Commit d994eeed authored by Dag-Erling Smørgrav's avatar Dag-Erling Smørgrav
Browse files

Vendor import of OpenSSH 7.0p1

parent b5a1b3a8
This diff is collapsed.
......@@ -65,8 +65,8 @@ these programs.
packets. CRC code comes from crc32.c.
- The code in packet.c calls the buffer manipulation routines
(buffer.c, bufaux.c), compression routines (compress.c, zlib),
and the encryption routines.
(buffer.c, bufaux.c), compression routines (zlib), and the
encryption routines.
X11, TCP/IP, and Agent forwarding
......@@ -165,4 +165,4 @@ these programs.
uidswap.c uid-swapping
xmalloc.c "safe" malloc routines
$OpenBSD: OVERVIEW,v 1.11 2006/08/03 03:34:41 deraadt Exp $
$OpenBSD: OVERVIEW,v 1.12 2015/07/08 19:01:15 markus Exp $
......@@ -247,7 +247,6 @@ to request that the server make a connection to a Unix domain socket.
uint32 initial window size
uint32 maximum packet size
string socket path
string reserved for future use
Similar to forwarded-tcpip, forwarded-streamlocal is sent by the
server when the client has previously send the server a streamlocal-forward
......@@ -453,4 +452,4 @@ respond with a SSH_FXP_STATUS message.
This extension is advertised in the SSH_FXP_VERSION hello with version
"1".
$OpenBSD: PROTOCOL,v 1.28 2015/05/08 03:56:51 djm Exp $
$OpenBSD: PROTOCOL,v 1.29 2015/07/17 03:09:19 djm Exp $
......@@ -116,6 +116,12 @@ A client may request the master to establish a port forward:
forwarding type may be MUX_FWD_LOCAL, MUX_FWD_REMOTE, MUX_FWD_DYNAMIC.
If listen port is (unsigned int) -2, then the listen host is treated as
a unix socket path name.
If connect port is (unsigned int) -2, then the connect host is treated
as a unix socket path name.
A server may reply with a MUX_S_OK, a MUX_S_REMOTE_PORT, a
MUX_S_PERMISSION_DENIED or a MUX_S_FAILURE.
......@@ -219,4 +225,4 @@ XXX inject packet (what about replies)
XXX server->client error/warning notifications
XXX send signals via mux
$OpenBSD: PROTOCOL.mux,v 1.9 2012/06/01 00:49:35 djm Exp $
$OpenBSD: PROTOCOL.mux,v 1.10 2015/07/17 03:04:27 djm Exp $
See http://www.openssh.com/txt/release-6.9 for the release notes.
See http://www.openssh.com/txt/release-7.0 for the release notes.
- A Japanese translation of this document and of the OpenSSH FAQ is
- available at http://www.unixuser.org/~haruyama/security/openssh/index.html
......
/* $OpenBSD: addrmatch.c,v 1.9 2014/01/19 11:21:51 dtucker Exp $ */
/* $OpenBSD: addrmatch.c,v 1.10 2015/07/08 19:04:21 markus Exp $ */
/*
* Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org>
......@@ -31,7 +31,6 @@
#include "match.h"
#include "log.h"
#include "xmalloc.h"
struct xaddr {
sa_family_t af;
......
/* $OpenBSD: auth-options.c,v 1.67 2015/05/01 03:20:54 djm Exp $ */
/* $OpenBSD: auth-options.c,v 1.68 2015/07/03 03:43:18 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
......@@ -588,35 +588,21 @@ auth_cert_options(struct sshkey *k, struct passwd *pw)
char *cert_forced_command = NULL;
int cert_source_address_done = 0;
if (sshkey_cert_is_legacy(k)) {
/* All options are in the one field for v00 certs */
if (parse_option_list(k->cert->critical, pw,
OPTIONS_CRITICAL|OPTIONS_EXTENSIONS, 1,
&cert_no_port_forwarding_flag,
&cert_no_agent_forwarding_flag,
&cert_no_x11_forwarding_flag,
&cert_no_pty_flag,
&cert_no_user_rc,
