Commit Graph

1001 Commits

Author SHA1 Message Date
Dag-Erling Smørgrav
9860d96e8f Re-add HPN configuration options as deprecated options to avoid breaking
existing configurations that use them.  Note that there is no functional
difference between OpenSSH with HPN and OpenSSH without HPN.
2016-01-19 18:38:17 +00:00
Dag-Erling Smørgrav
bc5531debe Upgrade to OpenSSH 6.8p1. 2016-01-19 18:28:23 +00:00
Dag-Erling Smørgrav
00912a2021 Now that we have local modifications in configure.ac and configure, run
autoheader and autoconf to avoid having to patch configure manually.
2016-01-19 17:20:07 +00:00
Dag-Erling Smørgrav
a0ee8cc636 Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed
upstream) and a number of security fixes which we had already backported.

MFC after:	1 week
2016-01-19 16:18:26 +00:00
Dag-Erling Smørgrav
60c59fad88 As previously threatened, remove the HPN patch from OpenSSH. 2016-01-19 14:38:20 +00:00
Dag-Erling Smørgrav
5ecdd3c4d3 Use 'svn list -R' instead of find, and recognize comments in shell scripts
and {ssh,sshd}_config.
2016-01-19 14:25:22 +00:00
Dag-Erling Smørgrav
c1ea5e1a86 Recognize *roff comments. 2016-01-19 13:15:57 +00:00
Dag-Erling Smørgrav
50356f4843 Update the pre- and post-merge scripts to work correctly after the recent
cleanup.  A round-trip (./freebsd-pre-merge.sh ; ./freebsd-post-merge.sh)
now results in an unchanged working copy.
2016-01-19 12:38:53 +00:00
Gleb Smirnoff
1026c03c28 Fix OpenSSH client information leak.
Security:	SA-16:07.openssh
Security:	CVE-2016-0777
2016-01-14 22:40:46 +00:00
Dag-Erling Smørgrav
22f393c35d Incorrect length in calloc() call, already fixed upstream.
PR:		204769
Submitted by:	David Binderman <dcb314@hotmail.com>
MFC after:	1 week
2015-12-17 19:36:25 +00:00
Jung-uk Kim
80815a778e Merge OpenSSL 1.0.2e. 2015-12-03 21:13:35 +00:00
Jung-uk Kim
737d7e8d39 Import OpenSSL 1.0.2e. 2015-12-03 17:22:58 +00:00
Dag-Erling Smørgrav
6dd7775dfd r291198 inadvertantly reverted a local patch for the default location
of ssh-askpass and xauth, breaking X11 forwarding.
2015-11-26 23:05:40 +00:00
Dag-Erling Smørgrav
af12673615 Revert inadvertent commit of an incorrect patch 2015-11-24 16:07:03 +00:00
Dag-Erling Smørgrav
db83e5424b Remove description of the now-defunct NoneEnabled option. 2015-11-24 16:06:15 +00:00
Dag-Erling Smørgrav
1765946ba9 Retire the NONE cipher option. 2015-11-23 12:48:13 +00:00
Jung-uk Kim
2409c5b0cc Remove duplicate manual pages.
Reported by:	brd
2015-11-16 21:36:15 +00:00
Dag-Erling Smørgrav
f2e553364c Remove dead code. 2015-11-11 13:47:23 +00:00
Dag-Erling Smørgrav
845c9bd1d9 One more $Mdocdate$ 2015-11-11 13:27:58 +00:00
Dag-Erling Smørgrav
5bec830e40 Remove /* $FreeBSD$ */ from files that already have __RCSID("$FreeBSD$"). 2015-11-11 13:26:47 +00:00
Dag-Erling Smørgrav
5b71b2ebe0 Now that we have mandoc, we can leave $Mdocdate$ tags as-is. Unfortunately,
there is (currently) no way to make Subversion generate correct $Mdocdate$
tags, but perhas we can teach mandoc to read Subversion's %d format.
2015-11-11 13:23:07 +00:00
Jung-uk Kim
7bded2db17 Merge OpenSSL 1.0.2d. 2015-10-30 20:51:33 +00:00
Jung-uk Kim
e9fcefce9b Import OpenSSL 1.0.2d. 2015-10-23 19:46:02 +00:00
Xin LI
1e415e2992 Fix OpenSSH multiple vulnerabilities by backporting three changes
from OpenSSH-portable master.

