Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/OPENSSH]: src/crypto/external/bsd/openssh/dist Import OpenSSH-8.7:
details: https://anonhg.NetBSD.org/src/rev/cd71300a7a7c
branches: OPENSSH
changeset: 985732:cd71300a7a7c
user: christos <christos%NetBSD.org@localhost>
date: Thu Sep 02 11:22:28 2021 +0000
description:
Import OpenSSH-8.7:
Imminent deprecation notice
===========================
OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.
In the SSH protocol, the "ssh-rsa" signature scheme uses the SHA-1
hash algorithm in conjunction with the RSA public key algorithm.
It is now possible[1] to perform chosen-prefix attacks against the
SHA-1 algorithm for less than USD$50K.
Note that the deactivation of "ssh-rsa" signatures does not necessarily
require cessation of use for RSA keys. In the SSH protocol, keys may be
capable of signing using multiple algorithms. In particular, "ssh-rsa"
keys are capable of signing using "rsa-sha2-256" (RSA/SHA256),
"rsa-sha2-512" (RSA/SHA512) and "ssh-rsa" (RSA/SHA1). Only the last of
these is being turned off by default.
This algorithm is unfortunately still used widely despite the
existence of better alternatives, being the only remaining public key
signature algorithm specified by the original SSH RFCs that is still
enabled by default.
The better alternatives include:
* The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These
algorithms have the advantage of using the same key type as
"ssh-rsa" but use the safe SHA-2 hash algorithms. These have been
supported since OpenSSH 7.2 and are already used by default if the
client and server support them.
* The RFC8709 ssh-ed25519 signature algorithm. It has been supported
in OpenSSH since release 6.5.
* The RFC5656 ECDSA algorithms: ecdsa-sha2-nistp256/384/521. These
have been supported by OpenSSH since release 5.7.
To check whether a server is using the weak ssh-rsa public key
algorithm, for host authentication, try to connect to it after
removing the ssh-rsa algorithm from ssh(1)'s allowed list:
ssh -oHostKeyAlgorithms=-ssh-rsa user@host
If the host key verification fails and no other supported host key
types are available, the server software on that host should be
upgraded.
OpenSSH recently enabled the UpdateHostKeys option by default to
assist the client by automatically migrating to better algorithms.
[1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and
Application to the PGP Web of Trust" Leurent, G and Peyrin, T
(2020) https://eprint.iacr.org/2020/014.pdf
Potentially-incompatible changes
================================
This release includes a number of changes that may affect existing
configurations:
* scp(1): this release changes the behaviour of remote to remote
copies (e.g. "scp host-a:/path host-b:") to transfer through the
local host by default. This was previously available via the -3
flag. This mode avoids the need to expose credentials on the
origin hop, avoids triplicate interpretation of filenames by the
shell (by the local system, the copy origin and the destination)
and, in conjunction with the SFTP support for scp(1) mentioned
below, allows use of all authentication methods to the remote
hosts (previously, only non-interactive methods could be used).
A -R flag has been added to select the old behaviour.
* ssh(1)/sshd(8): both the client and server are now using a
stricter configuration file parser. The new parser uses more
shell-like rules for quotes, space and escape characters. It is
also more strict in rejecting configurations that include options
lacking arguments. Previously some options (e.g. DenyUsers) could
appear on a line with no subsequent arguments. This release will
reject such configurations. The new parser will also reject
configurations with unterminated quotes and multiple '='
characters after the option name.
* ssh(1): when using SSHFP DNS records for host key verification,
ssh(1) will verify all matching records instead of just those
with the specific signature type requested. This may cause host
key verification problems if stale SSHFP records of a different
or legacy signature type exist alongside other records for a
particular host. bz#3322
* ssh-keygen(1): when generating a FIDO key and specifying an
explicit attestation challenge (using -Ochallenge), the challenge
will now be hashed by the builtin security key middleware. This
removes the (undocumented) requirement that challenges be exactly
32 bytes in length and matches the expectations of libfido2.
* sshd(8): environment="..." directives in authorized_keys files are
now first-match-wins and limited to 1024 discrete environment
variable names.
Changes since OpenSSH 8.6
=========================
This release contains a mix of new features and bug-fixes.
New features
------------
- scp(1): experimental support for transfers using the SFTP protocol
as a replacement for the venerable SCP/RCP protocol that it has
traditionally used. SFTP offers more predictable filename handling
and does not require expansion of glob(3) patterns via the shell
on the remote side.
