Damien Miller [Sun, 20 Apr 2014 03:27:53 +0000 (13:27 +1000)]
- tedu@cvs.openbsd.org 2014/04/19 14:53:48
[ssh-keysign.c sshd.c]
Delete futile calls to RAND_seed. ok djm
NB. Id sync only. This only applies to OpenBSD's libcrypto slashathon
Damien Miller [Sun, 20 Apr 2014 03:25:30 +0000 (13:25 +1000)]
- djm@cvs.openbsd.org 2014/04/18 23:52:25
[compat.c compat.h sshconnect2.c sshd.c version.h]
OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections
using the curve25519-sha256@libssh.org KEX exchange method to fail
when connecting with something that implements the spec properly.
Disable this KEX method when speaking to one of the affected
versions.
Damien Miller [Sun, 20 Apr 2014 03:25:09 +0000 (13:25 +1000)]
- djm@cvs.openbsd.org 2014/04/16 23:28:12
[ssh-agent.1]
remove the identity files from this manpage - ssh-agent doesn't deal
with them at all and the same information is duplicated in ssh-add.1
(which does deal with them); prodded by deraadt@
Damien Miller [Sun, 20 Apr 2014 03:24:49 +0000 (13:24 +1000)]
- djm@cvs.openbsd.org 2014/04/16 23:22:45
[bufaux.c]
skip leading zero bytes in buffer_put_bignum2_from_string();
reported by jan AT mojzis.com; ok markus@
Damien Miller [Sun, 20 Apr 2014 03:24:31 +0000 (13:24 +1000)]
- djm@cvs.openbsd.org 2014/04/12 04:55:53
[sshd.c]
avoid crash at exit: check that pmonitor!=NULL before dereferencing;
bz#2225, patch from kavi AT juniper.net
Damien Miller [Sun, 20 Apr 2014 03:23:43 +0000 (13:23 +1000)]
- djm@cvs.openbsd.org 2014/04/01 03:34:10
[sshconnect.c]
When using VerifyHostKeyDNS with a DNSSEC resolver, down-convert any
certificate keys to plain keys and attempt SSHFP resolution.
Prevents a server from skipping SSHFP lookup and forcing a new-hostkey
dialog by offering only certificate keys.
Damien Miller [Sun, 20 Apr 2014 03:23:03 +0000 (13:23 +1000)]
- jmc@cvs.openbsd.org 2014/03/31 13:39:34
[ssh-keygen.1]
the text for the -K option was inserted in the wrong place in -r1.108;
fix From: Matthew Clarke
Damien Miller [Sun, 20 Apr 2014 03:22:46 +0000 (13:22 +1000)]
- naddy@cvs.openbsd.org 2014/03/28 05:17:11
[ssh_config.5 sshd_config.5]
sync available and default algorithms, improve algorithm list formatting
help from jmc@ and schwarze@, ok deraadt@
This commit removes the weaker pre-SHA2 hashes, the broken ciphers
(arcfour), and the broken modes (CBC) from the default configuration
(the patch only changes the default, all the modes are still available
for the config files).
ok djm@, reminded by tedu@ & naddy@ and discussed with many
- deraadt@cvs.openbsd.org 2014/03/26 17:16:26
[myproposal.h]
The current sharing of myproposal[] between both client and server code
makes the previous diff highly unpallatable. We want to go in that
direction for the server, but not for the client. Sigh.
Brought up by naddy.
- markus@cvs.openbsd.org 2014/03/27 23:01:27
[myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
disable weak proposals in sshd, but keep them in ssh; ok djm@
Damien Miller [Sun, 20 Apr 2014 03:01:30 +0000 (13:01 +1000)]
- deraadt@cvs.openbsd.org 2014/03/15 17:28:26
[ssh-agent.c ssh-keygen.1 ssh-keygen.c]
Improve usage() and documentation towards the standard form.
In particular, this line saves a lot of man page reading time.
usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]
[-N new_passphrase] [-C comment] [-f output_keyfile]
ok schwarze jmc
Damien Miller [Sun, 20 Apr 2014 03:00:11 +0000 (13:00 +1000)]
- djm@cvs.openbsd.org 2014/03/12 04:50:32
[auth-bsdauth.c ssh-keygen.c]
don't count on things that accept arguments by reference to clear
things for us on error; most things do, but it's unsafe form.
Damien Miller [Sun, 20 Apr 2014 02:58:04 +0000 (12:58 +1000)]
- djm@cvs.openbsd.org 2014/03/03 22:22:30
[session.c]
ignore enviornment variables with embedded '=' or '\0' characters;
spotted by Jann Horn; ok deraadt@
Id sync only - portable already has this.
