openssh.git -

Age	Commit message (Collapse)	Author
2016-07-22	Search users for one with a valid salt.	Darren Tucker
	If the root account is locked (eg password "!!" or "LK") keep looking until we find a user with a valid salt to use for crypting passwords of invalid users. ok djm@ Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=dbf788b4d9d9490a5fff08a7b09888272bb10fcc Bug-Debian: https://bugs.debian.org/831902 Last-Update: 2016-07-22 Patch-Name: CVE-2016-6210-3.patch
2016-07-22	Determine appropriate salt for invalid users.	Darren Tucker
	When sshd is processing a non-PAM login for a non-existent user it uses the string from the fakepw structure as the salt for crypt(3)ing the password supplied by the client. That string has a Blowfish prefix, so on systems that don't understand that crypt will fail fast due to an invalid salt, and even on those that do it may have significantly different timing from the hash methods used for real accounts (eg sha512). This allows user enumeration by, eg, sending large password strings. This was noted by EddieEzra.Harari at verint.com (CVE-2016-6210). To mitigate, use the same hash algorithm that root uses for hashing passwords for users that do not exist on the system. ok djm@ Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=9286875a73b2de7736b5e50692739d314cd8d9dc Bug-Debian: https://bugs.debian.org/831902 Last-Update: 2016-07-22 Patch-Name: CVE-2016-6210-1.patch
2016-03-21	Don't check the status field of the OpenSSL version	Kurt Roeckx
	There is no reason to check the version of OpenSSL (in Debian). If it's not compatible the soname will change. OpenSSH seems to want to do a check for the soname based on the version number, but wants to keep the status of the release the same. Remove that check on the status since it doesn't tell you anything about how compatible that version is. Author: Colin Watson <cjwatson@debian.org> Bug-Debian: https://bugs.debian.org/93581 Bug-Debian: https://bugs.debian.org/664383 Bug-Debian: https://bugs.debian.org/732940 Forwarded: not-needed Last-Update: 2014-10-07 Patch-Name: no-openssl-version-status.patch
2016-03-21	Force use of DNSSEC even if "options edns0" isn't in resolv.conf	Colin Watson
	This allows SSHFP DNS records to be verified if glibc 2.11 is installed. Origin: vendor, https://cvs.fedoraproject.org/viewvc/F-12/openssh/openssh-5.2p1-edns.patch?revision=1.1&view=markup Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572049 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572049 Last-Update: 2010-04-06 Patch-Name: dnssec-sshfp.patch
2016-03-21	Handle SELinux authorisation roles	Manoj Srivastava
	Rejected upstream due to discomfort with magic usernames; a better approach will need an SSH protocol change. In the meantime, this came from Debian's SELinux maintainer, so we'll keep it until we have something better. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641 Bug-Debian: http://bugs.debian.org/394795 Last-Update: 2015-08-19 Patch-Name: selinux-role.patch
2016-02-19	Make Solaris privs code build on older systems.	Darren Tucker
	Not all systems with Solaris privs have priv_basicset so factor that out and provide backward compatibility code. Similarly, not all have PRIV_NET_ACCESS so wrap that in #ifdef. Based on code from alex at cooperi.net and djm@ with help from carson at taltos.org and wieland at purdue.edu.
2016-02-17	Rollback addition of va_start.	Darren Tucker
	va_start was added in 0f754e29dd3760fc0b172c1220f18b753fb0957e, however it has the wrong number of args and it's not usable in non-variadic functions anyway so it breaks things (for example Solaris 2.6 as reported by Tom G. Christensen).i ok djm@
2016-01-08	Support Illumos/Solaris fine-grained privileges	Damien Miller
	Includes a pre-auth privsep sandbox and several pledge() emulations. bz#2511, patch by Alex Wilson. ok dtucker@
2015-11-30	Revert "stub for pledge(2) for systems that lack it"	Damien Miller
	This reverts commit 14c887c8393adde2d9fd437d498be30f8c98535c. dtucker beat me to it :/
2015-11-30	stub for pledge(2) for systems that lack it	Damien Miller

