summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog3214
-rw-r--r--INSTALL3
-rw-r--r--Makefile.in24
-rw-r--r--README2
-rw-r--r--auth-pam.c2
-rw-r--r--auth2-pubkey.c23
-rw-r--r--auth2.c12
-rw-r--r--channels.c81
-rw-r--r--channels.h5
-rw-r--r--clientloop.c29
-rw-r--r--compat.c48
-rw-r--r--config.h.in3
-rwxr-xr-xconfigure143
-rw-r--r--configure.ac65
-rw-r--r--contrib/cygwin/ssh-host-config43
-rw-r--r--contrib/redhat/openssh.spec2
-rw-r--r--contrib/suse/openssh.spec2
-rw-r--r--debian/.git-dpm14
-rw-r--r--debian/NEWS23
-rw-r--r--debian/changelog81
-rw-r--r--debian/patches/auth-log-verbosity.patch14
-rw-r--r--debian/patches/authorized-keys-man-symlink.patch6
-rw-r--r--debian/patches/debian-banner.patch16
-rw-r--r--debian/patches/debian-config.patch16
-rw-r--r--debian/patches/dnssec-sshfp.patch2
-rw-r--r--debian/patches/doc-hash-tab-completion.patch6
-rw-r--r--debian/patches/doc-upstart.patch4
-rw-r--r--debian/patches/gnome-ssh-askpass2-icon.patch2
-rw-r--r--debian/patches/gssapi.patch118
-rw-r--r--debian/patches/keepalive-extensions.patch20
-rw-r--r--debian/patches/mention-ssh-keygen-on-keychange.patch4
-rw-r--r--debian/patches/no-dsa-host-key-by-default.patch12
-rw-r--r--debian/patches/no-openssl-version-status.patch2
-rw-r--r--debian/patches/openbsd-docs.patch6
-rw-r--r--debian/patches/package-versioning.patch14
-rw-r--r--debian/patches/quieter-signals.patch4
-rw-r--r--debian/patches/regress-forwarding-race.patch115
-rw-r--r--debian/patches/regress-integrity-robust.patch27
-rw-r--r--debian/patches/regress-mktemp.patch167
-rw-r--r--debian/patches/restore-authorized_keys2.patch4
-rw-r--r--debian/patches/restore-tcp-wrappers.patch16
-rw-r--r--debian/patches/sandbox-x32-workaround.patch37
-rw-r--r--debian/patches/scp-quoting.patch2
-rw-r--r--debian/patches/selinux-role.patch22
-rw-r--r--debian/patches/series7
-rw-r--r--debian/patches/shell-path.patch4
-rw-r--r--debian/patches/sigstop.patch6
-rw-r--r--debian/patches/ssh-agent-setgid.patch2
-rw-r--r--debian/patches/ssh-argv0.patch2
-rw-r--r--debian/patches/ssh-keygen-hash-corruption.patch44
-rw-r--r--debian/patches/ssh-keygen-null-deref.patch31
-rw-r--r--debian/patches/ssh-keyscan-hash-port.patch48
-rw-r--r--debian/patches/ssh-vulnkey-compat.patch20
-rw-r--r--debian/patches/syslog-level-silent.patch6
-rw-r--r--debian/patches/systemd-readiness.patch12
-rw-r--r--debian/patches/unbreak-unix-forwarding-for-root.patch80
-rw-r--r--debian/patches/user-group-modes.patch14
-rw-r--r--digest-openssl.c4
-rw-r--r--hostfile.c19
-rw-r--r--kex.c41
-rw-r--r--krl.c7
-rw-r--r--log.c5
-rw-r--r--match.c46
-rw-r--r--match.h3
-rw-r--r--misc.c17
-rw-r--r--monitor.c7
-rw-r--r--mux.c7
-rw-r--r--openbsd-compat/bsd-misc.c8
-rw-r--r--openbsd-compat/bsd-misc.h4
-rw-r--r--openbsd-compat/fmt_scaled.c34
-rw-r--r--packet.c80
-rw-r--r--packet.h9
-rw-r--r--pathnames.h9
-rw-r--r--readconf.c121
-rw-r--r--regress/Makefile1
-rw-r--r--regress/agent-getpeereid.sh8
-rw-r--r--regress/allow-deny-users.sh2
-rw-r--r--regress/cert-file.sh53
-rw-r--r--regress/forwarding.sh27
-rw-r--r--regress/integrity.sh2
-rw-r--r--regress/mkdtemp.c59
-rw-r--r--regress/multiplex.sh3
-rw-r--r--regress/test-exec.sh15
-rw-r--r--regress/unittests/Makefile7
-rw-r--r--regress/unittests/conversion/Makefile10
-rw-r--r--regress/unittests/conversion/tests.c51
-rw-r--r--regress/unittests/match/tests.c21
-rw-r--r--regress/unittests/test_helper/test_helper.c13
-rw-r--r--regress/unittests/test_helper/test_helper.h17
-rw-r--r--regress/unittests/utf8/tests.c65
-rw-r--r--sandbox-seccomp-filter.c119
-rw-r--r--servconf.c33
-rw-r--r--serverloop.c17
-rw-r--r--sftp-client.c13
-rw-r--r--sftp.c40
-rw-r--r--ssh-agent.c18
-rw-r--r--ssh-keygen.c38
-rw-r--r--ssh-keyscan.c9
-rw-r--r--ssh.c10
-rw-r--r--ssh_config.033
-rw-r--r--ssh_config.530
-rw-r--r--sshconnect.c4
-rw-r--r--sshconnect1.c8
-rw-r--r--sshconnect2.c77
-rw-r--r--sshd.06
-rw-r--r--sshd.86
-rw-r--r--sshd.c24
-rw-r--r--sshd_config3
-rw-r--r--sshd_config.043
-rw-r--r--sshd_config.550
-rw-r--r--sshkey.c64
-rw-r--r--sshkey.h4
-rw-r--r--utf8.c6
-rw-r--r--version.h4
114 files changed, 2741 insertions, 3424 deletions
diff --git a/ChangeLog b/ChangeLog
index d48aba33c..48f648d78 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,1174 @@
1commit d38f05dbdd291212bc95ea80648b72b7177e9f4e
2Author: Darren Tucker <dtucker@zip.com.au>
3Date: Mon Mar 20 13:38:27 2017 +1100
4
5 Add llabs() implementation.
6
7commit 72536316a219b7394996a74691a5d4ec197480f7
8Author: Damien Miller <djm@mindrot.org>
9Date: Mon Mar 20 12:23:04 2017 +1100
10
11 crank version numbers
12
13commit 3be52bc36bdfd24ded7e0f46999e7db520fb4e3f
14Author: djm@openbsd.org <djm@openbsd.org>
15Date: Mon Mar 20 01:18:59 2017 +0000
16
17 upstream commit
18
19 openssh-7.5
20
21 Upstream-ID: b8b9a4a949427c393cd868215e1724ceb3467ee5
22
23commit db84e52fe9cfad57f22e7e23c5fbf00092385129
24Author: Damien Miller <djm@mindrot.org>
25Date: Mon Mar 20 12:07:20 2017 +1100
26
27 I'm a doofus.
28
29 Unbreak obvious syntax error.
30
31commit 89f04852db27643717c9c3a2b0dde97ae50099ee
32Author: Damien Miller <djm@mindrot.org>
33Date: Mon Mar 20 11:53:34 2017 +1100
34
35 on Cygwin, check paths from server for backslashes
36
37 Pointed out by Jann Horn of Google Project Zero
38
39commit 7ef1f9bafc2cc8d97ff2fbd4f280002b6e8ea5d9
40Author: Damien Miller <djm@mindrot.org>
41Date: Mon Mar 20 11:48:34 2017 +1100
42
43 Yet another synonym for ASCII: "646"
44
45 Used by NetBSD; this unbreaks mprintf() and friends there for the C
46 locale (caught by dtucker@ and his menagerie of test systems).
47
48commit 9165abfea3f68a0c684a6ed2e575e59bc31a3a6b
49Author: Damien Miller <djm@mindrot.org>
50Date: Mon Mar 20 09:58:34 2017 +1100
51
52 create test mux socket in /tmp
53
54 Creating the socket in $OBJ could blow past the (quite limited)
55 path limit for Unix domain sockets. As a bandaid for bz#2660,
56 reported by Colin Watson; ok dtucker@
57
58commit 2adbe1e63bc313d03e8e84e652cc623af8ebb163
59Author: markus@openbsd.org <markus@openbsd.org>
60Date: Wed Mar 15 07:07:39 2017 +0000
61
62 upstream commit
63
64 disallow KEXINIT before NEWKEYS; ok djm; report by
65 vegard.nossum at oracle.com
66
67 Upstream-ID: 3668852d1f145050e62f1da08917de34cb0c5234
68
69commit 2fbf91684d76d38b9cf06550b69c9e41bca5a71c
70Author: Darren Tucker <dtucker@zip.com.au>
71Date: Thu Mar 16 14:05:46 2017 +1100
72
73 Include includes.h for compat bits.
74
75commit b55f634e96b9c5b0cd991e23a9ca181bec4bdbad
76Author: Darren Tucker <dtucker@zip.com.au>
77Date: Thu Mar 16 13:45:17 2017 +1100
78
79 Wrap stdint.h in #ifdef HAVE_STDINT_H
80
81commit 55a1117d7342a0bf8b793250cf314bab6b482b99
82Author: Damien Miller <djm@mindrot.org>
83Date: Thu Mar 16 11:22:42 2017 +1100
84
85 Adapt Cygwin config script to privsep knob removal
86
87 Patch from Corinna Vinschen.
88
89commit 1a321bfdb91defe3c4d9cca5651724ae167e5436
90Author: deraadt@openbsd.org <deraadt@openbsd.org>
91Date: Wed Mar 15 03:52:30 2017 +0000
92
93 upstream commit
94
95 accidents happen to the best of us; ok djm
96
97 Upstream-ID: b7a9dbd71011ffde95e06f6945fe7197dedd1604
98
99commit 25f837646be8c2017c914d34be71ca435dfc0e07
100Author: djm@openbsd.org <djm@openbsd.org>
101Date: Wed Mar 15 02:25:09 2017 +0000
102
103 upstream commit
104
105 fix regression in 7.4: deletion of PKCS#11-hosted keys
106 would fail unless they were specified by full physical pathname. Report and
107 fix from Jakub Jelen via bz#2682; ok dtucker@
108
109 Upstream-ID: 5b5bc20ca11cacb5d5eb29c3f93fd18425552268
110
111commit a8c5eeacf032a7d3408957e45dd7603cc1baf55f
112Author: djm@openbsd.org <djm@openbsd.org>
113Date: Wed Mar 15 02:19:09 2017 +0000
114
115 upstream commit
116
117 Fix segfault when sshd attempts to load RSA1 keys (can
118 only happen when protocol v.1 support is enabled for the client). Reported by
119 Jakub Jelen in bz#2686; ok dtucker
120
121 Upstream-ID: 8fdaec2ba4b5f65db1d094f6714ce64b25d871d7
122
123commit 66705948c0639a7061a0d0753266da7685badfec
124Author: djm@openbsd.org <djm@openbsd.org>
125Date: Tue Mar 14 07:19:07 2017 +0000
126
127 upstream commit
128
129 Mark the sshd_config UsePrivilegeSeparation option as
130 deprecated, effectively making privsep mandatory in sandboxing mode. ok
131 markus@ deraadt@
132
133 (note: this doesn't remove the !privsep code paths, though that will
134 happen eventually).
135
136 Upstream-ID: b4c52666256c4dd865f8ce9431af5d6ce2d74a0a
137
138commit f86586b03fe6cd8f595289bde200a94bc2c191af
139Author: Damien Miller <djm@mindrot.org>
140Date: Tue Mar 14 18:26:29 2017 +1100
141
142 Make seccomp-bpf sandbox work on Linux/X32
143
144 Allow clock_gettime syscall with X32 bit masked off. Apparently
145 this is required for at least some kernel versions. bz#2142
146 Patch mostly by Colin Watson. ok dtucker@
147
148commit 2429cf78dd2a9741ce27ba25ac41c535274a0af6
149Author: Damien Miller <djm@mindrot.org>
150Date: Tue Mar 14 18:01:52 2017 +1100
151
152 require OpenSSL >=1.0.1
153
154commit e3ea335abeab731c68f2b2141bee85a4b0bf680f
155Author: Damien Miller <djm@mindrot.org>
156Date: Tue Mar 14 17:48:43 2017 +1100
157
158 Remove macro trickery; no binary change
159
160 This stops the SC_ALLOW(), SC_ALLOW_ARG() and SC_DENY() macros
161 prepending __NR_ to the syscall number parameter and just makes
162 them explicit in the macro invocations.
163
164 No binary change in stripped object file before/after.
165
166commit 5f1596e11d55539678c41f68aed358628d33d86f
167Author: Damien Miller <djm@mindrot.org>
168Date: Tue Mar 14 13:15:18 2017 +1100
169
170 support ioctls for ICA crypto card on Linux/s390
171
172 Based on patch from Eduardo Barretto; ok dtucker@
173
174commit b1b22dd0df2668b322dda174e501dccba2cf5c44
175Author: Darren Tucker <dtucker@zip.com.au>
176Date: Tue Mar 14 14:19:36 2017 +1100
177
178 Plumb conversion test into makefile.
179
180commit f57783f1ddfb4cdfbd612c6beb5ec01cb5b9a6b9
181Author: dtucker@openbsd.org <dtucker@openbsd.org>
182Date: Tue Mar 14 01:20:29 2017 +0000
183
184 upstream commit
185
186 Add unit test for convtime().
187
188 Upstream-Regress-ID: 8717bc0ca4c21120f6dd3a1d3b7a363f707c31e1
189
190commit 8884b7247d094cd11ff9e39c325ba928c5bdbc6c
191Author: dtucker@openbsd.org <dtucker@openbsd.org>
192Date: Tue Mar 14 01:10:07 2017 +0000
193
194 upstream commit
195
196 Add ASSERT_LONG_* helpers.
197
198 Upstream-Regress-ID: fe15beaea8f5063c7f21b0660c722648e3d76431
199
200commit c6774d21185220c0ba11e8fd204bf0ad1a432071
201Author: dtucker@openbsd.org <dtucker@openbsd.org>
202Date: Tue Mar 14 00:55:37 2017 +0000
203
204 upstream commit
205
206 Fix convtime() overflow test on boundary condition,
207 spotted by & ok djm.
208
209 Upstream-ID: 51f14c507ea87a3022e63f574100613ab2ba5708
210
211commit f5746b40cfe6d767c8e128fe50c43274b31cd594
212Author: dtucker@openbsd.org <dtucker@openbsd.org>
213Date: Tue Mar 14 00:25:03 2017 +0000
214
215 upstream commit
216
217 Check for integer overflow when parsing times in
218 convtime(). Reported by nicolas.iooss at m4x.org, ok djm@
219
220 Upstream-ID: 35e6a4e98f6fa24df50bfb8ba1307cf70e966f13
221
222commit f5907982f42a8d88a430b8a46752cbb7859ba979
223Author: Darren Tucker <dtucker@zip.com.au>
224Date: Tue Mar 14 13:38:15 2017 +1100
225
226 Add a "unit" target to run only unit tests.
227
228commit 9e96b41682aed793fadbea5ccd472f862179fb02
229Author: Damien Miller <djm@mindrot.org>
230Date: Tue Mar 14 12:24:47 2017 +1100
231
232 Fix weakness in seccomp-bpf sandbox arg inspection
233
234 Syscall arguments are passed via an array of 64-bit values in struct
235 seccomp_data, but we were only inspecting the bottom 32 bits and not
236 even those correctly for BE systems.
237
238 Fortunately, the only case argument inspection was used was in the
239 socketcall filtering so using this for sandbox escape seems
240 impossible.
241
242 ok dtucker
243
244commit 8ff3fc3f2f7c13e8968717bc2b895ee32c441275
245Author: djm@openbsd.org <djm@openbsd.org>
246Date: Sat Mar 11 23:44:16 2017 +0000
247
248 upstream commit
249
250 regress tests for loading certificates without public keys;
251 bz#2617 based on patch from Adam Eijdenberg; ok markus@ dtucker@
252
253 Upstream-Regress-ID: 0145d19328ed995b73fe2d9da33596b17429d0d0
254
255commit 1e24552716194db8f2f620587b876158a9ef56ad
256Author: djm@openbsd.org <djm@openbsd.org>
257Date: Sat Mar 11 23:40:26 2017 +0000
258
259 upstream commit
260
261 allow ssh to use certificates accompanied by a private
262 key file but no corresponding plain *.pub public key. bz#2617 based on patch
263 from Adam Eijdenberg; ok dtucker@ markus@
264
265 Upstream-ID: 295668dca2c39505281577217583ddd2bd4b00b9
266
267commit 0fb1a617a07b8df5de188dd5a0c8bf293d4bfc0e
268Author: markus@openbsd.org <markus@openbsd.org>
269Date: Sat Mar 11 13:07:35 2017 +0000
270
271 upstream commit
272
273 Don't count the initial block twice when computing how
274 many bytes to discard for the work around for the attacks against CBC-mode.
275 ok djm@; report from Jean Paul, Kenny, Martin and Torben @ RHUL
276
277 Upstream-ID: f445f509a4e0a7ba3b9c0dae7311cb42458dc1e2
278
279commit ef653dd5bd5777132d9f9ee356225f9ee3379504
280Author: dtucker@openbsd.org <dtucker@openbsd.org>
281Date: Fri Mar 10 07:18:32 2017 +0000
282
283 upstream commit
284
285 krl.c
286
287 Upstream-ID: fc5e695d5d107d730182e2da7b23f00b489e0ee1
288
289commit d94c1dfef2ea30ca67b1204ada7c3b537c54f4d0
290Author: Damien Miller <djm@mindrot.org>
291Date: Sun Mar 12 10:48:14 2017 +1100
292
293 sync fmt_scaled.c with OpenBSD
294
295 revision 1.13
296 date: 2017/03/11 23:37:23; author: djm; state: Exp; lines: +14 -1; commitid: jnFKyHkB3CEiEZ2R;
297 fix signed integer overflow in scan_scaled. Found by Nicolas Iooss
298 using AFL against ssh_config. ok deraadt@ millert@
299 ----------------------------
300 revision 1.12
301 date: 2013/11/29 19:00:51; author: deraadt; state: Exp; lines: +6 -5;
302 fairly simple unsigned char casts for ctype
303 ok krw
304 ----------------------------
305 revision 1.11
306 date: 2012/11/12 14:07:20; author: halex; state: Exp; lines: +4 -2;
307 make scan_scaled set errno to EINVAL rather than ERANGE if it encounters
308 an invalid multiplier, like the man page says it should
309
310 "looks sensible" deraadt@, ok ian@
311 ----------------------------
312 revision 1.10
313 date: 2009/06/20 15:00:04; author: martynas; state: Exp; lines: +4 -4;
314 use llabs instead of the home-grown version; and some comment changes
315 ok ian@, millert@
316 ----------------------------
317
318commit 894221a63fa061e52e414ca58d47edc5fe645968
319Author: djm@openbsd.org <djm@openbsd.org>
320Date: Fri Mar 10 05:01:13 2017 +0000
321
322 upstream commit
323
324 When updating hostkeys, accept RSA keys if
325 HostkeyAlgorithms contains any RSA keytype. Previously, ssh could ignore RSA
326 keys when any of the ssh-rsa-sha2-* methods was enabled in HostkeyAlgorithms
327 nit ssh-rsa (SHA1 signatures) was not. bz#2650 reported by Luis Ressel; ok
328 dtucker@
329
330 Upstream-ID: c5e8cfee15c42f4a05d126158a0766ea06da79d2
331
332commit dd3e2298663f4cc1a06bc69582d00dcfee27d73c
333Author: djm@openbsd.org <djm@openbsd.org>
334Date: Fri Mar 10 04:24:55 2017 +0000
335
336 upstream commit
337
338 make hostname matching really insensitive to case;
339 bz#2685, reported by Petr Cerny; ok dtucker@
340
341 Upstream-ID: e467622ff154269e36ba8b6c9e3d105e1c4a9253
342
343commit 77a9be9446697fe8b5499fe651f4a82a71a4b51f
344Author: djm@openbsd.org <djm@openbsd.org>
345Date: Fri Mar 10 03:52:48 2017 +0000
346
347 upstream commit
348
349 reword a comment to make it fit 80 columns
350
351 Upstream-ID: 4ef509a66b96c7314bbcc87027c2af71fa9d0ba4
352
353commit 61b8ef6a66efaec07e023342cb94a10bdc2254dc
354Author: djm@openbsd.org <djm@openbsd.org>
355Date: Fri Mar 10 04:27:32 2017 +0000
356
357 upstream commit
358
359 better match sshd config parser behaviour: fatal() if
360 line is overlong, increase line buffer to match sshd's; bz#2651 reported by
361 Don Fong; ok dtucker@
362
363 Upstream-ID: b175ae7e0ba403833f1ee566edf10f67443ccd18
364
365commit db2597207e69912f2592cd86a1de8e948a9d7ffb
366Author: djm@openbsd.org <djm@openbsd.org>
367Date: Fri Mar 10 04:26:06 2017 +0000
368
369 upstream commit
370
371 ensure hostname is lower-case before hashing it;
372 bz#2591 reported by Griff Miller II; ok dtucker@
373
374 Upstream-ID: c3b8b93804f376bd00d859b8bcd9fc0d86b4db17
375
376commit df9936936c695f85c1038bd706d62edf752aca4b
377Author: djm@openbsd.org <djm@openbsd.org>
378Date: Fri Mar 10 04:24:55 2017 +0000
379
380 upstream commit
381
382 make hostname matching really insensitive to case;
383 bz#2685, reported by Petr Cerny; ok dtucker@
384
385 Upstream-ID: e632b7a9bf0d0558d5ff56dab98b7cca6c3db549
386
387commit 67eed24bfa7645d88fa0b883745fccb22a0e527e
388Author: dtucker@openbsd.org <dtucker@openbsd.org>
389Date: Fri Mar 10 04:11:00 2017 +0000
390
391 upstream commit
392
393 Remove old null check from config dumper. Patch from
394 jjelen at redhat.com vi bz#2687, ok djm@
395
396 Upstream-ID: 824ab71467b78c4bab0dd1b3a38e8bc5f63dd528
397
398commit 183ba55aaaecca0206184b854ad6155df237adbe
399Author: djm@openbsd.org <djm@openbsd.org>
400Date: Fri Mar 10 04:07:20 2017 +0000
401
402 upstream commit
403
404 fix regression in 7.4 server-sig-algs, where we were
405 accidentally excluding SHA2 RSA signature methods. bz#2680, patch from Nuno
406 Goncalves; ok dtucker@
407
408 Upstream-ID: 81ac8bfb30960447740b9b8f6a214dcf322f12e8
409
410commit 66be4fe8c4435af5bbc82998501a142a831f1181
411Author: dtucker@openbsd.org <dtucker@openbsd.org>
412Date: Fri Mar 10 03:53:11 2017 +0000
413
414 upstream commit
415
416 Check for NULL return value from key_new. Patch from
417 jjelen at redhat.com via bz#2687, ok djm@
418
419 Upstream-ID: 059e33cd43cba88dc8caf0b1936fd4dd88fd5b8e
420
421commit ec2892b5c7fea199914cb3a6afb3af38f84990bf
422Author: djm@openbsd.org <djm@openbsd.org>
423Date: Fri Mar 10 03:52:48 2017 +0000
424
425 upstream commit
426
427 reword a comment to make it fit 80 columns
428
429 Upstream-ID: b4b48b4487c0821d16e812c40c9b09f03b28e349
430
431commit 7fadbb6da3f4122de689165651eb39985e1cba85
432Author: dtucker@openbsd.org <dtucker@openbsd.org>
433Date: Fri Mar 10 03:48:57 2017 +0000
434
435 upstream commit
436
437 Check for NULL argument to sshkey_read. Patch from
438 jjelen at redhat.com via bz#2687, ok djm@
439
440 Upstream-ID: c2d00c2ea50c4861d271d0a586f925cc64a87e0e
441
442commit 5a06b9e019e2b0b0f65a223422935b66f3749de3
443Author: dtucker@openbsd.org <dtucker@openbsd.org>
444Date: Fri Mar 10 03:45:40 2017 +0000
445
446 upstream commit
447
448 Plug some mem leaks mostly on error paths. From jjelen
449 at redhat.com via bz#2687, ok djm@
450
451 Upstream-ID: 3fb030149598957a51b7c8beb32bf92cf30c96f2
452
453commit f6edbe9febff8121f26835996b1229b5064d31b7
454Author: dtucker@openbsd.org <dtucker@openbsd.org>
455Date: Fri Mar 10 03:24:48 2017 +0000
456
457 upstream commit
458
459 Plug mem leak on GLOB_NOMATCH case. From jjelen at
460 redhat.com via bz#2687, ok djm@
461
462 Upstream-ID: 8016a7ae97719d3aa55fb723fc2ad3200058340d
463
464commit 566b3a46e89a2fda2db46f04f2639e92da64a120
465Author: dtucker@openbsd.org <dtucker@openbsd.org>
466Date: Fri Mar 10 03:22:40 2017 +0000
467
468 upstream commit
469
470 Plug descriptor leaks of auth_sock. From jjelen at
471 redhat.com via bz#2687, ok djm@
472
473 Upstream-ID: 248acb99a5ed2fdca37d1aa33c0fcee7be286d88
474
475commit 8a2834454c73dfc1eb96453c0e97690595f3f4c2
476Author: djm@openbsd.org <djm@openbsd.org>
477Date: Fri Mar 10 03:18:24 2017 +0000
478
479 upstream commit
480
481 correctly hash hosts with a port number. Reported by Josh
482 Powers in bz#2692; ok dtucker@
483
484 Upstream-ID: 468e357ff143e00acc05bdd2803a696b3d4b6442
485
486commit 9747b9c742de409633d4753bf1a752cbd211e2d3
487Author: djm@openbsd.org <djm@openbsd.org>
488Date: Fri Mar 10 03:15:58 2017 +0000
489
490 upstream commit
491
492 don't truncate off \r\n from long stderr lines; bz#2688,
493 reported by Brian Dyson; ok dtucker@
494
495 Upstream-ID: cdfdc4ba90639af807397ce996153c88af046ca4
496
497commit 4a4b75adac862029a1064577eb5af299b1580cdd
498Author: dtucker@openbsd.org <dtucker@openbsd.org>
499Date: Fri Mar 10 02:59:51 2017 +0000
500
501 upstream commit
502
503 Validate digest arg in ssh_digest_final; from jjelen at
504 redhat.com via bz#2687, ok djm@
505
506 Upstream-ID: dbe5494dfddfe523fab341a3dab5a79e7338f878
507
508commit bee0167be2340d8de4bdc1ab1064ec957c85a447
509Author: Darren Tucker <dtucker@zip.com.au>
510Date: Fri Mar 10 13:40:18 2017 +1100
511
512 Check for NULL from malloc.
513
514 Part of bz#2687, from jjelen at redhat.com.
515
516commit da39b09d43b137a5a3d071b51589e3efb3701238
517Author: Darren Tucker <dtucker@zip.com.au>
518Date: Fri Mar 10 13:22:32 2017 +1100
519
520 If OSX is using launchd, remove screen no.
521
522 Check for socket with and without screen number. From Apple and Jakob
523 Schlyter via bz#2341, with contributions from Ron Frederick, ok djm@
524
525commit 8fb15311a011517eb2394bb95a467c209b8b336c
526Author: djm@openbsd.org <djm@openbsd.org>
527Date: Wed Mar 8 12:07:47 2017 +0000
528
529 upstream commit
530
531 quote [host]:port in generated ProxyJump commandline; the
532 [ / ] characters can confuse some shells (e.g. zsh). Reported by Lauri
533 Tirkkonen via bugs@
534
535 Upstream-ID: 65cdd161460e1351c3d778e974c1c2a4fa4bc182
536
537commit 18501151cf272a15b5f2c5e777f2e0933633c513
538Author: dtucker@openbsd.org <dtucker@openbsd.org>
539Date: Mon Mar 6 02:03:20 2017 +0000
540
541 upstream commit
542
543 Check l->hosts before dereferencing; fixes potential null
544 pointer deref. ok djm@
545
546 Upstream-ID: 81c0327c6ec361da794b5c680601195cc23d1301
547
548commit d072370793f1a20f01ad827ba8fcd3b8f2c46165
549Author: dtucker@openbsd.org <dtucker@openbsd.org>
550Date: Mon Mar 6 00:44:51 2017 +0000
551
552 upstream commit
553
554 linenum is unsigned long so use %lu in log formats. ok
555 deraadt@
556
557 Upstream-ID: 9dc582d9bb887ebe0164e030d619fc20b1a4ea08
558
559commit 12d3767ba4c84c32150cbe6ff6494498780f12c9
560Author: djm@openbsd.org <djm@openbsd.org>
561Date: Fri Mar 3 06:13:11 2017 +0000
562
563 upstream commit
564
565 fix ssh-keygen -H accidentally corrupting known_hosts that
566 contained already-hashed entries. HKF_MATCH_HOST_HASHED is only set by
567 hostkeys_foreach() when hostname matching is in use, so we need to look for
568 the hash marker explicitly.
569
570 Upstream-ID: da82ad653b93e8a753580d3cf5cd448bc2520528
571
572commit d7abb771bd5a941b26144ba400a34563a1afa589
573Author: djm@openbsd.org <djm@openbsd.org>
574Date: Tue Feb 28 06:10:08 2017 +0000
575
576 upstream commit
577
578 small memleak: free fd_set on connection timeout (though
579 we are heading to exit anyway). From Tom Rix in bz#2683
580
581 Upstream-ID: 10e3dadbb8199845b66581473711642d9e6741c4
582
583commit 78142e3ab3887e53a968d6e199bcb18daaf2436e
584Author: jmc@openbsd.org <jmc@openbsd.org>
585Date: Mon Feb 27 14:30:33 2017 +0000
586
587 upstream commit
588
589 errant dot; from klemens nanni
590
591 Upstream-ID: 83d93366a5acf47047298c5d3ebc5e7426f37921
592
593commit 8071a6924c12bb51406a9a64a4b2892675112c87
594Author: djm@openbsd.org <djm@openbsd.org>
595Date: Fri Feb 24 03:16:34 2017 +0000
596
597 upstream commit
598
599 might as well set the listener socket CLOEXEC
600
601 Upstream-ID: 9c538433d6a0ca79f5f21decc5620e46fb68ab57
602
603commit d5499190559ebe374bcdfa8805408646ceffad64
604Author: djm@openbsd.org <djm@openbsd.org>
605Date: Sun Feb 19 00:11:29 2017 +0000
606
607 upstream commit
608
609 add test cases for C locale; ok schwarze@
610
611 Upstream-Regress-ID: 783d75de35fbc923d46e2a5e6cee30f8f381ba87
612
613commit 011c8ffbb0275281a0cf330054cf21be10c43e37
614Author: djm@openbsd.org <djm@openbsd.org>
615Date: Sun Feb 19 00:10:57 2017 +0000
616
617 upstream commit
618
619 Add a common nl_langinfo(CODESET) alias for US-ASCII
620 "ANSI_X3.4-1968" that is used by Linux. Fixes mprintf output truncation for
621 non-UTF-8 locales on Linux spotted by dtucker@; ok deraadt@ schwarze@
622
623 Upstream-ID: c6808956ebffd64066f9075d839f74ff0dd60719
624
625commit 0c4430a19b73058a569573492f55e4c9eeaae67b
626Author: dtucker@openbsd.org <dtucker@openbsd.org>
627Date: Tue Feb 7 23:03:11 2017 +0000
628
629 upstream commit
630
631 Remove deprecated SSH1 options RSAAuthentication and
632 RhostsRSAAuthentication from regression test sshd_config.
633
634 Upstream-Regress-ID: 8066b753d9dce7cf02ff87af5c727ff680d99491
635
636commit 3baa4cdd197c95d972ec3d07f1c0d08f2d7d9199
637Author: dtucker@openbsd.org <dtucker@openbsd.org>
638Date: Fri Feb 17 02:32:05 2017 +0000
639
640 upstream commit
641
642 Do not show rsa1 key type in usage when compiled without
643 SSH1 support.
644
645 Upstream-ID: 068b5c41357a02f319957746fa4e84ea73960f57
646
647commit ecc35893715f969e98fee118481f404772de4132
648Author: dtucker@openbsd.org <dtucker@openbsd.org>
649Date: Fri Feb 17 02:31:14 2017 +0000
650
651 upstream commit
652
653 ifdef out "rsa1" from the list of supported keytypes when
654 compiled without SSH1 support. Found by kdunlop at guralp.com, ok djm@
655
656 Upstream-ID: cea93a26433d235bb1d64b1d990f19a9c160a70f
657
658commit 10577c6d96a55b877a960b2d0b75edef1b9945af
659Author: djm@openbsd.org <djm@openbsd.org>
660Date: Fri Feb 17 02:04:15 2017 +0000
661
662 upstream commit
663
664 For ProxyJump/-J, surround host name with brackets to
665 allow literal IPv6 addresses. From Dick Visser; ok dtucker@
666
667 Upstream-ID: 3a5d3b0171250daf6a5235e91bce09c1d5746bf1
668
669commit b2afdaf1b52231aa23d2153f4a8c5a60a694dda4
670Author: jsg@openbsd.org <jsg@openbsd.org>
671Date: Wed Feb 15 23:38:31 2017 +0000
672
673 upstream commit
674
675 Fix memory leaks in match_filter_list() error paths.
676
677 ok dtucker@ markus@
678
679 Upstream-ID: c7f96ac0877f6dc9188bbc908100a8d246cc7f0e
680
681commit 6d5a41b38b55258213ecfaae9df7a758caa752a1
682Author: djm@openbsd.org <djm@openbsd.org>
683Date: Wed Feb 15 01:46:47 2017 +0000
684
685 upstream commit
686
687 fix division by zero crash in "df" output when server
688 returns zero total filesystem blocks/inodes. Spotted by Guido Vranken; ok
689 dtucker@
690
691 Upstream-ID: 6fb6c2ae6b289aa07b6232dbc0be54682ef5419f
692
693commit bd5d7d239525d595ecea92765334af33a45d9d63
694Author: Darren Tucker <dtucker@zip.com.au>
695Date: Sun Feb 12 15:45:15 2017 +1100
696
697 ifdef out EVP_R_PRIVATE_KEY_DECODE_ERROR
698
699 EVP_R_PRIVATE_KEY_DECODE_ERROR was added in OpenSSL 1.0.0 so ifdef out
700 for the benefit of OpenSSL versions prior to that.
701
702commit 155d540d00ff55f063421ec182ec8ff2b7ab6cbe
703Author: djm@openbsd.org <djm@openbsd.org>
704Date: Fri Feb 10 04:34:50 2017 +0000
705
706 upstream commit
707
708 bring back r1.34 that was backed out for problems loading
709 public keys:
710
711 translate OpenSSL error codes to something more
712 meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@
713
714 with additional fix from Jakub Jelen to solve the backout.
715 bz#2525 bz#2523 re-ok dtucker@
716
717 Upstream-ID: a9d5bc0306f4473d9b4f4484f880e95f3c1cc031
718
719commit a287c5ad1e0bf9811c7b9221979b969255076019
720Author: djm@openbsd.org <djm@openbsd.org>
721Date: Fri Feb 10 03:36:40 2017 +0000
722
723 upstream commit
724
725 Sanitise escape sequences in key comments sent to printf
726 but preserve valid UTF-8 when the locale supports it; bz#2520 ok dtucker@
727
728 Upstream-ID: e8eed28712ba7b22d49be534237eed019875bd1e
729
730commit e40269be388972848aafcca7060111c70aab5b87
731Author: millert@openbsd.org <millert@openbsd.org>
732Date: Wed Feb 8 20:32:43 2017 +0000
733
734 upstream commit
735
736 Avoid printf %s NULL. From semarie@, OK djm@
737
738 Upstream-ID: 06beef7344da0208efa9275d504d60d2a5b9266c
739
740commit 5b90709ab8704dafdb31e5651073b259d98352bc
741Author: djm@openbsd.org <djm@openbsd.org>
742Date: Mon Feb 6 09:22:51 2017 +0000
743
744 upstream commit
745
746 Restore \r\n newline sequence for server ident string. The CR
747 got lost in the flensing of SSHv1. Pointed out by Stef Bon
748
749 Upstream-ID: 5333fd43ce5396bf5999496096fac5536e678fac
750
751commit 97c31c46ee2e6b46dfffdfc4f90bbbf188064cbc
752Author: djm@openbsd.org <djm@openbsd.org>
753Date: Fri Feb 3 23:01:42 2017 +0000
754
755 upstream commit
756
757 unit test for match_filter_list() function; still want a
758 better name for this...
759
760 Upstream-Regress-ID: 840ad6118552c35111f0a897af9c8d93ab8de92a
761
762commit f1a193464a7b77646f0d0cedc929068e4a413ab4
763Author: djm@openbsd.org <djm@openbsd.org>
764Date: Fri Feb 3 23:05:57 2017 +0000
765
766 upstream commit
767
768 use ssh_packet_set_log_preamble() to include connection
769 username in packet log messages, e.g.
770
771 Connection closed by invalid user foo 10.1.1.1 port 44056 [preauth]
772
773 ok markus@ bz#113
774
775 Upstream-ID: 3591b88bdb5416d6066fb3d49d8fff2375bf1a15
776
777commit 07edd7e9537ab32aa52abb5fb2a915c350fcf441
778Author: djm@openbsd.org <djm@openbsd.org>
779Date: Fri Feb 3 23:03:33 2017 +0000
780
781 upstream commit
782
783 add ssh_packet_set_log_preamble() to allow inclusion of a
784 preamble string in disconnect messages; ok markus@
785
786 Upstream-ID: 34cb41182cd76d414c214ccb01c01707849afead
787
788commit 68bc8cfa7642d3ccbf2cd64281c16b8b9205be59
789Author: djm@openbsd.org <djm@openbsd.org>
790Date: Fri Feb 3 23:01:19 2017 +0000
791
792 upstream commit
793
794 support =- for removing methods from algorithms lists,
795 e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671 "I like
796 it" markus@
797
798 Upstream-ID: c78c38f9f81a963b33d0eade559f6048add24a6d
799
800commit c924b2ef941028a1f31e6e94f54dfeeeef462a4e
801Author: djm@openbsd.org <djm@openbsd.org>
802Date: Fri Feb 3 05:05:56 2017 +0000
803
804 upstream commit
805
806 allow form-feed characters at EOL; bz#2431 ok dtucker@
807
808 Upstream-ID: 1f453afaba6da2ae69d6afdf1ae79a917552f1a2
809
810commit 523db8540b720c4d21ab0ff6f928476c70c38aab
811Author: Damien Miller <djm@mindrot.org>
812Date: Fri Feb 3 16:01:22 2017 +1100
813
814 prefer to use ldns-config to find libldns
815
816 Should fix bz#2603 - "Build with ldns and without kerberos support
817 fails if ldns compiled with kerberos support" by including correct
818 cflags/libs
819
820 ok dtucker@
821
822commit c998bf0afa1a01257a53793eba57941182e9e0b7
823Author: dtucker@openbsd.org <dtucker@openbsd.org>
824Date: Fri Feb 3 02:56:00 2017 +0000
825
826 upstream commit
827
828 Make ssh_packet_set_rekey_limits take u32 for the number of
829 seconds until rekeying (negative values are rejected at config parse time).
830 This allows the removal of some casts and a signed vs unsigned comparison
831 warning.
832
833 rekey_time is cast to int64 for the comparison which is a no-op
834 on OpenBSD, but should also do the right thing in -portable on
835 anything still using 32bit time_t (until the system time actually
836 wraps, anyway).
837
838 some early guidance deraadt@, ok djm@
839
840 Upstream-ID: c9f18613afb994a07e7622eb326f49de3d123b6c
841
842commit 3ec5fa4ba97d4c4853620daea26a33b9f1fe3422
843Author: jsg@openbsd.org <jsg@openbsd.org>
844Date: Thu Feb 2 10:54:25 2017 +0000
845
846 upstream commit
847
848 In vasnmprintf() return an error if malloc fails and
849 don't set a function argument to the address of free'd memory.
850
851 ok djm@
852
853 Upstream-ID: 1efffffff2f51d53c9141f245b90ac23d33b9779
854
855commit 858252fb1d451ebb0969cf9749116c8f0ee42753
856Author: dtucker@openbsd.org <dtucker@openbsd.org>
857Date: Wed Feb 1 02:59:09 2017 +0000
858
859 upstream commit
860
861 Return true reason for port forwarding failures where
862 feasible rather than always "administratively prohibited". bz#2674, ok djm@
863
864 Upstream-ID: d901d9887951774e604ca970e1827afaaef9e419
865
866commit 6ba9f893838489add6ec4213c7a997b425e4a9e0
867Author: dtucker@openbsd.org <dtucker@openbsd.org>
868Date: Mon Jan 30 23:27:39 2017 +0000
869
870 upstream commit
871
872 Small correction to the known_hosts section on when it is
873 updated. Patch from lkppo at free.fr some time ago, pointed out by smallm at
874 sdf.org
875
876 Upstream-ID: 1834d7af179dea1a12ad2137f84566664af225d5
877
878commit c61d5ec3c11e7ff9779b6127421d9f166cf10915
879Author: Darren Tucker <dtucker@zip.com.au>
880Date: Fri Feb 3 14:10:34 2017 +1100
881
882 Remove _XOPEN_SOURCE from wide char detection.
883
884 Having _XOPEN_SOURCE unconditionally causes problems on some platforms
885 and configurations, notably Solaris 64-bit binaries. It was there for
886 the benefit of Linux put the required bits in the *-*linux* section.
887
888 Patch from yvoinov at gmail.com.
889
890commit f25ee13b3e81fd80efeb871dc150fe49d7fc8afd
891Author: djm@openbsd.org <djm@openbsd.org>
892Date: Mon Jan 30 05:22:14 2017 +0000
893
894 upstream commit
895
896 fully unbreak: some $SSH invocations did not have -F
897 specified and could pick up the ~/.ssh/config of the user running the tests
898
899 Upstream-Regress-ID: f362d1892c0d3e66212d5d3fc02d915c58ef6b89
900
901commit 6956e21fb26652887475fe77ea40d2efcf25908b
902Author: djm@openbsd.org <djm@openbsd.org>
903Date: Mon Jan 30 04:54:07 2017 +0000
904
905 upstream commit
906
907 partially unbreak: was not specifying hostname on some
908 $SSH invocations
909
910 Upstream-Regress-ID: bc8a5e98e57bad0a92ef4f34ed91c1d18294e2cc
911
912commit 52763dd3fe0a4678dafdf7aeb32286e514130afc
913Author: djm@openbsd.org <djm@openbsd.org>
914Date: Mon Jan 30 01:03:00 2017 +0000
915
916 upstream commit
917
918 revise keys/principals command hang fix (bz#2655) to
919 consume entire output, avoiding sending SIGPIPE to subprocesses early; ok
920 dtucker@
921
922 Upstream-ID: 7cb04b31a61f8c78c4e48ceededcd2fd5c4ee1bc
923
924commit 381a2615a154a82c4c53b787f4a564ef894fe9ac
925Author: djm@openbsd.org <djm@openbsd.org>
926Date: Mon Jan 30 00:38:50 2017 +0000
927
928 upstream commit
929
930 small cleanup post SSHv1 removal:
931
932 remove SSHv1-isms in commented examples
933
934 reorder token table to group deprecated and compile-time conditional tokens
935 better
936
937 fix config dumping code for some compile-time conditional options that
938 weren't being correctly skipped (SSHv1 and PKCS#11)
939
940 Upstream-ID: f2e96b3cb3158d857c5a91ad2e15925df3060105
941
942commit 4833d01591b7eb049489d9558b65f5553387ed43
943Author: djm@openbsd.org <djm@openbsd.org>
944Date: Mon Jan 30 00:34:01 2017 +0000
945
946 upstream commit
947
948 some explicit NULL tests when dumping configured
949 forwardings; from Karsten Weiss
950
951 Upstream-ID: 40957b8dea69672b0e50df6b4a91a94e3e37f72d
952
953commit 326e2fae9f2e3e067b5651365eba86b35ee5a6b2
954Author: djm@openbsd.org <djm@openbsd.org>
955Date: Mon Jan 30 00:32:28 2017 +0000
956
957 upstream commit
958
959 misplaced braces in test; from Karsten Weiss
960
961 Upstream-ID: f7b794074d3aae8e35b69a91d211c599c94afaae
962
963commit 3e032a95e46bfaea9f9e857678ac8fa5f63997fb
964Author: djm@openbsd.org <djm@openbsd.org>
965Date: Mon Jan 30 00:32:03 2017 +0000
966
967 upstream commit
968
969 don't dereference authctxt before testing != NULL, it
970 causes compilers to make assumptions; from Karsten Weiss
971
972 Upstream-ID: 794243aad1e976ebc717885b7a97a25e00c031b2
973
974commit 01cfaa2b1cfb84f3cdd32d1bf82b120a8d30e057
975Author: djm@openbsd.org <djm@openbsd.org>
976Date: Fri Jan 6 02:51:16 2017 +0000
977
978 upstream commit
979
980 use correct ssh-add program; bz#2654, from Colin Watson
981
982 Upstream-Regress-ID: 7042a36e1bdaec6562f6e57e9d047efe9c7a6030
983
984commit e5c7ec67cdc42ae2584085e0fc5cc5ee91133cf5
985Author: dtucker@openbsd.org <dtucker@openbsd.org>
986Date: Fri Jan 6 02:26:10 2017 +0000
987
988 upstream commit
989
990 Account for timeouts in the integrity tests as failures.
991
992 If the first test in a series for a given MAC happens to modify the low
993 bytes of a packet length, then ssh will time out and this will be
994 interpreted as a test failure. Patch from cjwatson at debian.org via
995 bz#2658.
996
997 Upstream-Regress-ID: e7467613b0badedaa300bc6fc7495ec2f44e2fb9
998
999commit dbaf599b61bd6e0f8469363a8c8e7f633b334018
1000Author: dtucker@openbsd.org <dtucker@openbsd.org>
1001Date: Fri Jan 6 02:09:25 2017 +0000
1002
1003 upstream commit
1004
1005 Make forwarding test less racy by using unix domain
1006 sockets instead of TCP ports where possible. Patch from cjwatson at
1007 debian.org via bz#2659.
1008
1009 Upstream-Regress-ID: 4756375aac5916ef9d25452a1c1d5fa9e90299a9
1010
1011commit 9390b0031ebd6eb5488d3bc4d4333c528dffc0a6
1012Author: dtucker@openbsd.org <dtucker@openbsd.org>
1013Date: Sun Jan 29 21:35:23 2017 +0000
1014
1015 upstream commit
1016
1017 Fix typo in ~C error message for bad port forward
1018 cancellation. bz#2672, from Brad Marshall via Colin Watson and Ubuntu's
1019 bugtracker.
1020
1021 Upstream-ID: 0d4a7e5ead6cc59c9a44b4c1e5435ab3aada09af
1022
1023commit 4ba15462ca38883b8a61a1eccc093c79462d5414
1024Author: guenther@openbsd.org <guenther@openbsd.org>
1025Date: Sat Jan 21 11:32:04 2017 +0000
1026
1027 upstream commit
1028
1029 The POSIX APIs that that sockaddrs all ignore the s*_len
1030 field in the incoming socket, so userspace doesn't need to set it unless it
1031 has its own reasons for tracking the size along with the sockaddr.
1032
1033 ok phessler@ deraadt@ florian@
1034
1035 Upstream-ID: ca6e49e2f22f2b9e81d6d924b90ecd7e422e7437
1036
1037commit a1187bd3ef3e4940af849ca953a1b849dae78445
1038Author: jmc@openbsd.org <jmc@openbsd.org>
1039Date: Fri Jan 6 16:28:12 2017 +0000
1040
1041 upstream commit
1042
1043 keep the tokens list sorted;
1044
1045 Upstream-ID: b96239dae4fb3aa94146bb381afabcc7740a1638
1046
1047commit b64077f9767634715402014f509e58decf1e140d
1048Author: djm@openbsd.org <djm@openbsd.org>
1049Date: Fri Jan 6 09:27:52 2017 +0000
1050
1051 upstream commit
1052
1053 fix previous
1054
1055 Upstream-ID: c107d6a69bc22325d79fbf78a2a62e04bcac6895
1056
1057commit 5e820e9ea2e949aeb93071fe31c80b0c42f2b2de
1058Author: djm@openbsd.org <djm@openbsd.org>
1059Date: Fri Jan 6 03:53:58 2017 +0000
1060
1061 upstream commit
1062
1063 show a useful error message when included config files
1064 can't be opened; bz#2653, ok dtucker@
1065
1066 Upstream-ID: f598b73b5dfe497344cec9efc9386b4e5a3cb95b
1067
1068commit 13bd2e2d622d01dc85d22b94520a5b243d006049
1069Author: djm@openbsd.org <djm@openbsd.org>
1070Date: Fri Jan 6 03:45:41 2017 +0000
1071
1072 upstream commit
1073
1074 sshd_config is documented to set
1075 GSSAPIStrictAcceptorCheck=yes by default, so actually make it do this.
1076 bz#2637 ok dtucker
1077
1078 Upstream-ID: 99ef8ac51f17f0f7aec166cb2e34228d4d72a665
1079
1080commit f89b928534c9e77f608806a217d39a2960cc7fd0
1081Author: djm@openbsd.org <djm@openbsd.org>
1082Date: Fri Jan 6 03:41:58 2017 +0000
1083
1084 upstream commit
1085
1086 Avoid confusing error message when attempting to use
1087 ssh-keyscan built without SSH protocol v.1 to scan for v.1 keys; bz#2583
1088
1089 Upstream-ID: 5d214abd3a21337d67c6dcc5aa6f313298d0d165
1090
1091commit 0999533014784579aa6f01c2d3a06e3e8804b680
1092Author: dtucker@openbsd.org <dtucker@openbsd.org>
1093Date: Fri Jan 6 02:34:54 2017 +0000
1094
1095 upstream commit
1096
1097 Re-add '%k' token for AuthorizedKeysCommand which was
1098 lost during the re-org in rev 1.235. bz#2656, from jboning at gmail.com.
1099
1100 Upstream-ID: 2884e203c02764d7b3fe7472710d9c24bdc73e38
1101
1102commit 51045869fa084cdd016fdd721ea760417c0a3bf3
1103Author: djm@openbsd.org <djm@openbsd.org>
1104Date: Wed Jan 4 05:37:40 2017 +0000
1105
1106 upstream commit
1107
1108 unbreak Unix domain socket forwarding for root; ok
1109 markus@
1110
1111 Upstream-ID: 6649c76eb7a3fa15409373295ca71badf56920a2
1112
1113commit 58fca12ba967ea5c768653535604e1522d177e44
1114Author: Darren Tucker <dtucker@zip.com.au>
1115Date: Mon Jan 16 09:08:32 2017 +1100
1116
1117 Remove LOGIN_PROGRAM.
1118
1119 UseLogin is gone, remove leftover. bz#2665, from cjwatson at debian.org
1120
1121commit b108ce92aae0ca0376dce9513d953be60e449ae1
1122Author: djm@openbsd.org <djm@openbsd.org>
1123Date: Wed Jan 4 02:21:43 2017 +0000
1124
1125 upstream commit
1126
1127 relax PKCS#11 whitelist a bit to allow libexec as well as
1128 lib directories.
1129
1130 Upstream-ID: cf5617958e2e2d39f8285fd3bc63b557da484702
1131
1132commit c7995f296b9222df2846f56ecf61e5ae13d7a53d
1133Author: djm@openbsd.org <djm@openbsd.org>
1134Date: Tue Jan 3 05:46:51 2017 +0000
1135
1136 upstream commit
1137
1138 check number of entries in SSH2_FXP_NAME response; avoids
1139 unreachable overflow later. Reported by Jann Horn
1140
1141 Upstream-ID: b6b2b434a6d6035b1644ca44f24cd8104057420f
1142
1143commit ddd3d34e5c7979ca6f4a3a98a7d219a4ed3d98c2
1144Author: djm@openbsd.org <djm@openbsd.org>
1145Date: Fri Dec 30 22:08:02 2016 +0000
1146
1147 upstream commit
1148
1149 fix deadlock when keys/principals command produces a lot of
1150 output and a key is matched early; bz#2655, patch from jboning AT gmail.com
1151
1152 Upstream-ID: e19456429bf99087ea994432c16d00a642060afe
1153
1154commit 30eee7d1b2fec33c14870cc11910610be5d2aa6f
1155Author: Darren Tucker <dtucker@zip.com.au>
1156Date: Tue Dec 20 12:16:11 2016 +1100
1157
1158 Re-add missing "Prerequisites" header and fix typo
1159
1160 Patch from HARUYAMA Seigo <haruyama at unixuser org>.
1161
1162commit c8c60f3663165edd6a52632c6ddbfabfce1ca865
1163Author: djm@openbsd.org <djm@openbsd.org>
1164Date: Mon Dec 19 22:35:23 2016 +0000
1165
1166 upstream commit
1167
1168 use standard /bin/sh equality test; from Mike Frysinger
1169
1170 Upstream-Regress-ID: 7b6f0b63525f399844c8ac211003acb8e4b0bec2
1171
1commit 4a354fc231174901f2629437c2a6e924a2dd6772 1172commit 4a354fc231174901f2629437c2a6e924a2dd6772
2Author: Damien Miller <djm@mindrot.org> 1173Author: Damien Miller <djm@mindrot.org>
3Date: Mon Dec 19 15:59:26 2016 +1100 1174Date: Mon Dec 19 15:59:26 2016 +1100
@@ -8221,2046 +9392,3 @@ Date: Wed Mar 11 00:48:39 2015 +0000
8221 9392
8222 add back the changes from rev 1.206, djm reverted this by 9393 add back the changes from rev 1.206, djm reverted this by
8223 mistake in rev 1.207 9394 mistake in rev 1.207
8224
8225commit 4d24b3b6a4a6383e05e7da26d183b79fa8663697
8226Author: Damien Miller <djm@mindrot.org>
8227Date: Fri Mar 20 09:11:59 2015 +1100
8228
8229 remove error() accidentally inserted for debugging
8230
8231 pointed out by Christian Hesse
8232
8233commit 9f82e5a9042f2d872e98f48a876fcab3e25dd9bb
8234Author: Tim Rice <tim@multitalents.net>
8235Date: Mon Mar 16 22:49:20 2015 -0700
8236
8237 portability fix: Solaris systems may not have a grep that understands -q
8238
8239commit 8ef691f7d9ef500257a549d0906d78187490668f
8240Author: Damien Miller <djm@google.com>
8241Date: Wed Mar 11 10:35:26 2015 +1100
8242
8243 fix compile with clang
8244
8245commit 4df590cf8dc799e8986268d62019b487a8ed63ad
8246Author: Damien Miller <djm@google.com>
8247Date: Wed Mar 11 10:02:39 2015 +1100
8248
8249 make unit tests work for !OPENSSH_HAS_ECC
8250
8251commit 307bb40277ca2c32e97e61d70d1ed74b571fd6ba
8252Author: djm@openbsd.org <djm@openbsd.org>
8253Date: Sat Mar 7 04:41:48 2015 +0000
8254
8255 upstream commit
8256
8257 unbreak for w/SSH1 (default) case; ok markus@ deraadt@
8258
8259commit b44ee0c998fb4c5f3c3281f2398af5ce42840b6f
8260Author: Damien Miller <djm@mindrot.org>
8261Date: Thu Mar 5 18:39:20 2015 -0800
8262
8263 unbreak hostkeys test for w/ SSH1 case
8264
8265commit 55e5bdeb519cb60cc18b7ba0545be581fb8598b4
8266Author: djm@openbsd.org <djm@openbsd.org>
8267Date: Fri Mar 6 01:40:56 2015 +0000
8268
8269 upstream commit
8270
8271 fix sshkey_certify() return value for unsupported key types;
8272 ok markus@ deraadt@
8273
8274commit be8f658e550a434eac04256bfbc4289457a24e99
8275Author: Damien Miller <djm@mindrot.org>
8276Date: Wed Mar 4 15:38:03 2015 -0800
8277
8278 update version numbers to match version.h
8279
8280commit ac5e8acefa253eb5e5ba186e34236c0e8007afdc
8281Author: djm@openbsd.org <djm@openbsd.org>
8282Date: Wed Mar 4 23:22:35 2015 +0000
8283
8284 upstream commit
8285
8286 make these work with !SSH1; ok markus@ deraadt@
8287
8288commit 2f04af92f036b0c87a23efb259c37da98cd81fe6
8289Author: djm@openbsd.org <djm@openbsd.org>
8290Date: Wed Mar 4 21:12:59 2015 +0000
8291
8292 upstream commit
8293
8294 make ssh-add -D work with !SSH1 agent
8295
8296commit a05adf95d2af6abb2b7826ddaa7a0ec0cdc1726b
8297Author: Damien Miller <djm@mindrot.org>
8298Date: Wed Mar 4 00:55:48 2015 -0800
8299
8300 netcat needs poll.h portability goop
8301
8302commit dad2b1892b4c1b7e58df483a8c5b983c4454e099
8303Author: markus@openbsd.org <markus@openbsd.org>
8304Date: Tue Mar 3 22:35:19 2015 +0000
8305
8306 upstream commit
8307
8308 make it possible to run tests w/o ssh1 support; ok djm@
8309
8310commit d48a22601bdd3eec054794c535f4ae8d8ae4c6e2
8311Author: djm@openbsd.org <djm@openbsd.org>
8312Date: Wed Mar 4 18:53:53 2015 +0000
8313
8314 upstream commit
8315
8316 crank; ok markus, deraadt
8317
8318commit bbffb23daa0b002dd9f296e396a9ab8a5866b339
8319Author: Damien Miller <djm@mindrot.org>
8320Date: Tue Mar 3 13:50:27 2015 -0800
8321
8322 more --without-ssh1 fixes
8323
8324commit 6c2039286f503e2012a58a1d109e389016e7a99b
8325Author: Damien Miller <djm@mindrot.org>
8326Date: Tue Mar 3 13:48:48 2015 -0800
8327
8328 fix merge both that broke --without-ssh1 compile
8329
8330commit 111dfb225478a76f89ecbcd31e96eaf1311b59d3
8331Author: djm@openbsd.org <djm@openbsd.org>
8332Date: Tue Mar 3 21:21:13 2015 +0000
8333
8334 upstream commit
8335
8336 add SSH1 Makefile knob to make it easier to build without
8337 SSH1 support; ok markus@
8338
8339commit 3f7f5e6c5d2aa3f6710289c1a30119e534e56c5c
8340Author: djm@openbsd.org <djm@openbsd.org>
8341Date: Tue Mar 3 20:42:49 2015 +0000
8342
8343 upstream commit
8344
8345 expand __unused to full __attribute__ for better portability
8346
8347commit 2fab9b0f8720baf990c931e3f68babb0bf9949c6
8348Author: Damien Miller <djm@mindrot.org>
8349Date: Wed Mar 4 07:41:27 2015 +1100
8350
8351 avoid warning
8352
8353commit d1bc844322461f882b4fd2277ba9a8d4966573d2
8354Author: Damien Miller <djm@mindrot.org>
8355Date: Wed Mar 4 06:31:45 2015 +1100
8356
8357 Revert "define __unused to nothing if not already defined"
8358
8359 This reverts commit 1598419e38afbaa8aa5df8dd6b0af98301e2c908.
8360
8361 Some system headers have objects named __unused
8362
8363commit 00797e86b2d98334d1bb808f65fa1fd47f328ff1
8364Author: Damien Miller <djm@mindrot.org>
8365Date: Wed Mar 4 05:02:45 2015 +1100
8366
8367 check for crypt and DES_crypt in openssl block
8368
8369 fixes builds on systems that use DES_crypt; based on patch
8370 from Roumen Petrov
8371
8372commit 1598419e38afbaa8aa5df8dd6b0af98301e2c908
8373Author: Damien Miller <djm@mindrot.org>
8374Date: Wed Mar 4 04:59:13 2015 +1100
8375
8376 define __unused to nothing if not already defined
8377
8378 fixes builds on BSD/OS
8379
8380commit d608a51daad4f14ad6ab43d7cf74ef4801cc3fe9
8381Author: djm@openbsd.org <djm@openbsd.org>
8382Date: Tue Mar 3 17:53:40 2015 +0000
8383
8384 upstream commit
8385
8386 reorder logic for better portability; patch from Roumen
8387 Petrov
8388
8389commit 68d2dfc464fbcdf8d6387884260f9801f4352393
8390Author: djm@openbsd.org <djm@openbsd.org>
8391Date: Tue Mar 3 06:48:58 2015 +0000
8392
8393 upstream commit
8394
8395 Allow "ssh -Q protocol-version" to list supported SSH
8396 protocol versions. Useful for detecting builds without SSH v.1 support; idea
8397 and ok markus@
8398
8399commit 39e2f1229562e1195169905607bc12290d21f021
8400Author: millert@openbsd.org <millert@openbsd.org>
8401Date: Sun Mar 1 15:44:40 2015 +0000
8402
8403 upstream commit
8404
8405 Make sure we only call getnameinfo() for AF_INET or AF_INET6
8406 sockets. getpeername() of a Unix domain socket may return without error on
8407 some systems without actually setting ss_family so getnameinfo() was getting
8408 called with ss_family set to AF_UNSPEC. OK djm@
8409
8410commit e47536ba9692d271b8ad89078abdecf0a1c11707
8411Author: Damien Miller <djm@mindrot.org>
8412Date: Sat Feb 28 08:20:11 2015 -0800
8413
8414 portability fixes for regress/netcat.c
8415
8416 Mostly avoiding "err(1, NULL)"
8417
8418commit 02973ad5f6f49d8420e50a392331432b0396c100
8419Author: Damien Miller <djm@mindrot.org>
8420Date: Sat Feb 28 08:05:27 2015 -0800
8421
8422 twiddle another test for portability
8423
8424 from Tom G. Christensen
8425
8426commit f7f3116abf2a6e2f309ab096b08c58d19613e5d0
8427Author: Damien Miller <djm@mindrot.org>
8428Date: Fri Feb 27 15:52:49 2015 -0800
8429
8430 twiddle test for portability
8431
8432commit 1ad3a77cc9d5568f5437ff99d377aa7a41859b83
8433Author: Damien Miller <djm@mindrot.org>
8434Date: Thu Feb 26 20:33:22 2015 -0800
8435
8436 make regress/netcat.c fd passing (more) portable
8437
8438commit 9e1cfca7e1fe9cf8edb634fc894e43993e4da1ea
8439Author: Damien Miller <djm@mindrot.org>
8440Date: Thu Feb 26 20:32:58 2015 -0800
8441
8442 create OBJ/valgrind-out before running unittests
8443
8444commit bd58853102cee739f0e115e6d4b5334332ab1442
8445Author: Damien Miller <djm@mindrot.org>
8446Date: Wed Feb 25 16:58:22 2015 -0800
8447
8448 valgrind support
8449
8450commit f43d17269194761eded9e89f17456332f4c83824
8451Author: djm@openbsd.org <djm@openbsd.org>
8452Date: Thu Feb 26 20:45:47 2015 +0000
8453
8454 upstream commit
8455
8456 don't printf NULL key comments; reported by Tom Christensen
8457
8458commit 6e6458b476ec854db33e3e68ebf4f489d0ab3df8
8459Author: djm@openbsd.org <djm@openbsd.org>
8460Date: Wed Feb 25 23:05:47 2015 +0000
8461
8462 upstream commit
8463
8464 zero cmsgbuf before use; we initialise the bits we use
8465 but valgrind still spams warning on it
8466
8467commit a63cfa26864b93ab6afefad0b630e5358ed8edfa
8468Author: djm@openbsd.org <djm@openbsd.org>
8469Date: Wed Feb 25 19:54:02 2015 +0000
8470
8471 upstream commit
8472
8473 fix small memory leak when UpdateHostkeys=no
8474
8475commit e6b950341dd75baa8526f1862bca39e52f5b879b
8476Author: Tim Rice <tim@multitalents.net>
8477Date: Wed Feb 25 09:56:48 2015 -0800
8478
8479 Revert "Work around finicky USL linker so netcat will build."
8480
8481 This reverts commit d1db656021d0cd8c001a6692f772f1de29b67c8b.
8482
8483 No longer needed with commit 678e473e2af2e4802f24dd913985864d9ead7fb3
8484
8485commit 6f621603f9cff2a5d6016a404c96cb2f8ac2dec0
8486Author: djm@openbsd.org <djm@openbsd.org>
8487Date: Wed Feb 25 17:29:38 2015 +0000
8488
8489 upstream commit
8490
8491 don't leak validity of user in "too many authentication
8492 failures" disconnect message; reported by Sebastian Reitenbach
8493
8494commit 6288e3a935494df12519164f52ca5c8c65fc3ca5
8495Author: naddy@openbsd.org <naddy@openbsd.org>
8496Date: Tue Feb 24 15:24:05 2015 +0000
8497
8498 upstream commit
8499
8500 add -v (show ASCII art) to -l's synopsis; ok djm@
8501
8502commit 678e473e2af2e4802f24dd913985864d9ead7fb3
8503Author: Darren Tucker <dtucker@zip.com.au>
8504Date: Thu Feb 26 04:12:58 2015 +1100
8505
8506 Remove dependency on xmalloc.
8507
8508 Remove ssh_get_progname's dependency on xmalloc, which should reduce
8509 link order problems. ok djm@
8510
8511commit 5d5ec165c5b614b03678afdad881f10e25832e46
8512Author: Darren Tucker <dtucker@zip.com.au>
8513Date: Wed Feb 25 15:32:49 2015 +1100
8514
8515 Restrict ECDSA and ECDH tests.
8516
8517 ifdef out some more ECDSA and ECDH tests when built against an OpenSSL
8518 that does not have eliptic curve functionality.
