svn commit: r313012 - in vendor-crypto/openssh/dist: . contrib contrib/redhat contrib/suse openbsd-compat regress regress/misc/kexfuzz regress/unittests regress/unittests/bitmap regress/unittests/h...
Dag-Erling Smørgrav
des at FreeBSD.org
Tue Jan 31 12:33:49 UTC 2017
Author: des
Date: Tue Jan 31 12:33:47 2017
New Revision: 313012
URL: https://svnweb.freebsd.org/changeset/base/313012
Log:
Vendor import of OpenSSH 7.4p1.
Added:
vendor-crypto/openssh/dist/openbsd-compat/strcasestr.c
vendor-crypto/openssh/dist/regress/allow-deny-users.sh
vendor-crypto/openssh/dist/regress/keygen-moduli.sh
vendor-crypto/openssh/dist/regress/moduli.in
vendor-crypto/openssh/dist/regress/unittests/match/
vendor-crypto/openssh/dist/regress/unittests/match/Makefile
vendor-crypto/openssh/dist/regress/unittests/match/tests.c
Deleted:
vendor-crypto/openssh/dist/auth-chall.c
vendor-crypto/openssh/dist/auth-rh-rsa.c
vendor-crypto/openssh/dist/auth-rsa.c
vendor-crypto/openssh/dist/auth1.c
vendor-crypto/openssh/dist/monitor_mm.c
vendor-crypto/openssh/dist/monitor_mm.h
vendor-crypto/openssh/dist/openbsd-compat/xmmap.c
Modified:
vendor-crypto/openssh/dist/.skipped-commit-ids
vendor-crypto/openssh/dist/CREDITS
vendor-crypto/openssh/dist/ChangeLog
vendor-crypto/openssh/dist/INSTALL
vendor-crypto/openssh/dist/Makefile.in
vendor-crypto/openssh/dist/PROTOCOL
vendor-crypto/openssh/dist/README
vendor-crypto/openssh/dist/README.platform
vendor-crypto/openssh/dist/README.privsep
vendor-crypto/openssh/dist/TODO
vendor-crypto/openssh/dist/aclocal.m4
vendor-crypto/openssh/dist/addrmatch.c
vendor-crypto/openssh/dist/atomicio.c
vendor-crypto/openssh/dist/audit-bsm.c
vendor-crypto/openssh/dist/audit-linux.c
vendor-crypto/openssh/dist/audit.c
vendor-crypto/openssh/dist/audit.h
vendor-crypto/openssh/dist/auth-options.c
vendor-crypto/openssh/dist/auth-options.h
vendor-crypto/openssh/dist/auth-pam.c
vendor-crypto/openssh/dist/auth-pam.h
vendor-crypto/openssh/dist/auth-rhosts.c
vendor-crypto/openssh/dist/auth.c
vendor-crypto/openssh/dist/auth.h
vendor-crypto/openssh/dist/auth2-pubkey.c
vendor-crypto/openssh/dist/authfile.c
vendor-crypto/openssh/dist/buildpkg.sh.in
vendor-crypto/openssh/dist/chacha.h
vendor-crypto/openssh/dist/channels.c
vendor-crypto/openssh/dist/channels.h
vendor-crypto/openssh/dist/cipher-3des1.c
vendor-crypto/openssh/dist/cipher-bf1.c
vendor-crypto/openssh/dist/cipher-chachapoly.c
vendor-crypto/openssh/dist/cipher.c
vendor-crypto/openssh/dist/cipher.h
vendor-crypto/openssh/dist/clientloop.c
vendor-crypto/openssh/dist/clientloop.h
vendor-crypto/openssh/dist/config.guess
vendor-crypto/openssh/dist/config.h.in
vendor-crypto/openssh/dist/config.sub
vendor-crypto/openssh/dist/configure
vendor-crypto/openssh/dist/configure.ac
vendor-crypto/openssh/dist/contrib/Makefile
vendor-crypto/openssh/dist/contrib/gnome-ssh-askpass2.c
vendor-crypto/openssh/dist/contrib/redhat/openssh.spec
vendor-crypto/openssh/dist/contrib/suse/openssh.spec
vendor-crypto/openssh/dist/defines.h
vendor-crypto/openssh/dist/dh.c
vendor-crypto/openssh/dist/entropy.h
vendor-crypto/openssh/dist/gss-genr.c
vendor-crypto/openssh/dist/hostfile.c
vendor-crypto/openssh/dist/kex.c
vendor-crypto/openssh/dist/kex.h
vendor-crypto/openssh/dist/kexgexc.c
vendor-crypto/openssh/dist/kexgexs.c
vendor-crypto/openssh/dist/key.h
vendor-crypto/openssh/dist/krl.c
vendor-crypto/openssh/dist/mac.c
vendor-crypto/openssh/dist/match.c
vendor-crypto/openssh/dist/md5crypt.h
vendor-crypto/openssh/dist/mdoc2man.awk
vendor-crypto/openssh/dist/misc.c
vendor-crypto/openssh/dist/misc.h
vendor-crypto/openssh/dist/moduli
vendor-crypto/openssh/dist/moduli.c
vendor-crypto/openssh/dist/monitor.c
vendor-crypto/openssh/dist/monitor.h
vendor-crypto/openssh/dist/monitor_wrap.c
vendor-crypto/openssh/dist/monitor_wrap.h
vendor-crypto/openssh/dist/mux.c
vendor-crypto/openssh/dist/myproposal.h
vendor-crypto/openssh/dist/opacket.h
vendor-crypto/openssh/dist/openbsd-compat/Makefile.in
vendor-crypto/openssh/dist/openbsd-compat/base64.h
vendor-crypto/openssh/dist/openbsd-compat/bsd-asprintf.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-cray.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-cray.h
vendor-crypto/openssh/dist/openbsd-compat/bsd-cygwin_util.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-cygwin_util.h
vendor-crypto/openssh/dist/openbsd-compat/bsd-misc.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-misc.h
vendor-crypto/openssh/dist/openbsd-compat/bsd-nextstep.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-nextstep.h
vendor-crypto/openssh/dist/openbsd-compat/bsd-openpty.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-poll.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-setres_id.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-setres_id.h
vendor-crypto/openssh/dist/openbsd-compat/bsd-statvfs.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-statvfs.h
vendor-crypto/openssh/dist/openbsd-compat/bsd-waitpid.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-waitpid.h
vendor-crypto/openssh/dist/openbsd-compat/explicit_bzero.c
vendor-crypto/openssh/dist/openbsd-compat/fake-rfc2553.c
vendor-crypto/openssh/dist/openbsd-compat/fake-rfc2553.h
vendor-crypto/openssh/dist/openbsd-compat/getcwd.c
vendor-crypto/openssh/dist/openbsd-compat/getgrouplist.c
vendor-crypto/openssh/dist/openbsd-compat/openbsd-compat.h
vendor-crypto/openssh/dist/openbsd-compat/openssl-compat.c
vendor-crypto/openssh/dist/openbsd-compat/openssl-compat.h
vendor-crypto/openssh/dist/openbsd-compat/port-aix.c
vendor-crypto/openssh/dist/openbsd-compat/port-aix.h
vendor-crypto/openssh/dist/openbsd-compat/port-irix.c
