From owner-svn-src-all@freebsd.org Mon Mar 6 01:37:06 2017 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EF094CF77E0; Mon, 6 Mar 2017 01:37:06 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9850F1396; Mon, 6 Mar 2017 01:37:06 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v261b5gO076547; Mon, 6 Mar 2017 01:37:05 GMT (envelope-from des@FreeBSD.org) Received: (from des@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v261b55H076543; Mon, 6 Mar 2017 01:37:05 GMT (envelope-from des@FreeBSD.org) Message-Id: <201703060137.v261b55H076543@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: des set sender to des@FreeBSD.org using -f From: =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= Date: Mon, 6 Mar 2017 01:37:05 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r314720 - in head: crypto/openssh crypto/openssh/contrib crypto/openssh/contrib/redhat crypto/openssh/contrib/suse crypto/openssh/openbsd-compat crypto/openssh/openbsd-compat/regress cr... X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Mar 2017 01:37:07 -0000 Author: des Date: Mon Mar 6 01:37:05 2017 New Revision: 314720 URL: https://svnweb.freebsd.org/changeset/base/314720 Log: Upgrade to OpenSSH 7.4p1. Added: - copied unchanged from r313012, vendor-crypto/openssh/dist/openbsd-compat/strcasestr.c head/crypto/openssh/regress/allow-deny-users.sh - copied unchanged from r313012, vendor-crypto/openssh/dist/regress/allow-deny-users.sh head/crypto/openssh/regress/keygen-moduli.sh - copied unchanged from r313012, vendor-crypto/openssh/dist/regress/keygen-moduli.sh - copied unchanged from r313012, vendor-crypto/openssh/dist/regress/moduli.in head/crypto/openssh/regress/unittests/match/ - copied from r313012, vendor-crypto/openssh/dist/regress/unittests/match/ Directory Properties: head/crypto/openssh/openbsd-compat/strcasestr.c (props changed) head/crypto/openssh/regress/moduli.in (props changed) Deleted: head/crypto/openssh/auth-chall.c head/crypto/openssh/auth-rh-rsa.c head/crypto/openssh/auth-rsa.c head/crypto/openssh/monitor_mm.c head/crypto/openssh/monitor_mm.h head/crypto/openssh/openbsd-compat/xmmap.c Modified: head/crypto/openssh/.skipped-commit-ids head/crypto/openssh/CREDITS head/crypto/openssh/ChangeLog head/crypto/openssh/INSTALL head/crypto/openssh/Makefile.in head/crypto/openssh/PROTOCOL head/crypto/openssh/README head/crypto/openssh/README.platform head/crypto/openssh/README.privsep head/crypto/openssh/TODO head/crypto/openssh/aclocal.m4 head/crypto/openssh/addrmatch.c head/crypto/openssh/atomicio.c head/crypto/openssh/audit-bsm.c head/crypto/openssh/audit-linux.c head/crypto/openssh/audit.c head/crypto/openssh/audit.h head/crypto/openssh/auth-options.c head/crypto/openssh/auth-options.h head/crypto/openssh/auth-pam.c head/crypto/openssh/auth-pam.h head/crypto/openssh/auth-rhosts.c head/crypto/openssh/auth.c head/crypto/openssh/auth.h head/crypto/openssh/auth2-pubkey.c head/crypto/openssh/authfile.c head/crypto/openssh/buildpkg.sh.in head/crypto/openssh/chacha.h head/crypto/openssh/channels.c head/crypto/openssh/channels.h head/crypto/openssh/cipher-3des1.c head/crypto/openssh/cipher-bf1.c head/crypto/openssh/cipher-chachapoly.c head/crypto/openssh/cipher.c head/crypto/openssh/cipher.h head/crypto/openssh/clientloop.c head/crypto/openssh/clientloop.h head/crypto/openssh/config.guess head/crypto/openssh/config.h head/crypto/openssh/config.sub head/crypto/openssh/configure.ac head/crypto/openssh/contrib/Makefile head/crypto/openssh/contrib/gnome-ssh-askpass2.c head/crypto/openssh/contrib/redhat/openssh.spec head/crypto/openssh/contrib/suse/openssh.spec head/crypto/openssh/defines.h head/crypto/openssh/dh.c head/crypto/openssh/entropy.h head/crypto/openssh/gss-genr.c head/crypto/openssh/hostfile.c head/crypto/openssh/kex.c head/crypto/openssh/kex.h head/crypto/openssh/kexgexc.c head/crypto/openssh/kexgexs.c head/crypto/openssh/key.h head/crypto/openssh/krl.c head/crypto/openssh/mac.c head/crypto/openssh/match.c head/crypto/openssh/md5crypt.h head/crypto/openssh/mdoc2man.awk head/crypto/openssh/misc.c head/crypto/openssh/misc.h head/crypto/openssh/moduli head/crypto/openssh/moduli.c head/crypto/openssh/monitor.c head/crypto/openssh/monitor.h head/crypto/openssh/monitor_wrap.c head/crypto/openssh/monitor_wrap.h head/crypto/openssh/mux.c head/crypto/openssh/myproposal.h head/crypto/openssh/opacket.h head/crypto/openssh/openbsd-compat/Makefile.in head/crypto/openssh/openbsd-compat/base64.h head/crypto/openssh/openbsd-compat/bsd-asprintf.c head/crypto/openssh/openbsd-compat/bsd-cray.c head/crypto/openssh/openbsd-compat/bsd-cray.h head/crypto/openssh/openbsd-compat/bsd-cygwin_util.c head/crypto/openssh/openbsd-compat/bsd-cygwin_util.h head/crypto/openssh/openbsd-compat/bsd-misc.c head/crypto/openssh/openbsd-compat/bsd-misc.h head/crypto/openssh/openbsd-compat/bsd-nextstep.c head/crypto/openssh/openbsd-compat/bsd-nextstep.h head/crypto/openssh/openbsd-compat/bsd-openpty.c head/crypto/openssh/openbsd-compat/bsd-poll.c head/crypto/openssh/openbsd-compat/bsd-setres_id.c head/crypto/openssh/openbsd-compat/bsd-setres_id.h head/crypto/openssh/openbsd-compat/bsd-statvfs.c head/crypto/openssh/openbsd-compat/bsd-statvfs.h head/crypto/openssh/openbsd-compat/bsd-waitpid.c head/crypto/openssh/openbsd-compat/bsd-waitpid.h head/crypto/openssh/openbsd-compat/explicit_bzero.c head/crypto/openssh/openbsd-compat/fake-rfc2553.c head/crypto/openssh/openbsd-compat/fake-rfc2553.h head/crypto/openssh/openbsd-compat/getcwd.c head/crypto/openssh/openbsd-compat/getgrouplist.c head/crypto/openssh/openbsd-compat/openbsd-compat.h head/crypto/openssh/openbsd-compat/openssl-compat.c head/crypto/openssh/openbsd-compat/openssl-compat.h head/crypto/openssh/openbsd-compat/port-aix.c head/crypto/openssh/openbsd-compat/port-aix.h head/crypto/openssh/openbsd-compat/port-irix.c