SFTP support may be enabled via a temporary scp -s flag. It is
intended for SFTP to become the default transfer mode in the
near future, at which time the -s flag will be removed. The -O
flag exists to force use of the original SCP/RCP protocol for
cases where SFTP may be unavailable or incompatible.
- sftp-server(8): add a protocol extension to support expansion of
~/ and ~user/ prefixed paths. This was added to support these
paths when used by scp(1) while in SFTP mode.
- ssh(1): add a ForkAfterAuthentication ssh_config(5) counterpart to
the ssh(1) -f flag. GHPR#231
- ssh(1): add a StdinNull directive to ssh_config(5) that allows the
config file to do the same thing as -n does on the ssh(1) command-
line. GHPR#231
- ssh(1): add a SessionType directive to ssh_config, allowing the
configuration file to offer equivalent control to the -N (no
session) and -s (subsystem) command-line flags. GHPR#231
- ssh-keygen(1): allowed signers files used by ssh-keygen(1)
signatures now support listing key validity intervals alongside
they key, and ssh-keygen(1) can optionally check during signature
verification whether a specified time falls inside this interval.
This feature is intended for use by git to support signing and
verifying objects using ssh keys.
- ssh-keygen(8): support printing of the full public key in a sshsig
signature via a -Oprint-pubkey flag.
Bugfixes
--------
* ssh(1)/sshd(8): start time-based re-keying exactly on schedule in
the client and server mainloops. Previously the re-key timeout
could expire but re-keying would not start until a packet was sent
or received, causing a spin in select() if the connection was
quiescent.
* ssh-keygen(1): avoid Y2038 problem in printing certificate
validity lifetimes. Dates past 2^31-1 seconds since epoch were
displayed incorrectly on some platforms. bz#3329
* scp(1): allow spaces to appear in usernames for local to remote
and scp -3 remote to remote copies. bz#1164
* ssh(1)/sshd(8): remove references to ChallengeResponseAuthentication
in favour of KbdInteractiveAuthentication. The former is what was in
SSHv1, the latter is what is in SSHv2 (RFC4256) and they were
treated as somewhat but not entirely equivalent. We retain the old
name as a deprecated alias so configuration files continue to work
as well as a reference in the man page for people looking for it.
bz#3303
* ssh(1)/ssh-add(1)/ssh-keygen(1): fix decoding of X.509 subject name
when extracting a key from a PKCS#11 certificate. bz#3327
* ssh(1): restore blocking status on stdio fds before close. ssh(1)
needs file descriptors in non-blocking mode to operate but it was
not restoring the original state on exit. This could cause
problems with fds shared with other programs via the shell,
bz#3280 and GHPR#246
* ssh(1)/sshd(8): switch both client and server mainloops from
select(3) to pselect(3). Avoids race conditions where a signal
may arrive immediately before select(3) and not be processed until
an event fires. bz#2158
* ssh(1): sessions started with ControlPersist were incorrectly
executing a shell when the -N (no shell) option was specified.
bz#3290
* ssh(1): check if IPQoS or TunnelDevice are already set before
overriding. Prevents values in config files from overriding values
supplied on the command line. bz#3319
* ssh(1): fix debug message when finding a private key to match a
certificate being attempted for user authentication. Previously it
would print the certificate's path, whereas it was supposed to be
showing the private key's path. GHPR#247
* sshd(8): match host certificates against host public keys, not
private keys. Allows use of certificates with private keys held in
a ssh-agent. bz#3524
* ssh(1): add a workaround for a bug in OpenSSH 7.4 sshd(8), which
allows RSA/SHA2 signatures for public key authentication but fails
to advertise this correctly via SSH2_MSG_EXT_INFO. This causes
clients of these server to incorrectly match
PubkeyAcceptedAlgorithmse and potentially refuse to offer valid
keys. bz#3213
* sftp(1)/scp(1): degrade gracefully if a sftp-server offers the
limits%openssh.com@localhost extension but fails when the client tries to
invoke it. bz#3318
* ssh(1): allow ssh_config SetEnv to override $TERM, which is
otherwise handled specially by the protocol. Useful in ~/.ssh/config
to set TERM to something generic (e.g. "xterm" instead of
"xterm-256color") for destinations that lack terminfo entries.
* sftp-server(8): the limits%openssh.com@localhost extension was incorrectly
marked as an operation that writes to the filesystem, which made it
unavailable in sftp-server read-only mode. bz#3318
* ssh(1): fix SEGV in UpdateHostkeys debug() message, triggered when
the update removed more host keys than remain present.
