Darren Tucker [Fri, 3 Feb 2017 03:10:34 +0000 (14:10 +1100)]
Remove _XOPEN_SOURCE from wide char detection.
Having _XOPEN_SOURCE unconditionally causes problems on some platforms
and configurations, notably Solaris 64-bit binaries. It was there for
the benefit of Linux put the required bits in the *-*linux* section.
Damien Miller [Mon, 12 Dec 2016 02:57:10 +0000 (13:57 +1100)]
Force Turkish locales back to C/POSIX; bz#2643
Turkish locales are unique in their handling of the letters 'i' and
'I' (yes, they are different letters) and OpenSSH isn't remotely
prepared to deal with that. For now, the best we can do is to force
OpenSSH to use the C/POSIX locale and try to preserve the UTF-8
encoding if possible.
djm@openbsd.org [Tue, 6 Dec 2016 07:48:01 +0000 (07:48 +0000)]
upstream commit
make IdentityFile successfully load and use certificates that
have no corresponding bare public key. E.g. just a private id_rsa and
certificate id_rsa-cert.pub (and no id_rsa.pub).
djm@openbsd.org [Sun, 4 Dec 2016 23:54:02 +0000 (23:54 +0000)]
upstream commit
Fix public key authentication when multiple
authentication is in use. Instead of deleting and re-preparing the entire
keys list, just reset the 'used' flags; the keys list is already in a good
order (with already- tried keys at the back)
Analysis and patch from Vincent Brillault on bz#2642; ok dtucker@
Unlink PidFile on SIGHUP and always recreate it when the
new sshd starts. Regression tests (and possibly other things) depend on the
pidfile being recreated after SIGHUP, and unlinking it means it won't contain
a stale pid if sshd fails to restart. ok djm@ markus@
djm@openbsd.org [Wed, 30 Nov 2016 03:00:05 +0000 (03:00 +0000)]
upstream commit
Add a sshd_config DisableForwaring option that disables
X11, agent, TCP, tunnel and Unix domain socket forwarding, as well as
anything else we might implement in the future.
This, like the 'restrict' authorized_keys flag, is intended to be a
simple and future-proof way of restricting an account. Suggested as
a complement to 'restrict' by Jann Horn; ok markus@
djm@openbsd.org [Wed, 30 Nov 2016 02:57:40 +0000 (02:57 +0000)]
upstream commit
When a forced-command appears in both a certificate and
an authorized keys/principals command= restriction, refuse to accept the
certificate unless they are identical.
The previous (documented) behaviour of having the certificate forced-
command override the other could be a bit confused and more error-prone.
Pointed out by Jann Horn of Project Zero; ok dtucker@
On startup, check to see if sshd is already daemonized
and if so, skip the call to daemon() and do not rewrite the PidFile. This
means that when sshd re-execs itself on SIGHUP the process ID will no longer
change. Should address bz#2641. ok djm@ markus@.
Damien Miller [Wed, 30 Nov 2016 02:51:49 +0000 (13:51 +1100)]
factor out common PRNG reseed before privdrop
Add a call to RAND_poll() to ensure than more than pid+time gets
stirred into child processes states. Prompted by analysis from Jann
Horn at Project Zero. ok dtucker@
djm@openbsd.org [Fri, 25 Nov 2016 23:24:45 +0000 (23:24 +0000)]
upstream commit
use sshbuf_allocate() to pre-allocate the buffer used for
loading keys. This avoids implicit realloc inside the buffer code, which
might theoretically leave fragments of the key on the heap. This doesn't
appear to happen in practice for normal sized keys, but was observed for
novelty oversize ones.
Pointed out by Jann Horn of Project Zero; ok markus@
djm@openbsd.org [Sun, 6 Nov 2016 05:46:37 +0000 (05:46 +0000)]
upstream commit
Validate address ranges for AllowUser/DenyUsers at
configuration load time and refuse to accept bad ones. It was previously
possible to specify invalid CIDR address ranges (e.g. djm@127.1.2.3/55) and
these would always match.
Thanks to Laurence Parry for a detailed bug report. ok markus (for
a previous diff version)
djm@openbsd.org [Fri, 28 Oct 2016 03:33:52 +0000 (03:33 +0000)]
upstream commit
Improve pkcs11_add_provider() logging: demote some
excessively verbose error()s to debug()s, include PKCS#11 provider name and
slot in log messages where possible. bz#2610, based on patch from Jakub Jelen
jsg@openbsd.org [Tue, 25 Oct 2016 04:08:13 +0000 (04:08 +0000)]
upstream commit
Fix logic in add_local_forward() that inverted a test
when code was refactored out into bind_permitted(). This broke ssh port
forwarding for non-priv ports as a non root user.