head/crypto/openssh/openbsd-compat/port-irix.h head/crypto/openssh/openbsd-compat/port-linux.c head/crypto/openssh/openbsd-compat/port-linux.h head/crypto/openssh/openbsd-compat/port-solaris.c head/crypto/openssh/openbsd-compat/port-solaris.h head/crypto/openssh/openbsd-compat/port-tun.c head/crypto/openssh/openbsd-compat/readpassphrase.c head/crypto/openssh/openbsd-compat/setproctitle.c head/crypto/openssh/openbsd-compat/sha2.c head/crypto/openssh/openbsd-compat/sha2.h head/crypto/openssh/openbsd-compat/vis.c head/crypto/openssh/openbsd-compat/xcrypt.c head/crypto/openssh/opensshd.init.in head/crypto/openssh/packet.c head/crypto/openssh/packet.h head/crypto/openssh/platform-tracing.c (contents, props changed) head/crypto/openssh/platform.c head/crypto/openssh/platform.h head/crypto/openssh/readconf.c head/crypto/openssh/regress/Makefile head/crypto/openssh/regress/agent-getpeereid.sh head/crypto/openssh/regress/cert-file.sh (contents, props changed) head/crypto/openssh/regress/cert-userkey.sh head/crypto/openssh/regress/connect-privsep.sh head/crypto/openssh/regress/integrity.sh head/crypto/openssh/regress/keys-command.sh head/crypto/openssh/regress/login-timeout.sh head/crypto/openssh/regress/misc/kexfuzz/README head/crypto/openssh/regress/misc/kexfuzz/kexfuzz.c (contents, props changed) head/crypto/openssh/regress/principals-command.sh (contents, props changed) head/crypto/openssh/regress/putty-ciphers.sh head/crypto/openssh/regress/putty-kex.sh head/crypto/openssh/regress/putty-transfer.sh head/crypto/openssh/regress/reexec.sh head/crypto/openssh/regress/sftp-chroot.sh head/crypto/openssh/regress/test-exec.sh head/crypto/openssh/regress/unittests/Makefile (contents, props changed) head/crypto/openssh/regress/unittests/Makefile.inc head/crypto/openssh/regress/unittests/bitmap/Makefile (contents, props changed) head/crypto/openssh/regress/unittests/hostkeys/Makefile (contents, props changed) head/crypto/openssh/regress/unittests/kex/Makefile (contents, props changed) head/crypto/openssh/regress/unittests/sshbuf/Makefile (contents, props changed) head/crypto/openssh/regress/unittests/sshkey/Makefile (contents, props changed) head/crypto/openssh/regress/unittests/utf8/Makefile (contents, props changed) head/crypto/openssh/regress/unittests/utf8/tests.c (contents, props changed) head/crypto/openssh/sandbox-darwin.c head/crypto/openssh/sandbox-rlimit.c head/crypto/openssh/scp.c head/crypto/openssh/servconf.c head/crypto/openssh/servconf.h head/crypto/openssh/serverloop.c head/crypto/openssh/serverloop.h head/crypto/openssh/session.c head/crypto/openssh/session.h head/crypto/openssh/sftp-client.c head/crypto/openssh/sftp-common.c head/crypto/openssh/sftp-server.c head/crypto/openssh/sftp.c head/crypto/openssh/ssh-agent.1 head/crypto/openssh/ssh-agent.c head/crypto/openssh/ssh-keygen.c head/crypto/openssh/ssh-pkcs11.c head/crypto/openssh/ssh-rsa.c head/crypto/openssh/ssh.c head/crypto/openssh/ssh_config head/crypto/openssh/ssh_config.5 head/crypto/openssh/sshbuf.c (contents, props changed) head/crypto/openssh/sshbuf.h (contents, props changed) head/crypto/openssh/sshconnect.c head/crypto/openssh/sshconnect1.c head/crypto/openssh/sshconnect2.c head/crypto/openssh/sshd.8 head/crypto/openssh/sshd.c head/crypto/openssh/sshd_config head/crypto/openssh/sshd_config.5 head/crypto/openssh/sshkey.c (contents, props changed) head/crypto/openssh/sshkey.h (contents, props changed) head/crypto/openssh/sshpty.c head/crypto/openssh/sshpty.h head/crypto/openssh/utf8.c (contents, props changed) head/crypto/openssh/utf8.h (contents, props changed) head/crypto/openssh/version.h head/secure/lib/libssh/Makefile head/secure/usr.sbin/sshd/Makefile Directory Properties: head/crypto/openssh/ (props changed) head/crypto/openssh/cipher-aesctr.c (props changed) head/crypto/openssh/cipher-aesctr.h (props changed) head/crypto/openssh/openbsd-compat/bsd-err.c (props changed) head/crypto/openssh/openbsd-compat/kludge-fd_set.c (props changed) head/crypto/openssh/openbsd-compat/regress/opensslvertest.c (props changed) head/crypto/openssh/platform-pledge.c (props changed) head/crypto/openssh/regress/cfgparse.sh (props changed) head/crypto/openssh/regress/check-perm.c (props changed) head/crypto/openssh/regress/hostkey-agent.sh (props changed) head/crypto/openssh/regress/hostkey-rotate.sh (props changed) head/crypto/openssh/regress/keygen-knownhosts.sh (props changed) head/crypto/openssh/regress/limit-keytype.sh (props changed) head/crypto/openssh/regress/misc/Makefile (props changed) head/crypto/openssh/regress/misc/kexfuzz/Makefile (props changed) head/crypto/openssh/regress/multipubkey.sh (props changed) head/crypto/openssh/regress/unittests/hostkeys/mktestdata.sh (props changed) head/crypto/openssh/regress/unittests/match/Makefile (props changed) head/crypto/openssh/regress/unittests/match/tests.c (props changed) head/crypto/openssh/regress/unittests/sshbuf/test_sshbuf.c (props changed) head/crypto/openssh/regress/unittests/sshbuf/test_sshbuf_fixed.c (props changed) head/crypto/openssh/regress/unittests/sshbuf/test_sshbuf_fuzz.c (props changed) head/crypto/openssh/regress/unittests/sshbuf/test_sshbuf_getput_basic.c (props changed) head/crypto/openssh/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c (props changed) head/crypto/openssh/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c (props changed) head/crypto/openssh/regress/unittests/sshbuf/test_sshbuf_misc.c (props changed) head/crypto/openssh/regress/unittests/sshbuf/tests.c (props changed) head/crypto/openssh/regress/unittests/sshkey/common.c (props changed) head/crypto/openssh/regress/unittests/sshkey/common.h (props changed) head/crypto/openssh/regress/unittests/sshkey/test_file.c (props changed) head/crypto/openssh/regress/unittests/sshkey/test_fuzz.c (props changed) head/crypto/openssh/regress/unittests/sshkey/test_sshkey.c (props