From 6cf9b8e61b92a5c4df9d329929d111f5810a3b3a Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Jan 03 2017 13:31:20 +0000 Subject: rebase to openssh-7.4p1-1 * Drop unaccepted (unapplying) coverity patches * Drop server support for SSH1 (server) * Workaround #2641 for systemd * UseLogin is gone * Drop upstream commit 28652bca * Tighten seccomp filter (cache credentials before entering sandbox) (#1395288) --- diff --git a/.gitignore b/.gitignore index e1ed509..4b56bc0 100644 --- a/.gitignore +++ b/.gitignore @@ -23,3 +23,4 @@ pam_ssh_agent_auth-0.9.2.tar.bz2 /openssh-7.2p1.tar.gz /openssh-7.2p2.tar.gz /openssh-7.3p1.tar.gz +/openssh-7.4p1.tar.gz diff --git a/openssh-4.3p2-askpass-grab-info.patch b/openssh-4.3p2-askpass-grab-info.patch index e9dc835..e9a0b0d 100644 --- a/openssh-4.3p2-askpass-grab-info.patch +++ b/openssh-4.3p2-askpass-grab-info.patch @@ -1,7 +1,8 @@ ---- openssh-4.3p2/contrib/gnome-ssh-askpass2.c.grab-info 2006-07-17 15:10:11.000000000 +0200 -+++ openssh-4.3p2/contrib/gnome-ssh-askpass2.c 2006-07-17 15:25:04.000000000 +0200 -@@ -65,9 +65,12 @@ - err = gtk_message_dialog_new(NULL, 0, +diff -up openssh-7.4p1/contrib/gnome-ssh-askpass2.c.grab-info openssh-7.4p1/contrib/gnome-ssh-askpass2.c +--- openssh-7.4p1/contrib/gnome-ssh-askpass2.c.grab-info 2016-12-23 13:31:22.645213115 +0100 ++++ openssh-7.4p1/contrib/gnome-ssh-askpass2.c 2016-12-23 13:31:40.997216691 +0100 +@@ -65,9 +65,12 @@ report_failed_grab (GtkWidget *parent_wi + err = gtk_message_dialog_new(GTK_WINDOW(parent_window), 0, GTK_MESSAGE_ERROR, GTK_BUTTONS_CLOSE, - "Could not grab %s. " @@ -14,5 +15,5 @@ + "Either close the application which grabs the %s or " + "log out and log in again to prevent this from happening.", what, what); gtk_window_set_position(GTK_WINDOW(err), GTK_WIN_POS_CENTER); - gtk_label_set_line_wrap(GTK_LABEL((GTK_MESSAGE_DIALOG(err))->label), - TRUE); + + gtk_dialog_run(GTK_DIALOG(err)); diff --git a/openssh-5.1p1-askpass-progress.patch b/openssh-5.1p1-askpass-progress.patch index ec93b87..6601fbf 100644 --- a/openssh-5.1p1-askpass-progress.patch +++ b/openssh-5.1p1-askpass-progress.patch @@ -1,6 +1,6 @@ -diff -up openssh-5.1p1/contrib/gnome-ssh-askpass2.c.progress openssh-5.1p1/contrib/gnome-ssh-askpass2.c ---- openssh-5.1p1/contrib/gnome-ssh-askpass2.c.progress 2008-07-23 19:05:26.000000000 +0200 -+++ openssh-5.1p1/contrib/gnome-ssh-askpass2.c 2008-07-23 19:05:26.000000000 +0200 +diff -up openssh-7.4p1/contrib/gnome-ssh-askpass2.c.progress openssh-7.4p1/contrib/gnome-ssh-askpass2.c +--- openssh-7.4p1/contrib/gnome-ssh-askpass2.c.progress 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/contrib/gnome-ssh-askpass2.c 2016-12-23 13:31:16.545211926 +0100 @@ -53,6 +53,7 @@ #include #include @@ -9,7 +9,7 @@ diff -up openssh-5.1p1/contrib/gnome-ssh-askpass2.c.progress openssh-5.1p1/contr #include #include -@@ -83,13 +84,24 @@ ok_dialog(GtkWidget *entry, gpointer dia +@@ -81,13 +82,24 @@ ok_dialog(GtkWidget *entry, gpointer dia gtk_dialog_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK); } @@ -30,12 +30,12 @@ diff -up openssh-5.1p1/contrib/gnome-ssh-askpass2.c.progress openssh-5.1p1/contr const char *failed; char *passphrase, *local; int result, grab_tries, grab_server, grab_pointer; -- GtkWidget *dialog, *entry; -+ GtkWidget *dialog, *entry, *progress, *hbox; +- GtkWidget *parent_window, *dialog, *entry; ++ GtkWidget *parent_window, *dialog, *entry, *progress, *hbox; GdkGrabStatus status; grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL); -@@ -102,13 +114,31 @@ passphrase_dialog(char *message) +@@ -104,14 +116,32 @@ passphrase_dialog(char *message) "%s", message); @@ -45,9 +45,11 @@ diff -up openssh-5.1p1/contrib/gnome-ssh-askpass2.c.progress openssh-5.1p1/contr + gtk_widget_show(hbox); + entry = gtk_entry_new(); -- gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), entry, FALSE, -+ gtk_box_pack_start(GTK_BOX(hbox), entry, TRUE, - FALSE, 0); + gtk_box_pack_start( +- GTK_BOX(gtk_dialog_get_content_area(GTK_DIALOG(dialog))), entry, +- FALSE, FALSE, 0); ++ GTK_BOX(hbox), entry, ++ TRUE, FALSE, 0); + gtk_entry_set_width_chars(GTK_ENTRY(entry), 2); gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE); gtk_widget_grab_focus(entry); @@ -68,7 +70,7 @@ diff -up openssh-5.1p1/contrib/gnome-ssh-askpass2.c.progress openssh-5.1p1/contr gtk_window_set_title(GTK_WINDOW(dialog), "OpenSSH"); gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER); gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE); -@@ -119,6 +149,8 @@ passphrase_dialog(char *message) +@@ -120,6 +150,8 @@ passphrase_dialog(char *message) gtk_dialog_set_default_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK); g_signal_connect(G_OBJECT(entry), "activate", G_CALLBACK(ok_dialog), dialog); diff --git a/openssh-6.2p1-vendor.patch b/openssh-6.2p1-vendor.patch index 55353c2..2d946eb 100644 --- a/openssh-6.2p1-vendor.patch +++ b/openssh-6.2p1-vendor.patch @@ -1,7 +1,7 @@ -diff -up openssh-7.0p1/configure.ac.vendor openssh-7.0p1/configure.ac ---- openssh-7.0p1/configure.ac.vendor 2015-08-12 11:14:54.102628399 +0200 -+++ openssh-7.0p1/configure.ac 2015-08-12 11:14:54.129628356 +0200 -@@ -4776,6 +4776,12 @@ AC_ARG_WITH([lastlog], +diff -up openssh-7.4p1/configure.ac.vendor openssh-7.4p1/configure.ac +--- openssh-7.4p1/configure.ac.vendor 2016-12-23 13:34:51.681253844 +0100 ++++ openssh-7.4p1/configure.ac 2016-12-23 13:34:51.694253847 +0100 +@@ -4930,6 +4930,12 @@ AC_ARG_WITH([lastlog], fi ] ) @@ -14,7 +14,7 @@ diff -up openssh-7.0p1/configure.ac.vendor openssh-7.0p1/configure.ac dnl lastlog, [uw]tmpx? detection dnl NOTE: set the paths in the platform section to avoid the -@@ -5038,6 +5044,7 @@ echo " Translate v4 in v6 hack +@@ -5194,6 +5200,7 @@ echo " Translate v4 in v6 hack echo " BSD Auth support: $BSD_AUTH_MSG" echo " Random number source: $RAND_MSG" echo " Privsep sandbox style: $SANDBOX_STYLE" @@ -22,10 +22,10 @@ diff -up openssh-7.0p1/configure.ac.vendor openssh-7.0p1/configure.ac echo "" -diff -up openssh-7.0p1/servconf.c.vendor openssh-7.0p1/servconf.c ---- openssh-7.0p1/servconf.c.vendor 2015-08-11 10:57:29.000000000 +0200 -+++ openssh-7.0p1/servconf.c 2015-08-12 11:15:33.201565712 +0200 -@@ -149,6 +149,7 @@ initialize_server_options(ServerOptions +diff -up openssh-7.4p1/servconf.c.vendor openssh-7.4p1/servconf.c +--- openssh-7.4p1/servconf.c.vendor 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/servconf.c 2016-12-23 13:36:07.555268628 +0100 +@@ -143,6 +143,7 @@ initialize_server_options(ServerOptions options->max_authtries = -1; options->max_sessions = -1; options->banner = NULL; @@ -33,7 +33,7 @@ diff -up openssh-7.0p1/servconf.c.vendor openssh-7.0p1/servconf.c options->use_dns = -1; options->client_alive_interval = -1; options->client_alive_count_max = -1; -@@ -335,6 +336,8 @@ fill_default_server_options(ServerOption +@@ -325,6 +326,8 @@ fill_default_server_options(ServerOption options->ip_qos_bulk = IPTOS_THROUGHPUT; if (options->version_addendum == NULL) options->version_addendum = xstrdup(""); @@ -42,8 +42,8 @@ diff -up openssh-7.0p1/servconf.c.vendor openssh-7.0p1/servconf.c if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1) options->fwd_opts.streamlocal_bind_mask = 0177; if (options->fwd_opts.streamlocal_bind_unlink == -1) -@@ -407,7 +410,7 @@ typedef enum { - sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, +@@ -402,7 +405,7 @@ typedef enum { + sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile, sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedKeyTypes, sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions, - sBanner, sUseDNS, sHostbasedAuthentication, @@ -51,7 +51,7 @@ diff -up openssh-7.0p1/servconf.c.vendor openssh-7.0p1/servconf.c sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes, sHostKeyAlgorithms, sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, -@@ -529,6 +532,7 @@ static struct { +@@ -528,6 +531,7 @@ static struct { { "maxauthtries", sMaxAuthTries, SSHCFG_ALL }, { "maxsessions", sMaxSessions, SSHCFG_ALL }, { "banner", sBanner, SSHCFG_ALL }, @@ -59,7 +59,7 @@ diff -up openssh-7.0p1/servconf.c.vendor openssh-7.0p1/servconf.c { "usedns", sUseDNS, SSHCFG_GLOBAL }, { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL }, { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, -@@ -1389,6 +1393,10 @@ process_server_config_line(ServerOptions +@@ -1369,6 +1373,10 @@ process_server_config_line(ServerOptions multistate_ptr = multistate_privsep; goto parse_multistate; @@ -70,18 +70,18 @@ diff -up openssh-7.0p1/servconf.c.vendor openssh-7.0p1/servconf.c case sAllowUsers: while ((arg = strdelim(&cp)) && *arg != '\0') { if (options->num_allow_users >= MAX_ALLOW_USERS) -@@ -2266,6 +2274,7 @@ dump_config(ServerOptions *o) - dump_cfg_fmtint(sUseLogin, o->use_login); +@@ -2269,6 +2277,7 @@ dump_config(ServerOptions *o) + dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); dump_cfg_fmtint(sCompression, o->compression); dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports); + dump_cfg_fmtint(sShowPatchLevel, o->show_patchlevel); dump_cfg_fmtint(sUseDNS, o->use_dns); dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding); -diff -up openssh-7.0p1/servconf.h.vendor openssh-7.0p1/servconf.h ---- openssh-7.0p1/servconf.h.vendor 2015-08-11 10:57:29.000000000 +0200 -+++ openssh-7.0p1/servconf.h 2015-08-12 11:14:54.130628355 +0200 -@@ -155,6 +155,7 @@ typedef struct { +diff -up openssh-7.4p1/servconf.h.vendor openssh-7.4p1/servconf.h +--- openssh-7.4p1/servconf.h.vendor 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/servconf.h 2016-12-23 13:34:51.694253847 +0100 +@@ -149,6 +149,7 @@ typedef struct { int max_authtries; int max_sessions; char *banner; /* SSH-2 banner message */ @@ -89,12 +89,12 @@ diff -up openssh-7.0p1/servconf.h.vendor openssh-7.0p1/servconf.h int use_dns; int client_alive_interval; /* * poke the client this often to -diff -up openssh-7.0p1/sshd_config.0.vendor openssh-7.0p1/sshd_config.0 ---- openssh-7.0p1/sshd_config.0.vendor 2015-08-12 11:14:54.125628363 +0200 -+++ openssh-7.0p1/sshd_config.0 2015-08-12 11:14:54.130628355 +0200 -@@ -841,6 +841,11 @@ DESCRIPTION - Defines the number of bits in the ephemeral protocol version 1 - server key. The default and minimum value is 1024. +diff -up openssh-7.4p1/sshd_config.0.vendor openssh-7.4p1/sshd_config.0 +--- openssh-7.4p1/sshd_config.0.vendor 2016-12-23 13:34:51.695253847 +0100 ++++ openssh-7.4p1/sshd_config.0 2016-12-23 13:36:53.146277511 +0100 +@@ -792,6 +792,11 @@ DESCRIPTION + ssh-keygen(1). For more information on KRLs, see the KEY + REVOCATION LISTS section in ssh-keygen(1). + ShowPatchLevel + Specifies whether sshd will display the specific patch level of @@ -104,13 +104,13 @@ diff -up openssh-7.0p1/sshd_config.0.vendor openssh-7.0p1/sshd_config.0 StreamLocalBindMask Sets the octal file creation mode mask (umask) used when creating a Unix-domain socket file for local or remote port forwarding. -diff -up openssh-7.0p1/sshd_config.5.vendor openssh-7.0p1/sshd_config.5 ---- openssh-7.0p1/sshd_config.5.vendor 2015-08-12 11:14:54.125628363 +0200 -+++ openssh-7.0p1/sshd_config.5 2015-08-12 11:14:54.131628353 +0200 -@@ -1411,6 +1411,13 @@ This option applies to protocol version - .It Cm ServerKeyBits - Defines the number of bits in the ephemeral protocol version 1 server key. - The default and minimum value is 1024. +diff -up openssh-7.4p1/sshd_config.5.vendor openssh-7.4p1/sshd_config.5 +--- openssh-7.4p1/sshd_config.5.vendor 2016-12-23 13:34:51.695253847 +0100 ++++ openssh-7.4p1/sshd_config.5 2016-12-23 13:37:17.482282253 +0100 +@@ -1334,6 +1334,13 @@ an OpenSSH Key Revocation List (KRL) as + .Xr ssh-keygen 1 . + For more information on KRLs, see the KEY REVOCATION LISTS section in + .Xr ssh-keygen 1 . +.It Cm ShowPatchLevel +Specifies whether +.Nm sshd @@ -121,10 +121,10 @@ diff -up openssh-7.0p1/sshd_config.5.vendor openssh-7.0p1/sshd_config.5 .It Cm StreamLocalBindMask Sets the octal file creation mode mask .Pq umask -diff -up openssh-7.0p1/sshd_config.vendor openssh-7.0p1/sshd_config ---- openssh-7.0p1/sshd_config.vendor 2015-08-12 11:14:54.125628363 +0200 -+++ openssh-7.0p1/sshd_config 2015-08-12 11:14:54.131628353 +0200 -@@ -119,6 +119,7 @@ UsePrivilegeSeparation sandbox # Defaul +diff -up openssh-7.4p1/sshd_config.vendor openssh-7.4p1/sshd_config +--- openssh-7.4p1/sshd_config.vendor 2016-12-23 13:34:51.690253846 +0100 ++++ openssh-7.4p1/sshd_config 2016-12-23 13:34:51.695253847 +0100 +@@ -105,6 +105,7 @@ X11Forwarding yes #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 @@ -132,19 +132,20 @@ diff -up openssh-7.0p1/sshd_config.vendor openssh-7.0p1/sshd_config #UseDNS no #PidFile /var/run/sshd.pid #MaxStartups 10:30:100 -diff -up openssh-7.0p1/sshd.c.vendor openssh-7.0p1/sshd.c ---- openssh-7.0p1/sshd.c.vendor 2015-08-12 11:14:54.100628403 +0200 -+++ openssh-7.0p1/sshd.c 2015-08-12 11:14:54.131628353 +0200 -@@ -432,7 +432,7 @@ sshd_exchange_identification(int sock_in - } +diff -up openssh-7.4p1/sshd.c.vendor openssh-7.4p1/sshd.c +--- openssh-7.4p1/sshd.c.vendor 2016-12-23 13:34:51.682253844 +0100 ++++ openssh-7.4p1/sshd.c 2016-12-23 13:38:32.434296856 +0100 +@@ -367,7 +367,8 @@ sshd_exchange_identification(struct ssh + char remote_version[256]; /* Must be at least as big as buf. */ xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", -- major, minor, SSH_VERSION, -+ major, minor, (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_VERSION, +- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, ++ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, ++ (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_VERSION, *options.version_addendum == '\0' ? "" : " ", options.version_addendum, newline); -@@ -1749,7 +1749,8 @@ main(int ac, char **av) +@@ -1650,7 +1651,8 @@ main(int ac, char **av) exit(1); } diff --git a/openssh-6.6.1p1-log-in-chroot.patch b/openssh-6.6.1p1-log-in-chroot.patch index 46d8382..f36d83f 100644 --- a/openssh-6.6.1p1-log-in-chroot.patch +++ b/openssh-6.6.1p1-log-in-chroot.patch @@ -1,7 +1,7 @@ -diff -up openssh-6.8p1/log.c.log-in-chroot openssh-6.8p1/log.c ---- openssh-6.8p1/log.c.log-in-chroot 2015-03-17 06:49:20.000000000 +0100 -+++ openssh-6.8p1/log.c 2015-03-18 12:59:29.694022313 +0100 -@@ -241,6 +241,11 @@ debug3(const char *fmt,...) +diff -up openssh-7.4p1/log.c.log-in-chroot openssh-7.4p1/log.c +--- openssh-7.4p1/log.c.log-in-chroot 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/log.c 2016-12-23 15:14:33.330168088 +0100 +@@ -250,6 +250,11 @@ debug3(const char *fmt,...) void log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr) { @@ -13,7 +13,7 @@ diff -up openssh-6.8p1/log.c.log-in-chroot openssh-6.8p1/log.c #if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) struct syslog_data sdata = SYSLOG_DATA_INIT; #endif -@@ -264,8 +269,10 @@ log_init(char *av0, LogLevel level, Sysl +@@ -273,8 +278,10 @@ log_init(char *av0, LogLevel level, Sysl exit(1); } @@ -26,9 +26,9 @@ diff -up openssh-6.8p1/log.c.log-in-chroot openssh-6.8p1/log.c log_on_stderr = on_stderr; if (on_stderr) -diff -up openssh-6.8p1/log.h.log-in-chroot openssh-6.8p1/log.h ---- openssh-6.8p1/log.h.log-in-chroot 2015-03-17 06:49:20.000000000 +0100 -+++ openssh-6.8p1/log.h 2015-03-18 12:59:29.694022313 +0100 +diff -up openssh-7.4p1/log.h.log-in-chroot openssh-7.4p1/log.h +--- openssh-7.4p1/log.h.log-in-chroot 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/log.h 2016-12-23 15:14:33.330168088 +0100 @@ -49,6 +49,7 @@ typedef enum { typedef void (log_handler_fn)(LogLevel, const char *, void *); @@ -37,10 +37,10 @@ diff -up openssh-6.8p1/log.h.log-in-chroot openssh-6.8p1/log.h void log_change_level(LogLevel); int log_is_on_stderr(void); void log_redirect_stderr_to(const char *); -diff -up openssh-6.8p1/monitor.c.log-in-chroot openssh-6.8p1/monitor.c ---- openssh-6.8p1/monitor.c.log-in-chroot 2015-03-18 12:59:29.669022374 +0100 -+++ openssh-6.8p1/monitor.c 2015-03-18 13:01:52.894671198 +0100 -@@ -357,6 +357,8 @@ monitor_child_preauth(Authctxt *_authctx +diff -up openssh-7.4p1/monitor.c.log-in-chroot openssh-7.4p1/monitor.c +--- openssh-7.4p1/monitor.c.log-in-chroot 2016-12-23 15:14:33.311168085 +0100 ++++ openssh-7.4p1/monitor.c 2016-12-23 15:16:42.154193100 +0100 +@@ -307,6 +307,8 @@ monitor_child_preauth(Authctxt *_authctx close(pmonitor->m_log_sendfd); pmonitor->m_log_sendfd = pmonitor->m_recvfd = -1; @@ -49,7 +49,7 @@ diff -up openssh-6.8p1/monitor.c.log-in-chroot openssh-6.8p1/monitor.c authctxt = _authctxt; memset(authctxt, 0, sizeof(*authctxt)); -@@ -465,6 +467,8 @@ monitor_child_postauth(struct monitor *p +@@ -405,6 +407,8 @@ monitor_child_postauth(struct monitor *p close(pmonitor->m_recvfd); pmonitor->m_recvfd = -1; @@ -58,7 +58,7 @@ diff -up openssh-6.8p1/monitor.c.log-in-chroot openssh-6.8p1/monitor.c monitor_set_child_handler(pmonitor->m_pid); signal(SIGHUP, &monitor_child_handler); signal(SIGTERM, &monitor_child_handler); -@@ -566,7 +570,7 @@ monitor_read_log(struct monitor *pmonito +@@ -472,7 +476,7 @@ monitor_read_log(struct monitor *pmonito if (log_level_name(level) == NULL) fatal("%s: invalid log level %u (corrupted message?)", __func__, level); @@ -67,9 +67,9 @@ diff -up openssh-6.8p1/monitor.c.log-in-chroot openssh-6.8p1/monitor.c buffer_free(&logmsg); free(msg); -@@ -1998,13 +2002,28 @@ monitor_init(void) - (ssh_packet_comp_free_func *)mm_zfree); - } +@@ -1719,13 +1723,28 @@ monitor_init(void) + mon = xcalloc(1, sizeof(*mon)); + monitor_openfds(mon, 1); + mon->m_state = ""; + @@ -98,11 +98,11 @@ diff -up openssh-6.8p1/monitor.c.log-in-chroot openssh-6.8p1/monitor.c } #ifdef GSSAPI -diff -up openssh-6.8p1/monitor.h.log-in-chroot openssh-6.8p1/monitor.h ---- openssh-6.8p1/monitor.h.log-in-chroot 2015-03-18 12:59:29.695022310 +0100 -+++ openssh-6.8p1/monitor.h 2015-03-18 13:02:56.926514197 +0100 +diff -up openssh-7.4p1/monitor.h.log-in-chroot openssh-7.4p1/monitor.h +--- openssh-7.4p1/monitor.h.log-in-chroot 2016-12-23 15:14:33.330168088 +0100 ++++ openssh-7.4p1/monitor.h 2016-12-23 15:16:28.372190424 +0100 @@ -83,10 +83,11 @@ struct monitor { - struct mm_master *m_zlib; + int m_log_sendfd; struct kex **m_pkex; pid_t m_pid; + char *m_state; @@ -111,13 +111,13 @@ diff -up openssh-6.8p1/monitor.h.log-in-chroot openssh-6.8p1/monitor.h struct monitor *monitor_init(void); -void monitor_reinit(struct monitor *); +void monitor_reinit(struct monitor *, const char *); - void monitor_sync(struct monitor *); struct Authctxt; -diff -up openssh-6.8p1/session.c.log-in-chroot openssh-6.8p1/session.c ---- openssh-6.8p1/session.c.log-in-chroot 2015-03-18 12:59:29.675022359 +0100 -+++ openssh-6.8p1/session.c 2015-03-18 12:59:29.696022308 +0100 -@@ -161,6 +161,7 @@ login_cap_t *lc; + void monitor_child_preauth(struct Authctxt *, struct monitor *); +diff -up openssh-7.4p1/session.c.log-in-chroot openssh-7.4p1/session.c +--- openssh-7.4p1/session.c.log-in-chroot 2016-12-23 15:14:33.319168086 +0100 ++++ openssh-7.4p1/session.c 2016-12-23 15:18:18.742211853 +0100 +@@ -160,6 +160,7 @@ login_cap_t *lc; static int is_child = 0; static int in_chroot = 0; @@ -125,7 +125,7 @@ diff -up openssh-6.8p1/session.c.log-in-chroot openssh-6.8p1/session.c /* Name and directory of socket for authentication agent forwarding. */ static char *auth_sock_name = NULL; -@@ -506,8 +508,8 @@ do_exec_no_pty(Session *s, const char *c +@@ -365,8 +366,8 @@ do_exec_no_pty(Session *s, const char *c is_child = 1; /* Child. Reinitialize the log since the pid has changed. */ @@ -136,7 +136,7 @@ diff -up openssh-6.8p1/session.c.log-in-chroot openssh-6.8p1/session.c /* * Create a new session and process group since the 4.4BSD -@@ -675,8 +677,8 @@ do_exec_pty(Session *s, const char *comm +@@ -523,8 +524,8 @@ do_exec_pty(Session *s, const char *comm close(ptymaster); /* Child. Reinitialize the log because the pid has changed. */ @@ -147,7 +147,7 @@ diff -up openssh-6.8p1/session.c.log-in-chroot openssh-6.8p1/session.c /* Close the master side of the pseudo tty. */ close(ptyfd); -@@ -780,6 +782,7 @@ do_exec(Session *s, const char *command) +@@ -619,6 +620,7 @@ do_exec(Session *s, const char *command) int ret; const char *forced = NULL, *tty = NULL; char session_type[1024]; @@ -155,7 +155,7 @@ diff -up openssh-6.8p1/session.c.log-in-chroot openssh-6.8p1/session.c if (options.adm_forced_command) { original_command = command; -@@ -837,6 +840,10 @@ do_exec(Session *s, const char *command) +@@ -676,6 +678,10 @@ do_exec(Session *s, const char *command) tty += 5; } @@ -166,7 +166,7 @@ diff -up openssh-6.8p1/session.c.log-in-chroot openssh-6.8p1/session.c verbose("Starting session: %s%s%s for %s from %.200s port %d id %d", session_type, tty == NULL ? "" : " on ", -@@ -1678,14 +1685,6 @@ child_close_fds(void) +@@ -1486,14 +1492,6 @@ child_close_fds(void) * descriptors left by system functions. They will be closed later. */ endpwent(); @@ -181,16 +181,16 @@ diff -up openssh-6.8p1/session.c.log-in-chroot openssh-6.8p1/session.c } /* -@@ -1831,8 +1830,6 @@ do_child(Session *s, const char *command +@@ -1629,8 +1627,6 @@ do_child(Session *s, const char *command exit(1); } - closefrom(STDERR_FILENO + 1); - - if (!options.use_login) - do_rc_files(s, shell); + do_rc_files(s, shell); -@@ -1856,9 +1853,17 @@ do_child(Session *s, const char *command + /* restore SIGPIPE for child */ +@@ -1653,9 +1649,17 @@ do_child(Session *s, const char *command argv[i] = NULL; optind = optreset = 1; __progname = argv[0]; @@ -208,21 +208,21 @@ diff -up openssh-6.8p1/session.c.log-in-chroot openssh-6.8p1/session.c + fflush(NULL); - if (options.use_login) { -diff -up openssh-6.8p1/sftp-server-main.c.log-in-chroot openssh-6.8p1/sftp-server-main.c ---- openssh-6.8p1/sftp-server-main.c.log-in-chroot 2015-03-17 06:49:20.000000000 +0100 -+++ openssh-6.8p1/sftp-server-main.c 2015-03-18 12:59:29.696022308 +0100 -@@ -47,5 +47,5 @@ main(int argc, char **argv) - return 1; - } + /* Get the last component of the shell name. */ +diff -up openssh-7.4p1/sftp.h.log-in-chroot openssh-7.4p1/sftp.h +--- openssh-7.4p1/sftp.h.log-in-chroot 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/sftp.h 2016-12-23 15:14:33.331168088 +0100 +@@ -97,5 +97,5 @@ -- return (sftp_server_main(argc, argv, user_pw)); -+ return (sftp_server_main(argc, argv, user_pw, 0)); - } -diff -up openssh-6.8p1/sftp-server.c.log-in-chroot openssh-6.8p1/sftp-server.c ---- openssh-6.8p1/sftp-server.c.log-in-chroot 2015-03-17 06:49:20.000000000 +0100 -+++ openssh-6.8p1/sftp-server.c 2015-03-18 13:03:52.510377911 +0100 -@@ -1502,7 +1502,7 @@ sftp_server_usage(void) + struct passwd; + +-int sftp_server_main(int, char **, struct passwd *); ++int sftp_server_main(int, char **, struct passwd *, int); + void sftp_server_cleanup_exit(int) __attribute__((noreturn)); +diff -up openssh-7.4p1/sftp-server.c.log-in-chroot openssh-7.4p1/sftp-server.c +--- openssh-7.4p1/sftp-server.c.log-in-chroot 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/sftp-server.c 2016-12-23 15:14:33.331168088 +0100 +@@ -1497,7 +1497,7 @@ sftp_server_usage(void) } int @@ -231,7 +231,7 @@ diff -up openssh-6.8p1/sftp-server.c.log-in-chroot openssh-6.8p1/sftp-server.c { fd_set *rset, *wset; int i, r, in, out, max, ch, skipargs = 0, log_stderr = 0; -@@ -1515,7 +1515,7 @@ sftp_server_main(int argc, char **argv, +@@ -1511,7 +1511,7 @@ sftp_server_main(int argc, char **argv, ssh_malloc_init(); /* must be called before any mallocs */ __progname = ssh_get_progname(argv[0]); @@ -240,7 +240,7 @@ diff -up openssh-6.8p1/sftp-server.c.log-in-chroot openssh-6.8p1/sftp-server.c pw = pwcopy(user_pw); -@@ -1586,7 +1586,7 @@ sftp_server_main(int argc, char **argv, +@@ -1582,7 +1582,7 @@ sftp_server_main(int argc, char **argv, } } @@ -249,20 +249,20 @@ diff -up openssh-6.8p1/sftp-server.c.log-in-chroot openssh-6.8p1/sftp-server.c /* * On platforms where we can, avoid making /proc/self/{mem,maps} -diff -up openssh-6.8p1/sftp.h.log-in-chroot openssh-6.8p1/sftp.h ---- openssh-6.8p1/sftp.h.log-in-chroot 2015-03-17 06:49:20.000000000 +0100 -+++ openssh-6.8p1/sftp.h 2015-03-18 12:59:29.696022308 +0100 -@@ -97,5 +97,5 @@ - - struct passwd; +diff -up openssh-7.4p1/sftp-server-main.c.log-in-chroot openssh-7.4p1/sftp-server-main.c +--- openssh-7.4p1/sftp-server-main.c.log-in-chroot 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/sftp-server-main.c 2016-12-23 15:14:33.331168088 +0100 +@@ -49,5 +49,5 @@ main(int argc, char **argv) + return 1; + } --int sftp_server_main(int, char **, struct passwd *); -+int sftp_server_main(int, char **, struct passwd *, int); - void sftp_server_cleanup_exit(int) __attribute__((noreturn)); -diff -up openssh-6.8p1/sshd.c.log-in-chroot openssh-6.8p1/sshd.c ---- openssh-6.8p1/sshd.c.log-in-chroot 2015-03-18 12:59:29.691022320 +0100 -+++ openssh-6.8p1/sshd.c 2015-03-18 12:59:29.697022305 +0100 -@@ -744,7 +744,7 @@ privsep_postauth(Authctxt *authctxt) +- return (sftp_server_main(argc, argv, user_pw)); ++ return (sftp_server_main(argc, argv, user_pw, 0)); + } +diff -up openssh-7.4p1/sshd.c.log-in-chroot openssh-7.4p1/sshd.c +--- openssh-7.4p1/sshd.c.log-in-chroot 2016-12-23 15:14:33.328168088 +0100 ++++ openssh-7.4p1/sshd.c 2016-12-23 15:14:33.332168088 +0100 +@@ -650,7 +650,7 @@ privsep_postauth(Authctxt *authctxt) } /* New socket pair */ @@ -271,7 +271,7 @@ diff -up openssh-6.8p1/sshd.c.log-in-chroot openssh-6.8p1/sshd.c pmonitor->m_pid = fork(); if (pmonitor->m_pid == -1) -@@ -762,6 +762,11 @@ privsep_postauth(Authctxt *authctxt) +@@ -668,6 +668,11 @@ privsep_postauth(Authctxt *authctxt) close(pmonitor->m_sendfd); pmonitor->m_sendfd = -1; diff --git a/openssh-6.6p1-GSSAPIEnablek5users.patch b/openssh-6.6p1-GSSAPIEnablek5users.patch index 16333c3..069b36d 100644 --- a/openssh-6.6p1-GSSAPIEnablek5users.patch +++ b/openssh-6.6p1-GSSAPIEnablek5users.patch @@ -1,7 +1,7 @@ -diff -up openssh-7.0p1/gss-serv-krb5.c.GSSAPIEnablek5users openssh-7.0p1/gss-serv-krb5.c ---- openssh-7.0p1/gss-serv-krb5.c.GSSAPIEnablek5users 2015-08-12 11:27:44.022407951 +0200 -+++ openssh-7.0p1/gss-serv-krb5.c 2015-08-12 11:27:44.047407912 +0200 -@@ -260,7 +260,6 @@ ssh_gssapi_krb5_cmdok(krb5_principal pri +diff -up openssh-7.4p1/gss-serv-krb5.c.GSSAPIEnablek5users openssh-7.4p1/gss-serv-krb5.c +--- openssh-7.4p1/gss-serv-krb5.c.GSSAPIEnablek5users 2016-12-23 15:18:40.615216100 +0100 ++++ openssh-7.4p1/gss-serv-krb5.c 2016-12-23 15:18:40.628216102 +0100 +@@ -279,7 +279,6 @@ ssh_gssapi_krb5_cmdok(krb5_principal pri FILE *fp; char file[MAXPATHLEN]; char line[BUFSIZ] = ""; @@ -9,7 +9,7 @@ diff -up openssh-7.0p1/gss-serv-krb5.c.GSSAPIEnablek5users openssh-7.0p1/gss-ser struct stat st; struct passwd *pw = the_authctxt->pw; int found_principal = 0; -@@ -269,7 +268,7 @@ ssh_gssapi_krb5_cmdok(krb5_principal pri +@@ -288,7 +287,7 @@ ssh_gssapi_krb5_cmdok(krb5_principal pri snprintf(file, sizeof(file), "%s/.k5users", pw->pw_dir); /* If both .k5login and .k5users DNE, self-login is ok. */ @@ -18,27 +18,27 @@ diff -up openssh-7.0p1/gss-serv-krb5.c.GSSAPIEnablek5users openssh-7.0p1/gss-ser return ssh_krb5_kuserok(krb_context, principal, luser, k5login_exists); } -diff -up openssh-7.0p1/servconf.c.GSSAPIEnablek5users openssh-7.0p1/servconf.c ---- openssh-7.0p1/servconf.c.GSSAPIEnablek5users 2015-08-12 11:27:44.036407930 +0200 -+++ openssh-7.0p1/servconf.c 2015-08-12 11:28:49.087306430 +0200 -@@ -173,6 +173,7 @@ initialize_server_options(ServerOptions - options->version_addendum = NULL; +diff -up openssh-7.4p1/servconf.c.GSSAPIEnablek5users openssh-7.4p1/servconf.c +--- openssh-7.4p1/servconf.c.GSSAPIEnablek5users 2016-12-23 15:18:40.615216100 +0100 ++++ openssh-7.4p1/servconf.c 2016-12-23 15:35:36.354401156 +0100 +@@ -168,6 +168,7 @@ initialize_server_options(ServerOptions options->fingerprint_hash = -1; + options->disable_forwarding = -1; options->use_kuserok = -1; + options->enable_k5users = -1; } /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ -@@ -351,6 +352,8 @@ fill_default_server_options(ServerOption - options->fwd_opts.streamlocal_bind_unlink = 0; - if (options->fingerprint_hash == -1) - options->fingerprint_hash = SSH_FP_HASH_DEFAULT; -+ if (options->enable_k5users == -1) -+ options->enable_k5users = 0; +@@ -345,6 +346,8 @@ fill_default_server_options(ServerOption + options->disable_forwarding = 0; if (options->use_kuserok == -1) options->use_kuserok = 1; ++ if (options->enable_k5users == -1) ++ options->enable_k5users = 0; + + assemble_algorithms(options); -@@ -423,7 +426,7 @@ typedef enum { +@@ -418,7 +421,7 @@ typedef enum { sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes, sHostKeyAlgorithms, sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, @@ -47,7 +47,7 @@ diff -up openssh-7.0p1/servconf.c.GSSAPIEnablek5users openssh-7.0p1/servconf.c sGssKeyEx, sGssStoreRekey, sAcceptEnv, sPermitTunnel, sMatch, sPermitOpen, sForceCommand, sChrootDirectory, sUsePrivilegeSeparation, sAllowAgentForwarding, -@@ -502,12 +505,14 @@ static struct { +@@ -497,12 +500,14 @@ static struct { { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL }, { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL }, @@ -62,7 +62,7 @@ diff -up openssh-7.0p1/servconf.c.GSSAPIEnablek5users openssh-7.0p1/servconf.c #endif { "gssusesessionccache", sUnsupported, SSHCFG_GLOBAL }, { "gssapiusesessioncredcache", sUnsupported, SSHCFG_GLOBAL }, -@@ -1680,6 +1685,10 @@ process_server_config_line(ServerOptions +@@ -1653,6 +1658,10 @@ process_server_config_line(ServerOptions intptr = &options->use_kuserok; goto parse_flag; @@ -73,7 +73,7 @@ diff -up openssh-7.0p1/servconf.c.GSSAPIEnablek5users openssh-7.0p1/servconf.c case sPermitOpen: arg = strdelim(&cp); if (!arg || *arg == '\0') -@@ -2035,6 +2044,7 @@ copy_set_server_options(ServerOptions *d +@@ -2026,6 +2035,7 @@ copy_set_server_options(ServerOptions *d M_CP_INTOPT(ip_qos_interactive); M_CP_INTOPT(ip_qos_bulk); M_CP_INTOPT(use_kuserok); @@ -81,7 +81,7 @@ diff -up openssh-7.0p1/servconf.c.GSSAPIEnablek5users openssh-7.0p1/servconf.c M_CP_INTOPT(rekey_limit); M_CP_INTOPT(rekey_interval); -@@ -2317,6 +2327,7 @@ dump_config(ServerOptions *o) +@@ -2320,6 +2330,7 @@ dump_config(ServerOptions *o) dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); dump_cfg_fmtint(sKerberosUseKuserok, o->use_kuserok); @@ -89,10 +89,10 @@ diff -up openssh-7.0p1/servconf.c.GSSAPIEnablek5users openssh-7.0p1/servconf.c /* string arguments */ dump_cfg_string(sPidFile, o->pid_file); -diff -up openssh-7.0p1/servconf.h.GSSAPIEnablek5users openssh-7.0p1/servconf.h ---- openssh-7.0p1/servconf.h.GSSAPIEnablek5users 2015-08-12 11:27:44.022407951 +0200 -+++ openssh-7.0p1/servconf.h 2015-08-12 11:27:44.048407911 +0200 -@@ -180,7 +180,8 @@ typedef struct { +diff -up openssh-7.4p1/servconf.h.GSSAPIEnablek5users openssh-7.4p1/servconf.h +--- openssh-7.4p1/servconf.h.GSSAPIEnablek5users 2016-12-23 15:18:40.616216100 +0100 ++++ openssh-7.4p1/servconf.h 2016-12-23 15:18:40.629216102 +0100 +@@ -174,7 +174,8 @@ typedef struct { int num_permitted_opens; @@ -102,26 +102,26 @@ diff -up openssh-7.0p1/servconf.h.GSSAPIEnablek5users openssh-7.0p1/servconf.h char *chroot_directory; char *revoked_keys_file; char *trusted_user_ca_keys; -diff -up openssh-7.0p1/sshd_config.5.GSSAPIEnablek5users openssh-7.0p1/sshd_config.5 ---- openssh-7.0p1/sshd_config.5.GSSAPIEnablek5users 2015-08-12 11:27:44.023407950 +0200 -+++ openssh-7.0p1/sshd_config.5 2015-08-12 11:27:44.048407911 +0200 -@@ -633,6 +633,12 @@ on logout. +diff -up openssh-7.4p1/sshd_config.5.GSSAPIEnablek5users openssh-7.4p1/sshd_config.5 +--- openssh-7.4p1/sshd_config.5.GSSAPIEnablek5users 2016-12-23 15:18:40.630216103 +0100 ++++ openssh-7.4p1/sshd_config.5 2016-12-23 15:36:21.607408435 +0100 +@@ -628,6 +628,12 @@ Specifies whether to automatically destr on logout. The default is - .Dq yes . + .Cm yes . +.It Cm GSSAPIEnablek5users +Specifies whether to look at .k5users file for GSSAPI authentication +access control. Further details are described in +.Xr ksu 1 . +The default is -+.Dq no . - .It Cm GSSAPIStrictAcceptorCheck - Determines whether to be strict about the identity of the GSSAPI acceptor - a client authenticates against. -diff -up openssh-7.0p1/sshd_config.GSSAPIEnablek5users openssh-7.0p1/sshd_config ---- openssh-7.0p1/sshd_config.GSSAPIEnablek5users 2015-08-12 11:27:44.023407950 +0200 -+++ openssh-7.0p1/sshd_config 2015-08-12 11:27:44.048407911 +0200 -@@ -94,6 +94,7 @@ GSSAPIAuthentication yes ++.Cm no . + .It Cm GSSAPIKeyExchange + Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange + doesn't rely on ssh keys to verify host identity. +diff -up openssh-7.4p1/sshd_config.GSSAPIEnablek5users openssh-7.4p1/sshd_config +--- openssh-7.4p1/sshd_config.GSSAPIEnablek5users 2016-12-23 15:18:40.616216100 +0100 ++++ openssh-7.4p1/sshd_config 2016-12-23 15:18:40.631216103 +0100 +@@ -80,6 +80,7 @@ GSSAPIAuthentication yes GSSAPICleanupCredentials no #GSSAPIStrictAcceptorCheck yes #GSSAPIKeyExchange no diff --git a/openssh-6.6p1-ctr-cavstest.patch b/openssh-6.6p1-ctr-cavstest.patch index 9383a98..eb43c79 100644 --- a/openssh-6.6p1-ctr-cavstest.patch +++ b/openssh-6.6p1-ctr-cavstest.patch @@ -142,7 +142,7 @@ diff -up openssh-6.8p1/ctr-cavstest.c.ctr-cavs openssh-6.8p1/ctr-cavstest.c +{ + + const struct sshcipher *c; -+ struct sshcipher_ctx cc; ++ struct sshcipher_ctx *cc; + char *algo = "aes128-ctr"; + char *hexkey = NULL; + char *hexiv = "00000000000000000000000000000000"; @@ -232,11 +232,11 @@ diff -up openssh-6.8p1/ctr-cavstest.c.ctr-cavs openssh-6.8p1/ctr-cavstest.c + return 2; + } + -+ cipher_crypt(&cc, 0, outdata, data, datalen, 0, 0); ++ cipher_crypt(cc, 0, outdata, data, datalen, 0, 0); + + free(data); + -+ cipher_cleanup(&cc); ++ cipher_free(cc); + + for (p = outdata; datalen > 0; ++p, --datalen) { + printf("%02X", (unsigned char)*p); diff --git a/openssh-6.6p1-entropy.patch b/openssh-6.6p1-entropy.patch index b023ddc..db8ce54 100644 --- a/openssh-6.6p1-entropy.patch +++ b/openssh-6.6p1-entropy.patch @@ -1,8 +1,7 @@ -diff --git a/entropy.c b/entropy.c -index 1e9d52a..d24e724 100644 ---- a/entropy.c -+++ b/entropy.c -@@ -227,6 +227,9 @@ seed_rng(void) +diff -up openssh-7.4p1/entropy.c.entropy openssh-7.4p1/entropy.c +--- openssh-7.4p1/entropy.c.entropy 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/entropy.c 2016-12-23 18:34:27.769753570 +0100 +@@ -229,6 +229,9 @@ seed_rng(void) memset(buf, '\0', sizeof(buf)); #endif /* OPENSSL_PRNG_ONLY */ @@ -12,24 +11,31 @@ index 1e9d52a..d24e724 100644 if (RAND_status() != 1) fatal("PRNG is not seeded"); } -diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in -index 843225d..041bbab 100644 ---- a/openbsd-compat/Makefile.in -+++ b/openbsd-compat/Makefile.in -@@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o di +diff -up openssh-7.4p1/openbsd-compat/Makefile.in.entropy openssh-7.4p1/openbsd-compat/Makefile.in +--- openssh-7.4p1/openbsd-compat/Makefile.in.entropy 2016-12-23 18:34:53.715762155 +0100 ++++ openssh-7.4p1/openbsd-compat/Makefile.in 2016-12-23 18:35:15.890769493 +0100 +@@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bcrypt_pbkdf - COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-err.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o kludge-fd_set.o + COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-err.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xcrypt.o kludge-fd_set.o -PORTS=port-aix.o port-irix.o port-linux.o port-linux-sshd.o port-solaris.o port-tun.o port-uw.o +PORTS=port-aix.o port-irix.o port-linux.o port-linux-sshd.o port-linux-prng.o port-solaris.o port-tun.o port-uw.o .c.o: $(CC) $(CFLAGS) $(CPPFLAGS) -c $< -diff --git a/openbsd-compat/port-linux-prng.c b/openbsd-compat/port-linux-prng.c -new file mode 100644 -index 0000000..da84bf2 ---- /dev/null -+++ b/openbsd-compat/port-linux-prng.c +diff -up openssh-7.4p1/openbsd-compat/port-linux.h.entropy openssh-7.4p1/openbsd-compat/port-linux.h +--- openssh-7.4p1/openbsd-compat/port-linux.h.entropy 2016-12-23 18:34:27.747753563 +0100 ++++ openssh-7.4p1/openbsd-compat/port-linux.h 2016-12-23 18:34:27.769753570 +0100 +@@ -34,4 +34,6 @@ void oom_adjust_restore(void); + void oom_adjust_setup(void); + #endif + ++void linux_seed(void); ++ + #endif /* ! _PORT_LINUX_H */ +diff -up openssh-7.4p1/openbsd-compat/port-linux-prng.c.entropy openssh-7.4p1/openbsd-compat/port-linux-prng.c +--- openssh-7.4p1/openbsd-compat/port-linux-prng.c.entropy 2016-12-23 18:34:27.769753570 +0100 ++++ openssh-7.4p1/openbsd-compat/port-linux-prng.c 2016-12-23 18:34:27.769753570 +0100 @@ -0,0 +1,59 @@ +/* $Id: port-linux.c,v 1.11.4.2 2011/02/04 00:43:08 djm Exp $ */ + @@ -90,11 +96,37 @@ index 0000000..da84bf2 + fatal ("EOF reading %s", random); + } +} -diff --git a/ssh-add.0 b/ssh-add.0 -index f16165a..17d22cf 100644 ---- a/ssh-add.0 -+++ b/ssh-add.0 -@@ -82,6 +82,16 @@ ENVIRONMENT +diff -up openssh-7.4p1/ssh.1.entropy openssh-7.4p1/ssh.1 +--- openssh-7.4p1/ssh.1.entropy 2016-12-23 18:34:27.754753565 +0100 ++++ openssh-7.4p1/ssh.1 2016-12-23 18:34:27.770753571 +0100 +@@ -1441,6 +1441,23 @@ For more information, see the + .Cm PermitUserEnvironment + option in + .Xr sshd_config 5 . ++.Sh ENVIRONMENT ++.Bl -tag -width Ds -compact ++.It Ev SSH_USE_STRONG_RNG ++The reseeding of the OpenSSL random generator is usually done from ++.Cm /dev/urandom . ++If the ++.Cm SSH_USE_STRONG_RNG ++environment variable is set to value other than ++.Cm 0 ++the OpenSSL random generator is reseeded from ++.Cm /dev/random . ++The number of bytes read is defined by the SSH_USE_STRONG_RNG value. ++Minimum is 14 bytes. ++This setting is not recommended on the computers without the hardware ++random generator because insufficient entropy causes the connection to ++be blocked until enough entropy is available. ++.El + .Sh FILES + .Bl -tag -width Ds -compact + .It Pa ~/.rhosts +diff -up openssh-7.4p1/ssh-add.0.entropy openssh-7.4p1/ssh-add.0 +--- openssh-7.4p1/ssh-add.0.entropy 2016-12-19 06:21:21.000000000 +0100 ++++ openssh-7.4p1/ssh-add.0 2016-12-23 18:34:27.770753571 +0100 +@@ -88,6 +88,16 @@ ENVIRONMENT Identifies the path of a UNIX-domain socket used to communicate with the agent. @@ -111,11 +143,10 @@ index f16165a..17d22cf 100644 FILES ~/.ssh/identity Contains the protocol version 1 RSA authentication identity of -diff --git a/ssh-add.1 b/ssh-add.1 -index 04d1840..db883a4 100644 ---- a/ssh-add.1 -+++ b/ssh-add.1 -@@ -170,6 +170,20 @@ to make this work.) +diff -up openssh-7.4p1/ssh-add.1.entropy openssh-7.4p1/ssh-add.1 +--- openssh-7.4p1/ssh-add.1.entropy 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/ssh-add.1 2016-12-23 18:34:27.770753571 +0100 +@@ -171,6 +171,20 @@ to make this work.) Identifies the path of a .Ux Ns -domain socket used to communicate with the agent. @@ -136,11 +167,10 @@ index 04d1840..db883a4 100644 .El .Sh FILES .Bl -tag -width Ds -diff --git a/ssh-agent.1 b/ssh-agent.1 -index d7e791b..7332f0d 100644 ---- a/ssh-agent.1 -+++ b/ssh-agent.1 -@@ -189,6 +189,24 @@ sockets used to contain the connection to the authentication agent. +diff -up openssh-7.4p1/ssh-agent.1.entropy openssh-7.4p1/ssh-agent.1 +--- openssh-7.4p1/ssh-agent.1.entropy 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/ssh-agent.1 2016-12-23 18:34:27.770753571 +0100 +@@ -214,6 +214,24 @@ sockets used to contain the connection t These sockets should only be readable by the owner. The sockets should get automatically removed when the agent exits. .El @@ -165,13 +195,12 @@ index d7e791b..7332f0d 100644 .Sh SEE ALSO .Xr ssh 1 , .Xr ssh-add 1 , -diff --git a/ssh-keygen.1 b/ssh-keygen.1 -index 276dacc..a09d9b1 100644 ---- a/ssh-keygen.1 -+++ b/ssh-keygen.1 -@@ -841,6 +841,24 @@ Contains Diffie-Hellman groups used for DH-GEX. - The file format is described in - .Xr moduli 5 . +diff -up openssh-7.4p1/sshd.8.entropy openssh-7.4p1/sshd.8 +--- openssh-7.4p1/sshd.8.entropy 2016-12-23 18:34:27.755753566 +0100 ++++ openssh-7.4p1/sshd.8 2016-12-23 18:34:27.770753571 +0100 +@@ -920,6 +920,24 @@ concurrently for different ports, this c + started last). + The content of this file is not sensitive; it can be world-readable. .El +.Sh ENVIRONMENT +.Bl -tag -width Ds -compact @@ -191,16 +220,15 @@ index 276dacc..a09d9b1 100644 +random generator because insufficient entropy causes the connection to +be blocked until enough entropy is available. +.El + .Sh IPV6 + IPv6 address can be used everywhere where IPv4 address. In all entries must be the IPv6 address enclosed in square brackets. Note: The square brackets are metacharacters for the shell and must be escaped in shell. .Sh SEE ALSO - .Xr ssh 1 , - .Xr ssh-add 1 , -diff --git a/ssh-keysign.8 b/ssh-keysign.8 -index 69d0829..02d79f8 100644 ---- a/ssh-keysign.8 -+++ b/ssh-keysign.8 -@@ -80,6 +80,24 @@ must be set-uid root if host-based authentication is used. - If these files exist they are assumed to contain public certificate - information corresponding with the private keys above. +diff -up openssh-7.4p1/ssh-keygen.1.entropy openssh-7.4p1/ssh-keygen.1 +--- openssh-7.4p1/ssh-keygen.1.entropy 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/ssh-keygen.1 2016-12-23 18:34:27.770753571 +0100 +@@ -848,6 +848,24 @@ Contains Diffie-Hellman groups used for + The file format is described in + .Xr moduli 5 . .El +.Sh ENVIRONMENT +.Bl -tag -width Ds -compact @@ -222,42 +250,13 @@ index 69d0829..02d79f8 100644 +.El .Sh SEE ALSO .Xr ssh 1 , - .Xr ssh-keygen 1 , -diff --git a/ssh.1 b/ssh.1 -index 4a476c2..410a04a 100644 ---- a/ssh.1 -+++ b/ssh.1 -@@ -1299,6 +1299,23 @@ For more information, see the - .Cm PermitUserEnvironment - option in - .Xr sshd_config 5 . -+.Sh ENVIRONMENT -+.Bl -tag -width Ds -compact -+.It Ev SSH_USE_STRONG_RNG -+The reseeding of the OpenSSL random generator is usually done from -+.Cm /dev/urandom . -+If the -+.Cm SSH_USE_STRONG_RNG -+environment variable is set to value other than -+.Cm 0 -+the OpenSSL random generator is reseeded from -+.Cm /dev/random . -+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. -+Minimum is 14 bytes. -+This setting is not recommended on the computers without the hardware -+random generator because insufficient entropy causes the connection to -+be blocked until enough entropy is available. -+.El - .Sh FILES - .Bl -tag -width Ds -compact - .It Pa ~/.rhosts -diff --git a/sshd.8 b/sshd.8 -index cb866b5..adcaaf9 100644 ---- a/sshd.8 -+++ b/sshd.8 -@@ -945,6 +945,24 @@ concurrently for different ports, this contains the process ID of the one - started last). - The content of this file is not sensitive; it can be world-readable. + .Xr ssh-add 1 , +diff -up openssh-7.4p1/ssh-keysign.8.entropy openssh-7.4p1/ssh-keysign.8 +--- openssh-7.4p1/ssh-keysign.8.entropy 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/ssh-keysign.8 2016-12-23 18:34:27.770753571 +0100 +@@ -80,6 +80,24 @@ must be set-uid root if host-based authe + If these files exist they are assumed to contain public certificate + information corresponding with the private keys above. .El +.Sh ENVIRONMENT +.Bl -tag -width Ds -compact @@ -277,16 +276,6 @@ index cb866b5..adcaaf9 100644 +random generator because insufficient entropy causes the connection to +be blocked until enough entropy is available. +.El - .Sh IPV6 - IPv6 address can be used everywhere where IPv4 address. In all entries must be the IPv6 address enclosed