Up to [cvs.NetBSD.org] / src / crypto / external / bsd / openssh / dist
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
resolve conflicts between 9.7 and 9.8
Import OpenSSH-9.8 (previous was 9.7) Security ======== This release contains fixes for two security problems, one critical and one minor. 1) Race condition in sshd(8) A critical vulnerability in sshd(8) was present in Portable OpenSSH versions between 8.5p1 and 9.7p1 (inclusive) that may allow arbitrary code execution with root privileges. Successful exploitation has been demonstrated on 32-bit Linux/glibc systems with ASLR. Under lab conditions, the attack requires on average 6-8 hours of continuous connections up to the maximum the server will accept. Exploitation on 64-bit systems is believed to be possible but has not been demonstrated at this time. It's likely that these attacks will be improved upon. Exploitation on non-glibc systems is conceivable but has not been examined. Systems that lack ASLR or users of downstream Linux distributions that have modified OpenSSH to disable per-connection ASLR re-randomisation (yes - this is a thing, no - we don't understand why) may potentially have an easier path to exploitation. OpenBSD is not vulnerable. We thank the Qualys Security Advisory Team for discovering, reporting and demonstrating exploitability of this problem, and for providing detailed feedback on additional mitigation measures. 2) Logic error in ssh(1) ObscureKeystrokeTiming In OpenSSH version 9.5 through 9.7 (inclusive), when connected to an OpenSSH server version 9.5 or later, a logic error in the ssh(1) ObscureKeystrokeTiming feature (on by default) rendered this feature ineffective - a passive observer could still detect which network packets contained real keystrokes when the countermeasure was active because both fake and real keystroke packets were being sent unconditionally. This bug was found by Philippos Giavridis and also independently by Jacky Wei En Kung, Daniel Hugenroth and Alastair Beresford of the University of Cambridge Computer Lab. Worse, the unconditional sending of both fake and real keystroke packets broke another long-standing timing attack mitigation. Since OpenSSH 2.9.9 sshd(8) has sent fake keystoke echo packets for traffic received on TTYs in echo-off mode, such as when entering a password into su(8) or sudo(8). This bug rendered these fake keystroke echoes ineffective and could allow a passive observer of a SSH session to once again detect when echo was off and obtain fairly limited timing information about keystrokes in this situation (20ms granularity by default). This additional implication of the bug was identified by Jacky Wei En Kung, Daniel Hugenroth and Alastair Beresford and we thank them for their detailed analysis. This bug does not affect connections when ObscureKeystrokeTiming was disabled or sessions where no TTY was requested. Future deprecation notice ========================= OpenSSH plans to remove support for the DSA signature algorithm in early 2025. This release disables DSA by default at compile time. DSA, as specified in the SSHv2 protocol, is inherently weak - being limited to a 160 bit private key and use of the SHA1 digest. Its estimated security level is only 80 bits symmetric equivalent. OpenSSH has disabled DSA keys by default since 2015 but has retained run-time optional support for them. DSA was the only mandatory-to- implement algorithm in the SSHv2 RFCs, mostly because alternative algorithms were encumbered by patents when the SSHv2 protocol was specified. This has not been the case for decades at this point and better algorithms are well supported by all actively-maintained SSH implementations. We do not consider the costs of maintaining DSA in OpenSSH to be justified and hope that removing it from OpenSSH can accelerate its wider deprecation in supporting cryptography libraries. This release, and its deactivation of DSA by default at compile-time, marks the second step in our timeline to finally deprecate DSA. The final step of removing DSA support entirely is planned for the first OpenSSH release of 2025. DSA support may be re-enabled in OpenBSD by setting "DSAKEY=yes" in Makefile.inc. To enable DSA support in portable OpenSSH, pass the "--enable-dsa-keys" option to configure. Potentially-incompatible changes -------------------------------- * all: as mentioned above, the DSA signature algorithm is now disabled at compile time. * sshd(8): the server will now block client addresses that repeatedly fail authentication, repeatedly connect without ever completing authentication or that crash the server. See the discussion of PerSourcePenalties below for more information. Operators of servers that accept connections from many users, or servers that accept connections from addresses behind NAT or proxies may need to consider these settings. * sshd(8): the server has been split into a listener binary, sshd(8), and a per-session binary "sshd-session". This allows for a much smaller listener binary, as it no longer needs to support the SSH protocol. As part of this work, support for disabling privilege separation (which previously required code changes to disable) and disabling re-execution of sshd(8) has been removed. Further separation of sshd-session into additional, minimal binaries is planned for the future. * sshd(8): several log messages have changed. In particular, some log messages will be tagged with as originating from a process named "sshd-session" rather than "sshd". * ssh-keyscan(1): this tool previously emitted comment lines containing the hostname and SSH protocol banner to standard error. This release now emits them to standard output, but adds a new "-q" flag to silence them altogether. * sshd(8): (portable OpenSSH only) sshd will no longer use argv[0] as the PAM service name. A new "PAMServiceName" sshd_config(5) directive allows selecting the service name at runtime. This defaults to "sshd". bz2101 * (portable OpenSSH only) Automatically-generated files, such as configure, config.h.in, etc will now be checked in to the portable OpenSSH git release branch (e.g. V_9_8). This should ensure that the contents of the signed release branch exactly match the contents of the signed release tarball.
Pull up the following, requested by kim in ticket #1780: crypto/external/bsd/openssh/Makefile.inc up to 1.15 (+patch) crypto/external/bsd/openssh/bin/Makefile.inc up to 1.4 crypto/external/bsd/openssh/bin/scp/Makefile up to 1.6 crypto/external/bsd/openssh/bin/sftp/Makefile up to 1.11 crypto/external/bsd/openssh/bin/sftp-server/Makefile up to 1.4 crypto/external/bsd/openssh/bin/ssh/Makefile up to 1.20 crypto/external/bsd/openssh/bin/ssh-add/Makefile up to 1.3 crypto/external/bsd/openssh/bin/ssh-agent/Makefile up to 1.7 crypto/external/bsd/openssh/bin/ssh-keygen/Makefile up to 1.10 crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile up to 1.6 crypto/external/bsd/openssh/bin/ssh-pkcs11-helper/Makefile up to 1.4 crypto/external/bsd/openssh/bin/sshd/Makefile up to 1.27 (+patch) crypto/external/bsd/openssh/dist/PROTOCOL.sshsig up to 1.1.1.2 crypto/external/bsd/openssh/dist/srclimit.c up to 1.3 crypto/external/bsd/openssh/dist/sftp-realpath.c up to 1.3 crypto/external/bsd/openssh/dist/sntrup761.c up to 1.3 crypto/external/bsd/openssh/dist/sntrup761.sh up to 1.1.1.2 crypto/external/bsd/openssh/dist/sshsig.c up to 1.12 crypto/external/bsd/openssh/dist/sshsig.h up to 1.1.1.5 crypto/external/bsd/openssh/dist/addr.c up to 1.6 crypto/external/bsd/openssh/dist/PROTOCOL.u2f up to 1.1.1.3 crypto/external/bsd/openssh/dist/sk-api.h up to 1.1.1.6 crypto/external/bsd/openssh/dist/sk-usbhid.c up to 1.9 crypto/external/bsd/openssh/dist/ssh-ecdsa-sk.c up to 1.4 crypto/external/bsd/openssh/dist/ssh-ed25519-sk.c up to 1.5 crypto/external/bsd/openssh/dist/ssh-sk-client.c up to 1.6 crypto/external/bsd/openssh/dist/ssh-sk-helper.8 up to 1.1.1.2 crypto/external/bsd/openssh/dist/ssh-sk-helper.c up to 1.7 crypto/external/bsd/openssh/dist/ssh-sk.c up to 1.8 crypto/external/bsd/openssh/dist/ssh-sk.h up to 1.1.1.2 crypto/external/bsd/openssh/dist/sshbuf-io.c up to 1.2 crypto/external/bsd/openssh/dist/addr.h up to 1.1.1.2 crypto/external/bsd/openssh/dist/kexsntrup761x25519.c up to 1.3 crypto/external/bsd/openssh/dist/cipher-chachapoly-libcrypto.c up to 1.3 crypto/external/bsd/openssh/dist/srclimit.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/auth2-pubkeyfile.c up to 1.3 crypto/external/bsd/openssh/dist/sftp-usergroup.c up to 1.3 crypto/external/bsd/openssh/dist/sftp-usergroup.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/ed25519.sh up to 1.1.1.1 crypto/external/bsd/openssh/dist/crc32.c delete crypto/external/bsd/openssh/dist/crc32.h delete crypto/external/bsd/openssh/dist/fe25519.c delete crypto/external/bsd/openssh/dist/fe25519.h delete crypto/external/bsd/openssh/dist/ge25519.c delete crypto/external/bsd/openssh/dist/ge25519.h delete crypto/external/bsd/openssh/dist/ge25519_base.data delete crypto/external/bsd/openssh/dist/kexsntrup4591761x25519.c delete crypto/external/bsd/openssh/dist/sc25519.c delete crypto/external/bsd/openssh/dist/sc25519.h delete crypto/external/bsd/openssh/dist/sntrup4591761.c delete crypto/external/bsd/openssh/dist/sntrup4591761.sh delete crypto/external/bsd/openssh/dist/uuencode.c delete crypto/external/bsd/openssh/dist/uuencode.h delete crypto/external/bsd/openssh/dist/verify.c delete crypto/external/bsd/openssh/dist/LICENCE up to 1.7 crypto/external/bsd/openssh/dist/PROTOCOL up to 1.23 crypto/external/bsd/openssh/dist/PROTOCOL.agent up to 1.15 crypto/external/bsd/openssh/dist/PROTOCOL.certkeys up to 1.13 crypto/external/bsd/openssh/dist/PROTOCOL.chacha20poly1305 up to 1.1.1.4 crypto/external/bsd/openssh/dist/PROTOCOL.key up to 1.1.1.3 crypto/external/bsd/openssh/dist/PROTOCOL.krl up to 1.1.1.5 crypto/external/bsd/openssh/dist/PROTOCOL.mux up to 1.12 crypto/external/bsd/openssh/dist/addrmatch.c up to 1.15 crypto/external/bsd/openssh/dist/auth-krb5.c up to 1.16 crypto/external/bsd/openssh/dist/auth-options.c up to 1.29 