changed) head/crypto/openssh/regress/unittests/sshkey/tests.c (props changed) head/crypto/openssh/regress/unittests/test_helper/Makefile (props changed) head/crypto/openssh/regress/unittests/test_helper/fuzz.c (props changed) head/crypto/openssh/regress/unittests/test_helper/test_helper.c (props changed) head/crypto/openssh/regress/unittests/test_helper/test_helper.h (props changed) head/crypto/openssh/regress/valgrind-unit.sh (props changed) head/crypto/openssh/sandbox-pledge.c (props changed) head/crypto/openssh/sandbox-solaris.c (props changed) head/crypto/openssh/sshbuf-getput-basic.c (props changed) head/crypto/openssh/sshbuf-getput-crypto.c (props changed) head/crypto/openssh/sshbuf-misc.c (props changed) head/crypto/openssh/ssherr.c (props changed) head/crypto/openssh/ssherr.h (props changed) Modified: head/crypto/openssh/.skipped-commit-ids ============================================================================== --- head/crypto/openssh/.skipped-commit-ids Mon Mar 6 01:11:34 2017 (r314719) +++ head/crypto/openssh/.skipped-commit-ids Mon Mar 6 01:37:05 2017 (r314720) @@ -9,3 +9,5 @@ edbfde98c40007b7752a4ac106095e060c25c1ef 180d84674be1344e45a63990d60349988187c1ae Update moduli f6ae971186ba68d066cd102e57d5b0b2c211a5ee systrace is dead. 96c5054e3e1f170c6276902d5bc65bb3b87a2603 remove DEBUGLIBS from Makefile +6da9a37f74aef9f9cc639004345ad893cad582d8 Update moduli file +77bcb50e47b68c7209c7f0a5a020d73761e5143b unset REGRESS_FAIL_EARLY Modified: head/crypto/openssh/CREDITS ============================================================================== --- head/crypto/openssh/CREDITS Mon Mar 6 01:11:34 2017 (r314719) +++ head/crypto/openssh/CREDITS Mon Mar 6 01:37:05 2017 (r314720) @@ -100,6 +100,3 @@ Zack Weinberg - G Apologies to anyone I have missed. Damien Miller - -$Id: CREDITS,v 1.81 2006/08/30 17:24:41 djm Exp $ - Modified: head/crypto/openssh/ChangeLog ============================================================================== --- head/crypto/openssh/ChangeLog Mon Mar 6 01:11:34 2017 (r314719) +++ head/crypto/openssh/ChangeLog Mon Mar 6 01:37:05 2017 (r314720) @@ -1,9202 +1,10266 @@ -commit 99522ba7ec6963a05c04a156bf20e3ba3605987c -Author: Damien Miller -Date: Thu Jul 28 08:54:27 2016 +1000 - - define _OPENBSD_SOURCE for reallocarray on NetBSD - - Report by and debugged with Hisashi T Fujinaka, dtucker nailed - the problem (lack of prototype causing return type confusion). - -commit 3e1e076550c27c6bbdddf36d8f42bd79fbaaa187 -Author: Damien Miller -Date: Wed Jul 27 08:25:42 2016 +1000 - - KNF - -commit d99ee9c4e5e217e7d05eeec84e9ce641f4675331 +commit 4a354fc231174901f2629437c2a6e924a2dd6772 Author: Damien Miller -Date: Wed Jul 27 08:25:23 2016 +1000 - - Linux auditing also needs packet.h - -commit 393bd381a45884b589baa9aed4394f1d250255ca -Author: Damien Miller -Date: Wed Jul 27 08:18:05 2016 +1000 - - fix auditing on Linux - - get_remote_ipaddr() was replaced with ssh_remote_ipaddr() - -commit 80e766fb089de4f3c92b1600eb99e9495e37c992 -Author: Damien Miller -Date: Sun Jul 24 21:50:13 2016 +1000 +Date: Mon Dec 19 15:59:26 2016 +1100 - crank version numbers + crank version numbers for release -commit b1a478792d458f2e938a302e64bab2b520edc1b3 +commit 5f8d0bb8413d4d909cc7aa3c616fb0538224c3c9 Author: djm@openbsd.org -Date: Sun Jul 24 11:45:36 2016 +0000 +Date: Mon Dec 19 04:55:51 2016 +0000 upstream commit - openssh-7.3 - - Upstream-ID: af106a7eb665f642648cf1993e162c899f358718 - -commit 353766e0881f069aeca30275ab706cd60a1a8fdd -Author: Darren Tucker -Date: Sat Jul 23 16:14:42 2016 +1000 - - Move Cygwin IPPORT_RESERVED overrride to defines.h + openssh-7.4 - Patch from vinschen at redhat.com. + Upstream-ID: 1ee404adba6bbe10ae9277cbae3a94abe2867b79 -commit 368dd977ae07afb93f4ecea23615128c95ab2b32 +commit 3a8213ea0ed843523e34e55ab9c852332bab4c7b Author: djm@openbsd.org -Date: Sat Jul 23 02:54:08 2016 +0000 +Date: Mon Dec 19 04:55:18 2016 +0000 upstream commit - fix pledge violation with ssh -f; reported by Valentin - Kozamernik ok dtucker@ + remove testcase that depends on exact output and + behaviour of snprintf(..., "%s", NULL) - Upstream-ID: a61db7988db88d9dac3c4dd70e18876a8edf84aa + Upstream-Regress-ID: cab4288531766bd9593cb556613b91a2eeefb56f -commit f00211e3c6d24d6ea2b64b4b1209f671f6c1d42e -Author: djm@openbsd.org -Date: Fri Jul 22 07:00:46 2016 +0000 +commit eae735a82d759054f6ec7b4e887fb7a5692c66d7 +Author: dtucker@openbsd.org +Date: Mon Dec 19 03:32:57 2016 +0000 upstream commit - improve wording; suggested by jmc@ + Use LOGNAME to get current user and fall back to whoami if + not set. Mainly to benefit -portable since some platforms don't have whoami. - Upstream-ID: 55cb0a24c8e0618b3ceec80998dc82c85db2d2f8 + Upstream-Regress-ID: e3a16b7836a3ae24dc8f8a4e43fdf8127a60bdfa -commit 83cbca693c3b0719270e6a0f2efe3f9ee93a65b8 +commit 0d2f88428487518eea60602bd593989013831dcf Author: dtucker@openbsd.org -Date: Fri Jul 22 05:46:11 2016 +0000 +Date: Fri Dec 16 03:51:19 2016 +0000 upstream commit - Lower loglevel for "Authenticated with partial success" - message similar to other similar level. bz#2599, patch from cgallek at - gmail.com, ok markus@ + Add regression test for AllowUsers and DenyUsers. Patch from + Zev Weiss - Upstream-ID: 3faab814e947dc7b2e292edede23e94c608cb4dd + Upstream-Regress-ID: 8f1aac24d52728398871dac14ad26ea38b533fb9 -commit 10358abd087ab228b7ce2048efc4f3854a9ab9a6 -Author: Damien Miller -Date: Fri Jul 22 14:06:36 2016 +1000 +commit 3bc8180a008929f6fe98af4a56fb37d04444b417 +Author: Darren Tucker +Date: Fri Dec 16 15:02:24 2016 +1100 - retry waitpid on EINTR failure + Add missing monitor.h include. - patch from Jakub Jelen on bz#2581; ok dtucker@ + Fixes warning pointed out by Zev Weiss -commit da88a70a89c800e74ea8e5661ffa127a3cc79a92 +commit 410681f9015d76cc7b137dd90dac897f673244a0 Author: djm@openbsd.org -Date: Fri Jul 22 