* many manual page fixes.
Portability
-----------
* ssh(1): move closefrom() to before first malloc. When built against
tcmalloc, the closefrom() would stomp on file descriptors created
for tcmalloc's internal use. bz#3321
* sshd(8): handle GIDs > 2^31 in getgrouplist. When compiled in 32bit
mode, the getgrouplist implementation may fail for GIDs greater than
LONG_MAX.
* ssh(1): xstrdup environment variable used by ForwardAgent. bz#3328
* sshd(8): don't sigdie() in signal handler in privsep child process;
this can end up causing sandbox violations per bz3286
diffstat:
crypto/external/bsd/openssh/dist/PROTOCOL | 21 +-
crypto/external/bsd/openssh/dist/PROTOCOL.certkeys | 35 +-
crypto/external/bsd/openssh/dist/PROTOCOL.key | 9 +-
crypto/external/bsd/openssh/dist/auth-options.c | 41 +-
crypto/external/bsd/openssh/dist/auth-options.h | 7 +-
crypto/external/bsd/openssh/dist/auth.c | 6 +-
crypto/external/bsd/openssh/dist/auth2-hostbased.c | 4 +-
crypto/external/bsd/openssh/dist/auth2-kbdint.c | 4 +-
crypto/external/bsd/openssh/dist/auth2-pubkey.c | 11 +-
crypto/external/bsd/openssh/dist/channels.c | 69 +-
crypto/external/bsd/openssh/dist/channels.h | 17 +-
crypto/external/bsd/openssh/dist/clientloop.c | 40 +-
crypto/external/bsd/openssh/dist/compat.c | 4 +-
crypto/external/bsd/openssh/dist/compat.h | 4 +-
crypto/external/bsd/openssh/dist/dns.c | 66 +-
crypto/external/bsd/openssh/dist/dns.h | 3 +-
crypto/external/bsd/openssh/dist/hostfile.c | 4 +-
crypto/external/bsd/openssh/dist/krl.c | 8 +-
crypto/external/bsd/openssh/dist/log.c | 7 +-
crypto/external/bsd/openssh/dist/misc.c | 122 ++-
crypto/external/bsd/openssh/dist/misc.h | 12 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048 | 158 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072 | 181 ++-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096 | 136 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144 | 149 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680 | 144 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192 | 125 +-
crypto/external/bsd/openssh/dist/monitor.c | 14 +-
crypto/external/bsd/openssh/dist/mux.c | 39 +-
crypto/external/bsd/openssh/dist/nchan.c | 8 +-
crypto/external/bsd/openssh/dist/packet.c | 19 +-
crypto/external/bsd/openssh/dist/packet.h | 3 +-
crypto/external/bsd/openssh/dist/readconf.c | 478 ++++++---
crypto/external/bsd/openssh/dist/readconf.h | 11 +-
crypto/external/bsd/openssh/dist/readpass.c | 8 +-
crypto/external/bsd/openssh/dist/scp.1 | 50 +-
crypto/external/bsd/openssh/dist/scp.c | 506 +++++++++-
crypto/external/bsd/openssh/dist/servconf.c | 633 +++++++------
crypto/external/bsd/openssh/dist/servconf.h | 3 +-
crypto/external/bsd/openssh/dist/serverloop.c | 113 +-
crypto/external/bsd/openssh/dist/session.c | 5 +-
crypto/external/bsd/openssh/dist/sftp-client.c | 754 +++++++++++++--
crypto/external/bsd/openssh/dist/sftp-client.h | 37 +-
crypto/external/bsd/openssh/dist/sftp-server.8 | 12 +-
crypto/external/bsd/openssh/dist/sftp-server.c | 65 +-
crypto/external/bsd/openssh/dist/sftp.1 | 5 +-
crypto/external/bsd/openssh/dist/sftp.c | 30 +-
crypto/external/bsd/openssh/dist/sk-usbhid.c | 13 +-
crypto/external/bsd/openssh/dist/ssh-keygen.1 | 30 +-
crypto/external/bsd/openssh/dist/ssh-keygen.c | 80 +-
crypto/external/bsd/openssh/dist/ssh-keysign.c | 6 +-
crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c | 5 +-
crypto/external/bsd/openssh/dist/ssh-pkcs11.c | 20 +-
crypto/external/bsd/openssh/dist/ssh.1 | 47 +-
crypto/external/bsd/openssh/dist/ssh.c | 118 +-
crypto/external/bsd/openssh/dist/ssh_config.5 | 114 ++-
