summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-11-29upstream commitdjm@openbsd.org
split allocation out of sshbuf_reserve() into a separate sshbuf_allocate() function; ok markus@ Upstream-ID: 11b8a2795afeeb1418d508a2c8095b3355577ec2
2016-11-24upstream commitmarkus@openbsd.org
allow ClientAlive{Interval,CountMax} in Match; ok dtucker, djm Upstream-ID: 8beb4c1eadd588f1080b58932281983864979f55
2016-11-10upstream commitdjm@openbsd.org
unbreak DenyUsers; reported by henning@ Upstream-ID: 1c67d4148f5e953c35acdb62e7c08ae8e33f7cb2
2016-11-06upstream commitdjm@openbsd.org
Validate address ranges for AllowUser/DenyUsers at configuration load time and refuse to accept bad ones. It was previously possible to specify invalid CIDR address ranges (e.g. djm@127.1.2.3/55) and these would always match. Thanks to Laurence Parry for a detailed bug report. ok markus (for a previous diff version) Upstream-ID: 9dfcdd9672b06e65233ea4434c38226680d40bfb
2016-11-06upstream commitdjm@openbsd.org
Improve pkcs11_add_provider() logging: demote some excessively verbose error()s to debug()s, include PKCS#11 provider name and slot in log messages where possible. bz#2610, based on patch from Jakub Jelen Upstream-ID: 3223ef693cfcbff9079edfc7e89f55bf63e1973d
2016-11-01Use ptrace(PT_DENY_ATTACH, ..) on OS X.Darren Tucker
2016-10-28Unbreak AES-CTR ciphers on old (~0.9.8) OpenSSLDamien Miller
ok dtucker@
2016-10-28Move OPENSSL_NO_RIPEMD160 to compat.Darren Tucker
Move OPENSSL_NO_RIPEMD160 to compat and add ifdefs to mac.c around the ripemd160 MACs.
2016-10-28Check if RIPEMD160 is disabled in OpenSSL.Darren Tucker
2016-10-28Skip ssh1 specfic ciphers.Darren Tucker
cipher-3des1.c and cipher-bf1.c are specific to sshv1 so don't even try to compile them when Protocol 1 is not enabled.
2016-10-26upstream commitjsg@openbsd.org
Fix logic in add_local_forward() that inverted a test when code was refactored out into bind_permitted(). This broke ssh port forwarding for non-priv ports as a non root user. ok dtucker@ 'looks good' deraadt@ Upstream-ID: ddb8156ca03cc99997de284ce7777536ff9570c9
2016-10-26upstream commitdtucker@openbsd.org
Remove dead breaks, found via opencoverage.net. ok deraadt@ Upstream-ID: ad9cc655829d67fad219762810770787ba913069
2016-10-26Use !=NULL instead of >0 for getdefaultproj.Darren Tucker
getdefaultproj() returns a pointer so test it for NULL inequality instead of >0. Fixes compiler warning and is more correct. Patch from David Binderman.
2016-10-24upstream commitdtucker@openbsd.org
Factor out "can bind to low ports" check into its own function. This will make it easier for Portable to support platforms with permissions models other than uid==0 (eg bz#2625). ok djm@, "doesn't offend me too much" deraadt@. Upstream-ID: 86213df4183e92b8f189a6d2dac858c994bfface
2016-10-24upstream commitdtucker@openbsd.org
When tearing down ControlMaster connecctions, don't pollute stderr when LogLevel=quiet. Patch from Tim Kuijsten via tech@. Upstream-ID: d9b3a68b2a7c2f2fc7f74678e29a4618d55ceced
2016-10-24Wrap stdint.h include in ifdef.Darren Tucker
2016-10-21Fix formatting.Darren Tucker
2016-10-21Update links to https.Darren Tucker
www.openssh.com now supports https and ftp.openbsd.org no longer supports ftp. Make all links to these https.
2016-10-21Update host key generation examples.Darren Tucker
Remove ssh1 host key generation, add ssh-keygen -A
2016-10-21Update links.Darren Tucker
Make links to openssh.com HTTPS now that it's supported, point release notes link to the HTML release notes page, and update a couple of other links and bits of text.
