summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-03-21Quieten logs when multiple from= restrictions are usedColin Watson
Bug-Debian: http://bugs.debian.org/630606 Forwarded: no Last-Update: 2013-09-14 Patch-Name: auth-log-verbosity.patch
2016-03-21Force use of DNSSEC even if "options edns0" isn't in resolv.confColin Watson
This allows SSHFP DNS records to be verified if glibc 2.11 is installed. Origin: vendor, https://cvs.fedoraproject.org/viewvc/F-12/openssh/openssh-5.2p1-edns.patch?revision=1.1&view=markup Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572049 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572049 Last-Update: 2010-04-06 Patch-Name: dnssec-sshfp.patch
2016-03-21Look for $SHELL on the path for ProxyCommand/LocalCommandColin Watson
There's some debate on the upstream bug about whether POSIX requires this. I (Colin Watson) agree with Vincent and think it does. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1494 Bug-Debian: http://bugs.debian.org/492728 Last-Update: 2013-09-14 Patch-Name: shell-path.patch
2016-03-21Adjust scp quoting in verbose modeNicolas Valcárcel
Tweak scp's reporting of filenames in verbose mode to be a bit less confusing with spaces. This should be revised to mimic real shell quoting. Bug-Ubuntu: https://bugs.launchpad.net/bugs/89945 Last-Update: 2010-02-27 Patch-Name: scp-quoting.patch
2016-03-21Allow harmless group-writabilityColin Watson
Allow secure files (~/.ssh/config, ~/.ssh/authorized_keys, etc.) to be group-writable, provided that the group in question contains only the file's owner. Rejected upstream for IMO incorrect reasons (e.g. a misunderstanding about the contents of gr->gr_mem). Given that per-user groups and umask 002 are the default setup in Debian (for good reasons - this makes operating in setgid directories with other groups much easier), we need to permit this by default. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347 Last-Update: 2013-09-14 Patch-Name: user-group-modes.patch
2016-03-21Mention ~& when waiting for forwarded connections to terminateMatthew Vernon
Bug-Debian: http://bugs.debian.org/50308 Last-Update: 2010-02-27 Patch-Name: helpful-wait-terminate.patch
2016-03-21Reduce severity of "Killed by signal %d"Peter Samuelson
This produces irritating messages when using ProxyCommand or other programs that use ssh under the covers (e.g. Subversion). These messages are more normally printed by the calling program, such as the shell. According to the upstream bug, the right way to avoid this is to use the -q option, so we may drop this patch after further investigation into whether any software in Debian is still relying on it. Author: Colin Watson <cjwatson@debian.org> Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1118 Bug-Debian: http://bugs.debian.org/313371 Last-Update: 2013-09-14 Patch-Name: quieter-signals.patch
2016-03-21"LogLevel SILENT" compatibilityJonathan David Amery
"LogLevel SILENT" (-qq) was introduced in Debian openssh 1:3.0.1p1-1 to match the behaviour of non-free SSH, in which -q does not suppress fatal errors. However, this was unintentionally broken in 1:4.6p1-2 and nobody complained, so we've dropped most of it. The parts that remain are basic configuration file compatibility, and an adjustment to "Pseudo-terminal will not be allocated ..." which should be split out into a separate patch. Author: Matthew Vernon <matthew@debian.org> Author: Colin Watson <cjwatson@debian.org> Last-Update: 2013-09-14 Patch-Name: syslog-level-silent.patch
2016-03-21Various keepalive extensionsRichard Kettlewell
Add compatibility aliases for ProtocolKeepAlives and SetupTimeOut, supported in previous versions of Debian's OpenSSH package but since superseded by ServerAliveInterval. (We're probably stuck with this bit for compatibility.) In batch mode, default ServerAliveInterval to five minutes. Adjust documentation to match and to give some more advice on use of keepalives. Author: Ian Jackson <ian@chiark.greenend.org.uk> Author: Matthew Vernon <matthew@debian.org> Author: Colin Watson <cjwatson@debian.org> Last-Update: 2015-11-29 Patch-Name: keepalive-extensions.patch
2016-03-21Accept obsolete ssh-vulnkey configuration optionsColin Watson
These options were used as part of Debian's response to CVE-2008-0166. Nearly six years later, we no longer need to continue carrying the bulk of that patch, but we do need to avoid failing when the associated configuration options are still present. Last-Update: 2014-02-09 Patch-Name: ssh-vulnkey-compat.patch