vendor-crypto/openssh/dist/openbsd-compat/port-irix.h
vendor-crypto/openssh/dist/openbsd-compat/port-linux.c
vendor-crypto/openssh/dist/openbsd-compat/port-linux.h
vendor-crypto/openssh/dist/openbsd-compat/port-solaris.c
vendor-crypto/openssh/dist/openbsd-compat/port-solaris.h
vendor-crypto/openssh/dist/openbsd-compat/port-tun.c
vendor-crypto/openssh/dist/openbsd-compat/readpassphrase.c
vendor-crypto/openssh/dist/openbsd-compat/setproctitle.c
vendor-crypto/openssh/dist/openbsd-compat/sha2.c
vendor-crypto/openssh/dist/openbsd-compat/sha2.h
vendor-crypto/openssh/dist/openbsd-compat/vis.c
vendor-crypto/openssh/dist/openbsd-compat/xcrypt.c
vendor-crypto/openssh/dist/opensshd.init.in
vendor-crypto/openssh/dist/packet.c
vendor-crypto/openssh/dist/packet.h
vendor-crypto/openssh/dist/platform-tracing.c
vendor-crypto/openssh/dist/platform.c
vendor-crypto/openssh/dist/platform.h
vendor-crypto/openssh/dist/readconf.c
vendor-crypto/openssh/dist/regress/Makefile
vendor-crypto/openssh/dist/regress/agent-getpeereid.sh
vendor-crypto/openssh/dist/regress/cert-file.sh
vendor-crypto/openssh/dist/regress/cert-userkey.sh
vendor-crypto/openssh/dist/regress/connect-privsep.sh
vendor-crypto/openssh/dist/regress/integrity.sh
vendor-crypto/openssh/dist/regress/keys-command.sh
vendor-crypto/openssh/dist/regress/login-timeout.sh
vendor-crypto/openssh/dist/regress/misc/kexfuzz/README
vendor-crypto/openssh/dist/regress/misc/kexfuzz/kexfuzz.c
vendor-crypto/openssh/dist/regress/principals-command.sh
vendor-crypto/openssh/dist/regress/putty-ciphers.sh
vendor-crypto/openssh/dist/regress/putty-kex.sh
vendor-crypto/openssh/dist/regress/putty-transfer.sh
vendor-crypto/openssh/dist/regress/reexec.sh
vendor-crypto/openssh/dist/regress/sftp-chroot.sh
vendor-crypto/openssh/dist/regress/test-exec.sh
vendor-crypto/openssh/dist/regress/unittests/Makefile
vendor-crypto/openssh/dist/regress/unittests/Makefile.inc
vendor-crypto/openssh/dist/regress/unittests/bitmap/Makefile
vendor-crypto/openssh/dist/regress/unittests/hostkeys/Makefile
vendor-crypto/openssh/dist/regress/unittests/kex/Makefile
vendor-crypto/openssh/dist/regress/unittests/sshbuf/Makefile
vendor-crypto/openssh/dist/regress/unittests/sshkey/Makefile
vendor-crypto/openssh/dist/regress/unittests/utf8/Makefile
vendor-crypto/openssh/dist/regress/unittests/utf8/tests.c
vendor-crypto/openssh/dist/sandbox-darwin.c
vendor-crypto/openssh/dist/sandbox-rlimit.c
vendor-crypto/openssh/dist/scp.c
vendor-crypto/openssh/dist/servconf.c
vendor-crypto/openssh/dist/servconf.h
vendor-crypto/openssh/dist/serverloop.c
vendor-crypto/openssh/dist/serverloop.h
vendor-crypto/openssh/dist/session.c
vendor-crypto/openssh/dist/session.h
vendor-crypto/openssh/dist/sftp-client.c
vendor-crypto/openssh/dist/sftp-common.c
vendor-crypto/openssh/dist/sftp-server.c
vendor-crypto/openssh/dist/sftp.c
vendor-crypto/openssh/dist/ssh-agent.0
vendor-crypto/openssh/dist/ssh-agent.1
vendor-crypto/openssh/dist/ssh-agent.c
vendor-crypto/openssh/dist/ssh-keygen.c
vendor-crypto/openssh/dist/ssh-pkcs11.c
vendor-crypto/openssh/dist/ssh-rsa.c
vendor-crypto/openssh/dist/ssh.c
vendor-crypto/openssh/dist/ssh_config.0
vendor-crypto/openssh/dist/ssh_config.5
vendor-crypto/openssh/dist/sshbuf.c
vendor-crypto/openssh/dist/sshbuf.h
vendor-crypto/openssh/dist/sshconnect.c
vendor-crypto/openssh/dist/sshconnect1.c
vendor-crypto/openssh/dist/sshconnect2.c
vendor-crypto/openssh/dist/sshd.0
vendor-crypto/openssh/dist/sshd.8
vendor-crypto/openssh/dist/sshd.c
vendor-crypto/openssh/dist/sshd_config
vendor-crypto/openssh/dist/sshd_config.0
vendor-crypto/openssh/dist/sshd_config.5
vendor-crypto/openssh/dist/sshkey.c
vendor-crypto/openssh/dist/sshkey.h
vendor-crypto/openssh/dist/sshpty.c
vendor-crypto/openssh/dist/sshpty.h
vendor-crypto/openssh/dist/utf8.c
vendor-crypto/openssh/dist/utf8.h
vendor-crypto/openssh/dist/version.h
Modified: vendor-crypto/openssh/dist/.skipped-commit-ids
==============================================================================
--- vendor-crypto/openssh/dist/.skipped-commit-ids Tue Jan 31 12:31:38 2017 (r313011)
+++ vendor-crypto/openssh/dist/.skipped-commit-ids Tue Jan 31 12:33:47 2017 (r313012)
@@ -9,3 +9,5 @@ edbfde98c40007b7752a4ac106095e060c25c1ef
180d84674be1344e45a63990d60349988187c1ae Update moduli
f6ae971186ba68d066cd102e57d5b0b2c211a5ee systrace is dead.
96c5054e3e1f170c6276902d5bc65bb3b87a2603 remove DEBUGLIBS from Makefile
+6da9a37f74aef9f9cc639004345ad893cad582d8 Update moduli file
+77bcb50e47b68c7209c7f0a5a020d73761e5143b unset REGRESS_FAIL_EARLY
Modified: vendor-crypto/openssh/dist/CREDITS
==============================================================================
--- vendor-crypto/openssh/dist/CREDITS Tue Jan 31 12:31:38 2017 (r313011)
+++ vendor-crypto/openssh/dist/CREDITS Tue Jan 31 12:33:47 2017 (r313012)
@@ -100,6 +100,3 @@ Zack Weinberg <zack at wolery.cumb.org> - G
Apologies to anyone I have missed.
Damien Miller <djm at mindrot.org>
-
-$Id: CREDITS,v 1.81 2006/08/30 17:24:41 djm Exp $
-
Modified: vendor-crypto/openssh/dist/ChangeLog
==============================================================================
--- vendor-crypto/openssh/dist/ChangeLog Tue Jan 31 12:31:38 2017 (r313011)
+++ vendor-crypto/openssh/dist/ChangeLog Tue Jan 31 12:33:47 2017 (r313012)
@@ -1,9202 +1,10266 @@
-commit 99522ba7ec6963a05c04a156bf20e3ba3605987c
-Author: Damien Miller <djm at mindrot.org>
-Date: Thu Jul 28 08:54:27 2016 +1000
-
- define _OPENBSD_SOURCE for reallocarray on NetBSD
-
- Report by and debugged with Hisashi T Fujinaka, dtucker nailed
- the problem (lack of prototype causing return type confusion).