8519
8520commit 1734e276d99b17e92d4233fac7aef3a3180aaca7
8521Author: Darren Tucker <dtucker@zip.com.au>
8522Date: Wed Feb 25 13:40:45 2015 +1100
8523
8524 Move definition of _NSIG.
8525
8526 _NSIG is only unsed in one file, so move it there prevent redefinition
8527 warnings reported by Kevin Brott.
8528
8529commit a47ead7c95cfbeb72721066c4da2312e5b1b9f3d
8530Author: Darren Tucker <dtucker@zip.com.au>
8531Date: Wed Feb 25 13:17:40 2015 +1100
8532
8533 Add includes.h for compatibility stuff.
8534
8535commit 38806bda6d2e48ad32812b461eebe17672ada771
8536Author: Damien Miller <djm@mindrot.org>
8537Date: Tue Feb 24 16:50:06 2015 -0800
8538
8539 include netdb.h to look for MAXHOSTNAMELEN; ok tim
8540
8541commit d1db656021d0cd8c001a6692f772f1de29b67c8b
8542Author: Tim Rice <tim@multitalents.net>
8543Date: Tue Feb 24 10:42:08 2015 -0800
8544
8545 Work around finicky USL linker so netcat will build.
8546
8547commit cb030ce25f555737e8ba97bdd7883ac43f3ff2a3
8548Author: Damien Miller <djm@mindrot.org>
8549Date: Tue Feb 24 09:23:04 2015 -0800
8550
8551 include includes.h to avoid build failure on AIX
8552
8553commit 13af342458f5064144abbb07e5ac9bbd4eb42567
8554Author: Tim Rice <tim@multitalents.net>
8555Date: Tue Feb 24 07:56:47 2015 -0800
8556
8557 Original portability patch from djm@ for platforms missing err.h.
8558 Fix name space clash on Solaris 10. Still more to do for Solaris 10
8559 to deal with msghdr structure differences. ok djm@
8560
8561commit 910209203d0cd60c5083901cbcc0b7b44d9f48d2
8562Author: Tim Rice <tim@multitalents.net>
8563Date: Mon Feb 23 22:06:56 2015 -0800
8564
8565 cleaner way fix dispatch.h portion of commit
8566 a88dd1da119052870bb2654c1a32c51971eade16
8567 (some systems have sig_atomic_t in signal.h, some in sys/signal.h)
8568 Sounds good to me djm@
8569
8570commit 676c38d7cbe65b76bbfff796861bb6615cc6a596
8571Author: Tim Rice <tim@multitalents.net>
8572Date: Mon Feb 23 21:51:33 2015 -0800
8573
8574 portability fix: if we can't dind a better define for HOST_NAME_MAX, use 255
8575
8576commit 1221b22023dce38cbc90ba77eae4c5d78c77a5e6
8577Author: Tim Rice <tim@multitalents.net>
8578Date: Mon Feb 23 21:50:34 2015 -0800
8579
8580 portablity fix: s/__inline__/inline/
8581
8582commit 4c356308a88d309c796325bb75dce90ca16591d5
8583Author: Darren Tucker <dtucker@zip.com.au>
8584Date: Tue Feb 24 13:49:31 2015 +1100
8585
8586 Wrap stdint.h includes in HAVE_STDINT_H.
8587
8588commit c9c88355c6a27a908e7d1e5003a2b35ea99c1614
8589Author: Darren Tucker <dtucker@zip.com.au>
8590Date: Tue Feb 24 13:43:57 2015 +1100
8591
8592 Add AI_NUMERICSERV to fake-rfc2553.
8593
8594 Our getaddrinfo implementation always returns numeric values already.
8595
8596commit ef342ab1ce6fb9a4b30186c89c309d0ae9d0eeb4
8597Author: Darren Tucker <dtucker@zip.com.au>
8598Date: Tue Feb 24 13:39:57 2015 +1100
8599
8600 Include OpenSSL's objects.h before bn.h.
8601
8602 Prevents compile errors on some platforms (at least old GCCs and AIX's
8603 XLC compilers).
8604
8605commit dcc8997d116f615195aa7c9ec019fb36c28c6228
8606Author: Darren Tucker <dtucker@zip.com.au>
8607Date: Tue Feb 24 12:30:59 2015 +1100
8608
8609 Convert two macros into functions.
8610
8611 Convert packet_send_debug and packet_disconnect from macros to
8612 functions. Some older GCCs (2.7.x, 2.95.x) see to have problems with
8613 variadic macros with only one argument so we convert these two into
8614 functions. ok djm@
8615
8616commit 2285c30d51b7e2052c6526445abe7e7cc7e170a1
8617Author: djm@openbsd.org <djm@openbsd.org>
8618Date: Mon Feb 23 22:21:21 2015 +0000
8619
8620 upstream commit
8621
8622 further silence spurious error message even when -v is
8623 specified (e.g. to get visual host keys); reported by naddy@
8624
8625commit 9af21979c00652029e160295e988dea40758ece2
8626Author: Damien Miller <djm@mindrot.org>
8627Date: Tue Feb 24 09:04:32 2015 +1100
8628
8629 don't include stdint.h unless HAVE_STDINT_H set
8630
8631commit 62f678dd51660d6f8aee1da33d3222c5de10a89e
8632Author: Damien Miller <djm@mindrot.org>
8633Date: Tue Feb 24 09:02:54 2015 +1100
8634
8635 nother sys/queue.h -> sys-queue.h fix
8636
8637 spotted by Tom Christensen
8638
8639commit b3c19151cba2c0ed01b27f55de0d723ad07ca98f
8640Author: djm@openbsd.org <djm@openbsd.org>
8641Date: Mon Feb 23 20:32:15 2015 +0000
8642
8643 upstream commit
8644
8645 fix a race condition by using a mux socket rather than an
8646 ineffectual wait statement
8647
8648commit a88dd1da119052870bb2654c1a32c51971eade16
8649Author: Damien Miller <djm@mindrot.org>
8650Date: Tue Feb 24 06:30:29 2015 +1100
8651
8652 various include fixes for portable
8653
8654commit 5248429b5ec524d0a65507cff0cdd6e0cb99effd
8655Author: djm@openbsd.org <djm@openbsd.org>
8656Date: Mon Feb 23 16:55:51 2015 +0000
8657
8658 upstream commit
8659
8660 add an XXX to remind me to improve sshkey_load_public
8661
8662commit e94e4b07ef2eaead38b085a60535df9981cdbcdb
8663Author: djm@openbsd.org <djm@openbsd.org>
8664Date: Mon Feb 23 16:55:31 2015 +0000
8665
8666 upstream commit
8667
8668 silence a spurious error message when listing
8669 fingerprints for known_hosts; bz#2342
8670
8671commit f2293a65392b54ac721f66bc0b44462e8d1d81f8
8672Author: djm@openbsd.org <djm@openbsd.org>
8673Date: Mon Feb 23 16:33:25 2015 +0000
8674
8675 upstream commit
8676
8677 fix setting/clearing of TTY raw mode around
8678 UpdateHostKeys=ask confirmation question; reported by Herb Goldman
8679
8680commit f2004cd1adf34492eae0a44b1ef84e0e31b06088
8681Author: Darren Tucker <dtucker@zip.com.au>
8682Date: Mon Feb 23 05:04:21 2015 +1100
8683
8684 Repair for non-ECC OpenSSL.
8685
8686 Ifdef out the ECC parts when building with an OpenSSL that doesn't have
8687 it.
8688
8689commit 37f9220db8d1a52c75894c3de1e5f2ae5bd71b6f
8690Author: Darren Tucker <dtucker@zip.com.au>
8691Date: Mon Feb 23 03:07:24 2015 +1100
8692
8693 Wrap stdint.h includes in ifdefs.
8694
8695commit f81f1bbc5b892c8614ea740b1f92735652eb43f0
8696Author: Tim Rice <tim@multitalents.net>
8697Date: Sat Feb 21 18:12:10 2015 -0800
8698
8699 out of tree build fix
8700
8701commit 2e13a1e4d22f3b503c3bfc878562cc7386a1d1ae
8702Author: Tim Rice <tim@multitalents.net>
8703Date: Sat Feb 21 18:08:51 2015 -0800
8704
8705 mkdir kex unit test directory so testing out of tree builds works
8706
8707commit 1797f49b1ba31e8700231cd6b1d512d80bb50d2c
8708Author: halex@openbsd.org <halex@openbsd.org>
8709Date: Sat Feb 21 21:46:57 2015 +0000
8710
8711 upstream commit
8712
8713 make "ssh-add -d" properly remove a corresponding
8714 certificate, and also not whine and fail if there is none
8715
8716 ok djm@
8717
8718commit 7faaa32da83a609059d95dbfcb0649fdb04caaf6
8719Author: Damien Miller <djm@mindrot.org>
8720Date: Sun Feb 22 07:57:27 2015 +1100
8721
8722 mkdir hostkey and bitmap unit test directories
8723
8724commit bd49da2ef197efac5e38f5399263a8b47990c538
8725Author: djm@openbsd.org <djm@openbsd.org>
8726Date: Fri Feb 20 23:46:01 2015 +0000
8727
8728 upstream commit
8729
8730 sort options useable under Match case-insensitively; prodded
8731 jmc@
8732
8733commit 1a779a0dd6cd8b4a1a40ea33b5415ab8408128ac
8734Author: djm@openbsd.org <djm@openbsd.org>
8735Date: Sat Feb 21 20:51:02 2015 +0000
8736
8737 upstream commit
8738
8739 correct paths to configuration files being written/updated;
8740 they live in $OBJ not cwd; some by Roumen Petrov
8741
8742commit 28ba006c1acddff992ae946d0bc0b500b531ba6b
8743Author: Darren Tucker <dtucker@zip.com.au>
8744Date: Sat Feb 21 15:41:07 2015 +1100
8745
8746 More correct checking of HAVE_DECL_AI_NUMERICSERV.
8747
8748commit e50e8c97a9cecae1f28febccaa6ca5ab3bc10f54
8749Author: Darren Tucker <dtucker@zip.com.au>
8750Date: Sat Feb 21 15:10:33 2015 +1100
8751
8752 Add null declaration of AI_NUMERICINFO.
8753
8754 Some platforms (older FreeBSD and DragonFly versions) do have
8755 getaddrinfo() but do not have AI_NUMERICINFO. so define it to zero
8756 in those cases.
8757
8758commit 18a208d6a460d707a45916db63a571e805f5db46
8759Author: djm@openbsd.org <djm@openbsd.org>
8760Date: Fri Feb 20 22:40:32 2015 +0000
8761
8762 upstream commit
8763
8764 more options that are available under Match; bz#2353 reported
8765 by calestyo AT scientia.net
8766
8767commit 44732de06884238049f285f1455b2181baa7dc82
8768Author: djm@openbsd.org <djm@openbsd.org>
8769Date: Fri Feb 20 22:17:21 2015 +0000
8770
8771 upstream commit
8772
8773 UpdateHostKeys fixes:
8774
8775 I accidentally changed the format of the hostkeys@openssh.com messages
8776 last week without changing the extension name, and this has been causing
8777 connection failures for people who are running -current. First reported
8778 by sthen@
8779
8780 s/hostkeys@openssh.com/hostkeys-00@openssh.com/
8781 Change the name of the proof message too, and reorder it a little.
8782
8783 Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY
8784 available to read the response) so disable UpdateHostKeys if it is in
8785 ask mode and ControlPersist is active (and document this)
8786
8787commit 13a39414d25646f93e6d355521d832a03aaaffe2
8788Author: djm@openbsd.org <djm@openbsd.org>
8789Date: Tue Feb 17 00:14:05 2015 +0000
8790
8791 upstream commit
8792
8793 Regression: I broke logging of public key fingerprints in
8794 1.46. Pointed out by Pontus Lundkvist
8795
8796commit 773dda25e828c4c9a52f7bdce6e1e5924157beab
8797Author: Damien Miller <djm@mindrot.org>
8798Date: Fri Jan 30 23:10:17 2015 +1100
8799
8800 repair --without-openssl; broken in refactor
8801
8802commit e89c780886b23600de1e1c8d74aabd1ff61f43f0
8803Author: Damien Miller <djm@google.com>
8804Date: Tue Feb 17 10:04:55 2015 +1100
8805
8806 hook up hostkeys unittest to portable Makefiles
8807
8808commit 0abf41f99aa16ff09b263bead242d6cb2dbbcf99
8809Author: djm@openbsd.org <djm@openbsd.org>
8810Date: Mon Feb 16 22:21:03 2015 +0000
8811
8812 upstream commit
8813
8814 enable hostkeys unit tests
8815
8816commit 68a5d647ccf0fb6782b2f749433a1eee5bc9044b
8817Author: djm@openbsd.org <djm@openbsd.org>
8818Date: Mon Feb 16 22:20:50 2015 +0000
8819
8820 upstream commit
8821
8822 check string/memory compare arguments aren't NULL
8823
8824commit ef575ef20d09f20722e26b45dab80b3620469687
8825Author: djm@openbsd.org <djm@openbsd.org>
8826Date: Mon Feb 16 22:18:34 2015 +0000
8827
8828 upstream commit
8829
8830 unit tests for hostfile.c code, just hostkeys_foreach so
8831 far
8832
8833commit 8ea3365e6aa2759ccf5c76eaea62cbc8a280b0e7
8834Author: markus@openbsd.org <markus@openbsd.org>
8835Date: Sat Feb 14 12:43:16 2015 +0000
8836
8837 upstream commit
8838
8839 test server rekey limit
8840
8841commit ce63c4b063c39b2b22d4ada449c9e3fbde788cb3
8842Author: djm@openbsd.org <djm@openbsd.org>
8843Date: Mon Feb 16 22:30:03 2015 +0000
8844
8845 upstream commit
8846
8847 partial backout of:
8848
8849 revision 1.441
8850 date: 2015/01/31 20:30:05; author: djm; state: Exp; lines: +17 -10; commitid
8851 : x8klYPZMJSrVlt3O;
8852 Let sshd load public host keys even when private keys are missing.
8853 Allows sshd to advertise additional keys for future key rotation.
8854 Also log fingerprint of hostkeys loaded; ok markus@
8855
8856 hostkey updates now require access to the private key, so we can't
8857 load public keys only. The improved log messages (fingerprints of keys
8858 loaded) are kept.
8859
8860commit 523463a3a2a9bfc6cfc5afa01bae9147f76a37cc
8861Author: djm@openbsd.org <djm@openbsd.org>
8862Date: Mon Feb 16 22:13:32 2015 +0000
8863
8864 upstream commit
8865
8866 Revise hostkeys@openssh.com hostkey learning extension.
8867
8868 The client will not ask the server to prove ownership of the private
8869 halves of any hitherto-unseen hostkeys it offers to the client.
8870
8871 Allow UpdateHostKeys option to take an 'ask' argument to let the
8872 user manually review keys offered.
8873
8874 ok markus@
8875
8876commit 6c5c949782d86a6e7d58006599c7685bfcd01685
8877Author: djm@openbsd.org <djm@openbsd.org>
8878Date: Mon Feb 16 22:08:57 2015 +0000
8879
8880 upstream commit
8881
8882 Refactor hostkeys_foreach() and dependent code Deal with
8883 IP addresses (i.e. CheckHostIP) Don't clobber known_hosts when nothing
8884 changed ok markus@ as part of larger commit
8885
8886commit 51b082ccbe633dc970df1d1f4c9c0497115fe721
8887Author: miod@openbsd.org <miod@openbsd.org>
8888Date: Mon Feb 16 18:26:26 2015 +0000
8889
8890 upstream commit
8891
8892 Declare ge25519_base as extern, to prevent it from
8893 becoming a common. Gets us rid of ``lignment 4 of symbol
8894 `crypto_sign_ed25519_ref_ge25519_base' in mod_ge25519.o is smaller than 16 in
8895 mod_ed25519.o'' warnings at link time.
8896
8897commit 02db468bf7e3281a8e3c058ced571b38b6407c34
8898Author: markus@openbsd.org <markus@openbsd.org>
8899Date: Fri Feb 13 18:57:00 2015 +0000
8900
8901 upstream commit
8902
8903 make rekey_limit for sshd w/privsep work; ok djm@
8904 dtucker@
8905
8906commit 8ec67d505bd23c8bf9e17b7a364b563a07a58ec8
8907Author: dtucker@openbsd.org <dtucker@openbsd.org>
8908Date: Thu Feb 12 20:34:19 2015 +0000
8909
8910 upstream commit
8911
8912 Prevent sshd spamming syslog with
8913 "ssh_dispatch_run_fatal: disconnected". ok markus@
8914
8915commit d4c0295d1afc342057ba358237acad6be8af480b
8916Author: djm@openbsd.org <djm@openbsd.org>
8917Date: Wed Feb 11 01:20:38 2015 +0000
8918
8919 upstream commit
8920
8921 Some packet error messages show the address of the peer,
8922 but might be generated after the socket to the peer has suffered a TCP reset.
8923 In these cases, getpeername() won't work so cache the address earlier.
8924
8925 spotted in the wild via deraadt@ and tedu@
8926
8927commit 4af1709cf774475ce5d1bc3ddcc165f6c222897d
8928Author: jsg@openbsd.org <jsg@openbsd.org>
8929Date: Mon Feb 9 23:22:37 2015 +0000
8930
8931 upstream commit
8932
8933 fix some leaks in error paths ok markus@
8934
8935commit fd36834871d06a03e1ff8d69e41992efa1bbf85f
8936Author: millert@openbsd.org <millert@openbsd.org>
8937Date: Fri Feb 6 23:21:59 2015 +0000
8938
8939 upstream commit
8940
8941 SIZE_MAX is standard, we should be using it in preference to
8942 the obsolete SIZE_T_MAX. OK miod@ beck@
8943
8944commit 1910a286d7771eab84c0b047f31c0a17505236fa
8945Author: millert@openbsd.org <millert@openbsd.org>
8946Date: Thu Feb 5 12:59:57 2015 +0000
8947
8948 upstream commit
8949
8950 Include stdint.h, not limits.h to get SIZE_MAX. OK guenther@
8951
8952commit ce4f59b2405845584f45e0b3214760eb0008c06c
8953Author: deraadt@openbsd.org <deraadt@openbsd.org>
8954Date: Tue Feb 3 08:07:20 2015 +0000
8955
8956 upstream commit
8957
8958 missing ; djm and mlarkin really having great
8959 interactions recently
8960
8961commit 5d34aa94938abb12b877a25be51862757f25d54b
8962Author: halex@openbsd.org <halex@openbsd.org>
8963Date: Tue Feb 3 00:34:14 2015 +0000
8964
8965 upstream commit
8966
8967 slightly extend the passphrase prompt if running with -c
8968 in order to give the user a chance to notice if unintentionally running
8969 without it
8970
8971 wording tweak and ok djm@
8972
8973commit cb3bde373e80902c7d5d0db429f85068d19b2918
8974Author: djm@openbsd.org <djm@openbsd.org>
8975Date: Mon Feb 2 22:48:53 2015 +0000
8976
8977 upstream commit
8978
8979 handle PKCS#11 C_Login returning
8980 CKR_USER_ALREADY_LOGGED_IN; based on patch from Yuri Samoilenko; ok markus@
8981
8982commit 15ad750e5ec3cc69765b7eba1ce90060e7083399
8983Author: djm@openbsd.org <djm@openbsd.org>
8984Date: Mon Feb 2 07:41:40 2015 +0000
8985
8986 upstream commit
8987
8988 turn UpdateHostkeys off by default until I figure out
8989 mlarkin@'s warning message; requested by deraadt@
8990
8991commit 3cd5103c1e1aaa59bd66f7f52f6ebbcd5deb12f9
8992Author: deraadt@openbsd.org <deraadt@openbsd.org>
8993Date: Mon Feb 2 01:57:44 2015 +0000
8994
8995 upstream commit
8996
8997 increasing encounters with difficult DNS setups in
8998 darknets has convinced me UseDNS off by default is better ok djm
8999
9000commit 6049a548a8a68ff0bbe581ab1748ea6a59ecdc38
9001Author: djm@openbsd.org <djm@openbsd.org>
9002Date: Sat Jan 31 20:30:05 2015 +0000
9003
9004 upstream commit
9005
9006 Let sshd load public host keys even when private keys are
9007 missing. Allows sshd to advertise additional keys for future key rotation.
9008 Also log fingerprint of hostkeys loaded; ok markus@
9009
9010commit 46347ed5968f582661e8a70a45f448e0179ca0ab
9011Author: djm@openbsd.org <djm@openbsd.org>
9012Date: Fri Jan 30 11:43:14 2015 +0000
9013
9014 upstream commit
9015
9016 Add a ssh_config HostbasedKeyType option to control which
9017 host public key types are tried during hostbased authentication.
9018
9019 This may be used to prevent too many keys being sent to the server,
9020 and blowing past its MaxAuthTries limit.
9021
9022 bz#2211 based on patch by Iain Morgan; ok markus@
9023
9024commit 802660cb70453fa4d230cb0233bc1bbdf8328de1
9025Author: djm@openbsd.org <djm@openbsd.org>
9026Date: Fri Jan 30 10:44:49 2015 +0000
9027
9028 upstream commit
9029
9030 set a timeout to prevent hangs when talking to busted
9031 servers; ok markus@
9032
9033commit 86936ec245a15c7abe71a0722610998b0a28b194
9034Author: djm@openbsd.org <djm@openbsd.org>
9035Date: Fri Jan 30 01:11:39 2015 +0000
9036
9037 upstream commit
9038
9039 regression test for 'wildcard CA' serial/key ID revocations
9040
9041commit 4509b5d4a4fa645a022635bfa7e86d09b285001f
9042Author: djm@openbsd.org <djm@openbsd.org>
9043Date: Fri Jan 30 01:13:33 2015 +0000
9044
9045 upstream commit
9046
9047 avoid more fatal/exit in the packet.c paths that
9048 ssh-keyscan uses; feedback and "looks good" markus@
9049
9050commit 669aee994348468af8b4b2ebd29b602cf2860b22
9051Author: djm@openbsd.org <djm@openbsd.org>
9052Date: Fri Jan 30 01:10:33 2015 +0000
9053
9054 upstream commit
9055
9056 permit KRLs that revoke certificates by serial number or
9057 key ID without scoping to a particular CA; ok markus@
9058
9059commit 7a2c368477e26575d0866247d3313da4256cb2b5
9060Author: djm@openbsd.org <djm@openbsd.org>
9061Date: Fri Jan 30 00:59:19 2015 +0000
9062
9063 upstream commit
9064
9065 missing parentheses after if in do_convert_from() broke
9066 private key conversion from other formats some time in 2010; bz#2345 reported
9067 by jjelen AT redhat.com
9068
9069commit 25f5f78d8bf5c22d9cea8b49de24ebeee648a355
9070Author: djm@openbsd.org <djm@openbsd.org>
9071Date: Fri Jan 30 00:22:25 2015 +0000
9072
9073 upstream commit
9074
9075 fix ssh protocol 1, spotted by miod@
9076
9077commit 9ce86c926dfa6e0635161b035e3944e611cbccf0
9078Author: djm@openbsd.org <djm@openbsd.org>
9079Date: Wed Jan 28 22:36:00 2015 +0000
9080
9081 upstream commit
9082
9083 update to new API (key_fingerprint => sshkey_fingerprint)
9084 check sshkey_fingerprint return values; ok markus
9085
9086commit 9125525c37bf73ad3ee4025520889d2ce9d10f29
9087Author: djm@openbsd.org <djm@openbsd.org>
9088Date: Wed Jan 28 22:05:31 2015 +0000
9089
9090 upstream commit
9091
9092 avoid fatal() calls in packet code makes ssh-keyscan more
9093 reliable against server failures ok dtucker@ markus@
9094
9095commit fae7bbe544cba7a9e5e4ab47ff6faa3d978646eb
9096Author: djm@openbsd.org <djm@openbsd.org>
9097Date: Wed Jan 28 21:15:47 2015 +0000
9098
9099 upstream commit
9100
9101 avoid fatal() calls in packet code makes ssh-keyscan more
9102 reliable against server failures ok dtucker@ markus@
9103
9104commit 1a3d14f6b44a494037c7deab485abe6496bf2c60
9105Author: djm@openbsd.org <djm@openbsd.org>
9106Date: Wed Jan 28 11:07:25 2015 +0000
9107
9108 upstream commit
9109
9110 remove obsolete comment
9111
9112commit 80c25b7bc0a71d75c43a4575d9a1336f589eb639
9113Author: okan@openbsd.org <okan@openbsd.org>
9114Date: Tue Jan 27 12:54:06 2015 +0000
9115
9116 upstream commit
9117
9118 Since r1.2 removed the use of PRI* macros, inttypes.h is
9119 no longer required.
9120
9121 ok djm@
9122
9123commit 69ff64f69615c2a21c97cb5878a0996c21423257
9124Author: Damien Miller <djm@mindrot.org>
9125Date: Tue Jan 27 23:07:43 2015 +1100
9126
9127 compile on systems without TCP_MD5SIG (e.g. OSX)
9128
9129commit 358964f3082fb90b2ae15bcab07b6105cfad5a43
9130Author: Damien Miller <djm@mindrot.org>
9131Date: Tue Jan 27 23:07:25 2015 +1100
9132
9133 use ssh-keygen under test rather than system's
9134
9135commit a2c95c1bf33ea53038324d1fdd774bc953f98236
9136Author: Damien Miller <djm@mindrot.org>
9137Date: Tue Jan 27 23:06:59 2015 +1100
9138
9139 OSX lacks HOST_NAME_MAX, has _POSIX_HOST_NAME_MAX
9140
9141commit ade31d7b6f608a19b85bee29a7a00b1e636a2919
9142Author: Damien Miller <djm@mindrot.org>
9143Date: Tue Jan 27 23:06:23 2015 +1100
9144
9145 these need active_state defined to link on OSX
9146
9147 temporary measure until active_state goes away entirely
9148
9149commit e56aa87502f22c5844918c10190e8b4f785f067b
9150Author: djm@openbsd.org <djm@openbsd.org>
9151Date: Tue Jan 27 12:01:36 2015 +0000
9152
9153 upstream commit
9154
9155 use printf instead of echo -n to reduce diff against
9156 -portable
9157
9158commit 9f7637f56eddfaf62ce3c0af89c25480f2cf1068
9159Author: jmc@openbsd.org <jmc@openbsd.org>
9160Date: Mon Jan 26 13:55:29 2015 +0000
9161
9162 upstream commit
9163
9164 sort previous;
9165
9166commit 3076ee7d530d5b16842fac7a6229706c7e5acd26
9167Author: djm@openbsd.org <djm@openbsd.org>
9168Date: Mon Jan 26 13:36:53 2015 +0000
9169
9170 upstream commit
9171
9172 properly restore umask
9173
9174commit d411d395556b73ba1b9e451516a0bd6697c4b03d
9175Author: djm@openbsd.org <djm@openbsd.org>
9176Date: Mon Jan 26 06:12:18 2015 +0000
9177
9178 upstream commit
9179
9180 regression test for host key rotation
9181
9182commit fe8a3a51699afbc6407a8fae59b73349d01e49f8
9183Author: djm@openbsd.org <djm@openbsd.org>
9184Date: Mon Jan 26 06:11:28 2015 +0000
9185
9186 upstream commit
9187
9188 adapt to sshkey API tweaks
9189
9190commit 7dd355fb1f0038a3d5cdca57ebab4356c7a5b434
9191Author: miod@openbsd.org <miod@openbsd.org>
9192Date: Sat Jan 24 10:39:21 2015 +0000
9193
9194 upstream commit
9195
9196 Move -lz late in the linker commandline for things to
9197 build on static arches.
9198
9199commit 0dad3b806fddb93c475b30853b9be1a25d673a33
9200Author: miod@openbsd.org <miod@openbsd.org>
9201Date: Fri Jan 23 21:21:23 2015 +0000
9202
9203 upstream commit
9204
9205 -Wpointer-sign is supported by gcc 4 only.
9206
9207commit 2b3b1c1e4bd9577b6e780c255c278542ea66c098
9208Author: djm@openbsd.org <djm@openbsd.org>
9209Date: Tue Jan 20 22:58:57 2015 +0000
9210
9211 upstream commit
9212
9213 use SUBDIR to recuse into unit tests; makes "make obj"
9214 actually work
9215
9216commit 1d1092bff8db27080155541212b420703f8b9c92
9217Author: djm@openbsd.org <djm@openbsd.org>
9218Date: Mon Jan 26 12:16:36 2015 +0000
9219
9220 upstream commit
9221
9222 correct description of UpdateHostKeys in ssh_config.5 and
9223 add it to -o lists for ssh, scp and sftp; pointed out by jmc@
9224
9225commit 5104db7cbd6cdd9c5971f4358e74414862fc1022
9226Author: djm@openbsd.org <djm@openbsd.org>
9227Date: Mon Jan 26 06:10:03 2015 +0000
9228
9229 upstream commit
9230
9231 correctly match ECDSA subtype (== curve) for
9232 offered/recevied host keys. Fixes connection-killing host key mismatches when
9233 a server offers multiple ECDSA keys with different curve type (an extremely
9234 unlikely configuration).
9235
9236 ok markus, "looks mechanical" deraadt@
9237
9238commit 8d4f87258f31cb6def9b3b55b6a7321d84728ff2
9239Author: djm@openbsd.org <djm@openbsd.org>
9240Date: Mon Jan 26 03:04:45 2015 +0000
9241
9242 upstream commit
9243
9244 Host key rotation support.
9245
9246 Add a hostkeys@openssh.com protocol extension (global request) for
9247 a server to inform a client of all its available host key after
9248 authentication has completed. The client may record the keys in
9249 known_hosts, allowing it to upgrade to better host key algorithms
9250 and a server to gracefully rotate its keys.
9251
9252 The client side of this is controlled by a UpdateHostkeys config
9253 option (default on).
9254
9255 ok markus@
9256
9257commit 60b1825262b1f1e24fc72050b907189c92daf18e
9258Author: djm@openbsd.org <djm@openbsd.org>
9259Date: Mon Jan 26 02:59:11 2015 +0000
9260
9261 upstream commit
9262
9263 small refactor and add some convenience functions; ok
9264 markus
9265
9266commit a5a3e3328ddce91e76f71ff479022d53e35c60c9
9267Author: jmc@openbsd.org <jmc@openbsd.org>
9268Date: Thu Jan 22 21:00:42 2015 +0000
9269
9270 upstream commit
9271
9272 heirarchy -> hierarchy;
9273
9274commit dcff5810a11195c57e1b3343c0d6b6f2b9974c11
9275Author: deraadt@openbsd.org <deraadt@openbsd.org>
9276Date: Thu Jan 22 20:24:41 2015 +0000
9277
9278 upstream commit
9279
9280 Provide a warning about chroot misuses (which sadly, seem
9281 to have become quite popular because shiny). sshd cannot detect/manage/do
9282 anything about these cases, best we can do is warn in the right spot in the
9283 man page. ok markus
9284
9285commit 087266ec33c76fc8d54ac5a19efacf2f4a4ca076
9286Author: deraadt@openbsd.org <deraadt@openbsd.org>
9287Date: Tue Jan 20 23:14:00 2015 +0000
9288
9289 upstream commit
9290
9291 Reduce use of <sys/param.h> and transition to <limits.h>
9292 throughout. ok djm markus
9293
9294commit 57e783c8ba2c0797f93977e83b2a8644a03065d8
9295Author: markus@openbsd.org <markus@openbsd.org>
9296Date: Tue Jan 20 20:16:21 2015 +0000
9297
9298 upstream commit
9299
9300 kex_setup errors are fatal()
9301
9302commit 1d6424a6ff94633c221297ae8f42d54e12a20912
9303Author: djm@openbsd.org <djm@openbsd.org>
9304Date: Tue Jan 20 08:02:33 2015 +0000
9305
9306 upstream commit
9307
9308 this test would accidentally delete agent.sh if run without
9309 obj/
9310
9311commit 12b5f50777203e12575f1b08568281e447249ed3
9312Author: djm@openbsd.org <djm@openbsd.org>
9313Date: Tue Jan 20 07:56:44 2015 +0000
9314
9315 upstream commit
9316
9317 make this compile with KERBEROS5 enabled
9318
9319commit e2cc6bef08941256817d44d146115b3478586ad4
9320Author: djm@openbsd.org <djm@openbsd.org>
9321Date: Tue Jan 20 07:55:33 2015 +0000
9322
9323 upstream commit
9324
9325 fix hostkeys in agent; ok markus@
9326
9327commit 1ca3e2155aa5d3801a7ae050f85c71f41fcb95b1
9328Author: Damien Miller <djm@mindrot.org>
9329Date: Tue Jan 20 10:11:31 2015 +1100
9330
9331 fix kex test
9332
9333commit c78a578107c7e6dcf5d30a2f34cb6581bef14029
9334Author: markus@openbsd.org <markus@openbsd.org>
9335Date: Mon Jan 19 20:45:25 2015 +0000
9336
9337 upstream commit
9338
9339 finally enable the KEX tests I wrote some years ago...
9340
9341commit 31821d7217e686667d04935aeec99e1fc4a46e7e
9342Author: markus@openbsd.org <markus@openbsd.org>
9343Date: Mon Jan 19 20:42:31 2015 +0000
9344
9345 upstream commit
9346
9347 adapt to new error message (SSH_ERR_MAC_INVALID)
9348
9349commit d3716ca19e510e95d956ae14d5b367e364bff7f1
9350Author: djm@openbsd.org <djm@openbsd.org>
9351Date: Mon Jan 19 17:31:13 2015 +0000
9352
9353 upstream commit
9354
9355 this test was broken in at least two ways, such that it
9356 wasn't checking that a KRL was not excluding valid keys
9357
9358commit 3f797653748e7c2b037dacb57574c01d9ef3b4d3
9359Author: markus@openbsd.org <markus@openbsd.org>
9360Date: Mon Jan 19 20:32:39 2015 +0000
9361
9362 upstream commit
9363
9364 switch ssh-keyscan from setjmp to multiple ssh transport
9365 layer instances ok djm@
9366
9367commit f582f0e917bb0017b00944783cd5f408bf4b0b5e
9368Author: markus@openbsd.org <markus@openbsd.org>
9369Date: Mon Jan 19 20:30:23 2015 +0000
9370
9371 upstream commit
9372
9373 add experimental api for packet layer; ok djm@
9374
9375commit 48b3b2ba75181f11fca7f327058a591f4426cade
9376Author: markus@openbsd.org <markus@openbsd.org>
9377Date: Mon Jan 19 20:20:20 2015 +0000
9378
9379 upstream commit
9380
9381 store compat flags in struct ssh; ok djm@
9382
9383commit 57d10cbe861a235dd269c74fb2fe248469ecee9d
9384Author: markus@openbsd.org <markus@openbsd.org>
9385Date: Mon Jan 19 20:16:15 2015 +0000
9386
9387 upstream commit
9388
9389 adapt kex to sshbuf and struct ssh; ok djm@
9390
9391commit 3fdc88a0def4f86aa88a5846ac079dc964c0546a
9392Author: markus@openbsd.org <markus@openbsd.org>
9393Date: Mon Jan 19 20:07:45 2015 +0000
9394
9395 upstream commit
9396
9397 move dispatch to struct ssh; ok djm@
9398
9399commit 091c302829210c41e7f57c3f094c7b9c054306f0
9400Author: markus@openbsd.org <markus@openbsd.org>
9401Date: Mon Jan 19 19:52:16 2015 +0000
9402
9403 upstream commit
9404
9405 update packet.c & isolate, introduce struct ssh a) switch
9406 packet.c to buffer api and isolate per-connection info into struct ssh b)
9407 (de)serialization of the state is moved from monitor to packet.c c) the old
9408 packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and
9409 integrated into packet.c with and ok djm@
9410
9411commit 4e62cc68ce4ba20245d208b252e74e91d3785b74
9412Author: djm@openbsd.org <djm@openbsd.org>
9413Date: Mon Jan 19 17:35:48 2015 +0000
9414
9415 upstream commit
9416
9417 fix format strings in (disabled) debugging
9418
9419commit d85e06245907d49a2cd0cfa0abf59150ad616f42
9420Author: djm@openbsd.org <djm@openbsd.org>
9421Date: Mon Jan 19 06:01:32 2015 +0000
9422
9423 upstream commit
9424
9425 be a bit more careful in these tests to ensure that
9426 known_hosts is clean
9427
9428commit 7947810eab5fe0ad311f32a48f4d4eb1f71be6cf
9429Author: djm@openbsd.org <djm@openbsd.org>
9430Date: Sun Jan 18 22:00:18 2015 +0000
9431
9432 upstream commit
9433
9434 regression test for known_host file editing using
9435 ssh-keygen (-H / -R / -F) after hostkeys_foreach() change; feedback and ok
9436 markus@
9437
9438commit 3a2b09d147a565d8a47edf37491e149a02c0d3a3
9439Author: djm@openbsd.org <djm@openbsd.org>
9440Date: Sun Jan 18 19:54:46 2015 +0000
9441
9442 upstream commit
9443
9444 more and better key tests
9445
9446 test signatures and verification
9447 test certificate generation
9448 flesh out nested cert test
9449
9450 removes most of the XXX todo markers
9451
9452commit 589e69fd82724cfc9738f128e4771da2e6405d0d
9453Author: djm@openbsd.org <djm@openbsd.org>
9454Date: Sun Jan 18 19:53:58 2015 +0000
9455
9456 upstream commit
9457
9458 make the signature fuzzing test much more rigorous:
9459 ensure that the fuzzed input cases do not match the original (using new
9460 fuzz_matches_original() function) and check that the verification fails in
9461 each case
9462
9463commit 80603c0daa2538c349c1c152405580b164d5475f
9464Author: djm@openbsd.org <djm@openbsd.org>
9465Date: Sun Jan 18 19:52:44 2015 +0000
9466
9467 upstream commit
9468
9469 add a fuzz_matches_original() function to the fuzzer to
9470 detect fuzz cases that are identical to the original data. Hacky
9471 implementation, but very useful when you need the fuzz to be different, e.g.
9472 when verifying signature
9473
9474commit 87d5495bd337e358ad69c524fcb9495208c0750b
9475Author: djm@openbsd.org <djm@openbsd.org>
9476Date: Sun Jan 18 19:50:55 2015 +0000
9477
9478 upstream commit
9479
9480 better dumps from the fuzzer (shown on errors) -
9481 include the original data as well as the fuzzed copy.
9482
9483commit d59ec478c453a3fff05badbbfd96aa856364f2c2
9484Author: djm@openbsd.org <djm@openbsd.org>
9485Date: Sun Jan 18 19:47:55 2015 +0000
9486
9487 upstream commit
9488
9489 enable hostkey-agent.sh test
9490
9491commit 26b3425170bf840e4b095e1c10bf25a0a3e3a105
9492Author: djm@openbsd.org <djm@openbsd.org>
9493Date: Sat Jan 17 18:54:30 2015 +0000
9494
9495 upstream commit
9496
9497 unit test for hostkeys in ssh-agent
9498
9499commit 9e06a0fb23ec55d9223b26a45bb63c7649e2f2f2
9500Author: markus@openbsd.org <markus@openbsd.org>
9501Date: Thu Jan 15 23:41:29 2015 +0000
9502
9503 upstream commit
9504
9505 add kex unit tests
9506
9507commit d2099dec6da21ae627f6289aedae6bc1d41a22ce
9508Author: deraadt@openbsd.org <deraadt@openbsd.org>
9509Date: Mon Jan 19 00:32:54 2015 +0000
9510
9511 upstream commit
9512
9513 djm, your /usr/include tree is old
9514
9515commit 2b3c3c76c30dc5076fe09d590f5b26880f148a54
9516Author: djm@openbsd.org <djm@openbsd.org>
9517Date: Sun Jan 18 21:51:19 2015 +0000
9518
9519 upstream commit
9520
9521 some feedback from markus@: comment hostkeys_foreach()
9522 context and avoid a member in it.
9523
9524commit cecb30bc2ba6d594366e657d664d5c494b6c8a7f
9525Author: djm@openbsd.org <djm@openbsd.org>
9526Date: Sun Jan 18 21:49:42 2015 +0000
9527
9528 upstream commit
9529
9530 make ssh-keygen use hostkeys_foreach(). Removes some
9531 horrendous code; ok markus@
9532
9533commit ec3d065df3a9557ea96b02d061fd821a18c1a0b9
9534Author: djm@openbsd.org <djm@openbsd.org>
9535Date: Sun Jan 18 21:48:09 2015 +0000
9536
9537 upstream commit
9538
9539 convert load_hostkeys() (hostkey ordering and
9540 known_host matching) to use the new hostkey_foreach() iterator; ok markus
9541
9542commit c29811cc480a260e42fd88849fc86a80c1e91038
9543Author: djm@openbsd.org <djm@openbsd.org>
9544Date: Sun Jan 18 21:40:23 2015 +0000
9545
9546 upstream commit
9547
9548 introduce hostkeys_foreach() to allow iteration over a
9549 known_hosts file or controlled subset thereof. This will allow us to pull out
9550 some ugly and duplicated code, and will be used to implement hostkey rotation
9551 later.
9552
9553 feedback and ok markus
9554
9555commit f101d8291da01bbbfd6fb8c569cfd0cc61c0d346
9556Author: deraadt@openbsd.org <deraadt@openbsd.org>
9557Date: Sun Jan 18 14:01:00 2015 +0000
9558
9559 upstream commit
9560
9561 string truncation due to sizeof(size) ok djm markus
9562
9563commit 35d6022b55b7969fc10c261cb6aa78cc4a5fcc41
9564Author: djm@openbsd.org <djm@openbsd.org>
9565Date: Sun Jan 18 13:33:34 2015 +0000
9566
9567 upstream commit
9568
9569 avoid trailing ',' in host key algorithms
9570
9571commit 7efb455789a0cb76bdcdee91c6060a3dc8f5c007
9572Author: djm@openbsd.org <djm@openbsd.org>
9573Date: Sun Jan 18 13:22:28 2015 +0000
9574
9575 upstream commit
9576
9577 infer key length correctly when user specified a fully-
9578 qualified key name instead of using the -b bits option; ok markus@
9579
9580commit 83f8ffa6a55ccd0ce9d8a205e3e7439ec18fedf5
9581Author: djm@openbsd.org <djm@openbsd.org>
9582Date: Sat Jan 17 18:53:34 2015 +0000
9583
9584 upstream commit
9585
9586 fix hostkeys on ssh agent; found by unit test I'm about
9587 to commit
9588
9589commit 369d61f17657b814124268f99c033e4dc6e436c1
9590Author: schwarze@openbsd.org <schwarze@openbsd.org>
9591Date: Fri Jan 16 16:20:23 2015 +0000
9592
9593 upstream commit
9594
9595 garbage collect empty .No macros mandoc warns about
9596
9597commit bb8b442d32dbdb8521d610e10d8b248d938bd747
9598Author: djm@openbsd.org <djm@openbsd.org>
9599Date: Fri Jan 16 15:55:07 2015 +0000
9600
9601 upstream commit
9602
9603 regression: incorrect error message on
9604 otherwise-successful ssh-keygen -A. Reported by Dmitry Orlov, via deraadt@
9605
9606commit 9010902954a40b59d0bf3df3ccbc3140a653e2bc
9607Author: djm@openbsd.org <djm@openbsd.org>
9608Date: Fri Jan 16 07:19:48 2015 +0000
9609
9610 upstream commit
9611
9612 when hostname canonicalisation is enabled, try to parse
9613 hostnames as addresses before looking them up for canonicalisation. fixes
9614 bz#2074 and avoids needless DNS lookups in some cases; ok markus
9615
9616commit 2ae4f337b2a5fb2841b6b0053b49496fef844d1c
9617Author: deraadt@openbsd.org <deraadt@openbsd.org>
9618Date: Fri Jan 16 06:40:12 2015 +0000
9619
9620 upstream commit
9621
9622 Replace <sys/param.h> with <limits.h> and other less
9623 dirty headers where possible. Annotate <sys/param.h> lines with their
9624 current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1,
9625 LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of
9626 MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution.
9627 These are the files confirmed through binary verification. ok guenther,
9628 millert, doug (helped with the verification protocol)
9629
9630commit 3c4726f4c24118e8f1bb80bf75f1456c76df072c
9631Author: markus@openbsd.org <markus@openbsd.org>
9632Date: Thu Jan 15 21:38:50 2015 +0000
9633
9634 upstream commit
9635
9636 remove xmalloc, switch to sshbuf
9637
9638commit e17ac01f8b763e4b83976b9e521e90a280acc097
9639Author: markus@openbsd.org <markus@openbsd.org>
9640Date: Thu Jan 15 21:37:14 2015 +0000
9641
9642 upstream commit
9643
9644 switch to sshbuf
9645
9646commit ddef9995a1fa6c7a8ff3b38bfe6cf724bebf13d0
9647Author: naddy@openbsd.org <naddy@openbsd.org>
9648Date: Thu Jan 15 18:32:54 2015 +0000
9649
9650 upstream commit
9651
9652 handle UMAC128 initialization like UMAC; ok djm@ markus@
9653
9654commit f14564c1f7792446bca143580aef0e7ac25dcdae
9655Author: djm@openbsd.org <djm@openbsd.org>
9656Date: Thu Jan 15 11:04:36 2015 +0000
9657
9658 upstream commit
9659
9660 fix regression reported by brad@ for passworded keys without
9661 agent present
9662
9663commit 45c0fd70bb2a88061319dfff20cb12ef7b1bc47e
9664Author: Damien Miller <djm@mindrot.org>
9665Date: Thu Jan 15 22:08:23 2015 +1100
9666
9667 make bitmap test compile
9668
9669commit d333f89abf7179021e5c3f28673f469abe032062
9670Author: djm@openbsd.org <djm@openbsd.org>
9671Date: Thu Jan 15 07:36:28 2015 +0000
9672
9673 upstream commit
9674
9675 unit tests for KRL bitmap
9676
9677commit 7613f828f49c55ff356007ae9645038ab6682556
9678Author: markus@openbsd.org <markus@openbsd.org>
9679Date: Wed Jan 14 09:58:21 2015 +0000
9680
9681 upstream commit
9682
9683 re-add comment about full path
9684
9685commit 6c43b48b307c41cd656b415621a644074579a578
9686Author: markus@openbsd.org <markus@openbsd.org>
9687Date: Wed Jan 14 09:54:38 2015 +0000
9688
9689 upstream commit
9690
9691 don't reset to the installed sshd; connect before
9692 reconfigure, too
9693
9694commit 771bb47a1df8b69061f09462e78aa0b66cd594bf
9695Author: djm@openbsd.org <djm@openbsd.org>
9696Date: Tue Jan 13 14:51:51 2015 +0000
9697
9698 upstream commit
9699
9700 implement a SIGINFO handler so we can discern a stuck
9701 fuzz test from a merely glacial one; prompted by and ok markus
9702
9703commit cfaa57962f8536f3cf0fd7daf4d6a55d6f6de45f
9704Author: djm@openbsd.org <djm@openbsd.org>
9705Date: Tue Jan 13 08:23:26 2015 +0000
9706
9707 upstream commit
9708
9709 use $SSH instead of installed ssh to allow override;
9710 spotted by markus@
9711
9712commit 0920553d0aee117a596b03ed5b49b280d34a32c5
9713Author: djm@openbsd.org <djm@openbsd.org>
9714Date: Tue Jan 13 07:49:49 2015 +0000
9715
9716 upstream commit
9717
9718 regress test for PubkeyAcceptedKeyTypes; ok markus@
9719
9720commit 27ca1a5c0095eda151934bca39a77e391f875d17
9721Author: markus@openbsd.org <markus@openbsd.org>
9722Date: Mon Jan 12 20:13:27 2015 +0000
9723
9724 upstream commit
9725
9726 unbreak parsing of pubkey comments; with gerhard; ok
9727 djm/deraadt
9728
9729commit 55358f0b4e0b83bc0df81c5f854c91b11e0bb4dc
9730Author: djm@openbsd.org <djm@openbsd.org>
9731Date: Mon Jan 12 11:46:32 2015 +0000
9732
9733 upstream commit
9734
9735 fatal if soft-PKCS11 library is missing rather (rather
9736 than continue and fail with a more cryptic error)
9737
9738commit c3554cdd2a1a62434b8161017aa76fa09718a003
9739Author: djm@openbsd.org <djm@openbsd.org>
9740Date: Mon Jan 12 11:12:38 2015 +0000
9741
9742 upstream commit
9743
9744 let this test all supporte key types; pointed out/ok
9745 markus@
9746
9747commit 1129dcfc5a3e508635004bcc05a3574cb7687167
9748Author: djm@openbsd.org <djm@openbsd.org>
9749Date: Thu Jan 15 09:40:00 2015 +0000
9750
9751 upstream commit
9752
9753 sync ssh-keysign, ssh-keygen and some dependencies to the
9754 new buffer/key API; mostly mechanical, ok markus@
9755
9756commit e4ebf5586452bf512da662ac277aaf6ecf0efe7c
9757Author: djm@openbsd.org <djm@openbsd.org>
9758Date: Thu Jan 15 07:57:08 2015 +0000
9759
9760 upstream commit
9761
9762 remove commented-out test code now that it has moved to a
9763 proper unit test
9764
9765commit e81cba066c1e9eb70aba0f6e7c0ff220611b370f
9766Author: djm@openbsd.org <djm@openbsd.org>
9767Date: Wed Jan 14 20:54:29 2015 +0000
9768
9769 upstream commit
9770
9771 whitespace
9772
9773commit 141efe49542f7156cdbc2e4cd0a041d8b1aab622
9774Author: djm@openbsd.org <djm@openbsd.org>
9775Date: Wed Jan 14 20:05:27 2015 +0000
9776
9777 upstream commit
9778
9779 move authfd.c and its tentacles to the new buffer/key
9780 API; ok markus@
9781
9782commit 0088c57af302cda278bd26d8c3ae81d5b6f7c289
9783Author: djm@openbsd.org <djm@openbsd.org>
9784Date: Wed Jan 14 19:33:41 2015 +0000
9785
9786 upstream commit
9787
9788 fix small regression: ssh-agent would return a success
9789 message but an empty signature if asked to sign using an unknown key; ok
9790 markus@
9791
9792commit b03ebe2c22b8166e4f64c37737f4278676e3488d
9793Author: Damien Miller <djm@mindrot.org>
9794Date: Thu Jan 15 03:08:58 2015 +1100
9795
9796 more --without-openssl
9797
9798 fix some regressions caused by upstream merges
9799
9800 enable KRLs now that they no longer require BIGNUMs
9801
9802commit bc42cc6fe784f36df225c44c93b74830027cb5a2
9803Author: Damien Miller <djm@mindrot.org>
9804Date: Thu Jan 15 03:08:29 2015 +1100
9805
9806 kludge around tun API mismatch betterer
9807
9808commit c332110291089b624fa0951fbf2d1ee6de525b9f
9809Author: Damien Miller <djm@mindrot.org>
9810Date: Thu Jan 15 02:59:51 2015 +1100
9811
9812 some systems lack SO_REUSEPORT
9813
9814commit 83b9678a62cbdc74eb2031cf1e1e4ffd58e233ae
9815Author: Damien Miller <djm@mindrot.org>
9816Date: Thu Jan 15 02:35:50 2015 +1100
9817
9818 fix merge botch
9819
9820commit 0cdc5a3eb6fb383569a4da2a30705d9b90428d6b
9821Author: Damien Miller <djm@mindrot.org>
9822Date: Thu Jan 15 02:35:33 2015 +1100
9823
9824 unbreak across API change
9825
9826commit 6e2549ac2b5e7f96cbc2d83a6e0784b120444b47
9827Author: Damien Miller <djm@mindrot.org>
9828Date: Thu Jan 15 02:30:18 2015 +1100
9829
9830 need includes.h for portable OpenSSH
9831
9832commit 72ef7c148c42db7d5632a29f137f8b87b579f2d9
9833Author: Damien Miller <djm@mindrot.org>
9834Date: Thu Jan 15 02:21:31 2015 +1100
9835
9836 support --without-openssl at configure time
9837
9838 Disables and removes dependency on OpenSSL. Many features don't
9839 work and the set of crypto options is greatly restricted. This
9840 will only work on system with native arc4random or /dev/urandom.
9841
9842 Considered highly experimental for now.
9843
9844commit 4f38c61c68ae7e3f9ee4b3c38bc86cd39f65ece9
9845Author: Damien Miller <djm@mindrot.org>
9846Date: Thu Jan 15 02:28:00 2015 +1100
9847
9848 add files missed in last commit
9849
9850commit a165bab605f7be55940bb8fae977398e8c96a46d
9851Author: djm@openbsd.org <djm@openbsd.org>
9852Date: Wed Jan 14 15:02:39 2015 +0000
9853
9854 upstream commit
9855
9856 avoid BIGNUM in KRL code by using a simple bitmap;
9857 feedback and ok markus
9858
9859commit 7d845f4a0b7ec97887be204c3760e44de8bf1f32
9860Author: djm@openbsd.org <djm@openbsd.org>
9861Date: Wed Jan 14 13:54:13 2015 +0000
9862
9863 upstream commit
9864
9865 update sftp client and server to new buffer API. pretty
9866 much just mechanical changes; with & ok markus
9867
9868commit 139ca81866ec1b219c717d17061e5e7ad1059e2a
9869Author: markus@openbsd.org <markus@openbsd.org>
9870Date: Wed Jan 14 13:09:09 2015 +0000
9871
9872 upstream commit
9873
9874 switch to sshbuf/sshkey; with & ok djm@
9875
9876commit 81bfbd0bd35683de5d7f2238b985e5f8150a9180
9877Author: Damien Miller <djm@mindrot.org>
9878Date: Wed Jan 14 21:48:18 2015 +1100
9879
9880 support --without-openssl at configure time
9881
9882 Disables and removes dependency on OpenSSL. Many features don't
9883 work and the set of crypto options is greatly restricted. This
9884 will only work on system with native arc4random or /dev/urandom.
9885
9886 Considered highly experimental for now.
9887
9888commit 54924b53af15ccdcbb9f89984512b5efef641a31
9889Author: djm@openbsd.org <djm@openbsd.org>
9890Date: Wed Jan 14 10:46:28 2015 +0000
9891
9892 upstream commit
9893
9894 avoid an warning for the !OPENSSL case
9895
9896commit ae8b463217f7c9b66655bfc3945c050ffdaeb861
9897Author: markus@openbsd.org <markus@openbsd.org>
9898Date: Wed Jan 14 10:30:34 2015 +0000
9899
9900 upstream commit
9901
9902 swith auth-options to new sshbuf/sshkey; ok djm@
9903
9904commit 540e891191b98b89ee90aacf5b14a4a68635e763
9905Author: djm@openbsd.org <djm@openbsd.org>
9906Date: Wed Jan 14 10:29:45 2015 +0000
9907
9908 upstream commit
9909
9910 make non-OpenSSL aes-ctr work on sshd w/ privsep; ok
9911 markus@
9912
9913commit 60c2c4ea5e1ad0ddfe8b2877b78ed5143be79c53
9914Author: markus@openbsd.org <markus@openbsd.org>
9915Date: Wed Jan 14 10:24:42 2015 +0000
9916
9917 upstream commit
9918
9919 remove unneeded includes, sync my copyright across files
9920 & whitespace; ok djm@
9921
9922commit 128343bcdb0b60fc826f2733df8cf979ec1627b4
9923Author: markus@openbsd.org <markus@openbsd.org>
9924Date: Tue Jan 13 19:31:40 2015 +0000
9925
9926 upstream commit
9927
9928 adapt mac.c to ssherr.h return codes (de-fatal) and
9929 simplify dependencies ok djm@
9930
9931commit e7fd952f4ea01f09ceb068721a5431ac2fd416ed
9932Author: djm@openbsd.org <djm@openbsd.org>
9933Date: Tue Jan 13 19:04:35 2015 +0000
9934
9935 upstream commit
9936
9937 sync changes from libopenssh; prepared by markus@ mostly
9938 debug output tweaks, a couple of error return value changes and some other
9939 minor stuff
9940
9941commit 76c0480a85675f03a1376167cb686abed01a3583
9942Author: Damien Miller <djm@mindrot.org>
9943Date: Tue Jan 13 19:38:18 2015 +1100
9944
9945 add --without-ssh1 option to configure
9946
9947 Allows disabling support for SSH protocol 1.
9948
9949commit 1f729f0614d1376c3332fa1edb6a5e5cec7e9e03
9950Author: djm@openbsd.org <djm@openbsd.org>
9951Date: Tue Jan 13 07:39:19 2015 +0000
9952
9953 upstream commit
9954
9955 add sshd_config HostbasedAcceptedKeyTypes and
9956 PubkeyAcceptedKeyTypes options to allow sshd to control what public key types
9957 will be accepted. Currently defaults to all. Feedback & ok markus@
9958
9959commit 816d1538c24209a93ba0560b27c4fda57c3fff65
9960Author: markus@openbsd.org <markus@openbsd.org>
9961Date: Mon Jan 12 20:13:27 2015 +0000
9962
9963 upstream commit
9964
9965 unbreak parsing of pubkey comments; with gerhard; ok
9966 djm/deraadt
9967
9968commit 0097565f849851812df610b7b6b3c4bd414f6c62
9969Author: markus@openbsd.org <markus@openbsd.org>
9970Date: Mon Jan 12 19:22:46 2015 +0000
9971
9972 upstream commit
9973
9974 missing error assigment on sshbuf_put_string()
9975
9976commit a7f49dcb527dd17877fcb8d5c3a9a6f550e0bba5
9977Author: djm@openbsd.org <djm@openbsd.org>
9978Date: Mon Jan 12 15:18:07 2015 +0000
9979
9980 upstream commit
9981
9982 apparently memcpy(x, NULL, 0) is undefined behaviour
9983 according to C99 (cf. sections 7.21.1 and 7.1.4), so check skip memcpy calls
9984 when length==0; ok markus@
9985
9986commit 905fe30fca82f38213763616d0d26eb6790bde33
9987Author: markus@openbsd.org <markus@openbsd.org>
9988Date: Mon Jan 12 14:05:19 2015 +0000
9989
9990 upstream commit
9991
9992 free->sshkey_free; ok djm@
9993
9994commit f067cca2bc20c86b110174c3fef04086a7f57b13
9995Author: markus@openbsd.org <markus@openbsd.org>
9996Date: Mon Jan 12 13:29:27 2015 +0000
9997
9998 upstream commit
9999
10000 allow WITH_OPENSSL w/o WITH_SSH1; ok djm@
10001
10002commit c4bfafcc2a9300d9cfb3c15e75572d3a7d74670d
10003Author: djm@openbsd.org <djm@openbsd.org>
10004Date: Thu Jan 8 13:10:58 2015 +0000
10005
10006 upstream commit
10007
10008 adjust for sshkey_load_file() API change
10009
10010commit e752c6d547036c602b89e9e704851463bd160e32
10011Author: djm@openbsd.org <djm@openbsd.org>
10012Date: Thu Jan 8 13:44:36 2015 +0000
10013
10014 upstream commit
10015
10016 fix ssh_config FingerprintHash evaluation order; from Petr
10017 Lautrbach
10018
10019commit ab24ab847b0fc94c8d5e419feecff0bcb6d6d1bf
10020Author: djm@openbsd.org <djm@openbsd.org>
10021Date: Thu Jan 8 10:15:45 2015 +0000
10022
10023 upstream commit
10024
10025 reorder hostbased key attempts to better match the
10026 default hostkey algorithms order in myproposal.h; ok markus@
10027
10028commit 1195f4cb07ef4b0405c839293c38600b3e9bdb46
10029Author: djm@openbsd.org <djm@openbsd.org>
10030Date: Thu Jan 8 10:14:08 2015 +0000
10031
10032 upstream commit
10033
10034 deprecate key_load_private_pem() and
10035 sshkey_load_private_pem() interfaces. Refactor the generic key loading API to
10036 not require pathnames to be specified (they weren't really used).
10037
10038 Fixes a few other things en passant:
10039
10040 Makes ed25519 keys work for hostbased authentication (ssh-keysign
10041 previously used the PEM-only routines).
10042
10043 Fixes key comment regression bz#2306: key pathnames were being lost as
10044 comment fields.
10045
10046 ok markus@
10047
10048commit febbe09e4e9aff579b0c5cc1623f756862e4757d
10049Author: tedu@openbsd.org <tedu@openbsd.org>
10050Date: Wed Jan 7 18:15:07 2015 +0000
10051
10052 upstream commit
10053
10054 workaround for the Meyer, et al, Bleichenbacher Side
10055 Channel Attack. fake up a bignum key before RSA decryption. discussed/ok djm
10056 markus
10057
10058commit 5191df927db282d3123ca2f34a04d8d96153911a
10059Author: djm@openbsd.org <djm@openbsd.org>
10060Date: Tue Dec 23 22:42:48 2014 +0000
10061
10062 upstream commit
10063
10064 KNF and add a little more debug()
10065
10066commit 8abd80315d3419b20e6938f74d37e2e2b547f0b7
10067Author: jmc@openbsd.org <jmc@openbsd.org>
10068Date: Mon Dec 22 09:26:31 2014 +0000
10069
10070 upstream commit
10071
10072 add fingerprinthash to the options list;
10073
10074commit 296ef0560f60980da01d83b9f0e1a5257826536f
10075Author: jmc@openbsd.org <jmc@openbsd.org>
10076Date: Mon Dec 22 09:24:59 2014 +0000
10077
10078 upstream commit
10079
10080 tweak previous;
10081
10082commit 462082eacbd37778a173afb6b84c6f4d898a18b5
10083Author: Damien Miller <djm@google.com>
10084Date: Tue Dec 30 08:16:11 2014 +1100
10085
10086 avoid uninitialised free of ldns_res
10087
10088 If an invalid rdclass was passed to getrrsetbyname() then
10089 this would execute a free on an uninitialised pointer.
10090 OpenSSH only ever calls this with a fixed and valid rdclass.
10091
10092 Reported by Joshua Rogers
10093
10094commit 01b63498801053f131a0740eb9d13faf35d636c8
10095Author: Damien Miller <djm@google.com>
10096Date: Mon Dec 29 18:10:18 2014 +1100
10097
10098 pull updated OpenBSD BCrypt PBKDF implementation
10099
10100 Includes fix for 1 byte output overflow for large key length
10101 requests (not reachable in OpenSSH).
10102
10103 Pointed out by Joshua Rogers
10104
10105commit c528c1b4af2f06712177b3de9b30705752f7cbcb
10106Author: Damien Miller <djm@google.com>
10107Date: Tue Dec 23 15:26:13 2014 +1100
10108
10109 fix variable name for IPv6 case in construct_utmpx
10110
10111 patch from writeonce AT midipix.org via bz#2296
10112
10113commit 293cac52dcda123244b2e594d15592e5e481c55e
10114Author: Damien Miller <djm@google.com>
10115Date: Mon Dec 22 16:30:42 2014 +1100
10116
10117 include and use OpenBSD netcat in regress/
10118
10119commit 8f6784f0cb56dc4fd00af3e81a10050a5785228d
10120Author: djm@openbsd.org <djm@openbsd.org>
10121Date: Mon Dec 22 09:05:17 2014 +0000
10122
10123 upstream commit
10124
10125 mention ssh -Q feature to list supported { MAC, cipher,
10126 KEX, key } algorithms in more places and include the query string used to
10127 list the relevant information; bz#2288
10128
10129commit 449e11b4d7847079bd0a2daa6e3e7ea03d8ef700
10130Author: jmc@openbsd.org <jmc@openbsd.org>
10131Date: Mon Dec 22 08:24:17 2014 +0000
10132
10133 upstream commit
10134
10135 tweak previous;
10136
10137commit 4bea0ab3290c0b9dd2aa199e932de8e7e18062d6
10138Author: djm@openbsd.org <djm@openbsd.org>
10139Date: Mon Dec 22 08:06:03 2014 +0000
10140
10141 upstream commit
10142
10143 regression test for multiple required pubkey authentication;
10144 ok markus@
10145
10146commit f1c4d8ec52158b6f57834b8cd839605b0a33e7f2
10147Author: djm@openbsd.org <djm@openbsd.org>
10148Date: Mon Dec 22 08:04:23 2014 +0000
10149
10150 upstream commit
10151
10152 correct description of what will happen when a
10153 AuthorizedKeysCommand is specified but AuthorizedKeysCommandUser is not (sshd
10154 will refuse to start)
10155
10156commit 161cf419f412446635013ac49e8c660cadc36080
10157Author: djm@openbsd.org <djm@openbsd.org>
10158Date: Mon Dec 22 07:55:51 2014 +0000
10159
10160 upstream commit
10161
10162 make internal handling of filename arguments of "none"
10163 more consistent with ssh. "none" arguments are now replaced with NULL when
10164 the configuration is finalised.