03:47:36 2016 +0000 +Date: Fri Dec 16 02:48:55 2016 +0000 upstream commit - constify a few functions' arguments; patch from Jakub - Jelen bz#2581 + revert to rev1.2; the new bits in this test depend on changes + to ssh that aren't yet committed - Upstream-ID: f2043f51454ea37830ff6ad60c8b32b4220f448d + Upstream-Regress-ID: 828ffc2c7afcf65d50ff2cf3dfc47a073ad39123 -commit c36d91bd4ebf767f310f7cea88d61d1c15f53ddf -Author: djm@openbsd.org -Date: Fri Jul 22 03:39:13 2016 +0000 +commit 2f2ffa4fbe4b671bbffa0611f15ba44cff64d58e +Author: dtucker@openbsd.org +Date: Fri Dec 16 01:06:27 2016 +0000 upstream commit - move debug("%p", key) to before key is free'd; probable - undefined behaviour on strict compilers; reported by Jakub Jelen bz#2581 + Move the "stop sshd" code into its own helper function. + Patch from Zev Weiss , ok djm@ - Upstream-ID: 767f323e1f5819508a0e35e388ec241bac2f953a + Upstream-Regress-ID: a113dea77df5bd97fb4633ea31f3d72dbe356329 -commit 286f5a77c3bfec1e8892ca268087ac885ac871bf +commit e15e7152331e3976b35475fd4e9c72897ad0f074 Author: djm@openbsd.org -Date: Fri Jul 22 03:35:11 2016 +0000 +Date: Fri Dec 16 01:01:07 2016 +0000 upstream commit - reverse the order in which -J/JumpHost proxies are visited to - be more intuitive and document - - reported by and manpage bits naddy@ + regression test for certificates along with private key + with no public half. bz#2617, mostly from Adam Eijdenberg - Upstream-ID: 3a68fd6a841fd6cf8cedf6552a9607ba99df179a + Upstream-Regress-ID: 2e74dc2c726f4dc839609b3ce045466b69f01115 -commit fcd135c9df440bcd2d5870405ad3311743d78d97 +commit 9a70ec085faf6e55db311cd1a329f1a35ad2a500 Author: dtucker@openbsd.org -Date: Thu Jul 21 01:39:35 2016 +0000 +Date: Thu Dec 15 23:50:37 2016 +0000 upstream commit - Skip passwords longer than 1k in length so clients can't - easily DoS sshd by sending very long passwords, causing it to spend CPU - hashing them. feedback djm@, ok markus@. - - Brought to our attention by tomas.kuthan at oracle.com, shilei-c at - 360.cn and coredump at autistici.org + Use $SUDO to read pidfile in case root's umask is + restricted. From portable. - Upstream-ID: d0af7d4a2190b63ba1d38eec502bc4be0be9e333 + Upstream-Regress-ID: f6b1c7ffbc5a0dfb7d430adb2883344899174a98 -commit 324583e8fb3935690be58790425793df619c6d4d -Author: naddy@openbsd.org -Date: Wed Jul 20 10:45:27 2016 +0000 +commit fe06b68f824f8f55670442fb31f2c03526dd326c +Author: dtucker@openbsd.org +Date: Thu Dec 15 21:29:05 2016 +0000 upstream commit - Do not clobber the global jump_host variables when - parsing an inactive configuration. ok djm@ + Add missing braces in DenyUsers code. Patch from zev at + bewilderbeest.net, ok deraadt@ - Upstream-ID: 5362210944d91417d5976346d41ac0b244350d31 + Upstream-ID: d747ace338dcf943b077925f90f85f789714b54e -commit 32d921c323b989d28405e78d0a8923d12913d737 -Author: jmc@openbsd.org -Date: Tue Jul 19 12:59:16 2016 +0000 +commit dcc7d74242a574fd5c4afbb4224795b1644321e7 +Author: dtucker@openbsd.org +Date: Thu Dec 15 21:20:41 2016 +0000 upstream commit - tweak previous; + Fix text in error message. Patch from zev at + bewilderbeest.net. - Upstream-ID: f3c1a5b3f05dff366f60c028728a2b43f15ff534 + Upstream-ID: deb0486e175e7282f98f9a15035d76c55c84f7f6 -commit d7eabc86fa049a12ba2c3fb198bd1d51b37f7025 -Author: dtucker@openbsd.org -Date: Tue Jul 19 11:38:53 2016 +0000 +commit b737e4d7433577403a31cff6614f6a1b0b5e22f4 +Author: djm@openbsd.org +Date: Wed Dec 14 00:36:34 2016 +0000 upstream commit - Allow wildcard for PermitOpen hosts as well as ports. - bz#2582, patch from openssh at mzpqnxow.com and jjelen at redhat.com. ok - markus@ + disable Unix-domain socket forwarding when privsep is + disabled - Upstream-ID: af0294e9b9394c4e16e991424ca0a47a7cc605f2 + Upstream-ID: ab61516ae0faadad407857808517efa900a0d6d0 -commit b98a2a8348e907b3d71caafd80f0be8fdd075943 -Author: markus@openbsd.org -Date: Mon Jul 18 11:35:33 2016 +0000 +commit 08a1e7014d65c5b59416a0e138c1f73f417496eb +Author: djm@openbsd.org +Date: Fri Dec 9 03:04:29 2016 +0000 upstream commit - Reduce timing attack against obsolete CBC modes by always - computing the MAC over a fixed size of data. Reported by Jean Paul - Degabriele, Kenny Paterson, Torben Hansen and Martin Albrecht. ok djm@ + log connections dropped in excess of MaxStartups at + verbose LogLevel; bz#2613 based on diff from Tomas Kuthan; ok dtucker@ - Upstream-ID: f20a13279b00ba0afbacbcc1f04e62e9d41c2912 + Upstream-ID: 703ae690dbf9b56620a6018f8a3b2389ce76d92b -commit dbf788b4d9d9490a5fff08a7b09888272bb10fcc +commit 10e290ec00964b2bf70faab15a10a5574bb80527 Author: Darren Tucker -Date: Thu Jul 21 14:17:31 2016 +1000 +Date: Tue Dec 13 13:51:32 2016 +1100 - Search users for one with a valid salt. - - If the root account is locked (eg password "!!" or "*LK*") keep looking - until we find a user with a valid salt to use for crypting passwords of - invalid users. ok djm@ + Get default of TEST_SSH_UTF8 from environment. -commit e8b58f48fbb1b524fb4f0d4865fa0005d6a4b782 +commit b9b8ba3f9ed92c6220b58d70d1e6d8aa3eea1104 Author: Darren Tucker -Date: Mon Jul 18 17:22:49 2016 +1000 +Date: Tue Dec 13 12:56:40 2016 +1100 - Explicitly specify source files for regress tools. + Remove commented-out includes. - Since adding $(REGRESSLIBS), $? is wrong because it includes only the - changed source files. $< seems like it'd be right however it doesn't - seem to work on some non-GNU makes, so do what works everywhere. + These commented-out includes have "Still needed?" comments. Since + they've been commented out for ~13 years I assert that they're not. -commit eac1bbd06872c273f16ac0f9976b0aef026b701b +commit 25275f1c9d5f01a0877d39444e8f90521a598ea0 Author: Darren Tucker -Date: Mon Jul 18 17:12:22 2016 +1000 +Date: Tue Dec 13 12:54:23 2016 +1100 - Conditionally include err.h. + Add prototype for strcasestr in compat library. -commit 