summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-03-28drop old Cygwin considerationsCorinna Vinschen
- Cygwin supports non-DOS characters in filenames - Cygwin does not support Windows XP anymore Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
2019-03-27upstream: fix interaction between ClientAliveInterval and RekeyLimitdjm@openbsd.org
that could cause connection to close incorrectly; Report and patch from Jakub Jelen in bz#2757; ok dtucker@ markus@ OpenBSD-Commit-ID: 17229a8a65bd8e6c2080318ec2b7a61e1aede3fb
2019-03-26upstream: Fix authentication failures when "AuthenticationMethodsdjm@openbsd.org
any" in a Match block overrides a more restrictive global default. Spotted by jmc@, ok markus@ OpenBSD-Commit-ID: a90a4fe2ab81d0eeeb8fdfc21af81f7eabda6666
2019-03-26upstream: whitespacedjm@openbsd.org
OpenBSD-Commit-ID: 106e853ae8a477e8385bc53824d3884a8159db07
2019-03-26upstream: Expand comment to document rationale for default keydtucker@openbsd.org
sizes. "seems worthwhile" deraadt. OpenBSD-Commit-ID: 72e5c0983d7da1fb72f191870f36cb58263a2456
2019-03-26upstream: Increase the default RSA key size to 3072 bits. Based ondtucker@openbsd.org
the estimates from NIST Special Publication 800-57, 3k bits provides security equivalent to 128 bits which is the smallest symmetric cipher we enable by default. ok markus@ deraadt@ OpenBSD-Commit-ID: 461dd32ebe808f88f4fc3ec74749b0e6bef2276b
2019-03-26upstream: full stop in the wrong place;jmc@openbsd.org
OpenBSD-Commit-ID: 478a0567c83553a2aebf95d0f1bd67ac1b1253e4
2019-03-26upstream: benno helped me clean up the tcp forwarding section;jmc@openbsd.org
OpenBSD-Commit-ID: d4bec27edefde636fb632b7f0b7c656b9c7b7f08
2019-03-26upstream: fix use-after-free in ssh-pkcs11; found by hshoexer w/AFLmarkus@openbsd.org
OpenBSD-Commit-ID: febce81cca72b71f70513fbee4ff52ca050f675c
2019-03-14Fix build when configured --without-openssl.Darren Tucker
ok djm@
2019-03-14On Cygwin run sshd as SYSTEM where possible.Darren Tucker
Seteuid now creates user token using S4U. We don't create a token from scratch anymore, so we don't need the "Create a process token" privilege. The service can run under SYSTEM again... ...unless Cygwin is running on Windows Vista or Windows 7 in the WOW64 32 bit emulation layer. It turns out that WOW64 on these systems didn't implement MsV1_0 S4U Logon so we still need the fallback to NtCreateToken for these systems. Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
2019-03-13Replace alloca with xcalloc.Darren Tucker
The latter checks for memory exhaustion and integer overflow and may be at a less predictable place. Sanity check by vinschen at redhat.com, ok djm@
2019-03-12Use Cygwin-specific matching only for users+groups.Darren Tucker
Patch from vinschen at redhat.com, updated a little by me.
2019-03-08upstream: Move checks for lists of users or groups into their owndtucker@openbsd.org
function. This is a no-op on OpenBSD but will make things easier in -portable, eg on systems where these checks should be case-insensitive. ok djm@ OpenBSD-Commit-ID: 8bc9c8d98670e23f8eaaaefe29c1f98e7ba0487e
2019-03-08upstream: Reset last-seen time when sending a keepalive. Preventsdtucker@openbsd.org
sending two keepalives successively and prematurely terminating connection when ClientAliveCount=1. While there, collapse two similar tests into one. ok markus@ OpenBSD-Commit-ID: 043670d201dfe222537a2a4bed16ce1087de5ddd
2019-03-08upstream: PKCS#11 support is no longer limited to RSA; ok benno@naddy@openbsd.org
kn@ OpenBSD-Commit-ID: 1a9bec64d530aed5f434a960e7515a3e80cbc826
2019-03-08upstream: in ssh_set_newkeys(), mention the direction that we'redjm@openbsd.org
keying in debug messages. Previously it would be difficult to tell which direction it was talking about OpenBSD-Commit-ID: c2b71bfcceb2a7389b9d0b497fb2122a406a522d
2019-03-01releasing package openssh version 1:7.9p1-9Colin Watson
2019-03-01Handle shell-style brace expansions in scp checksColin Watson
2019-03-01upstream: when checking that filenames sent by the server sidedjm@openbsd.org
match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}". "looks good to me" millert@ + in snaps for the last week courtesy deraadt@ OpenBSD-Commit-ID: 3b1ce7639b0b25b2248e3a30f561a548f6815f3e Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=3d896c157c722bc47adca51a58dca859225b5874 Bug-Debian: https://bugs.debian.org/923486 Last-Update: 2019-03-01 Patch-Name: scp-handle-braces.patch