Darren Tucker [Tue, 25 Oct 2016 21:43:25 +0000 (08:43 +1100)]
Use !=NULL instead of >0 for getdefaultproj.
getdefaultproj() returns a pointer so test it for NULL inequality
instead of >0. Fixes compiler warning and is more correct. Patch from
David Binderman.
Factor out "can bind to low ports" check into its own function. This will
make it easier for Portable to support platforms with permissions models
other than uid==0 (eg bz#2625). ok djm@, "doesn't offend me too much"
deraadt@.
Darren Tucker [Thu, 20 Oct 2016 18:22:55 +0000 (05:22 +1100)]
Update links.
Make links to openssh.com HTTPS now that it's supported, point release
notes link to the HTML release notes page, and update a couple of other
links and bits of text.
Install a signal handler for tty-generated signals and
wait for the ssh child to suspend before suspending sftp. This lets ssh
restore the terminal mode as needed when it is suspended at the password
prompt. OK dtucker@
Darren Tucker [Tue, 18 Oct 2016 16:26:09 +0000 (03:26 +1100)]
Import readpassphrase.c rev 1.26.
Author: miller@openbsd.org:
Avoid generate SIGTTOU when restoring the terminal mode. If we get
SIGTTOU it means the process is not in the foreground process group
which, in most cases, means that the shell has taken control of the tty.
Requiring the user the fg the process in this case doesn't make sense
and can result in both SIGTSTP and SIGTTOU being sent which can lead to
the process being suspended again immediately after being brought into
the foreground.
djm@openbsd.org [Tue, 11 Oct 2016 21:49:54 +0000 (21:49 +0000)]
upstream commit
fix the KEX fuzzer - the previous method of obtaining the
packet contents was broken. This now uses the new per-packet input hook, so
it sees exact post-decrypt packets and doesn't have to pass packet integrity
checks. ok markus@
Unregister the KEXINIT handler after message has been
received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause
allocation of up to 128MB -- until the connection is closed. Reported by
shilei-c at 360.cn
Darren Tucker [Wed, 12 Oct 2016 17:04:44 +0000 (04:04 +1100)]
Import rev 1.23 from OpenBSD. Fixes bz#2619.
revision 1.23
date: 2010/05/14 13:30:34; author: millert; state: Exp; lines: +41 -39;
Defer installing signal handlers until echo is disabled so that we
get suspended normally when not the foreground process. Fix potential
infinite loop when restoring terminal settings if process is in the
background when restore occurs. OK miod@
Add a makefile rule to create the ssh library when
regress needs it. This allows to run the ssh regression tests without doing
a "make build" before. Discussed with dtucker@ and djm@; OK djm@
Allow to run ssh regression tests as root. If the user
is already root, the test should not expect that SUDO is set. If ssh needs
another user, use sudo or doas to switch from root if necessary. OK dtucker@
ssh proxy mux mode (-O proxy; idea from Simon Tatham): - mux
client speaks the ssh-packet protocol directly over unix-domain socket. - mux
server acts as a proxy, translates channel IDs and relays to the server. - no
filedescriptor passing necessary. - combined with unix-domain forwarding it's
even possible to run mux client and server on different machines. feedback
& ok djm@
Remove support for pre-authentication compression. Doing
compression early in the protocol probably seemed reasonable in the 1990s,
but today it's clearly a bad idea in terms of both cryptography (cf. multiple
compression oracle attacks in TLS) and attack surface.
Moreover, to support it across privilege-separation zlib needed
the assistance of a complex shared-memory manager that made the
required attack surface considerably larger.
Prompted by Guido Vranken pointing out a compiler-elided security
check in the shared memory manager found by Stack
(http://css.csail.mit.edu/stack/); ok deraadt@ markus@
NB. pre-auth authentication has been disabled by default in sshd
for >10 years.
Avoid a theoretical signed integer overflow should
BN_num_bytes() ever violate its manpage and return a negative value. Improve
order of tests to avoid confusing increasingly pedantic compilers.
Reported by Guido Vranken from stack (css.csail.mit.edu/stack)
unstable optimisation analyser output. ok deraadt@
support plain curve25519-sha256 KEX algorithm now that it
is approaching standardisation (same algorithm is currently supported as
curve25519-sha256@libssh.org)
If ssh receives a PACKET_DISCONNECT during userauth it
will cause ssh_dispatch_run(DISPATCH_BLOCK, ...) to return without the
session being authenticated. Check for this and exit if necessary. ok djm@
projects / thirdparty / openssh-portable.git / log