10165
10166 Simplifies checking later on (just need to test not-NULL rather than
10167 that + strcmp) and cleans up some inconsistencies. ok markus@
10168
10169commit f69b69b8625be447b8826b21d87713874dac25a6
10170Author: djm@openbsd.org <djm@openbsd.org>
10171Date: Mon Dec 22 07:51:30 2014 +0000
10172
10173 upstream commit
10174
10175 remember which public keys have been used for
10176 authentication and refuse to accept previously-used keys.
10177
10178 This allows AuthenticationMethods=publickey,publickey to require
10179 that users authenticate using two _different_ pubkeys.
10180
10181 ok markus@
10182
10183commit 46ac2ed4677968224c4ca825bc98fc68dae183f0
10184Author: djm@openbsd.org <djm@openbsd.org>
10185Date: Mon Dec 22 07:24:11 2014 +0000
10186
10187 upstream commit
10188
10189 fix passing of wildcard forward bind addresses when
10190 connection multiplexing is in use; patch from Sami Hartikainen via bz#2324;
10191 ok dtucker@
10192
10193commit 0d1b241a262e4d0a6bbfdd595489ab1b853c43a1
10194Author: djm@openbsd.org <djm@openbsd.org>
10195Date: Mon Dec 22 06:14:29 2014 +0000
10196
10197 upstream commit
10198
10199 make this slightly easier to diff against portable
10200
10201commit 0715bcdddbf68953964058f17255bf54734b8737
10202Author: Damien Miller <djm@mindrot.org>
10203Date: Mon Dec 22 13:47:07 2014 +1100
10204
10205 add missing regress output file
10206
10207commit 1e30483c8ad2c2f39445d4a4b6ab20c241e40593
10208Author: djm@openbsd.org <djm@openbsd.org>
10209Date: Mon Dec 22 02:15:52 2014 +0000
10210
10211 upstream commit
10212
10213 adjust for new SHA256 key fingerprints and
10214 slightly-different MD5 hex fingerprint format
10215
10216commit 6b40567ed722df98593ad8e6a2d2448fc2b4b151
10217Author: djm@openbsd.org <djm@openbsd.org>
10218Date: Mon Dec 22 01:14:49 2014 +0000
10219
10220 upstream commit
10221
10222 poll changes to netcat (usr.bin/netcat.c r1.125) broke
10223 this test; fix it by ensuring more stdio fds are sent to devnull
10224
10225commit a5375ccb970f49dddf7d0ef63c9b713ede9e7260
10226Author: jmc@openbsd.org <jmc@openbsd.org>
10227Date: Sun Dec 21 23:35:14 2014 +0000
10228
10229 upstream commit
10230
10231 tweak previous;
10232
10233commit b79efde5c3badf5ce4312fe608d8307eade533c5
10234Author: djm@openbsd.org <djm@openbsd.org>
10235Date: Sun Dec 21 23:12:42 2014 +0000
10236
10237 upstream commit
10238
10239 document FingerprintHash here too
10240
10241commit d16bdd8027dd116afa01324bb071a4016cdc1a75
10242Author: Damien Miller <djm@mindrot.org>
10243Date: Mon Dec 22 10:18:09 2014 +1100
10244
10245 missing include for base64 encoding
10246
10247commit 56d1c83cdd1ac76f1c6bd41e01e80dad834f3994
10248Author: djm@openbsd.org <djm@openbsd.org>
10249Date: Sun Dec 21 22:27:55 2014 +0000
10250
10251 upstream commit
10252
10253 Add FingerprintHash option to control algorithm used for
10254 key fingerprints. Default changes from MD5 to SHA256 and format from hex to
10255 base64.
10256
10257 Feedback and ok naddy@ markus@
10258
10259commit 058f839fe15c51be8b3a844a76ab9a8db550be4f
10260Author: djm@openbsd.org <djm@openbsd.org>
10261Date: Thu Dec 18 23:58:04 2014 +0000
10262
10263 upstream commit
10264
10265 don't count partial authentication success as a failure
10266 against MaxAuthTries; ok deraadt@
diff --git a/INSTALL b/INSTALL
index 6bc80b68f..92106bf02 100644
--- a/INSTALL
+++ b/INSTALL
@@ -1,3 +1,4 @@
11. Prerequisites
1---------------- 2----------------
2 3
3A C compiler. Any C89 or better compiler should work. Where supported, 4A C compiler. Any C89 or better compiler should work. Where supported,
@@ -231,7 +232,7 @@ manually using the following commands:
231 232
232 ssh-keygen -t [type] -f /etc/ssh/ssh_host_key -N "" 233 ssh-keygen -t [type] -f /etc/ssh/ssh_host_key -N ""
233 234
234for each of the types you wish to generate (rsa, dsa or ecdsaa) or 235for each of the types you wish to generate (rsa, dsa or ecdsa) or
235 236
236 ssh-keygen -A 237 ssh-keygen -A
237 238
diff --git a/Makefile.in b/Makefile.in
index a00347e24..0577a6c47 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -237,6 +237,8 @@ clean: regressclean
237 rm -f regress/unittests/sshkey/test_sshkey 237 rm -f regress/unittests/sshkey/test_sshkey
238 rm -f regress/unittests/bitmap/*.o 238 rm -f regress/unittests/bitmap/*.o
239 rm -f regress/unittests/bitmap/test_bitmap 239 rm -f regress/unittests/bitmap/test_bitmap
240 rm -f regress/unittests/conversion/*.o
241 rm -f regress/unittests/conversion/test_conversion
240 rm -f regress/unittests/hostkeys/*.o 242 rm -f regress/unittests/hostkeys/*.o
241 rm -f regress/unittests/hostkeys/test_hostkeys 243 rm -f regress/unittests/hostkeys/test_hostkeys
242 rm -f regress/unittests/kex/*.o 244 rm -f regress/unittests/kex/*.o
@@ -263,6 +265,8 @@ distclean: regressclean
263 rm -f regress/unittests/sshkey/test_sshkey 265 rm -f regress/unittests/sshkey/test_sshkey
264 rm -f regress/unittests/bitmap/*.o 266 rm -f regress/unittests/bitmap/*.o
265 rm -f regress/unittests/bitmap/test_bitmap 267 rm -f regress/unittests/bitmap/test_bitmap
268 rm -f regress/unittests/conversion/*.o
269 rm -f regress/unittests/conversion/test_conversion
266 rm -f regress/unittests/hostkeys/*.o 270 rm -f regress/unittests/hostkeys/*.o
267 rm -f regress/unittests/hostkeys/test_hostkeys 271 rm -f regress/unittests/hostkeys/test_hostkeys
268 rm -f regress/unittests/kex/*.o 272 rm -f regress/unittests/kex/*.o
@@ -428,6 +432,8 @@ regress-prep:
428 mkdir -p `pwd`/regress/unittests/sshkey 432 mkdir -p `pwd`/regress/unittests/sshkey
429 [ -d `pwd`/regress/unittests/bitmap ] || \ 433 [ -d `pwd`/regress/unittests/bitmap ] || \
430 mkdir -p `pwd`/regress/unittests/bitmap 434 mkdir -p `pwd`/regress/unittests/bitmap
435 [ -d `pwd`/regress/unittests/conversion ] || \
436 mkdir -p `pwd`/regress/unittests/conversion
431 [ -d `pwd`/regress/unittests/hostkeys ] || \ 437 [ -d `pwd`/regress/unittests/hostkeys ] || \
432 mkdir -p `pwd`/regress/unittests/hostkeys 438 mkdir -p `pwd`/regress/unittests/hostkeys
433 [ -d `pwd`/regress/unittests/kex ] || \ 439 [ -d `pwd`/regress/unittests/kex ] || \
@@ -459,10 +465,6 @@ regress/check-perm$(EXEEXT): $(srcdir)/regress/check-perm.c $(REGRESSLIBS)
459 $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/check-perm.c \ 465 $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/check-perm.c \
460 $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) 466 $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
461 467
462regress/mkdtemp$(EXEEXT): $(srcdir)/regress/mkdtemp.c $(REGRESSLIBS)
463 $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/mkdtemp.c \
464 $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
465
466UNITTESTS_TEST_HELPER_OBJS=\ 468UNITTESTS_TEST_HELPER_OBJS=\
467 regress/unittests/test_helper/test_helper.o \ 469 regress/unittests/test_helper/test_helper.o \
468 regress/unittests/test_helper/fuzz.o 470 regress/unittests/test_helper/fuzz.o
@@ -509,6 +511,16 @@ regress/unittests/bitmap/test_bitmap$(EXEEXT): ${UNITTESTS_TEST_BITMAP_OBJS} \
509 regress/unittests/test_helper/libtest_helper.a \ 511 regress/unittests/test_helper/libtest_helper.a \
510 -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) 512 -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
511 513
514UNITTESTS_TEST_CONVERSION_OBJS=\
515 regress/unittests/conversion/tests.o
516
517regress/unittests/conversion/test_conversion$(EXEEXT): \
518 ${UNITTESTS_TEST_CONVERSION_OBJS} \
519 regress/unittests/test_helper/libtest_helper.a libssh.a
520 $(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_CONVERSION_OBJS) \
521 regress/unittests/test_helper/libtest_helper.a \
522 -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
523
512UNITTESTS_TEST_KEX_OBJS=\ 524UNITTESTS_TEST_KEX_OBJS=\
513 regress/unittests/kex/tests.o \ 525 regress/unittests/kex/tests.o \
514 regress/unittests/kex/test_kex.o 526 regress/unittests/kex/test_kex.o
@@ -561,17 +573,17 @@ regress-binaries: regress/modpipe$(EXEEXT) \
561 regress/setuid-allowed$(EXEEXT) \ 573 regress/setuid-allowed$(EXEEXT) \
562 regress/netcat$(EXEEXT) \ 574 regress/netcat$(EXEEXT) \
563 regress/check-perm$(EXEEXT) \ 575 regress/check-perm$(EXEEXT) \
564 regress/mkdtemp$(EXEEXT) \
565 regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \ 576 regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \
566 regress/unittests/sshkey/test_sshkey$(EXEEXT) \ 577 regress/unittests/sshkey/test_sshkey$(EXEEXT) \
567 regress/unittests/bitmap/test_bitmap$(EXEEXT) \ 578 regress/unittests/bitmap/test_bitmap$(EXEEXT) \
579 regress/unittests/conversion/test_conversion$(EXEEXT) \
568 regress/unittests/hostkeys/test_hostkeys$(EXEEXT) \ 580 regress/unittests/hostkeys/test_hostkeys$(EXEEXT) \
569 regress/unittests/kex/test_kex$(EXEEXT) \ 581 regress/unittests/kex/test_kex$(EXEEXT) \
570 regress/unittests/match/test_match$(EXEEXT) \ 582 regress/unittests/match/test_match$(EXEEXT) \
571 regress/unittests/utf8/test_utf8$(EXEEXT) \ 583 regress/unittests/utf8/test_utf8$(EXEEXT) \
572 regress/misc/kexfuzz/kexfuzz$(EXEEXT) 584 regress/misc/kexfuzz/kexfuzz$(EXEEXT)
573 585
574tests interop-tests t-exec: regress-prep regress-binaries $(TARGETS) 586tests interop-tests t-exec unit: regress-prep regress-binaries $(TARGETS)
575 BUILDDIR=`pwd`; \ 587 BUILDDIR=`pwd`; \
576 TEST_SSH_SCP="$${BUILDDIR}/scp"; \ 588 TEST_SSH_SCP="$${BUILDDIR}/scp"; \
577 TEST_SSH_SSH="$${BUILDDIR}/ssh"; \ 589 TEST_SSH_SSH="$${BUILDDIR}/ssh"; \
diff --git a/README b/README
index 60594eeb9..bda852548 100644
--- a/README
+++ b/README
@@ -1,4 +1,4 @@
1See https://www.openssh.com/releasenotes.html#7.4p1 for the release notes. 1See https://www.openssh.com/releasenotes.html#7.5p1 for the release notes.
2 2
3Please read https://www.openssh.com/report.html for bug reporting 3Please read https://www.openssh.com/report.html for bug reporting
4instructions and note that we do not use Github for bug reporting or 4instructions and note that we do not use Github for bug reporting or
diff --git a/auth-pam.c b/auth-pam.c
index 7d8b2926b..bc8e5e02d 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -830,6 +830,8 @@ fake_password(const char *wire_password)
830 fatal("%s: password length too long: %zu", __func__, l); 830 fatal("%s: password length too long: %zu", __func__, l);
831 831
832 ret = malloc(l + 1); 832 ret = malloc(l + 1);
833 if (ret == NULL)
834 return NULL;
833 for (i = 0; i < l; i++) 835 for (i = 0; i < l; i++)
834 ret[i] = junk[i % (sizeof(junk) - 1)]; 836 ret[i] = junk[i % (sizeof(junk) - 1)];
835 ret[i] = '\0'; 837 ret[i] = '\0';
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index add77136e..6dc5076ef 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-pubkey.c,v 1.60 2016/11/30 02:57:40 djm Exp $ */ 1/* $OpenBSD: auth2-pubkey.c,v 1.62 2017/01/30 01:03:00 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -564,10 +564,13 @@ process_principals(FILE *f, char *file, struct passwd *pw,
564{ 564{
565 char line[SSH_MAX_PUBKEY_BYTES], *cp, *ep, *line_opts; 565 char line[SSH_MAX_PUBKEY_BYTES], *cp, *ep, *line_opts;
566 u_long linenum = 0; 566 u_long linenum = 0;
567 u_int i; 567 u_int i, found_principal = 0;
568 568
569 auth_start_parse_options(); 569 auth_start_parse_options();
570 while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { 570 while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
571 /* Always consume entire input */
572 if (found_principal)
573 continue;
571 /* Skip leading whitespace. */ 574 /* Skip leading whitespace. */
572 for (cp = line; *cp == ' ' || *cp == '\t'; cp++) 575 for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
573 ; 576 ;
@@ -600,11 +603,12 @@ process_principals(FILE *f, char *file, struct passwd *pw,
600 if (auth_parse_options(pw, line_opts, 603 if (auth_parse_options(pw, line_opts,
601 file, linenum) != 1) 604 file, linenum) != 1)
602 continue; 605 continue;
603 return 1; 606 found_principal = 1;
607 continue;
604 } 608 }
605 } 609 }
606 } 610 }
607 return 0; 611 return found_principal;
608} 612}
609 613
610static int 614static int
@@ -728,6 +732,9 @@ match_principals_command(struct passwd *user_pw, const struct sshkey *key)
728 732
729 ok = process_principals(f, NULL, pw, cert); 733 ok = process_principals(f, NULL, pw, cert);
730 734
735 fclose(f);
736 f = NULL;
737
731 if (exited_cleanly(pid, "AuthorizedPrincipalsCommand", command) != 0) 738 if (exited_cleanly(pid, "AuthorizedPrincipalsCommand", command) != 0)
732 goto out; 739 goto out;
733 740
@@ -770,6 +777,9 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
770 char *cp, *key_options = NULL, *fp = NULL; 777 char *cp, *key_options = NULL, *fp = NULL;
771 const char *reason = NULL; 778 const char *reason = NULL;
772 779
780 /* Always consume entrire file */
781 if (found_key)
782 continue;
773 if (found != NULL) 783 if (found != NULL)
774 key_free(found); 784 key_free(found);
775 found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); 785 found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type);
@@ -856,7 +866,7 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
856 file, linenum, key_type(found), fp); 866 file, linenum, key_type(found), fp);
857 free(fp); 867 free(fp);
858 found_key = 1; 868 found_key = 1;
859 break; 869 continue;
860 } 870 }
861 } 871 }
862 if (found != NULL) 872 if (found != NULL)
@@ -1053,6 +1063,9 @@ user_key_command_allowed2(struct passwd *user_pw, Key *key)
1053 1063
1054 ok = check_authkeys_file(f, options.authorized_keys_command, key, pw); 1064 ok = check_authkeys_file(f, options.authorized_keys_command, key, pw);
1055 1065
1066 fclose(f);
1067 f = NULL;
1068
1056 if (exited_cleanly(pid, "AuthorizedKeysCommand", command) != 0) 1069 if (exited_cleanly(pid, "AuthorizedKeysCommand", command) != 0)
1057 goto out; 1070 goto out;
1058 1071
diff --git a/auth2.c b/auth2.c
index 461311bda..2f51be232 100644
--- a/auth2.c
+++ b/auth2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2.c,v 1.136 2016/05/02 08:49:03 djm Exp $ */ 1/* $OpenBSD: auth2.c,v 1.137 2017/02/03 23:05:57 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -214,6 +214,7 @@ input_service_request(int type, u_int32_t seq, void *ctxt)
214static int 214static int
215input_userauth_request(int type, u_int32_t seq, void *ctxt) 215input_userauth_request(int type, u_int32_t seq, void *ctxt)
216{ 216{
217 struct ssh *ssh = active_state; /* XXX */
217 Authctxt *authctxt = ctxt; 218 Authctxt *authctxt = ctxt;
218 Authmethod *m = NULL; 219 Authmethod *m = NULL;
219 char *user, *service, *method, *style = NULL, *role = NULL; 220 char *user, *service, *method, *style = NULL, *role = NULL;
@@ -242,9 +243,10 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
242 authctxt->user = xstrdup(user); 243 authctxt->user = xstrdup(user);
243 if (authctxt->pw && strcmp(service, "ssh-connection")==0) { 244 if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
244 authctxt->valid = 1; 245 authctxt->valid = 1;
245 debug2("input_userauth_request: setting up authctxt for %s", user); 246 debug2("%s: setting up authctxt for %s",
247 __func__, user);
246 } else { 248 } else {
247 logit("input_userauth_request: invalid user %s", user); 249 /* Invalid user, fake password information */
248 authctxt->pw = fakepw(); 250 authctxt->pw = fakepw();
249#ifdef SSH_AUDIT_EVENTS 251#ifdef SSH_AUDIT_EVENTS
250 PRIVSEP(audit_event(SSH_INVALID_USER)); 252 PRIVSEP(audit_event(SSH_INVALID_USER));
@@ -254,6 +256,8 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
254 if (options.use_pam) 256 if (options.use_pam)
255 PRIVSEP(start_pam(authctxt)); 257 PRIVSEP(start_pam(authctxt));
256#endif 258#endif
259 ssh_packet_set_log_preamble(ssh, "%suser %s",
260 authctxt->valid ? "authenticating " : "invalid ", user);
257 setproctitle("%s%s", authctxt->valid ? user : "unknown", 261 setproctitle("%s%s", authctxt->valid ? user : "unknown",
258 use_privsep ? " [net]" : ""); 262 use_privsep ? " [net]" : "");
259 authctxt->service = xstrdup(service); 263 authctxt->service = xstrdup(service);
@@ -300,6 +304,7 @@ void
300userauth_finish(Authctxt *authctxt, int authenticated, const char *method, 304userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
301 const char *submethod) 305 const char *submethod)
302{ 306{
307 struct ssh *ssh = active_state; /* XXX */
303 char *methods; 308 char *methods;
304 int partial = 0; 309 int partial = 0;
305 310
@@ -361,6 +366,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
361 packet_write_wait(); 366 packet_write_wait();
362 /* now we can break out */ 367 /* now we can break out */
363 authctxt->success = 1; 368 authctxt->success = 1;
369 ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user);
364 } else { 370 } else {
365 371
366 /* Allow initial try of "none" auth without failure penalty */ 372 /* Allow initial try of "none" auth without failure penalty */
diff --git a/channels.c b/channels.c
index bef8ad6aa..d030fcdd9 100644
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: channels.c,v 1.356 2016/10/18 17:32:54 dtucker Exp $ */ 1/* $OpenBSD: channels.c,v 1.357 2017/02/01 02:59:09 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -3065,7 +3065,7 @@ channel_input_port_open(int type, u_int32_t seq, void *ctxt)
3065 } 3065 }
3066 packet_check_eom(); 3066 packet_check_eom();
3067 c = channel_connect_to_port(host, host_port, 3067 c = channel_connect_to_port(host, host_port,
3068 "connected socket", originator_string); 3068 "connected socket", originator_string, NULL, NULL);
3069 free(originator_string); 3069 free(originator_string);
3070 free(host); 3070 free(host);
3071 if (c == NULL) { 3071 if (c == NULL) {
@@ -4026,9 +4026,13 @@ channel_connect_ctx_free(struct channel_connect *cctx)
4026 memset(cctx, 0, sizeof(*cctx)); 4026 memset(cctx, 0, sizeof(*cctx));
4027} 4027}
4028 4028
4029/* Return CONNECTING channel to remote host:port or local socket path */ 4029/*
4030 * Return CONNECTING channel to remote host:port or local socket path,
4031 * passing back the failure reason if appropriate.
4032 */
4030static Channel * 4033static Channel *
4031connect_to(const char *name, int port, char *ctype, char *rname) 4034connect_to_reason(const char *name, int port, char *ctype, char *rname,
4035 int *reason, const char **errmsg)
4032{ 4036{
4033 struct addrinfo hints; 4037 struct addrinfo hints;
4034 int gaierr; 4038 int gaierr;
@@ -4069,7 +4073,12 @@ connect_to(const char *name, int port, char *ctype, char *rname)
4069 hints.ai_family = IPv4or6; 4073 hints.ai_family = IPv4or6;
4070 hints.ai_socktype = SOCK_STREAM; 4074 hints.ai_socktype = SOCK_STREAM;
4071 snprintf(strport, sizeof strport, "%d", port); 4075 snprintf(strport, sizeof strport, "%d", port);
4072 if ((gaierr = getaddrinfo(name, strport, &hints, &cctx.aitop)) != 0) { 4076 if ((gaierr = getaddrinfo(name, strport, &hints, &cctx.aitop))
4077 != 0) {
4078 if (errmsg != NULL)
4079 *errmsg = ssh_gai_strerror(gaierr);
4080 if (reason != NULL)
4081 *reason = SSH2_OPEN_CONNECT_FAILED;
4073 error("connect_to %.100s: unknown host (%s)", name, 4082 error("connect_to %.100s: unknown host (%s)", name,
4074 ssh_gai_strerror(gaierr)); 4083 ssh_gai_strerror(gaierr));
4075 return NULL; 4084 return NULL;
@@ -4092,6 +4101,13 @@ connect_to(const char *name, int port, char *ctype, char *rname)
4092 return c; 4101 return c;
4093} 4102}
4094 4103
4104/* Return CONNECTING channel to remote host:port or local socket path */
4105static Channel *
4106connect_to(const char *name, int port, char *ctype, char *rname)
4107{
4108 return connect_to_reason(name, port, ctype, rname, NULL, NULL);
4109}
4110
4095/* 4111/*
4096 * returns either the newly connected channel or the downstream channel 4112 * returns either the newly connected channel or the downstream channel
4097 * that needs to deal with this connection. 4113 * that needs to deal with this connection.
@@ -4136,7 +4152,8 @@ channel_connect_by_listen_path(const char *path, char *ctype, char *rname)
4136 4152
4137/* Check if connecting to that port is permitted and connect. */ 4153/* Check if connecting to that port is permitted and connect. */
4138Channel * 4154Channel *
4139channel_connect_to_port(const char *host, u_short port, char *ctype, char *rname) 4155channel_connect_to_port(const char *host, u_short port, char *ctype,
4156 char *rname, int *reason, const char **errmsg)
4140{ 4157{
4141 int i, permit, permit_adm = 1; 4158 int i, permit, permit_adm = 1;
4142 4159
@@ -4161,9 +4178,11 @@ channel_connect_to_port(const char *host, u_short port, char *ctype, char *rname
4161 if (!permit || !permit_adm) { 4178 if (!permit || !permit_adm) {
4162 logit("Received request to connect to host %.100s port %d, " 4179 logit("Received request to connect to host %.100s port %d, "
4163 "but the request was denied.", host, port); 4180 "but the request was denied.", host, port);
4181 if (reason != NULL)
4182 *reason = SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED;
4164 return NULL; 4183 return NULL;
4165 } 4184 }
4166 return connect_to(host, port, ctype, rname); 4185 return connect_to_reason(host, port, ctype, rname, reason, errmsg);
4167} 4186}
4168 4187
4169/* Check if connecting to that path is permitted and connect. */ 4188/* Check if connecting to that path is permitted and connect. */
@@ -4354,6 +4373,33 @@ connect_local_xsocket(u_int dnr)
4354 return connect_local_xsocket_path(buf); 4373 return connect_local_xsocket_path(buf);
4355} 4374}
4356 4375
4376#ifdef __APPLE__
4377static int
4378is_path_to_xsocket(const char *display, char *path, size_t pathlen)
4379{
4380 struct stat sbuf;
4381
4382 if (strlcpy(path, display, pathlen) >= pathlen) {
4383 error("%s: display path too long", __func__);
4384 return 0;
4385 }
4386 if (display[0] != '/')
4387 return 0;
4388 if (stat(path, &sbuf) == 0) {
4389 return 1;
4390 } else {
4391 char *dot = strrchr(path, '.');
4392 if (dot != NULL) {
4393 *dot = '\0';
4394 if (stat(path, &sbuf) == 0) {
4395 return 1;
4396 }
4397 }
4398 }
4399 return 0;
4400}
4401#endif
4402
4357int 4403int
4358x11_connect_display(void) 4404x11_connect_display(void)
4359{ 4405{
@@ -4375,15 +4421,22 @@ x11_connect_display(void)
4375 * connection to the real X server. 4421 * connection to the real X server.
4376 */ 4422 */
4377 4423
4378 /* Check if the display is from launchd. */
4379#ifdef __APPLE__ 4424#ifdef __APPLE__
4380 if (strncmp(display, "/tmp/launch", 11) == 0) { 4425 /* Check if display is a path to a socket (as set by launchd). */
4381 sock = connect_local_xsocket_path(display); 4426 {
4382 if (sock < 0) 4427 char path[PATH_MAX];
4383 return -1;
4384 4428
4385 /* OK, we now have a connection to the display. */ 4429 if (is_path_to_xsocket(display, path, sizeof(path))) {
4386 return sock; 4430 debug("x11_connect_display: $DISPLAY is launchd");
4431
4432 /* Create a socket. */
4433 sock = connect_local_xsocket_path(path);
4434 if (sock < 0)
4435 return -1;
4436
4437 /* OK, we now have a connection to the display. */
4438 return sock;
4439 }
4387 } 4440 }
4388#endif 4441#endif
4389 /* 4442 /*
diff --git a/channels.h b/channels.h
index 09c3c3655..ce43236d5 100644
--- a/channels.h
+++ b/channels.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: channels.h,v 1.120 2016/10/18 17:32:54 dtucker Exp $ */ 1/* $OpenBSD: channels.h,v 1.121 2017/02/01 02:59:09 dtucker Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -275,7 +275,8 @@ void channel_update_permitted_opens(int, int);
275void channel_clear_permitted_opens(void); 275void channel_clear_permitted_opens(void);
276void channel_clear_adm_permitted_opens(void); 276void channel_clear_adm_permitted_opens(void);
277void channel_print_adm_permitted_opens(void); 277void channel_print_adm_permitted_opens(void);
278Channel *channel_connect_to_port(const char *, u_short, char *, char *); 278Channel *channel_connect_to_port(const char *, u_short, char *, char *, int *,
279 const char **);
279Channel *channel_connect_to_path(const char *, char *, char *); 280Channel *channel_connect_to_path(const char *, char *, char *);
280Channel *channel_connect_stdio_fwd(const char*, u_short, int, int); 281Channel *channel_connect_stdio_fwd(const char*, u_short, int, int);
281Channel *channel_connect_by_listen_address(const char *, u_short, 282Channel *channel_connect_by_listen_address(const char *, u_short,
diff --git a/clientloop.c b/clientloop.c
index 5876cc9af..06845280e 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: clientloop.c,v 1.289 2016/09/30 09:19:13 markus Exp $ */ 1/* $OpenBSD: clientloop.c,v 1.291 2017/03/10 05:01:13 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -995,7 +995,7 @@ process_cmdline(void)
995 CHANNEL_CANCEL_PORT_STATIC, 995 CHANNEL_CANCEL_PORT_STATIC,
996 &options.fwd_opts) > 0; 996 &options.fwd_opts) > 0;
997 if (!ok) { 997 if (!ok) {
998 logit("Unkown port forwarding."); 998 logit("Unknown port forwarding.");
999 goto out; 999 goto out;
1000 } 1000 }
1001 logit("Canceled forwarding."); 1001 logit("Canceled forwarding.");
@@ -2406,6 +2406,26 @@ client_global_hostkeys_private_confirm(int type, u_int32_t seq, void *_ctx)
2406} 2406}
2407 2407
2408/* 2408/*
2409 * Returns non-zero if the key is accepted by HostkeyAlgorithms.
2410 * Made slightly less trivial by the multiple RSA signature algorithm names.
2411 */
2412static int
2413key_accepted_by_hostkeyalgs(const struct sshkey *key)
2414{
2415 const char *ktype = sshkey_ssh_name(key);
2416 const char *hostkeyalgs = options.hostkeyalgorithms != NULL ?
2417 options.hostkeyalgorithms : KEX_DEFAULT_PK_ALG;
2418
2419 if (key == NULL || key->type == KEY_UNSPEC)
2420 return 0;
2421 if (key->type == KEY_RSA &&
2422 (match_pattern_list("rsa-sha2-256", hostkeyalgs, 0) == 1 ||
2423 match_pattern_list("rsa-sha2-512", hostkeyalgs, 0) == 1))
2424 return 1;
2425 return match_pattern_list(ktype, hostkeyalgs, 0) == 1;
2426}
2427
2428/*
2409 * Handle hostkeys-00@openssh.com global request to inform the client of all 2429 * Handle hostkeys-00@openssh.com global request to inform the client of all
2410 * the server's hostkeys. The keys are checked against the user's 2430 * the server's hostkeys. The keys are checked against the user's
2411 * HostkeyAlgorithms preference before they are accepted. 2431 * HostkeyAlgorithms preference before they are accepted.
@@ -2451,10 +2471,7 @@ client_input_hostkeys(void)
2451 sshkey_type(key), fp); 2471 sshkey_type(key), fp);
2452 free(fp); 2472 free(fp);
2453 2473
2454 /* Check that the key is accepted in HostkeyAlgorithms */ 2474 if (!key_accepted_by_hostkeyalgs(key)) {
2455 if (match_pattern_list(sshkey_ssh_name(key),
2456 options.hostkeyalgorithms ? options.hostkeyalgorithms :
2457 KEX_DEFAULT_PK_ALG, 0) != 1) {
2458 debug3("%s: %s key not permitted by HostkeyAlgorithms", 2475 debug3("%s: %s key not permitted by HostkeyAlgorithms",
2459 __func__, sshkey_ssh_name(key)); 2476 __func__, sshkey_ssh_name(key));
2460 continue; 2477 continue;
diff --git a/compat.c b/compat.c
index 69a104fbf..1e80cfa9a 100644
--- a/compat.c
+++ b/compat.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: compat.c,v 1.99 2016/05/24 02:31:57 dtucker Exp $ */ 1/* $OpenBSD: compat.c,v 1.100 2017/02/03 23:01:19 djm Exp $ */
2/* 2/*
3 * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. 3 * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
4 * 4 *
@@ -37,6 +37,7 @@
37#include "compat.h" 37#include "compat.h"
38#include "log.h" 38#include "log.h"
39#include "match.h" 39#include "match.h"
40#include "kex.h"
40 41
41int compat13 = 0; 42int compat13 = 0;
42int compat20 = 0; 43int compat20 = 0;
@@ -250,42 +251,14 @@ proto_spec(const char *spec)
250 return ret; 251 return ret;
251} 252}
252 253
253/*
254 * Filters a proposal string, excluding any algorithm matching the 'filter'
255 * pattern list.
256 */
257static char *
258filter_proposal(char *proposal, const char *filter)
259{
260 Buffer b;
261 char *orig_prop, *fix_prop;
262 char *cp, *tmp;
263
264 buffer_init(&b);
265 tmp = orig_prop = xstrdup(proposal);
266 while ((cp = strsep(&tmp, ",")) != NULL) {
267 if (match_pattern_list(cp, filter, 0) != 1) {
268 if (buffer_len(&b) > 0)
269 buffer_append(&b, ",", 1);
270 buffer_append(&b, cp, strlen(cp));
271 } else
272 debug2("Compat: skipping algorithm \"%s\"", cp);
273 }
274 buffer_append(&b, "\0", 1);
275 fix_prop = xstrdup((char *)buffer_ptr(&b));
276 buffer_free(&b);
277 free(orig_prop);
278
279 return fix_prop;
280}
281
282char * 254char *
283compat_cipher_proposal(char *cipher_prop) 255compat_cipher_proposal(char *cipher_prop)
284{ 256{
285 if (!(datafellows & SSH_BUG_BIGENDIANAES)) 257 if (!(datafellows & SSH_BUG_BIGENDIANAES))
286 return cipher_prop; 258 return cipher_prop;
287 debug2("%s: original cipher proposal: %s", __func__, cipher_prop); 259 debug2("%s: original cipher proposal: %s", __func__, cipher_prop);
288 cipher_prop = filter_proposal(cipher_prop, "aes*"); 260 if ((cipher_prop = match_filter_list(cipher_prop, "aes*")) == NULL)
261 fatal("match_filter_list failed");
289 debug2("%s: compat cipher proposal: %s", __func__, cipher_prop); 262 debug2("%s: compat cipher proposal: %s", __func__, cipher_prop);
290 if (*cipher_prop == '\0') 263 if (*cipher_prop == '\0')
291 fatal("No supported ciphers found"); 264 fatal("No supported ciphers found");
@@ -298,7 +271,8 @@ compat_pkalg_proposal(char *pkalg_prop)
298 if (!(datafellows & SSH_BUG_RSASIGMD5)) 271 if (!(datafellows & SSH_BUG_RSASIGMD5))
299 return pkalg_prop; 272 return pkalg_prop;
300 debug2("%s: original public key proposal: %s", __func__, pkalg_prop); 273 debug2("%s: original public key proposal: %s", __func__, pkalg_prop);
301 pkalg_prop = filter_proposal(pkalg_prop, "ssh-rsa"); 274 if ((pkalg_prop = match_filter_list(pkalg_prop, "ssh-rsa")) == NULL)
275 fatal("match_filter_list failed");
302 debug2("%s: compat public key proposal: %s", __func__, pkalg_prop); 276 debug2("%s: compat public key proposal: %s", __func__, pkalg_prop);
303 if (*pkalg_prop == '\0') 277 if (*pkalg_prop == '\0')
304 fatal("No supported PK algorithms found"); 278 fatal("No supported PK algorithms found");
@@ -312,10 +286,14 @@ compat_kex_proposal(char *p)
312 return p; 286 return p;
313 debug2("%s: original KEX proposal: %s", __func__, p); 287 debug2("%s: original KEX proposal: %s", __func__, p);
314 if ((datafellows & SSH_BUG_CURVE25519PAD) != 0) 288 if ((datafellows & SSH_BUG_CURVE25519PAD) != 0)
315 p = filter_proposal(p, "curve25519-sha256@libssh.org"); 289 if ((p = match_filter_list(p,
290 "curve25519-sha256@libssh.org")) == NULL)
291 fatal("match_filter_list failed");
316 if ((datafellows & SSH_OLD_DHGEX) != 0) { 292 if ((datafellows & SSH_OLD_DHGEX) != 0) {
317 p = filter_proposal(p, "diffie-hellman-group-exchange-sha256"); 293 if ((p = match_filter_list(p,
318 p = filter_proposal(p, "diffie-hellman-group-exchange-sha1"); 294 "diffie-hellman-group-exchange-sha256,"
295 "diffie-hellman-group-exchange-sha1")) == NULL)
296 fatal("match_filter_list failed");
319 } 297 }
320 debug2("%s: compat KEX proposal: %s", __func__, p); 298 debug2("%s: compat KEX proposal: %s", __func__, p);
321 if (*p == '\0') 299 if (*p == '\0')
diff --git a/config.h.in b/config.h.in
index afe540e9c..fd8a73f1b 100644
--- a/config.h.in
+++ b/config.h.in
@@ -736,6 +736,9 @@
736/* Define to 1 if you have the <linux/seccomp.h> header file. */ 736/* Define to 1 if you have the <linux/seccomp.h> header file. */
737#undef HAVE_LINUX_SECCOMP_H 737#undef HAVE_LINUX_SECCOMP_H
738 738
739/* Define to 1 if you have the `llabs' function. */
740#undef HAVE_LLABS
741
739/* Define to 1 if you have the <locale.h> header file. */ 742/* Define to 1 if you have the <locale.h> header file. */
740#undef HAVE_LOCALE_H 743#undef HAVE_LOCALE_H
741 744
diff --git a/configure b/configure
index ec3a98ffc..5eaaa392f 100755
--- a/configure
+++ b/configure
@@ -647,6 +647,7 @@ COMMENT_OUT_ECC
647TEST_SSH_ECC 647TEST_SSH_ECC
648LIBEDIT 648LIBEDIT
649PKGCONFIG 649PKGCONFIG
650LDNSCONFIG
650COMMENT_OUT_RSA1 651COMMENT_OUT_RSA1
651LD 652LD
652PATH_PASSWD_PROG 653PATH_PASSWD_PROG
@@ -7593,6 +7594,7 @@ $as_echo "#define USE_BTMP 1" >>confdefs.h
7593 use_pie=auto 7594 use_pie=auto
7594 check_for_libcrypt_later=1 7595 check_for_libcrypt_later=1
7595 check_for_openpty_ctty_bug=1 7596 check_for_openpty_ctty_bug=1
7597 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE"
7596 7598
7597$as_echo "#define PAM_TTY_KLUDGE 1" >>confdefs.h 7599$as_echo "#define PAM_TTY_KLUDGE 1" >>confdefs.h
7598 7600
@@ -9958,22 +9960,131 @@ LDNS_MSG="no"
9958# Check whether --with-ldns was given. 9960# Check whether --with-ldns was given.
9959if test "${with_ldns+set}" = set; then : 9961if test "${with_ldns+set}" = set; then :
9960 withval=$with_ldns; 9962 withval=$with_ldns;
9961 if test "x$withval" != "xno" ; then 9963 ldns=""
9964 if test "x$withval" = "xyes" ; then
9965 if test -n "$ac_tool_prefix"; then
9966 # Extract the first word of "${ac_tool_prefix}ldns-config", so it can be a program name with args.
9967set dummy ${ac_tool_prefix}ldns-config; ac_word=$2
9968{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
9969$as_echo_n "checking for $ac_word... " >&6; }
9970if ${ac_cv_path_LDNSCONFIG+:} false; then :
9971 $as_echo_n "(cached) " >&6
9972else
9973 case $LDNSCONFIG in
9974 [\\/]* | ?:[\\/]*)
9975 ac_cv_path_LDNSCONFIG="$LDNSCONFIG" # Let the user override the test with a path.
9976 ;;
9977 *)
9978 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
9979for as_dir in $PATH
9980do
9981 IFS=$as_save_IFS
9982 test -z "$as_dir" && as_dir=.
9983 for ac_exec_ext in '' $ac_executable_extensions; do
9984 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
9985 ac_cv_path_LDNSCONFIG="$as_dir/$ac_word$ac_exec_ext"
9986 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
9987 break 2
9988 fi
9989done
9990 done
9991IFS=$as_save_IFS
9962 9992
9963 if test "x$withval" != "xyes" ; then 9993 ;;
9964 CPPFLAGS="$CPPFLAGS -I${withval}/include" 9994esac
9965 LDFLAGS="$LDFLAGS -L${withval}/lib" 9995fi
9966 fi 9996LDNSCONFIG=$ac_cv_path_LDNSCONFIG
9997if test -n "$LDNSCONFIG"; then
9998 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LDNSCONFIG" >&5
9999$as_echo "$LDNSCONFIG" >&6; }
10000else
10001 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
10002$as_echo "no" >&6; }
10003fi
9967 10004
9968 10005
9969$as_echo "#define HAVE_LDNS 1" >>confdefs.h 10006fi
10007if test -z "$ac_cv_path_LDNSCONFIG"; then
10008 ac_pt_LDNSCONFIG=$LDNSCONFIG
10009 # Extract the first word of "ldns-config", so it can be a program name with args.
10010set dummy ldns-config; ac_word=$2
10011{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
10012$as_echo_n "checking for $ac_word... " >&6; }
10013if ${ac_cv_path_ac_pt_LDNSCONFIG+:} false; then :
10014 $as_echo_n "(cached) " >&6
10015else
10016 case $ac_pt_LDNSCONFIG in
10017 [\\/]* | ?:[\\/]*)
10018 ac_cv_path_ac_pt_LDNSCONFIG="$ac_pt_LDNSCONFIG" # Let the user override the test with a path.
10019 ;;
10020 *)
10021 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
10022for as_dir in $PATH
10023do
10024 IFS=$as_save_IFS
10025 test -z "$as_dir" && as_dir=.
10026 for ac_exec_ext in '' $ac_executable_extensions; do
10027 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
10028 ac_cv_path_ac_pt_LDNSCONFIG="$as_dir/$ac_word$ac_exec_ext"
10029 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
10030 break 2
10031 fi
10032done
10033 done
10034IFS=$as_save_IFS
9970 10035
9971 LIBS="-lldns $LIBS" 10036 ;;
9972 LDNS_MSG="yes" 10037esac
10038fi
10039ac_pt_LDNSCONFIG=$ac_cv_path_ac_pt_LDNSCONFIG
10040if test -n "$ac_pt_LDNSCONFIG"; then
10041 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_LDNSCONFIG" >&5
10042$as_echo "$ac_pt_LDNSCONFIG" >&6; }
10043else
10044 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
10045$as_echo "no" >&6; }
10046fi
9973 10047
9974 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ldns support" >&5 10048 if test "x$ac_pt_LDNSCONFIG" = x; then
10049 LDNSCONFIG="no"
10050 else
10051 case $cross_compiling:$ac_tool_warned in
10052yes:)
10053{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
10054$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
10055ac_tool_warned=yes ;;
10056esac
10057 LDNSCONFIG=$ac_pt_LDNSCONFIG
10058 fi
10059else
10060 LDNSCONFIG="$ac_cv_path_LDNSCONFIG"
10061fi
10062
10063 if test "x$PKGCONFIG" = "xno"; then
10064 CPPFLAGS="$CPPFLAGS -I${withval}/include"
10065 LDFLAGS="$LDFLAGS -L${withval}/lib"
10066 LIBS="-lldns $LIBS"
10067 ldns=yes
10068 else
10069 LIBS="$LIBS `$LDNSCONFIG --libs`"
10070 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`"
10071 fi
10072 elif test "x$withval" != "xno" ; then
10073 CPPFLAGS="$CPPFLAGS -I${withval}/include"
10074 LDFLAGS="$LDFLAGS -L${withval}/lib"
10075 LIBS="-lldns $LIBS"
10076 ldns=yes
10077 fi
10078
10079 # Verify that it works.
10080 if test "x$ldns" = "xyes" ; then
10081
10082$as_echo "#define HAVE_LDNS 1" >>confdefs.h
10083
10084 LDNS_MSG="yes"
10085 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ldns support" >&5
9975$as_echo_n "checking for ldns support... " >&6; } 10086$as_echo_n "checking for ldns support... " >&6; }
9976 cat confdefs.h - <<_ACEOF >conftest.$ac_ext 10087 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9977/* end confdefs.h. */ 10088/* end confdefs.h. */
9978 10089
9979#include <stdio.h> 10090#include <stdio.h>
@@ -9996,8 +10107,7 @@ $as_echo "no" >&6; }
9996fi 10107fi
9997rm -f core conftest.err conftest.$ac_objext \ 10108rm -f core conftest.err conftest.$ac_objext \
9998 conftest$ac_exeext conftest.$ac_ext 10109 conftest$ac_exeext conftest.$ac_ext
9999 fi 10110 fi
10000
10001 10111
10002fi 10112fi
10003 10113
@@ -10558,6 +10668,7 @@ for ac_func in \
10558 inet_ntoa \ 10668 inet_ntoa \
10559 inet_ntop \ 10669 inet_ntop \
10560 innetgr \ 10670 innetgr \
10671 llabs \
10561 login_getcapbool \ 10672 login_getcapbool \
10562 md5_crypt \ 10673 md5_crypt \
10563 memmove \ 10674 memmove \
@@ -10637,8 +10748,6 @@ fi
10637done 10748done
10638 10749
10639 10750
10640saved_CFLAGS="$CFLAGS"
10641CFLAGS="$CFLAGS -D_XOPEN_SOURCE"
10642for ac_func in mblen mbtowc nl_langinfo wcwidth 10751for ac_func in mblen mbtowc nl_langinfo wcwidth
10643do : 10752do :
10644 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` 10753 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
@@ -10651,7 +10760,6 @@ _ACEOF
10651fi 10760fi
10652done 10761done
10653 10762
10654CFLAGS="$saved_CFLAGS"
10655 10763
10656TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 10764TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes}
10657{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for utf8 locale support" >&5 10765{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for utf8 locale support" >&5
@@ -12373,8 +12481,8 @@ if ac_fn_c_try_run "$LINENO"; then :
12373 ssl_library_ver=`cat conftest.ssllibver` 12481 ssl_library_ver=`cat conftest.ssllibver`
12374 # Check version is supported. 12482 # Check version is supported.
12375 case "$ssl_library_ver" in 12483 case "$ssl_library_ver" in
12376 0090[0-7]*|009080[0-5]*) 12484 10000*|0*)
12377 as_fn_error $? "OpenSSL >= 0.9.8f required (have \"$ssl_library_ver\")" "$LINENO" 5 12485 as_fn_error $? "OpenSSL >= 1.0.1 required (have \"$ssl_library_ver\")" "$LINENO" 5
12378 ;; 12486 ;;
12379 *) ;; 12487 *) ;;
12380 esac 12488 esac
@@ -20282,6 +20390,7 @@ echo " Smartcard support: $SCARD_MSG"
20282echo " S/KEY support: $SKEY_MSG" 20390echo " S/KEY support: $SKEY_MSG"
20283echo " MD5 password support: $MD5_MSG" 20391echo " MD5 password support: $MD5_MSG"
20284echo " libedit support: $LIBEDIT_MSG" 20392echo " libedit support: $LIBEDIT_MSG"
20393echo " libldns support: $LDNS_MSG"
20285echo " Solaris process contract support: $SPC_MSG" 20394echo " Solaris process contract support: $SPC_MSG"
20286echo " Solaris project support: $SP_MSG" 20395echo " Solaris project support: $SP_MSG"
20287echo " Solaris privilege support: $SPP_MSG" 20396echo " Solaris privilege support: $SPP_MSG"
diff --git a/configure.ac b/configure.ac
index 9f59794bc..9d89bc351 100644
--- a/configure.ac
+++ b/configure.ac
@@ -764,6 +764,9 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
764 use_pie=auto 764 use_pie=auto
765 check_for_libcrypt_later=1 765 check_for_libcrypt_later=1
766 check_for_openpty_ctty_bug=1 766 check_for_openpty_ctty_bug=1
767 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics.
768 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE
769 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE"
767 AC_DEFINE([PAM_TTY_KLUDGE], [1], 770 AC_DEFINE([PAM_TTY_KLUDGE], [1],
768 [Work around problematic Linux PAM modules handling of PAM_TTY]) 771 [Work around problematic Linux PAM modules handling of PAM_TTY])
769 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 772 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
@@ -1551,36 +1554,47 @@ int deny_severity = 0, allow_severity = 0;
1551LDNS_MSG="no" 1554LDNS_MSG="no"
1552AC_ARG_WITH(ldns, 1555AC_ARG_WITH(ldns,
1553 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1556 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)],
1554 [ 1557 [
1555 if test "x$withval" != "xno" ; then 1558 ldns=""
1556 1559 if test "x$withval" = "xyes" ; then
1557 if test "x$withval" != "xyes" ; then 1560 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no])
1558 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1561 if test "x$PKGCONFIG" = "xno"; then
1559 LDFLAGS="$LDFLAGS -L${withval}/lib" 1562 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1560 fi 1563 LDFLAGS="$LDFLAGS -L${withval}/lib"
1561 1564 LIBS="-lldns $LIBS"
1562 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1565 ldns=yes
1563 LIBS="-lldns $LIBS" 1566 else
1564 LDNS_MSG="yes" 1567 LIBS="$LIBS `$LDNSCONFIG --libs`"
1568 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`"
1569 fi
1570 elif test "x$withval" != "xno" ; then
1571 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1572 LDFLAGS="$LDFLAGS -L${withval}/lib"
1573 LIBS="-lldns $LIBS"
1574 ldns=yes
1575 fi
1565 1576
1566 AC_MSG_CHECKING([for ldns support]) 1577 # Verify that it works.
1567 AC_LINK_IFELSE( 1578 if test "x$ldns" = "xyes" ; then
1568 [AC_LANG_SOURCE([[ 1579 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
1580 LDNS_MSG="yes"
1581 AC_MSG_CHECKING([for ldns support])
1582 AC_LINK_IFELSE(
1583 [AC_LANG_SOURCE([[
1569#include <stdio.h> 1584#include <stdio.h>
1570#include <stdlib.h> 1585#include <stdlib.h>
1571#include <stdint.h> 1586#include <stdint.h>
1572#include <ldns/ldns.h> 1587#include <ldns/ldns.h>
1573int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1588int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
1574 ]]) 1589 ]])
1575 ], 1590 ],
1576 [AC_MSG_RESULT(yes)], 1591 [AC_MSG_RESULT(yes)],
1577 [ 1592 [
1578 AC_MSG_RESULT(no) 1593 AC_MSG_RESULT(no)
1579 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1594 AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
1580 ]) 1595 ])
1581 fi 1596 fi
1582 ] 1597])
1583)
1584 1598
1585# Check whether user wants libedit support 1599# Check whether user wants libedit support
1586LIBEDIT_MSG="no" 1600LIBEDIT_MSG="no"
@@ -1783,6 +1797,7 @@ AC_CHECK_FUNCS([ \
1783 inet_ntoa \ 1797 inet_ntoa \
1784 inet_ntop \ 1798 inet_ntop \
1785 innetgr \ 1799 innetgr \
1800 llabs \
1786 login_getcapbool \ 1801 login_getcapbool \
1787 md5_crypt \ 1802 md5_crypt \
1788 memmove \ 1803 memmove \
@@ -1851,11 +1866,8 @@ AC_CHECK_FUNCS([ \
1851 warn \ 1866 warn \
1852]) 1867])
1853 1868
1854dnl Wide character support. Linux man page says it needs _XOPEN_SOURCE. 1869dnl Wide character support.
1855saved_CFLAGS="$CFLAGS"
1856CFLAGS="$CFLAGS -D_XOPEN_SOURCE"
1857AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 1870AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth])
1858CFLAGS="$saved_CFLAGS"
1859 1871
1860TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 1872TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes}
1861AC_MSG_CHECKING([for utf8 locale support]) 1873AC_MSG_CHECKING([for utf8 locale support])
@@ -2600,8 +2612,8 @@ if test "x$openssl" = "xyes" ; then
2600 ssl_library_ver=`cat conftest.ssllibver` 2612 ssl_library_ver=`cat conftest.ssllibver`
2601 # Check version is supported. 2613 # Check version is supported.
2602 case "$ssl_library_ver" in 2614 case "$ssl_library_ver" in
2603 0090[[0-7]]*|009080[[0-5]]*) 2615 10000*|0*)
2604 AC_MSG_ERROR([OpenSSL >= 0.9.8f required (have "$ssl_library_ver")]) 2616 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")])
2605 ;; 2617 ;;
2606 *) ;; 2618 *) ;;
2607 esac 2619 esac
@@ -5187,6 +5199,7 @@ echo " S/KEY support: $SKEY_MSG"
5187echo " TCP Wrappers support: $TCPW_MSG" 5199echo " TCP Wrappers support: $TCPW_MSG"
5188echo " MD5 password support: $MD5_MSG" 5200echo " MD5 password support: $MD5_MSG"
5189echo " libedit support: $LIBEDIT_MSG" 5201echo " libedit support: $LIBEDIT_MSG"
5202echo " libldns support: $LDNS_MSG"
5190echo " Solaris process contract support: $SPC_MSG" 5203echo " Solaris process contract support: $SPC_MSG"
5191echo " Solaris project support: $SP_MSG" 5204echo " Solaris project support: $SP_MSG"
5192echo " Solaris privilege support: $SPP_MSG" 5205echo " Solaris privilege support: $SPP_MSG"
diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config
index d934d09b5..db6aaa08a 100644
--- a/contrib/cygwin/ssh-host-config
+++ b/contrib/cygwin/ssh-host-config
@@ -63,7 +63,6 @@ sshd_config_configured=no
63port_number=22 63port_number=22
64service_name=sshd 64service_name=sshd
65strictmodes=yes 65strictmodes=yes
66privsep_used=yes
67cygwin_value="" 66cygwin_value=""
68user_account= 67user_account=
69password_value= 68password_value=
@@ -140,33 +139,21 @@ sshd_strictmodes() {
140 139
141# ====================================================================== 140# ======================================================================
142# Routine: sshd_privsep 141# Routine: sshd_privsep
143# MODIFIES: privsep_used 142# Try to create ssshd user account
144# ====================================================================== 143# ======================================================================
145sshd_privsep() { 144sshd_privsep() {
146 local ret=0 145 local ret=0
147 146
148 if [ "${sshd_config_configured}" != "yes" ] 147 if [ "${sshd_config_configured}" != "yes" ]
149 then 148 then
150 echo 149 if ! csih_create_unprivileged_user sshd
151 csih_inform "Privilege separation is set to 'sandbox' by default since"
152 csih_inform "OpenSSH 6.1. This is unsupported by Cygwin and has to be set"
153 csih_inform "to 'yes' or 'no'."
154 csih_inform "However, using privilege separation requires a non-privileged account"
155 csih_inform "called 'sshd'."
156 csih_inform "For more info on privilege separation read /usr/share/doc/openssh/README.privsep."
157 if csih_request "Should privilege separation be used?"
158 then 150 then
159 privsep_used=yes 151 csih_error_recoverable "Could not create user 'sshd'!"
160 if ! csih_create_unprivileged_user sshd 152 csih_error_recoverable "You will not be able to run an sshd service"
161 then 153 csih_error_recoverable "under a privileged account successfully."
162 csih_error_recoverable "Couldn't create user 'sshd'!" 154 csih_error_recoverable "Make sure to create a non-privileged user 'sshd'"
163 csih_error_recoverable "Privilege separation set to 'no' again!" 155 csih_error_recoverable "manually before trying to run the service!"
164 csih_error_recoverable "Check your ${SYSCONFDIR}/sshd_config file!" 156 let ++ret
165 let ++ret
166 privsep_used=no
167 fi
168 else
169 privsep_used=no
170 fi 157 fi
171 fi 158 fi
172 return $ret 159 return $ret
@@ -202,18 +189,6 @@ sshd_config_tweak() {
202 let ++ret 189 let ++ret
203 fi 190 fi
204 fi 191 fi
205 if [ "${sshd_config_configured}" != "yes" ]
206 then
207 /usr/bin/sed -i -e "
208 s/^#\?UsePrivilegeSeparation .*/UsePrivilegeSeparation ${privsep_used}/" \
209 ${SYSCONFDIR}/sshd_config
210 if [ $? -ne 0 ]
211 then
212 csih_warning "Setting privilege separation failed!"
213 csih_warning "Check your ${SYSCONFDIR}/sshd_config file!"
214 let ++ret
215 fi
216 fi
217 return $ret 192 return $ret
218} # --- End of sshd_config_tweak --- # 193} # --- End of sshd_config_tweak --- #
219 194
@@ -693,7 +668,7 @@ then
693 fi 668 fi
694fi 669fi
695 670
696# handle sshd_config (and privsep) 671# handle sshd_config
697csih_install_config "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults" || let ++warning_cnt 672csih_install_config "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults" || let ++warning_cnt
698if ! /usr/bin/cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1 673if ! /usr/bin/cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1
699then 674then
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index 666097c5e..7de45457a 100644
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -1,4 +1,4 @@
1%define ver 7.4p1 1%define ver 7.5p1
2%define rel 1 2%define rel 1
3 3
4# OpenSSH privilege separation requires a user & group ID 4# OpenSSH privilege separation requires a user & group ID
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec
index 4c4bbb69c..e62be39d0 100644
--- a/contrib/suse/openssh.spec
+++ b/contrib/suse/openssh.spec
@@ -13,7 +13,7 @@
13 13
14Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation 14Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
15Name: openssh 15Name: openssh
16Version: 7.4p1 16Version: 7.5p1
17URL: https://www.openssh.com/ 17URL: https://www.openssh.com/
18Release: 1 18Release: 1
19Source0: openssh-%{version}.tar.gz 19Source0: openssh-%{version}.tar.gz
diff --git a/debian/.git-dpm b/debian/.git-dpm
index 6c8df34b8..81a664a6f 100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@ -1,8 +1,8 @@
1# see git-dpm(1) from git-dpm package 1# see git-dpm(1) from git-dpm package
2904bc482ad87648a2c799c441dc6a8449f24e15a 2ec338656a3d6b21bb87f3b6367b232d297f601e5
3904bc482ad87648a2c799c441dc6a8449f24e15a 3ec338656a3d6b21bb87f3b6367b232d297f601e5
4971a7653746a6972b907dfe0ce139c06e4a6f482 46fabaf6fd9b07cc8bc6a17c9c4a5b76849cfc874
5971a7653746a6972b907dfe0ce139c06e4a6f482 56fabaf6fd9b07cc8bc6a17c9c4a5b76849cfc874
6openssh_7.4p1.orig.tar.gz 6openssh_7.5p1.orig.tar.gz
72330bbf82ed08cf3ac70e0acf00186ef3eeb97e0 75e8f185d00afb4f4f89801e9b0f8b9cee9d87ebd
81511780 81510857
diff --git a/debian/NEWS b/debian/NEWS
index 77c594c5a..51944d2df 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,26 @@
1openssh (1:7.5p1-1) UNRELEASED; urgency=medium
2
3 OpenSSH 7.5 includes a number of changes that may affect existing
4 configurations:
5
6 * This release deprecates the sshd_config UsePrivilegeSeparation option,
7 thereby making privilege separation mandatory.
8
9 * The format of several log messages emitted by the packet code has
10 changed to include additional information about the user and their
11 authentication state. Software that monitors ssh/sshd logs may need to
12 account for these changes. For example:
13
14 Connection closed by user x 1.1.1.1 port 1234 [preauth]
15 Connection closed by authenticating user x 10.1.1.1 port 1234 [preauth]
16 Connection closed by invalid user x 1.1.1.1 port 1234 [preauth]
17
18 Affected messages include connection closure, timeout, remote
19 disconnection, negotiation failure and some other fatal messages
20 generated by the packet code.
21
22 -- Colin Watson <cjwatson@debian.org> Sun, 02 Apr 2017 01:31:21 +0100
23
1openssh (1:7.4p1-7) unstable; urgency=medium 24openssh (1:7.4p1-7) unstable; urgency=medium
2 25
3 This version restores the default for AuthorizedKeysFile to search both 26 This version restores the default for AuthorizedKeysFile to search both
diff --git a/debian/changelog b/debian/changelog
index 7be0100c2..9202f5e3a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,84 @@
1openssh (1:7.5p1-1) UNRELEASED; urgency=medium
2
3 * New upstream release (https://www.openssh.com/txt/release-7.5):
4 - SECURITY: ssh(1), sshd(8): Fix weakness in CBC padding oracle
5 countermeasures that allowed a variant of the attack fixed in OpenSSH
6 7.3 to proceed. Note that the OpenSSH client disables CBC ciphers by
7 default, sshd offers them as lowest-preference options and will remove
8 them by default entirely in the next release.
9 - This release deprecates the sshd_config UsePrivilegeSeparation option,
10 thereby making privilege separation mandatory (closes: #407754).
11 - The format of several log messages emitted by the packet code has
12 changed to include additional information about the user and their
13 authentication state. Software that monitors ssh/sshd logs may need
14 to account for these changes.
15 - ssh(1), sshd(8): Support "=-" syntax to easily remove methods from
16 algorithm lists, e.g. Ciphers=-*cbc.
17 - sshd(1): Fix NULL dereference crash when key exchange start messages
18 are sent out of sequence.
19 - ssh(1), sshd(8): Allow form-feed characters to appear in configuration
20 files.
21 - sshd(8): Fix regression in OpenSSH 7.4 support for the server-sig-algs
22 extension, where SHA2 RSA signature methods were not being correctly
23 advertised.
24 - ssh(1), ssh-keygen(1): Fix a number of case-sensitivity bugs in
25 known_hosts processing.
26 - ssh(1): Allow ssh to use certificates accompanied by a private key
27 file but no corresponding plain *.pub public key.
28 - ssh(1): When updating hostkeys using the UpdateHostKeys option, accept
29 RSA keys if HostkeyAlgorithms contains any RSA keytype. Previously,
30 ssh could ignore RSA keys when only the ssh-rsa-sha2-* methods were
31 enabled in HostkeyAlgorithms and not the old ssh-rsa method.
32 - ssh(1): Detect and report excessively long configuration file lines.
33 - Merge a number of fixes found by Coverity and reported via Redhat and
34 FreeBSD. Includes fixes for some memory and file descriptor leaks in
35 error paths.
36 - ssh(1), sshd(8): When logging long messages to stderr, don't truncate
37 "\r\n" if the length of the message exceeds the buffer.
38 - ssh(1): Fully quote [host]:port in generated ProxyJump/-J command-
39 line; avoid confusion over IPv6 addresses and shells that treat square
40 bracket characters specially.
41 - Fix various fallout and sharp edges caused by removing SSH protocol 1
42 support from the server, including the server banner string being
43 incorrectly terminated with only \n (instead of \r\n), confusing error
44 messages from ssh-keyscan, and a segfault in sshd if protocol v.1 was
45 enabled for the client and sshd_config contained references to legacy
46 keys.
47 - ssh(1), sshd(8): Free fd_set on connection timeout.
48 - sftp(1): Fix division by zero crash in "df" output when server returns
49 zero total filesystem blocks/inodes.
50 - ssh(1), ssh-add(1), ssh-keygen(1), sshd(8): Translate OpenSSL errors
51 encountered during key loading to more meaningful error codes.
52 - ssh-keygen(1): Sanitise escape sequences in key comments sent to
53 printf but preserve valid UTF-8 when the locale supports it.
54 - ssh(1), sshd(8): Return reason for port forwarding failures where
55 feasible rather than always "administratively prohibited".
56 - sshd(8): Fix deadlock when AuthorizedKeysCommand or
57 AuthorizedPrincipalsCommand produces a lot of output and a key is
58 matched early.
59 - ssh(1): Fix typo in ~C error message for bad port forward
60 cancellation.
61 - ssh(1): Show a useful error message when included config files can't
62 be opened.
63 - sshd_config(5): Repair accidentally-deleted mention of %k token in
64 AuthorizedKeysCommand.
65 - sshd(8): Remove vestiges of previously removed LOGIN_PROGRAM.
66 - ssh-agent(1): Relax PKCS#11 whitelist to include libexec and common
67 32-bit compatibility library directories.
68 - sftp-client(1): Fix non-exploitable integer overflow in SSH2_FXP_NAME
69 response handling.
70 - ssh-agent(1): Fix regression in 7.4 of deleting PKCS#11-hosted keys.
71 It was not possible to delete them except by specifying their full
72 physical path.
73 - sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA
74 crypto coprocessor.
75 - sshd(8): Fix non-exploitable weakness in seccomp-bpf sandbox arg
76 inspection.
77 - ssh-keygen(1), ssh(1), sftp(1): Fix output truncation for various that
78 contain non-printable characters where the codeset in use is ASCII.
