Source-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS import: src/crypto/external/bsd/openssh/dist



Module Name:    src
Committed By:   christos
Date:           Thu Aug 13 10:26:16 UTC 2015

Update of /cvsroot/src/crypto/external/bsd/openssh/dist
In directory ivanova.netbsd.org:/tmp/cvs-serv18268

Log Message:
import openssh-7.0

Changes since OpenSSH 6.9
=========================

This focus of this release is primarily to deprecate weak, legacy
and/or unsafe cryptography.

Security
--------

 * sshd(8): OpenSSH 6.8 and 6.9 incorrectly set TTYs to be world-
   writable. Local attackers may be able to write arbitrary messages
   to logged-in users, including terminal escape sequences.
   Reported by Nikolay Edigaryev.

 * sshd(8): Portable OpenSSH only: Fixed a privilege separation
   weakness related to PAM support. Attackers who could successfully
   compromise the pre-authentication process for remote code
   execution and who had valid credentials on the host could
   impersonate other users.  Reported by Moritz Jodeit.

 * sshd(8): Portable OpenSSH only: Fixed a use-after-free bug
   related to PAM support that was reachable by attackers who could
   compromise the pre-authentication process for remote code
   execution. Also reported by Moritz Jodeit.

 * sshd(8): fix circumvention of MaxAuthTries using keyboard-
   interactive authentication. By specifying a long, repeating
   keyboard-interactive "devices" string, an attacker could request
   the same authentication method be tried thousands of times in
   a single pass. The LoginGraceTime timeout in sshd(8) and any
   authentication failure delays implemented by the authentication
   mechanism itself were still applied. Found by Kingcope.

Potentially-incompatible Changes
--------------------------------

 * Support for the legacy SSH version 1 protocol is disabled by
   default at compile time.

 * Support for the 1024-bit diffie-hellman-group1-sha1 key exchange
   is disabled by default at run-time. It may be re-enabled using
   the instructions at http://www.openssh.com/legacy.html

 * Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled
   by default at run-time. These may be re-enabled using the
   instructions at http://www.openssh.com/legacy.html

 * Support for the legacy v00 cert format has been removed.

 * The default for the sshd_config(5) PermitRootLogin option has
   changed from "yes" to "prohibit-password".

 * PermitRootLogin=without-password/prohibit-password now bans all
   interactive authentication methods, allowing only public-key,
   hostbased and GSSAPI authentication (previously it permitted
   keyboard-interactive and password-less authentication if those
   were enabled).

New Features
------------

 * ssh_config(5): add PubkeyAcceptedKeyTypes option to control which
   public key types are available for user authentication.

 * sshd_config(5): add HostKeyAlgorithms option to control which
   public key types are offered for host authentications.

 * ssh(1), sshd(8): extend Ciphers, MACs, KexAlgorithms,
   HostKeyAlgorithms, PubkeyAcceptedKeyTypes and HostbasedKeyTypes
   options to allow appending to the default set of algorithms
   instead of replacing it. Options may now be prefixed with a '+'
   to append to the default, e.g. "HostKeyAlgorithms=+ssh-dss".

 * sshd_config(5): PermitRootLogin now accepts an argument of
   'prohibit-password' as a less-ambiguous synonym of 'without-
   password'.

Bugfixes
--------

 * ssh(1), sshd(8): add compatability workarounds for Cisco and more
   PuTTY versions. bz#2424

 * Fix some omissions and errors in the PROTOCOL and PROTOCOL.mux
   documentation relating to Unix domain socket forwarding;
   bz#2421 bz#2422

 * ssh(1): Improve the ssh(1) manual page to include a better
   description of Unix domain socket forwarding; bz#2423

 * ssh(1), ssh-agent(1): skip uninitialised PKCS#11 slots, fixing
   failures to load keys when they are present. bz#2427

 * ssh(1), ssh-agent(1): do not ignore PKCS#11 hosted keys that wth
   empty CKA_ID; bz#2429

 * sshd(8): clarify documentation for UseDNS option; bz#2045


Status:

Vendor Tag:     OPENSSH
Release Tags:   v70-20150812
                
U src/crypto/external/bsd/openssh/dist/PROTOCOL.agent
U src/crypto/external/bsd/openssh/dist/hostfile.c
U src/crypto/external/bsd/openssh/dist/LICENCE
C src/crypto/external/bsd/openssh/dist/OVERVIEW
C src/crypto/external/bsd/openssh/dist/PROTOCOL
U src/crypto/external/bsd/openssh/dist/PROTOCOL.chacha20poly1305
U src/crypto/external/bsd/openssh/dist/PROTOCOL.certkeys
U src/crypto/external/bsd/openssh/dist/auth-bsdauth.c
U src/crypto/external/bsd/openssh/dist/PROTOCOL.key
U src/crypto/external/bsd/openssh/dist/PROTOCOL.krl
C src/crypto/external/bsd/openssh/dist/PROTOCOL.mux
U src/crypto/external/bsd/openssh/dist/README
C src/crypto/external/bsd/openssh/dist/addrmatch.c
U src/crypto/external/bsd/openssh/dist/atomicio.c
U src/crypto/external/bsd/openssh/dist/atomicio.h
U src/crypto/external/bsd/openssh/dist/canohost.c
U src/crypto/external/bsd/openssh/dist/auth-chall.c
U src/crypto/external/bsd/openssh/dist/auth-krb5.c
C src/crypto/external/bsd/openssh/dist/auth-options.c
U src/crypto/external/bsd/openssh/dist/auth-options.h
U src/crypto/external/bsd/openssh/dist/hmac.c
U src/crypto/external/bsd/openssh/dist/auth-passwd.c
U src/crypto/external/bsd/openssh/dist/auth-rh-rsa.c
U src/crypto/external/bsd/openssh/dist/auth-rhosts.c
U src/crypto/external/bsd/openssh/dist/auth-rsa.c
C src/crypto/external/bsd/openssh/dist/auth.c
U src/crypto/external/bsd/openssh/dist/auth.h
U src/crypto/external/bsd/openssh/dist/auth1.c
C src/crypto/external/bsd/openssh/dist/auth2-chall.c
U src/crypto/external/bsd/openssh/dist/auth2-gss.c
U src/crypto/external/bsd/openssh/dist/auth2-hostbased.c
U src/crypto/external/bsd/openssh/dist/auth2-kbdint.c
U src/crypto/external/bsd/openssh/dist/auth2-none.c
U src/crypto/external/bsd/openssh/dist/auth2-passwd.c
U src/crypto/external/bsd/openssh/dist/auth2-pubkey.c
U src/crypto/external/bsd/openssh/dist/auth2.c
C src/crypto/external/bsd/openssh/dist/authfd.c
U src/crypto/external/bsd/openssh/dist/authfd.h
C src/crypto/external/bsd/openssh/dist/authfile.c
U src/crypto/external/bsd/openssh/dist/authfile.h
U src/crypto/external/bsd/openssh/dist/bitmap.c
U src/crypto/external/bsd/openssh/dist/bitmap.h
U src/crypto/external/bsd/openssh/dist/blocks.c
U src/crypto/external/bsd/openssh/dist/bufaux.c
U src/crypto/external/bsd/openssh/dist/bufbn.c
U src/crypto/external/bsd/openssh/dist/bufec.c
U src/crypto/external/bsd/openssh/dist/buffer.c
U src/crypto/external/bsd/openssh/dist/buffer.h
U src/crypto/external/bsd/openssh/dist/cipher-3des1.c
U src/crypto/external/bsd/openssh/dist/canohost.h
U src/crypto/external/bsd/openssh/dist/chacha.c
U src/crypto/external/bsd/openssh/dist/chacha.h
U src/crypto/external/bsd/openssh/dist/channels.c
U src/crypto/external/bsd/openssh/dist/channels.h
U src/crypto/external/bsd/openssh/dist/cipher-chachapoly.c
U src/crypto/external/bsd/openssh/dist/cipher-aesctr.c
U src/crypto/external/bsd/openssh/dist/cipher-aesctr.h
U src/crypto/external/bsd/openssh/dist/cipher-bf1.c
U src/crypto/external/bsd/openssh/dist/crypto_api.h
C src/crypto/external/bsd/openssh/dist/compat.c
U src/crypto/external/bsd/openssh/dist/cipher-chachapoly.h
U src/crypto/external/bsd/openssh/dist/cipher.c
C src/crypto/external/bsd/openssh/dist/cipher.h
U src/crypto/external/bsd/openssh/dist/cleanup.c