crypto/external/bsd/openssh/dist/sshbuf-misc.c | 4 +-
crypto/external/bsd/openssh/dist/sshconnect.c | 13 +-
crypto/external/bsd/openssh/dist/sshconnect2.c | 31 +-
crypto/external/bsd/openssh/dist/sshd.8 | 53 +-
crypto/external/bsd/openssh/dist/sshd.c | 62 +-
crypto/external/bsd/openssh/dist/sshd_config | 4 +-
crypto/external/bsd/openssh/dist/sshd_config.5 | 38 +-
crypto/external/bsd/openssh/dist/sshkey.c | 53 +-
crypto/external/bsd/openssh/dist/sshkey.h | 4 +-
crypto/external/bsd/openssh/dist/sshsig.c | 118 +-
crypto/external/bsd/openssh/dist/sshsig.h | 6 +-
crypto/external/bsd/openssh/dist/version.h | 4 +-
68 files changed, 3316 insertions(+), 1687 deletions(-)
diffs (truncated from 9501 to 300 lines):
diff -r ed6e18e7022e -r cd71300a7a7c crypto/external/bsd/openssh/dist/PROTOCOL
--- a/crypto/external/bsd/openssh/dist/PROTOCOL Mon Apr 19 14:38:27 2021 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL Thu Sep 02 11:22:28 2021 +0000
@@ -525,6 +525,25 @@
This extension is advertised in the SSH_FXP_VERSION hello with version
"1".
+3.9. sftp: Extension request "expand-path%openssh.com@localhost"
+
+This request supports canonicalisation of relative paths and
+those that need tilde-expansion, i.e. "~", "~/..." and "~user/..."
+These paths are expanded using shell-like rules and the resultant
+path is canonicalised similarly to SSH2_FXP_REALPATH.
+
+It is implemented as a SSH_FXP_EXTENDED request with the following
+format:
+
+ uint32 id
+ string "expand-path%openssh.com@localhost"
+ string path
+
+Its reply is the same format as that of SSH2_FXP_REALPATH.
+
+This extension is advertised in the SSH_FXP_VERSION hello with version
+"1".
+
4. Miscellaneous changes
4.1 Public key format
@@ -556,4 +575,4 @@
PROTOCOL.mux over a Unix domain socket for communications between a
master instance and later clients.
-$OpenBSD: PROTOCOL,v 1.41 2021/02/18 02:49:35 djm Exp $
+$OpenBSD: PROTOCOL,v 1.42 2021/08/09 23:47:44 djm Exp $
diff -r ed6e18e7022e -r cd71300a7a7c crypto/external/bsd/openssh/dist/PROTOCOL.certkeys
--- a/crypto/external/bsd/openssh/dist/PROTOCOL.certkeys Mon Apr 19 14:38:27 2021 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL.certkeys Thu Sep 02 11:22:28 2021 +0000
@@ -45,7 +45,7 @@
rsa-sha2-512-cert-v01%openssh.com@localhost
These RSA/SHA-2 types should not appear in keys at rest or transmitted
-on their wire, but do appear in a SSH_MSG_KEXINIT's host-key algorithms
+on the wire, but do appear in a SSH_MSG_KEXINIT's host-key algorithms
field or in the "public key algorithm name" field of a "publickey"
SSH_USERAUTH_REQUEST to indicate that the signature will use the
specified algorithm.
@@ -159,12 +159,11 @@
curve and public key are respectively the ECDSA "[identifier]" and "Q"
defined in section 3.1 of RFC5656.
-pk is the encoded Ed25519 public key as defined by
-draft-josefsson-eddsa-ed25519-03.
+pk is the encoded Ed25519 public key as defined by RFC8032.
serial is an optional certificate serial number set by the CA to
provide an abbreviated way to refer to certificates from that CA.
-If a CA does not wish to number its certificates it must set this
+If a CA does not wish to number its certificates, it must set this
field to zero.
type specifies whether this certificate is for identification of a user
@@ -217,13 +216,13 @@
up to, and including the signature key. Signatures are computed and
encoded according to the rules defined for the CA's public key algorithm
(RFC4253 section 6.6 for ssh-rsa and ssh-dss, RFC5656 for the ECDSA
-types), and draft-josefsson-eddsa-ed25519-03 for Ed25519.