0a454147568746c503f669e1ba861f76a2e7a585 +commit afec07732aa2985142f3e0b9a01eb6391f523dec Author: Darren Tucker -Date: Mon Jul 18 16:26:26 2016 +1000 +Date: Tue Dec 13 10:23:03 2016 +1100 - Remove local implementation of err, errx. + Add strcasestr to compat library. - We now have a shared implementation in libopenbsd-compat. + Fixes build on (at least) Solaris 10. -commit eb999a4590846ba4d56ddc90bd07c23abfbab7b1 -Author: djm@openbsd.org -Date: Mon Jul 18 06:08:01 2016 +0000 +commit dda78a03af32e7994f132d923c2046e98b7c56c8 +Author: Damien Miller +Date: Mon Dec 12 13:57:10 2016 +1100 - upstream commit + Force Turkish locales back to C/POSIX; bz#2643 - Add some unsigned overflow checks for extra_pad. None of - these are reachable with the amount of padding that we use internally. - bz#2566, pointed out by Torben Hansen. ok markus@ + Turkish locales are unique in their handling of the letters 'i' and + 'I' (yes, they are different letters) and OpenSSH isn't remotely + prepared to deal with that. For now, the best we can do is to force + OpenSSH to use the C/POSIX locale and try to preserve the UTF-8 + encoding if possible. - Upstream-ID: 4d4be8450ab2fc1b852d5884339f8e8c31c3fd76 + ok dtucker@ -commit c71ba790c304545464bb494de974cdf0f4b5cf1e +commit c35995048f41239fc8895aadc3374c5f75180554 Author: Darren Tucker -Date: Mon Jul 18 15:43:25 2016 +1000 +Date: Fri Dec 9 12:52:02 2016 +1100 - Add dependency on libs for unit tests. - - Makes "./configure && make tests" work again. ok djm@ + exit is in stdlib.h not unistd.h (that's _exit). -commit 8199d0311aea3e6fd0284c9025e7a83f4ece79e8 +commit d399a8b914aace62418c0cfa20341aa37a192f98 Author: Darren Tucker -Date: Mon Jul 18 13:47:39 2016 +1000 +Date: Fri Dec 9 12:33:25 2016 +1100 - Correct location for kexfuzz in clean target. + Include for exit in utf8 locale test. -commit 01558b7b07af43da774d3a11a5c51fa9c310849d +commit 47b8c99ab3221188ad3926108dd9d36da3b528ec Author: Darren Tucker -Date: Mon Jul 18 09:33:25 2016 +1000 +Date: Thu Dec 8 15:48:34 2016 +1100 - Handle PAM_MAXTRIES from modules. + Check for utf8 local support before testing it. - bz#2249: handle the case where PAM returns PAM_MAXTRIES by ceasing to offer - password and keyboard-interative authentication methods. Should prevent - "sshd ignoring max retries" warnings in the log. ok djm@ + Check for utf8 local support and if not found, do not attempt to run the + utf8 tests. Suggested by djm@ + +commit 4089fc1885b3a2822204effbb02b74e3da58240d +Author: Darren Tucker +Date: Thu Dec 8 12:57:24 2016 +1100 + + Use AC_PATH_TOOL for krb5-config. - It probably won't trigger with keyboard-interactive in the default - configuration because the retry counter is stored in module-private - storage which goes away with the sshd PAM process (see bz#688). On the - other hand, those cases probably won't log a warning either. + This will use the host-prefixed version when cross compiling; patch from + david.michael at coreos.com. -commit 65c6c6b567ab5ab12945a5ad8e0ab3a8c26119cc +commit b4867e0712c89b93be905220c82f0a15e6865d1e Author: djm@openbsd.org -Date: Sun Jul 17 04:20:16 2016 +0000 +Date: Tue Dec 6 07:48:01 2016 +0000 upstream commit - support UTF-8 characters in ssh(1) banners using - schwarze@'s safe fmprintf printer; bz#2058 + make IdentityFile successfully load and use certificates that + have no corresponding bare public key. E.g. just a private id_rsa and + certificate id_rsa-cert.pub (and no id_rsa.pub). - feedback schwarze@ ok dtucker@ + bz#2617 ok dtucker@ - Upstream-ID: a72ce4e3644c957643c9524eea2959e41b91eea7 + Upstream-ID: c1e9699b8c0e3b63cc4189e6972e3522b6292604 -commit e4eb7d910976fbfc7ce3e90c95c11b07b483d0d7 -Author: jmc@openbsd.org -Date: Sat Jul 16 06:57:55 2016 +0000 +commit c9792783a98881eb7ed295680013ca97a958f8ac +Author: Damien Miller +Date: Fri Nov 25 14:04:21 2016 +1100 + + Add a gnome-ssh-askpass3 target for GTK+3 version + + Based on patch from Colin Watson via bz#2640 + +commit 7be85ae02b9de0993ce0a1d1e978e11329f6e763 +Author: Damien Miller +Date: Fri Nov 25 14:03:53 2016 +1100 + + Make gnome-ssh-askpass2.c GTK+3-friendly + + Patch from Colin Watson via bz#2640 + +commit b9844a45c7f0162fd1b5465683879793d4cc4aaa +Author: djm@openbsd.org +Date: Sun Dec 4 23:54:02 2016 +0000 upstream commit - - add proxyjump to the options list - formatting fixes - - update usage() + Fix public key authentication when multiple + authentication is in use. Instead of deleting and re-preparing the entire + keys list, just reset the 'used' flags; the keys list is already in a good + order (with already- tried keys at the back) - ok djm + Analysis and patch from Vincent Brillault on bz#2642; ok dtucker@ - Upstream-ID: 43d318e14ce677a2eec8f21ef5ba2f9f68a59457 + Upstream-ID: 7123f12dc2f3bcaae715853035a97923d7300176 -commit af1f084857621f14bd9391aba8033d35886c2455 +commit f2398eb774075c687b13af5bc22009eb08889abe Author: dtucker@openbsd.org -Date: Fri Jul 15 05:01:58 2016 +0000 +Date: Sun Dec 4 22:27:25 2016 +0000 upstream commit - Reduce the syslog level of some relatively common protocol - events from LOG_CRIT by replacing fatal() calls with logdie(). Part of - bz#2585, ok djm@ + Unlink PidFile on SIGHUP and always recreate it when the + new sshd starts. Regression tests (and possibly other things) depend on the + pidfile being recreated after SIGHUP, and unlinking it means it won't contain + a stale pid if sshd fails to restart. ok djm@ markus@ - Upstream-ID: 9005805227c94edf6ac02a160f0e199638d288e5 - -commit bd5f2b78b69cf38d6049a0de445a79c8595e4a1f -Author: Damien Miller -Date: Fri Jul 15 19:14:48 2016 +1000 + Upstream-ID: 132dd6dda0c77dd49d2f15b2573b5794f6160870 - missing openssl/dh.h - -commit 4a984fd342effe5f0aad874a0d538c4322d973c0 -Author: Damien Miller -Date: Fri Jul 15 18:47:07 2016 +1000 - - cast to avoid type warning in error message - -commit 