79
80 -- Colin Watson <cjwatson@debian.org> Sun, 02 Apr 2017 01:31:21 +0100
81
1openssh (1:7.4p1-10) unstable; urgency=medium 82openssh (1:7.4p1-10) unstable; urgency=medium
2 83
3 * Move privilege separation directory and PID file from /var/run/ to /run/ 84 * Move privilege separation directory and PID file from /var/run/ to /run/
diff --git a/debian/patches/auth-log-verbosity.patch b/debian/patches/auth-log-verbosity.patch
index cf6febf31..6b5653ca7 100644
--- a/debian/patches/auth-log-verbosity.patch
+++ b/debian/patches/auth-log-verbosity.patch
@@ -1,4 +1,4 @@
1From b2b04daa38b264f346acd81e08d224dbf33bac5b Mon Sep 17 00:00:00 2001 1From e08f96cf1105a3ee9a23de7102d593443e031e0c Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org> 2From: Colin Watson <cjwatson@debian.org>
3Date: Sun, 9 Feb 2014 16:10:02 +0000 3Date: Sun, 9 Feb 2014 16:10:02 +0000
4Subject: Quieten logs when multiple from= restrictions are used 4Subject: Quieten logs when multiple from= restrictions are used
@@ -90,18 +90,18 @@ index 52cbb42a..82355276 100644
90 void auth_clear_options(void); 90 void auth_clear_options(void);
91 int auth_cert_options(struct sshkey *, struct passwd *, const char **); 91 int auth_cert_options(struct sshkey *, struct passwd *, const char **);
92diff --git a/auth2-pubkey.c b/auth2-pubkey.c 92diff --git a/auth2-pubkey.c b/auth2-pubkey.c
93index 20f3309e..add77136 100644 93index 3e5706f4..6dc5076e 100644
94--- a/auth2-pubkey.c 94--- a/auth2-pubkey.c
95+++ b/auth2-pubkey.c 95+++ b/auth2-pubkey.c
96@@ -566,6 +566,7 @@ process_principals(FILE *f, char *file, struct passwd *pw, 96@@ -566,6 +566,7 @@ process_principals(FILE *f, char *file, struct passwd *pw,
97 u_long linenum = 0; 97 u_long linenum = 0;
98 u_int i; 98 u_int i, found_principal = 0;
99 99
100+ auth_start_parse_options(); 100+ auth_start_parse_options();
101 while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { 101 while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
102 /* Skip leading whitespace. */ 102 /* Always consume entire input */
103 for (cp = line; *cp == ' ' || *cp == '\t'; cp++) 103 if (found_principal)
104@@ -764,6 +765,7 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) 104@@ -771,6 +772,7 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
105 found_key = 0; 105 found_key = 0;
106 106
107 found = NULL; 107 found = NULL;
@@ -109,7 +109,7 @@ index 20f3309e..add77136 100644
109 while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { 109 while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
110 char *cp, *key_options = NULL, *fp = NULL; 110 char *cp, *key_options = NULL, *fp = NULL;
111 const char *reason = NULL; 111 const char *reason = NULL;
112@@ -911,6 +913,7 @@ user_cert_trusted_ca(struct passwd *pw, Key *key) 112@@ -921,6 +923,7 @@ user_cert_trusted_ca(struct passwd *pw, Key *key)
113 if (key_cert_check_authority(key, 0, 1, 113 if (key_cert_check_authority(key, 0, 1,
114 use_authorized_principals ? NULL : pw->pw_name, &reason) != 0) 114 use_authorized_principals ? NULL : pw->pw_name, &reason) != 0)
115 goto fail_reason; 115 goto fail_reason;
diff --git a/debian/patches/authorized-keys-man-symlink.patch b/debian/patches/authorized-keys-man-symlink.patch
index a3306e339..1875385e8 100644
--- a/debian/patches/authorized-keys-man-symlink.patch
+++ b/debian/patches/authorized-keys-man-symlink.patch
@@ -1,4 +1,4 @@
1From 7ad6dd01af3f4531ccc8e918bc857738e195fd3d Mon Sep 17 00:00:00 2001 1From 983412e0c80c406705e3c65402868b0d15d8695b Mon Sep 17 00:00:00 2001
2From: Tomas Pospisek <tpo_deb@sourcepole.ch> 2From: Tomas Pospisek <tpo_deb@sourcepole.ch>
3Date: Sun, 9 Feb 2014 16:10:07 +0000 3Date: Sun, 9 Feb 2014 16:10:07 +0000
4Subject: Install authorized_keys(5) as a symlink to sshd(8) 4Subject: Install authorized_keys(5) as a symlink to sshd(8)
@@ -13,10 +13,10 @@ Patch-Name: authorized-keys-man-symlink.patch
13 1 file changed, 1 insertion(+) 13 1 file changed, 1 insertion(+)
14 14
15diff --git a/Makefile.in b/Makefile.in 15diff --git a/Makefile.in b/Makefile.in
16index 00a320e1..a6eb81ec 100644 16index 6b774c1a..0577a6c4 100644
17--- a/Makefile.in 17--- a/Makefile.in
18+++ b/Makefile.in 18+++ b/Makefile.in
19@@ -335,6 +335,7 @@ install-files: 19@@ -339,6 +339,7 @@ install-files:
20 $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5 20 $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5
21 $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5 21 $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5
22 $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 22 $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch
index 874728b02..784cdf746 100644
--- a/debian/patches/debian-banner.patch
+++ b/debian/patches/debian-banner.patch
@@ -1,4 +1,4 @@
1From 2a1aeb898e4214f98acc210c992d33334e6710dd Mon Sep 17 00:00:00 2001 1From ddf05e4adc7feda2421bdf641bab79b76c1a918e Mon Sep 17 00:00:00 2001
2From: Kees Cook <kees@debian.org> 2From: Kees Cook <kees@debian.org>
3Date: Sun, 9 Feb 2014 16:10:06 +0000 3Date: Sun, 9 Feb 2014 16:10:06 +0000
4Subject: Add DebianBanner server configuration option 4Subject: Add DebianBanner server configuration option
@@ -19,7 +19,7 @@ Patch-Name: debian-banner.patch
19 4 files changed, 18 insertions(+), 1 deletion(-) 19 4 files changed, 18 insertions(+), 1 deletion(-)
20 20
21diff --git a/servconf.c b/servconf.c 21diff --git a/servconf.c b/servconf.c
22index 49d3bdc8..1cee3d6c 100644 22index ca73f7c5..a391cf4b 100644
23--- a/servconf.c 23--- a/servconf.c
24+++ b/servconf.c 24+++ b/servconf.c
25@@ -166,6 +166,7 @@ initialize_server_options(ServerOptions *options) 25@@ -166,6 +166,7 @@ initialize_server_options(ServerOptions *options)
@@ -55,7 +55,7 @@ index 49d3bdc8..1cee3d6c 100644
55 { NULL, sBadOption, 0 } 55 { NULL, sBadOption, 0 }
56 }; 56 };
57 57
58@@ -1860,6 +1865,10 @@ process_server_config_line(ServerOptions *options, char *line, 58@@ -1866,6 +1871,10 @@ process_server_config_line(ServerOptions *options, char *line,
59 options->fingerprint_hash = value; 59 options->fingerprint_hash = value;
60 break; 60 break;
61 61
@@ -80,24 +80,24 @@ index 90dfa4c2..913a21b3 100644
80 80
81 /* Information about the incoming connection as used by Match */ 81 /* Information about the incoming connection as used by Match */
82diff --git a/sshd.c b/sshd.c 82diff --git a/sshd.c b/sshd.c
83index 49f3a2e5..eebf1984 100644 83index 602f4740..f2f54b51 100644
84--- a/sshd.c 84--- a/sshd.c
85+++ b/sshd.c 85+++ b/sshd.c
86@@ -378,7 +378,8 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out) 86@@ -378,7 +378,8 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out)
87 char remote_version[256]; /* Must be at least as big as buf. */ 87 char remote_version[256]; /* Must be at least as big as buf. */
88 88
89 xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", 89 xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n",
90- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE, 90- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE,
91+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, 91+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2,
92+ options.debian_banner ? SSH_RELEASE : SSH_RELEASE_MINIMUM, 92+ options.debian_banner ? SSH_RELEASE : SSH_RELEASE_MINIMUM,
93 *options.version_addendum == '\0' ? "" : " ", 93 *options.version_addendum == '\0' ? "" : " ",
94 options.version_addendum, newline); 94 options.version_addendum);
95 95
96diff --git a/sshd_config.5 b/sshd_config.5 96diff --git a/sshd_config.5 b/sshd_config.5
97index 283ba889..4ea0a9c3 100644 97index 41ec6688..5f316481 100644
98--- a/sshd_config.5 98--- a/sshd_config.5
99+++ b/sshd_config.5 99+++ b/sshd_config.5
100@@ -526,6 +526,11 @@ or 100@@ -530,6 +530,11 @@ or
101 .Cm no . 101 .Cm no .
102 The default is 102 The default is
103 .Cm yes . 103 .Cm yes .
diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch
index ff3f5f42d..b8483b4e9 100644
--- a/debian/patches/debian-config.patch
+++ b/debian/patches/debian-config.patch
@@ -1,4 +1,4 @@
1From 2b53482aec037f0747198f19e449f51d921acd30 Mon Sep 17 00:00:00 2001 1From 78fc8282e021b0236697caedb612cab78831755f Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org> 2From: Colin Watson <cjwatson@debian.org>
3Date: Sun, 9 Feb 2014 16:10:18 +0000 3Date: Sun, 9 Feb 2014 16:10:18 +0000
4Subject: Various Debian-specific configuration changes 4Subject: Various Debian-specific configuration changes
@@ -39,10 +39,10 @@ Patch-Name: debian-config.patch
39 6 files changed, 77 insertions(+), 9 deletions(-) 39 6 files changed, 77 insertions(+), 9 deletions(-)
40 40
41diff --git a/readconf.c b/readconf.c 41diff --git a/readconf.c b/readconf.c
42index c02cdf63..d1091cbd 100644 42index 70fac682..4d92d174 100644
43--- a/readconf.c 43--- a/readconf.c
44+++ b/readconf.c 44+++ b/readconf.c
45@@ -1927,7 +1927,7 @@ fill_default_options(Options * options) 45@@ -1950,7 +1950,7 @@ fill_default_options(Options * options)
46 if (options->forward_x11 == -1) 46 if (options->forward_x11 == -1)
47 options->forward_x11 = 0; 47 options->forward_x11 = 0;
48 if (options->forward_x11_trusted == -1) 48 if (options->forward_x11_trusted == -1)
@@ -114,7 +114,7 @@ index 4e879cd2..093c8366 100644
114+ HashKnownHosts yes 114+ HashKnownHosts yes
115+ GSSAPIAuthentication yes 115+ GSSAPIAuthentication yes
116diff --git a/ssh_config.5 b/ssh_config.5 116diff --git a/ssh_config.5 b/ssh_config.5
117index 8698c28e..26f983a3 100644 117index 093ea8a7..fc13fa51 100644
118--- a/ssh_config.5 118--- a/ssh_config.5
119+++ b/ssh_config.5 119+++ b/ssh_config.5
120@@ -74,6 +74,22 @@ Since the first obtained value for each parameter is used, more 120@@ -74,6 +74,22 @@ Since the first obtained value for each parameter is used, more
@@ -140,7 +140,7 @@ index 8698c28e..26f983a3 100644
140 The file contains keyword-argument pairs, one per line. 140 The file contains keyword-argument pairs, one per line.
141 Lines starting with 141 Lines starting with
142 .Ql # 142 .Ql #
143@@ -711,11 +727,12 @@ elapsed. 143@@ -715,11 +731,12 @@ elapsed.
144 .It Cm ForwardX11Trusted 144 .It Cm ForwardX11Trusted
145 If this option is set to 145 If this option is set to
146 .Cm yes , 146 .Cm yes ,
@@ -155,7 +155,7 @@ index 8698c28e..26f983a3 100644
155 from stealing or tampering with data belonging to trusted X11 155 from stealing or tampering with data belonging to trusted X11
156 clients. 156 clients.
157diff --git a/sshd_config b/sshd_config 157diff --git a/sshd_config b/sshd_config
158index 00e5a728..13cbe2c6 100644 158index c01dd656..f68edf36 100644
159--- a/sshd_config 159--- a/sshd_config
160+++ b/sshd_config 160+++ b/sshd_config
161@@ -58,8 +58,9 @@ AuthorizedKeysFile .ssh/authorized_keys 161@@ -58,8 +58,9 @@ AuthorizedKeysFile .ssh/authorized_keys
@@ -190,7 +190,7 @@ index 00e5a728..13cbe2c6 100644
190 #PrintLastLog yes 190 #PrintLastLog yes
191 #TCPKeepAlive yes 191 #TCPKeepAlive yes
192 #UseLogin no 192 #UseLogin no
193@@ -110,8 +111,11 @@ AuthorizedKeysFile .ssh/authorized_keys 193@@ -109,8 +110,11 @@ AuthorizedKeysFile .ssh/authorized_keys
194 # no default banner path 194 # no default banner path
195 #Banner none 195 #Banner none
196 196
@@ -204,7 +204,7 @@ index 00e5a728..13cbe2c6 100644
204 # Example of overriding settings on a per-user basis 204 # Example of overriding settings on a per-user basis
205 #Match User anoncvs 205 #Match User anoncvs
206diff --git a/sshd_config.5 b/sshd_config.5 206diff --git a/sshd_config.5 b/sshd_config.5
207index e45a8937..703a9cdd 100644 207index 603c2ba7..cc5d9fb0 100644
208--- a/sshd_config.5 208--- a/sshd_config.5
209+++ b/sshd_config.5 209+++ b/sshd_config.5
210@@ -57,6 +57,28 @@ Arguments may optionally be enclosed in double quotes 210@@ -57,6 +57,28 @@ Arguments may optionally be enclosed in double quotes
diff --git a/debian/patches/dnssec-sshfp.patch b/debian/patches/dnssec-sshfp.patch
index 2e2f9610d..8f1f9bada 100644
--- a/debian/patches/dnssec-sshfp.patch
+++ b/debian/patches/dnssec-sshfp.patch
@@ -1,4 +1,4 @@
1From c1248ea6dcbbf5702d65efc1750763f66a97ba19 Mon Sep 17 00:00:00 2001 1From 1e06dfb99d3a59ef0b0a804ed1c2a590b3fab71c Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org> 2From: Colin Watson <cjwatson@debian.org>
3Date: Sun, 9 Feb 2014 16:10:01 +0000 3Date: Sun, 9 Feb 2014 16:10:01 +0000
4Subject: Force use of DNSSEC even if "options edns0" isn't in resolv.conf 4Subject: Force use of DNSSEC even if "options edns0" isn't in resolv.conf
diff --git a/debian/patches/doc-hash-tab-completion.patch b/debian/patches/doc-hash-tab-completion.patch
index 814d8ad7b..7af55869b 100644
--- a/debian/patches/doc-hash-tab-completion.patch
+++ b/debian/patches/doc-hash-tab-completion.patch
@@ -1,4 +1,4 @@
1From 87e480b4f405f3249d7f8a912849eb6263456353 Mon Sep 17 00:00:00 2001 1From 0d5ad9fa8d9270ddaaed964edac35b99e7eed067 Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org> 2From: Colin Watson <cjwatson@debian.org>
3Date: Sun, 9 Feb 2014 16:10:11 +0000 3Date: Sun, 9 Feb 2014 16:10:11 +0000
4Subject: Document that HashKnownHosts may break tab-completion 4Subject: Document that HashKnownHosts may break tab-completion
@@ -13,10 +13,10 @@ Patch-Name: doc-hash-tab-completion.patch
13 1 file changed, 3 insertions(+) 13 1 file changed, 3 insertions(+)
14 14
15diff --git a/ssh_config.5 b/ssh_config.5 15diff --git a/ssh_config.5 b/ssh_config.5
16index 0483a1ee..8698c28e 100644 16index a04e5757..093ea8a7 100644
17--- a/ssh_config.5 17--- a/ssh_config.5
18+++ b/ssh_config.5 18+++ b/ssh_config.5
19@@ -805,6 +805,9 @@ Note that existing names and addresses in known hosts files 19@@ -809,6 +809,9 @@ Note that existing names and addresses in known hosts files
20 will not be converted automatically, 20 will not be converted automatically,
21 but may be manually hashed using 21 but may be manually hashed using
22 .Xr ssh-keygen 1 . 22 .Xr ssh-keygen 1 .
diff --git a/debian/patches/doc-upstart.patch b/debian/patches/doc-upstart.patch
index 14d6ff88d..37e9b09d6 100644
--- a/debian/patches/doc-upstart.patch
+++ b/debian/patches/doc-upstart.patch
@@ -1,4 +1,4 @@
1From 7ea8a3c1e0c2ff4998b3fe3caaaba8ff42e513ff Mon Sep 17 00:00:00 2001 1From d35329b23dd567076999470e346f49ef6e56f367 Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@ubuntu.com> 2From: Colin Watson <cjwatson@ubuntu.com>
3Date: Sun, 9 Feb 2014 16:10:12 +0000 3Date: Sun, 9 Feb 2014 16:10:12 +0000
4Subject: Refer to ssh's Upstart job as well as its init script 4Subject: Refer to ssh's Upstart job as well as its init script
@@ -12,7 +12,7 @@ Patch-Name: doc-upstart.patch
12 1 file changed, 4 insertions(+), 1 deletion(-) 12 1 file changed, 4 insertions(+), 1 deletion(-)
13 13
14diff --git a/sshd.8 b/sshd.8 14diff --git a/sshd.8 b/sshd.8
15index e6915141..38a72540 100644 15index 6355178f..dd4b8fc3 100644
16--- a/sshd.8 16--- a/sshd.8
17+++ b/sshd.8 17+++ b/sshd.8
18@@ -65,7 +65,10 @@ over an insecure network. 18@@ -65,7 +65,10 @@ over an insecure network.
diff --git a/debian/patches/gnome-ssh-askpass2-icon.patch b/debian/patches/gnome-ssh-askpass2-icon.patch
index 1558dbd8f..079169d5f 100644
--- a/debian/patches/gnome-ssh-askpass2-icon.patch
+++ b/debian/patches/gnome-ssh-askpass2-icon.patch
@@ -1,4 +1,4 @@
1From 0327e9b3a5f6d1e945f1f028e742e14cf5823962 Mon Sep 17 00:00:00 2001 1From abf7f03362e0cc4855355a7b7c9b76b6963a75cd Mon Sep 17 00:00:00 2001
2From: Vincent Untz <vuntz@ubuntu.com> 2From: Vincent Untz <vuntz@ubuntu.com>
3Date: Sun, 9 Feb 2014 16:10:16 +0000 3Date: Sun, 9 Feb 2014 16:10:16 +0000
4Subject: Give the ssh-askpass-gnome window a default icon 4Subject: Give the ssh-askpass-gnome window a default icon
diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch
index 7196d16b6..c74926dc6 100644
--- a/debian/patches/gssapi.patch
+++ b/debian/patches/gssapi.patch
@@ -1,4 +1,4 @@
1From 48fbb156bdc676fb6ba6817770e4e971fbf85b1f Mon Sep 17 00:00:00 2001 1From d51c7ac3328464dec21514fb398ab5c140a0664f Mon Sep 17 00:00:00 2001
2From: Simon Wilkinson <simon@sxw.org.uk> 2From: Simon Wilkinson <simon@sxw.org.uk>
3Date: Sun, 9 Feb 2014 16:09:48 +0000 3Date: Sun, 9 Feb 2014 16:09:48 +0000
4Subject: GSSAPI key exchange support 4Subject: GSSAPI key exchange support
@@ -43,9 +43,9 @@ Patch-Name: gssapi.patch
43 monitor.h | 3 + 43 monitor.h | 3 +
44 monitor_wrap.c | 47 +++++++- 44 monitor_wrap.c | 47 +++++++-
45 monitor_wrap.h | 4 +- 45 monitor_wrap.h | 4 +-
46 readconf.c | 42 +++++++ 46 readconf.c | 43 +++++++
47 readconf.h | 5 + 47 readconf.h | 5 +
48 servconf.c | 28 ++++- 48 servconf.c | 26 +++++
49 servconf.h | 2 + 49 servconf.h | 2 +
50 ssh-gss.h | 41 ++++++- 50 ssh-gss.h | 41 ++++++-
51 ssh_config | 2 + 51 ssh_config | 2 +
@@ -56,7 +56,7 @@ Patch-Name: gssapi.patch
56 sshd_config.5 | 10 ++ 56 sshd_config.5 | 10 ++
57 sshkey.c | 3 +- 57 sshkey.c | 3 +-
58 sshkey.h | 1 + 58 sshkey.h | 1 +
59 35 files changed, 2062 insertions(+), 148 deletions(-) 59 35 files changed, 2062 insertions(+), 147 deletions(-)
60 create mode 100644 ChangeLog.gssapi 60 create mode 100644 ChangeLog.gssapi
61 create mode 100644 kexgssc.c 61 create mode 100644 kexgssc.c
62 create mode 100644 kexgsss.c 62 create mode 100644 kexgsss.c
@@ -181,7 +181,7 @@ index 00000000..f117a336
181+ (from jbasney AT ncsa.uiuc.edu) 181+ (from jbasney AT ncsa.uiuc.edu)
182+ <gssapi-with-mic support is Bugzilla #1008> 182+ <gssapi-with-mic support is Bugzilla #1008>
183diff --git a/Makefile.in b/Makefile.in 183diff --git a/Makefile.in b/Makefile.in
184index e10f3742..00a320e1 100644 184index 5870e9e6..6b774c1a 100644
185--- a/Makefile.in 185--- a/Makefile.in
186+++ b/Makefile.in 186+++ b/Makefile.in
187@@ -92,6 +92,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ 187@@ -92,6 +92,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
@@ -454,7 +454,7 @@ index 1ca83577..3b5036df 100644
454 "gssapi-with-mic", 454 "gssapi-with-mic",
455 userauth_gssapi, 455 userauth_gssapi,
456diff --git a/auth2.c b/auth2.c 456diff --git a/auth2.c b/auth2.c
457index 9108b861..ce0d3760 100644 457index 97dd2ef0..946e9235 100644
458--- a/auth2.c 458--- a/auth2.c
459+++ b/auth2.c 459+++ b/auth2.c
460@@ -70,6 +70,7 @@ extern Authmethod method_passwd; 460@@ -70,6 +70,7 @@ extern Authmethod method_passwd;
@@ -592,7 +592,7 @@ index 26d62855..0cadc9f1 100644
592 int get_peer_port(int); 592 int get_peer_port(int);
593 char *get_local_ipaddr(int); 593 char *get_local_ipaddr(int);
594diff --git a/clientloop.c b/clientloop.c 594diff --git a/clientloop.c b/clientloop.c
595index 4289a408..99c68b69 100644 595index 06481623..38b0330e 100644
596--- a/clientloop.c 596--- a/clientloop.c
597+++ b/clientloop.c 597+++ b/clientloop.c
598@@ -113,6 +113,10 @@ 598@@ -113,6 +113,10 @@
@@ -627,10 +627,10 @@ index 4289a408..99c68b69 100644
627 client_process_net_input(readset); 627 client_process_net_input(readset);
628 628
629diff --git a/config.h.in b/config.h.in 629diff --git a/config.h.in b/config.h.in
630index 75e02ab4..afe540e9 100644 630index b65420e4..fd8a73f1 100644
631--- a/config.h.in 631--- a/config.h.in
632+++ b/config.h.in 632+++ b/config.h.in
633@@ -1667,6 +1667,9 @@ 633@@ -1670,6 +1670,9 @@
634 /* Use btmp to log bad logins */ 634 /* Use btmp to log bad logins */
635 #undef USE_BTMP 635 #undef USE_BTMP
636 636
@@ -640,7 +640,7 @@ index 75e02ab4..afe540e9 100644
640 /* Use libedit for sftp */ 640 /* Use libedit for sftp */
641 #undef USE_LIBEDIT 641 #undef USE_LIBEDIT
642 642
643@@ -1682,6 +1685,9 @@ 643@@ -1685,6 +1688,9 @@
644 /* Use PIPES instead of a socketpair() */ 644 /* Use PIPES instead of a socketpair() */
645 #undef USE_PIPES 645 #undef USE_PIPES
646 646
@@ -651,7 +651,7 @@ index 75e02ab4..afe540e9 100644
651 #undef USE_SOLARIS_PRIVS 651 #undef USE_SOLARIS_PRIVS
652 652
653diff --git a/configure.ac b/configure.ac 653diff --git a/configure.ac b/configure.ac
654index eb9f45dc..5fdc696c 100644 654index c2878e3d..ead34acf 100644
655--- a/configure.ac 655--- a/configure.ac
656+++ b/configure.ac 656+++ b/configure.ac
657@@ -623,6 +623,30 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 657@@ -623,6 +623,30 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
@@ -1433,7 +1433,7 @@ index 53993d67..2e27cbf9 100644
1433 1433
1434 #endif 1434 #endif
1435diff --git a/kex.c b/kex.c 1435diff --git a/kex.c b/kex.c
1436index 6a94bc53..d8708684 100644 1436index cf4ac0dc..556a32e9 100644
1437--- a/kex.c 1437--- a/kex.c
1438+++ b/kex.c 1438+++ b/kex.c
1439@@ -54,6 +54,10 @@ 1439@@ -54,6 +54,10 @@
@@ -1473,7 +1473,7 @@ index 6a94bc53..d8708684 100644
1473 return NULL; 1473 return NULL;
1474 } 1474 }
1475 1475
1476@@ -597,6 +613,9 @@ kex_free(struct kex *kex) 1476@@ -605,6 +621,9 @@ kex_free(struct kex *kex)
1477 sshbuf_free(kex->peer); 1477 sshbuf_free(kex->peer);
1478 sshbuf_free(kex->my); 1478 sshbuf_free(kex->my);
1479 free(kex->session_id); 1479 free(kex->session_id);
@@ -2168,7 +2168,7 @@ index 00000000..38ca082b
2168+} 2168+}
2169+#endif /* GSSAPI */ 2169+#endif /* GSSAPI */
2170diff --git a/monitor.c b/monitor.c 2170diff --git a/monitor.c b/monitor.c
2171index 43f48470..76d9e346 100644 2171index 96d22b7e..506645c7 100644
2172--- a/monitor.c 2172--- a/monitor.c
2173+++ b/monitor.c 2173+++ b/monitor.c
2174@@ -157,6 +157,8 @@ int mm_answer_gss_setup_ctx(int, Buffer *); 2174@@ -157,6 +157,8 @@ int mm_answer_gss_setup_ctx(int, Buffer *);
@@ -2199,7 +2199,7 @@ index 43f48470..76d9e346 100644
2199 #ifdef WITH_OPENSSL 2199 #ifdef WITH_OPENSSL
2200 {MONITOR_REQ_MODULI, 0, mm_answer_moduli}, 2200 {MONITOR_REQ_MODULI, 0, mm_answer_moduli},
2201 #endif 2201 #endif
2202@@ -301,6 +310,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) 2202@@ -302,6 +311,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
2203 /* Permit requests for moduli and signatures */ 2203 /* Permit requests for moduli and signatures */
2204 monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); 2204 monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
2205 monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); 2205 monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
@@ -2210,7 +2210,7 @@ index 43f48470..76d9e346 100644
2210 2210
2211 /* The first few requests do not require asynchronous access */ 2211 /* The first few requests do not require asynchronous access */
2212 while (!authenticated) { 2212 while (!authenticated) {
2213@@ -400,6 +413,10 @@ monitor_child_postauth(struct monitor *pmonitor) 2213@@ -402,6 +415,10 @@ monitor_child_postauth(struct monitor *pmonitor)
2214 monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); 2214 monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
2215 monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); 2215 monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
2216 monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); 2216 monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
@@ -2221,7 +2221,7 @@ index 43f48470..76d9e346 100644
2221 2221
2222 if (!no_pty_flag) { 2222 if (!no_pty_flag) {
2223 monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); 2223 monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1);
2224@@ -1601,6 +1618,13 @@ monitor_apply_keystate(struct monitor *pmonitor) 2224@@ -1606,6 +1623,13 @@ monitor_apply_keystate(struct monitor *pmonitor)
2225 # endif 2225 # endif
2226 #endif /* WITH_OPENSSL */ 2226 #endif /* WITH_OPENSSL */
2227 kex->kex[KEX_C25519_SHA256] = kexc25519_server; 2227 kex->kex[KEX_C25519_SHA256] = kexc25519_server;
@@ -2235,7 +2235,7 @@ index 43f48470..76d9e346 100644
2235 kex->load_host_public_key=&get_hostkey_public_by_type; 2235 kex->load_host_public_key=&get_hostkey_public_by_type;
2236 kex->load_host_private_key=&get_hostkey_private_by_type; 2236 kex->load_host_private_key=&get_hostkey_private_by_type;
2237 kex->host_key_index=&get_hostkey_index; 2237 kex->host_key_index=&get_hostkey_index;
2238@@ -1680,8 +1704,8 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m) 2238@@ -1685,8 +1709,8 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m)
2239 OM_uint32 major; 2239 OM_uint32 major;
2240 u_int len; 2240 u_int len;
2241 2241
@@ -2246,7 +2246,7 @@ index 43f48470..76d9e346 100644
2246 2246
2247 goid.elements = buffer_get_string(m, &len); 2247 goid.elements = buffer_get_string(m, &len);
2248 goid.length = len; 2248 goid.length = len;
2249@@ -1710,8 +1734,8 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m) 2249@@ -1715,8 +1739,8 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
2250 OM_uint32 flags = 0; /* GSI needs this */ 2250 OM_uint32 flags = 0; /* GSI needs this */
2251 u_int len; 2251 u_int len;
2252 2252
@@ -2257,7 +2257,7 @@ index 43f48470..76d9e346 100644
2257 2257
2258 in.value = buffer_get_string(m, &len); 2258 in.value = buffer_get_string(m, &len);
2259 in.length = len; 2259 in.length = len;
2260@@ -1730,6 +1754,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m) 2260@@ -1735,6 +1759,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
2261 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); 2261 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
2262 monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); 2262 monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
2263 monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); 2263 monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
@@ -2265,7 +2265,7 @@ index 43f48470..76d9e346 100644
2265 } 2265 }
2266 return (0); 2266 return (0);
2267 } 2267 }
2268@@ -1741,8 +1766,8 @@ mm_answer_gss_checkmic(int sock, Buffer *m) 2268@@ -1746,8 +1771,8 @@ mm_answer_gss_checkmic(int sock, Buffer *m)
2269 OM_uint32 ret; 2269 OM_uint32 ret;
2270 u_int len; 2270 u_int len;
2271 2271
@@ -2276,7 +2276,7 @@ index 43f48470..76d9e346 100644
2276 2276
2277 gssbuf.value = buffer_get_string(m, &len); 2277 gssbuf.value = buffer_get_string(m, &len);
2278 gssbuf.length = len; 2278 gssbuf.length = len;
2279@@ -1770,10 +1795,11 @@ mm_answer_gss_userok(int sock, Buffer *m) 2279@@ -1775,10 +1800,11 @@ mm_answer_gss_userok(int sock, Buffer *m)
2280 { 2280 {
2281 int authenticated; 2281 int authenticated;
2282 2282
@@ -2291,7 +2291,7 @@ index 43f48470..76d9e346 100644
2291 2291
2292 buffer_clear(m); 2292 buffer_clear(m);
2293 buffer_put_int(m, authenticated); 2293 buffer_put_int(m, authenticated);
2294@@ -1786,5 +1812,76 @@ mm_answer_gss_userok(int sock, Buffer *m) 2294@@ -1791,5 +1817,76 @@ mm_answer_gss_userok(int sock, Buffer *m)
2295 /* Monitor loop will terminate if authenticated */ 2295 /* Monitor loop will terminate if authenticated */
2296 return (authenticated); 2296 return (authenticated);
2297 } 2297 }
@@ -2463,7 +2463,7 @@ index db5902f5..8f9dd896 100644
2463 2463
2464 #ifdef USE_PAM 2464 #ifdef USE_PAM
2465diff --git a/readconf.c b/readconf.c 2465diff --git a/readconf.c b/readconf.c
2466index fa3fab8f..7902ef26 100644 2466index 9d59493f..00d9cc30 100644
2467--- a/readconf.c 2467--- a/readconf.c
2468+++ b/readconf.c 2468+++ b/readconf.c
2469@@ -160,6 +160,8 @@ typedef enum { 2469@@ -160,6 +160,8 @@ typedef enum {
@@ -2475,8 +2475,8 @@ index fa3fab8f..7902ef26 100644
2475 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, 2475 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
2476 oSendEnv, oControlPath, oControlMaster, oControlPersist, 2476 oSendEnv, oControlPath, oControlMaster, oControlPersist,
2477 oHashKnownHosts, 2477 oHashKnownHosts,
2478@@ -205,10 +207,19 @@ static struct { 2478@@ -196,10 +198,20 @@ static struct {
2479 { "afstokenpassing", oUnsupported }, 2479 /* Sometimes-unsupported options */
2480 #if defined(GSSAPI) 2480 #if defined(GSSAPI)
2481 { "gssapiauthentication", oGssAuthentication }, 2481 { "gssapiauthentication", oGssAuthentication },
2482+ { "gssapikeyexchange", oGssKeyEx }, 2482+ { "gssapikeyexchange", oGssKeyEx },
@@ -2485,17 +2485,18 @@ index fa3fab8f..7902ef26 100644
2485+ { "gssapiclientidentity", oGssClientIdentity }, 2485+ { "gssapiclientidentity", oGssClientIdentity },
2486+ { "gssapiserveridentity", oGssServerIdentity }, 2486+ { "gssapiserveridentity", oGssServerIdentity },
2487+ { "gssapirenewalforcesrekey", oGssRenewalRekey }, 2487+ { "gssapirenewalforcesrekey", oGssRenewalRekey },
2488 #else 2488 # else
2489 { "gssapiauthentication", oUnsupported }, 2489 { "gssapiauthentication", oUnsupported },
2490+ { "gssapikeyexchange", oUnsupported }, 2490+ { "gssapikeyexchange", oUnsupported },
2491 { "gssapidelegatecredentials", oUnsupported }, 2491 { "gssapidelegatecredentials", oUnsupported },
2492+ { "gssapitrustdns", oUnsupported }, 2492+ { "gssapitrustdns", oUnsupported },
2493+ { "gssapiclientidentity", oUnsupported }, 2493+ { "gssapiclientidentity", oUnsupported },
2494+ { "gssapiserveridentity", oUnsupported },
2494+ { "gssapirenewalforcesrekey", oUnsupported }, 2495+ { "gssapirenewalforcesrekey", oUnsupported },
2495 #endif 2496 #endif
2496 { "fallbacktorsh", oDeprecated }, 2497 #ifdef ENABLE_PKCS11
2497 { "usersh", oDeprecated }, 2498 { "smartcarddevice", oPKCS11Provider },
2498@@ -961,10 +972,30 @@ parse_time: 2499@@ -973,10 +985,30 @@ parse_time:
2499 intptr = &options->gss_authentication; 2500 intptr = &options->gss_authentication;
2500 goto parse_flag; 2501 goto parse_flag;
2501 2502
@@ -2526,7 +2527,7 @@ index fa3fab8f..7902ef26 100644
2526 case oBatchMode: 2527 case oBatchMode:
2527 intptr = &options->batch_mode; 2528 intptr = &options->batch_mode;
2528 goto parse_flag; 2529 goto parse_flag;
2529@@ -1776,7 +1807,12 @@ initialize_options(Options * options) 2530@@ -1798,7 +1830,12 @@ initialize_options(Options * options)
2530 options->pubkey_authentication = -1; 2531 options->pubkey_authentication = -1;
2531 options->challenge_response_authentication = -1; 2532 options->challenge_response_authentication = -1;
2532 options->gss_authentication = -1; 2533 options->gss_authentication = -1;
@@ -2539,7 +2540,7 @@ index fa3fab8f..7902ef26 100644
2539 options->password_authentication = -1; 2540 options->password_authentication = -1;
2540 options->kbd_interactive_authentication = -1; 2541 options->kbd_interactive_authentication = -1;
2541 options->kbd_interactive_devices = NULL; 2542 options->kbd_interactive_devices = NULL;
2542@@ -1920,8 +1956,14 @@ fill_default_options(Options * options) 2543@@ -1942,8 +1979,14 @@ fill_default_options(Options * options)
2543 options->challenge_response_authentication = 1; 2544 options->challenge_response_authentication = 1;
2544 if (options->gss_authentication == -1) 2545 if (options->gss_authentication == -1)
2545 options->gss_authentication = 0; 2546 options->gss_authentication = 0;
@@ -2572,7 +2573,7 @@ index cef55f71..fd3d7c75 100644
2572 * authentication. */ 2573 * authentication. */
2573 int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ 2574 int kbd_interactive_authentication; /* Try keyboard-interactive auth. */
2574diff --git a/servconf.c b/servconf.c 2575diff --git a/servconf.c b/servconf.c
2575index 795ddbab..14c81fa9 100644 2576index 56b83165..d796b7c8 100644
2576--- a/servconf.c 2577--- a/servconf.c
2577+++ b/servconf.c 2578+++ b/servconf.c
2578@@ -113,8 +113,10 @@ initialize_server_options(ServerOptions *options) 2579@@ -113,8 +113,10 @@ initialize_server_options(ServerOptions *options)
@@ -2595,8 +2596,7 @@ index 795ddbab..14c81fa9 100644
2595 if (options->gss_cleanup_creds == -1) 2596 if (options->gss_cleanup_creds == -1)
2596 options->gss_cleanup_creds = 1; 2597 options->gss_cleanup_creds = 1;
2597 if (options->gss_strict_acceptor == -1) 2598 if (options->gss_strict_acceptor == -1)
2598- options->gss_strict_acceptor = 0; 2599 options->gss_strict_acceptor = 1;
2599+ options->gss_strict_acceptor = 1;
2600+ if (options->gss_store_rekey == -1) 2600+ if (options->gss_store_rekey == -1)
2601+ options->gss_store_rekey = 0; 2601+ options->gss_store_rekey = 0;
2602 if (options->password_authentication == -1) 2602 if (options->password_authentication == -1)
@@ -2631,7 +2631,7 @@ index 795ddbab..14c81fa9 100644
2631 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, 2631 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
2632 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, 2632 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
2633 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, 2633 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
2634@@ -1207,6 +1222,10 @@ process_server_config_line(ServerOptions *options, char *line, 2634@@ -1217,6 +1232,10 @@ process_server_config_line(ServerOptions *options, char *line,
2635 intptr = &options->gss_authentication; 2635 intptr = &options->gss_authentication;
2636 goto parse_flag; 2636 goto parse_flag;
2637 2637
@@ -2642,7 +2642,7 @@ index 795ddbab..14c81fa9 100644
2642 case sGssCleanupCreds: 2642 case sGssCleanupCreds:
2643 intptr = &options->gss_cleanup_creds; 2643 intptr = &options->gss_cleanup_creds;
2644 goto parse_flag; 2644 goto parse_flag;
2645@@ -1215,6 +1234,10 @@ process_server_config_line(ServerOptions *options, char *line, 2645@@ -1225,6 +1244,10 @@ process_server_config_line(ServerOptions *options, char *line,
2646 intptr = &options->gss_strict_acceptor; 2646 intptr = &options->gss_strict_acceptor;
2647 goto parse_flag; 2647 goto parse_flag;
2648 2648
@@ -2653,7 +2653,7 @@ index 795ddbab..14c81fa9 100644
2653 case sPasswordAuthentication: 2653 case sPasswordAuthentication:
2654 intptr = &options->password_authentication; 2654 intptr = &options->password_authentication;
2655 goto parse_flag; 2655 goto parse_flag;
2656@@ -2248,7 +2271,10 @@ dump_config(ServerOptions *o) 2656@@ -2250,7 +2273,10 @@ dump_config(ServerOptions *o)
2657 #endif 2657 #endif
2658 #ifdef GSSAPI 2658 #ifdef GSSAPI
2659 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); 2659 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
@@ -2796,10 +2796,10 @@ index 90fb63f0..4e879cd2 100644
2796 # CheckHostIP yes 2796 # CheckHostIP yes
2797 # AddressFamily any 2797 # AddressFamily any
2798diff --git a/ssh_config.5 b/ssh_config.5 2798diff --git a/ssh_config.5 b/ssh_config.5
2799index 591365f3..a7703fc7 100644 2799index 532745b2..ec60273e 100644
2800--- a/ssh_config.5 2800--- a/ssh_config.5
2801+++ b/ssh_config.5 2801+++ b/ssh_config.5
2802@@ -748,10 +748,42 @@ The default is 2802@@ -752,10 +752,42 @@ The default is
2803 Specifies whether user authentication based on GSSAPI is allowed. 2803 Specifies whether user authentication based on GSSAPI is allowed.
2804 The default is 2804 The default is
2805 .Cm no . 2805 .Cm no .
@@ -2843,7 +2843,7 @@ index 591365f3..a7703fc7 100644
2843 Indicates that 2843 Indicates that
2844 .Xr ssh 1 2844 .Xr ssh 1
2845diff --git a/sshconnect2.c b/sshconnect2.c 2845diff --git a/sshconnect2.c b/sshconnect2.c
2846index 103a2b36..c35a0bd5 100644 2846index f8a54bee..5743c2c4 100644
2847--- a/sshconnect2.c 2847--- a/sshconnect2.c
2848+++ b/sshconnect2.c 2848+++ b/sshconnect2.c
2849@@ -162,6 +162,11 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) 2849@@ -162,6 +162,11 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
@@ -2892,8 +2892,8 @@ index 103a2b36..c35a0bd5 100644
2892+#endif 2892+#endif
2893+ 2893+
2894 if (options.rekey_limit || options.rekey_interval) 2894 if (options.rekey_limit || options.rekey_interval)
2895 packet_set_rekey_limits((u_int32_t)options.rekey_limit, 2895 packet_set_rekey_limits(options.rekey_limit,
2896 (time_t)options.rekey_interval); 2896 options.rekey_interval);
2897@@ -213,15 +247,41 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) 2897@@ -213,15 +247,41 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
2898 # endif 2898 # endif
2899 #endif 2899 #endif
@@ -3060,7 +3060,7 @@ index 103a2b36..c35a0bd5 100644
3060 3060
3061 int 3061 int
3062diff --git a/sshd.c b/sshd.c 3062diff --git a/sshd.c b/sshd.c
3063index 1dc4d182..0970f297 100644 3063index 010a2c38..20a7a5f3 100644
3064--- a/sshd.c 3064--- a/sshd.c
3065+++ b/sshd.c 3065+++ b/sshd.c
3066@@ -123,6 +123,10 @@ 3066@@ -123,6 +123,10 @@
@@ -3083,7 +3083,7 @@ index 1dc4d182..0970f297 100644
3083 ssh_gssapi_prepare_supported_oids(); 3083 ssh_gssapi_prepare_supported_oids();
3084 #endif 3084 #endif
3085 3085
3086@@ -1705,10 +1709,13 @@ main(int ac, char **av) 3086@@ -1719,10 +1723,13 @@ main(int ac, char **av)
3087 key ? "private" : "agent", i, sshkey_ssh_name(pubkey), fp); 3087 key ? "private" : "agent", i, sshkey_ssh_name(pubkey), fp);
3088 free(fp); 3088 free(fp);
3089 } 3089 }
@@ -3097,7 +3097,7 @@ index 1dc4d182..0970f297 100644
3097 3097
3098 /* 3098 /*
3099 * Load certificates. They are stored in an array at identical 3099 * Load certificates. They are stored in an array at identical
3100@@ -1978,6 +1985,60 @@ main(int ac, char **av) 3100@@ -1992,6 +1999,60 @@ main(int ac, char **av)
3101 remote_ip, remote_port, laddr, ssh_local_port(ssh)); 3101 remote_ip, remote_port, laddr, ssh_local_port(ssh));
3102 free(laddr); 3102 free(laddr);
3103 3103
@@ -3158,7 +3158,7 @@ index 1dc4d182..0970f297 100644
3158 /* 3158 /*
3159 * We don't want to listen forever unless the other side 3159 * We don't want to listen forever unless the other side
3160 * successfully authenticates itself. So we set up an alarm which is 3160 * successfully authenticates itself. So we set up an alarm which is
3161@@ -2159,6 +2220,48 @@ do_ssh2_kex(void) 3161@@ -2173,6 +2234,48 @@ do_ssh2_kex(void)
3162 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( 3162 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
3163 list_hostkey_types()); 3163 list_hostkey_types());
3164 3164
@@ -3207,7 +3207,7 @@ index 1dc4d182..0970f297 100644
3207 /* start key exchange */ 3207 /* start key exchange */
3208 if ((r = kex_setup(active_state, myproposal)) != 0) 3208 if ((r = kex_setup(active_state, myproposal)) != 0)
3209 fatal("kex_setup: %s", ssh_err(r)); 3209 fatal("kex_setup: %s", ssh_err(r));
3210@@ -2176,6 +2279,13 @@ do_ssh2_kex(void) 3210@@ -2190,6 +2293,13 @@ do_ssh2_kex(void)
3211 # endif 3211 # endif
3212 #endif 3212 #endif
3213 kex->kex[KEX_C25519_SHA256] = kexc25519_server; 3213 kex->kex[KEX_C25519_SHA256] = kexc25519_server;
@@ -3222,7 +3222,7 @@ index 1dc4d182..0970f297 100644
3222 kex->client_version_string=client_version_string; 3222 kex->client_version_string=client_version_string;
3223 kex->server_version_string=server_version_string; 3223 kex->server_version_string=server_version_string;
3224diff --git a/sshd_config b/sshd_config 3224diff --git a/sshd_config b/sshd_config
3225index 9f09e4a6..00e5a728 100644 3225index 4eb2e02e..c01dd656 100644
3226--- a/sshd_config 3226--- a/sshd_config
3227+++ b/sshd_config 3227+++ b/sshd_config
3228@@ -70,6 +70,8 @@ AuthorizedKeysFile .ssh/authorized_keys 3228@@ -70,6 +70,8 @@ AuthorizedKeysFile .ssh/authorized_keys
@@ -3235,10 +3235,10 @@ index 9f09e4a6..00e5a728 100644
3235 # Set this to 'yes' to enable PAM authentication, account processing, 3235 # Set this to 'yes' to enable PAM authentication, account processing,
3236 # and session processing. If this is enabled, PAM authentication will 3236 # and session processing. If this is enabled, PAM authentication will
3237diff --git a/sshd_config.5 b/sshd_config.5 3237diff --git a/sshd_config.5 b/sshd_config.5
3238index 32b29d24..dd765b39 100644 3238index ac6ccc79..3f819c76 100644
3239--- a/sshd_config.5 3239--- a/sshd_config.5
3240+++ b/sshd_config.5 3240+++ b/sshd_config.5
3241@@ -623,6 +623,11 @@ The default is 3241@@ -627,6 +627,11 @@ The default is
3242 Specifies whether user authentication based on GSSAPI is allowed. 3242 Specifies whether user authentication based on GSSAPI is allowed.
3243 The default is 3243 The default is
3244 .Cm no . 3244 .Cm no .
@@ -3250,7 +3250,7 @@ index 32b29d24..dd765b39 100644
3250 .It Cm GSSAPICleanupCredentials 3250 .It Cm GSSAPICleanupCredentials
3251 Specifies whether to automatically destroy the user's credentials cache 3251 Specifies whether to automatically destroy the user's credentials cache
3252 on logout. 3252 on logout.
3253@@ -642,6 +647,11 @@ machine's default store. 3253@@ -646,6 +651,11 @@ machine's default store.
3254 This facility is provided to assist with operation on multi homed machines. 3254 This facility is provided to assist with operation on multi homed machines.
3255 The default is 3255 The default is
3256 .Cm yes . 3256 .Cm yes .
@@ -3263,10 +3263,10 @@ index 32b29d24..dd765b39 100644
3263 Specifies the key types that will be accepted for hostbased authentication 3263 Specifies the key types that will be accepted for hostbased authentication
3264 as a comma-separated pattern list. 3264 as a comma-separated pattern list.
3265diff --git a/sshkey.c b/sshkey.c 3265diff --git a/sshkey.c b/sshkey.c
3266index c01da6c3..377d72fa 100644 3266index 53a7674b..54001989 100644
3267--- a/sshkey.c 3267--- a/sshkey.c
3268+++ b/sshkey.c 3268+++ b/sshkey.c
3269@@ -114,6 +114,7 @@ static const struct keytype keytypes[] = { 3269@@ -116,6 +116,7 @@ static const struct keytype keytypes[] = {
3270 # endif /* OPENSSL_HAS_NISTP521 */ 3270 # endif /* OPENSSL_HAS_NISTP521 */
3271 # endif /* OPENSSL_HAS_ECC */ 3271 # endif /* OPENSSL_HAS_ECC */
3272 #endif /* WITH_OPENSSL */ 3272 #endif /* WITH_OPENSSL */
@@ -3274,17 +3274,17 @@ index c01da6c3..377d72fa 100644
3274 { NULL, NULL, -1, -1, 0, 0 } 3274 { NULL, NULL, -1, -1, 0, 0 }
3275 }; 3275 };
3276 3276
3277@@ -202,7 +203,7 @@ sshkey_alg_list(int certs_only, int plain_only, char sep) 3277@@ -204,7 +205,7 @@ sshkey_alg_list(int certs_only, int plain_only, int include_sigonly, char sep)
3278 const struct keytype *kt; 3278 const struct keytype *kt;
3279 3279
3280 for (kt = keytypes; kt->type != -1; kt++) { 3280 for (kt = keytypes; kt->type != -1; kt++) {
3281- if (kt->name == NULL || kt->sigonly) 3281- if (kt->name == NULL)
3282+ if (kt->name == NULL || kt->sigonly || kt->type == KEY_NULL) 3282+ if (kt->name == NULL || kt->type == KEY_NULL)
3283 continue; 3283 continue;
3284 if ((certs_only && !kt->cert) || (plain_only && kt->cert)) 3284 if (!include_sigonly && kt->sigonly)
3285 continue; 3285 continue;
3286diff --git a/sshkey.h b/sshkey.h 3286diff --git a/sshkey.h b/sshkey.h
3287index f3936384..7eb2a139 100644 3287index 1b9e42f4..f91e4a08 100644
3288--- a/sshkey.h 3288--- a/sshkey.h
3289+++ b/sshkey.h 3289+++ b/sshkey.h
3290@@ -62,6 +62,7 @@ enum sshkey_types { 3290@@ -62,6 +62,7 @@ enum sshkey_types {
diff --git a/debian/patches/keepalive-extensions.patch b/debian/patches/keepalive-extensions.patch
index 59b39cd84..8748ac286 100644
--- a/debian/patches/keepalive-extensions.patch
+++ b/debian/patches/keepalive-extensions.patch
@@ -1,4 +1,4 @@
1From 9078d9722d24a42b8f86621d20a6a6b42ba18d37 Mon Sep 17 00:00:00 2001 1From 74415628b380db26961259a25dcc47c4f02e8703 Mon Sep 17 00:00:00 2001
2From: Richard Kettlewell <rjk@greenend.org.uk> 2From: Richard Kettlewell <rjk@greenend.org.uk>
3Date: Sun, 9 Feb 2014 16:09:52 +0000 3Date: Sun, 9 Feb 2014 16:09:52 +0000
4Subject: Various keepalive extensions 4Subject: Various keepalive extensions
@@ -26,7 +26,7 @@ Patch-Name: keepalive-extensions.patch
26 3 files changed, 34 insertions(+), 4 deletions(-) 26 3 files changed, 34 insertions(+), 4 deletions(-)
27 27
28diff --git a/readconf.c b/readconf.c 28diff --git a/readconf.c b/readconf.c
29index c1c3aae0..3efba242 100644 29index 32a72957..0b1370a8 100644
30--- a/readconf.c 30--- a/readconf.c
31+++ b/readconf.c 31+++ b/readconf.c
32@@ -173,6 +173,7 @@ typedef enum { 32@@ -173,6 +173,7 @@ typedef enum {
@@ -37,7 +37,7 @@ index c1c3aae0..3efba242 100644
37 oIgnoredUnknownOption, oDeprecated, oUnsupported 37 oIgnoredUnknownOption, oDeprecated, oUnsupported
38 } OpCodes; 38 } OpCodes;
39 39
40@@ -308,6 +309,8 @@ static struct { 40@@ -321,6 +322,8 @@ static struct {
41 { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes }, 41 { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes },
42 { "ignoreunknown", oIgnoreUnknown }, 42 { "ignoreunknown", oIgnoreUnknown },
43 { "proxyjump", oProxyJump }, 43 { "proxyjump", oProxyJump },
@@ -46,7 +46,7 @@ index c1c3aae0..3efba242 100644
46 46
47 { NULL, oBadOption } 47 { NULL, oBadOption }
48 }; 48 };
49@@ -1402,6 +1405,8 @@ parse_keytypes: 49@@ -1417,6 +1420,8 @@ parse_keytypes:
50 goto parse_flag; 50 goto parse_flag;
51 51
52 case oServerAliveInterval: 52 case oServerAliveInterval:
@@ -55,7 +55,7 @@ index c1c3aae0..3efba242 100644
55 intptr = &options->server_alive_interval; 55 intptr = &options->server_alive_interval;
56 goto parse_time; 56 goto parse_time;
57 57
58@@ -2047,8 +2052,13 @@ fill_default_options(Options * options) 58@@ -2070,8 +2075,13 @@ fill_default_options(Options * options)
59 options->rekey_interval = 0; 59 options->rekey_interval = 0;
60 if (options->verify_host_key_dns == -1) 60 if (options->verify_host_key_dns == -1)
61 options->verify_host_key_dns = 0; 61 options->verify_host_key_dns = 0;
@@ -72,7 +72,7 @@ index c1c3aae0..3efba242 100644
72 options->server_alive_count_max = 3; 72 options->server_alive_count_max = 3;
73 if (options->control_master == -1) 73 if (options->control_master == -1)
74diff --git a/ssh_config.5 b/ssh_config.5 74diff --git a/ssh_config.5 b/ssh_config.5
75index a7703fc7..a0457314 100644 75index ec60273e..e4eaa5ae 100644
76--- a/ssh_config.5 76--- a/ssh_config.5
77+++ b/ssh_config.5 77+++ b/ssh_config.5
78@@ -250,8 +250,12 @@ Valid arguments are 78@@ -250,8 +250,12 @@ Valid arguments are
@@ -89,7 +89,7 @@ index a7703fc7..a0457314 100644
89 The argument must be 89 The argument must be
90 .Cm yes 90 .Cm yes
91 or 91 or
92@@ -1485,7 +1489,14 @@ from the server, 92@@ -1509,7 +1513,14 @@ from the server,
93 will send a message through the encrypted 93 will send a message through the encrypted
94 channel to request a response from the server. 94 channel to request a response from the server.
95 The default 95 The default
@@ -105,7 +105,7 @@ index a7703fc7..a0457314 100644
105 .It Cm StreamLocalBindMask 105 .It Cm StreamLocalBindMask
106 Sets the octal file creation mode mask 106 Sets the octal file creation mode mask
107 .Pq umask 107 .Pq umask
108@@ -1544,6 +1555,12 @@ Specifies whether the system should send TCP keepalive messages to the 108@@ -1568,6 +1579,12 @@ Specifies whether the system should send TCP keepalive messages to the
109 other side. 109 other side.
110 If they are sent, death of the connection or crash of one 110 If they are sent, death of the connection or crash of one
111 of the machines will be properly noticed. 111 of the machines will be properly noticed.
@@ -119,10 +119,10 @@ index a7703fc7..a0457314 100644
119 connections will die if the route is down temporarily, and some people 119 connections will die if the route is down temporarily, and some people
120 find it annoying. 120 find it annoying.
121diff --git a/sshd_config.5 b/sshd_config.5 121diff --git a/sshd_config.5 b/sshd_config.5
122index dd765b39..283ba889 100644 122index 3f819c76..41ec6688 100644
123--- a/sshd_config.5 123--- a/sshd_config.5
124+++ b/sshd_config.5 124+++ b/sshd_config.5
125@@ -1427,6 +1427,9 @@ This avoids infinitely hanging sessions. 125@@ -1447,6 +1447,9 @@ This avoids infinitely hanging sessions.
126 .Pp 126 .Pp
127 To disable TCP keepalive messages, the value should be set to 127 To disable TCP keepalive messages, the value should be set to
128 .Cm no . 128 .Cm no .
diff --git a/debian/patches/mention-ssh-keygen-on-keychange.patch b/debian/patches/mention-ssh-keygen-on-keychange.patch
index 4d27c68ab..f2274cb7f 100644
--- a/debian/patches/mention-ssh-keygen-on-keychange.patch
+++ b/debian/patches/mention-ssh-keygen-on-keychange.patch
@@ -1,4 +1,4 @@
1From 360c4ebd14706887879f1c6d542cd092afffb07b Mon Sep 17 00:00:00 2001 1From 315c5a460b33d076edc27a41b0e790ea73cc3b9d Mon Sep 17 00:00:00 2001
2From: Scott Moser <smoser@ubuntu.com> 2From: Scott Moser <smoser@ubuntu.com>
3Date: Sun, 9 Feb 2014 16:10:03 +0000 3Date: Sun, 9 Feb 2014 16:10:03 +0000
4Subject: Mention ssh-keygen in ssh fingerprint changed warning 4Subject: Mention ssh-keygen in ssh fingerprint changed warning
@@ -13,7 +13,7 @@ Patch-Name: mention-ssh-keygen-on-keychange.patch
13 1 file changed, 7 insertions(+), 1 deletion(-) 13 1 file changed, 7 insertions(+), 1 deletion(-)
14 14
15diff --git a/sshconnect.c b/sshconnect.c 15diff --git a/sshconnect.c b/sshconnect.c
16index 698a0711..1cc556e8 100644 16index 7f169a8f..66c495f4 100644
17--- a/sshconnect.c 17--- a/sshconnect.c
18+++ b/sshconnect.c 18+++ b/sshconnect.c
19@@ -1080,9 +1080,13 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, 19@@ -1080,9 +1080,13 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
diff --git a/debian/patches/no-dsa-host-key-by-default.patch b/debian/patches/no-dsa-host-key-by-default.patch
index bfe6033b1..b20cb22d5 100644
--- a/debian/patches/no-dsa-host-key-by-default.patch
+++ b/debian/patches/no-dsa-host-key-by-default.patch
@@ -1,4 +1,4 @@
1From 3f1016b4535faf6e48aa71e21569aa714a25193f Mon Sep 17 00:00:00 2001 1From 417f561eac9f391661ad23a27f1d711f56566176 Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org> 2From: Colin Watson <cjwatson@debian.org>
3Date: Mon, 16 Jan 2017 13:53:04 +0000 3Date: Mon, 16 Jan 2017 13:53:04 +0000
4Subject: Remove ssh_host_dsa_key from HostKey default 4Subject: Remove ssh_host_dsa_key from HostKey default
@@ -19,7 +19,7 @@ Patch-Name: no-dsa-host-key-by-default.patch
19 4 files changed, 6 insertions(+), 11 deletions(-) 19 4 files changed, 6 insertions(+), 11 deletions(-)
20 20
21diff --git a/servconf.c b/servconf.c 21diff --git a/servconf.c b/servconf.c
22index 1cee3d6c..202c4506 100644 22index a391cf4b..1a7a5f18 100644
23--- a/servconf.c 23--- a/servconf.c
24+++ b/servconf.c 24+++ b/servconf.c
25@@ -204,8 +204,6 @@ fill_default_server_options(ServerOptions *options) 25@@ -204,8 +204,6 @@ fill_default_server_options(ServerOptions *options)
@@ -32,7 +32,7 @@ index 1cee3d6c..202c4506 100644
32 options->host_key_files[options->num_host_key_files++] = 32 options->host_key_files[options->num_host_key_files++] =
33 _PATH_HOST_ECDSA_KEY_FILE; 33 _PATH_HOST_ECDSA_KEY_FILE;
34diff --git a/sshd.8 b/sshd.8 34diff --git a/sshd.8 b/sshd.8
35index 38a72540..e8f1fde8 100644 35index dd4b8fc3..79a7e080 100644
36--- a/sshd.8 36--- a/sshd.8
37+++ b/sshd.8 37+++ b/sshd.8
38@@ -167,11 +167,10 @@ This option must be given if 38@@ -167,11 +167,10 @@ This option must be given if
@@ -51,7 +51,7 @@ index 38a72540..e8f1fde8 100644
51 the different host key algorithms. 51 the different host key algorithms.
52 .It Fl i 52 .It Fl i
53diff --git a/sshd_config b/sshd_config 53diff --git a/sshd_config b/sshd_config
54index 13cbe2c6..4aea6c72 100644 54index f68edf36..92822959 100644
55--- a/sshd_config 55--- a/sshd_config
56+++ b/sshd_config 56+++ b/sshd_config
57@@ -16,7 +16,6 @@ 57@@ -16,7 +16,6 @@
@@ -63,10 +63,10 @@ index 13cbe2c6..4aea6c72 100644
63 #HostKey /etc/ssh/ssh_host_ed25519_key 63 #HostKey /etc/ssh/ssh_host_ed25519_key
64 64
65diff --git a/sshd_config.5 b/sshd_config.5 65diff --git a/sshd_config.5 b/sshd_config.5
66index 703a9cdd..8f8fbb66 100644 66index cc5d9fb0..0747cc8b 100644
67--- a/sshd_config.5 67--- a/sshd_config.5
68+++ b/sshd_config.5 68+++ b/sshd_config.5
69@@ -733,11 +733,10 @@ is not to load any certificates. 69@@ -741,11 +741,10 @@ is not to load any certificates.
70 Specifies a file containing a private host key 70 Specifies a file containing a private host key
71 used by SSH. 71 used by SSH.
72 The defaults are 72 The defaults are
diff --git a/debian/patches/no-openssl-version-status.patch b/debian/patches/no-openssl-version-status.patch
index b1c045643..0c12e2acf 100644
--- a/debian/patches/no-openssl-version-status.patch
+++ b/debian/patches/no-openssl-version-status.patch
@@ -1,4 +1,4 @@
1From 48c127fe8f40037d0f33efa8da19cb32514b440e Mon Sep 17 00:00:00 2001 1From 3ccc29568299d597b2753a4a04ad082814b9c8e8 Mon Sep 17 00:00:00 2001
2From: Kurt Roeckx <kurt@roeckx.be> 2From: Kurt Roeckx <kurt@roeckx.be>
3Date: Sun, 9 Feb 2014 16:10:14 +0000 3Date: Sun, 9 Feb 2014 16:10:14 +0000
4Subject: Don't check the status field of the OpenSSL version 4Subject: Don't check the status field of the OpenSSL version
diff --git a/debian/patches/openbsd-docs.patch b/debian/patches/openbsd-docs.patch
index 9a7edf949..94574e321 100644
--- a/debian/patches/openbsd-docs.patch
+++ b/debian/patches/openbsd-docs.patch
@@ -1,4 +1,4 @@
1From 4badfe75ad62ee50394afa9aaac62b3465fd384e Mon Sep 17 00:00:00 2001 1From 22fa108c15a43eb80d5fa7114208ab813019954e Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org> 2From: Colin Watson <cjwatson@debian.org>
3Date: Sun, 9 Feb 2014 16:10:09 +0000 3Date: Sun, 9 Feb 2014 16:10:09 +0000
4Subject: Adjust various OpenBSD-specific references in manual pages 4Subject: Adjust various OpenBSD-specific references in manual pages
@@ -103,7 +103,7 @@ index feef81a5..b1f128c2 100644
103 .Pp 103 .Pp
104 The file 104 The file
105diff --git a/sshd.8 b/sshd.8 105diff --git a/sshd.8 b/sshd.8
106index c6784602..e6915141 100644 106index 989dd4bf..6355178f 100644
107--- a/sshd.8 107--- a/sshd.8
108+++ b/sshd.8 108+++ b/sshd.8
109@@ -65,7 +65,7 @@ over an insecure network. 109@@ -65,7 +65,7 @@ over an insecure network.