2016-03-21Handle SELinux authorisation rolesManoj Srivastava
Rejected upstream due to discomfort with magic usernames; a better approach will need an SSH protocol change. In the meantime, this came from Debian's SELinux maintainer, so we'll keep it until we have something better. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641 Bug-Debian: http://bugs.debian.org/394795 Last-Update: 2015-08-19 Patch-Name: selinux-role.patch
2016-03-21Restore TCP wrappers supportColin Watson
Support for TCP wrappers was dropped in OpenSSH 6.7. See this message and thread: https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032497.html It is true that this reduces preauth attack surface in sshd. On the other hand, this support seems to be quite widely used, and abruptly dropping it (from the perspective of users who don't read openssh-unix-dev) could easily cause more serious problems in practice. It's not entirely clear what the right long-term answer for Debian is, but it at least probably doesn't involve dropping this feature shortly before a freeze. Forwarded: not-needed Last-Update: 2014-10-07 Patch-Name: restore-tcp-wrappers.patch
2016-03-21GSSAPI key exchange supportSimon Wilkinson
This patch has been rejected upstream: "None of the OpenSSH developers are in favour of adding this, and this situation has not changed for several years. This is not a slight on Simon's patch, which is of fine quality, but just that a) we don't trust GSSAPI implementations that much and b) we don't like adding new KEX since they are pre-auth attack surface. This one is particularly scary, since it requires hooks out to typically root-owned system resources." However, quite a lot of people rely on this in Debian, and it's better to have it merged into the main openssh package rather than having separate -krb5 packages (as we used to have). It seems to have a generally good security history. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242 Last-Updated: 2016-03-21 Patch-Name: gssapi.patch
2016-03-10Import openssh_7.2p2.orig.tar.gzColin Watson
2016-03-10update versions for releaseDamien Miller
2016-03-10sanitise characters destined for xauth(1)Damien Miller
reported by github.com/tintinweb
2016-02-29Import openssh_7.2p1.orig.tar.gzColin Watson
2016-02-26Add a note about using xlc on AIX.Darren Tucker
2016-02-24Skip PrintLastLog in config dump mode.Darren Tucker
When DISABLE_LASTLOG is set, do not try to include PrintLastLog in the config dump since it'll be reported as UNKNOWN.
2016-02-23update spec/README versions ahead of releaseDamien Miller
2016-02-23put back portable patchlevel to p1Damien Miller
2016-02-23upstream commitdjm@openbsd.org
openssh-7.2 Upstream-ID: 9db776b26014147fc907ece8460ef2bcb0f11e78
2016-02-23Disable tests where fs perms are incorrectDamien Miller
Some tests have strict requirements on the filesystem permissions for certain files and directories. This adds a regress/check-perm tool that copies the relevant logic from sshd to exactly test the paths in question. This lets us skip tests when the local filesystem doesn't conform to our expectations rather than continuing and failing the test run. ok dtucker@
2016-02-23fix sandbox on OSX LionDamien Miller
sshd was failing with: ssh_sandbox_child: sandbox_init: dlopen(/usr/lib/libsandbox.1.dylib, 261):cw image not found [preauth] caused by chroot before sandboxing. Avoid by explicitly linking libsandbox to sshd. Spotted by Darren.
2016-02-23upstream commitdjm@openbsd.org
fix spurious error message when incorrect passphrase entered for keys; reported by espie@ ok deraadt@ Upstream-ID: 58b2e46e63ed6912ed1ee780bd3bd8560f9a5899
2016-02-23upstream commitsobrado@openbsd.org
set ssh(1) protocol version to 2 only. ok djm@ Upstream-ID: e168daf9d27d7e392e3c9923826bd8e87b2b3a10
2016-02-23upstream commitsobrado@openbsd.org
add missing ~/.ssh/id_ecdsa and ~/.ssh/id_ed25519 to IdentityFile. ok djm@ Upstream-ID: 6ce99466312e4ae7708017c3665e3edb976f70cf
2016-02-23upstream commitsobrado@openbsd.org
AddressFamily defaults to any. ok djm@ Upstream-ID: 0d94aa06a4b889bf57a7f631c45ba36d24c13e0c
2016-02-19Make Solaris privs code build on older systems.Darren Tucker
Not all systems with Solaris privs have priv_basicset so factor that out and provide backward compatibility code. Similarly, not all have PRIV_NET_ACCESS so wrap that in #ifdef. Based on code from alex at cooperi.net and djm@ with help from carson at taltos.org and wieland at purdue.edu.
