) #define ASSERT_U_INT_LT(a1, a2) \ assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LT) +#define ASSERT_LONG_LT(a1, a2) \ + assert_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LT) #define ASSERT_LONG_LONG_LT(a1, a2) \ assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LT) #define ASSERT_CHAR_LT(a1, a2) \ @@ -193,6 +202,8 @@ void assert_u64(const char *file, int line, assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LE) #define ASSERT_U_INT_LE(a1, a2) \ assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LE) +#define ASSERT_LONG_LE(a1, a2) \ + assert_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LE) #define ASSERT_LONG_LONG_LE(a1, a2) \ assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LE) #define ASSERT_CHAR_LE(a1, a2) \ @@ -220,6 +231,8 @@ void assert_u64(const char *file, int line, assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GT) #define ASSERT_U_INT_GT(a1, a2) \ assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GT) +#define ASSERT_LONG_GT(a1, a2) \ + assert_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GT) #define ASSERT_LONG_LONG_GT(a1, a2) \ assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GT) #define ASSERT_CHAR_GT(a1, a2) \ @@ -247,6 +260,8 @@ void assert_u64(const char *file, int line, assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GE) #define ASSERT_U_INT_GE(a1, a2) \ assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GE) +#define ASSERT_LONG_GE(a1, a2) \ + assert_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GE) #define ASSERT_LONG_LONG_GE(a1, a2) \ assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GE) #define ASSERT_CHAR_GE(a1, a2) \ diff --git a/crypto/openssh/regress/unittests/utf8/tests.c b/crypto/openssh/regress/unittests/utf8/tests.c index 31f9fe9..f0bbca5 100644 --- a/crypto/openssh/regress/unittests/utf8/tests.c +++ b/crypto/openssh/regress/unittests/utf8/tests.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tests.c,v 1.3 2016/12/19 04:55:18 djm Exp $ */ +/* $OpenBSD: tests.c,v 1.4 2017/02/19 00:11:29 djm Exp $ */ /* * Regress test for the utf8.h *mprintf() API * @@ -15,10 +15,7 @@ #include "utf8.h" -void badarg(void); -void one(const char *, const char *, int, int, int, const char *); - -void +static void badarg(void) { char buf[16]; @@ -33,8 +30,8 @@ badarg(void) TEST_DONE(); } -void -one(const char *name, const char *mbs, int width, +static void +one(int utf8, const char *name, const char *mbs, int width, int wantwidth, int wantlen, const char *wants) { char buf[16]; @@ -43,7 +40,7 @@ one(const char *name, const char *mbs, int width, if (wantlen == -2) wantlen = strlen(wants); - (void)strlcpy(buf, "utf8_", sizeof(buf)); + (void)strlcpy(buf, utf8 ? "utf8_" : "c_", sizeof(buf)); (void)strlcat(buf, name, sizeof(buf)); TEST_START(buf); wp = wantwidth == -2 ? NULL : &width; @@ -65,19 +62,41 @@ tests(void) TEST_DONE(); badarg(); - one("empty", "", 2, 0, 0, ""); - one("ascii", "x", -2, -2, -2, "x"); - one("newline", "a\nb", -2, -2, -2, "a\nb"); - one("cr", "a\rb", -2, -2, -2, "a\rb"); - one("tab", "a\tb", -2, -2, -2, "a\tb"); - one("esc", "\033x", -2, -2, -2, "\\033x"); - one("inv_badbyte", "\377x", -2, -2, -2, "\\377x"); - one("inv_nocont", "\341x", -2, -2, -2, "\\341x"); - one("inv_nolead", "a\200b", -2, -2, -2, "a\\200b"); - one("sz_ascii", "1234567890123456", -2, -2, 16, "123456789012345"); - one("sz_esc", "123456789012\033", -2, -2, 16, "123456789012"); - one("width_ascii", "123", 2, 2, -1, "12"); - one("width_double", "a\343\201\201", 2, 1, -1, "a"); - one("double_fit", "a\343\201\201", 3, 3, 4, "a\343\201\201"); - one("double_spc", "a\343\201\201", 4, 3, 4, "a\343\201\201"); + one(1, "empty", "", 2, 0, 0, ""); + one(1, "ascii", "x", -2, -2, -2, "x"); + one(1, "newline", "a\nb", -2, -2, -2, "a\nb"); + one(1, "cr", "a\rb", -2, -2, -2, "a\rb"); + one(1, "tab", "a\tb", -2, -2, -2, "a\tb"); + one(1, "esc", "\033x", -2, -2, -2, "\\033x"); + one(1, "inv_badbyte", "\377x", -2, -2, -2, "\\377x"); + one(1, "inv_nocont", "\341x", -2, -2, -2, "\\341x"); + one(1, "inv_nolead", "a\200b", -2, -2, -2, "a\\200b"); + one(1, "sz_ascii", "1234567890123456", -2, -2, 16, "123456789012345"); + one(1, "sz_esc", "123456789012\033", -2, -2, 16, "123456789012"); + one(1, "width_ascii", "123", 2, 2, -1, "12"); + one(1, "width_double", "a\343\201\201", 2, 1, -1, "a"); + one(1, "double_fit", "a\343\201\201", 3, 3, 4, "a\343\201\201"); + one(1, "double_spc", "a\343\201\201", 4, 3, 4, "a\343\201\201"); + + TEST_START("C_setlocale"); + loc = setlocale(LC_CTYPE, "C"); + ASSERT_PTR_NE(loc, NULL); + TEST_DONE(); + + badarg(); + one(0, "empty", "", 2, 0, 0, ""); + one(0, "ascii", "x", -2, -2, -2, "x"); + one(0, "newline", "a\nb", -2, -2, -2, "a\nb"); + one(0, "cr", "a\rb", -2, -2, -2, "a\rb"); + one(0, "tab", "a\tb", -2, -2, -2, "a\tb"); + one(0, "esc", "\033x", -2, -2, -2, "\\033x"); + one(0, "inv_badbyte", "\377x", -2, -2, -2, "\\377x"); + one(0, "inv_nocont", "\341x", -2, -2, -2, "\\341x"); + one(0, "inv_nolead", "a\200b", -2, -2, -2, "a\\200b"); + one(0, "sz_ascii", "1234567890123456", -2, -2, 16, "123456789012345"); + one(0, "sz_esc", "123456789012\033", -2, -2, 16, "123456789012"); + one(0, "width_ascii", "123", 2, 2, -1, "12"); + one(0, "width_double", "a\343\201\201", 2, 1, -1, "a"); + one(0, "double_fit", "a\343\201\201", 7, 5, -1, "a\\343"); + one(0, "double_spc", "a\343\201\201", 13, 13, 13, "a\\343\\201\\201"); } diff --git a/crypto/openssh/sandbox-seccomp-filter.c b/crypto/openssh/sandbox-seccomp-filter.c index 2e1ed2c..3a1aedc 100644 --- a/crypto/openssh/sandbox-seccomp-filter.c +++ b/crypto/openssh/sandbox-seccomp-filter.c @@ -73,19 +73,35 @@ # define SECCOMP_FILTER_FAIL SECCOMP_RET_TRAP #endif /* SANDBOX_SECCOMP_FILTER_DEBUG */ +#if __BYTE_ORDER == __LITTLE_ENDIAN +# define ARG_LO_OFFSET 0 +# define ARG_HI_OFFSET sizeof(uint32_t) +#elif __BYTE_ORDER == __BIG_ENDIAN +# define ARG_LO_OFFSET sizeof(uint32_t) +# define ARG_HI_OFFSET 0 +#else +#error "Unknown endianness" +#endif + /* Simple helpers to avoid manual errors (but larger BPF programs). */ #define SC_DENY(_nr, _errno) \ - BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 1), \ + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (_nr), 0, 1), \ BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ERRNO|(_errno)) #define SC_ALLOW(_nr) \ - BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 1), \ + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (_nr), 0, 1), \ BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW) #define SC_ALLOW_ARG(_nr, _arg_nr, _arg_val) \ - BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 4), \ - /* load first syscall argument */ \ + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (_nr), 0, 6), \ + /* load and test first syscall argument, low word */ \ BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \ - offsetof(struct seccomp_data, args[(_arg_nr)])), \ - BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (_arg_val), 0, 1), \ + offsetof(struct seccomp_data, args[(_arg_nr)]) + ARG_LO_OFFSET), \ + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, \ + ((_arg_val) & 0xFFFFFFFF), 0, 3), \ + /* load and test first syscall argument, high word */ \ + BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \ + offsetof(struct seccomp_data, args[(_arg_nr)]) + ARG_HI_OFFSET), \ + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, \ + (((uint32_t)((uint64_t)(_arg_val) >> 32)) & 0xFFFFFFFF), 0, 1), \ BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), \ /* reload syscall number; all rules expect it in accumulator */ \ BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \ @@ -104,108 +120,122 @@ static const struct sock_filter