@@ -133,7 +133,7 @@ index c6784602..e6915141 100644
133 .Xr sshd_config 5 , 133 .Xr sshd_config 5 ,
134 .Xr inetd 8 , 134 .Xr inetd 8 ,
135diff --git a/sshd_config.5 b/sshd_config.5 135diff --git a/sshd_config.5 b/sshd_config.5
136index 4ea0a9c3..e45a8937 100644 136index 5f316481..603c2ba7 100644
137--- a/sshd_config.5 137--- a/sshd_config.5
138+++ b/sshd_config.5 138+++ b/sshd_config.5
139@@ -372,8 +372,7 @@ then no banner is displayed. 139@@ -372,8 +372,7 @@ then no banner is displayed.
diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch
index fcc231fc9..1a1036fa8 100644
--- a/debian/patches/package-versioning.patch
+++ b/debian/patches/package-versioning.patch
@@ -1,4 +1,4 @@
1From c89c88a0bcada4616262e3d7d9b165aca709927b Mon Sep 17 00:00:00 2001 1From 8f127a3c84d2eae8d1fb5529887c880c22c5cf75 Mon Sep 17 00:00:00 2001
2From: Matthew Vernon <matthew@debian.org> 2From: Matthew Vernon <matthew@debian.org>
3Date: Sun, 9 Feb 2014 16:10:05 +0000 3Date: Sun, 9 Feb 2014 16:10:05 +0000
4Subject: Include the Debian version in our identification 4Subject: Include the Debian version in our identification
@@ -19,7 +19,7 @@ Patch-Name: package-versioning.patch
19 3 files changed, 9 insertions(+), 4 deletions(-) 19 3 files changed, 9 insertions(+), 4 deletions(-)
20 20
21diff --git a/sshconnect.c b/sshconnect.c 21diff --git a/sshconnect.c b/sshconnect.c
22index 1cc556e8..c64c51bb 100644 22index 66c495f4..120f0945 100644
23--- a/sshconnect.c 23--- a/sshconnect.c
24+++ b/sshconnect.c 24+++ b/sshconnect.c
25@@ -526,10 +526,10 @@ send_client_banner(int connection_out, int minor1) 25@@ -526,10 +526,10 @@ send_client_banner(int connection_out, int minor1)
@@ -36,24 +36,24 @@ index 1cc556e8..c64c51bb 100644
36 if (atomicio(vwrite, connection_out, client_version_string, 36 if (atomicio(vwrite, connection_out, client_version_string,
37 strlen(client_version_string)) != strlen(client_version_string)) 37 strlen(client_version_string)) != strlen(client_version_string))
38diff --git a/sshd.c b/sshd.c 38diff --git a/sshd.c b/sshd.c
39index 9aab36c3..49f3a2e5 100644 39index 9221632e..602f4740 100644
40--- a/sshd.c 40--- a/sshd.c
41+++ b/sshd.c 41+++ b/sshd.c
42@@ -378,7 +378,7 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out) 42@@ -378,7 +378,7 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out)
43 char remote_version[256]; /* Must be at least as big as buf. */ 43 char remote_version[256]; /* Must be at least as big as buf. */
44 44
45 xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", 45 xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n",
46- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, 46- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
47+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE, 47+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE,
48 *options.version_addendum == '\0' ? "" : " ", 48 *options.version_addendum == '\0' ? "" : " ",
49 options.version_addendum, newline); 49 options.version_addendum);
50 50
51diff --git a/version.h b/version.h 51diff --git a/version.h b/version.h
52index 269ebcda..850a2f7d 100644 52index c86e2097..f4d8b13a 100644
53--- a/version.h 53--- a/version.h
54+++ b/version.h 54+++ b/version.h
55@@ -3,4 +3,9 @@ 55@@ -3,4 +3,9 @@
56 #define SSH_VERSION "OpenSSH_7.4" 56 #define SSH_VERSION "OpenSSH_7.5"
57 57
58 #define SSH_PORTABLE "p1" 58 #define SSH_PORTABLE "p1"
59-#define SSH_RELEASE SSH_VERSION SSH_PORTABLE 59-#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
diff --git a/debian/patches/quieter-signals.patch b/debian/patches/quieter-signals.patch
index c19fc46fe..55dd37fb9 100644
--- a/debian/patches/quieter-signals.patch
+++ b/debian/patches/quieter-signals.patch
@@ -1,4 +1,4 @@
1From 71809791262478c78d1db2ca1004604c39db8150 Mon Sep 17 00:00:00 2001 1From 980646a9f7f03b43b678272b2a56e30906c6ddec Mon Sep 17 00:00:00 2001
2From: Peter Samuelson <peter@p12n.org> 2From: Peter Samuelson <peter@p12n.org>
3Date: Sun, 9 Feb 2014 16:09:55 +0000 3Date: Sun, 9 Feb 2014 16:09:55 +0000
4Subject: Reduce severity of "Killed by signal %d" 4Subject: Reduce severity of "Killed by signal %d"
@@ -22,7 +22,7 @@ Patch-Name: quieter-signals.patch
22 1 file changed, 4 insertions(+), 2 deletions(-) 22 1 file changed, 4 insertions(+), 2 deletions(-)
23 23
24diff --git a/clientloop.c b/clientloop.c 24diff --git a/clientloop.c b/clientloop.c
25index 99c68b69..5876cc9a 100644 25index 38b0330e..06845280 100644
26--- a/clientloop.c 26--- a/clientloop.c
27+++ b/clientloop.c 27+++ b/clientloop.c
28@@ -1755,8 +1755,10 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) 28@@ -1755,8 +1755,10 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
diff --git a/debian/patches/regress-forwarding-race.patch b/debian/patches/regress-forwarding-race.patch
deleted file mode 100644
index f1a535fb2..000000000
--- a/debian/patches/regress-forwarding-race.patch
+++ /dev/null
@@ -1,115 +0,0 @@
1From 166f04046035ffca27c820649df360eaa5dd1b99 Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org>
3Date: Mon, 2 Jan 2017 14:55:16 +0000
4Subject: Fix race conditions in forwarding tests
5
6The forwarding tests sometimes seem to fail in a way that suggests ports
7are in use even though they shouldn't be. Convert more of them to use a
8mux socket rather than relying on sleeps in the hope that that makes
9behaviour more consistent.
10
11Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2659
12Patch-Name: regress-forwarding-race.patch
13
14Last-Update: 2017-01-02
15---
16 regress/forwarding.sh | 32 +++++++++++++++++++-------------
17 1 file changed, 19 insertions(+), 13 deletions(-)
18
19diff --git a/regress/forwarding.sh b/regress/forwarding.sh
20index 2539db9b..a1a4b13f 100644
21--- a/regress/forwarding.sh
22+++ b/regress/forwarding.sh
23@@ -11,7 +11,6 @@ base=33
24 last=$PORT
25 fwd=""
26 CTL=$OBJ/ctl-sock
27-rm -f $CTL
28
29 for j in 0 1 2; do
30 for i in 0 1 2; do
31@@ -29,7 +28,8 @@ for p in ${SSH_PROTOCOLS}; do
32 q=$p
33 fi
34 trace "start forwarding, fork to background"
35- ${SSH} -$p -F $OBJ/ssh_config -f $fwd somehost sleep 10
36+ rm -f $CTL
37+ ${SSH} -S $CTL -M -$p -F $OBJ/ssh_config -f $fwd somehost sleep 10
38
39 trace "transfer over forwarded channels and check result"
40 ${SSH} -$q -F $OBJ/ssh_config -p$last -o 'ConnectionAttempts=4' \
41@@ -37,7 +37,7 @@ for p in ${SSH_PROTOCOLS}; do
42 test -s ${COPY} || fail "failed copy of ${DATA}"
43 cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}"
44
45- sleep 10
46+ ${SSH} -S $CTL -O exit somehost
47 done
48
49 for p in ${SSH_PROTOCOLS}; do
50@@ -75,7 +75,8 @@ for p in ${SSH_PROTOCOLS}; do
51 ${SSH} -$p -F $OBJ/ssh_config -oClearAllForwardings=yes somehost true
52
53 trace "clear local forward proto $p"
54- ${SSH} -$p -f -F $OBJ/ssh_config -L ${base}01:127.0.0.1:$PORT \
55+ rm -f $CTL
56+ ${SSH} -S $CTL -M -$p -f -F $OBJ/ssh_config -L ${base}01:127.0.0.1:$PORT \
57 -oClearAllForwardings=yes somehost sleep 10
58 if [ $? != 0 ]; then
59 fail "connection failed with cleared local forwarding"
60@@ -85,10 +86,11 @@ for p in ${SSH_PROTOCOLS}; do
61 >>$TEST_REGRESS_LOGFILE 2>&1 && \
62 fail "local forwarding not cleared"
63 fi
64- sleep 10
65+ ${SSH} -S $CTL -O exit somehost
66
67 trace "clear remote forward proto $p"
68- ${SSH} -$p -f -F $OBJ/ssh_config -R ${base}01:127.0.0.1:$PORT \
69+ rm -f $CTL
70+ ${SSH} -S $CTL -M -$p -f -F $OBJ/ssh_config -R ${base}01:127.0.0.1:$PORT \
71 -oClearAllForwardings=yes somehost sleep 10
72 if [ $? != 0 ]; then
73 fail "connection failed with cleared remote forwarding"
74@@ -98,7 +100,7 @@ for p in ${SSH_PROTOCOLS}; do
75 >>$TEST_REGRESS_LOGFILE 2>&1 && \
76 fail "remote forwarding not cleared"
77 fi
78- sleep 10
79+ ${SSH} -S $CTL -O exit somehost
80 done
81
82 for p in 2; do
83@@ -115,6 +117,7 @@ echo "LocalForward ${base}01 127.0.0.1:$PORT" >> $OBJ/ssh_config
84 echo "RemoteForward ${base}02 127.0.0.1:${base}01" >> $OBJ/ssh_config
85 for p in ${SSH_PROTOCOLS}; do
86 trace "config file: start forwarding, fork to background"
87+ rm -f $CTL
88 ${SSH} -S $CTL -M -$p -F $OBJ/ssh_config -f somehost sleep 10
89
90 trace "config file: transfer over forwarded channels and check result"
91@@ -129,15 +132,18 @@ done
92 for p in 2; do
93 trace "transfer over chained unix domain socket forwards and check result"
94 rm -f $OBJ/unix-[123].fwd
95- ${SSH} -f -F $OBJ/ssh_config -R${base}01:[$OBJ/unix-1.fwd] somehost sleep 10
96- ${SSH} -f -F $OBJ/ssh_config -L[$OBJ/unix-1.fwd]:[$OBJ/unix-2.fwd] somehost sleep 10
97- ${SSH} -f -F $OBJ/ssh_config -R[$OBJ/unix-2.fwd]:[$OBJ/unix-3.fwd] somehost sleep 10
98- ${SSH} -f -F $OBJ/ssh_config -L[$OBJ/unix-3.fwd]:127.0.0.1:$PORT somehost sleep 10
99+ rm -f $CTL $CTL.[123]
100+ ${SSH} -S $CTL -M -f -F $OBJ/ssh_config -R${base}01:[$OBJ/unix-1.fwd] somehost sleep 10
101+ ${SSH} -S $CTL.1 -M -f -F $OBJ/ssh_config -L[$OBJ/unix-1.fwd]:[$OBJ/unix-2.fwd] somehost sleep 10
102+ ${SSH} -S $CTL.2 -M -f -F $OBJ/ssh_config -R[$OBJ/unix-2.fwd]:[$OBJ/unix-3.fwd] somehost sleep 10
103+ ${SSH} -S $CTL.3 -M -f -F $OBJ/ssh_config -L[$OBJ/unix-3.fwd]:127.0.0.1:$PORT somehost sleep 10
104 ${SSH} -F $OBJ/ssh_config -p${base}01 -o 'ConnectionAttempts=4' \
105 somehost cat ${DATA} > ${COPY}
106 test -s ${COPY} || fail "failed copy ${DATA}"
107 cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}"
108
109- #wait
110- sleep 10
111+ ${SSH} -S $CTL -O exit somehost
112+ ${SSH} -S $CTL.1 -O exit somehost
113+ ${SSH} -S $CTL.2 -O exit somehost
114+ ${SSH} -S $CTL.3 -O exit somehost
115 done
diff --git a/debian/patches/regress-integrity-robust.patch b/debian/patches/regress-integrity-robust.patch
index 651a7a88e..2c515e317 100644
--- a/debian/patches/regress-integrity-robust.patch
+++ b/debian/patches/regress-integrity-robust.patch
@@ -1,4 +1,4 @@
1From 7ce93c802065cd926e7cbfd10e629f3a2d352301 Mon Sep 17 00:00:00 2001 1From c210daa1ae77904f57478315e75af3f82a5d69f2 Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org> 2From: Colin Watson <cjwatson@debian.org>
3Date: Sun, 1 Jan 2017 15:21:10 +0000 3Date: Sun, 1 Jan 2017 15:21:10 +0000
4Subject: Make integrity tests more robust against timeouts 4Subject: Make integrity tests more robust against timeouts
@@ -12,31 +12,14 @@ Patch-Name: regress-integrity-robust.patch
12 12
13Last-Update: 2017-01-01 13Last-Update: 2017-01-01
14--- 14---
15 regress/integrity.sh | 9 +++++---- 15 regress/integrity.sh | 6 ++++--
16 1 file changed, 5 insertions(+), 4 deletions(-) 16 1 file changed, 4 insertions(+), 2 deletions(-)
17 17
18diff --git a/regress/integrity.sh b/regress/integrity.sh 18diff --git a/regress/integrity.sh b/regress/integrity.sh
19index 39d310de..fd7d58bc 100644 19index 1df2924f..ed378337 100644
20--- a/regress/integrity.sh 20--- a/regress/integrity.sh
21+++ b/regress/integrity.sh 21+++ b/regress/integrity.sh
22@@ -5,8 +5,6 @@ tid="integrity" 22@@ -60,14 +60,16 @@ for m in $macs; do
23 cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
24
25 # start at byte 2900 (i.e. after kex) and corrupt at different offsets
26-# XXX the test hangs if we modify the low bytes of the packet length
27-# XXX and ssh tries to read...
28 tries=10
29 startoffset=2900
30 macs=`${SSH} -Q mac`
31@@ -27,6 +25,7 @@ for m in $macs; do
32 elen=0
33 epad=0
34 emac=0
35+ etmo=0
36 ecnt=0
37 skip=0
38 for off in `jot $tries $startoffset`; do
39@@ -61,14 +60,16 @@ for m in $macs; do
40 Corrupted?MAC* | *message?authentication?code?incorrect*) 23 Corrupted?MAC* | *message?authentication?code?incorrect*)
41 emac=`expr $emac + 1`; skip=0;; 24 emac=`expr $emac + 1`; skip=0;;
42 padding*) epad=`expr $epad + 1`; skip=0;; 25 padding*) epad=`expr $epad + 1`; skip=0;;
diff --git a/debian/patches/regress-mktemp.patch b/debian/patches/regress-mktemp.patch
deleted file mode 100644
index f5cfde1e8..000000000
--- a/debian/patches/regress-mktemp.patch
+++ /dev/null
@@ -1,167 +0,0 @@
1From 6ca09916439a58f0789deb79960ee5defc05a946 Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org>
3Date: Tue, 3 Jan 2017 12:09:42 +0000
4Subject: Create mux socket for regress in temp directory
5
6In some setups, creating the socket under OBJ may result in a path that
7is too long for a Unix domain socket. Add a helper to let us portably
8create a temporary directory instead.
9
10Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2660
11Last-Update: 2017-01-03
12
13Patch-Name: regress-mktemp.patch
14---
15 Makefile.in | 5 +++++
16 regress/forwarding.sh | 3 ++-
17 regress/mkdtemp.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++
18 regress/multiplex.sh | 3 ++-
19 regress/test-exec.sh | 11 ++++++++++
20 5 files changed, 79 insertions(+), 2 deletions(-)
21 create mode 100644 regress/mkdtemp.c
22
23diff --git a/Makefile.in b/Makefile.in
24index a6eb81ec..a00347e2 100644
25--- a/Makefile.in
26+++ b/Makefile.in
27@@ -459,6 +459,10 @@ regress/check-perm$(EXEEXT): $(srcdir)/regress/check-perm.c $(REGRESSLIBS)
28 $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/check-perm.c \
29 $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
30
31+regress/mkdtemp$(EXEEXT): $(srcdir)/regress/mkdtemp.c $(REGRESSLIBS)
32+ $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/mkdtemp.c \
33+ $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
34+
35 UNITTESTS_TEST_HELPER_OBJS=\
36 regress/unittests/test_helper/test_helper.o \
37 regress/unittests/test_helper/fuzz.o
38@@ -557,6 +561,7 @@ regress-binaries: regress/modpipe$(EXEEXT) \
39 regress/setuid-allowed$(EXEEXT) \
40 regress/netcat$(EXEEXT) \
41 regress/check-perm$(EXEEXT) \
42+ regress/mkdtemp$(EXEEXT) \
43 regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \
44 regress/unittests/sshkey/test_sshkey$(EXEEXT) \
45 regress/unittests/bitmap/test_bitmap$(EXEEXT) \
46diff --git a/regress/forwarding.sh b/regress/forwarding.sh
47index a1a4b13f..592de7bc 100644
48--- a/regress/forwarding.sh
49+++ b/regress/forwarding.sh
50@@ -10,7 +10,8 @@ start_sshd
51 base=33
52 last=$PORT
53 fwd=""
54-CTL=$OBJ/ctl-sock
55+make_tmpdir
56+CTL=$TMP/ctl-sock
57
58 for j in 0 1 2; do
59 for i in 0 1 2; do
60diff --git a/regress/mkdtemp.c b/regress/mkdtemp.c
61new file mode 100644
62index 00000000..8c7d2e21
63--- /dev/null
64+++ b/regress/mkdtemp.c
65@@ -0,0 +1,59 @@
66+/*
67+ * Copyright (c) 2017 Colin Watson <cjwatson@debian.org>
68+ *
69+ * Permission to use, copy, modify, and distribute this software for any
70+ * purpose with or without fee is hereby granted, provided that the above
71+ * copyright notice and this permission notice appear in all copies.
72+ *
73+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
74+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
75+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
76+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
77+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
78+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
79+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
80+ */
81+
82+/* Roughly equivalent to "mktemp -d -t TEMPLATE", but portable. */
83+
84+#include "includes.h"
85+
86+#include <limits.h>
87+#include <stdio.h>
88+#include <stdlib.h>
89+
90+#include "log.h"
91+
92+static void
93+usage(void)
94+{
95+ fprintf(stderr, "mkdtemp template\n");
96+ exit(1);
97+}
98+
99+int
100+main(int argc, char **argv)
101+{
102+ const char *base;
103+ const char *tmpdir;
104+ char template[PATH_MAX];
105+ int r;
106+ char *dir;
107+
108+ if (argc != 2)
109+ usage();
110+ base = argv[1];
111+
112+ if ((tmpdir = getenv("TMPDIR")) == NULL)
113+ tmpdir = "/tmp";
114+ r = snprintf(template, sizeof(template), "%s/%s", tmpdir, base);
115+ if (r < 0 || (size_t)r >= sizeof(template))
116+ fatal("template string too long");
117+ dir = mkdtemp(template);
118+ if (dir == NULL) {
119+ perror("mkdtemp");
120+ exit(1);
121+ }
122+ puts(dir);
123+ return 0;
124+}
125diff --git a/regress/multiplex.sh b/regress/multiplex.sh
126index acb9234d..0ac4065e 100644
127--- a/regress/multiplex.sh
128+++ b/regress/multiplex.sh
129@@ -1,7 +1,8 @@
130 # $OpenBSD: multiplex.sh,v 1.27 2014/12/22 06:14:29 djm Exp $
131 # Placed in the Public Domain.
132
133-CTL=/tmp/openssh.regress.ctl-sock.$$
134+make_tmpdir
135+CTL=$TMP/ctl-sock
136
137 tid="connection multiplexing"
138
139diff --git a/regress/test-exec.sh b/regress/test-exec.sh
140index bfa48803..13a8e18f 100644
141--- a/regress/test-exec.sh
142+++ b/regress/test-exec.sh
143@@ -317,6 +317,14 @@ stop_sshd ()
144 fi
145 }
146
147+TMP=
148+
149+make_tmpdir ()
150+{
151+ TMP="$($OBJ/mkdtemp openssh-regress-XXXXXXXXXXXX)" || \
152+ fatal "failed to create temporary directory"
153+}
154+
155 # helper
156 cleanup ()
157 {
158@@ -327,6 +335,9 @@ cleanup ()
159 kill $SSH_PID
160 fi
161 fi
162+ if [ "x$TMP" != "x" ]; then
163+ rm -rf "$TMP"
164+ fi
165 stop_sshd
166 }
167
diff --git a/debian/patches/restore-authorized_keys2.patch b/debian/patches/restore-authorized_keys2.patch
index 86da09c7e..4aec2ddc9 100644
--- a/debian/patches/restore-authorized_keys2.patch
+++ b/debian/patches/restore-authorized_keys2.patch
@@ -1,4 +1,4 @@
1From e18d2ba71e6bf009c53e65509da84b712c300471 Mon Sep 17 00:00:00 2001 1From ec338656a3d6b21bb87f3b6367b232d297f601e5 Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org> 2From: Colin Watson <cjwatson@debian.org>
3Date: Sun, 5 Mar 2017 02:02:11 +0000 3Date: Sun, 5 Mar 2017 02:02:11 +0000
4Subject: Restore reading authorized_keys2 by default 4Subject: Restore reading authorized_keys2 by default
@@ -18,7 +18,7 @@ Patch-Name: restore-authorized_keys2.patch
18 1 file changed, 2 insertions(+), 3 deletions(-) 18 1 file changed, 2 insertions(+), 3 deletions(-)
19 19
20diff --git a/sshd_config b/sshd_config 20diff --git a/sshd_config b/sshd_config
21index 4aea6c72..bcf3ac17 100644 21index 92822959..a32dc1d4 100644
22--- a/sshd_config 22--- a/sshd_config
23+++ b/sshd_config 23+++ b/sshd_config
24@@ -36,9 +36,8 @@ 24@@ -36,9 +36,8 @@
diff --git a/debian/patches/restore-tcp-wrappers.patch b/debian/patches/restore-tcp-wrappers.patch
index ec958d3ab..67711c5f8 100644
--- a/debian/patches/restore-tcp-wrappers.patch
+++ b/debian/patches/restore-tcp-wrappers.patch
@@ -1,4 +1,4 @@
1From 5488e924267d7a845fb86a0b6b4db1e340799a5a Mon Sep 17 00:00:00 2001 1From 9d91ede3c03c99b6584038aa07d095d7c277ad3a Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org> 2From: Colin Watson <cjwatson@debian.org>
3Date: Tue, 7 Oct 2014 13:22:41 +0100 3Date: Tue, 7 Oct 2014 13:22:41 +0100
4Subject: Restore TCP wrappers support 4Subject: Restore TCP wrappers support
@@ -28,10 +28,10 @@ Patch-Name: restore-tcp-wrappers.patch
28 3 files changed, 89 insertions(+) 28 3 files changed, 89 insertions(+)
29 29
30diff --git a/configure.ac b/configure.ac 30diff --git a/configure.ac b/configure.ac
31index 5fdc696c..4747ce4a 100644 31index ead34acf..a92425db 100644
32--- a/configure.ac 32--- a/configure.ac
33+++ b/configure.ac 33+++ b/configure.ac
34@@ -1491,6 +1491,62 @@ AC_ARG_WITH([skey], 34@@ -1494,6 +1494,62 @@ AC_ARG_WITH([skey],
35 ] 35 ]
36 ) 36 )
37 37
@@ -94,16 +94,16 @@ index 5fdc696c..4747ce4a 100644
94 # Check whether user wants to use ldns 94 # Check whether user wants to use ldns
95 LDNS_MSG="no" 95 LDNS_MSG="no"
96 AC_ARG_WITH(ldns, 96 AC_ARG_WITH(ldns,
97@@ -5105,6 +5161,7 @@ echo " KerberosV support: $KRB5_MSG" 97@@ -5117,6 +5173,7 @@ echo " KerberosV support: $KRB5_MSG"
98 echo " SELinux support: $SELINUX_MSG" 98 echo " SELinux support: $SELINUX_MSG"
99 echo " Smartcard support: $SCARD_MSG" 99 echo " Smartcard support: $SCARD_MSG"
100 echo " S/KEY support: $SKEY_MSG" 100 echo " S/KEY support: $SKEY_MSG"
101+echo " TCP Wrappers support: $TCPW_MSG" 101+echo " TCP Wrappers support: $TCPW_MSG"
102 echo " MD5 password support: $MD5_MSG" 102 echo " MD5 password support: $MD5_MSG"
103 echo " libedit support: $LIBEDIT_MSG" 103 echo " libedit support: $LIBEDIT_MSG"
104 echo " Solaris process contract support: $SPC_MSG" 104 echo " libldns support: $LDNS_MSG"
105diff --git a/sshd.8 b/sshd.8 105diff --git a/sshd.8 b/sshd.8
106index 41fc5051..c6784602 100644 106index 7725a692..989dd4bf 100644
107--- a/sshd.8 107--- a/sshd.8
108+++ b/sshd.8 108+++ b/sshd.8
109@@ -825,6 +825,12 @@ the user's home directory becomes accessible. 109@@ -825,6 +825,12 @@ the user's home directory becomes accessible.
@@ -128,7 +128,7 @@ index 41fc5051..c6784602 100644
128 .Xr moduli 5 , 128 .Xr moduli 5 ,
129 .Xr sshd_config 5 , 129 .Xr sshd_config 5 ,
130diff --git a/sshd.c b/sshd.c 130diff --git a/sshd.c b/sshd.c
131index 0970f297..72d85de1 100644 131index 20a7a5f3..38cf9b49 100644
132--- a/sshd.c 132--- a/sshd.c
133+++ b/sshd.c 133+++ b/sshd.c
134@@ -127,6 +127,13 @@ 134@@ -127,6 +127,13 @@
@@ -145,7 +145,7 @@ index 0970f297..72d85de1 100644
145 /* Re-exec fds */ 145 /* Re-exec fds */
146 #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1) 146 #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1)
147 #define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2) 147 #define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2)
148@@ -1978,6 +1985,24 @@ main(int ac, char **av) 148@@ -1992,6 +1999,24 @@ main(int ac, char **av)
149 #ifdef SSH_AUDIT_EVENTS 149 #ifdef SSH_AUDIT_EVENTS
150 audit_connection_from(remote_ip, remote_port); 150 audit_connection_from(remote_ip, remote_port);
151 #endif 151 #endif
diff --git a/debian/patches/sandbox-x32-workaround.patch b/debian/patches/sandbox-x32-workaround.patch
deleted file mode 100644
index 340363de9..000000000
--- a/debian/patches/sandbox-x32-workaround.patch
+++ /dev/null
@@ -1,37 +0,0 @@
1From 8c1a0893f0e55a793071af9734d2fa2eb1f3a2a6 Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org>
3Date: Tue, 3 Jan 2017 14:01:56 +0000
4Subject: Work around clock_gettime kernel bug on Linux x32
5
6On Linux x32, the clock_gettime VDSO currently falls back to the x86-64
7syscall, so allow that as well as its x32 sibling.
8
9Bug-Debian: https://bugs.debian.org/849923
10Forwarded: no
11Last-Update: 2017-01-03
12
13Patch-Name: sandbox-x32-workaround.patch
14---
15 sandbox-seccomp-filter.c | 9 +++++++++
16 1 file changed, 9 insertions(+)
17
18diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
19index 2e1ed2c5..62c578d3 100644
20--- a/sandbox-seccomp-filter.c
21+++ b/sandbox-seccomp-filter.c
22@@ -137,6 +137,15 @@ static const struct sock_filter preauth_insns[] = {
23 #endif
24 #ifdef __NR_clock_gettime
25 SC_ALLOW(clock_gettime),
26+# if defined(__x86_64__) && defined(__ILP32__)
27+ /* On Linux x32, the clock_gettime VDSO currently falls back to the
28+ * x86-64 syscall (see https://bugs.debian.org/849923), so allow
29+ * that too.
30+ */
31+ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K,
32+ __NR_clock_gettime & ~__X32_SYSCALL_BIT, 0, 1),
33+ BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW),
34+# endif
35 #endif
36 #ifdef __NR_close
37 SC_ALLOW(close),
diff --git a/debian/patches/scp-quoting.patch b/debian/patches/scp-quoting.patch
index f318c49fb..f48709864 100644
--- a/debian/patches/scp-quoting.patch
+++ b/debian/patches/scp-quoting.patch
@@ -1,4 +1,4 @@
1From cfc11fb9604f8049957a409ff0835f642a047496 Mon Sep 17 00:00:00 2001 1From 17d18d2f87eaa6c781356a78800ee17ccd12218b Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Nicolas=20Valc=C3=A1rcel?= <nvalcarcel@ubuntu.com> 2From: =?UTF-8?q?Nicolas=20Valc=C3=A1rcel?= <nvalcarcel@ubuntu.com>
3Date: Sun, 9 Feb 2014 16:09:59 +0000 3Date: Sun, 9 Feb 2014 16:09:59 +0000
4Subject: Adjust scp quoting in verbose mode 4Subject: Adjust scp quoting in verbose mode
diff --git a/debian/patches/selinux-role.patch b/debian/patches/selinux-role.patch
index 98be50fad..ae83d23b0 100644
--- a/debian/patches/selinux-role.patch
+++ b/debian/patches/selinux-role.patch
@@ -1,4 +1,4 @@
1From a01822fe1c50668ef7918dfd28b1c7e88ff16254 Mon Sep 17 00:00:00 2001 1From e5d3ea2ca423a54b1d53d45252cb7173a15600eb Mon Sep 17 00:00:00 2001
2From: Manoj Srivastava <srivasta@debian.org> 2From: Manoj Srivastava <srivasta@debian.org>
3Date: Sun, 9 Feb 2014 16:09:49 +0000 3Date: Sun, 9 Feb 2014 16:09:49 +0000
4Subject: Handle SELinux authorisation roles 4Subject: Handle SELinux authorisation roles
@@ -43,11 +43,11 @@ index 338a62da..8c658d16 100644
43 char *info; /* Extra info for next auth_log */ 43 char *info; /* Extra info for next auth_log */
44 #ifdef BSD_AUTH 44 #ifdef BSD_AUTH
45diff --git a/auth2.c b/auth2.c 45diff --git a/auth2.c b/auth2.c
46index ce0d3760..461311bd 100644 46index 946e9235..2f51be23 100644
47--- a/auth2.c 47--- a/auth2.c
48+++ b/auth2.c 48+++ b/auth2.c
49@@ -216,7 +216,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) 49@@ -217,7 +217,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
50 { 50 struct ssh *ssh = active_state; /* XXX */
51 Authctxt *authctxt = ctxt; 51 Authctxt *authctxt = ctxt;
52 Authmethod *m = NULL; 52 Authmethod *m = NULL;
53- char *user, *service, *method, *style = NULL; 53- char *user, *service, *method, *style = NULL;
@@ -55,7 +55,7 @@ index ce0d3760..461311bd 100644
55 int authenticated = 0; 55 int authenticated = 0;
56 56
57 if (authctxt == NULL) 57 if (authctxt == NULL)
58@@ -228,8 +228,13 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) 58@@ -229,8 +229,13 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
59 debug("userauth-request for user %s service %s method %s", user, service, method); 59 debug("userauth-request for user %s service %s method %s", user, service, method);
60 debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); 60 debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
61 61
@@ -69,7 +69,7 @@ index ce0d3760..461311bd 100644
69 69
70 if (authctxt->attempt++ == 0) { 70 if (authctxt->attempt++ == 0) {
71 /* setup auth context */ 71 /* setup auth context */
72@@ -253,8 +258,9 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) 72@@ -257,8 +262,9 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
73 use_privsep ? " [net]" : ""); 73 use_privsep ? " [net]" : "");
74 authctxt->service = xstrdup(service); 74 authctxt->service = xstrdup(service);
75 authctxt->style = style ? xstrdup(style) : NULL; 75 authctxt->style = style ? xstrdup(style) : NULL;
@@ -81,7 +81,7 @@ index ce0d3760..461311bd 100644
81 if (auth2_setup_methods_lists(authctxt) != 0) 81 if (auth2_setup_methods_lists(authctxt) != 0)
82 packet_disconnect("no authentication methods enabled"); 82 packet_disconnect("no authentication methods enabled");
83diff --git a/monitor.c b/monitor.c 83diff --git a/monitor.c b/monitor.c
84index 76d9e346..64286a12 100644 84index 506645c7..7452e20e 100644
85--- a/monitor.c 85--- a/monitor.c
86+++ b/monitor.c 86+++ b/monitor.c
87@@ -127,6 +127,7 @@ int mm_answer_sign(int, Buffer *); 87@@ -127,6 +127,7 @@ int mm_answer_sign(int, Buffer *);
@@ -100,7 +100,7 @@ index 76d9e346..64286a12 100644
100 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, 100 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
101 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, 101 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
102 #ifdef USE_PAM 102 #ifdef USE_PAM
103@@ -786,6 +788,7 @@ mm_answer_pwnamallow(int sock, Buffer *m) 103@@ -791,6 +793,7 @@ mm_answer_pwnamallow(int sock, Buffer *m)
104 104
105 /* Allow service/style information on the auth context */ 105 /* Allow service/style information on the auth context */
106 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); 106 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
@@ -108,7 +108,7 @@ index 76d9e346..64286a12 100644
108 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); 108 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
109 109
110 #ifdef USE_PAM 110 #ifdef USE_PAM
111@@ -816,14 +819,37 @@ mm_answer_authserv(int sock, Buffer *m) 111@@ -821,14 +824,37 @@ mm_answer_authserv(int sock, Buffer *m)
112 112
113 authctxt->service = buffer_get_string(m, NULL); 113 authctxt->service = buffer_get_string(m, NULL);
114 authctxt->style = buffer_get_string(m, NULL); 114 authctxt->style = buffer_get_string(m, NULL);
@@ -148,7 +148,7 @@ index 76d9e346..64286a12 100644
148 return (0); 148 return (0);
149 } 149 }
150 150
151@@ -1458,7 +1484,7 @@ mm_answer_pty(int sock, Buffer *m) 151@@ -1463,7 +1489,7 @@ mm_answer_pty(int sock, Buffer *m)
152 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); 152 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
153 if (res == 0) 153 if (res == 0)
154 goto error; 154 goto error;
@@ -426,7 +426,7 @@ index 98e1dafe..0a31dce4 100644
426 const char *value); 426 const char *value);
427 427
428diff --git a/sshd.c b/sshd.c 428diff --git a/sshd.c b/sshd.c
429index 72d85de1..9aab36c3 100644 429index 38cf9b49..9221632e 100644
430--- a/sshd.c 430--- a/sshd.c
431+++ b/sshd.c 431+++ b/sshd.c
432@@ -678,7 +678,7 @@ privsep_postauth(Authctxt *authctxt) 432@@ -678,7 +678,7 @@ privsep_postauth(Authctxt *authctxt)
diff --git a/debian/patches/series b/debian/patches/series
index c5fc81486..52a8f50b1 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -25,12 +25,5 @@ sigstop.patch
25systemd-readiness.patch 25systemd-readiness.patch
26debian-config.patch 26debian-config.patch
27regress-integrity-robust.patch 27regress-integrity-robust.patch
28regress-forwarding-race.patch
29regress-mktemp.patch
30sandbox-x32-workaround.patch
31no-dsa-host-key-by-default.patch 28no-dsa-host-key-by-default.patch
32restore-authorized_keys2.patch 29restore-authorized_keys2.patch
33ssh-keygen-hash-corruption.patch
34ssh-keyscan-hash-port.patch
35ssh-keygen-null-deref.patch
36unbreak-unix-forwarding-for-root.patch
diff --git a/debian/patches/shell-path.patch b/debian/patches/shell-path.patch
index c263dd7f1..1fecd756e 100644
--- a/debian/patches/shell-path.patch
+++ b/debian/patches/shell-path.patch
@@ -1,4 +1,4 @@
1From 5ec0d5f79166a7e2aeab5c7f13d64bb08c4621bd Mon Sep 17 00:00:00 2001 1From ce9a126fdaa8ef6488364107cc66d04ecabc8cc4 Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org> 2From: Colin Watson <cjwatson@debian.org>
3Date: Sun, 9 Feb 2014 16:10:00 +0000 3Date: Sun, 9 Feb 2014 16:10:00 +0000
4Subject: Look for $SHELL on the path for ProxyCommand/LocalCommand 4Subject: Look for $SHELL on the path for ProxyCommand/LocalCommand
@@ -16,7 +16,7 @@ Patch-Name: shell-path.patch
16 1 file changed, 2 insertions(+), 2 deletions(-) 16 1 file changed, 2 insertions(+), 2 deletions(-)
17 17
18diff --git a/sshconnect.c b/sshconnect.c 18diff --git a/sshconnect.c b/sshconnect.c
19index 96b91ce1..698a0711 100644 19index 948b638a..7f169a8f 100644
20--- a/sshconnect.c 20--- a/sshconnect.c
21+++ b/sshconnect.c 21+++ b/sshconnect.c
22@@ -231,7 +231,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) 22@@ -231,7 +231,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
diff --git a/debian/patches/sigstop.patch b/debian/patches/sigstop.patch
index fa4d0a8cc..43d3937e5 100644
--- a/debian/patches/sigstop.patch
+++ b/debian/patches/sigstop.patch
@@ -1,4 +1,4 @@
1From 218ecbc433b69b8584000380626a9d9aa31c095b Mon Sep 17 00:00:00 2001 1From a91715df66fc2a0b7792e87a864c334f4cb15043 Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org> 2From: Colin Watson <cjwatson@debian.org>
3Date: Sun, 9 Feb 2014 16:10:17 +0000 3Date: Sun, 9 Feb 2014 16:10:17 +0000
4Subject: Support synchronisation with service supervisor using SIGSTOP 4Subject: Support synchronisation with service supervisor using SIGSTOP
@@ -13,10 +13,10 @@ Patch-Name: sigstop.patch
13 1 file changed, 10 insertions(+) 13 1 file changed, 10 insertions(+)
14 14
15diff --git a/sshd.c b/sshd.c 15diff --git a/sshd.c b/sshd.c
16index eebf1984..b6826c84 100644 16index f2f54b51..a2ca2d3e 100644
17--- a/sshd.c 17--- a/sshd.c
18+++ b/sshd.c 18+++ b/sshd.c
19@@ -1878,6 +1878,16 @@ main(int ac, char **av) 19@@ -1892,6 +1892,16 @@ main(int ac, char **av)
20 } 20 }
21 } 21 }
22 22
diff --git a/debian/patches/ssh-agent-setgid.patch b/debian/patches/ssh-agent-setgid.patch
index b14ec01d4..472eb2fa7 100644
--- a/debian/patches/ssh-agent-setgid.patch
+++ b/debian/patches/ssh-agent-setgid.patch
@@ -1,4 +1,4 @@
1From 0ae30d0171b789953318670ac8679127ddfb3cd1 Mon Sep 17 00:00:00 2001 1From 583919799c3946c5fa89f8907349c1443639b6bd Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org> 2From: Colin Watson <cjwatson@debian.org>
3Date: Sun, 9 Feb 2014 16:10:13 +0000 3Date: Sun, 9 Feb 2014 16:10:13 +0000
4Subject: Document consequences of ssh-agent being setgid in ssh-agent(1) 4Subject: Document consequences of ssh-agent being setgid in ssh-agent(1)
diff --git a/debian/patches/ssh-argv0.patch b/debian/patches/ssh-argv0.patch
index 7fbaa25dd..b637b7bda 100644
--- a/debian/patches/ssh-argv0.patch
+++ b/debian/patches/ssh-argv0.patch
@@ -1,4 +1,4 @@
1From e39339d49d1b05e1db45c6420d7e6da29cf483dc Mon Sep 17 00:00:00 2001 1From dce48f6795b6f0b1d4c2e069f26a21419ba4d575 Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org> 2From: Colin Watson <cjwatson@debian.org>
3Date: Sun, 9 Feb 2014 16:10:10 +0000 3Date: Sun, 9 Feb 2014 16:10:10 +0000
4Subject: ssh(1): Refer to ssh-argv0(1) 4Subject: ssh(1): Refer to ssh-argv0(1)
diff --git a/debian/patches/ssh-keygen-hash-corruption.patch b/debian/patches/ssh-keygen-hash-corruption.patch
deleted file mode 100644
index 7ef3c637c..000000000
--- a/debian/patches/ssh-keygen-hash-corruption.patch
+++ /dev/null
@@ -1,44 +0,0 @@
1From 78800aa252da1ebbfb55f7e593f43c337e694cc3 Mon Sep 17 00:00:00 2001
2From: "djm@openbsd.org" <djm@openbsd.org>
3Date: Fri, 3 Mar 2017 06:13:11 +0000
4Subject: upstream commit
5
6fix ssh-keygen -H accidentally corrupting known_hosts that
7contained already-hashed entries. HKF_MATCH_HOST_HASHED is only set by
8hostkeys_foreach() when hostname matching is in use, so we need to look for
9the hash marker explicitly.
10
11Upstream-ID: da82ad653b93e8a753580d3cf5cd448bc2520528
12
13Origin: https://anongit.mindrot.org/openssh.git/commit/?id=12d3767ba4c84c32150cbe6ff6494498780f12c9
14Bug-Debian: https://bugs.debian.org/851734
15Bug-Ubuntu: https://bugs.launchpad.net/bugs/1668093
16Last-Update: 2017-03-09
17
18Patch-Name: ssh-keygen-hash-corruption.patch
19---
20 ssh-keygen.c | 4 ++--
21 1 file changed, 2 insertions(+), 2 deletions(-)
22
23diff --git a/ssh-keygen.c b/ssh-keygen.c
24index 2a7939bf..0833ee61 100644
25--- a/ssh-keygen.c
26+++ b/ssh-keygen.c
27@@ -1082,6 +1082,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
28 struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx;
29 char *hashed, *cp, *hosts, *ohosts;
30 int has_wild = l->hosts && strcspn(l->hosts, "*?!") != strlen(l->hosts);
31+ int was_hashed = l->hosts[0] == HASH_DELIM;
32
33 switch (l->status) {
34 case HKF_STATUS_OK:
35@@ -1090,8 +1091,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
36 * Don't hash hosts already already hashed, with wildcard
37 * characters or a CA/revocation marker.
38 */
39- if ((l->match & HKF_MATCH_HOST_HASHED) != 0 ||
40- has_wild || l->marker != MRK_NONE) {
41+ if (was_hashed || has_wild || l->marker != MRK_NONE) {
42 fprintf(ctx->out, "%s\n", l->line);
43 if (has_wild && !find_host) {
44 logit("%s:%ld: ignoring host name "
diff --git a/debian/patches/ssh-keygen-null-deref.patch b/debian/patches/ssh-keygen-null-deref.patch
deleted file mode 100644
index 0220d7c66..000000000
--- a/debian/patches/ssh-keygen-null-deref.patch
+++ /dev/null
@@ -1,31 +0,0 @@
1From 35b2ea77a74348b575d680061f35ec7992b26ec8 Mon Sep 17 00:00:00 2001
2From: "dtucker@openbsd.org" <dtucker@openbsd.org>
3Date: Mon, 6 Mar 2017 02:03:20 +0000
4Subject: upstream commit
5
6Check l->hosts before dereferencing; fixes potential null
7pointer deref. ok djm@
8
9Upstream-ID: 81c0327c6ec361da794b5c680601195cc23d1301
10
11Origin: https://anongit.mindrot.org/openssh.git/commit/?id=18501151cf272a15b5f2c5e777f2e0933633c513
12Last-Update: 2017-03-16
13
14Patch-Name: ssh-keygen-null-deref.patch
15---
16 ssh-keygen.c | 2 +-
17 1 file changed, 1 insertion(+), 1 deletion(-)
18
19diff --git a/ssh-keygen.c b/ssh-keygen.c
20index 0833ee61..a7c1e80b 100644
21--- a/ssh-keygen.c
22+++ b/ssh-keygen.c
23@@ -1082,7 +1082,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
24 struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx;
25 char *hashed, *cp, *hosts, *ohosts;
26 int has_wild = l->hosts && strcspn(l->hosts, "*?!") != strlen(l->hosts);
27- int was_hashed = l->hosts[0] == HASH_DELIM;
28+ int was_hashed = l->hosts && l->hosts[0] == HASH_DELIM;
29
30 switch (l->status) {
31 case HKF_STATUS_OK:
diff --git a/debian/patches/ssh-keyscan-hash-port.patch b/debian/patches/ssh-keyscan-hash-port.patch
deleted file mode 100644
index 32a2f6a01..000000000
--- a/debian/patches/ssh-keyscan-hash-port.patch
+++ /dev/null
@@ -1,48 +0,0 @@
1From a0f9daa9c3cc2b37b9707b228263eb717d201371 Mon Sep 17 00:00:00 2001
2From: "djm@openbsd.org" <djm@openbsd.org>
3Date: Fri, 10 Mar 2017 03:18:24 +0000
4Subject: upstream commit
5
6correctly hash hosts with a port number. Reported by Josh
7Powers in bz#2692; ok dtucker@
8
9Upstream-ID: 468e357ff143e00acc05bdd2803a696b3d4b6442
10
11Origin: https://anongit.mindrot.org/openssh.git/commit/?id=8a2834454c73dfc1eb96453c0e97690595f3f4c2
12Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2692
13Bug-Debian: https://bugs.debian.org/857736
14Bug-Ubuntu: https://bugs.launchpad.net/bugs/1670745
15Last-Update: 2017-03-14
16
17Patch-Name: ssh-keyscan-hash-port.patch
18---
19 ssh-keyscan.c | 11 ++++++-----
20 1 file changed, 6 insertions(+), 5 deletions(-)
21
22diff --git a/ssh-keyscan.c b/ssh-keyscan.c
23index c30d54e6..24b51ff1 100644
24--- a/ssh-keyscan.c
25+++ b/ssh-keyscan.c
26@@ -321,16 +321,17 @@ keygrab_ssh2(con *c)
27 }
28
29 static void
30-keyprint_one(char *host, struct sshkey *key)
31+keyprint_one(const char *host, struct sshkey *key)
32 {
33 char *hostport;
34-
35- if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL)
36- fatal("host_hash failed");
37+ const char *known_host, *hashed;
38
39 hostport = put_host_port(host, ssh_port);
40+ if (hash_hosts && (hashed = host_hash(host, NULL, 0)) == NULL)
41+ fatal("host_hash failed");
42+ known_host = hash_hosts ? hashed : hostport;
43 if (!get_cert)
44- fprintf(stdout, "%s ", hostport);
45+ fprintf(stdout, "%s ", known_host);
46 sshkey_write(key, stdout);
47 fputs("\n", stdout);
48 free(hostport);
diff --git a/debian/patches/ssh-vulnkey-compat.patch b/debian/patches/ssh-vulnkey-compat.patch
index fbe64336b..d8f4ec973 100644
--- a/debian/patches/ssh-vulnkey-compat.patch
+++ b/debian/patches/ssh-vulnkey-compat.patch
@@ -1,4 +1,4 @@
1From ffecece153b7caedf997dccf17747633675631fd Mon Sep 17 00:00:00 2001 1From fb7c3c37876359b7a110e1386a6b7887cd2c8ca2 Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@ubuntu.com> 2From: Colin Watson <cjwatson@ubuntu.com>
3Date: Sun, 9 Feb 2014 16:09:50 +0000 3Date: Sun, 9 Feb 2014 16:09:50 +0000
4Subject: Accept obsolete ssh-vulnkey configuration options 4Subject: Accept obsolete ssh-vulnkey configuration options
@@ -17,19 +17,19 @@ Patch-Name: ssh-vulnkey-compat.patch
17 2 files changed, 2 insertions(+) 17 2 files changed, 2 insertions(+)
18 18
19diff --git a/readconf.c b/readconf.c 19diff --git a/readconf.c b/readconf.c
20index 7902ef26..c1c3aae0 100644 20index 00d9cc30..32a72957 100644
21--- a/readconf.c 21--- a/readconf.c
22+++ b/readconf.c 22+++ b/readconf.c
23@@ -194,6 +194,7 @@ static struct { 23@@ -186,6 +186,7 @@ static struct {
24 { "passwordauthentication", oPasswordAuthentication }, 24 { "fallbacktorsh", oDeprecated },
25 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, 25 { "globalknownhostsfile2", oDeprecated },
26 { "kbdinteractivedevices", oKbdInteractiveDevices }, 26 { "rhostsauthentication", oDeprecated },
27+ { "useblacklistedkeys", oDeprecated }, 27+ { "useblacklistedkeys", oDeprecated },
28 { "rsaauthentication", oRSAAuthentication }, 28 { "userknownhostsfile2", oDeprecated },
29 { "pubkeyauthentication", oPubkeyAuthentication }, 29 { "useroaming", oDeprecated },
30 { "dsaauthentication", oPubkeyAuthentication }, /* alias */ 30 { "usersh", oDeprecated },
31diff --git a/servconf.c b/servconf.c 31diff --git a/servconf.c b/servconf.c
32index 14c81fa9..49d3bdc8 100644 32index d796b7c8..ca73f7c5 100644
33--- a/servconf.c 33--- a/servconf.c
34+++ b/servconf.c 34+++ b/servconf.c
35@@ -521,6 +521,7 @@ static struct { 35@@ -521,6 +521,7 @@ static struct {
diff --git a/debian/patches/syslog-level-silent.patch b/debian/patches/syslog-level-silent.patch
index 7a4839c03..3f012c99c 100644
--- a/debian/patches/syslog-level-silent.patch
+++ b/debian/patches/syslog-level-silent.patch
@@ -1,4 +1,4 @@
1From f4d9efefeae948e1e00212bf9702245c3c51c8c5 Mon Sep 17 00:00:00 2001 1From b5695a565e466477305d2ae0059b09e94ae6f44e Mon Sep 17 00:00:00 2001
2From: Jonathan David Amery <jdamery@ysolde.ucam.org> 2From: Jonathan David Amery <jdamery@ysolde.ucam.org>
3Date: Sun, 9 Feb 2014 16:09:54 +0000 3Date: Sun, 9 Feb 2014 16:09:54 +0000
4Subject: "LogLevel SILENT" compatibility 4Subject: "LogLevel SILENT" compatibility
@@ -21,7 +21,7 @@ Patch-Name: syslog-level-silent.patch
21 2 files changed, 2 insertions(+), 1 deletion(-) 21 2 files changed, 2 insertions(+), 1 deletion(-)
22 22
23diff --git a/log.c b/log.c 23diff --git a/log.c b/log.c
24index 2b59c427..ffc8ffbb 100644 24index d0f86cf6..0e515e26 100644
25--- a/log.c 25--- a/log.c
26+++ b/log.c 26+++ b/log.c
27@@ -93,6 +93,7 @@ static struct { 27@@ -93,6 +93,7 @@ static struct {
@@ -33,7 +33,7 @@ index 2b59c427..ffc8ffbb 100644
33 { "FATAL", SYSLOG_LEVEL_FATAL }, 33 { "FATAL", SYSLOG_LEVEL_FATAL },
34 { "ERROR", SYSLOG_LEVEL_ERROR }, 34 { "ERROR", SYSLOG_LEVEL_ERROR },
35diff --git a/ssh.c b/ssh.c 35diff --git a/ssh.c b/ssh.c
36index ee0b16dc..39609e79 100644 36index 32b27bbc..b65f35ac 100644
37--- a/ssh.c 37--- a/ssh.c
38+++ b/ssh.c 38+++ b/ssh.c
39@@ -1167,7 +1167,7 @@ main(int ac, char **av) 39@@ -1167,7 +1167,7 @@ main(int ac, char **av)
diff --git a/debian/patches/systemd-readiness.patch b/debian/patches/systemd-readiness.patch
index 6c8cf9b6d..1d7a14168 100644
--- a/debian/patches/systemd-readiness.patch
+++ b/debian/patches/systemd-readiness.patch
@@ -1,4 +1,4 @@
1From 0fd4134a3ef467e1e69db5b19b7903cf306ec64b Mon Sep 17 00:00:00 2001 1From bd5c1cc302550e4caf8c3a6942f48a784f347b58 Mon Sep 17 00:00:00 2001
2From: Michael Biebl <biebl@debian.org> 2From: Michael Biebl <biebl@debian.org>
3Date: Mon, 21 Dec 2015 16:08:47 +0000 3Date: Mon, 21 Dec 2015 16:08:47 +0000
4Subject: Add systemd readiness notification support 4Subject: Add systemd readiness notification support
@@ -14,10 +14,10 @@ Patch-Name: systemd-readiness.patch
14 2 files changed, 33 insertions(+) 14 2 files changed, 33 insertions(+)
15 15
16diff --git a/configure.ac b/configure.ac 16diff --git a/configure.ac b/configure.ac
17index 4747ce4a..9f59794b 100644 17index a92425db..9d89bc35 100644
18--- a/configure.ac 18--- a/configure.ac
19+++ b/configure.ac 19+++ b/configure.ac
20@@ -4364,6 +4364,29 @@ AC_ARG_WITH([kerberos5], 20@@ -4376,6 +4376,29 @@ AC_ARG_WITH([kerberos5],
21 AC_SUBST([GSSLIBS]) 21 AC_SUBST([GSSLIBS])
22 AC_SUBST([K5LIBS]) 22 AC_SUBST([K5LIBS])
23 23
@@ -47,7 +47,7 @@ index 4747ce4a..9f59794b 100644
47 # Looking for programs, paths and files 47 # Looking for programs, paths and files
48 48
49 PRIVSEP_PATH=/var/empty 49 PRIVSEP_PATH=/var/empty
50@@ -5167,6 +5190,7 @@ echo " libedit support: $LIBEDIT_MSG" 50@@ -5180,6 +5203,7 @@ echo " libldns support: $LDNS_MSG"
51 echo " Solaris process contract support: $SPC_MSG" 51 echo " Solaris process contract support: $SPC_MSG"
52 echo " Solaris project support: $SP_MSG" 52 echo " Solaris project support: $SP_MSG"
53 echo " Solaris privilege support: $SPP_MSG" 53 echo " Solaris privilege support: $SPP_MSG"
@@ -56,7 +56,7 @@ index 4747ce4a..9f59794b 100644
56 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 56 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
57 echo " BSD Auth support: $BSD_AUTH_MSG" 57 echo " BSD Auth support: $BSD_AUTH_MSG"
58diff --git a/sshd.c b/sshd.c 58diff --git a/sshd.c b/sshd.c
59index b6826c84..027daa9d 100644 59index a2ca2d3e..8996e0e8 100644
60--- a/sshd.c 60--- a/sshd.c
61+++ b/sshd.c 61+++ b/sshd.c
62@@ -85,6 +85,10 @@ 62@@ -85,6 +85,10 @@
@@ -70,7 +70,7 @@ index b6826c84..027daa9d 100644
70 #include "xmalloc.h" 70 #include "xmalloc.h"
71 #include "ssh.h" 71 #include "ssh.h"
72 #include "ssh2.h" 72 #include "ssh2.h"
73@@ -1888,6 +1892,11 @@ main(int ac, char **av) 73@@ -1902,6 +1906,11 @@ main(int ac, char **av)
74 unsetenv("SSH_SIGSTOP"); 74 unsetenv("SSH_SIGSTOP");
75 } 75 }
76 76
diff --git a/debian/patches/unbreak-unix-forwarding-for-root.patch b/debian/patches/unbreak-unix-forwarding-for-root.patch
deleted file mode 100644
index 8408a118a..000000000
--- a/debian/patches/unbreak-unix-forwarding-for-root.patch
+++ /dev/null
@@ -1,80 +0,0 @@
1From 904bc482ad87648a2c799c441dc6a8449f24e15a Mon Sep 17 00:00:00 2001
2From: "djm@openbsd.org" <djm@openbsd.org>
3Date: Wed, 4 Jan 2017 05:37:40 +0000
4Subject: upstream commit
5
6unbreak Unix domain socket forwarding for root; ok
7markus@
8
9Upstream-ID: 6649c76eb7a3fa15409373295ca71badf56920a2
10
11Origin: https://anongit.mindrot.org/openssh.git/commit/?id=51045869fa084cdd016fdd721ea760417c0a3bf3
12Bug-Debian: https://bugs.debian.org/858252
13Last-Update: 2017-03-30
14
15Patch-Name: unbreak-unix-forwarding-for-root.patch
16---
17 serverloop.c | 19 ++++++++++++-------
18 1 file changed, 12 insertions(+), 7 deletions(-)
19
20diff --git a/serverloop.c b/serverloop.c
21index c4e4699d..c55d203b 100644
22--- a/serverloop.c
23+++ b/serverloop.c
24@@ -468,6 +468,10 @@ server_request_direct_streamlocal(void)
25 Channel *c = NULL;
26 char *target, *originator;
27 u_short originator_port;
28+ struct passwd *pw = the_authctxt->pw;
29+
30+ if (pw == NULL || !the_authctxt->valid)
31+ fatal("server_input_global_request: no/invalid user");
32
33 target = packet_get_string(NULL);
34 originator = packet_get_string(NULL);
35@@ -480,7 +484,7 @@ server_request_direct_streamlocal(void)
36 /* XXX fine grained permissions */
37 if ((options.allow_streamlocal_forwarding & FORWARD_LOCAL) != 0 &&
38 !no_port_forwarding_flag && !options.disable_forwarding &&
39- use_privsep) {
40+ (pw->pw_uid == 0 || use_privsep)) {
41 c = channel_connect_to_path(target,
42 "direct-streamlocal@openssh.com", "direct-streamlocal");
43 } else {
44@@ -702,6 +706,10 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
45 int want_reply;
46 int r, success = 0, allocated_listen_port = 0;
47 struct sshbuf *resp = NULL;
48+ struct passwd *pw = the_authctxt->pw;
49+
50+ if (pw == NULL || !the_authctxt->valid)
51+ fatal("server_input_global_request: no/invalid user");
52
53 rtype = packet_get_string(NULL);
54 want_reply = packet_get_char();
55@@ -709,12 +717,8 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
56
57 /* -R style forwarding */
58 if (strcmp(rtype, "tcpip-forward") == 0) {
59- struct passwd *pw;
60 struct Forward fwd;
61
62- pw = the_authctxt->pw;
63- if (pw == NULL || !the_authctxt->valid)
64- fatal("server_input_global_request: no/invalid user");
65 memset(&fwd, 0, sizeof(fwd));
66 fwd.listen_host = packet_get_string(NULL);
67 fwd.listen_port = (u_short)packet_get_int();
68@@ -762,9 +766,10 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
69 /* check permissions */
70 if ((options.allow_streamlocal_forwarding & FORWARD_REMOTE) == 0
71 || no_port_forwarding_flag || options.disable_forwarding ||
72- !use_privsep) {
73+ (pw->pw_uid != 0 && !use_privsep)) {
74 success = 0;
75- packet_send_debug("Server has disabled port forwarding.");
76+ packet_send_debug("Server has disabled "
77+ "streamlocal forwarding.");
78 } else {
79 /* Start listening on the socket */
80 success = channel_setup_remote_fwd_listener(
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch
index 2e32f9d76..17e7126ca 100644
--- a/debian/patches/user-group-modes.patch
+++ b/debian/patches/user-group-modes.patch
@@ -1,4 +1,4 @@
1From c20ad02ad58a523c6f4974e1ca124e71b7b801b1 Mon Sep 17 00:00:00 2001 1From 0b9c0482cbff9ce16384e4247d955676d4d77df3 Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org> 2From: Colin Watson <cjwatson@debian.org>
3Date: Sun, 9 Feb 2014 16:09:58 +0000 3Date: Sun, 9 Feb 2014 16:09:58 +0000
4Subject: Allow harmless group-writability 4Subject: Allow harmless group-writability
@@ -86,7 +86,7 @@ index c6390687..90390724 100644
86 "bad ownership or modes for directory %s", buf); 86 "bad ownership or modes for directory %s", buf);
87 return -1; 87 return -1;
88diff --git a/misc.c b/misc.c 88diff --git a/misc.c b/misc.c
89index 65c9222a..bf9153a6 100644 89index cfd32729..6e972f56 100644
90--- a/misc.c 90--- a/misc.c
91+++ b/misc.c 91+++ b/misc.c
92@@ -51,8 +51,9 @@ 92@@ -51,8 +51,9 @@
@@ -108,7 +108,7 @@ index 65c9222a..bf9153a6 100644
108 108
109 /* remove newline at end of string */ 109 /* remove newline at end of string */
110 char * 110 char *
111@@ -708,6 +710,71 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz, 111@@ -713,6 +715,71 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz,
112 return -1; 112 return -1;
113 } 113 }
114 114
@@ -218,10 +218,10 @@ index cd7bf566..380ee3a4 100644
218- return 0; 218- return 0;
219-} 219-}
220diff --git a/readconf.c b/readconf.c 220diff --git a/readconf.c b/readconf.c
221index 3efba242..c02cdf63 100644 221index 0b1370a8..70fac682 100644
222--- a/readconf.c 222--- a/readconf.c
223+++ b/readconf.c 223+++ b/readconf.c
224@@ -1752,8 +1752,7 @@ read_config_file_depth(const char *filename, struct passwd *pw, 224@@ -1773,8 +1773,7 @@ read_config_file_depth(const char *filename, struct passwd *pw,
225 225
226 if (fstat(fileno(f), &sb) == -1) 226 if (fstat(fileno(f), &sb) == -1)
227 fatal("fstat %s: %s", filename, strerror(errno)); 227 fatal("fstat %s: %s", filename, strerror(errno));
@@ -245,10 +245,10 @@ index 4011c65a..feef81a5 100644
245 .It Pa ~/.ssh/environment 245 .It Pa ~/.ssh/environment
246 Contains additional definitions for environment variables; see 246 Contains additional definitions for environment variables; see
247diff --git a/ssh_config.5 b/ssh_config.5 247diff --git a/ssh_config.5 b/ssh_config.5
248index a0457314..0483a1ee 100644 248index e4eaa5ae..a04e5757 100644
249--- a/ssh_config.5 249--- a/ssh_config.5
250+++ b/ssh_config.5 250+++ b/ssh_config.5
251@@ -1803,6 +1803,8 @@ The format of this file is described above. 251@@ -1827,6 +1827,8 @@ The format of this file is described above.
252 This file is used by the SSH client. 252 This file is used by the SSH client.
253 Because of the potential for abuse, this file must have strict permissions: 253 Because of the potential for abuse, this file must have strict permissions:
254 read/write for the user, and not accessible by others. 254 read/write for the user, and not accessible by others.
diff --git a/digest-openssl.c b/digest-openssl.c
index 13b63c2f0..c55ceb93f 100644
--- a/digest-openssl.c
+++ b/digest-openssl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: digest-openssl.c,v 1.5 2014/12/21 22:27:56 djm Exp $ */ 1/* $OpenBSD: digest-openssl.c,v 1.6 2017/03/10 02:59:51 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2013 Damien Miller <djm@mindrot.org> 3 * Copyright (c) 2013 Damien Miller <djm@mindrot.org>
4 * 4 *
@@ -158,7 +158,7 @@ ssh_digest_final(struct ssh_digest_ctx *ctx, u_char *d, size_t dlen)
158 const struct ssh_digest *digest = ssh_digest_by_alg(ctx->alg); 158 const struct ssh_digest *digest = ssh_digest_by_alg(ctx->alg);
159 u_int l = dlen; 159 u_int l = dlen;
160 160
161 if (dlen > UINT_MAX) 161 if (digest == NULL || dlen > UINT_MAX)
162 return SSH_ERR_INVALID_ARGUMENT; 162 return SSH_ERR_INVALID_ARGUMENT;
163 if (dlen < digest->digest_len) /* No truncation allowed */ 163 if (dlen < digest->digest_len) /* No truncation allowed */
164 return SSH_ERR_INVALID_ARGUMENT; 164 return SSH_ERR_INVALID_ARGUMENT;
diff --git a/hostfile.c b/hostfile.c
index 4548fbab3..e23faa969 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: hostfile.c,v 1.67 2016/09/17 18:00:27 tedu Exp $ */ 1/* $OpenBSD: hostfile.c,v 1.68 2017/03/10 04:26:06 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -419,19 +419,24 @@ write_host_entry(FILE *f, const char *host, const char *ip,
419 const struct sshkey *key, int store_hash) 419 const struct sshkey *key, int store_hash)
420{ 420{
421 int r, success = 0; 421 int r, success = 0;
422 char *hashed_host = NULL; 422 char *hashed_host = NULL, *lhost;
423
424 lhost = xstrdup(host);
425 lowercase(lhost);
423 426
424 if (store_hash) { 427 if (store_hash) {
425 if ((hashed_host = host_hash(host, NULL, 0)) == NULL) { 428 if ((hashed_host = host_hash(lhost, NULL, 0)) == NULL) {
426 error("%s: host_hash failed", __func__); 429 error("%s: host_hash failed", __func__);
430 free(lhost);
427 return 0; 431 return 0;
428 } 432 }
429 fprintf(f, "%s ", hashed_host); 433 fprintf(f, "%s ", hashed_host);
430 } else if (ip != NULL) 434 } else if (ip != NULL)
431 fprintf(f, "%s,%s ", host, ip); 435 fprintf(f, "%s,%s ", lhost, ip);
432 else 436 else {
433 fprintf(f, "%s ", host); 437 fprintf(f, "%s ", lhost);
434 438 }
439 free(lhost);
435 if ((r = sshkey_write(key, f)) == 0) 440 if ((r = sshkey_write(key, f)) == 0)
436 success = 1; 441 success = 1;
437 else 442 else
diff --git a/kex.c b/kex.c
index d87086844..556a32e98 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kex.c,v 1.127 2016/10/10 19:28:48 markus Exp $ */ 1/* $OpenBSD: kex.c,v 1.131 2017/03/15 07:07:39 markus Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -194,7 +194,7 @@ kex_names_valid(const char *names)
194char * 194char *
195kex_names_cat(const char *a, const char *b) 195kex_names_cat(const char *a, const char *b)
196{ 196{
197 char *ret = NULL, *tmp = NULL, *cp, *p; 197 char *ret = NULL, *tmp = NULL, *cp, *p, *m;
198 size_t len; 198 size_t len;
199 199
200 if (a == NULL || *a == '\0') 200 if (a == NULL || *a == '\0')
@@ -211,8 +211,10 @@ kex_names_cat(const char *a, const char *b)
211 } 211 }
212 strlcpy(ret, a, len); 212 strlcpy(ret, a, len);
213 for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) { 213 for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) {
214 if (match_list(ret, p, NULL) != NULL) 214 if ((m = match_list(ret, p, NULL)) != NULL) {
215 free(m);
215 continue; /* Algorithm already present */ 216 continue; /* Algorithm already present */
217 }
216 if (strlcat(ret, ",", len) >= len || 218 if (strlcat(ret, ",", len) >= len ||
217 strlcat(ret, p, len) >= len) { 219 strlcat(ret, p, len) >= len) {
218 free(tmp); 220 free(tmp);
@@ -227,7 +229,8 @@ kex_names_cat(const char *a, const char *b)
227/* 229/*
228 * Assemble a list of algorithms from a default list and a string from a 230 * Assemble a list of algorithms from a default list and a string from a
229 * configuration file. The user-provided string may begin with '+' to 231 * configuration file. The user-provided string may begin with '+' to
230 * indicate that it should be appended to the default. 232 * indicate that it should be appended to the default or '-' that the
233 * specified names should be removed.