Git revisions:	45b0eb752c94954a6de046bfaaf129e518ad4b5b
		5e75f5198769056089fb06c4d738ab0e5abc66f7
		d4697fe9a28dab7255c60433e4dd23cf7fce8a8b
Reviewed by:	des
Security:	FreeBSD-SA-15:22.openssh
2015-08-25 20:48:37 +00:00
Xin LI
3a0b9b7735 Fix multiple OpenSSH vulnerabilities.
Security:	CVE-2014-2653
Security:	CVE-2015-5600
Security:	FreeBSD-SA-15:16.openssh
2015-07-28 19:58:38 +00:00
Eric van Gyzen
3e74849a1e ssh: canonicize the host name before looking it up in the host file
Re-apply r99054 by des in 2002.  This was accidentally dropped
by the update to OpenSSH 6.5p1 (r261320).

This change is actually taken from r387082 of
ports/security/openssh-portable/files/patch-ssh.c

PR:		198043
Differential Revision:	https://reviews.freebsd.org/D3103
Reviewed by:	des
Approved by:	kib (mentor)
MFC after:	3 days
Relnotes:	yes
Sponsored by:	Dell Inc.
2015-07-16 18:44:18 +00:00
Jung-uk Kim
45c1772ea0 Merge OpenSSL 1.0.1p. 2015-07-09 17:07:45 +00:00
Jung-uk Kim
c07d7b3a38 Import OpenSSL 1.0.1p. 2015-07-09 16:41:34 +00:00
Jung-uk Kim
d47910c6ed Merge OpenSSL 1.0.1o. 2015-06-12 16:48:26 +00:00
Jung-uk Kim
15533bcc35 Import OpenSSL 1.0.1o. 2015-06-12 16:33:55 +00:00
Jung-uk Kim
ed6b93be54 Merge OpenSSL 1.0.1n. 2015-06-11 19:00:55 +00:00
Jung-uk Kim
a9745f9a84 Import OpenSSL 1.0.1n. 2015-06-11 17:56:16 +00:00
Dag-Erling Smørgrav
8a1ab32008 Import new moduli from OpenBSD. Although there is no reason to distrust
the current set, it is good hygiene to change them once in a while.

MFC after:	1 week
2015-05-26 19:46:41 +00:00
Bryan Drewery
e3bd730f60 Use proper CHAN_TCP_PACKET_DEFAULT for agent forwarding when HPN disabled.
The use of CHAN_TCP_WINDOW_DEFAULT here was fixed in upstream OpenSSH
in CVS 1.4810, git 5baa170d771de9e95cf30b4c469ece684244cf3e:

  - dtucker@cvs.openbsd.org 2007/12/28 22:34:47
    [clientloop.c]
    Use the correct packet maximum sizes for remote port and agent forwarding.
    Prevents the server from killing the connection if too much data is queued
    and an excessively large packet gets sent.  bz #1360, ok djm@.

The change was lost due to the the way the original upstream HPN patch
modified this code. It was re-adding the original OpenSSH code and never
was properly fixed to use the new value.