preauth_insns[] = { /* Syscalls to non-fatally deny */ #ifdef __NR_lstat - SC_DENY(lstat, EACCES), + SC_DENY(__NR_lstat, EACCES), #endif #ifdef __NR_lstat64 - SC_DENY(lstat64, EACCES), + SC_DENY(__NR_lstat64, EACCES), #endif #ifdef __NR_fstat - SC_DENY(fstat, EACCES), + SC_DENY(__NR_fstat, EACCES), #endif #ifdef __NR_fstat64 - SC_DENY(fstat64, EACCES), + SC_DENY(__NR_fstat64, EACCES), #endif #ifdef __NR_open - SC_DENY(open, EACCES), + SC_DENY(__NR_open, EACCES), #endif #ifdef __NR_openat - SC_DENY(openat, EACCES), + SC_DENY(__NR_openat, EACCES), #endif #ifdef __NR_newfstatat - SC_DENY(newfstatat, EACCES), + SC_DENY(__NR_newfstatat, EACCES), #endif #ifdef __NR_stat - SC_DENY(stat, EACCES), + SC_DENY(__NR_stat, EACCES), #endif #ifdef __NR_stat64 - SC_DENY(stat64, EACCES), + SC_DENY(__NR_stat64, EACCES), #endif /* Syscalls to permit */ #ifdef __NR_brk - SC_ALLOW(brk), + SC_ALLOW(__NR_brk), #endif #ifdef __NR_clock_gettime - SC_ALLOW(clock_gettime), + SC_ALLOW(__NR_clock_gettime), #endif #ifdef __NR_close - SC_ALLOW(close), + SC_ALLOW(__NR_close), #endif #ifdef __NR_exit - SC_ALLOW(exit), + SC_ALLOW(__NR_exit), #endif #ifdef __NR_exit_group - SC_ALLOW(exit_group), + SC_ALLOW(__NR_exit_group), #endif #ifdef __NR_getpgid - SC_ALLOW(getpgid), + SC_ALLOW(__NR_getpgid), #endif #ifdef __NR_getpid - SC_ALLOW(getpid), + SC_ALLOW(__NR_getpid), #endif #ifdef __NR_getrandom - SC_ALLOW(getrandom), + SC_ALLOW(__NR_getrandom), #endif #ifdef __NR_gettimeofday - SC_ALLOW(gettimeofday), + SC_ALLOW(__NR_gettimeofday), #endif #ifdef __NR_madvise - SC_ALLOW(madvise), + SC_ALLOW(__NR_madvise), #endif #ifdef __NR_mmap - SC_ALLOW(mmap), + SC_ALLOW(__NR_mmap), #endif #ifdef __NR_mmap2 - SC_ALLOW(mmap2), + SC_ALLOW(__NR_mmap2), #endif #ifdef __NR_mremap - SC_ALLOW(mremap), + SC_ALLOW(__NR_mremap), #endif #ifdef __NR_munmap - SC_ALLOW(munmap), + SC_ALLOW(__NR_munmap), #endif #ifdef __NR__newselect - SC_ALLOW(_newselect), + SC_ALLOW(__NR__newselect), #endif #ifdef __NR_poll - SC_ALLOW(poll), + SC_ALLOW(__NR_poll), #endif #ifdef __NR_pselect6 - SC_ALLOW(pselect6), + SC_ALLOW(__NR_pselect6), #endif #ifdef __NR_read - SC_ALLOW(read), + SC_ALLOW(__NR_read), #endif #ifdef __NR_rt_sigprocmask - SC_ALLOW(rt_sigprocmask), + SC_ALLOW(__NR_rt_sigprocmask), #endif #ifdef __NR_select - SC_ALLOW(select), + SC_ALLOW(__NR_select), #endif #ifdef __NR_shutdown - SC_ALLOW(shutdown), + SC_ALLOW(__NR_shutdown), #endif #ifdef __NR_sigprocmask - SC_ALLOW(sigprocmask), + SC_ALLOW(__NR_sigprocmask), #endif #ifdef __NR_time - SC_ALLOW(time), + SC_ALLOW(__NR_time), #endif #ifdef __NR_write - SC_ALLOW(write), + SC_ALLOW(__NR_write), #endif #ifdef __NR_socketcall - SC_ALLOW_ARG(socketcall, 0, SYS_SHUTDOWN), + SC_ALLOW_ARG(__NR_socketcall, 0, SYS_SHUTDOWN), +#endif +#if defined(__NR_ioctl) && defined(__s390__) + /* Allow ioctls for ICA crypto card on s390 */ + SC_ALLOW_ARG(__NR_ioctl, 1, Z90STAT_STATUS_MASK), + SC_ALLOW_ARG(__NR_ioctl, 1, ICARSAMODEXPO), + SC_ALLOW_ARG(__NR_ioctl, 1, ICARSACRT), +#endif +#if defined(__x86_64__) && defined(__ILP32__) && defined(__X32_SYSCALL_BIT) + /* + * On Linux x32, the clock_gettime VDSO falls back to the + * x86-64 syscall under some circumstances, e.g. + * https://bugs.debian.org/849923 + */ + SC_ALLOW(__NR_clock_gettime & ~__X32_SYSCALL_BIT); #endif /* Default deny */ diff --git a/crypto/openssh/servconf.c b/crypto/openssh/servconf.c index c3fe9f8..bc935fc 100644 --- a/crypto/openssh/servconf.c +++ b/crypto/openssh/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.301 2016/11/30 03:00:05 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.306 2017/03/14 07:19:07 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -279,7 +279,7 @@ fill_default_server_options(ServerOptions *options) if (options->gss_cleanup_creds == -1) options->gss_cleanup_creds = 1; if (options->gss_strict_acceptor == -1) - options->gss_strict_acceptor = 0; + options->gss_strict_acceptor = 1; if (options->password_authentication == -1) options->password_authentication = 0; if (options->kbd_interactive_authentication == -1) @@ -547,7 +547,7 @@ static struct { { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL }, { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, - { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, + { "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL}, { "acceptenv", sAcceptEnv, SSHCFG_ALL }, { "permittunnel", sPermitTunnel, SSHCFG_ALL }, { "permittty", sPermitTTY, SSHCFG_ALL }, @@ -983,6 +983,15 @@ process_server_config_line(ServerOptions *options, char *line, long long val64; const struct multistate *multistate_ptr; + /* Strip trailing whitespace. Allow \f (form feed) at EOL only */ + if ((len = strlen(line)) == 0) + return 0; + for (len--; len > 0; len--) { + if (strchr(WHITESPACE "\f", line[len]) == NULL) + break; + line[len] = '\0'; + } + cp = line; if ((arg = strdelim(&cp)) == NULL) return 0; @@ -1185,7 +1194,8 @@ process_server_config_line(ServerOptions *options, char *line, if (!arg || *arg == '\0') fatal("%s line %d: Missing argument.", filename, linenum); - if (!sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1)) + if (*arg != '-' && + !sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1)) fatal("%s line %d: Bad key types '%s'.", filename, linenum, arg ? arg : "<NONE>"); if (*activep && *charptr == NULL) @@ -1381,11 +1391,6 @@ process_server_config_line(ServerOptions *options, char *line, intptr = &options->disable_forwarding; goto parse_flag; - case sUsePrivilegeSeparation: - intptr = &use_privsep; - multistate_ptr = multistate_privsep; - goto parse_multistate; - case sAllowUsers: while ((arg = strdelim(&cp)) && *arg != '\0') { if (options->num_allow_users >= MAX_ALLOW_USERS) @@ -1444,7 +1449,7 @@ process_server_config_line(ServerOptions *options, char *line, arg = strdelim(&cp); if (!arg || *arg == '\0') fatal("%s line %d: Missing argument.", filename, linenum); - if (!ciphers_valid(*arg == '+' ? arg + 1 : arg)) + if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg)) fatal("%s line %d: Bad SSH2 cipher spec '%s'.", filename, linenum, arg ? arg : "<NONE>"); if (options->ciphers == NULL) @@ -1455,7 +1460,7 @@ process_server_config_line(ServerOptions *options, char *line, arg = strdelim(&cp); if (!arg || *arg == '\0') fatal("%s line %d: Missing argument.", filename, linenum); - if (!mac_valid(*arg == '+' ? arg + 1 : arg)) + if (*arg != '-' && !mac_valid(*arg == '+' ? arg + 1 : arg)) fatal("%s line %d: Bad SSH2 mac spec '%s'.", filename, linenum, arg ? arg : "<NONE>"); if (options->macs == NULL) @@ -1467,7 +1472,8 @@ process_server_config_line(ServerOptions *options, char *line, if (!arg || *arg == '\0') fatal("%s line %d: Missing argument.", filename, linenum); - if (!kex_names_valid(*arg == '+' ? arg + 1 : arg)) + if (*arg != '-' && + !kex_names_valid(*arg == '+' ? arg + 1 : arg)) fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", filename, linenum, arg ? arg : "<NONE>"); if (options->kex_algorithms == NULL) @@ -2117,8 +2123,6 @@ fmt_intarg(ServerOpCodes code, int val) return fmt_multistate_int(val, multistate_gatewayports); case sCompression: return fmt_multistate_int(val, multistate_compression); - case sUsePrivilegeSeparation: - return fmt_multistate_int(val, multistate_privsep); case sAllowTcpForwarding: return fmt_multistate_int(val, multistate_tcpfwd); case sAllowStreamLocalForwarding: @@ -2169,8 +2173,6 @@ dump_cfg_fmtint(ServerOpCodes code, int val) static void dump_cfg_string(ServerOpCodes code, const char *val) { - if (val == NULL) - return; printf("%s %s\n", lookup_opcode_name(code), val == NULL ? "none" : val); } @@ -2296,7 +2298,6 @@ dump_config(ServerOptions *o) dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding); dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); - dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); dump_cfg_fmtint(sUseBlacklist, o->use_blacklist); diff --git a/crypto/openssh/serverloop.c b/crypto/openssh/serverloop.c index c4e4699..2976f55 100644 --- a/crypto/openssh/serverloop.c +++ b/crypto/openssh/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.189 2016/12/14 00:36:34 djm Exp $ */ +/* $OpenBSD: serverloop.c,v 1.191 2017/02/01 02:59:09 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -430,7 +430,7 @@ server_input_keep_alive(int type, u_int32_t seq, void *ctxt) } static Channel * -server_request_direct_tcpip(void) +server_request_direct_tcpip(int *reason, const char **errmsg) { Channel *c = NULL; char *target, *originator; @@ -449,11 +449,13 @@ server_request_direct_tcpip(void) if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0 && !no_port_forwarding_flag && !options.disable_forwarding) { c = channel_connect_to_port(target, target_port, - "direct-tcpip", "direct-tcpip"); + "direct-tcpip", "direct-tcpip", reason, errmsg); } else { logit("refused local port forward: " "originator %s port %d, target %s port %d", originator, originator_port, target, target_port); + if (reason != NULL) + *reason = SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED; } free(originator); @@ -468,6 +470,10 @@ server_request_direct_streamlocal(void) Channel *c = NULL; char *target, *originator; u_short originator_port; + struct passwd *pw = the_authctxt->pw; + + if (pw == NULL || !the_authctxt->valid) + fatal("server_input_global_request: no/invalid user"); target = packet_get_string(NULL); originator = packet_get_string(NULL); @@ -480,7 +486,7 @@ server_request_direct_streamlocal(void) /* XXX fine grained permissions */ if ((options.allow_streamlocal_forwarding & FORWARD_LOCAL) != 0 && !no_port_forwarding_flag && !options.disable_forwarding && - use_privsep) { + (pw->pw_uid == 0 || use_privsep)) { c = channel_connect_to_path(target, "direct-streamlocal@openssh.com", "direct-streamlocal"); } else { @@ -577,7 +583,8 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt) { Channel *c = NULL; char *ctype; - int rchan; + const char *errmsg = NULL; + int rchan, reason = SSH2_OPEN_CONNECT_FAILED; u_int rmaxpack, rwindow, len; ctype = packet_get_string(&len); @@ -591,7 +598,7 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt) if (strcmp(ctype, "session") == 0) { c = server_request_session(); } else if (strcmp(ctype, "direct-tcpip") == 0) { - c = server_request_direct_tcpip(); + c = server_request_direct_tcpip(&reason, &errmsg); } else if (strcmp(ctype, "direct-streamlocal@openssh.com") == 0) { c = server_request_direct_streamlocal(); } else if (strcmp(ctype, "tun@openssh.com") == 0) { @@ -614,9 +621,9 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt) debug("server_input_channel_open: failure %s", ctype); packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE); packet_put_int(rchan); - packet_put_int(SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED); + packet_put_int(reason); if (!(datafellows & SSH_BUG_OPENFAILURE)) { - packet_put_cstring("open failed"); + packet_put_cstring(errmsg ? errmsg : "open failed"); packet_put_cstring(""); } packet_send(); @@ -702,6 +709,10 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) int want_reply; int r, success = 0, allocated_listen_port = 0; struct sshbuf *resp = NULL; + struct passwd *pw = the_authctxt->pw; + + if (pw == NULL || !the_authctxt->valid) + fatal("server_input_global_request: no/invalid user"); rtype = packet_get_string(NULL); want_reply = packet_get_char(); @@ -709,12 +720,8 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) /* -R style forwarding */ if (strcmp(rtype, "tcpip-forward") == 0) { - struct passwd *pw; struct Forward fwd; - pw = the_authctxt->pw; - if (pw == NULL || !the_authctxt->valid) - fatal("server_input_global_request: no/invalid user"); memset(&fwd, 0, sizeof(fwd)); fwd.listen_host = packet_get_string(NULL); fwd.listen_port = (u_short)packet_get_int(); @@ -762,9 +769,10 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) /* check permissions */ if ((options.allow_streamlocal_forwarding & FORWARD_REMOTE) == 0 || no_port_forwarding_flag || options.disable_forwarding || - !use_privsep) { + (pw->pw_uid != 0 && !use_privsep)) { success = 0; - packet_send_debug("Server has disabled port forwarding."); + packet_send_debug("Server has disabled " + "streamlocal forwarding."); } else { /* Start listening on the socket */ success = channel_setup_remote_fwd_listener( diff --git a/crypto/openssh/session.c b/crypto/openssh/session.c index 3a5fc44..1217ad4 100644 --- a/crypto/openssh/session.c +++ b/crypto/openssh/session.c @@ -1261,7 +1261,8 @@ static void do_nologin(struct passwd *pw) { FILE *f = NULL; - char buf[1024], *nl, *def_nl = _PATH_NOLOGIN; + const char *nl; + char buf[1024], *def_nl = _PATH_NOLOGIN; struct stat sb; #ifdef HAVE_LOGIN_CAP @@ -1273,11 +1274,8 @@ do_nologin(struct passwd *pw) return; nl = def_nl; #endif - if (stat(nl, &sb) == -1) { - if (nl != def_nl) - free(nl); + if (stat(nl, &sb) == -1) return; - } /* /etc/nologin exists. Print its contents if we can and exit. */ logit("User %.100s not allowed because %s exists", pw->pw_name, nl); diff --git a/crypto/openssh/sftp-client.c b/crypto/openssh/sftp-client.c index e65c15c..a6e8322 100644 --- a/crypto/openssh/sftp-client.c +++ b/crypto/openssh/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.125 2016/09/12 01:22:38 deraadt Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.126 2017/01/03 05:46:51 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> * @@ -67,6 +67,13 @@ extern int showprogress; /* Maximum depth to descend in directory trees */ #define MAX_DIR_DEPTH 64 +/* Directory separator characters */ +#ifdef HAVE_CYGWIN +# define SFTP_DIRECTORY_CHARS "/\\" +#else /* HAVE_CYGWIN */ +# define SFTP_DIRECTORY_CHARS "/" +#endif /* HAVE_CYGWIN */ + struct sftp_conn { int fd_in; int fd_out; @@ -587,6 +594,8 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag, if ((r = sshbuf_get_u32(msg, &count)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (count > SSHBUF_SIZE_MAX) + fatal("%s: nonsensical number of entries", __func__); if (count == 0) break; debug3("Received %d SSH2_FXP_NAME responses", count); @@ -617,7 +626,7 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag, * These can be used to attack recursive ops * (e.g. send '../../../../etc/passwd') */ - if (strchr(filename, '/') != NULL) { + if (strpbrk(filename, SFTP_DIRECTORY_CHARS) != NULL) { error("Server sent suspect path \"%s\" " "during readdir of \"%s\"", filename, path); } else if (dir) { diff --git a/crypto/openssh/sftp.c b/crypto/openssh/sftp.c index 2b8fdab..76add39 100644 --- a/crypto/openssh/sftp.c +++ b/crypto/openssh/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.177 2016/10/18 12:41:22 millert Exp $ */ +/* $OpenBSD: sftp.c,v 1.178 2017/02/15 01:46:47 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> * @@ -969,23 +969,34 @@ static int do_df(struct sftp_conn *conn, const char *path, int hflag, int iflag) { struct sftp_statvfs st; - char s_used[FMT_SCALED_STRSIZE]; - char s_avail[FMT_SCALED_STRSIZE]; - char s_root[FMT_SCALED_STRSIZE]; - char s_total[FMT_SCALED_STRSIZE]; - unsigned long long ffree; + char s_used[FMT_SCALED_STRSIZE], s_avail[FMT_SCALED_STRSIZE]; + char s_root[FMT_SCALED_STRSIZE], s_total[FMT_SCALED_STRSIZE]; + char s_icapacity[16], s_dcapacity[16]; if (do_statvfs(conn, path, &st, 1) == -1) return -1; + if (st.f_files == 0) + strlcpy(s_icapacity, "ERR", sizeof(s_icapacity)); + else { + snprintf(s_icapacity, sizeof(s_icapacity), "%3llu%%", + (unsigned long long)(100 * (st.f_files - st.f_ffree) / + st.f_files)); + } + if (st.f_blocks == 0) + strlcpy(s_dcapacity, "ERR", sizeof(s_dcapacity)); + else { + snprintf(s_dcapacity, sizeof(s_dcapacity), "%3llu%%", + (unsigned long long)(100 * (st.f_blocks - st.f_bfree) / + st.f_blocks)); + } if (iflag) { - ffree = st.f_files ? (100 * (st.f_files - st.f_ffree) / st.f_files) : 0; printf(" Inodes Used Avail " "(root) %%Capacity\n"); - printf("%11llu %11llu %11llu %11llu %3llu%%\n", + printf("%11llu %11llu %11llu %11llu %s\n", (unsigned long long)st.f_files, (unsigned long long)(st.f_files - st.f_ffree), (unsigned long long)st.f_favail, - (unsigned long long)st.f_ffree, ffree); + (unsigned long long)st.f_ffree, s_icapacity); } else if (hflag) { strlcpy(s_used, "error", sizeof(s_used)); strlcpy(s_avail, "error", sizeof(s_avail)); @@ -996,21 +1007,18 @@ do_df(struct sftp_conn *conn, const char *path, int hflag, int iflag) fmt_scaled(st.f_bfree * st.f_frsize, s_root); fmt_scaled(st.f_blocks * st.f_frsize, s_total); printf(" Size Used Avail (root) %%Capacity\n"); - printf("%7sB %7sB %7sB %7sB %3llu%%\n", - s_total, s_used, s_avail, s_root, - (unsigned long long)(100 * (st.f_blocks - st.f_bfree) / - st.f_blocks)); + printf("%7sB %7sB %7sB %7sB %s\n", + s_total, s_used, s_avail, s_root, s_dcapacity); } else { printf(" Size Used Avail " "(root) %%Capacity\n"); - printf("%12llu %12llu %12llu %12llu %3llu%%\n", + printf("%12llu %12llu %12llu %12llu %s\n", (unsigned long long)(st.f_frsize * st.f_blocks / 1024), (unsigned long long)(st.f_frsize * (st.f_blocks - st.f_bfree) / 1024), (unsigned long long)(st.f_frsize * st.f_bavail / 1024), (unsigned long long)(st.f_frsize * st.f_bfree / 1024), - (unsigned long long)(100 * (st.f_blocks - st.f_bfree) / - st.f_blocks)); + s_dcapacity); } return 0; } diff --git a/crypto/openssh/ssh-agent.c b/crypto/openssh/ssh-agent.c index 0d24204..ef5c7f6 100644 --- a/crypto/openssh/ssh-agent.c +++ b/crypto/openssh/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.215 2016/11/30 03:07:37 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.218 2017/03/15 03:52:30 deraadt Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -90,7 +90,7 @@ __RCSID("$FreeBSD$"); #endif #ifndef DEFAULT_PKCS11_WHITELIST -# define DEFAULT_PKCS11_WHITELIST "/usr/lib/*,/usr/local/lib/*" +# define DEFAULT_PKCS11_WHITELIST "/usr/lib*/*,/usr/local/lib*/*" #endif typedef enum { @@ -841,7 +841,7 @@ send: static void process_remove_smartcard_key(SocketEntry *e) { - char *provider = NULL, *pin = NULL; + char *provider = NULL, *pin = NULL, canonical_provider[PATH_MAX]; int r, version, success = 0; Identity *id, *nxt; Idtab *tab; @@ -851,6 +851,13 @@ process_remove_smartcard_key(SocketEntry *e) fatal("%s: buffer error: %s", __func__, ssh_err(r)); free(pin); + if (realpath(provider, canonical_provider) == NULL) { + verbose("failed PKCS#11 add of \"%.100s\": realpath: %s", + provider, strerror(errno)); + goto send; + } + + debug("%s: remove %.100s", __func__, canonical_provider); for (version = 1; version < 3; version++) { tab = idtab_lookup(version); for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) { @@ -858,18 +865,19 @@ process_remove_smartcard_key(SocketEntry *e) /* Skip file--based keys */ if (id->provider == NULL) continue; - if (!strcmp(provider, id->provider)) { + if (!strcmp(canonical_provider, id->provider)) { TAILQ_REMOVE(&tab->idlist, id, next); free_identity(id); tab->nentries--; } } } - if (pkcs11_del_provider(provider) == 0) + if (pkcs11_del_provider(canonical_provider) == 0) success = 1; else error("process_remove_smartcard_key:" " pkcs11_del_provider failed"); +send: free(provider); send_status(e, success); } @@ -1214,10 +1222,9 @@ static void usage(void) { fprintf(stderr, - "usage: ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]\n" + "usage: ssh-agent [-c | -s] [-Ddx] [-a bind_address] [-E fingerprint_hash]\n" " [-P pkcs11_whitelist] [-t life] [command [arg ...]]\n" " ssh-agent [-c | -s] -k\n"); - fprintf(stderr, " -x Exit when the last client disconnects.\n"); exit(1); } diff --git a/crypto/openssh/ssh-keygen.c b/crypto/openssh/ssh-keygen.c index 2a7939b..f17af03 100644 --- a/crypto/openssh/ssh-keygen.c +++ b/crypto/openssh/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.292 2016/09/12 03:29:16 dtucker Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.299 2017/03/10 04:26:06 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -37,6 +37,7 @@ #include <string.h> #include <unistd.h> #include <limits.h> +#include <locale.h> #include "xmalloc.h" #include "sshkey.h" @@ -57,6 +58,7 @@ #include "atomicio.h" #include "krl.h" #include "digest.h" +#include "utf8.h" #ifdef WITH_OPENSSL # define DEFAULT_KEY_TYPE_NAME "rsa" @@ -843,7 +845,7 @@ fingerprint_one_key(const struct sshkey *public, const char *comment) ra = sshkey_fingerprint(public, fingerprint_hash, SSH_FP_RANDOMART); if (fp == NULL || ra == NULL) fatal("%s: sshkey_fingerprint failed", __func__); - printf("%u %s %s (%s)\n", sshkey_size(public), fp, + mprintf("%u %s %s (%s)\n", sshkey_size(public), fp, comment ? comment : "no comment", sshkey_type(public)); if (log_level >= SYSLOG_LEVEL_VERBOSE) printf("%s\n", ra); @@ -1082,6 +1084,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx) struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx; char *hashed, *cp, *hosts, *ohosts; int has_wild = l->hosts && strcspn(l->hosts, "*?!") != strlen(l->hosts); + int was_hashed = l->hosts && l->hosts[0] == HASH_DELIM; switch (l->status) { case HKF_STATUS_OK: @@ -1090,11 +1093,10 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx) * Don't hash hosts already already hashed, with wildcard * characters or a CA/revocation marker. */ - if ((l->match & HKF_MATCH_HOST_HASHED) != 0 || - has_wild || l->marker != MRK_NONE) { + if (was_hashed || has_wild || l->marker != MRK_NONE) { fprintf(ctx->out, "%s\n", l->line); if (has_wild && !find_host) { - logit("%s:%ld: ignoring host name " + logit("%s:%lu: ignoring host name " "with wildcard: %.64s", l->path, l->linenum, l->hosts); } @@ -1106,6 +1108,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx) */ ohosts = hosts = xstrdup(l->hosts); while ((cp = strsep(&hosts, ",")) != NULL && *cp != '\0') { + lowercase(cp); if ((hashed = host_hash(cp, NULL, 0)) == NULL) fatal("hash_host failed"); fprintf(ctx->out, "%s %s\n", hashed, l->rawkey); @@ -1116,7 +1119,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx) case HKF_STATUS_INVALID: /* Retain invalid lines, but mark file as invalid. */ ctx->invalid = 1; - logit("%s:%ld: invalid line", l->path, l->linenum); + logit("%s:%lu: invalid line", l->path, l->linenum); /* FALLTHROUGH */ default: fprintf(ctx->out, "%s\n", l->line); @@ -1150,14 +1153,14 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx) */ ctx->found_key = 1; if (!quiet) - printf("# Host %s found: line %ld\n", + printf("# Host %s found: line %lu\n", ctx->host, l->linenum); } return 0; } else if (find_host) { ctx->found_key = 1; if (!quiet) { - printf("# Host %s found: line %ld %s\n", + printf("# Host %s found: line %lu %s\n", ctx->host, l->linenum, l->marker == MRK_CA ? "CA" : (l->marker == MRK_REVOKE ? "REVOKED" : "")); @@ -1166,7 +1169,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx) known_hosts_hash(l, ctx); else if (print_fingerprint) { fp = sshkey_fingerprint(l->key, fptype, rep); - printf("%s %s %s %s\n", ctx->host, + mprintf("%s %s %s %s\n", ctx->host, sshkey_type(l->key), fp, l->comment); free(fp); } else @@ -1177,7 +1180,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx) /* Retain non-matching hosts when deleting */ if (l->status == HKF_STATUS_INVALID) { ctx->invalid = 1; - logit("%s:%ld: invalid line", l->path, l->linenum); + logit("%s:%lu: invalid line", l->path, l->linenum); } fprintf(ctx->out, "%s\n", l->line); } @@ -1317,7 +1320,7 @@ do_change_passphrase(struct passwd *pw) fatal("Failed to load key %s: %s", identity_file, ssh_err(r)); } if (comment) - printf("Key has comment '%s'\n", comment); + mprintf("Key has comment '%s'\n", comment); /* Ask the new passphrase (twice). */ if (identity_new_passphrase) { @@ -1441,7 +1444,10 @@ do_change_comment(struct passwd *pw) sshkey_free(private); exit(1); } - printf("Key now has comment '%s'\n", comment); + if (comment) + printf("Key now has comment '%s'\n", comment); + else + printf("Key now has no comment\n"); if (identity_comment) { strlcpy(new_comment, identity_comment, sizeof(new_comment)); @@ -2203,11 +2209,17 @@ do_check_krl(struct passwd *pw, int argc, char **argv) exit(ret); } +#ifdef WITH_SSH1 +# define RSA1_USAGE " | rsa1" +#else +# define RSA1_USAGE "" +#endif + static void usage(void) { fprintf(stderr, - "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]\n" + "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa%s]\n" " [-N new_passphrase] [-C comment] [-f output_keyfile]\n" " ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]\n" " ssh-keygen -i [-m key_format] [-f input_keyfile]\n" @@ -2215,7 +2227,7 @@ usage(void) " ssh-keygen -y [-f input_keyfile]\n" " ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n" " ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]\n" - " ssh-keygen -B [-f input_keyfile]\n"); + " ssh-keygen -B [-f input_keyfile]\n", RSA1_USAGE); #ifdef ENABLE_PKCS11 fprintf(stderr, " ssh-keygen -D pkcs11\n"); @@ -2280,6 +2292,8 @@ main(int argc, char **argv) seed_rng(); + msetlocale(); + /* we need this for the home * directory. */ pw = getpwuid(getuid()); if (!pw) diff --git a/crypto/openssh/ssh-keyscan.c b/crypto/openssh/ssh-keyscan.c index c30d54e..1f95239 100644 --- a/crypto/openssh/ssh-keyscan.c +++ b/crypto/openssh/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.106 2016/05/02 10:26:04 djm Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.109 2017/03/10 04:26:06 djm Exp $ */ /* * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. * @@ -321,16 +321,18 @@ keygrab_ssh2(con *c) } static void -keyprint_one(char *host, struct sshkey *key) +keyprint_one(const char *host, struct sshkey *key) { char *hostport; - - if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL) - fatal("host_hash failed"); + const char *known_host, *hashed; hostport = put_host_port(host, ssh_port); + lowercase(hostport); + if (hash_hosts && (hashed = host_hash(host, NULL, 0)) == NULL) + fatal("host_hash failed"); + known_host = hash_hosts ? hashed : hostport; if (!get_cert) - fprintf(stdout, "%s ", hostport); + fprintf(stdout, "%s ", known_host); sshkey_write(key, stdout); fputs("\n", stdout); free(hostport); @@ -752,10 +754,13 @@ main(int argc, char **argv) tname = strtok(optarg, ","); while (tname) { int type = sshkey_type_from_name(tname); + switch (type) { +#ifdef WITH_SSH1 case KEY_RSA1: get_keytypes |= KT_RSA1; break; +#endif case KEY_DSA: get_keytypes |= KT_DSA; break; @@ -769,7 +774,8 @@ main(int argc, char **argv) get_keytypes |= KT_ED25519; break; case KEY_UNSPEC: - fatal("unknown key type %s", tname); + default: + fatal("Unknown key type \"%s\"", tname); } tname = strtok(NULL, ","); } diff --git a/crypto/openssh/ssh.c b/crypto/openssh/ssh.c index 445c0d5..05afc3c 100644 --- a/crypto/openssh/ssh.c +++ b/crypto/openssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.448 2016/12/06 07:48:01 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.451 2017/03/10 04:07:20 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -685,11 +685,11 @@ main(int ac, char **av) else if (strcmp(optarg, "kex") == 0) cp = kex_alg_list('\n'); else if (strcmp(optarg, "key") == 0) - cp = sshkey_alg_list(0, 0, '\n'); + cp = sshkey_alg_list(0, 0, 0, '\n'); else if (strcmp(optarg, "key-cert") == 0) - cp = sshkey_alg_list(1, 0, '\n'); + cp = sshkey_alg_list(1, 0, 0, '\n'); else if (strcmp(optarg, "key-plain") == 0) - cp = sshkey_alg_list(0, 1, '\n'); + cp = sshkey_alg_list(0, 1, 0, '\n'); else if (strcmp(optarg, "protocol-version") == 0) { #ifdef WITH_SSH1 cp = xstrdup("1\n2"); @@ -1099,7 +1099,7 @@ main(int ac, char **av) options.proxy_use_fdpass = 0; snprintf(port_s, sizeof(port_s), "%d", options.jump_port); xasprintf(&options.proxy_command, - "ssh%s%s%s%s%s%s%s%s%s%.*s -W %%h:%%p %s", + "ssh%s%s%s%s%s%s%s%s%s%.*s -W '[%%h]:%%p' %s", /* Optional "-l user" argument if jump_user set */ options.jump_user == NULL ? "" : " -l ", options.jump_user == NULL ? "" : options.jump_user, diff --git a/crypto/openssh/ssh_config b/crypto/openssh/ssh_config index 76a2623..76c4482 100644 --- a/crypto/openssh/ssh_config +++ b/crypto/openssh/ssh_config @@ -50,4 +50,4 @@ # ProxyCommand ssh -q -W %h:%p gateway.example.com # RekeyLimit 1G 1h # VerifyHostKeyDNS yes -# VersionAddendum FreeBSD-20170902 +# VersionAddendum FreeBSD-20170903 diff --git a/crypto/openssh/ssh_config.5 b/crypto/openssh/ssh_config.5 index a8d2820..c94492c 100644 --- a/crypto/openssh/ssh_config.5 +++ b/crypto/openssh/ssh_config.5 @@ -33,9 +33,9 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.240 2016/10/15 19:56:25 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.242 2017/02/27 14:30:33 jmc Exp $ .\" $FreeBSD$ -.Dd $Mdocdate: October 15 2016 $ +.Dd $Mdocdate: February 27 2017 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -417,6 +417,10 @@ If the specified value begins with a .Sq + character, then the specified ciphers will be appended to the default set instead of replacing them. +If the specified value begins with a +.Sq - +character, then the specified ciphers (including wildcards) will be removed +from the default set instead of replacing them. .Pp The supported ciphers are: .Bd -literal -offset indent @@ -786,6 +790,10 @@ Alternately if the specified value begins with a .Sq + character, then the specified key types will be appended to the default set instead of replacing them. +If the specified value begins with a +.Sq - +character, then the specified key types (including wildcards) will be removed +from the default set instead of replacing them. The default for this option is: .Bd -literal -offset 3n ecdsa-sha2-nistp256-cert-v01@openssh.com, @@ -809,6 +817,10 @@ Alternately if the specified value begins with a .Sq + character, then the specified key types will be appended to the default set instead of replacing them. +If the specified value begins with a +.Sq - +character, then the specified key types (including wildcards) will be removed +from the default set instead of replacing them. The default for this option is: .Bd -literal -offset 3n ecdsa-sha2-nistp256-cert-v01@openssh.com, @@ -1029,6 +1041,10 @@ Alternately if the specified value begins with a .Sq + character, then the specified methods will be appended to the default set instead of replacing them. +If the specified value begins with a +.Sq - +character, then the specified methods (including wildcards) will be removed +from the default set instead of replacing them. The default is: .Bd -literal -offset indent curve25519-sha256,curve25519-sha256@libssh.org, @@ -1104,6 +1120,10 @@ If the specified value begins with a .Sq + character, then the specified algorithms will be appended to the default set instead of replacing them. +If the specified value begins with a +.Sq - +character, then the specified algorithms (including wildcards) will be removed +from the default set instead of replacing them. .Pp The algorithms that contain .Qq -etm @@ -1129,7 +1149,7 @@ However, this option disables host authentication for localhost. The argument to this keyword must be .Cm yes or -.Cm no . +.Cm no (the default). .It Cm NumberOfPasswordPrompts Specifies the number of password prompts before giving up. @@ -1266,6 +1286,10 @@ Alternately if the specified value begins with a .Sq + character, then the key types after it will be appended to the default instead of replacing it. +If the specified value begins with a +.Sq - +character, then the specified key types (including wildcards) will be removed +from the default set instead of replacing them. The default for this option is: .Bd -literal -offset 3n ecdsa-sha2-nistp256-cert-v01@openssh.com, @@ -1650,7 +1674,7 @@ in Specifies a string to append to the regular version string to identify OS- or site-specific modifications. The default is -.Dq FreeBSD-20170902 . +.Dq FreeBSD-20170903 . The value .Cm none may be used to disable this. diff --git a/crypto/openssh/ssh_namespace.h b/crypto/openssh/ssh_namespace.h index 767de28..ee76f03 100644 --- a/crypto/openssh/ssh_namespace.h +++ b/crypto/openssh/ssh_namespace.h @@ -255,7 +255,7 @@ #define compat_pkalg_proposal Fssh_compat_pkalg_proposal #define compress_buffer Fssh_compress_buffer #define connect_next Fssh_connect_next -#define connect_to Fssh_connect_to +#define connect_to_reason Fssh_connect_to_reason #define convtime Fssh_convtime #define crypto_hash_sha512 Fssh_crypto_hash_sha512 #define crypto_hashblocks_sha512 Fssh_crypto_hashblocks_sha512 @@ -328,7 +328,6 @@ #define error Fssh_error #define export_dns_rr Fssh_export_dns_rr #define fatal Fssh_fatal -#define filter_proposal Fssh_filter_proposal #define fingerprint_b64 Fssh_fingerprint_b64 #define fingerprint_hex Fssh_fingerprint_hex #define fmprintf Fssh_fmprintf @@ -459,6 +458,7 @@ #define mac_setup Fssh_mac_setup #define mac_valid Fssh_mac_valid #define match Fssh_match +#define match_filter_list Fssh_match_filter_list #define match_host_and_ip Fssh_match_host_and_ip #define match_hostname Fssh_match_hostname #define match_list Fssh_match_list @@ -693,6 +693,7 @@ #define ssh_packet_set_encryption_key Fssh_ssh_packet_set_encryption_key #define ssh_packet_set_input_hook Fssh_ssh_packet_set_input_hook #define ssh_packet_set_interactive Fssh_ssh_packet_set_interactive +#define ssh_packet_set_log_preamble Fssh_ssh_packet_set_log_preamble #define ssh_packet_set_maxsize Fssh_ssh_packet_set_maxsize #define ssh_packet_set_mux Fssh_ssh_packet_set_mux #define ssh_packet_set_nonblocking Fssh_ssh_packet_set_nonblocking diff --git a/crypto/openssh/sshconnect.c b/crypto/openssh/sshconnect.c index 4ae0ed1..02aee69 100644 --- a/crypto/openssh/sshconnect.c +++ b/crypto/openssh/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.272 2016/09/12 01:22:38 deraadt Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.273 2017/03/10 03:22:40 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1533,6 +1533,7 @@ maybe_add_key_to_agent(char *authfile, Key *private, char *comment, if (options.add_keys_to_agent == 2 && !ask_permission("Add key %s (%s) to agent?", authfile, comment)) { debug3("user denied adding this key"); + close(auth_sock); return; } @@ -1541,4 +1542,5 @@ maybe_add_key_to_agent(char *authfile, Key *private, char *comment, debug("identity added to agent: %s", authfile); else debug("could not add identity to agent: %s (%d)", authfile, r); + close(auth_sock); } diff --git a/crypto/openssh/sshconnect1.c b/crypto/openssh/sshconnect1.c index a045361..dc00b4c 100644 --- a/crypto/openssh/sshconnect1.c +++ b/crypto/openssh/sshconnect1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect1.c,v 1.79 2016/09/19 07:52:42 natano Exp $ */ +/* $OpenBSD: sshconnect1.c,v 1.80 2017/03/10 03:53:11 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -520,7 +520,8 @@ ssh_kex(char *host, struct sockaddr *hostaddr) cookie[i] = packet_get_char(); /* Get the public key. */ - server_key = key_new(KEY_RSA1); + if ((server_key = key_new(KEY_RSA1)) == NULL) + fatal("%s: key_new(KEY_RSA1) failed", __func__); bits = packet_get_int(); packet_get_bignum(server_key->rsa->e); packet_get_bignum(server_key->rsa->n); @@ -532,7 +533,8 @@ ssh_kex(char *host, struct sockaddr *hostaddr) logit("Warning: This may be due to an old implementation of ssh."); } /* Get the host key. */ - host_key = key_new(KEY_RSA1); + if ((host_key = key_new(KEY_RSA1)) == NULL) + fatal("%s: key_new(KEY_RSA1) failed", __func__); bits = packet_get_int(); packet_get_bignum(host_key->rsa->e); packet_get_bignum(host_key->rsa->n); diff --git a/crypto/openssh/sshconnect2.c b/crypto/openssh/sshconnect2.c index 103a2b3..f8a54be 100644 --- a/crypto/openssh/sshconnect2.c +++ b/crypto/openssh/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.251 2016/12/04 23:54:02 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.255 2017/03/11 23:40:26 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -193,8 +193,8 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) } if (options.rekey_limit || options.rekey_interval) - packet_set_rekey_limits((u_int32_t)options.rekey_limit, - (time_t)options.rekey_interval); + packet_set_rekey_limits(options.rekey_limit, + options.rekey_interval); /* start key exchange */ if ((r = kex_setup(active_state, myproposal)) != 0) @@ -934,14 +934,14 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt) Authctxt *authctxt = ctxt; char *info, *lang, *password = NULL, *retype = NULL; char prompt[150]; - const char *host = options.host_key_alias ? options.host_key_alias : - authctxt->host; + const char *host; debug2("input_userauth_passwd_changereq"); if (authctxt == NULL) fatal("input_userauth_passwd_changereq: " "no authentication context"); + host = options.host_key_alias ? options.host_key_alias : authctxt->host; info = packet_get_string(NULL); lang = packet_get_string(NULL); @@ -996,11 +996,11 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt) } static const char * -identity_sign_encode(struct identity *id) +key_sign_encode(const struct sshkey *key) { struct ssh *ssh = active_state; - if (id->key->type == KEY_RSA) { + if (key->type == KEY_RSA) { switch (ssh->kex->rsa_sha2) { case 256: return "rsa-sha2-256"; @@ -1008,7 +1008,7 @@ identity_sign_encode(struct identity *id) return "rsa-sha2-512"; } } - return key_ssh_name(id->key); + return key_ssh_name(key); } static int @@ -1017,31 +1017,50 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp, { Key *prv; int ret; - const char *alg; - - alg = identity_sign_encode(id); /* the agent supports this key */ - if (id->agent_fd != -1) + if (id->key != NULL && id->agent_fd != -1) return ssh_agent_sign(id->agent_fd, id->key, sigp, lenp, - data, datalen, alg, compat); + data, datalen, key_sign_encode(id->key), compat); /* * we have already loaded the private key or * the private key is stored in external hardware */ - if (id->isprivate || (id->key->flags & SSHKEY_FLAG_EXT)) - return (sshkey_sign(id->key, sigp, lenp, data, datalen, alg, - compat)); + if (id->key != NULL && + (id->isprivate || (id->key->flags & SSHKEY_FLAG_EXT))) + return (sshkey_sign(id->key, sigp, lenp, data, datalen, + key_sign_encode(id->key), compat)); + /* load the private key from the file */ if ((prv = load_identity_file(id)) == NULL) return SSH_ERR_KEY_NOT_FOUND; - ret = sshkey_sign(prv, sigp, lenp, data, datalen, alg, compat); + ret = sshkey_sign(prv, sigp, lenp, data, datalen, + key_sign_encode(prv), compat); sshkey_free(prv); return (ret); } static int +id_filename_matches(Identity *id, Identity *private_id) +{ + const char *suffixes[] = { ".pub", "-cert.pub", NULL }; + size_t len = strlen(id->filename), plen = strlen(private_id->filename); + size_t i, slen; + + if (strcmp(id->filename, private_id->filename) == 0) + return 1; + for (i = 0; suffixes[i]; i++) { + slen = strlen(suffixes[i]); + if (len > slen && plen == len - slen && + strcmp(id->filename + (len - slen), suffixes[i]) == 0 && + memcmp(id->filename, private_id->filename, plen) == 0) + return 1; + } + return 0; +} + +static int sign_and_send_pubkey(Authctxt *authctxt, Identity *id) { Buffer b; @@ -1083,7 +1102,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) } else { buffer_put_cstring(&b, authctxt->method->name); buffer_put_char(&b, have_sig); - buffer_put_cstring(&b, identity_sign_encode(id)); + buffer_put_cstring(&b, key_sign_encode(id->key)); } buffer_put_string(&b, blob, bloblen); @@ -1103,6 +1122,24 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) break; } } + /* + * Exact key matches are preferred, but also allow + * filename matches for non-PKCS#11/agent keys that + * didn't load public keys. This supports the case + * of keeping just a private key file and public + * certificate on disk. + */ + if (!matched && !id->isprivate && id->agent_fd == -1 && + (id->key->flags & SSHKEY_FLAG_EXT) == 0) { + TAILQ_FOREACH(private_id, &authctxt->keys, next) { + if (private_id->key == NULL && + id_filename_matches(id, private_id)) { + id = private_id; + matched = 1; + break; + } + } + } if (matched) { debug2("%s: using private key \"%s\"%s for " "certificate", __func__, id->filename, @@ -1181,7 +1218,7 @@ send_pubkey_test(Authctxt *authctxt, Identity *id) packet_put_cstring(authctxt->method->name); packet_put_char(have_sig); if (!(datafellows & SSH_BUG_PKAUTH)) - packet_put_cstring(identity_sign_encode(id)); + packet_put_cstring(key_sign_encode(id->key)); packet_put_string(blob, bloblen); free(blob); packet_send(); @@ -1632,7 +1669,7 @@ ssh_keysign(struct sshkey *key, u_char **sigp, size_t *lenp, if ((b = sshbuf_new()) == NULL) fatal("%s: sshbuf_new failed", __func__); /* send # of sock, data to be signed */ - if ((r = sshbuf_put_u32(b, sock) != 0) || + if ((r = sshbuf_put_u32(b, sock)) != 0 || (r = sshbuf_put_string(b, data, datalen)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (ssh_msg_send(to[1], version, b) == -1) diff --git a/crypto/openssh/sshd.8 b/crypto/openssh/sshd.8 index 8608ca2..a427f52 100644 --- a/crypto/openssh/sshd.8 +++ b/crypto/openssh/sshd.8 @@ -33,9 +33,9 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.287 2016/11/30 02:57:40 djm Exp $ +.\" $OpenBSD: sshd.8,v 1.288 2017/01/30 23:27:39 dtucker Exp $ .\" $FreeBSD$ -.Dd $Mdocdate: November 30 2016 $ +.Dd $Mdocdate: January 30 2017 $ .Dt SSHD 8 .Os .Sh NAME @@ -634,7 +634,7 @@ and files contain host public keys for all known hosts. The global file should be prepared by the administrator (optional), and the per-user file is -maintained automatically: whenever the user connects from an unknown host, +maintained automatically: whenever the user connects to an unknown host, its key is added to the per-user file. .Pp Each line in these files contains the following fields: markers (optional), diff --git a/crypto/openssh/sshd.c b/crypto/openssh/sshd.c index 50d3701..ac49484 100644 --- a/crypto/openssh/sshd.c +++ b/crypto/openssh/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.480 2016/12/09 03:04:29 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.485 2017/03/15 03:52:30 deraadt Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -383,14 +383,14 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out) { u_int i; int remote_major, remote_minor; - char *s, *newline = "\n"; + char *s; char buf[256]; /* Must not be larger than remote_version. */ char remote_version[256]; /* Must be at least as big as buf. */ - xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", + xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n", PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, *options.version_addendum == '\0' ? "" : " ", - options.version_addendum, newline); + options.version_addendum); /* Send our protocol version identification. */ if (atomicio(vwrite, sock_out, server_version_string, @@ -1068,6 +1068,11 @@ server_listen(void) close(listen_sock); continue; } + if (fcntl(listen_sock, F_SETFD, FD_CLOEXEC) == -1) { + verbose("socket: CLOEXEC: %s", strerror(errno)); + close(listen_sock); + continue; + } /* * Set socket options. * Allow local port reuse in TIME_WAIT. @@ -1696,6 +1701,15 @@ main(int ac, char **av) continue; key = key_load_private(options.host_key_files[i], "", NULL); pubkey = key_load_public(options.host_key_files[i], NULL); + + if ((pubkey != NULL && pubkey->type == KEY_RSA1) || + (key != NULL && key->type == KEY_RSA1)) { + verbose("Ignoring RSA1 key %s", + options.host_key_files[i]); + key_free(key); + key_free(pubkey); + continue; + } if (pubkey == NULL && key != NULL) pubkey = key_demote(key); sensitive_data.host_keys[i] = key; @@ -2227,7 +2241,7 @@ do_ssh2_kex(void) if (options.rekey_limit || options.rekey_interval) packet_set_rekey_limits(options.rekey_limit, - (time_t)options.rekey_interval); + options.rekey_interval); myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( list_hostkey_types()); diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config index e3e21bf..b015b9d 100644 --- a/crypto/openssh/sshd_config +++ b/crypto/openssh/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $ +# $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $ # $FreeBSD$ # This is the sshd server system-wide configuration file. See @@ -42,7 +42,8 @@ #PubkeyAuthentication yes # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 -#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys #AuthorizedPrincipalsFile none @@ -95,7 +96,6 @@ #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes -#UsePrivilegeSeparation sandbox #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 @@ -106,7 +106,7 @@ #PermitTunnel no #ChrootDirectory none #UseBlacklist no -#VersionAddendum FreeBSD-20170902 +#VersionAddendum FreeBSD-20170903 # no default banner path #Banner none diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5 index e94b93b..2ecf052 100644 --- a/crypto/openssh/sshd_config.5 +++ b/crypto/openssh/sshd_config.5 @@ -33,9 +33,9 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.239 2016/11/30 03:00:05 djm Exp $ +.\" $OpenBSD: sshd_config.5,v 1.243 2017/03/14 07:19:07 djm Exp $ .\" $FreeBSD$ -.Dd $Mdocdate: November 30 2016 $ +.Dd $Mdocdate: March 14 2017 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -438,6 +438,10 @@ If the specified value begins with a .Sq + character, then the specified ciphers will be appended to the default set instead of replacing them. +If the specified value begins with a +.Sq - +character, then the specified ciphers (including wildcards) will be removed +from the default set instead of replacing them. .Pp The supported ciphers are: .Pp @@ -651,6 +655,10 @@ Alternately if the specified value begins with a .Sq + character, then the specified key types will be appended to the default set instead of replacing them. +If the specified value begins with a +.Sq - +character, then the specified key types (including wildcards) will be removed +from the default set instead of replacing them. The default for this option is: .Bd -literal -offset 3n ecdsa-sha2-nistp256-cert-v01@openssh.com, @@ -845,6 +853,10 @@ Alternately if the specified value begins with a .Sq + character, then the specified methods will be appended to the default set instead of replacing them. +If the specified value begins with a +.Sq - +character, then the specified methods (including wildcards) will be removed +from the default set instead of replacing them. The supported algorithms are: .Pp .Bl -item -compact -offset indent @@ -935,6 +947,10 @@ If the specified value begins with a .Sq + character, then the specified algorithms will be appended to the default set instead of replacing them. +If the specified value