231 */ 234 */
232int 235int
233kex_assemble_names(const char *def, char **list) 236kex_assemble_names(const char *def, char **list)
@@ -238,14 +241,18 @@ kex_assemble_names(const char *def, char **list)
238 *list = strdup(def); 241 *list = strdup(def);
239 return 0; 242 return 0;
240 } 243 }
241 if (**list != '+') { 244 if (**list == '+') {
242 return 0; 245 if ((ret = kex_names_cat(def, *list + 1)) == NULL)
246 return SSH_ERR_ALLOC_FAIL;
247 free(*list);
248 *list = ret;
249 } else if (**list == '-') {
250 if ((ret = match_filter_list(def, *list + 1)) == NULL)
251 return SSH_ERR_ALLOC_FAIL;
252 free(*list);
253 *list = ret;
243 } 254 }
244 255
245 if ((ret = kex_names_cat(def, *list + 1)) == NULL)
246 return SSH_ERR_ALLOC_FAIL;
247 free(*list);
248 *list = ret;
249 return 0; 256 return 0;
250} 257}
251 258
@@ -350,7 +357,6 @@ kex_reset_dispatch(struct ssh *ssh)
350{ 357{
351 ssh_dispatch_range(ssh, SSH2_MSG_TRANSPORT_MIN, 358 ssh_dispatch_range(ssh, SSH2_MSG_TRANSPORT_MIN,
352 SSH2_MSG_TRANSPORT_MAX, &kex_protocol_error); 359 SSH2_MSG_TRANSPORT_MAX, &kex_protocol_error);
353 ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit);
354} 360}
355 361
356static int 362static int
@@ -359,7 +365,7 @@ kex_send_ext_info(struct ssh *ssh)
359 int r; 365 int r;
360 char *algs; 366 char *algs;
361 367
362 if ((algs = sshkey_alg_list(0, 1, ',')) == NULL) 368 if ((algs = sshkey_alg_list(0, 1, 1, ',')) == NULL)
363 return SSH_ERR_ALLOC_FAIL; 369 return SSH_ERR_ALLOC_FAIL;
364 if ((r = sshpkt_start(ssh, SSH2_MSG_EXT_INFO)) != 0 || 370 if ((r = sshpkt_start(ssh, SSH2_MSG_EXT_INFO)) != 0 ||
365 (r = sshpkt_put_u32(ssh, 1)) != 0 || 371 (r = sshpkt_put_u32(ssh, 1)) != 0 ||
@@ -440,6 +446,7 @@ kex_input_newkeys(int type, u_int32_t seq, void *ctxt)
440 446
441 debug("SSH2_MSG_NEWKEYS received"); 447 debug("SSH2_MSG_NEWKEYS received");
442 ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_protocol_error); 448 ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_protocol_error);
449 ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit);
443 if ((r = sshpkt_get_end(ssh)) != 0) 450 if ((r = sshpkt_get_end(ssh)) != 0)
444 return r; 451 return r;
445 if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0) 452 if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0)
@@ -554,6 +561,7 @@ kex_new(struct ssh *ssh, char *proposal[PROPOSAL_MAX], struct kex **kexp)
554 goto out; 561 goto out;
555 kex->done = 0; 562 kex->done = 0;
556 kex_reset_dispatch(ssh); 563 kex_reset_dispatch(ssh);
564 ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit);
557 r = 0; 565 r = 0;
558 *kexp = kex; 566 *kexp = kex;
559 out: 567 out:
@@ -665,8 +673,10 @@ choose_enc(struct sshenc *enc, char *client, char *server)
665 673
666 if (name == NULL) 674 if (name == NULL)
667 return SSH_ERR_NO_CIPHER_ALG_MATCH; 675 return SSH_ERR_NO_CIPHER_ALG_MATCH;
668 if ((enc->cipher = cipher_by_name(name)) == NULL) 676 if ((enc->cipher = cipher_by_name(name)) == NULL) {
677 free(name);
669 return SSH_ERR_INTERNAL_ERROR; 678 return SSH_ERR_INTERNAL_ERROR;
679 }
670 enc->name = name; 680 enc->name = name;
671 enc->enabled = 0; 681 enc->enabled = 0;
672 enc->iv = NULL; 682 enc->iv = NULL;
@@ -684,8 +694,10 @@ choose_mac(struct ssh *ssh, struct sshmac *mac, char *client, char *server)
684 694
685 if (name == NULL) 695 if (name == NULL)
686 return SSH_ERR_NO_MAC_ALG_MATCH; 696 return SSH_ERR_NO_MAC_ALG_MATCH;
687 if (mac_setup(mac, name) < 0) 697 if (mac_setup(mac, name) < 0) {
698 free(name);
688 return SSH_ERR_INTERNAL_ERROR; 699 return SSH_ERR_INTERNAL_ERROR;
700 }
689 /* truncate the key */ 701 /* truncate the key */
690 if (ssh->compat & SSH_BUG_HMAC) 702 if (ssh->compat & SSH_BUG_HMAC)
691 mac->key_len = 16; 703 mac->key_len = 16;
@@ -709,6 +721,7 @@ choose_comp(struct sshcomp *comp, char *client, char *server)
709 } else if (strcmp(name, "none") == 0) { 721 } else if (strcmp(name, "none") == 0) {
710 comp->type = COMP_NONE; 722 comp->type = COMP_NONE;
711 } else { 723 } else {
724 free(name);
712 return SSH_ERR_INTERNAL_ERROR; 725 return SSH_ERR_INTERNAL_ERROR;
713 } 726 }
714 comp->name = name; 727 comp->name = name;
diff --git a/krl.c b/krl.c
index e271a1934..3f28178b7 100644
--- a/krl.c
+++ b/krl.c
@@ -14,7 +14,7 @@
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */ 15 */
16 16
17/* $OpenBSD: krl.c,v 1.38 2016/09/12 01:22:38 deraadt Exp $ */ 17/* $OpenBSD: krl.c,v 1.39 2017/03/10 07:18:32 dtucker Exp $ */
18 18
19#include "includes.h" 19#include "includes.h"
20 20
@@ -1089,7 +1089,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
1089 break; 1089 break;
1090 case KRL_SECTION_SIGNATURE: 1090 case KRL_SECTION_SIGNATURE:
1091 /* Handled above, but still need to stay in synch */ 1091 /* Handled above, but still need to stay in synch */
1092 sshbuf_reset(sect); 1092 sshbuf_free(sect);
1093 sect = NULL; 1093 sect = NULL;
1094 if ((r = sshbuf_skip_string(copy)) != 0) 1094 if ((r = sshbuf_skip_string(copy)) != 0)
1095 goto out; 1095 goto out;
@@ -1288,7 +1288,8 @@ ssh_krl_file_contains_key(const char *path, const struct sshkey *key)
1288 debug2("%s: checking KRL %s", __func__, path); 1288 debug2("%s: checking KRL %s", __func__, path);
1289 r = ssh_krl_check_key(krl, key); 1289 r = ssh_krl_check_key(krl, key);
1290 out: 1290 out:
1291 close(fd); 1291 if (fd != -1)
1292 close(fd);
1292 sshbuf_free(krlbuf); 1293 sshbuf_free(krlbuf);
1293 ssh_krl_free(krl); 1294 ssh_krl_free(krl);
1294 if (r != 0) 1295 if (r != 0)
diff --git a/log.c b/log.c
index ffc8ffbb1..0e515e26d 100644
--- a/log.c
+++ b/log.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: log.c,v 1.48 2016/07/15 05:01:58 dtucker Exp $ */ 1/* $OpenBSD: log.c,v 1.49 2017/03/10 03:15:58 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -454,7 +454,8 @@ do_log(LogLevel level, const char *fmt, va_list args)
454 tmp_handler(level, fmtbuf, log_handler_ctx); 454 tmp_handler(level, fmtbuf, log_handler_ctx);
455 log_handler = tmp_handler; 455 log_handler = tmp_handler;
456 } else if (log_on_stderr) { 456 } else if (log_on_stderr) {
457 snprintf(msgbuf, sizeof msgbuf, "%s\r\n", fmtbuf); 457 snprintf(msgbuf, sizeof msgbuf, "%.*s\r\n",
458 (int)sizeof msgbuf - 3, fmtbuf);
458 (void)write(log_stderr_fd, msgbuf, strlen(msgbuf)); 459 (void)write(log_stderr_fd, msgbuf, strlen(msgbuf));
459 } else { 460 } else {
460#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) 461#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT)
diff --git a/match.c b/match.c
index c15dcd1ef..3cf40306b 100644
--- a/match.c
+++ b/match.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: match.c,v 1.33 2016/11/06 05:46:37 djm Exp $ */ 1/* $OpenBSD: match.c,v 1.37 2017/03/10 04:24:55 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -42,9 +42,11 @@
42#include <ctype.h> 42#include <ctype.h>
43#include <stdlib.h> 43#include <stdlib.h>
44#include <string.h> 44#include <string.h>
45#include <stdio.h>
45 46
46#include "xmalloc.h" 47#include "xmalloc.h"
47#include "match.h" 48#include "match.h"
49#include "misc.h"
48 50
49/* 51/*
50 * Returns true if the given string matches the pattern (which may contain ? 52 * Returns true if the given string matches the pattern (which may contain ?
@@ -145,7 +147,7 @@ match_pattern_list(const char *string, const char *pattern, int dolower)
145 if (subi >= sizeof(sub) - 1) 147 if (subi >= sizeof(sub) - 1)
146 return 0; 148 return 0;
147 149
148 /* If the subpattern was terminated by a comma, skip the comma. */ 150 /* If the subpattern was terminated by a comma, then skip it. */
149 if (i < len && pattern[i] == ',') 151 if (i < len && pattern[i] == ',')
150 i++; 152 i++;
151 153
@@ -177,7 +179,13 @@ match_pattern_list(const char *string, const char *pattern, int dolower)
177int 179int
178match_hostname(const char *host, const char *pattern) 180match_hostname(const char *host, const char *pattern)
179{ 181{
180 return match_pattern_list(host, pattern, 1); 182 char *hostcopy = xstrdup(host);
183 int r;
184
185 lowercase(hostcopy);
186 r = match_pattern_list(hostcopy, pattern, 1);
187 free(hostcopy);
188 return r;
181} 189}
182 190
183/* 191/*
@@ -284,3 +292,35 @@ match_list(const char *client, const char *server, u_int *next)
284 free(s); 292 free(s);
285 return NULL; 293 return NULL;
286} 294}
295
296/*
297 * Filters a comma-separated list of strings, excluding any entry matching
298 * the 'filter' pattern list. Caller must free returned string.
299 */
300char *
301match_filter_list(const char *proposal, const char *filter)
302{
303 size_t len = strlen(proposal) + 1;
304 char *fix_prop = malloc(len);
305 char *orig_prop = strdup(proposal);
306 char *cp, *tmp;
307
308 if (fix_prop == NULL || orig_prop == NULL) {
309 free(orig_prop);
310 free(fix_prop);
311 return NULL;
312 }
313
314 tmp = orig_prop;
315 *fix_prop = '\0';
316 while ((cp = strsep(&tmp, ",")) != NULL) {
317 if (match_pattern_list(cp, filter, 0) != 1) {
318 if (*fix_prop != '\0')
319 strlcat(fix_prop, ",", len);
320 strlcat(fix_prop, cp, len);
321 }
322 }
323 free(orig_prop);
324 return fix_prop;
325}
326
diff --git a/match.h b/match.h
index db97ca8f7..937ba0412 100644
--- a/match.h
+++ b/match.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: match.h,v 1.16 2015/05/04 06:10:48 djm Exp $ */ 1/* $OpenBSD: match.h,v 1.17 2017/02/03 23:01:19 djm Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -20,6 +20,7 @@ int match_hostname(const char *, const char *);
20int match_host_and_ip(const char *, const char *, const char *); 20int match_host_and_ip(const char *, const char *, const char *);
21int match_user(const char *, const char *, const char *, const char *); 21int match_user(const char *, const char *, const char *, const char *);
22char *match_list(const char *, const char *, u_int *); 22char *match_list(const char *, const char *, u_int *);
23char *match_filter_list(const char *, const char *);
23 24
24/* addrmatch.c */ 25/* addrmatch.c */
25int addr_match_list(const char *, const char *); 26int addr_match_list(const char *, const char *);
diff --git a/misc.c b/misc.c
index bf9153a61..6e972f563 100644
--- a/misc.c
+++ b/misc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: misc.c,v 1.107 2016/11/30 00:28:31 dtucker Exp $ */ 1/* $OpenBSD: misc.c,v 1.109 2017/03/14 00:55:37 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2005,2006 Damien Miller. All rights reserved. 4 * Copyright (c) 2005,2006 Damien Miller. All rights reserved.
@@ -308,7 +308,7 @@ a2tun(const char *s, int *remote)
308long 308long
309convtime(const char *s) 309convtime(const char *s)
310{ 310{
311 long total, secs; 311 long total, secs, multiplier = 1;
312 const char *p; 312 const char *p;
313 char *endp; 313 char *endp;
314 314
@@ -335,23 +335,28 @@ convtime(const char *s)
335 break; 335 break;
336 case 'm': 336 case 'm':
337 case 'M': 337 case 'M':
338 secs *= MINUTES; 338 multiplier = MINUTES;
339 break; 339 break;
340 case 'h': 340 case 'h':
341 case 'H': 341 case 'H':
342 secs *= HOURS; 342 multiplier = HOURS;
343 break; 343 break;
344 case 'd': 344 case 'd':
345 case 'D': 345 case 'D':
346 secs *= DAYS; 346 multiplier = DAYS;
347 break; 347 break;
348 case 'w': 348 case 'w':
349 case 'W': 349 case 'W':
350 secs *= WEEKS; 350 multiplier = WEEKS;
351 break; 351 break;
352 default: 352 default:
353 return -1; 353 return -1;
354 } 354 }
355 if (secs >= LONG_MAX / multiplier)
356 return -1;
357 secs *= multiplier;
358 if (total >= LONG_MAX - secs)
359 return -1;
355 total += secs; 360 total += secs;
356 if (total < 0) 361 if (total < 0)
357 return -1; 362 return -1;
diff --git a/monitor.c b/monitor.c
index 64286a128..7452e20e2 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor.c,v 1.166 2016/09/28 16:33:06 djm Exp $ */ 1/* $OpenBSD: monitor.c,v 1.167 2017/02/03 23:05:57 djm Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -294,6 +294,7 @@ monitor_permit_authentications(int permit)
294void 294void
295monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) 295monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
296{ 296{
297 struct ssh *ssh = active_state; /* XXX */
297 struct mon_table *ent; 298 struct mon_table *ent;
298 int authenticated = 0, partial = 0; 299 int authenticated = 0, partial = 0;
299 300
@@ -371,6 +372,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
371 372
372 debug("%s: %s has been authenticated by privileged process", 373 debug("%s: %s has been authenticated by privileged process",
373 __func__, authctxt->user); 374 __func__, authctxt->user);
375 ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user);
374 376
375 mm_get_keystate(pmonitor); 377 mm_get_keystate(pmonitor);
376 378
@@ -714,6 +716,7 @@ mm_answer_sign(int sock, Buffer *m)
714int 716int
715mm_answer_pwnamallow(int sock, Buffer *m) 717mm_answer_pwnamallow(int sock, Buffer *m)
716{ 718{
719 struct ssh *ssh = active_state; /* XXX */
717 char *username; 720 char *username;
718 struct passwd *pwent; 721 struct passwd *pwent;
719 int allowed = 0; 722 int allowed = 0;
@@ -758,6 +761,8 @@ mm_answer_pwnamallow(int sock, Buffer *m)
758 buffer_put_cstring(m, pwent->pw_shell); 761 buffer_put_cstring(m, pwent->pw_shell);
759 762
760 out: 763 out:
764 ssh_packet_set_log_preamble(ssh, "%suser %s",
765 authctxt->valid ? "authenticating" : "invalid ", authctxt->user);
761 buffer_put_string(m, &options, sizeof(options)); 766 buffer_put_string(m, &options, sizeof(options));
762 767
763#define M_CP_STROPT(x) do { \ 768#define M_CP_STROPT(x) do { \
diff --git a/mux.c b/mux.c
index 265c5f12b..2d6639c5c 100644
--- a/mux.c
+++ b/mux.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: mux.c,v 1.63 2016/10/19 23:21:56 dtucker Exp $ */ 1/* $OpenBSD: mux.c,v 1.64 2017/01/21 11:32:04 guenther Exp $ */
2/* 2/*
3 * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org> 3 * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
4 * 4 *
@@ -2161,7 +2161,6 @@ int
2161muxclient(const char *path) 2161muxclient(const char *path)
2162{ 2162{
2163 struct sockaddr_un addr; 2163 struct sockaddr_un addr;
2164 socklen_t sun_len;
2165 int sock; 2164 int sock;
2166 u_int pid; 2165 u_int pid;
2167 2166
@@ -2185,8 +2184,6 @@ muxclient(const char *path)
2185 2184
2186 memset(&addr, '\0', sizeof(addr)); 2185 memset(&addr, '\0', sizeof(addr));
2187 addr.sun_family = AF_UNIX; 2186 addr.sun_family = AF_UNIX;
2188 sun_len = offsetof(struct sockaddr_un, sun_path) +
2189 strlen(path) + 1;
2190 2187
2191 if (strlcpy(addr.sun_path, path, 2188 if (strlcpy(addr.sun_path, path,
2192 sizeof(addr.sun_path)) >= sizeof(addr.sun_path)) 2189 sizeof(addr.sun_path)) >= sizeof(addr.sun_path))
@@ -2196,7 +2193,7 @@ muxclient(const char *path)
2196 if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) 2193 if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
2197 fatal("%s socket(): %s", __func__, strerror(errno)); 2194 fatal("%s socket(): %s", __func__, strerror(errno));
2198 2195
2199 if (connect(sock, (struct sockaddr *)&addr, sun_len) == -1) { 2196 if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
2200 switch (muxclient_command) { 2197 switch (muxclient_command) {
2201 case SSHMUX_COMMAND_OPEN: 2198 case SSHMUX_COMMAND_OPEN:
2202 case SSHMUX_COMMAND_STDIO_FWD: 2199 case SSHMUX_COMMAND_STDIO_FWD:
diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c
index 6f3bc8f1d..cfd73260a 100644
--- a/openbsd-compat/bsd-misc.c
+++ b/openbsd-compat/bsd-misc.c
@@ -301,3 +301,11 @@ mbtowc(wchar_t *pwc, const char *s, size_t n)
301 return 1; 301 return 1;
302} 302}
303#endif 303#endif
304
305#ifndef HAVE_LLABS
306long long
307llabs(long long j)
308{
309 return (j < 0 ? -j : j);
310}
311#endif
diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h
index 6f08b09fa..70a538f04 100644
--- a/openbsd-compat/bsd-misc.h
+++ b/openbsd-compat/bsd-misc.h
@@ -135,4 +135,8 @@ void errx(int, const char *, ...) __attribute__((format(printf, 2, 3)));
135void warn(const char *, ...) __attribute__((format(printf, 1, 2))); 135void warn(const char *, ...) __attribute__((format(printf, 1, 2)));
136#endif 136#endif
137 137
138#ifndef HAVE_LLABS
139long long llabs(long long);
140#endif
141
138#endif /* _BSD_MISC_H */ 142#endif /* _BSD_MISC_H */
diff --git a/openbsd-compat/fmt_scaled.c b/openbsd-compat/fmt_scaled.c
index edd682a49..e5533b2de 100644
--- a/openbsd-compat/fmt_scaled.c
+++ b/openbsd-compat/fmt_scaled.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: fmt_scaled.c,v 1.9 2007/03/20 03:42:52 tedu Exp $ */ 1/* $OpenBSD: fmt_scaled.c,v 1.13 2017/03/11 23:37:23 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2001, 2002, 2003 Ian F. Darwin. All rights reserved. 4 * Copyright (c) 2001, 2002, 2003 Ian F. Darwin. All rights reserved.
@@ -69,7 +69,7 @@ static long long scale_factors[] = {
69 69
70#define MAX_DIGITS (SCALE_LENGTH * 3) /* XXX strlen(sprintf("%lld", -1)? */ 70#define MAX_DIGITS (SCALE_LENGTH * 3) /* XXX strlen(sprintf("%lld", -1)? */
71 71
72/** Convert the given input string "scaled" into numeric in "result". 72/* Convert the given input string "scaled" into numeric in "result".
73 * Return 0 on success, -1 and errno set on error. 73 * Return 0 on success, -1 and errno set on error.
74 */ 74 */
75int 75int
@@ -81,7 +81,7 @@ scan_scaled(char *scaled, long long *result)
81 long long scale_fact = 1, whole = 0, fpart = 0; 81 long long scale_fact = 1, whole = 0, fpart = 0;
82 82
83 /* Skip leading whitespace */ 83 /* Skip leading whitespace */
84 while (isascii(*p) && isspace(*p)) 84 while (isascii((unsigned char)*p) && isspace((unsigned char)*p))
85 ++p; 85 ++p;
86 86
87 /* Then at most one leading + or - */ 87 /* Then at most one leading + or - */
@@ -108,7 +108,8 @@ scan_scaled(char *scaled, long long *result)
108 * (but note that E for Exa might look like e to some!). 108 * (but note that E for Exa might look like e to some!).
109 * Advance 'p' to end, to get scale factor. 109 * Advance 'p' to end, to get scale factor.
110 */ 110 */
111 for (; isascii(*p) && (isdigit(*p) || *p=='.'); ++p) { 111 for (; isascii((unsigned char)*p) &&
112 (isdigit((unsigned char)*p) || *p=='.'); ++p) {
112 if (*p == '.') { 113 if (*p == '.') {
113 if (fract_digits > 0) { /* oops, more than one '.' */ 114 if (fract_digits > 0) { /* oops, more than one '.' */
114 errno = EINVAL; 115 errno = EINVAL;
@@ -124,6 +125,10 @@ scan_scaled(char *scaled, long long *result)
124 /* ignore extra fractional digits */ 125 /* ignore extra fractional digits */
125 continue; 126 continue;
126 fract_digits++; /* for later scaling */ 127 fract_digits++; /* for later scaling */
128 if (fpart >= LLONG_MAX / 10) {
129 errno = ERANGE;
130 return -1;
131 }
127 fpart *= 10; 132 fpart *= 10;
128 fpart += i; 133 fpart += i;
129 } else { /* normal digit */ 134 } else { /* normal digit */
@@ -131,6 +136,10 @@ scan_scaled(char *scaled, long long *result)
131 errno = ERANGE; 136 errno = ERANGE;
132 return -1; 137 return -1;
133 } 138 }
139 if (whole >= LLONG_MAX / 10) {
140 errno = ERANGE;
141 return -1;
142 }
134 whole *= 10; 143 whole *= 10;
135 whole += i; 144 whole += i;
136 } 145 }
@@ -150,17 +159,22 @@ scan_scaled(char *scaled, long long *result)
150 /* Validate scale factor, and scale whole and fraction by it. */ 159 /* Validate scale factor, and scale whole and fraction by it. */
151 for (i = 0; i < SCALE_LENGTH; i++) { 160 for (i = 0; i < SCALE_LENGTH; i++) {
152 161
153 /** Are we there yet? */ 162 /* Are we there yet? */
154 if (*p == scale_chars[i] || 163 if (*p == scale_chars[i] ||
155 *p == tolower(scale_chars[i])) { 164 *p == tolower((unsigned char)scale_chars[i])) {
156 165
157 /* If it ends with alphanumerics after the scale char, bad. */ 166 /* If it ends with alphanumerics after the scale char, bad. */
158 if (isalnum(*(p+1))) { 167 if (isalnum((unsigned char)*(p+1))) {
159 errno = EINVAL; 168 errno = EINVAL;
160 return -1; 169 return -1;
161 } 170 }
162 scale_fact = scale_factors[i]; 171 scale_fact = scale_factors[i];
163 172
173 if (whole >= LLONG_MAX / scale_fact) {
174 errno = ERANGE;
175 return -1;
176 }
177
164 /* scale whole part */ 178 /* scale whole part */
165 whole *= scale_fact; 179 whole *= scale_fact;
166 180
@@ -181,7 +195,9 @@ scan_scaled(char *scaled, long long *result)
181 return 0; 195 return 0;
182 } 196 }
183 } 197 }
184 errno = ERANGE; 198
199 /* Invalid unit or character */
200 errno = EINVAL;
185 return -1; 201 return -1;
186} 202}
187 203
@@ -196,7 +212,7 @@ fmt_scaled(long long number, char *result)
196 unsigned int i; 212 unsigned int i;
197 unit_type unit = NONE; 213 unit_type unit = NONE;
198 214
199 abval = (number < 0LL) ? -number : number; /* no long long_abs yet */ 215 abval = llabs(number);
200 216
201 /* Not every negative long long has a positive representation. 217 /* Not every negative long long has a positive representation.
202 * Also check for numbers that are just too darned big to format 218 * Also check for numbers that are just too darned big to format
diff --git a/packet.c b/packet.c
index ad1f6b497..2f3a2ec70 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: packet.c,v 1.243 2016/10/11 21:47:45 djm Exp $ */ 1/* $OpenBSD: packet.c,v 1.247 2017/03/11 13:07:35 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -353,6 +353,25 @@ ssh_packet_get_mux(struct ssh *ssh)
353} 353}
354 354
355int 355int
356ssh_packet_set_log_preamble(struct ssh *ssh, const char *fmt, ...)
357{
358 va_list args;
359 int r;
360
361 free(ssh->log_preamble);
362 if (fmt == NULL)
363 ssh->log_preamble = NULL;
364 else {
365 va_start(args, fmt);
366 r = vasprintf(&ssh->log_preamble, fmt, args);
367 va_end(args);
368 if (r < 0 || ssh->log_preamble == NULL)
369 return SSH_ERR_ALLOC_FAIL;
370 }
371 return 0;
372}
373
374int
356ssh_packet_stop_discard(struct ssh *ssh) 375ssh_packet_stop_discard(struct ssh *ssh)
357{ 376{
358 struct session_state *state = ssh->state; 377 struct session_state *state = ssh->state;
@@ -1049,7 +1068,7 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
1049 1068
1050 /* Time-based rekeying */ 1069 /* Time-based rekeying */
1051 if (state->rekey_interval != 0 && 1070 if (state->rekey_interval != 0 &&
1052 state->rekey_time + state->rekey_interval <= monotime()) 1071 (int64_t)state->rekey_time + state->rekey_interval <= monotime())
1053 return 1; 1072 return 1;
1054 1073
1055 /* Always rekey when MAX_PACKETS sent in either direction */ 1074 /* Always rekey when MAX_PACKETS sent in either direction */
@@ -1447,8 +1466,10 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
1447 break; 1466 break;
1448 } 1467 }
1449 } 1468 }
1450 if (r == 0) 1469 if (r == 0) {
1451 return SSH_ERR_CONN_TIMEOUT; 1470 r = SSH_ERR_CONN_TIMEOUT;
1471 goto out;
1472 }
1452 /* Read data from the socket. */ 1473 /* Read data from the socket. */
1453 len = read(state->connection_in, buf, sizeof(buf)); 1474 len = read(state->connection_in, buf, sizeof(buf));
1454 if (len == 0) { 1475 if (len == 0) {
@@ -1829,11 +1850,11 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
1829 if (r != SSH_ERR_MAC_INVALID) 1850 if (r != SSH_ERR_MAC_INVALID)
1830 goto out; 1851 goto out;
1831 logit("Corrupted MAC on input."); 1852 logit("Corrupted MAC on input.");
1832 if (need > PACKET_MAX_SIZE) 1853 if (need + block_size > PACKET_MAX_SIZE)
1833 return SSH_ERR_INTERNAL_ERROR; 1854 return SSH_ERR_INTERNAL_ERROR;
1834 return ssh_packet_start_discard(ssh, enc, mac, 1855 return ssh_packet_start_discard(ssh, enc, mac,
1835 sshbuf_len(state->incoming_packet), 1856 sshbuf_len(state->incoming_packet),
1836 PACKET_MAX_SIZE - need); 1857 PACKET_MAX_SIZE - need - block_size);
1837 } 1858 }
1838 /* Remove MAC from input buffer */ 1859 /* Remove MAC from input buffer */
1839 DBG(debug("MAC #%d ok", state->p_read.seqnr)); 1860 DBG(debug("MAC #%d ok", state->p_read.seqnr));
@@ -2074,27 +2095,36 @@ ssh_packet_send_debug(struct ssh *ssh, const char *fmt,...)
2074 fatal("%s: %s", __func__, ssh_err(r)); 2095 fatal("%s: %s", __func__, ssh_err(r));
2075} 2096}
2076 2097
2098static void
2099fmt_connection_id(struct ssh *ssh, char *s, size_t l)
2100{
2101 snprintf(s, l, "%.200s%s%s port %d",
2102 ssh->log_preamble ? ssh->log_preamble : "",
2103 ssh->log_preamble ? " " : "",
2104 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
2105}
2106
2077/* 2107/*
2078 * Pretty-print connection-terminating errors and exit. 2108 * Pretty-print connection-terminating errors and exit.
2079 */ 2109 */
2080void 2110void
2081sshpkt_fatal(struct ssh *ssh, const char *tag, int r) 2111sshpkt_fatal(struct ssh *ssh, const char *tag, int r)
2082{ 2112{
2113 char remote_id[512];
2114
2115 fmt_connection_id(ssh, remote_id, sizeof(remote_id));
2116
2083 switch (r) { 2117 switch (r) {
2084 case SSH_ERR_CONN_CLOSED: 2118 case SSH_ERR_CONN_CLOSED:
2085 logdie("Connection closed by %.200s port %d", 2119 logdie("Connection closed by %s", remote_id);
2086 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
2087 case SSH_ERR_CONN_TIMEOUT: 2120 case SSH_ERR_CONN_TIMEOUT:
2088 logdie("Connection %s %.200s port %d timed out", 2121 logdie("Connection %s %s timed out",
2089 ssh->state->server_side ? "from" : "to", 2122 ssh->state->server_side ? "from" : "to", remote_id);
2090 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
2091 case SSH_ERR_DISCONNECTED: 2123 case SSH_ERR_DISCONNECTED:
2092 logdie("Disconnected from %.200s port %d", 2124 logdie("Disconnected from %s", remote_id);
2093 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
2094 case SSH_ERR_SYSTEM_ERROR: 2125 case SSH_ERR_SYSTEM_ERROR:
2095 if (errno == ECONNRESET) 2126 if (errno == ECONNRESET)
2096 logdie("Connection reset by %.200s port %d", 2127 logdie("Connection reset by %s", remote_id);
2097 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
2098 /* FALLTHROUGH */ 2128 /* FALLTHROUGH */
2099 case SSH_ERR_NO_CIPHER_ALG_MATCH: 2129 case SSH_ERR_NO_CIPHER_ALG_MATCH:
2100 case SSH_ERR_NO_MAC_ALG_MATCH: 2130 case SSH_ERR_NO_MAC_ALG_MATCH:
@@ -2102,17 +2132,16 @@ sshpkt_fatal(struct ssh *ssh, const char *tag, int r)
2102 case SSH_ERR_NO_KEX_ALG_MATCH: 2132 case SSH_ERR_NO_KEX_ALG_MATCH:
2103 case SSH_ERR_NO_HOSTKEY_ALG_MATCH: 2133 case SSH_ERR_NO_HOSTKEY_ALG_MATCH:
2104 if (ssh && ssh->kex && ssh->kex->failed_choice) { 2134 if (ssh && ssh->kex && ssh->kex->failed_choice) {
2105 logdie("Unable to negotiate with %.200s port %d: %s. " 2135 logdie("Unable to negotiate with %s: %s. "
2106 "Their offer: %s", ssh_remote_ipaddr(ssh), 2136 "Their offer: %s", remote_id, ssh_err(r),
2107 ssh_remote_port(ssh), ssh_err(r),
2108 ssh->kex->failed_choice); 2137 ssh->kex->failed_choice);
2109 } 2138 }
2110 /* FALLTHROUGH */ 2139 /* FALLTHROUGH */
2111 default: 2140 default:
2112 logdie("%s%sConnection %s %.200s port %d: %s", 2141 logdie("%s%sConnection %s %s: %s",
2113 tag != NULL ? tag : "", tag != NULL ? ": " : "", 2142 tag != NULL ? tag : "", tag != NULL ? ": " : "",
2114 ssh->state->server_side ? "from" : "to", 2143 ssh->state->server_side ? "from" : "to",
2115 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), ssh_err(r)); 2144 remote_id, ssh_err(r));
2116 } 2145 }
2117} 2146}
2118 2147
@@ -2125,7 +2154,7 @@ sshpkt_fatal(struct ssh *ssh, const char *tag, int r)
2125void 2154void
2126ssh_packet_disconnect(struct ssh *ssh, const char *fmt,...) 2155ssh_packet_disconnect(struct ssh *ssh, const char *fmt,...)
2127{ 2156{
2128 char buf[1024]; 2157 char buf[1024], remote_id[512];
2129 va_list args; 2158 va_list args;
2130 static int disconnecting = 0; 2159 static int disconnecting = 0;
2131 int r; 2160 int r;
@@ -2138,12 +2167,13 @@ ssh_packet_disconnect(struct ssh *ssh, const char *fmt,...)
2138 * Format the message. Note that the caller must make sure the 2167 * Format the message. Note that the caller must make sure the
2139 * message is of limited size. 2168 * message is of limited size.
2140 */ 2169 */
2170 fmt_connection_id(ssh, remote_id, sizeof(remote_id));
2141 va_start(args, fmt); 2171 va_start(args, fmt);
2142 vsnprintf(buf, sizeof(buf), fmt, args); 2172 vsnprintf(buf, sizeof(buf), fmt, args);
2143 va_end(args); 2173 va_end(args);
2144 2174
2145 /* Display the error locally */ 2175 /* Display the error locally */
2146 logit("Disconnecting: %.100s", buf); 2176 logit("Disconnecting %s: %.100s", remote_id, buf);
2147 2177
2148 /* 2178 /*
2149 * Send the disconnect message to the other side, and wait 2179 * Send the disconnect message to the other side, and wait
@@ -2396,10 +2426,10 @@ ssh_packet_send_ignore(struct ssh *ssh, int nbytes)
2396} 2426}
2397 2427
2398void 2428void
2399ssh_packet_set_rekey_limits(struct ssh *ssh, u_int64_t bytes, time_t seconds) 2429ssh_packet_set_rekey_limits(struct ssh *ssh, u_int64_t bytes, u_int32_t seconds)
2400{ 2430{
2401 debug3("rekey after %llu bytes, %d seconds", (unsigned long long)bytes, 2431 debug3("rekey after %llu bytes, %u seconds", (unsigned long long)bytes,
2402 (int)seconds); 2432 (unsigned int)seconds);
2403 ssh->state->rekey_limit = bytes; 2433 ssh->state->rekey_limit = bytes;
2404 ssh->state->rekey_interval = seconds; 2434 ssh->state->rekey_interval = seconds;
2405} 2435}
diff --git a/packet.h b/packet.h
index bfe7da615..0d25b352c 100644
--- a/packet.h
+++ b/packet.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: packet.h,v 1.74 2016/10/11 21:47:45 djm Exp $ */ 1/* $OpenBSD: packet.h,v 1.76 2017/02/03 23:03:33 djm Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -62,6 +62,9 @@ struct ssh {
62 char *local_ipaddr; 62 char *local_ipaddr;
63 int local_port; 63 int local_port;
64 64
65 /* Optional preamble for log messages (e.g. username) */
66 char *log_preamble;
67
65 /* Dispatcher table */ 68 /* Dispatcher table */
66 dispatch_fn *dispatch[DISPATCH_MAX]; 69 dispatch_fn *dispatch[DISPATCH_MAX];
67 /* number of packets to ignore in the dispatcher */ 70 /* number of packets to ignore in the dispatcher */
@@ -104,6 +107,8 @@ void ssh_packet_set_server(struct ssh *);
104void ssh_packet_set_authenticated(struct ssh *); 107void ssh_packet_set_authenticated(struct ssh *);
105void ssh_packet_set_mux(struct ssh *); 108void ssh_packet_set_mux(struct ssh *);
106int ssh_packet_get_mux(struct ssh *); 109int ssh_packet_get_mux(struct ssh *);
110int ssh_packet_set_log_preamble(struct ssh *, const char *, ...)
111 __attribute__((format(printf, 2, 3)));
107 112
108int ssh_packet_log_type(u_char); 113int ssh_packet_log_type(u_char);
109 114
@@ -154,7 +159,7 @@ int ssh_remote_port(struct ssh *);
154const char *ssh_local_ipaddr(struct ssh *); 159const char *ssh_local_ipaddr(struct ssh *);
155int ssh_local_port(struct ssh *); 160int ssh_local_port(struct ssh *);
156 161
157void ssh_packet_set_rekey_limits(struct ssh *, u_int64_t, time_t); 162void ssh_packet_set_rekey_limits(struct ssh *, u_int64_t, u_int32_t);
158time_t ssh_packet_get_rekey_timeout(struct ssh *); 163time_t ssh_packet_get_rekey_timeout(struct ssh *);
159 164
160void *ssh_packet_get_input(struct ssh *); 165void *ssh_packet_get_input(struct ssh *);
diff --git a/pathnames.h b/pathnames.h
index f5e11ab15..a8deb9fc6 100644
--- a/pathnames.h
+++ b/pathnames.h
@@ -166,15 +166,6 @@
166#define _PATH_LS "ls" 166#define _PATH_LS "ls"
167#endif 167#endif
168 168
169/* path to login program */
170#ifndef LOGIN_PROGRAM
171# ifdef LOGIN_PROGRAM_FALLBACK
172# define LOGIN_PROGRAM LOGIN_PROGRAM_FALLBACK
173# else
174# define LOGIN_PROGRAM "/usr/bin/login"
175# endif
176#endif /* LOGIN_PROGRAM */
177
178/* Askpass program define */ 169/* Askpass program define */
179#ifndef ASKPASS_PROGRAM 170#ifndef ASKPASS_PROGRAM
180#define ASKPASS_PROGRAM "/usr/lib/ssh/ssh-askpass" 171#define ASKPASS_PROGRAM "/usr/lib/ssh/ssh-askpass"
diff --git a/readconf.c b/readconf.c
index d1091cbda..4d92d174b 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.c,v 1.262 2016/10/25 04:08:13 jsg Exp $ */ 1/* $OpenBSD: readconf.c,v 1.270 2017/03/10 04:27:32 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -93,7 +93,7 @@
93 93
94 Host books.com 94 Host books.com
95 RemoteForward 9999 shadows.cs.hut.fi:9999 95 RemoteForward 9999 shadows.cs.hut.fi:9999
96 Cipher 3des 96 Ciphers 3des-cbc
97 97
98 Host fascist.blob.com 98 Host fascist.blob.com
99 Port 23123 99 Port 23123
@@ -108,7 +108,7 @@
108 PublicKeyAuthentication no 108 PublicKeyAuthentication no
109 109
110 Host *.su 110 Host *.su
111 Cipher none 111 Ciphers aes128-ctr
112 PasswordAuthentication no 112 PasswordAuthentication no
113 113
114 Host vpn.fake.com 114 Host vpn.fake.com
@@ -183,30 +183,21 @@ static struct {
183 const char *name; 183 const char *name;
184 OpCodes opcode; 184 OpCodes opcode;
185} keywords[] = { 185} keywords[] = {
186 { "forwardagent", oForwardAgent }, 186 /* Deprecated options */
187 { "forwardx11", oForwardX11 }, 187 { "fallbacktorsh", oDeprecated },
188 { "forwardx11trusted", oForwardX11Trusted }, 188 { "globalknownhostsfile2", oDeprecated },
189 { "forwardx11timeout", oForwardX11Timeout },
190 { "exitonforwardfailure", oExitOnForwardFailure },
191 { "xauthlocation", oXAuthLocation },
192 { "gatewayports", oGatewayPorts },
193 { "useprivilegedport", oUsePrivilegedPort },
194 { "rhostsauthentication", oDeprecated }, 189 { "rhostsauthentication", oDeprecated },
195 { "passwordauthentication", oPasswordAuthentication },
196 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
197 { "kbdinteractivedevices", oKbdInteractiveDevices },
198 { "useblacklistedkeys", oDeprecated }, 190 { "useblacklistedkeys", oDeprecated },
199 { "rsaauthentication", oRSAAuthentication }, 191 { "userknownhostsfile2", oDeprecated },
200 { "pubkeyauthentication", oPubkeyAuthentication }, 192 { "useroaming", oDeprecated },
201 { "dsaauthentication", oPubkeyAuthentication }, /* alias */ 193 { "usersh", oDeprecated },
202 { "rhostsrsaauthentication", oRhostsRSAAuthentication }, 194
203 { "hostbasedauthentication", oHostbasedAuthentication }, 195 /* Unsupported options */
204 { "challengeresponseauthentication", oChallengeResponseAuthentication }, 196 { "afstokenpassing", oUnsupported },
205 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
206 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */
207 { "kerberosauthentication", oUnsupported }, 197 { "kerberosauthentication", oUnsupported },
208 { "kerberostgtpassing", oUnsupported }, 198 { "kerberostgtpassing", oUnsupported },
209 { "afstokenpassing", oUnsupported }, 199
200 /* Sometimes-unsupported options */
210#if defined(GSSAPI) 201#if defined(GSSAPI)
211 { "gssapiauthentication", oGssAuthentication }, 202 { "gssapiauthentication", oGssAuthentication },
212 { "gssapikeyexchange", oGssKeyEx }, 203 { "gssapikeyexchange", oGssKeyEx },
@@ -215,16 +206,49 @@ static struct {
215 { "gssapiclientidentity", oGssClientIdentity }, 206 { "gssapiclientidentity", oGssClientIdentity },
216 { "gssapiserveridentity", oGssServerIdentity }, 207 { "gssapiserveridentity", oGssServerIdentity },
217 { "gssapirenewalforcesrekey", oGssRenewalRekey }, 208 { "gssapirenewalforcesrekey", oGssRenewalRekey },
218#else 209# else
219 { "gssapiauthentication", oUnsupported }, 210 { "gssapiauthentication", oUnsupported },
220 { "gssapikeyexchange", oUnsupported }, 211 { "gssapikeyexchange", oUnsupported },
221 { "gssapidelegatecredentials", oUnsupported }, 212 { "gssapidelegatecredentials", oUnsupported },
222 { "gssapitrustdns", oUnsupported }, 213 { "gssapitrustdns", oUnsupported },
223 { "gssapiclientidentity", oUnsupported }, 214 { "gssapiclientidentity", oUnsupported },
215 { "gssapiserveridentity", oUnsupported },
224 { "gssapirenewalforcesrekey", oUnsupported }, 216 { "gssapirenewalforcesrekey", oUnsupported },
225#endif 217#endif
226 { "fallbacktorsh", oDeprecated }, 218#ifdef ENABLE_PKCS11
227 { "usersh", oDeprecated }, 219 { "smartcarddevice", oPKCS11Provider },
220 { "pkcs11provider", oPKCS11Provider },
221# else
222 { "smartcarddevice", oUnsupported },
223 { "pkcs11provider", oUnsupported },
224#endif
225#ifdef WITH_SSH1
226 { "rsaauthentication", oRSAAuthentication },
227 { "rhostsrsaauthentication", oRhostsRSAAuthentication },
228 { "compressionlevel", oCompressionLevel },
229# else
230 { "rsaauthentication", oUnsupported },
231 { "rhostsrsaauthentication", oUnsupported },
232 { "compressionlevel", oUnsupported },
233#endif
234
235 { "forwardagent", oForwardAgent },
236 { "forwardx11", oForwardX11 },
237 { "forwardx11trusted", oForwardX11Trusted },
238 { "forwardx11timeout", oForwardX11Timeout },
239 { "exitonforwardfailure", oExitOnForwardFailure },
240 { "xauthlocation", oXAuthLocation },
241 { "gatewayports", oGatewayPorts },
242 { "useprivilegedport", oUsePrivilegedPort },
243 { "passwordauthentication", oPasswordAuthentication },
244 { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
245 { "kbdinteractivedevices", oKbdInteractiveDevices },
246 { "pubkeyauthentication", oPubkeyAuthentication },
247 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
248 { "hostbasedauthentication", oHostbasedAuthentication },
249 { "challengeresponseauthentication", oChallengeResponseAuthentication },
250 { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
251 { "tisauthentication", oChallengeResponseAuthentication }, /* alias */
228 { "identityfile", oIdentityFile }, 252 { "identityfile", oIdentityFile },
229 { "identityfile2", oIdentityFile }, /* obsolete */ 253 { "identityfile2", oIdentityFile }, /* obsolete */
230 { "identitiesonly", oIdentitiesOnly }, 254 { "identitiesonly", oIdentitiesOnly },
@@ -246,15 +270,12 @@ static struct {
246 { "match", oMatch }, 270 { "match", oMatch },
247 { "escapechar", oEscapeChar }, 271 { "escapechar", oEscapeChar },
248 { "globalknownhostsfile", oGlobalKnownHostsFile }, 272 { "globalknownhostsfile", oGlobalKnownHostsFile },
249 { "globalknownhostsfile2", oDeprecated },
250 { "userknownhostsfile", oUserKnownHostsFile }, 273 { "userknownhostsfile", oUserKnownHostsFile },
251 { "userknownhostsfile2", oDeprecated },
252 { "connectionattempts", oConnectionAttempts }, 274 { "connectionattempts", oConnectionAttempts },
253 { "batchmode", oBatchMode }, 275 { "batchmode", oBatchMode },
254 { "checkhostip", oCheckHostIP }, 276 { "checkhostip", oCheckHostIP },
255 { "stricthostkeychecking", oStrictHostKeyChecking }, 277 { "stricthostkeychecking", oStrictHostKeyChecking },
256 { "compression", oCompression }, 278 { "compression", oCompression },
257 { "compressionlevel", oCompressionLevel },
258 { "tcpkeepalive", oTCPKeepAlive }, 279 { "tcpkeepalive", oTCPKeepAlive },
259 { "keepalive", oTCPKeepAlive }, /* obsolete */ 280 { "keepalive", oTCPKeepAlive }, /* obsolete */
260 { "numberofpasswordprompts", oNumberOfPasswordPrompts }, 281 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
@@ -263,13 +284,6 @@ static struct {
263 { "preferredauthentications", oPreferredAuthentications }, 284 { "preferredauthentications", oPreferredAuthentications },
264 { "hostkeyalgorithms", oHostKeyAlgorithms }, 285 { "hostkeyalgorithms", oHostKeyAlgorithms },
265 { "bindaddress", oBindAddress }, 286 { "bindaddress", oBindAddress },
266#ifdef ENABLE_PKCS11
267 { "smartcarddevice", oPKCS11Provider },
268 { "pkcs11provider", oPKCS11Provider },
269#else
270 { "smartcarddevice", oUnsupported },
271 { "pkcs11provider", oUnsupported },
272#endif
273 { "clearallforwardings", oClearAllForwardings }, 287 { "clearallforwardings", oClearAllForwardings },
274 { "enablesshkeysign", oEnableSSHKeysign }, 288 { "enablesshkeysign", oEnableSSHKeysign },
275 { "verifyhostkeydns", oVerifyHostKeyDNS }, 289 { "verifyhostkeydns", oVerifyHostKeyDNS },
@@ -290,7 +304,6 @@ static struct {
290 { "localcommand", oLocalCommand }, 304 { "localcommand", oLocalCommand },
291 { "permitlocalcommand", oPermitLocalCommand }, 305 { "permitlocalcommand", oPermitLocalCommand },
292 { "visualhostkey", oVisualHostKey }, 306 { "visualhostkey", oVisualHostKey },
293 { "useroaming", oDeprecated },
294 { "kexalgorithms", oKexAlgorithms }, 307 { "kexalgorithms", oKexAlgorithms },
295 { "ipqos", oIPQoS }, 308 { "ipqos", oIPQoS },
296 { "requesttty", oRequestTTY }, 309 { "requesttty", oRequestTTY },
@@ -845,11 +858,11 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host,
845 activep = &cmdline; 858 activep = &cmdline;
846 } 859 }
847 860
848 /* Strip trailing whitespace */ 861 /* Strip trailing whitespace. Allow \f (form feed) at EOL only */
849 if ((len = strlen(line)) == 0) 862 if ((len = strlen(line)) == 0)
850 return 0; 863 return 0;
851 for (len--; len > 0; len--) { 864 for (len--; len > 0; len--) {
852 if (strchr(WHITESPACE, line[len]) == NULL) 865 if (strchr(WHITESPACE "\f", line[len]) == NULL)
853 break; 866 break;
854 line[len] = '\0'; 867 line[len] = '\0';
855 } 868 }
@@ -1217,7 +1230,7 @@ parse_int:
1217 arg = strdelim(&s); 1230 arg = strdelim(&s);
1218 if (!arg || *arg == '\0') 1231 if (!arg || *arg == '\0')
1219 fatal("%.200s line %d: Missing argument.", filename, linenum); 1232 fatal("%.200s line %d: Missing argument.", filename, linenum);
1220 if (!ciphers_valid(*arg == '+' ? arg + 1 : arg)) 1233 if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg))
1221 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.", 1234 fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
1222 filename, linenum, arg ? arg : "<NONE>"); 1235 filename, linenum, arg ? arg : "<NONE>");
1223 if (*activep && options->ciphers == NULL) 1236 if (*activep && options->ciphers == NULL)
@@ -1228,7 +1241,7 @@ parse_int:
1228 arg = strdelim(&s); 1241 arg = strdelim(&s);
1229 if (!arg || *arg == '\0') 1242 if (!arg || *arg == '\0')
1230 fatal("%.200s line %d: Missing argument.", filename, linenum); 1243 fatal("%.200s line %d: Missing argument.", filename, linenum);
1231 if (!mac_valid(*arg == '+' ? arg + 1 : arg)) 1244 if (*arg != '-' && !mac_valid(*arg == '+' ? arg + 1 : arg))
1232 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.", 1245 fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
1233 filename, linenum, arg ? arg : "<NONE>"); 1246 filename, linenum, arg ? arg : "<NONE>");
1234 if (*activep && options->macs == NULL) 1247 if (*activep && options->macs == NULL)
@@ -1240,7 +1253,8 @@ parse_int:
1240 if (!arg || *arg == '\0') 1253 if (!arg || *arg == '\0')
1241 fatal("%.200s line %d: Missing argument.", 1254 fatal("%.200s line %d: Missing argument.",
1242 filename, linenum); 1255 filename, linenum);
1243 if (!kex_names_valid(*arg == '+' ? arg + 1 : arg)) 1256 if (*arg != '-' &&
1257 !kex_names_valid(*arg == '+' ? arg + 1 : arg))
1244 fatal("%.200s line %d: Bad SSH2 KexAlgorithms '%s'.", 1258 fatal("%.200s line %d: Bad SSH2 KexAlgorithms '%s'.",
1245 filename, linenum, arg ? arg : "<NONE>"); 1259 filename, linenum, arg ? arg : "<NONE>");
1246 if (*activep && options->kex_algorithms == NULL) 1260 if (*activep && options->kex_algorithms == NULL)
@@ -1254,7 +1268,8 @@ parse_keytypes:
1254 if (!arg || *arg == '\0') 1268 if (!arg || *arg == '\0')
1255 fatal("%.200s line %d: Missing argument.", 1269 fatal("%.200s line %d: Missing argument.",
1256 filename, linenum); 1270 filename, linenum);
1257 if (!sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1)) 1271 if (*arg != '-' &&
1272 !sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1))
1258 fatal("%s line %d: Bad key types '%s'.", 1273 fatal("%s line %d: Bad key types '%s'.",
1259 filename, linenum, arg ? arg : "<NONE>"); 1274 filename, linenum, arg ? arg : "<NONE>");
1260 if (*activep && *charptr == NULL) 1275 if (*activep && *charptr == NULL)
@@ -1523,6 +1538,7 @@ parse_keytypes:
1523 if (r == GLOB_NOMATCH) { 1538 if (r == GLOB_NOMATCH) {
1524 debug("%.200s line %d: include %s matched no " 1539 debug("%.200s line %d: include %s matched no "
1525 "files",filename, linenum, arg2); 1540 "files",filename, linenum, arg2);
1541 free(arg2);
1526 continue; 1542 continue;
1527 } else if (r != 0 || gl.gl_pathc < 0) 1543 } else if (r != 0 || gl.gl_pathc < 0)
1528 fatal("%.200s line %d: glob failed for %s.", 1544 fatal("%.200s line %d: glob failed for %s.",
@@ -1539,6 +1555,11 @@ parse_keytypes:
1539 flags | SSHCONF_CHECKPERM | 1555 flags | SSHCONF_CHECKPERM |
1540 (oactive ? 0 : SSHCONF_NEVERMATCH), 1556 (oactive ? 0 : SSHCONF_NEVERMATCH),
1541 activep, depth + 1); 1557 activep, depth + 1);
1558 if (r != 1 && errno != ENOENT) {
1559 fatal("Can't open user config file "
1560 "%.100s: %.100s", gl.gl_pathv[i],
1561 strerror(errno));
1562 }
1542 /* 1563 /*
1543 * don't let Match in includes clobber the 1564 * don't let Match in includes clobber the
1544 * containing file's Match state. 1565 * containing file's Match state.
@@ -1737,7 +1758,7 @@ read_config_file_depth(const char *filename, struct passwd *pw,
1737 int flags, int *activep, int depth) 1758 int flags, int *activep, int depth)
1738{ 1759{
1739 FILE *f; 1760 FILE *f;
1740 char line[1024]; 1761 char line[4096];
1741 int linenum; 1762 int linenum;
1742 int bad_options = 0; 1763 int bad_options = 0;
1743 1764
@@ -1766,6 +1787,8 @@ read_config_file_depth(const char *filename, struct passwd *pw,
1766 while (fgets(line, sizeof(line), f)) { 1787 while (fgets(line, sizeof(line), f)) {
1767 /* Update line number counter. */ 1788 /* Update line number counter. */
1768 linenum++; 1789 linenum++;
1790 if (strlen(line) == sizeof(line) - 1)
1791 fatal("%s line %d too long", filename, linenum);
1769 if (process_config_line_depth(options, pw, host, original_host, 1792 if (process_config_line_depth(options, pw, host, original_host,
1770 line, filename, linenum, activep, flags, depth) != 0) 1793 line, filename, linenum, activep, flags, depth) != 0)
1771 bad_options++; 1794 bad_options++;
@@ -2498,10 +2521,10 @@ dump_cfg_forwards(OpCodes code, u_int count, const struct Forward *fwds)
2498 /* oDynamicForward */ 2521 /* oDynamicForward */
2499 for (i = 0; i < count; i++) { 2522 for (i = 0; i < count; i++) {
2500 fwd = &fwds[i]; 2523 fwd = &fwds[i];
2501 if (code == oDynamicForward && 2524 if (code == oDynamicForward && fwd->connect_host != NULL &&
2502 strcmp(fwd->connect_host, "socks") != 0) 2525 strcmp(fwd->connect_host, "socks") != 0)
2503 continue; 2526 continue;
2504 if (code == oLocalForward && 2527 if (code == oLocalForward && fwd->connect_host != NULL &&
2505 strcmp(fwd->connect_host, "socks") == 0) 2528 strcmp(fwd->connect_host, "socks") == 0)
2506 continue; 2529 continue;
2507 printf("%s", lookup_opcode_name(code)); 2530 printf("%s", lookup_opcode_name(code));
@@ -2574,8 +2597,10 @@ dump_client_config(Options *o, const char *host)
2574 dump_cfg_fmtint(oProxyUseFdpass, o->proxy_use_fdpass); 2597 dump_cfg_fmtint(oProxyUseFdpass, o->proxy_use_fdpass);
2575 dump_cfg_fmtint(oPubkeyAuthentication, o->pubkey_authentication); 2598 dump_cfg_fmtint(oPubkeyAuthentication, o->pubkey_authentication);
2576 dump_cfg_fmtint(oRequestTTY, o->request_tty); 2599 dump_cfg_fmtint(oRequestTTY, o->request_tty);
2600#ifdef WITH_RSA1
2577 dump_cfg_fmtint(oRhostsRSAAuthentication, o->rhosts_rsa_authentication); 2601 dump_cfg_fmtint(oRhostsRSAAuthentication, o->rhosts_rsa_authentication);
2578 dump_cfg_fmtint(oRSAAuthentication, o->rsa_authentication); 2602 dump_cfg_fmtint(oRSAAuthentication, o->rsa_authentication);
2603#endif
2579 dump_cfg_fmtint(oStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); 2604 dump_cfg_fmtint(oStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
2580 dump_cfg_fmtint(oStrictHostKeyChecking, o->strict_host_key_checking); 2605 dump_cfg_fmtint(oStrictHostKeyChecking, o->strict_host_key_checking);
2581 dump_cfg_fmtint(oTCPKeepAlive, o->tcp_keep_alive); 2606 dump_cfg_fmtint(oTCPKeepAlive, o->tcp_keep_alive);
@@ -2587,7 +2612,9 @@ dump_client_config(Options *o, const char *host)
2587 2612
2588 /* Integer options */ 2613 /* Integer options */
2589 dump_cfg_int(oCanonicalizeMaxDots, o->canonicalize_max_dots); 2614 dump_cfg_int(oCanonicalizeMaxDots, o->canonicalize_max_dots);
2615#ifdef WITH_SSH1
2590 dump_cfg_int(oCompressionLevel, o->compression_level); 2616 dump_cfg_int(oCompressionLevel, o->compression_level);
2617#endif
2591 dump_cfg_int(oConnectionAttempts, o->connection_attempts); 2618 dump_cfg_int(oConnectionAttempts, o->connection_attempts);
2592 dump_cfg_int(oForwardX11Timeout, o->forward_x11_timeout); 2619 dump_cfg_int(oForwardX11Timeout, o->forward_x11_timeout);
2593 dump_cfg_int(oNumberOfPasswordPrompts, o->number_of_password_prompts); 2620 dump_cfg_int(oNumberOfPasswordPrompts, o->number_of_password_prompts);
@@ -2607,7 +2634,9 @@ dump_client_config(Options *o, const char *host)
2607 dump_cfg_string(oLocalCommand, o->local_command); 2634 dump_cfg_string(oLocalCommand, o->local_command);
2608 dump_cfg_string(oLogLevel, log_level_name(o->log_level)); 2635 dump_cfg_string(oLogLevel, log_level_name(o->log_level));
2609 dump_cfg_string(oMacs, o->macs ? o->macs : KEX_CLIENT_MAC); 2636 dump_cfg_string(oMacs, o->macs ? o->macs : KEX_CLIENT_MAC);
2637#ifdef ENABLE_PKCS11
2610 dump_cfg_string(oPKCS11Provider, o->pkcs11_provider); 2638 dump_cfg_string(oPKCS11Provider, o->pkcs11_provider);
2639#endif
2611 dump_cfg_string(oPreferredAuthentications, o->preferred_authentications); 2640 dump_cfg_string(oPreferredAuthentications, o->preferred_authentications);
2612 dump_cfg_string(oPubkeyAcceptedKeyTypes, o->pubkey_key_types); 2641 dump_cfg_string(oPubkeyAcceptedKeyTypes, o->pubkey_key_types);
2613 dump_cfg_string(oRevokedHostKeys, o->revoked_host_keys); 2642 dump_cfg_string(oRevokedHostKeys, o->revoked_host_keys);
diff --git a/regress/Makefile b/regress/Makefile
index c2dba4fdf..b23496b98 100644
--- a/regress/Makefile
+++ b/regress/Makefile
@@ -222,6 +222,7 @@ unit:
222 $$V ${.OBJDIR}/unittests/sshkey/test_sshkey \ 222 $$V ${.OBJDIR}/unittests/sshkey/test_sshkey \
223 -d ${.CURDIR}/unittests/sshkey/testdata ; \ 223 -d ${.CURDIR}/unittests/sshkey/testdata ; \
224 $$V ${.OBJDIR}/unittests/bitmap/test_bitmap ; \ 224 $$V ${.OBJDIR}/unittests/bitmap/test_bitmap ; \
225 $$V ${.OBJDIR}/unittests/conversion/test_conversion ; \
225 $$V ${.OBJDIR}/unittests/kex/test_kex ; \ 226 $$V ${.OBJDIR}/unittests/kex/test_kex ; \
226 $$V ${.OBJDIR}/unittests/hostkeys/test_hostkeys \ 227 $$V ${.OBJDIR}/unittests/hostkeys/test_hostkeys \
227 -d ${.CURDIR}/unittests/hostkeys/testdata ; \ 228 -d ${.CURDIR}/unittests/hostkeys/testdata ; \
diff --git a/regress/agent-getpeereid.sh b/regress/agent-getpeereid.sh
index 91621a59c..34bced154 100644
--- a/regress/agent-getpeereid.sh
+++ b/regress/agent-getpeereid.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: agent-getpeereid.sh,v 1.7 2016/09/26 21:34:38 bluhm Exp $ 1# $OpenBSD: agent-getpeereid.sh,v 1.8 2017/01/06 02:51:16 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="disallow agent attach from other uid" 4tid="disallow agent attach from other uid"
@@ -32,17 +32,17 @@ if [ $r -ne 0 ]; then
32else 32else
33 chmod 644 ${SSH_AUTH_SOCK} 33 chmod 644 ${SSH_AUTH_SOCK}
34 34
35 ssh-add -l > /dev/null 2>&1 35 ${SSHADD} -l > /dev/null 2>&1
36 r=$? 36 r=$?
37 if [ $r -ne 1 ]; then 37 if [ $r -ne 1 ]; then
38 fail "ssh-add failed with $r != 1" 38 fail "ssh-add failed with $r != 1"
39 fi 39 fi
40 if test -z "$sudo" ; then 40 if test -z "$sudo" ; then
41 # doas 41 # doas
42 ${SUDO} -n -u ${UNPRIV} ssh-add -l 2>/dev/null 42 ${SUDO} -n -u ${UNPRIV} ${SSHADD} -l 2>/dev/null
43 else 43 else
44 # sudo 44 # sudo
45 < /dev/null ${SUDO} -S -u ${UNPRIV} ssh-add -l 2>/dev/null 45 < /dev/null ${SUDO} -S -u ${UNPRIV} ${SSHADD} -l 2>/dev/null
46 fi 46 fi
47 r=$? 47 r=$?
48 if [ $r -lt 2 ]; then 48 if [ $r -lt 2 ]; then
diff --git a/regress/allow-deny-users.sh b/regress/allow-deny-users.sh
index 32a269afa..86805e193 100644
--- a/regress/allow-deny-users.sh
+++ b/regress/allow-deny-users.sh
@@ -4,7 +4,7 @@
4tid="AllowUsers/DenyUsers" 4tid="AllowUsers/DenyUsers"
5 5
6me="$LOGNAME" 6me="$LOGNAME"
7if [ "x$me" == "x" ]; then 7if [ "x$me" = "x" ]; then
8 me=`whoami` 8 me=`whoami`
9fi 9fi
10other="nobody" 10other="nobody"
diff --git a/regress/cert-file.sh b/regress/cert-file.sh
index b184e7fea..43b8e0201 100644
--- a/regress/cert-file.sh
+++ b/regress/cert-file.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: cert-file.sh,v 1.4 2016/12/16 02:48:55 djm Exp $ 1# $OpenBSD: cert-file.sh,v 1.5 2017/03/11 23:44:16 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="ssh with certificates" 4tid="ssh with certificates"
@@ -17,24 +17,59 @@ ${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key1 || \
17 fatal "ssh-keygen failed" 17 fatal "ssh-keygen failed"
18${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key2 || \ 18${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key2 || \
19 fatal "ssh-keygen failed" 19 fatal "ssh-keygen failed"
20${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key3 || \
21 fatal "ssh-keygen failed"
22${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key4 || \
23 fatal "ssh-keygen failed"
24${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key5 || \
25 fatal "ssh-keygen failed"
26
20# Move the certificate to a different address to better control 27# Move the certificate to a different address to better control
21# when it is offered. 28# when it is offered.
22${SSHKEYGEN} -q -s $OBJ/user_ca_key1 -I "regress user key for $USER" \ 29${SSHKEYGEN} -q -s $OBJ/user_ca_key1 -I "regress user key for $USER" \
23 -z $$ -n ${USER} $OBJ/user_key1 || 30 -z $$ -n ${USER} $OBJ/user_key1 ||
24 fail "couldn't sign user_key1 with user_ca_key1" 31 fatal "couldn't sign user_key1 with user_ca_key1"
25mv $OBJ/user_key1-cert.pub $OBJ/cert_user_key1_1.pub 32mv $OBJ/user_key1-cert.pub $OBJ/cert_user_key1_1.pub
26${SSHKEYGEN} -q -s $OBJ/user_ca_key2 -I "regress user key for $USER" \ 33${SSHKEYGEN} -q -s $OBJ/user_ca_key2 -I "regress user key for $USER" \
27 -z $$ -n ${USER} $OBJ/user_key1 || 34 -z $$ -n ${USER} $OBJ/user_key1 ||
28 fail "couldn't sign user_key1 with user_ca_key2" 35 fatal "couldn't sign user_key1 with user_ca_key2"
29mv $OBJ/user_key1-cert.pub $OBJ/cert_user_key1_2.pub 36mv $OBJ/user_key1-cert.pub $OBJ/cert_user_key1_2.pub
37${SSHKEYGEN} -q -s $OBJ/user_ca_key1 -I "regress user key for $USER" \
38 -z $$ -n ${USER} $OBJ/user_key3 ||
39 fatal "couldn't sign user_key3 with user_ca_key1"
40rm $OBJ/user_key3.pub # to test use of private key w/o public half.
