summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-10-18Force use of DNSSEC even if "options edns0" isn't in resolv.confColin Watson
This allows SSHFP DNS records to be verified if glibc 2.11 is installed. Origin: vendor, https://cvs.fedoraproject.org/viewvc/F-12/openssh/openssh-5.2p1-edns.patch?revision=1.1&view=markup Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572049 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572049 Last-Update: 2010-04-06 Patch-Name: dnssec-sshfp.patch
2020-10-18Look for $SHELL on the path for ProxyCommand/LocalCommandColin Watson
There's some debate on the upstream bug about whether POSIX requires this. I (Colin Watson) agree with Vincent and think it does. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1494 Bug-Debian: http://bugs.debian.org/492728 Last-Update: 2020-02-21 Patch-Name: shell-path.patch
2020-10-18Adjust scp quoting in verbose modeNicolas Valcárcel
Tweak scp's reporting of filenames in verbose mode to be a bit less confusing with spaces. This should be revised to mimic real shell quoting. Bug-Ubuntu: https://bugs.launchpad.net/bugs/89945 Last-Update: 2010-02-27 Patch-Name: scp-quoting.patch
2020-10-18Allow harmless group-writabilityColin Watson
Allow secure files (~/.ssh/config, ~/.ssh/authorized_keys, etc.) to be group-writable, provided that the group in question contains only the file's owner. Rejected upstream for IMO incorrect reasons (e.g. a misunderstanding about the contents of gr->gr_mem). Given that per-user groups and umask 002 are the default setup in Debian (for good reasons - this makes operating in setgid directories with other groups much easier), we need to permit this by default. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347 Last-Update: 2019-10-09 Patch-Name: user-group-modes.patch
2020-10-18"LogLevel SILENT" compatibilityNatalie Amery
"LogLevel SILENT" (-qq) was introduced in Debian openssh 1:3.0.1p1-1 to match the behaviour of non-free SSH, in which -q does not suppress fatal errors. However, this was unintentionally broken in 1:4.6p1-2 and nobody complained, so we've dropped most of it. The parts that remain are basic configuration file compatibility, and an adjustment to "Pseudo-terminal will not be allocated ..." which should be split out into a separate patch. Author: Matthew Vernon <matthew@debian.org> Author: Colin Watson <cjwatson@debian.org> Last-Update: 2013-09-14 Patch-Name: syslog-level-silent.patch
2020-10-18Various keepalive extensionsRichard Kettlewell
Add compatibility aliases for ProtocolKeepAlives and SetupTimeOut, supported in previous versions of Debian's OpenSSH package but since superseded by ServerAliveInterval. (We're probably stuck with this bit for compatibility.) In batch mode, default ServerAliveInterval to five minutes. Adjust documentation to match and to give some more advice on use of keepalives. Author: Ian Jackson <ian@chiark.greenend.org.uk> Author: Matthew Vernon <matthew@debian.org> Author: Colin Watson <cjwatson@debian.org> Last-Update: 2020-02-21 Patch-Name: keepalive-extensions.patch
2020-10-18Accept obsolete ssh-vulnkey configuration optionsColin Watson
These options were used as part of Debian's response to CVE-2008-0166. Nearly six years later, we no longer need to continue carrying the bulk of that patch, but we do need to avoid failing when the associated configuration options are still present. Last-Update: 2014-02-09 Patch-Name: ssh-vulnkey-compat.patch
2020-10-18Handle SELinux authorisation rolesManoj Srivastava
Rejected upstream due to discomfort with magic usernames; a better approach will need an SSH protocol change. In the meantime, this came from Debian's SELinux maintainer, so we'll keep it until we have something better. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641 Bug-Debian: http://bugs.debian.org/394795 Last-Update: 2020-10-18 Patch-Name: selinux-role.patch
2020-10-18Restore TCP wrappers supportColin Watson
Support for TCP wrappers was dropped in OpenSSH 6.7. See this message and thread: https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032497.html It is true that this reduces preauth attack surface in sshd. On the other hand, this support seems to be quite widely used, and abruptly dropping it (from the perspective of users who don't read openssh-unix-dev) could easily cause more serious problems in practice. It's not entirely clear what the right long-term answer for Debian is, but it at least probably doesn't involve dropping this feature shortly before a freeze. Forwarded: not-needed Last-Update: 2019-06-05 Patch-Name: restore-tcp-wrappers.patch
2020-10-18GSSAPI key exchange supportSimon Wilkinson
This patch has been rejected upstream: "None of the OpenSSH developers are in favour of adding this, and this situation has not changed for several years. This is not a slight on Simon's patch, which is of fine quality, but just that a) we don't trust GSSAPI implementations that much and b) we don't like adding new KEX since they are pre-auth attack surface. This one is particularly scary, since it requires hooks out to typically root-owned system resources." However, quite a lot of people rely on this in Debian, and it's better to have it merged into the main openssh package rather than having separate -krb5 packages (as we used to have). It seems to have a generally good security history. Author: Simon Wilkinson <simon@sxw.org.uk> Author: Colin Watson <cjwatson@debian.org> Author: Jakub Jelen <jjelen@redhat.com> Origin: other, https://github.com/openssh-gsskex/openssh-gsskex/commits/debian/master Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242 Last-Updated: 2020-06-07 Patch-Name: gssapi.patch
