- markus@cvs.openbsd.org 2008/04/02 15:36:51
[channels.c]
avoid possible hijacking of x11-forwarded connections (back out 1.183)
CVE-2008-1483; ok djm@
djm [Thu, 27 Mar 2008 00:26:56 +0000 (00:26 +0000)]
- djm@cvs.openbsd.org 2008/03/24 21:46:54
[regress/sftp-badcmds.sh]
disable no-replace rename test now that we prefer a POSIX rename; spotted
by dkrause@
djm [Thu, 27 Mar 2008 00:02:02 +0000 (00:02 +0000)]
- djm@cvs.openbsd.org 2008/03/25 11:58:02
[session.c sshd_config.5]
ignore ~/.ssh/rc if a sshd_config ForceCommand is specified;
from dtucker@ ok deraadt@ djm@
djm [Thu, 27 Mar 2008 00:01:15 +0000 (00:01 +0000)]
- deraadt@cvs.openbsd.org 2008/03/24 16:11:07
[monitor_fdpass.c]
msg_controllen has to be CMSG_SPACE so that the kernel can account for
each cmsg_len (ie. msg_controllen = sum of CMSG_ALIGN(cmsg_len). This
works now that kernel fd passing has been fixed to accept a bit of
sloppiness because of this ABI repair.
lots of discussion with kettenis
djm [Wed, 26 Mar 2008 23:59:57 +0000 (23:59 +0000)]
- djm@cvs.openbsd.org 2008/03/23 12:54:01
[sftp-client.c]
prefer POSIX-style file renaming over filexfer rename behaviour if the
server supports the posix-rename@openssh.com extension.
Note that the old (filexfer) behaviour would refuse to clobber an
existing file. Users who depended on this should adjust their sftp(1)
usage.
ok deraadt@ markus@
djm [Wed, 26 Mar 2008 23:54:44 +0000 (23:54 +0000)]
- deraadt@cvs.openbsd.org 2008/03/15 16:19:02
[monitor_fdpass.c]
Repair the simple cases for msg_controllen where it should just be
CMSG_SIZE(sizeof(int)), not sizeof(buffer) which may be larger because
of alignment; ok kettenis hshoexer
djm [Wed, 26 Mar 2008 23:53:23 +0000 (23:53 +0000)]
- deraadt@cvs.openbsd.org 2008/03/13 01:49:53
[monitor_fdpass.c]
Correct CMSG_SPACE and CMSG_LEN usage everywhere in the tree. Due to
an extensive discussion with otto, kettenis, millert, and hshoexer
djm [Wed, 26 Mar 2008 23:50:21 +0000 (23:50 +0000)]
- jmc@cvs.openbsd.org 2008/02/11 07:58:28
[ssh.1 sshd.8 sshd_config.5]
bump Mdocdate for pages committed in "febuary", necessary because
of a typo in rcs.c;
dtucker [Wed, 26 Mar 2008 20:27:20 +0000 (20:27 +0000)]
- (dtucker) Cache selinux status earlier so we know if it's enabled after a
chroot. Allows ChrootDirectory to work with selinux support compiled in
but not enabled. Using it with selinux enabled will require some selinux
support inside the chroot. "looks sane" djm@
djm [Fri, 14 Mar 2008 22:25:54 +0000 (22:25 +0000)]
- (djm) [regress/test-exec.sh] Quote putty-related variables in case they are
empty; report and patch from Peter Stuge
- (djm) [regress/test-exec.sh] Silence noise from detection of putty
commands; report from Peter Stuge
tim [Fri, 14 Mar 2008 17:39:17 +0000 (17:39 +0000)]
- (tim) [regress/sftp-cmds.sh] s/cd/lcd/ in lls test. Reported by
vinschen at redhat.com. Add () to put echo commands in subshell for lls test
I mistakenly left out of last commit.
djm [Wed, 12 Mar 2008 13:17:00 +0000 (13:17 +0000)]
- djm@cvs.openbsd.org 2007/12/21 04:13:53
[regress/Makefile regress/test-exec.sh regress/putty-ciphers.sh]
[regress/putty-kex.sh regress/putty-transfer.sh regress/ssh2putty.sh]
basic (crypto, kex and transfer) interop regression tests against putty
To run these, install putty and run "make interop-tests" from the build
directory - the tests aren't run by default yet.