2016-10-20Remote channels .orig and .rej files.Darren Tucker
These files were incorrectly added during an OpenBSD sync.
2016-10-19upstream commitdtucker@openbsd.org
Remove channel_input_port_forward_request(); the only caller was the recently-removed SSH1 server code so it's now dead code. ok markus@ Upstream-ID: 05453983230a1f439562535fec2818f63f297af9
2016-10-19upstream commitmillert@openbsd.org
Install a signal handler for tty-generated signals and wait for the ssh child to suspend before suspending sftp. This lets ssh restore the terminal mode as needed when it is suspended at the password prompt. OK dtucker@ Upstream-ID: a31c1f42aa3e2985dcc91e46e6a17bd22e372d69
2016-10-19upstream commitjmc@openbsd.org
various formatting fixes, specifically removing Dq; Upstream-ID: 81e85df2b8e474f5f93d66e61d9a4419ce87347c
2016-10-19Import readpassphrase.c rev 1.26.Darren Tucker
Author: miller@openbsd.org: Avoid generate SIGTTOU when restoring the terminal mode. If we get SIGTTOU it means the process is not in the foreground process group which, in most cases, means that the shell has taken control of the tty. Requiring the user the fg the process in this case doesn't make sense and can result in both SIGTSTP and SIGTTOU being sent which can lead to the process being suspended again immediately after being brought into the foreground.
2016-10-19Import readpassphrase.c rev 1.25.Darren Tucker
Wrap <readpassphrase.h> so internal calls go direct and readpassphrase is weak. (DEF_WEAK is a no-op in portable.)
2016-10-15Move DEF_WEAK into defines.h.Darren Tucker
As well pull in more recent changes from OpenBSD these will start to arrive so put it where the definition is shared.
2016-10-15Remove do_pam_set_tty which is dead code.Darren Tucker
The callers of do_pam_set_tty were removed in 2008, so this is now dead code. bz#2604, pointed out by jjelen at redhat.com.
2016-10-13unbreak principals-command testDamien Miller
Undo inconsistetly updated variable name.
2016-10-13upstream commitdjm@openbsd.org
fix the KEX fuzzer - the previous method of obtaining the packet contents was broken. This now uses the new per-packet input hook, so it sees exact post-decrypt packets and doesn't have to pass packet integrity checks. ok markus@ Upstream-Regress-ID: 402fb6ffabd97de590e8e57b25788949dce8d2fd
2016-10-13upstream commitnatano@openbsd.org
Move USER out of the way to unbreak the BUILDUSER mechanism. ok tb Upstream-Regress-ID: 74ab9687417dd071d62316eaadd20ddad1d5af3c
2016-10-13upstream commitbluhm@openbsd.org
In ssh tests set REGRESS_FAIL_EARLY with ?= so that the environment can change it. OK djm@ Upstream-Regress-ID: 77bcb50e47b68c7209c7f0a5a020d73761e5143b
2016-10-13upstream commitdjm@openbsd.org
Add a per-packet input hook that is called with the decrypted packet contents. This will be used for fuzzing; ok markus@ Upstream-ID: a3221cee6b1725dd4ae1dd2c13841b4784cb75dc
2016-10-13upstream commitmarkus@openbsd.org
Unregister the KEXINIT handler after message has been received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause allocation of up to 128MB -- until the connection is closed. Reported by shilei-c at 360.cn Upstream-ID: 43649ae12a27ef94290db16d1a98294588b75c05
2016-10-13Import rev 1.24 from OpenBSD.Darren Tucker
revision 1.24 date: 2013/11/24 23:51:29; author: deraadt; state: Exp; lines: +4 -4; most obvious unsigned char casts for ctype ok jca krw ingo
2016-10-13Import rev 1.23 from OpenBSD. Fixes bz#2619.Darren Tucker
revision 1.23 date: 2010/05/14 13:30:34; author: millert; state: Exp; lines: +41 -39; Defer installing signal handlers until echo is disabled so that we get suspended normally when not the foreground process. Fix potential infinite loop when restoring terminal settings if process is in the background when restore occurs. OK miod@
2016-10-13If we don't have TCSASOFT, define it to zero.Darren Tucker
This makes it a no-op when we use it below, which allows us to re-sync those lines with the upstream and make future updates easier.