in square brackets. Note: The square brackets are metacharacters for the shell and must be escaped in shell. .Sh SEE ALSO -diff -up openssh-6.8p1/openbsd-compat/port-linux.h.coverity openssh-6.8p1/openbsd-compat/port-linux.h ---- openssh-6.8p1/openbsd-compat/port-linux.h.coverity 2015-03-18 17:21:51.861264906 +0100 -+++ openssh-6.8p1/openbsd-compat/port-linux.h 2015-03-18 17:21:51.897264831 +0100 -@@ -37,4 +37,6 @@ void oom_adjust_restore(void); - void oom_adjust_setup(void); - #endif - -+void linux_seed(void); -+ - #endif /* ! _PORT_LINUX_H */ + .Xr ssh 1 , + .Xr ssh-keygen 1 , diff --git a/openssh-6.6p1-kuserok.patch b/openssh-6.6p1-kuserok.patch index 192b9c3..1af0fa4 100644 --- a/openssh-6.6p1-kuserok.patch +++ b/openssh-6.6p1-kuserok.patch @@ -1,7 +1,7 @@ -diff -up openssh-7.0p1/auth-krb5.c.kuserok openssh-7.0p1/auth-krb5.c ---- openssh-7.0p1/auth-krb5.c.kuserok 2015-08-11 10:57:29.000000000 +0200 -+++ openssh-7.0p1/auth-krb5.c 2015-08-12 11:26:21.874536127 +0200 -@@ -55,6 +55,21 @@ +diff -up openssh-7.4p1/auth-krb5.c.kuserok openssh-7.4p1/auth-krb5.c +--- openssh-7.4p1/auth-krb5.c.kuserok 2016-12-23 14:36:07.640465939 +0100 ++++ openssh-7.4p1/auth-krb5.c 2016-12-23 14:36:07.644465936 +0100 +@@ -56,6 +56,21 @@ extern ServerOptions options; @@ -23,7 +23,7 @@ diff -up openssh-7.0p1/auth-krb5.c.kuserok openssh-7.0p1/auth-krb5.c static int krb5_init(void *context) { -@@ -158,8 +173,9 @@ auth_krb5_password(Authctxt *authctxt, c +@@ -160,8 +175,9 @@ auth_krb5_password(Authctxt *authctxt, c if (problem) goto out; @@ -35,9 +35,9 @@ diff -up openssh-7.0p1/auth-krb5.c.kuserok openssh-7.0p1/auth-krb5.c problem = -1; goto out; } -diff -up openssh-7.0p1/gss-serv-krb5.c.kuserok openssh-7.0p1/gss-serv-krb5.c ---- openssh-7.0p1/gss-serv-krb5.c.kuserok 2015-08-12 11:26:21.868536137 +0200 -+++ openssh-7.0p1/gss-serv-krb5.c 2015-08-12 11:26:21.875536126 +0200 +diff -up openssh-7.4p1/gss-serv-krb5.c.kuserok openssh-7.4p1/gss-serv-krb5.c +--- openssh-7.4p1/gss-serv-krb5.c.kuserok 2016-12-23 14:36:07.640465939 +0100 ++++ openssh-7.4p1/gss-serv-krb5.c 2016-12-23 14:36:07.644465936 +0100 @@ -67,6 +67,7 @@ static int ssh_gssapi_krb5_cmdok(krb5_pr int); @@ -160,7 +160,7 @@ diff -up openssh-7.0p1/gss-serv-krb5.c.kuserok openssh-7.0p1/gss-serv-krb5.c retval = 1; logit("Authorized to %s, krb5 principal %s (krb5_kuserok)", name, (char *)client->displayname.value); -@@ -171,9 +270,8 @@ ssh_gssapi_krb5_cmdok(krb5_principal pri +@@ -190,9 +289,8 @@ ssh_gssapi_krb5_cmdok(krb5_principal pri snprintf(file, sizeof(file), "%s/.k5users", pw->pw_dir); /* If both .k5login and .k5users DNE, self-login is ok. */ if (!k5login_exists && (access(file, F_OK) == -1)) { @@ -172,28 +172,28 @@ diff -up openssh-7.0p1/gss-serv-krb5.c.kuserok openssh-7.0p1/gss-serv-krb5.c } if ((fp = fopen(file, "r")) == NULL) { int saved_errno = errno; -diff -up openssh-7.0p1/servconf.c.kuserok openssh-7.0p1/servconf.c ---- openssh-7.0p1/servconf.c.kuserok 2015-08-12 11:26:21.865536141 +0200 -+++ openssh-7.0p1/servconf.c 2015-08-12 11:27:14.126454598 +0200 -@@ -172,6 +172,7 @@ initialize_server_options(ServerOptions - options->ip_qos_bulk = -1; +diff -up openssh-7.4p1/servconf.c.kuserok openssh-7.4p1/servconf.c +--- openssh-7.4p1/servconf.c.kuserok 2016-12-23 14:36:07.630465944 +0100 ++++ openssh-7.4p1/servconf.c 2016-12-23 15:11:52.278133344 +0100 +@@ -167,6 +167,7 @@ initialize_server_options(ServerOptions options->version_addendum = NULL; options->fingerprint_hash = -1; + options->disable_forwarding = -1; + options->use_kuserok = -1; } /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ -@@ -350,6 +351,8 @@ fill_default_server_options(ServerOption - options->fwd_opts.streamlocal_bind_unlink = 0; - if (options->fingerprint_hash == -1) +@@ -342,6 +343,8 @@ fill_default_server_options(ServerOption options->fingerprint_hash = SSH_FP_HASH_DEFAULT; + if (options->disable_forwarding == -1) + options->disable_forwarding = 0; + if (options->use_kuserok == -1) + options->use_kuserok = 1; assemble_algorithms(options); -@@ -404,7 +407,7 @@ typedef enum { - sKeyRegenerationTime, sPermitRootLogin, sLogFacility, sLogLevel, +@@ -399,7 +402,7 @@ typedef enum { + sPermitRootLogin, sLogFacility, sLogLevel, sRhostsRSAAuthentication, sRSAAuthentication, sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, - sKerberosGetAFSToken, @@ -201,7 +201,7 @@ diff -up openssh-7.0p1/servconf.c.kuserok openssh-7.0p1/servconf.c sKerberosTgtPassing, sChallengeResponseAuthentication, sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, sAddressFamily, -@@ -483,11 +486,13 @@ static struct { +@@ -478,11 +481,13 @@ static struct { #else { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, #endif @@ -215,7 +215,7 @@ diff -up openssh-7.0p1/servconf.c.kuserok openssh-7.0p1/servconf.c #endif { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL }, { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL }, -@@ -1671,6 +1676,10 @@ process_server_config_line(ServerOptions +@@ -1644,6 +1649,10 @@ process_server_config_line(ServerOptions *activep = value; break; @@ -226,15 +226,15 @@ diff -up openssh-7.0p1/servconf.c.kuserok openssh-7.0p1/servconf.c case sPermitOpen: arg = strdelim(&cp); if (!arg || *arg == '\0') -@@ -2023,6 +2032,7 @@ copy_set_server_options(ServerOptions *d - M_CP_INTOPT(max_authtries); +@@ -2016,6 +2025,7 @@ copy_set_server_options(ServerOptions *d + M_CP_INTOPT(client_alive_interval); M_CP_INTOPT(ip_qos_interactive); M_CP_INTOPT(ip_qos_bulk); + M_CP_INTOPT(use_kuserok); M_CP_INTOPT(rekey_limit); M_CP_INTOPT(rekey_interval); -@@ -2304,6 +2314,7 @@ dump_config(ServerOptions *o) +@@ -2309,6 +2319,7 @@ dump_config(ServerOptions *o) dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); @@ -242,10 +242,10 @@ diff -up openssh-7.0p1/servconf.c.kuserok openssh-7.0p1/servconf.c /* string arguments */ dump_cfg_string(sPidFile, o->pid_file); -diff -up openssh-7.0p1/servconf.h.kuserok openssh-7.0p1/servconf.h ---- openssh-7.0p1/servconf.h.kuserok 2015-08-12 11:26:21.865536141 +0200 -+++ openssh-7.0p1/servconf.h 2015-08-12 11:26:21.876536124 +0200 -@@ -180,6 +180,7 @@ typedef struct { +diff -up openssh-7.4p1/servconf.h.kuserok openssh-7.4p1/servconf.h +--- openssh-7.4p1/servconf.h.kuserok 2016-12-23 14:36:07.630465944 +0100 ++++ openssh-7.4p1/servconf.h 2016-12-23 14:36:07.645465936 +0100 +@@ -174,6 +174,7 @@ typedef struct { int num_permitted_opens; @@ -253,21 +253,21 @@ diff -up openssh-7.0p1/servconf.h.kuserok openssh-7.0p1/servconf.h char *chroot_directory; char *revoked_keys_file; char *trusted_user_ca_keys; -diff -up openssh-7.0p1/sshd_config.5.kuserok openssh-7.0p1/sshd_config.5 ---- openssh-7.0p1/sshd_config.5.kuserok 2015-08-12 11:26:21.867536138 +0200 -+++ openssh-7.0p1/sshd_config.5 2015-08-12 11:26:21.877536123 +0200 -@@ -872,6 +872,10 @@ Specifies whether to automatically destr +diff -up openssh-7.4p1/sshd_config.5.kuserok openssh-7.4p1/sshd_config.5 +--- openssh-7.4p1/sshd_config.5.kuserok 2016-12-23 14:36:07.637465940 +0100 ++++ openssh-7.4p1/sshd_config.5 2016-12-23 15:14:03.117162222 +0100 +@@ -850,6 +850,10 @@ Specifies whether to automatically destr file on logout. The default is - .Dq yes . + .Cm yes . +.It Cm KerberosUseKuserok +Specifies whether to look at .k5login file for user's aliases. +The default is -+.Dq yes . ++.Cm yes . .It Cm KexAlgorithms Specifies the available KEX (Key Exchange) algorithms. Multiple algorithms must be comma-separated. -@@ -1116,6 +1120,7 @@ Available keywords are +@@ -1078,6 +1082,7 @@ Available keywords are .Cm IPQoS , .Cm KbdInteractiveAuthentication , .Cm KerberosAuthentication , @@ -275,10 +275,10 @@ diff -up openssh-7.0p1/sshd_config.5.kuserok openssh-7.0p1/sshd_config.5 .Cm MaxAuthTries , .Cm MaxSessions , .Cm PasswordAuthentication , -diff -up openssh-7.0p1/sshd_config.kuserok openssh-7.0p1/sshd_config ---- openssh-7.0p1/sshd_config.kuserok 2015-08-12 11:26:21.867536138 +0200 -+++ openssh-7.0p1/sshd_config 2015-08-12 11:26:21.876536124 +0200 -@@ -87,6 +87,7 @@ ChallengeResponseAuthentication no +diff -up openssh-7.4p1/sshd_config.kuserok openssh-7.4p1/sshd_config +--- openssh-7.4p1/sshd_config.kuserok 2016-12-23 14:36:07.631465943 +0100 ++++ openssh-7.4p1/sshd_config 2016-12-23 14:36:07.646465935 +0100 +@@ -73,6 +73,7 @@ ChallengeResponseAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no diff --git a/openssh-6.6p1-privsep-selinux.patch b/openssh-6.6p1-privsep-selinux.patch index 3433fd6..6933b39 100644 --- a/openssh-6.6p1-privsep-selinux.patch +++ b/openssh-6.6p1-privsep-selinux.patch @@ -1,8 +1,18 @@ -diff --git a/openbsd-compat/port-linux-sshd.c b/openbsd-compat/port-linux-sshd.c -index c18524e..d04f4ed 100644 ---- a/openbsd-compat/port-linux-sshd.c -+++ b/openbsd-compat/port-linux-sshd.c -@@ -409,6 +409,28 @@ sshd_selinux_setup_exec_context(char *pwname) +diff -up openssh-7.4p1/openbsd-compat/port-linux.h.privsep-selinux openssh-7.4p1/openbsd-compat/port-linux.h +--- openssh-7.4p1/openbsd-compat/port-linux.h.privsep-selinux 2016-12-23 18:58:52.972122201 +0100 ++++ openssh-7.4p1/openbsd-compat/port-linux.h 2016-12-23 18:58:52.974122201 +0100 +@@ -23,6 +23,7 @@ void ssh_selinux_setup_pty(char *, const + void ssh_selinux_change_context(const char *); + void ssh_selinux_setfscreatecon(const char *); + ++void sshd_selinux_copy_context(void); + void sshd_selinux_setup_exec_context(char *); + #endif + +diff -up openssh-7.4p1/openbsd-compat/port-linux-sshd.c.privsep-selinux openssh-7.4p1/openbsd-compat/port-linux-sshd.c +--- openssh-7.4p1/openbsd-compat/port-linux-sshd.c.privsep-selinux 2016-12-23 18:58:52.973122201 +0100 ++++ openssh-7.4p1/openbsd-compat/port-linux-sshd.c 2016-12-23 18:58:52.974122201 +0100 +@@ -419,6 +419,28 @@ sshd_selinux_setup_exec_context(char *pw debug3("%s: done", __func__); } @@ -31,23 +41,19 @@ index c18524e..d04f4ed 100644 #endif #endif -diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h -index 8ef6cc4..b18893c 100644 ---- a/openbsd-compat/port-linux.h -+++ b/openbsd-compat/port-linux.h -@@ -25,6 +25,7 @@ void ssh_selinux_setup_pty(char *, const char *); - void ssh_selinux_change_context(const char *); - void ssh_selinux_setfscreatecon(const char *); +diff -up openssh-7.4p1/session.c.privsep-selinux openssh-7.4p1/session.c +--- openssh-7.4p1/session.c.privsep-selinux 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/session.c 2016-12-23 18:58:52.974122201 +0100 +@@ -1331,7 +1331,7 @@ do_setusercontext(struct passwd *pw) -+void sshd_selinux_copy_context(void); - void sshd_selinux_setup_exec_context(char *); - #endif + platform_setusercontext(pw); -diff --git a/session.c b/session.c -index 2bcf818..b5dc144 100644 ---- a/session.c -+++ b/session.c -@@ -1538,6 +1538,9 @@ do_setusercontext(struct passwd *pw) +- if (platform_privileged_uidswap()) { ++ if (platform_privileged_uidswap() && (!is_child || !use_privsep)) { + #ifdef HAVE_LOGIN_CAP + if (setusercontext(lc, pw, pw->pw_uid, + (LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) { +@@ -1361,6 +1361,9 @@ do_setusercontext(struct passwd *pw) pw->pw_uid); chroot_path = percent_expand(tmp, "h", pw->pw_dir, "u", pw->pw_name, (char *)NULL); @@ -57,7 +63,7 @@ index 2bcf818..b5dc144 100644 safely_chroot(chroot_path, pw->pw_uid); free(tmp); free(chroot_path); -@@ -1565,6 +1568,11 @@ do_setusercontext(struct passwd *pw) +@@ -1396,6 +1399,11 @@ do_setusercontext(struct passwd *pw) /* Permanently switch to the desired uid. */ permanently_set_uid(pw); #endif @@ -69,7 +75,7 @@ index 2bcf818..b5dc144 100644 } else if (options.chroot_directory != NULL && strcasecmp(options.chroot_directory, "none") != 0) { fatal("server lacks privileges to chroot to ChrootDirectory"); -@@ -1588,9 +1588,6 @@ do_pwchange(Session *s) +@@ -1413,9 +1421,6 @@ do_pwchange(Session *s) if (s->ttyfd != -1) { fprintf(stderr, "You must change your password now and login again!\n"); @@ -79,7 +85,7 @@ index 2bcf818..b5dc144 100644 #ifdef PASSWD_NEEDS_USERNAME execl(_PATH_PASSWD_PROG, "passwd", s->pw->pw_name, (char *)NULL); -@@ -1826,9 +1835,6 @@ do_child(Session *s, const char *command) +@@ -1625,9 +1630,6 @@ do_child(Session *s, const char *command argv[i] = NULL; optind = optreset = 1; __progname = argv[0]; @@ -89,11 +95,10 @@ index 2bcf818..b5dc144 100644 exit(sftp_server_main(i, argv, s->pw)); } -diff --git a/sshd.c b/sshd.c -index 07f9926..a97f8b7 100644 ---- a/sshd.c -+++ b/sshd.c -@@ -632,6 +632,10 @@ privsep_preauth_child(void) +diff -up openssh-7.4p1/sshd.c.privsep-selinux openssh-7.4p1/sshd.c +--- openssh-7.4p1/sshd.c.privsep-selinux 2016-12-23 18:58:52.973122201 +0100 ++++ openssh-7.4p1/sshd.c 2016-12-23 18:59:13.808124269 +0100 +@@ -540,6 +540,10 @@ privsep_preauth_child(void) /* Demote the private keys to public keys. */ demote_sensitive_data(); @@ -104,26 +109,13 @@ index 07f9926..a97f8b7 100644 /* Demote the child */ if (getuid() == 0 || geteuid() == 0) { /* Change our root directory */ -@@ -755,6 +755,9 @@ privsep_postauth(Authctxt *authctxt) - +@@ -633,6 +637,9 @@ privsep_postauth(Authctxt *authctxt) + { #ifdef DISABLE_FD_PASSING if (1) { +#elif defined(WITH_SELINUX) -+ if (options.use_login) { ++ if (0) { + /* even root user can be confined by SELinux */ #else - if (authctxt->pw->pw_uid == 0 || options.use_login) { + if (authctxt->pw->pw_uid == 0) { #endif -diff --git a/session.c b/session.c -index 684f867..09048bc 100644 ---- a/session.c -+++ b/session.c -@@ -1538,7 +1538,7 @@ do_setusercontext(struct passwd *pw) - - platform_setusercontext(pw); - -- if (platform_privileged_uidswap()) { -+ if (platform_privileged_uidswap() && (!is_child || !use_privsep)) { - #ifdef HAVE_LOGIN_CAP - if (setusercontext(lc, pw, pw->pw_uid, - (LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) { diff --git a/openssh-6.6p1-redhat.patch b/openssh-6.6p1-redhat.patch index de6216d..b23f47e 100644 --- a/openssh-6.6p1-redhat.patch +++ b/openssh-6.6p1-redhat.patch @@ -1,8 +1,7 @@ -diff --git a/ssh_config b/ssh_config -index 49a4f6c..3f83c40 100644 ---- a/ssh_config -+++ b/ssh_config -@@ -46,3 +46,7 @@ +diff -up openssh-7.4p1/ssh_config.redhat openssh-7.4p1/ssh_config +--- openssh-7.4p1/ssh_config.redhat 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/ssh_config 2016-12-23 13:32:00.045220402 +0100 +@@ -48,3 +48,7 @@ # VisualHostKey no # ProxyCommand ssh -q -W %h:%p gateway.example.com # RekeyLimit 1G 1h @@ -10,9 +9,9 @@ index 49a4f6c..3f83c40 100644 +# To modify the system-wide ssh configuration, create a *.conf file under +# /etc/ssh/ssh_config.d/ which will be automatically included below +Include /etc/ssh/ssh_config.d/*.conf -diff --git a/ssh_config_redhat b/ssh_config_redhat ---- /dev/null -+++ b/ssh_config_redhat +diff -up openssh-7.4p1/ssh_config_redhat.redhat openssh-7.4p1/ssh_config_redhat +--- openssh-7.4p1/ssh_config_redhat.redhat 2016-12-23 13:32:00.045220402 +0100 ++++ openssh-7.4p1/ssh_config_redhat 2016-12-23 13:32:00.045220402 +0100 @@ -0,0 +1,20 @@ +# Follow system-wide Crypto Poliicy, if defined: +Include /etc/crypto-policies/back-ends/openssh.txt @@ -34,11 +33,38 @@ diff --git a/ssh_config_redhat b/ssh_config_redhat + SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT + SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE + SendEnv XMODIFIERS -diff --git a/sshd_config b/sshd_config -index c735429..e68ddee 100644 ---- a/sshd_config -+++ b/sshd_config -@@ -10,6 +10,10 @@ +diff -up openssh-7.4p1/sshd_config.0.redhat openssh-7.4p1/sshd_config.0 +--- openssh-7.4p1/sshd_config.0.redhat 2016-12-19 06:21:22.000000000 +0100 ++++ openssh-7.4p1/sshd_config.0 2016-12-23 13:32:00.045220402 +0100 +@@ -837,9 +837,9 @@ DESCRIPTION + + SyslogFacility + Gives the facility code that is used when logging messages from +- sshd(8). The possible values are: DAEMON, USER, AUTH, LOCAL0, +- LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The +- default is AUTH. ++ sshd(8). The possible values are: DAEMON, USER, AUTH, AUTHPRIV, ++ LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. ++ The default is AUTH. + + TCPKeepAlive + Specifies whether the system should send TCP keepalive messages +diff -up openssh-7.4p1/sshd_config.5.redhat openssh-7.4p1/sshd_config.5 +--- openssh-7.4p1/sshd_config.5.redhat 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/sshd_config.5 2016-12-23 13:32:00.046220403 +0100 +@@ -1393,7 +1393,7 @@ By default no subsystems are defined. + .It Cm SyslogFacility + Gives the facility code that is used when logging messages from + .Xr sshd 8 . +-The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, ++The possible values are: DAEMON, USER, AUTH, AUTHPRIV, LOCAL0, LOCAL1, LOCAL2, + LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. + The default is AUTH. + .It Cm TCPKeepAlive +diff -up openssh-7.4p1/sshd_config.redhat openssh-7.4p1/sshd_config +--- openssh-7.4p1/sshd_config.redhat 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/sshd_config 2016-12-23 13:33:05.386233133 +0100 +@@ -10,21 +10,26 @@ # possible, but leave them commented. Uncommented options override the # default value. @@ -49,10 +75,8 @@ index c735429..e68ddee 100644 #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 -@@ -21,10 +25,10 @@ - # HostKey for protocol version 1 - #HostKey /etc/ssh/ssh_host_key - # HostKeys for protocol version 2 + #ListenAddress :: + -#HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key @@ -61,9 +85,8 @@ index c735429..e68ddee 100644 +HostKey /etc/ssh/ssh_host_ecdsa_key +HostKey /etc/ssh/ssh_host_ed25519_key - # Lifetime and size of ephemeral version 1 server key - #KeyRegenerationInterval 1h -@@ -36,6 +40,7 @@ + # Ciphers and keying + #RekeyLimit default none # Logging #SyslogFacility AUTH @@ -71,7 +94,7 @@ index c735429..e68ddee 100644 #LogLevel INFO # Authentication: -@@ -71,9 +76,11 @@ AuthorizedKeysFile .ssh/authorized_keys +@@ -57,9 +62,11 @@ AuthorizedKeysFile .ssh/authorized_keys # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no @@ -83,7 +106,7 @@ index c735429..e68ddee 100644 # Kerberos options #KerberosAuthentication no -@@ -82,8 +89,8 @@ AuthorizedKeysFile .ssh/authorized_keys +@@ -68,8 +75,8 @@ AuthorizedKeysFile .ssh/authorized_keys #KerberosGetAFSToken no # GSSAPI options @@ -94,7 +117,7 @@ index c735429..e68ddee 100644 # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will -@@ -94,12 +101,12 @@ AuthorizedKeysFile .ssh/authorized_keys +@@ -80,12 +87,12 @@ AuthorizedKeysFile .ssh/authorized_keys # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. @@ -109,7 +132,7 @@ index c735429..e68ddee 100644 #X11DisplayOffset 10 #X11UseLocalhost yes #PermitTTY yes -@@ -122,6 +129,12 @@ UsePrivilegeSeparation sandbox # Default for new installations. +@@ -108,6 +115,12 @@ AuthorizedKeysFile .ssh/authorized_keys # no default banner path #Banner none @@ -122,33 +145,3 @@ index c735429..e68ddee 100644 # override default of no subsystems Subsystem sftp /usr/libexec/sftp-server -diff --git a/sshd_config.0 b/sshd_config.0 -index 413c260..87e7ee7 100644 ---- a/sshd_config.0 -+++ b/sshd_config.0 -@@ -675,9 +675,9 @@ DESCRIPTION - - SyslogFacility - Gives the facility code that is used when logging messages from -- sshd(8). The possible values are: DAEMON, USER, AUTH, LOCAL0, -- LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The -- default is AUTH. -+ sshd(8). The possible values are: DAEMON, USER, AUTH, AUTHPRIV, -+ LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. -+ The default is AUTH. - - TCPKeepAlive - Specifies whether the system should send TCP keepalive messages -diff --git a/sshd_config.5 b/sshd_config.5 -index ce71efe..12465c2 100644 ---- a/sshd_config.5 -+++ b/sshd_config.5 -@@ -1131,7 +1131,7 @@ Note that this option applies to protocol version 2 only. - .It Cm SyslogFacility - Gives the facility code that is used when logging messages from - .Xr sshd 8 . --The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, -+The possible values are: DAEMON, USER, AUTH, AUTHPRIV, LOCAL0, LOCAL1, LOCAL2, - LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. - The default is AUTH. - .It Cm TCPKeepAlive diff --git a/openssh-6.6p1-role-mls.patch b/openssh-6.6p1-role-mls.patch index 454c827..f2bfa5a 100644 --- a/openssh-6.6p1-role-mls.patch +++ b/openssh-6.6p1-role-mls.patch @@ -1,81 +1,48 @@ -diff -up openssh/auth-pam.c.role-mls openssh/auth-pam.c ---- openssh/auth-pam.c.role-mls 2016-07-24 13:50:13.000000000 +0200 -+++ openssh/auth-pam.c 2016-07-26 12:37:48.793593333 +0200 -@@ -1095,7 +1095,7 @@ is_pam_session_open(void) - * during the ssh authentication process. - */ - int --do_pam_putenv(char *name, char *value) -+do_pam_putenv(char *name, const char *value) - { - int ret = 1; - #ifdef HAVE_PAM_PUTENV -diff -up openssh/auth-pam.h.role-mls openssh/auth-pam.h ---- openssh/auth-pam.h.role-mls 2016-07-24 13:50:13.000000000 +0200 -+++ openssh/auth-pam.h 2016-07-26 12:37:48.793593333 +0200 -@@ -38,7 +38,7 @@ void do_pam_session(void); - void do_pam_set_tty(const char *); - void do_pam_setcred(int ); - void do_pam_chauthtok(void); --int do_pam_putenv(char *, char *); -+int do_pam_putenv(char *, const char *); - char ** fetch_pam_environment(void); - char ** fetch_pam_child_environment(void); - void free_pam_environment(char **); -diff -up openssh/auth.h.role-mls openssh/auth.h ---- openssh/auth.h.role-mls 2016-07-24 13:50:13.000000000 +0200 -+++ openssh/auth.h 2016-07-26 12:37:48.793593333 +0200 -@@ -62,6 +62,9 @@ struct Authctxt { - char *service; - struct passwd *pw; /* set if 'valid' */ - char *style; -+#ifdef WITH_SELINUX -+ char *role; -+#endif - void *kbdintctxt; - char *info; /* Extra info for next auth_log */ - #ifdef BSD_AUTH -diff -up openssh/auth1.c.role-mls openssh/auth1.c ---- openssh/auth1.c.role-mls 2016-07-24 13:50:13.000000000 +0200 -+++ openssh/auth1.c 2016-07-26 12:37:48.793593333 +0200 -@@ -384,6 +384,9 @@ do_authentication(Authctxt *authctxt) - { - u_int ulen; - char *user, *style = NULL; +diff -up openssh-7.4p1/auth2.c.role-mls openssh-7.4p1/auth2.c +--- openssh-7.4p1/auth2.c.role-mls 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/auth2.c 2016-12-23 12:19:58.587459379 +0100 +@@ -215,6 +215,9 @@ input_userauth_request(int type, u_int32 + Authctxt *authctxt = ctxt; + Authmethod *m = NULL; + char *user, *service, *method, *style = NULL; +#ifdef WITH_SELINUX -+ char *role=NULL; ++ char *role = NULL; +#endif + int authenticated = 0; - /* Get the name of the user that we wish to log in as. */ - packet_read_expect(SSH_CMSG_USER); -@@ -392,11 +395,24 @@ do_authentication(Authctxt *authctxt) - user = packet_get_cstring(&ulen); - packet_check_eom(); + if (authctxt == NULL) +@@ -226,6 +229,11 @@ input_userauth_request(int type, u_int32 + debug("userauth-request for user %s service %s method %s", user, service, method); + debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); +#ifdef WITH_SELINUX + if ((role = strchr(user, '/')) != NULL) -+ *role++ = '\0'; ++ *role++ = 0; +#endif + if ((style = strchr(user, ':')) != NULL) - *style++ = '\0'; + *style++ = 0; + +@@ -251,8 +259,15 @@ input_userauth_request(int type, u_int32 + use_privsep ? " [net]" : ""); + authctxt->service = xstrdup(service); + authctxt->style = style ? xstrdup(style) : NULL; +- if (use_privsep) +#ifdef WITH_SELINUX -+ else -+ if (role && (style = strchr(role, ':')) != NULL) -+ *style++ = '\0'; ++ authctxt->role = role ? xstrdup(role) : NULL; +#endif - - authctxt->user = user; - authctxt->style = style; ++ if (use_privsep) { + mm_inform_authserv(service, style); +#ifdef WITH_SELINUX -+ authctxt->role = role; ++ mm_inform_authrole(role); +#endif - - /* Verify that the user is a valid user. */ - if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL) -diff -up openssh/auth2-gss.c.role-mls openssh/auth2-gss.c ---- openssh/auth2-gss.c.role-mls 2016-07-24 13:50:13.000000000 +0200 -+++ openssh/auth2-gss.c 2016-07-26 12:37:48.794593332 +0200 ++ } + userauth_banner(); + if (auth2_setup_methods_lists(authctxt) != 0) + packet_disconnect("no authentication methods enabled"); +diff -up openssh-7.4p1/auth2-gss.c.role-mls openssh-7.4p1/auth2-gss.c +--- openssh-7.4p1/auth2-gss.c.role-mls 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/auth2-gss.c 2016-12-23 12:19:58.586459382 +0100 @@ -255,6 +255,7 @@ input_gssapi_mic(int type, u_int32_t ple Authctxt *authctxt = ctxt; Gssctxt *gssctxt; @@ -108,9 +75,9 @@ diff -up openssh/auth2-gss.c.role-mls openssh/auth2-gss.c free(mic.value); authctxt->postponed = 0; -diff -up openssh/auth2-hostbased.c.role-mls openssh/auth2-hostbased.c ---- openssh/auth2-hostbased.c.role-mls 2016-07-24 13:50:13.000000000 +0200 -+++ openssh/auth2-hostbased.c 2016-07-26 12:37:48.794593332 +0200 +diff -up openssh-7.4p1/auth2-hostbased.c.role-mls openssh-7.4p1/auth2-hostbased.c +--- openssh-7.4p1/auth2-hostbased.c.role-mls 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/auth2-hostbased.c 2016-12-23 12:19:58.586459382 +0100 @@ -121,7 +121,15 @@ userauth_hostbased(Authctxt *authctxt) buffer_put_string(&b, session_id2, session_id2_len); /* reconstruct packet */ @@ -128,9 +95,9 @@ diff -up openssh/auth2-hostbased.c.role-mls openssh/auth2-hostbased.c buffer_put_cstring(&b, service); buffer_put_cstring(&b, "hostbased"); buffer_put_string(&b, pkalg, alen); -diff -up openssh/auth2-pubkey.c.role-mls openssh/auth2-pubkey.c ---- openssh/auth2-pubkey.c.role-mls 2016-07-24 13:50:13.000000000 +0200 -+++ openssh/auth2-pubkey.c 2016-07-26 12:37:48.794593332 +0200 +diff -up openssh-7.4p1/auth2-pubkey.c.role-mls openssh-7.4p1/auth2-pubkey.c +--- openssh-7.4p1/auth2-pubkey.c.role-mls 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/auth2-pubkey.c 2016-12-23 12:19:58.587459379 +0100 @@ -151,9 +151,15 @@ userauth_pubkey(Authctxt *authctxt) } /* reconstruct packet */ @@ -149,51 +116,46 @@ diff -up openssh/auth2-pubkey.c.role-mls openssh/auth2-pubkey.c buffer_put_cstring(&b, userstyle); free(userstyle); buffer_put_cstring(&b, -diff -up openssh/auth2.c.role-mls openssh/auth2.c ---- openssh/auth2.c.role-mls 2016-07-24 13:50:13.000000000 +0200 -+++ openssh/auth2.c 2016-07-26 12:37:48.794593332 +0200 -@@ -215,6 +215,9 @@ input_userauth_request(int type, u_int32 - Authctxt *authctxt = ctxt; - Authmethod *m = NULL; - char *user, *service, *method, *style = NULL; -+#ifdef WITH_SELINUX -+ char *role = NULL; -+#endif - int authenticated = 0; - - if (authctxt == NULL) -@@ -226,6 +229,11 @@ input_userauth_request(int type, u_int32 - debug("userauth-request for user %s service %s method %s", user, service, method); - debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); - -+#ifdef WITH_SELINUX -+ if ((role = strchr(user, '/')) != NULL) -+ *role++ = 0; -+#endif -+ - if ((style = strchr(user, ':')) != NULL) - *style++ = 0; - -@@ -251,8 +259,15 @@ input_userauth_request(int type, u_int32 - use_privsep ? " [net]" : ""); - authctxt->service = xstrdup(service); - authctxt->style = style ? xstrdup(style) : NULL; -- if (use_privsep) -+#ifdef WITH_SELINUX -+ authctxt->role = role ? xstrdup(role) : NULL; -+#endif -+ if (use_privsep) { - mm_inform_authserv(service, style); +diff -up openssh-7.4p1/auth.h.role-mls openssh-7.4p1/auth.h +--- openssh-7.4p1/auth.h.role-mls 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/auth.h 2016-12-23 12:19:43.478510375 +0100 +@@ -62,6 +62,9 @@ struct Authctxt { + char *service; + struct passwd *pw; /* set if 'valid' */ + char *style; +#ifdef WITH_SELINUX -+ mm_inform_authrole(role); ++ char *role; +#endif -+ } - userauth_banner(); - if (auth2_setup_methods_lists(authctxt) != 0) - packet_disconnect("no authentication methods enabled"); -diff -up openssh/misc.c.role-mls openssh/misc.c ---- openssh/misc.c.role-mls 2016-07-24 13:50:13.000000000 +0200 -+++ openssh/misc.c 2016-07-26 12:37:48.794593332 +0200 + void *kbdintctxt; + char *info; /* Extra info for next auth_log */ + #ifdef BSD_AUTH +diff -up openssh-7.4p1/auth-pam.c.role-mls openssh-7.4p1/auth-pam.c +--- openssh-7.4p1/auth-pam.c.role-mls 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/auth-pam.c 2016-12-23 12:19:43.477510378 +0100 +@@ -1087,7 +1087,7 @@ is_pam_session_open(void) + * during the ssh authentication process. + */ + int +-do_pam_putenv(char *name, char *value) ++do_pam_putenv(char *name, const char *value) + { + int ret = 1; + #ifdef HAVE_PAM_PUTENV +diff -up openssh-7.4p1/auth-pam.h.role-mls openssh-7.4p1/auth-pam.h +--- openssh-7.4p1/auth-pam.h.role-mls 2016-12-23 12:19:43.478510375 +0100 ++++ openssh-7.4p1/auth-pam.h 2016-12-23 12:21:44.698101234 +0100 +@@ -31,7 +31,7 @@ u_int do_pam_account(void); + void do_pam_session(void); + void do_pam_setcred(int ); + void do_pam_chauthtok(void); +-int do_pam_putenv(char *, char *); ++int do_pam_putenv(char *, const char *); + char ** fetch_pam_environment(void); + char ** fetch_pam_child_environment(void); + void free_pam_environment(char **); +diff -up openssh-7.4p1/misc.c.role-mls openssh-7.4p1/misc.c +--- openssh-7.4p1/misc.c.role-mls 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/misc.c 2016-12-23 12:19:58.587459379 +0100 @@ -432,6 +432,7 @@ char * colon(char *cp) { @@ -216,10 +178,10 @@ diff -up openssh/misc.c.role-mls openssh/misc.c } return NULL; } -diff -up openssh/monitor.c.role-mls openssh/monitor.c ---- openssh/monitor.c.role-mls 2016-07-24 13:50:13.000000000 +0200 -+++ openssh/monitor.c 2016-07-26 12:44:19.363379490 +0200 -@@ -128,6 +128,9 @@ int mm_answer_sign(int, Buffer *); +diff -up openssh-7.4p1/monitor.c.role-mls openssh-7.4p1/monitor.c +--- openssh-7.4p1/monitor.c.role-mls 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/monitor.c 2016-12-23 12:23:03.503835248 +0100 +@@ -127,6 +127,9 @@ int mm_answer_sign(int, Buffer *); int mm_answer_pwnamallow(int, Buffer *); int mm_answer_auth2_read_banner(int, Buffer *); int mm_answer_authserv(int, Buffer *); @@ -229,7 +191,7 @@ diff -up openssh/monitor.c.role-mls openssh/monitor.c int mm_answer_authpassword(int, Buffer *); int mm_answer_bsdauthquery(int, Buffer *); int mm_answer_bsdauthrespond(int, Buffer *); -@@ -207,6 +210,9 @@ struct mon_table mon_dispatch_proto20[] +@@ -202,6 +205,9 @@ struct mon_table mon_dispatch_proto20[] {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, @@ -239,17 +201,17 @@ diff -up openssh/monitor.c.role-mls openssh/monitor.c {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, #ifdef USE_PAM -@@ -863,6 +869,9 @@ mm_answer_pwnamallow(int sock, Buffer *m - else { - /* Allow service/style information on the auth context */ - monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); +@@ -769,6 +775,9 @@ mm_answer_pwnamallow(int sock, Buffer *m + + /* Allow service/style information on the auth context */ + monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); +#ifdef WITH_SELINUX -+ monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1); ++ monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1); +#endif - monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); - } + monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); + #ifdef USE_PAM -@@ -904,6 +913,25 @@ mm_answer_authserv(int sock, Buffer *m) +@@ -810,6 +819,25 @@ mm_answer_authserv(int sock, Buffer *m) return (0); } @@ -275,7 +237,7 @@ diff -up openssh/monitor.c.role-mls openssh/monitor.c int mm_answer_authpassword(int sock, Buffer *m) { -@@ -1300,7 +1328,7 @@ monitor_valid_userblob(u_char *data, u_i +@@ -1208,7 +1236,7 @@ monitor_valid_userblob(u_char *data, u_i { Buffer b; u_char *p; @@ -284,7 +246,7 @@ diff -up openssh/monitor.c.role-mls openssh/monitor.c u_int len; int fail = 0; -@@ -1326,6 +1354,8 @@ monitor_valid_userblob(u_char *data, u_i +@@ -1234,6 +1262,8 @@ monitor_valid_userblob(u_char *data, u_i if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) fail++; cp = buffer_get_cstring(&b, NULL); @@ -293,7 +255,7 @@ diff -up openssh/monitor.c.role-mls openssh/monitor.c xasprintf(&userstyle, "%s%s%s", authctxt->user, authctxt->style ? ":" : "", authctxt->style ? authctxt->style : ""); -@@ -1361,7 +1391,7 @@ monitor_valid_hostbasedblob(u_char *data +@@ -1269,7 +1299,7 @@ monitor_valid_hostbasedblob(u_char *data char *chost) { Buffer b; @@ -302,7 +264,7 @@ diff -up openssh/monitor.c.role-mls openssh/monitor.c u_int len; int fail = 0; -@@ -1378,6 +1408,8 @@ monitor_valid_hostbasedblob(u_char *data +@@ -1286,6 +1316,8 @@ monitor_valid_hostbasedblob(u_char *data if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) fail++; p = buffer_get_cstring(&b, NULL); @@ -311,9 +273,9 @@ diff -up openssh/monitor.c.role-mls openssh/monitor.c xasprintf(&userstyle, "%s%s%s", authctxt->user, authctxt->style ? ":" : "", authctxt->style ? authctxt->style : ""); -diff -up openssh/monitor.h.role-mls openssh/monitor.h ---- openssh/monitor.h.role-mls 2016-07-24 13:50:13.000000000 +0200 -+++ openssh/monitor.h 2016-07-26 12:37:48.795593331 +0200 +diff -up openssh-7.4p1/monitor.h.role-mls openssh-7.4p1/monitor.h +--- openssh-7.4p1/monitor.h.role-mls 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/monitor.h 2016-12-23 12:19:58.588459376 +0100 @@ -57,6 +57,10 @@ enum monitor_reqtype { MONITOR_REQ_GSSCHECKMIC = 48, MONITOR_ANS_GSSCHECKMIC = 49, MONITOR_REQ_TERM = 50, @@ -325,10 +287,10 @@ diff -up openssh/monitor.h.role-mls openssh/monitor.h MONITOR_REQ_PAM_START = 100, MONITOR_REQ_PAM_ACCOUNT = 102, MONITOR_ANS_PAM_ACCOUNT = 103, MONITOR_REQ_PAM_INIT_CTX = 104, MONITOR_ANS_PAM_INIT_CTX = 105, -diff -up openssh/monitor_wrap.c.role-mls openssh/monitor_wrap.c ---- openssh/monitor_wrap.c.role-mls 2016-07-24 13:50:13.000000000 +0200 -+++ openssh/monitor_wrap.c 2016-07-26 12:37:48.795593331 +0200 -@@ -346,6 +346,25 @@ mm_inform_authserv(char *service, char * +diff -up openssh-7.4p1/monitor_wrap.c.role-mls openssh-7.4p1/monitor_wrap.c +--- openssh-7.4p1/monitor_wrap.c.role-mls 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/monitor_wrap.c 2016-12-23 12:19:58.588459376 +0100 +@@ -345,6 +345,25 @@ mm_inform_authserv(char *service, char * buffer_free(&m); } @@ -354,9 +316,9 @@ diff -up openssh/monitor_wrap.c.role-mls openssh/monitor_wrap.c /* Do the password authentication */ int mm_auth_password(Authctxt *authctxt, char *password) -diff -up openssh/monitor_wrap.h.role-mls openssh/monitor_wrap.h ---- openssh/monitor_wrap.h.role-mls 2016-07-24 13:50:13.000000000 +0200 -+++ openssh/monitor_wrap.h 2016-07-26 12:37:48.795593331 +0200 +diff -up openssh-7.4p1/monitor_wrap.h.role-mls openssh-7.4p1/monitor_wrap.h +--- openssh-7.4p1/monitor_wrap.h.role-mls 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/monitor_wrap.h 2016-12-23 12:19:58.588459376 +0100 @@ -42,6 +42,9 @@ int mm_is_monitor(void); DH *mm_choose_dh(int, int, int); int mm_key_sign(Key *, u_char **, u_int *, const u_char *, u_int, const char *); @@ -367,21 +329,90 @@ diff -up openssh/monitor_wrap.h.role-mls openssh/monitor_wrap.h struct passwd *mm_getpwnamallow(const char *); char *mm_auth2_read_banner(void); int mm_auth_password(struct Authctxt *, char *); -diff -up openssh/openbsd-compat/Makefile.in.role-mls openssh/openbsd-compat/Makefile.in ---- openssh/openbsd-compat/Makefile.in.role-mls 2016-07-24 13:50:13.000000000 +0200 -+++ openssh/openbsd-compat/Makefile.in 2016-07-26 12:37:48.795593331 +0200 +diff -up openssh-7.4p1/openbsd-compat/Makefile.in.role-mls openssh-7.4p1/openbsd-compat/Makefile.in +--- openssh-7.4p1/openbsd-compat/Makefile.in.role-mls 2016-12-23 12:19:58.588459376 +0100 ++++ openssh-7.4p1/openbsd-compat/Makefile.in 2016-12-23 12:24:06.042643938 +0100 @@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bcrypt_pbkdf - COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-err.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o kludge-fd_set.o + COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-err.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xcrypt.o kludge-fd_set.o -PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o +PORTS=port-aix.o port-irix.o port-linux.o port-linux-sshd.o port-solaris.o port-tun.o port-uw.o .c.o: $(CC) $(CFLAGS) $(CPPFLAGS) -c $< -diff -up openssh/openbsd-compat/port-linux-sshd.c.role-mls openssh/openbsd-compat/port-linux-sshd.c ---- openssh/openbsd-compat/port-linux-sshd.c.role-mls 2016-07-26 12:37:48.796593331 +0200 -+++ openssh/openbsd-compat/port-linux-sshd.c 2016-07-26 12:37:48.796593331 +0200 +diff -up openssh-7.4p1/openbsd-compat/port-linux.c.role-mls openssh-7.4p1/openbsd-compat/port-linux.c +--- openssh-7.4p1/openbsd-compat/port-linux.c.role-mls 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/openbsd-compat/port-linux.c 2016-12-23 12:19:58.590459369 +0100 +@@ -101,37 +101,6 @@ ssh_selinux_getctxbyname(char *pwname) + return sc; + } + +-/* Set the execution context to the default for the specified user */ +-void +-ssh_selinux_setup_exec_context(char *pwname) +-{ +- security_context_t user_ctx = NULL; +- +- if (!ssh_selinux_enabled()) +- return; +- +- debug3("%s: setting execution context", __func__); +- +- user_ctx = ssh_selinux_getctxbyname(pwname); +- if (setexeccon(user_ctx) != 0) { +- switch (security_getenforce()) { +- case -1: +- fatal("%s: security_getenforce() failed", __func__); +- case 0: +- error("%s: Failed to set SELinux execution " +- "context for %s", __func__, pwname); +- break; +- default: +- fatal("%s: Failed to set SELinux execution context " +- "for %s (in enforcing mode)", __func__, pwname); +- } +- } +- if (user_ctx != NULL) +- freecon(user_ctx); +- +- debug3("%s: done", __func__); +-} +- + /* Set the TTY context for the specified user */ + void + ssh_selinux_setup_pty(char *pwname, const char *tty) +@@ -145,7 +114,11 @@ ssh_selinux_setup_pty(char *pwname, cons + + debug3("%s: setting TTY context on %s", __func__, tty); + +- user_ctx = ssh_selinux_getctxbyname(pwname); ++ if (getexeccon(&user_ctx) != 0) { ++ error("%s: getexeccon: %s", __func__, strerror(errno)); ++ goto out; ++ } ++ + + /* XXX: should these calls fatal() upon failure in enforcing mode? */ + +diff -up openssh-7.4p1/openbsd-compat/port-linux.h.role-mls openssh-7.4p1/openbsd-compat/port-linux.h +--- openssh-7.4p1/openbsd-compat/port-linux.h.role-mls 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/openbsd-compat/port-linux.h 2016-12-23 12:19:58.591459365 +0100 +@@ -20,9 +20,10 @@ + #ifdef WITH_SELINUX + int ssh_selinux_enabled(void); + void ssh_selinux_setup_pty(char *, const char *); +-void ssh_selinux_setup_exec_context(char *); + void ssh_selinux_change_context(const char *); + void ssh_selinux_setfscreatecon(const char *); ++ ++void sshd_selinux_setup_exec_context(char *); + #endif + + #ifdef LINUX_OOM_ADJUST +diff -up openssh-7.4p1/openbsd-compat/port-linux-sshd.c.role-mls openssh-7.4p1/openbsd-compat/port-linux-sshd.c +--- openssh-7.4p1/openbsd-compat/port-linux-sshd.c.role-mls 2016-12-23 12:19:58.590459369 +0100 ++++ openssh-7.4p1/openbsd-compat/port-linux-sshd.c 2016-12-23 12:19:58.590459369 +0100 @@ -0,0 +1,424 @@ +/* + * Copyright (c) 2005 Daniel Walsh @@ -807,79 +838,10 @@ diff -up openssh/openbsd-compat/port-linux-sshd.c.role-mls openssh/openbsd-compa +#endif +#endif + -diff -up openssh/openbsd-compat/port-linux.c.role-mls openssh/openbsd-compat/port-linux.c ---- openssh/openbsd-compat/port-linux.c.role-mls 2016-07-24 13:50:13.000000000 +0200 -+++ openssh/openbsd-compat/port-linux.c 2016-07-26 12:37:48.796593331 +0200 -@@ -103,37 +103,6 @@ ssh_selinux_getctxbyname(char *pwname) - return sc; - } - --/* Set the execution context to the default for the specified user */ --void --ssh_selinux_setup_exec_context(char *pwname) --{ -- security_context_t user_ctx = NULL; -- -- if (!ssh_selinux_enabled()) -- return; -- -- debug3("%s: setting execution context", __func__); -- -- user_ctx = ssh_selinux_getctxbyname(pwname); -- if (setexeccon(user_ctx) != 0) { -- switch (security_getenforce()) { -- case -1: -- fatal("%s: security_getenforce() failed", __func__); -- case 0: -- error("%s: Failed to set SELinux execution " -- "context for %s", __func__, pwname); -- break; -- default: -- fatal("%s: Failed to set SELinux execution context " -- "for %s (in enforcing mode)", __func__, pwname); -- } -- } -- if (user_ctx != NULL) -- freecon(user_ctx); -- -- debug3("%s: done", __func__); --} -- - /* Set the TTY context for the specified user */ - void - ssh_selinux_setup_pty(char *pwname, const char *tty) -@@ -147,7 +116,11 @@ ssh_selinux_setup_pty(char *pwname, cons - - debug3("%s: setting TTY context on %s", __func__, tty); - -- user_ctx = ssh_selinux_getctxbyname(pwname); -+ if (getexeccon(&user_ctx) != 0) { -+ error("%s: getexeccon: %s", __func__, strerror(errno)); -+ goto out; -+ } -+ - - /* XXX: should these calls fatal() upon failure in enforcing mode? */ - -diff -up openssh/openbsd-compat/port-linux.h.role-mls openssh/openbsd-compat/port-linux.h ---- openssh/openbsd-compat/port-linux.h.role-mls 2016-07-24 13:50:13.000000000 +0200 -+++ openssh/openbsd-compat/port-linux.h 2016-07-26 12:37:48.796593331 +0200 -@@ -22,9 +22,10 @@ - #ifdef WITH_SELINUX - int ssh_selinux_enabled(void); - void ssh_selinux_setup_pty(char *, const char *); --void ssh_selinux_setup_exec_context(char *); - void ssh_selinux_change_context(const char *); - void ssh_selinux_setfscreatecon(const char *); -+ -+void sshd_selinux_setup_exec_context(char *); - #endif - - #ifdef LINUX_OOM_ADJUST -diff -up openssh/platform.c.role-mls openssh/platform.c ---- openssh/platform.c.role-mls 2016-07-24 13:50:13.000000000 +0200 -+++ openssh/platform.c 2016-07-26 12:37:48.796593331 +0200 -@@ -186,7 +186,7 @@ platform_setusercontext_post_groups(stru +diff -up openssh-7.4p1/platform.c.role-mls openssh-7.4p1/platform.c +--- openssh-7.4p1/platform.c.role-mls 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/platform.c 2016-12-23 12:19:58.591459365 +0100 +@@ -184,7 +184,7 @@ platform_setusercontext_post_groups(stru } #endif /* HAVE_SETPCRED */ #ifdef WITH_SELINUX @@ -888,10 +850,10 @@ diff -up openssh/platform.c.role-mls openssh/platform.c #endif } -diff -up openssh/sshd.c.role-mls openssh/sshd.c ---- openssh/sshd.c.role-mls 2016-07-24 13:50:13.000000000 +0200 -+++ openssh/sshd.c 2016-07-26 12:37:48.796593331 +0200 -@@ -2295,6 +2295,9 @@ main(int ac, char **av) +diff -up openssh-7.4p1/sshd.c.role-mls openssh-7.4p1/sshd.c +--- openssh-7.4p1/sshd.c.role-mls 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/sshd.c 2016-12-23 12:19:58.591459365 +0100 +@@ -2053,6 +2053,9 @@ main(int ac, char **av) restore_uid(); } #endif diff --git a/openssh-6.7p1-coverity.patch b/openssh-6.7p1-coverity.patch index 143ebad..5b12ddd 100644 --- a/openssh-6.7p1-coverity.patch +++ b/openssh-6.7p1-coverity.patch @@ -1,22 +1,7 @@ -diff -up openssh-6.8p1/channels.c.coverity openssh-6.8p1/channels.c ---- openssh-6.8p1/channels.c.coverity 2015-03-18 17:21:51.815265002 +0100 -+++ openssh-6.8p1/channels.c 2015-03-18 17:21:51.896264833 +0100 -@@ -243,11 +243,11 @@ channel_register_fds(Channel *c, int rfd - channel_max_fd = MAX(channel_max_fd, wfd); - channel_max_fd = MAX(channel_max_fd, efd); - -- if (rfd != -1) -+ if (rfd >= 0) - fcntl(rfd, F_SETFD, FD_CLOEXEC); -- if (wfd != -1 && wfd != rfd) -+ if (wfd >= 0 && wfd != rfd) - fcntl(wfd, F_SETFD, FD_CLOEXEC); -- if (efd != -1 && efd != rfd && efd != wfd) -+ if (efd >= 0 && efd != rfd && efd != wfd) - fcntl(efd, F_SETFD, FD_CLOEXEC); - - c->rfd = rfd; -@@ -265,11 +265,11 @@ channel_register_fds(Channel *c, int rfd +diff -up openssh-7.4p1/channels.c.coverity openssh-7.4p1/channels.c +--- openssh-7.4p1/channels.c.coverity 2016-12-23 16:40:26.881788686 +0100 ++++ openssh-7.4p1/channels.c 2016-12-23 16:42:36.244818763 +0100 +@@ -288,11 +288,11 @@ channel_register_fds(Channel *c, int rfd /* enable nonblocking mode */ if (nonblock) { @@ -31,10 +16,10 @@ diff -up openssh-6.8p1/channels.c.coverity openssh-6.8p1/channels.c set_nonblock(efd); } } -diff -up openssh-6.8p1/monitor.c.coverity openssh-6.8p1/monitor.c ---- openssh-6.8p1/monitor.c.coverity 2015-03-18 17:21:51.887264852 +0100 -+++ openssh-6.8p1/monitor.c 2015-03-18 17:21:51.897264831 +0100 -@@ -444,7 +444,7 @@ monitor_child_preauth(Authctxt *_authctx +diff -up openssh-7.4p1/monitor.c.coverity openssh-7.4p1/monitor.c +--- openssh-7.4p1/monitor.c.coverity 2016-12-23 16:40:26.888788688 +0100 ++++ openssh-7.4p1/monitor.c 2016-12-23 16:40:26.900788691 +0100 +@@ -411,7 +411,7 @@ monitor_child_preauth(Authctxt *_authctx mm_get_keystate(pmonitor); /* Drain any buffered messages from the child */ @@ -43,10 +28,10 @@ diff -up openssh-6.8p1/monitor.c.coverity openssh-6.8p1/monitor.c ; close(pmonitor->m_sendfd); -diff -up openssh-6.8p1/monitor_wrap.c.coverity openssh-6.8p1/monitor_wrap.c ---- openssh-6.8p1/monitor_wrap.c.coverity 2015-03-18 17:21:51.888264849 +0100 -+++ openssh-6.8p1/monitor_wrap.c 2015-03-18 17:21:51.897264831 +0100 -@@ -533,10 +533,10 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, +diff -up openssh-7.4p1/monitor_wrap.c.coverity openssh-7.4p1/monitor_wrap.c +--- openssh-7.4p1/monitor_wrap.c.coverity 2016-12-23 16:40:26.892788689 +0100 ++++ openssh-7.4p1/monitor_wrap.c 2016-12-23 16:40:26.900788691 +0100 +@@ -525,10 +525,10 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 || (tmp2 = dup(pmonitor->m_recvfd)) == -1) { error("%s: cannot allocate fds for pty", __func__); @@ -60,9 +45,9 @@ diff -up openssh-6.8p1/monitor_wrap.c.coverity openssh-6.8p1/monitor_wrap.c return 0; } close(tmp1); -diff -up openssh-6.8p1/openbsd-compat/bindresvport.c.coverity openssh-6.8p1/openbsd-compat/bindresvport.c ---- openssh-6.8p1/openbsd-compat/bindresvport.c.coverity 2015-03-17 06:49:20.000000000 +0100 -+++ openssh-6.8p1/openbsd-compat/bindresvport.c 2015-03-18 17:21:51.897264831 +0100 +diff -up openssh-7.4p1/openbsd-compat/bindresvport.c.coverity openssh-7.4p1/openbsd-compat/bindresvport.c +--- openssh-7.4p1/openbsd-compat/bindresvport.c.coverity 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/openbsd-compat/bindresvport.c 2016-12-23 16:40:26.901788691 +0100 @@ -58,7 +58,7 @@ bindresvport_sa(int sd, struct sockaddr struct sockaddr_in6 *in6; u_int16_t *portp; @@ -72,10 +57,10 @@ diff -up openssh-6.8p1/openbsd-compat/bindresvport.c.coverity openssh-6.8p1/open int i; if (sa == NULL) { -diff -up openssh-6.8p1/scp.c.coverity openssh-6.8p1/scp.c ---- openssh-6.8p1/scp.c.coverity 2015-03-18 17:21:51.868264891 +0100 -+++ openssh-6.8p1/scp.c 2015-03-18 17:21:58.281251460 +0100 -@@ -156,7 +156,7 @@ killchild(int signo) +diff -up openssh-7.4p1/scp.c.coverity openssh-7.4p1/scp.c +--- openssh-7.4p1/scp.c.coverity 2016-12-23 16:40:26.856788681 +0100 ++++ openssh-7.4p1/scp.c 2016-12-23 16:40:26.901788691 +0100 +@@ -157,7 +157,7 @@ killchild(int signo) { if (do_cmd_pid > 1) { kill(do_cmd_pid, signo ? signo : SIGTERM); @@ -84,10 +69,10 @@ diff -up openssh-6.8p1/scp.c.coverity openssh-6.8p1/scp.c } if (signo) -diff -up openssh-6.8p1/servconf.c.coverity openssh-6.8p1/servconf.c ---- openssh-6.8p1/servconf.c.coverity 2015-03-18 17:21:51.893264839 +0100 -+++ openssh-6.8p1/servconf.c 2015-03-18 17:21:58.281251460 +0100 -@@ -1475,7 +1475,7 @@ process_server_config_line(ServerOptions +diff -up openssh-7.4p1/servconf.c.coverity openssh-7.4p1/servconf.c +--- openssh-7.4p1/servconf.c.coverity 2016-12-23 16:40:26.896788690 +0100 ++++ openssh-7.4p1/servconf.c 2016-12-23 16:40:26.901788691 +0100 +@@ -1547,7 +1547,7 @@ process_server_config_line(ServerOptions fatal("%s line %d: Missing subsystem name.", filename, linenum); if (!