djm [Wed, 12 Mar 2008 12:59:43 +0000 (12:59 +0000)]
- djm@cvs.openbsd.org 2007/12/12 05:04:03
[regress/sftp-cmds.sh]
unbreak lls command and add a regress test that would have caught the
breakage; spotted by mouring@
NB. sftp code change already committed.
djm [Wed, 12 Mar 2008 12:58:55 +0000 (12:58 +0000)]
- jmc@cvs.openbsd.org 2007/11/25 15:35:09
[regress/agent-getpeereid.sh regress/agent.sh]
more existant -> existent, from Martynas Venckus;
pfctl changes: ok henning
ssh changes: ok deraadt
dtucker [Tue, 11 Mar 2008 11:58:25 +0000 (11:58 +0000)]
- (dtucker) [auth-pam.c monitor.c session.c sshd.c] Bug #926: Move
pam_open_session and pam_close_session into the privsep monitor, which
will ensure that pam_session_close is called as root. Patch from Tomas
Mraz.
dtucker [Sun, 9 Mar 2008 11:50:50 +0000 (11:50 +0000)]
- (dtucker) [configure.ac] Run stack-protector tests with -Werror to catch
platforms where gcc understands the option but it's not supported (and
thus generates a warning).
dtucker [Sun, 9 Mar 2008 06:10:09 +0000 (06:10 +0000)]
- (dtucker) [openbsd-compat/regress/strtonumtest.c] Bug #1347: Use platform's
equivalent of LLONG_MAX for the compat regression tests, which makes them
run on AIX and HP-UX. Patch from David Leonard.
dtucker [Sun, 9 Mar 2008 05:36:55 +0000 (05:36 +0000)]
- (dtucker) [openbsd-compat/port-aix.{c,h}] Remove AIX specific initgroups
implementation. It's not needed to fix bug #1081 and breaks the build
on some AIX configurations.
dtucker [Sun, 9 Mar 2008 00:34:23 +0000 (00:34 +0000)]
- (dtucker) [configure.ac] It turns out gcc's -fstack-protector-all doesn't
always work for all platforms and versions, so test what we can and
add a configure flag to turn it of if needed. ok djm@
djm [Fri, 7 Mar 2008 07:35:26 +0000 (07:35 +0000)]
- deraadt@cvs.openbsd.org 2008/03/02 18:19:35
[monitor_fdpass.c]
use a union to ensure alignment of the cmsg (pay attention: various other
parts of the tree need this treatment too); ok djm
djm [Fri, 7 Mar 2008 07:33:53 +0000 (07:33 +0000)]
- djm@cvs.openbsd.org 2008/02/27 20:21:15
[sftp-server.c]
add an extension method "posix-rename@openssh.com" to perform POSIX atomic
rename() operations. based on patch from miklos AT szeredi.hu in bz#1400;
ok dtucker@ markus@
djm [Fri, 7 Mar 2008 07:33:30 +0000 (07:33 +0000)]
- dtucker@cvs.openbsd.org 2008/02/22 20:44:02
[clientloop.c packet.c packet.h serverloop.c]
Allow all SSH2 packet types, including UNIMPLEMENTED to reset the
keepalive timer (bz #1307). ok markus@
djm [Fri, 7 Mar 2008 07:33:12 +0000 (07:33 +0000)]
- djm@cvs.openbsd.org 2008/02/22 05:58:56
[session.c]
closefrom() call was too early, delay it until just before we execute
the user's rc files (if any).
djm [Fri, 7 Mar 2008 07:31:47 +0000 (07:31 +0000)]
- mbalmer@cvs.openbsd.org 2008/02/14 13:10:31
[sshd.c]
When started in configuration test mode (-t) do not check that sshd is
being started with an absolute path.
ok djm
djm [Fri, 7 Mar 2008 07:27:58 +0000 (07:27 +0000)]
- jmc@cvs.openbsd.org 2008/02/11 07:58:28
[ssh.1 sshd.8 sshd_config.5]
bump Mdocdate for pages committed in "febuary", necessary because
of a typo in rcs.c;
dtucker [Fri, 29 Feb 2008 02:57:47 +0000 (02:57 +0000)]
- (dtucker) [openbsd-compat/bsd-poll.c] We don't check for select(2) in
configure (and there's not much point, as openssh won't work without it)
so HAVE_SELECT is not defined and the poll(2) compat code doesn't get
built in. Remove HAVE_SELECT so we can build on platforms without poll.
dtucker [Thu, 28 Feb 2008 12:16:04 +0000 (12:16 +0000)]
- (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Bug #1081: Implement
getgrouplist via getgrset on AIX, rather than iterating over getgrent.