&cert_forced_command,
&cert_source_address_done) == -1)
return -1;
} else {
/* Separate options and extensions for v01 certs */
if (parse_option_list(k->cert->critical, pw,
OPTIONS_CRITICAL, 1, NULL, NULL, NULL, NULL, NULL,
&cert_forced_command,
&cert_source_address_done) == -1)
return -1;
if (parse_option_list(k->cert->extensions, pw,
OPTIONS_EXTENSIONS, 0,
&cert_no_port_forwarding_flag,
&cert_no_agent_forwarding_flag,
&cert_no_x11_forwarding_flag,
&cert_no_pty_flag,
&cert_no_user_rc,
NULL, NULL) == -1)
return -1;
}
/* Separate options and extensions for v01 certs */
if (parse_option_list(k->cert->critical, pw,
OPTIONS_CRITICAL, 1, NULL, NULL, NULL, NULL, NULL,
&cert_forced_command,
&cert_source_address_done) == -1)
return -1;
if (parse_option_list(k->cert->extensions, pw,
OPTIONS_EXTENSIONS, 0,
&cert_no_port_forwarding_flag,
&cert_no_agent_forwarding_flag,
&cert_no_x11_forwarding_flag,
&cert_no_pty_flag,
&cert_no_user_rc,
NULL, NULL) == -1)
return -1;
no_port_forwarding_flag |= cert_no_port_forwarding_flag;
no_agent_forwarding_flag |= cert_no_agent_forwarding_flag;
......
/* $OpenBSD: auth.c,v 1.111 2015/05/01 04:17:51 djm Exp $ */
/* $OpenBSD: auth.c,v 1.112 2015/08/06 14:53:21 deraadt Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
......@@ -352,7 +352,9 @@ auth_root_allowed(const char *method)
case PERMIT_YES:
return 1;
case PERMIT_NO_PASSWD:
if (strcmp(method, "password") != 0)
if (strcmp(method, "publickey") == 0 ||
strcmp(method, "hostbased") == 0 ||
strcmp(method, "gssapi-with-mic"))
return 1;
break;
case PERMIT_FORCED_ONLY:
......
/* $OpenBSD: auth2-chall.c,v 1.42 2015/01/19 20:07:45 markus Exp $ */
/* $OpenBSD: auth2-chall.c,v 1.43 2015/07/18 07:57:14 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2001 Per Allansson. All rights reserved.
......@@ -83,6 +83,7 @@ struct KbdintAuthctxt
void *ctxt;
KbdintDevice *device;
u_int nreq;
u_int devices_done;
};
#ifdef USE_PAM
......@@ -169,11 +170,15 @@ kbdint_next_device(Authctxt *authctxt, KbdintAuthctxt *kbdintctxt)
if (len == 0)
break;
for (i = 0; devices[i]; i++) {
if (!auth2_method_allowed(authctxt,
if ((kbdintctxt->devices_done & (1 << i)) != 0 ||
!auth2_method_allowed(authctxt,
"keyboard-interactive", devices[i]->name))
continue;
if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0)
if (strncmp(kbdintctxt->devices, devices[i]->name,
len) == 0) {
kbdintctxt->device = devices[i];
kbdintctxt->devices_done |= 1 << i;
}
}
t = kbdintctxt->devices;
kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;
......
/* $OpenBSD: authfd.c,v 1.97 2015/03/26 19:32:19 markus Exp $ */
/* $OpenBSD: authfd.c,v 1.98 2015/07/03 03:43:18 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
......@@ -560,10 +560,8 @@ ssh_add_identity_constrained(int sock, struct sshkey *key, const char *comment,
#ifdef WITH_OPENSSL
case KEY_RSA:
case KEY_RSA_CERT:
case KEY_RSA_CERT_V00:
case KEY_DSA:
case KEY_DSA_CERT:
case KEY_DSA_CERT_V00:
case KEY_ECDSA:
case KEY_ECDSA_CERT:
#endif
......
/* $OpenBSD: authfile.c,v 1.114 2015/04/17 13:32:09 djm Exp $ */
/* $OpenBSD: authfile.c,v 1.116 2015/07/09 09:49:46 markus Exp $ */
/*
* Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
*
......@@ -39,13 +39,13 @@
#include <limits.h>
#include "cipher.h"
#include "key.h"