-
-commit 3e1e076550c27c6bbdddf36d8f42bd79fbaaa187
-Author: Damien Miller <djm at mindrot.org>
-Date: Wed Jul 27 08:25:42 2016 +1000
-
- KNF
-
-commit d99ee9c4e5e217e7d05eeec84e9ce641f4675331
+commit 4a354fc231174901f2629437c2a6e924a2dd6772
Author: Damien Miller <djm at mindrot.org>
-Date: Wed Jul 27 08:25:23 2016 +1000
-
- Linux auditing also needs packet.h
-
-commit 393bd381a45884b589baa9aed4394f1d250255ca
-Author: Damien Miller <djm at mindrot.org>
-Date: Wed Jul 27 08:18:05 2016 +1000
-
- fix auditing on Linux
-
- get_remote_ipaddr() was replaced with ssh_remote_ipaddr()
-
-commit 80e766fb089de4f3c92b1600eb99e9495e37c992
-Author: Damien Miller <djm at mindrot.org>
-Date: Sun Jul 24 21:50:13 2016 +1000
+Date: Mon Dec 19 15:59:26 2016 +1100
- crank version numbers
+ crank version numbers for release
-commit b1a478792d458f2e938a302e64bab2b520edc1b3
+commit 5f8d0bb8413d4d909cc7aa3c616fb0538224c3c9
Author: djm at openbsd.org <djm at openbsd.org>
-Date: Sun Jul 24 11:45:36 2016 +0000
+Date: Mon Dec 19 04:55:51 2016 +0000
upstream commit
- openssh-7.3
-
- Upstream-ID: af106a7eb665f642648cf1993e162c899f358718
-
-commit 353766e0881f069aeca30275ab706cd60a1a8fdd
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Sat Jul 23 16:14:42 2016 +1000
-
- Move Cygwin IPPORT_RESERVED overrride to defines.h
+ openssh-7.4
- Patch from vinschen at redhat.com.
+ Upstream-ID: 1ee404adba6bbe10ae9277cbae3a94abe2867b79
-commit 368dd977ae07afb93f4ecea23615128c95ab2b32
+commit 3a8213ea0ed843523e34e55ab9c852332bab4c7b
Author: djm at openbsd.org <djm at openbsd.org>
-Date: Sat Jul 23 02:54:08 2016 +0000
+Date: Mon Dec 19 04:55:18 2016 +0000
upstream commit
- fix pledge violation with ssh -f; reported by Valentin
- Kozamernik ok dtucker@
+ remove testcase that depends on exact output and
+ behaviour of snprintf(..., "%s", NULL)
- Upstream-ID: a61db7988db88d9dac3c4dd70e18876a8edf84aa
+ Upstream-Regress-ID: cab4288531766bd9593cb556613b91a2eeefb56f
-commit f00211e3c6d24d6ea2b64b4b1209f671f6c1d42e
-Author: djm at openbsd.org <djm at openbsd.org>
-Date: Fri Jul 22 07:00:46 2016 +0000
+commit eae735a82d759054f6ec7b4e887fb7a5692c66d7
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Mon Dec 19 03:32:57 2016 +0000
upstream commit
- improve wording; suggested by jmc@
+ Use LOGNAME to get current user and fall back to whoami if
+ not set. Mainly to benefit -portable since some platforms don't have whoami.
- Upstream-ID: 55cb0a24c8e0618b3ceec80998dc82c85db2d2f8
+ Upstream-Regress-ID: e3a16b7836a3ae24dc8f8a4e43fdf8127a60bdfa
-commit 83cbca693c3b0719270e6a0f2efe3f9ee93a65b8
+commit 0d2f88428487518eea60602bd593989013831dcf
Author: dtucker at openbsd.org <dtucker at openbsd.org>
-Date: Fri Jul 22 05:46:11 2016 +0000
+Date: Fri Dec 16 03:51:19 2016 +0000
upstream commit
- Lower loglevel for "Authenticated with partial success"
- message similar to other similar level. bz#2599, patch from cgallek at
- gmail.com, ok markus@
+ Add regression test for AllowUsers and DenyUsers. Patch from
+ Zev Weiss <zev at bewilderbeest.net>
- Upstream-ID: 3faab814e947dc7b2e292edede23e94c608cb4dd
+ Upstream-Regress-ID: 8f1aac24d52728398871dac14ad26ea38b533fb9
-commit 10358abd087ab228b7ce2048efc4f3854a9ab9a6
-Author: Damien Miller <djm at mindrot.org>
-Date: Fri Jul 22 14:06:36 2016 +1000
+commit 3bc8180a008929f6fe98af4a56fb37d04444b417
+Author: Darren Tucker <dtucker at zip.com.au>
+Date: Fri Dec 16 15:02:24 2016 +1100
- retry waitpid on EINTR failure
+ Add missing monitor.h include.
- patch from Jakub Jelen on bz#2581; ok dtucker@
+ Fixes warning pointed out by Zev Weiss <zev at bewilderbeest.net>
-commit da88a70a89c800e74ea8e5661ffa127a3cc79a92
+commit 410681f9015d76cc7b137dd90dac897f673244a0
Author: djm at openbsd.org <djm at openbsd.org>
-Date: Fri Jul 22 03:47:36 2016 +0000
+Date: Fri Dec 16 02:48:55 2016 +0000
upstream commit
- constify a few functions' arguments; patch from Jakub
- Jelen bz#2581
+ revert to rev1.2; the new bits in this test depend on changes
+ to ssh that aren't yet committed
- Upstream-ID: f2043f51454ea37830ff6ad60c8b32b4220f448d
+ Upstream-Regress-ID: 828ffc2c7afcf65d50ff2cf3dfc47a073ad39123
-commit c36d91bd4ebf767f310f7cea88d61d1c15f53ddf
-Author: djm at openbsd.org <djm at openbsd.org>
-Date: Fri Jul 22 03:39:13 2016 +0000
+commit 2f2ffa4fbe4b671bbffa0611f15ba44cff64d58e
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Fri Dec 16 01:06:27 2016 +0000
upstream commit
- move debug("%p", key) to before key is free'd; probable
- undefined behaviour on strict compilers; reported by Jakub Jelen bz#2581
+ Move the "stop sshd" code into its own helper function.