C src/crypto/external/bsd/openssh/dist/clientloop.c
U src/crypto/external/bsd/openssh/dist/clientloop.h
U src/crypto/external/bsd/openssh/dist/crc32.c
U src/crypto/external/bsd/openssh/dist/compat.h
U src/crypto/external/bsd/openssh/dist/crc32.h
U src/crypto/external/bsd/openssh/dist/digest-libc.c
U src/crypto/external/bsd/openssh/dist/deattack.c
U src/crypto/external/bsd/openssh/dist/deattack.h
U src/crypto/external/bsd/openssh/dist/dh.c
U src/crypto/external/bsd/openssh/dist/dh.h
U src/crypto/external/bsd/openssh/dist/ge25519_base.data
U src/crypto/external/bsd/openssh/dist/digest-openssl.c
U src/crypto/external/bsd/openssh/dist/digest.h
U src/crypto/external/bsd/openssh/dist/dispatch.c
U src/crypto/external/bsd/openssh/dist/dispatch.h
U src/crypto/external/bsd/openssh/dist/dns.c
U src/crypto/external/bsd/openssh/dist/dns.h
U src/crypto/external/bsd/openssh/dist/ed25519.c
U src/crypto/external/bsd/openssh/dist/fatal.c
U src/crypto/external/bsd/openssh/dist/fe25519.c
U src/crypto/external/bsd/openssh/dist/fe25519.h
U src/crypto/external/bsd/openssh/dist/ge25519.c
U src/crypto/external/bsd/openssh/dist/ge25519.h
U src/crypto/external/bsd/openssh/dist/match.c
U src/crypto/external/bsd/openssh/dist/groupaccess.c
U src/crypto/external/bsd/openssh/dist/groupaccess.h
U src/crypto/external/bsd/openssh/dist/gss-genr.c
U src/crypto/external/bsd/openssh/dist/gss-serv-krb5.c
U src/crypto/external/bsd/openssh/dist/gss-serv.c
U src/crypto/external/bsd/openssh/dist/hash.c
U src/crypto/external/bsd/openssh/dist/hmac.h
U src/crypto/external/bsd/openssh/dist/hostfile.h
C src/crypto/external/bsd/openssh/dist/kex.c
C src/crypto/external/bsd/openssh/dist/kex.h
U src/crypto/external/bsd/openssh/dist/kexc25519.c
U src/crypto/external/bsd/openssh/dist/kexc25519c.c
U src/crypto/external/bsd/openssh/dist/kexc25519s.c
U src/crypto/external/bsd/openssh/dist/kexdh.c
U src/crypto/external/bsd/openssh/dist/kexdhc.c
U src/crypto/external/bsd/openssh/dist/kexdhs.c
U src/crypto/external/bsd/openssh/dist/kexecdh.c
U src/crypto/external/bsd/openssh/dist/kexecdhc.c
U src/crypto/external/bsd/openssh/dist/kexecdhs.c
U src/crypto/external/bsd/openssh/dist/kexgex.c
U src/crypto/external/bsd/openssh/dist/kexgexc.c
U src/crypto/external/bsd/openssh/dist/kexgexs.c
C src/crypto/external/bsd/openssh/dist/key.c
C src/crypto/external/bsd/openssh/dist/key.h
C src/crypto/external/bsd/openssh/dist/krl.c
U src/crypto/external/bsd/openssh/dist/krl.h
C src/crypto/external/bsd/openssh/dist/log.c
U src/crypto/external/bsd/openssh/dist/log.h
U src/crypto/external/bsd/openssh/dist/mac.c
U src/crypto/external/bsd/openssh/dist/mac.h
U src/crypto/external/bsd/openssh/dist/match.h
U src/crypto/external/bsd/openssh/dist/misc.c
U src/crypto/external/bsd/openssh/dist/monitor.c
U src/crypto/external/bsd/openssh/dist/misc.h
U src/crypto/external/bsd/openssh/dist/moduli.c
U src/crypto/external/bsd/openssh/dist/monitor_fdpass.c
U src/crypto/external/bsd/openssh/dist/monitor.h
U src/crypto/external/bsd/openssh/dist/sandbox-systrace.c
U src/crypto/external/bsd/openssh/dist/monitor_fdpass.h
U src/crypto/external/bsd/openssh/dist/monitor_mm.c
U src/crypto/external/bsd/openssh/dist/monitor_mm.h
U src/crypto/external/bsd/openssh/dist/monitor_wrap.c
U src/crypto/external/bsd/openssh/dist/monitor_wrap.h