2016-10-10upstream commitjmc@openbsd.org
tidy up the formatting in this file. more specifically, replace .Dq, which looks appalling, with .Cm, where appropriate; Upstream-ID: ff8e90aa0343d9bb56f40a535e148607973cc738
2016-10-06upstream commitdjm@openbsd.org
add a comment about implicitly-expected checks to sshkey_ec_validate_public() Upstream-ID: 74a7f71c28f7c13a50f89fc78e7863b9cd61713f
2016-10-01upstream commitdjm@openbsd.org
fix some -Wpointer-sign warnings in the new mux proxy; ok markus@ Upstream-ID: b1ba7b3769fbc6b7f526792a215b0197f5e55dfd
2016-10-01upstream commitbluhm@openbsd.org
Add a makefile rule to create the ssh library when regress needs it. This allows to run the ssh regression tests without doing a "make build" before. Discussed with dtucker@ and djm@; OK djm@ Upstream-Regress-ID: ce489bd53afcd471225a125b4b94565d4717c025
2016-10-01upstream commitbluhm@openbsd.org
Allow to run ssh regression tests as root. If the user is already root, the test should not expect that SUDO is set. If ssh needs another user, use sudo or doas to switch from root if necessary. OK dtucker@ Upstream-Regress-ID: b464e55185ac4303529e3e6927db41683aaeace2
2016-10-01upstream commitmarkus@openbsd.org
ssh proxy mux mode (-O proxy; idea from Simon Tatham): - mux client speaks the ssh-packet protocol directly over unix-domain socket. - mux server acts as a proxy, translates channel IDs and relays to the server. - no filedescriptor passing necessary. - combined with unix-domain forwarding it's even possible to run mux client and server on different machines. feedback & ok djm@ Upstream-ID: 666a2fb79f58e5c50e246265fb2b9251e505c25b
2016-09-29upstream commitdjm@openbsd.org
put back some pre-auth zlib bits that I shouldn't have removed - they are still used by the client. Spotted by naddy@ Upstream-ID: 80919468056031037d56a1f5b261c164a6f90dc2
2016-09-29upstream commitdjm@openbsd.org
restore pre-auth compression support in the client -- the previous commit was intended to remove it from the server only. remove a few server-side pre-auth compression bits that escaped adjust wording of Compression directive in sshd_config(5) pointed out by naddy@ ok markus@ Upstream-ID: d23696ed72a228dacd4839dd9f2dec424ba2016b
2016-09-29upstream commitjmc@openbsd.org
use a separate TOKENS section, as we've done for sshd_config(5); help/ok djm Upstream-ID: 640e32b5e4838e4363738cdec955084b3579481d
2016-09-29Remove portability support for mmapDamien Miller
We no longer need to wrap/replace mmap for portability now that pre-auth compression has been removed from OpenSSH.
2016-09-29upstream commitdjm@openbsd.org
Remove support for pre-authentication compression. Doing compression early in the protocol probably seemed reasonable in the 1990s, but today it's clearly a bad idea in terms of both cryptography (cf. multiple compression oracle attacks in TLS) and attack surface. Moreover, to support it across privilege-separation zlib needed the assistance of a complex shared-memory manager that made the required attack surface considerably larger. Prompted by Guido Vranken pointing out a compiler-elided security check in the shared memory manager found by Stack (http://css.csail.mit.edu/stack/); ok deraadt@ markus@ NB. pre-auth authentication has been disabled by default in sshd for >10 years. Upstream-ID: 32af9771788d45a0779693b41d06ec199d849caf
2016-09-29upstream commitdjm@openbsd.org
Avoid a theoretical signed integer overflow should BN_num_bytes() ever violate its manpage and return a negative value. Improve order of tests to avoid confusing increasingly pedantic compilers. Reported by Guido Vranken from stack (css.csail.mit.edu/stack) unstable optimisation analyser output. ok deraadt@ Upstream-ID: f8508c830c86d8f36c113985e52bf8eedae23505
2016-09-28fix mdoc2man.awk formatting for top-level listsDamien Miller
Reported by Glenn Golden Diagnosis and fix from Ingo Schwarze