+types, and RFC8032 for Ed25519).
Critical options
----------------
The critical options section of the certificate specifies zero or more
-options on the certificates validity. The format of this field
+options on the certificate's validity. The format of this field
is a sequence of zero or more tuples:
string name
@@ -234,7 +233,7 @@
The name field identifies the option and the data field encodes
option-specific information (see below). All options are
-"critical", if an implementation does not recognise a option
+"critical"; if an implementation does not recognise a option,
then the validating party should refuse to accept the certificate.
Custom options should append the originating author or organisation's
@@ -256,10 +255,18 @@
for authentication. Addresses are
specified in CIDR format (nn.nn.nn.nn/nn
or hhhh::hhhh/nn).
- If this option is not present then
+ If this option is not present, then
certificates may be presented from any
source address.
+verify-required empty Flag indicating that signatures made
+ with this certificate must assert FIDO
+ user verification (e.g. PIN or
+ biometric). This option only makes sense
+ for the U2F/FIDO security key types that
+ support this feature in their signature
+ formats.
+
Extensions
----------
@@ -280,11 +287,11 @@
Name Format Description
-----------------------------------------------------------------------------
-no-presence-required empty Flag indicating that signatures made
+no-touch-required empty Flag indicating that signatures made
with this certificate need not assert
- user presence. This option only make
- sense for the U2F/FIDO security key
- types that support this feature in
+ FIDO user presence. This option only
+ makes sense for the U2F/FIDO security
+ key types that support this feature in
their signature formats.
permit-X11-forwarding empty Flag indicating that X11 forwarding
@@ -298,7 +305,7 @@
permit-port-forwarding empty Flag indicating that port-forwarding
should be allowed. If this option is
- not present then no port forwarding will
+ not present, then no port forwarding will
be allowed.
permit-pty empty Flag indicating that PTY allocation
@@ -311,4 +318,4 @@
of this script will not be permitted if
this option is not present.
-$OpenBSD: PROTOCOL.certkeys,v 1.17 2019/11/25 00:57:51 djm Exp $
+$OpenBSD: PROTOCOL.certkeys,v 1.19 2021/06/05 13:47:00 naddy Exp $
diff -r ed6e18e7022e -r cd71300a7a7c crypto/external/bsd/openssh/dist/PROTOCOL.key
--- a/crypto/external/bsd/openssh/dist/PROTOCOL.key Mon Apr 19 14:38:27 2021 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL.key Thu Sep 02 11:22:28 2021 +0000
@@ -35,9 +35,9 @@
uint32 checkint
uint32 checkint
- string privatekey1
+ byte[] privatekey1
string comment1
- string privatekey2
+ byte[] privatekey2
string comment2
...
string privatekeyN
@@ -48,6 +48,9 @@
...
char padlen % 255
+where each private key is encoded using the same rules as used for
+SSH agent.
+
Before the key is encrypted, a random integer is assigned
to both checkint fields so successful decryption can be
quickly checked by verifying that both checkint fields
@@ -65,4 +68,4 @@
are used with empty passphrases. The options if the KDF "none"
are the empty string.
-$OpenBSD: PROTOCOL.key,v 1.1 2013/12/06 13:34:54 markus Exp $
+$OpenBSD: PROTOCOL.key,v 1.2 2021/05/07 02:29:40 djm Exp $
diff -r ed6e18e7022e -r cd71300a7a7c crypto/external/bsd/openssh/dist/auth-options.c
--- a/crypto/external/bsd/openssh/dist/auth-options.c Mon Apr 19 14:38:27 2021 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-options.c Thu Sep 02 11:22:28 2021 +0000
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.c,v 1.95 2021/04/03 06:18:40 djm Exp $ */
+/* $OpenBSD: auth-options.c,v 1.97 2021/07/24 01:55:19 djm Exp $ */
/*
* Copyright (c) 2018 Damien Miller <djm%mindrot.org@localhost>
*
@@ -321,6 +321,7 @@
struct sshauthopt *ret = NULL;
const char *errstr = "unknown error";