41${SSHKEYGEN} -q -s $OBJ/user_ca_key1 -I "regress user key for $USER" \
42 -z $$ -n ${USER} $OBJ/user_key4 ||
43 fatal "couldn't sign user_key4 with user_ca_key1"
44rm $OBJ/user_key4 $OBJ/user_key4.pub # to test no matching pub/private key case.
30 45
31trace 'try with identity files' 46trace 'try with identity files'
32opts="-F $OBJ/ssh_proxy -oIdentitiesOnly=yes" 47opts="-F $OBJ/ssh_proxy -oIdentitiesOnly=yes"
33opts2="$opts -i $OBJ/user_key1 -i $OBJ/user_key2" 48opts2="$opts -i $OBJ/user_key1 -i $OBJ/user_key2"
34echo "cert-authority $(cat $OBJ/user_ca_key1.pub)" > $OBJ/authorized_keys_$USER 49echo "cert-authority $(cat $OBJ/user_ca_key1.pub)" > $OBJ/authorized_keys_$USER
35 50
51# Make a clean config that doesn't have any pre-added identities.
52cat $OBJ/ssh_proxy | grep -v IdentityFile > $OBJ/no_identity_config
53
54# XXX: verify that certificate used was what we expect. Needs exposure of
55# keys via enviornment variable or similar.
56
36for p in ${SSH_PROTOCOLS}; do 57for p in ${SSH_PROTOCOLS}; do
58 # Key with no .pub should work - finding the equivalent *-cert.pub.
59 verbose "protocol $p: identity cert with no plain public file"
60 ${SSH} -F $OBJ/no_identity_config -oIdentitiesOnly=yes \
61 -i $OBJ/user_key3 somehost exit 5$p
62 [ $? -ne 5$p ] && fail "ssh failed"
63
64 # CertificateFile matching private key with no .pub file should work.
65 verbose "protocol $p: CertificateFile with no plain public file"
66 ${SSH} -F $OBJ/no_identity_config -oIdentitiesOnly=yes \
67 -oCertificateFile=$OBJ/user_key3-cert.pub \
68 -i $OBJ/user_key3 somehost exit 5$p
69 [ $? -ne 5$p ] && fail "ssh failed"
70
37 # Just keys should fail 71 # Just keys should fail
72 verbose "protocol $p: plain keys"
38 ${SSH} $opts2 somehost exit 5$p 73 ${SSH} $opts2 somehost exit 5$p
39 r=$? 74 r=$?
40 if [ $r -eq 5$p ]; then 75 if [ $r -eq 5$p ]; then
@@ -42,6 +77,7 @@ for p in ${SSH_PROTOCOLS}; do
42 fi 77 fi
43 78
44 # Keys with untrusted cert should fail. 79 # Keys with untrusted cert should fail.
80 verbose "protocol $p: untrusted cert"
45 opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_2.pub" 81 opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_2.pub"
46 ${SSH} $opts3 somehost exit 5$p 82 ${SSH} $opts3 somehost exit 5$p
47 r=$? 83 r=$?
@@ -50,6 +86,7 @@ for p in ${SSH_PROTOCOLS}; do
50 fi 86 fi
51 87
52 # Good cert with bad key should fail. 88 # Good cert with bad key should fail.
89 verbose "protocol $p: good cert, bad key"
53 opts3="$opts -i $OBJ/user_key2" 90 opts3="$opts -i $OBJ/user_key2"
54 opts3="$opts3 -oCertificateFile=$OBJ/cert_user_key1_1.pub" 91 opts3="$opts3 -oCertificateFile=$OBJ/cert_user_key1_1.pub"
55 ${SSH} $opts3 somehost exit 5$p 92 ${SSH} $opts3 somehost exit 5$p
@@ -59,6 +96,7 @@ for p in ${SSH_PROTOCOLS}; do
59 fi 96 fi
60 97
61 # Keys with one trusted cert, should succeed. 98 # Keys with one trusted cert, should succeed.
99 verbose "protocol $p: single trusted"
62 opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_1.pub" 100 opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_1.pub"
63 ${SSH} $opts3 somehost exit 5$p 101 ${SSH} $opts3 somehost exit 5$p
64 r=$? 102 r=$?
@@ -67,6 +105,7 @@ for p in ${SSH_PROTOCOLS}; do
67 fi 105 fi
68 106
69 # Multiple certs and keys, with one trusted cert, should succeed. 107 # Multiple certs and keys, with one trusted cert, should succeed.
108 verbose "protocol $p: multiple trusted"
70 opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_2.pub" 109 opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_2.pub"
71 opts3="$opts3 -oCertificateFile=$OBJ/cert_user_key1_1.pub" 110 opts3="$opts3 -oCertificateFile=$OBJ/cert_user_key1_1.pub"
72 ${SSH} $opts3 somehost exit 5$p 111 ${SSH} $opts3 somehost exit 5$p
@@ -74,14 +113,6 @@ for p in ${SSH_PROTOCOLS}; do
74 if [ $r -ne 5$p ]; then 113 if [ $r -ne 5$p ]; then
75 fail "ssh failed with multiple certs in protocol $p" 114 fail "ssh failed with multiple certs in protocol $p"
76 fi 115 fi
77
78 #Keys with trusted certificate specified in config options, should succeed.
79 opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_1.pub"
80 ${SSH} $opts3 somehost exit 5$p
81 r=$?
82 if [ $r -ne 5$p ]; then
83 fail "ssh failed with trusted cert in config in protocol $p"
84 fi
85done 116done
86 117
87#next, using an agent in combination with the keys 118#next, using an agent in combination with the keys
diff --git a/regress/forwarding.sh b/regress/forwarding.sh
index 592de7bc3..45c596d7d 100644
--- a/regress/forwarding.sh
+++ b/regress/forwarding.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: forwarding.sh,v 1.16 2016/04/14 23:57:17 djm Exp $ 1# $OpenBSD: forwarding.sh,v 1.19 2017/01/30 05:22:14 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="local and remote forwarding" 4tid="local and remote forwarding"
@@ -10,8 +10,7 @@ start_sshd
10base=33 10base=33
11last=$PORT 11last=$PORT
12fwd="" 12fwd=""
13make_tmpdir 13CTL=/tmp/openssh.regress.ctl-sock.$$
14CTL=$TMP/ctl-sock
15 14
16for j in 0 1 2; do 15for j in 0 1 2; do
17 for i in 0 1 2; do 16 for i in 0 1 2; do
@@ -38,7 +37,7 @@ for p in ${SSH_PROTOCOLS}; do
38 test -s ${COPY} || fail "failed copy of ${DATA}" 37 test -s ${COPY} || fail "failed copy of ${DATA}"
39 cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}" 38 cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}"
40 39
41 ${SSH} -S $CTL -O exit somehost 40 ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost
42done 41done
43 42
44for p in ${SSH_PROTOCOLS}; do 43for p in ${SSH_PROTOCOLS}; do
@@ -53,7 +52,7 @@ for d in L R; do
53 -$d ${base}04:127.0.0.1:$PORT \ 52 -$d ${base}04:127.0.0.1:$PORT \
54 -oExitOnForwardFailure=yes somehost true 53 -oExitOnForwardFailure=yes somehost true
55 if [ $? != 0 ]; then 54 if [ $? != 0 ]; then
56 fail "connection failed, should not" 55 fatal "connection failed, should not"
57 else 56 else
58 # this one should fail 57 # this one should fail
59 ${SSH} -q -$p -F $OBJ/ssh_config \ 58 ${SSH} -q -$p -F $OBJ/ssh_config \
@@ -83,11 +82,11 @@ for p in ${SSH_PROTOCOLS}; do
83 fail "connection failed with cleared local forwarding" 82 fail "connection failed with cleared local forwarding"
84 else 83 else
85 # this one should fail 84 # this one should fail
86 ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \ 85 ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 somehost true \
87 >>$TEST_REGRESS_LOGFILE 2>&1 && \ 86 >>$TEST_REGRESS_LOGFILE 2>&1 && \
88 fail "local forwarding not cleared" 87 fail "local forwarding not cleared"
89 fi 88 fi
90 ${SSH} -S $CTL -O exit somehost 89 ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost
91 90
92 trace "clear remote forward proto $p" 91 trace "clear remote forward proto $p"
93 rm -f $CTL 92 rm -f $CTL
@@ -97,11 +96,11 @@ for p in ${SSH_PROTOCOLS}; do
97 fail "connection failed with cleared remote forwarding" 96 fail "connection failed with cleared remote forwarding"
98 else 97 else
99 # this one should fail 98 # this one should fail
100 ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \ 99 ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 somehost true \
101 >>$TEST_REGRESS_LOGFILE 2>&1 && \ 100 >>$TEST_REGRESS_LOGFILE 2>&1 && \
102 fail "remote forwarding not cleared" 101 fail "remote forwarding not cleared"
103 fi 102 fi
104 ${SSH} -S $CTL -O exit somehost 103 ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost
105done 104done
106 105
107for p in 2; do 106for p in 2; do
@@ -127,7 +126,7 @@ for p in ${SSH_PROTOCOLS}; do
127 test -s ${COPY} || fail "failed copy of ${DATA}" 126 test -s ${COPY} || fail "failed copy of ${DATA}"
128 cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}" 127 cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}"
129 128
130 ${SSH} -S $CTL -O exit somehost 129 ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost
131done 130done
132 131
133for p in 2; do 132for p in 2; do
@@ -143,8 +142,8 @@ for p in 2; do
143 test -s ${COPY} || fail "failed copy ${DATA}" 142 test -s ${COPY} || fail "failed copy ${DATA}"
144 cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}" 143 cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}"
145 144
146 ${SSH} -S $CTL -O exit somehost 145 ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost
147 ${SSH} -S $CTL.1 -O exit somehost 146 ${SSH} -F $OBJ/ssh_config -S $CTL.1 -O exit somehost
148 ${SSH} -S $CTL.2 -O exit somehost 147 ${SSH} -F $OBJ/ssh_config -S $CTL.2 -O exit somehost
149 ${SSH} -S $CTL.3 -O exit somehost 148 ${SSH} -F $OBJ/ssh_config -S $CTL.3 -O exit somehost
150done 149done
diff --git a/regress/integrity.sh b/regress/integrity.sh
index fd7d58bcb..ed3783372 100644
--- a/regress/integrity.sh
+++ b/regress/integrity.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: integrity.sh,v 1.19 2016/11/25 02:56:49 dtucker Exp $ 1# $OpenBSD: integrity.sh,v 1.20 2017/01/06 02:26:10 dtucker Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="integrity" 4tid="integrity"
diff --git a/regress/mkdtemp.c b/regress/mkdtemp.c
deleted file mode 100644
index 8c7d2e219..000000000
--- a/regress/mkdtemp.c
+++ /dev/null
@@ -1,59 +0,0 @@
1/*
2 * Copyright (c) 2017 Colin Watson <cjwatson@debian.org>
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16
17/* Roughly equivalent to "mktemp -d -t TEMPLATE", but portable. */
18
19#include "includes.h"
20
21#include <limits.h>
22#include <stdio.h>
23#include <stdlib.h>
24
25#include "log.h"
26
27static void
28usage(void)
29{
30 fprintf(stderr, "mkdtemp template\n");
31 exit(1);
32}
33
34int
35main(int argc, char **argv)
36{
37 const char *base;
38 const char *tmpdir;
39 char template[PATH_MAX];
40 int r;
41 char *dir;
42
43 if (argc != 2)
44 usage();
45 base = argv[1];
46
47 if ((tmpdir = getenv("TMPDIR")) == NULL)
48 tmpdir = "/tmp";
49 r = snprintf(template, sizeof(template), "%s/%s", tmpdir, base);
50 if (r < 0 || (size_t)r >= sizeof(template))
51 fatal("template string too long");
52 dir = mkdtemp(template);
53 if (dir == NULL) {
54 perror("mkdtemp");
55 exit(1);
56 }
57 puts(dir);
58 return 0;
59}
diff --git a/regress/multiplex.sh b/regress/multiplex.sh
index 0ac4065e7..acb9234d9 100644
--- a/regress/multiplex.sh
+++ b/regress/multiplex.sh
@@ -1,8 +1,7 @@
1# $OpenBSD: multiplex.sh,v 1.27 2014/12/22 06:14:29 djm Exp $ 1# $OpenBSD: multiplex.sh,v 1.27 2014/12/22 06:14:29 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4make_tmpdir 4CTL=/tmp/openssh.regress.ctl-sock.$$
5CTL=$TMP/ctl-sock
6 5
7tid="connection multiplexing" 6tid="connection multiplexing"
8 7
diff --git a/regress/test-exec.sh b/regress/test-exec.sh
index 13a8e18f3..dc033cd96 100644
--- a/regress/test-exec.sh
+++ b/regress/test-exec.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: test-exec.sh,v 1.58 2016/12/16 01:06:27 dtucker Exp $ 1# $OpenBSD: test-exec.sh,v 1.59 2017/02/07 23:03:11 dtucker Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4#SUDO=sudo 4#SUDO=sudo
@@ -317,14 +317,6 @@ stop_sshd ()
317 fi 317 fi
318} 318}
319 319
320TMP=
321
322make_tmpdir ()
323{
324 TMP="$($OBJ/mkdtemp openssh-regress-XXXXXXXXXXXX)" || \
325 fatal "failed to create temporary directory"
326}
327
328# helper 320# helper
329cleanup () 321cleanup ()
330{ 322{
@@ -335,9 +327,6 @@ cleanup ()
335 kill $SSH_PID 327 kill $SSH_PID
336 fi 328 fi
337 fi 329 fi
338 if [ "x$TMP" != "x" ]; then
339 rm -rf "$TMP"
340 fi
341 stop_sshd 330 stop_sshd
342} 331}
343 332
@@ -455,12 +444,10 @@ Host *
455 User $USER 444 User $USER
456 GlobalKnownHostsFile $OBJ/known_hosts 445 GlobalKnownHostsFile $OBJ/known_hosts
457 UserKnownHostsFile $OBJ/known_hosts 446 UserKnownHostsFile $OBJ/known_hosts
458 RSAAuthentication yes
459 PubkeyAuthentication yes 447 PubkeyAuthentication yes
460 ChallengeResponseAuthentication no 448 ChallengeResponseAuthentication no
461 HostbasedAuthentication no 449 HostbasedAuthentication no
462 PasswordAuthentication no 450 PasswordAuthentication no
463 RhostsRSAAuthentication no
464 BatchMode yes 451 BatchMode yes
465 StrictHostKeyChecking yes 452 StrictHostKeyChecking yes
466 LogLevel DEBUG3 453 LogLevel DEBUG3
diff --git a/regress/unittests/Makefile b/regress/unittests/Makefile
index e70b16644..e975f6ca4 100644
--- a/regress/unittests/Makefile
+++ b/regress/unittests/Makefile
@@ -1,5 +1,6 @@
1# $OpenBSD: Makefile,v 1.7 2016/08/19 06:44:13 djm Exp $ 1# $OpenBSD: Makefile,v 1.9 2017/03/14 01:20:29 dtucker Exp $
2REGRESS_FAIL_EARLY= yes 2
3SUBDIR= test_helper sshbuf sshkey bitmap kex hostkeys utf8 match 3REGRESS_FAIL_EARLY?= yes
4SUBDIR= test_helper sshbuf sshkey bitmap kex hostkeys utf8 match conversion
4 5
5.include <bsd.subdir.mk> 6.include <bsd.subdir.mk>
diff --git a/regress/unittests/conversion/Makefile b/regress/unittests/conversion/Makefile
new file mode 100644
index 000000000..cde97dc28
--- /dev/null
+++ b/regress/unittests/conversion/Makefile
@@ -0,0 +1,10 @@
1# $OpenBSD: Makefile,v 1.1 2017/03/14 01:20:29 dtucker Exp $
2
3PROG=test_conversion
4SRCS=tests.c
5REGRESS_TARGETS=run-regress-${PROG}
6
7run-regress-${PROG}: ${PROG}
8 env ${TEST_ENV} ./${PROG}
9
10.include <bsd.regress.mk>
diff --git a/regress/unittests/conversion/tests.c b/regress/unittests/conversion/tests.c
new file mode 100644
index 000000000..6dd77ef42
--- /dev/null
+++ b/regress/unittests/conversion/tests.c
@@ -0,0 +1,51 @@
1/* $OpenBSD: tests.c,v 1.1 2017/03/14 01:20:29 dtucker Exp $ */
2/*
3 * Regress test for conversions
4 *
5 * Placed in the public domain
6 */
7
8#include "includes.h"
9
10#include <sys/types.h>
11#include <sys/param.h>
12#include <stdio.h>
13#ifdef HAVE_STDINT_H
14#include <stdint.h>
15#endif
16#include <stdlib.h>
17#include <string.h>
18
19#include "../test_helper/test_helper.h"
20
21#include "misc.h"
22
23void
24tests(void)
25{
26 char buf[1024];
27
28 TEST_START("conversion_convtime");
29 ASSERT_LONG_EQ(convtime("0"), 0);
30 ASSERT_LONG_EQ(convtime("1"), 1);
31 ASSERT_LONG_EQ(convtime("1S"), 1);
32 /* from the examples in the comment above the function */
33 ASSERT_LONG_EQ(convtime("90m"), 5400);
34 ASSERT_LONG_EQ(convtime("1h30m"), 5400);
35 ASSERT_LONG_EQ(convtime("2d"), 172800);
36 ASSERT_LONG_EQ(convtime("1w"), 604800);
37
38 /* negative time is not allowed */
39 ASSERT_LONG_EQ(convtime("-7"), -1);
40 ASSERT_LONG_EQ(convtime("-9d"), -1);
41
42 /* overflow */
43 snprintf(buf, sizeof buf, "%llu", (unsigned long long)LONG_MAX + 1);
44 ASSERT_LONG_EQ(convtime(buf), -1);
45
46 /* overflow with multiplier */
47 snprintf(buf, sizeof buf, "%lluM", (unsigned long long)LONG_MAX/60 + 1);
48 ASSERT_LONG_EQ(convtime(buf), -1);
49 ASSERT_LONG_EQ(convtime("1000000000000000000000w"), -1);
50 TEST_DONE();
51}
diff --git a/regress/unittests/match/tests.c b/regress/unittests/match/tests.c
index 7ff319c16..e1593367b 100644
--- a/regress/unittests/match/tests.c
+++ b/regress/unittests/match/tests.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tests.c,v 1.3 2016/09/21 17:03:54 djm Exp $ */ 1/* $OpenBSD: tests.c,v 1.4 2017/02/03 23:01:42 djm Exp $ */
2/* 2/*
3 * Regress test for matching functions 3 * Regress test for matching functions
4 * 4 *
@@ -103,6 +103,25 @@ tests(void)
103 /* XXX negated ASSERT_INT_EQ(addr_match_list("127.0.0.1", "!127.0.0.2,10.0.0.1"), 1); */ 103 /* XXX negated ASSERT_INT_EQ(addr_match_list("127.0.0.1", "!127.0.0.2,10.0.0.1"), 1); */
104 TEST_DONE(); 104 TEST_DONE();
105 105
106#define CHECK_FILTER(string,filter,expected) \
107 do { \
108 char *result = match_filter_list((string), (filter)); \
109 ASSERT_STRING_EQ(result, expected); \
110 free(result); \
111 } while (0)
112
113 TEST_START("match_filter_list");
114 CHECK_FILTER("a,b,c", "", "a,b,c");
115 CHECK_FILTER("a,b,c", "a", "b,c");
116 CHECK_FILTER("a,b,c", "b", "a,c");
117 CHECK_FILTER("a,b,c", "c", "a,b");
118 CHECK_FILTER("a,b,c", "a,b", "c");
119 CHECK_FILTER("a,b,c", "a,c", "b");
120 CHECK_FILTER("a,b,c", "b,c", "a");
121 CHECK_FILTER("a,b,c", "a,b,c", "");
122 CHECK_FILTER("a,b,c", "b,c", "a");
123 CHECK_FILTER("", "a,b,c", "");
124 TEST_DONE();
106/* 125/*
107 * XXX TODO 126 * XXX TODO
108 * int match_host_and_ip(const char *, const char *, const char *); 127 * int match_host_and_ip(const char *, const char *, const char *);
diff --git a/regress/unittests/test_helper/test_helper.c b/regress/unittests/test_helper/test_helper.c
index 26ca26b5e..f855137fb 100644
--- a/regress/unittests/test_helper/test_helper.c
+++ b/regress/unittests/test_helper/test_helper.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: test_helper.c,v 1.6 2015/03/03 20:42:49 djm Exp $ */ 1/* $OpenBSD: test_helper.c,v 1.7 2017/03/14 01:10:07 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2011 Damien Miller <djm@mindrot.org> 3 * Copyright (c) 2011 Damien Miller <djm@mindrot.org>
4 * 4 *
@@ -442,6 +442,17 @@ assert_u_int(const char *file, int line, const char *a1, const char *a2,
442} 442}
443 443
444void 444void
445assert_long(const char *file, int line, const char *a1, const char *a2,
446 long aa1, long aa2, enum test_predicate pred)
447{
448 TEST_CHECK(aa1, aa2, pred);
449 test_header(file, line, a1, a2, "LONG", pred);
450 fprintf(stderr, "%12s = %ld / 0x%lx\n", a1, aa1, aa1);
451 fprintf(stderr, "%12s = %ld / 0x%lx\n", a2, aa2, aa2);
452 test_die();
453}
454
455void
445assert_long_long(const char *file, int line, const char *a1, const char *a2, 456assert_long_long(const char *file, int line, const char *a1, const char *a2,
446 long long aa1, long long aa2, enum test_predicate pred) 457 long long aa1, long long aa2, enum test_predicate pred)
447{ 458{
diff --git a/regress/unittests/test_helper/test_helper.h b/regress/unittests/test_helper/test_helper.h
index 1d9c66986..615b7832b 100644
--- a/regress/unittests/test_helper/test_helper.h
+++ b/regress/unittests/test_helper/test_helper.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: test_helper.h,v 1.6 2015/01/18 19:52:44 djm Exp $ */ 1/* $OpenBSD: test_helper.h,v 1.7 2017/03/14 01:10:07 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2011 Damien Miller <djm@mindrot.org> 3 * Copyright (c) 2011 Damien Miller <djm@mindrot.org>
4 * 4 *
@@ -67,6 +67,9 @@ void assert_size_t(const char *file, int line,
67void assert_u_int(const char *file, int line, 67void assert_u_int(const char *file, int line,
68 const char *a1, const char *a2, 68 const char *a1, const char *a2,
69 u_int aa1, u_int aa2, enum test_predicate pred); 69 u_int aa1, u_int aa2, enum test_predicate pred);
70void assert_long(const char *file, int line,
71 const char *a1, const char *a2,
72 long aa1, long aa2, enum test_predicate pred);
70void assert_long_long(const char *file, int line, 73void assert_long_long(const char *file, int line,
71 const char *a1, const char *a2, 74 const char *a1, const char *a2,
72 long long aa1, long long aa2, enum test_predicate pred); 75 long long aa1, long long aa2, enum test_predicate pred);
@@ -110,6 +113,8 @@ void assert_u64(const char *file, int line,
110 assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_EQ) 113 assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_EQ)
111#define ASSERT_U_INT_EQ(a1, a2) \ 114#define ASSERT_U_INT_EQ(a1, a2) \
112 assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_EQ) 115 assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_EQ)
116#define ASSERT_LONG_EQ(a1, a2) \
117 assert_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_EQ)
113#define ASSERT_LONG_LONG_EQ(a1, a2) \ 118#define ASSERT_LONG_LONG_EQ(a1, a2) \
114 assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_EQ) 119 assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_EQ)
115#define ASSERT_CHAR_EQ(a1, a2) \ 120#define ASSERT_CHAR_EQ(a1, a2) \
@@ -139,6 +144,8 @@ void assert_u64(const char *file, int line,
139 assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_NE) 144 assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_NE)
140#define ASSERT_U_INT_NE(a1, a2) \ 145#define ASSERT_U_INT_NE(a1, a2) \
141 assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_NE) 146 assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_NE)
147#define ASSERT_LONG_NE(a1, a2) \
148 assert_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_NE)
142#define ASSERT_LONG_LONG_NE(a1, a2) \ 149#define ASSERT_LONG_LONG_NE(a1, a2) \
143 assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_NE) 150 assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_NE)
144#define ASSERT_CHAR_NE(a1, a2) \ 151#define ASSERT_CHAR_NE(a1, a2) \
@@ -166,6 +173,8 @@ void assert_u64(const char *file, int line,
166 assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LT) 173 assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LT)
167#define ASSERT_U_INT_LT(a1, a2) \ 174#define ASSERT_U_INT_LT(a1, a2) \
168 assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LT) 175 assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LT)
176#define ASSERT_LONG_LT(a1, a2) \
177 assert_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LT)
169#define ASSERT_LONG_LONG_LT(a1, a2) \ 178#define ASSERT_LONG_LONG_LT(a1, a2) \
170 assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LT) 179 assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LT)
171#define ASSERT_CHAR_LT(a1, a2) \ 180#define ASSERT_CHAR_LT(a1, a2) \
@@ -193,6 +202,8 @@ void assert_u64(const char *file, int line,
193 assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LE) 202 assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LE)
194#define ASSERT_U_INT_LE(a1, a2) \ 203#define ASSERT_U_INT_LE(a1, a2) \
195 assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LE) 204 assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LE)
205#define ASSERT_LONG_LE(a1, a2) \
206 assert_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LE)
196#define ASSERT_LONG_LONG_LE(a1, a2) \ 207#define ASSERT_LONG_LONG_LE(a1, a2) \
197 assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LE) 208 assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LE)
198#define ASSERT_CHAR_LE(a1, a2) \ 209#define ASSERT_CHAR_LE(a1, a2) \
@@ -220,6 +231,8 @@ void assert_u64(const char *file, int line,
220 assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GT) 231 assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GT)
221#define ASSERT_U_INT_GT(a1, a2) \ 232#define ASSERT_U_INT_GT(a1, a2) \
222 assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GT) 233 assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GT)
234#define ASSERT_LONG_GT(a1, a2) \
235 assert_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GT)
223#define ASSERT_LONG_LONG_GT(a1, a2) \ 236#define ASSERT_LONG_LONG_GT(a1, a2) \
224 assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GT) 237 assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GT)
225#define ASSERT_CHAR_GT(a1, a2) \ 238#define ASSERT_CHAR_GT(a1, a2) \
@@ -247,6 +260,8 @@ void assert_u64(const char *file, int line,
247 assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GE) 260 assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GE)
248#define ASSERT_U_INT_GE(a1, a2) \ 261#define ASSERT_U_INT_GE(a1, a2) \
249 assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GE) 262 assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GE)
263#define ASSERT_LONG_GE(a1, a2) \
264 assert_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GE)
250#define ASSERT_LONG_LONG_GE(a1, a2) \ 265#define ASSERT_LONG_LONG_GE(a1, a2) \
251 assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GE) 266 assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GE)
252#define ASSERT_CHAR_GE(a1, a2) \ 267#define ASSERT_CHAR_GE(a1, a2) \
diff --git a/regress/unittests/utf8/tests.c b/regress/unittests/utf8/tests.c
index 31f9fe9c3..f0bbca509 100644
--- a/regress/unittests/utf8/tests.c
+++ b/regress/unittests/utf8/tests.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tests.c,v 1.3 2016/12/19 04:55:18 djm Exp $ */ 1/* $OpenBSD: tests.c,v 1.4 2017/02/19 00:11:29 djm Exp $ */
2/* 2/*
3 * Regress test for the utf8.h *mprintf() API 3 * Regress test for the utf8.h *mprintf() API
4 * 4 *
@@ -15,10 +15,7 @@
15 15
16#include "utf8.h" 16#include "utf8.h"
17 17
18void badarg(void); 18static void
19void one(const char *, const char *, int, int, int, const char *);
20
21void
22badarg(void) 19badarg(void)
23{ 20{
24 char buf[16]; 21 char buf[16];
@@ -33,8 +30,8 @@ badarg(void)
33 TEST_DONE(); 30 TEST_DONE();
34} 31}
35 32
36void 33static void
37one(const char *name, const char *mbs, int width, 34one(int utf8, const char *name, const char *mbs, int width,
38 int wantwidth, int wantlen, const char *wants) 35 int wantwidth, int wantlen, const char *wants)
39{ 36{
40 char buf[16]; 37 char buf[16];
@@ -43,7 +40,7 @@ one(const char *name, const char *mbs, int width,
43 40
44 if (wantlen == -2) 41 if (wantlen == -2)
45 wantlen = strlen(wants); 42 wantlen = strlen(wants);
46 (void)strlcpy(buf, "utf8_", sizeof(buf)); 43 (void)strlcpy(buf, utf8 ? "utf8_" : "c_", sizeof(buf));
47 (void)strlcat(buf, name, sizeof(buf)); 44 (void)strlcat(buf, name, sizeof(buf));
48 TEST_START(buf); 45 TEST_START(buf);
49 wp = wantwidth == -2 ? NULL : &width; 46 wp = wantwidth == -2 ? NULL : &width;
@@ -65,19 +62,41 @@ tests(void)
65 TEST_DONE(); 62 TEST_DONE();
66 63
67 badarg(); 64 badarg();
68 one("empty", "", 2, 0, 0, ""); 65 one(1, "empty", "", 2, 0, 0, "");
69 one("ascii", "x", -2, -2, -2, "x"); 66 one(1, "ascii", "x", -2, -2, -2, "x");
70 one("newline", "a\nb", -2, -2, -2, "a\nb"); 67 one(1, "newline", "a\nb", -2, -2, -2, "a\nb");
71 one("cr", "a\rb", -2, -2, -2, "a\rb"); 68 one(1, "cr", "a\rb", -2, -2, -2, "a\rb");
72 one("tab", "a\tb", -2, -2, -2, "a\tb"); 69 one(1, "tab", "a\tb", -2, -2, -2, "a\tb");
73 one("esc", "\033x", -2, -2, -2, "\\033x"); 70 one(1, "esc", "\033x", -2, -2, -2, "\\033x");
74 one("inv_badbyte", "\377x", -2, -2, -2, "\\377x"); 71 one(1, "inv_badbyte", "\377x", -2, -2, -2, "\\377x");
75 one("inv_nocont", "\341x", -2, -2, -2, "\\341x"); 72 one(1, "inv_nocont", "\341x", -2, -2, -2, "\\341x");
76 one("inv_nolead", "a\200b", -2, -2, -2, "a\\200b"); 73 one(1, "inv_nolead", "a\200b", -2, -2, -2, "a\\200b");
77 one("sz_ascii", "1234567890123456", -2, -2, 16, "123456789012345"); 74 one(1, "sz_ascii", "1234567890123456", -2, -2, 16, "123456789012345");
78 one("sz_esc", "123456789012\033", -2, -2, 16, "123456789012"); 75 one(1, "sz_esc", "123456789012\033", -2, -2, 16, "123456789012");
79 one("width_ascii", "123", 2, 2, -1, "12"); 76 one(1, "width_ascii", "123", 2, 2, -1, "12");
80 one("width_double", "a\343\201\201", 2, 1, -1, "a"); 77 one(1, "width_double", "a\343\201\201", 2, 1, -1, "a");
81 one("double_fit", "a\343\201\201", 3, 3, 4, "a\343\201\201"); 78 one(1, "double_fit", "a\343\201\201", 3, 3, 4, "a\343\201\201");
82 one("double_spc", "a\343\201\201", 4, 3, 4, "a\343\201\201"); 79 one(1, "double_spc", "a\343\201\201", 4, 3, 4, "a\343\201\201");
80
81 TEST_START("C_setlocale");
82 loc = setlocale(LC_CTYPE, "C");
83 ASSERT_PTR_NE(loc, NULL);
84 TEST_DONE();
85
86 badarg();
87 one(0, "empty", "", 2, 0, 0, "");
88 one(0, "ascii", "x", -2, -2, -2, "x");
89 one(0, "newline", "a\nb", -2, -2, -2, "a\nb");
90 one(0, "cr", "a\rb", -2, -2, -2, "a\rb");
91 one(0, "tab", "a\tb", -2, -2, -2, "a\tb");
92 one(0, "esc", "\033x", -2, -2, -2, "\\033x");
93 one(0, "inv_badbyte", "\377x", -2, -2, -2, "\\377x");
94 one(0, "inv_nocont", "\341x", -2, -2, -2, "\\341x");
95 one(0, "inv_nolead", "a\200b", -2, -2, -2, "a\\200b");
96 one(0, "sz_ascii", "1234567890123456", -2, -2, 16, "123456789012345");
97 one(0, "sz_esc", "123456789012\033", -2, -2, 16, "123456789012");
98 one(0, "width_ascii", "123", 2, 2, -1, "12");
99 one(0, "width_double", "a\343\201\201", 2, 1, -1, "a");
100 one(0, "double_fit", "a\343\201\201", 7, 5, -1, "a\\343");
101 one(0, "double_spc", "a\343\201\201", 13, 13, 13, "a\\343\\201\\201");
83} 102}
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index 62c578d3c..3a1aedce7 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -73,19 +73,35 @@
73# define SECCOMP_FILTER_FAIL SECCOMP_RET_TRAP 73# define SECCOMP_FILTER_FAIL SECCOMP_RET_TRAP
74#endif /* SANDBOX_SECCOMP_FILTER_DEBUG */ 74#endif /* SANDBOX_SECCOMP_FILTER_DEBUG */
75 75
76#if __BYTE_ORDER == __LITTLE_ENDIAN
77# define ARG_LO_OFFSET 0
78# define ARG_HI_OFFSET sizeof(uint32_t)
79#elif __BYTE_ORDER == __BIG_ENDIAN
80# define ARG_LO_OFFSET sizeof(uint32_t)
81# define ARG_HI_OFFSET 0
82#else
83#error "Unknown endianness"
84#endif
85
76/* Simple helpers to avoid manual errors (but larger BPF programs). */ 86/* Simple helpers to avoid manual errors (but larger BPF programs). */
77#define SC_DENY(_nr, _errno) \ 87#define SC_DENY(_nr, _errno) \
78 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 1), \ 88 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (_nr), 0, 1), \
79 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ERRNO|(_errno)) 89 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ERRNO|(_errno))
80#define SC_ALLOW(_nr) \ 90#define SC_ALLOW(_nr) \
81 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 1), \ 91 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (_nr), 0, 1), \
82 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW) 92 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
83#define SC_ALLOW_ARG(_nr, _arg_nr, _arg_val) \ 93#define SC_ALLOW_ARG(_nr, _arg_nr, _arg_val) \
84 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 4), \ 94 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (_nr), 0, 6), \
85 /* load first syscall argument */ \ 95 /* load and test first syscall argument, low word */ \
86 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \ 96 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \
87 offsetof(struct seccomp_data, args[(_arg_nr)])), \ 97 offsetof(struct seccomp_data, args[(_arg_nr)]) + ARG_LO_OFFSET), \
88 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (_arg_val), 0, 1), \ 98 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, \
99 ((_arg_val) & 0xFFFFFFFF), 0, 3), \
100 /* load and test first syscall argument, high word */ \
101 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \
102 offsetof(struct seccomp_data, args[(_arg_nr)]) + ARG_HI_OFFSET), \
103 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, \
104 (((uint32_t)((uint64_t)(_arg_val) >> 32)) & 0xFFFFFFFF), 0, 1), \
89 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), \ 105 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), \
90 /* reload syscall number; all rules expect it in accumulator */ \ 106 /* reload syscall number; all rules expect it in accumulator */ \
91 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \ 107 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \
@@ -104,117 +120,122 @@ static const struct sock_filter preauth_insns[] = {
104 120
105 /* Syscalls to non-fatally deny */ 121 /* Syscalls to non-fatally deny */
106#ifdef __NR_lstat 122#ifdef __NR_lstat
107 SC_DENY(lstat, EACCES), 123 SC_DENY(__NR_lstat, EACCES),
108#endif 124#endif
109#ifdef __NR_lstat64 125#ifdef __NR_lstat64
110 SC_DENY(lstat64, EACCES), 126 SC_DENY(__NR_lstat64, EACCES),
111#endif 127#endif
112#ifdef __NR_fstat 128#ifdef __NR_fstat
113 SC_DENY(fstat, EACCES), 129 SC_DENY(__NR_fstat, EACCES),
114#endif 130#endif
115#ifdef __NR_fstat64 131#ifdef __NR_fstat64
116 SC_DENY(fstat64, EACCES), 132 SC_DENY(__NR_fstat64, EACCES),
117#endif 133#endif
118#ifdef __NR_open 134#ifdef __NR_open
119 SC_DENY(open, EACCES), 135 SC_DENY(__NR_open, EACCES),
120#endif 136#endif
121#ifdef __NR_openat 137#ifdef __NR_openat
122 SC_DENY(openat, EACCES), 138 SC_DENY(__NR_openat, EACCES),
123#endif 139#endif
124#ifdef __NR_newfstatat 140#ifdef __NR_newfstatat
125 SC_DENY(newfstatat, EACCES), 141 SC_DENY(__NR_newfstatat, EACCES),
126#endif 142#endif
127#ifdef __NR_stat 143#ifdef __NR_stat
128 SC_DENY(stat, EACCES), 144 SC_DENY(__NR_stat, EACCES),
129#endif 145#endif
130#ifdef __NR_stat64 146#ifdef __NR_stat64
131 SC_DENY(stat64, EACCES), 147 SC_DENY(__NR_stat64, EACCES),
132#endif 148#endif
133 149
134 /* Syscalls to permit */ 150 /* Syscalls to permit */
135#ifdef __NR_brk 151#ifdef __NR_brk
136 SC_ALLOW(brk), 152 SC_ALLOW(__NR_brk),
137#endif 153#endif
138#ifdef __NR_clock_gettime 154#ifdef __NR_clock_gettime
139 SC_ALLOW(clock_gettime), 155 SC_ALLOW(__NR_clock_gettime),
140# if defined(__x86_64__) && defined(__ILP32__)
141 /* On Linux x32, the clock_gettime VDSO currently falls back to the
142 * x86-64 syscall (see https://bugs.debian.org/849923), so allow
143 * that too.
144 */
145 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K,
146 __NR_clock_gettime & ~__X32_SYSCALL_BIT, 0, 1),
147 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW),
148# endif
149#endif 156#endif
150#ifdef __NR_close 157#ifdef __NR_close
151 SC_ALLOW(close), 158 SC_ALLOW(__NR_close),
152#endif 159#endif
153#ifdef __NR_exit 160#ifdef __NR_exit
154 SC_ALLOW(exit), 161 SC_ALLOW(__NR_exit),
155#endif 162#endif
156#ifdef __NR_exit_group 163#ifdef __NR_exit_group
157 SC_ALLOW(exit_group), 164 SC_ALLOW(__NR_exit_group),
158#endif 165#endif
159#ifdef __NR_getpgid 166#ifdef __NR_getpgid
160 SC_ALLOW(getpgid), 167 SC_ALLOW(__NR_getpgid),
161#endif 168#endif
162#ifdef __NR_getpid 169#ifdef __NR_getpid
163 SC_ALLOW(getpid), 170 SC_ALLOW(__NR_getpid),
164#endif 171#endif
165#ifdef __NR_getrandom 172#ifdef __NR_getrandom
166 SC_ALLOW(getrandom), 173 SC_ALLOW(__NR_getrandom),
167#endif 174#endif
168#ifdef __NR_gettimeofday 175#ifdef __NR_gettimeofday
169 SC_ALLOW(gettimeofday), 176 SC_ALLOW(__NR_gettimeofday),
170#endif 177#endif
171#ifdef __NR_madvise 178#ifdef __NR_madvise
172 SC_ALLOW(madvise), 179 SC_ALLOW(__NR_madvise),
173#endif 180#endif
174#ifdef __NR_mmap 181#ifdef __NR_mmap
175 SC_ALLOW(mmap), 182 SC_ALLOW(__NR_mmap),
176#endif 183#endif
177#ifdef __NR_mmap2 184#ifdef __NR_mmap2
178 SC_ALLOW(mmap2), 185 SC_ALLOW(__NR_mmap2),
179#endif 186#endif
180#ifdef __NR_mremap 187#ifdef __NR_mremap
181 SC_ALLOW(mremap), 188 SC_ALLOW(__NR_mremap),
182#endif 189#endif
183#ifdef __NR_munmap 190#ifdef __NR_munmap
184 SC_ALLOW(munmap), 191 SC_ALLOW(__NR_munmap),
185#endif 192#endif
186#ifdef __NR__newselect 193#ifdef __NR__newselect
187 SC_ALLOW(_newselect), 194 SC_ALLOW(__NR__newselect),
188#endif 195#endif
189#ifdef __NR_poll 196#ifdef __NR_poll
190 SC_ALLOW(poll), 197 SC_ALLOW(__NR_poll),
191#endif 198#endif
192#ifdef __NR_pselect6 199#ifdef __NR_pselect6
193 SC_ALLOW(pselect6), 200 SC_ALLOW(__NR_pselect6),
194#endif 201#endif
195#ifdef __NR_read 202#ifdef __NR_read
196 SC_ALLOW(read), 203 SC_ALLOW(__NR_read),
197#endif 204#endif
198#ifdef __NR_rt_sigprocmask 205#ifdef __NR_rt_sigprocmask
199 SC_ALLOW(rt_sigprocmask), 206 SC_ALLOW(__NR_rt_sigprocmask),
200#endif 207#endif
201#ifdef __NR_select 208#ifdef __NR_select
202 SC_ALLOW(select), 209 SC_ALLOW(__NR_select),
203#endif 210#endif
204#ifdef __NR_shutdown 211#ifdef __NR_shutdown
205 SC_ALLOW(shutdown), 212 SC_ALLOW(__NR_shutdown),
206#endif 213#endif
207#ifdef __NR_sigprocmask 214#ifdef __NR_sigprocmask
208 SC_ALLOW(sigprocmask), 215 SC_ALLOW(__NR_sigprocmask),
209#endif 216#endif
210#ifdef __NR_time 217#ifdef __NR_time
211 SC_ALLOW(time), 218 SC_ALLOW(__NR_time),
212#endif 219#endif
213#ifdef __NR_write 220#ifdef __NR_write
214 SC_ALLOW(write), 221 SC_ALLOW(__NR_write),
215#endif 222#endif
216#ifdef __NR_socketcall 223#ifdef __NR_socketcall
217 SC_ALLOW_ARG(socketcall, 0, SYS_SHUTDOWN), 224 SC_ALLOW_ARG(__NR_socketcall, 0, SYS_SHUTDOWN),
225#endif
226#if defined(__NR_ioctl) && defined(__s390__)
227 /* Allow ioctls for ICA crypto card on s390 */
228 SC_ALLOW_ARG(__NR_ioctl, 1, Z90STAT_STATUS_MASK),
229 SC_ALLOW_ARG(__NR_ioctl, 1, ICARSAMODEXPO),
230 SC_ALLOW_ARG(__NR_ioctl, 1, ICARSACRT),
231#endif
232#if defined(__x86_64__) && defined(__ILP32__) && defined(__X32_SYSCALL_BIT)
233 /*
234 * On Linux x32, the clock_gettime VDSO falls back to the
235 * x86-64 syscall under some circumstances, e.g.
236 * https://bugs.debian.org/849923
237 */
238 SC_ALLOW(__NR_clock_gettime & ~__X32_SYSCALL_BIT);
218#endif 239#endif
219 240
220 /* Default deny */ 241 /* Default deny */
diff --git a/servconf.c b/servconf.c
index 202c45066..1a7a5f182 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
1 1
2/* $OpenBSD: servconf.c,v 1.301 2016/11/30 03:00:05 djm Exp $ */ 2/* $OpenBSD: servconf.c,v 1.306 2017/03/14 07:19:07 djm Exp $ */
3/* 3/*
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * All rights reserved 5 * All rights reserved
@@ -553,7 +553,7 @@ static struct {
553 { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL }, 553 { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL },
554 { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, 554 { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL },
555 { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, 555 { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL },
556 { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, 556 { "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL},
557 { "acceptenv", sAcceptEnv, SSHCFG_ALL }, 557 { "acceptenv", sAcceptEnv, SSHCFG_ALL },
558 { "permittunnel", sPermitTunnel, SSHCFG_ALL }, 558 { "permittunnel", sPermitTunnel, SSHCFG_ALL },
559 { "permittty", sPermitTTY, SSHCFG_ALL }, 559 { "permittty", sPermitTTY, SSHCFG_ALL },
@@ -985,6 +985,15 @@ process_server_config_line(ServerOptions *options, char *line,
985 long long val64; 985 long long val64;
986 const struct multistate *multistate_ptr; 986 const struct multistate *multistate_ptr;
987 987
988 /* Strip trailing whitespace. Allow \f (form feed) at EOL only */
989 if ((len = strlen(line)) == 0)
990 return 0;
991 for (len--; len > 0; len--) {
992 if (strchr(WHITESPACE "\f", line[len]) == NULL)
993 break;
994 line[len] = '\0';
995 }
996
988 cp = line; 997 cp = line;
989 if ((arg = strdelim(&cp)) == NULL) 998 if ((arg = strdelim(&cp)) == NULL)
990 return 0; 999 return 0;
@@ -1187,7 +1196,8 @@ process_server_config_line(ServerOptions *options, char *line,
1187 if (!arg || *arg == '\0') 1196 if (!arg || *arg == '\0')
1188 fatal("%s line %d: Missing argument.", 1197 fatal("%s line %d: Missing argument.",
1189 filename, linenum); 1198 filename, linenum);
1190 if (!sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1)) 1199 if (*arg != '-' &&
1200 !sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1))
1191 fatal("%s line %d: Bad key types '%s'.", 1201 fatal("%s line %d: Bad key types '%s'.",
1192 filename, linenum, arg ? arg : "<NONE>"); 1202 filename, linenum, arg ? arg : "<NONE>");
1193 if (*activep && *charptr == NULL) 1203 if (*activep && *charptr == NULL)
@@ -1391,11 +1401,6 @@ process_server_config_line(ServerOptions *options, char *line,
1391 intptr = &options->disable_forwarding; 1401 intptr = &options->disable_forwarding;
1392 goto parse_flag; 1402 goto parse_flag;
1393 1403
1394 case sUsePrivilegeSeparation:
1395 intptr = &use_privsep;
1396 multistate_ptr = multistate_privsep;
1397 goto parse_multistate;
1398
1399 case sAllowUsers: 1404 case sAllowUsers:
1400 while ((arg = strdelim(&cp)) && *arg != '\0') { 1405 while ((arg = strdelim(&cp)) && *arg != '\0') {
1401 if (options->num_allow_users >= MAX_ALLOW_USERS) 1406 if (options->num_allow_users >= MAX_ALLOW_USERS)
@@ -1454,7 +1459,7 @@ process_server_config_line(ServerOptions *options, char *line,
1454 arg = strdelim(&cp); 1459 arg = strdelim(&cp);
1455 if (!arg || *arg == '\0') 1460 if (!arg || *arg == '\0')
1456 fatal("%s line %d: Missing argument.", filename, linenum); 1461 fatal("%s line %d: Missing argument.", filename, linenum);
1457 if (!ciphers_valid(*arg == '+' ? arg + 1 : arg)) 1462 if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg))
1458 fatal("%s line %d: Bad SSH2 cipher spec '%s'.", 1463 fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
1459 filename, linenum, arg ? arg : "<NONE>"); 1464 filename, linenum, arg ? arg : "<NONE>");
1460 if (options->ciphers == NULL) 1465 if (options->ciphers == NULL)
@@ -1465,7 +1470,7 @@ process_server_config_line(ServerOptions *options, char *line,
1465 arg = strdelim(&cp); 1470 arg = strdelim(&cp);
1466 if (!arg || *arg == '\0') 1471 if (!arg || *arg == '\0')
1467 fatal("%s line %d: Missing argument.", filename, linenum); 1472 fatal("%s line %d: Missing argument.", filename, linenum);
1468 if (!mac_valid(*arg == '+' ? arg + 1 : arg)) 1473 if (*arg != '-' && !mac_valid(*arg == '+' ? arg + 1 : arg))
1469 fatal("%s line %d: Bad SSH2 mac spec '%s'.", 1474 fatal("%s line %d: Bad SSH2 mac spec '%s'.",
1470 filename, linenum, arg ? arg : "<NONE>"); 1475 filename, linenum, arg ? arg : "<NONE>");
1471 if (options->macs == NULL) 1476 if (options->macs == NULL)
@@ -1477,7 +1482,8 @@ process_server_config_line(ServerOptions *options, char *line,
1477 if (!arg || *arg == '\0') 1482 if (!arg || *arg == '\0')
1478 fatal("%s line %d: Missing argument.", 1483 fatal("%s line %d: Missing argument.",
1479 filename, linenum); 1484 filename, linenum);
1480 if (!kex_names_valid(*arg == '+' ? arg + 1 : arg)) 1485 if (*arg != '-' &&
1486 !kex_names_valid(*arg == '+' ? arg + 1 : arg))
1481 fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", 1487 fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.",
1482 filename, linenum, arg ? arg : "<NONE>"); 1488 filename, linenum, arg ? arg : "<NONE>");
1483 if (options->kex_algorithms == NULL) 1489 if (options->kex_algorithms == NULL)
@@ -2127,8 +2133,6 @@ fmt_intarg(ServerOpCodes code, int val)
2127 return fmt_multistate_int(val, multistate_gatewayports); 2133 return fmt_multistate_int(val, multistate_gatewayports);
2128 case sCompression: 2134 case sCompression:
2129 return fmt_multistate_int(val, multistate_compression); 2135 return fmt_multistate_int(val, multistate_compression);
2130 case sUsePrivilegeSeparation:
2131 return fmt_multistate_int(val, multistate_privsep);
2132 case sAllowTcpForwarding: 2136 case sAllowTcpForwarding:
2133 return fmt_multistate_int(val, multistate_tcpfwd); 2137 return fmt_multistate_int(val, multistate_tcpfwd);
2134 case sAllowStreamLocalForwarding: 2138 case sAllowStreamLocalForwarding:
@@ -2179,8 +2183,6 @@ dump_cfg_fmtint(ServerOpCodes code, int val)
2179static void 2183static void
2180dump_cfg_string(ServerOpCodes code, const char *val) 2184dump_cfg_string(ServerOpCodes code, const char *val)
2181{ 2185{
2182 if (val == NULL)
2183 return;
2184 printf("%s %s\n", lookup_opcode_name(code), 2186 printf("%s %s\n", lookup_opcode_name(code),
2185 val == NULL ? "none" : val); 2187 val == NULL ? "none" : val);
2186} 2188}
@@ -2309,7 +2311,6 @@ dump_config(ServerOptions *o)
2309 dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding); 2311 dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding);
2310 dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); 2312 dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding);
2311 dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); 2313 dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
2312 dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
2313 dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); 2314 dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash);
2314 2315
2315 /* string arguments */ 2316 /* string arguments */
diff --git a/serverloop.c b/serverloop.c
index c55d203bc..2976f5594 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: serverloop.c,v 1.189 2016/12/14 00:36:34 djm Exp $ */ 1/* $OpenBSD: serverloop.c,v 1.191 2017/02/01 02:59:09 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -430,7 +430,7 @@ server_input_keep_alive(int type, u_int32_t seq, void *ctxt)
430} 430}
431 431
432static Channel * 432static Channel *
433server_request_direct_tcpip(void) 433server_request_direct_tcpip(int *reason, const char **errmsg)
434{ 434{
435 Channel *c = NULL; 435 Channel *c = NULL;
436 char *target, *originator; 436 char *target, *originator;
@@ -449,11 +449,13 @@ server_request_direct_tcpip(void)
449 if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0 && 449 if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0 &&
450 !no_port_forwarding_flag && !options.disable_forwarding) { 450 !no_port_forwarding_flag && !options.disable_forwarding) {
451 c = channel_connect_to_port(target, target_port, 451 c = channel_connect_to_port(target, target_port,
452 "direct-tcpip", "direct-tcpip"); 452 "direct-tcpip", "direct-tcpip", reason, errmsg);
453 } else { 453 } else {
454 logit("refused local port forward: " 454 logit("refused local port forward: "
455 "originator %s port %d, target %s port %d", 455 "originator %s port %d, target %s port %d",
456 originator, originator_port, target, target_port); 456 originator, originator_port, target, target_port);
457 if (reason != NULL)
458 *reason = SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED;
457 } 459 }
458 460
459 free(originator); 461 free(originator);
@@ -581,7 +583,8 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt)
581{ 583{
582 Channel *c = NULL; 584 Channel *c = NULL;
583 char *ctype; 585 char *ctype;
584 int rchan; 586 const char *errmsg = NULL;
587 int rchan, reason = SSH2_OPEN_CONNECT_FAILED;
585 u_int rmaxpack, rwindow, len; 588 u_int rmaxpack, rwindow, len;
586 589
587 ctype = packet_get_string(&len); 590 ctype = packet_get_string(&len);
@@ -595,7 +598,7 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt)
595 if (strcmp(ctype, "session") == 0) { 598 if (strcmp(ctype, "session") == 0) {
596 c = server_request_session(); 599 c = server_request_session();
597 } else if (strcmp(ctype, "direct-tcpip") == 0) { 600 } else if (strcmp(ctype, "direct-tcpip") == 0) {
598 c = server_request_direct_tcpip(); 601 c = server_request_direct_tcpip(&reason, &errmsg);
599 } else if (strcmp(ctype, "direct-streamlocal@openssh.com") == 0) { 602 } else if (strcmp(ctype, "direct-streamlocal@openssh.com") == 0) {
600 c = server_request_direct_streamlocal(); 603 c = server_request_direct_streamlocal();
601 } else if (strcmp(ctype, "tun@openssh.com") == 0) { 604 } else if (strcmp(ctype, "tun@openssh.com") == 0) {
@@ -618,9 +621,9 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt)
618 debug("server_input_channel_open: failure %s", ctype); 621 debug("server_input_channel_open: failure %s", ctype);
619 packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE); 622 packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE);
620 packet_put_int(rchan); 623 packet_put_int(rchan);
621 packet_put_int(SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED); 624 packet_put_int(reason);
622 if (!(datafellows & SSH_BUG_OPENFAILURE)) { 625 if (!(datafellows & SSH_BUG_OPENFAILURE)) {
623 packet_put_cstring("open failed"); 626 packet_put_cstring(errmsg ? errmsg : "open failed");
624 packet_put_cstring(""); 627 packet_put_cstring("");
625 } 628 }
626 packet_send(); 629 packet_send();
diff --git a/sftp-client.c b/sftp-client.c
index e65c15c8f..a6e832270 100644
--- a/sftp-client.c
+++ b/sftp-client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sftp-client.c,v 1.125 2016/09/12 01:22:38 deraadt Exp $ */ 1/* $OpenBSD: sftp-client.c,v 1.126 2017/01/03 05:46:51 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> 3 * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
4 * 4 *
@@ -67,6 +67,13 @@ extern int showprogress;
67/* Maximum depth to descend in directory trees */ 67/* Maximum depth to descend in directory trees */
68#define MAX_DIR_DEPTH 64 68#define MAX_DIR_DEPTH 64
69 69
70/* Directory separator characters */
71#ifdef HAVE_CYGWIN
72# define SFTP_DIRECTORY_CHARS "/\\"
73#else /* HAVE_CYGWIN */
74# define SFTP_DIRECTORY_CHARS "/"
75#endif /* HAVE_CYGWIN */
76
70struct sftp_conn { 77struct sftp_conn {
71 int fd_in; 78 int fd_in;
72 int fd_out; 79 int fd_out;
@@ -587,6 +594,8 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag,
587 594
588 if ((r = sshbuf_get_u32(msg, &count)) != 0) 595 if ((r = sshbuf_get_u32(msg, &count)) != 0)
589 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 596 fatal("%s: buffer error: %s", __func__, ssh_err(r));
597 if (count > SSHBUF_SIZE_MAX)
598 fatal("%s: nonsensical number of entries", __func__);
590 if (count == 0) 599 if (count == 0)
591 break; 600 break;
592 debug3("Received %d SSH2_FXP_NAME responses", count); 601 debug3("Received %d SSH2_FXP_NAME responses", count);
@@ -617,7 +626,7 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag,
617 * These can be used to attack recursive ops 626 * These can be used to attack recursive ops
618 * (e.g. send '../../../../etc/passwd') 627 * (e.g. send '../../../../etc/passwd')
619 */ 628 */
620 if (strchr(filename, '/') != NULL) { 629 if (strpbrk(filename, SFTP_DIRECTORY_CHARS) != NULL) {
621 error("Server sent suspect path \"%s\" " 630 error("Server sent suspect path \"%s\" "
622 "during readdir of \"%s\"", filename, path); 631 "during readdir of \"%s\"", filename, path);
623 } else if (dir) { 632 } else if (dir) {
diff --git a/sftp.c b/sftp.c
index 2b8fdabfb..76add3908 100644
--- a/sftp.c
+++ b/sftp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sftp.c,v 1.177 2016/10/18 12:41:22 millert Exp $ */ 1/* $OpenBSD: sftp.c,v 1.178 2017/02/15 01:46:47 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> 3 * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
4 * 4 *
@@ -969,23 +969,34 @@ static int
969do_df(struct sftp_conn *conn, const char *path, int hflag, int iflag) 969do_df(struct sftp_conn *conn, const char *path, int hflag, int iflag)
970{ 970{
971 struct sftp_statvfs st; 971 struct sftp_statvfs st;
972 char s_used[FMT_SCALED_STRSIZE]; 972 char s_used[FMT_SCALED_STRSIZE], s_avail[FMT_SCALED_STRSIZE];
973 char s_avail[FMT_SCALED_STRSIZE]; 973 char s_root[FMT_SCALED_STRSIZE], s_total[FMT_SCALED_STRSIZE];
974 char s_root[FMT_SCALED_STRSIZE]; 974 char s_icapacity[16], s_dcapacity[16];
975 char s_total[FMT_SCALED_STRSIZE];
976 unsigned long long ffree;
977 975
978 if (do_statvfs(conn, path, &st, 1) == -1) 976 if (do_statvfs(conn, path, &st, 1) == -1)
979 return -1; 977 return -1;
978 if (st.f_files == 0)
979 strlcpy(s_icapacity, "ERR", sizeof(s_icapacity));
980 else {
981 snprintf(s_icapacity, sizeof(s_icapacity), "%3llu%%",
982 (unsigned long long)(100 * (st.f_files - st.f_ffree) /
983 st.f_files));
984 }
985 if (st.f_blocks == 0)
986 strlcpy(s_dcapacity, "ERR", sizeof(s_dcapacity));
987 else {
988 snprintf(s_dcapacity, sizeof(s_dcapacity), "%3llu%%",
989 (unsigned long long)(100 * (st.f_blocks - st.f_bfree) /
990 st.f_blocks));
991 }
980 if (iflag) { 992 if (iflag) {
981 ffree = st.f_files ? (100 * (st.f_files - st.f_ffree) / st.f_files) : 0;
982 printf(" Inodes Used Avail " 993 printf(" Inodes Used Avail "
983 "(root) %%Capacity\n"); 994 "(root) %%Capacity\n");
984 printf("%11llu %11llu %11llu %11llu %3llu%%\n", 995 printf("%11llu %11llu %11llu %11llu %s\n",
985 (unsigned long long)st.f_files, 996 (unsigned long long)st.f_files,
986 (unsigned long long)(st.f_files - st.f_ffree), 997 (unsigned long long)(st.f_files - st.f_ffree),
987 (unsigned long long)st.f_favail, 998 (unsigned long long)st.f_favail,
988 (unsigned long long)st.f_ffree, ffree); 999 (unsigned long long)st.f_ffree, s_icapacity);
989 } else if (hflag) { 1000 } else if (hflag) {
990 strlcpy(s_used, "error", sizeof(s_used)); 1001 strlcpy(s_used, "error", sizeof(s_used));
991 strlcpy(s_avail, "error", sizeof(s_avail)); 1002 strlcpy(s_avail, "error", sizeof(s_avail));
@@ -996,21 +1007,18 @@ do_df(struct sftp_conn *conn, const char *path, int hflag, int iflag)
996 fmt_scaled(st.f_bfree * st.f_frsize, s_root); 1007 fmt_scaled(st.f_bfree * st.f_frsize, s_root);
997 fmt_scaled(st.f_blocks * st.f_frsize, s_total); 1008 fmt_scaled(st.f_blocks * st.f_frsize, s_total);
998 printf(" Size Used Avail (root) %%Capacity\n"); 1009 printf(" Size Used Avail (root) %%Capacity\n");
999 printf("%7sB %7sB %7sB %7sB %3llu%%\n", 1010 printf("%7sB %7sB %7sB %7sB %s\n",
1000 s_total, s_used, s_avail, s_root, 1011 s_total, s_used, s_avail, s_root, s_dcapacity);
1001 (unsigned long long)(100 * (st.f_blocks - st.f_bfree) /
1002 st.f_blocks));
1003 } else { 1012 } else {
1004 printf(" Size Used Avail " 1013 printf(" Size Used Avail "
1005 "(root) %%Capacity\n"); 1014 "(root) %%Capacity\n");
1006 printf("%12llu %12llu %12llu %12llu %3llu%%\n", 1015 printf("%12llu %12llu %12llu %12llu %s\n",
1007 (unsigned long long)(st.f_frsize * st.f_blocks / 1024), 1016 (unsigned long long)(st.f_frsize * st.f_blocks / 1024),
1008 (unsigned long long)(st.f_frsize * 1017 (unsigned long long)(st.f_frsize *
1009 (st.f_blocks - st.f_bfree) / 1024), 1018 (st.f_blocks - st.f_bfree) / 1024),
1010 (unsigned long long)(st.f_frsize * st.f_bavail / 1024), 1019 (unsigned long long)(st.f_frsize * st.f_bavail / 1024),
1011 (unsigned long long)(st.f_frsize * st.f_bfree / 1024), 1020 (unsigned long long)(st.f_frsize * st.f_bfree / 1024),
1012 (unsigned long long)(100 * (st.f_blocks - st.f_bfree) / 1021 s_dcapacity);
1013 st.f_blocks));
1014 } 1022 }
1015 return 0; 1023 return 0;
1016} 1024}
diff --git a/ssh-agent.c b/ssh-agent.c
index 395213553..b987562b9 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-agent.c,v 1.215 2016/11/30 03:07:37 djm Exp $ */ 1/* $OpenBSD: ssh-agent.c,v 1.218 2017/03/15 03:52:30 deraadt Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -89,7 +89,7 @@
89#endif 89#endif
90 90
91#ifndef DEFAULT_PKCS11_WHITELIST 91#ifndef DEFAULT_PKCS11_WHITELIST
92# define DEFAULT_PKCS11_WHITELIST "/usr/lib/*,/usr/local/lib/*" 92# define DEFAULT_PKCS11_WHITELIST "/usr/lib*/*,/usr/local/lib*/*"
93#endif 93#endif
94 94
95typedef enum { 95typedef enum {
@@ -821,7 +821,7 @@ send:
821static void 821static void
822process_remove_smartcard_key(SocketEntry *e) 822process_remove_smartcard_key(SocketEntry *e)
823{ 823{
824 char *provider = NULL, *pin = NULL; 824 char *provider = NULL, *pin = NULL, canonical_provider[PATH_MAX];
825 int r, version, success = 0; 825 int r, version, success = 0;
826 Identity *id, *nxt; 826 Identity *id, *nxt;
827 Idtab *tab; 827 Idtab *tab;
@@ -831,6 +831,13 @@ process_remove_smartcard_key(SocketEntry *e)
831 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 831 fatal("%s: buffer error: %s", __func__, ssh_err(r));
832 free(pin); 832 free(pin);
833 833
834 if (realpath(provider, canonical_provider) == NULL) {
835 verbose("failed PKCS#11 add of \"%.100s\": realpath: %s",
836 provider, strerror(errno));
837 goto send;
838 }
839
840 debug("%s: remove %.100s", __func__, canonical_provider);
834 for (version = 1; version < 3; version++) { 841 for (version = 1; version < 3; version++) {
835 tab = idtab_lookup(version); 842 tab = idtab_lookup(version);
836 for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) { 843 for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) {
@@ -838,18 +845,19 @@ process_remove_smartcard_key(SocketEntry *e)
838 /* Skip file--based keys */ 845 /* Skip file--based keys */
839 if (id->provider == NULL) 846 if (id->provider == NULL)
840 continue; 847 continue;
841 if (!strcmp(provider, id->provider)) { 848 if (!strcmp(canonical_provider, id->provider)) {
842 TAILQ_REMOVE(&tab->idlist, id, next); 849 TAILQ_REMOVE(&tab->idlist, id, next);
843 free_identity(id); 850 free_identity(id);
844 tab->nentries--; 851 tab->nentries--;
845 } 852 }
846 } 853 }
847 } 854 }
848 if (pkcs11_del_provider(provider) == 0) 855 if (pkcs11_del_provider(canonical_provider) == 0)
849 success = 1; 856 success = 1;
850 else 857 else
851 error("process_remove_smartcard_key:" 858 error("process_remove_smartcard_key:"
852 " pkcs11_del_provider failed"); 859 " pkcs11_del_provider failed");
860send:
853 free(provider); 861 free(provider);
854 send_status(e, success); 862 send_status(e, success);
855} 863}
diff --git a/ssh-keygen.c b/ssh-keygen.c
index a7c1e80b9..f17af036b 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keygen.c,v 1.292 2016/09/12 03:29:16 dtucker Exp $ */ 1/* $OpenBSD: ssh-keygen.c,v 1.299 2017/03/10 04:26:06 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -37,6 +37,7 @@
37#include <string.h> 37#include <string.h>
38#include <unistd.h> 38#include <unistd.h>
39#include <limits.h> 39#include <limits.h>
40#include <locale.h>
40 41
41#include "xmalloc.h" 42#include "xmalloc.h"
42#include "sshkey.h" 43#include "sshkey.h"
@@ -57,6 +58,7 @@
57#include "atomicio.h" 58#include "atomicio.h"
58#include "krl.h" 59#include "krl.h"
59#include "digest.h" 60#include "digest.h"
61#include "utf8.h"
60 62
61#ifdef WITH_OPENSSL 63#ifdef WITH_OPENSSL
62# define DEFAULT_KEY_TYPE_NAME "rsa" 64# define DEFAULT_KEY_TYPE_NAME "rsa"
@@ -843,7 +845,7 @@ fingerprint_one_key(const struct sshkey *public, const char *comment)
843 ra = sshkey_fingerprint(public, fingerprint_hash, SSH_FP_RANDOMART); 845 ra = sshkey_fingerprint(public, fingerprint_hash, SSH_FP_RANDOMART);
844 if (fp == NULL || ra == NULL) 846 if (fp == NULL || ra == NULL)
845 fatal("%s: sshkey_fingerprint failed", __func__); 847 fatal("%s: sshkey_fingerprint failed", __func__);
846 printf("%u %s %s (%s)\n", sshkey_size(public), fp, 848 mprintf("%u %s %s (%s)\n", sshkey_size(public), fp,
847 comment ? comment : "no comment", sshkey_type(public)); 849 comment ? comment : "no comment", sshkey_type(public));
848 if (log_level >= SYSLOG_LEVEL_VERBOSE) 850 if (log_level >= SYSLOG_LEVEL_VERBOSE)
849 printf("%s\n", ra); 851 printf("%s\n", ra);
@@ -1094,7 +1096,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
1094 if (was_hashed || has_wild || l->marker != MRK_NONE) { 1096 if (was_hashed || has_wild || l->marker != MRK_NONE) {
1095 fprintf(ctx->out, "%s\n", l->line); 1097 fprintf(ctx->out, "%s\n", l->line);
1096 if (has_wild && !find_host) { 1098 if (has_wild && !find_host) {
1097 logit("%s:%ld: ignoring host name " 1099 logit("%s:%lu: ignoring host name "
1098 "with wildcard: %.64s", l->path, 1100 "with wildcard: %.64s", l->path,
1099 l->linenum, l->hosts); 1101 l->linenum, l->hosts);
1100 } 1102 }
@@ -1106,6 +1108,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
1106 */ 1108 */
1107 ohosts = hosts = xstrdup(l->hosts); 1109 ohosts = hosts = xstrdup(l->hosts);
1108 while ((cp = strsep(&hosts, ",")) != NULL && *cp != '\0') { 1110 while ((cp = strsep(&hosts, ",")) != NULL && *cp != '\0') {
1111 lowercase(cp);
1109 if ((hashed = host_hash(cp, NULL, 0)) == NULL) 1112 if ((hashed = host_hash(cp, NULL, 0)) == NULL)
1110 fatal("hash_host failed"); 1113 fatal("hash_host failed");
1111 fprintf(ctx->out, "%s %s\n", hashed, l->rawkey); 1114 fprintf(ctx->out, "%s %s\n", hashed, l->rawkey);
@@ -1116,7 +1119,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
1116 case HKF_STATUS_INVALID: 1119 case HKF_STATUS_INVALID:
1117 /* Retain invalid lines, but mark file as invalid. */ 1120 /* Retain invalid lines, but mark file as invalid. */
1118 ctx->invalid = 1; 1121 ctx->invalid = 1;
1119 logit("%s:%ld: invalid line", l->path, l->linenum); 1122 logit("%s:%lu: invalid line", l->path, l->linenum);
1120 /* FALLTHROUGH */ 1123 /* FALLTHROUGH */
1121 default: 1124 default:
1122 fprintf(ctx->out, "%s\n", l->line); 1125 fprintf(ctx->out, "%s\n", l->line);
@@ -1150,14 +1153,14 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
1150 */ 1153 */
1151 ctx->found_key = 1; 1154 ctx->found_key = 1;
1152 if (!quiet) 1155 if (!quiet)
1153 printf("# Host %s found: line %ld\n", 1156 printf("# Host %s found: line %lu\n",
1154 ctx->host, l->linenum); 1157 ctx->host, l->linenum);
1155 } 1158 }
1156 return 0; 1159 return 0;
1157 } else if (find_host) { 1160 } else if (find_host) {
1158 ctx->found_key = 1; 1161 ctx->found_key = 1;
1159 if (!quiet) { 1162 if (!quiet) {
1160 printf("# Host %s found: line %ld %s\n", 1163 printf("# Host %s found: line %lu %s\n",
1161 ctx->host, 1164 ctx->host,
1162 l->linenum, l->marker == MRK_CA ? "CA" : 1165 l->linenum, l->marker == MRK_CA ? "CA" :
1163 (l->marker == MRK_REVOKE ? "REVOKED" : "")); 1166 (l->marker == MRK_REVOKE ? "REVOKED" : ""));
@@ -1166,7 +1169,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
1166 known_hosts_hash(l, ctx); 1169 known_hosts_hash(l, ctx);
1167 else if (print_fingerprint) { 1170 else if (print_fingerprint) {
1168 fp = sshkey_fingerprint(l->key, fptype, rep); 1171 fp = sshkey_fingerprint(l->key, fptype, rep);
1169 printf("%s %s %s %s\n", ctx->host, 1172 mprintf("%s %s %s %s\n", ctx->host,
1170 sshkey_type(l->key), fp, l->comment); 1173 sshkey_type(l->key), fp, l->comment);
1171 free(fp); 1174 free(fp);
1172 } else 1175 } else
@@ -1177,7 +1180,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
1177 /* Retain non-matching hosts when deleting */ 1180 /* Retain non-matching hosts when deleting */
1178 if (l->status == HKF_STATUS_INVALID) { 1181 if (l->status == HKF_STATUS_INVALID) {
1179 ctx->invalid = 1; 1182 ctx->invalid = 1;
1180 logit("%s:%ld: invalid line", l->path, l->linenum); 1183 logit("%s:%lu: invalid line", l->path, l->linenum);
1181 } 1184 }
1182 fprintf(ctx->out, "%s\n", l->line); 1185 fprintf(ctx->out, "%s\n", l->line);
1183 } 1186 }
@@ -1317,7 +1320,7 @@ do_change_passphrase(struct passwd *pw)
1317 fatal("Failed to load key %s: %s", identity_file, ssh_err(r)); 1320 fatal("Failed to load key %s: %s", identity_file, ssh_err(r));
1318 } 1321 }
1319 if (comment) 1322 if (comment)
1320 printf("Key has comment '%s'\n", comment); 1323 mprintf("Key has comment '%s'\n", comment);
1321 1324
1322 /* Ask the new passphrase (twice). */ 1325 /* Ask the new passphrase (twice). */
1323 if (identity_new_passphrase) { 1326 if (identity_new_passphrase) {
@@ -1441,7 +1444,10 @@ do_change_comment(struct passwd *pw)
1441 sshkey_free(private); 1444 sshkey_free(private);
1442 exit(1); 1445 exit(1);
1443 } 1446 }
1444 printf("Key now has comment '%s'\n", comment); 1447 if (comment)
1448 printf("Key now has comment '%s'\n", comment);
1449 else
1450 printf("Key now has no comment\n");
1445 1451
1446 if (identity_comment) { 1452 if (identity_comment) {
1447 strlcpy(new_comment, identity_comment, sizeof(new_comment)); 1453 strlcpy(new_comment, identity_comment, sizeof(new_comment));
@@ -2203,11 +2209,17 @@ do_check_krl(struct passwd *pw, int argc, char **argv)
2203 exit(ret); 2209 exit(ret);
2204} 2210}
2205 2211
2212#ifdef WITH_SSH1
2213# define RSA1_USAGE " | rsa1"
2214#else
2215# define RSA1_USAGE ""
2216#endif
2217
2206static void 2218static void
2207usage(void) 2219usage(void)
2208{ 2220{
2209 fprintf(stderr, 2221 fprintf(stderr,
2210 "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]\n" 2222 "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa%s]\n"
2211 " [-N new_passphrase] [-C comment] [-f output_keyfile]\n" 2223 " [-N new_passphrase] [-C comment] [-f output_keyfile]\n"
2212 " ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]\n" 2224 " ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]\n"
2213 " ssh-keygen -i [-m key_format] [-f input_keyfile]\n" 2225 " ssh-keygen -i [-m key_format] [-f input_keyfile]\n"
@@ -2215,7 +2227,7 @@ usage(void)
2215 " ssh-keygen -y [-f input_keyfile]\n" 2227 " ssh-keygen -y [-f input_keyfile]\n"
2216 " ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n" 2228 " ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n"
2217 " ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]\n" 2229 " ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]\n"
2218 " ssh-keygen -B [-f input_keyfile]\n"); 2230 " ssh-keygen -B [-f input_keyfile]\n", RSA1_USAGE);
2219#ifdef ENABLE_PKCS11 2231#ifdef ENABLE_PKCS11
2220 fprintf(stderr, 2232 fprintf(stderr,
2221 " ssh-keygen -D pkcs11\n"); 2233 " ssh-keygen -D pkcs11\n");
@@ -2280,6 +2292,8 @@ main(int argc, char **argv)
2280 2292
2281 seed_rng(); 2293 seed_rng();
2282 2294
2295 msetlocale();
2296
2283 /* we need this for the home * directory. */ 2297 /* we need this for the home * directory. */
2284 pw = getpwuid(getuid()); 2298 pw = getpwuid(getuid());
2285 if (!pw) 2299 if (!pw)
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 24b51ff12..1f95239a3 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keyscan.c,v 1.106 2016/05/02 10:26:04 djm Exp $ */ 1/* $OpenBSD: ssh-keyscan.c,v 1.109 2017/03/10 04:26:06 djm Exp $ */
2/* 2/*
3 * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. 3 * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
4 * 4 *
@@ -327,6 +327,7 @@ keyprint_one(const char *host, struct sshkey *key)
327 const char *known_host, *hashed; 327 const char *known_host, *hashed;
328 328
329 hostport = put_host_port(host, ssh_port); 329 hostport = put_host_port(host, ssh_port);
330 lowercase(hostport);
330 if (hash_hosts && (hashed = host_hash(host, NULL, 0)) == NULL) 331 if (hash_hosts && (hashed = host_hash(host, NULL, 0)) == NULL)
331 fatal("host_hash failed"); 332 fatal("host_hash failed");
332 known_host = hash_hosts ? hashed : hostport; 333 known_host = hash_hosts ? hashed : hostport;
@@ -753,10 +754,13 @@ main(int argc, char **argv)
753 tname = strtok(optarg, ","); 754 tname = strtok(optarg, ",");
754 while (tname) { 755 while (tname) {
755 int type = sshkey_type_from_name(tname); 756 int type = sshkey_type_from_name(tname);
757
756 switch (type) { 758 switch (type) {
759#ifdef WITH_SSH1
757 case KEY_RSA1: 760 case KEY_RSA1:
758 get_keytypes |= KT_RSA1; 761 get_keytypes |= KT_RSA1;
759 break; 762 break;
763#endif
760 case KEY_DSA: 764 case KEY_DSA:
761 get_keytypes |= KT_DSA; 765 get_keytypes |= KT_DSA;
762 break; 766 break;
@@ -770,7 +774,8 @@ main(int argc, char **argv)
770 get_keytypes |= KT_ED25519; 774 get_keytypes |= KT_ED25519;
771 break; 775 break;
772 case KEY_UNSPEC: 776 case KEY_UNSPEC:
773 fatal("unknown key type %s", tname); 777 default:
778 fatal("Unknown key type \"%s\"", tname);
774 } 779 }
775 tname = strtok(NULL, ","); 780 tname = strtok(NULL, ",");
776 } 781 }
diff --git a/ssh.c b/ssh.c
index 39609e796..b65f35ac5 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh.c,v 1.448 2016/12/06 07:48:01 djm Exp $ */ 1/* $OpenBSD: ssh.c,v 1.451 2017/03/10 04:07:20 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -684,11 +684,11 @@ main(int ac, char **av)
684 else if (strcmp(optarg, "kex") == 0) 684 else if (strcmp(optarg, "kex") == 0)
685 cp = kex_alg_list('\n'); 685 cp = kex_alg_list('\n');
686 else if (strcmp(optarg, "key") == 0) 686 else if (strcmp(optarg, "key") == 0)
687 cp = sshkey_alg_list(0, 0, '\n'); 687 cp = sshkey_alg_list(0, 0, 0, '\n');
688 else if (strcmp(optarg, "key-cert") == 0) 688 else if (strcmp(optarg, "key-cert") == 0)
689 cp = sshkey_alg_list(1, 0, '\n'); 689 cp = sshkey_alg_list(1, 0, 0, '\n');
690 else if (strcmp(optarg, "key-plain") == 0) 690 else if (strcmp(optarg, "key-plain") == 0)
691 cp = sshkey_alg_list(0, 1, '\n'); 691 cp = sshkey_alg_list(0, 1, 0, '\n');
692 else if (strcmp(optarg, "protocol-version") == 0) { 692 else if (strcmp(optarg, "protocol-version") == 0) {
693#ifdef WITH_SSH1 693#ifdef WITH_SSH1
694 cp = xstrdup("1\n2"); 694 cp = xstrdup("1\n2");
@@ -1103,7 +1103,7 @@ main(int ac, char **av)
1103 options.proxy_use_fdpass = 0; 1103 options.proxy_use_fdpass = 0;
1104 snprintf(port_s, sizeof(port_s), "%d", options.jump_port); 1104 snprintf(port_s, sizeof(port_s), "%d", options.jump_port);
1105 xasprintf(&options.proxy_command, 1105 xasprintf(&options.proxy_command,
1106 "ssh%s%s%s%s%s%s%s%s%s%.*s -W %%h:%%p %s", 1106 "ssh%s%s%s%s%s%s%s%s%s%.*s -W '[%%h]:%%p' %s",
1107 /* Optional "-l user" argument if jump_user set */ 1107 /* Optional "-l user" argument if jump_user set */
1108 options.jump_user == NULL ? "" : " -l ", 1108 options.jump_user == NULL ? "" : " -l ",
1109 options.jump_user == NULL ? "" : options.jump_user, 1109 options.jump_user == NULL ? "" : options.jump_user,
diff --git a/ssh_config.0 b/ssh_config.0
index 4ca9a5ff8..ade8e6562 100644
--- a/ssh_config.0
+++ b/ssh_config.0
@@ -201,7 +201,9 @@ DESCRIPTION
201 preference. Multiple ciphers must be comma-separated. If the 201 preference. Multiple ciphers must be comma-separated. If the
202 specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified 202 specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified
203 ciphers will be appended to the default set instead of replacing 203 ciphers will be appended to the default set instead of replacing
204 them. 204 them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then
205 the specified ciphers (including wildcards) will be removed from
206 the default set instead of replacing them.