MFC after:	2 weeks
2015-04-02 18:43:25 +00:00
Bryan Drewery
6e57108113 Document "none" for VersionAddendum.
PR:		193127
MFC after:	2 weeks
2015-03-23 02:45:12 +00:00
Jung-uk Kim
6f9291cea8 Merge OpenSSL 1.0.1m. 2015-03-20 19:16:18 +00:00
Jung-uk Kim
3d2030852d Import OpenSSL 1.0.1m. 2015-03-20 15:28:40 +00:00
Jung-uk Kim
dc2b908f54 Merge OpenSSL 1.0.1l.
MFC after:	1 week
Relnotes:	yes
2015-01-16 21:03:23 +00:00
Jung-uk Kim
8f5086671f Import OpenSSL 1.0.1l. 2015-01-16 19:52:36 +00:00
Jung-uk Kim
de496999fe MFV: r276862
Fix build.
2015-01-09 00:42:10 +00:00
Jung-uk Kim
973cfcbfe1 Fix build failure on Windows due to undefined cflags identifier.
5c5e7e1a7e
2015-01-09 00:12:20 +00:00
Jung-uk Kim
751d29910b Merge OpenSSL 1.0.1k. 2015-01-08 23:42:41 +00:00
Jung-uk Kim
c6485458b3 Import OpenSSL 1.0.1k. 2015-01-08 22:40:39 +00:00
Jung-uk Kim
fa5fddf171 Merge OpenSSL 1.0.1j. 2014-10-15 19:12:05 +00:00
Jung-uk Kim
58ab7656b2 Import OpenSSL 1.0.1j. 2014-10-15 17:32:57 +00:00
Glen Barber
28c80a7dd8 Include the gssapi_krb5 library in KRB5_LDFLAGS.
PR:		156245
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2014-09-08 19:00:13 +00:00
Jung-uk Kim
a93cbc2be8 Merge OpenSSL 1.0.1i. 2014-08-07 18:56:10 +00:00
Jung-uk Kim
cb6864802e Import OpenSSL 1.0.1i. 2014-08-07 16:49:55 +00:00
Jung-uk Kim
94ad176c68 Merge OpenSSL 1.0.1h.
Approved by:	so (delphij)
2014-06-09 05:50:57 +00:00
Jung-uk Kim
2e22f5e2e0 Import OpenSSL 1.0.1h.
Approved by:	so (delphij)
2014-06-06 20:59:29 +00:00
Xin LI
4a448cff07 Fix OpenSSL multiple vulnerabilities.
Security:	CVE-2014-0195, CVE-2014-0221, CVE-2014-0224,
		CVE-2014-3470
Security:	SA-14:14.openssl
Approved by:	so
2014-06-05 12:32:16 +00:00
Steven Hartland
4b0b2f2d1b Change comment about HPNDisabled to match the style of other options to
avoid confusion.

Sponsored by:	Multiplay
2014-05-20 10:28:19 +00:00
Xin LI
f5da602e47 Fix OpenSSL NULL pointer deference vulnerability.
Obtained from:	OpenBSD
Security:	FreeBSD-SA-14:09.openssl
Security:	CVE-2014-0198
2014-05-13 23:17:24 +00:00
Xin LI
e38c714ed3 Fix OpenSSL use-after-free vulnerability.
Obtained from:	OpenBSD
Security:	FreeBSD-SA-14:09.openssl
Security:	CVE-2010-5298
2014-04-30 04:02:36 +00:00
Dag-Erling Smørgrav
30a0343983 Apply upstream patch for EC calculation bug and bump version addendum. 2014-04-20 11:34:33 +00:00
Warner Losh
3bdf775801 NO_MAN= has been deprecated in favor of MAN= for some time, go ahead
and finish the job. ncurses is now the only Makefile in the tree that
uses it since it wasn't a simple mechanical change, and will be
addressed in a future commit.
2014-04-13 05:21:56 +00:00
Dag-Erling Smørgrav
b8f726b41c Restore the pX part to the version number printed in debugging mode. 2014-04-09 20:42:00 +00:00
Jung-uk Kim
560ede85d4 Merge OpenSSL 1.0.1g.
Approved by:	benl (maintainer)
2014-04-08 21:06:58 +00:00
Jung-uk Kim
06369e3974 Import OpenSSL 1.0.1g.
Approved by:	benl (maintainer)
2014-04-08 20:15:18 +00:00
Xin LI
25bfde79d6 Fix NFS deadlock vulnerability. [SA-14:05]
Fix "Heartbleed" vulnerability and ECDSA Cache Side-channel
Attack in OpenSSL. [SA-14:06]
2014-04-08 18:27:32 +00:00
Dag-Erling Smørgrav
b83788ff87 Upgrade to OpenSSH 6.6p1. 2014-03-25 11:05:34 +00:00
Dag-Erling Smørgrav
cf783db152 Add a pre-merge script which reverts mechanical changes such as added
$FreeBSD$ tags and man page dates.