+ Patch from Zev Weiss <zev at bewilderbeest.net>, ok djm@
- Upstream-ID: 767f323e1f5819508a0e35e388ec241bac2f953a
+ Upstream-Regress-ID: a113dea77df5bd97fb4633ea31f3d72dbe356329
-commit 286f5a77c3bfec1e8892ca268087ac885ac871bf
+commit e15e7152331e3976b35475fd4e9c72897ad0f074
Author: djm at openbsd.org <djm at openbsd.org>
-Date: Fri Jul 22 03:35:11 2016 +0000
+Date: Fri Dec 16 01:01:07 2016 +0000
upstream commit
- reverse the order in which -J/JumpHost proxies are visited to
- be more intuitive and document
-
- reported by and manpage bits naddy@
+ regression test for certificates along with private key
+ with no public half. bz#2617, mostly from Adam Eijdenberg
- Upstream-ID: 3a68fd6a841fd6cf8cedf6552a9607ba99df179a
+ Upstream-Regress-ID: 2e74dc2c726f4dc839609b3ce045466b69f01115
-commit fcd135c9df440bcd2d5870405ad3311743d78d97
+commit 9a70ec085faf6e55db311cd1a329f1a35ad2a500
Author: dtucker at openbsd.org <dtucker at openbsd.org>
-Date: Thu Jul 21 01:39:35 2016 +0000
+Date: Thu Dec 15 23:50:37 2016 +0000
upstream commit
- Skip passwords longer than 1k in length so clients can't
- easily DoS sshd by sending very long passwords, causing it to spend CPU
- hashing them. feedback djm@, ok markus at .
-
- Brought to our attention by tomas.kuthan at oracle.com, shilei-c at
- 360.cn and coredump at autistici.org
+ Use $SUDO to read pidfile in case root's umask is
+ restricted. From portable.
- Upstream-ID: d0af7d4a2190b63ba1d38eec502bc4be0be9e333
+ Upstream-Regress-ID: f6b1c7ffbc5a0dfb7d430adb2883344899174a98
-commit 324583e8fb3935690be58790425793df619c6d4d
-Author: naddy at openbsd.org <naddy at openbsd.org>
-Date: Wed Jul 20 10:45:27 2016 +0000
+commit fe06b68f824f8f55670442fb31f2c03526dd326c
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Thu Dec 15 21:29:05 2016 +0000
upstream commit
- Do not clobber the global jump_host variables when
- parsing an inactive configuration. ok djm@
+ Add missing braces in DenyUsers code. Patch from zev at
+ bewilderbeest.net, ok deraadt@
- Upstream-ID: 5362210944d91417d5976346d41ac0b244350d31
+ Upstream-ID: d747ace338dcf943b077925f90f85f789714b54e
-commit 32d921c323b989d28405e78d0a8923d12913d737
-Author: jmc at openbsd.org <jmc at openbsd.org>
-Date: Tue Jul 19 12:59:16 2016 +0000
+commit dcc7d74242a574fd5c4afbb4224795b1644321e7
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Thu Dec 15 21:20:41 2016 +0000
upstream commit
- tweak previous;
+ Fix text in error message. Patch from zev at
+ bewilderbeest.net.
- Upstream-ID: f3c1a5b3f05dff366f60c028728a2b43f15ff534
+ Upstream-ID: deb0486e175e7282f98f9a15035d76c55c84f7f6
-commit d7eabc86fa049a12ba2c3fb198bd1d51b37f7025
-Author: dtucker at openbsd.org <dtucker at openbsd.org>
-Date: Tue Jul 19 11:38:53 2016 +0000
+commit b737e4d7433577403a31cff6614f6a1b0b5e22f4
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Wed Dec 14 00:36:34 2016 +0000
upstream commit
- Allow wildcard for PermitOpen hosts as well as ports.
- bz#2582, patch from openssh at mzpqnxow.com and jjelen at redhat.com. ok
- markus@
+ disable Unix-domain socket forwarding when privsep is
+ disabled
- Upstream-ID: af0294e9b9394c4e16e991424ca0a47a7cc605f2
+ Upstream-ID: ab61516ae0faadad407857808517efa900a0d6d0
-commit b98a2a8348e907b3d71caafd80f0be8fdd075943
-Author: markus at openbsd.org <markus at openbsd.org>
-Date: Mon Jul 18 11:35:33 2016 +0000
+commit 08a1e7014d65c5b59416a0e138c1f73f417496eb
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Dec 9 03:04:29 2016 +0000
upstream commit
- Reduce timing attack against obsolete CBC modes by always
- computing the MAC over a fixed size of data. Reported by Jean Paul
- Degabriele, Kenny Paterson, Torben Hansen and Martin Albrecht. ok djm@
+ log connections dropped in excess of MaxStartups at
+ verbose LogLevel; bz#2613 based on diff from Tomas Kuthan; ok dtucker@
- Upstream-ID: f20a13279b00ba0afbacbcc1f04e62e9d41c2912
+ Upstream-ID: 703ae690dbf9b56620a6018f8a3b2389ce76d92b
-commit dbf788b4d9d9490a5fff08a7b09888272bb10fcc
+commit 10e290ec00964b2bf70faab15a10a5574bb80527
Author: Darren Tucker <dtucker at zip.com.au>
-Date: Thu Jul 21 14:17:31 2016 +1000
+Date: Tue Dec 13 13:51:32 2016 +1100
- Search users for one with a valid salt.
-
- If the root account is locked (eg password "!!" or "*LK*") keep looking
- until we find a user with a valid salt to use for crypting passwords of
- invalid users. ok djm@
+ Get default of TEST_SSH_UTF8 from environment.
-commit e8b58f48fbb1b524fb4f0d4865fa0005d6a4b782
+commit b9b8ba3f9ed92c6220b58d70d1e6d8aa3eea1104
Author: Darren Tucker <dtucker at zip.com.au>
-Date: Mon Jul 18 17:22:49 2016 +1000
+Date: Tue Dec 13 12:56:40 2016 +1100
- Explicitly specify source files for regress tools.
+ Remove commented-out includes.
- Since adding $(REGRESSLIBS), $? is wrong because it includes only the
- changed source files. $< seems like it'd be right however it doesn't
- seem to work on some non-GNU makes, so do what works everywhere.
+ These commented-out includes have "Still needed?" comments. Since
+ they've been commented out for ~13 years I assert that they're not.
-commit eac1bbd06872c273f16ac0f9976b0aef026b701b
+commit 25275f1c9d5f01a0877d39444e8f90521a598ea0
Author: Darren Tucker <dtucker at zip.com.au>
-Date: Mon Jul 18 17:12:22 2016 +1000
+Date: Tue Dec 13 12:54:23 2016 +1100
- Conditionally include err.h.
+ Add prototype for strcasestr in compat library.
-commit 0a454147568746c503f669e1ba861f76a2e7a585
+commit afec07732aa2985142f3e0b9a01eb6391f523dec
Author: Darren Tucker <dtucker at zip.com.au>
-Date: Mon Jul 18 16:26:26 2016 +1000
+Date: Tue Dec 13 10:23:03 2016 +1100
- Remove local implementation of err, errx.
+ Add strcasestr to compat library.
- We now have a shared implementation in libopenbsd-compat.
+ Fixes build on (at least) Solaris 10.
-commit eb999a4590846ba4d56ddc90bd07c23abfbab7b1
-Author: djm at openbsd.org <djm at openbsd.org>
-Date: Mon Jul 18 06:08:01 2016 +0000
+commit dda78a03af32e7994f132d923c2046e98b7c56c8
+Author: Damien Miller <djm at mindrot.org>
+Date: Mon Dec 12 13:57:10 2016 +1100
- upstream commit
+ Force Turkish locales back to C/POSIX; bz#2643
- Add some unsigned overflow checks for extra_pad. None of
- these are reachable with the amount of padding that we use internally.