crypto/external/bsd/openssh/dist/auth-options.h up to 1.15 crypto/external/bsd/openssh/dist/auth-pam.c up to 1.21 crypto/external/bsd/openssh/dist/auth-passwd.c up to 1.13 crypto/external/bsd/openssh/dist/auth-rhosts.c up to 1.16 crypto/external/bsd/openssh/dist/auth.c up to 1.34 crypto/external/bsd/openssh/dist/auth.h up to 1.23 crypto/external/bsd/openssh/dist/auth2-chall.c up to 1.19 crypto/external/bsd/openssh/dist/auth2-gss.c up to 1.17 crypto/external/bsd/openssh/dist/auth2-hostbased.c up to 1.23 crypto/external/bsd/openssh/dist/auth2-kbdint.c up to 1.15 crypto/external/bsd/openssh/dist/auth2-krb5.c up to 1.10 crypto/external/bsd/openssh/dist/auth2-none.c up to 1.14 crypto/external/bsd/openssh/dist/auth2-passwd.c up to 1.16 crypto/external/bsd/openssh/dist/auth2-pubkey.c up to 1.34 crypto/external/bsd/openssh/dist/auth2.c up to 1.29 crypto/external/bsd/openssh/dist/authfd.c up to 1.27 crypto/external/bsd/openssh/dist/authfd.h up to 1.17 crypto/external/bsd/openssh/dist/authfile.c up to 1.28 crypto/external/bsd/openssh/dist/authfile.h up to 1.10 crypto/external/bsd/openssh/dist/canohost.c up to 1.16 crypto/external/bsd/openssh/dist/chacha.c up to 1.6 crypto/external/bsd/openssh/dist/chacha.h up to 1.3 crypto/external/bsd/openssh/dist/channels.c up to 1.42 crypto/external/bsd/openssh/dist/channels.h up to 1.26 crypto/external/bsd/openssh/dist/cipher-chachapoly.c up to 1.7 crypto/external/bsd/openssh/dist/cipher-chachapoly.h up to 1.3 crypto/external/bsd/openssh/dist/cipher.c up to 1.21 crypto/external/bsd/openssh/dist/cipher.h up to 1.17 crypto/external/bsd/openssh/dist/clientloop.c up to 1.39 crypto/external/bsd/openssh/dist/clientloop.h up to 1.18 crypto/external/bsd/openssh/dist/compat.c up to 1.26 crypto/external/bsd/openssh/dist/compat.h up to 1.18 crypto/external/bsd/openssh/dist/crypto_api.h up to 1.5 crypto/external/bsd/openssh/dist/dh.c up to 1.20 crypto/external/bsd/openssh/dist/dh.h up to 1.13 crypto/external/bsd/openssh/dist/digest-libc.c up to 1.8 crypto/external/bsd/openssh/dist/digest-openssl.c up to 1.9 crypto/external/bsd/openssh/dist/dispatch.c up to 1.11 crypto/external/bsd/openssh/dist/dns.c up to 1.23 crypto/external/bsd/openssh/dist/dns.h up to 1.13 crypto/external/bsd/openssh/dist/ed25519.c up to 1.6 crypto/external/bsd/openssh/dist/fatal.c up to 1.7 crypto/external/bsd/openssh/dist/getrrsetbyname.c up to 1.6 crypto/external/bsd/openssh/dist/gss-genr.c up to 1.11 crypto/external/bsd/openssh/dist/gss-serv.c up to 1.15 crypto/external/bsd/openssh/dist/hash.c up to 1.7 crypto/external/bsd/openssh/dist/hmac.c up to 1.8 crypto/external/bsd/openssh/dist/hostfile.c up to 1.23 crypto/external/bsd/openssh/dist/hostfile.h up to 1.11 crypto/external/bsd/openssh/dist/includes.h up to 1.9 crypto/external/bsd/openssh/dist/kex.c up to 1.34 crypto/external/bsd/openssh/dist/kex.h up to 1.24 crypto/external/bsd/openssh/dist/kexdh.c up to 1.10 crypto/external/bsd/openssh/dist/kexgen.c up to 1.7 crypto/external/bsd/openssh/dist/kexgexc.c up to 1.17 crypto/external/bsd/openssh/dist/kexgexs.c up to 1.23 crypto/external/bsd/openssh/dist/krl.c up to 1.23 crypto/external/bsd/openssh/dist/krl.h up to 1.6 crypto/external/bsd/openssh/dist/ldapauth.c up to 1.8 crypto/external/bsd/openssh/dist/ldapauth.h up to 1.6 crypto/external/bsd/openssh/dist/log.c up to 1.27 crypto/external/bsd/openssh/dist/log.h up to 1.17 crypto/external/bsd/openssh/dist/mac.c up to 1.16 crypto/external/bsd/openssh/dist/match.c up to 1.16 crypto/external/bsd/openssh/dist/match.h up to 1.11 crypto/external/bsd/openssh/dist/misc.c up to 1.35 crypto/external/bsd/openssh/dist/misc.h up to 1.27 crypto/external/bsd/openssh/dist/moduli up to 1.10 crypto/external/bsd/openssh/dist/moduli.c up to 1.17 crypto/external/bsd/openssh/dist/monitor.c up to 1.43 crypto/external/bsd/openssh/dist/monitor.h up to 1.13 crypto/external/bsd/openssh/dist/monitor_fdpass.c up to 1.9 crypto/external/bsd/openssh/dist/monitor_wrap.c up to 1.34 crypto/external/bsd/openssh/dist/monitor_wrap.h up to 1.23 crypto/external/bsd/openssh/dist/msg.c up to 1.11 crypto/external/bsd/openssh/dist/mux.c up to 1.35 crypto/external/bsd/openssh/dist/myproposal.h up to 1.24 crypto/external/bsd/openssh/dist/namespace.h up to 1.10 crypto/external/bsd/openssh/dist/nchan.c up to 1.14 crypto/external/bsd/openssh/dist/packet.c up to 1.50 crypto/external/bsd/openssh/dist/packet.h up to 1.26 crypto/external/bsd/openssh/dist/pathnames.h up to 1.15 crypto/external/bsd/openssh/dist/pfilter.c up to 1.8 (+patch) crypto/external/bsd/openssh/dist/poly1305.c up to 1.6 crypto/external/bsd/openssh/dist/progressmeter.c up to 1.15 crypto/external/bsd/openssh/dist/readconf.c up to 1.44 crypto/external/bsd/openssh/dist/readconf.h up to 1.34 crypto/external/bsd/openssh/dist/readpass.c up to 1.18 crypto/external/bsd/openssh/dist/rijndael.h up to 1.3 crypto/external/bsd/openssh/dist/sandbox-pledge.c up to 1.3 crypto/external/bsd/openssh/dist/sandbox-rlimit.c up to 1.7 crypto/external/bsd/openssh/dist/scp.1 up to 1.31 crypto/external/bsd/openssh/dist/scp.c up to 1.41 crypto/external/bsd/openssh/dist/servconf.c up to 1.44 crypto/external/bsd/openssh/dist/servconf.h up to 1.30 crypto/external/bsd/openssh/dist/serverloop.c up to 1.35 crypto/external/bsd/openssh/dist/session.c up to 1.38 crypto/external/bsd/openssh/dist/session.h up to 1.10 crypto/external/bsd/openssh/dist/sftp-client.c up to 1.35 crypto/external/bsd/openssh/dist/sftp-client.h up to 1.18 crypto/external/bsd/openssh/dist/sftp-common.c up to 1.14 crypto/external/bsd/openssh/dist/sftp-common.h up to 1.8 crypto/external/bsd/openssh/dist/sftp-glob.c up to 1.15 crypto/external/bsd/openssh/dist/sftp-server-main.c up to 1.8 crypto/external/bsd/openssh/dist/sftp-server.8 up to 1.14 crypto/external/bsd/openssh/dist/sftp-server.c up to 1.30 crypto/external/bsd/openssh/dist/sftp.1 up to 1.30 crypto/external/bsd/openssh/dist/sftp.c up to 1.39 crypto/external/bsd/openssh/dist/ssh-add.1 up to 1.18 crypto/external/bsd/openssh/dist/ssh-add.c up to 1.30 crypto/external/bsd/openssh/dist/ssh-agent.1 up to 1.19 crypto/external/bsd/openssh/dist/ssh-agent.c up to 1.37 crypto/external/bsd/openssh/dist/ssh-dss.c up to 1.18 crypto/external/bsd/openssh/dist/ssh-ecdsa.c up to 1.15 crypto/external/bsd/openssh/dist/ssh-ed25519.c up to 1.10 crypto/external/bsd/openssh/dist/ssh-gss.h up to 1.10 crypto/external/bsd/openssh/dist/ssh-keygen.1 up to 1.34 crypto/external/bsd/openssh/dist/ssh-keygen.c up to 1.46 crypto/external/bsd/openssh/dist/ssh-keyscan.1 up to 1.18 crypto/external/bsd/openssh/dist/ssh-keyscan.c up to 1.32 crypto/external/bsd/openssh/dist/ssh-keysign.8 up to 1.14 crypto/external/bsd/openssh/dist/ssh-keysign.c up to 1.24 crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c up to 1.19 crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.8 up to 1.12 crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c up to 1.22 crypto/external/bsd/openssh/dist/ssh-pkcs11.c up to 1.26 crypto/external/bsd/openssh/dist/ssh-pkcs11.h up to 1.9 crypto/external/bsd/openssh/dist/ssh-rsa.c up to 1.19 crypto/external/bsd/openssh/dist/ssh-xmss.c up to 1.6 crypto/external/bsd/openssh/dist/ssh.1 up to 1.39 crypto/external/bsd/openssh/dist/ssh.c up to 1.45 crypto/external/bsd/openssh/dist/ssh.h up to 1.13 crypto/external/bsd/openssh/dist/ssh2.h up to 1.15 crypto/external/bsd/openssh/dist/ssh_api.c up to 1.15 crypto/external/bsd/openssh/dist/ssh_config up to 1.16 crypto/external/bsd/openssh/dist/ssh_config.5 up to 1.40 crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c up to 1.12 crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c up to 1.11 crypto/external/bsd/openssh/dist/sshbuf-misc.c up to 1.14 crypto/external/bsd/openssh/dist/sshbuf.c up to 1.14 crypto/external/bsd/openssh/dist/sshbuf.h up to 1.19 crypto/external/bsd/openssh/dist/sshconnect.c up to 1.37 crypto/external/bsd/openssh/dist/sshconnect.h up to 1.17 crypto/external/bsd/openssh/dist/sshconnect2.c up to 1.46 crypto/external/bsd/openssh/dist/sshd.8 up to 1.31 crypto/external/bsd/openssh/dist/sshd.c up to 1.50 crypto/external/bsd/openssh/dist/sshd_config up to 1.28 crypto/external/bsd/openssh/dist/sshd_config.5 up to 1.42 crypto/external/bsd/openssh/dist/ssherr.c up to 1.10 crypto/external/bsd/openssh/dist/ssherr.h up to 1.4 crypto/external/bsd/openssh/dist/sshkey-xmss.c up to 1.10 crypto/external/bsd/openssh/dist/sshkey-xmss.h up to 1.5 crypto/external/bsd/openssh/dist/sshkey.c up to 1.32 crypto/external/bsd/openssh/dist/sshkey.h up to 1.19 crypto/external/bsd/openssh/dist/sshlogin.c up to 1.13 crypto/external/bsd/openssh/dist/sshpty.c up to 1.8 crypto/external/bsd/openssh/dist/ttymodes.c up to 1.12 crypto/external/bsd/openssh/dist/uidswap.c up to 1.10 crypto/external/bsd/openssh/dist/umac.c up to 1.22 crypto/external/bsd/openssh/dist/umac.h up to 1.10 crypto/external/bsd/openssh/dist/utf8.c up to 1.9 crypto/external/bsd/openssh/dist/utf8.h up to 1.5 crypto/external/bsd/openssh/dist/version.h up to 1.44 crypto/external/bsd/openssh/dist/xmalloc.c up to 1.13 crypto/external/bsd/openssh/dist/xmalloc.h up to 1.16 crypto/external/bsd/openssh/dist/xmss_hash.c up to 1.3 crypto/external/bsd/openssh/dist/moduli-gen/Makefile up to 1.3 crypto/external/bsd/openssh/dist/moduli-gen/moduli-gen.sh up to 1.1.1.3 crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048 up to 1.16 crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072 up to 1.18 crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096 up to 1.18 crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144 up to 1.18 crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680 up to 1.18 crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192 up to 1.18 crypto/external/bsd/openssh/lib/Makefile up to 1.38 crypto/external/bsd/openssh/lib/shlib_version up to 1.36 crypto/external/bsd/openssh/openssh2netbsd up to 1.4 lib/libpam/modules/pam_ssh/Makefile up to 1.13 lib/libpam/modules/pam_ssh/pam_ssh.c up to 1.30 distrib/sets/lists/base/shl.mi (apply patch) distrib/sets/lists/debug/shl.mi (apply patch) doc/3RDPARTY (apply patch) Update OpenSSH to 9.6.