Add a post-merge script which reapplies these changes.

Run both scripts to normalize the existing code base.  As a result, many
files which should have had $FreeBSD$ tags but didn't now have them.

Partly rewrite the upgrade instructions and remove the now outdated
list of tricks.
2014-03-24 19:15:13 +00:00
Robert Watson
b881b8be1d Update most userspace consumers of capability.h to use capsicum.h instead.
auditdistd is not updated as I will make the change upstream and then do a
vendor import sometime in the next week or two.

MFC after:	3 weeks
2014-03-16 11:04:44 +00:00
Pawel Jakub Dawidek
d62289d013 Fix installations that use kernels without CAPABILITIES support.
Approved by:	des
2014-02-04 21:48:09 +00:00
Dag-Erling Smørgrav
2b1970f362 Turn sandboxing on by default. 2014-02-01 00:07:16 +00:00
Dag-Erling Smørgrav
f7167e0ea0 Upgrade to OpenSSH 6.5p1. 2014-01-31 13:12:02 +00:00
Jung-uk Kim
de78d5d8fd Merge OpenSSL 1.0.1f.
Approved by:	so (delphij), benl (silence)
2014-01-22 19:57:11 +00:00
Jung-uk Kim
2dc7f78169 Import OpenSSL 1.0.1f.
Approved by:	so (delphij), benl (silence)
2014-01-22 19:27:13 +00:00
Xin LI
246aa294d7 MFV r260399:
Apply vendor commits:

197e0ea	Fix for TLS record tampering bug.  (CVE-2013-4353).
3462896	For DTLS we might need to retransmit messages from the
	previous session so keep a copy of write context in DTLS
	retransmission buffers instead of replacing it after
	sending CCS.  (CVE-2013-6450).
ca98926 When deciding whether to use TLS 1.2 PRF and record hash
	algorithms use the version number in the corresponding
	SSL_METHOD structure instead of the SSL structure.  The
	SSL structure version is sometimes inaccurate.
	Note: OpenSSL 1.0.2 and later effectively do this already.
	(CVE-2013-6449).

Security:	CVE-2013-4353
Security:	CVE-2013-6449
Security:	CVE-2013-6450
2014-01-07 19:58:45 +00:00
Benjamin Kaduk
0782240958 Apply patch from upstream Heimdal for encoding fix
RFC 4402 specifies the implementation of the gss_pseudo_random()
function for the krb5 mechanism (and the C bindings therein).
The implementation uses a PRF+ function that concatenates the output
of individual krb5 pseudo-random operations produced with a counter
and seed.  The original implementation of this function in Heimdal
incorrectly encoded the counter as a little-endian integer, but the
RFC specifies the counter encoding as big-endian.  The implementation
initializes the counter to zero, so the first block of output (16 octets,
for the modern AES enctypes 17 and 18) is unchanged.  (RFC 4402 specifies
that the counter should begin at 1, but both existing implementations
begin with zero and it looks like the standard will be re-issued, with
test vectors, to begin at zero.)

This is upstream's commit f85652af868e64811f2b32b815d4198e7f9017f6,
from 13 October, 2013:
% Fix krb5's gss_pseudo_random() (n is big-endian)
%
% The first enctype RFC3961 prf output length's bytes are correct because
% the little- and big-endian representations of unsigned zero are the
% same.  The second block of output was wrong because the counter was not
% being encoded as big-endian.
%
% This change could break applications.  But those applications would not
% have been interoperating with other implementations anyways (in
% particular: MIT's).

