Upgrade to OpenSSH 7.1p2.
This commit is contained in:
commit
fc1ba28a5c
File diff suppressed because it is too large
Load Diff
@ -1,4 +1,8 @@
|
||||
See http://www.openssh.com/txt/release-7.0 for the release notes.
|
||||
See http://www.openssh.com/txt/release-7.1p2 for the release notes.
|
||||
|
||||
Please read http://www.openssh.com/report.html for bug reporting
|
||||
instructions and note that we do not use Github for bug reporting or
|
||||
patch/pull-request management.
|
||||
|
||||
- A Japanese translation of this document and of the OpenSSH FAQ is
|
||||
- available at http://www.unixuser.org/~haruyama/security/openssh/index.html
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: auth.c,v 1.112 2015/08/06 14:53:21 deraadt Exp $ */
|
||||
/* $OpenBSD: auth.c,v 1.113 2015/08/21 03:42:19 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@ -355,7 +355,7 @@ auth_root_allowed(const char *method)
|
||||
case PERMIT_NO_PASSWD:
|
||||
if (strcmp(method, "publickey") == 0 ||
|
||||
strcmp(method, "hostbased") == 0 ||
|
||||
strcmp(method, "gssapi-with-mic"))
|
||||
strcmp(method, "gssapi-with-mic") == 0)
|
||||
return 1;
|
||||
break;
|
||||
case PERMIT_FORCED_ONLY:
|
||||
|
@ -53,7 +53,7 @@ void
|
||||
bitmap_free(struct bitmap *b)
|
||||
{
|
||||
if (b != NULL && b->d != NULL) {
|
||||
memset(b->d, 0, b->len);
|
||||
explicit_bzero(b->d, b->len);
|
||||
free(b->d);
|
||||
}
|
||||
free(b);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: compat.c,v 1.96 2015/07/28 23:20:42 djm Exp $ */
|
||||
/* $OpenBSD: compat.c,v 1.97 2015/08/19 23:21:42 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@ -176,6 +176,7 @@ compat_datafellows(const char *version)
|
||||
"PuTTY_Release_0.63*,"
|
||||
"PuTTY_Release_0.64*",
|
||||
SSH_OLD_DHGEX },
|
||||
{ "FuTTY*", SSH_OLD_DHGEX }, /* Putty Fork */
|
||||
{ "Probe-*",
|
||||
SSH_BUG_PROBE },
|
||||
{ "TeraTerm SSH*,"
|
||||
@ -189,7 +190,17 @@ compat_datafellows(const char *version)
|
||||
"TTSSH/2.70*,"
|
||||
"TTSSH/2.71*,"
|
||||
"TTSSH/2.72*", SSH_BUG_HOSTKEYS },
|
||||
{ "WinSCP*", SSH_OLD_DHGEX },
|
||||
{ "WinSCP_release_4*,"
|
||||
"WinSCP_release_5.0*,"
|
||||
"WinSCP_release_5.1*,"
|
||||
"WinSCP_release_5.5*,"
|
||||
"WinSCP_release_5.6*,"
|
||||
"WinSCP_release_5.7,"
|
||||
"WinSCP_release_5.7.1,"
|
||||
"WinSCP_release_5.7.2,"
|
||||
"WinSCP_release_5.7.3,"
|
||||
"WinSCP_release_5.7.4",
|
||||
SSH_OLD_DHGEX },
|
||||
{ NULL, 0 }
|
||||
};
|
||||
|
||||
|
@ -11,7 +11,7 @@ which allows the use of outbound SSH from behind a SOCKS4, SOCKS5 or
|
||||
https CONNECT style proxy server. His page for connect.c has extensive
|
||||
documentation on its use as well as compiled versions for Win32.