- bz#2566, pointed out by Torben Hansen. ok markus@
+ Turkish locales are unique in their handling of the letters 'i' and
+ 'I' (yes, they are different letters) and OpenSSH isn't remotely
+ prepared to deal with that. For now, the best we can do is to force
+ OpenSSH to use the C/POSIX locale and try to preserve the UTF-8
+ encoding if possible.
- Upstream-ID: 4d4be8450ab2fc1b852d5884339f8e8c31c3fd76
+ ok dtucker@
-commit c71ba790c304545464bb494de974cdf0f4b5cf1e
+commit c35995048f41239fc8895aadc3374c5f75180554
Author: Darren Tucker <dtucker at zip.com.au>
-Date: Mon Jul 18 15:43:25 2016 +1000
+Date: Fri Dec 9 12:52:02 2016 +1100
- Add dependency on libs for unit tests.
-
- Makes "./configure && make tests" work again. ok djm@
+ exit is in stdlib.h not unistd.h (that's _exit).
-commit 8199d0311aea3e6fd0284c9025e7a83f4ece79e8
+commit d399a8b914aace62418c0cfa20341aa37a192f98
Author: Darren Tucker <dtucker at zip.com.au>
-Date: Mon Jul 18 13:47:39 2016 +1000
+Date: Fri Dec 9 12:33:25 2016 +1100
- Correct location for kexfuzz in clean target.
+ Include <unistd.h> for exit in utf8 locale test.
-commit 01558b7b07af43da774d3a11a5c51fa9c310849d
+commit 47b8c99ab3221188ad3926108dd9d36da3b528ec
Author: Darren Tucker <dtucker at zip.com.au>
-Date: Mon Jul 18 09:33:25 2016 +1000
+Date: Thu Dec 8 15:48:34 2016 +1100
- Handle PAM_MAXTRIES from modules.
+ Check for utf8 local support before testing it.
- bz#2249: handle the case where PAM returns PAM_MAXTRIES by ceasing to offer
- password and keyboard-interative authentication methods. Should prevent
- "sshd ignoring max retries" warnings in the log. ok djm@
+ Check for utf8 local support and if not found, do not attempt to run the
+ utf8 tests. Suggested by djm@
+
+commit 4089fc1885b3a2822204effbb02b74e3da58240d
+Author: Darren Tucker <dtucker at zip.com.au>
+Date: Thu Dec 8 12:57:24 2016 +1100
+
+ Use AC_PATH_TOOL for krb5-config.
- It probably won't trigger with keyboard-interactive in the default
- configuration because the retry counter is stored in module-private
- storage which goes away with the sshd PAM process (see bz#688). On the
- other hand, those cases probably won't log a warning either.
+ This will use the host-prefixed version when cross compiling; patch from
+ david.michael at coreos.com.
-commit 65c6c6b567ab5ab12945a5ad8e0ab3a8c26119cc
+commit b4867e0712c89b93be905220c82f0a15e6865d1e
Author: djm at openbsd.org <djm at openbsd.org>
-Date: Sun Jul 17 04:20:16 2016 +0000
+Date: Tue Dec 6 07:48:01 2016 +0000
upstream commit
- support UTF-8 characters in ssh(1) banners using
- schwarze@'s safe fmprintf printer; bz#2058
+ make IdentityFile successfully load and use certificates that
+ have no corresponding bare public key. E.g. just a private id_rsa and
+ certificate id_rsa-cert.pub (and no id_rsa.pub).
- feedback schwarze@ ok dtucker@
+ bz#2617 ok dtucker@
- Upstream-ID: a72ce4e3644c957643c9524eea2959e41b91eea7
+ Upstream-ID: c1e9699b8c0e3b63cc4189e6972e3522b6292604
-commit e4eb7d910976fbfc7ce3e90c95c11b07b483d0d7
-Author: jmc at openbsd.org <jmc at openbsd.org>
-Date: Sat Jul 16 06:57:55 2016 +0000
+commit c9792783a98881eb7ed295680013ca97a958f8ac
+Author: Damien Miller <djm at mindrot.org>
+Date: Fri Nov 25 14:04:21 2016 +1100
+
+ Add a gnome-ssh-askpass3 target for GTK+3 version
+
+ Based on patch from Colin Watson via bz#2640
+
+commit 7be85ae02b9de0993ce0a1d1e978e11329f6e763
+Author: Damien Miller <djm at mindrot.org>
+Date: Fri Nov 25 14:03:53 2016 +1100
+
+ Make gnome-ssh-askpass2.c GTK+3-friendly
+
+ Patch from Colin Watson via bz#2640
+
+commit b9844a45c7f0162fd1b5465683879793d4cc4aaa
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Sun Dec 4 23:54:02 2016 +0000
upstream commit
- - add proxyjump to the options list - formatting fixes -
- update usage()
+ Fix public key authentication when multiple
+ authentication is in use. Instead of deleting and re-preparing the entire
+ keys list, just reset the 'used' flags; the keys list is already in a good
+ order (with already- tried keys at the back)
- ok djm
+ Analysis and patch from Vincent Brillault on bz#2642; ok dtucker@
- Upstream-ID: 43d318e14ce677a2eec8f21ef5ba2f9f68a59457
+ Upstream-ID: 7123f12dc2f3bcaae715853035a97923d7300176
-commit af1f084857621f14bd9391aba8033d35886c2455
+commit f2398eb774075c687b13af5bc22009eb08889abe
Author: dtucker at openbsd.org <dtucker at openbsd.org>
-Date: Fri Jul 15 05:01:58 2016 +0000
+Date: Sun Dec 4 22:27:25 2016 +0000
upstream commit
- Reduce the syslog level of some relatively common protocol
- events from LOG_CRIT by replacing fatal() calls with logdie(). Part of
- bz#2585, ok djm@
+ Unlink PidFile on SIGHUP and always recreate it when the
+ new sshd starts. Regression tests (and possibly other things) depend on the
+ pidfile being recreated after SIGHUP, and unlinking it means it won't contain
+ a stale pid if sshd fails to restart. ok djm@ markus@
- Upstream-ID: 9005805227c94edf6ac02a160f0e199638d288e5
-
-commit bd5f2b78b69cf38d6049a0de445a79c8595e4a1f
-Author: Damien Miller <djm at mindrot.org>
-Date: Fri Jul 15 19:14:48 2016 +1000
+ Upstream-ID: 132dd6dda0c77dd49d2f15b2573b5794f6160870
- missing openssl/dh.h
-
-commit 4a984fd342effe5f0aad874a0d538c4322d973c0
-Author: Damien Miller <djm at mindrot.org>
-Date: Fri Jul 15 18:47:07 2016 +1000
-
- cast to avoid type warning in error message
-
-commit 5abfb15ced985c340359ae7fb65a625ed3692b3e
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Fri Jul 15 14:48:30 2016 +1000
+commit 85aa2efeba51a96bf6834f9accf2935d96150296
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Wed Nov 30 03:01:33 2016 +0000
- Move VA_COPY macro into compat header.