merge conflicts between OpenSSH-8.9 and OpenSSH-9.0
Import OpenSSH-9.0 Changes since OpenSSH 8.9 ========================= This release is focused on bug fixing. Potentially-incompatible changes -------------------------------- This release switches scp(1) from using the legacy scp/rcp protocol to using the SFTP protocol by default. Legacy scp/rcp performs wildcard expansion of remote filenames (e.g. "scp host:* .") through the remote shell. This has the side effect of requiring double quoting of shell meta-characters in file names included on scp(1) command-lines, otherwise they could be interpreted as shell commands on the remote side. This creates one area of potential incompatibility: scp(1) when using the SFTP protocol no longer requires this finicky and brittle quoting, and attempts to use it may cause transfers to fail. We consider the removal of the need for double-quoting shell characters in file names to be a benefit and do not intend to introduce bug-compatibility for legacy scp/rcp in scp(1) when using the SFTP protocol. Another area of potential incompatibility relates to the use of remote paths relative to other user's home directories, for example - "scp host:~user/file /tmp". The SFTP protocol has no native way to expand a ~user path. However, sftp-server(8) in OpenSSH 8.7 and later support a protocol extension "expand-path@openssh.com" to support this. In case of incompatibility, the scp(1) client may be instructed to use the legacy scp/rcp using the -O flag. New features ------------ * ssh(1), sshd(8): use the hybrid Streamlined NTRU Prime + x25519 key exchange method by default ("sntrup761x25519-sha512@openssh.com"). The NTRU algorithm is believed to resist attacks enabled by future quantum computers and is paired with the X25519 ECDH key exchange (the previous default) as a backstop against any weaknesses in NTRU Prime that may be discovered in the future. The combination ensures that the hybrid exchange offers at least as good security as the status quo. We are making this change now (i.e. ahead of cryptographically- relevant quantum computers) to prevent "capture now, decrypt later" attacks where an adversary who can record and store SSH session ciphertext would be able to decrypt it once a sufficiently advanced quantum computer is available. * sftp-server(8): support the "copy-data" extension to allow server- side copying of files/data, following the design in draft-ietf-secsh-filexfer-extensions-00. bz2948 * sftp(1): add a "cp" command to allow the sftp client to perform server-side file copies. Bugfixes -------- * ssh(1), sshd(8): upstream: fix poll(2) spin when a channel's output fd closes without data in the channel buffer. bz3405 and bz3411 * sshd(8): pack pollfd array in server listen/accept loop. Could cause the server to hang/spin when MaxStartups > RLIMIT_NOFILE * ssh-keygen(1): avoid NULL deref via the find-principals and check-novalidate operations. bz3409 and GHPR307 respectively. * scp(1): fix a memory leak in argument processing. bz3404 * sshd(8): don't try to resolve ListenAddress directives in the sshd re-exec path. They are unused after re-exec and parsing errors (possible for example if the host's network configuration changed) could prevent connections from being accepted. * sshd(8): when refusing a public key authentication request from a client for using an unapproved or unsupported signature algorithm include the algorithm name in the log message to make debugging easier. Portability ----------- * sshd(8): refactor platform-specific locked account check, fixing an incorrect free() on platforms with both libiaf and shadow passwords (probably only Unixware) GHPR284, * ssh(1), sshd(8): Fix possible integer underflow in scan_scaled(3) parsing of K/M/G/etc quantities. bz#3401. * sshd(8): provide killpg implementation (mostly for Tandem NonStop) GHPR301. * Check for missing ftruncate prototype. GHPR301 * sshd(8): default to not using sandbox when cross compiling. On most systems poll(2) does not work when the number of FDs is reduced with setrlimit, so assume it doesn't when cross compiling and we can't run the test. bz#3398. * sshd(8): allow ppoll_time64 in seccomp sandbox. Should fix sandbox violations on some (at least i386 and armhf) 32bit Linux platforms. bz#3396. * Improve detection of -fzero-call-used-regs=all support in configure script.
Merge changes from current as of 20200406
Merge conflicts
OpenSSH 8.2/8.2p1 (2020-02-14) OpenSSH 8.2 was released on 2020-02-14. It is available from the mirrors listed at https://www.openssh.com/. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested snapshots or donated to the project. More information on donations may be found at: https://www.openssh.com/donations.html Future deprecation notice ========================= It is now possible[1] to perform chosen-prefix attacks against the SHA-1 hash algorithm for less than USD$50K. For this reason, we will be disabling the "ssh-rsa" public key signature algorithm that depends on SHA-1 by default in a near-future release. This algorithm is unfortunately still used widely despite the existence of better alternatives, being the only remaining public key signature algorithm specified by the original SSH RFCs. The better alternatives include: * The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These algorithms have the advantage of using the same key type as "ssh-rsa" but use the safe SHA-2 hash algorithms. These have been supported since OpenSSH 7.2 and are already used by default if the client and server support them. * The ssh-ed25519 signature algorithm. It has been supported in OpenSSH since release 6.5. * The RFC5656 ECDSA algorithms: ecdsa-sha2-nistp256/384/521. These have been supported by OpenSSH since release 5.7. To check whether a server is using the weak ssh-rsa public key algorithm for host authentication, try to connect to it after removing the ssh-rsa algorithm from ssh(1)'s allowed list: ssh -oHostKeyAlgorithms=-ssh-rsa user@host If the host key verification fails and no other supported host key types are available, the server software on that host should be upgraded. A future release of OpenSSH will enable UpdateHostKeys by default to allow the client to automatically migrate to better algorithms. Users may consider enabling this option manually. [1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust" Leurent, G and Peyrin, T (2020) https://eprint.iacr.org/2020/014.pdf Security ======== * ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa" (RSA/SHA1) algorithm from those accepted for certificate signatures (i.e. the client and server CASignatureAlgorithms option) and will use the rsa-sha2-512 signature algorithm by default when the ssh-keygen(1) CA signs new certificates. Certificates are at special risk to the aforementioned SHA1 collision vulnerability as an attacker has effectively unlimited time in which to craft a collision that yields them a valid certificate, far more than the relatively brief LoginGraceTime window that they have to forge a host key signature. The OpenSSH certificate format includes a CA-specified (typically random) nonce value near the start of the certificate that should make exploitation of chosen-prefix collisions in this context challenging, as the attacker does not have full control over the prefix that actually gets signed. Nonetheless, SHA1 is now a demonstrably broken algorithm and futher improvements in attacks are highly likely. OpenSSH releases prior to 7.2 do not support the newer RSA/SHA2 algorithms and will refuse to accept certificates signed by an OpenSSH 8.2+ CA using RSA keys unless the unsafe algorithm is explicitly selected during signing ("ssh-keygen -t ssh-rsa"). Older clients/servers may use another CA key type such as ssh-ed25519 (supported since OpenSSH 6.5) or one of the ecdsa-sha2-nistp256/384/521 types (supported since OpenSSH 5.7) instead if they cannot be upgraded. Potentially-incompatible changes ================================ This release includes a number of changes that may affect existing configurations: * ssh(1), sshd(8): the above removal of "ssh-rsa" from the accepted CASignatureAlgorithms list. * ssh(1), sshd(8): this release removes diffie-hellman-group14-sha1 from the default key exchange proposal for both the client and server. * ssh-keygen(1): the command-line options related to the generation and screening of safe prime numbers used by the diffie-hellman-group-exchange-* key exchange algorithms have changed. Most options have been folded under the -O flag. * sshd(8): the sshd listener process title visible to ps(1) has changed to include information about the number of connections that are currently attempting authentication and the limits configured by MaxStartups. * ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F support to provide address-space isolation for token middleware libraries (including the internal one). It needs to be installed in the expected path, typically under /usr/libexec or similar. Changes since OpenSSH 8.1 ========================= This release contains some significant new features. FIDO/U2F Support ---------------- This release adds support for FIDO/U2F hardware authenticators to OpenSSH. U2F/FIDO are open standards for inexpensive two-factor authentication hardware that are widely used for website authentication. In OpenSSH FIDO devices are supported by new public key types "ecdsa-sk" and "ed25519-sk", along with corresponding certificate types. ssh-keygen(1) may be used to generate a FIDO token-backed key, after which they may