|
||||
|
||||
http://www.taiyo.co.jp/~gotoh/ssh/connect.html
|
||||
https://bitbucket.org/gotoh/connect/wiki/Home
|
||||
|
||||
|
||||
X11 SSH Askpass:
|
||||
|
@ -1,4 +1,4 @@
|
||||
%define ver 7.0p1
|
||||
%define ver 7.1p2
|
||||
%define rel 1
|
||||
|
||||
# OpenSSH privilege separation requires a user & group ID
|
||||
|
@ -13,7 +13,7 @@
|
||||
|
||||
Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
|
||||
Name: openssh
|
||||
Version: 7.0p1
|
||||
Version: 7.1p2
|
||||
URL: http://www.openssh.com/
|
||||
Release: 1
|
||||
Source0: openssh-%{version}.tar.gz
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: dns.c,v 1.34 2015/01/28 22:36:00 djm Exp $ */
|
||||
/* $OpenBSD: dns.c,v 1.35 2015/08/20 22:32:42 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
|
||||
@ -154,7 +154,7 @@ dns_read_rdata(u_int8_t *algorithm, u_int8_t *digest_type,
|
||||
*digest_len = rdata_len - 2;
|
||||
|
||||
if (*digest_len > 0) {
|
||||
*digest = (u_char *) xmalloc(*digest_len);
|
||||
*digest = xmalloc(*digest_len);
|
||||
memcpy(*digest, rdata + 2, *digest_len);
|
||||
} else {
|
||||
*digest = (u_char *)xstrdup("");
|
||||
|
@ -270,13 +270,13 @@ kex_buf2prop(struct sshbuf *raw, int *first_kex_follows, char ***propp)
|
||||
debug2("kex_parse_kexinit: %s", proposal[i]);
|
||||
}
|
||||
/* first kex follows / reserved */
|
||||
if ((r = sshbuf_get_u8(b, &v)) != 0 ||
|
||||
(r = sshbuf_get_u32(b, &i)) != 0)
|
||||
if ((r = sshbuf_get_u8(b, &v)) != 0 || /* first_kex_follows */
|
||||
(r = sshbuf_get_u32(b, &i)) != 0) /* reserved */
|
||||
goto out;
|
||||
if (first_kex_follows != NULL)
|
||||
*first_kex_follows = i;
|
||||
debug2("kex_parse_kexinit: first_kex_follows %d ", v);
|
||||
debug2("kex_parse_kexinit: reserved %u ", i);
|
||||
*first_kex_follows = v;
|
||||
debug2("first_kex_follows %d ", v);
|
||||
debug2("reserved %u ", i);
|
||||
r = 0;
|
||||
*propp = proposal;
|
||||
out:
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: mux.c,v 1.53 2015/05/01 04:03:20 djm Exp $ */
|
||||
/* $OpenBSD: mux.c,v 1.54 2015/08/19 23:18:26 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
|
||||
*
|
||||
@ -666,6 +666,8 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
|
||||
u_int lport, cport;
|
||||
int i, ret = 0, freefwd = 1;
|
||||
|
||||
memset(&fwd, 0, sizeof(fwd));
|
||||
|
||||
/* XXX - lport/cport check redundant */
|
||||
if (buffer_get_int_ret(&ftype, m) != 0 ||
|
||||
(listen_addr = buffer_get_string_ret(m, NULL)) == NULL ||
|
||||
@ -833,6 +835,8 @@ process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
|
||||
int i, ret = 0;
|
||||
u_int lport, cport;
|
||||
|
||||
memset(&fwd, 0, sizeof(fwd));
|
||||
|
||||
if (buffer_get_int_ret(&ftype, m) != 0 ||
|
||||
(listen_addr = buffer_get_string_ret(m, NULL)) == NULL ||
|
||||
buffer_get_int_ret(&lport, m) != 0 ||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: packet.c,v 1.213 2015/07/29 04:43:06 djm Exp $ */
|
||||
/* $OpenBSD: packet.c,v 1.214 2015/08/20 22:32:42 deraadt Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -1273,7 +1273,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
|
||||
|
||||
DBG(debug("packet_read()"));
|
||||
|
||||
setp = (fd_set *)calloc(howmany(state->connection_in + 1,
|
||||
setp = calloc(howmany(state->connection_in + 1,
|
||||
NFDBITS), sizeof(fd_mask));
|
||||
if (setp == NULL)
|
||||
return SSH_ERR_ALLOC_FAIL;
|
||||
@ -1582,6 +1582,7 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
|
||||
logit("Bad packet length %u.", state->packlen);
|
||||