2016-02-18upstream commitdjm@openbsd.org
rekey refactor broke SSH1; spotted by Tom G. Christensen Upstream-ID: 43f0d57928cc077c949af0bfa71ef574dcb58243
2016-02-18upstream commitdjm@openbsd.org
rsa-sha2-512,rsa-sha2-256 cannot be selected explicitly in *KeyTypes options yet. Remove them from the lists of algorithms for now. committing on behalf of markus@ ok djm@ Upstream-ID: c6e8820eb8e610ac21551832c0c89684a9a51bb7
2016-02-18upstream commitjmc@openbsd.org
since these pages now clearly tell folks to avoid v1, normalise the docs from a v2 perspective (i.e. stop pointing out which bits are v2 only); ok/tweaks djm ok markus Upstream-ID: eb474f8c36fb6a532dc05c282f7965e38dcfa129
2016-02-17upstream commitdjm@openbsd.org
make sandboxed privilege separation the default, not just for new installs; "absolutely" deraadt@ Upstream-ID: 5221ef3b927d2df044e9aa3f5db74ae91743f69b
2016-02-17upstream commitjmc@openbsd.org
no need to state that protocol 2 is the default twice; Upstream-ID: b1e4c36b0c2e12e338e5b66e2978f2ac953b95eb
2016-02-17upstream commitdjm@openbsd.org
Replace list of ciphers and MACs adjacent to -1/-2 flag descriptions in ssh(1) with a strong recommendation not to use protocol 1. Add a similar warning to the Protocol option descriptions in ssh_config(5) and sshd_config(5); prompted by and ok mmcc@ Upstream-ID: 961f99e5437d50e636feca023978950a232ead5e
2016-02-17upstream commitdjm@openbsd.org
add a "Close session" log entry (at loglevel=verbose) to correspond to the existing "Starting session" one. Also include the session id number to make multiplexed sessions more apparent. feedback and ok dtucker@ Upstream-ID: e72d2ac080e02774376325136e532cb24c2e617c
2016-02-17upstream commitdjm@openbsd.org
include bad $SSH_CONNECTION in failure output Upstream-Regress-ID: b22d72edfde78c403aaec2b9c9753ef633cc0529
2016-02-17Rollback addition of va_start.Darren Tucker
va_start was added in 0f754e29dd3760fc0b172c1220f18b753fb0957e, however it has the wrong number of args and it's not usable in non-variadic functions anyway so it breaks things (for example Solaris 2.6 as reported by Tom G. Christensen).i ok djm@
2016-02-17Look for gethostbyname in libresolv and libnsl.Darren Tucker
Should fix build problem on Solaris 2.6 reported by Tom G. Christensen.
2016-02-16make existing ssh_malloc_init only for __OpenBSD__Damien Miller
2016-02-16upstream commitdjm@openbsd.org
memleak of algorithm name in mm_answer_sign; reported by Jakub Jelen Upstream-ID: ccd742cd25952240ebd23d7d4d6b605862584d08
2016-02-16upstream commitdtucker@openbsd.org
Add a function to enable security-related malloc_options. With and ok deraadt@, something similar has been in the snaps for a while. Upstream-ID: 43a95523b832b7f3b943d2908662191110c380ed
2016-02-16sync ssh-copy-id with upstream 783ef08b0a75Damien Miller
2016-02-12upstream commitdjm@openbsd.org
avoid fatal() for PKCS11 tokens that present empty key IDs bz#1773, ok markus@ Upstream-ID: 044a764fee526f2c4a9d530bd10695422d01fc54
2016-02-11upstream commitdjm@openbsd.org
sync crypto algorithm lists in ssh_config(5) and sshd_config(5) with current reality. bz#2527 Upstream-ID: d7fd1b6c1ed848d866236bcb1d7049d2bb9b2ff6
2016-02-11upstream commitdjm@openbsd.org
fix regression in openssh-6.8 sftp client: existing destination directories would incorrectly terminate recursive uploads; bz#2528 Upstream-ID: 3306be469f41f26758e3d447987ac6d662623e18
2016-02-09upstream commitdjm@openbsd.org
turn off more old crypto in the client: hmac-md5, ripemd, truncated HMACs, RC4, blowfish. ok markus@ dtucker@ Upstream-ID: 96aa11c2c082be45267a690c12f1d2aae6acd46e
2016-02-09upstream commitdjm@openbsd.org
don't attempt to percent_expand() already-canonicalised addresses, avoiding unnecessary failures when attempting to connect to scoped IPv6 addresses (that naturally contain '%' characters) Upstream-ID: f24569cffa1a7cbde5f08dc739a72f4d78aa5c6a
2016-02-08upstream commitdjm@openbsd.org
refactor activation of rekeying This makes automatic rekeying internal to the packet code (previously the server and client loops needed to assist). In doing to it makes application of rekey limits more accurate by accounting for packets about to be sent as well as packets queued during rekeying events themselves. Based on a patch from dtucker@ which was in turn based on a patch Aleksander Adamowski in bz#2521; ok markus@ Upstream-ID: a441227fd64f9739850ca97b4cf794202860fcd8
2016-02-08upstream commitnaddy@openbsd.org
Only check errno if read() has returned an error. EOF is not an error. This fixes a problem where the mux master would sporadically fail to notice that the client had exited. ok mikeb@ djm@ Upstream-ID: 3c2dadc21fac6ef64665688aac8a75fffd57ae53