Approved by:	hrs (mentor, src committer)
MFC after:	3 days
2013-12-13 03:09:29 +00:00
Xin LI
0a37d4a300 MFV r257952:
Upgrade to OpenSSH 6.4p1.

Bump VersionAddendum.

Approved by:	des
2013-11-11 09:19:58 +00:00
Dag-Erling Smørgrav
0085282b6a Unbreak the WITHOUT_KERBEROS build and try to reduce the odds of a
repeat performance by introducing a script that runs configure with and
without Kerberos, diffs the result and generates krb5_config.h, which
contains the preprocessor macros that need to be defined in the Kerberos
case and undefined otherwise.

Approved by:	re (marius)
2013-09-23 20:35:54 +00:00
Dag-Erling Smørgrav
ce3adf4362 Pull in all the OpenSSH bits that we'd previously left out because we
didn't use them.  This will make future merges from the vendor tree much
easier.

Approved by:	re (gjb)
2013-09-21 22:24:10 +00:00
Dag-Erling Smørgrav
e4a9863fb7 Upgrade to 6.3p1.
Approved by:	re (gjb)
2013-09-21 21:36:09 +00:00
Dag-Erling Smørgrav
83c6a5242c Change the default value of VerifyHostKeyDNS to "yes" if compiled with
LDNS.  With that setting, OpenSSH will silently accept host keys that
match verified SSHFP records.  If an SSHFP record exists but could not
be verified, OpenSSH will print a message and prompt the user as usual.

Approved by:	re (blanket)
2013-09-10 22:30:22 +00:00
Dag-Erling Smørgrav
58d839214e These three files appeared in 6.0p1, which was imported into the vendor
branch but never merged to head.  They were inadvertantly left out when
6.1p1 was merged to head.  It didn't make any difference at the time,
because they were unused, but one of them is required for DNS-based host
key verification.

Approved by:	re (blanket)
2013-09-09 13:56:58 +00:00
Dag-Erling Smørgrav
fb0edcbb74 Apply upstream revision 1.151 (fix relative symlinks)
MFC after:	3 days
2013-08-13 09:06:18 +00:00
Xin LI
14bf23ce31 MFV r254106 (OpenSSL bugfix for RT #2984):
Check DTLS_BAD_VER for version number.

The version check for DTLS1_VERSION was redundant as
DTLS1_VERSION > TLS1_1_VERSION, however we do need to
check for DTLS1_BAD_VER for compatibility.

Requested by:	zi
Approved by:	benl
2013-08-08 22:29:35 +00:00
Hiroki Sato
3fbceebb4a Fix gssapi/gssapi_krb5.h after Heimdal 1.5.1 import.
Reviewed by:	dfr
2013-06-30 07:46:22 +00:00
Dag-Erling Smørgrav
aa0dd44b14 r251088 reverted the default value for UsePrivilegeSeparation from
"sandbox" to "yes", but did not update the documentation to match.
2013-06-28 09:41:59 +00:00
Dag-Erling Smørgrav
c89ea4d72b Revert a local change that sets the default for UsePrivilegeSeparation to
"sandbox" instead of "yes".  In sandbox mode, the privsep child is unable
to load additional libraries and will therefore crash when trying to take
advantage of crypto offloading on CPUs that support it.
2013-05-29 00:19:58 +00:00
Bjoern A. Zeeb
9c91c227c7 Have the ipropd-master listen on an IPv6 socket in addition to an IPv4
socket to allow propagation of changes to a Heimdal Kerberos database
from the KDC master to the slave(s) work on IPv6 as well.

Update the stats logging to also handle IPv6 addresses.