if ((r = sshpkt_disconnect(ssh, "Packet corrupt")) != 0)
|
||||
return r;
|
||||
return SSH_ERR_CONN_CORRUPT;
|
||||
}
|
||||
sshbuf_reset(state->incoming_packet);
|
||||
} else if (state->packlen == 0) {
|
||||
@ -2037,7 +2038,7 @@ ssh_packet_write_wait(struct ssh *ssh)
|
||||
struct timeval start, timeout, *timeoutp = NULL;
|
||||
struct session_state *state = ssh->state;
|
||||
|
||||
setp = (fd_set *)calloc(howmany(state->connection_out + 1,
|
||||
setp = calloc(howmany(state->connection_out + 1,
|
||||
NFDBITS), sizeof(fd_mask));
|
||||
if (setp == NULL)
|
||||
return SSH_ERR_ALLOC_FAIL;
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: sftp-server.c,v 1.106 2015/04/24 01:36:01 deraadt Exp $ */
|
||||
/* $OpenBSD: sftp-server.c,v 1.107 2015/08/20 22:32:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000-2004 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@ -1632,8 +1632,8 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
|
||||
set_size = howmany(max + 1, NFDBITS) * sizeof(fd_mask);
|
||||
rset = (fd_set *)xmalloc(set_size);
|
||||
wset = (fd_set *)xmalloc(set_size);
|
||||
rset = xmalloc(set_size);
|
||||
wset = xmalloc(set_size);
|
||||
|
||||
if (homedir != NULL) {
|
||||
if (chdir(homedir) != 0) {
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: sftp.c,v 1.170 2015/01/20 23:14:00 deraadt Exp $ */
|
||||
/* $OpenBSD: sftp.c,v 1.171 2015/08/20 22:32:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
|
||||
*
|
||||
@ -1958,7 +1958,7 @@ complete(EditLine *el, int ch)
|
||||
|
||||
/* Figure out which argument the cursor points to */
|
||||
cursor = lf->cursor - lf->buffer;
|
||||
line = (char *)xmalloc(cursor + 1);
|
||||
line = xmalloc(cursor + 1);
|
||||
memcpy(line, lf->buffer, cursor);
|
||||
line[cursor] = '\0';
|
||||
argv = makeargv(line, &carg, 1, "e, &terminated);
|
||||
@ -1966,7 +1966,7 @@ complete(EditLine *el, int ch)
|
||||
|
||||
/* Get all the arguments on the line */
|
||||
len = lf->lastchar - lf->buffer;
|
||||
line = (char *)xmalloc(len + 1);
|
||||
line = xmalloc(len + 1);
|
||||
memcpy(line, lf->buffer, len);
|
||||
line[len] = '\0';
|
||||
argv = makeargv(line, &argc, 1, NULL, NULL);
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $OpenBSD: ssh-keygen.1,v 1.126 2015/07/03 03:49:45 djm Exp $
|
||||
.\" $OpenBSD: ssh-keygen.1,v 1.127 2015/08/20 19:20:06 naddy Exp $
|
||||
.\"
|
||||
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -35,7 +35,7 @@
|
||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd $Mdocdate: July 3 2015 $
|
||||
.Dd $Mdocdate: August 20 2015 $
|
||||
.Dt SSH-KEYGEN 1
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -680,7 +680,7 @@ and identifying the CA key by providing its public half as an argument
|
||||
to
|
||||
.Fl s :
|
||||
.Pp
|
||||
.Dl $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id host_key.pub
|
||||
.Dl $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id user_key.pub
|
||||
.Pp
|
||||
In all cases,
|
||||
.Ar key_id
|
||||
@ -693,7 +693,7 @@ By default, generated certificates are valid for all users or hosts.
|
||||
To generate a certificate for a specified set of principals:
|
||||
.Pp
|
||||
.Dl $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub
|
||||
.Dl "$ ssh-keygen -s ca_key -I key_id -h -n host.domain user_key.pub"
|
||||
.Dl "$ ssh-keygen -s ca_key -I key_id -h -n host.domain host_key.pub"
|
||||
.Pp
|
||||
Additional limitations on the validity and use of user certificates may
|
||||
be specified through certificate options.