*activep) { @@ -96,7 +81,7 @@ diff -up openssh-6.8p1/servconf.c.coverity openssh-6.8p1/servconf.c break; } for (i = 0; i < options->num_subsystems; i++) -@@ -1566,8 +1566,9 @@ process_server_config_line(ServerOptions +@@ -1638,8 +1638,9 @@ process_server_config_line(ServerOptions if (*activep && *charptr == NULL) { *charptr = tilde_expand_filename(arg, getuid()); /* increase optional counter */ @@ -108,10 +93,10 @@ diff -up openssh-6.8p1/servconf.c.coverity openssh-6.8p1/servconf.c } break; -diff -up openssh-6.8p1/serverloop.c.coverity openssh-6.8p1/serverloop.c ---- openssh-6.8p1/serverloop.c.coverity 2015-03-17 06:49:20.000000000 +0100 -+++ openssh-6.8p1/serverloop.c 2015-03-18 17:28:45.616436080 +0100 -@@ -147,13 +147,13 @@ notify_setup(void) +diff -up openssh-7.4p1/serverloop.c.coverity openssh-7.4p1/serverloop.c +--- openssh-7.4p1/serverloop.c.coverity 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/serverloop.c 2016-12-23 16:40:26.902788691 +0100 +@@ -125,13 +125,13 @@ notify_setup(void) static void notify_parent(void) { @@ -127,7 +112,7 @@ diff -up openssh-6.8p1/serverloop.c.coverity openssh-6.8p1/serverloop.c FD_SET(notify_pipe[0], readset); } static void -@@ -161,8 +161,8 @@ notify_done(fd_set *readset) +@@ -139,8 +139,8 @@ notify_done(fd_set *readset) { char c; @@ -138,80 +123,7 @@ diff -up openssh-6.8p1/serverloop.c.coverity openssh-6.8p1/serverloop.c debug2("notify_done: reading"); } -@@ -337,7 +337,7 @@ wait_until_can_do_something(fd_set **rea - * If we have buffered data, try to write some of that data - * to the program. - */ -- if (fdin != -1 && buffer_len(&stdin_buffer) > 0) -+ if (fdin >= 0 && buffer_len(&stdin_buffer) > 0) - FD_SET(fdin, *writesetp); - } - notify_prepare(*readsetp); -@@ -477,7 +477,7 @@ process_output(fd_set *writeset) - int len; - - /* Write buffered data to program stdin. */ -- if (!compat20 && fdin != -1 && FD_ISSET(fdin, writeset)) { -+ if (!compat20 && fdin >= 0 && FD_ISSET(fdin, writeset)) { - data = buffer_ptr(&stdin_buffer); - dlen = buffer_len(&stdin_buffer); - len = write(fdin, data, dlen); -@@ -590,7 +590,7 @@ server_loop(pid_t pid, int fdin_arg, int - set_nonblock(fdin); - set_nonblock(fdout); - /* we don't have stderr for interactive terminal sessions, see below */ -- if (fderr != -1) -+ if (fderr >= 0) - set_nonblock(fderr); - - if (!(datafellows & SSH_BUG_IGNOREMSG) && isatty(fdin)) -@@ -614,7 +614,7 @@ server_loop(pid_t pid, int fdin_arg, int - max_fd = MAX(connection_in, connection_out); - max_fd = MAX(max_fd, fdin); - max_fd = MAX(max_fd, fdout); -- if (fderr != -1) -+ if (fderr >= 0) - max_fd = MAX(max_fd, fderr); - #endif - -@@ -644,7 +644,7 @@ server_loop(pid_t pid, int fdin_arg, int - * If we have received eof, and there is no more pending - * input data, cause a real eof by closing fdin. - */ -- if (stdin_eof && fdin != -1 && buffer_len(&stdin_buffer) == 0) { -+ if (stdin_eof && fdin >= 0 && buffer_len(&stdin_buffer) == 0) { - if (fdin != fdout) - close(fdin); - else -@@ -740,15 +740,15 @@ server_loop(pid_t pid, int fdin_arg, int - buffer_free(&stderr_buffer); - - /* Close the file descriptors. */ -- if (fdout != -1) -+ if (fdout >= 0) - close(fdout); - fdout = -1; - fdout_eof = 1; -- if (fderr != -1) -+ if (fderr >= 0) - close(fderr); - fderr = -1; - fderr_eof = 1; -- if (fdin != -1) -+ if (fdin >= 0) - close(fdin); - fdin = -1; - -@@ -950,7 +950,7 @@ server_input_window_size(int type, u_int - - debug("Window change received."); - packet_check_eom(); -- if (fdin != -1) -+ if (fdin >= 0) - pty_change_window_size(fdin, row, col, xpixel, ypixel); - return 0; - } -@@ -1043,7 +1043,7 @@ server_request_tun(void) +@@ -518,7 +518,7 @@ server_request_tun(void) } tun = packet_get_int(); @@ -220,10 +132,10 @@ diff -up openssh-6.8p1/serverloop.c.coverity openssh-6.8p1/serverloop.c if (tun != SSH_TUNID_ANY && forced_tun_device != tun) goto done; tun = forced_tun_device; -diff -up openssh-6.8p1/sftp.c.coverity openssh-6.8p1/sftp.c ---- openssh-6.8p1/sftp.c.coverity 2015-03-17 06:49:20.000000000 +0100 -+++ openssh-6.8p1/sftp.c 2015-03-18 17:21:58.283251456 +0100 -@@ -223,7 +223,7 @@ killchild(int signo) +diff -up openssh-7.4p1/sftp.c.coverity openssh-7.4p1/sftp.c +--- openssh-7.4p1/sftp.c.coverity 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/sftp.c 2016-12-23 16:40:26.903788691 +0100 +@@ -224,7 +224,7 @@ killchild(int signo) { if (sshpid > 1) { kill(sshpid, SIGTERM); @@ -232,10 +144,10 @@ diff -up openssh-6.8p1/sftp.c.coverity openssh-6.8p1/sftp.c } _exit(1); -diff -up openssh-6.8p1/ssh-agent.c.coverity openssh-6.8p1/ssh-agent.c ---- openssh-6.8p1/ssh-agent.c.coverity 2015-03-17 06:49:20.000000000 +0100 -+++ openssh-6.8p1/ssh-agent.c 2015-03-18 17:21:58.284251454 +0100 -@@ -1166,8 +1166,8 @@ main(int ac, char **av) +diff -up openssh-7.4p1/ssh-agent.c.coverity openssh-7.4p1/ssh-agent.c +--- openssh-7.4p1/ssh-agent.c.coverity 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/ssh-agent.c 2016-12-23 16:40:26.903788691 +0100 +@@ -1220,8 +1220,8 @@ main(int ac, char **av) sanitise_stdfd(); /* drop */ @@ -246,10 +158,10 @@ diff -up openssh-6.8p1/ssh-agent.c.coverity openssh-6.8p1/ssh-agent.c platform_disable_tracing(0); /* strict=no */ -diff -up openssh-6.8p1/sshd.c.coverity openssh-6.8p1/sshd.c ---- openssh-6.8p1/sshd.c.coverity 2015-03-18 17:21:51.893264839 +0100 -+++ openssh-6.8p1/sshd.c 2015-03-18 17:21:58.284251454 +0100 -@@ -778,8 +778,10 @@ privsep_preauth(Authctxt *authctxt) +diff -up openssh-7.4p1/sshd.c.coverity openssh-7.4p1/sshd.c +--- openssh-7.4p1/sshd.c.coverity 2016-12-23 16:40:26.897788690 +0100 ++++ openssh-7.4p1/sshd.c 2016-12-23 16:40:26.904788692 +0100 +@@ -691,8 +691,10 @@ privsep_preauth(Authctxt *authctxt) privsep_preauth_child(); setproctitle("%s", "[net]"); @@ -261,7 +173,7 @@ diff -up openssh-6.8p1/sshd.c.coverity openssh-6.8p1/sshd.c return 0; } -@@ -1518,6 +1520,9 @@ server_accept_loop(int *sock_in, int *so +@@ -1386,6 +1388,9 @@ server_accept_loop(int *sock_in, int *so if (num_listen_socks < 0) break; } diff --git a/openssh-6.7p1-debian-restore-tcp-wrappers.patch b/openssh-6.7p1-debian-restore-tcp-wrappers.patch index a41cf34..5fcc451 100644 --- a/openssh-6.7p1-debian-restore-tcp-wrappers.patch +++ b/openssh-6.7p1-debian-restore-tcp-wrappers.patch @@ -1,7 +1,7 @@ -diff -up openssh/configure.ac.tcp_wrappers openssh/configure.ac ---- openssh/configure.ac.tcp_wrappers 2015-06-24 11:41:04.519293694 +0200 -+++ openssh/configure.ac 2015-06-24 11:41:04.556293600 +0200 -@@ -1448,6 +1448,62 @@ AC_ARG_WITH([skey], +diff -up openssh-7.4p1/configure.ac.tcp_wrappers openssh-7.4p1/configure.ac +--- openssh-7.4p1/configure.ac.tcp_wrappers 2016-12-23 15:36:38.745411192 +0100 ++++ openssh-7.4p1/configure.ac 2016-12-23 15:36:38.777411197 +0100 +@@ -1491,6 +1491,62 @@ AC_ARG_WITH([skey], ] ) @@ -64,7 +64,7 @@ diff -up openssh/configure.ac.tcp_wrappers openssh/configure.ac # Check whether user wants to use ldns LDNS_MSG="no" AC_ARG_WITH(ldns, -@@ -5034,6 +5090,7 @@ echo " KerberosV support +@@ -5214,6 +5270,7 @@ echo " KerberosV support echo " SELinux support: $SELINUX_MSG" echo " Smartcard support: $SCARD_MSG" echo " S/KEY support: $SKEY_MSG" @@ -72,10 +72,10 @@ diff -up openssh/configure.ac.tcp_wrappers openssh/configure.ac echo " MD5 password support: $MD5_MSG" echo " libedit support: $LIBEDIT_MSG" echo " Solaris process contract support: $SPC_MSG" -diff -up openssh/sshd.8.tcp_wrappers openssh/sshd.8 ---- openssh/sshd.8.tcp_wrappers 2015-06-24 11:41:04.527293674 +0200 -+++ openssh/sshd.8 2015-06-24 11:41:04.556293600 +0200 -@@ -860,6 +860,12 @@ the user's home directory becomes access +diff -up openssh-7.4p1/sshd.8.tcp_wrappers openssh-7.4p1/sshd.8 +--- openssh-7.4p1/sshd.8.tcp_wrappers 2016-12-23 15:36:38.759411194 +0100 ++++ openssh-7.4p1/sshd.8 2016-12-23 15:36:38.778411197 +0100 +@@ -836,6 +836,12 @@ the user's home directory becomes access This file should be writable only by the user, and need not be readable by anyone else. .Pp @@ -88,7 +88,7 @@ diff -up openssh/sshd.8.tcp_wrappers openssh/sshd.8 .It Pa /etc/hosts.equiv This file is for host-based authentication (see .Xr ssh 1 ) . -@@ -983,6 +989,7 @@ IPv6 address can be used everywhere wher +@@ -960,6 +966,7 @@ IPv6 address can be used everywhere wher .Xr ssh-keygen 1 , .Xr ssh-keyscan 1 , .Xr chroot 2 , @@ -96,10 +96,10 @@ diff -up openssh/sshd.8.tcp_wrappers openssh/sshd.8 .Xr login.conf 5 , .Xr moduli 5 , .Xr sshd_config 5 , -diff -up openssh/sshd.c.tcp_wrappers openssh/sshd.c ---- openssh/sshd.c.tcp_wrappers 2015-06-24 11:41:04.549293618 +0200 -+++ openssh/sshd.c 2015-06-24 11:41:53.331169536 +0200 -@@ -125,6 +125,13 @@ +diff -up openssh-7.4p1/sshd.c.tcp_wrappers openssh-7.4p1/sshd.c +--- openssh-7.4p1/sshd.c.tcp_wrappers 2016-12-23 15:36:38.772411196 +0100 ++++ openssh-7.4p1/sshd.c 2016-12-23 15:37:15.032417028 +0100 +@@ -123,6 +123,13 @@ #include "version.h" #include "ssherr.h" @@ -110,10 +110,10 @@ diff -up openssh/sshd.c.tcp_wrappers openssh/sshd.c +int deny_severity; +#endif /* LIBWRAP */ + - #ifndef O_NOCTTY - #define O_NOCTTY 0 - #endif -@@ -2158,6 +2165,24 @@ main(int ac, char **av) + /* Re-exec fds */ + #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1) + #define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2) +@@ -2012,6 +2019,24 @@ main(int ac, char **av) #ifdef SSH_AUDIT_EVENTS audit_connection_from(remote_ip, remote_port); #endif diff --git a/openssh-6.8p1-memory-problems.patch b/openssh-6.8p1-memory-problems.patch index db21660..e112033 100644 --- a/openssh-6.8p1-memory-problems.patch +++ b/openssh-6.8p1-memory-problems.patch @@ -1,8 +1,7 @@ -diff --git a/servconf.c b/servconf.c -index ad5869b..0255ed3 100644 ---- a/servconf.c -+++ b/servconf.c -@@ -1910,6 +1910,8 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) +diff -up openssh-7.4p1/servconf.c.memory openssh-7.4p1/servconf.c +--- openssh-7.4p1/servconf.c.memory 2016-12-23 15:37:48.181422360 +0100 ++++ openssh-7.4p1/servconf.c 2016-12-23 15:38:30.189429116 +0100 +@@ -2006,6 +2006,8 @@ copy_set_server_options(ServerOptions *d dst->n = src->n; \ } while (0) @@ -10,8 +9,8 @@ index ad5869b..0255ed3 100644 + M_CP_INTOPT(password_authentication); M_CP_INTOPT(gss_authentication); - M_CP_INTOPT(rsa_authentication); -@@ -1947,8 +1949,10 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) + M_CP_INTOPT(pubkey_authentication); +@@ -2058,8 +2060,10 @@ copy_set_server_options(ServerOptions *d } while(0) #define M_CP_STRARRAYOPT(n, num_n) do {\ if (src->num_n != 0) { \ diff --git a/openssh-7.0p1-show-more-fingerprints.patch b/openssh-7.0p1-show-more-fingerprints.patch index 2666842..d4637f5 100644 --- a/openssh-7.0p1-show-more-fingerprints.patch +++ b/openssh-7.0p1-show-more-fingerprints.patch @@ -1,23 +1,7 @@ -From e1d58c44bd911e5ee4dddb6205e16eb9a03cc736 Mon Sep 17 00:00:00 2001 -From: Jakub Jelen -Date: Fri, 7 Aug 2015 10:18:54 +0200 -Subject: [PATCH] Possibility tu specify more fingerprint algorithms on client - side for smother transition - ---- - clientloop.c | 8 ++++---- - readconf.c | 43 +++++++++++++++++++++++++++++-------------- - readconf.h | 4 +++- - ssh_config.5 | 4 ++-- - sshconnect.c | 48 +++++++++++++++++++++++++++--------------------- - sshconnect2.c | 6 +++--- - 6 files changed, 68 insertions(+), 45 deletions(-) - -diff --git a/clientloop.c b/clientloop.c -index 87ceb3d..4553114 100644 ---- a/clientloop.c -+++ b/clientloop.c -@@ -2194,7 +2194,7 @@ update_known_hosts(struct hostkeys_update_ctx *ctx) +diff -up openssh-7.4p1/clientloop.c.fingerprint openssh-7.4p1/clientloop.c +--- openssh-7.4p1/clientloop.c.fingerprint 2016-12-23 15:38:50.520432387 +0100 ++++ openssh-7.4p1/clientloop.c 2016-12-23 15:38:50.564432394 +0100 +@@ -2279,7 +2279,7 @@ update_known_hosts(struct hostkeys_updat if (ctx->keys_seen[i] != 2) continue; if ((fp = sshkey_fingerprint(ctx->keys[i], @@ -26,7 +10,7 @@ index 87ceb3d..4553114 100644 fatal("%s: sshkey_fingerprint failed", __func__); do_log2(loglevel, "Learned new hostkey: %s %s", sshkey_type(ctx->keys[i]), fp); -@@ -2202,7 +2202,7 @@ update_known_hosts(struct hostkeys_update_ctx *ctx) +@@ -2287,7 +2287,7 @@ update_known_hosts(struct hostkeys_updat } for (i = 0; i < ctx->nold; i++) { if ((fp = sshkey_fingerprint(ctx->old_keys[i], @@ -35,7 +19,7 @@ index 87ceb3d..4553114 100644 fatal("%s: sshkey_fingerprint failed", __func__); do_log2(loglevel, "Deprecating obsolete hostkey: %s %s", sshkey_type(ctx->old_keys[i]), fp); -@@ -2245,7 +2245,7 @@ update_known_hosts(struct hostkeys_update_ctx *ctx) +@@ -2330,7 +2330,7 @@ update_known_hosts(struct hostkeys_updat (r = hostfile_replace_entries(options.user_hostfiles[0], ctx->host_str, ctx->ip_str, ctx->keys, ctx->nkeys, options.hash_known_hosts, 0, @@ -44,7 +28,7 @@ index 87ceb3d..4553114 100644 error("%s: hostfile_replace_entries failed: %s", __func__, ssh_err(r)); } -@@ -2358,7 +2358,7 @@ client_input_hostkeys(void) +@@ -2443,7 +2443,7 @@ client_input_hostkeys(void) error("%s: parse key: %s", __func__, ssh_err(r)); goto out; } @@ -53,11 +37,10 @@ index 87ceb3d..4553114 100644 SSH_FP_DEFAULT); debug3("%s: received %s key %s", __func__, sshkey_type(key), fp); -diff --git a/readconf.c b/readconf.c -index 1d03bdf..6af4c62 100644 ---- a/readconf.c -+++ b/readconf.c -@@ -1471,16 +1471,18 @@ parse_keytypes: +diff -up openssh-7.4p1/readconf.c.fingerprint openssh-7.4p1/readconf.c +--- openssh-7.4p1/readconf.c.fingerprint 2016-12-23 15:38:50.559432393 +0100 ++++ openssh-7.4p1/readconf.c 2016-12-23 15:38:50.565432394 +0100 +@@ -1668,16 +1668,18 @@ parse_keytypes: goto parse_string; case oFingerprintHash: @@ -86,7 +69,7 @@ index 1d03bdf..6af4c62 100644 break; case oUpdateHostkeys: -@@ -1673,7 +1675,7 @@ initialize_options(Options * options) +@@ -1905,7 +1907,7 @@ initialize_options(Options * options) options->canonicalize_fallback_local = -1; options->canonicalize_hostname = -1; options->revoked_host_keys = NULL; @@ -95,7 +78,7 @@ index 1d03bdf..6af4c62 100644 options->update_hostkeys = -1; options->hostbased_key_types = NULL; options->pubkey_key_types = NULL; -@@ -1851,8 +1853,10 @@ fill_default_options(Options * options) +@@ -2102,8 +2104,10 @@ fill_default_options(Options * options) options->canonicalize_fallback_local = 1; if (options->canonicalize_hostname == -1) options->canonicalize_hostname = SSH_CANONICALISE_NO; @@ -108,7 +91,7 @@ index 1d03bdf..6af4c62 100644 if (options->update_hostkeys == -1) options->update_hostkeys = 0; if (kex_assemble_names(KEX_CLIENT_ENCRYPT, &options->ciphers) != 0 || -@@ -2189,6 +2193,17 @@ dump_cfg_strarray(OpCodes code, u_int count, char **vals) +@@ -2489,6 +2493,17 @@ dump_cfg_strarray(OpCodes code, u_int co } static void @@ -126,7 +109,7 @@ index 1d03bdf..6af4c62 100644 dump_cfg_strarray_oneline(OpCodes code, u_int count, char **vals) { u_int i; -@@ -2259,7 +2274,6 @@ dump_client_config(Options *o, const char *host) +@@ -2564,7 +2579,6 @@ dump_client_config(Options *o, const cha dump_cfg_fmtint(oEnableSSHKeysign, o->enable_ssh_keysign); dump_cfg_fmtint(oClearAllForwardings, o->clear_forwardings); dump_cfg_fmtint(oExitOnForwardFailure, o->exit_on_forward_failure); @@ -134,7 +117,7 @@ index 1d03bdf..6af4c62 100644 dump_cfg_fmtint(oForwardAgent, o->forward_agent); dump_cfg_fmtint(oForwardX11, o->forward_x11); dump_cfg_fmtint(oForwardX11Trusted, o->forward_x11_trusted); -@@ -2328,6 +2342,7 @@ dump_client_config(Options *o, const char *host) +@@ -2634,6 +2648,7 @@ dump_client_config(Options *o, const cha dump_cfg_strarray_oneline(oGlobalKnownHostsFile, o->num_system_hostfiles, o->system_hostfiles); dump_cfg_strarray_oneline(oUserKnownHostsFile, o->num_user_hostfiles, o->user_hostfiles); dump_cfg_strarray(oSendEnv, o->num_send_env, o->send_env); @@ -142,10 +125,9 @@ index 1d03bdf..6af4c62 100644 /* Special cases */ -diff --git a/readconf.h b/readconf.h -index bb2d552..d817f92 100644 ---- a/readconf.h -+++ b/readconf.h +diff -up openssh-7.4p1/readconf.h.fingerprint openssh-7.4p1/readconf.h +--- openssh-7.4p1/readconf.h.fingerprint 2016-12-23 15:38:50.559432393 +0100 ++++ openssh-7.4p1/readconf.h 2016-12-23 15:38:50.565432394 +0100 @@ -21,6 +21,7 @@ #define MAX_SEND_ENV 256 #define SSH_MAX_HOSTS_FILES 32 @@ -154,7 +136,7 @@ index bb2d552..d817f92 100644 #define PATH_MAX_SUN (sizeof((struct sockaddr_un *)0)->sun_path) struct allowed_cname { -@@ -146,7 +147,8 @@ typedef struct { +@@ -162,7 +163,8 @@ typedef struct { char *revoked_host_keys; @@ -164,31 +146,60 @@ index bb2d552..d817f92 100644 int update_hostkeys; /* one of SSH_UPDATE_HOSTKEYS_* */ -diff --git a/ssh_config.5 b/ssh_config.5 -index 5b0975f..e8e6458 100644 ---- a/ssh_config.5 -+++ b/ssh_config.5 -@@ -647,13 +647,13 @@ or - The default is - .Dq no . +diff -up openssh-7.4p1/ssh_config.5.fingerprint openssh-7.4p1/ssh_config.5 +--- openssh-7.4p1/ssh_config.5.fingerprint 2016-12-23 15:38:50.565432394 +0100 ++++ openssh-7.4p1/ssh_config.5 2016-12-23 15:40:03.754444166 +0100 +@@ -652,12 +652,13 @@ or + .Cm no + (the default). .It Cm FingerprintHash -Specifies the hash algorithm used when displaying key fingerprints. +Specifies the hash algorithms used when displaying key fingerprints. Valid options are: - .Dq md5 + .Cm md5 and - .Dq sha256 . - The default is --.Dq sha256 . -+.Dq "sha256 md5". +-.Cm sha256 +-(the default). ++.Cm sha256 . ++The default is ++.Cm "sha256 md5". .It Cm ForwardAgent Specifies whether the connection to the authentication agent (if any) will be forwarded to the remote machine. -diff --git a/sshconnect.c b/sshconnect.c -index f41960c..e12932f 100644 ---- a/sshconnect.c -+++ b/sshconnect.c -@@ -920,9 +920,9 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, +diff -up openssh-7.4p1/sshconnect2.c.fingerprint openssh-7.4p1/sshconnect2.c +--- openssh-7.4p1/sshconnect2.c.fingerprint 2016-12-23 15:38:50.561432394 +0100 ++++ openssh-7.4p1/sshconnect2.c 2016-12-23 15:38:50.566432394 +0100 +@@ -677,7 +677,7 @@ input_userauth_pk_ok(int type, u_int32_t + key->type, pktype); + goto done; + } +- if ((fp = sshkey_fingerprint(key, options.fingerprint_hash, ++ if ((fp = sshkey_fingerprint(key, options.fingerprint_hash[0], + SSH_FP_DEFAULT)) == NULL) + goto done; + debug2("input_userauth_pk_ok: fp %s", fp); +@@ -1172,7 +1172,7 @@ sign_and_send_pubkey(Authctxt *authctxt, + int matched, ret = -1, have_sig = 1; + char *fp; + +- if ((fp = sshkey_fingerprint(id->key, options.fingerprint_hash, ++ if ((fp = sshkey_fingerprint(id->key, options.fingerprint_hash[0], + SSH_FP_DEFAULT)) == NULL) + return 0; + debug3("%s: %s %s", __func__, key_type(id->key), fp); +@@ -1864,7 +1864,7 @@ userauth_hostbased(Authctxt *authctxt) + goto out; + } + +- if ((fp = sshkey_fingerprint(private, options.fingerprint_hash, ++ if ((fp = sshkey_fingerprint(private, options.fingerprint_hash[0], + SSH_FP_DEFAULT)) == NULL) { + error("%s: sshkey_fingerprint failed", __func__); + goto out; +diff -up openssh-7.4p1/sshconnect.c.fingerprint openssh-7.4p1/sshconnect.c +--- openssh-7.4p1/sshconnect.c.fingerprint 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/sshconnect.c 2016-12-23 15:38:50.566432394 +0100 +@@ -922,9 +922,9 @@ check_host_key(char *hostname, struct so "of known hosts.", type, ip); } else if (options.visual_host_key) { fp = sshkey_fingerprint(host_key, @@ -200,7 +211,7 @@ index f41960c..e12932f 100644 if (fp == NULL || ra == NULL) fatal("%s: sshkey_fingerprint fail", __func__); logit("Host key fingerprint is %s\n%s", fp, ra); -@@ -964,12 +964,6 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, +@@ -966,12 +966,6 @@ check_host_key(char *hostname, struct so else snprintf(msg1, sizeof(msg1), "."); /* The default */ @@ -213,14 +224,14 @@ index f41960c..e12932f 100644 msg2[0] = '\0'; if (options.verify_host_key_dns) { if (matching_host_key_dns) -@@ -983,16 +977,28 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, +@@ -985,16 +979,28 @@ check_host_key(char *hostname, struct so } snprintf(msg, sizeof(msg), "The authenticity of host '%.200s (%s)' can't be " - "established%s\n" - "%s key fingerprint is %s.%s%s\n%s" + "established%s\n", host, ip, msg1); -+ for (i = 0; i < options.num_fingerprint_hash; i++) { ++ for (i = 0; i < (u_int) options.num_fingerprint_hash; i++) { + fp = sshkey_fingerprint(host_key, + options.fingerprint_hash[i], SSH_FP_DEFAULT); + ra = sshkey_fingerprint(host_key, @@ -251,7 +262,7 @@ index f41960c..e12932f 100644 if (!confirm(msg)) goto fail; hostkey_trusted = 1; /* user explicitly confirmed */ -@@ -1241,7 +1247,7 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) +@@ -1244,7 +1250,7 @@ verify_host_key(char *host, struct socka struct sshkey *plain = NULL; if ((fp = sshkey_fingerprint(host_key, @@ -260,7 +271,16 @@ index f41960c..e12932f 100644 error("%s: fingerprint host key: %s", __func__, ssh_err(r)); r = -1; goto out; -@@ -1405,9 +1411,9 @@ show_other_keys(struct hostkeys *hostkeys, Key *key) +@@ -1252,7 +1258,7 @@ verify_host_key(char *host, struct socka + + if (sshkey_is_cert(host_key)) { + if ((cafp = sshkey_fingerprint(host_key->cert->signature_key, +- options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) { ++ options.fingerprint_hash[0], SSH_FP_DEFAULT)) == NULL) { + error("%s: fingerprint CA key: %s", + __func__, ssh_err(r)); + r = -1; +@@ -1432,9 +1438,9 @@ show_other_keys(struct hostkeys *hostkey if (!lookup_key_in_hostkeys_by_type(hostkeys, type[i], &found)) continue; fp = sshkey_fingerprint(found->key, @@ -272,7 +292,7 @@ index f41960c..e12932f 100644 if (fp == NULL || ra == NULL) fatal("%s: sshkey_fingerprint fail", __func__); logit("WARNING: %s key found for host %s\n" -@@ -1430,7 +1436,7 @@ warn_changed_key(Key *host_key) +@@ -1457,7 +1463,7 @@ warn_changed_key(Key *host_key) { char *fp; @@ -281,42 +301,10 @@ index f41960c..e12932f 100644 SSH_FP_DEFAULT); if (fp == NULL) fatal("%s: sshkey_fingerprint fail", __func__); -diff --git a/sshconnect2.c b/sshconnect2.c -index 7751031..82ed92e 100644 ---- a/sshconnect2.c -+++ b/sshconnect2.c -@@ -589,7 +589,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt) - key->type, pktype); - goto done; - } -- if ((fp = sshkey_fingerprint(key, options.fingerprint_hash, -+ if ((fp = sshkey_fingerprint(key, options.fingerprint_hash[0], - SSH_FP_DEFAULT)) == NULL) - goto done; - debug2("input_userauth_pk_ok: fp %s", fp); -@@ -1009,7 +1009,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) - int matched, ret = -1, have_sig = 1; - char *fp; - -- if ((fp = sshkey_fingerprint(id->key, options.fingerprint_hash, -+ if ((fp = sshkey_fingerprint(id->key, options.fingerprint_hash[0], - SSH_FP_DEFAULT)) == NULL) - return 0; - debug3("%s: %s %s", __func__, key_type(id->key), fp); -@@ -1635,7 +1635,7 @@ userauth_hostbased(Authctxt *authctxt) - goto out; - } - -- if ((fp = sshkey_fingerprint(private, options.fingerprint_hash, -+ if ((fp = sshkey_fingerprint(private, options.fingerprint_hash[0], - SSH_FP_DEFAULT)) == NULL) { - error("%s: sshkey_fingerprint failed", __func__); - goto out; -diff --git a/ssh-keysign.c b/ssh-keysign.c -index 1dca3e2..23bff7d 100644 ---- a/ssh-keysign.c -+++ b/ssh-keysign.c -@@ -275,7 +275,7 @@ main(int argc, char **argv) +diff -up openssh-7.4p1/ssh-keysign.c.fingerprint openssh-7.4p1/ssh-keysign.c +--- openssh-7.4p1/ssh-keysign.c.fingerprint 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/ssh-keysign.c 2016-12-23 15:38:50.566432394 +0100 +@@ -285,7 +285,7 @@ main(int argc, char **argv) } } if (!found) { @@ -325,21 +313,3 @@ index 1dca3e2..23bff7d 100644 SSH_FP_DEFAULT)) == NULL) fatal("%s: sshkey_fingerprint failed", __progname); fatal("no matching hostkey found for key %s %s", - --- -2.1.0 - - -diff --git a/sshconnect.c b/sshconnect.c -index de7ace6..f16e606 100644 ---- a/sshconnect.c -+++ b/sshconnect.c -@@ -1262,7 +1262,7 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) - - if (sshkey_is_cert(host_key)) { - if ((cafp = sshkey_fingerprint(host_key->cert->signature_key, -- options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) { -+ options.fingerprint_hash[0], SSH_FP_DEFAULT)) == NULL) { - error("%s: fingerprint CA key: %s", - __func__, ssh_err(r)); - r = -1; diff --git a/openssh-7.1p1-gssapi-documentation.patch b/openssh-7.1p1-gssapi-documentation.patch index 4887cc0..a97cbc4 100644 --- a/openssh-7.1p1-gssapi-documentation.patch +++ b/openssh-7.1p1-gssapi-documentation.patch @@ -1,7 +1,7 @@ -diff -up openssh-7.1p1/ssh_config.5.gss-docs openssh-7.1p1/ssh_config.5 ---- openssh-7.1p1/ssh_config.5.gss-docs 2015-12-10 15:28:47.451966457 +0100 -+++ openssh-7.1p1/ssh_config.5 2015-12-10 15:30:28.070738047 +0100 -@@ -773,15 +773,26 @@ Note that this option applies to protoco +diff -up openssh-7.4p1/ssh_config.5.gss-docs openssh-7.4p1/ssh_config.5 +--- openssh-7.4p1/ssh_config.5.gss-docs 2016-12-23 14:28:34.051714486 +0100 ++++ openssh-7.4p1/ssh_config.5 2016-12-23 14:34:24.568522417 +0100 +@@ -765,10 +765,19 @@ The default is If set to .Dq yes then renewal of the client's GSSAPI credentials will force the rekeying of the @@ -19,6 +19,11 @@ diff -up openssh-7.1p1/ssh_config.5.gss-docs openssh-7.1p1/ssh_config.5 +For this to work +.Cm GSSAPIKeyExchange +needs to be enabled in the server and also used by the client. + .It Cm GSSAPIServerIdentity + If set, specifies the GSSAPI server identity that ssh should expect when + connecting to the server. The default is unset, which means that the +@@ -776,9 +785,11 @@ expected GSSAPI server identity will be + hostname. .It Cm GSSAPITrustDns Set to -.Dq yes to indicate that the DNS is trusted to securely canonicalize @@ -31,10 +36,10 @@ diff -up openssh-7.1p1/ssh_config.5.gss-docs openssh-7.1p1/ssh_config.5 command line will be passed untouched to the GSSAPI library. The default is .Dq no . -diff -up openssh-7.1p1/sshd_config.5.gss-docs openssh-7.1p1/sshd_config.5 ---- openssh-7.1p1/sshd_config.5.gss-docs 2015-12-10 15:28:47.453966452 +0100 -+++ openssh-7.1p1/sshd_config.5 2015-12-10 15:28:47.461966434 +0100 -@@ -653,6 +653,10 @@ Controls whether the user's GSSAPI crede +diff -up openssh-7.4p1/sshd_config.5.gss-docs openssh-7.4p1/sshd_config.5 +--- openssh-7.4p1/sshd_config.5.gss-docs 2016-12-23 14:28:34.043714490 +0100 ++++ openssh-7.4p1/sshd_config.5 2016-12-23 14:28:34.051714486 +0100 +@@ -652,6 +652,10 @@ Controls whether the user's GSSAPI crede successful connection rekeying. This option can be used to accepted renewed or updated credentials from a compatible client. The default is .Dq no . diff --git a/openssh-7.1p2-audit-race-condition.patch b/openssh-7.1p2-audit-race-condition.patch index aa82e52..035f0ac 100644 --- a/openssh-7.1p2-audit-race-condition.patch +++ b/openssh-7.1p2-audit-race-condition.patch @@ -1,7 +1,7 @@ -diff -up openssh-7.3p1/monitor_wrap.c.audit-race openssh-7.3p1/monitor_wrap.c ---- openssh-7.3p1/monitor_wrap.c.audit-race 2016-12-15 14:27:22.376603747 +0100 -+++ openssh-7.3p1/monitor_wrap.c 2016-12-15 14:27:22.381603742 +0100 -@@ -1256,4 +1256,48 @@ mm_audit_destroy_sensitive_data(const ch +diff -up openssh-7.4p1/monitor_wrap.c.audit-race openssh-7.4p1/monitor_wrap.c +--- openssh-7.4p1/monitor_wrap.c.audit-race 2016-12-23 16:35:52.694685771 +0100 ++++ openssh-7.4p1/monitor_wrap.c 2016-12-23 16:35:52.697685772 +0100 +@@ -1107,4 +1107,48 @@ mm_audit_destroy_sensitive_data(const ch mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SERVER_KEY_FREE, &m); buffer_free(&m); } @@ -50,10 +50,10 @@ diff -up openssh-7.3p1/monitor_wrap.c.audit-race openssh-7.3p1/monitor_wrap.c + pmonitor->m_recvfd = fd; +} #endif /* SSH_AUDIT_EVENTS */ -diff -up openssh-7.3p1/monitor_wrap.h.audit-race openssh-7.3p1/monitor_wrap.h ---- openssh-7.3p1/monitor_wrap.h.audit-race 2016-12-15 14:27:22.376603747 +0100 -+++ openssh-7.3p1/monitor_wrap.h 2016-12-15 14:27:22.381603742 +0100 -@@ -88,6 +88,8 @@ void mm_audit_unsupported_body(int); +diff -up openssh-7.4p1/monitor_wrap.h.audit-race openssh-7.4p1/monitor_wrap.h +--- openssh-7.4p1/monitor_wrap.h.audit-race 2016-12-23 16:35:52.694685771 +0100 ++++ openssh-7.4p1/monitor_wrap.h 2016-12-23 16:35:52.698685772 +0100 +@@ -83,6 +83,8 @@ void mm_audit_unsupported_body(int); void mm_audit_kex_body(int, char *, char *, char *, char *, pid_t, uid_t); void mm_audit_session_key_free_body(int, pid_t, uid_t); void mm_audit_destroy_sensitive_data(const char *, pid_t, uid_t); @@ -62,10 +62,10 @@ diff -up openssh-7.3p1/monitor_wrap.h.audit-race openssh-7.3p1/monitor_wrap.h #endif struct Session; -diff -up openssh-7.3p1/session.c.audit-race openssh-7.3p1/session.c ---- openssh-7.3p1/session.c.audit-race 2016-12-15 14:27:22.378603745 +0100 -+++ openssh-7.3p1/session.c 2016-12-15 14:27:22.382603741 +0100 -@@ -164,6 +164,10 @@ static Session *sessions = NULL; +diff -up openssh-7.4p1/session.c.audit-race openssh-7.4p1/session.c +--- openssh-7.4p1/session.c.audit-race 2016-12-23 16:35:52.695685771 +0100 ++++ openssh-7.4p1/session.c 2016-12-23 16:37:26.339730596 +0100 +@@ -162,6 +162,10 @@ static Session *sessions = NULL; login_cap_t *lc; #endif @@ -76,8 +76,8 @@ diff -up openssh-7.3p1/session.c.audit-race openssh-7.3p1/session.c static int is_child = 0; static int in_chroot = 0; static int have_dev_log = 1; -@@ -457,6 +457,8 @@ do_authenticated1(Authctxt *authctxt) - } +@@ -289,6 +293,8 @@ xauth_valid_string(const char *s) + return 1; } +void child_destory_sensitive_data(); @@ -85,7 +85,7 @@ diff -up openssh-7.3p1/session.c.audit-race openssh-7.3p1/session.c #define USE_PIPES 1 /* * This is called to fork and execute a command when we have no tty. This -@@ -588,6 +592,8 @@ do_exec_no_pty(Session *s, const char *c +@@ -424,6 +430,8 @@ do_exec_no_pty(Session *s, const char *c cray_init_job(s->pw); /* set up cray jid and tmpdir */ #endif @@ -94,7 +94,7 @@ diff -up openssh-7.3p1/session.c.audit-race openssh-7.3p1/session.c /* Do processing for the child (exec command etc). */ do_child(s, command); /* NOTREACHED */ -@@ -722,6 +728,9 @@ do_exec_pty(Session *s, const char *comm +@@ -547,6 +555,9 @@ do_exec_pty(Session *s, const char *comm /* Close the extra descriptor for the pseudo tty. */ close(ttyfd); @@ -102,9 +102,9 @@ diff -up openssh-7.3p1/session.c.audit-race openssh-7.3p1/session.c + child_destory_sensitive_data(); + /* record login, etc. similar to login(1) */ - #ifndef HAVE_OSF_SIA - if (!(options.use_login && command == NULL)) { -@@ -903,6 +912,8 @@ do_exec(Session *s, const char *command) + #ifdef _UNICOS + cray_init_job(s->pw); /* set up cray jid and tmpdir */ +@@ -717,6 +728,8 @@ do_exec(Session *s, const char *command) } if (s->command != NULL && s->ptyfd == -1) s->command_handle = PRIVSEP(audit_run_command(s->command)); @@ -113,7 +113,7 @@ diff -up openssh-7.3p1/session.c.audit-race openssh-7.3p1/session.c #endif if (s->ttyfd != -1) ret = do_exec_pty(s, command); -@@ -918,6 +929,20 @@ do_exec(Session *s, const char *command) +@@ -732,6 +745,20 @@ do_exec(Session *s, const char *command) */ buffer_clear(&loginmsg); @@ -134,7 +134,7 @@ diff -up openssh-7.3p1/session.c.audit-race openssh-7.3p1/session.c return ret; } -@@ -1751,6 +1776,33 @@ child_close_fds(void) +@@ -1538,6 +1565,33 @@ child_close_fds(void) endpwent(); } @@ -168,7 +168,7 @@ diff -up openssh-7.3p1/session.c.audit-race openssh-7.3p1/session.c /* * Performs common processing for the child, such as setting up the * environment, closing extra file descriptors, setting the user and group -@@ -1768,12 +1820,6 @@ do_child(Session *s, const char *command +@@ -1554,12 +1608,6 @@ do_child(Session *s, const char *command struct passwd *pw = s->pw; int r = 0; diff --git a/openssh-7.2p1-audit.patch b/openssh-7.2p1-audit.patch index 8654e95..c8a4df3 100644 --- a/openssh-7.2p1-audit.patch +++ b/openssh-7.2p1-audit.patch @@ -1,7 +1,7 @@ -diff -up openssh-7.3p1/audit-bsm.c.audit openssh-7.3p1/audit-bsm.c ---- openssh-7.3p1/audit-bsm.c.audit 2016-07-28 00:54:27.000000000 +0200 -+++ openssh-7.3p1/audit-bsm.c 2016-08-02 09:28:22.692299001 +0200 -@@ -375,10 +375,23 @@ audit_connection_from(const char *host, +diff -up openssh-7.4p1/audit-bsm.c.audit openssh-7.4p1/audit-bsm.c +--- openssh-7.4p1/audit-bsm.c.audit 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/audit-bsm.c 2016-12-23 18:54:54.433080419 +0100 +@@ -373,10 +373,23 @@ audit_connection_from(const char *host, #endif } @@ -26,7 +26,7 @@ diff -up openssh-7.3p1/audit-bsm.c.audit openssh-7.3p1/audit-bsm.c } void -@@ -393,6 +406,12 @@ audit_session_close(struct logininfo *li +@@ -391,6 +404,12 @@ audit_session_close(struct logininfo *li /* not implemented */ } @@ -39,7 +39,7 @@ diff -up openssh-7.3p1/audit-bsm.c.audit openssh-7.3p1/audit-bsm.c void audit_event(ssh_audit_event_t event) { -@@ -454,4 +473,40 @@ audit_event(ssh_audit_event_t event) +@@ -452,4 +471,40 @@ audit_event(ssh_audit_event_t event) debug("%s: unhandled event %d", __func__, event); } } @@ -80,10 +80,10 @@ diff -up openssh-7.3p1/audit-bsm.c.audit openssh-7.3p1/audit-bsm.c + /* not implemented */ +} #endif /* BSM */ -diff -up openssh-7.3p1/audit.c.audit openssh-7.3p1/audit.c ---- openssh-7.3p1/audit.c.audit 2016-07-28 00:54:27.000000000 +0200 -+++ openssh-7.3p1/audit.c 2016-08-02 09:28:22.692299001 +0200 -@@ -28,6 +28,7 @@ +diff -up openssh-7.4p1/audit.c.audit openssh-7.4p1/audit.c +--- openssh-7.4p1/audit.c.audit 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/audit.c 2016-12-23 18:54:54.433080419 +0100 +@@ -26,6 +26,7 @@ #include #include @@ -91,7 +91,7 @@ diff -up openssh-7.3p1/audit.c.audit openssh-7.3p1/audit.c #ifdef SSH_AUDIT_EVENTS -@@ -36,6 +37,11 @@ +@@ -34,6 +35,11 @@ #include "key.h" #include "hostfile.h" #include "auth.h" @@ -103,7 +103,7 @@ diff -up openssh-7.3p1/audit.c.audit openssh-7.3p1/audit.c /* * Care must be taken when using this since it WILL NOT be initialized when -@@ -43,6 +49,7 @@ +@@ -41,6 +47,7 @@ * audit_event(CONNECTION_ABANDON) is called. Test for NULL before using. */ extern Authctxt *the_authctxt; @@ -111,7 +111,7 @@ diff -up openssh-7.3p1/audit.c.audit openssh-7.3p1/audit.c /* Maybe add the audit class to struct Authmethod? */ ssh_audit_event_t -@@ -71,13 +78,10 @@ audit_classify_auth(const char *method) +@@ -69,13 +76,10 @@ audit_classify_auth(const char *method) const char * audit_username(void) { @@ -127,7 +127,7 @@ diff -up openssh-7.3p1/audit.c.audit openssh-7.3p1/audit.c return (the_authctxt->user); } -@@ -111,6 +115,40 @@ audit_event_lookup(ssh_audit_event_t ev) +@@ -109,6 +113,40 @@ audit_event_lookup(ssh_audit_event_t ev) return(event_lookup[i].name); } @@ -168,7 +168,7 @@ diff -up openssh-7.3p1/audit.c.audit openssh-7.3p1/audit.c # ifndef CUSTOM_SSH_AUDIT_EVENTS /* * Null implementations of audit functions. -@@ -140,6 +178,17 @@ audit_event(ssh_audit_event_t event) +@@ -138,6 +176,17 @@ audit_event(ssh_audit_event_t event) } /* @@ -186,7 +186,7 @@ diff -up openssh-7.3p1/audit.c.audit openssh-7.3p1/audit.c * Called when a user session is started. Argument is the tty allocated to * the session, or NULL if no tty was allocated. * -@@ -174,13 +223,91 @@ audit_session_close(struct logininfo *li +@@ -172,13 +221,91 @@ audit_session_close(struct logininfo *li /* * This will be called when a user runs a non-interactive command. Note that * it may be called multiple times for a single connection since SSH2 allows @@ -280,10 +280,10 @@ diff -up openssh-7.3p1/audit.c.audit openssh-7.3p1/audit.c } # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */ -diff -up openssh-7.3p1/audit.h.audit openssh-7.3p1/audit.h ---- openssh-7.3p1/audit.h.audit 2016-07-28 00:54:27.000000000 +0200 -+++ openssh-7.3p1/audit.h 2016-08-02 09:28:22.692299001 +0200 -@@ -28,6 +28,7 @@ +diff -up openssh-7.4p1/audit.h.audit openssh-7.4p1/audit.h +--- openssh-7.4p1/audit.h.audit 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/audit.h 2016-12-23 18:54:54.433080419 +0100 +@@ -26,6 +26,7 @@ # define _SSH_AUDIT_H #include "loginrec.h" @@ -291,7 +291,7 @@ diff -up openssh-7.3p1/audit.h.audit openssh-7.3p1/audit.h enum ssh_audit_event_type { SSH_LOGIN_EXCEED_MAXTRIES, -@@ -45,13 +46,33 @@ enum ssh_audit_event_type { +@@ -43,13 +44,33 @@ enum ssh_audit_event_type { SSH_CONNECTION_ABANDON, /* closed without completing auth */ SSH_AUDIT_UNKNOWN }; @@ -326,10 +326,10 @@ diff -up openssh-7.3p1/audit.h.audit openssh-7.3p1/audit.h +void audit_generate_ephemeral_server_key(const char *); #endif /* _SSH_AUDIT_H */ -diff -up openssh-7.3p1/audit-linux.c.audit openssh-7.3p1/audit-linux.c ---- openssh-7.3p1/audit-linux.c.audit 2016-08-02 09:28:22.693299000 +0200 -+++ openssh-7.3p1/audit-linux.c 2016-08-02 09:37:19.652010336 +0200 -@@ -35,25 +35,38 @@ +diff -up openssh-7.4p1/audit-linux.c.audit openssh-7.4p1/audit-linux.c +--- openssh-7.4p1/audit-linux.c.audit 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/audit-linux.c 2016-12-23 18:54:54.434080419 +0100 +@@ -33,25 +33,38 @@ #include "log.h" #include "audit.h" @@ -375,7 +375,7 @@ diff -up openssh-7.3p1/audit-linux.c.audit openssh-7.3p1/audit-linux.c NULL, "login", username ? username : "(unknown)", username == NULL ? uid : -1, hostname, ip, ttyn, success); saved_errno = errno; -@@ -67,9 +80,97 @@ linux_audit_record_event(int uid, const +@@ -65,9 +78,97 @@ linux_audit_record_event(int uid, const rc = 0; errno = saved_errno; @@ -474,7 +474,7 @@ diff -up openssh-7.3p1/audit-linux.c.audit openssh-7.3p1/audit-linux.c /* Below is the sshd audit API code */ void -@@ -78,24 +179,51 @@ audit_connection_from(const char *host, +@@ -76,24 +177,51 @@ audit_connection_from(const char *host, /* not implemented */ } @@ -532,7 +532,7 @@ diff -up openssh-7.3p1/audit-linux.c.audit openssh-7.3p1/audit-linux.c } void -@@ -105,24 +233,180 @@ audit_event(ssh_audit_event_t event) +@@ -103,24 +231,180 @@ audit_event(ssh_audit_event_t event) switch(event) { case SSH_AUTH_SUCCESS: @@ -717,9 +717,9 @@ diff -up openssh-7.3p1/audit-linux.c.audit openssh-7.3p1/audit-linux.c + error("cannot write into audit"); +} #endif /* USE_LINUX_AUDIT */ -diff -up openssh-7.3p1/auditstub.c.audit openssh-7.3p1/auditstub.c ---- openssh-7.3p1/auditstub.c.audit 2016-08-02 09:28:22.693299000 +0200 -+++ openssh-7.3p1/auditstub.c 2016-08-02 09:28:22.693299000 +0200 +diff -up openssh-7.4p1/auditstub.c.audit openssh-7.4p1/auditstub.c +--- openssh-7.4p1/auditstub.c.audit 2016-12-23 18:54:54.434080419 +0100 ++++ openssh-7.4p1/auditstub.c 2016-12-23 18:54:54.434080419 +0100 @@ -0,0 +1,50 @@ +/* $Id: auditstub.c,v 1.1 jfch Exp $ */ + @@ -771,9 +771,9 @@ diff -up openssh-7.3p1/auditstub.c.audit openssh-7.3p1/auditstub.c +audit_session_key_free_body(int ctos, pid_t pid, uid_t uid) +{ +} -diff -up openssh-7.3p1/auth2.c.audit openssh-7.3p1/auth2.c ---- openssh-7.3p1/auth2.c.audit 2016-08-02 09:28:22.685299005 +0200 -+++ openssh-7.3p1/auth2.c 2016-08-02 09:28:22.693299000 +0200 +diff -up openssh-7.4p1/auth2.c.audit openssh-7.4p1/auth2.c +--- openssh-7.4p1/auth2.c.audit 2016-12-23 18:54:54.422080416 +0100 ++++ openssh-7.4p1/auth2.c 2016-12-23 18:54:54.434080419 +0100 @@ -249,9 +249,6 @@ input_userauth_request(int type, u_int32 } else { logit("input_userauth_request: invalid user %s", user); @@ -784,9 +784,9 @@ diff -up openssh-7.3p1/auth2.c.audit openssh-7.3p1/auth2.c } #ifdef USE_PAM if (options.use_pam) -diff -up openssh-7.3p1/auth2-hostbased.c.audit openssh-7.3p1/auth2-hostbased.c ---- openssh-7.3p1/auth2-hostbased.c.audit 2016-08-02 09:28:22.686299004 +0200 -+++ openssh-7.3p1/auth2-hostbased.c 2016-08-02 09:28:22.693299000 +0200 +diff -up openssh-7.4p1/auth2-hostbased.c.audit openssh-7.4p1/auth2-hostbased.c +--- openssh-7.4p1/auth2-hostbased.c.audit 2016-12-23 18:54:54.422080416 +0100 ++++ openssh-7.4p1/auth2-hostbased.c 2016-12-23 18:54:54.434080419 +0100 @@ -148,7 +148,7 @@ userauth_hostbased(Authctxt *authctxt) /* test for allowed key and correct signature */ authenticated = 0; @@ -815,10 +815,10 @@ diff -up openssh-7.3p1/auth2-hostbased.c.audit openssh-7.3p1/auth2-hostbased.c /* return 1 if given hostkey is allowed */ int hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, -diff -up openssh-7.3p1/auth2-pubkey.c.audit openssh-7.3p1/auth2-pubkey.c ---- openssh-7.3p1/auth2-pubkey.c.audit 2016-08-02 09:28:22.686299004 +0200 -+++ openssh-7.3p1/auth2-pubkey.c 2016-08-02 09:28:22.694299000 +0200 -@@ -179,7 +179,7 @@ userauth_pubkey(Authctxt *authctxt) +diff -up openssh-7.4p1/auth2-pubkey.c.audit openssh-7.4p1/auth2-pubkey.c +--- openssh-7.4p1/auth2-pubkey.c.audit 2016-12-23 18:54:54.423080416 +0100 ++++ openssh-7.4p1/auth2-pubkey.c 2016-12-23 18:54:54.435080419 +0100 +@@ -183,7 +183,7 @@ userauth_pubkey(Authctxt *authctxt) /* test for correct signature */ authenticated = 0; if (PRIVSEP(user_key_allowed(authctxt->pw, key, 1)) && @@ -827,7 +827,7 @@ diff -up openssh-7.3p1/auth2-pubkey.c.audit openssh-7.3p1/auth2-pubkey.c buffer_len(&b))) == 1) { authenticated = 1; authctxt->last_details = pubkey; -@@ -248,6 +248,18 @@ pubkey_auth_info(Authctxt *authctxt, con +@@ -252,6 +252,18 @@ pubkey_auth_info(Authctxt *authctxt, con free(extra); } @@ -846,10 +846,10 @@ diff -up openssh-7.3p1/auth2-pubkey.c.audit openssh-7.3p1/auth2-pubkey.c /* * Splits 's' into an argument vector. Handles quoted string and basic * escape characters (\\, \", \'). Caller must free the argument vector -diff -up openssh-7.3p1/auth.c.audit openssh-7.3p1/auth.c ---- openssh-7.3p1/auth.c.audit 2016-08-02 09:28:22.635299033 +0200 -+++ openssh-7.3p1/auth.c 2016-08-02 09:28:22.694299000 +0200 -@@ -657,9 +657,6 @@ getpwnamallow(const char *user) +diff -up openssh-7.4p1/auth.c.audit openssh-7.4p1/auth.c +--- openssh-7.4p1/auth.c.audit 2016-12-23 18:54:54.373080404 +0100 ++++ openssh-7.4p1/auth.c 2016-12-23 18:54:54.435080419 +0100 +@@ -666,9 +666,6 @@ getpwnamallow(const char *user) record_failed_login(user, auth_get_canonical_hostname(ssh, options.use_dns), "ssh"); #endif @@ -859,10 +859,10 @@ diff -up openssh-7.3p1/auth.c.audit openssh-7.3p1/auth.c return (NULL); } if (!allowed_user(pw)) -diff -up openssh-7.3p1/auth.h.audit openssh-7.3p1/auth.h ---- openssh-7.3p1/auth.h.audit 2016-08-02 09:28:22.686299004 +0200 -+++ openssh-7.3p1/auth.h 2016-08-02 09:28:22.694299000 +0200 -@@ -199,6 +199,7 @@ void abandon_challenge_response(Authctxt +diff -up openssh-7.4p1/auth.h.audit openssh-7.4p1/auth.h +--- openssh-7.4p1/auth.h.audit 2016-12-23 18:54:54.423080416 +0100 ++++ openssh-7.4p1/auth.h 2016-12-23 18:54:54.435080419 +0100 +@@ -185,6 +185,7 @@ struct passwd * getpwnamallow(const char char *expand_authorized_keys(const char *, struct passwd *pw); char *authorized_principals_file(struct passwd *); @@ -870,59 +870,20 @@ diff -up openssh-7.3p1/auth.h.audit openssh-7.3p1/auth.h FILE *auth_openkeyfile(const char *, struct passwd *, int); FILE *auth_openprincipals(const char *, struct passwd *, int); -@@ -219,6 +220,7 @@ int get_hostkey_index(Key *, int, struc - int ssh1_session_key(BIGNUM *); +@@ -204,6 +205,7 @@ Key *get_hostkey_private_by_type(int, in + int get_hostkey_index(Key *, int, struct ssh *); int sshd_hostkey_sign(Key *, Key *, u_char **, size_t *, const u_char *, size_t, const char *, u_int); +int hostbased_key_verify(const Key *, const u_char *, u_int, const u_char *, u_int); /* debug messages during authentication */ void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2))); -diff -up openssh-7.3p1/auth-rsa.c.audit openssh-7.3p1/auth-rsa.c ---- openssh-7.3p1/auth-rsa.c.audit 2016-07-28 00:54:27.000000000 +0200 -+++ openssh-7.3p1/auth-rsa.c 2016-08-02 09:28:22.694299000 +0200 -@@ -95,7 +95,10 @@ auth_rsa_verify_response(Key *key, BIGNU - { - u_char buf[32], mdbuf[16]; - struct ssh_digest_ctx *md; -- int len; -+ int len, rv; -+#ifdef SSH_AUDIT_EVENTS -+ char *fp; -+#endif - - /* don't allow short keys */ - if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { -@@ -119,12 +122,18 @@ auth_rsa_verify_response(Key *key, BIGNU - ssh_digest_free(md); - - /* Verify that the response is the original challenge. */ -- if (timingsafe_bcmp(response, mdbuf, 16) != 0) { -- /* Wrong answer. */ -- return (0); -+ rv = timingsafe_bcmp(response, mdbuf, 16) == 0; -+ -+#ifdef SSH_AUDIT_EVENTS -+ fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_HEX); -+ if (audit_keyusage(1, "ssh-rsa1", RSA_size(key->rsa) * 8, fp, rv) == 0) { -+ debug("unsuccessful audit"); -+ rv = 0; - } -- /* Correct answer. */ -- return (1); -+ free(fp); -+#endif -+ -+ return rv; - } - - /* -diff -up openssh-7.3p1/cipher.c.audit openssh-7.3p1/cipher.c ---- openssh-7.3p1/cipher.c.audit 2016-07-28 00:54:27.000000000 +0200 -+++ openssh-7.3p1/cipher.c 2016-08-02 09:28:22.694299000 +0200 -@@ -57,26 +57,6 @@ extern const EVP_CIPHER *evp_ssh1_3des(v - extern int ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); - #endif +diff -up openssh-7.4p1/cipher.c.audit openssh-7.4p1/cipher.c +--- openssh-7.4p1/cipher.c.audit 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/cipher.c 2016-12-23 18:54:54.435080419 +0100 +@@ -66,26 +66,6 @@ struct sshcipher_ctx { + const struct sshcipher *cipher; + }; -struct sshcipher { - char *name; @@ -947,15 +908,15 @@ diff -up openssh-7.3p1/cipher.c.audit openssh-7.3p1/cipher.c static const struct sshcipher ciphers[] = { #ifdef WITH_SSH1 { "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc }, -diff -up openssh-7.3p1/cipher.h.audit openssh-7.3p1/cipher.h ---- openssh-7.3p1/cipher.h.audit 2016-07-28 00:54:27.000000000 +0200 -+++ openssh-7.3p1/cipher.h 2016-08-02 09:28:22.694299000 +0200 -@@ -62,7 +62,26 @@ +diff -up openssh-7.4p1/cipher.h.audit openssh-7.4p1/cipher.h +--- openssh-7.4p1/cipher.h.audit 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/cipher.h 2016-12-23 18:54:54.436080419 +0100 +@@ -62,7 +62,25 @@ #define CIPHER_ENCRYPT 1 #define CIPHER_DECRYPT 0 -struct sshcipher; -+struct sshcipher { ++struct sshcipher { /* from cipher.c */ + char *name; + int number; /* for ssh1 only */ + u_int block_size; @@ -974,14 +935,13 @@ diff -up openssh-7.3p1/cipher.h.audit openssh-7.3p1/cipher.h + void *ignored; +#endif +}; -+ - struct sshcipher_ctx { - int plaintext; - int encrypt; -diff -up openssh-7.3p1/kex.c.audit openssh-7.3p1/kex.c ---- openssh-7.3p1/kex.c.audit 2016-08-02 09:28:22.676299010 +0200 -+++ openssh-7.3p1/kex.c 2016-08-02 09:28:22.695298999 +0200 -@@ -55,6 +55,7 @@ + struct sshcipher_ctx; + + u_int cipher_mask_ssh1(int); +diff -up openssh-7.4p1/kex.c.audit openssh-7.4p1/kex.c +--- openssh-7.4p1/kex.c.audit 2016-12-23 18:54:54.410080413 +0100 ++++ openssh-7.4p1/kex.c 2016-12-23 18:54:54.436080419 +0100 +@@ -54,6 +54,7 @@ #include "ssherr.h" #include "sshbuf.h" #include "digest.h" @@ -989,7 +949,7 @@ diff -up openssh-7.3p1/kex.c.audit openssh-7.3p1/kex.c #ifdef GSSAPI #include "ssh-gss.h" -@@ -673,8 +674,12 @@ choose_enc(struct sshenc *enc, char *cli +@@ -683,8 +684,12 @@ choose_enc(struct sshenc *enc, char *cli { char *name = match_list(client, server, NULL); @@ -1003,7 +963,7 @@ diff -up openssh-7.3p1/kex.c.audit openssh-7.3p1/kex.c if ((enc->cipher = cipher_by_name(name)) == NULL) return SSH_ERR_INTERNAL_ERROR; enc->name = name; -@@ -692,8 +697,12 @@ choose_mac(struct ssh *ssh, struct sshma +@@ -702,8 +707,12 @@ choose_mac(struct ssh *ssh, struct sshma { char *name = match_list(client, server, NULL); @@ -1017,7 +977,7 @@ diff -up openssh-7.3p1/kex.c.audit openssh-7.3p1/kex.c if (mac_setup(mac, name) < 0) return SSH_ERR_INTERNAL_ERROR; /* truncate the key */ -@@ -710,8 +719,12 @@ choose_comp(struct sshcomp *comp, char * +@@ -720,8 +729,12 @@ choose_comp(struct sshcomp *comp, char * { char *name = match_list(client, server, NULL); @@ -1031,10 +991,10 @@ diff -up openssh-7.3p1/kex.c.audit openssh-7.3p1/kex.c if (strcmp(name, "zlib@openssh.com") == 0) { comp->type = COMP_DELAYED; } else if (strcmp(name, "zlib") == 0) { -@@ -882,6 +895,10 @@ kex_choose_conf(struct ssh *ssh) - dh_need = MAX(dh_need, newkeys->enc.block_size); - dh_need = MAX(dh_need, newkeys->enc.iv_len); - dh_need = MAX(dh_need, newkeys->mac.key_len); +@@ -890,6 +903,10 @@ kex_choose_conf(struct ssh *ssh) + dh_need = MAXIMUM(dh_need, newkeys->enc.block_size); + dh_need = MAXIMUM(dh_need, newkeys->enc.iv_len); + dh_need = MAXIMUM(dh_need, newkeys->mac.key_len); + debug("kex: %s need=%d dh_need=%d", kex->name, need, dh_need); +#ifdef SSH_AUDIT_EVENTS + audit_kex(mode, newkeys->enc.name, newkeys->mac.name, newkeys->comp.name, kex->name); @@ -1042,7 +1002,7 @@ diff -up openssh-7.3p1/kex.c.audit openssh-7.3p1/kex.c } /* XXX need runden? */ kex->we_need = need; -@@ -1056,3 +1073,33 @@ dump_digest(char *msg, u_char *digest, i +@@ -1064,3 +1081,33 @@ dump_digest(char *msg, u_char *digest, i sshbuf_dump_data(digest, len, stderr); } #endif @@ -1076,10 +1036,10 @@ diff -up openssh-7.3p1/kex.c.audit openssh-7.3p1/kex.c + mac_destroy(&newkeys->mac); + memset(&newkeys->comp, 0, sizeof(newkeys->comp)); +} -diff -up openssh-7.3p1/kex.h.audit openssh-7.3p1/kex.h ---- openssh-7.3p1/kex.h.audit 2016-08-02 09:28:22.676299010 +0200 -+++ openssh-7.3p1/kex.h 2016-08-02 09:28:22.695298999 +0200 -@@ -212,6 +212,8 @@ int kexgss_client(struct ssh *); +diff -up openssh-7.4p1/kex.h.audit openssh-7.4p1/kex.h +--- openssh-7.4p1/kex.h.audit 2016-12-23 18:54:54.410080413 +0100 ++++ openssh-7.4p1/kex.h 2016-12-23 18:54:54.436080419 +0100 +@@ -213,6 +213,8 @@ int kexgss_client(struct ssh *); int kexgss_server(struct ssh *); #endif @@ -1088,9 +1048,9 @@ diff -up openssh-7.3p1/kex.h.audit openssh-7.3p1/kex.h int kex_dh_hash(int, const char *, const char *, const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *); -diff -up openssh-7.3p1/key.h.audit openssh-7.3p1/key.h ---- openssh-7.3p1/key.h.audit 2016-07-28 00:54:27.000000000 +0200 -+++ openssh-7.3p1/key.h 2016-08-02 09:28:22.695298999 +0200 +diff -up openssh-7.4p1/key.h.audit openssh-7.4p1/key.h +--- openssh-7.4p1/key.h.audit 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/key.h 2016-12-23 18:54:54.436080419 +0100 @@ -50,6 +50,7 @@ typedef struct sshkey Key; #define key_ecdsa_bits_to_nid sshkey_ecdsa_bits_to_nid #define key_ecdsa_key_to_nid sshkey_ecdsa_key_to_nid @@ -1099,10 +1059,10 @@ diff -up openssh-7.3p1/key.h.audit openssh-7.3p1/key.h #define key_type_plain sshkey_type_plain #define key_curve_name_to_nid sshkey_curve_name_to_nid #define key_curve_nid_to_bits sshkey_curve_nid_to_bits -diff -up openssh-7.3p1/mac.c.audit openssh-7.3p1/mac.c ---- openssh-7.3p1/mac.c.audit 2016-07-28 00:54:27.000000000 +0200 -+++ openssh-7.3p1/mac.c 2016-08-02 09:28:22.695298999 +0200 -@@ -245,6 +245,20 @@ mac_clear(struct sshmac *mac) +diff -up openssh-7.4p1/mac.c.audit openssh-7.4p1/mac.c +--- openssh-7.4p1/mac.c.audit 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/mac.c 2016-12-23 18:54:54.436080419 +0100 +@@ -249,6 +249,20 @@ mac_clear(struct sshmac *mac) mac->umac_ctx = NULL; } @@ -1123,9 +1083,9 @@ diff -up openssh-7.3p1/mac.c.audit openssh-7.3p1/mac.c /* XXX copied from ciphers_valid */ #define MAC_SEP "," int -diff -up openssh-7.3p1/mac.h.audit openssh-7.3p1/mac.h ---- openssh-7.3p1/mac.h.audit 2016-07-28 00:54:27.000000000 +0200 -+++ openssh-7.3p1/mac.h 2016-08-02 09:28:22.695298999 +0200 +diff -up openssh-7.4p1/mac.h.audit openssh-7.4p1/mac.h +--- openssh-7.4p1/mac.h.audit 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/mac.h 2016-12-23 18:54:54.436080419 +0100 @@ -49,5 +49,6 @@ int mac_compute(struct sshmac *, u_int3 int mac_check(struct sshmac *, u_int32_t, const u_char *, size_t, const u_char *, size_t); @@ -1133,10 +1093,10 @@ diff -up openssh-7.3p1/mac.h.audit openssh-7.3p1/mac.h +void mac_destroy(struct sshmac *); #endif /* SSHMAC_H */ -diff -up openssh-7.3p1/Makefile.in.audit openssh-7.3p1/Makefile.in ---- openssh-7.3p1/Makefile.in.audit 2016-08-02 09:28:22.638299031 +0200 -+++ openssh-7.3p1/Makefile.in 2016-08-02 09:28:22.695298999 +0200 -@@ -99,7 +99,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ +diff -up openssh-7.4p1/Makefile.in.audit openssh-7.4p1/Makefile.in +--- openssh-7.4p1/Makefile.in.audit 2016-12-23 18:54:54.375080404 +0100 ++++ openssh-7.4p1/Makefile.in 2016-12-23 18:54:54.436080419 +0100 +@@ -100,7 +100,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \ kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o \ @@ -1145,10 +1105,10 @@ diff -up openssh-7.3p1/Makefile.in.audit openssh-7.3p1/Makefile.in SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ sshconnect.o sshconnect1.o sshconnect2.o mux.o -diff -up openssh-7.3p1/monitor.c.audit openssh-7.3p1/monitor.c ---- openssh-7.3p1/monitor.c.audit 2016-08-02 09:28:22.687299004 +0200 -+++ openssh-7.3p1/monitor.c 2016-08-02 09:28:22.696298999 +0200 -@@ -103,6 +103,7 @@ +diff -up openssh-7.4p1/monitor.c.audit openssh-7.4p1/monitor.c +--- openssh-7.4p1/monitor.c.audit 2016-12-23 18:54:54.423080416 +0100 ++++ openssh-7.4p1/monitor.c 2016-12-23 18:54:54.437080420 +0100 +@@ -102,6 +102,7 @@ #include "compat.h" #include "ssh2.h" #include "authfd.h" @@ -1156,7 +1116,7 @@ diff -up openssh-7.3p1/monitor.c.audit openssh-7.3p1/monitor.c #include "match.h" #include "ssherr.h" -@@ -118,6 +119,8 @@ extern Buffer auth_debug; +@@ -117,6 +118,8 @@ extern Buffer auth_debug; extern int auth_debug_init; extern Buffer loginmsg; @@ -1165,7 +1125,7 @@ diff -up openssh-7.3p1/monitor.c.audit openssh-7.3p1/monitor.c /* State exported from the child */ static struct sshbuf *child_state; -@@ -168,6 +171,11 @@ int mm_answer_gss_updatecreds(int, Buffe +@@ -167,6 +170,11 @@ int mm_answer_gss_updatecreds(int, Buffe #ifdef SSH_AUDIT_EVENTS int mm_answer_audit_event(int, Buffer *); int mm_answer_audit_command(int, Buffer *); @@ -1177,7 +1137,7 @@ diff -up openssh-7.3p1/monitor.c.audit openssh-7.3p1/monitor.c #endif static int monitor_read_log(struct monitor *); -@@ -227,6 +235,10 @@ struct mon_table mon_dispatch_proto20[] +@@ -222,6 +230,10 @@ struct mon_table mon_dispatch_proto20[] #endif #ifdef SSH_AUDIT_EVENTS {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, @@ -1188,7 +1148,7 @@ diff -up openssh-7.3p1/monitor.c.audit openssh-7.3p1/monitor.c #endif #ifdef BSD_AUTH {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, -@@ -265,6 +277,11 @@ struct mon_table mon_dispatch_postauth20 +@@ -260,6 +272,11 @@ struct mon_table mon_dispatch_postauth20 #ifdef SSH_AUDIT_EVENTS {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, @@ -1200,30 +1160,7 @@ diff -up openssh-7.3p1/monitor.c.audit openssh-7.3p1/monitor.c #endif {0, 0, NULL} }; -@@ -297,6 +314,10 @@ struct mon_table mon_dispatch_proto15[] - #endif - #ifdef SSH_AUDIT_EVENTS - {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, -+ {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, -+ {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, -+ {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body}, -+ {MONITOR_REQ_AUDIT_SERVER_KEY_FREE, MON_PERMIT, mm_answer_audit_server_key_free}, - #endif - #endif /* WITH_SSH1 */ - {0, 0, NULL} -@@ -310,6 +331,11 @@ struct mon_table mon_dispatch_postauth15 - #ifdef SSH_AUDIT_EVENTS - {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, - {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, -+ {MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT, mm_answer_audit_end_command}, -+ {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, -+ {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, -+ {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body}, -+ {MONITOR_REQ_AUDIT_SERVER_KEY_FREE, MON_PERMIT, mm_answer_audit_server_key_free}, - #endif - #endif /* WITH_SSH1 */ - {0, 0, NULL} -@@ -1488,9 +1514,11 @@ mm_answer_keyverify(int sock, Buffer *m) +@@ -1396,9 +1413,11 @@ mm_answer_keyverify(int sock, Buffer *m) Key *key; u_char *signature, *data, *blob; u_int signaturelen, datalen, bloblen; @@ -1235,7 +1172,7 @@ diff -up openssh-7.3p1/monitor.c.audit openssh-7.3p1/monitor.c blob = buffer_get_string(m, &bloblen); signature = buffer_get_string(m, &signaturelen); data = buffer_get_string(m, &datalen); -@@ -1498,6 +1526,8 @@ mm_answer_keyverify(int sock, Buffer *m) +@@ -1406,6 +1425,8 @@ mm_answer_keyverify(int sock, Buffer *m) if (hostbased_cuser == NULL || hostbased_chost == NULL || !monitor_allowed_key(blob, bloblen)) fatal("%s: bad key, not previously allowed", __func__); @@ -1244,7 +1181,7 @@ diff -up openssh-7.3p1/monitor.c.audit openssh-7.3p1/monitor.c key = key_from_blob(blob, bloblen); if (key == NULL) -@@ -1518,7 +1548,17 @@ mm_answer_keyverify(int sock, Buffer *m) +@@ -1426,7 +1447,17 @@ mm_answer_keyverify(int sock, Buffer *m) if (!valid_data) fatal("%s: bad signature data blob", __func__); @@ -1263,7 +1200,7 @@ diff -up openssh-7.3p1/monitor.c.audit openssh-7.3p1/monitor.c debug3("%s: key %p signature %s", __func__, key, (verified == 1) ? "verified" : "unverified"); -@@ -1584,6 +1624,12 @@ mm_session_close(Session *s) +@@ -1489,6 +1520,12 @@ mm_session_close(Session *s) debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd); session_pty_cleanup2(s); } @@ -1276,7 +1213,7 @@ diff -up openssh-7.3p1/monitor.c.audit openssh-7.3p1/monitor.c session_unused(s->self); } -@@ -1866,6 +1912,8 @@ mm_answer_term(int sock, Buffer *req) +@@ -1591,6 +1628,8 @@ mm_answer_term(int sock, Buffer *req) sshpam_cleanup(); #endif @@ -1285,7 +1222,7 @@ diff -up openssh-7.3p1/monitor.c.audit openssh-7.3p1/monitor.c while (waitpid(pmonitor->m_pid, &status, 0) == -1) if (errno != EINTR) exit(1); -@@ -1908,11 +1956,45 @@ mm_answer_audit_command(int socket, Buff +@@ -1633,11 +1672,45 @@ mm_answer_audit_command(int socket, Buff { u_int len; char *cmd; @@ -1332,7 +1269,7 @@ diff -up openssh-7.3p1/monitor.c.audit openssh-7.3p1/monitor.c free(cmd); return (0); } -@@ -1972,6 +2052,7 @@ monitor_apply_keystate(struct monitor *p +@@ -1690,6 +1763,7 @@ monitor_apply_keystate(struct monitor *p void mm_get_keystate(struct monitor *pmonitor) { @@ -1340,7 +1277,7 @@ diff -up openssh-7.3p1/monitor.c.audit openssh-7.3p1/monitor.c debug3("%s: Waiting for new keys", __func__); if ((child_state = sshbuf_new()) == NULL) -@@ -1979,6 +2060,21 @@ mm_get_keystate(struct monitor *pmonitor +@@ -1697,6 +1771,21 @@ mm_get_keystate(struct monitor *pmonitor mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_KEYEXPORT, child_state); debug3("%s: GOT new keys", __func__); @@ -1362,7 +1299,7 @@ diff -up openssh-7.3p1/monitor.c.audit openssh-7.3p1/monitor.c } -@@ -2248,3 +2344,86 @@ mm_answer_gss_updatecreds(int socket, Bu +@@ -1953,3 +2042,86 @@ mm_answer_gss_updatecreds(int socket, Bu #endif /* GSSAPI */ @@ -1449,9 +1386,9 @@ diff -up openssh-7.3p1/monitor.c.audit openssh-7.3p1/monitor.c + return 0; +} +#endif /* SSH_AUDIT_EVENTS */ -diff -up openssh-7.3p1/monitor.h.audit openssh-7.3p1/monitor.h ---- openssh-7.3p1/monitor.h.audit 2016-08-02 09:28:22.660299019 +0200 -+++ openssh-7.3p1/monitor.h 2016-08-02 09:28:22.696298999 +0200 +diff -up openssh-7.4p1/monitor.h.audit openssh-7.4p1/monitor.h +--- openssh-7.4p1/monitor.h.audit 2016-12-23 18:54:54.393080409 +0100 ++++ openssh-7.4p1/monitor.h 2016-12-23 18:54:54.437080420 +0100 @@ -69,7 +69,13 @@ enum monitor_reqtype { MONITOR_REQ_PAM_QUERY = 106, MONITOR_ANS_PAM_QUERY = 107, MONITOR_REQ_PAM_RESPOND = 108, MONITOR_ANS_PAM_RESPOND = 109, @@ -1467,10 +1404,10 @@ diff -up openssh-7.3p1/monitor.h.audit openssh-7.3p1/monitor.h }; -diff -up openssh-7.3p1/monitor_wrap.c.audit openssh-7.3p1/monitor_wrap.c ---- openssh-7.3p1/monitor_wrap.c.audit 2016-08-02 09:28:22.639299030 +0200 -+++ openssh-7.3p1/monitor_wrap.c 2016-08-02 09:28:22.696298999 +0200 -@@ -466,7 +466,7 @@ mm_key_allowed(enum mm_keytype type, con +diff -up openssh-7.4p1/monitor_wrap.c.audit openssh-7.4p1/monitor_wrap.c +--- openssh-7.4p1/monitor_wrap.c.audit 2016-12-23 18:54:54.376080405 +0100 ++++ openssh-7.4p1/monitor_wrap.c 2016-12-23 18:54:54.437080420 +0100 +@@ -453,7 +453,7 @@ mm_key_allowed(enum mm_keytype type, con */ int @@ -1479,7 +1416,7 @@ diff -up openssh-7.3p1/monitor_wrap.c.audit openssh-7.3p1/monitor_wrap.c { Buffer m; u_char *blob; -@@ -480,6 +480,7 @@ mm_key_verify(Key *key, u_char *sig, u_i +@@ -467,6 +467,7 @@ mm_key_verify(Key *key, u_char *sig, u_i return (0); buffer_init(&m); @@ -1487,7 +1424,7 @@ diff -up openssh-7.3p1/monitor_wrap.c.audit openssh-7.3p1/monitor_wrap.c buffer_put_string(&m, blob, len); buffer_put_string(&m, sig, siglen); buffer_put_string(&m, data, datalen); -@@ -497,6 +498,18 @@ mm_key_verify(Key *key, u_char *sig, u_i +@@ -484,6 +485,18 @@ mm_key_verify(Key *key, u_char *sig, u_i return (verified); } @@ -1506,7 +1443,7 @@ diff -up openssh-7.3p1/monitor_wrap.c.audit openssh-7.3p1/monitor_wrap.c void mm_send_keystate(struct monitor *monitor) { -@@ -1010,10 +1023,11 @@ mm_audit_event(ssh_audit_event_t event) +@@ -861,10 +874,11 @@ mm_audit_event(ssh_audit_event_t event) buffer_free(&m); } @@ -1519,7 +1456,7 @@ diff -up openssh-7.3p1/monitor_wrap.c.audit openssh-7.3p1/monitor_wrap.c debug3("%s entering command %s", __func__, command); -@@ -1021,6 +1035,26 @@ mm_audit_run_command(const char *command +@@ -872,6 +886,26 @@ mm_audit_run_command(const char *command buffer_put_cstring(&m, command); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m); @@ -1546,7 +1483,7 @@ diff -up openssh-7.3p1/monitor_wrap.c.audit openssh-7.3p1/monitor_wrap.c buffer_free(&m); } #endif /* SSH_AUDIT_EVENTS */ -@@ -1156,3 +1190,70 @@ mm_ssh_gssapi_update_creds(ssh_gssapi_cc +@@ -1007,3 +1041,70 @@ mm_ssh_gssapi_update_creds(ssh_gssapi_cc #endif /* GSSAPI */ @@ -1617,20 +1554,20 @@ diff -up openssh-7.3p1/monitor_wrap.c.audit openssh-7.3p1/monitor_wrap.c + buffer_free(&m); +} +#endif /* SSH_AUDIT_EVENTS */ -diff -up openssh-7.3p1/monitor_wrap.h.audit openssh-7.3p1/monitor_wrap.h ---- openssh-7.3p1/monitor_wrap.h.audit 2016-08-02 09:28:22.639299030 +0200 -+++ openssh-7.3p1/monitor_wrap.h 2016-08-02 09:28:22.696298999 +0200 -@@ -54,7 +54,8 @@ int mm_hostbased_key_allowed(struct pass - const char *, Key *); - int mm_auth_rhosts_rsa_key_allowed(struct passwd *, const char *, +diff -up openssh-7.4p1/monitor_wrap.h.audit openssh-7.4p1/monitor_wrap.h +--- openssh-7.4p1/monitor_wrap.h.audit 2016-12-23 18:54:54.376080405 +0100 ++++ openssh-7.4p1/monitor_wrap.h 2016-12-23 18:54:54.437080420 +0100 +@@ -52,7 +52,8 @@ int mm_key_allowed(enum mm_keytype, cons + int mm_user_key_allowed(struct passwd *, Key *, int); + int mm_hostbased_key_allowed(struct passwd *, const char *, const char *, Key *); -int mm_key_verify(Key *, u_char *, u_int, u_char *, u_int); +int mm_hostbased_key_verify(Key *, u_char *, u_int, u_char *, u_int); +int mm_user_key_verify(Key *, u_char *, u_int, u_char *, u_int); - int mm_auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **); - int mm_auth_rsa_verify_response(Key *, BIGNUM *, u_char *); - BIGNUM *mm_auth_rsa_generate_challenge(Key *); -@@ -81,7 +82,12 @@ void mm_sshpam_free_ctx(void *); + + #ifdef GSSAPI + OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID); +@@ -76,7 +77,12 @@ void mm_sshpam_free_ctx(void *); #ifdef SSH_AUDIT_EVENTS #include "audit.h" void mm_audit_event(ssh_audit_event_t); @@ -1644,10 +1581,10 @@ diff -up openssh-7.3p1/monitor_wrap.h.audit openssh-7.3p1/monitor_wrap.h #endif struct Session; -diff -up openssh-7.3p1/packet.c.audit openssh-7.3p1/packet.c ---- openssh-7.3p1/packet.c.audit 2016-08-02 09:28:22.582299062 +0200 -+++ openssh-7.3p1/packet.c 2016-08-02 09:28:22.697298998 +0200 -@@ -68,6 +68,7 @@ +diff -up openssh-7.4p1/packet.c.audit openssh-7.4p1/packet.c +--- openssh-7.4p1/packet.c.audit 2016-12-23 18:54:54.318080390 +0100 ++++ openssh-7.4p1/packet.c 2016-12-23 18:54:54.438080420 +0100 +@@ -67,6 +67,7 @@ #include "key.h" /* typedefs XXX */ #include "xmalloc.h" @@ -1655,7 +1592,7 @@ diff -up openssh-7.3p1/packet.c.audit openssh-7.3p1/packet.c #include "crc32.h" #include "deattack.h" #include "compat.h" -@@ -468,6 +469,13 @@ ssh_packet_get_connection_out(struct ssh +@@ -494,6 +495,13 @@ ssh_packet_get_connection_out(struct ssh return ssh->state->connection_out; } @@ -1669,7 +1606,7 @@ diff -up openssh-7.3p1/packet.c.audit openssh-7.3p1/packet.c /* * Returns the IP-address of the remote host as a string. The returned * string must not be freed. -@@ -537,13 +545,6 @@ ssh_packet_close(struct ssh *ssh) +@@ -562,13 +570,6 @@ ssh_packet_close(struct ssh *ssh) if (!state->initialized) return; state->initialized = 0; @@ -1683,21 +1620,18 @@ diff -up openssh-7.3p1/packet.c.audit openssh-7.3p1/packet.c sshbuf_free(state->input); sshbuf_free(state->output); sshbuf_free(state->outgoing_packet); -@@ -575,12 +576,22 @@ ssh_packet_close(struct ssh *ssh) +@@ -600,11 +601,21 @@ ssh_packet_close(struct ssh *ssh) inflateEnd(stream); } } -- if ((r = cipher_cleanup(&state->send_context)) != 0) -- error("%s: cipher_cleanup failed: %s", __func__, ssh_err(r)); -- if ((r = cipher_cleanup(&state->receive_context)) != 0) -- error("%s: cipher_cleanup failed: %s", __func__, ssh_err(r)); +- cipher_free(state->send_context); +- cipher_free(state->receive_context); + if (packet_state_has_keys(state)) { -+ if ((r = cipher_cleanup(&state->send_context)) != 0) -+ error("%s: cipher_cleanup failed: %s", __func__, ssh_err(r)); -+ if ((r = cipher_cleanup(&state->receive_context)) != 0) -+ error("%s: cipher_cleanup failed: %s", __func__, ssh_err(r)); ++ cipher_free(state->send_context); ++ cipher_free(state->receive_context); + audit_session_key_free(MODE_MAX); + } + state->send_context = state->receive_context = NULL; free(ssh->remote_ipaddr); ssh->remote_ipaddr = NULL; + if (state->connection_in == state->connection_out) { @@ -1710,15 +1644,15 @@ diff -up openssh-7.3p1/packet.c.audit openssh-7.3p1/packet.c free(ssh->state); ssh->state = NULL; } -@@ -1005,6 +1016,7 @@ ssh_set_newkeys(struct ssh *ssh, int mod - (unsigned long long)state->p_read.blocks, - (unsigned long long)state->p_send.bytes, - (unsigned long long)state->p_send.blocks); +@@ -950,6 +961,7 @@ ssh_set_newkeys(struct ssh *ssh, int mod + " (%llu bytes total)", __func__, + (unsigned long long)ps->blocks, dir, + (unsigned long long)ps->bytes); + audit_session_key_free(mode); - if ((r = cipher_cleanup(cc)) != 0) - return r; + cipher_free(*ccp); + *ccp = NULL; enc = &state->newkeys[mode]->enc; -@@ -2450,6 +2462,72 @@ ssh_packet_get_output(struct ssh *ssh) +@@ -2440,6 +2452,72 @@ ssh_packet_get_output(struct ssh *ssh) return (void *)ssh->state->output; } @@ -1747,8 +1681,8 @@ diff -up openssh-7.3p1/packet.c.audit openssh-7.3p1/packet.c + if (state == NULL) + return; + -+ cipher_cleanup(&state->receive_context); -+ cipher_cleanup(&state->send_context); ++ cipher_free(state->receive_context); ++ cipher_free(state->send_context); + + buffer_free(state->input); + state->input = NULL; @@ -1791,18 +1725,18 @@ diff -up openssh-7.3p1/packet.c.audit openssh-7.3p1/packet.c /* Reset after_authentication and reset compression in post-auth privsep */ static int ssh_packet_set_postauth(struct ssh *ssh) -diff -up openssh-7.3p1/packet.h.audit openssh-7.3p1/packet.h ---- openssh-7.3p1/packet.h.audit 2016-07-28 00:54:27.000000000 +0200 -+++ openssh-7.3p1/packet.h 2016-08-02 09:28:22.697298998 +0200 -@@ -204,4 +204,5 @@ extern struct ssh *active_state; +diff -up openssh-7.4p1/packet.h.audit openssh-7.4p1/packet.h +--- openssh-7.4p1/packet.h.audit 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/packet.h 2016-12-23 18:54:54.438080420 +0100 +@@ -208,4 +208,5 @@ extern struct ssh *active_state; # undef EC_POINT #endif +void packet_destroy_all(int, int); #endif /* PACKET_H */ -diff -up openssh-7.3p1/sandbox-seccomp-filter.c.audit openssh-7.3p1/sandbox-seccomp-filter.c ---- openssh-7.3p1/sandbox-seccomp-filter.c.audit 2016-07-28 00:54:27.000000000 +0200 -+++ openssh-7.3p1/sandbox-seccomp-filter.c 2016-08-02 09:28:22.697298998 +0200 +diff -up openssh-7.4p1/sandbox-seccomp-filter.c.audit openssh-7.4p1/sandbox-seccomp-filter.c +--- openssh-7.4p1/sandbox-seccomp-filter.c.audit 2016-12-23 18:54:54.377080405 +0100 ++++ openssh-7.4p1/sandbox-seccomp-filter.c 2016-12-23 18:54:54.438080420 +0100 @@ -159,6 +159,12 @@ static const struct sock_filter preauth_ #ifdef __NR_gettimeofday SC_ALLOW(gettimeofday), @@ -1816,10 +1750,10 @@ diff -up openssh-7.3p1/sandbox-seccomp-filter.c.audit openssh-7.3p1/sandbox-secc #ifdef __NR_madvise SC_ALLOW(madvise), #endif -diff -up openssh-7.3p1/session.c.audit openssh-7.3p1/session.c ---- openssh-7.3p1/session.c.audit 2016-08-02 09:28:22.691299001 +0200 -+++ openssh-7.3p1/session.c 2016-08-02 09:28:22.698298997 +0200 -@@ -144,7 +144,7 @@ extern int log_stderr; +diff -up openssh-7.4p1/session.c.audit openssh-7.4p1/session.c +--- openssh-7.4p1/session.c.audit 2016-12-23 18:54:54.430080418 +0100 ++++ openssh-7.4p1/session.c 2016-12-23 18:57:45.068115466 +0100 +@@ -142,7 +142,7 @@ extern int log_stderr; extern int debug_flag; extern u_int utmp_len; extern int startup_pipe; @@ -1828,7 +1762,7 @@ diff -up openssh-7.3p1/session.c.audit openssh-7.3p1/session.c extern Buffer loginmsg; /* original command from peer. */ -@@ -757,6 +757,14 @@ do_exec_pty(Session *s, const char *comm +@@ -576,6 +576,14 @@ do_exec_pty(Session *s, const char *comm /* Parent. Close the slave side of the pseudo tty. */ close(ttyfd); @@ -1836,14 +1770,14 @@ diff -up openssh-7.3p1/session.c.audit openssh-7.3p1/session.c + /* do_login in the child did not affect state in this process, + compensate. From an architectural standpoint, this is extremely + ugly. */ -+ if (!(options.use_login && command == NULL)) ++ if (command != NULL) + audit_count_session_open(); +#endif + /* Enter interactive session. */ s->ptymaster = ptymaster; packet_set_interactive(1, -@@ -882,15 +890,19 @@ do_exec(Session *s, const char *command) +@@ -696,15 +704,19 @@ do_exec(Session *s, const char *command) s->self); #ifdef SSH_AUDIT_EVENTS @@ -1865,7 +1799,7 @@ diff -up openssh-7.3p1/session.c.audit openssh-7.3p1/session.c #endif if (s->ttyfd != -1) ret = do_exec_pty(s, command); -@@ -1756,7 +1768,10 @@ do_child(Session *s, const char *command +@@ -1543,7 +1555,10 @@ do_child(Session *s, const char *command int r = 0; /* remove hostkey from the child's memory */ @@ -1877,7 +1811,7 @@ diff -up openssh-7.3p1/session.c.audit openssh-7.3p1/session.c /* Force a password change */ if (s->authctxt->force_pwchange) { -@@ -1986,6 +2001,9 @@ session_unused(int id) +@@ -1757,6 +1772,9 @@ session_unused(int id) sessions[id].ttyfd = -1; sessions[id].ptymaster = -1; sessions[id].x11_chanids = NULL; @@ -1887,7 +1821,7 @@ diff -up openssh-7.3p1/session.c.audit openssh-7.3p1/session.c sessions[id].next_unused = sessions_first_unused; sessions_first_unused = id; } -@@ -2068,6 +2084,19 @@ session_open(Authctxt *authctxt, int cha +@@ -1839,6 +1857,19 @@ session_open(Authctxt *authctxt, int cha } Session * @@ -1907,7 +1841,7 @@ diff -up openssh-7.3p1/session.c.audit openssh-7.3p1/session.c session_by_tty(char *tty) { int i; -@@ -2590,6 +2619,32 @@ session_exit_message(Session *s, int sta +@@ -2351,6 +2382,32 @@ session_exit_message(Session *s, int sta chan_write_failed(c); } @@ -1940,7 +1874,7 @@ diff -up openssh-7.3p1/session.c.audit openssh-7.3p1/session.c void session_close(Session *s) { -@@ -2604,6 +2659,10 @@ session_close(Session *s) +@@ -2365,6 +2422,10 @@ session_close(Session *s) if (s->ttyfd != -1) session_pty_cleanup(s); @@ -1951,7 +1885,7 @@ diff -up openssh-7.3p1/session.c.audit openssh-7.3p1/session.c free(s->term); free(s->display); free(s->x11_chanids); -@@ -2818,6 +2877,15 @@ do_authenticated2(Authctxt *authctxt) +@@ -2575,6 +2636,15 @@ do_authenticated2(Authctxt *authctxt) server_loop2(authctxt); } @@ -1967,7 +1901,7 @@ diff -up openssh-7.3p1/session.c.audit openssh-7.3p1/session.c void do_cleanup(Authctxt *authctxt) { -@@ -2869,7 +2937,7 @@ do_cleanup(Authctxt *authctxt) +@@ -2626,7 +2696,7 @@ do_cleanup(Authctxt *authctxt) * or if running in monitor. */ if (!use_privsep || mm_is_monitor()) @@ -1976,10 +1910,10 @@ diff -up openssh-7.3p1/session.c.audit openssh-7.3p1/session.c } /* Return a name for the remote host that fits inside utmp_size */ -diff -up openssh-7.3p1/session.h.audit openssh-7.3p1/session.h ---- openssh-7.3p1/session.h.audit 2016-07-28 00:54:27.000000000 +0200 -+++ openssh-7.3p1/session.h 2016-08-02 09:28:22.698298997 +0200 -@@ -61,6 +61,12 @@ struct Session { +diff -up openssh-7.4p1/session.h.audit openssh-7.4p1/session.h +--- openssh-7.4p1/session.h.audit 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/session.h 2016-12-23 18:54:54.438080420 +0100 +@@ -60,6 +60,12 @@ struct Session { char *name; char *val; } *env; @@ -1992,7 +1926,7 @@ diff -up openssh-7.3p1/session.h.audit openssh-7.3p1/session.h }; void do_authenticated(Authctxt *); -@@ -73,8 +79,10 @@ void session_close_by_pid(pid_t, int); +@@ -72,8 +78,10 @@ void session_close_by_pid(pid_t, int); void session_close_by_channel(int, void *); void session_destroy_all(void (*)(Session *)); void session_pty_cleanup2(Session *); @@ -2003,10 +1937,10 @@ diff -up openssh-7.3p1/session.h.audit openssh-7.3p1/session.h Session *session_by_tty(char *); void session_close(Session *); void do_setusercontext(struct passwd *); -diff -up openssh-7.3p1/sshd.c.audit openssh-7.3p1/sshd.c ---- openssh-7.3p1/sshd.c.audit 2016-08-02 09:28:22.667299015 +0200 -+++ openssh-7.3p1/sshd.c 2016-08-02 09:28:22.698298997 +0200 -@@ -121,6 +121,7 @@ +diff -up openssh-7.4p1/sshd.c.audit openssh-7.4p1/sshd.c +--- openssh-7.4p1/sshd.c.audit 2016-12-23 18:54:54.403080411 +0100 ++++ openssh-7.4p1/sshd.c 2016-12-23 18:56:18.992101105 +0100 +@@ -119,6 +119,7 @@ #include "ssh-gss.h" #endif #include "monitor_wrap.h" @@ -2014,16 +1948,16 @@ diff -up openssh-7.3p1/sshd.c.audit openssh-7.3p1/sshd.c #include "ssh-sandbox.h" #include "version.h" #include "ssherr.h" -@@ -260,7 +261,7 @@ Buffer loginmsg; +@@ -244,7 +245,7 @@ Buffer loginmsg; struct passwd *privsep_pw = NULL; /* Prototypes for various functions defined later in this file. */ -void destroy_sensitive_data(void); +void destroy_sensitive_data(int); void demote_sensitive_data(void); + static void do_ssh2_kex(void); - #ifdef WITH_SSH1 -@@ -281,6 +282,15 @@ close_listen_socks(void) +@@ -261,6 +262,15 @@ close_listen_socks(void) num_listen_socks = -1; } @@ -2039,7 +1973,7 @@ diff -up openssh-7.3p1/sshd.c.audit openssh-7.3p1/sshd.c static void close_startup_pipes(void) { -@@ -566,22 +576,49 @@ sshd_exchange_identification(struct ssh +@@ -473,18 +483,45 @@ sshd_exchange_identification(struct ssh } } @@ -2060,10 +1994,6 @@ diff -up openssh-7.3p1/sshd.c.audit openssh-7.3p1/sshd.c + pid = getpid(); + uid = getuid(); +#endif - if (sensitive_data.server_key) { - key_free(sensitive_data.server_key); - sensitive_data.server_key = NULL; - } for (i = 0; i < options.num_host_key_files; i++) { if (sensitive_data.host_keys[i]) { + char *fp; @@ -2092,7 +2022,7 @@ diff -up openssh-7.3p1/sshd.c.audit openssh-7.3p1/sshd.c key_free(sensitive_data.host_certificates[i]); sensitive_data.host_certificates[i] = NULL; } -@@ -596,7 +633,13 @@ demote_sensitive_data(void) +@@ -497,12 +534,30 @@ demote_sensitive_data(void) { Key *tmp; int i; @@ -2103,11 +2033,6 @@ diff -up openssh-7.3p1/sshd.c.audit openssh-7.3p1/sshd.c + pid = getpid(); + uid = getuid(); +#endif - if (sensitive_data.server_key) { - tmp = key_demote(sensitive_data.server_key); - key_free(sensitive_data.server_key); -@@ -605,11 +648,23 @@ demote_sensitive_data(void) - for (i = 0; i < options.num_host_key_files; i++) { if (sensitive_data.host_keys[i]) { + char *fp; @@ -2119,8 +2044,6 @@ diff -up openssh-7.3p1/sshd.c.audit openssh-7.3p1/sshd.c tmp = key_demote(sensitive_data.host_keys[i]); key_free(sensitive_data.host_keys[i]); sensitive_data.host_keys[i] = tmp; - if (tmp->type == KEY_RSA1) - sensitive_data.ssh1_host_key = tmp; + if (fp != NULL) { +#ifdef SSH_AUDIT_EVENTS + audit_destroy_sensitive_data(fp, pid, uid); @@ -2130,7 +2053,7 @@ diff -up openssh-7.3p1/sshd.c.audit openssh-7.3p1/sshd.c } /* Certs do not need demotion */ } -@@ -681,7 +736,7 @@ privsep_preauth(Authctxt *authctxt) +@@ -585,7 +640,7 @@ privsep_preauth(Authctxt *authctxt) if (use_privsep == PRIVSEP_ON) box = ssh_sandbox_init(pmonitor); @@ -2139,7 +2062,7 @@ diff -up openssh-7.3p1/sshd.c.audit openssh-7.3p1/sshd.c if (pid == -1) { fatal("fork of unprivileged child failed"); } else if (pid != 0) { -@@ -766,6 +821,12 @@ privsep_postauth(Authctxt *authctxt) +@@ -665,6 +720,12 @@ privsep_postauth(Authctxt *authctxt) else if (pmonitor->m_pid != 0) { verbose("User child is on pid %ld", (long)pmonitor->m_pid); buffer_clear(&loginmsg); @@ -2152,7 +2075,7 @@ diff -up openssh-7.3p1/sshd.c.audit openssh-7.3p1/sshd.c monitor_child_postauth(pmonitor); /* NEVERREACHED */ -@@ -1310,6 +1371,7 @@ server_accept_loop(int *sock_in, int *so +@@ -1154,6 +1215,7 @@ server_accept_loop(int *sock_in, int *so if (received_sigterm) { logit("Received signal %d; terminating.", (int) received_sigterm); @@ -2160,7 +2083,7 @@ diff -up openssh-7.3p1/sshd.c.audit openssh-7.3p1/sshd.c close_listen_socks(); if (options.pid_file != NULL) unlink(options.pid_file); -@@ -2335,6 +2397,7 @@ main(int ac, char **av) +@@ -2092,6 +2150,7 @@ main(int ac, char **av) */ if (use_privsep) { mm_send_keystate(pmonitor); @@ -2168,16 +2091,7 @@ diff -up openssh-7.3p1/sshd.c.audit openssh-7.3p1/sshd.c exit(0); } -@@ -2380,7 +2443,7 @@ main(int ac, char **av) - privsep_postauth(authctxt); - /* the monitor process [priv] will not return */ - if (!compat20) -- destroy_sensitive_data(); -+ destroy_sensitive_data(0); - } - - packet_set_timeout(options.client_alive_interval, -@@ -2394,6 +2457,9 @@ main(int ac, char **av) +@@ -2148,6 +2207,9 @@ main(int ac, char **av) do_authenticated(authctxt); /* The connection has been terminated. */ @@ -2187,27 +2101,7 @@ diff -up openssh-7.3p1/sshd.c.audit openssh-7.3p1/sshd.c packet_get_bytes(&ibytes, &obytes); verbose("Transferred: sent %llu, received %llu bytes", (unsigned long long)obytes, (unsigned long long)ibytes); -@@ -2556,6 +2622,10 @@ do_ssh1_kex(void) - if (cookie[i] != packet_get_char()) - packet_disconnect("IP Spoofing check bytes do not match."); - -+#ifdef SSH_AUDIT_EVENTS -+ audit_kex(2, cipher_name(cipher_type), "crc", "none", "none"); -+#endif -+ - debug("Encryption type: %.200s", cipher_name(cipher_type)); - - /* Get the encrypted integer. */ -@@ -2616,7 +2686,7 @@ do_ssh1_kex(void) - } - - /* Destroy the private and public keys. No longer. */ -- destroy_sensitive_data(); -+ destroy_sensitive_data(1); - - if (use_privsep) - mm_ssh1_session_id(session_id); -@@ -2794,6 +2864,16 @@ do_ssh2_kex(void) +@@ -2321,6 +2383,16 @@ do_ssh2_kex(void) void cleanup_exit(int i) { @@ -2224,7 +2118,7 @@ diff -up openssh-7.3p1/sshd.c.audit openssh-7.3p1/sshd.c if (the_authctxt) { do_cleanup(the_authctxt); if (use_privsep && privsep_is_preauth && -@@ -2805,9 +2885,14 @@ cleanup_exit(int i) +@@ -2332,9 +2404,14 @@ cleanup_exit(int i) pmonitor->m_pid, strerror(errno)); } } @@ -2240,10 +2134,10 @@ diff -up openssh-7.3p1/sshd.c.audit openssh-7.3p1/sshd.c audit_event(SSH_CONNECTION_ABANDON); #endif _exit(i); -diff -up openssh-7.3p1/sshkey.c.audit openssh-7.3p1/sshkey.c ---- openssh-7.3p1/sshkey.c.audit 2016-08-02 09:28:22.689299002 +0200 -+++ openssh-7.3p1/sshkey.c 2016-08-02 09:28:22.699298997 +0200 -@@ -304,6 +304,33 @@ sshkey_type_is_valid_ca(int type) +diff -up openssh-7.4p1/sshkey.c.audit openssh-7.4p1/sshkey.c +--- openssh-7.4p1/sshkey.c.audit 2016-12-23 18:54:54.425080417 +0100 ++++ openssh-7.4p1/sshkey.c 2016-12-23 18:54:54.439080420 +0100 +@@ -303,6 +303,33 @@ sshkey_type_is_valid_ca(int type) } int @@ -2277,9 +2171,9 @@ diff -up openssh-7.3p1/sshkey.c.audit openssh-7.3p1/sshkey.c sshkey_is_cert(const struct sshkey *k) { if (k == NULL) -diff -up openssh-7.3p1/sshkey.h.audit openssh-7.3p1/sshkey.h ---- openssh-7.3p1/sshkey.h.audit 2016-08-02 09:28:22.689299002 +0200 -+++ openssh-7.3p1/sshkey.h 2016-08-02 09:28:22.699298997 +0200 +diff -up openssh-7.4p1/sshkey.h.audit openssh-7.4p1/sshkey.h +--- openssh-7.4p1/sshkey.h.audit 2016-12-23 18:54:54.425080417 +0100 ++++ openssh-7.4p1/sshkey.h 2016-12-23 18:54:54.439080420 +0100 @@ -134,6 +134,7 @@ u_int sshkey_size(const struct sshkey int sshkey_generate(int type, u_int bits, struct sshkey **keyp); int sshkey_from_private(const struct sshkey *, struct sshkey **); diff --git a/openssh-7.2p1-fips.patch b/openssh-7.2p1-fips.patch index f821052..0fd9b98 100644 --- a/openssh-7.2p1-fips.patch +++ b/openssh-7.2p1-fips.patch @@ -1,6 +1,6 @@ -diff -up openssh-7.2p1/cipher.c.fips openssh-7.2p1/cipher.c ---- openssh-7.2p1/cipher.c.fips 2016-02-12 18:53:56.083665235 +0100 -+++ openssh-7.2p1/cipher.c 2016-02-12 18:53:56.090665235 +0100 +diff -up openssh-7.4p1/cipher.c.fips openssh-7.4p1/cipher.c +--- openssh-7.4p1/cipher.c.fips 2016-12-23 16:37:49.290741582 +0100 ++++ openssh-7.4p1/cipher.c 2016-12-23 16:37:49.300741586 +0100 @@ -39,6 +39,8 @@ #include @@ -10,7 +10,7 @@ diff -up openssh-7.2p1/cipher.c.fips openssh-7.2p1/cipher.c #include #include #include -@@ -99,6 +101,26 @@ static const struct sshcipher ciphers[] +@@ -116,6 +118,20 @@ static const struct sshcipher ciphers[] { NULL, SSH_CIPHER_INVALID, 0, 0, 0, 0, 0, 0, NULL } }; @@ -25,19 +25,13 @@ diff -up openssh-7.2p1/cipher.c.fips openssh-7.2p1/cipher.c + { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, 0, EVP_aes_128_ctr }, + { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, 0, EVP_aes_192_ctr }, + { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 0, EVP_aes_256_ctr }, -+#ifdef OPENSSL_HAVE_EVPGCM -+ { "aes128-gcm@openssh.com", -+ SSH_CIPHER_SSH2, 16, 16, 12, 16, 0, 0, EVP_aes_128_gcm }, -+ { "aes256-gcm@openssh.com", -+ SSH_CIPHER_SSH2, 16, 32, 12, 16, 0, 0, EVP_aes_256_gcm }, -+#endif + { NULL, SSH_CIPHER_INVALID, 0, 0, 0, 0, 0, 0, NULL } +}; + /*--*/ /* Returns a comma-separated list of supported ciphers. */ -@@ -109,7 +131,7 @@ cipher_alg_list(char sep, int auth_only) +@@ -126,7 +142,7 @@ cipher_alg_list(char sep, int auth_only) size_t nlen, rlen = 0; const struct sshcipher *c; @@ -46,7 +40,7 @@ diff -up openssh-7.2p1/cipher.c.fips openssh-7.2p1/cipher.c if (c->number != SSH_CIPHER_SSH2) continue; if (auth_only && c->auth_len == 0) -@@ -193,7 +215,7 @@ const struct sshcipher * +@@ -222,7 +238,7 @@ const struct sshcipher * cipher_by_name(const char *name) { const struct sshcipher *c; @@ -55,7 +49,7 @@ diff -up openssh-7.2p1/cipher.c.fips openssh-7.2p1/cipher.c if (strcmp(c->name, name) == 0) return c; return NULL; -@@ -203,7 +225,7 @@ const struct sshcipher * +@@ -232,7 +248,7 @@ const struct sshcipher * cipher_by_number(int id) { const struct sshcipher *c; @@ -64,7 +58,7 @@ diff -up openssh-7.2p1/cipher.c.fips openssh-7.2p1/cipher.c if (c->number == id) return c; return NULL; -@@ -244,7 +266,7 @@ cipher_number(const char *name) +@@ -273,7 +289,7 @@ cipher_number(const char *name) const struct sshcipher *c; if (name == NULL) return -1; @@ -73,9 +67,9 @@ diff -up openssh-7.2p1/cipher.c.fips openssh-7.2p1/cipher.c if (strcasecmp(c->name, name) == 0) return c->number; return -1; -diff -up openssh-7.2p1/cipher-ctr.c.fips openssh-7.2p1/cipher-ctr.c ---- openssh-7.2p1/cipher-ctr.c.fips 2016-02-12 18:53:56.013665228 +0100 -+++ openssh-7.2p1/cipher-ctr.c 2016-02-12 18:53:56.090665235 +0100 +diff -up openssh-7.4p1/cipher-ctr.c.fips openssh-7.4p1/cipher-ctr.c +--- openssh-7.4p1/cipher-ctr.c.fips 2016-12-23 16:37:49.225741551 +0100 ++++ openssh-7.4p1/cipher-ctr.c 2016-12-23 16:37:49.297741585 +0100 @@ -179,7 +179,8 @@ evp_aes_128_ctr(void) aes_ctr.do_cipher = ssh_aes_ctr; #ifndef SSH_OLD_EVP @@ -86,10 +80,10 @@ diff -up openssh-7.2p1/cipher-ctr.c.fips openssh-7.2p1/cipher-ctr.c #endif return (&aes_ctr); } -diff -up openssh-7.2p1/dh.h.fips openssh-7.2p1/dh.h ---- openssh-7.2p1/dh.h.fips 2016-02-12 18:53:56.090665235 +0100 -+++ openssh-7.2p1/dh.h 2016-02-12 18:54:48.425670204 +0100 -@@ -49,6 +49,7 @@ u_int dh_estimate(int); +diff -up openssh-7.4p1/dh.h.fips openssh-7.4p1/dh.h +--- openssh-7.4p1/dh.h.fips 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/dh.h 2016-12-23 16:37:49.297741585 +0100 +@@ -51,6 +51,7 @@ u_int dh_estimate(int); * Miniumum increased in light of DH precomputation attacks. */ #define DH_GRP_MIN 2048 @@ -97,9 +91,9 @@ diff -up openssh-7.2p1/dh.h.fips openssh-7.2p1/dh.h #define DH_GRP_MAX 8192 /* -diff -up openssh-7.2p1/entropy.c.fips openssh-7.2p1/entropy.c ---- openssh-7.2p1/entropy.c.fips 2016-02-12 18:53:56.005665227 +0100 -+++ openssh-7.2p1/entropy.c 2016-02-12 18:53:56.091665235 +0100 +diff -up openssh-7.4p1/entropy.c.fips openssh-7.4p1/entropy.c +--- openssh-7.4p1/entropy.c.fips 2016-12-23 16:37:49.219741548 +0100 ++++ openssh-7.4p1/entropy.c 2016-12-23 16:37:49.297741585 +0100 @@ -217,6 +217,9 @@ seed_rng(void) fatal("OpenSSL version mismatch. Built against %lx, you " "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay()); @@ -110,9 +104,9 @@ diff -up openssh-7.2p1/entropy.c.fips openssh-7.2p1/entropy.c #ifndef OPENSSL_PRNG_ONLY if (RAND_status() == 1) { debug3("RNG is ready, skipping seeding"); -diff -up openssh-7.2p1/kex.c.fips openssh-7.2p1/kex.c ---- openssh-7.2p1/kex.c.fips 2016-02-12 18:53:56.084665234 +0100 -+++ openssh-7.2p1/kex.c 2016-02-12 18:53:56.091665235 +0100 +diff -up openssh-7.4p1/kex.c.fips openssh-7.4p1/kex.c +--- openssh-7.4p1/kex.c.fips 2016-12-23 16:37:49.290741582 +0100 ++++ openssh-7.4p1/kex.c 2016-12-23 16:37:49.300741586 +0100 @@ -35,6 +35,7 @@ #ifdef WITH_OPENSSL #include @@ -121,13 +115,11 @@ diff -up openssh-7.2p1/kex.c.fips openssh-7.2p1/kex.c #endif #include "ssh2.h" -@@ -121,6 +122,25 @@ static const struct kexalg kexalgs[] = { +@@ -125,6 +126,23 @@ static const struct kexalg kexalgs[] = { { NULL, -1, -1, -1}, }; +static const struct kexalg kexalgs_fips[] = { -+ { KEX_DH14, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 }, -+ { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 }, +#ifdef HAVE_EVP_SHA256 + { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 }, +#endif @@ -147,7 +139,7 @@ diff -up openssh-7.2p1/kex.c.fips openssh-7.2p1/kex.c char * kex_alg_list(char sep) { -@@ -148,7 +168,7 @@ kex_alg_by_name(const char *name) +@@ -152,7 +170,7 @@ kex_alg_by_name(const char *name) { const struct kexalg *k; @@ -156,7 +148,7 @@ diff -up openssh-7.2p1/kex.c.fips openssh-7.2p1/kex.c if (strcmp(k->name, name) == 0) return k; #ifdef GSSAPI -@@ -174,7 +194,10 @@ kex_names_valid(const char *names) +@@ -178,7 +196,10 @@ kex_names_valid(const char *names) for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) { if (kex_alg_by_name(p) == NULL) { @@ -168,17 +160,17 @@ diff -up openssh-7.2p1/kex.c.fips openssh-7.2p1/kex.c free(s); return 0; } -diff -up openssh-7.2p1/kexgexc.c.fips openssh-7.2p1/kexgexc.c ---- openssh-7.2p1/kexgexc.c.fips 2016-02-12 11:47:25.000000000 +0100 -+++ openssh-7.2p1/kexgexc.c 2016-02-12 18:53:56.091665235 +0100 +diff -up openssh-7.4p1/kexgexc.c.fips openssh-7.4p1/kexgexc.c +--- openssh-7.4p1/kexgexc.c.fips 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/kexgexc.c 2016-12-23 16:38:38.727763540 +0100 @@ -28,6 +28,7 @@ #ifdef WITH_OPENSSL +#include - #include #include + #include @@ -63,7 +64,7 @@ kexgex_client(struct ssh *ssh) nbits = dh_estimate(kex->dh_need * 8); @@ -188,24 +180,24 @@ diff -up openssh-7.2p1/kexgexc.c.fips openssh-7.2p1/kexgexc.c kex->max = DH_GRP_MAX; kex->nbits = nbits; if (datafellows & SSH_BUG_DHGEX_LARGE) -diff -up openssh-7.2p1/kexgexs.c.fips openssh-7.2p1/kexgexs.c ---- openssh-7.2p1/kexgexs.c.fips 2016-02-12 11:47:25.000000000 +0100 -+++ openssh-7.2p1/kexgexs.c 2016-02-12 18:53:56.091665235 +0100 +diff -up openssh-7.4p1/kexgexs.c.fips openssh-7.4p1/kexgexs.c +--- openssh-7.4p1/kexgexs.c.fips 2016-12-23 16:37:49.297741585 +0100 ++++ openssh-7.4p1/kexgexs.c 2016-12-23 16:39:35.009776626 +0100 @@ -83,9 +83,9 @@ input_kex_dh_gex_request(int type, u_int kex->nbits = nbits; kex->min = min; kex->max = max; -- min = MAX(DH_GRP_MIN, min); -+ min = MAX(FIPS_mode() ? DH_GRP_MIN_FIPS : DH_GRP_MIN, min); - max = MIN(DH_GRP_MAX, max); -- nbits = MAX(DH_GRP_MIN, nbits); -+ nbits = MAX(FIPS_mode() ? DH_GRP_MIN_FIPS : DH_GRP_MIN, nbits); - nbits = MIN(DH_GRP_MAX, nbits); +- min = MAXIMUM(DH_GRP_MIN, min); ++ min = MAXIMUM(FIPS_mode() ? DH_GRP_MIN_FIPS : DH_GRP_MIN, min); + max = MINIMUM(DH_GRP_MAX, max); +- nbits = MAXIMUM(DH_GRP_MIN, nbits); ++ nbits = MAXIMUM(FIPS_mode() ? DH_GRP_MIN_FIPS : DH_GRP_MIN, nbits); + nbits = MINIMUM(DH_GRP_MAX, nbits); if (kex->max < kex->min || kex->nbits < kex->min || -diff -up openssh-7.2p1/mac.c.fips openssh-7.2p1/mac.c ---- openssh-7.2p1/mac.c.fips 2016-02-12 18:53:56.084665234 +0100 -+++ openssh-7.2p1/mac.c 2016-02-12 18:53:56.091665235 +0100 +diff -up openssh-7.4p1/mac.c.fips openssh-7.4p1/mac.c +--- openssh-7.4p1/mac.c.fips 2016-12-23 16:37:49.291741582 +0100 ++++ openssh-7.4p1/mac.c 2016-12-23 16:37:49.298741585 +0100 @@ -27,6 +27,8 @@ #include @@ -224,7 +216,7 @@ diff -up openssh-7.2p1/mac.c.fips openssh-7.2p1/mac.c /* Encrypt-and-MAC (encrypt-and-authenticate) variants */ { "hmac-sha1", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 0 }, { "hmac-sha1-96", SSH_DIGEST, SSH_DIGEST_SHA1, 96, 0, 0, 0 }, -@@ -85,6 +87,24 @@ static const struct macalg macs[] = { +@@ -89,6 +91,24 @@ static const struct macalg macs[] = { { NULL, 0, 0, 0, 0, 0, 0 } }; @@ -249,7 +241,7 @@ diff -up openssh-7.2p1/mac.c.fips openssh-7.2p1/mac.c /* Returns a list of supported MACs separated by the specified char. */ char * mac_alg_list(char sep) -@@ -93,7 +113,7 @@ mac_alg_list(char sep) +@@ -97,7 +117,7 @@ mac_alg_list(char sep) size_t nlen, rlen = 0; const struct macalg *m; @@ -258,7 +250,7 @@ diff -up openssh-7.2p1/mac.c.fips openssh-7.2p1/mac.c if (ret != NULL) ret[rlen++] = sep; nlen = strlen(m->name); -@@ -132,7 +152,7 @@ mac_setup(struct sshmac *mac, char *name +@@ -136,7 +156,7 @@ mac_setup(struct sshmac *mac, char *name { const struct macalg *m; @@ -267,10 +259,10 @@ diff -up openssh-7.2p1/mac.c.fips openssh-7.2p1/mac.c if (strcmp(name, m->name) != 0) continue; if (mac != NULL) -diff -up openssh-7.2p1/Makefile.in.fips openssh-7.2p1/Makefile.in ---- openssh-7.2p1/Makefile.in.fips 2016-02-12 18:53:56.085665235 +0100 -+++ openssh-7.2p1/Makefile.in 2016-02-12 18:53:56.092665235 +0100 -@@ -168,25 +168,25 @@ libssh.a: $(LIBSSH_OBJS) +diff -up openssh-7.4p1/Makefile.in.fips openssh-7.4p1/Makefile.in +--- openssh-7.4p1/Makefile.in.fips 2016-12-23 16:37:49.291741582 +0100 ++++ openssh-7.4p1/Makefile.in 2016-12-23 16:37:49.298741585 +0100 +@@ -169,25 +169,25 @@ libssh.a: $(LIBSSH_OBJS) $(RANLIB) $@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS) @@ -302,7 +294,7 @@ diff -up openssh-7.2p1/Makefile.in.fips openssh-7.2p1/Makefile.in ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) -@@ -204,7 +204,7 @@ ssh-cavs$(EXEEXT): $(LIBCOMPAT) libssh.a +@@ -205,7 +205,7 @@ ssh-cavs$(EXEEXT): $(LIBCOMPAT) libssh.a $(LD) -o $@ ssh-cavs.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o @@ -311,18 +303,16 @@ diff -up openssh-7.2p1/Makefile.in.fips openssh-7.2p1/Makefile.in sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) -diff -up openssh-7.2p1/myproposal.h.fips openssh-7.2p1/myproposal.h ---- openssh-7.2p1/myproposal.h.fips 2016-02-12 18:53:56.092665235 +0100 -+++ openssh-7.2p1/myproposal.h 2016-02-12 18:55:42.137675304 +0100 -@@ -129,6 +129,28 @@ +diff -up openssh-7.4p1/myproposal.h.fips openssh-7.4p1/myproposal.h +--- openssh-7.4p1/myproposal.h.fips 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/myproposal.h 2016-12-23 16:37:49.300741586 +0100 +@@ -138,6 +138,26 @@ #define KEX_CLIENT_MAC KEX_SERVER_MAC +#define KEX_DEFAULT_KEX_FIPS \ + KEX_ECDH_METHODS \ -+ KEX_SHA2_METHODS \ -+ "diffie-hellman-group-exchange-sha1," \ -+ "diffie-hellman-group14-sha1" ++ KEX_SHA2_METHODS +#define KEX_FIPS_ENCRYPT \ + "aes128-ctr,aes192-ctr,aes256-ctr," \ + "aes128-cbc,3des-cbc," \ @@ -343,10 +333,31 @@ diff -up openssh-7.2p1/myproposal.h.fips openssh-7.2p1/myproposal.h #else /* WITH_OPENSSL */ #define KEX_SERVER_KEX \ -diff -up openssh-7.2p1/readconf.c.fips openssh-7.2p1/readconf.c ---- openssh-7.2p1/readconf.c.fips 2016-02-12 18:53:56.073665234 +0100 -+++ openssh-7.2p1/readconf.c 2016-02-12 18:53:56.092665235 +0100 -@@ -1969,9 +1969,12 @@ fill_default_options(Options * options) +diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c.fips openssh-7.4p1/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c +--- openssh-7.4p1/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c.fips 2016-12-23 16:37:49.185741531 +0100 ++++ openssh-7.4p1/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c 2016-12-23 16:37:49.300741586 +0100 +@@ -55,6 +55,7 @@ + #include "secure_filename.h" + #include "uidswap.h" + #include ++#include + + #include "identity.h" + +@@ -104,7 +105,8 @@ pamsshagentauth_check_authkeys_file(FILE + found_key = 1; + logit("matching key found: file/command %s, line %lu", file, + linenum); +- fp = sshkey_fingerprint(found, SSH_DIGEST_MD5, SSH_FP_HEX); ++ fp = sshkey_fingerprint(found, FIPS_mode() ? SSH_DIGEST_SHA1 : SSH_DIGEST_MD5, ++ SSH_FP_HEX); + logit("Found matching %s key: %s", + key_type(found), fp); + free(fp); +diff -up openssh-7.4p1/readconf.c.fips openssh-7.4p1/readconf.c +--- openssh-7.4p1/readconf.c.fips 2016-12-23 16:37:49.274741574 +0100 ++++ openssh-7.4p1/readconf.c 2016-12-23 16:37:49.298741585 +0100 +@@ -2110,9 +2110,12 @@ fill_default_options(Options * options) } if (options->update_hostkeys == -1) options->update_hostkeys = 0; @@ -362,10 +373,23 @@ diff -up openssh-7.2p1/readconf.c.fips openssh-7.2p1/readconf.c kex_assemble_names(KEX_DEFAULT_PK_ALG, &options->hostbased_key_types) != 0 || kex_assemble_names(KEX_DEFAULT_PK_ALG, -diff -up openssh-7.2p1/servconf.c.fips openssh-7.2p1/servconf.c ---- openssh-7.2p1/servconf.c.fips 2016-02-12 18:53:56.068665233 +0100 -+++ openssh-7.2p1/servconf.c 2016-02-12 18:56:52.185681954 +0100 -@@ -188,9 +188,12 @@ option_clear_or_none(const char *o) +diff -up openssh-7.4p1/sandbox-seccomp-filter.c.fips openssh-7.4p1/sandbox-seccomp-filter.c +--- openssh-7.4p1/sandbox-seccomp-filter.c.fips 2016-12-23 16:37:49.292741583 +0100 ++++ openssh-7.4p1/sandbox-seccomp-filter.c 2016-12-23 16:37:49.300741586 +0100 +@@ -118,6 +118,9 @@ static const struct sock_filter preauth_ + #ifdef __NR_open + SC_DENY(open, EACCES), + #endif ++#ifdef __NR_socket ++ SC_DENY(socket, EACCES), ++#endif + #ifdef __NR_openat + SC_DENY(openat, EACCES), + #endif +diff -up openssh-7.4p1/servconf.c.fips openssh-7.4p1/servconf.c +--- openssh-7.4p1/servconf.c.fips 2016-12-23 16:37:49.285741579 +0100 ++++ openssh-7.4p1/servconf.c 2016-12-23 16:37:49.299741586 +0100 +@@ -185,9 +185,12 @@ option_clear_or_none(const char *o) static void assemble_algorithms(ServerOptions *o) { @@ -381,7 +405,7 @@ diff -up openssh-7.2p1/servconf.c.fips openssh-7.2p1/servconf.c kex_assemble_names(KEX_DEFAULT_PK_ALG, &o->hostkeyalgorithms) != 0 || kex_assemble_names(KEX_DEFAULT_PK_ALG, -@@ -2376,8 +2379,10 @@ dump_config(ServerOptions *o) +@@ -2390,8 +2393,10 @@ dump_config(ServerOptions *o) /* string arguments */ dump_cfg_string(sPidFile, o->pid_file); dump_cfg_string(sXAuthLocation, o->xauth_location); @@ -394,7 +418,7 @@ diff -up openssh-7.2p1/servconf.c.fips openssh-7.2p1/servconf.c dump_cfg_string(sBanner, o->banner != NULL ? o->banner : "none"); dump_cfg_string(sForceCommand, o->adm_forced_command); dump_cfg_string(sChrootDirectory, o->chroot_directory); -@@ -2392,8 +2397,8 @@ dump_config(ServerOptions *o) +@@ -2406,8 +2411,8 @@ dump_config(ServerOptions *o) dump_cfg_string(sAuthorizedPrincipalsCommand, o->authorized_principals_command); dump_cfg_string(sAuthorizedPrincipalsCommandUser, o->authorized_principals_command_user); dump_cfg_string(sHostKeyAgent, o->host_key_agent); @@ -405,10 +429,10 @@ diff -up openssh-7.2p1/servconf.c.fips openssh-7.2p1/servconf.c dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types ? o->hostbased_key_types : KEX_DEFAULT_PK_ALG); dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms ? -diff -up openssh-7.2p1/ssh.c.fips openssh-7.2p1/ssh.c ---- openssh-7.2p1/ssh.c.fips 2016-02-12 11:47:25.000000000 +0100 -+++ openssh-7.2p1/ssh.c 2016-02-12 18:53:56.093665236 +0100 -@@ -75,6 +75,8 @@ +diff -up openssh-7.4p1/ssh.c.fips openssh-7.4p1/ssh.c +--- openssh-7.4p1/ssh.c.fips 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/ssh.c 2016-12-23 16:37:49.299741586 +0100 +@@ -76,6 +76,8 @@ #include #include #endif @@ -417,7 +441,7 @@ diff -up openssh-7.2p1/ssh.c.fips openssh-7.2p1/ssh.c #include "openbsd-compat/openssl-compat.h" #include "openbsd-compat/sys-queue.h" -@@ -531,6 +533,14 @@ main(int ac, char **av) +@@ -530,6 +532,14 @@ main(int ac, char **av) sanitise_stdfd(); __progname = ssh_get_progname(av[0]); @@ -432,7 +456,7 @@ diff -up openssh-7.2p1/ssh.c.fips openssh-7.2p1/ssh.c #ifndef HAVE_SETPROCTITLE /* Prepare for later setproctitle emulation */ -@@ -608,6 +618,9 @@ main(int ac, char **av) +@@ -609,6 +619,9 @@ main(int ac, char **av) "ACD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { switch (opt) { case '1': @@ -442,7 +466,7 @@ diff -up openssh-7.2p1/ssh.c.fips openssh-7.2p1/ssh.c options.protocol = SSH_PROTO_1; break; case '2': -@@ -952,7 +965,6 @@ main(int ac, char **av) +@@ -964,7 +977,6 @@ main(int ac, char **av) host_arg = xstrdup(host); #ifdef WITH_OPENSSL @@ -450,7 +474,7 @@ diff -up openssh-7.2p1/ssh.c.fips openssh-7.2p1/ssh.c ERR_load_crypto_strings(); #endif -@@ -1126,6 +1138,10 @@ main(int ac, char **av) +@@ -1175,6 +1187,10 @@ main(int ac, char **av) seed_rng(); @@ -461,7 +485,7 @@ diff -up openssh-7.2p1/ssh.c.fips openssh-7.2p1/ssh.c if (options.user == NULL) options.user = xstrdup(pw->pw_name); -@@ -1206,6 +1222,12 @@ main(int ac, char **av) +@@ -1263,6 +1279,12 @@ main(int ac, char **av) timeout_ms = options.connection_timeout * 1000; @@ -474,9 +498,9 @@ diff -up openssh-7.2p1/ssh.c.fips openssh-7.2p1/ssh.c /* Open a connection to the remote host. */ if (ssh_connect(host, addrs, &hostaddr, options.port, options.address_family, options.connection_attempts, -diff -up openssh-7.2p1/sshconnect2.c.fips openssh-7.2p1/sshconnect2.c ---- openssh-7.2p1/sshconnect2.c.fips 2016-02-12 18:53:56.074665234 +0100 -+++ openssh-7.2p1/sshconnect2.c 2016-02-12 18:53:56.094665236 +0100 +diff -up openssh-7.4p1/sshconnect2.c.fips openssh-7.4p1/sshconnect2.c +--- openssh-7.4p1/sshconnect2.c.fips 2016-12-23 16:37:49.275741574 +0100 ++++ openssh-7.4p1/sshconnect2.c 2016-12-23 16:37:49.299741586 +0100 @@ -44,6 +44,8 @@ #include #endif @@ -486,7 +510,7 @@ diff -up openssh-7.2p1/sshconnect2.c.fips openssh-7.2p1/sshconnect2.c #include "openbsd-compat/sys-queue.h" #include "xmalloc.h" -@@ -171,21 +173,26 @@ ssh_kex2(char *host, struct sockaddr *ho +@@ -172,21 +174,26 @@ ssh_kex2(char *host, struct sockaddr *ho #ifdef GSSAPI if (options.gss_keyex) { @@ -528,9 +552,9 @@ diff -up openssh-7.2p1/sshconnect2.c.fips openssh-7.2p1/sshconnect2.c } } #endif -diff -up openssh-7.2p1/sshd.c.fips openssh-7.2p1/sshd.c ---- openssh-7.2p1/sshd.c.fips 2016-02-12 18:53:56.088665235 +0100 -+++ openssh-7.2p1/sshd.c 2016-02-12 18:53:56.094665236 +0100 +diff -up openssh-7.4p1/sshd.c.fips openssh-7.4p1/sshd.c +--- openssh-7.4p1/sshd.c.fips 2016-12-23 16:37:49.293741583 +0100 ++++ openssh-7.4p1/sshd.c 2016-12-23 16:37:49.299741586 +0100 @@ -66,6 +66,7 @@ #include #include @@ -548,7 +572,7 @@ diff -up openssh-7.2p1/sshd.c.fips openssh-7.2p1/sshd.c #include "openbsd-compat/openssl-compat.h" #endif -@@ -1555,6 +1558,18 @@ main(int ac, char **av) +@@ -1475,6 +1478,18 @@ main(int ac, char **av) #endif __progname = ssh_get_progname(av[0]); @@ -567,7 +591,7 @@ diff -up openssh-7.2p1/sshd.c.fips openssh-7.2p1/sshd.c /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ saved_argc = ac; rexec_argc = ac; -@@ -1707,7 +1722,7 @@ main(int ac, char **av) +@@ -1623,7 +1638,7 @@ main(int ac, char **av) else closefrom(REEXEC_DEVCRYPTO_RESERVED_FD); @@ -576,18 +600,7 @@ diff -up openssh-7.2p1/sshd.c.fips openssh-7.2p1/sshd.c OpenSSL_add_all_algorithms(); #endif -@@ -1906,6 +1921,10 @@ main(int ac, char **av) - sshkey_type(pubkey) : sshkey_ssh_name(pubkey), fp); - free(fp); - } -+ if ((options.protocol & SSH_PROTO_1) && FIPS_mode()) { -+ logit("Disabling protocol version 1. Not allowed in the FIPS mode."); -+ options.protocol &= ~SSH_PROTO_1; -+ } - if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) { - logit("Disabling protocol version 1. Could not load host key"); - options.protocol &= ~SSH_PROTO_1; -@@ -2074,6 +2093,10 @@ main(int ac, char **av) +@@ -1937,6 +1952,10 @@ main(int ac, char **av) /* Reinitialize the log (because of the fork above). */ log_init(__progname, options.log_level, options.log_facility, log_stderr); @@ -598,7 +611,7 @@ diff -up openssh-7.2p1/sshd.c.fips openssh-7.2p1/sshd.c /* Chdir to the root directory so that the current disk can be unmounted if desired. */ if (chdir("/") == -1) -@@ -2695,10 +2718,14 @@ do_ssh2_kex(void) +@@ -2309,10 +2328,14 @@ do_ssh2_kex(void) if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0) orig = NULL; @@ -617,10 +630,10 @@ diff -up openssh-7.2p1/sshd.c.fips openssh-7.2p1/sshd.c if (gss && orig) xasprintf(&newstr, "%s,%s", gss, orig); -diff -up openssh-7.2p1/sshkey.c.fips openssh-7.2p1/sshkey.c ---- openssh-7.2p1/sshkey.c.fips 2016-02-12 18:53:56.089665235 +0100 -+++ openssh-7.2p1/sshkey.c 2016-02-12 18:53:56.095665236 +0100 -@@ -35,6 +35,7 @@ +diff -up openssh-7.4p1/sshkey.c.fips openssh-7.4p1/sshkey.c +--- openssh-7.4p1/sshkey.c.fips 2016-12-23 16:37:49.293741583 +0100 ++++ openssh-7.4p1/sshkey.c 2016-12-23 16:37:49.300741586 +0100 +@@ -34,6 +34,7 @@ #include #include #include @@ -628,7 +641,7 @@ diff -up openssh-7.2p1/sshkey.c.fips openssh-7.2p1/sshkey.c #endif #include "crypto_api.h" -@@ -58,6 +58,7 @@ +@@ -56,6 +57,7 @@ #include "digest.h" #define SSHKEY_INTERNAL #include "sshkey.h" @@ -636,7 +649,7 @@ diff -up openssh-7.2p1/sshkey.c.fips openssh-7.2p1/sshkey.c #include "match.h" #include "xmalloc.h" -@@ -1554,6 +1555,8 @@ rsa_generate_private_key(u_int bits, RSA +@@ -1580,6 +1582,8 @@ rsa_generate_private_key(u_int bits, RSA } if (!BN_set_word(f4, RSA_F4) || !RSA_generate_key_ex(private, bits, f4, NULL)) { @@ -645,85 +658,3 @@ diff -up openssh-7.2p1/sshkey.c.fips openssh-7.2p1/sshkey.c ret = SSH_ERR_LIBCRYPTO_ERROR; goto out; } -diff --git a/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c b/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c -index 688b1b1..a3c1541 100644 ---- a/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c -+++ b/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c -@@ -55,6 +55,7 @@ - #include "secure_filename.h" - #include "uidswap.h" - #include -+#include - - #include "identity.h" - -@@ -104,7 +105,8 @@ pamsshagentauth_check_authkeys_file(FILE * f, char *file, Key * key) - found_key = 1; - logit("matching key found: file/command %s, line %lu", file, - linenum); -- fp = sshkey_fingerprint(found, SSH_DIGEST_MD5, SSH_FP_HEX); -+ fp = sshkey_fingerprint(found, FIPS_mode() ? SSH_DIGEST_SHA1 : SSH_DIGEST_MD5, -+ SSH_FP_HEX); - logit("Found matching %s key: %s", - key_type(found), fp); - free(fp); -diff --git a/cipher.c b/cipher.c -index f282907..51bbffb 100644 ---- a/cipher.c -+++ b/cipher.c -@@ -112,12 +112,6 @@ static const struct sshcipher fips_ciphers[] = { - { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, 0, EVP_aes_128_ctr }, - { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, 0, EVP_aes_192_ctr }, - { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 0, EVP_aes_256_ctr }, --#ifdef OPENSSL_HAVE_EVPGCM -- { "aes128-gcm@openssh.com", -- SSH_CIPHER_SSH2, 16, 16, 12, 16, 0, 0, EVP_aes_128_gcm }, -- { "aes256-gcm@openssh.com", -- SSH_CIPHER_SSH2, 16, 32, 12, 16, 0, 0, EVP_aes_256_gcm }, --#endif - { NULL, SSH_CIPHER_INVALID, 0, 0, 0, 0, 0, 0, NULL } - }; - -diff --git a/kex.c b/kex.c -index f07a636..4ce5843 100644 ---- a/kex.c -+++ b/kex.c -@@ -123,8 +123,6 @@ static const struct kexalg kexalgs[] = { - }; - - static const struct kexalg kexalgs_fips[] = { -- { KEX_DH14, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 }, -- { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 }, - #ifdef HAVE_EVP_SHA256 - { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 }, - #endif -diff --git a/myproposal.h b/myproposal.h -index 7efe312..bcf2ae1 100644 ---- a/myproposal.h -+++ b/myproposal.h -@@ -131,9 +131,7 @@ - - #define KEX_DEFAULT_KEX_FIPS \ - KEX_ECDH_METHODS \ -- KEX_SHA2_METHODS \ -- "diffie-hellman-group-exchange-sha1," \ -- "diffie-hellman-group14-sha1" -+ KEX_SHA2_METHODS - #define KEX_FIPS_ENCRYPT \ - "aes128-ctr,aes192-ctr,aes256-ctr," \ - "aes128-cbc,3des-cbc," \ -diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c -index a3975eb..5224084 100644 ---- a/sandbox-seccomp-filter.c -+++ b/sandbox-seccomp-filter.c -@@ -112,6 +112,9 @@ static const struct sock_filter preauth_insns[] = { - #ifdef __NR_open - SC_DENY(open, EACCES), - #endif -+#ifdef __NR_socket -+ SC_DENY(socket, EACCES), -+#endif - #ifdef __NR_openat - SC_DENY(openat, EACCES), - #endif - diff --git a/openssh-7.2p1-gsskex.patch b/openssh-7.2p1-gsskex.patch index 8ffea3c..0ab2e04 100644 --- a/openssh-7.2p1-gsskex.patch +++ b/openssh-7.2p1-gsskex.patch @@ -1,6 +1,6 @@ -diff -up openssh-7.2p1/auth2.c.gsskex openssh-7.2p1/auth2.c ---- openssh-7.2p1/auth2.c.gsskex 2016-02-19 10:01:04.829969345 +0100 -+++ openssh-7.2p1/auth2.c 2016-02-19 10:01:04.865969325 +0100 +diff -up openssh-7.4p1/auth2.c.gsskex openssh-7.4p1/auth2.c +--- openssh-7.4p1/auth2.c.gsskex 2016-12-23 13:38:53.685300997 +0100 ++++ openssh-7.4p1/auth2.c 2016-12-23 13:38:53.725301005 +0100 @@ -70,6 +70,7 @@ extern Authmethod method_passwd; extern Authmethod method_kbdint; extern Authmethod method_hostbased; @@ -17,9 +17,9 @@ diff -up openssh-7.2p1/auth2.c.gsskex openssh-7.2p1/auth2.c &method_gssapi, #endif &method_passwd, -diff -up openssh-7.2p1/auth2-gss.c.gsskex openssh-7.2p1/auth2-gss.c ---- openssh-7.2p1/auth2-gss.c.gsskex 2016-02-19 10:01:04.829969345 +0100 -+++ openssh-7.2p1/auth2-gss.c 2016-02-19 10:01:04.865969325 +0100 +diff -up openssh-7.4p1/auth2-gss.c.gsskex openssh-7.4p1/auth2-gss.c +--- openssh-7.4p1/auth2-gss.c.gsskex 2016-12-23 13:38:53.685300997 +0100 ++++ openssh-7.4p1/auth2-gss.c 2016-12-23 13:38:53.725301005 +0100 @@ -31,6 +31,7 @@ #include @@ -102,21 +102,10 @@ diff -up openssh-7.2p1/auth2-gss.c.gsskex openssh-7.2p1/auth2-gss.c Authmethod method_gssapi = { "gssapi-with-mic", userauth_gssapi, -diff -up openssh-7.2p1/auth.c.gsskex openssh-7.2p1/auth.c ---- openssh-7.2p1/auth.c.gsskex 2016-02-12 11:47:25.000000000 +0100 -+++ openssh-7.2p1/auth.c 2016-02-19 10:01:04.866969324 +0100 -@@ -354,6 +354,7 @@ auth_root_allowed(const char *method) - case PERMIT_NO_PASSWD: - if (strcmp(method, "publickey") == 0 || - strcmp(method, "hostbased") == 0 || -+ strcmp(method, "gssapi-keyex") == 0 || - strcmp(method, "gssapi-with-mic") == 0) - return 1; - break; -diff -up openssh-7.2p1/clientloop.c.gsskex openssh-7.2p1/clientloop.c ---- openssh-7.2p1/clientloop.c.gsskex 2016-02-12 11:47:25.000000000 +0100 -+++ openssh-7.2p1/clientloop.c 2016-02-19 10:01:04.866969324 +0100 -@@ -114,6 +114,10 @@ +diff -up openssh-7.4p1/clientloop.c.gsskex openssh-7.4p1/clientloop.c +--- openssh-7.4p1/clientloop.c.gsskex 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/clientloop.c 2016-12-23 13:38:53.725301005 +0100 +@@ -113,6 +113,10 @@ #include "ssherr.h" #include "hostfile.h" @@ -127,7 +116,7 @@ diff -up openssh-7.2p1/clientloop.c.gsskex openssh-7.2p1/clientloop.c /* import options */ extern Options options; -@@ -1662,9 +1666,18 @@ client_loop(int have_pty, int escape_cha +@@ -1664,9 +1668,18 @@ client_loop(int have_pty, int escape_cha break; /* Do channel operations unless rekeying in progress. */ @@ -137,7 +126,7 @@ diff -up openssh-7.2p1/clientloop.c.gsskex openssh-7.2p1/clientloop.c +#ifdef GSSAPI + if (options.gss_renewal_rekey && -+ ssh_gssapi_credentials_updated(GSS_C_NO_CONTEXT)) { ++ ssh_gssapi_credentials_updated(NULL)) { + debug("credentials updated - forcing rekey"); + need_rekeying = 1; + } @@ -147,10 +136,10 @@ diff -up openssh-7.2p1/clientloop.c.gsskex openssh-7.2p1/clientloop.c /* Buffer input from the connection. */ client_process_net_input(readset); -diff -up openssh-7.2p1/configure.ac.gsskex openssh-7.2p1/configure.ac ---- openssh-7.2p1/configure.ac.gsskex 2016-02-19 10:01:04.857969329 +0100 -+++ openssh-7.2p1/configure.ac 2016-02-19 10:01:04.867969323 +0100 -@@ -632,6 +632,30 @@ main() { if (NSVersionOfRunTimeLibrary(" +diff -up openssh-7.4p1/configure.ac.gsskex openssh-7.4p1/configure.ac +--- openssh-7.4p1/configure.ac.gsskex 2016-12-23 13:38:53.716301003 +0100 ++++ openssh-7.4p1/configure.ac 2016-12-23 13:38:53.726301005 +0100 +@@ -623,6 +623,30 @@ main() { if (NSVersionOfRunTimeLibrary(" [Use tunnel device compatibility to OpenBSD]) AC_DEFINE([SSH_TUN_PREPEND_AF], [1], [Prepend the address family to IP tunnel traffic]) @@ -181,10 +170,10 @@ diff -up openssh-7.2p1/configure.ac.gsskex openssh-7.2p1/configure.ac m4_pattern_allow([AU_IPv]) AC_CHECK_DECL([AU_IPv4], [], AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) -diff -up openssh-7.2p1/gss-genr.c.gsskex openssh-7.2p1/gss-genr.c ---- openssh-7.2p1/gss-genr.c.gsskex 2016-02-12 11:47:25.000000000 +0100 -+++ openssh-7.2p1/gss-genr.c 2016-02-19 10:01:04.867969323 +0100 -@@ -41,12 +41,167 @@ +diff -up openssh-7.4p1/gss-genr.c.gsskex openssh-7.4p1/gss-genr.c +--- openssh-7.4p1/gss-genr.c.gsskex 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/gss-genr.c 2016-12-23 13:38:53.726301005 +0100 +@@ -40,12 +40,167 @@ #include "buffer.h" #include "log.h" #include "ssh2.h" @@ -352,7 +341,7 @@ diff -up openssh-7.2p1/gss-genr.c.gsskex openssh-7.2p1/gss-genr.c /* Check that the OID in a data stream matches that in the context */ int ssh_gssapi_check_oid(Gssctxt *ctx, void *data, size_t len) -@@ -199,7 +354,7 @@ ssh_gssapi_init_ctx(Gssctxt *ctx, int de +@@ -198,7 +353,7 @@ ssh_gssapi_init_ctx(Gssctxt *ctx, int de } ctx->major = gss_init_sec_context(&ctx->minor, @@ -361,7 +350,7 @@ diff -up openssh-7.2p1/gss-genr.c.gsskex openssh-7.2p1/gss-genr.c GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | deleg_flag, 0, NULL, recv_tok, NULL, send_tok, flags, NULL); -@@ -229,8 +384,42 @@ ssh_gssapi_import_name(Gssctxt *ctx, con +@@ -228,8 +383,42 @@ ssh_gssapi_import_name(Gssctxt *ctx, con } OM_uint32 @@ -404,7 +393,7 @@ diff -up openssh-7.2p1/gss-genr.c.gsskex openssh-7.2p1/gss-genr.c if ((ctx->major = gss_get_mic(&ctx->minor, ctx->context, GSS_C_QOP_DEFAULT, buffer, hash))) ssh_gssapi_error(ctx); -@@ -238,6 +427,19 @@ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer +@@ -237,6 +426,19 @@ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer return (ctx->major); } @@ -424,7 +413,7 @@ diff -up openssh-7.2p1/gss-genr.c.gsskex openssh-7.2p1/gss-genr.c void ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service, const char *context) -@@ -251,11 +453,16 @@ ssh_gssapi_buildmic(Buffer *b, const cha +@@ -250,11 +452,16 @@ ssh_gssapi_buildmic(Buffer *b, const cha } int @@ -442,7 +431,7 @@ diff -up openssh-7.2p1/gss-genr.c.gsskex openssh-7.2p1/gss-genr.c /* RFC 4462 says we MUST NOT do SPNEGO */ if (oid->length == spnego_oid.length && -@@ -265,6 +472,10 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx +@@ -264,6 +471,10 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx ssh_gssapi_build_ctx(ctx); ssh_gssapi_set_oid(*ctx, oid); major = ssh_gssapi_import_name(*ctx, host); @@ -453,7 +442,7 @@ diff -up openssh-7.2p1/gss-genr.c.gsskex openssh-7.2p1/gss-genr.c if (!GSS_ERROR(major)) { major = ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token, NULL); -@@ -274,10 +485,66 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx +@@ -273,10 +484,66 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx GSS_C_NO_BUFFER); } @@ -521,9 +510,9 @@ diff -up openssh-7.2p1/gss-genr.c.gsskex openssh-7.2p1/gss-genr.c +} + #endif /* GSSAPI */ -diff -up openssh-7.2p1/gss-serv.c.gsskex openssh-7.2p1/gss-serv.c ---- openssh-7.2p1/gss-serv.c.gsskex 2016-02-12 11:47:25.000000000 +0100 -+++ openssh-7.2p1/gss-serv.c 2016-02-19 10:01:04.867969323 +0100 +diff -up openssh-7.4p1/gss-serv.c.gsskex openssh-7.4p1/gss-serv.c +--- openssh-7.4p1/gss-serv.c.gsskex 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/gss-serv.c 2016-12-23 13:38:53.727301005 +0100 @@ -45,17 +45,19 @@ #include "session.h" #include "misc.h" @@ -536,9 +525,10 @@ diff -up openssh-7.2p1/gss-serv.c.gsskex openssh-7.2p1/gss-serv.c extern ServerOptions options; static ssh_gssapi_client gssapi_client = - { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, +- { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, - GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL, NULL}}; -+ GSS_C_NO_CREDENTIAL, GSS_C_NO_NAME, {NULL, NULL, NULL}, 0, 0}; ++ { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, GSS_C_NO_CREDENTIAL, ++ GSS_C_NO_NAME, NULL, {NULL, NULL, NULL, NULL, NULL}, 0, 0}; ssh_gssapi_mech gssapi_null_mech = - { NULL, NULL, {0, NULL}, NULL, NULL, NULL, NULL}; @@ -805,9 +795,9 @@ diff -up openssh-7.2p1/gss-serv.c.gsskex openssh-7.2p1/gss-serv.c } #endif -diff -up openssh-7.2p1/gss-serv-krb5.c.gsskex openssh-7.2p1/gss-serv-krb5.c ---- openssh-7.2p1/gss-serv-krb5.c.gsskex 2016-02-12 11:47:25.000000000 +0100 -+++ openssh-7.2p1/gss-serv-krb5.c 2016-02-19 10:01:04.867969323 +0100 +diff -up openssh-7.4p1/gss-serv-krb5.c.gsskex openssh-7.4p1/gss-serv-krb5.c +--- openssh-7.4p1/gss-serv-krb5.c.gsskex 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/gss-serv-krb5.c 2016-12-23 13:38:53.727301005 +0100 @@ -121,7 +121,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_cl krb5_error_code problem; krb5_principal princ; @@ -935,9 +925,9 @@ diff -up openssh-7.2p1/gss-serv-krb5.c.gsskex openssh-7.2p1/gss-serv-krb5.c }; #endif /* KRB5 */ -diff -up openssh-7.2p1/kex.c.gsskex openssh-7.2p1/kex.c ---- openssh-7.2p1/kex.c.gsskex 2016-02-12 11:47:25.000000000 +0100 -+++ openssh-7.2p1/kex.c 2016-02-19 10:01:04.868969323 +0100 +diff -up openssh-7.4p1/kex.c.gsskex openssh-7.4p1/kex.c +--- openssh-7.4p1/kex.c.gsskex 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/kex.c 2016-12-23 13:39:56.064313151 +0100 @@ -54,6 +54,10 @@ #include "sshbuf.h" #include "digest.h" @@ -949,9 +939,9 @@ diff -up openssh-7.2p1/kex.c.gsskex openssh-7.2p1/kex.c #if OPENSSL_VERSION_NUMBER >= 0x00907000L # if defined(HAVE_EVP_SHA256) # define evp_ssh_sha256 EVP_sha256 -@@ -107,6 +111,11 @@ static const struct kexalg kexalgs[] = { - #if defined(HAVE_EVP_SHA256) || !defined(WITH_OPENSSL) +@@ -111,6 +115,11 @@ static const struct kexalg kexalgs[] = { { KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 }, + { KEX_CURVE25519_SHA256_OLD, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 }, #endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */ +#ifdef GSSAPI + { KEX_GSS_GEX_SHA1_ID, KEX_GSS_GEX_SHA1, 0, SSH_DIGEST_SHA1 }, @@ -961,7 +951,7 @@ diff -up openssh-7.2p1/kex.c.gsskex openssh-7.2p1/kex.c { NULL, -1, -1, -1}, }; -@@ -140,6 +149,12 @@ kex_alg_by_name(const char *name) +@@ -144,6 +153,12 @@ kex_alg_by_name(const char *name) for (k = kexalgs; k->name != NULL; k++) { if (strcmp(k->name, name) == 0) return k; @@ -974,9 +964,9 @@ diff -up openssh-7.2p1/kex.c.gsskex openssh-7.2p1/kex.c } return NULL; } -diff -up openssh-7.2p1/kexgssc.c.gsskex openssh-7.2p1/kexgssc.c ---- openssh-7.2p1/kexgssc.c.gsskex 2016-02-19 10:01:04.868969323 +0100 -+++ openssh-7.2p1/kexgssc.c 2016-02-19 10:01:04.868969323 +0100 +diff -up openssh-7.4p1/kexgssc.c.gsskex openssh-7.4p1/kexgssc.c +--- openssh-7.4p1/kexgssc.c.gsskex 2016-12-23 13:38:53.727301005 +0100 ++++ openssh-7.4p1/kexgssc.c 2016-12-23 13:38:53.727301005 +0100 @@ -0,0 +1,338 @@ +/* + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. @@ -1316,9 +1306,9 @@ diff -up openssh-7.2p1/kexgssc.c.gsskex openssh-7.2p1/kexgssc.c +} + +#endif /* GSSAPI */ -diff -up openssh-7.2p1/kexgsss.c.gsskex openssh-7.2p1/kexgsss.c ---- openssh-7.2p1/kexgsss.c.gsskex 2016-02-19 10:01:04.868969323 +0100 -+++ openssh-7.2p1/kexgsss.c 2016-02-19 10:01:04.868969323 +0100 +diff -up openssh-7.4p1/kexgsss.c.gsskex openssh-7.4p1/kexgsss.c +--- openssh-7.4p1/kexgsss.c.gsskex 2016-12-23 13:38:53.728301005 +0100 ++++ openssh-7.4p1/kexgsss.c 2016-12-23 13:38:53.728301005 +0100 @@ -0,0 +1,297 @@ +/* + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. @@ -1617,10 +1607,10 @@ diff -up openssh-7.2p1/kexgsss.c.gsskex openssh-7.2p1/kexgsss.c + return 0; +} +#endif /* GSSAPI */ -diff -up openssh-7.2p1/kex.h.gsskex openssh-7.2p1/kex.h ---- openssh-7.2p1/kex.h.gsskex 2016-02-12 11:47:25.000000000 +0100 -+++ openssh-7.2p1/kex.h 2016-02-19 10:01:04.868969323 +0100 -@@ -92,6 +92,11 @@ enum kex_exchange { +diff -up openssh-7.4p1/kex.h.gsskex openssh-7.4p1/kex.h +--- openssh-7.4p1/kex.h.gsskex 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/kex.h 2016-12-23 13:38:53.728301005 +0100 +@@ -99,6 +99,11 @@ enum kex_exchange { KEX_DH_GEX_SHA256, KEX_ECDH_SHA2, KEX_C25519_SHA256, @@ -1632,7 +1622,7 @@ diff -up openssh-7.2p1/kex.h.gsskex openssh-7.2p1/kex.h KEX_MAX }; -@@ -140,6 +145,12 @@ struct kex { +@@ -147,6 +152,12 @@ struct kex { u_int flags; int hash_alg; int ec_nid; @@ -1645,7 +1635,7 @@ diff -up openssh-7.2p1/kex.h.gsskex openssh-7.2p1/kex.h char *client_version_string; char *server_version_string; char *failed_choice; -@@ -189,6 +200,10 @@ int kexecdh_client(struct ssh *); +@@ -196,6 +207,10 @@ int kexecdh_client(struct ssh *); int kexecdh_server(struct ssh *); int kexc25519_client(struct ssh *); int kexc25519_server(struct ssh *); @@ -1656,10 +1646,10 @@ diff -up openssh-7.2p1/kex.h.gsskex openssh-7.2p1/kex.h int kex_dh_hash(int, const char *, const char *, const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, -diff -up openssh/Makefile.in.gsskex openssh/Makefile.in ---- openssh/Makefile.in.gsskex 2016-07-25 14:11:42.978324182 +0200 -+++ openssh/Makefile.in 2016-07-25 14:14:15.560289050 +0200 -@@ -90,6 +90,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ +diff -up openssh-7.4p1/Makefile.in.gsskex openssh-7.4p1/Makefile.in +--- openssh-7.4p1/Makefile.in.gsskex 2016-12-23 13:38:53.723301004 +0100 ++++ openssh-7.4p1/Makefile.in 2016-12-23 13:40:32.226320197 +0100 +@@ -91,6 +91,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \ atomicio.o key.o dispatch.o mac.o uidswap.o uuencode.o misc.o utf8.o \ monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \ @@ -1667,19 +1657,19 @@ diff -up openssh/Makefile.in.gsskex openssh/Makefile.in msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \ ssh-pkcs11.o smult_curve25519_ref.o \ poly1305.o chacha.o cipher-chachapoly.o \ -@@ -111,7 +112,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw +@@ -112,7 +113,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \ auth2-none.o auth2-passwd.o auth2-pubkey.o \ - monitor_mm.o monitor.o monitor_wrap.o auth-krb5.o \ + monitor.o monitor_wrap.o auth-krb5.o \ - auth2-gss.o gss-serv.o gss-serv-krb5.o \ -+ auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o \ ++ auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o \ loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ sftp-server.o sftp-common.o \ sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ -diff -up openssh-7.2p1/monitor.c.gsskex openssh-7.2p1/monitor.c ---- openssh-7.2p1/monitor.c.gsskex 2016-02-19 10:01:04.830969345 +0100 -+++ openssh-7.2p1/monitor.c 2016-02-19 10:01:04.869969322 +0100 -@@ -159,6 +159,8 @@ int mm_answer_gss_setup_ctx(int, Buffer +diff -up openssh-7.4p1/monitor.c.gsskex openssh-7.4p1/monitor.c +--- openssh-7.4p1/monitor.c.gsskex 2016-12-23 13:38:53.687300997 +0100 ++++ openssh-7.4p1/monitor.c 2016-12-23 13:45:49.347381091 +0100 +@@ -160,6 +160,8 @@ int mm_answer_gss_setup_ctx(int, Buffer int mm_answer_gss_accept_ctx(int, Buffer *); int mm_answer_gss_userok(int, Buffer *); int mm_answer_gss_checkmic(int, Buffer *); @@ -1688,10 +1678,10 @@ diff -up openssh-7.2p1/monitor.c.gsskex openssh-7.2p1/monitor.c #endif #ifdef SSH_AUDIT_EVENTS -@@ -239,11 +241,18 @@ struct mon_table mon_dispatch_proto20[] - {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx}, - {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok}, - {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic}, +@@ -236,11 +238,18 @@ struct mon_table mon_dispatch_proto20[] + {MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx}, + {MONITOR_REQ_GSSUSEROK, MON_ONCE|MON_AUTHDECIDE, mm_answer_gss_userok}, + {MONITOR_REQ_GSSCHECKMIC, MON_ONCE, mm_answer_gss_checkmic}, + {MONITOR_REQ_GSSSIGN, MON_ONCE, mm_answer_gss_sign}, #endif {0, 0, NULL} @@ -1707,29 +1697,29 @@ diff -up openssh-7.2p1/monitor.c.gsskex openssh-7.2p1/monitor.c #ifdef WITH_OPENSSL {MONITOR_REQ_MODULI, 0, mm_answer_moduli}, #endif -@@ -358,6 +367,10 @@ monitor_child_preauth(Authctxt *_authctx - /* Permit requests for moduli and signatures */ - monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); - monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); +@@ -307,6 +316,10 @@ monitor_child_preauth(Authctxt *_authctx + /* Permit requests for moduli and signatures */ + monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); + monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); +#ifdef GSSAPI -+ /* and for the GSSAPI key exchange */ -+ monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1); ++ /* and for the GSSAPI key exchange */ ++ monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1); +#endif - } else { - mon_dispatch = mon_dispatch_proto15; -@@ -466,6 +479,10 @@ monitor_child_postauth(struct monitor *p - monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); - monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); - monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); + /* The first few requests do not require asynchronous access */ + while (!authenticated) { +@@ -406,6 +419,10 @@ monitor_child_postauth(struct monitor *p + monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); + monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); + monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); +#ifdef GSSAPI -+ /* and for the GSSAPI key exchange */ -+ monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1); ++ /* and for the GSSAPI key exchange */ ++ monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1); +#endif - } else { - mon_dispatch = mon_dispatch_postauth15; - monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); -@@ -1893,6 +1910,13 @@ monitor_apply_keystate(struct monitor *p + + if (!no_pty_flag) { + monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); +@@ -1633,6 +1650,13 @@ monitor_apply_keystate(struct monitor *p # endif #endif /* WITH_OPENSSL */ kex->kex[KEX_C25519_SHA256] = kexc25519_server; @@ -1743,27 +1733,25 @@ diff -up openssh-7.2p1/monitor.c.gsskex openssh-7.2p1/monitor.c kex->load_host_public_key=&get_hostkey_public_by_type; kex->load_host_private_key=&get_hostkey_private_by_type; kex->host_key_index=&get_hostkey_index; -@@ -1992,6 +2016,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer +@@ -1712,7 +1736,7 @@ mm_answer_gss_setup_ctx(int sock, Buffer OM_uint32 major; u_int len; +- if (!options.gss_authentication) + if (!options.gss_authentication && !options.gss_keyex) -+ fatal("In GSSAPI monitor when GSSAPI is disabled"); -+ - goid.elements = buffer_get_string(m, &len); - goid.length = len; + fatal("%s: GSSAPI authentication not enabled", __func__); -@@ -2019,6 +2046,9 @@ mm_answer_gss_accept_ctx(int sock, Buffe + goid.elements = buffer_get_string(m, &len); +@@ -1742,7 +1766,7 @@ mm_answer_gss_accept_ctx(int sock, Buffe OM_uint32 flags = 0; /* GSI needs this */ u_int len; +- if (!options.gss_authentication) + if (!options.gss_authentication && !options.gss_keyex) -+ fatal("In GSSAPI monitor when GSSAPI is disabled"); -+ + fatal("%s: GSSAPI authentication not enabled", __func__); + in.value = buffer_get_string(m, &len); - in.length = len; - major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); -@@ -2036,6 +2066,7 @@ mm_answer_gss_accept_ctx(int sock, Buffe +@@ -1762,6 +1786,7 @@ mm_answer_gss_accept_ctx(int sock, Buffe monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); @@ -1771,30 +1759,30 @@ diff -up openssh-7.2p1/monitor.c.gsskex openssh-7.2p1/monitor.c } return (0); } -@@ -2047,6 +2078,9 @@ mm_answer_gss_checkmic(int sock, Buffer +@@ -1773,7 +1798,7 @@ mm_answer_gss_checkmic(int sock, Buffer OM_uint32 ret; u_int len; +- if (!options.gss_authentication) + if (!options.gss_authentication && !options.gss_keyex) -+ fatal("In GSSAPI monitor when GSSAPI is disabled"); -+ + fatal("%s: GSSAPI authentication not enabled", __func__); + gssbuf.value = buffer_get_string(m, &len); - gssbuf.length = len; - mic.value = buffer_get_string(m, &len); -@@ -2073,7 +2107,11 @@ mm_answer_gss_userok(int sock, Buffer *m +@@ -1802,10 +1827,11 @@ mm_answer_gss_userok(int sock, Buffer *m { int authenticated; -- authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user); +- if (!options.gss_authentication) + if (!options.gss_authentication && !options.gss_keyex) -+ fatal("In GSSAPI monitor when GSSAPI is disabled"); -+ -+ authenticated = authctxt->valid && + fatal("%s: GSSAPI authentication not enabled", __func__); + +- authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user); ++ authenticated = authctxt->valid && + ssh_gssapi_userok(authctxt->user, authctxt->pw); buffer_clear(m); buffer_put_int(m, authenticated); -@@ -2086,5 +2124,73 @@ mm_answer_gss_userok(int sock, Buffer *m +@@ -1818,5 +1844,73 @@ mm_answer_gss_userok(int sock, Buffer *m /* Monitor loop will terminate if authenticated */ return (authenticated); } @@ -1868,9 +1856,9 @@ diff -up openssh-7.2p1/monitor.c.gsskex openssh-7.2p1/monitor.c + #endif /* GSSAPI */ -diff -up openssh-7.2p1/monitor.h.gsskex openssh-7.2p1/monitor.h ---- openssh-7.2p1/monitor.h.gsskex 2016-02-19 10:01:04.830969345 +0100 -+++ openssh-7.2p1/monitor.h 2016-02-19 10:01:04.869969322 +0100 +diff -up openssh-7.4p1/monitor.h.gsskex openssh-7.4p1/monitor.h +--- openssh-7.4p1/monitor.h.gsskex 2016-12-23 13:38:53.687300997 +0100 ++++ openssh-7.4p1/monitor.h 2016-12-23 13:38:53.729301005 +0100 @@ -60,6 +60,8 @@ enum monitor_reqtype { #ifdef WITH_SELINUX MONITOR_REQ_AUTHROLE = 80, @@ -1880,10 +1868,10 @@ diff -up