2015-11-30	Add a null implementation of pledge.	Darren Tucker
	Fixes builds on almost everything.
2015-10-29	Prevent name collisions with system glob (bz#2463)	Darren Tucker
	Move glob.h from includes.h to the only caller (sftp) and override the names for the symbols. This prevents name collisions with the system glob in the case where something other than ssh uses it (eg kerberos). With jjelen at redhat.com, ok djm@
2015-10-16	need va_copy before va_start	Damien Miller
	reported by Nicholas Lemonias
2015-10-15	fix compilation on systems without SYMLOOP_MAX	Damien Miller

2015-10-14	upstream commit	Damien Miller
	revision 1.20 date: 2015/10/13 20:55:37; author: millert; state: Exp; lines: +2 -2; commitid: X39sl5ay1czgFIgp; In rev 1.15 the sizeof argument was fixed in a strlcat() call but the truncation check immediately following it was not updated to match. Not an issue in practice since the buffers are the same size. OK deraadt@
2015-10-14	upstream commit	Damien Miller
	revision 1.19 date: 2015/01/16 16:48:51; author: deraadt; state: Exp; lines: +3 -3; commitid: 0DYulI8hhujBHMcR; Move to the <limits.h> universe. review by millert, binary checking process with doug, concept with guenther
2015-10-14	upstream commit	Damien Miller
	revision 1.18 date: 2014/10/19 03:56:28; author: doug; state: Exp; lines: +9 -9; commitid: U6QxmtbXrGoc02S5; Revert last commit due to changed semantics found by make release.
2015-10-14	upstream commit	Damien Miller
	revision 1.17 date: 2014/10/18 20:43:52; author: doug; state: Exp; lines: +10 -10; commitid: I74hI1tVZtsspKEt; Better POSIX compliance in realpath(3). millert@ made changes to realpath.c based on FreeBSD's version. I merged Todd's changes into dl_realpath.c. ok millert@, guenther@
2015-10-14	upstream commit	Damien Miller
	revision 1.16 date: 2013/04/05 12:59:54; author: kurt; state: Exp; lines: +3 -1; - Add comments regarding copies of these files also in libexec/ld.so okay guenther@
2015-10-14	upstream commit	Damien Miller
	revision 1.15 date: 2012/09/13 15:39:05; author: deraadt; state: Exp; lines: +2 -2; specify the bounds of the dst to strlcat (both values were static and equal, but it is more correct) from Michal Mazurek
2015-10-14	upstream commit	Damien Miller
	revision 1.14 date: 2011/07/24 21:03:00; author: miod; state: Exp; lines: +35 -13; Recent Single Unix will malloc memory if the second argument of realpath() is NULL, and third-party software is starting to rely upon this. Adapted from FreeBSD via Jona Joachim (jaj ; hcl-club , .lu), with minor tweaks from nicm@ and yours truly.
2015-08-21	expose POLLHUP and POLLNVAL for netcat.c	Damien Miller

2015-07-30	downgrade OOM adjustment logging: verbose -> debug	Damien Miller

2015-07-20	make realpath.c compile -Wsign-compare clean	Damien Miller

2015-07-17	Check if realpath works on nonexistent files.	Darren Tucker
	On some platforms the native realpath doesn't work with non-existent files (this is actually specified in some versions of POSIX), however the sftp spec says its realpath with "canonicalize any given path name". On those platforms, use realpath from the compat library. In addition, when compiling with -DFORTIFY_SOURCE, glibc redefines the realpath symbol to the checked version, so redefine ours to something else so we pick up the compat version we want. bz#2428, ok djm@
2015-06-02	Replace strcpy with strlcpy.	Darren Tucker
	ok djm, sanity check by Corinna Vinschen.
2015-05-10	upstream commit	Damien Miller
	- tedu@cvs.openbsd.org 2015/01/12 03:20:04 [bcrypt_pbkdf.c] rename blocks to words. bcrypt "blocks" are unrelated to blowfish blocks, nor are they the same size.
2015-05-10	upstream commit	Damien Miller
	- deraadt@cvs.openbsd.org 2015/01/08 00:30:07 [bcrypt_pbkdf.c] declare a local version of MIN(), call it MINIMUM()
2015-05-10	upstream commit	Damien Miller
	- djm@cvs.openbsd.org 2014/12/30 01:41:43 [bcrypt_pbkdf.c] typo in comment: ouput => output
2015-05-08	Put brackets around mblen() compat constant.	Darren Tucker
	This might help with the reported problem cross compiling for Android ("error: expected identifier or '(' before numeric constant") but shouldn't hurt in any case.
2015-04-17	Wrap endian.h include inside ifdef (bz#2370).	Darren Tucker