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: ssh-keygen.c,v 1.276 2015/07/03 03:49:45 djm Exp $ */
|
||||
/* $OpenBSD: ssh-keygen.c,v 1.277 2015/08/19 23:17:51 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -1201,6 +1201,7 @@ do_known_hosts(struct passwd *pw, const char *name)
|
||||
exit(1);
|
||||
} else if (delete_host && !ctx.found_key) {
|
||||
logit("Host %s not found in %s", name, identity_file);
|
||||
if (inplace)
|
||||
unlink(tmp);
|
||||
} else if (inplace) {
|
||||
/* Backup existing file */
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: ssh-pkcs11-helper.c,v 1.10 2015/01/20 23:14:00 deraadt Exp $ */
|
||||
/* $OpenBSD: ssh-pkcs11-helper.c,v 1.11 2015/08/20 22:32:42 deraadt Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2010 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@ -301,8 +301,8 @@ main(int argc, char **argv)
|
||||
buffer_init(&oqueue);
|
||||
|
||||
set_size = howmany(max + 1, NFDBITS) * sizeof(fd_mask);
|
||||
rset = (fd_set *)xmalloc(set_size);
|
||||
wset = (fd_set *)xmalloc(set_size);
|
||||
rset = xmalloc(set_size);
|
||||
wset = xmalloc(set_size);
|
||||
|
||||
for (;;) {
|
||||
memset(rset, 0, set_size);
|
||||
|
@ -48,4 +48,4 @@
|
||||
# ProxyCommand ssh -q -W %h:%p gateway.example.com
|
||||
# RekeyLimit 1G 1h
|
||||
# VerifyHostKeyDNS yes
|
||||
# VersionAddendum FreeBSD-20160119
|
||||
# VersionAddendum FreeBSD-20160121
|
||||
|
@ -33,9 +33,9 @@
|
||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: ssh_config.5,v 1.214 2015/07/30 00:01:34 djm Exp $
|
||||
.\" $OpenBSD: ssh_config.5,v 1.215 2015/08/14 15:32:41 jmc Exp $
|
||||
.\" $FreeBSD$
|
||||
.Dd $Mdocdate: July 30 2015 $
|
||||
.Dd $Mdocdate: August 14 2015 $
|
||||
.Dt SSH_CONFIG 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -416,9 +416,9 @@ chacha20-poly1305@openssh.com
|
||||
.Pp
|
||||
The default is:
|
||||
.Bd -literal -offset indent
|
||||
chacha20-poly1305@openssh.com,
|
||||
aes128-ctr,aes192-ctr,aes256-ctr,
|
||||
aes128-gcm@openssh.com,aes256-gcm@openssh.com,
|
||||
chacha20-poly1305@openssh.com,
|
||||
arcfour256,arcfour128,
|
||||
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,
|
||||
aes192-cbc,aes256-cbc,arcfour
|
||||
@ -1658,7 +1658,7 @@ See also VERIFYING HOST KEYS in
|
||||
Specifies a string to append to the regular version string to identify
|
||||
OS- or site-specific modifications.
|
||||
The default is
|
||||
.Dq FreeBSD-20160119 .
|
||||
.Dq FreeBSD-20160121 .
|
||||
The value
|
||||
.Dq none
|
||||
may be used to disable this.