Reported by:		peter (found on FreeBSD cluster)
X-to-be-tested-by:	peter
MFC after:		3 weeks
2013-05-18 18:01:21 +00:00
Dag-Erling Smørgrav
420bce642c Upgrade to OpenSSH 6.2p2. Mostly a no-op since I had already patched
the issues that affected us.
2013-05-17 09:12:33 +00:00
Bryan Drewery
f13e3f2087 The HPN patch added a new BUG bit for SSH_BUG_LARGEWINDOW
and the update to 6.1 added SSH_BUG_DYNAMIC_RPORT with the
same value.

Fix the HPN SSH_BUG_LARGEWINDOW bit so it is unique.

Approved by:	des
MFC after:	2 weeks
2013-05-13 11:32:20 +00:00
Dag-Erling Smørgrav
733706130a Merge updated "no such identity file" patch.
PR:		bin/178060
2013-04-24 12:36:37 +00:00
Dag-Erling Smørgrav
f29b8a64d0 Silence "received disconnect" in the common case. 2013-04-14 13:06:07 +00:00
Dag-Erling Smørgrav
fa67e83c67 Merge upstream patch to silence spurious "no such identity file" warnings. 2013-04-02 11:44:55 +00:00
Dag-Erling Smørgrav
5992891888 Silence printf format warnings. 2013-04-02 11:42:39 +00:00
Dag-Erling Smørgrav
ee8c73cd06 Silence warnings about redefined macros. 2013-04-01 13:48:30 +00:00
Dag-Erling Smørgrav
009fd5a774 Revert r247892 now that this has been fixed upstream. 2013-03-23 14:52:31 +00:00
Dag-Erling Smørgrav
6888a9be56 Upgrade to OpenSSH 6.2p1. The most important new features are support
for a key revocation list and more fine-grained authentication control.
2013-03-22 17:55:38 +00:00
Dag-Erling Smørgrav
c5c0dc9146 Keep the default AuthorizedKeysFile setting. Although authorized_keys2
has been deprecated for a while, some people still use it and were
unpleasantly surprised by this change.

I may revert this commit at a later date if I can come up with a way
to give users who still have authorized_keys2 files sufficient advance
warning.

MFC after:	ASAP
2013-03-18 10:50:50 +00:00
Dag-Erling Smørgrav
2ec88e9d1b Unlike OpenBSD's, our setusercontext() will intentionally ignore the user's
own umask setting (from ~/.login.conf) unless running with the user's UID.
Therefore, we need to call it again with LOGIN_SETUMASK after changing UID.

PR:		bin/176740
Submitted by:	John Marshall <john.marshall@riverwillow.com.au>
MFC after:	1 week
2013-03-13 09:41:55 +00:00
Dag-Erling Smørgrav
29911fcacc Partially revert r247892 and r247904 since our strnvis() does not
behave the way OpenSSH expects.
2013-03-07 14:38:43 +00:00
Dag-Erling Smørgrav
e9a6213037 Remove strnvis(), strvis(), strvisx(). 2013-03-06 23:22:40 +00:00
Dag-Erling Smørgrav
d9bb67e8ce Explicitly disable lastlog, utmp and wtmp. 2013-03-06 13:46:20 +00:00
Dimitry Andric
d2a99d8189 Import change 6d783560e4aad1e680097d11e89755647a5aba87 from upstream
heimdal:

  fix sizeof(uuid)

Found by:	clang ToT
Reviewed by:	stas
2013-02-19 17:38:18 +00:00
Jung-uk Kim
09286989d3 Merge OpenSSL 1.0.1e.
Approved by:	secteam (simon), benl (silence)
2013-02-13 23:07:20 +00:00
Jung-uk Kim
b39da7f721 Change "the the" to "the". It is a continuation of r226436 and missed in
r237658.

Approved by:	benl (maintainer, implicit)
2013-02-13 22:38:20 +00:00
Jung-uk Kim
f3b8b34a88 Import OpenSSL 1.0.1e.
Approved by:	secteam (delphij, simon), benl (silence)
2013-02-13 22:15:56 +00:00