+ upstream commit
- Some AIX compilers unconditionally undefine va_copy but don't set it back
- to an internal function, causing link errors. In some compat code we
- already use VA_COPY instead so move the two existing instances into the
- shared header and use for sshbuf-getput-basic.c too. Should fix building
- with at lease some versions of AIX's compiler. bz#2589, ok djm@
-
-commit 832b7443b7a8e181c95898bc5d73497b7190decd
-Author: Damien Miller <djm at mindrot.org>
-Date: Fri Jul 15 14:45:34 2016 +1000
-
- disable ciphers not supported by OpenSSL
+ test new behaviour of cert force-command restriction vs.
+ authorized_key/ principals
- bz#2466 ok dtucker@
+ Upstream-Regress-ID: 399efa7469d40c404c0b0a295064ce75d495387c
-commit 5fbe93fc6fbb2fe211e035703dec759d095e3dd8
-Author: Damien Miller <djm at mindrot.org>
-Date: Fri Jul 15 13:54:31 2016 +1000
+commit 5d333131cd8519d022389cfd3236280818dae1bc
+Author: jmc at openbsd.org <jmc at openbsd.org>
+Date: Wed Nov 30 06:54:26 2016 +0000
- add a --disable-pkcs11 knob
+ upstream commit
+
+ tweak previous; while here fix up FILES and AUTHORS;
+
+ Upstream-ID: 93f6e54086145a75df8d8ec7d8689bdadbbac8fa
-commit 679ce88ec2a8e2fe6515261c489e8c1449bb9da9
-Author: Damien Miller <djm at mindrot.org>
-Date: Fri Jul 15 13:44:38 2016 +1000
+commit 786d5994da79151180cb14a6cf157ebbba61c0cc
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Wed Nov 30 03:07:37 2016 +0000
- fix newline escaping for unsupported_algorithms
+ upstream commit
- The hmac-ripemd160 was incorrect and could lead to broken
- Makefiles on systems that lacked support for it, but I made
- all the others consistent too.
+ add a whitelist of paths from which ssh-agent will load
+ (via ssh-pkcs11-helper) a PKCS#11 module; ok markus@
+
+ Upstream-ID: fe79769469d9cd6d26fe0dc15751b83ef2a06e8f
-commit ed877ef653847d056bb433975d731b7a1132a979
+commit 7844f357cdd90530eec81340847783f1f1da010b
Author: djm at openbsd.org <djm at openbsd.org>
-Date: Fri Jul 15 00:24:30 2016 +0000
+Date: Wed Nov 30 03:00:05 2016 +0000
upstream commit
- Add a ProxyJump ssh_config(5) option and corresponding -J
- ssh(1) command-line flag to allow simplified indirection through a SSH
- bastion or "jump host".
-
- These options construct a proxy command that connects to the
- specified jump host(s) (more than one may be specified) and uses
- port-forwarding to establish a connection to the next destination.
-
- This codifies the safest way of indirecting connections through SSH
- servers and makes it easy to use.
+ Add a sshd_config DisableForwaring option that disables
+ X11, agent, TCP, tunnel and Unix domain socket forwarding, as well as
+ anything else we might implement in the future.
- ok markus@
+ This, like the 'restrict' authorized_keys flag, is intended to be a
+ simple and future-proof way of restricting an account. Suggested as
+ a complement to 'restrict' by Jann Horn; ok markus@
- Upstream-ID: fa899cb8b26d889da8f142eb9774c1ea36b04397
+ Upstream-ID: 203803f66e533a474086b38a59ceb4cf2410fcf7
-commit 5c02dd126206a26785379e80f2d3848e4470b711
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Fri Jul 15 12:56:39 2016 +1000
+commit fd6dcef2030d23c43f986d26979f84619c10589d
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Wed Nov 30 02:57:40 2016 +0000
- Map umac_ctx struct name too.
+ upstream commit
- Prevents size mismatch linker warnings on Solaris 11.
-
-commit 283b97ff33ea2c641161950849931bd578de6946
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Fri Jul 15 13:49:44 2016 +1000
-
- Mitigate timing of disallowed users PAM logins.
+ When a forced-command appears in both a certificate and
+ an authorized keys/principals command= restriction, refuse to accept the
+ certificate unless they are identical.
- When sshd decides to not allow a login (eg PermitRootLogin=no) and
- it's using PAM, it sends a fake password to PAM so that the timing for
- the failure is not noticeably different whether or not the password
- is correct. This behaviour can be detected by sending a very long
- password string which is slower to hash than the fake password.
+ The previous (documented) behaviour of having the certificate forced-
+ command override the other could be a bit confused and more error-prone.
- Mitigate by constructing an invalid password that is the same length
- as the one from the client and thus takes the same time to hash.
- Diff from djm@
+ Pointed out by Jann Horn of Project Zero; ok dtucker@
+
+ Upstream-ID: 79d811b6eb6bbe1221bf146dde6928f92d2cd05f
-commit 9286875a73b2de7736b5e50692739d314cd8d9dc
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Fri Jul 15 13:32:45 2016 +1000
+commit 7fc4766ac78abae81ee75b22b7550720bfa28a33
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Wed Nov 30 00:28:31 2016 +0000
- Determine appropriate salt for invalid users.
+ upstream commit
- When sshd is processing a non-PAM login for a non-existent user it uses
- the string from the fakepw structure as the salt for crypt(3)ing the
- password supplied by the client. That string has a Blowfish prefix, so on
- systems that don't understand that crypt will fail fast due to an invalid
- salt, and even on those that do it may have significantly different timing
- from the hash methods used for real accounts (eg sha512). This allows
- user enumeration by, eg, sending large password strings. This was noted
- by EddieEzra.Harari at verint.com (CVE-2016-6210).
+ On startup, check to see if sshd is already daemonized
+ and if so, skip the call to daemon() and do not rewrite the PidFile. This
+ means that when sshd re-execs itself on SIGHUP the process ID will no longer
+ change. Should address bz#2641. ok djm@ markus at .
- To mitigate, use the same hash algorithm that root uses for hashing
- passwords for users that do not exist on the system. ok djm@
+ Upstream-ID: 5ea0355580056fb3b25c1fd6364307d9638a37b9
-commit a162dd5e58ca5b224d7500abe35e1ef32b5de071
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Thu Jul 14 21:19:59 2016 +1000
-
- OpenSSL 1.1.x not currently supported.
-
-commit 7df91b01fc558a33941c5c5f31abbcdc53a729fb
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Thu Jul 14 12:25:24 2016 +1000
+commit c9f880c195c65f1dddcbc4ce9d6bfea7747debcc
+Author: Damien Miller <djm at mindrot.org>
+Date: Wed Nov 30 13:51:49 2016 +1100
- Check for VIS_ALL.
+ factor out common PRNG reseed before privdrop
- If we don't have it, set BROKEN_STRNVIS to activate the compat replacement.
+ Add a call to RAND_poll() to ensure than more than pid+time gets
+ stirred into child processes states. Prompted by analysis from Jann
+ Horn at Project Zero. ok dtucker@
-commit ee67716f61f1042d5e67f91c23707cca5dcdd7d0
+commit 79e4829ec81dead1b30999e1626eca589319a47f
Author: dtucker at openbsd.org <dtucker at openbsd.org>
-Date: Thu Jul 14 01:24:21 2016 +0000
+Date: Fri Nov 25 03:02:01 2016 +0000
upstream commit
- Correct equal in test.