#include "ssh.h"
#include "log.h"
#include "authfile.h"
#include "rsa.h"
#include "misc.h"
#include "atomicio.h"
#include "sshkey.h"
#include "sshbuf.h"
#include "ssherr.h"
#include "krl.h"
......@@ -448,8 +448,8 @@ sshkey_load_private_cert(int type, const char *filename, const char *passphrase,
case KEY_RSA:
case KEY_DSA:
case KEY_ECDSA:
case KEY_ED25519:
#endif /* WITH_OPENSSL */
case KEY_ED25519:
case KEY_UNSPEC:
break;
default:
......@@ -467,7 +467,7 @@ sshkey_load_private_cert(int type, const char *filename, const char *passphrase,
goto out;
}
if ((r = sshkey_to_certified(key, sshkey_cert_is_legacy(cert))) != 0 ||
if ((r = sshkey_to_certified(key)) != 0 ||
(r = sshkey_cert_copy(cert, key)) != 0)
goto out;
r = 0;
......
/* $OpenBSD: cipher.h,v 1.47 2015/01/14 10:24:42 markus Exp $ */
/* $OpenBSD: cipher.h,v 1.48 2015/07/08 19:09:25 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
......@@ -72,9 +72,6 @@ struct sshcipher_ctx {
const struct sshcipher *cipher;
};
typedef struct sshcipher Cipher;
typedef struct sshcipher_ctx CipherContext;
u_int cipher_mask_ssh1(int);
const struct sshcipher *cipher_by_name(const char *);
const struct sshcipher *cipher_by_number(int);
......
/* $OpenBSD: clientloop.c,v 1.274 2015/07/01 02:26:31 djm Exp $ */
/* $OpenBSD: clientloop.c,v 1.275 2015/07/10 06:21:53 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
......@@ -100,6 +100,7 @@
#include "key.h"
#include "cipher.h"
#include "kex.h"
#include "myproposal.h"
#include "log.h"
#include "misc.h"
#include "readconf.h"
......@@ -2362,10 +2363,11 @@ client_input_hostkeys(void)
debug3("%s: received %s key %s", __func__,
sshkey_type(key), fp);
free(fp);
/* Check that the key is accepted in HostkeyAlgorithms */
if (options.hostkeyalgorithms != NULL &&
match_pattern_list(sshkey_ssh_name(key),
options.hostkeyalgorithms, 0) != 1) {
if (match_pattern_list(sshkey_ssh_name(key),
options.hostkeyalgorithms ? options.hostkeyalgorithms :
KEX_DEFAULT_PK_ALG, 0) != 1) {
debug3("%s: %s key not permitted by HostkeyAlgorithms",
__func__, sshkey_ssh_name(key));
continue;
......
/* $OpenBSD: compat.c,v 1.94 2015/05/26 23:23:40 dtucker Exp $ */
/* $OpenBSD: compat.c,v 1.96 2015/07/28 23:20:42 djm Exp $ */
/*
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
*
......@@ -152,7 +152,8 @@ compat_datafellows(const char *version)
"1.2.22*", SSH_BUG_IGNOREMSG },
{ "1.3.2*", /* F-Secure */
SSH_BUG_IGNOREMSG },
{ "Cisco-1.*", SSH_BUG_DHGEX_LARGE },
{ "Cisco-1.*", SSH_BUG_DHGEX_LARGE|
SSH_BUG_HOSTKEYS },
{ "*SSH Compatible Server*", /* Netscreen */
SSH_BUG_PASSWORDPAD },
{ "*OSU_0*,"
......@@ -166,7 +167,8 @@ compat_datafellows(const char *version)
"OSU_1.5alpha3*", SSH_BUG_PASSWORDPAD },
{ "*SSH_Version_Mapper*",
SSH_BUG_SCANNER },
{ "PuTTY-Release-0.5*," /* 0.50-0.57, DH-GEX in >=0.52 */
{ "PuTTY_Local:*," /* dev versions < Sep 2014 */
"PuTTY-Release-0.5*," /* 0.50-0.57, DH-GEX in >=0.52 */
"PuTTY_Release_0.5*," /* 0.58-0.59 */
"PuTTY_Release_0.60*,"
"PuTTY_Release_0.61*,"
......
......@@ -48,7 +48,7 @@
against it */
#undef BROKEN_READ_COMPARISON
/* Define if you have a broken realpath. */
/* realpath does not work with nonexistent files */
#undef BROKEN_REALPATH
/* Needed for NeXT */
......
......@@ -5771,7 +5771,7 @@ fi
 
