Date: Thu, 10 Mar 2016 20:12:10 +0000 (UTC) From: =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= <des@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r296621 - in vendor-crypto/openssh/dist: . contrib/redhat contrib/suse Message-ID: <201603102012.u2AKCArw091390@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: des Date: Thu Mar 10 20:12:09 2016 New Revision: 296621 URL: https://svnweb.freebsd.org/changeset/base/296621 Log: Vendor import of OpenSSH 7.2p2. Modified: vendor-crypto/openssh/dist/ChangeLog vendor-crypto/openssh/dist/README vendor-crypto/openssh/dist/contrib/redhat/openssh.spec vendor-crypto/openssh/dist/contrib/suse/openssh.spec vendor-crypto/openssh/dist/session.c vendor-crypto/openssh/dist/version.h Modified: vendor-crypto/openssh/dist/ChangeLog ============================================================================== --- vendor-crypto/openssh/dist/ChangeLog Thu Mar 10 20:11:26 2016 (r296620) +++ vendor-crypto/openssh/dist/ChangeLog Thu Mar 10 20:12:09 2016 (r296621) @@ -1,3 +1,17 @@ +commit 5c35450a0c901d9375fb23343a8dc82397da5f75 +Author: Damien Miller <djm@mindrot.org> +Date: Thu Mar 10 05:04:48 2016 +1100 + + update versions for release + +commit 9d47b8d3f50c3a6282896df8274147e3b9a38c56 +Author: Damien Miller <djm@mindrot.org> +Date: Thu Mar 10 05:03:39 2016 +1100 + + sanitise characters destined for xauth(1) + + reported by github.com/tintinweb + commit 72b061d4ba0f909501c595d709ea76e06b01e5c9 Author: Darren Tucker <dtucker@zip.com.au> Date: Fri Feb 26 14:40:04 2016 +1100 @@ -8889,19 +8903,3 @@ Author: Damien Miller <djm@mindrot.org> Date: Thu Mar 13 13:14:21 2014 +1100 - (djm) Release OpenSSH 6.6 - -commit 8569eba5d7f7348ce3955eeeb399f66f25c52ece -Author: Damien Miller <djm@mindrot.org> -Date: Tue Mar 4 09:35:17 2014 +1100 - - - djm@cvs.openbsd.org 2014/03/03 22:22:30 - [session.c] - ignore enviornment variables with embedded '=' or '\0' characters; - spotted by Jann Horn; ok deraadt@ - -commit 2476c31b96e89aec7d4e73cb6fbfb9a4290de3a7 -Author: Damien Miller <djm@mindrot.org> -Date: Sun Mar 2 04:01:00 2014 +1100 - - - (djm) [regress/Makefile] Disable dhgex regress test; it breaks when - no moduli file exists at the expected location. Modified: vendor-crypto/openssh/dist/README ============================================================================== --- vendor-crypto/openssh/dist/README Thu Mar 10 20:11:26 2016 (r296620) +++ vendor-crypto/openssh/dist/README Thu Mar 10 20:12:09 2016 (r296621) @@ -1,4 +1,4 @@ -See http://www.openssh.com/txt/release-7.2p1 for the release notes. +See http://www.openssh.com/txt/release-7.2p2 for the release notes. Please read http://www.openssh.com/report.html for bug reporting instructions and note that we do not use Github for bug reporting or Modified: vendor-crypto/openssh/dist/contrib/redhat/openssh.spec ============================================================================== --- vendor-crypto/openssh/dist/contrib/redhat/openssh.spec Thu Mar 10 20:11:26 2016 (r296620) +++ vendor-crypto/openssh/dist/contrib/redhat/openssh.spec Thu Mar 10 20:12:09 2016 (r296621) @@ -1,4 +1,4 @@ -%define ver 7.2p1 +%define ver 7.2p2 %define rel 1 # OpenSSH privilege separation requires a user & group ID Modified: vendor-crypto/openssh/dist/contrib/suse/openssh.spec ============================================================================== --- vendor-crypto/openssh/dist/contrib/suse/openssh.spec Thu Mar 10 20:11:26 2016 (r296620) +++ vendor-crypto/openssh/dist/contrib/suse/openssh.spec Thu Mar 10 20:12:09 2016 (r296621) @@ -13,7 +13,7 @@ Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation Name: openssh -Version: 7.2p1 +Version: 7.2p2 URL: http://www.openssh.com/ Release: 1 Source0: openssh-%{version}.tar.gz Modified: vendor-crypto/openssh/dist/session.c ============================================================================== --- vendor-crypto/openssh/dist/session.c Thu Mar 10 20:11:26 2016 (r296620) +++ vendor-crypto/openssh/dist/session.c Thu Mar 10 20:12:09 2016 (r296621) @@ -46,6 +46,7 @@ #include <arpa/inet.h> +#include <ctype.h> #include <errno.h> #include <fcntl.h> #include <grp.h> @@ -274,6 +275,21 @@ do_authenticated(Authctxt *authctxt) do_cleanup(authctxt); } +/* Check untrusted xauth strings for metacharacters */ +static int +xauth_valid_string(const char *s) +{ + size_t i; + + for (i = 0; s[i] != '\0'; i++) { + if (!isalnum((u_char)s[i]) && + s[i] != '.' && s[i] != ':' && s[i] != '/' && + s[i] != '-' && s[i] != '_') + return 0; + } + return 1; +} + /* * Prepares for an interactive session. This is called after the user has * been successfully authenticated. During this message exchange, pseudo @@ -347,7 +363,13 @@ do_authenticated1(Authctxt *authctxt) s->screen = 0; } packet_check_eom(); - success = session_setup_x11fwd(s); + if (xauth_valid_string(s->auth_proto) && + xauth_valid_string(s->auth_data)) + success = session_setup_x11fwd(s); + else { + success = 0; + error("Invalid X11 forwarding data"); + } if (!success) { free(s->auth_proto); free(s->auth_data); @@ -2178,7 +2200,13 @@ session_x11_req(Session *s) s->screen = packet_get_int(); packet_check_eom(); - success = session_setup_x11fwd(s); + if (xauth_valid_string(s->auth_proto) && + xauth_valid_string(s->auth_data)) + success = session_setup_x11fwd(s); + else { + success = 0; + error("Invalid X11 forwarding data"); + } if (!success) { free(s->auth_proto); free(s->auth_data); Modified: vendor-crypto/openssh/dist/version.h ============================================================================== --- vendor-crypto/openssh/dist/version.h Thu Mar 10 20:11:26 2016 (r296620) +++ vendor-crypto/openssh/dist/version.h Thu Mar 10 20:12:09 2016 (r296621) @@ -2,5 +2,5 @@ #define SSH_VERSION "OpenSSH_7.2" -#define SSH_PORTABLE "p1" +#define SSH_PORTABLE "p2" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201603102012.u2AKCArw091390>