+ Allow PuTTY interop tests to run unattended. bz#2639,
+ patch from cjwatson at debian.org.
- Upstream-Regress-ID: 4e32f7a5c57a619c4e8766cb193be2a1327ec37a
+ Upstream-Regress-ID: 4345253558ac23b2082aebabccd48377433b6fe0
-commit 372807c2065c8572fdc6478b25cc5ac363743073
-Author: tb at openbsd.org <tb at openbsd.org>
-Date: Mon Jul 11 21:38:13 2016 +0000
+commit 504c3a9a1bf090f6b27260fc3e8ea7d984d163dc
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Fri Nov 25 02:56:49 2016 +0000
upstream commit
- Add missing "recvfd" pledge promise: Raf Czlonka reported
- ssh coredumps when Control* keywords were set in ssh_config. This patch also
- fixes similar problems with scp and sftp.
-
- ok deraadt, looks good to millert
+ Reverse args to sshd-log-wrapper. Matches change in
+ portable, where it allows sshd do be optionally run under Valgrind.
- Upstream-ID: ca2099eade1ef3e87a79614fefa26a0297ad8a3b
+ Upstream-Regress-ID: b438d1c6726dc5caa2a45153e6103a0393faa906
-commit e0453f3df64bf485c61c7eb6bd12893eee9fe2cd
-Author: tedu at openbsd.org <tedu at openbsd.org>
-Date: Mon Jul 11 03:19:44 2016 +0000
+commit bd13017736ec2f8f9ca498fe109fb0035f322733
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Fri Nov 25 02:49:18 2016 +0000
upstream commit
- obsolete note about fascistloggin is obsolete. ok djm
- dtucker
+ Fix typo in trace message; from portable.
- Upstream-ID: dae60df23b2bb0e89f42661ddd96a7b0d1b7215a
+ Upstream-Regress-ID: 4c4a2ba0d37faf5fd230a91b4c7edb5699fbd73a
-commit a2333584170a565adf4f209586772ef8053b10b8
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Thu Jul 14 10:59:09 2016 +1000
+commit 7da751d8b007c7f3e814fd5737c2351440d78b4c
+Author: tb at openbsd.org <tb at openbsd.org>
+Date: Tue Nov 1 13:43:27 2016 +0000
- Add compat code for missing wcwidth.
+ upstream commit
- If we don't have wcwidth force fallback implementations of nl_langinfo
- and mbtowc. Based on advice from Ingo Schwarze.
-
-commit 8aaec7050614494014c47510b7e94daf6e644c62
-Author: Damien Miller <djm at mindrot.org>
-Date: Thu Jul 14 09:48:48 2016 +1000
-
- fix missing include for systems with err.h
-
-commit 6310ef27a2567cda66d6cf0c1ad290ee1167f243
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Wed Jul 13 14:42:35 2016 +1000
-
- Move err.h replacements into compat lib.
+ Clean up MALLOC_OPTIONS. For the unittests, move
+ MALLOC_OPTIONS and TEST_ENV to unittets/Makefile.inc.
- Move implementations of err.h replacement functions into their own file
- in the libopenbsd-compat so we can use them in kexfuzz.c too. ok djm@
-
-commit f3f2cc8386868f51440c45210098f65f9787449a
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Mon Jul 11 17:23:38 2016 +1000
-
- Check for wchar.h and langinfo.h
+ ok otto
- Wrap includes in the appropriate #ifdefs.
+ Upstream-Regress-ID: 890d497e0a38eeddfebb11cc429098d76cf29f12
-commit b9c50614eba9d90939b2b119b6e1b7e03b462278
-Author: Damien Miller <djm at mindrot.org>
-Date: Fri Jul 8 13:59:13 2016 +1000
+commit 36f58e68221bced35e06d1cca8d97c48807a8b71
+Author: tb at openbsd.org <tb at openbsd.org>
+Date: Mon Oct 31 23:45:08 2016 +0000
- whitelist more architectures for seccomp-bpf
+ upstream commit
- bz#2590 - testing and patch from Jakub Jelen
+ Remove the obsolete A and P flags from MALLOC_OPTIONS.
+
+ ok dtucker
+
+ Upstream-Regress-ID: 6cc25024c8174a87e5734a0dc830194be216dd59
-commit 18813a32b6fd964037e0f5e1893cb4468ac6a758
-Author: guenther at openbsd.org <guenther at openbsd.org>
-Date: Mon Jul 4 18:01:44 2016 +0000
+commit b0899ee26a6630883c0f2350098b6a35e647f512
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Tue Nov 29 03:54:50 2016 +0000
upstream commit
- DEBUGLIBS has been broken since the gcc4 switch, so delete
- it. CFLAGS contains -g by default anyway
-
- problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com)
- ok millert@ kettenis@ deraadt@
+ Factor out code to disconnect from controlling terminal
+ into its own function. ok djm@
- Upstream-Regress-ID: 4a0bb72f95c63f2ae9daa8a040ac23914bddb542
+ Upstream-ID: 39fd9e8ebd7222615a837312face5cc7ae962885
-commit 6d31193d0baa3da339c196ac49625b7ba1c2ecc7
+commit 54d022026aae4f53fa74cc636e4a032d9689b64d
Author: djm at openbsd.org <djm at openbsd.org>
-Date: Fri Jul 8 03:44:42 2016 +0000
+Date: Fri Nov 25 23:24:45 2016 +0000
upstream commit
- Improve crypto ordering for Encrypt-then-MAC (EtM) mode
- MAC algorithms.
-
- Previously we were computing the MAC, decrypting the packet and then
- checking the MAC. This gave rise to the possibility of creating a
- side-channel oracle in the decryption step, though no such oracle has
- been identified.
-
- This adds a mac_check() function that computes and checks the MAC in
- one pass, and uses it to advance MAC checking for EtM algorithms to
- before payload decryption.
+ use sshbuf_allocate() to pre-allocate the buffer used for
+ loading keys. This avoids implicit realloc inside the buffer code, which
+ might theoretically leave fragments of the key on the heap. This doesn't
+ appear to happen in practice for normal sized keys, but was observed for
+ novelty oversize ones.
