summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-10-09Mention ssh-keygen in ssh fingerprint changed warningScott Moser
Author: Chris Lamb <lamby@debian.org> Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1843 Bug-Ubuntu: https://bugs.launchpad.net/bugs/686607 Last-Update: 2017-08-22 Patch-Name: mention-ssh-keygen-on-keychange.patch
2019-10-09Force use of DNSSEC even if "options edns0" isn't in resolv.confColin Watson
This allows SSHFP DNS records to be verified if glibc 2.11 is installed. Origin: vendor, https://cvs.fedoraproject.org/viewvc/F-12/openssh/openssh-5.2p1-edns.patch?revision=1.1&view=markup Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572049 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572049 Last-Update: 2010-04-06 Patch-Name: dnssec-sshfp.patch
2019-10-09Look for $SHELL on the path for ProxyCommand/LocalCommandColin Watson
There's some debate on the upstream bug about whether POSIX requires this. I (Colin Watson) agree with Vincent and think it does. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1494 Bug-Debian: http://bugs.debian.org/492728 Last-Update: 2013-09-14 Patch-Name: shell-path.patch
2019-10-09Adjust scp quoting in verbose modeNicolas Valcárcel
Tweak scp's reporting of filenames in verbose mode to be a bit less confusing with spaces. This should be revised to mimic real shell quoting. Bug-Ubuntu: https://bugs.launchpad.net/bugs/89945 Last-Update: 2010-02-27 Patch-Name: scp-quoting.patch
2019-10-09Allow harmless group-writabilityColin Watson
Allow secure files (~/.ssh/config, ~/.ssh/authorized_keys, etc.) to be group-writable, provided that the group in question contains only the file's owner. Rejected upstream for IMO incorrect reasons (e.g. a misunderstanding about the contents of gr->gr_mem). Given that per-user groups and umask 002 are the default setup in Debian (for good reasons - this makes operating in setgid directories with other groups much easier), we need to permit this by default. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347 Last-Update: 2019-10-09 Patch-Name: user-group-modes.patch
2019-10-09"LogLevel SILENT" compatibilityNatalie Amery
"LogLevel SILENT" (-qq) was introduced in Debian openssh 1:3.0.1p1-1 to match the behaviour of non-free SSH, in which -q does not suppress fatal errors. However, this was unintentionally broken in 1:4.6p1-2 and nobody complained, so we've dropped most of it. The parts that remain are basic configuration file compatibility, and an adjustment to "Pseudo-terminal will not be allocated ..." which should be split out into a separate patch. Author: Matthew Vernon <matthew@debian.org> Author: Colin Watson <cjwatson@debian.org> Last-Update: 2013-09-14 Patch-Name: syslog-level-silent.patch
2019-10-09Various keepalive extensionsRichard Kettlewell
Add compatibility aliases for ProtocolKeepAlives and SetupTimeOut, supported in previous versions of Debian's OpenSSH package but since superseded by ServerAliveInterval. (We're probably stuck with this bit for compatibility.) In batch mode, default ServerAliveInterval to five minutes. Adjust documentation to match and to give some more advice on use of keepalives. Author: Ian Jackson <ian@chiark.greenend.org.uk> Author: Matthew Vernon <matthew@debian.org> Author: Colin Watson <cjwatson@debian.org> Last-Update: 2018-10-19 Patch-Name: keepalive-extensions.patch
2019-10-09Accept obsolete ssh-vulnkey configuration optionsColin Watson
These options were used as part of Debian's response to CVE-2008-0166. Nearly six years later, we no longer need to continue carrying the bulk of that patch, but we do need to avoid failing when the associated configuration options are still present. Last-Update: 2014-02-09 Patch-Name: ssh-vulnkey-compat.patch
2019-10-09Handle SELinux authorisation rolesManoj Srivastava
Rejected upstream due to discomfort with magic usernames; a better approach will need an SSH protocol change. In the meantime, this came from Debian's SELinux maintainer, so we'll keep it until we have something better. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641 Bug-Debian: http://bugs.debian.org/394795 Last-Update: 2019-06-05 Patch-Name: selinux-role.patch