be used much like any other key type supported by OpenSSH, so long as the hardware token is attached when the keys are used. FIDO tokens also generally require the user explicitly authorise operations by touching or tapping them. Generating a FIDO key requires the token be attached, and will usually require the user tap the token to confirm the operation: $ ssh-keygen -t ecdsa-sk -f ~/.ssh/id_ecdsa_sk Generating public/private ecdsa-sk key pair. You may need to touch your security key to authorize key generation. Enter file in which to save the key (/home/djm/.ssh/id_ecdsa_sk): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/djm/.ssh/id_ecdsa_sk Your public key has been saved in /home/djm/.ssh/id_ecdsa_sk.pub This will yield a public and private key-pair. The private key file should be useless to an attacker who does not have access to the physical token. After generation, this key may be used like any other supported key in OpenSSH and may be listed in authorized_keys, added to ssh-agent(1), etc. The only additional stipulation is that the FIDO token that the key belongs to must be attached when the key is used. FIDO tokens are most commonly connected via USB but may be attached via other means such as Bluetooth or NFC. In OpenSSH, communication with the token is managed via a middleware library, specified by the SecurityKeyProvider directive in ssh/sshd_config(5) or the $SSH_SK_PROVIDER environment variable for ssh-keygen(1) and ssh-add(1). The API for this middleware is documented in the sk-api.h and PROTOCOL.u2f files in the source distribution. OpenSSH includes a middleware ("SecurityKeyProvider=internal") with support for USB tokens. It is automatically enabled in OpenBSD and may be enabled in portable OpenSSH via the configure flag --with-security-key-builtin. If the internal middleware is enabled then it is automatically used by default. This internal middleware requires that libfido2 (https://github.com/Yubico/libfido2) and its dependencies be installed. We recommend that packagers of portable OpenSSH enable the built-in middleware, as it provides the lowest-friction experience for users. Note: FIDO/U2F tokens are required to implement the ECDSA-P256 "ecdsa-sk" key type, but hardware support for Ed25519 "ed25519-sk" is less common. Similarly, not all hardware tokens support some of the optional features such as resident keys. The protocol-level changes to support FIDO/U2F keys in SSH are documented in the PROTOCOL.u2f file in the OpenSSH source distribution. There are a number of supporting changes to this feature: * ssh-keygen(1): add a "no-touch-required" option when generating FIDO-hosted keys, that disables their default behaviour of requiring a physical touch/tap on the token during authentication. Note: not all tokens support disabling the touch requirement. * sshd(8): add a sshd_config PubkeyAuthOptions directive that collects miscellaneous public key authentication-related options for sshd(8). At present it supports only a single option "no-touch-required". This causes sshd to skip its default check for FIDO/U2F keys that the signature was authorised by a touch or press event on the token hardware. * ssh(1), sshd(8), ssh-keygen(1): add a "no-touch-required" option for authorized_keys and a similar extension for certificates. This option disables the default requirement that FIDO key signatures attest that the user touched their key to authorize them, mirroring the similar PubkeyAuthOptions sshd_config option. * ssh-keygen(1): add support for the writing the FIDO attestation information that is returned when new keys are generated via the "-O write-attestation=/path" option. FIDO attestation certificates may be used to verify that a FIDO key is hosted in trusted hardware. OpenSSH does not currently make use of this information, beyond optionally writing it to disk. FIDO2 resident keys ------------------- FIDO/U2F OpenSSH keys consist of two parts: a "key handle" part stored in the private key file on disk, and a per-device private key that is unique to each FIDO/U2F token and that cannot be exported from the token hardware. These are combined by the hardware at authentication time to derive the real key that is used to sign authentication challenges. For tokens that are required to move between computers, it can be cumbersome to have to move the private key file first. To avoid this requirement, tokens implementing the newer FIDO2 standard support "resident keys", where it is possible to effectively retrieve the key handle part of the key from the hardware. OpenSSH supports this feature, allowing resident keys to be generated using the ssh-keygen(1) "-O resident" flag. This will produce a public/private key pair as usual, but it will be possible to retrieve the private key part from the token later. This may be done using "ssh-keygen -K", which will download all available resident keys from the tokens attached to the host and write public/private key files for them. It is also possible to download and add resident keys directly to ssh-agent(1) without writing files to the file-system using "ssh-add -K". Resident keys are indexed on the token by the application string and user ID. By default, OpenSSH uses an application string of "ssh:" and an empty user ID. If multiple resident keys on a single token are desired then it may be necessary to override one or both of these defaults using the ssh-keygen(1) "-O application=" or "-O user=" options. Note: OpenSSH will only download and use resident keys whose application string begins with "ssh:" Storing both parts of a key on a FIDO token increases the likelihood of an attacker being able to use a stolen token device. For this reason, tokens should enforce PIN authentication before allowing download of keys, and users should set a PIN on their tokens before creating any resident keys. Other New Features ------------------ * sshd(8): add an Include sshd_config keyword that allows including additional configuration files via glob(3) patterns. bz2468 * ssh(1)/sshd(8): make the LE (low effort) DSCP code point available via the IPQoS directive; bz2986, * ssh(1): when AddKeysToAgent=yes is set and the key contains no comment, add the key to the agent with the key's path as the comment. bz2564 * ssh-keygen(1), ssh-agent(1): expose PKCS#11 key labels and X.509 subjects as key comments, rather than simply listing the PKCS#11 provider library path. PR138 * ssh-keygen(1): allow PEM export of DSA and ECDSA keys; bz3091 * ssh(1), sshd(8): make zlib compile-time optional, available via the Makefile.inc ZLIB flag on OpenBSD or via the --with-zlib configure option for OpenSSH portable. * sshd(8): when clients get denied by MaxStartups, send a notification prior to the SSH2 protocol banner according to RFC4253 section 4.2. * ssh(1), ssh-agent(1): when invoking the $SSH_ASKPASS prompt program, pass a hint to the program to describe the type of desired prompt. The possible values are "confirm" (indicating that a yes/no confirmation dialog with no text entry should be shown), "none" (to indicate an informational message only), or blank for the original ssh-askpass behaviour of requesting a password/phrase. * ssh(1): allow forwarding a different agent socket to the path specified by $SSH_AUTH_SOCK, by extending the existing ForwardAgent option to accepting an explicit path or the name of an environment variable in addition to yes/no. * ssh-keygen(1): add a new signature operations "find-principals" to look up the principal associated with a signature from an allowed- signers file. * sshd(8): expose the number of currently-authenticating connections along with the MaxStartups limit in the process title visible to "ps". Bugfixes -------- * sshd(8): make ClientAliveCountMax=0 have sensible semantics: it will now disable connection killing entirely rather than the current behaviour of instantly killing the connection after the first liveness test regardless of success. bz2627 * sshd(8): clarify order of AllowUsers / DenyUsers vs AllowGroups / DenyGroups in the sshd(8) manual page. bz1690 * sshd(8): better describe HashKnownHosts in the manual page. bz2560 * sshd(8): clarify that that permitopen=/PermitOpen do no name or address translation in the manual page. bz3099 * sshd(8): allow the UpdateHostKeys feature to function when multiple known_hosts files are in use. When updating host keys, ssh will now search subsequent known_hosts files, but will add updated host keys to the first specified file only. bz2738 * All: replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations. * sftp(1): fix a race condition in the SIGCHILD handler that could turn in to a kill(-1); bz3084 * sshd(8): fix a case where valid (but extremely large) SSH channel IDs were being incorrectly rejected. bz3098 * ssh(1): when checking host key fingerprints as answers to new hostkey prompts, ignore whitespace surrounding the fingerprint itself. * All: wait for file descriptors to be readable or writeable during non-blocking connect, not just readable. Prevents a timeout when the server doesn't immediately send a banner (e.g. multiplexers like sslh) * sshd_config(5): document the sntrup4591761x25519-sha512@tinyssh.org key exchange algorithm. PR#151
Apply patch (requested by mrg in ticket #1468): Update OpenSSH to 7.5.
Apply patch (requested by mrg in ticket #1468): Update OpenSSH to 7.5.
Apply patch (requested by mrg in ticket #1468): Update OpenSSH to 7.5.
Sync with HEAD
Sync with HEAD
merge conflicts
Sync with HEAD. (Note that most of these changes are simply $NetBSD$ tag issues.)
