diff options
| -rw-r--r-- | kex.c | 4 | ||||
| -rw-r--r-- | kex.h | 5 | ||||
| -rw-r--r-- | packet.c | 7 | ||||
| -rw-r--r-- | servconf.c | 4 | ||||
| -rw-r--r-- | sshconnect2.c | 4 | ||||
| -rw-r--r-- | sshd_config.5 | 12 |
6 files changed, 17 insertions, 19 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: kex.c,v 1.124 2016/09/22 17:52:53 djm Exp $ */ | 1 | /* $OpenBSD: kex.c,v 1.125 2016/09/28 20:32:42 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -684,8 +684,6 @@ choose_comp(struct sshcomp *comp, char *client, char *server) | |||
| 684 | return SSH_ERR_NO_COMPRESS_ALG_MATCH; | 684 | return SSH_ERR_NO_COMPRESS_ALG_MATCH; |
| 685 | if (strcmp(name, "zlib@openssh.com") == 0) { | 685 | if (strcmp(name, "zlib@openssh.com") == 0) { |
| 686 | comp->type = COMP_DELAYED; | 686 | comp->type = COMP_DELAYED; |
| 687 | } else if (strcmp(name, "zlib") == 0) { | ||
| 688 | comp->type = COMP_ZLIB; | ||
| 689 | } else if (strcmp(name, "none") == 0) { | 687 | } else if (strcmp(name, "none") == 0) { |
| 690 | comp->type = COMP_NONE; | 688 | comp->type = COMP_NONE; |
| 691 | } else { | 689 | } else { |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: kex.h,v 1.79 2016/09/22 21:15:41 djm Exp $ */ | 1 | /* $OpenBSD: kex.h,v 1.80 2016/09/28 20:32:42 djm Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
| @@ -64,8 +64,7 @@ | |||
| 64 | #define KEX_CURVE25519_SHA256_OLD "curve25519-sha256@libssh.org" | 64 | #define KEX_CURVE25519_SHA256_OLD "curve25519-sha256@libssh.org" |
| 65 | 65 | ||
| 66 | #define COMP_NONE 0 | 66 | #define COMP_NONE 0 |
| 67 | #define COMP_ZLIB 1 | 67 | #define COMP_DELAYED 1 |
| 68 | #define COMP_DELAYED 2 | ||
| 69 | 68 | ||
| 70 | #define CURVE25519_SIZE 32 | 69 | #define CURVE25519_SIZE 32 |
| 71 | 70 | ||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: packet.c,v 1.239 2016/09/28 16:33:07 djm Exp $ */ | 1 | /* $OpenBSD: packet.c,v 1.240 2016/09/28 20:32:42 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -965,9 +965,8 @@ ssh_set_newkeys(struct ssh *ssh, int mode) | |||
| 965 | /* explicit_bzero(enc->iv, enc->block_size); | 965 | /* explicit_bzero(enc->iv, enc->block_size); |
| 966 | explicit_bzero(enc->key, enc->key_len); | 966 | explicit_bzero(enc->key, enc->key_len); |
| 967 | explicit_bzero(mac->key, mac->key_len); */ | 967 | explicit_bzero(mac->key, mac->key_len); */ |
| 968 | if ((comp->type == COMP_ZLIB || | 968 | if (comp->type == COMP_DELAYED && state->after_authentication && |
| 969 | (comp->type == COMP_DELAYED && | 969 | comp->enabled == 0) { |
| 970 | state->after_authentication)) && comp->enabled == 0) { | ||
| 971 | if ((r = ssh_packet_init_compression(ssh)) < 0) | 970 | if ((r = ssh_packet_init_compression(ssh)) < 0) |
| 972 | return r; | 971 | return r; |
| 973 | if (mode == MODE_OUT) { | 972 | if (mode == MODE_OUT) { |
diff --git a/servconf.c b/servconf.c index 51feb051f..4bf0b2a35 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | 1 | ||
| 2 | /* $OpenBSD: servconf.c,v 1.296 2016/09/28 16:33:07 djm Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.297 2016/09/28 20:32:42 djm Exp $ */ |
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| 5 | * All rights reserved | 5 | * All rights reserved |
| @@ -920,8 +920,8 @@ static const struct multistate multistate_permitrootlogin[] = { | |||
| 920 | { NULL, -1 } | 920 | { NULL, -1 } |
| 921 | }; | 921 | }; |