2020-10-18Import openssh_8.4p1.orig.tar.gzColin Watson
2020-09-27update version numbersDamien Miller
2020-09-27upstream: openssh 8.4djm@openbsd.org
OpenBSD-Commit-ID: a29e5b372d2c00e297da8a35a3b87c9beb3b4a58
2020-09-22sync with upstream ssh-copy-id rev f0da1a1b7Damien Miller
2020-09-21upstream: close stdin when forking after authentication too; ok markusdjm@openbsd.org
OpenBSD-Commit-ID: 43db17e4abc3e6b4a7b033aa8cdab326a7cb6c24
2020-09-21upstream: close stdout/stderr after "ssh -f ..." forkingdjm@openbsd.org
bz#3137, ok markus OpenBSD-Commit-ID: e2d83cc4dea1665651a7aa924ad1ed6bcaaab3e2
2020-09-20.dependDamien Miller
2020-09-20upstream: cap channel input buffer size at 16MB; avoids high memory usedjm@openbsd.org
when peer advertises a large window but is slow to consume the data we send (e.g. because of a slow network) reported by Pierre-Yves David fix with & ok markus@ OpenBSD-Commit-ID: 1452771f5e5e768876d3bfe2544e3866d6ade216
2020-09-18libfido2 1.5.0 is recommendedDamien Miller
2020-09-18upstream: handle multiple messages in a single read()djm@openbsd.org
PR#183 by Dennis Kaarsemaker; feedback and ok markus@ OpenBSD-Commit-ID: 8570bb4d02d00cf70b98590716ea6a7d1cce68d1
2020-09-18configure.ac: add missing includespedro martelletto
when testing, make sure to include the relevant header files that declare the types of the functions used by the test: - stdio.h for printf(); - stdlib.h for exit(); - string.h for strcmp(); - unistd.h for unlink(), _exit(), fork(), getppid(), sleep().
2020-09-18upstream: tweak the client hostkey preference ordering algorithm todjm@openbsd.org
prefer the default ordering if the user has a key that matches the best-preference default algorithm. feedback and ok markus@ OpenBSD-Commit-ID: a92dd7d7520ddd95c0a16786a7519e6d0167d35f
2020-09-18control over the colours in gnome-ssh-askpass[23]Damien Miller
Optionally set the textarea colours via $GNOME_SSH_ASKPASS_FG_COLOR and $GNOME_SSH_ASKPASS_BG_COLOR. These accept the usual three or six digit hex colours.
2020-09-18focus improvement for gnome-ssh-askpass[23]Damien Miller
When serving a SSH_ASKPASS_PROMPT=none information dialog, ensure then <enter> doesn't immediately close the dialog. Instead, require an explicit <tab> to reach the close button, or <esc>.
2020-09-16upstream: Remove unused buf, last user was removed when switchingdtucker@openbsd.org
to the sshbuf API. Patch from Sebastian Andrzej Siewior. OpenBSD-Commit-ID: 250fa17f0cec01039cc4abd95917d9746e24c889
2020-09-16upstream: For the hostkey confirmation message:djm@openbsd.org
> Are you sure you want to continue connecting (yes/no/[fingerprint])? compare the fingerprint case sensitively; spotted Patrik Lundin ok dtucker OpenBSD-Commit-ID: 73097afee1b3a5929324e345ba4a4a42347409f2
2020-09-11New config-build-time dependency on automake.Darren Tucker
2020-09-11Add aclocal.m4 and config.h.in~ to .gitignore.Darren Tucker
aclocal.m4 is now generated by autoreconf.
2020-09-11Quote the definition of OSSH_CHECK_HEADER_FOR_FIELDSebastian Andrzej Siewior
autoreconf complains about underquoted definition of OSSH_CHECK_HEADER_FOR_FIELD after aclocal.m4 has been and now is beeing recreated. Quote OSSH_CHECK_HEADER_FOR_FIELD as suggested. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
2020-09-11Move the local m4 macrosSebastian Andrzej Siewior
The `aclocal' step is skipped during `autoreconf' because aclocal.m4 is present. Move the current aclocal.m4 which contains local macros into the m4/ folder. With this change the aclocal.m4 will be re-created during changes to the m4/ macro. This is needed so the `aclocal' can fetch m4 macros from the system if they are references in the configure script. This is a prerequisite to use PKG_CHECK_MODULES. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
2020-09-11Remove HAVE_MMAP and BROKEN_MMAPSebastian Andrzej Siewior
BROKEN_MMAP is no longer defined since commit 1cfd5c06efb12 ("Remove portability support for mmap") this commit also removed other HAVE_MMAP user. I didn't find anything that defines HAVE_MMAP. The check does not trigger because compression on server side is by default COMP_DELAYED (2) so it never triggers. Remove remaining HAVE_MMAP and BROKEN_MMAP bits. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
2020-09-09upstream: adapt to SSH_SK_VERSION_MAJOR crankdjm@openbsd.org
OpenBSD-Regress-ID: 0f3e76bdc8f9dbd9d22707c7bdd86051d5112ab8
2020-09-09upstream: Ensure that address/mask mismatches are flagged atdtucker@openbsd.org
config-check time. ok djm@ OpenBSD-Regress-ID: 8f5f4c2c0bf00e6ceae7a1755a444666de0ea5c2
2020-09-09upstream: when writing an attestation blob for a FIDO key, record alldjm@openbsd.org
the data needed to verify the attestation. Previously we were missing the "authenticator data" that is included in the signature. spotted by Ian Haken feedback Pedro Martelletto and Ian Haken; ok markus@ OpenBSD-Commit-ID: 8439896e63792b2db99c6065dd9a45eabbdb7e0a
2020-09-02configure.ac: fix libfido2 back-compatpedro martelletto
- HAVE_FIDO_CRED_PROD -> HAVE_FIDO_CRED_PROT; - check for fido_dev_get_touch_begin(), so that HAVE_FIDO_DEV_GET_TOUCH_BEGIN gets defined.