openssh-7.2p1/monitor.h.gsskex openssh-7.2p1/monitor.h MONITOR_REQ_PAM_START = 100, MONITOR_REQ_PAM_ACCOUNT = 102, MONITOR_ANS_PAM_ACCOUNT = 103, -diff -up openssh-7.2p1/monitor_wrap.c.gsskex openssh-7.2p1/monitor_wrap.c ---- openssh-7.2p1/monitor_wrap.c.gsskex 2016-02-19 10:01:04.830969345 +0100 -+++ openssh-7.2p1/monitor_wrap.c 2016-02-19 10:01:04.869969322 +0100 -@@ -1087,7 +1087,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss +diff -up openssh-7.4p1/monitor_wrap.c.gsskex openssh-7.4p1/monitor_wrap.c +--- openssh-7.4p1/monitor_wrap.c.gsskex 2016-12-23 13:38:53.687300997 +0100 ++++ openssh-7.4p1/monitor_wrap.c 2016-12-23 13:38:53.729301005 +0100 +@@ -943,7 +943,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss } int @@ -1892,7 +1880,7 @@ diff -up openssh-7.2p1/monitor_wrap.c.gsskex openssh-7.2p1/monitor_wrap.c { Buffer m; int authenticated = 0; -@@ -1104,5 +1104,50 @@ mm_ssh_gssapi_userok(char *user) +@@ -960,5 +960,50 @@ mm_ssh_gssapi_userok(char *user) debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not "); return (authenticated); } @@ -1943,10 +1931,10 @@ diff -up openssh-7.2p1/monitor_wrap.c.gsskex openssh-7.2p1/monitor_wrap.c + #endif /* GSSAPI */ -diff -up openssh-7.2p1/monitor_wrap.h.gsskex openssh-7.2p1/monitor_wrap.h ---- openssh-7.2p1/monitor_wrap.h.gsskex 2016-02-19 10:01:04.830969345 +0100 -+++ openssh-7.2p1/monitor_wrap.h 2016-02-19 10:01:04.869969322 +0100 -@@ -61,8 +61,10 @@ BIGNUM *mm_auth_rsa_generate_challenge(K +diff -up openssh-7.4p1/monitor_wrap.h.gsskex openssh-7.4p1/monitor_wrap.h +--- openssh-7.4p1/monitor_wrap.h.gsskex 2016-12-23 13:38:53.687300997 +0100 ++++ openssh-7.4p1/monitor_wrap.h 2016-12-23 13:38:53.729301005 +0100 +@@ -58,8 +58,10 @@ int mm_key_verify(Key *, u_char *, u_int OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID); OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *, gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *); @@ -1958,10 +1946,10 @@ diff -up openssh-7.2p1/monitor_wrap.h.gsskex openssh-7.2p1/monitor_wrap.h #endif #ifdef USE_PAM -diff -up openssh-7.2p1/readconf.c.gsskex openssh-7.2p1/readconf.c ---- openssh-7.2p1/readconf.c.gsskex 2016-02-12 11:47:25.000000000 +0100 -+++ openssh-7.2p1/readconf.c 2016-02-19 10:01:04.870969322 +0100 -@@ -148,6 +148,8 @@ typedef enum { +diff -up openssh-7.4p1/readconf.c.gsskex openssh-7.4p1/readconf.c +--- openssh-7.4p1/readconf.c.gsskex 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/readconf.c 2016-12-23 13:38:53.730301005 +0100 +@@ -160,6 +160,8 @@ typedef enum { oClearAllForwardings, oNoHostAuthenticationForLocalhost, oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, oAddressFamily, oGssAuthentication, oGssDelegateCreds, @@ -1970,7 +1958,7 @@ diff -up openssh-7.2p1/readconf.c.gsskex openssh-7.2p1/readconf.c oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, oSendEnv, oControlPath, oControlMaster, oControlPersist, oHashKnownHosts, -@@ -193,10 +195,19 @@ static struct { +@@ -205,10 +207,19 @@ static struct { { "afstokenpassing", oUnsupported }, #if defined(GSSAPI) { "gssapiauthentication", oGssAuthentication }, @@ -1990,7 +1978,7 @@ diff -up openssh-7.2p1/readconf.c.gsskex openssh-7.2p1/readconf.c #endif { "fallbacktorsh", oDeprecated }, { "usersh", oDeprecated }, -@@ -926,10 +937,30 @@ parse_time: +@@ -961,10 +972,30 @@ parse_time: intptr = &options->gss_authentication; goto parse_flag; @@ -2021,7 +2009,7 @@ diff -up openssh-7.2p1/readconf.c.gsskex openssh-7.2p1/readconf.c case oBatchMode: intptr = &options->batch_mode; goto parse_flag; -@@ -1648,7 +1679,12 @@ initialize_options(Options * options) +@@ -1776,7 +1807,12 @@ initialize_options(Options * options) options->pubkey_authentication = -1; options->challenge_response_authentication = -1; options->gss_authentication = -1; @@ -2034,7 +2022,7 @@ diff -up openssh-7.2p1/readconf.c.gsskex openssh-7.2p1/readconf.c options->password_authentication = -1; options->kbd_interactive_authentication = -1; options->kbd_interactive_devices = NULL; -@@ -1777,8 +1813,14 @@ fill_default_options(Options * options) +@@ -1920,8 +1956,14 @@ fill_default_options(Options * options) options->challenge_response_authentication = 1; if (options->gss_authentication == -1) options->gss_authentication = 0; @@ -2049,9 +2037,9 @@ diff -up openssh-7.2p1/readconf.c.gsskex openssh-7.2p1/readconf.c if (options->password_authentication == -1) options->password_authentication = 1; if (options->kbd_interactive_authentication == -1) -diff -up openssh-7.2p1/readconf.h.gsskex openssh-7.2p1/readconf.h ---- openssh-7.2p1/readconf.h.gsskex 2016-02-12 11:47:25.000000000 +0100 -+++ openssh-7.2p1/readconf.h 2016-02-19 10:01:04.870969322 +0100 +diff -up openssh-7.4p1/readconf.h.gsskex openssh-7.4p1/readconf.h +--- openssh-7.4p1/readconf.h.gsskex 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/readconf.h 2016-12-23 13:38:53.730301005 +0100 @@ -45,7 +45,12 @@ typedef struct { int challenge_response_authentication; /* Try S/Key or TIS, authentication. */ @@ -2065,9 +2053,9 @@ diff -up openssh-7.2p1/readconf.h.gsskex openssh-7.2p1/readconf.h int password_authentication; /* Try password * authentication. */ int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ -diff -up openssh/regress/cert-hostkey.sh.gsskex openssh/regress/cert-hostkey.sh ---- openssh/regress/cert-hostkey.sh.gsskex 2016-07-25 14:11:42.986324181 +0200 -+++ openssh/regress/cert-hostkey.sh 2016-07-25 14:15:17.784274722 +0200 +diff -up openssh-7.4p1/regress/cert-hostkey.sh.gsskex openssh-7.4p1/regress/cert-hostkey.sh +--- openssh-7.4p1/regress/cert-hostkey.sh.gsskex 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/regress/cert-hostkey.sh 2016-12-23 13:38:53.731301006 +0100 @@ -59,7 +59,7 @@ touch $OBJ/host_revoked_plain touch $OBJ/host_revoked_cert cat $OBJ/host_ca_key.pub $OBJ/host_ca_key2.pub > $OBJ/host_revoked_ca @@ -2077,9 +2065,9 @@ diff -up openssh/regress/cert-hostkey.sh.gsskex openssh/regress/cert-hostkey.sh if echo "$PLAIN_TYPES" | grep '^rsa$' >/dev/null 2>&1 ; then PLAIN_TYPES="$PLAIN_TYPES rsa-sha2-256 rsa-sha2-512" -diff -up openssh/regress/cert-userkey.sh.gsskex openssh/regress/cert-userkey.sh ---- openssh/regress/cert-userkey.sh.gsskex 2016-07-25 14:11:42.986324181 +0200 -+++ openssh/regress/cert-userkey.sh 2016-07-25 14:15:36.769270354 +0200 +diff -up openssh-7.4p1/regress/cert-userkey.sh.gsskex openssh-7.4p1/regress/cert-userkey.sh +--- openssh-7.4p1/regress/cert-userkey.sh.gsskex 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/regress/cert-userkey.sh 2016-12-23 13:38:53.731301006 +0100 @@ -7,7 +7,7 @@ rm -f $OBJ/authorized_keys_$USER $OBJ/us cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak @@ -2089,9 +2077,9 @@ diff -up openssh/regress/cert-userkey.sh.gsskex openssh/regress/cert-userkey.sh if echo "$PLAIN_TYPES" | grep '^rsa$' >/dev/null 2>&1 ; then PLAIN_TYPES="$PLAIN_TYPES rsa-sha2-256 rsa-sha2-512" -diff -up openssh/regress/kextype.sh.gsskex openssh/regress/kextype.sh ---- openssh/regress/kextype.sh.gsskex 2016-07-24 13:50:13.000000000 +0200 -+++ openssh/regress/kextype.sh 2016-07-25 14:11:42.987324180 +0200 +diff -up openssh-7.4p1/regress/kextype.sh.gsskex openssh-7.4p1/regress/kextype.sh +--- openssh-7.4p1/regress/kextype.sh.gsskex 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/regress/kextype.sh 2016-12-23 13:38:53.731301006 +0100 @@ -14,6 +14,9 @@ echo "KexAlgorithms=$KEXOPT" >> $OBJ/ssh tries="1 2 3 4" @@ -2102,9 +2090,9 @@ diff -up openssh/regress/kextype.sh.gsskex openssh/regress/kextype.sh verbose "kex $k" for i in $tries; do ${SSH} -F $OBJ/ssh_proxy -o KexAlgorithms=$k x true -diff -up openssh-7.2p1/regress/rekey.sh.gsskex openssh-7.2p1/regress/rekey.sh ---- openssh-7.2p1/regress/rekey.sh.gsskex 2016-02-12 11:47:25.000000000 +0100 -+++ openssh-7.2p1/regress/rekey.sh 2016-02-19 10:01:04.870969322 +0100 +diff -up openssh-7.4p1/regress/rekey.sh.gsskex openssh-7.4p1/regress/rekey.sh +--- openssh-7.4p1/regress/rekey.sh.gsskex 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/regress/rekey.sh 2016-12-23 13:38:53.731301006 +0100 @@ -38,6 +38,9 @@ increase_datafile_size 300 opts="" @@ -2125,10 +2113,10 @@ diff -up openssh-7.2p1/regress/rekey.sh.gsskex openssh-7.2p1/regress/rekey.sh verbose "client rekey $c $kex" ssh_data_rekeying "KexAlgorithms=$kex" -oRekeyLimit=256k -oCiphers=$c done -diff -up openssh-7.2p1/servconf.c.gsskex openssh-7.2p1/servconf.c ---- openssh-7.2p1/servconf.c.gsskex 2016-02-19 10:01:04.857969329 +0100 -+++ openssh-7.2p1/servconf.c 2016-02-19 10:01:04.870969322 +0100 -@@ -117,8 +117,10 @@ initialize_server_options(ServerOptions +diff -up openssh-7.4p1/servconf.c.gsskex openssh-7.4p1/servconf.c +--- openssh-7.4p1/servconf.c.gsskex 2016-12-23 13:38:53.717301003 +0100 ++++ openssh-7.4p1/servconf.c 2016-12-23 13:38:53.732301006 +0100 +@@ -113,8 +113,10 @@ initialize_server_options(ServerOptions options->kerberos_ticket_cleanup = -1; options->kerberos_get_afs_token = -1; options->gss_authentication=-1; @@ -2139,7 +2127,7 @@ diff -up openssh-7.2p1/servconf.c.gsskex openssh-7.2p1/servconf.c options->password_authentication = -1; options->kbd_interactive_authentication = -1; options->challenge_response_authentication = -1; -@@ -288,10 +290,14 @@ fill_default_server_options(ServerOption +@@ -268,10 +270,14 @@ fill_default_server_options(ServerOption options->kerberos_get_afs_token = 0; if (options->gss_authentication == -1) options->gss_authentication = 0; @@ -2154,7 +2142,7 @@ diff -up openssh-7.2p1/servconf.c.gsskex openssh-7.2p1/servconf.c if (options->password_authentication == -1) options->password_authentication = 1; if (options->kbd_interactive_authentication == -1) -@@ -422,7 +428,7 @@ typedef enum { +@@ -410,7 +416,7 @@ typedef enum { sHostKeyAlgorithms, sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, @@ -2163,7 +2151,7 @@ diff -up openssh-7.2p1/servconf.c.gsskex openssh-7.2p1/servconf.c sMatch, sPermitOpen, sForceCommand, sChrootDirectory, sUsePrivilegeSeparation, sAllowAgentForwarding, sHostCertificate, -@@ -496,11 +502,17 @@ static struct { +@@ -484,11 +490,17 @@ static struct { { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, @@ -2181,7 +2169,7 @@ diff -up openssh-7.2p1/servconf.c.gsskex openssh-7.2p1/servconf.c { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, -@@ -1246,6 +1258,10 @@ process_server_config_line(ServerOptions +@@ -1211,6 +1223,10 @@ process_server_config_line(ServerOptions intptr = &options->gss_authentication; goto parse_flag; @@ -2192,7 +2180,7 @@ diff -up openssh-7.2p1/servconf.c.gsskex openssh-7.2p1/servconf.c case sGssCleanupCreds: intptr = &options->gss_cleanup_creds; goto parse_flag; -@@ -1254,6 +1270,10 @@ process_server_config_line(ServerOptions +@@ -1219,6 +1235,10 @@ process_server_config_line(ServerOptions intptr = &options->gss_strict_acceptor; goto parse_flag; @@ -2203,7 +2191,7 @@ diff -up openssh-7.2p1/servconf.c.gsskex openssh-7.2p1/servconf.c case sPasswordAuthentication: intptr = &options->password_authentication; goto parse_flag; -@@ -2274,6 +2294,9 @@ dump_config(ServerOptions *o) +@@ -2257,6 +2277,9 @@ dump_config(ServerOptions *o) #ifdef GSSAPI dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); @@ -2213,10 +2201,10 @@ diff -up openssh-7.2p1/servconf.c.gsskex openssh-7.2p1/servconf.c #endif dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); dump_cfg_fmtint(sKbdInteractiveAuthentication, -diff -up openssh-7.2p1/servconf.h.gsskex openssh-7.2p1/servconf.h ---- openssh-7.2p1/servconf.h.gsskex 2016-02-19 10:01:04.857969329 +0100 -+++ openssh-7.2p1/servconf.h 2016-02-19 10:01:04.871969321 +0100 -@@ -118,8 +118,10 @@ typedef struct { +diff -up openssh-7.4p1/servconf.h.gsskex openssh-7.4p1/servconf.h +--- openssh-7.4p1/servconf.h.gsskex 2016-12-23 13:38:53.717301003 +0100 ++++ openssh-7.4p1/servconf.h 2016-12-23 13:38:53.732301006 +0100 +@@ -112,8 +112,10 @@ typedef struct { int kerberos_get_afs_token; /* If true, try to get AFS token if * authenticated with Kerberos. */ int gss_authentication; /* If true, permit GSSAPI authentication */ @@ -2227,31 +2215,26 @@ diff -up openssh-7.2p1/servconf.h.gsskex openssh-7.2p1/servconf.h int password_authentication; /* If true, permit password * authentication. */ int kbd_interactive_authentication; /* If true, permit */ -diff -up openssh-7.2p1/ssh_config.5.gsskex openssh-7.2p1/ssh_config.5 ---- openssh-7.2p1/ssh_config.5.gsskex 2016-02-19 10:01:04.871969321 +0100 -+++ openssh-7.2p1/ssh_config.5 2016-02-19 10:05:58.630146245 +0100 -@@ -824,10 +824,40 @@ The default is +diff -up openssh-7.4p1/ssh_config.5.gsskex openssh-7.4p1/ssh_config.5 +--- openssh-7.4p1/ssh_config.5.gsskex 2016-12-23 13:38:53.732301006 +0100 ++++ openssh-7.4p1/ssh_config.5 2016-12-23 13:48:00.502331870 +0100 +@@ -748,10 +748,40 @@ The default is Specifies whether user authentication based on GSSAPI is allowed. The default is - .Dq no . -+.It Cm GSSAPIKeyExchange -+Specifies whether key exchange based on GSSAPI may be used. When using -+GSSAPI key exchange the server need not have a host key. -+The default is -+.Dq no . + .Cm no . +.It Cm GSSAPIClientIdentity +If set, specifies the GSSAPI client identity that ssh should use when +connecting to the server. The default is unset, which means that the default +identity will be used. -+.It Cm GSSAPIServerIdentity -+If set, specifies the GSSAPI server identity that ssh should expect when -+connecting to the server. The default is unset, which means that the -+expected GSSAPI server identity will be determined from the target -+hostname. .It Cm GSSAPIDelegateCredentials Forward (delegate) credentials to the server. The default is - .Dq no . + .Cm no . ++.It Cm GSSAPIKeyExchange ++Specifies whether key exchange based on GSSAPI may be used. When using ++GSSAPI key exchange the server need not have a host key. ++The default is ++.Dq no . +.It Cm GSSAPIRenewalForcesRekey +If set to +.Dq yes @@ -2260,6 +2243,11 @@ diff -up openssh-7.2p1/ssh_config.5.gsskex openssh-7.2p1/ssh_config.5 +credentials to a session on the server. +The default is +.Dq no . ++.It Cm GSSAPIServerIdentity ++If set, specifies the GSSAPI server identity that ssh should expect when ++connecting to the server. The default is unset, which means that the ++expected GSSAPI server identity will be determined from the target ++hostname. +.It Cm GSSAPITrustDns +Set to +.Dq yes to indicate that the DNS is trusted to securely canonicalize @@ -2271,9 +2259,9 @@ diff -up openssh-7.2p1/ssh_config.5.gsskex openssh-7.2p1/ssh_config.5 .It Cm HashKnownHosts Indicates that .Xr ssh 1 -diff -up openssh-7.2p1/ssh_config.gsskex openssh-7.2p1/ssh_config ---- openssh-7.2p1/ssh_config.gsskex 2016-02-19 10:01:04.852969332 +0100 -+++ openssh-7.2p1/ssh_config 2016-02-19 10:01:04.871969321 +0100 +diff -up openssh-7.4p1/ssh_config.gsskex openssh-7.4p1/ssh_config +--- openssh-7.4p1/ssh_config.gsskex 2016-12-23 13:38:53.708301001 +0100 ++++ openssh-7.4p1/ssh_config 2016-12-23 13:38:53.733301006 +0100 @@ -26,6 +26,8 @@ # HostbasedAuthentication no # GSSAPIAuthentication no @@ -2283,10 +2271,10 @@ diff -up openssh-7.2p1/ssh_config.gsskex openssh-7.2p1/ssh_config # BatchMode no # CheckHostIP yes # AddressFamily any -diff -up openssh-7.2p1/sshconnect2.c.gsskex openssh-7.2p1/sshconnect2.c ---- openssh-7.2p1/sshconnect2.c.gsskex 2016-02-12 11:47:25.000000000 +0100 -+++ openssh-7.2p1/sshconnect2.c 2016-02-19 10:01:04.872969321 +0100 -@@ -161,9 +161,34 @@ ssh_kex2(char *host, struct sockaddr *ho +diff -up openssh-7.4p1/sshconnect2.c.gsskex openssh-7.4p1/sshconnect2.c +--- openssh-7.4p1/sshconnect2.c.gsskex 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/sshconnect2.c 2016-12-23 13:38:53.733301006 +0100 +@@ -162,9 +162,34 @@ ssh_kex2(char *host, struct sockaddr *ho struct kex *kex; int r; @@ -2321,7 +2309,7 @@ diff -up openssh-7.2p1/sshconnect2.c.gsskex openssh-7.2p1/sshconnect2.c if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL) fatal("%s: kex_names_cat", __func__); myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s); -@@ -195,6 +220,17 @@ ssh_kex2(char *host, struct sockaddr *ho +@@ -192,6 +217,17 @@ ssh_kex2(char *host, struct sockaddr *ho order_hostkeyalgs(host, hostaddr, port)); } @@ -2379,7 +2367,7 @@ diff -up openssh-7.2p1/sshconnect2.c.gsskex openssh-7.2p1/sshconnect2.c #endif void userauth(Authctxt *, char *); -@@ -326,6 +383,11 @@ static char *authmethods_get(void); +@@ -327,6 +384,11 @@ static char *authmethods_get(void); Authmethod authmethods[] = { #ifdef GSSAPI @@ -2391,7 +2379,7 @@ diff -up openssh-7.2p1/sshconnect2.c.gsskex openssh-7.2p1/sshconnect2.c {"gssapi-with-mic", userauth_gssapi, NULL, -@@ -656,19 +718,31 @@ userauth_gssapi(Authctxt *authctxt) +@@ -652,19 +714,31 @@ userauth_gssapi(Authctxt *authctxt) static u_int mech = 0; OM_uint32 min; int ok = 0; @@ -2425,7 +2413,7 @@ diff -up openssh-7.2p1/sshconnect2.c.gsskex openssh-7.2p1/sshconnect2.c ok = 1; /* Mechanism works */ } else { mech++; -@@ -765,8 +839,8 @@ input_gssapi_response(int type, u_int32_ +@@ -761,8 +835,8 @@ input_gssapi_response(int type, u_int32_ { Authctxt *authctxt = ctxt; Gssctxt *gssctxt; @@ -2436,7 +2424,7 @@ diff -up openssh-7.2p1/sshconnect2.c.gsskex openssh-7.2p1/sshconnect2.c if (authctxt == NULL) fatal("input_gssapi_response: no authentication context"); -@@ -879,6 +953,48 @@ input_gssapi_error(int type, u_int32_t p +@@ -875,6 +949,48 @@ input_gssapi_error(int type, u_int32_t p free(lang); return 0; } @@ -2509,21 +2497,17 @@ diff -up openssh-7.2p1/sshd.c.gsskex openssh-7.2p1/sshd.c sshbuf_free(buf); } -@@ -1845,10 +1846,13 @@ main(int ac, char **av) - logit("Disabling protocol version 1. Could not load host key"); - options.protocol &= ~SSH_PROTO_1; +@@ -1739,7 +1740,8 @@ main(int ac, char **av) + key ? "private" : "agent", i, sshkey_ssh_name(pubkey), fp); + free(fp); } -+#ifndef GSSAPI +- if (!sensitive_data.have_ssh2_key) { + /* The GSSAPI key exchange can run without a host key */ - if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) { - logit("Disabling protocol version 2. Could not load host key"); - options.protocol &= ~SSH_PROTO_2; - } -+#endif - if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) { ++ if (!sensitive_data.have_ssh2_key && !options.gss_keyex) { logit("sshd: no hostkeys available -- exiting."); exit(1); -@@ -2586,6 +2590,48 @@ do_ssh2_kex(void) + } +@@ -2196,6 +2198,48 @@ do_ssh2_kex(void) myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( list_hostkey_types()); @@ -2572,7 +2556,7 @@ diff -up openssh-7.2p1/sshd.c.gsskex openssh-7.2p1/sshd.c /* start key exchange */ if ((r = kex_setup(active_state, myproposal)) != 0) fatal("kex_setup: %s", ssh_err(r)); -@@ -2600,6 +2646,13 @@ do_ssh2_kex(void) +@@ -2213,6 +2257,13 @@ do_ssh2_kex(void) # endif #endif kex->kex[KEX_C25519_SHA256] = kexc25519_server; @@ -2586,25 +2570,25 @@ diff -up openssh-7.2p1/sshd.c.gsskex openssh-7.2p1/sshd.c kex->server = 1; kex->client_version_string=client_version_string; kex->server_version_string=server_version_string; -diff -up openssh-7.2p1/sshd_config.5.gsskex openssh-7.2p1/sshd_config.5 ---- openssh-7.2p1/sshd_config.5.gsskex 2016-02-19 10:01:04.858969329 +0100 -+++ openssh-7.2p1/sshd_config.5 2016-02-19 10:06:26.651172355 +0100 -@@ -623,6 +623,11 @@ The default is - Specifies whether user authentication based on GSSAPI is allowed. +diff -up openssh-7.4p1/sshd_config.5.gsskex openssh-7.4p1/sshd_config.5 +--- openssh-7.4p1/sshd_config.5.gsskex 2016-12-23 13:38:53.734301006 +0100 ++++ openssh-7.4p1/sshd_config.5 2016-12-23 13:48:57.825310358 +0100 +@@ -628,6 +628,11 @@ Specifies whether to automatically destr + on logout. The default is - .Dq no . + .Cm yes . +.It Cm GSSAPIKeyExchange +Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange +doesn't rely on ssh keys to verify host identity. +The default is +.Dq no . - .It Cm GSSAPICleanupCredentials - Specifies whether to automatically destroy the user's credentials cache - on logout. -@@ -643,6 +648,11 @@ machine's default store. + .It Cm GSSAPIStrictAcceptorCheck + Determines whether to be strict about the identity of the GSSAPI acceptor + a client authenticates against. +@@ -642,6 +647,11 @@ machine's default store. This facility is provided to assist with operation on multi homed machines. The default is - .Dq yes . + .Cm yes . +.It Cm GSSAPIStoreCredentialsOnRekey +Controls whether the user's GSSAPI credentials should be updated following a +successful connection rekeying. This option can be used to accepted renewed @@ -2613,10 +2597,10 @@ diff -up openssh-7.2p1/sshd_config.5.gsskex openssh-7.2p1/sshd_config.5 .It Cm HostbasedAcceptedKeyTypes Specifies the key types that will be accepted for hostbased authentication as a comma-separated pattern list. -diff -up openssh-7.2p1/sshd_config.gsskex openssh-7.2p1/sshd_config ---- openssh-7.2p1/sshd_config.gsskex 2016-02-19 10:01:04.860969328 +0100 -+++ openssh-7.2p1/sshd_config 2016-02-19 10:01:04.873969320 +0100 -@@ -91,6 +91,8 @@ ChallengeResponseAuthentication no +diff -up openssh-7.4p1/sshd_config.gsskex openssh-7.4p1/sshd_config +--- openssh-7.4p1/sshd_config.gsskex 2016-12-23 13:38:53.719301003 +0100 ++++ openssh-7.4p1/sshd_config 2016-12-23 13:38:53.734301006 +0100 +@@ -77,6 +77,8 @@ ChallengeResponseAuthentication no # GSSAPI options GSSAPIAuthentication yes GSSAPICleanupCredentials no @@ -2625,9 +2609,9 @@ diff -up openssh-7.2p1/sshd_config.gsskex openssh-7.2p1/sshd_config # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will -diff -up openssh-7.2p1/ssh-gss.h.gsskex openssh-7.2p1/ssh-gss.h ---- openssh-7.2p1/ssh-gss.h.gsskex 2016-02-12 11:47:25.000000000 +0100 -+++ openssh-7.2p1/ssh-gss.h 2016-02-19 10:01:04.873969320 +0100 +diff -up openssh-7.4p1/ssh-gss.h.gsskex openssh-7.4p1/ssh-gss.h +--- openssh-7.4p1/ssh-gss.h.gsskex 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/ssh-gss.h 2016-12-23 13:38:53.734301006 +0100 @@ -1,6 +1,6 @@ /* $OpenBSD: ssh-gss.h,v 1.11 2014/02/26 20:28:44 djm Exp $ */ /* @@ -2727,10 +2711,10 @@ diff -up openssh-7.2p1/ssh-gss.h.gsskex openssh-7.2p1/ssh-gss.h #endif /* GSSAPI */ #endif /* _SSH_GSS_H */ -diff -up openssh-7.2p1/sshkey.c.gsskex openssh-7.2p1/sshkey.c ---- openssh-7.2p1/sshkey.c.gsskex 2016-02-12 11:47:25.000000000 +0100 -+++ openssh-7.2p1/sshkey.c 2016-02-19 10:01:04.874969320 +0100 -@@ -115,6 +115,7 @@ static const struct keytype keytypes[] = +diff -up openssh-7.4p1/sshkey.c.gsskex openssh-7.4p1/sshkey.c +--- openssh-7.4p1/sshkey.c.gsskex 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/sshkey.c 2016-12-23 13:38:53.735301006 +0100 +@@ -114,6 +114,7 @@ static const struct keytype keytypes[] = # endif /* OPENSSL_HAS_NISTP521 */ # endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ @@ -2738,9 +2722,9 @@ diff -up openssh-7.2p1/sshkey.c.gsskex openssh-7.2p1/sshkey.c { NULL, NULL, -1, -1, 0, 0 } }; -diff -up openssh-7.2p1/sshkey.h.gsskex openssh-7.2p1/sshkey.h ---- openssh-7.2p1/sshkey.h.gsskex 2016-02-12 11:47:25.000000000 +0100 -+++ openssh-7.2p1/sshkey.h 2016-02-19 10:01:04.874969320 +0100 +diff -up openssh-7.4p1/sshkey.h.gsskex openssh-7.4p1/sshkey.h +--- openssh-7.4p1/sshkey.h.gsskex 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/sshkey.h 2016-12-23 13:38:53.735301006 +0100 @@ -62,6 +62,7 @@ enum sshkey_types { KEY_DSA_CERT, KEY_ECDSA_CERT, @@ -2749,11 +2733,18 @@ diff -up openssh-7.2p1/sshkey.h.gsskex openssh-7.2p1/sshkey.h KEY_UNSPEC }; -diff --git a/auth.c b/auth.c -index e0f7639..a5a346e 100644 ---- a/auth.c -+++ b/auth.c -@@ -784,99 +784,6 @@ fakepw(void) +diff -up openssh-7.4p1/auth.c.gsskex openssh-7.4p1/auth.c +--- openssh-7.4p1/auth.c.gsskex 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/auth.c 2016-12-23 13:38:53.735301006 +0100 +@@ -372,6 +372,7 @@ auth_root_allowed(const char *method) + case PERMIT_NO_PASSWD: + if (strcmp(method, "publickey") == 0 || + strcmp(method, "hostbased") == 0 || ++ strcmp(method, "gssapi-keyex") == 0 || + strcmp(method, "gssapi-with-mic") == 0) + return 1; + break; +@@ -795,99 +796,6 @@ fakepw(void) } /* @@ -2853,11 +2844,10 @@ index e0f7639..a5a346e 100644 * Return the canonical name of the host in the other side of the current * connection. The host name is cached, so it is efficient to call this * several times. -diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c -index 80729b3..93a1b04 100644 ---- a/openbsd-compat/port-linux.c -+++ b/openbsd-compat/port-linux.c -@@ -32,6 +32,8 @@ +diff -up openssh-7.4p1/openbsd-compat/port-linux.c.gsskex openssh-7.4p1/openbsd-compat/port-linux.c +--- openssh-7.4p1/openbsd-compat/port-linux.c.gsskex 2016-12-23 13:38:53.688300997 +0100 ++++ openssh-7.4p1/openbsd-compat/port-linux.c 2016-12-23 13:38:53.735301006 +0100 +@@ -30,6 +30,8 @@ #include "log.h" #include "xmalloc.h" #include "port-linux.h" @@ -2866,7 +2856,7 @@ index 80729b3..93a1b04 100644 #ifdef WITH_SELINUX #include -@@ -286,4 +288,121 @@ oom_adjust_restore(void) +@@ -279,4 +281,121 @@ oom_adjust_restore(void) return; } #endif /* LINUX_OOM_ADJUST */ @@ -2988,11 +2978,10 @@ index 80729b3..93a1b04 100644 + } +} #endif /* WITH_SELINUX || LINUX_OOM_ADJUST */ -diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h -index e2ca8a1..6c5ac3f 100644 ---- a/openbsd-compat/port-linux.h -+++ b/openbsd-compat/port-linux.h -@@ -18,6 +18,7 @@ +diff -up openssh-7.4p1/openbsd-compat/port-linux.h.gsskex openssh-7.4p1/openbsd-compat/port-linux.h +--- openssh-7.4p1/openbsd-compat/port-linux.h.gsskex 2016-12-23 13:38:53.712301002 +0100 ++++ openssh-7.4p1/openbsd-compat/port-linux.h 2016-12-23 13:38:53.735301006 +0100 +@@ -16,6 +16,7 @@ #ifndef _PORT_LINUX_H #define _PORT_LINUX_H @@ -3000,7 +2989,7 @@ index e2ca8a1..6c5ac3f 100644 #ifdef WITH_SELINUX int ssh_selinux_enabled(void); -@@ -39,4 +40,8 @@ void oom_adjust_setup(void); +@@ -36,4 +37,8 @@ void oom_adjust_setup(void); void linux_seed(void); @@ -3009,18 +2998,3 @@ index e2ca8a1..6c5ac3f 100644 + + #endif /* ! _PORT_LINUX_H */ - -diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c -index 3e6f982..4c2653f 100644 ---- a/sandbox-seccomp-filter.c -+++ b/sandbox-seccomp-filter.c -@@ -213,6 +213,9 @@ static const struct sock_filter preauth_insns[] = { - #ifdef __NR_write - SC_ALLOW(write), - #endif -+#ifdef __NR_futex -+ SC_ALLOW(futex), /* for GSSAPI Kex */ -+#endif - #ifdef __NR_socketcall - SC_ALLOW_ARG(socketcall, 0, SYS_SHUTDOWN), - #endif diff --git a/openssh-7.2p2-UsePAM-UseLogin-warning.patch b/openssh-7.2p2-UsePAM-UseLogin-warning.patch index 9d01df9..b3038ea 100644 --- a/openssh-7.2p2-UsePAM-UseLogin-warning.patch +++ b/openssh-7.2p2-UsePAM-UseLogin-warning.patch @@ -1,14 +1,10 @@ diff --git a/sshd.c b/sshd.c --- a/sshd.c +++ b/sshd.c -@@ -1701,6 +1701,14 @@ main(int ac, char **av) +@@ -1701,6 +1701,10 @@ main(int ac, char **av) parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name, &cfg, NULL); -+ /* 'UseLogin yes' is not supported in Fedora */ -+ if (options.use_login == 1) -+ logit("WARNING: 'UseLogin yes' is not supported in Fedora and may cause several problems."); -+ + /* 'UsePAM no' is not supported in Fedora */ + if (! options.use_pam) + logit("WARNING: 'UsePAM no' is not supported in Fedora and may cause several problems."); @@ -28,12 +24,3 @@ diff --git a/sshd_config b/sshd_config UsePAM yes #AllowAgentForwarding yes -@@ -113,6 +115,8 @@ X11Forwarding yes - #PrintMotd yes - #PrintLastLog yes - #TCPKeepAlive yes -+# WARNING: 'UseLogin yes' is not supported in Fedora and may cause several -+# problems. - #UseLogin no - #UsePrivilegeSeparation sandbox - #PermitUserEnvironment no diff --git a/openssh-7.2p2-expose-pam.patch b/openssh-7.2p2-expose-pam.patch index a2dfdd3..c593f68 100644 --- a/openssh-7.2p2-expose-pam.patch +++ b/openssh-7.2p2-expose-pam.patch @@ -1,6 +1,6 @@ -diff -up openssh-7.2p2/auth2.c.expose-pam openssh-7.2p2/auth2.c ---- openssh-7.2p2/auth2.c.expose-pam 2016-07-18 12:30:12.064783302 +0200 -+++ openssh-7.2p2/auth2.c 2016-07-18 12:30:12.124783255 +0200 +diff -up openssh-7.4p1/auth2.c.expose-pam openssh-7.4p1/auth2.c +--- openssh-7.4p1/auth2.c.expose-pam 2016-12-23 15:40:26.768447868 +0100 ++++ openssh-7.4p1/auth2.c 2016-12-23 15:40:26.818447876 +0100 @@ -310,6 +310,7 @@ userauth_finish(Authctxt *authctxt, int const char *submethod) { @@ -28,9 +28,9 @@ diff -up openssh-7.2p2/auth2.c.expose-pam openssh-7.2p2/auth2.c #ifdef USE_PAM if (options.use_pam && authenticated) { if (!PRIVSEP(do_pam_account())) { -diff -up openssh-7.2p2/auth2-gss.c.expose-pam openssh-7.2p2/auth2-gss.c ---- openssh-7.2p2/auth2-gss.c.expose-pam 2016-07-18 12:30:12.123783256 +0200 -+++ openssh-7.2p2/auth2-gss.c 2016-07-18 12:32:08.034692086 +0200 +diff -up openssh-7.4p1/auth2-gss.c.expose-pam openssh-7.4p1/auth2-gss.c +--- openssh-7.4p1/auth2-gss.c.expose-pam 2016-12-23 15:40:26.769447868 +0100 ++++ openssh-7.4p1/auth2-gss.c 2016-12-23 15:40:26.818447876 +0100 @@ -276,6 +276,9 @@ input_gssapi_exchange_complete(int type, authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user, authctxt->pw)); @@ -51,9 +51,9 @@ diff -up openssh-7.2p2/auth2-gss.c.expose-pam openssh-7.2p2/auth2-gss.c buffer_free(&b); if (micuser != authctxt->user) free(micuser); -diff -up openssh-7.2p2/auth2-hostbased.c.expose-pam openssh-7.2p2/auth2-hostbased.c ---- openssh-7.2p2/auth2-hostbased.c.expose-pam 2016-07-18 12:30:12.027783331 +0200 -+++ openssh-7.2p2/auth2-hostbased.c 2016-07-18 12:30:12.124783255 +0200 +diff -up openssh-7.4p1/auth2-hostbased.c.expose-pam openssh-7.4p1/auth2-hostbased.c +--- openssh-7.4p1/auth2-hostbased.c.expose-pam 2016-12-23 15:40:26.731447862 +0100 ++++ openssh-7.4p1/auth2-hostbased.c 2016-12-23 15:40:26.818447876 +0100 @@ -60,7 +60,7 @@ userauth_hostbased(Authctxt *authctxt) { Buffer b; @@ -88,9 +88,9 @@ diff -up openssh-7.2p2/auth2-hostbased.c.expose-pam openssh-7.2p2/auth2-hostbase buffer_free(&b); done: -diff -up openssh-7.2p2/auth2-pubkey.c.expose-pam openssh-7.2p2/auth2-pubkey.c ---- openssh-7.2p2/auth2-pubkey.c.expose-pam 2016-07-18 12:30:12.039783322 +0200 -+++ openssh-7.2p2/auth2-pubkey.c 2016-07-18 12:30:12.124783255 +0200 +diff -up openssh-7.4p1/auth2-pubkey.c.expose-pam openssh-7.4p1/auth2-pubkey.c +--- openssh-7.4p1/auth2-pubkey.c.expose-pam 2016-12-23 15:40:26.746447864 +0100 ++++ openssh-7.4p1/auth2-pubkey.c 2016-12-23 15:40:26.819447876 +0100 @@ -79,7 +79,7 @@ userauth_pubkey(Authctxt *authctxt) { Buffer b; @@ -100,7 +100,7 @@ diff -up openssh-7.2p2/auth2-pubkey.c.expose-pam openssh-7.2p2/auth2-pubkey.c u_char *pkblob, *sig; u_int alen, blen, slen; int have_sig, pktype; -@@ -173,7 +173,8 @@ userauth_pubkey(Authctxt *authctxt) +@@ -177,7 +177,8 @@ userauth_pubkey(Authctxt *authctxt) #ifdef DEBUG_PK buffer_dump(&b); #endif @@ -110,7 +110,7 @@ diff -up openssh-7.2p2/auth2-pubkey.c.expose-pam openssh-7.2p2/auth2-pubkey.c /* test for correct signature */ authenticated = 0; -@@ -181,9 +182,12 @@ userauth_pubkey(Authctxt *authctxt) +@@ -185,9 +186,12 @@ userauth_pubkey(Authctxt *authctxt) PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b), buffer_len(&b))) == 1) { authenticated = 1; @@ -123,7 +123,7 @@ diff -up openssh-7.2p2/auth2-pubkey.c.expose-pam openssh-7.2p2/auth2-pubkey.c } buffer_free(&b); free(sig); -@@ -224,7 +228,7 @@ done: +@@ -228,7 +232,7 @@ done: void pubkey_auth_info(Authctxt *authctxt, const Key *key, const char *fmt, ...) { @@ -132,7 +132,7 @@ diff -up openssh-7.2p2/auth2-pubkey.c.expose-pam openssh-7.2p2/auth2-pubkey.c va_list ap; int i; -@@ -234,27 +238,13 @@ pubkey_auth_info(Authctxt *authctxt, con +@@ -238,27 +242,13 @@ pubkey_auth_info(Authctxt *authctxt, con i = vasprintf(&extra, fmt, ap); va_end(ap); if (i < 0 || extra == NULL) @@ -165,9 +165,9 @@ diff -up openssh-7.2p2/auth2-pubkey.c.expose-pam openssh-7.2p2/auth2-pubkey.c free(extra); } -diff -up openssh-7.2p2/auth.h.expose-pam openssh-7.2p2/auth.h ---- openssh-7.2p2/auth.h.expose-pam 2016-07-18 12:30:12.077783292 +0200 -+++ openssh-7.2p2/auth.h 2016-07-18 12:30:12.123783256 +0200 +diff -up openssh-7.4p1/auth.h.expose-pam openssh-7.4p1/auth.h +--- openssh-7.4p1/auth.h.expose-pam 2016-12-23 15:40:26.782447870 +0100 ++++ openssh-7.4p1/auth.h 2016-12-23 15:40:26.819447876 +0100 @@ -84,6 +84,9 @@ struct Authctxt { struct sshkey **prev_userkeys; @@ -178,10 +178,10 @@ diff -up openssh-7.2p2/auth.h.expose-pam openssh-7.2p2/auth.h }; /* * Every authentication method has to handle authentication requests for -diff -up openssh-7.2p2/auth-pam.c.expose-pam openssh-7.2p2/auth-pam.c ---- openssh-7.2p2/auth-pam.c.expose-pam 2016-07-18 12:30:12.026783332 +0200 -+++ openssh-7.2p2/auth-pam.c 2016-07-18 12:30:12.123783256 +0200 -@@ -689,6 +689,11 @@ sshpam_init_ctx(Authctxt *authctxt) +diff -up openssh-7.4p1/auth-pam.c.expose-pam openssh-7.4p1/auth-pam.c +--- openssh-7.4p1/auth-pam.c.expose-pam 2016-12-23 15:40:26.731447862 +0100 ++++ openssh-7.4p1/auth-pam.c 2016-12-23 15:40:26.819447876 +0100 +@@ -688,6 +688,11 @@ sshpam_init_ctx(Authctxt *authctxt) return (NULL); } @@ -193,9 +193,9 @@ diff -up openssh-7.2p2/auth-pam.c.expose-pam openssh-7.2p2/auth-pam.c ctxt = xcalloc(1, sizeof *ctxt); /* Start the authentication thread */ -diff -up openssh-7.2p2/gss-serv.c.expose-pam openssh-7.2p2/gss-serv.c ---- openssh-7.2p2/gss-serv.c.expose-pam 2016-07-18 12:30:12.124783255 +0200 -+++ openssh-7.2p2/gss-serv.c 2016-07-18 12:33:08.835644264 +0200 +diff -up openssh-7.4p1/gss-serv.c.expose-pam openssh-7.4p1/gss-serv.c +--- openssh-7.4p1/gss-serv.c.expose-pam 2016-12-23 15:40:26.808447874 +0100 ++++ openssh-7.4p1/gss-serv.c 2016-12-23 15:40:26.819447876 +0100 @@ -441,6 +441,16 @@ ssh_gssapi_do_child(char ***envp, u_int } @@ -213,10 +213,10 @@ diff -up openssh-7.2p2/gss-serv.c.expose-pam openssh-7.2p2/gss-serv.c int ssh_gssapi_userok(char *user, struct passwd *pw) { -diff -up openssh-7.2p2/monitor.c.expose-pam openssh-7.2p2/monitor.c ---- openssh-7.2p2/monitor.c.expose-pam 2016-07-18 12:30:12.093783279 +0200 -+++ openssh-7.2p2/monitor.c 2016-07-18 12:30:12.124783255 +0200 -@@ -349,6 +349,7 @@ monitor_child_preauth(Authctxt *_authctx +diff -up openssh-7.4p1/monitor.c.expose-pam openssh-7.4p1/monitor.c +--- openssh-7.4p1/monitor.c.expose-pam 2016-12-23 15:40:26.794447872 +0100 ++++ openssh-7.4p1/monitor.c 2016-12-23 15:41:16.473455863 +0100 +@@ -300,6 +300,7 @@ monitor_child_preauth(Authctxt *_authctx { struct mon_table *ent; int authenticated = 0, partial = 0; @@ -224,7 +224,7 @@ diff -up openssh-7.2p2/monitor.c.expose-pam openssh-7.2p2/monitor.c debug3("preauth child monitor started"); -@@ -386,6 +387,18 @@ monitor_child_preauth(Authctxt *_authctx +@@ -330,6 +331,18 @@ monitor_child_preauth(Authctxt *_authctx auth_submethod = NULL; authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1); @@ -242,8 +242,8 @@ diff -up openssh-7.2p2/monitor.c.expose-pam openssh-7.2p2/monitor.c + /* Special handling for multiple required authentications */ if (options.num_auth_methods != 0) { - if (!compat20) -@@ -1498,6 +1511,10 @@ mm_answer_keyverify(int sock, Buffer *m) + if (authenticated && +@@ -1417,6 +1430,10 @@ mm_answer_keyverify(int sock, Buffer *m) debug3("%s: key %p signature %s", __func__, key, (verified == 1) ? "verified" : "unverified"); @@ -254,7 +254,7 @@ diff -up openssh-7.2p2/monitor.c.expose-pam openssh-7.2p2/monitor.c /* If auth was successful then record key to ensure it isn't reused */ if (verified == 1 && key_blobtype == MM_USERKEY) auth2_record_userkey(authctxt, key); -@@ -2140,6 +2157,9 @@ mm_answer_gss_userok(int sock, Buffer *m +@@ -1860,6 +1877,9 @@ mm_answer_gss_userok(int sock, Buffer *m auth_method = "gssapi-with-mic"; @@ -264,43 +264,43 @@ diff -up openssh-7.2p2/monitor.c.expose-pam openssh-7.2p2/monitor.c /* Monitor loop will terminate if authenticated */ return (authenticated); } -diff -up openssh-7.2p2/servconf.c.expose-pam openssh-7.2p2/servconf.c ---- openssh-7.2p2/servconf.c.expose-pam 2016-07-18 12:30:12.112783264 +0200 -+++ openssh-7.2p2/servconf.c 2016-07-18 12:34:38.170574004 +0200 -@@ -176,6 +176,7 @@ initialize_server_options(ServerOptions - options->fingerprint_hash = -1; +diff -up openssh-7.4p1/servconf.c.expose-pam openssh-7.4p1/servconf.c +--- openssh-7.4p1/servconf.c.expose-pam 2016-12-23 15:40:26.810447875 +0100 ++++ openssh-7.4p1/servconf.c 2016-12-23 15:44:04.691482920 +0100 +@@ -171,6 +171,7 @@ initialize_server_options(ServerOptions + options->disable_forwarding = -1; options->use_kuserok = -1; options->enable_k5users = -1; + options->expose_auth_methods = -1; } /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ -@@ -374,6 +375,8 @@ fill_default_server_options(ServerOption - options->enable_k5users = 0; - if (options->use_kuserok == -1) +@@ -354,6 +355,8 @@ fill_default_server_options(ServerOption options->use_kuserok = 1; + if (options->enable_k5users == -1) + options->enable_k5users = 0; + if (options->expose_auth_methods == -1) + options->expose_auth_methods = EXPOSE_AUTHMETH_NEVER; assemble_algorithms(options); -@@ -451,6 +454,7 @@ typedef enum { +@@ -439,6 +442,7 @@ typedef enum { sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, sStreamLocalBindMask, sStreamLocalBindUnlink, - sAllowStreamLocalForwarding, sFingerprintHash, + sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, + sExposeAuthenticationMethods, - sDeprecated, sUnsupported + sDeprecated, sIgnore, sUnsupported } ServerOpCodes; -@@ -606,6 +610,7 @@ static struct { - { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL }, +@@ -595,6 +599,7 @@ static struct { { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL }, { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, + { "disableforwarding", sDisableForwarding, SSHCFG_ALL }, + { "exposeauthenticationmethods", sExposeAuthenticationMethods, SSHCFG_ALL }, { NULL, sBadOption, 0 } }; -@@ -994,6 +999,12 @@ static const struct multistate multistat +@@ -984,6 +989,12 @@ static const struct multistate multistat { "local", FORWARD_LOCAL }, { NULL, -1 } }; @@ -313,7 +313,7 @@ diff -up openssh-7.2p2/servconf.c.expose-pam openssh-7.2p2/servconf.c int process_server_config_line(ServerOptions *options, char *line, -@@ -1918,6 +1929,11 @@ process_server_config_line(ServerOptions +@@ -1902,6 +1913,11 @@ process_server_config_line(ServerOptions options->fingerprint_hash = value; break; @@ -323,9 +323,9 @@ diff -up openssh-7.2p2/servconf.c.expose-pam openssh-7.2p2/servconf.c + goto parse_multistate; + case sDeprecated: - logit("%s line %d: Deprecated option %s", - filename, linenum, arg); -@@ -2076,6 +2092,7 @@ copy_set_server_options(ServerOptions *d + case sIgnore: + case sUnsupported: +@@ -2060,6 +2076,7 @@ copy_set_server_options(ServerOptions *d M_CP_INTOPT(enable_k5users); M_CP_INTOPT(rekey_limit); M_CP_INTOPT(rekey_interval); @@ -333,16 +333,16 @@ diff -up openssh-7.2p2/servconf.c.expose-pam openssh-7.2p2/servconf.c /* * The bind_mask is a mode_t that may be unsigned, so we can't use -@@ -2181,6 +2198,8 @@ fmt_intarg(ServerOpCodes code, int val) +@@ -2176,6 +2193,8 @@ fmt_intarg(ServerOpCodes code, int val) return fmt_multistate_int(val, multistate_tcpfwd); case sFingerprintHash: return ssh_digest_alg_name(val); + case sExposeAuthenticationMethods: + return fmt_multistate_int(val, multistate_exposeauthmeth); - case sProtocol: + default: switch (val) { - case SSH_PROTO_1: -@@ -2374,6 +2393,7 @@ dump_config(ServerOptions *o) + case 0: +@@ -2356,6 +2375,7 @@ dump_config(ServerOptions *o) dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); dump_cfg_fmtint(sKerberosUseKuserok, o->use_kuserok); dump_cfg_fmtint(sGssEnablek5users, o->enable_k5users); @@ -350,9 +350,9 @@ diff -up openssh-7.2p2/servconf.c.expose-pam openssh-7.2p2/servconf.c /* string arguments */ dump_cfg_string(sPidFile, o->pid_file); -diff -up openssh-7.2p2/servconf.h.expose-pam openssh-7.2p2/servconf.h ---- openssh-7.2p2/servconf.h.expose-pam 2016-07-18 12:30:12.112783264 +0200 -+++ openssh-7.2p2/servconf.h 2016-07-18 12:30:12.125783254 +0200 +diff -up openssh-7.4p1/servconf.h.expose-pam openssh-7.4p1/servconf.h +--- openssh-7.4p1/servconf.h.expose-pam 2016-12-23 15:40:26.810447875 +0100 ++++ openssh-7.4p1/servconf.h 2016-12-23 15:40:26.821447876 +0100 @@ -48,6 +48,11 @@ #define FORWARD_LOCAL (1<<1) #define FORWARD_ALLOW (FORWARD_REMOTE|FORWARD_LOCAL) @@ -365,7 +365,7 @@ diff -up openssh-7.2p2/servconf.h.expose-pam openssh-7.2p2/servconf.h #define DEFAULT_AUTH_FAIL_MAX 6 /* Default for MaxAuthTries */ #define DEFAULT_SESSIONS_MAX 10 /* Default for MaxSessions */ -@@ -201,6 +206,8 @@ typedef struct { +@@ -195,6 +200,8 @@ typedef struct { char *auth_methods[MAX_AUTH_METHODS]; int fingerprint_hash; @@ -374,10 +374,10 @@ diff -up openssh-7.2p2/servconf.h.expose-pam openssh-7.2p2/servconf.h } ServerOptions; /* Information about the incoming connection as used by Match */ -diff -up openssh-7.2p2/session.c.expose-pam openssh-7.2p2/session.c ---- openssh-7.2p2/session.c.expose-pam 2016-07-18 12:30:12.120783258 +0200 -+++ openssh-7.2p2/session.c 2016-07-18 12:30:12.125783254 +0200 -@@ -1180,6 +1180,12 @@ copy_environment(char **source, char *** +diff -up openssh-7.4p1/session.c.expose-pam openssh-7.4p1/session.c +--- openssh-7.4p1/session.c.expose-pam 2016-12-23 15:40:26.794447872 +0100 ++++ openssh-7.4p1/session.c 2016-12-23 15:40:26.821447876 +0100 +@@ -997,6 +997,12 @@ copy_environment(char **source, char *** } *var_val++ = '\0'; @@ -390,7 +390,7 @@ diff -up openssh-7.2p2/session.c.expose-pam openssh-7.2p2/session.c debug3("Copy environment: %s=%s", var_name, var_val); child_set_env(env, envsize, var_name, var_val); -@@ -1359,6 +1365,11 @@ do_setup_env(Session *s, const char *she +@@ -1173,6 +1179,11 @@ do_setup_env(Session *s, const char *she } #endif /* USE_PAM */ @@ -402,7 +402,7 @@ diff -up openssh-7.2p2/session.c.expose-pam openssh-7.2p2/session.c if (auth_sock_name != NULL) child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, auth_sock_name); -@@ -2798,6 +2809,9 @@ do_cleanup(Authctxt *authctxt) +@@ -2561,6 +2572,9 @@ do_cleanup(Authctxt *authctxt) if (authctxt == NULL) return; @@ -412,10 +412,10 @@ diff -up openssh-7.2p2/session.c.expose-pam openssh-7.2p2/session.c #ifdef USE_PAM if (options.use_pam) { sshpam_cleanup(); -diff -up openssh-7.2p2/ssh.1.expose-pam openssh-7.2p2/ssh.1 ---- openssh-7.2p2/ssh.1.expose-pam 2016-07-18 12:30:12.112783264 +0200 -+++ openssh-7.2p2/ssh.1 2016-07-18 12:30:12.126783253 +0200 -@@ -1396,6 +1396,10 @@ server IP address, and server port numbe +diff -up openssh-7.4p1/ssh.1.expose-pam openssh-7.4p1/ssh.1 +--- openssh-7.4p1/ssh.1.expose-pam 2016-12-23 15:40:26.810447875 +0100 ++++ openssh-7.4p1/ssh.1 2016-12-23 15:40:26.822447877 +0100 +@@ -1421,6 +1421,10 @@ server IP address, and server port numbe This variable contains the original command line if a forced command is executed. It can be used to extract the original arguments. @@ -426,13 +426,13 @@ diff -up openssh-7.2p2/ssh.1.expose-pam openssh-7.2p2/ssh.1 .It Ev SSH_TTY This is set to the name of the tty (path to the device) associated with the current shell or command. -diff -up openssh-7.2p2/sshd_config.5.expose-pam openssh-7.2p2/sshd_config.5 ---- openssh-7.2p2/sshd_config.5.expose-pam 2016-07-18 12:30:12.113783263 +0200 -+++ openssh-7.2p2/sshd_config.5 2016-07-18 12:30:12.126783253 +0200 -@@ -570,6 +570,21 @@ and finally - See PATTERNS in - .Xr ssh_config 5 - for more information on patterns. +diff -up openssh-7.4p1/sshd_config.5.expose-pam openssh-7.4p1/sshd_config.5 +--- openssh-7.4p1/sshd_config.5.expose-pam 2016-12-23 15:40:26.822447877 +0100 ++++ openssh-7.4p1/sshd_config.5 2016-12-23 15:45:22.411495421 +0100 +@@ -570,6 +570,21 @@ Disables all forwarding features, includ + TCP and StreamLocal. + This option overrides all other forwarding-related options and may + simplify restricted configurations. +.It Cm ExposeAuthenticationMethods +When using SSH2, this option controls the exposure of the list of +successful authentication methods to PAM during the authentication @@ -440,20 +440,20 @@ diff -up openssh-7.2p2/sshd_config.5.expose-pam openssh-7.2p2/sshd_config.5 +.Cm SSH_USER_AUTH +variable. See the description of this variable for more details. +Valid options are: -+.Dq never ++.Cm never +(Do not expose successful authentication methods), -+.Dq pam-only ++.Cm pam-only +(Only expose them to PAM during authentication, not afterwards), -+.Dq pam-and-env ++.Cm pam-and-env +(Expose them to PAM and keep them in the shell environment). +The default is -+.Dq never . ++.Cm never . .It Cm FingerprintHash Specifies the hash algorithm used when logging key fingerprints. Valid options are: -diff -up openssh-7.2p2/ssh-gss.h.expose-pam openssh-7.2p2/ssh-gss.h ---- openssh-7.2p2/ssh-gss.h.expose-pam 2016-07-18 12:30:12.125783254 +0200 -+++ openssh-7.2p2/ssh-gss.h 2016-07-18 12:35:01.906555328 +0200 +diff -up openssh-7.4p1/ssh-gss.h.expose-pam openssh-7.4p1/ssh-gss.h +--- openssh-7.4p1/ssh-gss.h.expose-pam 2016-12-23 15:40:26.811447875 +0100 ++++ openssh-7.4p1/ssh-gss.h 2016-12-23 15:40:26.823447877 +0100 @@ -159,6 +159,7 @@ int ssh_gssapi_server_check_mech(Gssctxt const char *); OM_uint32 ssh_gssapi_server_ctx(Gssctxt **, gss_OID); @@ -462,10 +462,10 @@ diff -up openssh-7.2p2/ssh-gss.h.expose-pam openssh-7.2p2/ssh-gss.h OM_uint32 ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t); void ssh_gssapi_do_child(char ***, u_int *); void ssh_gssapi_cleanup_creds(void); -diff -up openssh-7.2p2/sshkey.c.expose-pam openssh-7.2p2/sshkey.c ---- openssh-7.2p2/sshkey.c.expose-pam 2016-07-18 12:30:12.071783296 +0200 -+++ openssh-7.2p2/sshkey.c 2016-07-18 12:30:12.126783253 +0200 -@@ -58,6 +58,7 @@ +diff -up openssh-7.4p1/sshkey.c.expose-pam openssh-7.4p1/sshkey.c +--- openssh-7.4p1/sshkey.c.expose-pam 2016-12-23 15:40:26.777447869 +0100 ++++ openssh-7.4p1/sshkey.c 2016-12-23 15:40:26.823447877 +0100 +@@ -57,6 +57,7 @@ #define SSHKEY_INTERNAL #include "sshkey.h" #include "match.h" @@ -473,7 +473,7 @@ diff -up openssh-7.2p2/sshkey.c.expose-pam openssh-7.2p2/sshkey.c /* openssh private key file format */ #define MARK_BEGIN "-----BEGIN OPENSSH PRIVATE KEY-----\n" -@@ -1190,6 +1191,30 @@ sshkey_fingerprint(const struct sshkey * +@@ -1191,6 +1192,30 @@ sshkey_fingerprint(const struct sshkey * return retval; } @@ -504,9 +504,9 @@ diff -up openssh-7.2p2/sshkey.c.expose-pam openssh-7.2p2/sshkey.c #ifdef WITH_SSH1 /* * Reads a multiple-precision integer in decimal from the buffer, and advances -diff -up openssh-7.2p2/sshkey.h.expose-pam openssh-7.2p2/sshkey.h ---- openssh-7.2p2/sshkey.h.expose-pam 2016-07-18 12:30:12.071783296 +0200 -+++ openssh-7.2p2/sshkey.h 2016-07-18 12:30:12.127783252 +0200 +diff -up openssh-7.4p1/sshkey.h.expose-pam openssh-7.4p1/sshkey.h +--- openssh-7.4p1/sshkey.h.expose-pam 2016-12-23 15:40:26.777447869 +0100 ++++ openssh-7.4p1/sshkey.h 2016-12-23 15:40:26.823447877 +0100 @@ -124,6 +124,7 @@ char *sshkey_fingerprint(const struct s int, enum sshkey_fp_rep); int sshkey_fingerprint_raw(const struct sshkey *k, diff --git a/openssh-7.3p1-null-deref.patch b/openssh-7.3p1-null-deref.patch deleted file mode 100644 index 041ae78..0000000 --- a/openssh-7.3p1-null-deref.