- Reported by Jean Paul Degabriele, Kenny Paterson, Torben Hansen and
- Martin Albrecht. feedback and ok markus@
+ Pointed out by Jann Horn of Project Zero; ok markus@
- Upstream-ID: 1999bb67cab47dda5b10b80d8155fe83d4a1867b
+ Upstream-ID: d620e1d46a29fdea56aeadeda120879eddc60ab1
-commit 71f5598f06941f645a451948c4a5125c83828e1c
-Author: guenther at openbsd.org <guenther at openbsd.org>
-Date: Mon Jul 4 18:01:44 2016 +0000
+commit a9c746088787549bb5b1ae3add7d06a1b6d93d5e
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Nov 25 23:22:04 2016 +0000
upstream commit
- DEBUGLIBS has been broken since the gcc4 switch, so
- delete it. CFLAGS contains -g by default anyway
-
- problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com)
- ok millert@ kettenis@ deraadt@
+ split allocation out of sshbuf_reserve() into a separate
+ sshbuf_allocate() function; ok markus@
- Upstream-ID: 96c5054e3e1f170c6276902d5bc65bb3b87a2603
+ Upstream-ID: 11b8a2795afeeb1418d508a2c8095b3355577ec2
-commit e683fc6f1c8c7295648dbda679df8307786ec1ce
-Author: dtucker at openbsd.org <dtucker at openbsd.org>
-Date: Thu Jun 30 05:17:05 2016 +0000
+commit f0ddedee460486fa0e32fefb2950548009e5026e
+Author: markus at openbsd.org <markus at openbsd.org>
+Date: Wed Nov 23 23:14:15 2016 +0000
upstream commit
- Explicitly check for 100% completion to avoid potential
- floating point rounding error, which could cause progressmeter to report 99%
- on completion. While there invert the test so the 100% case is clearer. with
- & ok djm@
+ allow ClientAlive{Interval,CountMax} in Match; ok dtucker,
+ djm
- Upstream-ID: a166870c5878e422f3c71ff802e2ccd7032f715d
+ Upstream-ID: 8beb4c1eadd588f1080b58932281983864979f55
-commit 772e6cec0ed740fc7db618dc30b4134f5a358b43
-Author: jmc at openbsd.org <jmc at openbsd.org>
-Date: Wed Jun 29 17:14:28 2016 +0000
+commit 1a6f9d2e2493d445cd9ee496e6e3c2a2f283f66a
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Tue Nov 8 22:04:34 2016 +0000
upstream commit
- sort the -o list;
+ unbreak DenyUsers; reported by henning@
- Upstream-ID: 1a97465ede8790b4d47cb618269978e07f41f8ac
+ Upstream-ID: 1c67d4148f5e953c35acdb62e7c08ae8e33f7cb2
-commit 46ecd19e554ccca15a7309cd1b6b44bc8e6b84af
+commit 010359b32659f455fddd2bd85fd7cc4d7a3b994a
Author: djm at openbsd.org <djm at openbsd.org>
-Date: Thu Jun 23 05:17:51 2016 +0000
+Date: Sun Nov 6 05:46:37 2016 +0000
upstream commit
- fix AuthenticationMethods during configuration re-parse;
- reported by Juan Francisco Cantero Hurtado
+ Validate address ranges for AllowUser/DenyUsers at
+ configuration load time and refuse to accept bad ones. It was previously
+ possible to specify invalid CIDR address ranges (e.g. djm at 127.1.2.3/55) and
+ these would always match.
- Upstream-ID: 8ffa1dac25c7577eca8238e825317ab20848f9b4
+ Thanks to Laurence Parry for a detailed bug report. ok markus (for
+ a previous diff version)
+
+ Upstream-ID: 9dfcdd9672b06e65233ea4434c38226680d40bfb
-commit 3147e7595d0f2f842a666c844ac53e6c7a253d7e
+commit efb494e81d1317209256b38b49f4280897c61e69
Author: djm at openbsd.org <djm at openbsd.org>
-Date: Sun Jun 19 07:48:02 2016 +0000
+Date: Fri Oct 28 03:33:52 2016 +0000
upstream commit
- revert 1.34; causes problems loading public keys
+ Improve pkcs11_add_provider() logging: demote some
+ excessively verbose error()s to debug()s, include PKCS#11 provider name and
+ slot in log messages where possible. bz#2610, based on patch from Jakub Jelen
- reported by semarie@
+ Upstream-ID: 3223ef693cfcbff9079edfc7e89f55bf63e1973d
+
+commit 5ee3fb5affd7646f141749483205ade5fc54adaf
+Author: Darren Tucker <dtucker at zip.com.au>
+Date: Tue Nov 1 08:12:33 2016 +1100
+
+ Use ptrace(PT_DENY_ATTACH, ..) on OS X.
+
+commit 315d2a4e674d0b7115574645cb51f968420ebb34
+Author: Damien Miller <djm at mindrot.org>
+Date: Fri Oct 28 14:34:07 2016 +1100
+
+ Unbreak AES-CTR ciphers on old (~0.9.8) OpenSSL
- Upstream-ID: b393794f8935c8b15d98a407fe7721c62d2ed179
+ ok dtucker@
-commit ad23a75509f4320d43f628c50f0817e3ad12bfa7
-Author: jmc at openbsd.org <jmc at openbsd.org>
-Date: Fri Jun 17 06:33:30 2016 +0000
+commit a9ff3950b8e80ff971b4d44bbce96df27aed28af
+Author: Darren Tucker <dtucker at zip.com.au>
+Date: Fri Oct 28 14:26:58 2016 +1100
- upstream commit
+ Move OPENSSL_NO_RIPEMD160 to compat.
- grammar fix;
+ Move OPENSSL_NO_RIPEMD160 to compat and add ifdefs to mac.c around the
+ ripemd160 MACs.
+
+commit bce58885160e5db2adda3054c3b81fe770f7285a
+Author: Darren Tucker <dtucker at zip.com.au>
+Date: Fri Oct 28 13:52:31 2016 +1100
+
+ Check if RIPEMD160 is disabled in OpenSSL.
+
+commit d924640d4c355d1b5eca1f4cc60146a9975dbbff
+Author: Darren Tucker <dtucker at zip.com.au>
+Date: Fri Oct 28 13:38:19 2016 +1100
+
+ Skip ssh1 specfic ciphers.
- Upstream-ID: 5d5b21c80f1e81db367333ce0bb3e5874fb3e463
+ cipher-3des1.c and cipher-bf1.c are specific to sshv1 so don't even try
+ to compile them when Protocol 1 is not enabled.
-commit 5e28b1a2a3757548b40018cc2493540a17c82e27
-Author: djm at openbsd.org <djm at openbsd.org>
-Date: Fri Jun 17 05:06:23 2016 +0000
+commit 79d078e7a49caef746516d9710ec369ba45feab6
+Author: jsg at openbsd.org <jsg at openbsd.org>
+Date: Tue Oct 25 04:08:13 2016 +0000
upstream commit
- translate OpenSSL error codes to something more
- meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@
+ Fix logic in add_local_forward() that inverted a test
+ when code was refactored out into bind_permitted(). This broke ssh port
+ forwarding for non-priv ports as a non root user.
- Upstream-ID: 4cb0795a366381724314e6515d57790c5930ffe5
+ ok dtucker@ 'looks good' deraadt@
+
+ Upstream-ID: ddb8156ca03cc99997de284ce7777536ff9570c9
-commit b64faeb5eda7eff8210c754d00464f9fe9d23de5
-Author: djm at openbsd.org <djm at openbsd.org>
-Date: Fri Jun 17 05:03:40 2016 +0000
+commit a903e315dee483e555c8a3a02c2946937f9b4e5d
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Mon Oct 24 01:09:17 2016 +0000
upstream commit
- ban AuthenticationMethods="" and accept
- AuthenticationMethods=any for the default behaviour of not requiring multiple
- authentication
+ Remove dead breaks, found via opencoverage.net. ok
+ deraadt@
- bz#2398 from Jakub Jelen; ok dtucker@
+ Upstream-ID: ad9cc655829d67fad219762810770787ba913069
+
+commit b4e96b4c9bea4182846e4942ba2048e6d708ee54
+Author: Darren Tucker <dtucker at zip.com.au>
+Date: Wed Oct 26 08:43:25 2016 +1100
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-all
mailing list