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: sshbuf-getput-crypto.c,v 1.4 2015/01/14 15:02:39 djm Exp $ */
|
||||
/* $OpenBSD: sshbuf-getput-crypto.c,v 1.5 2016/01/12 23:42:54 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2011 Damien Miller
|
||||
*
|
||||
@ -158,10 +158,10 @@ sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v)
|
||||
if (len > 0 && (d[1] & 0x80) != 0)
|
||||
prepend = 1;
|
||||
if ((r = sshbuf_put_string(buf, d + 1 - prepend, len + prepend)) < 0) {
|
||||
bzero(d, sizeof(d));
|
||||
explicit_bzero(d, sizeof(d));
|
||||
return r;
|
||||
}
|
||||
bzero(d, sizeof(d));
|
||||
explicit_bzero(d, sizeof(d));
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -177,13 +177,13 @@ sshbuf_put_bignum1(struct sshbuf *buf, const BIGNUM *v)
|
||||
if (BN_bn2bin(v, d) != (int)len_bytes)
|
||||
return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */
|
||||
if ((r = sshbuf_reserve(buf, len_bytes + 2, &dp)) < 0) {
|
||||
bzero(d, sizeof(d));
|
||||
explicit_bzero(d, sizeof(d));
|
||||
return r;
|
||||
}
|
||||
POKE_U16(dp, len_bits);
|
||||
if (len_bytes != 0)
|
||||
memcpy(dp + 2, d, len_bytes);
|
||||
bzero(d, sizeof(d));
|
||||
explicit_bzero(d, sizeof(d));
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -210,7 +210,7 @@ sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g)
|
||||
}
|
||||
BN_CTX_free(bn_ctx);
|
||||
ret = sshbuf_put_string(buf, d, len);
|
||||
bzero(d, len);
|
||||
explicit_bzero(d, len);
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: sshbuf-misc.c,v 1.4 2015/03/24 20:03:44 markus Exp $ */
|
||||
/* $OpenBSD: sshbuf-misc.c,v 1.5 2015/10/05 17:11:21 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2011 Damien Miller
|
||||
*
|
||||
@ -103,7 +103,7 @@ sshbuf_dtob64(struct sshbuf *buf)
|
||||
if (SIZE_MAX / 2 <= len || (ret = malloc(plen)) == NULL)
|
||||
return NULL;
|
||||
if ((r = b64_ntop(p, len, ret, plen)) == -1) {
|
||||
bzero(ret, plen);
|
||||
explicit_bzero(ret, plen);
|
||||
free(ret);
|
||||
return NULL;
|
||||
}
|
||||
@ -122,16 +122,16 @@ sshbuf_b64tod(struct sshbuf *buf, const char *b64)
|
||||
if ((p = malloc(plen)) == NULL)
|
||||
return SSH_ERR_ALLOC_FAIL;
|
||||
if ((nlen = b64_pton(b64, p, plen)) < 0) {
|
||||
bzero(p, plen);
|
||||
explicit_bzero(p, plen);
|
||||
free(p);
|
||||
return SSH_ERR_INVALID_FORMAT;
|
||||
}
|
||||
if ((r = sshbuf_put(buf, p, nlen)) < 0) {
|
||||
bzero(p, plen);
|
||||
explicit_bzero(p, plen);
|
||||
free(p);
|
||||
return r;
|
||||
}
|
||||
bzero(p, plen);
|
||||
explicit_bzero(p, plen);
|
||||
free(p);
|
||||
return 0;
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: sshbuf.c,v 1.3 2015/01/20 23:14:00 deraadt Exp $ */
|
||||
/* $OpenBSD: sshbuf.c,v 1.4 2015/10/05 17:11:21 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2011 Damien Miller
|
||||
*
|
||||
@ -134,7 +134,7 @@ sshbuf_fromb(struct sshbuf *buf)
|
||||
void
|
||||
sshbuf_init(struct sshbuf *ret)
|
||||
{
|
||||
bzero(ret, sizeof(*ret));
|
||||
explicit_bzero(ret, sizeof(*ret));
|
||||
ret->alloc = SSHBUF_SIZE_INIT;
|
||||