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 28652bca29046f62c7045e933e6b931de1d16737 Mon Sep 17 00:00:00 2001 -From: "markus@openbsd.org" -Date: Mon, 19 Sep 2016 19:02:19 +0000 -Subject: upstream commit - -move inbound NEWKEYS handling to kex layer; otherwise -early NEWKEYS causes NULL deref; found by Robert Swiecki/honggfuzz; fixed -with & ok djm@ - -Upstream-ID: 9a68b882892e9f51dc7bfa9f5a423858af358b2f ---- - kex.c | 4 +++- - packet.c | 6 ++---- - 2 files changed, 5 insertions(+), 5 deletions(-) - -diff --git a/kex.c b/kex.c -index f4c130f..8800d40 100644 ---- a/kex.c -+++ b/kex.c -@@ -425,6 +425,8 @@ kex_input_newkeys(int type, u_int32_t seq, void *ctxt) - ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_protocol_error); - if ((r = sshpkt_get_end(ssh)) != 0) - return r; -+ if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0) -+ return r; - kex->done = 1; - sshbuf_reset(kex->peer); - /* sshbuf_reset(kex->my); */ -diff --git a/packet.c b/packet.c -index 711091d..fb316ac 100644 ---- a/packet.c -+++ b/packet.c -@@ -1907,9 +1907,7 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) - return r; - return SSH_ERR_PROTOCOL_ERROR; - } -- if (*typep == SSH2_MSG_NEWKEYS) -- r = ssh_set_newkeys(ssh, MODE_IN); -- else if (*typep == SSH2_MSG_USERAUTH_SUCCESS && !state->server_side) -+ if (*typep == SSH2_MSG_USERAUTH_SUCCESS && !state->server_side) - r = ssh_packet_enable_delayed_compress(ssh); - else - r = 0; --- -cgit v0.12 - -0 - diff --git a/openssh-7.3p1-openssl-1.1.0.patch b/openssh-7.3p1-openssl-1.1.0.patch index 77bb7d1..568284a 100644 --- a/openssh-7.3p1-openssl-1.1.0.patch +++ b/openssh-7.3p1-openssl-1.1.0.patch @@ -1,39 +1,6 @@ -diff -up openssh-7.3p1/auth1.c.openssl openssh-7.3p1/auth1.c ---- openssh-7.3p1/auth1.c.openssl 2016-10-27 14:28:16.459815636 +0200 -+++ openssh-7.3p1/auth1.c 2016-10-27 14:28:16.614815267 +0200 -@@ -164,6 +164,7 @@ auth1_process_rhosts_rsa(Authctxt *authc - u_int bits; - Key *client_host_key; - u_int ulen; -+ BIGNUM *n = NULL, *e = NULL; - - /* - * Get client user name. Note that we just have to -@@ -175,14 +176,17 @@ auth1_process_rhosts_rsa(Authctxt *authc - /* Get the client host key. */ - client_host_key = key_new(KEY_RSA1); - bits = packet_get_int(); -- packet_get_bignum(client_host_key->rsa->e); -- packet_get_bignum(client_host_key->rsa->n); -+ if( (n = BN_new()) == NULL || (e = BN_new()) == NULL) -+ return 0; -+ packet_get_bignum(e); -+ packet_get_bignum(n); -+ RSA_set0_key(client_host_key->rsa, n, e, NULL); - -- keybits = BN_num_bits(client_host_key->rsa->n); -+ keybits = BN_num_bits(n); - if (keybits < 0 || bits != (u_int)keybits) { - verbose("Warning: keysize mismatch for client_host_key: " - "actual %d, announced %d", -- BN_num_bits(client_host_key->rsa->n), bits); -+ BN_num_bits(n), bits); - } - packet_check_eom(); - -diff -up openssh-7.3p1/authfd.c.openssl openssh-7.3p1/authfd.c ---- openssh-7.3p1/authfd.c.openssl 2016-07-28 00:54:27.000000000 +0200 -+++ openssh-7.3p1/authfd.c 2016-10-27 14:28:16.614815267 +0200 +diff -up openssh-7.4p1/authfd.c.openssl openssh-7.4p1/authfd.c +--- openssh-7.4p1/authfd.c.openssl 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/authfd.c 2016-12-23 17:47:36.429817751 +0100 @@ -207,15 +207,22 @@ deserialise_identity1(struct sshbuf *ids int r, keybits; u_int32_t bits; @@ -127,10 +94,10 @@ diff -up openssh-7.3p1/authfd.c.openssl openssh-7.3p1/authfd.c goto out; } else #endif -diff -up openssh-7.3p1/auth-pam.c.openssl openssh-7.3p1/auth-pam.c ---- openssh-7.3p1/auth-pam.c.openssl 2016-10-27 14:28:16.577815355 +0200 -+++ openssh-7.3p1/auth-pam.c 2016-10-27 14:28:16.615815264 +0200 -@@ -124,6 +124,10 @@ extern u_int utmp_len; +diff -up openssh-7.4p1/auth-pam.c.openssl openssh-7.4p1/auth-pam.c +--- openssh-7.4p1/auth-pam.c.openssl 2016-12-23 17:47:36.400817739 +0100 ++++ openssh-7.4p1/auth-pam.c 2016-12-23 17:47:36.430817752 +0100 +@@ -129,6 +129,10 @@ extern u_int utmp_len; typedef pthread_t sp_pthread_t; #else typedef pid_t sp_pthread_t; @@ -141,76 +108,10 @@ diff -up openssh-7.3p1/auth-pam.c.openssl openssh-7.3p1/auth-pam.c #endif struct pam_ctxt { -diff -up openssh-7.3p1/auth-rsa.c.openssl openssh-7.3p1/auth-rsa.c ---- openssh-7.3p1/auth-rsa.c.openssl 2016-10-27 14:28:16.592815319 +0200 -+++ openssh-7.3p1/auth-rsa.c 2016-10-27 14:28:16.615815264 +0200 -@@ -75,6 +75,7 @@ auth_rsa_generate_challenge(Key *key) - { - BIGNUM *challenge; - BN_CTX *ctx; -+ const BIGNUM *n; - - if ((challenge = BN_new()) == NULL) - fatal("auth_rsa_generate_challenge: BN_new() failed"); -@@ -83,7 +84,8 @@ auth_rsa_generate_challenge(Key *key) - fatal("auth_rsa_generate_challenge: BN_rand failed"); - if ((ctx = BN_CTX_new()) == NULL) - fatal("auth_rsa_generate_challenge: BN_CTX_new failed"); -- if (BN_mod(challenge, challenge, key->rsa->n, ctx) == 0) -+ RSA_get0_key(key->rsa, &n, NULL, NULL); -+ if (BN_mod(challenge, challenge, n, ctx) == 0) - fatal("auth_rsa_generate_challenge: BN_mod failed"); - BN_CTX_free(ctx); - -@@ -99,12 +101,14 @@ auth_rsa_verify_response(Key *key, BIGNU - #ifdef SSH_AUDIT_EVENTS - char *fp; - #endif -+ const BIGNUM *n; - - /* don't allow short keys */ -- if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { -+ RSA_get0_key(key->rsa, &n, NULL, NULL); -+ if (BN_num_bits(n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { - error("%s: RSA modulus too small: %d < minimum %d bits", - __func__, -- BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE); -+ BN_num_bits(n), SSH_RSA_MINIMUM_MODULUS_SIZE); - return (0); - } - -@@ -200,6 +204,7 @@ rsa_key_allowed_in_file(struct passwd *p - char *cp; - char *key_options; - int keybits; -+ const BIGNUM *n; - - /* Skip leading whitespace, empty and comment lines. */ - for (cp = line; *cp == ' ' || *cp == '\t'; cp++) -@@ -237,15 +242,16 @@ rsa_key_allowed_in_file(struct passwd *p - * Check if the we have found the desired key (identified - * by its modulus). - */ -- if (BN_cmp(key->rsa->n, client_n) != 0) -+ RSA_get0_key(key->rsa, &n, NULL, NULL); -+ if (BN_cmp(n, client_n) != 0) - continue; - - /* check the real bits */ -- keybits = BN_num_bits(key->rsa->n); -+ keybits = BN_num_bits(n); - if (keybits < 0 || bits != keybits) - logit("Warning: %s, line %lu: keysize mismatch: " - "actual %d vs. announced %d.", -- file, linenum, BN_num_bits(key->rsa->n), bits); -+ file, linenum, BN_num_bits(n), bits); - - if ((fp = sshkey_fingerprint(key, options.fingerprint_hash, - SSH_FP_DEFAULT)) == NULL) -diff -up openssh-7.3p1/cipher-3des1.c.openssl openssh-7.3p1/cipher-3des1.c ---- openssh-7.3p1/cipher-3des1.c.openssl 2016-07-28 00:54:27.000000000 +0200 -+++ openssh-7.3p1/cipher-3des1.c 2016-10-27 14:28:16.615815264 +0200 -@@ -42,7 +42,7 @@ +diff -up openssh-7.4p1/cipher-3des1.c.openssl openssh-7.4p1/cipher-3des1.c +--- openssh-7.4p1/cipher-3des1.c.openssl 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/cipher-3des1.c 2016-12-23 17:47:36.430817752 +0100 +@@ -44,7 +44,7 @@ */ struct ssh1_3des_ctx { @@ -219,7 +120,7 @@ diff -up openssh-7.3p1/cipher-3des1.c.openssl openssh-7.3p1/cipher-3des1.c }; const EVP_CIPHER * evp_ssh1_3des(void); -@@ -63,7 +63,7 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, cons +@@ -65,7 +65,7 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, cons if (key == NULL) return 1; if (enc == -1) @@ -228,7 +129,7 @@ diff -up openssh-7.3p1/cipher-3des1.c.openssl openssh-7.3p1/cipher-3des1.c k1 = k2 = k3 = (u_char *) key; k2 += 8; if (EVP_CIPHER_CTX_key_length(ctx) >= 16+8) { -@@ -72,12 +72,19 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, cons +@@ -74,12 +74,19 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, cons else k1 += 16; } @@ -254,7 +155,7 @@ diff -up openssh-7.3p1/cipher-3des1.c.openssl openssh-7.3p1/cipher-3des1.c explicit_bzero(c, sizeof(*c)); free(c); EVP_CIPHER_CTX_set_app_data(ctx, NULL); -@@ -93,9 +100,9 @@ ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_cha +@@ -95,9 +102,9 @@ ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_cha if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) return 0; @@ -267,7 +168,7 @@ diff -up openssh-7.3p1/cipher-3des1.c.openssl openssh-7.3p1/cipher-3des1.c return 0; return 1; } -@@ -106,9 +113,9 @@ ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx) +@@ -108,9 +115,9 @@ ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx) struct ssh1_3des_ctx *c; if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) { @@ -280,7 +181,7 @@ diff -up openssh-7.3p1/cipher-3des1.c.openssl openssh-7.3p1/cipher-3des1.c explicit_bzero(c, sizeof(*c)); free(c); EVP_CIPHER_CTX_set_app_data(ctx, NULL); -@@ -126,13 +133,13 @@ ssh1_3des_iv(EVP_CIPHER_CTX *evp, int do +@@ -128,13 +135,13 @@ ssh1_3des_iv(EVP_CIPHER_CTX *evp, int do if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL) return SSH_ERR_INTERNAL_ERROR; if (doset) { @@ -300,7 +201,7 @@ diff -up openssh-7.3p1/cipher-3des1.c.openssl openssh-7.3p1/cipher-3des1.c } return 0; } -@@ -140,16 +147,13 @@ ssh1_3des_iv(EVP_CIPHER_CTX *evp, int do +@@ -142,17 +149,14 @@ ssh1_3des_iv(EVP_CIPHER_CTX *evp, int do const EVP_CIPHER * evp_ssh1_3des(void) { @@ -325,10 +226,11 @@ diff -up openssh-7.3p1/cipher-3des1.c.openssl openssh-7.3p1/cipher-3des1.c + EVP_CIPHER_meth_set_flags(ssh1_3des, EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH); + return ssh1_3des; } -diff -up openssh-7.3p1/cipher-bf1.c.openssl openssh-7.3p1/cipher-bf1.c ---- openssh-7.3p1/cipher-bf1.c.openssl 2016-07-28 00:54:27.000000000 +0200 -+++ openssh-7.3p1/cipher-bf1.c 2016-10-27 14:28:16.615815264 +0200 -@@ -88,16 +88,27 @@ bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_ch + #endif /* WITH_SSH1 */ +diff -up openssh-7.4p1/cipher-bf1.c.openssl openssh-7.4p1/cipher-bf1.c +--- openssh-7.4p1/cipher-bf1.c.openssl 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/cipher-bf1.c 2016-12-23 17:47:36.430817752 +0100 +@@ -89,17 +89,28 @@ bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_ch const EVP_CIPHER * evp_ssh1_bf(void) { @@ -364,210 +266,62 @@ diff -up openssh-7.3p1/cipher-bf1.c.openssl openssh-7.3p1/cipher-bf1.c + return ssh1_bf; } #endif /* defined(WITH_OPENSSL) && !defined(OPENSSL_NO_BF) */ -diff -up openssh-7.3p1/cipher.c.openssl openssh-7.3p1/cipher.c ---- openssh-7.3p1/cipher.c.openssl 2016-10-27 14:28:16.607815283 +0200 -+++ openssh-7.3p1/cipher.c 2016-10-27 14:28:16.615815264 +0200 -@@ -330,29 +330,28 @@ cipher_init(struct sshcipher_ctx *cc, co - return SSH_ERR_INVALID_ARGUMENT; - #else - type = (*cipher->evptype)(); -- EVP_CIPHER_CTX_init(&cc->evp); -- if (EVP_CipherInit(&cc->evp, type, NULL, (u_char *)iv, -+ if ((cc->evp = EVP_CIPHER_CTX_new()) == NULL) { -+ ret = SSH_ERR_ALLOC_FAIL; -+ goto bad; -+ } + +diff -up openssh-7.4p1/cipher.c.openssl openssh-7.4p1/cipher.c +--- openssh-7.4p1/cipher.c.openssl 2016-12-23 17:47:36.418817747 +0100 ++++ openssh-7.4p1/cipher.c 2016-12-23 17:47:36.430817752 +0100 +@@ -368,7 +368,7 @@ cipher_init(struct sshcipher_ctx **ccp, + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } +- if (EVP_CipherInit(cc->evp, type, NULL, (u_char *)iv, + if (EVP_CipherInit(cc->evp, type, (u_char *)key, (u_char *)iv, (do_encrypt == CIPHER_ENCRYPT)) == 0) { ret = SSH_ERR_LIBCRYPTO_ERROR; - goto bad; - } - if (cipher_authlen(cipher) && -- !EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_SET_IV_FIXED, -+ !EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_IV_FIXED, - -1, (u_char *)iv)) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto bad; - } -- klen = EVP_CIPHER_CTX_key_length(&cc->evp); -+ klen = EVP_CIPHER_CTX_key_length(cc->evp); - if (klen > 0 && keylen != (u_int)klen) { -- if (EVP_CIPHER_CTX_set_key_length(&cc->evp, keylen) == 0) { -+ if (EVP_CIPHER_CTX_set_key_length(cc->evp, keylen) == 0) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto bad; + goto out; +@@ -386,10 +386,6 @@ cipher_init(struct sshcipher_ctx **ccp, + goto out; } } -- if (EVP_CipherInit(&cc->evp, NULL, (u_char *)key, NULL, -1) == 0) { +- if (EVP_CipherInit(cc->evp, NULL, (u_char *)key, NULL, -1) == 0) { - ret = SSH_ERR_LIBCRYPTO_ERROR; -- goto bad; +- goto out; - } if (cipher->discard_len > 0) { if ((junk = malloc(cipher->discard_len)) == NULL || -@@ -361,14 +360,14 @@ cipher_init(struct sshcipher_ctx *cc, co - ret = SSH_ERR_ALLOC_FAIL; - goto bad; - } -- ret = EVP_Cipher(&cc->evp, discard, junk, cipher->discard_len); -+ ret = EVP_Cipher(cc->evp, discard, junk, cipher->discard_len); - explicit_bzero(discard, cipher->discard_len); - free(junk); - free(discard); - if (ret != 1) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - bad: -- EVP_CIPHER_CTX_cleanup(&cc->evp); -+ EVP_CIPHER_CTX_free(cc->evp); - return ret; - } - } -@@ -414,33 +413,33 @@ cipher_crypt(struct sshcipher_ctx *cc, u - if (authlen != cipher_authlen(cc->cipher)) - return SSH_ERR_INVALID_ARGUMENT; - /* increment IV */ -- if (!EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_IV_GEN, -+ if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, - 1, lastiv)) - return SSH_ERR_LIBCRYPTO_ERROR; - /* set tag on decyption */ - if (!cc->encrypt && -- !EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_SET_TAG, -+ !EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_TAG, - authlen, (u_char *)src + aadlen + len)) - return SSH_ERR_LIBCRYPTO_ERROR; - } - if (aadlen) { - if (authlen && -- EVP_Cipher(&cc->evp, NULL, (u_char *)src, aadlen) < 0) -+ EVP_Cipher(cc->evp, NULL, (u_char *)src, aadlen) < 0) - return SSH_ERR_LIBCRYPTO_ERROR; - memcpy(dest, src, aadlen); - } - if (len % cc->cipher->block_size) - return SSH_ERR_INVALID_ARGUMENT; -- if (EVP_Cipher(&cc->evp, dest + aadlen, (u_char *)src + aadlen, -+ if (EVP_Cipher(cc->evp, dest + aadlen, (u_char *)src + aadlen, - len) < 0) - return SSH_ERR_LIBCRYPTO_ERROR; - if (authlen) { - /* compute tag (on encrypt) or verify tag (on decrypt) */ -- if (EVP_Cipher(&cc->evp, NULL, NULL, 0) < 0) -+ if (EVP_Cipher(cc->evp, NULL, NULL, 0) < 0) - return cc->encrypt ? - SSH_ERR_LIBCRYPTO_ERROR : SSH_ERR_MAC_INVALID; - if (cc->encrypt && -- !EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_GET_TAG, -+ !EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_GET_TAG, - authlen, dest + aadlen + len)) - return SSH_ERR_LIBCRYPTO_ERROR; - } -@@ -472,8 +471,8 @@ cipher_cleanup(struct sshcipher_ctx *cc) - else if ((cc->cipher->flags & CFLAG_AESCTR) != 0) - explicit_bzero(&cc->ac_ctx, sizeof(cc->ac_ctx)); - #ifdef WITH_OPENSSL -- else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0) -- return SSH_ERR_LIBCRYPTO_ERROR; -+ EVP_CIPHER_CTX_free(cc->evp); -+ cc->evp = NULL; - #endif - return 0; - } -@@ -519,7 +518,7 @@ cipher_get_keyiv_len(const struct sshcip - ivlen = sizeof(cc->ac_ctx.ctr); - #ifdef WITH_OPENSSL - else -- ivlen = EVP_CIPHER_CTX_iv_length(&cc->evp); -+ ivlen = EVP_CIPHER_CTX_iv_length(cc->evp); - #endif /* WITH_OPENSSL */ - return (ivlen); - } -@@ -551,7 +550,7 @@ cipher_get_keyiv(struct sshcipher_ctx *c - case SSH_CIPHER_SSH2: - case SSH_CIPHER_DES: - case SSH_CIPHER_BLOWFISH: -- evplen = EVP_CIPHER_CTX_iv_length(&cc->evp); -+ evplen = EVP_CIPHER_CTX_iv_length(cc->evp); - if (evplen == 0) - return 0; - else if (evplen < 0) -@@ -560,20 +559,20 @@ cipher_get_keyiv(struct sshcipher_ctx *c - return SSH_ERR_INVALID_ARGUMENT; - #ifndef OPENSSL_HAVE_EVPCTR - if (c->evptype == evp_aes_128_ctr) -- ssh_aes_ctr_iv(&cc->evp, 0, iv, len); -+ ssh_aes_ctr_iv(cc->evp, 0, iv, len); - else - #endif - if (cipher_authlen(c)) { -- if (!EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_IV_GEN, -+ if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, +@@ -621,7 +617,7 @@ cipher_get_keyiv(struct sshcipher_ctx *c len, iv)) return SSH_ERR_LIBCRYPTO_ERROR; } else -- memcpy(iv, cc->evp.iv, len); +- memcpy(iv, cc->evp->iv, len); + memcpy(iv, EVP_CIPHER_CTX_iv(cc->evp), len); break; #endif #ifdef WITH_SSH1 - case SSH_CIPHER_3DES: -- return ssh1_3des_iv(&cc->evp, 0, iv, 24); -+ return ssh1_3des_iv(cc->evp, 0, iv, 24); - #endif - default: - return SSH_ERR_INVALID_ARGUMENT; -@@ -599,21 +598,21 @@ cipher_set_keyiv(struct sshcipher_ctx *c - case SSH_CIPHER_SSH2: - case SSH_CIPHER_DES: - case SSH_CIPHER_BLOWFISH: -- evplen = EVP_CIPHER_CTX_iv_length(&cc->evp); -+ evplen = EVP_CIPHER_CTX_iv_length(cc->evp); - if (evplen <= 0) - return SSH_ERR_LIBCRYPTO_ERROR; - if (cipher_authlen(c)) { - /* XXX iv arg is const, but EVP_CIPHER_CTX_ctrl isn't */ -- if (!EVP_CIPHER_CTX_ctrl(&cc->evp, -+ if (!EVP_CIPHER_CTX_ctrl(cc->evp, +@@ -667,7 +663,7 @@ cipher_set_keyiv(struct sshcipher_ctx *c EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv)) return SSH_ERR_LIBCRYPTO_ERROR; } else -- memcpy(cc->evp.iv, iv, evplen); +- memcpy(cc->evp->iv, iv, evplen); + memcpy(EVP_CIPHER_CTX_iv_noconst(cc->evp), iv, evplen); break; #endif #ifdef WITH_SSH1 - case SSH_CIPHER_3DES: -- return ssh1_3des_iv(&cc->evp, 1, (u_char *)iv, 24); -+ return ssh1_3des_iv(cc->evp, 1, (u_char *)iv, 24); - #endif - default: - return SSH_ERR_INVALID_ARGUMENT; -@@ -622,8 +621,8 @@ cipher_set_keyiv(struct sshcipher_ctx *c +@@ -681,8 +677,8 @@ cipher_set_keyiv(struct sshcipher_ctx *c } #ifdef WITH_OPENSSL --#define EVP_X_STATE(evp) (evp).cipher_data --#define EVP_X_STATE_LEN(evp) (evp).cipher->ctx_size +-#define EVP_X_STATE(evp) (evp)->cipher_data +-#define EVP_X_STATE_LEN(evp) (evp)->cipher->ctx_size +#define EVP_X_STATE(evp) EVP_CIPHER_CTX_get_cipher_data(evp) +#define EVP_X_STATE_LEN(evp) EVP_CIPHER_impl_ctx_size(EVP_CIPHER_CTX_cipher(evp)) #endif int -diff -up openssh-7.3p1/cipher.h.openssl openssh-7.3p1/cipher.h ---- openssh-7.3p1/cipher.h.openssl 2016-10-27 14:28:16.593815317 +0200 -+++ openssh-7.3p1/cipher.h 2016-10-27 14:28:16.616815262 +0200 -@@ -85,7 +85,7 @@ struct sshcipher { - struct sshcipher_ctx { - int plaintext; - int encrypt; -- EVP_CIPHER_CTX evp; -+ EVP_CIPHER_CTX *evp; - struct chachapoly_ctx cp_ctx; /* XXX union with evp? */ - struct aesctr_ctx ac_ctx; /* XXX union with evp? */ - const struct sshcipher *cipher; -diff -up openssh-7.3p1/ctr-cavstest.c.openssl openssh-7.3p1/ctr-cavstest.c ---- openssh-7.3p1/ctr-cavstest.c.openssl 2016-10-27 14:28:16.506815524 +0200 -+++ openssh-7.3p1/ctr-cavstest.c 2016-10-27 14:28:16.616815262 +0200 +diff -up openssh-7.4p1/ctr-cavstest.c.openssl openssh-7.4p1/ctr-cavstest.c +--- openssh-7.4p1/ctr-cavstest.c.openssl 2016-12-23 17:47:36.344817716 +0100 ++++ openssh-7.4p1/ctr-cavstest.c 2016-12-23 17:47:36.430817752 +0100 @@ -144,7 +144,7 @@ int main (int argc, char *argv[]) usage(); } @@ -577,10 +331,10 @@ diff -up openssh-7.3p1/ctr-cavstest.c.openssl openssh-7.3p1/ctr-cavstest.c c = cipher_by_name(algo); if (c == NULL) { -diff -up openssh-7.3p1/dh.c.openssl openssh-7.3p1/dh.c ---- openssh-7.3p1/dh.c.openssl 2016-07-28 00:54:27.000000000 +0200 -+++ openssh-7.3p1/dh.c 2016-10-27 14:28:16.616815262 +0200 -@@ -213,14 +213,15 @@ choose_dh(int min, int wantbits, int max +diff -up openssh-7.4p1/dh.c.openssl openssh-7.4p1/dh.c +--- openssh-7.4p1/dh.c.openssl 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/dh.c 2016-12-23 17:47:36.430817752 +0100 +@@ -212,14 +212,15 @@ choose_dh(int min, int wantbits, int max /* diffie-hellman-groupN-sha1 */ int @@ -598,7 +352,7 @@ diff -up openssh-7.3p1/dh.c.openssl openssh-7.3p1/dh.c logit("invalid public DH value: negative"); return 0; } -@@ -233,7 +234,8 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) +@@ -232,7 +233,8 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) error("%s: BN_new failed", __func__); return 0; } @@ -608,7 +362,7 @@ diff -up openssh-7.3p1/dh.c.openssl openssh-7.3p1/dh.c BN_cmp(dh_pub, tmp) != -1) { /* pub_exp > p-2 */ BN_clear_free(tmp); logit("invalid public DH value: >= p-1"); -@@ -244,14 +246,14 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) +@@ -243,14 +245,14 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) for (i = 0; i <= n; i++) if (BN_is_bit_set(dh_pub, i)) bits_set++; @@ -625,7 +379,7 @@ diff -up openssh-7.3p1/dh.c.openssl openssh-7.3p1/dh.c return 0; } return 1; -@@ -261,9 +263,11 @@ int +@@ -260,9 +262,11 @@ int dh_gen_key(DH *dh, int need) { int pbits; @@ -639,11 +393,11 @@ diff -up openssh-7.3p1/dh.c.openssl openssh-7.3p1/dh.c need > INT_MAX / 2 || 2 * need > pbits) return SSH_ERR_INVALID_ARGUMENT; if (need < 256) -@@ -272,12 +276,12 @@ dh_gen_key(DH *dh, int need) +@@ -271,10 +275,11 @@ dh_gen_key(DH *dh, int need) * Pollard Rho, Big step/Little Step attacks are O(sqrt(n)), * so double requested need here. */ -- dh->length = MIN(need * 2, pbits - 1); +- dh->length = MINIMUM(need * 2, pbits - 1); - if (DH_generate_key(dh) == 0 || - !dh_pub_is_valid(dh, dh->pub_key)) { - BN_clear_free(dh->priv_key); @@ -651,13 +405,11 @@ diff -up openssh-7.3p1/dh.c.openssl openssh-7.3p1/dh.c + if (DH_generate_key(dh) == 0) + return SSH_ERR_LIBCRYPTO_ERROR; + DH_get0_key(dh, &pub_key, NULL); -+ if (!dh_pub_is_valid(dh, pub_key)) ++ if (!dh_pub_is_valid(dh, pub_key)) { return SSH_ERR_LIBCRYPTO_ERROR; -- } + } return 0; - } - -@@ -285,15 +289,22 @@ DH * +@@ -284,15 +290,22 @@ DH * dh_new_group_asc(const char *gen, const char *modulus) { DH *dh; @@ -687,7 +439,7 @@ diff -up openssh-7.3p1/dh.c.openssl openssh-7.3p1/dh.c } /* -@@ -308,8 +319,7 @@ dh_new_group(BIGNUM *gen, BIGNUM *modulu +@@ -307,8 +320,7 @@ dh_new_group(BIGNUM *gen, BIGNUM *modulu if ((dh = DH_new()) == NULL) return NULL; @@ -697,9 +449,9 @@ diff -up openssh-7.3p1/dh.c.openssl openssh-7.3p1/dh.c return (dh); } -diff -up openssh-7.3p1/dh.h.openssl openssh-7.3p1/dh.h ---- openssh-7.3p1/dh.h.openssl 2016-10-27 14:28:16.602815295 +0200 -+++ openssh-7.3p1/dh.h 2016-10-27 14:28:16.616815262 +0200 +diff -up openssh-7.4p1/dh.h.openssl openssh-7.4p1/dh.h +--- openssh-7.4p1/dh.h.openssl 2016-12-23 17:47:36.418817747 +0100 ++++ openssh-7.4p1/dh.h 2016-12-23 17:47:36.431817752 +0100 @@ -42,7 +42,7 @@ DH *dh_new_group18(void); DH *dh_new_group_fallback(int); @@ -709,9 +461,9 @@ diff -up openssh-7.3p1/dh.h.openssl openssh-7.3p1/dh.h u_int dh_estimate(int); -diff -up openssh-7.3p1/digest-openssl.c.openssl openssh-7.3p1/digest-openssl.c ---- openssh-7.3p1/digest-openssl.c.openssl 2016-07-28 00:54:27.000000000 +0200 -+++ openssh-7.3p1/digest-openssl.c 2016-10-27 14:28:16.616815262 +0200 +diff -up openssh-7.4p1/digest-openssl.c.openssl openssh-7.4p1/digest-openssl.c +--- openssh-7.4p1/digest-openssl.c.openssl 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/digest-openssl.c 2016-12-23 17:47:36.431817752 +0100 @@ -43,7 +43,7 @@ struct ssh_digest_ctx { @@ -778,9 +530,9 @@ diff -up openssh-7.3p1/digest-openssl.c.openssl openssh-7.3p1/digest-openssl.c explicit_bzero(ctx, sizeof(*ctx)); free(ctx); } -diff -up openssh-7.3p1/entropy.c.openssl openssh-7.3p1/entropy.c ---- openssh-7.3p1/entropy.c.openssl 2016-10-27 14:28:16.603815293 +0200 -+++ openssh-7.3p1/entropy.c 2016-10-27 14:28:16.616815262 +0200 +diff -up openssh-7.4p1/entropy.c.openssl openssh-7.4p1/entropy.c +--- openssh-7.4p1/entropy.c.openssl 2016-12-23 17:47:36.419817747 +0100 ++++ openssh-7.4p1/entropy.c 2016-12-23 17:47:36.431817752 +0100 @@ -218,7 +218,9 @@ seed_rng(void) "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay()); @@ -791,10 +543,10 @@ diff -up openssh-7.3p1/entropy.c.openssl openssh-7.3p1/entropy.c #ifndef OPENSSL_PRNG_ONLY if (RAND_status() == 1) { -diff -up openssh-7.3p1/gss-genr.c.openssl openssh-7.3p1/gss-genr.c ---- openssh-7.3p1/gss-genr.c.openssl 2016-10-27 14:28:16.558815400 +0200 -+++ openssh-7.3p1/gss-genr.c 2016-10-27 14:28:16.617815259 +0200 -@@ -100,7 +100,7 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup +diff -up openssh-7.4p1/gss-genr.c.openssl openssh-7.4p1/gss-genr.c +--- openssh-7.4p1/gss-genr.c.openssl 2016-12-23 17:47:36.392817736 +0100 ++++ openssh-7.4p1/gss-genr.c 2016-12-23 17:47:36.431817752 +0100 +@@ -99,7 +99,7 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup u_char digest[EVP_MAX_MD_SIZE]; char deroid[2]; const EVP_MD *evp_md = EVP_md5(); @@ -803,7 +555,7 @@ diff -up openssh-7.3p1/gss-genr.c.openssl openssh-7.3p1/gss-genr.c char *s, *cp, *p; if (gss_enc2oid != NULL) { -@@ -114,6 +114,7 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup +@@ -113,6 +113,7 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup buffer_init(&buf); @@ -811,7 +563,7 @@ diff -up openssh-7.3p1/gss-genr.c.openssl openssh-7.3p1/gss-genr.c oidpos = 0; s = cp = xstrdup(kex); for (i = 0; i < gss_supported->count; i++) { -@@ -123,12 +124,13 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup +@@ -122,12 +123,13 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup deroid[0] = SSH_GSS_OIDTYPE; deroid[1] = gss_supported->elements[i].length; @@ -829,7 +581,7 @@ diff -up openssh-7.3p1/gss-genr.c.openssl openssh-7.3p1/gss-genr.c encoded = xmalloc(EVP_MD_size(evp_md) * 2); enclen = __b64_ntop(digest, EVP_MD_size(evp_md), -@@ -150,6 +152,7 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup +@@ -149,6 +151,7 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup } } free(s); @@ -837,9 +589,9 @@ diff -up openssh-7.3p1/gss-genr.c.openssl openssh-7.3p1/gss-genr.c gss_enc2oid[oidpos].oid = NULL; gss_enc2oid[oidpos].encoded = NULL; -diff -up openssh-7.3p1/includes.h.openssl openssh-7.3p1/includes.h ---- openssh-7.3p1/includes.h.openssl 2016-07-28 00:54:27.000000000 +0200 -+++ openssh-7.3p1/includes.h 2016-10-27 14:28:16.617815259 +0200 +diff -up openssh-7.4p1/includes.h.openssl openssh-7.4p1/includes.h +--- openssh-7.4p1/includes.h.openssl 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/includes.h 2016-12-23 17:47:36.431817752 +0100 @@ -163,6 +163,7 @@ #ifdef WITH_OPENSSL @@ -848,9 +600,9 @@ diff -up openssh-7.3p1/includes.h.openssl openssh-7.3p1/includes.h #endif #include "defines.h" -diff -up openssh-7.3p1/kexdhc.c.openssl openssh-7.3p1/kexdhc.c ---- openssh-7.3p1/kexdhc.c.openssl 2016-07-28 00:54:27.000000000 +0200 -+++ openssh-7.3p1/kexdhc.c 2016-10-27 14:28:16.617815259 +0200 +diff -up openssh-7.4p1/kexdhc.c.openssl openssh-7.4p1/kexdhc.c +--- openssh-7.4p1/kexdhc.c.openssl 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/kexdhc.c 2016-12-23 17:47:36.431817752 +0100 @@ -56,6 +56,7 @@ kexdh_client(struct ssh *ssh) { struct kex *kex = ssh->kex; @@ -916,9 +668,9 @@ diff -up openssh-7.3p1/kexdhc.c.openssl openssh-7.3p1/kexdhc.c dh_server_pub, shared_secret, hash, &hashlen)) != 0) -diff -up openssh-7.3p1/kexdhs.c.openssl openssh-7.3p1/kexdhs.c ---- openssh-7.3p1/kexdhs.c.openssl 2016-07-28 00:54:27.000000000 +0200 -+++ openssh-7.3p1/kexdhs.c 2016-10-27 14:28:16.617815259 +0200 +diff -up openssh-7.4p1/kexdhs.c.openssl openssh-7.4p1/kexdhs.c +--- openssh-7.4p1/kexdhs.c.openssl 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/kexdhs.c 2016-12-23 17:47:36.431817752 +0100 @@ -87,6 +87,10 @@ kexdh_server(struct ssh *ssh) ssh_dispatch_set(ssh, SSH2_MSG_KEXDH_INIT, &input_kex_dh_init); r = 0; @@ -964,9 +716,9 @@ diff -up openssh-7.3p1/kexdhs.c.openssl openssh-7.3p1/kexdhs.c (r = sshpkt_put_string(ssh, signature, slen)) != 0 || (r = sshpkt_send(ssh)) != 0) goto out; -diff -up openssh-7.3p1/kexgexc.c.openssl openssh-7.3p1/kexgexc.c ---- openssh-7.3p1/kexgexc.c.openssl 2016-10-27 14:28:16.603815293 +0200 -+++ openssh-7.3p1/kexgexc.c 2016-10-27 14:28:16.617815259 +0200 +diff -up openssh-7.4p1/kexgexc.c.openssl openssh-7.4p1/kexgexc.c +--- openssh-7.4p1/kexgexc.c.openssl 2016-12-23 17:47:36.419817747 +0100 ++++ openssh-7.4p1/kexgexc.c 2016-12-23 17:47:36.431817752 +0100 @@ -96,6 +96,7 @@ input_kex_dh_gex_group(int type, u_int32 struct kex *kex = ssh->kex; BIGNUM *p = NULL, *g = NULL; @@ -1042,9 +794,9 @@ diff -up openssh-7.3p1/kexgexc.c.openssl openssh-7.3p1/kexgexc.c dh_server_pub, shared_secret, hash, &hashlen)) != 0) -diff -up openssh-7.3p1/kexgexs.c.openssl openssh-7.3p1/kexgexs.c ---- openssh-7.3p1/kexgexs.c.openssl 2016-10-27 14:28:16.603815293 +0200 -+++ openssh-7.3p1/kexgexs.c 2016-10-27 14:28:16.618815257 +0200 +diff -up openssh-7.4p1/kexgexs.c.openssl openssh-7.4p1/kexgexs.c +--- openssh-7.4p1/kexgexs.c.openssl 2016-12-23 17:47:36.419817747 +0100 ++++ openssh-7.4p1/kexgexs.c 2016-12-23 17:47:36.432817753 +0100 @@ -73,6 +73,7 @@ input_kex_dh_gex_request(int type, u_int struct kex *kex = ssh->kex; int r; @@ -1115,9 +867,9 @@ diff -up openssh-7.3p1/kexgexs.c.openssl openssh-7.3p1/kexgexs.c (r = sshpkt_put_string(ssh, signature, slen)) != 0 || (r = sshpkt_send(ssh)) != 0) goto out; -diff -up openssh-7.3p1/kexgssc.c.openssl openssh-7.3p1/kexgssc.c ---- openssh-7.3p1/kexgssc.c.openssl 2016-10-27 14:28:16.512815510 +0200 -+++ openssh-7.3p1/kexgssc.c 2016-10-27 14:28:16.618815257 +0200 +diff -up openssh-7.4p1/kexgssc.c.openssl openssh-7.4p1/kexgssc.c +--- openssh-7.4p1/kexgssc.c.openssl 2016-12-23 17:47:36.349817718 +0100 ++++ openssh-7.4p1/kexgssc.c 2016-12-23 17:47:36.432817753 +0100 @@ -58,6 +58,7 @@ kexgss_client(struct ssh *ssh) { BIGNUM *shared_secret = NULL; BIGNUM *p = NULL; @@ -1170,9 +922,9 @@ diff -up openssh-7.3p1/kexgssc.c.openssl openssh-7.3p1/kexgssc.c dh_server_pub, shared_secret, hash, &hashlen -diff -up openssh-7.3p1/kexgsss.c.openssl openssh-7.3p1/kexgsss.c ---- openssh-7.3p1/kexgsss.c.openssl 2016-10-27 14:28:16.512815510 +0200 -+++ openssh-7.3p1/kexgsss.c 2016-10-27 14:28:16.618815257 +0200 +diff -up openssh-7.4p1/kexgsss.c.openssl openssh-7.4p1/kexgsss.c +--- openssh-7.4p1/kexgsss.c.openssl 2016-12-23 17:47:36.349817718 +0100 ++++ openssh-7.4p1/kexgsss.c 2016-12-23 17:47:36.432817753 +0100 @@ -77,6 +77,7 @@ kexgss_server(struct ssh *ssh) char *mechs; u_char hash[SSH_DIGEST_MAX_LENGTH]; @@ -1232,9 +984,9 @@ diff -up openssh-7.3p1/kexgsss.c.openssl openssh-7.3p1/kexgsss.c packet_put_string(msg_tok.value,msg_tok.length); if (send_tok.length != 0) { -diff -up openssh-7.3p1/libcrypto-compat.c.openssl openssh-7.3p1/libcrypto-compat.c ---- openssh-7.3p1/libcrypto-compat.c.openssl 2016-10-27 14:28:16.618815257 +0200 -+++ openssh-7.3p1/libcrypto-compat.c 2016-10-27 14:28:16.618815257 +0200 +diff -up openssh-7.4p1/libcrypto-compat.c.openssl openssh-7.4p1/libcrypto-compat.c +--- openssh-7.4p1/libcrypto-compat.c.openssl 2016-12-23 17:47:36.432817753 +0100 ++++ openssh-7.4p1/libcrypto-compat.c 2016-12-23 17:47:36.432817753 +0100 @@ -0,0 +1,546 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. @@ -1782,9 +1534,9 @@ diff -up openssh-7.3p1/libcrypto-compat.c.openssl openssh-7.3p1/libcrypto-compat +} + +#endif /* OPENSSL_VERSION_NUMBER */ -diff -up openssh-7.3p1/libcrypto-compat.h.openssl openssh-7.3p1/libcrypto-compat.h ---- openssh-7.3p1/libcrypto-compat.h.openssl 2016-10-27 14:28:16.618815257 +0200 -+++ openssh-7.3p1/libcrypto-compat.h 2016-10-27 14:28:16.618815257 +0200 +diff -up openssh-7.4p1/libcrypto-compat.h.openssl openssh-7.4p1/libcrypto-compat.h +--- openssh-7.4p1/libcrypto-compat.h.openssl 2016-12-23 17:47:36.432817753 +0100 ++++ openssh-7.4p1/libcrypto-compat.h 2016-12-23 17:47:36.432817753 +0100 @@ -0,0 +1,98 @@ +#ifndef LIBCRYPTO_COMPAT_H +#define LIBCRYPTO_COMPAT_H @@ -1884,9 +1636,9 @@ diff -up openssh-7.3p1/libcrypto-compat.h.openssl openssh-7.3p1/libcrypto-compat + +#endif /* LIBCRYPTO_COMPAT_H */ + -diff -up openssh-7.3p1/Makefile.in.openssl openssh-7.3p1/Makefile.in ---- openssh-7.3p1/Makefile.in.openssl 2016-10-27 14:28:16.604815290 +0200 -+++ openssh-7.3p1/Makefile.in 2016-10-27 14:28:16.619815255 +0200 +diff -up openssh-7.4p1/Makefile.in.openssl openssh-7.4p1/Makefile.in +--- openssh-7.4p1/Makefile.in.openssl 2016-12-23 17:47:36.420817748 +0100 ++++ openssh-7.4p1/Makefile.in 2016-12-23 17:47:36.432817753 +0100 @@ -100,7 +100,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \ @@ -1896,22 +1648,10 @@ diff -up openssh-7.3p1/Makefile.in.openssl openssh-7.3p1/Makefile.in SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ sshconnect.o sshconnect1.o sshconnect2.o mux.o -diff -up openssh-7.3p1/misc.h.openssl openssh-7.3p1/misc.h ---- openssh-7.3p1/misc.h.openssl 2016-07-28 00:54:27.000000000 +0200 -+++ openssh-7.3p1/misc.h 2016-10-27 14:28:16.619815255 +0200 -@@ -139,4 +139,8 @@ char *read_passphrase(const char *, int) - int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); - int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *); - -+#define MINIMUM(a, b) (((a) < (b)) ? (a) : (b)) -+#define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b)) -+#define ROUNDUP(x, y) ((((x)+((y)-1))/(y))*(y)) -+ - #endif /* _MISC_H */ -diff -up openssh-7.3p1/monitor.c.openssl openssh-7.3p1/monitor.c ---- openssh-7.3p1/monitor.c.openssl 2016-10-27 14:28:16.610815276 +0200 -+++ openssh-7.3p1/monitor.c 2016-10-27 14:28:16.619815255 +0200 -@@ -735,9 +735,12 @@ mm_answer_moduli(int sock, Buffer *m) +diff -up openssh-7.4p1/monitor.c.openssl openssh-7.4p1/monitor.c +--- openssh-7.4p1/monitor.c.openssl 2016-12-23 17:47:36.426817750 +0100 ++++ openssh-7.4p1/monitor.c 2016-12-23 17:47:36.433817753 +0100 +@@ -636,9 +636,12 @@ mm_answer_moduli(int sock, Buffer *m) return (0); } else { /* Send first bignum */ @@ -1926,10 +1666,10 @@ diff -up openssh-7.3p1/monitor.c.openssl openssh-7.3p1/monitor.c DH_free(dh); } -diff -up openssh-7.3p1/openbsd-compat/openssl-compat.c.openssl openssh-7.3p1/openbsd-compat/openssl-compat.c ---- openssh-7.3p1/openbsd-compat/openssl-compat.c.openssl 2016-07-28 00:54:27.000000000 +0200 -+++ openssh-7.3p1/openbsd-compat/openssl-compat.c 2016-10-27 14:28:16.619815255 +0200 -@@ -72,12 +72,19 @@ ssh_compatible_openssl(long headerver, l +diff -up openssh-7.4p1/openbsd-compat/openssl-compat.c.openssl openssh-7.4p1/openbsd-compat/openssl-compat.c +--- openssh-7.4p1/openbsd-compat/openssl-compat.c.openssl 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/openbsd-compat/openssl-compat.c 2016-12-23 17:47:36.433817753 +0100 +@@ -70,12 +70,19 @@ ssh_compatible_openssl(long headerver, l void ssh_OpenSSL_add_all_algorithms(void) { @@ -1949,9 +1689,9 @@ diff -up openssh-7.3p1/openbsd-compat/openssl-compat.c.openssl openssh-7.3p1/ope } #endif -diff -up openssh-7.3p1/pam_ssh_agent_auth-0.10.2/configure.ac.openssl openssh-7.3p1/pam_ssh_agent_auth-0.10.2/configure.ac ---- openssh-7.3p1/pam_ssh_agent_auth-0.10.2/configure.ac.openssl 2014-03-31 19:35:17.000000000 +0200 -+++ openssh-7.3p1/pam_ssh_agent_auth-0.10.2/configure.ac 2016-10-27 14:28:16.620815252 +0200 +diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.2/configure.ac.openssl openssh-7.4p1/pam_ssh_agent_auth-0.10.2/configure.ac +--- openssh-7.4p1/pam_ssh_agent_auth-0.10.2/configure.ac.openssl 2014-03-31 19:35:17.000000000 +0200 ++++ openssh-7.4p1/pam_ssh_agent_auth-0.10.2/configure.ac 2016-12-23 17:47:36.433817753 +0100 @@ -1829,6 +1829,7 @@ AC_RUN_IFELSE( [AC_LANG_SOURCE([[ #include @@ -1960,9 +1700,9 @@ diff -up openssh-7.3p1/pam_ssh_agent_auth-0.10.2/configure.ac.openssl openssh-7. int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); } ]])], [ -diff -up openssh-7.3p1/regress/unittests/sshkey/test_file.c.openssl openssh-7.3p1/regress/unittests/sshkey/test_file.c ---- openssh-7.3p1/regress/unittests/sshkey/test_file.c.openssl 2016-07-28 00:54:27.000000000 +0200 -+++ openssh-7.3p1/regress/unittests/sshkey/test_file.c 2016-10-27 14:28:16.620815252 +0200 +diff -up openssh-7.4p1/regress/unittests/sshkey/test_file.c.openssl openssh-7.4p1/regress/unittests/sshkey/test_file.c +--- openssh-7.4p1/regress/unittests/sshkey/test_file.c.openssl 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/regress/unittests/sshkey/test_file.c 2016-12-23 17:47:36.433817753 +0100 @@ -46,6 +46,7 @@ sshkey_file_tests(void) struct sshbuf *buf, *pw; BIGNUM *a, *b, *c; @@ -2011,9 +1751,9 @@ diff -up openssh-7.3p1/regress/unittests/sshkey/test_file.c.openssl openssh-7.3p BN_free(a); BN_free(b); BN_free(c); -diff -up openssh-7.3p1/regress/unittests/sshkey/test_sshkey.c.openssl openssh-7.3p1/regress/unittests/sshkey/test_sshkey.c ---- openssh-7.3p1/regress/unittests/sshkey/test_sshkey.c.openssl 2016-07-28 00:54:27.000000000 +0200 -+++ openssh-7.3p1/regress/unittests/sshkey/test_sshkey.c 2016-10-27 14:28:16.620815252 +0200 +diff -up openssh-7.4p1/regress/unittests/sshkey/test_sshkey.c.openssl openssh-7.4p1/regress/unittests/sshkey/test_sshkey.c +--- openssh-7.4p1/regress/unittests/sshkey/test_sshkey.c.openssl 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/regress/unittests/sshkey/test_sshkey.c 2016-12-23 17:47:36.433817753 +0100 @@ -197,9 +197,6 @@ sshkey_tests(void) k1 = sshkey_new(KEY_RSA1); ASSERT_PTR_NE(k1, NULL); @@ -2101,9 +1841,9 @@ diff -up openssh-7.3p1/regress/unittests/sshkey/test_sshkey.c.openssl openssh-7. TEST_DONE(); TEST_START("equal KEY_DSA/demoted KEY_DSA"); -diff -up openssh-7.3p1/rsa.c.openssl openssh-7.3p1/rsa.c ---- openssh-7.3p1/rsa.c.openssl 2016-07-28 00:54:27.000000000 +0200 -+++ openssh-7.3p1/rsa.c 2016-10-27 14:28:16.620815252 +0200 +diff -up openssh-7.4p1/rsa.c.openssl openssh-7.4p1/rsa.c +--- openssh-7.4p1/rsa.c.openssl 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/rsa.c 2016-12-23 17:47:36.434817754 +0100 @@ -76,11 +76,14 @@ rsa_public_encrypt(BIGNUM *out, BIGNUM * { u_char *inbuf = NULL, *outbuf = NULL; @@ -2186,9 +1926,9 @@ diff -up openssh-7.3p1/rsa.c.openssl openssh-7.3p1/rsa.c BN_CTX_free(ctx); return r; } -diff -up openssh-7.3p1/rsa.h.openssl openssh-7.3p1/rsa.h ---- openssh-7.3p1/rsa.h.openssl 2016-07-28 00:54:27.000000000 +0200 -+++ openssh-7.3p1/rsa.h 2016-10-27 14:28:16.620815252 +0200 +diff -up openssh-7.4p1/rsa.h.openssl openssh-7.4p1/rsa.h +--- openssh-7.4p1/rsa.h.openssl 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/rsa.h 2016-12-23 17:47:36.434817754 +0100 @@ -21,6 +21,6 @@ int rsa_public_encrypt(BIGNUM *, BIGNUM *, RSA *); @@ -2197,10 +1937,10 @@ diff -up openssh-7.3p1/rsa.h.openssl openssh-7.3p1/rsa.h +int rsa_generate_additional_parameters(RSA *, BIGNUM *); #endif /* RSA_H */ -diff -up openssh-7.3p1/ssh-agent.c.openssl openssh-7.3p1/ssh-agent.c ---- openssh-7.3p1/ssh-agent.c.openssl 2016-10-27 14:28:16.612815271 +0200 -+++ openssh-7.3p1/ssh-agent.c 2016-10-27 14:28:16.621815250 +0200 -@@ -251,12 +251,12 @@ process_request_identities(SocketEntry * +diff -up openssh-7.4p1/ssh-agent.c.openssl openssh-7.4p1/ssh-agent.c +--- openssh-7.4p1/ssh-agent.c.openssl 2016-12-23 17:47:36.428817751 +0100 ++++ openssh-7.4p1/ssh-agent.c 2016-12-23 17:47:36.434817754 +0100 +@@ -258,12 +258,12 @@ process_request_identities(SocketEntry * TAILQ_FOREACH(id, &tab->idlist, next) { if (id->key->type == KEY_RSA1) { #ifdef WITH_SSH1 @@ -2218,7 +1958,7 @@ diff -up openssh-7.3p1/ssh-agent.c.openssl openssh-7.3p1/ssh-agent.c fatal("%s: buffer error: %s", __func__, ssh_err(r)); #endif -@@ -295,6 +295,7 @@ process_authentication_challenge1(Socket +@@ -302,6 +302,7 @@ process_authentication_challenge1(Socket struct sshbuf *msg; struct ssh_digest_ctx *md; struct sshkey *key; @@ -2226,7 +1966,7 @@ diff -up openssh-7.3p1/ssh-agent.c.openssl openssh-7.3p1/ssh-agent.c if ((msg = sshbuf_new()) == NULL) fatal("%s: sshbuf_new failed", __func__); -@@ -303,11 +304,16 @@ process_authentication_challenge1(Socket +@@ -310,11 +311,16 @@ process_authentication_challenge1(Socket if ((challenge = BN_new()) == NULL) fatal("%s: BN_new failed", __func__); @@ -2247,7 +1987,7 @@ diff -up openssh-7.3p1/ssh-agent.c.openssl openssh-7.3p1/ssh-agent.c /* Only protocol 1.1 is supported */ if (sshbuf_len(e->request) == 0) -@@ -443,6 +449,7 @@ process_remove_identity(SocketEntry *e, +@@ -450,6 +456,7 @@ process_remove_identity(SocketEntry *e, u_char *blob; #ifdef WITH_SSH1 u_int bits; @@ -2255,7 +1995,7 @@ diff -up openssh-7.3p1/ssh-agent.c.openssl openssh-7.3p1/ssh-agent.c #endif /* WITH_SSH1 */ switch (version) { -@@ -452,10 +459,15 @@ process_remove_identity(SocketEntry *e, +@@ -459,10 +466,15 @@ process_remove_identity(SocketEntry *e, error("%s: sshkey_new