merge conflicts
merge conflicts
Future deprecation notice ========================= We plan on retiring more legacy cryptography in a near-future release, specifically: * Refusing all RSA keys smaller than 1024 bits (the current minimum is 768 bits) This list reflects our current intentions, but please check the final release notes for future releases. Potentially-incompatible changes ================================ This release disables a number of legacy cryptographic algorithms by default in ssh: * Several ciphers blowfish-cbc, cast128-cbc, all arcfour variants and the rijndael-cbc aliases for AES. * MD5-based and truncated HMAC algorithms. These algorithms are already disabled by default in sshd. Changes since OpenSSH 7.1p2 =========================== This is primarily a bugfix release. Security -------- * ssh(1), sshd(8): remove unfinished and unused roaming code (was already forcibly disabled in OpenSSH 7.1p2). * ssh(1): eliminate fallback from untrusted X11 forwarding to trusted forwarding when the X server disables the SECURITY extension. * ssh(1), sshd(8): increase the minimum modulus size supported for diffie-hellman-group-exchange to 2048 bits. * sshd(8): pre-auth sandboxing is now enabled by default (previous releases enabled it for new installations via sshd_config). New Features ------------ * all: add support for RSA signatures using SHA-256/512 hash algorithms based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt. * ssh(1): Add an AddKeysToAgent client option which can be set to 'yes', 'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a private key that is used during authentication will be added to ssh-agent if it is running (with confirmation enabled if set to 'confirm'). * sshd(8): add a new authorized_keys option "restrict" that includes all current and future key restrictions (no-*-forwarding, etc.). Also add permissive versions of the existing restrictions, e.g. "no-pty" -> "pty". This simplifies the task of setting up restricted keys and ensures they are maximally-restricted, regardless of any permissions we might implement in the future. * ssh(1): add ssh_config CertificateFile option to explicitly list certificates. bz#2436 * ssh-keygen(1): allow ssh-keygen to change the key comment for all supported formats. * ssh-keygen(1): allow fingerprinting from standard input, e.g. "ssh-keygen -lf -" * ssh-keygen(1): allow fingerprinting multiple public keys in a file, e.g. "ssh-keygen -lf ~/.ssh/authorized_keys" bz#1319 * sshd(8): support "none" as an argument for sshd_config Foreground and ChrootDirectory. Useful inside Match blocks to override a global default. bz#2486 * ssh-keygen(1): support multiple certificates (one per line) and reading from standard input (using "-f -") for "ssh-keygen -L" * ssh-keyscan(1): add "ssh-keyscan -c ..." flag to allow fetching certificates instead of plain keys. * ssh(1): better handle anchored FQDNs (e.g. 'cvs.openbsd.org.') in hostname canonicalisation - treat them as already canonical and remove the trailing '.' before matching ssh_config. Bugfixes -------- * sftp(1): existing destination directories should not terminate recursive uploads (regression in openssh 6.8) bz#2528 * ssh(1), sshd(8): correctly send back SSH2_MSG_UNIMPLEMENTED replies to unexpected messages during key exchange. bz#2949 * ssh(1): refuse attempts to set ConnectionAttempts=0, which does not make sense and would cause ssh to print an uninitialised stack variable. bz#2500 * ssh(1): fix errors when attempting to connect to scoped IPv6 addresses with hostname canonicalisation enabled. * sshd_config(5): list a couple more options usable in Match blocks. bz#2489 * sshd(8): fix "PubkeyAcceptedKeyTypes +..." inside a Match block. * ssh(1): expand tilde characters in filenames passed to -i options before checking whether or not the identity file exists. Avoids confusion for cases where shell doesn't expand (e.g. "-i ~/file" vs. "-i~/file"). bz#2481 * ssh(1): do not prepend "exec" to the shell command run by "Match exec" in a config file, which could cause some commands to fail in certain environments. bz#2471 * ssh-keyscan(1): fix output for multiple hosts/addrs on one line when host hashing or a non standard port is in use bz#2479 * sshd(8): skip "Could not chdir to home directory" message when ChrootDirectory is active. bz#2485 * ssh(1): include PubkeyAcceptedKeyTypes in ssh -G config dump. * sshd(8): avoid changing TunnelForwarding device flags if they are already what is needed; makes it possible to use tun/tap networking as non-root user if device permissions and interface flags are pre-established * ssh(1), sshd(8): RekeyLimits could be exceeded by one packet. bz#2521 * ssh(1): fix multiplexing master failure to notice client exit. * ssh(1), ssh-agent(1): avoid fatal() for PKCS11 tokens that present empty key IDs. bz#1773 * sshd(8): avoid printf of NULL argument. bz#2535 * ssh(1), sshd(8): allow RekeyLimits larger than 4GB. bz#2521 * ssh-keygen(1): sshd(8): fix several bugs in (unused) KRL signature support. * ssh(1), sshd(8): fix connections with peers that use the key exchange guess feature of the protocol. bz#2515 * sshd(8): include remote port number in log messages. bz#2503 * ssh(1): don't try to load SSHv1 private key when compiled without SSHv1 support. bz#2505 * ssh-agent(1), ssh(1): fix incorrect error messages during key loading and signing errors. bz#2507 * ssh-keygen(1): don't leave empty temporary files when performing known_hosts file edits when known_hosts doesn't exist. * sshd(8): correct packet format for tcpip-forward replies for requests that don't allocate a port bz#2509 * ssh(1), sshd(8): fix possible hang on closed output. bz#2469 * ssh(1): expand %i in ControlPath to UID. bz#2449 * ssh(1), sshd(8): fix return type of openssh_RSA_verify. bz#2460 * ssh(1), sshd(8): fix some option parsing memory leaks. bz#2182 * ssh(1): add a some debug output before DNS resolution; it's a place where ssh could previously silently stall in cases of unresponsive DNS servers. bz#2433 * ssh(1): remove spurious newline in visual hostkey. bz#2686 * ssh(1): fix printing (ssh -G ...) of HostKeyAlgorithms=+... * ssh(1): fix expansion of HostkeyAlgorithms=+... Documentation ------------- * ssh_config(5), sshd_config(5): update default algorithm lists to match current reality. bz#2527 * ssh(1): mention -Q key-plain and -Q key-cert query options. bz#2455 * sshd_config(8): more clearly describe what AuthorizedKeysFile=none does. * ssh_config(5): better document ExitOnForwardFailure. bz#2444 * sshd(5): mention internal DH-GEX fallback groups in manual. bz#2302 * sshd_config(5): better description for MaxSessions option. bz#2531 Portability ----------- * ssh(1), sftp-server(8), ssh-agent(1), sshd(8): Support Illumos/ Solaris fine-grained privileges. Including a pre-auth privsep sandbox and several pledge() emulations. bz#2511 * Renovate redhat/openssh.spec, removing deprecated options and syntax. * configure: allow --without-ssl-engine with --without-openssl * sshd(8): fix multiple authentication using S/Key. bz#2502 * sshd(8): read back from libcrypto RAND_* before dropping privileges. Avoids sandboxing violations with BoringSSL. * Fix name collision with system-provided glob(3) functions. bz#2463 * Adapt Makefile to use ssh-keygen -A when generating host keys. bz#2459 * configure: correct default value for --with-ssh1 bz#2457 * configure: better detection of _res symbol bz#2259 * support getrandom() syscall on Linux
Pull up blacklistd(8), requested by christos in ticket #711: crypto/external/bsd/openssh/dist/moduli-gen/Makefile up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli-gen.sh up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli.1024 up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli.1536 up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048 up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072 up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096 up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144 up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680 up to 1.1.1.1 crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192 up to 1.1.1.1 crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c up to 1.2 crypto/external/bsd/openssh/dist/kexc25519.c up to 1.3 crypto/external/bsd/openssh/dist/smult_curve25519_ref.c up to 1.3 crypto/external/bsd/openssh/dist/bitmap.c up to 1.2 plus patch crypto/external/bsd/openssh/dist/PROTOCOL.chacha20poly1305 up to 1.1.1.1 crypto/external/bsd/openssh/dist/PROTOCOL.key up to 1.1.1.1 crypto/external/bsd/openssh/dist/blf.h up to 1.1 crypto/external/bsd/openssh/dist/blocks.c up to 1.3 crypto/external/bsd/openssh/dist/blowfish.c up to 1.2 crypto/external/bsd/openssh/dist/chacha.c up to 1.3 crypto/external/bsd/openssh/dist/chacha.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/cipher-aesctr.c up to 1.1.1.2 crypto/external/bsd/openssh/dist/cipher-aesctr.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/cipher-chachapoly.c up to 1.3 crypto/external/bsd/openssh/dist/cipher-chachapoly.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/crypto_api.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/digest-libc.c up to 1.3 crypto/external/bsd/openssh/dist/digest-openssl.c up to 1.3 crypto/external/bsd/openssh/dist/digest.h up to 1.1.1.2 crypto/external/bsd/openssh/dist/ed25519.c up to 1.3 crypto/external/bsd/openssh/dist/fe25519.c up to 1.3 crypto/external/bsd/openssh/dist/fe25519.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/ge25519.c up to 1.3 crypto/external/bsd/openssh/dist/ge25519.h up to 1.1.1.2 crypto/external/bsd/openssh/dist/ge25519_base.data up to 1.1.1.1 crypto/external/bsd/openssh/dist/hash.c up to 1.3 crypto/external/bsd/openssh/dist/hmac.c up to 1.3 crypto/external/bsd/openssh/dist/hmac.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/kexc25519c.c up to 1.3 crypto/external/bsd/openssh/dist/kexc25519s.c up to 1.3 crypto/external/bsd/openssh/dist/poly1305.c up to 1.3 crypto/external/bsd/openssh/dist/poly1305.