This allows, eg, Match and AllowGroups directives to work with NIS and
LDAP groups.
dtucker [Thu, 28 Feb 2008 08:13:52 +0000 (08:13 +0000)]
- (dtucker) [includes.h ssh-add.c ssh-agent.c ssh-keygen.c ssh.c sshd.c
openbsd-compat/openssl-compat.{c,h}] Bug #1437 Move the OpenSSL compat
header to after OpenSSL headers, since some versions of OpenSSL have
SSLeay_add_all_algorithms as a macro already.
dtucker [Mon, 25 Feb 2008 10:05:04 +0000 (10:05 +0000)]
- (dtucker) [configure.ac audit-bsm.c] Bug #1420: Add a local implementation
of aug_get_machine for systems that don't have their own (eg OS X, FreeBSD). Help and testing from csjp at FreeBSD org, vgiffin at apple com. ok djm@
dtucker [Mon, 25 Feb 2008 09:21:20 +0000 (09:21 +0000)]
- (dtucker) [openbsd-compat/fake-rfc2553.h] rename ssh_gai_strerror hack
since it now conflicts with the helper function in misc.c. From
vinschen AT redhat.com.
dtucker [Mon, 25 Feb 2008 09:18:31 +0000 (09:18 +0000)]
20080224
- (tim) [contrib/cygwin/ssh-host-config]
Grammar changes on SYSCONFDIR LOCALSTATEDIR messages.
Check more thoroughly that it's possible to create the /var/empty directory.
Patch by vinschen AT redhat.com
tim [Sat, 23 Feb 2008 22:47:37 +0000 (22:47 +0000)]
[contrib/cygwin/ssh-host-config]
Grammar changes on SYSCONFDIR LOCALSTATEDIR messages.
Check more thoroughly that it's possible to create the /var/empty directory.
Patch by vinschen AT redhat.com
djm [Sun, 10 Feb 2008 11:48:55 +0000 (11:48 +0000)]
- djm@cvs.openbsd.org 2008/02/10 10:54:29
[servconf.c session.c]
delay ~ expansion for ChrootDirectory so it expands to the logged-in user's
home, rather than the user who starts sshd (probably root)
djm [Sun, 10 Feb 2008 11:44:20 +0000 (11:44 +0000)]
- djm@cvs.openbsd.org 2008/02/08 23:24:07
[servconf.c servconf.h session.c sftp-server.c sftp.h sshd_config]
[sshd_config.5]
add sshd_config ChrootDirectory option to chroot(2) users to a directory
and tweak internal sftp server to work with it (no special files in chroot
required). ok markus@
djm [Sun, 10 Feb 2008 11:40:12 +0000 (11:40 +0000)]
- djm@cvs.openbsd.org 2008/02/08 23:24:07
[servconf.c servconf.h session.c sftp-server.c sftp.h sshd_config]
[sshd_config.5]
add sshd_config ChrootDirectory option to chroot(2) users to a directory
and tweak internal sftp server to work with it (no special files in
chroot required). ok markus@
djm [Sun, 10 Feb 2008 11:27:47 +0000 (11:27 +0000)]
- dtucker@cvs.openbsd.org 2008/01/23 01:56:54
[clientloop.c packet.c serverloop.c]
Revert the change for bz #1307 as it causes connection aborts if an IGNORE
packet arrives while we're waiting in packet_read_expect (and possibly
elsewhere).
