CVS commit: [netbsd-7-0] src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: snj Date: Tue May 17 18:48:29 UTC 2016 Modified Files: src/crypto/external/bsd/openssh/dist [netbsd-7-0]: session.c Log Message: Pull up following revision(s) (requested by christos in ticket #1168): crypto/external/bsd/openssh/dist/session.c: revision 1.19 If PAM is configured to read user-specified environment variables and UseLogin=yes in sshd_config, then a hostile local user may attack /bin/login via LD_PRELOAD or similar environment variables set via PAM. CVE-2015-8325, found by Shayan Sadigh, via Colin Watson https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755 XXX: pullup-7 To generate a diff of this commit: cvs rdiff -u -r1.12.4.1 -r1.12.4.1.2.1 \ src/crypto/external/bsd/openssh/dist/session.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/session.c diff -u src/crypto/external/bsd/openssh/dist/session.c:1.12.4.1 src/crypto/external/bsd/openssh/dist/session.c:1.12.4.1.2.1 --- src/crypto/external/bsd/openssh/dist/session.c:1.12.4.1 Thu Apr 30 06:07:30 2015 +++ src/crypto/external/bsd/openssh/dist/session.c Tue May 17 18:48:29 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: session.c,v 1.12.4.1 2015/04/30 06:07:30 riz Exp $ */ +/* $NetBSD: session.c,v 1.12.4.1.2.1 2016/05/17 18:48:29 snj Exp $ */ /* $OpenBSD: session.c,v 1.277 2015/01/16 06:40:12 deraadt Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen, Espoo, Finland @@ -35,7 +35,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: session.c,v 1.12.4.1 2015/04/30 06:07:30 riz Exp $"); +__RCSID("$NetBSD: session.c,v 1.12.4.1.2.1 2016/05/17 18:48:29 snj Exp $"); #include #include #include @@ -1223,7 +1223,7 @@ do_setup_env(Session *s, const char *she * Pull in any environment variables that may have * been set by PAM. */ - if (options.use_pam) { + if (options.use_pam && !options.use_login) { char **p; p = fetch_pam_child_environment();
CVS commit: [netbsd-7-0] src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: martin Date: Fri Mar 11 12:23:58 UTC 2016 Modified Files: src/crypto/external/bsd/openssh/dist [netbsd-7-0]: channels.c channels.h clientloop.c sshpty.c Log Message: Apply the following changes, requested by snj in #1138: - Refuse ForwardX11Trusted=no connections attempted after ForwardX11Timeout expires. (CVE-2015-5352) - Fix TTY permissions to not be world-writable. (CVE-2015-6565) To generate a diff of this commit: cvs rdiff -u -r1.11.4.1 -r1.11.4.1.2.1 \ src/crypto/external/bsd/openssh/dist/channels.c cvs rdiff -u -r1.8.4.1 -r1.8.4.1.2.1 \ src/crypto/external/bsd/openssh/dist/channels.h cvs rdiff -u -r1.10.4.1 -r1.10.4.1.2.1 \ src/crypto/external/bsd/openssh/dist/clientloop.c cvs rdiff -u -r1.2.26.1 -r1.2.26.1.2.1 \ src/crypto/external/bsd/openssh/dist/sshpty.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/channels.c diff -u src/crypto/external/bsd/openssh/dist/channels.c:1.11.4.1 src/crypto/external/bsd/openssh/dist/channels.c:1.11.4.1.2.1 --- src/crypto/external/bsd/openssh/dist/channels.c:1.11.4.1 Thu Apr 30 06:07:30 2015 +++ src/crypto/external/bsd/openssh/dist/channels.c Fri Mar 11 12:23:58 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: channels.c,v 1.11.4.1 2015/04/30 06:07:30 riz Exp $ */ +/* $NetBSD: channels.c,v 1.11.4.1.2.1 2016/03/11 12:23:58 martin Exp $ */ /* $OpenBSD: channels.c,v 1.341 2015/02/06 23:21:59 millert Exp $ */ /* * Author: Tatu Ylonen@@ -41,7 +41,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: channels.c,v 1.11.4.1 2015/04/30 06:07:30 riz Exp $"); +__RCSID("$NetBSD: channels.c,v 1.11.4.1.2.1 2016/03/11 12:23:58 martin Exp $"); #include #include #include /* MIN MAX */ @@ -163,6 +163,9 @@ static char *x11_saved_proto = NULL; static char *x11_saved_data = NULL; static u_int x11_saved_data_len = 0; +/* Deadline after which all X11 connections are refused */ +static u_int