2019-10-09Restore TCP wrappers supportColin Watson
Support for TCP wrappers was dropped in OpenSSH 6.7. See this message and thread: https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032497.html It is true that this reduces preauth attack surface in sshd. On the other hand, this support seems to be quite widely used, and abruptly dropping it (from the perspective of users who don't read openssh-unix-dev) could easily cause more serious problems in practice. It's not entirely clear what the right long-term answer for Debian is, but it at least probably doesn't involve dropping this feature shortly before a freeze. Forwarded: not-needed Last-Update: 2019-06-05 Patch-Name: restore-tcp-wrappers.patch
2019-10-09GSSAPI key exchange supportSimon Wilkinson
This patch has been rejected upstream: "None of the OpenSSH developers are in favour of adding this, and this situation has not changed for several years. This is not a slight on Simon's patch, which is of fine quality, but just that a) we don't trust GSSAPI implementations that much and b) we don't like adding new KEX since they are pre-auth attack surface. This one is particularly scary, since it requires hooks out to typically root-owned system resources." However, quite a lot of people rely on this in Debian, and it's better to have it merged into the main openssh package rather than having separate -krb5 packages (as we used to have). It seems to have a generally good security history. Origin: other, https://github.com/openssh-gsskex/openssh-gsskex/commits/debian/master Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242 Last-Updated: 2019-10-09 Patch-Name: gssapi.patch
2019-10-09Import openssh_8.1p1.orig.tar.gzColin Watson
2019-10-09prepare for 8.1 releaseDamien Miller
2019-10-09upstream: openssh-8.1djm@openbsd.org
OpenBSD-Commit-ID: 3356bb34e2aa287f0e6d6773c9ae659dc680147d
2019-10-09upstream: fix an unreachable integer overflow similar to the XMSSdjm@openbsd.org
case, and some other NULL dereferences found by fuzzing. fix with and ok markus@ OpenBSD-Commit-ID: 0f81adbb95ef887ce586953e1cb225fa45c7a47b
2019-10-09upstream: fix integer overflow in XMSS private key parsing.djm@openbsd.org
Reported by Adam Zabrocki via SecuriTeam's SSH program. Note that this code is experimental and not compiled by default. ok markus@ OpenBSD-Commit-ID: cd0361896d15e8a1bac495ac583ff065ffca2be1
2019-10-09upstream: Correct type for end-of-list sentinel; fixes initializerdtucker@openbsd.org
warnings on some platforms. ok deraadt. OpenBSD-Commit-ID: a990dbc2dac25bdfa07e79321349c73fd991efa2
2019-10-09upstream: reversed test yielded incorrect debug messagedjm@openbsd.org
OpenBSD-Commit-ID: 78bb512d04cfc238adb2c5b7504ac93eecf523b3
2019-10-09dependDamien Miller
2019-10-09Make MAKE_CLONE no-op macro more correct.Darren Tucker
Similar to the previous change to DEF_WEAK, some compilers don't like the empty statement, so convert into a no-op function prototype.
2019-10-09wrap stdint.h include in HAVE_STDINT_HDamien Miller
make the indenting a little more consistent too.. Fixes Solaris 2.6; reported by Tom G. Christensen
2019-10-08avoid "return (value)" in void-declared functionDamien Miller
spotted by Tim Rice; ok dtucker
2019-10-08Make DEF_WEAK more likely to be correct.Darren Tucker
Completely nop-ing out DEF_WEAK leaves an empty statemment which some compilers don't like. Replace with a no-op function template. ok djm@
2019-10-07upstream: Instead of running sed over the whole log to remove CRs,dtucker@openbsd.org
remove them only where it's needed (and confuses test(1) on at least OS X in portable). OpenBSD-Regress-ID: a6ab9b4bd1d33770feaf01b2dfb96f9e4189d2d0
2019-10-05Enable specific ioctl call for EP11 crypto card (s390)Eduardo Barretto
The EP11 crypto card needs to make an ioctl call, which receives an specific argument. This crypto card is for s390 only. Signed-off-by: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
2019-10-04upstream: fix memory leak in error path; bz#3074 patch fromdjm@openbsd.org
krishnaiah.bommu@intel.com, ok dtucker OpenBSD-Commit-ID: d031853f3ecf47b35a0669588f4d9d8e3b307b3c