Damien Miller [Mon, 3 Mar 2014 22:35:17 +0000 (09:35 +1100)]
- djm@cvs.openbsd.org 2014/03/03 22:22:30
[session.c]
ignore enviornment variables with embedded '=' or '\0' characters;
spotted by Jann Horn; ok deraadt@
Damien Miller [Thu, 27 Feb 2014 23:25:16 +0000 (10:25 +1100)]
- djm@cvs.openbsd.org 2014/02/27 21:21:25
[agent-ptrace.sh agent.sh]
keep return values that are printed in error messages;
from portable
(Id sync only)
Damien Miller [Thu, 27 Feb 2014 23:24:11 +0000 (10:24 +1100)]
- djm@cvs.openbsd.org 2014/02/27 20:04:16
[login-timeout.sh]
remove any existing LoginGraceTime from sshd_config before adding
a specific one for the test back in
Damien Miller [Thu, 27 Feb 2014 23:23:26 +0000 (10:23 +1100)]
- djm@cvs.openbsd.org 2014/01/26 10:49:17
[scp-ssh-wrapper.sh scp.sh]
make sure $SCP is tested on the remote end rather than whichever one
happens to be in $PATH; from portable
(Id sync only)
Damien Miller [Thu, 27 Feb 2014 23:22:37 +0000 (10:22 +1100)]
- djm@cvs.openbsd.org 2014/01/26 10:22:10
[regress/cert-hostkey.sh]
automatically generate revoked keys from listed keys rather than
manually specifying each type; from portable
(Id sync only)
Damien Miller [Thu, 27 Feb 2014 23:19:11 +0000 (10:19 +1100)]
- dtucker@cvs.openbsd.org 2014/01/19 23:43:02
[regress/sftp-chroot.sh]
Don't use -q on sftp as it suppresses logging, instead redirect the
output to the regress logfile.
Damien Miller [Thu, 27 Feb 2014 23:01:28 +0000 (10:01 +1100)]
- djm@cvs.openbsd.org 2014/02/27 22:47:07
[sshd_config.5]
bz#2184 clarify behaviour of a keyword that appears in multiple
matching Match blocks; ok dtucker@
Damien Miller [Thu, 27 Feb 2014 23:00:27 +0000 (10:00 +1100)]
- djm@cvs.openbsd.org 2014/02/27 00:41:49
[bufbn.c]
fix unsigned overflow that could lead to reading a short ssh protocol
1 bignum value; found by Ben Hawkes; ok deraadt@
Damien Miller [Wed, 26 Feb 2014 23:17:49 +0000 (10:17 +1100)]
- djm@cvs.openbsd.org 2014/02/26 20:28:44
[auth2-gss.c gss-serv.c ssh-gss.h sshd.c]
bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsep
sandboxing, as running this code in the sandbox can cause violations;
ok markus@
Damien Miller [Mon, 24 Feb 2014 04:57:55 +0000 (15:57 +1100)]
- djm@cvs.openbsd.org 2014/02/23 20:11:36
[readconf.c readconf.h ssh.c ssh_config.5]
reparse ssh_config and ~/.ssh/config if hostname canonicalisation changes
the hostname. This allows users to write configurations that always
refer to canonical hostnames, e.g.
CanonicalizeHostname yes
CanonicalDomains int.example.org example.org
CanonicalizeFallbackLocal no
Host *.int.example.org
Compression off
Host *.example.org
User djm
Damien Miller [Mon, 24 Feb 2014 04:56:45 +0000 (15:56 +1100)]
- djm@cvs.openbsd.org 2014/02/22 01:32:19
[readconf.c]
when processing Match blocks, skip 'exec' clauses if previous predicates
failed to match; ok markus@
Damien Miller [Mon, 24 Feb 2014 04:56:07 +0000 (15:56 +1100)]
- djm@cvs.openbsd.org 2014/02/15 23:05:36
[channels.c]
avoid spurious "getsockname failed: Bad file descriptor" errors in ssh -W;
bz#2200, debian#738692 via Colin Watson; ok dtucker@
Damien Miller [Thu, 6 Feb 2014 22:24:33 +0000 (09:24 +1100)]
- djm@cvs.openbsd.org 2014/02/06 22:21:01
[sshconnect.c]
in ssh_create_socket(), only do the getaddrinfo for BindAddress when
BindAddress is actually specified. Fixes regression in 6.5 for
UsePrivilegedPort=yes; patch from Corinna Vinschen
Damien Miller [Thu, 6 Feb 2014 22:24:14 +0000 (09:24 +1100)]
- naddy@cvs.openbsd.org 2014/02/05 20:13:25
[ssh-keygen.1 ssh-keygen.c]
tweak synopsis: calling ssh-keygen without any arguments is fine; ok jmc@
while here, fix ordering in usage(); requested by jmc@
Damien Miller [Tue, 4 Feb 2014 23:33:45 +0000 (10:33 +1100)]
- (djm) [sandbox-capsicum.c] Don't fatal if Capsicum is offered by
headers/libc but not supported by the kernel. Patch from Loganaden
Velvindron @ AfriNIC
Damien Miller [Tue, 4 Feb 2014 00:26:34 +0000 (11:26 +1100)]