begins with a +.Sq - +character, then the specified algorithms (including wildcards) will be removed +from the default set instead of replacing them. .Pp The algorithms that contain .Qq -etm @@ -1291,6 +1307,10 @@ Alternately if the specified value begins with a .Sq + character, then the specified key types will be appended to the default set instead of replacing them. +If the specified value begins with a +.Sq - +character, then the specified key types (including wildcards) will be removed +from the default set instead of replacing them. The default for this option is: .Bd -literal -offset 3n ecdsa-sha2-nistp256-cert-v01@openssh.com, @@ -1496,33 +1516,11 @@ is enabled, you will not be able to run as a non-root user. The default is .Cm yes . -.It Cm UsePrivilegeSeparation -Specifies whether -.Xr sshd 8 -separates privileges by creating an unprivileged child process -to deal with incoming network traffic. -After successful authentication, another process will be created that has -the privilege of the authenticated user. -The goal of privilege separation is to prevent privilege -escalation by containing any corruption within the unprivileged processes. -The argument must be -.Cm yes , -.Cm no , -or -.Cm sandbox . -If -.Cm UsePrivilegeSeparation -is set to -.Cm sandbox -then the pre-authentication unprivileged process is subject to additional -restrictions. -The default is -.Cm sandbox . .It Cm VersionAddendum Optionally specifies additional text to append to the SSH protocol banner sent by the server upon connection. The default is -.Qq FreeBSD-20170902 . +.Qq FreeBSD-20170903 . The value .Cm none may be used to disable this. @@ -1669,13 +1667,13 @@ The username. .El .Pp .Cm AuthorizedKeysCommand -accepts the tokens %%, %f, %h, %t, and %u. +accepts the tokens %%, %f, %h, %k, %t, and %u. .Pp .Cm AuthorizedKeysFile accepts the tokens %%, %h, and %u. .Pp .Cm AuthorizedPrincipalsCommand -accepts the tokens %%, %F, %f, %K, %k, %h, %i, %s, %T, %t, and %u. +accepts the tokens %%, %F, %f, %h, %i, %K, %k, %s, %T, %t, and %u. .Pp .Cm AuthorizedPrincipalsFile accepts the tokens %%, %h, and %u. diff --git a/crypto/openssh/sshkey.c b/crypto/openssh/sshkey.c index c01da6c..53a7674 100644 --- a/crypto/openssh/sshkey.c +++ b/crypto/openssh/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.41 2016/10/24 01:09:17 dtucker Exp $ */ +/* $OpenBSD: sshkey.c,v 1.45 2017/03/10 04:07:20 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -89,7 +89,9 @@ static const struct keytype keytypes[] = { { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT", KEY_ED25519_CERT, 0, 1, 0 }, #ifdef WITH_OPENSSL +# ifdef WITH_SSH1 { NULL, "RSA1", KEY_RSA1, 0, 0, 0 }, +# endif { "ssh-rsa", "RSA", KEY_RSA, 0, 0, 0 }, { "rsa-sha2-256", "RSA", KEY_RSA, 0, 0, 1 }, { "rsa-sha2-512", "RSA", KEY_RSA, 0, 0, 1 }, @@ -195,14 +197,16 @@ sshkey_ecdsa_nid_from_name(const char *name) } char * -sshkey_alg_list(int certs_only, int plain_only, char sep) +sshkey_alg_list(int certs_only, int plain_only, int include_sigonly, char sep) { char *tmp, *ret = NULL; size_t nlen, rlen = 0; const struct keytype *kt; for (kt = keytypes; kt->type != -1; kt++) { - if (kt->name == NULL || kt->sigonly) + if (kt->name == NULL) + continue; + if (!include_sigonly && kt->sigonly) continue; if ((certs_only && !kt->cert) || (plain_only && kt->cert)) continue; @@ -1237,6 +1241,9 @@ sshkey_read(struct sshkey *ret, char **cpp) u_long bits; #endif /* WITH_SSH1 */ + if (ret == NULL) + return SSH_ERR_INVALID_ARGUMENT; + cp = *cpp; switch (ret->type) { @@ -3786,7 +3793,46 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL, (char *)passphrase)) == NULL) { - r = SSH_ERR_KEY_WRONG_PASSPHRASE; + unsigned long pem_err = ERR_peek_last_error(); + int pem_reason = ERR_GET_REASON(pem_err); + + /* + * Translate OpenSSL error codes to determine whether + * passphrase is required/incorrect. + */ + switch (ERR_GET_LIB(pem_err)) { + case ERR_LIB_PEM: + switch (pem_reason) { + case PEM_R_BAD_PASSWORD_READ: + case PEM_R_PROBLEMS_GETTING_PASSWORD: + case PEM_R_BAD_DECRYPT: + r = SSH_ERR_KEY_WRONG_PASSPHRASE; + goto out; + default: + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + case ERR_LIB_EVP: + switch (pem_reason) { + case EVP_R_BAD_DECRYPT: + r = SSH_ERR_KEY_WRONG_PASSPHRASE; + goto out; + case EVP_R_BN_DECODE_ERROR: + case EVP_R_DECODE_ERROR: +#ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR + case EVP_R_PRIVATE_KEY_DECODE_ERROR: +#endif + r = SSH_ERR_INVALID_FORMAT; + goto out; + default: + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + case ERR_LIB_ASN1: + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + r = SSH_ERR_LIBCRYPTO_ERROR; goto out; } if (pk->type == EVP_PKEY_RSA && @@ -3860,6 +3906,8 @@ int sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, const char *passphrase, struct sshkey **keyp, char **commentp) { + int r = SSH_ERR_INTERNAL_ERROR; + if (keyp != NULL) *keyp = NULL; if (commentp != NULL) @@ -3882,9 +3930,11 @@ sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, return sshkey_parse_private2(blob, type, passphrase, keyp, commentp); case KEY_UNSPEC: - if (sshkey_parse_private2(blob, type, passphrase, keyp, - commentp) == 0) - return 0; + r = sshkey_parse_private2(blob, type, passphrase, keyp, + commentp); + /* Do not fallback to PEM parser if only passphrase is wrong. */ + if (r == 0 || r == SSH_ERR_KEY_WRONG_PASSPHRASE) + return r; #ifdef WITH_OPENSSL return sshkey_parse_private_pem_fileblob(blob, type, passphrase, keyp); diff --git a/crypto/openssh/sshkey.h b/crypto/openssh/sshkey.h index f393638..1b9e42f 100644 --- a/crypto/openssh/sshkey.h +++ b/crypto/openssh/sshkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.14 2016/09/12 23:31:27 djm Exp $ */ +/* $OpenBSD: sshkey.h,v 1.15 2017/03/10 04:07:20 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -156,7 +156,7 @@ int sshkey_ec_validate_private(const EC_KEY *); const char *sshkey_ssh_name(const struct sshkey *); const char *sshkey_ssh_name_plain(const struct sshkey *); int sshkey_names_valid2(const char *, int); -char *sshkey_alg_list(int, int, char); +char *sshkey_alg_list(int, int, int, char); int sshkey_from_blob(const u_char *, size_t, struct sshkey **); int sshkey_fromb(struct sshbuf *, struct sshkey **); diff --git a/crypto/openssh/utf8.c b/crypto/openssh/utf8.c index 87fa9e8..dead79b 100644 --- a/crypto/openssh/utf8.c +++ b/crypto/openssh/utf8.c @@ -1,4 +1,4 @@ -/* $OpenBSD: utf8.c,v 1.3 2016/05/30 12:57:21 schwarze Exp $ */ +/* $OpenBSD: utf8.c,v 1.5 2017/02/19 00:10:57 djm Exp $ */ /* * Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org> * @@ -60,7 +60,8 @@ dangerous_locale(void) { char *loc; loc = nl_langinfo(CODESET); - return strcmp(loc, "US-ASCII") && strcmp(loc, "UTF-8"); + return strcmp(loc, "US-ASCII") != 0 && strcmp(loc, "UTF-8") != 0 && + strcmp(loc, "ANSI_X3.4-1968") != 0 && strcmp(loc, "646") != 0; } static int @@ -116,6 +117,7 @@ vasnmprintf(char **str, size_t maxsz, int *wp, const char *fmt, va_list ap) sz = strlen(src) + 1; if ((dst = malloc(sz)) == NULL) { free(src); + ret = -1; goto fail; } diff --git a/crypto/openssh/version.h b/crypto/openssh/version.h index e46c6ca..6285d9a 100644 --- a/crypto/openssh/version.h +++ b/crypto/openssh/version.h @@ -1,12 +1,12 @@ -/* $OpenBSD: version.h,v 1.78 2016/12/19 04:55:51 djm Exp $ */ +/* $OpenBSD: version.h,v 1.79 2017/03/20 01:18:59 djm Exp $ */ /* $FreeBSD$ */ -#define SSH_VERSION "OpenSSH_7.4" +#define SSH_VERSION "OpenSSH_7.5" #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE -#define SSH_VERSION_FREEBSD "FreeBSD-20170902" +#define SSH_VERSION_FREEBSD "FreeBSD-20170903" #ifdef WITH_OPENSSL #define OPENSSL_VERSION SSLeay_version(SSLEAY_VERSION) |