 
openssl=yes
ssh1=yes
ssh1=no
 
# Check whether --with-openssl was given.
if test "${with_openssl+set}" = set; then
......@@ -16522,7 +16522,6 @@ fi
 
 
 
 
 
for ac_func in \
......@@ -16585,7 +16584,6 @@ for ac_func in \
pstat \
readpassphrase \
reallocarray \
realpath \
recvmsg \
rresvport_af \
sendmsg \
......@@ -18682,6 +18680,174 @@ done
 
 
 
for ac_func in realpath
do
as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
{ echo "$as_me:$LINENO: checking for $ac_func" >&5
echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
For example, HP-UX 11i <limits.h> declares gettimeofday. */
#define $ac_func innocuous_$ac_func
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char $ac_func (); below.
Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
<limits.h> exists even on freestanding compilers. */
#ifdef __STDC__
# include <limits.h>
#else
# include <assert.h>
#endif
#undef $ac_func
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
#ifdef __cplusplus
extern "C"
#endif
char $ac_func ();
/* The GNU C library defines this for functions which it implements
to always fail with ENOSYS. Some functions are actually named
something starting with __ and the normal name is an alias. */
#if defined __stub_$ac_func || defined __stub___$ac_func
choke me
#endif
int
main ()
{
return $ac_func ();
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext conftest$ac_exeext
if { (ac_try="$ac_link"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
(eval "$ac_link") 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } && {
test -z "$ac_c_werror_flag" ||
test ! -s conftest.err
} && test -s conftest$ac_exeext &&
$as_test_x conftest$ac_exeext; then
eval "$as_ac_var=yes"
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
eval "$as_ac_var=no"
fi
rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
conftest$ac_exeext conftest.$ac_ext
fi
ac_res=`eval echo '${'$as_ac_var'}'`
{ echo "$as_me:$LINENO: result: $ac_res" >&5
echo "${ECHO_T}$ac_res" >&6; }
if test `eval echo '${'$as_ac_var'}'` = yes; then
cat >>confdefs.h <<_ACEOF
#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
_ACEOF
{ echo "$as_me:$LINENO: checking if realpath works with non-existent files" >&5
echo $ECHO_N "checking if realpath works with non-existent files... $ECHO_C" >&6; }
if test "$cross_compiling" = yes; then
{ echo "$as_me:$LINENO: WARNING: cross compiling: assuming working" >&5
echo "$as_me: WARNING: cross compiling: assuming working" >&2;}
else
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
#include <limits.h>
#include <stdlib.h>
#include <errno.h>
int
main ()
{
char buf[PATH_MAX];
if (realpath("/opensshnonexistentfilename1234", buf) == NULL)
if (errno == ENOENT)
exit(1);
exit(0);
;
return 0;
}
_ACEOF
rm -f conftest$ac_exeext
if { (ac_try="$ac_link"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
(eval "$ac_link") 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } && { ac_try='./conftest$ac_exeext'
{ (case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
(eval "$ac_try") 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
{ echo "$as_me:$LINENO: result: yes" >&5
echo "${ECHO_T}yes" >&6; }
else
echo "$as_me: program exited with status $ac_status" >&5
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
( exit $ac_status )
cat >>confdefs.h <<\_ACEOF
#define BROKEN_REALPATH 1
_ACEOF
{ echo "$as_me:$LINENO: result: no" >&5
echo "${ECHO_T}no" >&6; }
fi
rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
fi
fi
done
 