5abfb15ced985c340359ae7fb65a625ed3692b3e -Author: Darren Tucker -Date: Fri Jul 15 14:48:30 2016 +1000 +commit 85aa2efeba51a96bf6834f9accf2935d96150296 +Author: djm@openbsd.org +Date: Wed Nov 30 03:01:33 2016 +0000 - Move VA_COPY macro into compat header. + upstream commit - Some AIX compilers unconditionally undefine va_copy but don't set it back - to an internal function, causing link errors. In some compat code we - already use VA_COPY instead so move the two existing instances into the - shared header and use for sshbuf-getput-basic.c too. Should fix building - with at lease some versions of AIX's compiler. bz#2589, ok djm@ - -commit 832b7443b7a8e181c95898bc5d73497b7190decd -Author: Damien Miller -Date: Fri Jul 15 14:45:34 2016 +1000 - - disable ciphers not supported by OpenSSL + test new behaviour of cert force-command restriction vs. + authorized_key/ principals - bz#2466 ok dtucker@ + Upstream-Regress-ID: 399efa7469d40c404c0b0a295064ce75d495387c -commit 5fbe93fc6fbb2fe211e035703dec759d095e3dd8 -Author: Damien Miller -Date: Fri Jul 15 13:54:31 2016 +1000 +commit 5d333131cd8519d022389cfd3236280818dae1bc +Author: jmc@openbsd.org +Date: Wed Nov 30 06:54:26 2016 +0000 - add a --disable-pkcs11 knob + upstream commit + + tweak previous; while here fix up FILES and AUTHORS; + + Upstream-ID: 93f6e54086145a75df8d8ec7d8689bdadbbac8fa -commit 679ce88ec2a8e2fe6515261c489e8c1449bb9da9 -Author: Damien Miller -Date: Fri Jul 15 13:44:38 2016 +1000 +commit 786d5994da79151180cb14a6cf157ebbba61c0cc +Author: djm@openbsd.org +Date: Wed Nov 30 03:07:37 2016 +0000 - fix newline escaping for unsupported_algorithms + upstream commit - The hmac-ripemd160 was incorrect and could lead to broken - Makefiles on systems that lacked support for it, but I made - all the others consistent too. + add a whitelist of paths from which ssh-agent will load + (via ssh-pkcs11-helper) a PKCS#11 module; ok markus@ + + Upstream-ID: fe79769469d9cd6d26fe0dc15751b83ef2a06e8f -commit ed877ef653847d056bb433975d731b7a1132a979 +commit 7844f357cdd90530eec81340847783f1f1da010b Author: djm@openbsd.org -Date: Fri Jul 15 00:24:30 2016 +0000 +Date: Wed Nov 30 03:00:05 2016 +0000 upstream commit - Add a ProxyJump ssh_config(5) option and corresponding -J - ssh(1) command-line flag to allow simplified indirection through a SSH - bastion or "jump host". - - These options construct a proxy command that connects to the - specified jump host(s) (more than one may be specified) and uses - port-forwarding to establish a connection to the next destination. - - This codifies the safest way of indirecting connections through SSH - servers and makes it easy to use. + Add a sshd_config DisableForwaring option that disables + X11, agent, TCP, tunnel and Unix domain socket forwarding, as well as + anything else we might implement in the future. - ok markus@ + This, like the 'restrict' authorized_keys flag, is intended to be a + simple and future-proof way of restricting an account. Suggested as + a complement to 'restrict' by Jann Horn; ok markus@ - Upstream-ID: fa899cb8b26d889da8f142eb9774c1ea36b04397 + Upstream-ID: 203803f66e533a474086b38a59ceb4cf2410fcf7 -commit 5c02dd126206a26785379e80f2d3848e4470b711 -Author: Darren Tucker -Date: Fri Jul 15 12:56:39 2016 +1000 +commit fd6dcef2030d23c43f986d26979f84619c10589d +Author: djm@openbsd.org +Date: Wed Nov 30 02:57:40 2016 +0000 - Map umac_ctx struct name too. + upstream commit - Prevents size mismatch linker warnings on Solaris 11. - -commit 283b97ff33ea2c641161950849931bd578de6946 -Author: Darren Tucker -Date: Fri Jul 15 13:49:44 2016 +1000 - - Mitigate timing of disallowed users PAM logins. + When a forced-command appears in both a certificate and + an authorized keys/principals command= restriction, refuse to accept the + certificate unless they are identical. - When sshd decides to not allow a login (eg PermitRootLogin=no) and - it's using PAM, it sends a fake password to PAM so that the timing for - the failure is not noticeably different whether or not the password - is correct. This behaviour can be detected by sending a very long - password string which is slower to hash than the fake password. + The previous (documented) behaviour of having the certificate forced- + command override the other could be a bit confused and more error-prone. - Mitigate by constructing an invalid password that is the same length - as the one from the client and thus takes the same time to hash. - Diff from djm@ + Pointed out by Jann Horn of Project Zero; ok dtucker@ + + Upstream-ID: 79d811b6eb6bbe1221bf146dde6928f92d2cd05f -commit 9286875a73b2de7736b5e50692739d314cd8d9dc -Author: Darren Tucker -Date: Fri Jul 15 13:32:45 2016 +1000 +commit 7fc4766ac78abae81ee75b22b7550720bfa28a33 +Author: dtucker@openbsd.org +Date: Wed Nov 30 00:28:31 2016 +0000 - Determine appropriate salt for invalid users. + upstream commit - When sshd is processing a non-PAM login for a non-existent user it uses - the string from the fakepw structure as the salt for crypt(3)ing the - password supplied by the client. That string has a Blowfish prefix, so on - systems that don't understand that crypt will fail fast due to an invalid - salt, and even on those that do it may have significantly different timing - from the hash methods used for real accounts (eg sha512). This allows - user enumeration by, eg, sending large password strings. This was noted - by EddieEzra.Harari at verint.com (CVE-2016-6210). + On startup, check to see if sshd is already daemonized + and if so, skip the call to daemon() and do not rewrite the PidFile. This + means that when sshd re-execs itself on SIGHUP the process ID will no longer + change. Should address bz#2641. ok djm@ markus@. - To mitigate, use the same hash algorithm that root uses for hashing - passwords for users that do not exist on the system. ok djm@ + Upstream-ID: 