- djm@cvs.openbsd.org 2014/02/04 00:24:29
[ssh.c]
delay lowercasing of hostname until right before hostname
canonicalisation to unbreak case-sensitive matching of ssh_config;
reported by Ike Devolder; ok markus@
Damien Miller [Tue, 4 Feb 2014 00:26:04 +0000 (11:26 +1100)]
- djm@cvs.openbsd.org 2014/02/04 00:24:29
[ssh.c]
delay lowercasing of hostname until right before hostname
canonicalisation to unbreak case-sensitive matching of ssh_config;
reported by Ike Devolder; ok markus@
Damien Miller [Tue, 4 Feb 2014 00:13:54 +0000 (11:13 +1100)]
- djm@cvs.openbsd.org 2014/01/30 22:26:14
[sandbox-systrace.c]
allow shutdown(2) syscall in sandbox - it may be called by packet_close()
from portable
(Id sync only; change is already in portable)
Damien Miller [Tue, 4 Feb 2014 00:10:01 +0000 (11:10 +1100)]
- djm@cvs.openbsd.org 2014/01/29 00:19:26
[sshd.c]
use kill(0, ...) instead of killpg(0, ...); on most operating systems
they are equivalent, but SUSv2 describes the latter as having undefined
behaviour; from portable; ok dtucker
(Id sync only; change is already in portable)
Damien Miller [Tue, 4 Feb 2014 00:02:42 +0000 (11:02 +1100)]
- markus@cvs.openbsd.org 2014/01/27 18:58:14
[Makefile.in digest.c digest.h hostfile.c kex.h mac.c hmac.c hmac.h]
replace openssl HMAC with an implementation based on our ssh_digest_*
ok and feedback djm@
Damien Miller [Thu, 30 Jan 2014 00:26:46 +0000 (11:26 +1100)]
- (djm) [configure.ac atomicio.c] Kludge around NetBSD offering
different symbols for 'read' when various compiler flags are
in use, causing atomicio.c comparisons against it to break and
read/write operations to hang; ok dtucker
Tim Rice [Tue, 28 Jan 2014 18:26:25 +0000 (10:26 -0800)]
- (tim) [regress/agent.sh regress/agent-ptrace.sh] Assign $? to a variable
when used as an error message inside an if statement so we display the
correct into. agent.sh patch from Petr Lautrbach.
Damien Miller [Sat, 25 Jan 2014 22:39:53 +0000 (09:39 +1100)]
- (djm) [configure.ac sandbox-capsicum.c sandbox-rlimit.c] Disable
RLIMIT_NOFILE pseudo-sandbox on FreeBSD. In some configurations,
libc will attempt to open additional file descriptors for crypto
offload and crash if they cannot be opened.
Damien Miller [Sat, 25 Jan 2014 22:37:25 +0000 (09:37 +1100)]
- dtucker@cvs.openbsd.org 2014/01/25 10:12:50
[cipher.c cipher.h kex.c kex.h kexgexc.c]
Add a special case for the DH group size for 3des-cbc, which has an
effective strength much lower than the key size. This causes problems
with some cryptlib implementations, which don't support group sizes larger
than 4k but also don't use the largest group size it does support as
specified in the RFC. Based on a patch from Petr Lautrbach at Redhat,
reduced by me with input from Markus. ok djm@ markus@
Damien Miller [Sat, 25 Jan 2014 02:12:28 +0000 (13:12 +1100)]
- (djm) [configure.ac] Do not attempt to use capsicum sandbox unless
sys/capability.h exists and cap_rights_limit is in libc. Fixes
build on FreeBSD9x which provides the header but not the libc
support.
Damien Miller [Fri, 24 Jan 2014 03:27:04 +0000 (14:27 +1100)]
- (djm) [Makefile.in regress/scp-ssh-wrapper.sh regress/scp.sh] Make
the scp regress test actually test the built scp rather than the one
in $PATH. ok dtucker@
Darren Tucker [Thu, 23 Jan 2014 12:14:39 +0000 (23:14 +1100)]
- (dtucker) [configure.ac] NetBSD's (and FreeBSD's) strnvis is gratuitously
incompatible with OpenBSD's despite post-dating it by more than a decade.
Declare it as broken, and document FreeBSD's as the same. ok djm@
Damien Miller [Wed, 22 Jan 2014 10:30:12 +0000 (21:30 +1100)]
- (djm) [configure.ac aclocal.m4] More tests to detect fallout from
platform hardening options: include some long long int arithmatic
to detect missing support functions for -ftrapv in libgcc and
equivalents, actually test linking when -ftrapv is supplied and
set either both -pie/-fPIE or neither. feedback and ok dtucker@
projects / thirdparty / openssh-portable.git / log