x11_refuse_time; + /* * Fake X11 authentication data. This is what the server will be sending us; * we should replace any occurrences of this by the real data. @@ -938,6 +941,13 @@ x11_open_helper(Buffer *b) u_char *ucp; u_int proto_len, data_len; + /* Is this being called after the refusal deadline? */ + if (x11_refuse_time != 0 && (u_int)monotime() >= x11_refuse_time) { + verbose("Rejected X11 connection after ForwardX11Timeout " + "expired"); + return -1; + } + /* Check if the fixed size part of the packet is in buffer. */ if (buffer_len(b) < 12) return 0; @@ -1509,6 +1519,12 @@ channel_set_reuseaddr(int fd) error("setsockopt SO_REUSEADDR fd %d: %s", fd, strerror(errno)); } +void +channel_set_x11_refuse_time(u_int refuse_time) +{ + x11_refuse_time = refuse_time; +} + /* * This socket is listening for connections to a forwarded TCP/IP port. */ Index: src/crypto/external/bsd/openssh/dist/channels.h diff -u src/crypto/external/bsd/openssh/dist/channels.h:1.8.4.1 src/crypto/external/bsd/openssh/dist/channels.h:1.8.4.1.2.1 --- src/crypto/external/bsd/openssh/dist/channels.h:1.8.4.1 Thu Apr 30 06:07:30 2015 +++ src/crypto/external/bsd/openssh/dist/channels.h Fri Mar 11 12:23:58 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: channels.h,v 1.8.4.1 2015/04/30 06:07:30 riz Exp $ */ +/* $NetBSD: channels.h,v 1.8.4.1.2.1 2016/03/11 12:23:58 martin Exp $ */ /* $OpenBSD: channels.h,v 1.116 2015/01/19 20:07:45 markus Exp $ */ /* @@ -287,6 +287,7 @@ int permitopen_port(const char *); /* x11 forwarding */ +void channel_set_x11_refuse_time(u_int); int x11_connect_display(void); int x11_create_display_inet(int, int, int, u_int *, int **); int x11_input_open(int, u_int32_t, void *); Index: src/crypto/external/bsd/openssh/dist/clientloop.c diff -u src/crypto/external/bsd/openssh/dist/clientloop.c:1.10.4.1 src/crypto/external/bsd/openssh/dist/clientloop.c:1.10.4.1.2.1 --- src/crypto/external/bsd/openssh/dist/clientloop.c:1.10.4.1 Thu Apr 30 06:07:30 2015 +++ src/crypto/external/bsd/openssh/dist/clientloop.c Fri Mar 11 12:23:58 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: clientloop.c,v 1.10.4.1 2015/04/30 06:07:30 riz Exp $ */ +/* $NetBSD: clientloop.c,v 1.10.4.1.2.1 2016/03/11 12:23:58 martin Exp $ */ /* $OpenBSD: clientloop.c,v 1.272 2015/02/25 19:54:02 djm Exp $ */ /* * Author: Tatu Ylonen @@ -61,7 +61,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: clientloop.c,v 1.10.4.1 2015/04/30 06:07:30 riz Exp $"); +__RCSID("$NetBSD: clientloop.c,v 1.10.4.1.2.1 2016/03/11 12:23:58 martin Exp $"); #include /* MIN MAX */ #include @@ -159,7 +159,7 @@ static int connection_in; /* Connection static int connection_out; /* Connection to server (output). */ static int need_rekeying; /* Set to non-zero if rekeying is requested. */ static int session_closed; /* In SSH2: login session closed. */ -static int x11_refuse_time; /* If >0,
CVS commit: [netbsd-7-0] src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: snj Date: Mon Feb 22 11:24:18 UTC 2016 Modified Files: src/crypto/external/bsd/openssh/dist [netbsd-7-0]: readconf.c ssh.c Log Message: Pull up following revision(s) (requested by christos in ticket #1075): crypto/external/bsd/openssh/dist/readconf.c: patch crypto/external/bsd/openssh/dist/ssh.c: patch Fix CVE CVE-2016-0777 by disabling roaming completely. To generate a diff of this commit: cvs rdiff -u -r1.11.4.1 -r1.11.4.1.2.1 \ src/crypto/external/bsd/openssh/dist/readconf.c cvs rdiff -u -r1.14.4.1 -r1.14.4.1.2.1 \ src/crypto/external/bsd/openssh/dist/ssh.