* New upstream release (closes: #453367).

  - CVE-2007-4752: Prevent ssh(1) from using a trusted X11 cookie if
    creation of an untrusted cookie fails; found and fixed by Jan Pechanec
    (closes: #444738).
  - sshd(8) in new installations defaults to SSH Protocol 2 only. Existing
    installations are unchanged.
  - The SSH channel window size has been increased, and both ssh(1)
    sshd(8) now send window updates more aggressively. These improves
    performance on high-BDP (Bandwidth Delay Product) networks.
  - ssh(1) and sshd(8) now preserve MAC contexts between packets, which
    saves 2 hash calls per packet and results in 12-16% speedup for
    arcfour256/hmac-md5.
  - A new MAC algorithm has been added, UMAC-64 (RFC4418) as
    "umac-64@openssh.com". UMAC-64 has been measured to be approximately
    20% faster than HMAC-MD5.
  - Failure to establish a ssh(1) TunnelForward is now treated as a fatal
    error when the ExitOnForwardFailure option is set.
  - ssh(1) returns a sensible exit status if the control master goes away
    without passing the full exit status.
  - When using a ProxyCommand in ssh(1), set the outgoing hostname with
    gethostname(2), allowing hostbased authentication to work.
  - Make scp(1) skip FIFOs rather than hanging (closes: #246774).
  - Encode non-printing characters in scp(1) filenames. These could cause
    copies to be aborted with a "protocol error".
  - Handle SIGINT in sshd(8) privilege separation child process to ensure
    that wtmp and lastlog records are correctly updated.
  - Report GSSAPI mechanism in errors, for libraries that support multiple
    mechanisms.
  - Improve documentation for ssh-add(1)'s -d option.
  - Rearrange and tidy GSSAPI code, removing server-only code being linked
    into the client.
  - Delay execution of ssh(1)'s LocalCommand until after all forwardings
    have been established.
  - In scp(1), do not truncate non-regular files.
  - Improve exit message from ControlMaster clients.
  - Prevent sftp-server(8) from reading until it runs out of buffer space,
    whereupon it would exit with a fatal error (closes: #365541).
  - pam_end() was not being called if authentication failed
    (closes: #405041).
  - Manual page datestamps updated (closes: #433181).

1 files changed, 13 insertions, 8 deletions

diff --git a/kex.c b/kex.c
index 5f9b1dc40..5c8361bac 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.77 2007/01/21 01:41:54 stevesk Exp $ */
+/* $OpenBSD: kex.c,v 1.79 2007/06/05 06:52:37 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  *
@@ -91,7 +91,7 @@ static char **
 kex_buf2prop(Buffer *raw, int *first_kex_follows)
 {
         Buffer b;
-        int i;
+        u_int i;
         char **proposal;
 
         proposal = xcalloc(PROPOSAL_MAX, sizeof(char *));
@@ -112,7 +112,7 @@ kex_buf2prop(Buffer *raw, int *first_kex_follows)
                 *first_kex_follows = i;
         debug2("kex_parse_kexinit: first_kex_follows %d ", i);
         i = buffer_get_int(&b);
-        debug2("kex_parse_kexinit: reserved %d ", i);
+        debug2("kex_parse_kexinit: reserved %u ", i);
         buffer_free(&b);
         return proposal;
 }
@@ -127,6 +127,7 @@ kex_prop_free(char **proposal)
         xfree(proposal);
 }
 
+/* ARGSUSED */
 static void
 kex_protocol_error(int type, u_int32_t seq, void *ctxt)
 {
@@ -198,6 +199,7 @@ kex_send_kexinit(Kex *kex)
         kex->flags |= KEX_INIT_SENT;
 }
 
+/* ARGSUSED */
 void
 kex_input_kexinit(int type, u_int32_t seq, void *ctxt)
 {
@@ -262,7 +264,8 @@ choose_enc(Enc *enc, char *client, char *server)
 {
         char *name = match_list(client, server, NULL);
         if (name == NULL)
-                fatal("no matching cipher found: client %s server %s", client, server);
+                fatal("no matching cipher found: client %s server %s",
+                    client, server);
         if ((enc->cipher = cipher_by_name(name)) == NULL)
                 fatal("matching cipher is not supported: %s", name);
         enc->name = name;
@@ -278,8 +281,9 @@ choose_mac(Mac *mac, char *client, char *server)
 {
         char *name = match_list(client, server, NULL);
         if (name == NULL)
-                fatal("no matching mac found: client %s server %s", client, server);
-        if (mac_init(mac, name) < 0)
+                fatal("no matching mac found: client %s server %s",
+                    client, server);
+        if (mac_setup(mac, name) < 0)
                 fatal("unsupported mac %s", name);
         /* truncate the key */
         if (datafellows & SSH_BUG_HMAC)
@@ -312,7 +316,7 @@ choose_kex(Kex *k, char *client, char *server)
 {
         k->name = match_list(client, server, NULL);
         if (k->name == NULL)
-                fatal("no kex alg");
+                fatal("Unable to negotiate a key exchange method");
         if (strcmp(k->name, KEX_DH1) == 0) {
                 k->kex_type = KEX_DH_GRP1_SHA1;
                 k->evp_md = EVP_sha1();
@@ -406,7 +410,8 @@ kex_choose_conf(Kex *kex)
         for (mode = 0; mode < MODE_MAX; mode++) {
                 newkeys = xcalloc(1, sizeof(*newkeys));
                 kex->newkeys[mode] = newkeys;
-                ctos = (!kex->server && mode == MODE_OUT) || (kex->server && mode == MODE_IN);
+                ctos = (!kex->server && mode == MODE_OUT) ||
+                    (kex->server && mode == MODE_IN);
                 nenc  = ctos ? PROPOSAL_ENC_ALGS_CTOS  : PROPOSAL_ENC_ALGS_STOC;
                 nmac  = ctos ? PROPOSAL_MAC_ALGS_CTOS  : PROPOSAL_MAC_ALGS_STOC;
                 ncomp = ctos ? PROPOSAL_COMP_ALGS_CTOS : PROPOSAL_COMP_ALGS_STOC;