U src/crypto/external/bsd/openssh/dist/msg.c
U src/crypto/external/bsd/openssh/dist/msg.h
U src/crypto/external/bsd/openssh/dist/mux.c
C src/crypto/external/bsd/openssh/dist/myproposal.h
U src/crypto/external/bsd/openssh/dist/nchan.c
U src/crypto/external/bsd/openssh/dist/nchan.ms
U src/crypto/external/bsd/openssh/dist/nchan2.ms
U src/crypto/external/bsd/openssh/dist/opacket.c
U src/crypto/external/bsd/openssh/dist/opacket.h
C src/crypto/external/bsd/openssh/dist/packet.c
U src/crypto/external/bsd/openssh/dist/packet.h
U src/crypto/external/bsd/openssh/dist/pathnames.h
U src/crypto/external/bsd/openssh/dist/pkcs11.h
U src/crypto/external/bsd/openssh/dist/poly1305.c
U src/crypto/external/bsd/openssh/dist/rsa.c
U src/crypto/external/bsd/openssh/dist/poly1305.h
U src/crypto/external/bsd/openssh/dist/progressmeter.c
U src/crypto/external/bsd/openssh/dist/progressmeter.h
C src/crypto/external/bsd/openssh/dist/readconf.c
C src/crypto/external/bsd/openssh/dist/readconf.h
U src/crypto/external/bsd/openssh/dist/readpass.c
U src/crypto/external/bsd/openssh/dist/rijndael.c
U src/crypto/external/bsd/openssh/dist/rijndael.h
U src/crypto/external/bsd/openssh/dist/roaming.h
U src/crypto/external/bsd/openssh/dist/roaming_client.c
U src/crypto/external/bsd/openssh/dist/roaming_common.c
U src/crypto/external/bsd/openssh/dist/roaming_dummy.c
U src/crypto/external/bsd/openssh/dist/roaming_serv.c
U src/crypto/external/bsd/openssh/dist/rsa.h
U src/crypto/external/bsd/openssh/dist/sandbox-rlimit.c
U src/crypto/external/bsd/openssh/dist/sftp-client.c
U src/crypto/external/bsd/openssh/dist/sc25519.c
U src/crypto/external/bsd/openssh/dist/sc25519.h
C src/crypto/external/bsd/openssh/dist/scp.1
U src/crypto/external/bsd/openssh/dist/scp.c
C src/crypto/external/bsd/openssh/dist/servconf.c
C src/crypto/external/bsd/openssh/dist/servconf.h
U src/crypto/external/bsd/openssh/dist/serverloop.c
U src/crypto/external/bsd/openssh/dist/serverloop.h
U src/crypto/external/bsd/openssh/dist/session.c
U src/crypto/external/bsd/openssh/dist/session.h
U src/crypto/external/bsd/openssh/dist/sftp-server-main.c
U src/crypto/external/bsd/openssh/dist/sftp-client.h
U src/crypto/external/bsd/openssh/dist/sftp-common.c
U src/crypto/external/bsd/openssh/dist/sftp-common.h
U src/crypto/external/bsd/openssh/dist/sftp-glob.c
U src/crypto/external/bsd/openssh/dist/smult_curve25519_ref.c
U src/crypto/external/bsd/openssh/dist/sftp-server.8
U src/crypto/external/bsd/openssh/dist/sftp-server.c
U src/crypto/external/bsd/openssh/dist/sftp.1
U src/crypto/external/bsd/openssh/dist/sftp.c
U src/crypto/external/bsd/openssh/dist/sftp.h
U src/crypto/external/bsd/openssh/dist/ssh-ed25519.c
U src/crypto/external/bsd/openssh/dist/ssh-add.1
C src/crypto/external/bsd/openssh/dist/ssh-add.c
U src/crypto/external/bsd/openssh/dist/ssh-agent.1
C src/crypto/external/bsd/openssh/dist/ssh-agent.c
U src/crypto/external/bsd/openssh/dist/ssh-dss.c
U src/crypto/external/bsd/openssh/dist/ssh-ecdsa.c
C src/crypto/external/bsd/openssh/dist/ssh.1
U src/crypto/external/bsd/openssh/dist/ssh-gss.h
U src/crypto/external/bsd/openssh/dist/ssh-keyscan.1
C src/crypto/external/bsd/openssh/dist/ssh-keygen.1
C src/crypto/external/bsd/openssh/dist/ssh-keygen.c
U src/crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c
U src/crypto/external/bsd/openssh/dist/ssh-keyscan.c