2015-04-07	Use do{}while(0) for no-op functions.	Darren Tucker
	From FreeBSD.
2015-04-07	Wrap blf.h include in ifdef. From FreeBSD.	Darren Tucker

2015-02-26	Remove dependency on xmalloc.	Darren Tucker
	Remove ssh_get_progname's dependency on xmalloc, which should reduce link order problems. ok djm@
2015-02-25	Move definition of _NSIG.	Darren Tucker
	_NSIG is only unsed in one file, so move it there prevent redefinition warnings reported by Kevin Brott.
2015-02-24	Add AI_NUMERICSERV to fake-rfc2553.	Darren Tucker
	Our getaddrinfo implementation always returns numeric values already.
2015-02-23	Wrap stdint.h includes in ifdefs.	Darren Tucker

2015-01-15	kludge around tun API mismatch betterer	Damien Miller

2015-01-15	unbreak across API change	Damien Miller

2015-01-15	support --without-openssl at configure time	Damien Miller
	Disables and removes dependency on OpenSSL. Many features don't work and the set of crypto options is greatly restricted. This will only work on system with native arc4random or /dev/urandom. Considered highly experimental for now.
2015-01-14	support --without-openssl at configure time	Damien Miller
	Disables and removes dependency on OpenSSL. Many features don't work and the set of crypto options is greatly restricted. This will only work on system with native arc4random or /dev/urandom. Considered highly experimental for now.
2014-12-30	avoid uninitialised free of ldns_res	Damien Miller
	If an invalid rdclass was passed to getrrsetbyname() then this would execute a free on an uninitialised pointer. OpenSSH only ever calls this with a fixed and valid rdclass. Reported by Joshua Rogers
2014-12-29	pull updated OpenBSD BCrypt PBKDF implementation	Damien Miller
	Includes fix for 1 byte output overflow for large key length requests (not reachable in OpenSSH). Pointed out by Joshua Rogers
2014-12-18	upstream libc change	Damien Miller
	revision 1.2 date: 2014/12/08 03:45:00; author: bcook; state: Exp; lines: +2 -2; commitid: 7zWEBgJJOCZ2hvTV; avoid left shift overflow in reallocarray. Some 64-bit platforms (e.g. Windows 64) have a 32-bit long. So, shifting 1UL 32-bits to the left causes an overflow. This replaces the constant 1UL with (size_t)1 so that we get the correct constant size for the platform. discussed with tedu@ & deraadt@
2014-12-10	Add reallocarray to compat library	Darren Tucker

2014-10-01	- (djm) [openbsd-compat/Makefile.in openbsd-compat/kludge-fd_set.c]	Damien Miller
	[openbsd-compat/openbsd-compat.h] Kludge around bad glibc _FORTIFY_SOURCE check that doesn't grok heap-allocated fd_sets; ok dtucker@
2014-09-04	- (djm) [openbsd-compat/arc4random.c] Zero seed after keying PRNG	Damien Miller

2014-08-30	- (djm) [openbsd-compat/openssl-compat.h] add include guard	Damien Miller

2014-08-30	- (djm) [openbsd-compat/openssl-compat.h] add	Damien Miller
	OPENSSL_[RD]SA_MAX_MODULUS_BITS defines for OpenSSL that lacks them
2014-08-27	- (djm) [openbsd-compat/explicit_bzero.c] implement explicit_bzero()	Damien Miller
	using memset_s() where possible; improve fallback to indirect bzero via a volatile pointer to give it more of a chance to avoid being optimised away.