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/readconf.c diff -u src/crypto/external/bsd/openssh/dist/readconf.c:1.11.4.1 src/crypto/external/bsd/openssh/dist/readconf.c:1.11.4.1.2.1 --- src/crypto/external/bsd/openssh/dist/readconf.c:1.11.4.1 Thu Apr 30 06:07:30 2015 +++ src/crypto/external/bsd/openssh/dist/readconf.c Mon Feb 22 11:24:18 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: readconf.c,v 1.11.4.1 2015/04/30 06:07:30 riz Exp $ */ +/* $NetBSD: readconf.c,v 1.11.4.1.2.1 2016/02/22 11:24:18 snj Exp $ */ /* $OpenBSD: readconf.c,v 1.232 2015/02/16 22:13:32 djm Exp $ */ /* * Author: Tatu Ylonen@@ -14,7 +14,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: readconf.c,v 1.11.4.1 2015/04/30 06:07:30 riz Exp $"); +__RCSID("$NetBSD: readconf.c,v 1.11.4.1.2.1 2016/02/22 11:24:18 snj Exp $"); #include #include #include @@ -1745,7 +1745,7 @@ initialize_options(Options * options) options->tun_remote = -1; options->local_command = NULL; options->permit_local_command = -1; - options->use_roaming = -1; + options->use_roaming = 0; options->visual_host_key = -1; options->ip_qos_interactive = -1; options->ip_qos_bulk = -1; @@ -1960,8 +1960,7 @@ fill_default_options(Options * options) options->tun_remote = SSH_TUNID_ANY; if (options->permit_local_command == -1) options->permit_local_command = 0; - if (options->use_roaming == -1) - options->use_roaming = 1; + options->use_roaming = 0; if (options->visual_host_key == -1) options->visual_host_key = 0; if (options->ip_qos_interactive == -1) Index: src/crypto/external/bsd/openssh/dist/ssh.c diff -u src/crypto/external/bsd/openssh/dist/ssh.c:1.14.4.1 src/crypto/external/bsd/openssh/dist/ssh.c:1.14.4.1.2.1 --- src/crypto/external/bsd/openssh/dist/ssh.c:1.14.4.1 Thu Apr 30 06:07:30 2015 +++ src/crypto/external/bsd/openssh/dist/ssh.c Mon Feb 22 11:24:18 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: ssh.c,v 1.14.4.1 2015/04/30 06:07:30 riz Exp $ */ +/* $NetBSD: ssh.c,v 1.14.4.1.2.1 2016/02/22 11:24:18 snj Exp $ */ /* $OpenBSD: ssh.c,v 1.416 2015/03/03 06:48:58 djm Exp $ */ /* * Author: Tatu Ylonen @@ -42,7 +42,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: ssh.c,v 1.14.4.1 2015/04/30 06:07:30 riz Exp $"); +__RCSID("$NetBSD: ssh.c,v 1.14.4.1.2.1 2016/02/22 11:24:18 snj Exp $"); #include #include #include @@ -1963,9 +1963,6 @@ ssh_session2(void) fork_postauth(); } - if (options.use_roaming) - request_roaming(); - return client_loop(tty_flag, tty_flag ? options.escape_char : SSH_ESCAPECHAR_NONE, id); }
CVS commit: [netbsd-7-0] src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: riz Date: Tue Jan 26 01:30:41 UTC 2016 Modified Files: src/crypto/external/bsd/openssh/dist [netbsd-7-0]: sftp.c Log Message: Pull up following revision(s) (requested by snj in ticket #1066): crypto/external/bsd/openssh/dist/sftp.c: revision 1.17 PR/50564: Rin Okuyama: sftp: filename completion is broken To generate a diff of this commit: cvs rdiff -u -r1.12.4.1 -r1.12.4.1.2.1 \ src/crypto/external/bsd/openssh/dist/sftp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/sftp.c diff -u src/crypto/external/bsd/openssh/dist/sftp.c:1.12.4.1 src/crypto/external/bsd/openssh/dist/sftp.c:1.12.4.1.2.1 --- src/crypto/external/bsd/openssh/dist/sftp.c:1.12.4.1 Thu Apr 30 06:07:30 2015 +++ src/crypto/external/bsd/openssh/dist/sftp.c Tue Jan 26 01:30:40 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: sftp.c,v 1.12.4.1 2015/04/30 06:07:30 riz Exp $ */ +/* $NetBSD: sftp.c,v 1.12.4.1.2.1 2016/01/26 01:30:40 riz Exp $ */ /* $OpenBSD: sftp.c,v 1.170 2015/01/20 23:14:00 deraadt Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller@@ -17,7 +17,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: sftp.c,v 1.12.4.1 2015/04/30 06:07:30 riz Exp $"); +__RCSID("$NetBSD: sftp.c,v 1.12.4.1.2.1 2016/01/26 01:30:40 riz Exp $"); #include /* MIN MAX */ #include #include @@ -1845,8 +1845,8 @@ complete_match(EditLine *el, struct sftp if (remote != LOCAL) { tmp = make_absolute(tmp, remote_path); remote_glob(conn, tmp, GLOB_DOOFFS|GLOB_MARK, NULL, ); + } else glob(tmp, GLOB_LIMIT|GLOB_DOOFFS|GLOB_MARK, NULL, ); - } /* Determine length of pwd so we can trim completion display */ for (hadglob = tmplen = pwdlen = 0; tmp[tmplen] != 0; tmplen++) {