2019-03-01upstream: Fix two race conditions in sshd relating to SIGHUP:djm@openbsd.org
1. Recently-forked child processes will briefly remain listening to listen_socks. If the main server sshd process completes its restart via execv() before these sockets are closed by the child processes then it can fail to listen at the desired addresses/ports and/or fail to restart. 2. When a SIGHUP is received, there may be forked child processes that are awaiting their reexecution state. If the main server sshd process restarts before passing this state, these child processes will yield errors and use a fallback path of reading the current sshd_config from the filesystem rather than use the one that sshd was started with. To fix both of these cases, we reuse the startup_pipes that are shared between the main server sshd and forked children. Previously this was used solely to implement tracking of pre-auth child processes for MaxStartups, but this extends the messaging over these pipes to include a child->parent message that the parent process is safe to restart. This message is sent from the child after it has completed its preliminaries: closing listen_socks and receiving its reexec state. bz#2953, reported by Michal Koutný; ok markus@ dtucker@ OpenBSD-Commit-ID: 7df09eacfa3ce13e9a7b1e9f17276ecc924d65ab
2019-03-01upstream: mention PKCS11Provide=none, reword a little and removedjm@openbsd.org
mention of RSA keys only (since we support ECDSA now and might support others in the future). Inspired by Jakub Jelen via bz#2974 OpenBSD-Commit-ID: a92e3686561bf624ccc64ab320c96c9e9a263aa5
2019-03-01upstream: let PKCS11Provider=none do what users expectdjm@openbsd.org
print PKCS11Provider instead of obsolete SmartcardDevice in config dump. bz#2974 ok dtucker@ OpenBSD-Commit-ID: c303d6f0230a33aa2dd92dc9b68843d56a64f846
2019-03-01upstream: dup stdout/in for proxycommand=-, otherwise stdout mightmarkus@openbsd.org
be redirected to /dev/null; ok djm@ OpenBSD-Commit-ID: 97dfce4c47ed4055042de8ebde85b7d88793e595
2019-02-28releasing package openssh version 1:7.9p1-8Colin Watson
2019-02-28Move moduli(5) manual page to openssh-serverColin Watson
This goes with /etc/ssh/moduli; forgotten in 1:7.9p1-5.
2019-02-28Correctly handle conffile move to openssh-serverDominik George
Closes: #919344
2019-02-28Request RSA-SHA2 signatures for corresponding cert algorithmsColin Watson
Closes: #923419
2019-02-28upstream: Request RSA-SHA2 signatures fordjm@openbsd.org
rsa-sha2-{256|512}-cert-v01@openssh.com cert algorithms; ok markus@ OpenBSD-Commit-ID: afc6f7ca216ccd821656d1c911d2a3deed685033 Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=f429c1b2ef631f2855e51a790cf71761d752bbca Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2944 Bug-Debian: https://bugs.debian.org/923419 Last-Update: 2019-02-28 Patch-Name: request-rsa-sha2-cert-signatures.patch
2019-02-28Fix key type checks with RSA-SHA2 signature typesColin Watson
2019-02-28upstream: fix bug in HostbasedAcceptedKeyTypes anddjm@openbsd.org
PubkeyAcceptedKeyTypes options. If only RSA-SHA2 siganture types were specified, then authentication would always fail for RSA keys as the monitor checks only the base key (not the signature algorithm) type against *AcceptedKeyTypes. bz#2746; reported by Jakub Jelen; ok dtucker OpenBSD-Commit-ID: 117bc3dc54578dbdb515a1d3732988cb5b00461b Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=cd9467318b56e6e93ff9575c906ff8350af9b8a2 Last-Update: 2019-02-28 Patch-Name: fix-key-type-check.patch
2019-02-26releasing package openssh version 1:7.9p1-7Colin Watson
2019-02-25Tighten up start-stop-daemon invocationsColin Watson
Pass "--exec /usr/sbin/sshd" to start-stop-daemon on stop as well as start and pass "--chuid 0:0" on start, to avoid problems with non-root groups leaking into the ownership of /run/sshd.pid. Closes: #922365
2019-02-25Update logind recommendationColin Watson
Recommend "default-logind | logind | libpam-systemd" rather than just libpam-systemd. (I've retained libpam-systemd as an alternative for a while to avoid backporting accidents, although it can be removed later.) Thanks, Adam Borowski. Closes: #923199
2019-02-24upstream: openssh-7.9 accidentally reused the server's algorithm listsdjm@openbsd.org