uint64_t valid_before;
+ size_t i, l;
if (errstrp != NULL)
*errstrp = NULL;
@@ -394,7 +395,7 @@
valid_before < ret->valid_before)
ret->valid_before = valid_before;
} else if (opt_match(&opts, "environment")) {
- if (ret->nenv > INT_MAX) {
+ if (ret->nenv > SSH_AUTHOPT_ENV_MAX) {
errstr = "too many environment strings";
goto fail;
}
@@ -406,25 +407,41 @@
errstr = "invalid environment string";
goto fail;
}
- if ((cp = strdup(opt)) == NULL)
+ if ((cp = strdup(opt)) == NULL) {
+ free(opt);
goto alloc_fail;
- cp[tmp - opt] = '\0'; /* truncate at '=' */
+ }
+ l = (size_t)(tmp - opt);
+ cp[l] = '\0'; /* truncate at '=' */
if (!valid_env_name(cp)) {
free(cp);
free(opt);
errstr = "invalid environment string";
goto fail;
}
+ /* Check for duplicates; XXX O(n*log(n)) */
+ for (i = 0; i < ret->nenv; i++) {
+ if (strncmp(ret->env[i], cp, l) == 0 &&
+ ret->env[i][l] == '=')
+ break;
+ }
free(cp);
- /* Append it. */
- oarray = ret->env;
- if ((ret->env = recallocarray(ret->env, ret->nenv,
- ret->nenv + 1, sizeof(*ret->env))) == NULL) {
- free(opt);
- ret->env = oarray; /* put it back for cleanup */
- goto alloc_fail;
+ /* First match wins */
+ if (i >= ret->nenv) {
+ /* Append it. */
+ oarray = ret->env;
+ if ((ret->env = recallocarray(ret->env,
+ ret->nenv, ret->nenv + 1,
+ sizeof(*ret->env))) == NULL) {
+ free(opt);
+ /* put it back for cleanup */
+ ret->env = oarray;
+ goto alloc_fail;
+ }
+ ret->env[ret->nenv++] = opt;
+ opt = NULL; /* transferred */
}
- ret->env[ret->nenv++] = opt;
+ free(opt);
} else if (opt_match(&opts, "permitopen")) {
if (handle_permit(&opts, 0, &ret->permitopen,
&ret->npermitopen, &errstr) != 0)
diff -r ed6e18e7022e -r cd71300a7a7c crypto/external/bsd/openssh/dist/auth-options.h
--- a/crypto/external/bsd/openssh/dist/auth-options.h Mon Apr 19 14:38:27 2021 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-options.h Thu Sep 02 11:22:28 2021 +0000
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.h,v 1.30 2020/08/27 01:07:09 djm Exp $ */
+/* $OpenBSD: auth-options.h,v 1.31 2021/07/23 03:57:20 djm Exp $ */
/*
* Copyright (c) 2018 Damien Miller <djm%mindrot.org@localhost>
@@ -23,7 +23,10 @@
struct sshkey;
/* Maximum number of permitopen/permitlisten directives to accept */
-#define SSH_AUTHOPT_PERMIT_MAX 4096
+#define SSH_AUTHOPT_PERMIT_MAX 4096
+
+/* Maximum number of environment directives to accept */
+#define SSH_AUTHOPT_ENV_MAX 1024
/*
* sshauthopt represents key options parsed from authorized_keys or
diff -r ed6e18e7022e -r cd71300a7a7c crypto/external/bsd/openssh/dist/auth.c
--- a/crypto/external/bsd/openssh/dist/auth.c Mon Apr 19 14:38:27 2021 +0000
+++ b/crypto/external/bsd/openssh/dist/auth.c Thu Sep 02 11:22:28 2021 +0000
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.152 2021/04/03 06:18:40 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.153 2021/07/05 00:50:25 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -615,9 +615,7 @@
* be freed. NB. this will usually trigger a DNS query the first time it is
* called.
* This function does additional checks on the hostname to mitigate some
- * attacks on legacy rhosts-style authentication.
- * XXX is RhostsRSAAuthentication vulnerable to these?
- * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?)
+ * attacks on based on conflation of hostnames and IP addresses.
*/
static char *
diff -r ed6e18e7022e -r cd71300a7a7c crypto/external/bsd/openssh/dist/auth2-hostbased.c
--- a/crypto/external/bsd/openssh/dist/auth2-hostbased.c Mon Apr 19 14:38:27 2021 +0000
+++ b/crypto/external/bsd/openssh/dist/auth2-hostbased.c Thu Sep 02 11:22:28 2021 +0000
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-hostbased.c,v 1.46 2021/01/27 10:05:28 djm Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.47 2021/07/23 03:37:52 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -212,7 +212,7 @@
debug2_f("access allowed by auth_rhosts2");
Home |
Main Index |
Thread Index |
Old Index