205 207
206 The supported ciphers are: 208 The supported ciphers are:
207 209
@@ -448,7 +450,10 @@ DESCRIPTION
448 authentication as a comma-separated pattern list. Alternately if 450 authentication as a comma-separated pattern list. Alternately if
449 the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the 451 the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the
450 specified key types will be appended to the default set instead 452 specified key types will be appended to the default set instead
451 of replacing them. The default for this option is: 453 of replacing them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y
454 character, then the specified key types (including wildcards)
455 will be removed from the default set instead of replacing them.
456 The default for this option is:
452 457
453 ecdsa-sha2-nistp256-cert-v01@openssh.com, 458 ecdsa-sha2-nistp256-cert-v01@openssh.com,
454 ecdsa-sha2-nistp384-cert-v01@openssh.com, 459 ecdsa-sha2-nistp384-cert-v01@openssh.com,
@@ -464,8 +469,10 @@ DESCRIPTION
464 Specifies the host key algorithms that the client wants to use in 469 Specifies the host key algorithms that the client wants to use in
465 order of preference. Alternately if the specified value begins 470 order of preference. Alternately if the specified value begins
466 with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified key types will be 471 with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified key types will be
467 appended to the default set instead of replacing them. The 472 appended to the default set instead of replacing them. If the
468 default for this option is: 473 specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified
474 key types (including wildcards) will be removed from the default
475 set instead of replacing them. The default for this option is:
469 476
470 ecdsa-sha2-nistp256-cert-v01@openssh.com, 477 ecdsa-sha2-nistp256-cert-v01@openssh.com,
471 ecdsa-sha2-nistp384-cert-v01@openssh.com, 478 ecdsa-sha2-nistp384-cert-v01@openssh.com,
@@ -591,7 +598,9 @@ DESCRIPTION
591 algorithms must be comma-separated. Alternately if the specified 598 algorithms must be comma-separated. Alternately if the specified
592 value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods 599 value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods
593 will be appended to the default set instead of replacing them. 600 will be appended to the default set instead of replacing them.
594 The default is: 601 If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the
602 specified methods (including wildcards) will be removed from the
603 default set instead of replacing them. The default is:
595 604
596 curve25519-sha256,curve25519-sha256@libssh.org, 605 curve25519-sha256,curve25519-sha256@libssh.org,
597 ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, 606 ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
@@ -644,7 +653,10 @@ DESCRIPTION
644 integrity protection. Multiple algorithms must be comma- 653 integrity protection. Multiple algorithms must be comma-
645 separated. If the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, 654 separated. If the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character,
646 then the specified algorithms will be appended to the default set 655 then the specified algorithms will be appended to the default set
647 instead of replacing them. 656 instead of replacing them. If the specified value begins with a
657 M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified algorithms (including
658 wildcards) will be removed from the default set instead of
659 replacing them.
648 660
649 The algorithms that contain "-etm" calculate the MAC after 661 The algorithms that contain "-etm" calculate the MAC after
650 encryption (encrypt-then-mac). These are considered safer and 662 encryption (encrypt-then-mac). These are considered safer and
@@ -667,7 +679,7 @@ DESCRIPTION
667 machine on each of the machines and the user will get many 679 machine on each of the machines and the user will get many
668 warnings about changed host keys. However, this option disables 680 warnings about changed host keys. However, this option disables
669 host authentication for localhost. The argument to this keyword 681 host authentication for localhost. The argument to this keyword
670 must be yes or no. (the default). 682 must be yes or no (the default).
671 683
672 NumberOfPasswordPrompts 684 NumberOfPasswordPrompts
673 Specifies the number of password prompts before giving up. The 685 Specifies the number of password prompts before giving up. The
@@ -753,7 +765,10 @@ DESCRIPTION
753 authentication as a comma-separated pattern list. Alternately if 765 authentication as a comma-separated pattern list. Alternately if
754 the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the key 766 the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the key
755 types after it will be appended to the default instead of 767 types after it will be appended to the default instead of
756 replacing it. The default for this option is: 768 replacing it. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y
769 character, then the specified key types (including wildcards)
770 will be removed from the default set instead of replacing them.
771 The default for this option is:
757 772
758 ecdsa-sha2-nistp256-cert-v01@openssh.com, 773 ecdsa-sha2-nistp256-cert-v01@openssh.com,
759 ecdsa-sha2-nistp384-cert-v01@openssh.com, 774 ecdsa-sha2-nistp384-cert-v01@openssh.com,
@@ -1074,4 +1089,4 @@ AUTHORS
1074 created OpenSSH. Markus Friedl contributed the support for SSH protocol 1089 created OpenSSH. Markus Friedl contributed the support for SSH protocol
1075 versions 1.5 and 2.0. 1090 versions 1.5 and 2.0.
1076 1091
1077OpenBSD 6.0 October 15, 2016 OpenBSD 6.0 1092OpenBSD 6.0 February 27, 2017 OpenBSD 6.0
diff --git a/ssh_config.5 b/ssh_config.5
index 26f983a3e..fc13fa510 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: ssh_config.5,v 1.240 2016/10/15 19:56:25 jmc Exp $ 36.\" $OpenBSD: ssh_config.5,v 1.242 2017/02/27 14:30:33 jmc Exp $
37.Dd $Mdocdate: October 15 2016 $ 37.Dd $Mdocdate: February 27 2017 $
38.Dt SSH_CONFIG 5 38.Dt SSH_CONFIG 5
39.Os 39.Os
40.Sh NAME 40.Sh NAME
@@ -435,6 +435,10 @@ If the specified value begins with a
435.Sq + 435.Sq +
436character, then the specified ciphers will be appended to the default set 436character, then the specified ciphers will be appended to the default set
437instead of replacing them. 437instead of replacing them.
438If the specified value begins with a
439.Sq -
440character, then the specified ciphers (including wildcards) will be removed
441from the default set instead of replacing them.
438.Pp 442.Pp
439The supported ciphers are: 443The supported ciphers are:
440.Bd -literal -offset indent 444.Bd -literal -offset indent
@@ -840,6 +844,10 @@ Alternately if the specified value begins with a
840.Sq + 844.Sq +
841character, then the specified key types will be appended to the default set 845character, then the specified key types will be appended to the default set
842instead of replacing them. 846instead of replacing them.
847If the specified value begins with a
848.Sq -
849character, then the specified key types (including wildcards) will be removed
850from the default set instead of replacing them.
843The default for this option is: 851The default for this option is:
844.Bd -literal -offset 3n 852.Bd -literal -offset 3n
845ecdsa-sha2-nistp256-cert-v01@openssh.com, 853ecdsa-sha2-nistp256-cert-v01@openssh.com,
@@ -863,6 +871,10 @@ Alternately if the specified value begins with a
863.Sq + 871.Sq +
864character, then the specified key types will be appended to the default set 872character, then the specified key types will be appended to the default set
865instead of replacing them. 873instead of replacing them.
874If the specified value begins with a
875.Sq -
876character, then the specified key types (including wildcards) will be removed
877from the default set instead of replacing them.
866The default for this option is: 878The default for this option is:
867.Bd -literal -offset 3n 879.Bd -literal -offset 3n
868ecdsa-sha2-nistp256-cert-v01@openssh.com, 880ecdsa-sha2-nistp256-cert-v01@openssh.com,
@@ -1083,6 +1095,10 @@ Alternately if the specified value begins with a
1083.Sq + 1095.Sq +
1084character, then the specified methods will be appended to the default set 1096character, then the specified methods will be appended to the default set
1085instead of replacing them. 1097instead of replacing them.
1098If the specified value begins with a
1099.Sq -
1100character, then the specified methods (including wildcards) will be removed
1101from the default set instead of replacing them.
1086The default is: 1102The default is:
1087.Bd -literal -offset indent 1103.Bd -literal -offset indent
1088curve25519-sha256,curve25519-sha256@libssh.org, 1104curve25519-sha256,curve25519-sha256@libssh.org,
@@ -1158,6 +1174,10 @@ If the specified value begins with a
1158.Sq + 1174.Sq +
1159character, then the specified algorithms will be appended to the default set 1175character, then the specified algorithms will be appended to the default set
1160instead of replacing them. 1176instead of replacing them.
1177If the specified value begins with a
1178.Sq -
1179character, then the specified algorithms (including wildcards) will be removed
1180from the default set instead of replacing them.
1161.Pp 1181.Pp
1162The algorithms that contain 1182The algorithms that contain
1163.Qq -etm 1183.Qq -etm
@@ -1183,7 +1203,7 @@ However, this option disables host authentication for localhost.
1183The argument to this keyword must be 1203The argument to this keyword must be
1184.Cm yes 1204.Cm yes
1185or 1205or
1186.Cm no . 1206.Cm no
1187(the default). 1207(the default).
1188.It Cm NumberOfPasswordPrompts 1208.It Cm NumberOfPasswordPrompts
1189Specifies the number of password prompts before giving up. 1209Specifies the number of password prompts before giving up.
@@ -1320,6 +1340,10 @@ Alternately if the specified value begins with a
1320.Sq + 1340.Sq +
1321character, then the key types after it will be appended to the default 1341character, then the key types after it will be appended to the default
1322instead of replacing it. 1342instead of replacing it.
1343If the specified value begins with a
1344.Sq -
1345character, then the specified key types (including wildcards) will be removed
1346from the default set instead of replacing them.
1323The default for this option is: 1347The default for this option is:
1324.Bd -literal -offset 3n 1348.Bd -literal -offset 3n
1325ecdsa-sha2-nistp256-cert-v01@openssh.com, 1349ecdsa-sha2-nistp256-cert-v01@openssh.com,
diff --git a/sshconnect.c b/sshconnect.c
index c64c51bbb..120f09458 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect.c,v 1.272 2016/09/12 01:22:38 deraadt Exp $ */ 1/* $OpenBSD: sshconnect.c,v 1.273 2017/03/10 03:22:40 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1538,6 +1538,7 @@ maybe_add_key_to_agent(char *authfile, Key *private, char *comment,
1538 if (options.add_keys_to_agent == 2 && 1538 if (options.add_keys_to_agent == 2 &&
1539 !ask_permission("Add key %s (%s) to agent?", authfile, comment)) { 1539 !ask_permission("Add key %s (%s) to agent?", authfile, comment)) {
1540 debug3("user denied adding this key"); 1540 debug3("user denied adding this key");
1541 close(auth_sock);
1541 return; 1542 return;
1542 } 1543 }
1543 1544
@@ -1546,4 +1547,5 @@ maybe_add_key_to_agent(char *authfile, Key *private, char *comment,
1546 debug("identity added to agent: %s", authfile); 1547 debug("identity added to agent: %s", authfile);
1547 else 1548 else
1548 debug("could not add identity to agent: %s (%d)", authfile, r); 1549 debug("could not add identity to agent: %s (%d)", authfile, r);
1550 close(auth_sock);
1549} 1551}
diff --git a/sshconnect1.c b/sshconnect1.c
index a04536184..dc00b4cd0 100644
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect1.c,v 1.79 2016/09/19 07:52:42 natano Exp $ */ 1/* $OpenBSD: sshconnect1.c,v 1.80 2017/03/10 03:53:11 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -520,7 +520,8 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
520 cookie[i] = packet_get_char(); 520 cookie[i] = packet_get_char();
521 521
522 /* Get the public key. */ 522 /* Get the public key. */
523 server_key = key_new(KEY_RSA1); 523 if ((server_key = key_new(KEY_RSA1)) == NULL)
524 fatal("%s: key_new(KEY_RSA1) failed", __func__);
524 bits = packet_get_int(); 525 bits = packet_get_int();
525 packet_get_bignum(server_key->rsa->e); 526 packet_get_bignum(server_key->rsa->e);
526 packet_get_bignum(server_key->rsa->n); 527 packet_get_bignum(server_key->rsa->n);
@@ -532,7 +533,8 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
532 logit("Warning: This may be due to an old implementation of ssh."); 533 logit("Warning: This may be due to an old implementation of ssh.");
533 } 534 }
534 /* Get the host key. */ 535 /* Get the host key. */
535 host_key = key_new(KEY_RSA1); 536 if ((host_key = key_new(KEY_RSA1)) == NULL)
537 fatal("%s: key_new(KEY_RSA1) failed", __func__);
536 bits = packet_get_int(); 538 bits = packet_get_int();
537 packet_get_bignum(host_key->rsa->e); 539 packet_get_bignum(host_key->rsa->e);
538 packet_get_bignum(host_key->rsa->n); 540 packet_get_bignum(host_key->rsa->n);
diff --git a/sshconnect2.c b/sshconnect2.c
index c35a0bd50..5743c2c41 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect2.c,v 1.251 2016/12/04 23:54:02 djm Exp $ */ 1/* $OpenBSD: sshconnect2.c,v 1.255 2017/03/11 23:40:26 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2008 Damien Miller. All rights reserved. 4 * Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -227,8 +227,8 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
227#endif 227#endif
228 228
229 if (options.rekey_limit || options.rekey_interval) 229 if (options.rekey_limit || options.rekey_interval)
230 packet_set_rekey_limits((u_int32_t)options.rekey_limit, 230 packet_set_rekey_limits(options.rekey_limit,
231 (time_t)options.rekey_interval); 231 options.rekey_interval);
232 232
233 /* start key exchange */ 233 /* start key exchange */
234 if ((r = kex_setup(active_state, myproposal)) != 0) 234 if ((r = kex_setup(active_state, myproposal)) != 0)
@@ -1057,14 +1057,14 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
1057 Authctxt *authctxt = ctxt; 1057 Authctxt *authctxt = ctxt;
1058 char *info, *lang, *password = NULL, *retype = NULL; 1058 char *info, *lang, *password = NULL, *retype = NULL;
1059 char prompt[150]; 1059 char prompt[150];
1060 const char *host = options.host_key_alias ? options.host_key_alias : 1060 const char *host;
1061 authctxt->host;
1062 1061
1063 debug2("input_userauth_passwd_changereq"); 1062 debug2("input_userauth_passwd_changereq");
1064 1063
1065 if (authctxt == NULL) 1064 if (authctxt == NULL)
1066 fatal("input_userauth_passwd_changereq: " 1065 fatal("input_userauth_passwd_changereq: "
1067 "no authentication context"); 1066 "no authentication context");
1067 host = options.host_key_alias ? options.host_key_alias : authctxt->host;
1068 1068
1069 info = packet_get_string(NULL); 1069 info = packet_get_string(NULL);
1070 lang = packet_get_string(NULL); 1070 lang = packet_get_string(NULL);
@@ -1119,11 +1119,11 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
1119} 1119}
1120 1120
1121static const char * 1121static const char *
1122identity_sign_encode(struct identity *id) 1122key_sign_encode(const struct sshkey *key)
1123{ 1123{
1124 struct ssh *ssh = active_state; 1124 struct ssh *ssh = active_state;
1125 1125
1126 if (id->key->type == KEY_RSA) { 1126 if (key->type == KEY_RSA) {
1127 switch (ssh->kex->rsa_sha2) { 1127 switch (ssh->kex->rsa_sha2) {
1128 case 256: 1128 case 256:
1129 return "rsa-sha2-256"; 1129 return "rsa-sha2-256";
@@ -1131,7 +1131,7 @@ identity_sign_encode(struct identity *id)
1131 return "rsa-sha2-512"; 1131 return "rsa-sha2-512";
1132 } 1132 }
1133 } 1133 }
1134 return key_ssh_name(id->key); 1134 return key_ssh_name(key);
1135} 1135}
1136 1136
1137static int 1137static int
@@ -1140,31 +1140,50 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp,
1140{ 1140{
1141 Key *prv; 1141 Key *prv;
1142 int ret; 1142 int ret;
1143 const char *alg;
1144
1145 alg = identity_sign_encode(id);
1146 1143
1147 /* the agent supports this key */ 1144 /* the agent supports this key */
1148 if (id->agent_fd != -1) 1145 if (id->key != NULL && id->agent_fd != -1)
1149 return ssh_agent_sign(id->agent_fd, id->key, sigp, lenp, 1146 return ssh_agent_sign(id->agent_fd, id->key, sigp, lenp,
1150 data, datalen, alg, compat); 1147 data, datalen, key_sign_encode(id->key), compat);
1151 1148
1152 /* 1149 /*
1153 * we have already loaded the private key or 1150 * we have already loaded the private key or
1154 * the private key is stored in external hardware 1151 * the private key is stored in external hardware
1155 */ 1152 */
1156 if (id->isprivate || (id->key->flags & SSHKEY_FLAG_EXT)) 1153 if (id->key != NULL &&
1157 return (sshkey_sign(id->key, sigp, lenp, data, datalen, alg, 1154 (id->isprivate || (id->key->flags & SSHKEY_FLAG_EXT)))
1158 compat)); 1155 return (sshkey_sign(id->key, sigp, lenp, data, datalen,
1156 key_sign_encode(id->key), compat));
1157
1159 /* load the private key from the file */ 1158 /* load the private key from the file */
1160 if ((prv = load_identity_file(id)) == NULL) 1159 if ((prv = load_identity_file(id)) == NULL)
1161 return SSH_ERR_KEY_NOT_FOUND; 1160 return SSH_ERR_KEY_NOT_FOUND;
1162 ret = sshkey_sign(prv, sigp, lenp, data, datalen, alg, compat); 1161 ret = sshkey_sign(prv, sigp, lenp, data, datalen,
1162 key_sign_encode(prv), compat);
1163 sshkey_free(prv); 1163 sshkey_free(prv);
1164 return (ret); 1164 return (ret);
1165} 1165}
1166 1166
1167static int 1167static int
1168id_filename_matches(Identity *id, Identity *private_id)
1169{
1170 const char *suffixes[] = { ".pub", "-cert.pub", NULL };
1171 size_t len = strlen(id->filename), plen = strlen(private_id->filename);
1172 size_t i, slen;
1173
1174 if (strcmp(id->filename, private_id->filename) == 0)
1175 return 1;
1176 for (i = 0; suffixes[i]; i++) {
1177 slen = strlen(suffixes[i]);
1178 if (len > slen && plen == len - slen &&
1179 strcmp(id->filename + (len - slen), suffixes[i]) == 0 &&
1180 memcmp(id->filename, private_id->filename, plen) == 0)
1181 return 1;
1182 }
1183 return 0;
1184}
1185
1186static int
1168sign_and_send_pubkey(Authctxt *authctxt, Identity *id) 1187sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
1169{ 1188{
1170 Buffer b; 1189 Buffer b;
@@ -1206,7 +1225,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
1206 } else { 1225 } else {
1207 buffer_put_cstring(&b, authctxt->method->name); 1226 buffer_put_cstring(&b, authctxt->method->name);
1208 buffer_put_char(&b, have_sig); 1227 buffer_put_char(&b, have_sig);
1209 buffer_put_cstring(&b, identity_sign_encode(id)); 1228 buffer_put_cstring(&b, key_sign_encode(id->key));
1210 } 1229 }
1211 buffer_put_string(&b, blob, bloblen); 1230 buffer_put_string(&b, blob, bloblen);
1212 1231
@@ -1226,6 +1245,24 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
1226 break; 1245 break;
1227 } 1246 }
1228 } 1247 }
1248 /*
1249 * Exact key matches are preferred, but also allow
1250 * filename matches for non-PKCS#11/agent keys that
1251 * didn't load public keys. This supports the case
1252 * of keeping just a private key file and public
1253 * certificate on disk.
1254 */
1255 if (!matched && !id->isprivate && id->agent_fd == -1 &&
1256 (id->key->flags & SSHKEY_FLAG_EXT) == 0) {
1257 TAILQ_FOREACH(private_id, &authctxt->keys, next) {
1258 if (private_id->key == NULL &&
1259 id_filename_matches(id, private_id)) {
1260 id = private_id;
1261 matched = 1;
1262 break;
1263 }
1264 }
1265 }
1229 if (matched) { 1266 if (matched) {
1230 debug2("%s: using private key \"%s\"%s for " 1267 debug2("%s: using private key \"%s\"%s for "
1231 "certificate", __func__, id->filename, 1268 "certificate", __func__, id->filename,
@@ -1304,7 +1341,7 @@ send_pubkey_test(Authctxt *authctxt, Identity *id)
1304 packet_put_cstring(authctxt->method->name); 1341 packet_put_cstring(authctxt->method->name);
1305 packet_put_char(have_sig); 1342 packet_put_char(have_sig);
1306 if (!(datafellows & SSH_BUG_PKAUTH)) 1343 if (!(datafellows & SSH_BUG_PKAUTH))
1307 packet_put_cstring(identity_sign_encode(id)); 1344 packet_put_cstring(key_sign_encode(id->key));
1308 packet_put_string(blob, bloblen); 1345 packet_put_string(blob, bloblen);
1309 free(blob); 1346 free(blob);
1310 packet_send(); 1347 packet_send();
@@ -1755,7 +1792,7 @@ ssh_keysign(struct sshkey *key, u_char **sigp, size_t *lenp,
1755 if ((b = sshbuf_new()) == NULL) 1792 if ((b = sshbuf_new()) == NULL)
1756 fatal("%s: sshbuf_new failed", __func__); 1793 fatal("%s: sshbuf_new failed", __func__);
1757 /* send # of sock, data to be signed */ 1794 /* send # of sock, data to be signed */
1758 if ((r = sshbuf_put_u32(b, sock) != 0) || 1795 if ((r = sshbuf_put_u32(b, sock)) != 0 ||
1759 (r = sshbuf_put_string(b, data, datalen)) != 0) 1796 (r = sshbuf_put_string(b, data, datalen)) != 0)
1760 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 1797 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1761 if (ssh_msg_send(to[1], version, b) == -1) 1798 if (ssh_msg_send(to[1], version, b) == -1)
diff --git a/sshd.0 b/sshd.0
index 089244c93..6cd5f038c 100644
--- a/sshd.0
+++ b/sshd.0
@@ -398,8 +398,8 @@ SSH_KNOWN_HOSTS FILE FORMAT
398 The /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts files contain host 398 The /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts files contain host
399 public keys for all known hosts. The global file should be prepared by 399 public keys for all known hosts. The global file should be prepared by
400 the administrator (optional), and the per-user file is maintained 400 the administrator (optional), and the per-user file is maintained
401 automatically: whenever the user connects from an unknown host, its key 401 automatically: whenever the user connects to an unknown host, its key is
402 is added to the per-user file. 402 added to the per-user file.
403 403
404 Each line in these files contains the following fields: markers 404 Each line in these files contains the following fields: markers
405 (optional), hostnames, keytype, base64-encoded key, comment. The fields 405 (optional), hostnames, keytype, base64-encoded key, comment. The fields
@@ -623,4 +623,4 @@ AUTHORS
623 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support 623 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
624 for privilege separation. 624 for privilege separation.
625 625
626OpenBSD 6.0 November 30, 2016 OpenBSD 6.0 626OpenBSD 6.0 January 30, 2017 OpenBSD 6.0
diff --git a/sshd.8 b/sshd.8
index e8f1fde8c..79a7e0807 100644
--- a/sshd.8
+++ b/sshd.8
@@ -33,8 +33,8 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: sshd.8,v 1.287 2016/11/30 02:57:40 djm Exp $ 36.\" $OpenBSD: sshd.8,v 1.288 2017/01/30 23:27:39 dtucker Exp $
37.Dd $Mdocdate: November 30 2016 $ 37.Dd $Mdocdate: January 30 2017 $
38.Dt SSHD 8 38.Dt SSHD 8
39.Os 39.Os
40.Sh NAME 40.Sh NAME
@@ -633,7 +633,7 @@ and
633files contain host public keys for all known hosts. 633files contain host public keys for all known hosts.
634The global file should 634The global file should
635be prepared by the administrator (optional), and the per-user file is 635be prepared by the administrator (optional), and the per-user file is
636maintained automatically: whenever the user connects from an unknown host, 636maintained automatically: whenever the user connects to an unknown host,
637its key is added to the per-user file. 637its key is added to the per-user file.
638.Pp 638.Pp
639Each line in these files contains the following fields: markers (optional), 639Each line in these files contains the following fields: markers (optional),
diff --git a/sshd.c b/sshd.c
index 027daa9d8..8996e0e83 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshd.c,v 1.480 2016/12/09 03:04:29 djm Exp $ */ 1/* $OpenBSD: sshd.c,v 1.485 2017/03/15 03:52:30 deraadt Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -377,15 +377,15 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out)
377{ 377{
378 u_int i; 378 u_int i;
379 int remote_major, remote_minor; 379 int remote_major, remote_minor;
380 char *s, *newline = "\n"; 380 char *s;
381 char buf[256]; /* Must not be larger than remote_version. */ 381 char buf[256]; /* Must not be larger than remote_version. */
382 char remote_version[256]; /* Must be at least as big as buf. */ 382 char remote_version[256]; /* Must be at least as big as buf. */
383 383
384 xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", 384 xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n",
385 PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, 385 PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2,
386 options.debian_banner ? SSH_RELEASE : SSH_RELEASE_MINIMUM, 386 options.debian_banner ? SSH_RELEASE : SSH_RELEASE_MINIMUM,
387 *options.version_addendum == '\0' ? "" : " ", 387 *options.version_addendum == '\0' ? "" : " ",
388 options.version_addendum, newline); 388 options.version_addendum);
389 389
390 /* Send our protocol version identification. */ 390 /* Send our protocol version identification. */
391 if (atomicio(vwrite, sock_out, server_version_string, 391 if (atomicio(vwrite, sock_out, server_version_string,
@@ -1062,6 +1062,11 @@ server_listen(void)
1062 close(listen_sock); 1062 close(listen_sock);
1063 continue; 1063 continue;
1064 } 1064 }
1065 if (fcntl(listen_sock, F_SETFD, FD_CLOEXEC) == -1) {
1066 verbose("socket: CLOEXEC: %s", strerror(errno));
1067 close(listen_sock);
1068 continue;
1069 }
1065 /* 1070 /*
1066 * Set socket options. 1071 * Set socket options.
1067 * Allow local port reuse in TIME_WAIT. 1072 * Allow local port reuse in TIME_WAIT.
@@ -1686,6 +1691,15 @@ main(int ac, char **av)
1686 continue; 1691 continue;
1687 key = key_load_private(options.host_key_files[i], "", NULL); 1692 key = key_load_private(options.host_key_files[i], "", NULL);
1688 pubkey = key_load_public(options.host_key_files[i], NULL); 1693 pubkey = key_load_public(options.host_key_files[i], NULL);
1694
1695 if ((pubkey != NULL && pubkey->type == KEY_RSA1) ||
1696 (key != NULL && key->type == KEY_RSA1)) {
1697 verbose("Ignoring RSA1 key %s",
1698 options.host_key_files[i]);
1699 key_free(key);
1700 key_free(pubkey);
1701 continue;
1702 }
1689 if (pubkey == NULL && key != NULL) 1703 if (pubkey == NULL && key != NULL)
1690 pubkey = key_demote(key); 1704 pubkey = key_demote(key);
1691 sensitive_data.host_keys[i] = key; 1705 sensitive_data.host_keys[i] = key;
@@ -2260,7 +2274,7 @@ do_ssh2_kex(void)
2260 2274
2261 if (options.rekey_limit || options.rekey_interval) 2275 if (options.rekey_limit || options.rekey_interval)
2262 packet_set_rekey_limits(options.rekey_limit, 2276 packet_set_rekey_limits(options.rekey_limit,
2263 (time_t)options.rekey_interval); 2277 options.rekey_interval);
2264 2278
2265 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( 2279 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
2266 list_hostkey_types()); 2280 list_hostkey_types());
diff --git a/sshd_config b/sshd_config
index bcf3ac178..a32dc1d46 100644
--- a/sshd_config
+++ b/sshd_config
@@ -1,4 +1,4 @@
1# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $ 1# $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $
2 2
3# This is the sshd server system-wide configuration file. See 3# This is the sshd server system-wide configuration file. See
4# sshd_config(5) for more information. 4# sshd_config(5) for more information.
@@ -94,7 +94,6 @@ PrintMotd no
94#PrintLastLog yes 94#PrintLastLog yes
95#TCPKeepAlive yes 95#TCPKeepAlive yes
96#UseLogin no 96#UseLogin no
97#UsePrivilegeSeparation sandbox
98#PermitUserEnvironment no 97#PermitUserEnvironment no
99#Compression delayed 98#Compression delayed
100#ClientAliveInterval 0 99#ClientAliveInterval 0
diff --git a/sshd_config.0 b/sshd_config.0
index 022c05226..b0160aa87 100644
--- a/sshd_config.0
+++ b/sshd_config.0
@@ -238,7 +238,9 @@ DESCRIPTION
238 Specifies the ciphers allowed. Multiple ciphers must be comma- 238 Specifies the ciphers allowed. Multiple ciphers must be comma-
239 separated. If the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, 239 separated. If the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character,
240 then the specified ciphers will be appended to the default set 240 then the specified ciphers will be appended to the default set
241 instead of replacing them. 241 instead of replacing them. If the specified value begins with a
242 M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified ciphers (including wildcards)
243 will be removed from the default set instead of replacing them.
242 244
243 The supported ciphers are: 245 The supported ciphers are:
244 246
@@ -378,7 +380,10 @@ DESCRIPTION
378 authentication as a comma-separated pattern list. Alternately if 380 authentication as a comma-separated pattern list. Alternately if
379 the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the 381 the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the
380 specified key types will be appended to the default set instead 382 specified key types will be appended to the default set instead
381 of replacing them. The default for this option is: 383 of replacing them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y
384 character, then the specified key types (including wildcards)
385 will be removed from the default set instead of replacing them.
386 The default for this option is:
382 387
383 ecdsa-sha2-nistp256-cert-v01@openssh.com, 388 ecdsa-sha2-nistp256-cert-v01@openssh.com,
384 ecdsa-sha2-nistp384-cert-v01@openssh.com, 389 ecdsa-sha2-nistp384-cert-v01@openssh.com,
@@ -503,7 +508,10 @@ DESCRIPTION
503 algorithms must be comma-separated. Alternately if the specified 508 algorithms must be comma-separated. Alternately if the specified
504 value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods 509 value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods
505 will be appended to the default set instead of replacing them. 510 will be appended to the default set instead of replacing them.
506 The supported algorithms are: 511 If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the
512 specified methods (including wildcards) will be removed from the
513 default set instead of replacing them. The supported algorithms
514 are:
507 515
508 curve25519-sha256 516 curve25519-sha256
509 curve25519-sha256@libssh.org 517 curve25519-sha256@libssh.org
@@ -555,7 +563,9 @@ DESCRIPTION
555 protection. Multiple algorithms must be comma-separated. If the 563 protection. Multiple algorithms must be comma-separated. If the
556 specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified 564 specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified
557 algorithms will be appended to the default set instead of 565 algorithms will be appended to the default set instead of
558 replacing them. 566 replacing them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y
567 character, then the specified algorithms (including wildcards)
568 will be removed from the default set instead of replacing them.
559 569
560 The algorithms that contain "-etm" calculate the MAC after 570 The algorithms that contain "-etm" calculate the MAC after
561 encryption (encrypt-then-mac). These are considered safer and 571 encryption (encrypt-then-mac). These are considered safer and
@@ -751,7 +761,10 @@ DESCRIPTION
751 authentication as a comma-separated pattern list. Alternately if 761 authentication as a comma-separated pattern list. Alternately if
752 the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the 762 the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the
753 specified key types will be appended to the default set instead 763 specified key types will be appended to the default set instead
754 of replacing them. The default for this option is: 764 of replacing them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y
765 character, then the specified key types (including wildcards)
766 will be removed from the default set instead of replacing them.
767 The default for this option is:
755 768
756 ecdsa-sha2-nistp256-cert-v01@openssh.com, 769 ecdsa-sha2-nistp256-cert-v01@openssh.com,
757 ecdsa-sha2-nistp384-cert-v01@openssh.com, 770 ecdsa-sha2-nistp384-cert-v01@openssh.com,
@@ -891,18 +904,6 @@ DESCRIPTION
891 If UsePAM is enabled, you will not be able to run sshd(8) as a 904 If UsePAM is enabled, you will not be able to run sshd(8) as a
892 non-root user. The default is no. 905 non-root user. The default is no.
893 906
894 UsePrivilegeSeparation
895 Specifies whether sshd(8) separates privileges by creating an
896 unprivileged child process to deal with incoming network traffic.
897 After successful authentication, another process will be created
898 that has the privilege of the authenticated user. The goal of
899 privilege separation is to prevent privilege escalation by
900 containing any corruption within the unprivileged processes. The
901 argument must be yes, no, or sandbox. If UsePrivilegeSeparation
902 is set to sandbox then the pre-authentication unprivileged
903 process is subject to additional restrictions. The default is
904 sandbox.
905
906 VersionAddendum 907 VersionAddendum
907 Optionally specifies additional text to append to the SSH 908 Optionally specifies additional text to append to the SSH
908 protocol banner sent by the server upon connection. The default 909 protocol banner sent by the server upon connection. The default
@@ -988,12 +989,12 @@ TOKENS
988 %t The key or certificate type. 989 %t The key or certificate type.
989 %u The username. 990 %u The username.
990 991
991 AuthorizedKeysCommand accepts the tokens %%, %f, %h, %t, and %u. 992 AuthorizedKeysCommand accepts the tokens %%, %f, %h, %k, %t, and %u.
992 993
993 AuthorizedKeysFile accepts the tokens %%, %h, and %u. 994 AuthorizedKeysFile accepts the tokens %%, %h, and %u.
994 995
995 AuthorizedPrincipalsCommand accepts the tokens %%, %F, %f, %K, %k, %h, 996 AuthorizedPrincipalsCommand accepts the tokens %%, %F, %f, %h, %i, %K,
996 %i, %s, %T, %t, and %u. 997 %k, %s, %T, %t, and %u.
997 998
998 AuthorizedPrincipalsFile accepts the tokens %%, %h, and %u. 999 AuthorizedPrincipalsFile accepts the tokens %%, %h, and %u.
999 1000
@@ -1016,4 +1017,4 @@ AUTHORS
1016 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support 1017 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
1017 for privilege separation. 1018 for privilege separation.
1018 1019
1019OpenBSD 6.0 November 30, 2016 OpenBSD 6.0 1020OpenBSD 6.0 March 14, 2017 OpenBSD 6.0
diff --git a/sshd_config.5 b/sshd_config.5
index 8f8fbb66d..0747cc8b5 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: sshd_config.5,v 1.239 2016/11/30 03:00:05 djm Exp $ 36.\" $OpenBSD: sshd_config.5,v 1.243 2017/03/14 07:19:07 djm Exp $
37.Dd $Mdocdate: November 30 2016 $ 37.Dd $Mdocdate: March 14 2017 $
38.Dt SSHD_CONFIG 5 38.Dt SSHD_CONFIG 5
39.Os 39.Os
40.Sh NAME 40.Sh NAME
@@ -458,6 +458,10 @@ If the specified value begins with a
458.Sq + 458.Sq +
459character, then the specified ciphers will be appended to the default set 459character, then the specified ciphers will be appended to the default set
460instead of replacing them. 460instead of replacing them.
461If the specified value begins with a
462.Sq -
463character, then the specified ciphers (including wildcards) will be removed
464from the default set instead of replacing them.
461.Pp 465.Pp
462The supported ciphers are: 466The supported ciphers are:
463.Pp 467.Pp
@@ -685,6 +689,10 @@ Alternately if the specified value begins with a
685.Sq + 689.Sq +
686character, then the specified key types will be appended to the default set 690character, then the specified key types will be appended to the default set
687instead of replacing them. 691instead of replacing them.
692If the specified value begins with a
693.Sq -
694character, then the specified key types (including wildcards) will be removed
695from the default set instead of replacing them.
688The default for this option is: 696The default for this option is:
689.Bd -literal -offset 3n 697.Bd -literal -offset 3n
690ecdsa-sha2-nistp256-cert-v01@openssh.com, 698ecdsa-sha2-nistp256-cert-v01@openssh.com,
@@ -878,6 +886,10 @@ Alternately if the specified value begins with a
878.Sq + 886.Sq +
879character, then the specified methods will be appended to the default set 887character, then the specified methods will be appended to the default set
880instead of replacing them. 888instead of replacing them.
889If the specified value begins with a
890.Sq -
891character, then the specified methods (including wildcards) will be removed
892from the default set instead of replacing them.
881The supported algorithms are: 893The supported algorithms are:
882.Pp 894.Pp
883.Bl -item -compact -offset indent 895.Bl -item -compact -offset indent
@@ -968,6 +980,10 @@ If the specified value begins with a
968.Sq + 980.Sq +
969character, then the specified algorithms will be appended to the default set 981character, then the specified algorithms will be appended to the default set
970instead of replacing them. 982instead of replacing them.
983If the specified value begins with a
984.Sq -
985character, then the specified algorithms (including wildcards) will be removed
986from the default set instead of replacing them.
971.Pp 987.Pp
972The algorithms that contain 988The algorithms that contain
973.Qq -etm 989.Qq -etm
@@ -1315,6 +1331,10 @@ Alternately if the specified value begins with a
1315.Sq + 1331.Sq +
1316character, then the specified key types will be appended to the default set 1332character, then the specified key types will be appended to the default set
1317instead of replacing them. 1333instead of replacing them.
1334If the specified value begins with a
1335.Sq -
1336character, then the specified key types (including wildcards) will be removed
1337from the default set instead of replacing them.
1318The default for this option is: 1338The default for this option is:
1319.Bd -literal -offset 3n 1339.Bd -literal -offset 3n
1320ecdsa-sha2-nistp256-cert-v01@openssh.com, 1340ecdsa-sha2-nistp256-cert-v01@openssh.com,
@@ -1512,28 +1532,6 @@ is enabled, you will not be able to run
1512as a non-root user. 1532as a non-root user.
1513The default is 1533The default is
1514.Cm no . 1534.Cm no .
1515.It Cm UsePrivilegeSeparation
1516Specifies whether
1517.Xr sshd 8
1518separates privileges by creating an unprivileged child process
1519to deal with incoming network traffic.
1520After successful authentication, another process will be created that has
1521the privilege of the authenticated user.
1522The goal of privilege separation is to prevent privilege
1523escalation by containing any corruption within the unprivileged processes.
1524The argument must be
1525.Cm yes ,
1526.Cm no ,
1527or
1528.Cm sandbox .
1529If
1530.Cm UsePrivilegeSeparation
1531is set to
1532.Cm sandbox
1533then the pre-authentication unprivileged process is subject to additional
1534restrictions.
1535The default is
1536.Cm sandbox .
1537.It Cm VersionAddendum 1535.It Cm VersionAddendum
1538Optionally specifies additional text to append to the SSH protocol banner 1536Optionally specifies additional text to append to the SSH protocol banner
1539sent by the server upon connection. 1537sent by the server upon connection.
@@ -1682,13 +1680,13 @@ The username.
1682.El 1680.El
1683.Pp 1681.Pp
1684.Cm AuthorizedKeysCommand 1682.Cm AuthorizedKeysCommand
1685accepts the tokens %%, %f, %h, %t, and %u. 1683accepts the tokens %%, %f, %h, %k, %t, and %u.
1686.Pp 1684.Pp
1687.Cm AuthorizedKeysFile 1685.Cm AuthorizedKeysFile
1688accepts the tokens %%, %h, and %u. 1686accepts the tokens %%, %h, and %u.
1689.Pp 1687.Pp
1690.Cm AuthorizedPrincipalsCommand 1688.Cm AuthorizedPrincipalsCommand
1691accepts the tokens %%, %F, %f, %K, %k, %h, %i, %s, %T, %t, and %u. 1689accepts the tokens %%, %F, %f, %h, %i, %K, %k, %s, %T, %t, and %u.
1692.Pp 1690.Pp
1693.Cm AuthorizedPrincipalsFile 1691.Cm AuthorizedPrincipalsFile
1694accepts the tokens %%, %h, and %u. 1692accepts the tokens %%, %h, and %u.
diff --git a/sshkey.c b/sshkey.c
index 377d72fa9..540019898 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshkey.c,v 1.41 2016/10/24 01:09:17 dtucker Exp $ */ 1/* $OpenBSD: sshkey.c,v 1.45 2017/03/10 04:07:20 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
4 * Copyright (c) 2008 Alexander von Gernler. All rights reserved. 4 * Copyright (c) 2008 Alexander von Gernler. All rights reserved.
@@ -89,7 +89,9 @@ static const struct keytype keytypes[] = {
89 { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT", 89 { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT",
90 KEY_ED25519_CERT, 0, 1, 0 }, 90 KEY_ED25519_CERT, 0, 1, 0 },
91#ifdef WITH_OPENSSL 91#ifdef WITH_OPENSSL
92# ifdef WITH_SSH1
92 { NULL, "RSA1", KEY_RSA1, 0, 0, 0 }, 93 { NULL, "RSA1", KEY_RSA1, 0, 0, 0 },
94# endif
93 { "ssh-rsa", "RSA", KEY_RSA, 0, 0, 0 }, 95 { "ssh-rsa", "RSA", KEY_RSA, 0, 0, 0 },
94 { "rsa-sha2-256", "RSA", KEY_RSA, 0, 0, 1 }, 96 { "rsa-sha2-256", "RSA", KEY_RSA, 0, 0, 1 },
95 { "rsa-sha2-512", "RSA", KEY_RSA, 0, 0, 1 }, 97 { "rsa-sha2-512", "RSA", KEY_RSA, 0, 0, 1 },
@@ -196,14 +198,16 @@ sshkey_ecdsa_nid_from_name(const char *name)
196} 198}
197 199
198char * 200char *
199sshkey_alg_list(int certs_only, int plain_only, char sep) 201sshkey_alg_list(int certs_only, int plain_only, int include_sigonly, char sep)
200{ 202{
201 char *tmp, *ret = NULL; 203 char *tmp, *ret = NULL;
202 size_t nlen, rlen = 0; 204 size_t nlen, rlen = 0;
203 const struct keytype *kt; 205 const struct keytype *kt;
204 206
205 for (kt = keytypes; kt->type != -1; kt++) { 207 for (kt = keytypes; kt->type != -1; kt++) {
206 if (kt->name == NULL || kt->sigonly || kt->type == KEY_NULL) 208 if (kt->name == NULL || kt->type == KEY_NULL)
209 continue;
210 if (!include_sigonly && kt->sigonly)
207 continue; 211 continue;
208 if ((certs_only && !kt->cert) || (plain_only && kt->cert)) 212 if ((certs_only && !kt->cert) || (plain_only && kt->cert))
209 continue; 213 continue;
@@ -1238,6 +1242,9 @@ sshkey_read(struct sshkey *ret, char **cpp)
1238 u_long bits; 1242 u_long bits;
1239#endif /* WITH_SSH1 */ 1243#endif /* WITH_SSH1 */
1240 1244
1245 if (ret == NULL)
1246 return SSH_ERR_INVALID_ARGUMENT;
1247
1241 cp = *cpp; 1248 cp = *cpp;
1242 1249
1243 switch (ret->type) { 1250 switch (ret->type) {
@@ -3787,7 +3794,46 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type,
3787 3794
3788 if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL, 3795 if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL,
3789 (char *)passphrase)) == NULL) { 3796 (char *)passphrase)) == NULL) {
3790 r = SSH_ERR_KEY_WRONG_PASSPHRASE; 3797 unsigned long pem_err = ERR_peek_last_error();
3798 int pem_reason = ERR_GET_REASON(pem_err);
3799
3800 /*
3801 * Translate OpenSSL error codes to determine whether
3802 * passphrase is required/incorrect.
3803 */
3804 switch (ERR_GET_LIB(pem_err)) {
3805 case ERR_LIB_PEM:
3806 switch (pem_reason) {
3807 case PEM_R_BAD_PASSWORD_READ:
3808 case PEM_R_PROBLEMS_GETTING_PASSWORD:
3809 case PEM_R_BAD_DECRYPT:
3810 r = SSH_ERR_KEY_WRONG_PASSPHRASE;
3811 goto out;
3812 default:
3813 r = SSH_ERR_INVALID_FORMAT;
3814 goto out;
3815 }
3816 case ERR_LIB_EVP:
3817 switch (pem_reason) {
3818 case EVP_R_BAD_DECRYPT:
3819 r = SSH_ERR_KEY_WRONG_PASSPHRASE;
3820 goto out;
3821 case EVP_R_BN_DECODE_ERROR:
3822 case EVP_R_DECODE_ERROR:
3823#ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR
3824 case EVP_R_PRIVATE_KEY_DECODE_ERROR:
3825#endif
3826 r = SSH_ERR_INVALID_FORMAT;
3827 goto out;
3828 default:
3829 r = SSH_ERR_LIBCRYPTO_ERROR;
3830 goto out;
3831 }
3832 case ERR_LIB_ASN1:
3833 r = SSH_ERR_INVALID_FORMAT;
3834 goto out;
3835 }
3836 r = SSH_ERR_LIBCRYPTO_ERROR;
3791 goto out; 3837 goto out;
3792 } 3838 }
3793 if (pk->type == EVP_PKEY_RSA && 3839 if (pk->type == EVP_PKEY_RSA &&
@@ -3861,6 +3907,8 @@ int
3861sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, 3907sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type,
3862 const char *passphrase, struct sshkey **keyp, char **commentp) 3908 const char *passphrase, struct sshkey **keyp, char **commentp)
3863{ 3909{
3910 int r = SSH_ERR_INTERNAL_ERROR;
3911
3864 if (keyp != NULL) 3912 if (keyp != NULL)
3865 *keyp = NULL; 3913 *keyp = NULL;
3866 if (commentp != NULL) 3914 if (commentp != NULL)
@@ -3883,9 +3931,11 @@ sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type,
3883 return sshkey_parse_private2(blob, type, passphrase, 3931 return sshkey_parse_private2(blob, type, passphrase,
3884 keyp, commentp); 3932 keyp, commentp);
3885 case KEY_UNSPEC: 3933 case KEY_UNSPEC:
3886 if (sshkey_parse_private2(blob, type, passphrase, keyp, 3934 r = sshkey_parse_private2(blob, type, passphrase, keyp,
3887 commentp) == 0) 3935 commentp);
3888 return 0; 3936 /* Do not fallback to PEM parser if only passphrase is wrong. */
3937 if (r == 0 || r == SSH_ERR_KEY_WRONG_PASSPHRASE)
3938 return r;
3889#ifdef WITH_OPENSSL 3939#ifdef WITH_OPENSSL
3890 return sshkey_parse_private_pem_fileblob(blob, type, 3940 return sshkey_parse_private_pem_fileblob(blob, type,
3891 passphrase, keyp); 3941 passphrase, keyp);
diff --git a/sshkey.h b/sshkey.h
index 7eb2a1392..f91e4a081 100644
--- a/sshkey.h
+++ b/sshkey.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshkey.h,v 1.14 2016/09/12 23:31:27 djm Exp $ */ 1/* $OpenBSD: sshkey.h,v 1.15 2017/03/10 04:07:20 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -157,7 +157,7 @@ int sshkey_ec_validate_private(const EC_KEY *);
157const char *sshkey_ssh_name(const struct sshkey *); 157const char *sshkey_ssh_name(const struct sshkey *);
158const char *sshkey_ssh_name_plain(const struct sshkey *); 158const char *sshkey_ssh_name_plain(const struct sshkey *);
159int sshkey_names_valid2(const char *, int); 159int sshkey_names_valid2(const char *, int);
160char *sshkey_alg_list(int, int, char); 160char *sshkey_alg_list(int, int, int, char);
161 161
162int sshkey_from_blob(const u_char *, size_t, struct sshkey **); 162int sshkey_from_blob(const u_char *, size_t, struct sshkey **);
163int sshkey_fromb(struct sshbuf *, struct sshkey **); 163int sshkey_fromb(struct sshbuf *, struct sshkey **);
diff --git a/utf8.c b/utf8.c
index 87fa9e89a..dead79b8a 100644
--- a/utf8.c
+++ b/utf8.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: utf8.c,v 1.3 2016/05/30 12:57:21 schwarze Exp $ */ 1/* $OpenBSD: utf8.c,v 1.5 2017/02/19 00:10:57 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org> 3 * Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
4 * 4 *
@@ -60,7 +60,8 @@ dangerous_locale(void) {
60 char *loc; 60 char *loc;
61 61
62 loc = nl_langinfo(CODESET); 62 loc = nl_langinfo(CODESET);
63 return strcmp(loc, "US-ASCII") && strcmp(loc, "UTF-8"); 63 return strcmp(loc, "US-ASCII") != 0 && strcmp(loc, "UTF-8") != 0 &&
64 strcmp(loc, "ANSI_X3.4-1968") != 0 && strcmp(loc, "646") != 0;
64} 65}
65 66
66static int 67static int
@@ -116,6 +117,7 @@ vasnmprintf(char **str, size_t maxsz, int *wp, const char *fmt, va_list ap)
116 sz = strlen(src) + 1; 117 sz = strlen(src) + 1;
117 if ((dst = malloc(sz)) == NULL) { 118 if ((dst = malloc(sz)) == NULL) {
118 free(src); 119 free(src);
120 ret = -1;
119 goto fail; 121 goto fail;
120 } 122 }
121 123
diff --git a/version.h b/version.h
index 850a2f7d0..f4d8b13ab 100644
--- a/version.h
+++ b/version.h
@@ -1,6 +1,6 @@
1/* $OpenBSD: version.h,v 1.78 2016/12/19 04:55:51 djm Exp $ */ 1/* $OpenBSD: version.h,v 1.79 2017/03/20 01:18:59 djm Exp $ */
2 2
3#define SSH_VERSION "OpenSSH_7.4" 3#define SSH_VERSION "OpenSSH_7.5"
4 4
5#define SSH_PORTABLE "p1" 5#define SSH_PORTABLE "p1"
6#define SSH_RELEASE_MINIMUM SSH_VERSION SSH_PORTABLE 6#define SSH_RELEASE_MINIMUM SSH_VERSION SSH_PORTABLE
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 16:31:23 +0000