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/rijndael.c up to 1.1.1.2 crypto/external/bsd/openssh/dist/rijndael.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/sc25519.c up to 1.3 crypto/external/bsd/openssh/dist/sc25519.h up to 1.1.1.1 crypto/external/bsd/openssh/dist/ssh-ed25519.c up to 1.3 crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c up to 1.3 crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c up to 1.3 crypto/external/bsd/openssh/dist/sshbuf-misc.c up to 1.3 crypto/external/bsd/openssh/dist/sshbuf.c up to 1.3 crypto/external/bsd/openssh/dist/sshbuf.h up to 1.4 crypto/external/bsd/openssh/dist/ssherr.c up to 1.3 crypto/external/bsd/openssh/dist/ssherr.h up to 1.1.1.2 crypto/external/bsd/openssh/dist/sshkey.c up to 1.3 crypto/external/bsd/openssh/dist/sshkey.h up to 1.1.1.2 crypto/external/bsd/openssh/dist/verify.c up to 1.3 crypto/external/bsd/openssh/dist/opacket.c up to 1.2 crypto/external/bsd/openssh/dist/umac128.c up to 1.1 crypto/external/bsd/openssh/dist/pfilter.c up to 1.2 crypto/external/bsd/openssh/dist/pfilter.h up to 1.1 crypto/external/bsd/openssh/dist/bitmap.h up to 1.2 crypto/external/bsd/openssh/dist/opacket.h up to 1.2 crypto/external/bsd/openssh/dist/ssh_api.c up to 1.2 crypto/external/bsd/openssh/dist/ssh_api.h up to 1.2 crypto/external/bsd/openssh/dist/auth2-jpake.c delete crypto/external/bsd/openssh/dist/compress.c delete crypto/external/bsd/openssh/dist/compress.h delete crypto/external/bsd/openssh/dist/jpake.c delete crypto/external/bsd/openssh/dist/jpake.h delete crypto/external/bsd/openssh/dist/schnorr.c delete crypto/external/bsd/openssh/dist/schnorr.h delete crypto/external/bsd/openssh/dist/strtonum.c 1.1 crypto/external/bsd/openssh/Makefile.inc up to 1.8 crypto/external/bsd/openssh/bin/Makefile.inc up to 1.3 crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile up to 1.2 crypto/external/bsd/openssh/bin/sshd/Makefile up to 1.12 crypto/external/bsd/openssh/dist/PROTOCOL up to 1.5 crypto/external/bsd/openssh/dist/PROTOCOL.krl up to 1.1.1.2 crypto/external/bsd/openssh/dist/addrmatch.c up to 1.8 crypto/external/bsd/openssh/dist/atomicio.c up to 1.6 crypto/external/bsd/openssh/dist/auth-bsdauth.c up to 1.4 crypto/external/bsd/openssh/dist/auth-chall.c up to 1.6 crypto/external/bsd/openssh/dist/auth-krb5.c up to 1.7 crypto/external/bsd/openssh/dist/auth-options.c up to 1.9 crypto/external/bsd/openssh/dist/auth-options.h up to 1.6 crypto/external/bsd/openssh/dist/auth-passwd.c up to 1.4 crypto/external/bsd/openssh/dist/auth-rh-rsa.c up to 1.6 crypto/external/bsd/openssh/dist/auth-rhosts.c up to 1.5 crypto/external/bsd/openssh/dist/auth-rsa.c up to 1.10 crypto/external/bsd/openssh/dist/auth.c up to 1.12 crypto/external/bsd/openssh/dist/auth.h up to 1.10 crypto/external/bsd/openssh/dist/auth1.c up to 1.11 crypto/external/bsd/openssh/dist/auth2-chall.c up to 1.7 crypto/external/bsd/openssh/dist/auth2-gss.c up to 1.8 crypto/external/bsd/openssh/dist/auth2-hostbased.c up to 1.7 crypto/external/bsd/openssh/dist/auth2-kbdint.c up to 1.5 crypto/external/bsd/openssh/dist/auth2-krb5.c up to 1.4 crypto/external/bsd/openssh/dist/auth2-none.c up to 1.5 crypto/external/bsd/openssh/dist/auth2-passwd.c up to 1.5 crypto/external/bsd/openssh/dist/auth2-pubkey.c up to 1.11 crypto/external/bsd/openssh/dist/auth2.c up to 1.11 crypto/external/bsd/openssh/dist/authfd.c up to 1.8 crypto/external/bsd/openssh/dist/authfd.h up to 1.5 crypto/external/bsd/openssh/dist/authfile.c up to 1.10 crypto/external/bsd/openssh/dist/authfile.h up to 1.6 crypto/external/bsd/openssh/dist/bufaux.c up to 1.7 crypto/external/bsd/openssh/dist/bufbn.c up to 1.5 crypto/external/bsd/openssh/dist/bufec.c up to 1.5 crypto/external/bsd/openssh/dist/buffer.c up to 1.6 crypto/external/bsd/openssh/dist/buffer.h up to 1.7 crypto/external/bsd/openssh/dist/canohost.c up to 1.8 crypto/external/bsd/openssh/dist/channels.c up to 1.13 crypto/external/bsd/openssh/dist/channels.h up to 1.10 crypto/external/bsd/openssh/dist/cipher-3des1.c up to 1.7 crypto/external/bsd/openssh/dist/cipher-bf1.c up to 1.6 crypto/external/bsd/openssh/dist/cipher.c up to 1.7 crypto/external/bsd/openssh/dist/cipher.h up to 1.7 crypto/external/bsd/openssh/dist/clientloop.c up to 1.13 crypto/external/bsd/openssh/dist/compat.c up to 1.9 crypto/external/bsd/openssh/dist/compat.h up to 1.6 crypto/external/bsd/openssh/dist/deattack.c up to 1.4 crypto/external/bsd/openssh/dist/deattack.h up to 1.4 crypto/external/bsd/openssh/dist/dh.c up to 1.8 crypto/external/bsd/openssh/dist/dh.h up to 1.4 crypto/external/bsd/openssh/dist/dispatch.c up to 1.5 crypto/external/bsd/openssh/dist/dispatch.h up to 1.4 crypto/external/bsd/openssh/dist/dns.c up to 1.11 crypto/external/bsd/openssh/dist/dns.h up to 1.6 crypto/external/bsd/openssh/dist/groupaccess.c up to 1.5 crypto/external/bsd/openssh/dist/gss-genr.c up to 1.7 crypto/external/bsd/openssh/dist/gss-serv-krb5.c up to 1.8 crypto/external/bsd/openssh/dist/gss-serv.c up to 1.7 crypto/external/bsd/openssh/dist/hostfile.c up to 1.7 crypto/external/bsd/openssh/dist/hostfile.h up to 1.7 crypto/external/bsd/openssh/dist/includes.h up to 1.4 crypto/external/bsd/openssh/dist/kex.c up to 1.10 crypto/external/bsd/openssh/dist/kex.h up to 1.9 crypto/external/bsd/openssh/dist/kexdh.c up to 1.4 crypto/external/bsd/openssh/dist/kexdhc.c up to 1.6 crypto/external/bsd/openssh/dist/kexdhs.c up to 1.8 crypto/external/bsd/openssh/dist/kexecdh.c up to 1.5 crypto/external/bsd/openssh/dist/kexecdhc.c up to 1.5 crypto/external/bsd/openssh/dist/kexecdhs.c up to 1.5 crypto/external/bsd/openssh/dist/kexgex.c up to 1.4 crypto/external/bsd/openssh/dist/kexgexc.c up to 1.6 crypto/external/bsd/openssh/dist/kexgexs.c up to 1.8 crypto/external/bsd/openssh/dist/key.c up to 1.16 crypto/external/bsd/openssh/dist/key.h up to 1.9 crypto/external/bsd/openssh/dist/krl.c up to 1.5 crypto/external/bsd/openssh/dist/krl.h up to 1.1.1.2 crypto/external/bsd/openssh/dist/mac.c up to 1.11 crypto/external/bsd/openssh/dist/mac.h up to 1.5 crypto/external/bsd/openssh/dist/match.c up to 1.5 crypto/external/bsd/openssh/dist/misc.c up to 1.10 crypto/external/bsd/openssh/dist/misc.h up to 1.9 plus patch crypto/external/bsd/openssh/dist/moduli.c up to 1.8 crypto/external/bsd/openssh/dist/monitor.c up to 1.14 crypto/external/bsd/openssh/dist/monitor.h up to 1.7 crypto/external/bsd/openssh/dist/monitor_fdpass.c up to 1.5 crypto/external/bsd/openssh/dist/monitor_mm.c up to 1.6 crypto/external/bsd/openssh/dist/monitor_mm.h up to 1.4 crypto/external/bsd/openssh/dist/monitor_wrap.c up to 1.11 crypto/external/bsd/openssh/dist/monitor_wrap.h up to 1.8 crypto/external/bsd/openssh/dist/msg.c up to 1.4 crypto/external/bsd/openssh/dist/msg.h up to 1.4 crypto/external/bsd/openssh/dist/mux.c up to 1.11 crypto/external/bsd/openssh/dist/myproposal.h up to 1.10 crypto/external/bsd/openssh/dist/namespace.h up to 1.5 crypto/external/bsd/openssh/dist/packet.c up to 1.18 crypto/external/bsd/openssh/dist/packet.h up to 1.11 crypto/external/bsd/openssh/dist/pathnames.h up to 1.9 crypto/external/bsd/openssh/dist/pkcs11.h up to 1.4 crypto/external/bsd/openssh/dist/progressmeter.c up to 1.7 crypto/external/bsd/openssh/dist/progressmeter.h up to 1.4 crypto/external/bsd/openssh/dist/reallocarray.c new crypto/external/bsd/openssh/dist/readconf.c up to 1.13 crypto/external/bsd/openssh/dist/readconf.h up to 1.12 crypto/external/bsd/openssh/dist/readpass.c up to 1.6 crypto/external/bsd/openssh/dist/roaming_client.c up to 1.7 crypto/external/bsd/openssh/dist/roaming_common.c up to 1.9 crypto/external/bsd/openssh/dist/roaming_dummy.c up to 1.4 crypto/external/bsd/openssh/dist/rsa.c up to 1.5 crypto/external/bsd/openssh/dist/rsa.h up to 1.4 crypto/external/bsd/openssh/dist/sandbox-systrace.c up to 1.1.1.5 crypto/external/bsd/openssh/dist/scp.1 up to 1.9 crypto/external/bsd/openssh/dist/scp.c up to 1.11 crypto/external/bsd/openssh/dist/servconf.c up to 1.17 crypto/external/bsd/openssh/dist/servconf.h up to 1.11 crypto/external/bsd/openssh/dist/serverloop.c up to 1.12 crypto/external/bsd/openssh/dist/session.c up to 1.14 crypto/external/bsd/openssh/dist/session.h up to 1.4 crypto/external/bsd/openssh/dist/sftp-client.c up to 1.13 crypto/external/bsd/openssh/dist/sftp-client.h up to 1.7 crypto/external/bsd/openssh/dist/sftp-common.c up to 1.7 crypto/external/bsd/openssh/dist/sftp-common.h up to 1.5 crypto/external/bsd/openssh/dist/sftp-glob.c up to 1.8 crypto/external/bsd/openssh/dist/sftp-server.8 up to 1.9 crypto/external/bsd/openssh/dist/sftp-server.c up to 1.11 crypto/external/bsd/openssh/dist/sftp.1 up to 1.11 crypto/external/bsd/openssh/dist/sftp.c up to 1.15 crypto/external/bsd/openssh/dist/ssh-add.1 up to 1.9 crypto/external/bsd/openssh/dist/ssh-add.c up to 1.10 crypto/external/bsd/openssh/dist/ssh-agent.1 up to 1.8 crypto/external/bsd/openssh/dist/ssh-agent.c up to 1.14 crypto/external/bsd/openssh/dist/ssh-dss.c up to 1.7 crypto/external/bsd/openssh/dist/ssh-ecdsa.c up to 1.6 crypto/external/bsd/openssh/dist/ssh-gss.h up to 1.5 crypto/external/bsd/openssh/dist/ssh-keygen.1 up to 1.13 crypto/external/bsd/openssh/dist/ssh-keygen.c up to 1.16 crypto/external/bsd/openssh/dist/ssh-keyscan.1 up to 1.10 crypto/external/bsd/openssh/dist/ssh-keyscan.c up to 1.13 crypto/external/bsd/openssh/dist/ssh-keysign.8 up to 1.9 crypto/external/bsd/openssh/dist/ssh-keysign.c up to 1.8 crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c up to 1.6 crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c up to 1.8 crypto/external/bsd/openssh/dist/ssh-pkcs11.c up to 1.7 crypto/external/bsd/openssh/dist/ssh-pkcs11.h up to 1.4 crypto/external/bsd/openssh/dist/ssh-rsa.c up to 1.7 crypto/external/bsd/openssh/dist/ssh.1 up to 1.14 crypto/external/bsd/openssh/dist/ssh.c up to 1.16 crypto/external/bsd/openssh/dist/ssh2.h up to 1.6 crypto/external/bsd/openssh/dist/ssh_config up to 1.8 crypto/external/bsd/openssh/dist/ssh_config.5 up to 1.13 crypto/external/bsd/openssh/dist/sshconnect.c up to 1.11 crypto/external/bsd/openssh/dist/sshconnect.h up to 1.6 