ret->max_size = SSHBUF_SIZE_MAX;
|
||||
ret->readonly = 0;
|
||||
@ -177,10 +177,10 @@ sshbuf_free(struct sshbuf *buf)
|
||||
return;
|
||||
dont_free = buf->dont_free;
|
||||
if (!buf->readonly) {
|
||||
bzero(buf->d, buf->alloc);
|
||||
explicit_bzero(buf->d, buf->alloc);
|
||||
free(buf->d);
|
||||
}
|
||||
bzero(buf, sizeof(*buf));
|
||||
explicit_bzero(buf, sizeof(*buf));
|
||||
if (!dont_free)
|
||||
free(buf);
|
||||
}
|
||||
@ -196,7 +196,7 @@ sshbuf_reset(struct sshbuf *buf)
|
||||
return;
|
||||
}
|
||||
if (sshbuf_check_sanity(buf) == 0)
|
||||
bzero(buf->d, buf->alloc);
|
||||
explicit_bzero(buf->d, buf->alloc);
|
||||
buf->off = buf->size = 0;
|
||||
if (buf->alloc != SSHBUF_SIZE_INIT) {
|
||||
if ((d = realloc(buf->d, SSHBUF_SIZE_INIT)) != NULL) {
|
||||
@ -255,7 +255,7 @@ sshbuf_set_max_size(struct sshbuf *buf, size_t max_size)
|
||||
rlen = roundup(buf->size, SSHBUF_SIZE_INC);
|
||||
if (rlen > max_size)
|
||||
rlen = max_size;
|
||||
bzero(buf->d + buf->size, buf->alloc - buf->size);
|
||||
explicit_bzero(buf->d + buf->size, buf->alloc - buf->size);
|
||||
SSHBUF_DBG(("new alloc = %zu", rlen));
|
||||
if ((dp = realloc(buf->d, rlen)) == NULL)
|
||||
return SSH_ERR_ALLOC_FAIL;
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: sshconnect.c,v 1.262 2015/05/28 05:41:29 dtucker Exp $ */
|
||||
/* $OpenBSD: sshconnect.c,v 1.263 2015/08/20 22:32:42 deraadt Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -358,7 +358,7 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr,
|
||||
goto done;
|
||||
}
|
||||
|
||||
fdset = (fd_set *)xcalloc(howmany(sockfd + 1, NFDBITS),
|
||||
fdset = xcalloc(howmany(sockfd + 1, NFDBITS),
|
||||
sizeof(fd_mask));
|
||||
FD_SET(sockfd, fdset);
|
||||
ms_to_timeval(&tv, *timeoutp);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: sshd.c,v 1.457 2015/07/30 00:01:34 djm Exp $ */
|
||||
/* $OpenBSD: sshd.c,v 1.458 2015/08/20 22:32:42 deraadt Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -642,6 +642,8 @@ privsep_preauth_child(void)
|
||||
arc4random_buf(rnd, sizeof(rnd));
|
||||
#ifdef WITH_OPENSSL
|
||||
RAND_seed(rnd, sizeof(rnd));
|
||||
if ((RAND_bytes((u_char *)rnd, 1)) != 1)
|
||||
fatal("%s: RAND_bytes failed", __func__);
|
||||
#endif
|
||||
explicit_bzero(rnd, sizeof(rnd));
|
||||
|
||||
@ -785,6 +787,8 @@ privsep_postauth(Authctxt *authctxt)
|
||||
arc4random_buf(rnd, sizeof(rnd));
|
||||
#ifdef WITH_OPENSSL
|
||||
RAND_seed(rnd, sizeof(rnd));
|
||||
if ((RAND_bytes((u_char *)rnd, 1)) != 1)
|
||||
fatal("%s: RAND_bytes failed", __func__);
|
||||
#endif
|
||||
explicit_bzero(rnd, sizeof(rnd));
|
||||
|
||||
@ -1276,7 +1280,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
|
||||
sighup_restart();
|
||||
if (fdset != NULL)
|
||||
free(fdset);
|
||||
fdset = (fd_set *)xcalloc(howmany(maxfd + 1, NFDBITS),
|
||||
fdset = xcalloc(howmany(maxfd + 1, NFDBITS),
|
||||
sizeof(fd_mask));
|
||||
|
||||
for (i = 0; i < num_listen_socks; i++)
|
||||
@ -1459,6 +1463,8 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
|
||||
arc4random_buf(rnd, sizeof(rnd));
|
||||