U src/crypto/external/bsd/openssh/dist/ssh-keysign.8
C src/crypto/external/bsd/openssh/dist/ssh-keysign.c
U src/crypto/external/bsd/openssh/dist/sshbuf-misc.c
U src/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.8
U src/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c
C src/crypto/external/bsd/openssh/dist/ssh-pkcs11.c
U src/crypto/external/bsd/openssh/dist/ssh-pkcs11.h
U src/crypto/external/bsd/openssh/dist/ssh-rsa.c
U src/crypto/external/bsd/openssh/dist/ssh-sandbox.h
C src/crypto/external/bsd/openssh/dist/ssh.c
C src/crypto/external/bsd/openssh/dist/ssh.h
U src/crypto/external/bsd/openssh/dist/ssh1.h
U src/crypto/external/bsd/openssh/dist/ssh2.h
U src/crypto/external/bsd/openssh/dist/ssh_api.c
U src/crypto/external/bsd/openssh/dist/ssh_api.h
U src/crypto/external/bsd/openssh/dist/ssh_config
C src/crypto/external/bsd/openssh/dist/ssh_config.5
C src/crypto/external/bsd/openssh/dist/sshd_config
C src/crypto/external/bsd/openssh/dist/sshd.8
U src/crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c
U src/crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c
U src/crypto/external/bsd/openssh/dist/sshbuf.c
U src/crypto/external/bsd/openssh/dist/sshbuf.h
U src/crypto/external/bsd/openssh/dist/sshconnect.c
U src/crypto/external/bsd/openssh/dist/sshconnect.h
U src/crypto/external/bsd/openssh/dist/sshconnect1.c
C src/crypto/external/bsd/openssh/dist/sshconnect2.c
C src/crypto/external/bsd/openssh/dist/sshd.c
U src/crypto/external/bsd/openssh/dist/ttymodes.c
C src/crypto/external/bsd/openssh/dist/sshd_config.5
U src/crypto/external/bsd/openssh/dist/ssherr.c
U src/crypto/external/bsd/openssh/dist/ssherr.h
C src/crypto/external/bsd/openssh/dist/sshkey.c
U src/crypto/external/bsd/openssh/dist/sshkey.h
U src/crypto/external/bsd/openssh/dist/sshlogin.c
U src/crypto/external/bsd/openssh/dist/sshlogin.h
C src/crypto/external/bsd/openssh/dist/sshpty.c
U src/crypto/external/bsd/openssh/dist/sshpty.h
U src/crypto/external/bsd/openssh/dist/sshtty.c
U src/crypto/external/bsd/openssh/dist/ttymodes.h
U src/crypto/external/bsd/openssh/dist/umac.c
U src/crypto/external/bsd/openssh/dist/uidswap.c
U src/crypto/external/bsd/openssh/dist/uidswap.h
U src/crypto/external/bsd/openssh/dist/umac.h
U src/crypto/external/bsd/openssh/dist/uuencode.c
U src/crypto/external/bsd/openssh/dist/uuencode.h
U src/crypto/external/bsd/openssh/dist/verify.c
C src/crypto/external/bsd/openssh/dist/version.h
U src/crypto/external/bsd/openssh/dist/xmalloc.c
U src/crypto/external/bsd/openssh/dist/xmalloc.h
U src/crypto/external/bsd/openssh/dist/moduli-gen/moduli-gen.sh
U src/crypto/external/bsd/openssh/dist/moduli-gen/Makefile
U src/crypto/external/bsd/openssh/dist/moduli-gen/moduli.1536
U src/crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048
U src/crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072
U src/crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096
U src/crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144
U src/crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680
U src/crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192

43 conflicts created by this import.
Use the following command to help the merge:

        cvs checkout -jOPENSSH:yesterday -jOPENSSH src/crypto/external/bsd/openssh/dist




Home | Main Index | Thread Index | Old Index