crypto/external/bsd/openssh/dist/sshconnect1.c up to 1.6 crypto/external/bsd/openssh/dist/sshconnect2.c up to 1.19 crypto/external/bsd/openssh/dist/sshd.8 up to 1.13 crypto/external/bsd/openssh/dist/sshd.c up to 1.18 crypto/external/bsd/openssh/dist/sshd_config up to 1.13 crypto/external/bsd/openssh/dist/sshd_config.5 up to 1.17 crypto/external/bsd/openssh/dist/sshlogin.c up to 1.6 crypto/external/bsd/openssh/dist/sshpty.c up to 1.4 crypto/external/bsd/openssh/dist/uidswap.c up to 1.4 crypto/external/bsd/openssh/dist/umac.c up to 1.9 crypto/external/bsd/openssh/dist/version.h up to 1.14 crypto/external/bsd/openssh/dist/xmalloc.c up to 1.5 crypto/external/bsd/openssh/lib/Makefile up to 1.17 plus patch crypto/external/bsd/openssh/lib/shlib_version up to 1.13 distrib/sets/lists/base/ad.aarch64 patch distrib/sets/lists/base/ad.arm patch distrib/sets/lists/base/ad.mips patch distrib/sets/lists/base/ad.powerpc patch distrib/sets/lists/base/md.amd64 patch distrib/sets/lists/base/md.sparc64 patch distrib/sets/lists/base/mi patch distrib/sets/lists/base/shl.mi patch distrib/sets/lists/comp/ad.aarch64 patch distrib/sets/lists/comp/ad.arm patch distrib/sets/lists/comp/ad.mips patch distrib/sets/lists/comp/ad.powerpc patch distrib/sets/lists/comp/md.amd64 patch distrib/sets/lists/comp/md.sparc64 patch distrib/sets/lists/comp/mi patch distrib/sets/lists/comp/shl.mi patch distrib/sets/lists/debug/ad.aarch64 patch distrib/sets/lists/debug/ad.arm patch distrib/sets/lists/debug/ad.mips patch distrib/sets/lists/debug/ad.powerpc patch distrib/sets/lists/debug/md.amd64 patch distrib/sets/lists/debug/md.sparc64 patch distrib/sets/lists/debug/shl.mi patch distrib/sets/lists/etc/mi patch distrib/sets/lists/man/mi patch etc/defaults/rc.conf 1.130 etc/mtree/NetBSD.dist.base 1.142 external/bsd/Makefile up to 1.48 external/bsd/blacklist/bin/Makefile up to 1.11 plus patch external/bsd/blacklist/bin/blacklistctl.8 up to 1.6 external/bsd/blacklist/bin/blacklistctl.c up to 1.17 external/bsd/blacklist/bin/blacklistd.8 up to 1.10 external/bsd/blacklist/bin/blacklistd.c up to 1.32 external/bsd/blacklist/bin/blacklistd.conf.5 up to 1.2 external/bsd/blacklist/bin/conf.c up to 1.18 external/bsd/blacklist/bin/conf.h up to 1.6 external/bsd/blacklist/bin/internal.c up to 1.5 external/bsd/blacklist/bin/internal.h up to 1.12 external/bsd/blacklist/bin/run.c up to 1.12 external/bsd/blacklist/bin/run.h up to 1.5 external/bsd/blacklist/bin/state.c up to 1.15 external/bsd/blacklist/bin/state.h up to 1.5 external/bsd/blacklist/bin/support.c up to 1.6 external/bsd/blacklist/bin/support.h up to 1.5 external/bsd/blacklist/etc/rc.d/Makefile up to 1.1 external/bsd/blacklist/etc/rc.d/blacklistd up to 1.1 external/bsd/blacklist/etc/Makefile up to 1.3 external/bsd/blacklist/etc/blacklistd.conf up to 1.3 external/bsd/blacklist/etc/npf.conf up to 1.1 external/bsd/blacklist/Makefile up to 1.2 external/bsd/blacklist/Makefile.inc up to 1.3 external/bsd/blacklist/README up to 1.7 external/bsd/blacklist/TODO up to 1.7 external/bsd/blacklist/diff/ftpd.diff up to 1.1 external/bsd/blacklist/diff/named.diff up to 1.6 external/bsd/blacklist/diff/ssh.diff up to 1.6 external/bsd/blacklist/include/Makefile up to 1.1 external/bsd/blacklist/include/bl.h up to 1.12 external/bsd/blacklist/include/blacklist.h up to 1.3 external/bsd/blacklist/include/config.h new external/bsd/blacklist/lib/Makefile up to 1.3 external/bsd/blacklist/lib/bl.c up to 1.24 external/bsd/blacklist/lib/blacklist.c up to 1.5 external/bsd/blacklist/lib/libblacklist.3 up to 1.3 external/bsd/blacklist/lib/shlib_version up to 1.1 external/bsd/blacklist/libexec/Makefile up to 1.1 external/bsd/blacklist/libexec/blacklistd-helper up to 1.4 external/bsd/blacklist/port/m4/.cvsignore up to 1.1 external/bsd/blacklist/port/Makefile.am up to 1.4 external/bsd/blacklist/port/_strtoi.h up to 1.1 external/bsd/blacklist/port/clock_gettime.c up to 1.2 external/bsd/blacklist/port/configure.ac up to 1.7 external/bsd/blacklist/port/fgetln.c up to 1.1 external/bsd/blacklist/port/fparseln.c up to 1.1 external/bsd/blacklist/port/getprogname.c up to 1.4 external/bsd/blacklist/port/pidfile.c up to 1.1 external/bsd/blacklist/port/popenve.c up to 1.2 external/bsd/blacklist/port/port.h up to 1.6 external/bsd/blacklist/port/sockaddr_snprintf.c up to 1.9 external/bsd/blacklist/port/strlcat.c up to 1.2 external/bsd/blacklist/port/strlcpy.c up to 1.2 external/bsd/blacklist/port/strtoi.c up to 1.3 external/bsd/blacklist/test/Makefile up to 1.2 external/bsd/blacklist/test/cltest.c up to 1.6 external/bsd/blacklist/test/srvtest.c up to 1.9 lib/libpam/modules/pam_ssh/pam_ssh.c up to 1.23 libexec/ftpd/pfilter.c up to 1.1 libexec/ftpd/pfilter.h up to 1.1 libexec/ftpd/Makefile up to 1.64 libexec/ftpd/ftpd.c up to 1.201 Add blacklistd(8), a daemon to block and release network ports on demand to mitigate abuse, and related changes to system daemons to support it. [christos, ticket #711]
Merge conflicts
merge openssh-6.7
Changes since OpenSSH 6.6 ========================= Potentially-incompatible changes * sshd(8): The default set of ciphers and MACs has been altered to remove unsafe algorithms. In particular, CBC ciphers and arcfour* are disabled by default. The full set of algorithms remains available if configured explicitly via the Ciphers and MACs sshd_config options. * sshd(8): Support for tcpwrappers/libwrap has been removed. * OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections using the curve25519-sha256@libssh.org KEX exchange method to fail when connecting with something that implements the specification correctly. OpenSSH 6.7 disables this KEX method when speaking to one of the affected versions. New Features * Major internal refactoring to begin to make part of OpenSSH usable as a library. So far the wire parsing, key handling and KRL code has been refactored. Please note that we do not consider the API stable yet, nor do we offer the library in separable form. * ssh(1), sshd(8): Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. * ssh(1), ssh-keygen(1): Add support for SSHFP DNS records for ED25519 key types. * sftp(1): Allow resumption of interrupted uploads. * ssh(1): When rekeying, skip file/DNS lookups of the hostkey if it is the same as the one sent during initial key exchange; bz#2154 * sshd(8): Allow explicit ::1 and 127.0.0.1 forwarding bind addresses when GatewayPorts=no; allows client to choose address family; bz#2222 * sshd(8): Add a sshd_config PermitUserRC option to control whether ~/.ssh/rc is executed, mirroring the no-user-rc authorized_keys option; bz#2160 * ssh(1): Add a %C escape sequence for LocalCommand and ControlPath that expands to a unique identifer based on a hash of the tuple of (local host, remote user, hostname, port). Helps avoid exceeding miserly pathname limits for Unix domain sockets in multiplexing control paths; bz#2220 * sshd(8): Make the "Too many authentication failures" message include the user, source address, port and protocol in a format similar to the authentication success / failure messages; bz#2199 * Added unit and fuzz tests for refactored code. These are run automatically in portable OpenSSH via the "make tests" target. Bugfixes * sshd(8): Fix remote forwarding with the same listen port but different listen address. * ssh(1): Fix inverted test that caused PKCS#11 keys that were explicitly listed in ssh_config or on the commandline not to be preferred. * ssh-keygen(1): Fix bug in KRL generation: multiple consecutive revoked certificate serial number ranges could be serialised to an invalid format. Readers of a broken KRL caused by this bug will fail closed, so no should-have-been-revoked key will be accepted. * ssh(1): Reflect stdio-forward ("ssh -W host:port ...") failures in exit status. Previously we were always returning 0; bz#2255 * ssh(1), ssh-keygen(1): Make Ed25519 keys' title fit properly in the randomart border; bz#2247 * ssh-agent(1): Only cleanup agent socket in the main agent process and not in any subprocesses it may have started (e.g. forked askpass). Fixes agent sockets being zapped when askpass processes fatal(); bz#2236 * ssh-add(1): Make stdout line-buffered; saves partial output getting lost when ssh-add fatal()s part-way through (e.g. when listing keys from an agent that supports key types that ssh-add doesn't); bz#2234 * ssh-keygen(1): When hashing or removing hosts, don't choke on @revoked markers and don't remove @cert-authority markers; bz#2241 * ssh(1): Don't fatal when hostname canonicalisation fails and a ProxyCommand is in use; continue and allow the ProxyCommand to connect anyway (e.g. to a host with a name outside the DNS behind a bastion) * scp(1): When copying local->remote fails during read, don't send uninitialised heap to the remote end. * sftp(1): Fix fatal "el_insertstr failed" errors when tab-completing filenames with a single quote char somewhere in the string; bz#2238 * ssh-keyscan(1): Scan for Ed25519 keys by default. * ssh(1): When using VerifyHostKeyDNS with a DNSSEC resolver, down- convert any certificate keys to plain keys and attempt SSHFP resolution. Prevents a server from skipping SSHFP lookup and forcing a new-hostkey dialog by offering only certificate keys. * sshd(8): Avoid crash at exit via NULL pointer reference; bz#2225 * Fix some strict-alignment errors. Portable OpenSSH * Portable OpenSSH now supports building against libressl-portable. * Portable OpenSSH now requires openssl 0.9.8f or greater. Older versions are no longer supported. * In the OpenSSL version check, allow fix version upgrades (but not downgrades. Debian bug #748150. * sshd(8): On Cygwin, determine privilege separation user at runtime, since it may need to be a domain account. * sshd(8): Don't attempt to use vhangup on Linux. It doesn't work for non-root users, and for them it just messes up the tty settings. * Use CLOCK_BOOTTIME in preference to CLOCK_MONOTONIC when it is available. It considers time spent suspended, thereby ensuring timeouts (e.g. for expiring agent keys) fire correctly. bz#2228 * Add support for ed25519 