for ac_func in gettimeofday time
do
......
......@@ -122,7 +122,7 @@ AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
])
openssl=yes
ssh1=yes
ssh1=no
AC_ARG_WITH([openssl],
[ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ],
[ if test "x$withval" = "xno" ; then
......@@ -1674,7 +1674,6 @@ AC_CHECK_FUNCS([ \
pstat \
readpassphrase \
reallocarray \
realpath \
recvmsg \
rresvport_af \
sendmsg \
......@@ -1891,6 +1890,32 @@ AC_CHECK_FUNCS([setresgid], [
)
])
AC_CHECK_FUNCS([realpath], [
dnl the sftp v3 spec says SSH_FXP_REALPATH will "canonicalize any given
dnl path name", however some implementations of realpath (and some
dnl versions of the POSIX spec) do not work on non-existent files,
dnl so we use the OpenBSD implementation on those platforms.
AC_MSG_CHECKING([if realpath works with non-existent files])
AC_RUN_IFELSE(
[AC_LANG_PROGRAM([[
#include <limits.h>
#include <stdlib.h>
#include <errno.h>
]], [[
char buf[PATH_MAX];
if (realpath("/opensshnonexistentfilename1234", buf) == NULL)
if (errno == ENOENT)
exit(1);
exit(0);
]])],
[AC_MSG_RESULT([yes])],
[AC_DEFINE([BROKEN_REALPATH], [1],
[realpath does not work with nonexistent files])
AC_MSG_RESULT([no])],
[AC_MSG_WARN([cross compiling: assuming working])]
)
])
dnl Checks for time functions
AC_CHECK_FUNCS([gettimeofday time])
dnl Checks for utmp functions
......
%define ver 6.9p1
%define ver 7.0p1
%define rel 1
# OpenSSH privilege separation requires a user & group ID
......
......@@ -13,7 +13,7 @@
Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
Name: openssh
Version: 6.9p1
Version: 7.0p1
URL: http://www.openssh.com/
Release: 1
Source0: openssh-%{version}.tar.gz
......
/* $OpenBSD: kex.c,v 1.106 2015/04/17 13:25:52 djm Exp $ */
/* $OpenBSD: kex.c,v 1.109 2015/07/30 00:01:34 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
*
......@@ -155,6 +155,68 @@ kex_names_valid(const char *names)
return 1;
}
/*
* Concatenate algorithm names, avoiding duplicates in the process.
* Caller must free returned string.
*/
char *
kex_names_cat(const char *a, const char *b)
{
char *ret = NULL, *tmp = NULL, *cp, *p;
size_t len;
if (a == NULL || *a == '\0')
return NULL;
if (b == NULL || *b == '\0')
return strdup(a);
if (strlen(b) > 1024*1024)
return NULL;
len = strlen(a) + strlen(b) + 2;
if ((tmp = cp = strdup(b)) == NULL ||
(ret = calloc(1, len)) == NULL) {
free(tmp);
return NULL;
}
strlcpy(ret, a, len);
for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) {
if (match_list(ret, p, NULL) != NULL)
continue; /* Algorithm already present */
if (strlcat(ret, ",", len) >= len ||
strlcat(ret, p, len) >= len) {
free(tmp);
free(ret);
return NULL; /* Shouldn't happen */
}
}
free(tmp);
return ret;
}
/*
* Assemble a list of algorithms from a default list and a string from a
* configuration file. The user-provided string may begin with '+' to
* indicate that it should be appended to the default.
*/
int
kex_assemble_names(const char *def, char **list)
{
char *ret;
if (list == NULL || *list == NULL || **list == '\0') {
*list = strdup(def);
return 0;
}
if (**list != '+') {
return 0;