#ifdef WITH_OPENSSL
|
||||
RAND_seed(rnd, sizeof(rnd));
|
||||
if ((RAND_bytes((u_char *)rnd, 1)) != 1)
|
||||
fatal("%s: RAND_bytes failed", __func__);
|
||||
#endif
|
||||
explicit_bzero(rnd, sizeof(rnd));
|
||||
}
|
||||
|
@ -120,7 +120,7 @@
|
||||
#MaxStartups 10:30:100
|
||||
#PermitTunnel no
|
||||
#ChrootDirectory none
|
||||
#VersionAddendum FreeBSD-20160119
|
||||
#VersionAddendum FreeBSD-20160121
|
||||
|
||||
# no default banner path
|
||||
#Banner none
|
||||
|
@ -33,9 +33,9 @@
|
||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: sshd_config.5,v 1.210 2015/08/06 14:53:21 deraadt Exp $
|
||||
.\" $OpenBSD: sshd_config.5,v 1.211 2015/08/14 15:32:41 jmc Exp $
|
||||
.\" $FreeBSD$
|
||||
.Dd $Mdocdate: August 6 2015 $
|
||||
.Dd $Mdocdate: August 14 2015 $
|
||||
.Dt SSHD_CONFIG 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -477,9 +477,9 @@ chacha20-poly1305@openssh.com
|
||||
.Pp
|
||||
The default is:
|
||||
.Bd -literal -offset indent
|
||||
chacha20-poly1305@openssh.com,
|
||||
aes128-ctr,aes192-ctr,aes256-ctr,
|
||||
aes128-gcm@openssh.com,aes256-gcm@openssh.com,
|
||||
chacha20-poly1305@openssh.com
|
||||
aes128-gcm@openssh.com,aes256-gcm@openssh.com
|
||||
.Ed
|
||||
.Pp
|
||||
The list of available ciphers may also be obtained using the
|
||||
@ -1546,7 +1546,7 @@ If this option is set to
|
||||
.Pa ~/.ssh/known_hosts
|
||||
.Cm from
|
||||
and
|
||||
.Xr sshd_config 5
|
||||
.Nm
|
||||
.Cm Match
|
||||
.Cm Host
|
||||
directives.
|
||||
@ -1614,7 +1614,7 @@ restrictions.
|
||||
Optionally specifies additional text to append to the SSH protocol banner
|
||||
sent by the server upon connection.
|
||||
The default is
|
||||
.Dq FreeBSD-20160119 .
|
||||
.Dq FreeBSD-20160121 .
|
||||
The value
|
||||
.Dq none
|
||||
may be used to disable this.
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: sshkey.c,v 1.20 2015/07/03 03:43:18 djm Exp $ */
|
||||
/* $OpenBSD: sshkey.c,v 1.21 2015/08/19 23:19:01 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
||||
* Copyright (c) 2008 Alexander von Gernler. All rights reserved.
|
||||
@ -1556,7 +1556,6 @@ dsa_generate_private_key(u_int bits, DSA **dsap)
|
||||
*dsap = NULL;
|
||||
if (!DSA_generate_parameters_ex(private, bits, NULL, 0, NULL,
|
||||
NULL, NULL) || !DSA_generate_key(private)) {
|
||||
DSA_free(private);
|
||||
ret = SSH_ERR_LIBCRYPTO_ERROR;
|
||||
goto out;
|
||||
}
|
||||
|
@ -1,12 +1,12 @@
|
||||
/* $OpenBSD: version.h,v 1.74 2015/08/02 09:56:42 djm Exp $ */
|
||||
/* $OpenBSD: version.h,v 1.75 2015/08/21 03:45:26 djm Exp $ */
|
||||
/* $FreeBSD$ */
|
||||
|
||||
#define SSH_VERSION "OpenSSH_7.0"
|
||||
#define SSH_VERSION "OpenSSH_7.1"
|
||||
|
||||
#define SSH_PORTABLE "p1"
|
||||
#define SSH_PORTABLE "p2"
|
||||
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
|
||||
|
||||
#define SSH_VERSION_FREEBSD "FreeBSD-20160119"
|
||||
#define SSH_VERSION_FREEBSD "FreeBSD-20160121"
|
||||
|
||||
#ifdef WITH_OPENSSL
|
||||
#define OPENSSL_VERSION SSLeay_version(SSLEAY_VERSION)
|
||||
|
Loading…
Reference in New Issue
Block a user