to opensshd.init init script. * sftp-server(8): On platforms that support it, use prctl() to prevent sftp-server from accessing /proc/self/{mem,maps} Changes since OpenSSH 6.5 ========================= This is primarily a bugfix release. Security: * sshd(8): when using environment passing with a sshd_config(5) AcceptEnv pattern with a wildcard. OpenSSH prior to 6.6 could be tricked into accepting any enviornment variable that contains the characters before the wildcard character. New / changed features: * ssh(1), sshd(8): this release removes the J-PAKE authentication code. This code was experimental, never enabled and had been unmaintained for some time. * ssh(1): when processing Match blocks, skip 'exec' clauses other clauses predicates failed to match. * ssh(1): if hostname canonicalisation is enabled and results in the destination hostname being changed, then re-parse ssh_config(5) files using the new destination hostname. This gives 'Host' and 'Match' directives that use the expanded hostname a chance to be applied. Bugfixes: * ssh(1): avoid spurious "getsockname failed: Bad file descriptor" in ssh -W. bz#2200, debian#738692 * sshd(8): allow the shutdown(2) syscall in seccomp-bpf and systrace sandbox modes, as it is reachable if the connection is terminated during the pre-auth phase. * ssh(1), sshd(8): fix unsigned overflow that in SSH protocol 1 bignum parsing. Minimum key length checks render this bug unexploitable to compromise SSH 1 sessions. * sshd_config(5): clarify behaviour of a keyword that appears in multiple matching Match blocks. bz#2184 * ssh(1): avoid unnecessary hostname lookups when canonicalisation is disabled. bz#2205 * sshd(8): avoid sandbox violation crashes in GSSAPI code by caching the supported list of GSSAPI mechanism OIDs before entering the sandbox. bz#2107 * ssh(1): fix possible crashes in SOCKS4 parsing caused by assumption that the SOCKS username is nul-terminated. * ssh(1): fix regression for UsePrivilegedPort=yes when BindAddress is not specified. * ssh(1), sshd(8): fix memory leak in ECDSA signature verification. * ssh(1): fix matching of 'Host' directives in ssh_config(5) files to be case-insensitive again (regression in 6.5). Portable OpenSSH: * sshd(8): don't fatal if the FreeBSD Capsicum is offered by the system headers and libc but is not supported by the kernel. * Fix build using the HP-UX compiler. Changes since OpenSSH 6.4 ========================= This is a feature-focused release. New features: * ssh(1), sshd(8): Add support for key exchange using elliptic-curve Diffie Hellman in Daniel Bernstein's Curve25519. This key exchange method is the default when both the client and server support it. * ssh(1), sshd(8): Add support for Ed25519 as a public key type. Ed25519 is a elliptic curve signature scheme that offers better security than ECDSA and DSA and good performance. It may be used for both user and host keys. * Add a new private key format that uses a bcrypt KDF to better protect keys at rest. This format is used unconditionally for Ed25519 keys, but may be requested when generating or saving existing keys of other types via the -o ssh-keygen(1) option. We intend to make the new format the default in the near future. Details of the new format are in the PROTOCOL.key file. * ssh(1), sshd(8): Add a new transport cipher "chacha20-poly1305@openssh.com" that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode. Details are in the PROTOCOL.chacha20poly1305 file. * ssh(1), sshd(8): Refuse RSA keys from old proprietary clients and servers that use the obsolete RSA+MD5 signature scheme. It will still be possible to connect with these clients/servers but only DSA keys will be accepted, and OpenSSH will refuse connection entirely in a future release. * ssh(1), sshd(8): Refuse old proprietary clients and servers that use a weaker key exchange hash calculation. * ssh(1): Increase the size of the Diffie-Hellman groups requested for each symmetric key size. New values from NIST Special Publication 800-57 with the upper limit specified by RFC4419. * ssh(1), ssh-agent(1): Support PKCS#11 tokens that only provide X.509 certs instead of raw public keys (requested as bz#1908). * ssh(1): Add a ssh_config(5) "Match" keyword that allows conditional configuration to be applied by matching on hostname, user and result of arbitrary commands. * ssh(1): Add support for client-side hostname canonicalisation using a set of DNS suffixes and rules in ssh_config(5). This allows unqualified names to be canonicalised to fully-qualified domain names to eliminate ambiguity when looking up keys in known_hosts or checking host certificate names. * sftp-server(8): Add the ability to whitelist and/or blacklist sftp protocol requests by name. * sftp-server(8): Add a sftp "fsync@openssh.com" to support calling fsync(2) on an open file handle. * sshd(8): Add a ssh_config(5) PermitTTY to disallow TTY allocation, mirroring the longstanding no-pty authorized_keys option. * ssh(1): Add a ssh_config ProxyUseFDPass option that supports the use of ProxyCommands that establish a connection and then pass a connected file descriptor back to ssh(1). This allows the ProxyCommand to exit rather than staying around to transfer data. Bugfixes: * ssh(1), sshd(8): Fix potential stack exhaustion caused by nested certificates. * ssh(1): bz#1211: make BindAddress work with UsePrivilegedPort. * sftp(1): bz#2137: fix the progress meter for resumed transfer. * ssh-add(1): bz#2187: do not request smartcard PIN when removing keys from ssh-agent. * sshd(8): bz#2139: fix re-exec fallback when original sshd binary cannot be executed. * ssh-keygen(1): Make relative-specified certificate expiry times relative to current time and not the validity start time. * sshd(8): bz#2161: fix AuthorizedKeysCommand inside a Match block. * sftp(1): bz#2129: symlinking a file would incorrectly canonicalise the target path. * ssh-agent(1): bz#2175: fix a use-after-free in the PKCS#11 agent helper executable. * sshd(8): Improve logging of sessions to include the user name, remote host and port, the session type (shell, command, etc.) and allocated TTY (if any). * sshd(8): bz#1297: tell the client (via a debug message) when their preferred listen address has been overridden by the server's GatewayPorts setting. * sshd(8): bz#2162: include report port in bad protocol banner message. * sftp(1): bz#2163: fix memory leak in error path in do_readdir(). * sftp(1): bz#2171: don't leak file descriptor on error. * sshd(8): Include the local address and port in "Connection from ..." message (only shown at loglevel>=verbose). Portable OpenSSH: * Please note that this is the last version of Portable OpenSSH that will support versions of OpenSSL prior to 0.9.6. Support (i.e. SSH_OLD_EVP) will be removed following the 6.5p1 release. * Portable OpenSSH will attempt compile and link as a Position Independent Executable on Linux, OS X and OpenBSD on recent gcc- like compilers. Other platforms and older/other compilers may request this using the --with-pie configure flag. * A number of other toolchain-related hardening options are used automatically if available, including -ftrapv to abort on signed integer overflow and options to write-protect dynamic linking information. The use of these options may be disabled using the --without-hardening configure flag. * If the toolchain supports it, one of the -fstack-protector-strong, -fstack-protector-all or -fstack-protector compilation flag are used to add guards to mitigate attacks based on stack overflows. The use of these options may be disabled using the --without-stackprotect configure option. * sshd(8): Add support for pre-authentication sandboxing using the Capsicum API introduced in FreeBSD 10. * Switch to a ChaCha20-based arc4random() PRNG for platforms that do not provide their own. * sshd(8): bz#2156: restore Linux oom_adj setting when handling SIGHUP to maintain behaviour over retart. * sshd(8): bz#2032: use local username in krb5_kuserok check rather than full client name which may be of form user@REALM. * ssh(1), sshd(8): Test for both the presence of ECC NID numbers in OpenSSL and that they actually work. Fedora (at least) has NID_secp521r1 that doesn't work. * bz#2173: use pkg-config --libs to include correct -L location for libedit.
Rebase to HEAD as of a few days ago.
sync with head. for a reference, the tree before this commit was tagged as yamt-pagecache-tag8. this commit was splitted into small chunks to avoid a limitation of cvs. ("Protocol error: too many arguments")
merge conflicts.
Import new openssh to address Changes since OpenSSH 6.3 ========================= This release fixes a security bug: * sshd(8): fix a memory corruption problem triggered during rekeying when an AES-GCM cipher is selected. Full details of the vulnerability are available at: http://www.openssh.com/txt/gcmrekey.adv Checksums: ========== - SHA1 (openssh-6.4.tar.gz) = 4caf1a50eb3a3da821c16298c4aaa576fe24210c - SHA1 (openssh-6.4p1.tar.gz) = cf5fe0eb118d7e4f9296fbc5d6884965885fc55d Reporting Bugs: =============== - Please read http://www.openssh.com/report.html Security bugs should be reported directly to openssh@openssh.com OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and Ben Lindstrom.
sync with HEAD
Use Mt for email addresses.
- Merge conflicts - WARNS=5
from ftp.openbsd.org
Resolve conflicts
Imported openssh-5.6
Fix .Dd format.
Merge in our changes: - conditionalize login_cap - conditionalize bsd_auth - bring in pam from portable - restore krb5, krb4, afs, skey - bring in hpn patches, disable mt aes cipher, keep speedups and cipher none - add ignore root rhosts option - fix ctype macro arguments - umac is broken, disable it - better ~homedir handling - netbsd style tunnels - urandom, xhome, chrootdir, rescuedir NetBSD handling - utmp/utmpx handling - handle tty posix_vdisable properly - handle setuid and unsetuid the posix way instead of setresuid() - add all missing functions - add new moduli - add build glue
import 5.2 from ftp.openbsd.org
Initial revision