2020-08-31upstream: refuse to add verify-required (PINful) FIDO keys todjm@openbsd.org
ssh-agent until the agent supports them properly OpenBSD-Commit-ID: 125bd55a8df32c87c3ec33c6ebe437673a3d037e
2020-08-31upstream: Add RCS IDs to the few files that are missing them; fromdjm@openbsd.org
Pedro Martelletto OpenBSD-Commit-ID: 39aa37a43d0c75ec87f1659f573d3b5867e4a3b3
2020-08-31upstream: Check that the addresses supplied to Match Address anddtucker@openbsd.org
Match LocalAddress are valid when parsing in config-test mode. This will catch address/mask mismatches before they cause problems at runtime. Found by Daniel Stocker, ok djm@ OpenBSD-Commit-ID: 2d0b10c69fad5d8fda4c703e7c6804935289378b
2020-08-31upstream: sentence fix; from pedro martellettojmc@openbsd.org
OpenBSD-Commit-ID: f95b84a1e94e9913173229f3787448eea2f8a575
2020-08-27tweak back-compat for older libfido2Damien Miller
2020-08-27upstream: debug()-print a little info about FIDO-specific keydjm@openbsd.org
fields via "ssh-keygen -vyf /path/key" OpenBSD-Commit-ID: cf315c4fe77db43947d111b00155165cb6b577cf
2020-08-27upstream: skip a bit more FIDO token selection logic when only adjm@openbsd.org
single token is attached. with Pedro Martelletto OpenBSD-Commit-ID: e4a324bd9814227ec1faa8cb619580e661cca9ac
2020-08-27upstream: tweak previous;jmc@openbsd.org
OpenBSD-Commit-ID: 92714b6531e244e4da401b2defaa376374e24be7
2020-08-27upstream: adapt to API changesdjm@openbsd.org
OpenBSD-Regress-ID: 5f147990cb67094fe554333782ab268a572bb2dd
2020-08-27degrade semi-gracefully when libfido2 is too oldDamien Miller
2020-08-27upstream: dummy firmware needs to match API version numner crank (fordjm@openbsd.org
verify-required resident keys) even though it doesn't implement this feature OpenBSD-Regress-ID: 86579ea2891e18e822e204413d011b2ae0e59657
2020-08-27upstream: remove unreachable code I forgot to delete in r1.334djm@openbsd.org
OpenBSD-Commit-ID: 9ed6078251a0959ee8deda443b9ae42484fd8b18
2020-08-27upstream: Request PIN ahead of time for certain FIDO actionsdjm@openbsd.org
When we know that a particular action will require a PIN, such as downloading resident keys or generating a verify-required key, request the PIN before attempting it. joint work with Pedro Martelletto; ok markus@ OpenBSD-Commit-ID: 863182d38ef075bad1f7d20ca485752a05edb727
2020-08-27upstream: preserve verify-required for resident FIDO keysdjm@openbsd.org
When downloading a resident, verify-required key from a FIDO token, preserve the verify-required in the private key that is written to disk. Previously we weren't doing that because of lack of support in the middleware API. from Pedro Martelletto; ok markus@ and myself OpenBSD-Commit-ID: 201c46ccdd227cddba3d64e1bdbd082afa956517
2020-08-27upstream: major rework of FIDO token selection logicdjm@openbsd.org
When PINs are in use and multiple FIDO tokens are attached to a host, we cannot just blast requests at all attached tokens with the PIN specified as this will cause the per-token PIN failure counter to increment. If this retry counter hits the token's limit (usually 3 attempts), then the token will lock itself and render all (web and SSH) of its keys invalid. We don't want this. So this reworks the key selection logic for the specific case of multiple keys being attached. When multiple keys are attached and the operation requires a PIN, then the user must touch the key that they wish to use first in order to identify it. This may require multiple touches, but only if there are multiple keys attached AND (usually) the operation requires a PIN. The usual case of a single key attached should be unaffected. Work by Pedro Martelletto; ok myself and markus@ OpenBSD-Commit-ID: 637d3049ced61b7a9ee796914bbc4843d999a864