failed", __func__); return; } @@ -2274,7 +2014,7 @@ diff -up openssh-7.3p1/ssh-agent.c.openssl openssh-7.3p1/ssh-agent.c if (bits != sshkey_size(key)) logit("Warning: identity keysize mismatch: " -@@ -558,23 +570,38 @@ agent_decode_rsa1(struct sshbuf *m, stru +@@ -565,23 +577,38 @@ agent_decode_rsa1(struct sshbuf *m, stru { struct sshkey *k = NULL; int r = SSH_ERR_INTERNAL_ERROR; @@ -2321,9 +2061,9 @@ diff -up openssh-7.3p1/ssh-agent.c.openssl openssh-7.3p1/ssh-agent.c goto out; /* enable blinding */ if (RSA_blinding_on(k->rsa, NULL) != 1) { -diff -up openssh-7.3p1/sshconnect1.c.openssl openssh-7.3p1/sshconnect1.c ---- openssh-7.3p1/sshconnect1.c.openssl 2016-07-28 00:54:27.000000000 +0200 -+++ openssh-7.3p1/sshconnect1.c 2016-10-27 16:20:55.388110063 +0200 +diff -up openssh-7.4p1/sshconnect1.c.openssl openssh-7.4p1/sshconnect1.c +--- openssh-7.4p1/sshconnect1.c.openssl 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/sshconnect1.c 2016-12-23 17:47:36.434817754 +0100 @@ -70,6 +70,7 @@ try_agent_authentication(void) u_char response[16]; size_t i; @@ -2392,7 +2132,7 @@ diff -up openssh-7.3p1/sshconnect1.c.openssl openssh-7.3p1/sshconnect1.c Key *host_key, *server_key; int bits, rbits; int ssh_cipher_default = SSH_CIPHER_3DES; -@@ -523,10 +531,14 @@ ssh_kex(char *host, struct sockaddr *hos +@@ -522,10 +530,14 @@ ssh_kex(char *host, struct sockaddr *hos /* Get the public key. */ server_key = key_new(KEY_RSA1); bits = packet_get_int(); @@ -2410,7 +2150,7 @@ diff -up openssh-7.3p1/sshconnect1.c.openssl openssh-7.3p1/sshconnect1.c if (bits != rbits) { logit("Warning: Server lies about size of server public key: " "actual size is %d bits vs. announced %d.", rbits, bits); -@@ -535,10 +547,14 @@ ssh_kex(char *host, struct sockaddr *hos +@@ -534,10 +546,14 @@ ssh_kex(char *host, struct sockaddr *hos /* Get the host key. */ host_key = key_new(KEY_RSA1); bits = packet_get_int(); @@ -2428,7 +2168,7 @@ diff -up openssh-7.3p1/sshconnect1.c.openssl openssh-7.3p1/sshconnect1.c if (bits != rbits) { logit("Warning: Server lies about size of server host key: " "actual size is %d bits vs. announced %d.", rbits, bits); -@@ -554,14 +570,14 @@ ssh_kex(char *host, struct sockaddr *hos +@@ -553,14 +569,14 @@ ssh_kex(char *host, struct sockaddr *hos packet_check_eom(); debug("Received server public key (%d bits) and host key (%d bits).", @@ -2445,7 +2185,7 @@ diff -up openssh-7.3p1/sshconnect1.c.openssl openssh-7.3p1/sshconnect1.c /* * Generate an encryption key for the session. The key is a 256 bit -@@ -601,14 +617,14 @@ ssh_kex(char *host, struct sockaddr *hos +@@ -595,14 +611,14 @@ ssh_kex(char *host, struct sockaddr *hos * Encrypt the integer using the public key and host key of the * server (key with smaller modulus first). */ @@ -2465,7 +2205,7 @@ diff -up openssh-7.3p1/sshconnect1.c.openssl openssh-7.3p1/sshconnect1.c SSH_KEY_BITS_RESERVED); } if (rsa_public_encrypt(key, key, server_key->rsa) != 0 || -@@ -616,12 +632,12 @@ ssh_kex(char *host, struct sockaddr *hos +@@ -610,12 +626,12 @@ ssh_kex(char *host, struct sockaddr *hos fatal("%s: rsa_public_encrypt failed", __func__); } else { /* Host key has smaller modulus (or they are equal). */ @@ -2482,9 +2222,9 @@ diff -up openssh-7.3p1/sshconnect1.c.openssl openssh-7.3p1/sshconnect1.c SSH_KEY_BITS_RESERVED); } if (rsa_public_encrypt(key, key, host_key->rsa) != 0 || -diff -up openssh-7.3p1/sshconnect2.c.openssl openssh-7.3p1/sshconnect2.c ---- openssh-7.3p1/sshconnect2.c.openssl 2016-10-27 14:28:16.606815286 +0200 -+++ openssh-7.3p1/sshconnect2.c 2016-10-27 14:28:16.621815250 +0200 +diff -up openssh-7.4p1/sshconnect2.c.openssl openssh-7.4p1/sshconnect2.c +--- openssh-7.4p1/sshconnect2.c.openssl 2016-12-23 17:47:36.423817749 +0100 ++++ openssh-7.4p1/sshconnect2.c 2016-12-23 17:47:36.434817754 +0100 @@ -299,6 +299,7 @@ ssh_kex2(char *host, struct sockaddr *ho packet_send(); packet_write_wait(); @@ -2493,10 +2233,10 @@ diff -up openssh-7.3p1/sshconnect2.c.openssl openssh-7.3p1/sshconnect2.c } /* -diff -up openssh-7.3p1/sshconnect.c.openssl openssh-7.3p1/sshconnect.c ---- openssh-7.3p1/sshconnect.c.openssl 2016-10-27 14:28:16.571815369 +0200 -+++ openssh-7.3p1/sshconnect.c 2016-10-27 14:28:16.622815247 +0200 -@@ -1370,6 +1370,7 @@ ssh_login(Sensitive *sensitive, const ch +diff -up openssh-7.4p1/sshconnect.c.openssl openssh-7.4p1/sshconnect.c +--- openssh-7.4p1/sshconnect.c.openssl 2016-12-23 17:47:36.397817738 +0100 ++++ openssh-7.4p1/sshconnect.c 2016-12-23 17:47:36.435817754 +0100 +@@ -1369,6 +1369,7 @@ ssh_login(Sensitive *sensitive, const ch char *server_user, *local_user; local_user = xstrdup(pw->pw_name); @@ -2504,10 +2244,10 @@ diff -up openssh-7.3p1/sshconnect.c.openssl openssh-7.3p1/sshconnect.c server_user = options.user ? options.user : local_user; /* Convert the user-supplied hostname into all lowercase. */ -diff -up openssh-7.3p1/ssh.c.openssl openssh-7.3p1/ssh.c ---- openssh-7.3p1/ssh.c.openssl 2016-10-27 14:28:16.606815286 +0200 -+++ openssh-7.3p1/ssh.c 2016-10-27 14:28:16.622815247 +0200 -@@ -535,7 +535,9 @@ main(int ac, char **av) +diff -up openssh-7.4p1/ssh.c.openssl openssh-7.4p1/ssh.c +--- openssh-7.4p1/ssh.c.openssl 2016-12-23 17:47:36.422817748 +0100 ++++ openssh-7.4p1/ssh.c 2016-12-23 17:47:36.435817754 +0100 +@@ -532,7 +532,9 @@ main(int ac, char **av) sanitise_stdfd(); __progname = ssh_get_progname(av[0]); @@ -2525,84 +2265,10 @@ diff -up openssh-7.3p1/ssh.c.openssl openssh-7.3p1/ssh.c if (config_test) { dump_client_config(&options, host); -diff -up openssh-7.3p1/sshd.c.openssl openssh-7.3p1/sshd.c ---- openssh-7.3p1/sshd.c.openssl 2016-10-27 14:28:16.613815269 +0200 -+++ openssh-7.3p1/sshd.c 2016-10-27 14:51:24.038759046 +0200 -@@ -1141,19 +1141,17 @@ send_rexec_state(int fd, struct sshbuf * - #ifdef WITH_SSH1 - if (sensitive_data.server_key != NULL && - sensitive_data.server_key->type == KEY_RSA1) { -+ const BIGNUM *e, *n, *d, *iqmp, *p, *q; -+ RSA_get0_key(sensitive_data.server_key->rsa, &n, &e, &d); -+ RSA_get0_factors(sensitive_data.server_key->rsa, &p, &q); -+ RSA_get0_crt_params(sensitive_data.server_key->rsa, NULL, NULL, &iqmp); - if ((r = sshbuf_put_u32(m, 1)) != 0 || -- (r = sshbuf_put_bignum1(m, -- sensitive_data.server_key->rsa->e)) != 0 || -- (r = sshbuf_put_bignum1(m, -- sensitive_data.server_key->rsa->n)) != 0 || -- (r = sshbuf_put_bignum1(m, -- sensitive_data.server_key->rsa->d)) != 0 || -- (r = sshbuf_put_bignum1(m, -- sensitive_data.server_key->rsa->iqmp)) != 0 || -- (r = sshbuf_put_bignum1(m, -- sensitive_data.server_key->rsa->p)) != 0 || -- (r = sshbuf_put_bignum1(m, -- sensitive_data.server_key->rsa->q)) != 0) -+ (r = sshbuf_put_bignum1(m, e)) != 0 || -+ (r = sshbuf_put_bignum1(m, n)) != 0 || -+ (r = sshbuf_put_bignum1(m, d)) != 0 || -+ (r = sshbuf_put_bignum1(m, iqmp)) != 0 || -+ (r = sshbuf_put_bignum1(m, p)) != 0 || -+ (r = sshbuf_put_bignum1(m, q)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - } else - #endif -@@ -1195,17 +1193,25 @@ recv_rexec_state(int fd, Buffer *conf) - - if (buffer_get_int(&m)) { - #ifdef WITH_SSH1 -+ BIGNUM *e = NULL, *n = NULL, *d = NULL, *iqmp = NULL, -+ *p = NULL, *q = NULL; - if (sensitive_data.server_key != NULL) - key_free(sensitive_data.server_key); -+ if ((e = BN_new()) == NULL || (n = BN_new()) == NULL || -+ (d = BN_new()) == NULL || (iqmp = BN_new()) == NULL || -+ (p = BN_new()) == NULL || (q = BN_new()) == NULL) -+ fatal("BN_new() failed"); - sensitive_data.server_key = key_new_private(KEY_RSA1); -- buffer_get_bignum(&m, sensitive_data.server_key->rsa->e); -- buffer_get_bignum(&m, sensitive_data.server_key->rsa->n); -- buffer_get_bignum(&m, sensitive_data.server_key->rsa->d); -- buffer_get_bignum(&m, sensitive_data.server_key->rsa->iqmp); -- buffer_get_bignum(&m, sensitive_data.server_key->rsa->p); -- buffer_get_bignum(&m, sensitive_data.server_key->rsa->q); -+ buffer_get_bignum(&m, e); -+ buffer_get_bignum(&m, n); -+ buffer_get_bignum(&m, d); -+ buffer_get_bignum(&m, iqmp); -+ buffer_get_bignum(&m, p); -+ buffer_get_bignum(&m, q); -+ RSA_set0_key(sensitive_data.server_key->rsa, n, e, d); -+ RSA_set0_factors(sensitive_data.server_key->rsa, p, q); - if (rsa_generate_additional_parameters( -- sensitive_data.server_key->rsa) != 0) -+ sensitive_data.server_key->rsa, iqmp) != 0) - fatal("%s: rsa_generate_additional_parameters " - "error", __func__); - #endif -@@ -1576,8 +1584,9 @@ check_ip_options(struct ssh *ssh) - #ifdef IP_OPTIONS - int sock_in = ssh_packet_get_connection_in(ssh); - struct sockaddr_storage from; -- socklen_t option_size, i, fromlen = sizeof(from); -+ socklen_t i, fromlen = sizeof(from); - u_char opts[200]; -+ socklen_t option_size = sizeof(opts); - char text[sizeof(opts) * 3 + 1]; - - memset(&from, 0, sizeof(from)); -@@ -1649,7 +1658,7 @@ main(int ac, char **av) +diff -up openssh-7.4p1/sshd.c.openssl openssh-7.4p1/sshd.c +--- openssh-7.4p1/sshd.c.openssl 2016-12-23 17:47:36.428817751 +0100 ++++ openssh-7.4p1/sshd.c 2016-12-23 17:47:36.435817754 +0100 +@@ -1483,7 +1483,7 @@ main(int ac, char **av) #endif __progname = ssh_get_progname(av[0]); @@ -2611,142 +2277,9 @@ diff -up openssh-7.3p1/sshd.c.openssl openssh-7.3p1/sshd.c if (access("/etc/system-fips", F_OK) == 0) if (! FIPSCHECK_verify(NULL, NULL)) { openlog(__progname, LOG_PID, LOG_AUTHPRIV); -@@ -2082,6 +2091,7 @@ main(int ac, char **av) - #ifdef WITH_SSH1 - /* Check certain values for sanity. */ - if (options.protocol & SSH_PROTO_1) { -+ const BIGNUM *n; - if (options.server_key_bits < SSH_RSA_MINIMUM_MODULUS_SIZE || - options.server_key_bits > OPENSSL_RSA_MAX_MODULUS_BITS) { - fprintf(stderr, "Bad server key size.\n"); -@@ -2092,13 +2102,13 @@ main(int ac, char **av) - * is necessary to make double encryption work with rsaref. Oh, I - * hate software patents. I dont know if this can go? Niels - */ -+ RSA_get0_key(sensitive_data.ssh1_host_key->rsa, &n, NULL, NULL); - if (options.server_key_bits > -- BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) - -- SSH_KEY_BITS_RESERVED && options.server_key_bits < -- BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + -- SSH_KEY_BITS_RESERVED) { -+ BN_num_bits(n) - SSH_KEY_BITS_RESERVED && -+ options.server_key_bits < -+ BN_num_bits(n) + SSH_KEY_BITS_RESERVED) { - options.server_key_bits = -- BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + -+ BN_num_bits(n) + - SSH_KEY_BITS_RESERVED; - debug("Forcing server key to %d bits to make it differ from host key.", - options.server_key_bits); -@@ -2521,18 +2531,18 @@ ssh1_session_key(BIGNUM *session_key_int - { - struct ssh *ssh = active_state; /* XXX */ - int rsafail = 0; -+ const BIGNUM *s_n, *h_n; - -- if (BN_cmp(sensitive_data.server_key->rsa->n, -- sensitive_data.ssh1_host_key->rsa->n) > 0) { -+ RSA_get0_key(sensitive_data.server_key->rsa, &s_n, NULL, NULL); -+ RSA_get0_key(sensitive_data.ssh1_host_key->rsa, &h_n, NULL, NULL); -+ if (BN_cmp(s_n, h_n) > 0) { - /* Server key has bigger modulus. */ -- if (BN_num_bits(sensitive_data.server_key->rsa->n) < -- BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + -- SSH_KEY_BITS_RESERVED) { -+ if (BN_num_bits(s_n) < -+ BN_num_bits(h_n) + SSH_KEY_BITS_RESERVED) { - fatal("do_connection: %s port %d: " - "server_key %d < host_key %d + SSH_KEY_BITS_RESERVED %d", - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), -- BN_num_bits(sensitive_data.server_key->rsa->n), -- BN_num_bits(sensitive_data.ssh1_host_key->rsa->n), -+ BN_num_bits(s_n), BN_num_bits(h_n), - SSH_KEY_BITS_RESERVED); - } - if (rsa_private_decrypt(session_key_int, session_key_int, -@@ -2543,14 +2553,14 @@ ssh1_session_key(BIGNUM *session_key_int - rsafail++; - } else { - /* Host key has bigger modulus (or they are equal). */ -- if (BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) < -- BN_num_bits(sensitive_data.server_key->rsa->n) + -+ if (BN_num_bits(h_n) < -+ BN_num_bits(s_n) + - SSH_KEY_BITS_RESERVED) { - fatal("do_connection: %s port %d: " - "host_key %d < server_key %d + SSH_KEY_BITS_RESERVED %d", - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), -- BN_num_bits(sensitive_data.ssh1_host_key->rsa->n), -- BN_num_bits(sensitive_data.server_key->rsa->n), -+ BN_num_bits(h_n), -+ BN_num_bits(s_n), - SSH_KEY_BITS_RESERVED); - } - if (rsa_private_decrypt(session_key_int, session_key_int, -@@ -2578,6 +2588,7 @@ do_ssh1_kex(void) - size_t fake_key_len; - u_char cookie[8]; - u_int cipher_type, auth_mask, protocol_flags; -+ const BIGNUM *n, *e; - - /* - * Generate check bytes that the client must send back in the user -@@ -2600,14 +2611,16 @@ do_ssh1_kex(void) - packet_put_char(cookie[i]); - - /* Store our public server RSA key. */ -- packet_put_int(BN_num_bits(sensitive_data.server_key->rsa->n)); -- packet_put_bignum(sensitive_data.server_key->rsa->e); -- packet_put_bignum(sensitive_data.server_key->rsa->n); -+ RSA_get0_key(sensitive_data.server_key->rsa, &n, &e, NULL); -+ packet_put_int(BN_num_bits(n)); -+ packet_put_bignum((BIGNUM *)e); -+ packet_put_bignum((BIGNUM *)n); - - /* Store our public host RSA key. */ -- packet_put_int(BN_num_bits(sensitive_data.ssh1_host_key->rsa->n)); -- packet_put_bignum(sensitive_data.ssh1_host_key->rsa->e); -- packet_put_bignum(sensitive_data.ssh1_host_key->rsa->n); -+ RSA_get0_key(sensitive_data.ssh1_host_key->rsa, &n, &e, NULL); -+ packet_put_int(BN_num_bits(n)); -+ packet_put_bignum((BIGNUM *)e); -+ packet_put_bignum((BIGNUM *)n); - - /* Put protocol flags. */ - packet_put_int(SSH_PROTOFLAG_HOST_IN_FWD_OPEN); -@@ -2632,8 +2645,8 @@ do_ssh1_kex(void) - packet_write_wait(); - - debug("Sent %d bit server key and %d bit host key.", -- BN_num_bits(sensitive_data.server_key->rsa->n), -- BN_num_bits(sensitive_data.ssh1_host_key->rsa->n)); -+ RSA_bits(sensitive_data.server_key->rsa), -+ RSA_bits(sensitive_data.ssh1_host_key->rsa)); - - /* Read clients reply (cipher type and session key). */ - packet_read_expect(SSH_CMSG_SESSION_KEY); -@@ -2697,14 +2710,14 @@ do_ssh1_kex(void) - len, (u_long)sizeof(session_key)); - rsafail++; - } else { -+ const BIGNUM *h_n, *s_n; - explicit_bzero(session_key, sizeof(session_key)); - BN_bn2bin(session_key_int, - session_key + sizeof(session_key) - len); - -- derive_ssh1_session_id( -- sensitive_data.ssh1_host_key->rsa->n, -- sensitive_data.server_key->rsa->n, -- cookie, session_id); -+ RSA_get0_key(sensitive_data.ssh1_host_key->rsa, &h_n, NULL, NULL); -+ RSA_get0_key(sensitive_data.server_key->rsa, &s_n, NULL, NULL); -+ derive_ssh1_session_id((BIGNUM *)h_n, (BIGNUM *)s_n, cookie, session_id); - /* - * Xor the first 16 bytes of the session key with the - * session id. -diff -up openssh-7.3p1/ssh-dss.c.openssl openssh-7.3p1/ssh-dss.c ---- openssh-7.3p1/ssh-dss.c.openssl 2016-07-28 00:54:27.000000000 +0200 -+++ openssh-7.3p1/ssh-dss.c 2016-10-27 14:28:16.623815245 +0200 +diff -up openssh-7.4p1/ssh-dss.c.openssl openssh-7.4p1/ssh-dss.c +--- openssh-7.4p1/ssh-dss.c.openssl 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/ssh-dss.c 2016-12-23 17:47:36.435817754 +0100 @@ -55,6 +55,7 @@ ssh_dss_sign(const struct sshkey *key, u size_t rlen, slen, len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1); struct sshbuf *b = NULL; @@ -2820,9 +2353,9 @@ diff -up openssh-7.3p1/ssh-dss.c.openssl openssh-7.3p1/ssh-dss.c sshbuf_free(b); free(ktype); if (sigblob != NULL) { -diff -up openssh-7.3p1/ssh-ecdsa.c.openssl openssh-7.3p1/ssh-ecdsa.c ---- openssh-7.3p1/ssh-ecdsa.c.openssl 2016-07-28 00:54:27.000000000 +0200 -+++ openssh-7.3p1/ssh-ecdsa.c 2016-10-27 14:28:16.623815245 +0200 +diff -up openssh-7.4p1/ssh-ecdsa.c.openssl openssh-7.4p1/ssh-ecdsa.c +--- openssh-7.4p1/ssh-ecdsa.c.openssl 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/ssh-ecdsa.c 2016-12-23 17:47:36.436817754 +0100 @@ -54,6 +54,7 @@ ssh_ecdsa_sign(const struct sshkey *key, size_t len, dlen; struct sshbuf *b = NULL, *bb = NULL; @@ -2890,10 +2423,10 @@ diff -up openssh-7.3p1/ssh-ecdsa.c.openssl openssh-7.3p1/ssh-ecdsa.c free(ktype); return ret; } -diff -up openssh-7.3p1/sshkey.c.openssl openssh-7.3p1/sshkey.c ---- openssh-7.3p1/sshkey.c.openssl 2016-10-27 14:28:16.607815283 +0200 -+++ openssh-7.3p1/sshkey.c 2016-10-27 14:28:16.624815243 +0200 -@@ -276,10 +276,10 @@ sshkey_size(const struct sshkey *k) +diff -up openssh-7.4p1/sshkey.c.openssl openssh-7.4p1/sshkey.c +--- openssh-7.4p1/sshkey.c.openssl 2016-12-23 17:47:36.424817749 +0100 ++++ openssh-7.4p1/sshkey.c 2016-12-23 17:47:56.652826110 +0100 +@@ -275,10 +275,10 @@ sshkey_size(const struct sshkey *k) case KEY_RSA1: case KEY_RSA: case KEY_RSA_CERT: @@ -2906,7 +2439,7 @@ diff -up openssh-7.3p1/sshkey.c.openssl openssh-7.3p1/sshkey.c case KEY_ECDSA: case KEY_ECDSA_CERT: return sshkey_curve_nid_to_bits(k->ecdsa_nid); -@@ -312,11 +312,17 @@ sshkey_is_private(const struct sshkey *k +@@ -311,11 +311,17 @@ sshkey_is_private(const struct sshkey *k #ifdef WITH_OPENSSL case KEY_RSA_CERT: case KEY_RSA1: @@ -2928,7 +2461,7 @@ diff -up openssh-7.3p1/sshkey.c.openssl openssh-7.3p1/sshkey.c #ifdef OPENSSL_HAS_ECC case KEY_ECDSA_CERT: case KEY_ECDSA: -@@ -506,11 +512,7 @@ sshkey_new(int type) +@@ -505,11 +511,7 @@ sshkey_new(int type) case KEY_RSA1: case KEY_RSA: case KEY_RSA_CERT: @@ -2941,7 +2474,7 @@ diff -up openssh-7.3p1/sshkey.c.openssl openssh-7.3p1/sshkey.c free(k); return NULL; } -@@ -518,13 +520,7 @@ sshkey_new(int type) +@@ -517,13 +519,7 @@ sshkey_new(int type) break; case KEY_DSA: case KEY_DSA_CERT: @@ -2956,7 +2489,7 @@ diff -up openssh-7.3p1/sshkey.c.openssl openssh-7.3p1/sshkey.c free(k); return NULL; } -@@ -565,21 +561,10 @@ sshkey_add_private(struct sshkey *k) +@@ -563,21 +559,10 @@ sshkey_add_private(struct sshkey *k) case KEY_RSA1: case KEY_RSA: case KEY_RSA_CERT: @@ -2978,7 +2511,7 @@ diff -up openssh-7.3p1/sshkey.c.openssl openssh-7.3p1/sshkey.c case KEY_ECDSA: case KEY_ECDSA_CERT: /* Cannot do anything until we know the group */ -@@ -698,17 +683,31 @@ sshkey_equal_public(const struct sshkey +@@ -696,17 +681,31 @@ sshkey_equal_public(const struct sshkey #ifdef WITH_OPENSSL case KEY_RSA1: case KEY_RSA_CERT: @@ -3020,7 +2553,7 @@ diff -up openssh-7.3p1/sshkey.c.openssl openssh-7.3p1/sshkey.c # ifdef OPENSSL_HAS_ECC case KEY_ECDSA_CERT: case KEY_ECDSA: -@@ -783,15 +782,21 @@ to_blob_buf(const struct sshkey *key, st +@@ -781,15 +780,21 @@ to_blob_buf(const struct sshkey *key, st return ret; break; #ifdef WITH_OPENSSL @@ -3051,7 +2584,7 @@ diff -up openssh-7.3p1/sshkey.c.openssl openssh-7.3p1/sshkey.c break; # ifdef OPENSSL_HAS_ECC case KEY_ECDSA: -@@ -804,13 +809,18 @@ to_blob_buf(const struct sshkey *key, st +@@ -802,13 +807,18 @@ to_blob_buf(const struct sshkey *key, st return ret; break; # endif @@ -3077,7 +2610,7 @@ diff -up openssh-7.3p1/sshkey.c.openssl openssh-7.3p1/sshkey.c break; #endif /* WITH_OPENSSL */ case KEY_ED25519: -@@ -916,8 +926,13 @@ sshkey_fingerprint_raw(const struct sshk +@@ -914,8 +924,13 @@ sshkey_fingerprint_raw(const struct sshk if (k->type == KEY_RSA1) { #ifdef WITH_OPENSSL @@ -3091,9 +2624,9 @@ diff -up openssh-7.3p1/sshkey.c.openssl openssh-7.3p1/sshkey.c + nlen = BN_num_bytes(n); + elen = BN_num_bytes(e); - blob_len = nlen + elen; - if (nlen >= INT_MAX - elen || -@@ -925,8 +940,8 @@ sshkey_fingerprint_raw(const struct sshk + if (nlen < 0 || elen < 0 || nlen >= INT_MAX - elen) { + r = SSH_ERR_INVALID_FORMAT; +@@ -926,8 +941,8 @@ sshkey_fingerprint_raw(const struct sshk r = SSH_ERR_ALLOC_FAIL; goto out; } @@ -3104,7 +2637,7 @@ diff -up openssh-7.3p1/sshkey.c.openssl openssh-7.3p1/sshkey.c #endif /* WITH_OPENSSL */ } else if ((r = to_blob(k, &blob, &blob_len, 1)) != 0) goto out; -@@ -1289,6 +1304,7 @@ sshkey_read(struct sshkey *ret, char **c +@@ -1290,6 +1305,7 @@ sshkey_read(struct sshkey *ret, char **c struct sshbuf *blob; #ifdef WITH_SSH1 u_long bits; @@ -3112,7 +2645,7 @@ diff -up openssh-7.3p1/sshkey.c.openssl openssh-7.3p1/sshkey.c #endif /* WITH_SSH1 */ cp = *cpp; -@@ -1302,12 +1318,21 @@ sshkey_read(struct sshkey *ret, char **c +@@ -1303,12 +1319,21 @@ sshkey_read(struct sshkey *ret, char **c bits == 0 || bits > SSHBUF_MAX_BIGNUM * 8) return SSH_ERR_INVALID_FORMAT; /* Bad bit count... */ /* Get public exponent, public modulus. */ @@ -3137,7 +2670,7 @@ diff -up openssh-7.3p1/sshkey.c.openssl openssh-7.3p1/sshkey.c return SSH_ERR_KEY_BITS_MISMATCH; *cpp = ep; retval = 0; -@@ -1472,19 +1497,20 @@ sshkey_format_rsa1(const struct sshkey * +@@ -1473,19 +1498,20 @@ sshkey_format_rsa1(const struct sshkey * #ifdef WITH_SSH1 u_int bits = 0; char *dec_e = NULL, *dec_n = NULL; @@ -3163,7 +2696,7 @@ diff -up openssh-7.3p1/sshkey.c.openssl openssh-7.3p1/sshkey.c r = SSH_ERR_INVALID_ARGUMENT; goto out; } -@@ -1818,15 +1844,32 @@ sshkey_from_private(const struct sshkey +@@ -1819,15 +1845,32 @@ sshkey_from_private(const struct sshkey switch (k->type) { #ifdef WITH_OPENSSL case KEY_DSA: @@ -3205,7 +2738,7 @@ diff -up openssh-7.3p1/sshkey.c.openssl openssh-7.3p1/sshkey.c } break; # ifdef OPENSSL_HAS_ECC -@@ -1849,13 +1892,22 @@ sshkey_from_private(const struct sshkey +@@ -1850,13 +1893,22 @@ sshkey_from_private(const struct sshkey # endif /* OPENSSL_HAS_ECC */ case KEY_RSA: case KEY_RSA1: @@ -3235,7 +2768,7 @@ diff -up openssh-7.3p1/sshkey.c.openssl openssh-7.3p1/sshkey.c } break; #endif /* WITH_OPENSSL */ -@@ -2053,10 +2105,20 @@ sshkey_from_blob_internal(struct sshbuf +@@ -2054,10 +2106,20 @@ sshkey_from_blob_internal(struct sshbuf ret = SSH_ERR_ALLOC_FAIL; goto out; } @@ -3260,7 +2793,7 @@ diff -up openssh-7.3p1/sshkey.c.openssl openssh-7.3p1/sshkey.c } #ifdef DEBUG_PK RSA_print_fp(stderr, key->rsa, 8); -@@ -2074,12 +2136,34 @@ sshkey_from_blob_internal(struct sshbuf +@@ -2075,12 +2137,34 @@ sshkey_from_blob_internal(struct sshbuf ret = SSH_ERR_ALLOC_FAIL; goto out; } @@ -3301,7 +2834,7 @@ diff -up openssh-7.3p1/sshkey.c.openssl openssh-7.3p1/sshkey.c } #ifdef DEBUG_PK DSA_print_fp(stderr, key->dsa, 8); -@@ -2319,26 +2403,53 @@ sshkey_demote(const struct sshkey *k, st +@@ -2320,26 +2404,53 @@ sshkey_demote(const struct sshkey *k, st goto fail; /* FALLTHROUGH */ case KEY_RSA1: @@ -3369,7 +2902,7 @@ diff -up openssh-7.3p1/sshkey.c.openssl openssh-7.3p1/sshkey.c } break; case KEY_ECDSA_CERT: -@@ -2459,12 +2570,17 @@ sshkey_certify(struct sshkey *k, struct +@@ -2460,12 +2571,17 @@ sshkey_certify(struct sshkey *k, struct /* XXX this substantially duplicates to_blob(); refactor */ switch (k->type) { #ifdef WITH_OPENSSL @@ -3393,7 +2926,7 @@ diff -up openssh-7.3p1/sshkey.c.openssl openssh-7.3p1/sshkey.c break; # ifdef OPENSSL_HAS_ECC case KEY_ECDSA_CERT: -@@ -2476,10 +2592,15 @@ sshkey_certify(struct sshkey *k, struct +@@ -2477,10 +2593,15 @@ sshkey_certify(struct sshkey *k, struct goto out; break; # endif /* OPENSSL_HAS_ECC */ @@ -3413,7 +2946,7 @@ diff -up openssh-7.3p1/sshkey.c.openssl openssh-7.3p1/sshkey.c break; #endif /* WITH_OPENSSL */ case KEY_ED25519_CERT: -@@ -2636,43 +2757,65 @@ sshkey_private_serialize(const struct ss +@@ -2637,43 +2758,65 @@ sshkey_private_serialize(const struct ss goto out; switch (key->type) { #ifdef WITH_OPENSSL @@ -3503,7 +3036,7 @@ diff -up openssh-7.3p1/sshkey.c.openssl openssh-7.3p1/sshkey.c break; # ifdef OPENSSL_HAS_ECC case KEY_ECDSA: -@@ -2748,18 +2891,51 @@ sshkey_private_deserialize(struct sshbuf +@@ -2749,18 +2892,51 @@ sshkey_private_deserialize(struct sshbuf r = SSH_ERR_ALLOC_FAIL; goto out; } @@ -3566,7 +3099,7 @@ diff -up openssh-7.3p1/sshkey.c.openssl openssh-7.3p1/sshkey.c break; # ifdef OPENSSL_HAS_ECC case KEY_ECDSA: -@@ -2818,24 +2994,81 @@ sshkey_private_deserialize(struct sshbuf +@@ -2819,24 +2995,81 @@ sshkey_private_deserialize(struct sshbuf r = SSH_ERR_ALLOC_FAIL; goto out; } @@ -3665,15 +3198,15 @@ diff -up openssh-7.3p1/sshkey.c.openssl openssh-7.3p1/sshkey.c break; #endif /* WITH_OPENSSL */ case KEY_ED25519: -@@ -3465,6 +3690,7 @@ sshkey_private_rsa1_to_blob(struct sshke - struct sshcipher_ctx ciphercontext; +@@ -3471,6 +3704,7 @@ sshkey_private_rsa1_to_blob(struct sshke + struct sshcipher_ctx *ciphercontext = NULL; const struct sshcipher *cipher; u_char *cp; + const BIGNUM *n, *e, *d, *q, *p, *iqmp; /* * If the passphrase is empty, use SSH_CIPHER_NONE to ease converting -@@ -3491,10 +3717,13 @@ sshkey_private_rsa1_to_blob(struct sshke +@@ -3497,10 +3731,13 @@ sshkey_private_rsa1_to_blob(struct sshke * format would just give known plaintext). * Note: q and p are stored in reverse order to SSL. */ @@ -3691,7 +3224,7 @@ diff -up openssh-7.3p1/sshkey.c.openssl openssh-7.3p1/sshkey.c goto out; /* Pad the part to be encrypted to a size that is a multiple of 8. */ -@@ -3519,9 +3748,9 @@ sshkey_private_rsa1_to_blob(struct sshke +@@ -3525,9 +3762,9 @@ sshkey_private_rsa1_to_blob(struct sshke goto out; /* Store public key. This will be in plain text. */ @@ -3704,7 +3237,7 @@ diff -up openssh-7.3p1/sshkey.c.openssl openssh-7.3p1/sshkey.c (r = sshbuf_put_cstring(encrypted, comment)) != 0) goto out; -@@ -3650,6 +3879,7 @@ sshkey_parse_public_rsa1_fileblob(struct +@@ -3654,6 +3891,7 @@ sshkey_parse_public_rsa1_fileblob(struct int r; struct sshkey *pub = NULL; struct sshbuf *copy = NULL; @@ -3712,7 +3245,7 @@ diff -up openssh-7.3p1/sshkey.c.openssl openssh-7.3p1/sshkey.c if (keyp != NULL) *keyp = NULL; -@@ -3679,10 +3909,16 @@ sshkey_parse_public_rsa1_fileblob(struct +@@ -3683,10 +3921,16 @@ sshkey_parse_public_rsa1_fileblob(struct goto out; /* Read the public key from the buffer. */ @@ -3732,8 +3265,8 @@ diff -up openssh-7.3p1/sshkey.c.openssl openssh-7.3p1/sshkey.c /* Finally, the comment */ if ((r = sshbuf_get_string(copy, (u_char**)commentp, NULL)) != 0) -@@ -3714,6 +3950,8 @@ sshkey_parse_private_rsa1(struct sshbuf - struct sshcipher_ctx ciphercontext; +@@ -3718,6 +3962,8 @@ sshkey_parse_private_rsa1(struct sshbuf + struct sshcipher_ctx *ciphercontext = NULL; const struct sshcipher *cipher; struct sshkey *prv = NULL; + BIGNUM *n = NULL, *e = NULL, *d = NULL, *q = NULL, *p = NULL, @@ -3741,7 +3274,7 @@ diff -up openssh-7.3p1/sshkey.c.openssl openssh-7.3p1/sshkey.c if (keyp != NULL) *keyp = NULL; -@@ -3749,11 +3987,17 @@ sshkey_parse_private_rsa1(struct sshbuf +@@ -3753,11 +3999,17 @@ sshkey_parse_private_rsa1(struct sshbuf goto out; /* Read the public key and comment from the buffer. */ @@ -3763,7 +3296,7 @@ diff -up openssh-7.3p1/sshkey.c.openssl openssh-7.3p1/sshkey.c /* Check that it is a supported cipher. */ cipher = cipher_by_number(cipher_type); -@@ -3786,14 +4030,25 @@ sshkey_parse_private_rsa1(struct sshbuf +@@ -3786,14 +4038,25 @@ sshkey_parse_private_rsa1(struct sshbuf } /* Read the rest of the private key. */ @@ -3794,7 +3327,7 @@ diff -up openssh-7.3p1/sshkey.c.openssl openssh-7.3p1/sshkey.c goto out; /* enable blinding */ -@@ -3846,7 +4101,7 @@ sshkey_parse_private_pem_fileblob(struct +@@ -3846,7 +4109,7 @@ sshkey_parse_private_pem_fileblob(struct r = SSH_ERR_KEY_WRONG_PASSPHRASE; goto out; } @@ -3803,7 +3336,7 @@ diff -up openssh-7.3p1/sshkey.c.openssl openssh-7.3p1/sshkey.c (type == KEY_UNSPEC || type == KEY_RSA)) { if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { r = SSH_ERR_ALLOC_FAIL; -@@ -3861,7 +4116,7 @@ sshkey_parse_private_pem_fileblob(struct +@@ -3861,7 +4124,7 @@ sshkey_parse_private_pem_fileblob(struct r = SSH_ERR_LIBCRYPTO_ERROR; goto out; } @@ -3812,7 +3345,7 @@ diff -up openssh-7.3p1/sshkey.c.openssl openssh-7.3p1/sshkey.c (type == KEY_UNSPEC || type == KEY_DSA)) { if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { r = SSH_ERR_ALLOC_FAIL; -@@ -3873,7 +4128,7 @@ sshkey_parse_private_pem_fileblob(struct +@@ -3873,7 +4136,7 @@ sshkey_parse_private_pem_fileblob(struct DSA_print_fp(stderr, prv->dsa, 8); #endif #ifdef OPENSSL_HAS_ECC @@ -3821,9 +3354,9 @@ diff -up openssh-7.3p1/sshkey.c.openssl openssh-7.3p1/sshkey.c (type == KEY_UNSPEC || type == KEY_ECDSA)) { if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { r = SSH_ERR_ALLOC_FAIL; -diff -up openssh-7.3p1/ssh-keygen.c.openssl openssh-7.3p1/ssh-keygen.c ---- openssh-7.3p1/ssh-keygen.c.openssl 2016-07-28 00:54:27.000000000 +0200 -+++ openssh-7.3p1/ssh-keygen.c 2016-10-27 14:28:16.625815240 +0200 +diff -up openssh-7.4p1/ssh-keygen.c.openssl openssh-7.4p1/ssh-keygen.c +--- openssh-7.4p1/ssh-keygen.c.openssl 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/ssh-keygen.c 2016-12-23 17:47:36.437817755 +0100 @@ -480,40 +480,67 @@ do_convert_private_ssh2_from_blob(u_char free(type); @@ -3949,9 +3482,9 @@ diff -up openssh-7.3p1/ssh-keygen.c.openssl openssh-7.3p1/ssh-keygen.c exit(0); } -diff -up openssh-7.3p1/ssh-keyscan.c.openssl openssh-7.3p1/ssh-keyscan.c ---- openssh-7.3p1/ssh-keyscan.c.openssl 2016-10-27 14:28:16.486815572 +0200 -+++ openssh-7.3p1/ssh-keyscan.c 2016-10-27 14:28:16.625815240 +0200 +diff -up openssh-7.4p1/ssh-keyscan.c.openssl openssh-7.4p1/ssh-keyscan.c +--- openssh-7.4p1/ssh-keyscan.c.openssl 2016-12-23 17:47:36.325817708 +0100 ++++ openssh-7.4p1/ssh-keyscan.c 2016-12-23 17:47:36.437817755 +0100 @@ -195,6 +195,7 @@ keygrab_ssh1(con *c) static struct sshbuf *msg; int r; @@ -3984,9 +3517,9 @@ diff -up openssh-7.3p1/ssh-keyscan.c.openssl openssh-7.3p1/ssh-keyscan.c error("%s: buffer error: %s", __func__, ssh_err(r)); sshbuf_reset(msg); return NULL; -diff -up openssh-7.3p1/ssh-pkcs11-client.c.openssl openssh-7.3p1/ssh-pkcs11-client.c ---- openssh-7.3p1/ssh-pkcs11-client.c.openssl 2016-07-28 00:54:27.000000000 +0200 -+++ openssh-7.3p1/ssh-pkcs11-client.c 2016-10-27 14:28:16.625815240 +0200 +diff -up openssh-7.4p1/ssh-pkcs11-client.c.openssl openssh-7.4p1/ssh-pkcs11-client.c +--- openssh-7.4p1/ssh-pkcs11-client.c.openssl 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/ssh-pkcs11-client.c 2016-12-23 17:47:36.437817755 +0100 @@ -143,12 +143,14 @@ pkcs11_rsa_private_encrypt(int flen, con static int wrap_key(RSA *rsa) @@ -4007,9 +3540,9 @@ diff -up openssh-7.3p1/ssh-pkcs11-client.c.openssl openssh-7.3p1/ssh-pkcs11-clie return (0); } -diff -up openssh-7.3p1/ssh-pkcs11.c.openssl openssh-7.3p1/ssh-pkcs11.c ---- openssh-7.3p1/ssh-pkcs11.c.openssl 2016-07-28 00:54:27.000000000 +0200 -+++ openssh-7.3p1/ssh-pkcs11.c 2016-10-27 14:28:16.625815240 +0200 +diff -up openssh-7.4p1/ssh-pkcs11.c.openssl openssh-7.4p1/ssh-pkcs11.c +--- openssh-7.4p1/ssh-pkcs11.c.openssl 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/ssh-pkcs11.c 2016-12-23 17:47:36.437817755 +0100 @@ -67,7 +67,7 @@ struct pkcs11_key { struct pkcs11_provider *provider; CK_ULONG slotidx; @@ -4096,9 +3629,9 @@ diff -up openssh-7.3p1/ssh-pkcs11.c.openssl openssh-7.3p1/ssh-pkcs11.c pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) { key = sshkey_new(KEY_UNSPEC); key->rsa = rsa; -diff -up openssh-7.3p1/ssh-rsa.c.openssl openssh-7.3p1/ssh-rsa.c ---- openssh-7.3p1/ssh-rsa.c.openssl 2016-07-28 00:54:27.000000000 +0200 -+++ openssh-7.3p1/ssh-rsa.c 2016-10-27 14:28:16.626815238 +0200 +diff -up openssh-7.4p1/ssh-rsa.c.openssl openssh-7.4p1/ssh-rsa.c +--- openssh-7.4p1/ssh-rsa.c.openssl 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/ssh-rsa.c 2016-12-23 17:47:36.437817755 +0100 @@ -100,7 +100,7 @@ ssh_rsa_sign(const struct sshkey *key, u hash_alg = rsa_hash_alg_from_ident(alg_ident); if (key == NULL || key->rsa == NULL || hash_alg == -1 || diff --git a/openssh-7.3p1-x11-max-displays.patch b/openssh-7.3p1-x11-max-displays.patch index 26553fa..f973010 100644 --- a/openssh-7.3p1-x11-max-displays.patch +++ b/openssh-7.3p1-x11-max-displays.patch @@ -1,7 +1,7 @@ -diff -up openssh-6.6p1/channels.c.x11max openssh-6.6p1/channels.c ---- openssh-6.6p1/channels.c.x11max 2016-06-27 16:28:49.803631684 +0200 -+++ openssh-6.6p1/channels.c 2016-06-27 16:28:49.814631678 +0200 -@@ -138,8 +138,8 @@ static int all_opens_permitted = 0; +diff -up openssh-7.4p1/channels.c.x11max openssh-7.4p1/channels.c +--- openssh-7.4p1/channels.c.x11max 2016-12-23 15:46:32.071506625 +0100 ++++ openssh-7.4p1/channels.c 2016-12-23 15:46:32.139506636 +0100 +@@ -152,8 +152,8 @@ static int all_opens_permitted = 0; /* -- X11 forwarding */ @@ -12,7 +12,7 @@ diff -up openssh-6.6p1/channels.c.x11max openssh-6.6p1/channels.c /* Saved X11 local (client) display. */ static char *x11_saved_display = NULL; -@@ -3445,7 +3445,8 @@ channel_send_window_changes(void) +@@ -4228,7 +4228,8 @@ channel_send_window_changes(void) */ int x11_create_display_inet(int x11_display_offset, int x11_use_localhost, @@ -22,7 +22,7 @@ diff -up openssh-6.6p1/channels.c.x11max openssh-6.6p1/channels.c { Channel *nc = NULL; int display_number, sock; -@@ -3457,10 +3458,15 @@ x11_create_display_inet(int x11_display_ +@@ -4240,10 +4241,15 @@ x11_create_display_inet(int x11_display_ if (chanids == NULL) return -1; @@ -40,7 +40,7 @@ diff -up openssh-6.6p1/channels.c.x11max openssh-6.6p1/channels.c memset(&hints, 0, sizeof(hints)); hints.ai_family = IPv4or6; hints.ai_flags = x11_use_localhost ? 0: AI_PASSIVE; -@@ -3512,7 +3518,7 @@ x11_create_display_inet(int x11_display_ +@@ -4295,7 +4301,7 @@ x11_create_display_inet(int x11_display_ if (num_socks > 0) break; } @@ -49,7 +49,7 @@ diff -up openssh-6.6p1/channels.c.x11max openssh-6.6p1/channels.c error("Failed to allocate internet-domain X11 display socket."); return -1; } -@@ -3658,7 +3664,7 @@ x11_connect_display(void) +@@ -4441,7 +4447,7 @@ x11_connect_display(void) memset(&hints, 0, sizeof(hints)); hints.ai_family = IPv4or6; hints.ai_socktype = SOCK_STREAM; @@ -58,7 +58,7 @@ diff -up openssh-6.6p1/channels.c.x11max openssh-6.6p1/channels.c if ((gaierr = getaddrinfo(buf, strport, &hints, &aitop)) != 0) { error("%.100s: unknown host. (%s)", buf, ssh_gai_strerror(gaierr)); -@@ -3674,7 +3680,7 @@ x11_connect_display(void) +@@ -4457,7 +4463,7 @@ x11_connect_display(void) /* Connect it to the display. */ if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0) { debug2("connect %.100s port %u: %.100s", buf, @@ -67,7 +67,7 @@ diff -up openssh-6.6p1/channels.c.x11max openssh-6.6p1/channels.c close(sock); continue; } -@@ -3683,8 +3689,8 @@ x11_connect_display(void) +@@ -4466,8 +4472,8 @@ x11_connect_display(void) } freeaddrinfo(aitop); if (!ai) { @@ -78,10 +78,10 @@ diff -up openssh-6.6p1/channels.c.x11max openssh-6.6p1/channels.c return -1; } set_nodelay(sock); -diff -up openssh-6.6p1/channels.h.x11max openssh-6.6p1/channels.h ---- openssh-6.6p1/channels.h.x11max 2016-06-27 16:28:49.814631678 +0200 -+++ openssh-6.6p1/channels.h 2016-06-27 16:31:18.925557840 +0200 -@@ -281,7 +281,7 @@ int permitopen_port(const char *); +diff -up openssh-7.4p1/channels.h.x11max openssh-7.4p1/channels.h +--- openssh-7.4p1/channels.h.x11max 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/channels.h 2016-12-23 15:46:32.139506636 +0100 +@@ -293,7 +293,7 @@ int permitopen_port(const char *); void channel_set_x11_refuse_time(u_int); int x11_connect_display(void); @@ -90,10 +90,10 @@ diff -up openssh-6.6p1/channels.h.x11max openssh-6.6p1/channels.h int x11_input_open(int, u_int32_t, void *); void x11_request_forwarding_with_spoofing(int, const char *, const char *, const char *, int); -diff -up openssh-6.6p1/servconf.c.x11max openssh-6.6p1/servconf.c ---- openssh-6.6p1/servconf.c.x11max 2016-06-27 16:28:49.808631681 +0200 -+++ openssh-6.6p1/servconf.c 2016-06-27 16:30:46.941573678 +0200 -@@ -92,6 +92,7 @@ initialize_server_options(ServerOptions +diff -up openssh-7.4p1/servconf.c.x11max openssh-7.4p1/servconf.c +--- openssh-7.4p1/servconf.c.x11max 2016-12-23 15:46:32.133506635 +0100 ++++ openssh-7.4p1/servconf.c 2016-12-23 15:47:27.320519121 +0100 +@@ -95,6 +95,7 @@ initialize_server_options(ServerOptions options->print_lastlog = -1; options->x11_forwarding = -1; options->x11_display_offset = -1; @@ -101,7 +101,7 @@ diff -up openssh-6.6p1/servconf.c.x11max openssh-6.6p1/servconf.c options->x11_use_localhost = -1; options->permit_tty = -1; options->permit_user_rc = -1; -@@ -219,6 +220,8 @@ fill_default_server_options(ServerOption +@@ -243,6 +244,8 @@ fill_default_server_options(ServerOption options->x11_forwarding = 0; if (options->x11_display_offset == -1) options->x11_display_offset = 10; @@ -110,16 +110,16 @@ diff -up openssh-6.6p1/servconf.c.x11max openssh-6.6p1/servconf.c if (options->x11_use_localhost == -1) options->x11_use_localhost = 1; if (options->xauth_location == NULL) -@@ -364,7 +367,7 @@ typedef enum { +@@ -419,7 +422,7 @@ typedef enum { sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, sAddressFamily, sPrintMotd, sPrintLastLog, sIgnoreRhosts, - sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, + sX11Forwarding, sX11DisplayOffset, sX11MaxDisplays, sX11UseLocalhost, sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive, - sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, + sPermitUserEnvironment, sAllowTcpForwarding, sCompression, sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, -@@ -476,6 +479,7 @@ static struct { +@@ -540,6 +543,7 @@ static struct { { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL }, { "x11forwarding", sX11Forwarding, SSHCFG_ALL }, { "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL }, @@ -127,9 +127,9 @@ diff -up openssh-6.6p1/servconf.c.x11max openssh-6.6p1/servconf.c { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, -@@ -1202,6 +1206,10 @@ process_server_config_line(ServerOptions - intptr = &options->x11_display_offset; - goto parse_int; +@@ -1316,6 +1320,10 @@ process_server_config_line(ServerOptions + *intptr = value; + break; + case sX11MaxDisplays: + intptr = &options->x11_max_displays; @@ -138,7 +138,7 @@ diff -up openssh-6.6p1/servconf.c.x11max openssh-6.6p1/servconf.c case sX11UseLocalhost: intptr = &options->x11_use_localhost; goto parse_flag; -@@ -1889,6 +1897,7 @@ copy_set_server_options(ServerOptions *d +@@ -2063,6 +2071,7 @@ copy_set_server_options(ServerOptions *d M_CP_INTOPT(fwd_opts.streamlocal_bind_unlink); M_CP_INTOPT(x11_display_offset); M_CP_INTOPT(x11_forwarding); @@ -146,17 +146,17 @@ diff -up openssh-6.6p1/servconf.c.x11max openssh-6.6p1/servconf.c M_CP_INTOPT(x11_use_localhost); M_CP_INTOPT(permit_tty); M_CP_INTOPT(permit_user_rc); -@@ -2106,6 +2115,7 @@ dump_config(ServerOptions *o) +@@ -2315,6 +2324,7 @@ dump_config(ServerOptions *o) + #endif dump_cfg_int(sLoginGraceTime, o->login_grace_time); - dump_cfg_int(sKeyRegenerationTime, o->key_regeneration_time); dump_cfg_int(sX11DisplayOffset, o->x11_display_offset); + dump_cfg_int(sX11MaxDisplays, o->x11_max_displays); dump_cfg_int(sMaxAuthTries, o->max_authtries); dump_cfg_int(sMaxSessions, o->max_sessions); dump_cfg_int(sClientAliveInterval, o->client_alive_interval); -diff -up openssh-6.6p1/servconf.h.x11max openssh-6.6p1/servconf.h ---- openssh-6.6p1/servconf.h.x11max 2016-06-27 16:28:49.809631681 +0200 -+++ openssh-6.6p1/servconf.h 2016-06-27 16:28:49.815631678 +0200 +diff -up openssh-7.4p1/servconf.h.x11max openssh-7.4p1/servconf.h +--- openssh-7.4p1/servconf.h.x11max 2016-12-23 15:46:32.133506635 +0100 ++++ openssh-7.4p1/servconf.h 2016-12-23 15:46:32.140506636 +0100 @@ -55,6 +55,7 @@ #define DEFAULT_AUTH_FAIL_MAX 6 /* Default for MaxAuthTries */ @@ -173,10 +173,10 @@ diff -up openssh-6.6p1/servconf.h.x11max openssh-6.6p1/servconf.h int x11_use_localhost; /* If true, use localhost for fake X11 server. */ char *xauth_location; /* Location of xauth program */ int permit_tty; /* If false, deny pty allocation */ -diff -up openssh-6.6p1/session.c.x11max openssh-6.6p1/session.c ---- openssh-6.6p1/session.c.x11max 2016-06-27 16:28:49.809631681 +0200 -+++ openssh-6.6p1/session.c 2016-06-27 16:28:49.815631678 +0200 -@@ -2741,8 +2741,9 @@ session_setup_x11fwd(Session *s) +diff -up openssh-7.4p1/session.c.x11max openssh-7.4p1/session.c +--- openssh-7.4p1/session.c.x11max 2016-12-23 15:46:32.136506636 +0100 ++++ openssh-7.4p1/session.c 2016-12-23 15:46:32.141506636 +0100 +@@ -2518,8 +2518,9 @@ session_setup_x11fwd(Session *s) return 0; } if (x11_create_display_inet(options.x11_display_offset, @@ -188,10 +188,10 @@ diff -up openssh-6.6p1/session.c.x11max openssh-6.6p1/session.c debug("x11_create_display_inet failed."); return 0; } -diff -up openssh-6.6p1/sshd_config.5.x11max openssh-6.6p1/sshd_config.5 ---- openssh-6.6p1/sshd_config.5.x11max 2016-06-27 16:28:49.809631681 +0200 -+++ openssh-6.6p1/sshd_config.5 2016-06-27 16:32:01.253536879 +0200 -@@ -930,6 +930,7 @@ Available keywords are +diff -up openssh-7.4p1/sshd_config.5.x11max openssh-7.4p1/sshd_config.5 +--- openssh-7.4p1/sshd_config.5.x11max 2016-12-23 15:46:32.134506635 +0100 ++++ openssh-7.4p1/sshd_config.5 2016-12-23 15:46:32.141506636 +0100 +@@ -1133,6 +1133,7 @@ Available keywords are .Cm StreamLocalBindUnlink , .Cm TrustedUserCAKeys , .Cm X11DisplayOffset , @@ -199,7 +199,7 @@ diff -up openssh-6.6p1/sshd_config.5.x11max openssh-6.6p1/sshd_config.5 .Cm X11Forwarding and .Cm X11UseLocalHost . -@@ -1339,6 +1340,12 @@ Specifies the first display number avail +@@ -1566,6 +1567,12 @@ Specifies the first display number avail X11 forwarding. This prevents sshd from interfering with real X11 servers. The default is 10. diff --git a/openssh-7.4p1-daemon.patch b/openssh-7.4p1-daemon.patch new file mode 100644 index 0000000..3515398 --- /dev/null +++ b/openssh-7.4p1-daemon.patch @@ -0,0 +1,12 @@ +diff -up openssh-7.4p1/sshd.c.daemon openssh-7.4p1/sshd.c +--- openssh-7.4p1/sshd.c.daemon 2017-01-02 15:32:56.618447579 +0100 ++++ openssh-7.4p1/sshd.c 2017-01-02 15:33:07.606442751 +0100 +@@ -1943,7 +1943,7 @@ main(int ac, char **av) + * terminal, and fork. The original process exits. + */ + already_daemon = daemonized(); +- if (!(debug_flag || inetd_flag || no_daemon_flag || already_daemon)) { ++ if (!(debug_flag || inetd_flag || no_daemon_flag /*|| already_daemon*/)) { + + if (daemon(0, 0) < 0) + fatal("daemon() failed: %.200s", strerror(errno)); diff --git a/openssh.spec b/openssh.spec index 07a2b0c..e45950c 100644 --- a/openssh.spec +++ b/openssh.spec @@ -65,10 +65,10 @@ %endif # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 -%global openssh_ver 7.3p1 -%global openssh_rel 7 +%global openssh_ver 7.4p1 +%global openssh_rel 1 %global pam_ssh_agent_ver 0.10.2 -%global pam_ssh_agent_rel 4 +%global pam_ssh_agent_rel 5 Summary: An open source implementation of SSH protocol versions 1 and 2 Name: openssh @@ -223,10 +223,10 @@ Patch939: openssh-7.2p2-s390-closefrom.patch Patch940: openssh-7.2p2-expose-pam.patch # Rework SELinux context handling with chroot (#1357860) Patch942: openssh-7.2p2-chroot-capabilities.patch -# Null dereference in newkeys code (#1380297) -Patch943: openssh-7.3p1-null-deref.patch # Move MAX_DISPLAYS to a configuration option (#1341302) Patch944: openssh-7.3p1-x11-max-displays.patch +# Temporary workaround for upstream (#2641) +Patch945: openssh-7.4p1-daemon.patch License: BSD @@ -459,8 +459,8 @@ popd %patch939 -p1 -b .s390-dev %patch940 -p1 -b .expose-pam %patch942 -p1 -b .chroot-cap -%patch943 -p1 -b .deref %patch944 -p1 -b .x11max +%patch945 -p1 -b .daemon %patch200 -p1 -b .audit %patch201 -p1 -b .audit-race diff --git a/sources b/sources index 9178741..49a2a6d 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -a212baca7ce11d596bd8dcb222859ace pam_ssh_agent_auth-0.10.2.tar.bz2 -dfadd9f035d38ce5d58a3bf130b86d08 openssh-7.3p1.tar.gz +SHA512 (openssh-7.4p1.tar.gz) = 4f3256f461f01366c5d5e0e45285eec65016e2643b3284b407f48f53d81087bf2c1caf7d5f7530d307a15c91c64de91446e1cba948e8fc68f82098290fe3b292 +SHA512 (pam_ssh_agent_auth-0.10.2.tar.bz2) = b4b9bc4486d873f236f7c54874c996e24f344f889dfda3beadb12b97cbb89078028a103a4a7175cd919fb0a12fd5bcefef50420510ae5eff9252e494e0124b38