in the client for KEX, ciphers and MACs. The ciphers and MACs were identical between the client and server, but the error accidentially disabled the diffie-hellman-group-exchange-sha1 KEX method. This fixes the client code to use the correct method list, but because nobody complained, it also disables the diffie-hellman-group-exchange-sha1 KEX method. Reported by nuxi AT vault24.org via bz#2697; ok dtucker OpenBSD-Commit-ID: e30c33a23c10fd536fefa120e86af1842e33fd57
2019-02-22Cygwin: implement case-insensitive Unicode user and group name matchingCorinna Vinschen
The previous revert enabled case-insensitive user names again. This patch implements the case-insensitive user and group name matching. To allow Unicode chars, implement the matcher using wchar_t chars in Cygwin-specific code. Keep the generic code changes as small as possible. Cygwin: implement case-insensitive Unicode user and group name matching Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
2019-02-22Revert unintended parts of previous commit.Darren Tucker
2019-02-22Revert "[auth.c] On Cygwin, refuse usernames that have differences in case"Corinna Vinschen
This reverts commit acc9b29486dfd649dfda474e5c1a03b317449f1c. Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
2019-02-22Add tags to .gitignoreCorinna Vinschen
Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
2019-02-22upstream: perform removal of agent-forwarding directory in forwarddjm@openbsd.org
setup error path with user's privileged. This is a no-op as this code always runs with user privilege now that we no longer support running sshd with privilege separation disabled, but as long as the privsep skeleton is there we should follow the rules. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit bz#2969 with patch from Erik Sjölund OpenBSD-Commit-ID: 2b708401a5a8d6133c865d7698d9852210dca846
2019-02-22upstream: sync the description of ~/.ssh/config with djm's updatedjmc@openbsd.org
description in ssh.1; issue pointed out by andreas kahari ok dtucker djm OpenBSD-Commit-ID: 1b01ef0ae2c6328165150badae317ec92e52b01c
2019-02-13upstream: fix regression in r1.302 reported by naddy@ - only the firstdjm@openbsd.org
public key from the agent was being attempted for use. OpenBSD-Commit-ID: 07116aea521a04888718b2157f1ca723b2f46c8d
2019-02-11upstream: cleanup GSSAPI authentication context after completion of thedjm@openbsd.org
authmethod. Move function-static GSSAPI state to the client Authctxt structure. Make static a bunch of functions that aren't used outside this file. Based on patch from Markus Schmidt <markus@blueflash.cc>; ok markus@ OpenBSD-Commit-ID: 497fb792c0ddb4f1ba631b6eed526861f115dbe5
2019-02-11upstream: ssh-keygen -D pkcs11.so needs to initialize pkcs11benno@openbsd.org
interactive, so it can ask for the smartcards PIN. ok markus@ OpenBSD-Commit-ID: 1be7ccf88f1876e0fc4d7c9b3f96019ac5655bab
2019-02-10upstream: when checking that filenames sent by the server sidedjm@openbsd.org
match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}". "looks good to me" millert@ + in snaps for the last week courtesy deraadt@ OpenBSD-Commit-ID: 3b1ce7639b0b25b2248e3a30f561a548f6815f3e
2019-02-10upstream: syslog when connection is dropped for attempting to run adjm@openbsd.org
command when ForceCommand=internal-sftp is in effect; bz2960; ok dtucker@ OpenBSD-Commit-ID: 8c87fa66d7fc6c0fffa3a3c28e8ab5e8dde234b8
2019-02-08releasing package openssh version 1:7.9p1-6Colin Watson
2019-02-08scp: Check remote->local directory copy filenamesColin Watson
CVE-2019-6111
2019-02-08upstream: check in scp client that filenames sent duringdjm@openbsd.org
remote->local directory copies satisfy the wildcard specified by the user. This checking provides some protection against a malicious server sending unexpected filenames, but it comes at a risk of rejecting wanted files due to differences between client and server wildcard expansion rules. For this reason, this also adds a new -T flag to disable the check. reported by Harry Sintonen fix approach suggested by markus@; has been in snaps for ~1wk courtesy deraadt@ OpenBSD-Commit-ID: 00f44b50d2be8e321973f3c6d014260f8f7a8eda CVE-2019-6111 Origin: backport, https://anongit.mindrot.org/openssh.git/commit/?id=391ffc4b9d31fa1f4ad566499fef9176ff8a07dc Last-Update: 2019-02-08 Patch-Name: check-filenames-in-scp-client.patch
2019-02-08Sanitize scp filenames via snmprintfColin Watson
CVE-2019-6109 Closes: #793412