2019-10-04upstream: spacedjm@openbsd.org
OpenBSD-Commit-ID: 350648bcf00a2454e7ef998b7d88e42552b348ac
2019-10-04upstream: more sshsig regress tests: check key revocation, thedjm@openbsd.org
check-novalidate signature test mode and signing keys in ssh-agent. From Sebastian Kinne (slightly tweaked) OpenBSD-Regress-ID: b39566f5cec70140674658cdcedf38752a52e2e2
2019-10-04upstream: Check for gmtime failure in moduli generation. Based ondtucker@openbsd.org
patch from krishnaiah.bommu@intel.com, ok djm@ OpenBSD-Commit-ID: 4c6a4cde0022188ac83737de08da0e875704eeaa
2019-10-04upstream: use a more common options order in SYNOPSIS and syncjmc@openbsd.org
usage(); while here, no need for Bk/Ek; ok dtucker OpenBSD-Commit-ID: 38715c3f10b166f599a2283eb7bc14860211bb90
2019-10-02upstream: thinko in previous; spotted by Mantasdjm@openbsd.org
=?UTF-8?q?=20Mikul=C4=97nas?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenBSD-Commit-ID: ffa3f5a45e09752fc47d9041e2203ee2ec15b24d
2019-10-02upstream: make signature format match PROTOCOdjm@openbsd.org
=?UTF-8?q?=20as=20a=20string,=20not=20raw=20bytes.=20Spotted=20by=20Manta?= =?UTF-8?q?s=20Mikul=C4=97nas?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenBSD-Commit-ID: 80fcc6d52893f80c6de2bedd65353cebfebcfa8f
2019-10-02upstream: ban empty namespace strings for sdjm@openbsd.org
=?UTF-8?q?shsig;=20spotted=20by=20Mantas=20Mikul=C4=97nas?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenBSD-Commit-ID: 7c5bcf40bed8f4e826230176f4aa353c52aeb698
2019-10-02Put ssherr.h back as it's actually needed.Darren Tucker
2019-10-02Deny (non-fatal) shmget/shmat/shmdt in preauth privsep child.Lonnie Abelbeck
New wait_random_seeded() function on OpenSSL 1.1.1d uses shmget, shmat, and shmdt in the preauth codepath, deny (non-fatal) in seccomp_filter sandbox.
2019-10-02remove duplicate #includesDamien Miller
Prompted by Jakub Jelen
2019-10-02typo in commentDamien Miller
2019-10-02upstream: remove some duplicate #includesdjm@openbsd.org
OpenBSD-Commit-ID: ed6827ab921eff8027669848ef4f70dc1da4098c
2019-10-01upstream: revert unconditional forced login implemented in r1.41 ofdjm@openbsd.org
ssh-pkcs11.c; r1.45 added a forced login as a fallback for cases where the token returns no objects and this is less disruptive for users of tokens directly in ssh (rather than via ssh-agent) and in ssh-keygen bz3006, patch from Jakub Jelen; ok markus OpenBSD-Commit-ID: 33d6df589b072094384631ff93b1030103b3d02e
2019-10-01upstream: group and sort single letter options; ok deraadtjmc@openbsd.org
OpenBSD-Commit-ID: e1480e760a2b582f79696cdcff70098e23fc603f
2019-10-01upstream: fix the DH-GEX text in -a; because this required a comma,jmc@openbsd.org
i added a comma to the first part, for balance... OpenBSD-Commit-ID: 2c3464e9e82a41e8cdfe8f0a16d94266e43dbb58
2019-10-01upstream: identity_file[] should be PATH_MAX, not the arbitraryderaadt@openbsd.org
number 1024 OpenBSD-Commit-ID: e775f94ad47ce9ab37bd1410d7cf3b7ea98b11b7
2019-10-01upstream: new sentence, new line;jmc@openbsd.org
OpenBSD-Commit-ID: c35ca5ec07be460e95e7406af12eee04a77b6698
2019-09-30Include stdio.h for snprintf.Darren Tucker
Patch from vapier@gentoo.org.
2019-09-30Add SKIP_LTESTS for skipping specific tests.Darren Tucker
2019-09-27upstream: Test for empty result in expected bits. Remove CRs from logdtucker@openbsd.org
as they confuse tools on some platforms. Re-enable the 3des-cbc test. OpenBSD-Regress-ID: edf536d4f29fc1ba412889b37247a47f1b49d250
2019-09-27Re-enable dhgex test.Darren Tucker
Since we've added larger fallback groups to dh.c this test will pass even if there is no moduli file installed on the system.
2019-09-24Add more ToS bits, currently only used by netcat.Darren Tucker
2019-09-19Privsep is now required.Darren Tucker
2019-09-16upstream: Allow testing signature syntax and validity without verifyingdjm@openbsd.org
that a signature came from a trusted signer. To discourage accidental or unintentional use, this is invoked by the deliberately ugly option name "check-novalidate" from Sebastian Kinne OpenBSD-Commit-ID: cea42c36ab7d6b70890e2d8635c1b5b943adcc0b