djm [Sun, 10 Feb 2008 11:27:24 +0000 (11:27 +0000)]
- djm@cvs.openbsd.org 2008/01/21 19:20:17
[sftp-client.c]
when a remote write error occurs during an upload, ensure that ACKs for
all issued requests are properly drained. patch from t8m AT centrum.cz
djm [Sun, 10 Feb 2008 11:26:51 +0000 (11:26 +0000)]
- djm@cvs.openbsd.org 2008/01/21 17:24:30
[sftp-server.c]
Remove the fixed 100 handle limit in sftp-server and allocate as many
as we have available file descriptors. Patch from miklos AT szeredi.hu;
ok dtucker@ markus@
djm [Sun, 10 Feb 2008 11:26:24 +0000 (11:26 +0000)]
- djm@cvs.openbsd.org 2008/01/20 00:38:30
[sftp.c]
When uploading, correctly handle the case of an unquoted filename with
glob metacharacters that match a file exactly but not as a glob, e.g. a
file called "[abcd]". report and test cases from duncan2nd AT gmx.de
djm [Sun, 10 Feb 2008 11:25:52 +0000 (11:25 +0000)]
- djm@cvs.openbsd.org 2008/01/19 23:09:49
[readconf.c readconf.h sshconnect2.c]
promote rekeylimit to a int64 so it can hold the maximum useful limit
of 2^32; report and patch from Jan.Pechanec AT Sun.COM, ok dtucker@
djm [Sun, 10 Feb 2008 11:25:24 +0000 (11:25 +0000)]
- djm@cvs.openbsd.org 2008/01/19 23:02:40
[channels.c]
When we added support for specified bind addresses for port forwards, we
added a quirk SSH_OLD_FORWARD_ADDR. There is a bug in our handling of
this for -L port forwards that causes the client to listen on both v4
and v6 addresses when connected to a server with this quirk, despite
having set 0.0.0.0 as a bind_address.
report and patch from Jan.Pechanec AT Sun.COM; ok dtucker@
djm [Sun, 10 Feb 2008 11:24:30 +0000 (11:24 +0000)]
- djm@cvs.openbsd.org 2008/01/19 22:22:58
[ssh-keygen.c]
when hashing individual hosts (ssh-keygen -Hf hostname), make sure we
hash just the specified hostname and not the entire hostspec from the
keyfile. It may be of the form "hostname,ipaddr", which would lead to
a hash that never matches. report and fix from jp AT devnull.cz
djm [Sun, 10 Feb 2008 11:23:41 +0000 (11:23 +0000)]
- djm@cvs.openbsd.org 2008/01/19 22:04:57
[sftp-client.c]
fix remote handle leak in do_download() local file open error path;
report and fix from sworley AT chkno.net
djm [Sun, 10 Feb 2008 11:23:18 +0000 (11:23 +0000)]
- djm@cvs.openbsd.org 2008/01/19 20:51:26
[ssh.c]
ignore SIGPIPE in multiplex client mode - we can receive this if the
server runs out of fds on us midway. Report and patch from
gregory_shively AT fanniemae.com
djm [Sun, 10 Feb 2008 11:22:53 +0000 (11:22 +0000)]
- djm@cvs.openbsd.org 2008/01/19 20:48:53
[clientloop.c]
fd leak on session multiplexing error path. Report and patch from
gregory_shively AT fanniemae.com
djm [Sun, 10 Feb 2008 11:21:28 +0000 (11:21 +0000)]
- djm@cvs.openbsd.org 2008/01/19 19:13:28
[ssh.1]
satisfy the pedants: -q does not suppress all diagnostic messages (e.g.
some commandline parsing warnings go unconditionally to stdout).
djm [Sun, 10 Feb 2008 11:20:44 +0000 (11:20 +0000)]
- chl@cvs.openbsd.org 2008/01/11 07:22:28
[sftp-client.c sftp-client.h]
disable unused functions
initially from tobias@, but disabled them by placing them in
"#ifdef notyet" which was asked by djm@
ok djm@ tobias@
dtucker [Tue, 1 Jan 2008 09:36:56 +0000 (09:36 +0000)]
- dtucker@cvs.openbsd.org 2008/01/01 09:27:33
[sshd_config.5 servconf.c]
Allow PermitRootLogin in a Match block. Allows for, eg, permitting root
only from the local network. ok markus@, man page bit ok jmc@
dtucker [Tue, 1 Jan 2008 09:33:57 +0000 (09:33 +0000)]
- dtucker@cvs.openbsd.org 2008/01/01 09:06:39
[scp.c]
If scp -p encounters a pre-epoch timestamp, use the epoch which is
as close as we can get given that it's used unsigned. Add a little
debugging while there. bz #828, ok djm@
dtucker [Tue, 1 Jan 2008 09:33:09 +0000 (09:33 +0000)]
- dtucker@cvs.openbsd.org 2007/12/31 15:27:04
[sshd.c]
When in inetd mode, have sshd generate a Protocol 1 ephemeral server
key only for connections where the client chooses Protocol 1 as opposed
to when it's enabled in the server's config. Speeds up Protocol 2
connections to inetd-mode servers that also allow Protocol 1. bz #440,
based on a patch from bruno at wolff.to, ok markus@