| 922 | static const struct multistate multistate_compression[] = { | 922 | static const struct multistate multistate_compression[] = { |
| 923 | { "delayed", COMP_DELAYED }, | ||
| 924 | { "yes", COMP_DELAYED }, | 923 | { "yes", COMP_DELAYED }, |
| 924 | { "delayed", COMP_DELAYED }, | ||
| 925 | { "no", COMP_NONE }, | 925 | { "no", COMP_NONE }, |
| 926 | { NULL, -1 } | 926 | { NULL, -1 } |
| 927 | }; | 927 | }; |
diff --git a/sshconnect2.c b/sshconnect2.c index a633e76cb..7a8b7ea97 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshconnect2.c,v 1.249 2016/09/28 16:33:07 djm Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.250 2016/09/28 20:32:42 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
| 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
| @@ -174,7 +174,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | |||
| 174 | compat_cipher_proposal(options.ciphers); | 174 | compat_cipher_proposal(options.ciphers); |
| 175 | myproposal[PROPOSAL_COMP_ALGS_CTOS] = | 175 | myproposal[PROPOSAL_COMP_ALGS_CTOS] = |
| 176 | myproposal[PROPOSAL_COMP_ALGS_STOC] = options.compression ? | 176 | myproposal[PROPOSAL_COMP_ALGS_STOC] = options.compression ? |
| 177 | "zlib@openssh.com,none" : "none,zlib@openssh.com"; | 177 | "zlib@openssh.com,zlib,none" : "none,zlib@openssh.com,zlib"; |
| 178 | myproposal[PROPOSAL_MAC_ALGS_CTOS] = | 178 | myproposal[PROPOSAL_MAC_ALGS_CTOS] = |
| 179 | myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; | 179 | myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; |
| 180 | if (options.hostkeyalgorithms != NULL) { | 180 | if (options.hostkeyalgorithms != NULL) { |
diff --git a/sshd_config.5 b/sshd_config.5 index 59c9ea471..b5d361e1d 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
| @@ -33,8 +33,8 @@ | |||
| 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 35 | .\" | 35 | .\" |
| 36 | .\" $OpenBSD: sshd_config.5,v 1.235 2016/09/22 19:19:01 jmc Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.236 2016/09/28 20:32:42 djm Exp $ |
| 37 | .Dd $Mdocdate: September 22 2016 $ | 37 | .Dd $Mdocdate: September 28 2016 $ |
| 38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
| 39 | .Os | 39 | .Os |
| 40 | .Sh NAME | 40 | .Sh NAME |
| @@ -529,15 +529,17 @@ channel to request a response from the client. | |||
| 529 | The default | 529 | The default |
| 530 | is 0, indicating that these messages will not be sent to the client. | 530 | is 0, indicating that these messages will not be sent to the client. |
| 531 | .It Cm Compression | 531 | .It Cm Compression |
| 532 | Specifies whether compression is allowed, or delayed until | 532 | Specifies whether compression is enabled after |
| 533 | the user has authenticated successfully. | 533 | the user has authenticated successfully. |
| 534 | The argument must be | 534 | The argument must be |
| 535 | .Dq yes , | 535 | .Dq yes , |
| 536 | .Dq delayed , | 536 | .Dq delayed |
| 537 | (a legacy synonym for | ||
| 538 | .Dq yes ) | ||
| 537 | or | 539 | or |
| 538 | .Dq no . | 540 | .Dq no . |
| 539 | The default is | 541 | The default is |
| 540 | .Dq delayed . | 542 | .Dq yes . |
| 541 | .It Cm DenyGroups | 543 | .It Cm DenyGroups |
| 542 | This keyword can be followed by a list of group name patterns, separated | 544 | This keyword can be followed by a list of group name patterns, separated |
| 543 | by spaces. | 545 | by spaces. |