5ea0355580056fb3b25c1fd6364307d9638a37b9 -commit a162dd5e58ca5b224d7500abe35e1ef32b5de071 -Author: Darren Tucker -Date: Thu Jul 14 21:19:59 2016 +1000 - - OpenSSL 1.1.x not currently supported. - -commit 7df91b01fc558a33941c5c5f31abbcdc53a729fb -Author: Darren Tucker -Date: Thu Jul 14 12:25:24 2016 +1000 +commit c9f880c195c65f1dddcbc4ce9d6bfea7747debcc +Author: Damien Miller +Date: Wed Nov 30 13:51:49 2016 +1100 - Check for VIS_ALL. + factor out common PRNG reseed before privdrop - If we don't have it, set BROKEN_STRNVIS to activate the compat replacement. + Add a call to RAND_poll() to ensure than more than pid+time gets + stirred into child processes states. Prompted by analysis from Jann + Horn at Project Zero. ok dtucker@ -commit ee67716f61f1042d5e67f91c23707cca5dcdd7d0 +commit 79e4829ec81dead1b30999e1626eca589319a47f Author: dtucker@openbsd.org -Date: Thu Jul 14 01:24:21 2016 +0000 +Date: Fri Nov 25 03:02:01 2016 +0000 upstream commit - Correct equal in test. + Allow PuTTY interop tests to run unattended. bz#2639, + patch from cjwatson at debian.org. - Upstream-Regress-ID: 4e32f7a5c57a619c4e8766cb193be2a1327ec37a + Upstream-Regress-ID: 4345253558ac23b2082aebabccd48377433b6fe0 -commit 372807c2065c8572fdc6478b25cc5ac363743073 -Author: tb@openbsd.org -Date: Mon Jul 11 21:38:13 2016 +0000 +commit 504c3a9a1bf090f6b27260fc3e8ea7d984d163dc +Author: dtucker@openbsd.org +Date: Fri Nov 25 02:56:49 2016 +0000 upstream commit - Add missing "recvfd" pledge promise: Raf Czlonka reported - ssh coredumps when Control* keywords were set in ssh_config. This patch also - fixes similar problems with scp and sftp. - - ok deraadt, looks good to millert + Reverse args to sshd-log-wrapper. Matches change in + portable, where it allows sshd do be optionally run under Valgrind. - Upstream-ID: ca2099eade1ef3e87a79614fefa26a0297ad8a3b + Upstream-Regress-ID: b438d1c6726dc5caa2a45153e6103a0393faa906 -commit e0453f3df64bf485c61c7eb6bd12893eee9fe2cd -Author: tedu@openbsd.org -Date: Mon Jul 11 03:19:44 2016 +0000 +commit bd13017736ec2f8f9ca498fe109fb0035f322733 +Author: dtucker@openbsd.org +Date: Fri Nov 25 02:49:18 2016 +0000 upstream commit - obsolete note about fascistloggin is obsolete. ok djm - dtucker + Fix typo in trace message; from portable. - Upstream-ID: dae60df23b2bb0e89f42661ddd96a7b0d1b7215a + Upstream-Regress-ID: 4c4a2ba0d37faf5fd230a91b4c7edb5699fbd73a -commit a2333584170a565adf4f209586772ef8053b10b8 -Author: Darren Tucker -Date: Thu Jul 14 10:59:09 2016 +1000 +commit 7da751d8b007c7f3e814fd5737c2351440d78b4c +Author: tb@openbsd.org +Date: Tue Nov 1 13:43:27 2016 +0000 - Add compat code for missing wcwidth. + upstream commit - If we don't have wcwidth force fallback implementations of nl_langinfo - and mbtowc. Based on advice from Ingo Schwarze. - -commit 8aaec7050614494014c47510b7e94daf6e644c62 -Author: Damien Miller -Date: Thu Jul 14 09:48:48 2016 +1000 - - fix missing include for systems with err.h - -commit 6310ef27a2567cda66d6cf0c1ad290ee1167f243 -Author: Darren Tucker -Date: Wed Jul 13 14:42:35 2016 +1000 - - Move err.h replacements into compat lib. + Clean up MALLOC_OPTIONS. For the unittests, move + MALLOC_OPTIONS and TEST_ENV to unittets/Makefile.inc. - Move implementations of err.h replacement functions into their own file - in the libopenbsd-compat so we can use them in kexfuzz.c too. ok djm@ - -commit f3f2cc8386868f51440c45210098f65f9787449a -Author: Darren Tucker -Date: Mon Jul 11 17:23:38 2016 +1000 - - Check for wchar.h and langinfo.h + ok otto - Wrap includes in the appropriate #ifdefs. + Upstream-Regress-ID: 890d497e0a38eeddfebb11cc429098d76cf29f12 -commit b9c50614eba9d90939b2b119b6e1b7e03b462278 -Author: Damien Miller -Date: Fri Jul 8 13:59:13 2016 +1000 +commit 36f58e68221bced35e06d1cca8d97c48807a8b71 +Author: tb@openbsd.org +Date: Mon Oct 31 23:45:08 2016 +0000 - whitelist more architectures for seccomp-bpf + upstream commit - bz#2590 - testing and patch from Jakub Jelen + Remove the obsolete A and P flags from MALLOC_OPTIONS. + + ok dtucker + + Upstream-Regress-ID: 6cc25024c8174a87e5734a0dc830194be216dd59 -commit 18813a32b6fd964037e0f5e1893cb4468ac6a758 -Author: guenther@openbsd.org -Date: Mon Jul 4 18:01:44 2016 +0000 +commit b0899ee26a6630883c0f2350098b6a35e647f512 +Author: dtucker@openbsd.org +Date: Tue Nov 29 03:54:50 2016 +0000 upstream commit - DEBUGLIBS has been broken since the gcc4 switch, so delete - it. CFLAGS contains -g by default anyway - - problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com) - ok millert@ kettenis@ deraadt@ + Factor out code to disconnect from controlling terminal + into its own function. ok djm@ - Upstream-Regress-ID: 4a0bb72f95c63f2ae9daa8a040ac23914bddb542 + Upstream-ID: 39fd9e8ebd7222615a837312face5cc7ae962885 -commit 6d31193d0baa3da339c196ac49625b7ba1c2ecc7 +commit 54d022026aae4f53fa74cc636e4a032d9689b64d Author: djm@openbsd.org -Date: Fri Jul 8 03:44:42 2016 +0000 +Date: Fri Nov 25 23:24:45 2016 +0000 upstream commit - Improve crypto ordering for Encrypt-then-MAC (EtM) mode - MAC algorithms. - - Previously we were computing the MAC, decrypting the packet and then - checking the MAC. This gave rise to the possibility of creating a - side-channel oracle in the decryption step, though no such oracle has - been identified. - - This adds a mac_check() function that computes and checks the MAC in - one pass, and uses it to advance MAC checking for EtM algorithms to - before payload decryption. + use sshbuf_allocate() to pre-allocate the buffer used for + loading keys. This avoids implicit realloc inside the buffer code, which + might theoretically leave fragments of the key on the heap. This doesn't + appear to happen in practice for normal sized keys, but was observed for + novelty oversize ones. - Reported by Jean Paul Degabriele, Kenny Paterson, Torben Hansen and - Martin Albrecht. feedback and ok markus@ + Pointed out by Jann Horn of Project Zero; ok markus@ - Upstream-ID: 1999bb67cab47dda5b10b80d8155fe83d4a1867b + Upstream-ID: d620e1d46a29fdea56aeadeda120879eddc60ab1 -commit 71f5598f06941f645a451948c4a5125c83828e1c -Author: guenther@openbsd.org -Date: Mon Jul 4 18:01:44 2016 +0000 +commit a9c746088787549bb5b1ae3add7d06a1b6d93d5e +Author: djm@openbsd.org +Date: Fri Nov 25 23:22:04 2016 +0000 upstream commit - DEBUGLIBS has been broken since the gcc4 switch, so - delete it. CFLAGS contains -g by default anyway - - problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com) - ok millert@ kettenis@ deraadt@ + split allocation out of sshbuf_reserve() into a separate + sshbuf_allocate() function; ok markus@ - Upstream-ID: 96c5054e3e1f170c6276902d5bc65bb3b87a2603 + Upstream-ID: 11b8a2795afeeb1418d508a2c8095b3355577ec2 -commit e683fc6f1c8c7295648dbda679df8307786ec1ce -Author: dtucker@openbsd.org -Date: Thu Jun 30 05:17:05 2016 +0000 +commit f0ddedee460486fa0e32fefb2950548009e5026e +Author: markus@openbsd.org +Date: Wed Nov 23 23:14:15 2016 +0000 upstream commit - Explicitly check for 100% completion to avoid potential - floating point rounding error, which could cause progressmeter to report 99% - on completion. While there invert the test so the 100% case is clearer. with - & ok djm@ + allow ClientAlive{Interval,CountMax} in Match; ok dtucker, + djm - Upstream-ID: a166870c5878e422f3c71ff802e2ccd7032f715d + Upstream-ID: 8beb4c1eadd588f1080b58932281983864979f55 -commit 772e6cec0ed740fc7db618dc30b4134f5a358b43 -Author: jmc@openbsd.org -Date: Wed Jun 29 17:14:28 2016 +0000 +commit 1a6f9d2e2493d445cd9ee496e6e3c2a2f283f66a +Author: djm@openbsd.org +Date: Tue Nov 8 22:04:34 2016 +0000 upstream commit - sort the -o list; + unbreak DenyUsers; reported by henning@ - Upstream-ID: 1a97465ede8790b4d47cb618269978e07f41f8ac + Upstream-ID: 1c67d4148f5e953c35acdb62e7c08ae8e33f7cb2 -commit 46ecd19e554ccca15a7309cd1b6b44bc8e6b84af +commit 010359b32659f455fddd2bd85fd7cc4d7a3b994a Author: djm@openbsd.org -Date: Thu Jun 23 05:17:51 2016 +0000 +Date: Sun Nov 6 05:46:37 2016 +0000 upstream commit - fix AuthenticationMethods during configuration re-parse; - reported by Juan Francisco Cantero Hurtado + Validate address ranges for AllowUser/DenyUsers at + configuration load time and refuse to accept bad ones. It was previously + possible to specify invalid CIDR address ranges (e.g. djm@127.1.2.3/55) and + these would always match. - Upstream-ID: 8ffa1dac25c7577eca8238e825317ab20848f9b4 + Thanks to Laurence Parry for a detailed bug report. ok markus (for + a previous diff version) + + Upstream-ID: 9dfcdd9672b06e65233ea4434c38226680d40bfb -commit 3147e7595d0f2f842a666c844ac53e6c7a253d7e +commit efb494e81d1317209256b38b49f4280897c61e69 Author: djm@openbsd.org -Date: Sun Jun 19 07:48:02 2016 +0000 +Date: Fri Oct 28 03:33:52 2016 +0000 upstream commit - revert 1.34; causes problems loading public keys + Improve pkcs11_add_provider() logging: demote some + excessively verbose error()s to debug()s, include PKCS#11 provider name and + slot in log messages where possible. bz#2610, based on patch from Jakub Jelen - reported by semarie@ + Upstream-ID: 3223ef693cfcbff9079edfc7e89f55bf63e1973d + +commit 5ee3fb5affd7646f141749483205ade5fc54adaf +Author: Darren Tucker +Date: Tue Nov 1 08:12:33 2016 +1100 + + Use ptrace(PT_DENY_ATTACH, ..) on OS X. + +commit 315d2a4e674d0b7115574645cb51f968420ebb34 +Author: Damien Miller +Date: Fri Oct 28 14:34:07 2016 +1100 + + Unbreak AES-CTR ciphers on old (~0.9.8) OpenSSL - Upstream-ID: b393794f8935c8b15d98a407fe7721c62d2ed179 + ok dtucker@ -commit ad23a75509f4320d43f628c50f0817e3ad12bfa7 -Author: jmc@openbsd.org -Date: Fri Jun 17 06:33:30 2016 +0000 +commit a9ff3950b8e80ff971b4d44bbce96df27aed28af +Author: Darren Tucker +Date: Fri Oct 28 14:26:58 2016 +1100 - upstream commit + Move OPENSSL_NO_RIPEMD160 to compat. - grammar fix; + Move OPENSSL_NO_RIPEMD160 to compat and add ifdefs to mac.c around the + ripemd160 MACs. + +commit bce58885160e5db2adda3054c3b81fe770f7285a +Author: Darren Tucker +Date: Fri Oct 28 13:52:31 2016 +1100 + + Check if RIPEMD160 is disabled in OpenSSL. + +commit d924640d4c355d1b5eca1f4cc60146a9975dbbff +Author: Darren Tucker +Date: Fri Oct 28 13:38:19 2016 +1100 + + Skip ssh1 specfic ciphers. - Upstream-ID: 5d5b21c80f1e81db367333ce0bb3e5874fb3e463 + cipher-3des1.c and cipher-bf1.c are specific to sshv1 so don't even try + to compile them when Protocol 1 is not enabled. -commit 5e28b1a2a3757548b40018cc2493540a17c82e27 -Author: djm@openbsd.org -Date: Fri Jun 17 05:06:23 2016 +0000 +commit 79d078e7a49caef746516d9710ec369ba45feab6 +Author: jsg@openbsd.org +Date: Tue Oct 25 04:08:13 2016 +0000 upstream commit - translate OpenSSL error codes to something more - meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@ + Fix logic in add_local_forward() that inverted a test + when code was refactored out into bind_permitted(). This broke ssh port + forwarding for non-priv ports as a non root user. - Upstream-ID: 4cb0795a366381724314e6515d57790c5930ffe5 + ok dtucker@ 'looks good' deraadt@ + + Upstream-ID: ddb8156ca03cc99997de284ce7777536ff9570c9 -commit b64faeb5eda7eff8210c754d00464f9fe9d23de5 -Author: djm@openbsd.org -Date: Fri Jun 17 05:03:40 2016 +0000 +commit a903e315dee483e555c8a3a02c2946937f9b4e5d +Author: dtucker@openbsd.org +Date: Mon Oct 24 01:09:17 2016 +0000 upstream commit - ban AuthenticationMethods="" and accept - AuthenticationMethods=any for the default behaviour of not requiring multiple - authentication + Remove dead breaks, found via opencoverage.net. ok + deraadt@ - bz#2398 from Jakub Jelen; ok dtucker@ + Upstream-ID: ad9cc655829d67fad219762810770787ba913069 + +commit b4e96b4c9bea4182846e4942ba2048e6d708ee54 +Author: Darren Tucker +Date: Wed Oct 26 08:43:25 2016 +1100 *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***