OpenSSH 7.5 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support. OpenSSH also includes
transitional support for the legacy SSH 1.3 and 1.5 protocols
that may be enabled at compile-time.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
http://www.openssh.com/donations.html
Future deprecation notice
=========================
We plan on retiring more legacy cryptography in future releases,
specifically:
* In the next major release (expected June-August), removing remaining
support for the SSH v.1 protocol (currently client-only and compile-
time disabled).
* In the same release, removing support for Blowfish and RC4 ciphers
and the RIPE-MD160 HMAC. (These are currently run-time disabled).
* In the same release, removing the remaining CBC ciphers from being
offered by default in the client (These have not been offered in
sshd by default for several years).
* Refusing all RSA keys smaller than 1024 bits (the current minimum
is 768 bits)
This list reflects our current intentions, but please check the final
release notes for future releases.
Potentially-incompatible changes
================================
This release includes a number of changes that may affect existing
configurations:
* This release deprecates the sshd_config UsePrivilegeSeparation
option, thereby making privilege separation mandatory. Privilege
separation has been on by default for almost 15 years and
sandboxing has been on by default for almost the last five.
* The format of several log messages emitted by the packet code has
changed to include additional information about the user and
their authentication state. Software that monitors ssh/sshd logs
may need to account for these changes. For example:
Connection closed by user x 1.1.1.1 port 1234 [preauth]
Connection closed by authenticating user x 10.1.1.1 port 1234 [preauth]
Connection closed by invalid user x 1.1.1.1 port 1234 [preauth]
Affected messages include connection closure, timeout, remote
disconnection, negotiation failure and some other fatal messages
generated by the packet code.
* [Portable OpenSSH only] This version removes support for building
against OpenSSL versions prior to 1.0.1. OpenSSL stopped supporting
versions prior to 1.0.1 over 12 months ago (i.e. they no longer
receive fixes for security bugs).
2017-04-18 21:39:17 +03:00
|
|
|
/* $OpenBSD: utf8.c,v 1.5 2017/02/19 00:10:57 djm Exp $ */
|
OpenSSH 7.3 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support. OpenSSH also includes
transitional support for the legacy SSH 1.3 and 1.5 protocols
that may be enabled at compile-time.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
http://www.openssh.com/donations.html
Future deprecation notice
=========================
We plan on retiring more legacy cryptography in a near-future
release, specifically:
* Refusing all RSA keys smaller than 1024 bits (the current minimum
is 768 bits)
* Removing server-side support for the SSH v.1 protocol (currently
compile-time disabled).
* In approximately 1 year, removing all support for the SSH v.1
protocol (currently compile-time disabled).
This list reflects our current intentions, but please check the final
release notes for future releases.
Changes since OpenSSH 7.2
=========================
This is primarily a bugfix release.
Security
--------
* sshd(8): Mitigate a potential denial-of-service attack against
the system's crypt(3) function via sshd(8). An attacker could
send very long passwords that would cause excessive CPU use in
crypt(3). sshd(8) now refuses to accept password authentication
requests of length greater than 1024 characters. Independently
reported by Tomas Kuthan (Oracle), Andres Rojas and Javier Nieto.
* sshd(8): Mitigate timing differences in password authentication
that could be used to discern valid from invalid account names
when long passwords were sent and particular password hashing
algorithms are in use on the server. CVE-2016-6210, reported by
EddieEzra.Harari at verint.com
* ssh(1), sshd(8): Fix observable timing weakness in the CBC padding
oracle countermeasures. Reported by Jean Paul Degabriele, Kenny
Paterson, Torben Hansen and Martin Albrecht. Note that CBC ciphers
are disabled by default and only included for legacy compatibility.
* ssh(1), sshd(8): Improve operation ordering of MAC verification for
Encrypt-then-MAC (EtM) mode transport MAC algorithms to verify the
MAC before decrypting any ciphertext. This removes the possibility
of timing differences leaking facts about the plaintext, though no
such leakage has been observed. Reported by Jean Paul Degabriele,
Kenny Paterson, Torben Hansen and Martin Albrecht.
* sshd(8): (portable only) Ignore PAM environment vars when
UseLogin=yes. If PAM is configured to read user-specified
environment variables and UseLogin=yes in sshd_config, then a
hostile local user may attack /bin/login via LD_PRELOAD or
similar environment variables set via PAM. CVE-2015-8325,
found by Shayan Sadigh.
New Features
------------
* ssh(1): Add a ProxyJump option and corresponding -J command-line
flag to allow simplified indirection through a one or more SSH
bastions or "jump hosts".
* ssh(1): Add an IdentityAgent option to allow specifying specific
agent sockets instead of accepting one from the environment.
* ssh(1): Allow ExitOnForwardFailure and ClearAllForwardings to be
optionally overridden when using ssh -W. bz#2577
* ssh(1), sshd(8): Implement support for the IUTF8 terminal mode as
per draft-sgtatham-secsh-iutf8-00.
* ssh(1), sshd(8): Add support for additional fixed Diffie-Hellman
2K, 4K and 8K groups from draft-ietf-curdle-ssh-kex-sha2-03.
* ssh-keygen(1), ssh(1), sshd(8): support SHA256 and SHA512 RSA
signatures in certificates;
* ssh(1): Add an Include directive for ssh_config(5) files.
* ssh(1): Permit UTF-8 characters in pre-authentication banners sent
from the server. bz#2058
Bugfixes
--------
* ssh(1), sshd(8): Reduce the syslog level of some relatively common
protocol events from LOG_CRIT. bz#2585
* sshd(8): Refuse AuthenticationMethods="" in configurations and
accept AuthenticationMethods=any for the default behaviour of not
requiring multiple authentication. bz#2398
* sshd(8): Remove obsolete and misleading "POSSIBLE BREAK-IN
ATTEMPT!" message when forward and reverse DNS don't match. bz#2585
* ssh(1): Close ControlPersist background process stderr except
in debug mode or when logging to syslog. bz#1988
* misc: Make PROTOCOL description for direct-streamlocal@openssh.com
channel open messages match deployed code. bz#2529
* ssh(1): Deduplicate LocalForward and RemoteForward entries to fix
failures when both ExitOnForwardFailure and hostname
canonicalisation are enabled. bz#2562
* sshd(8): Remove fallback from moduli to obsolete "primes" file
that was deprecated in 2001. bz#2559.
* sshd_config(5): Correct description of UseDNS: it affects ssh
hostname processing for authorized_keys, not known_hosts; bz#2554
* ssh(1): Fix authentication using lone certificate keys in an agent
without corresponding private keys on the filesystem. bz#2550
* sshd(8): Send ClientAliveInterval pings when a time-based
RekeyLimit is set; previously keepalive packets were not being
sent. bz#2252
Portability
-----------
* ssh(1), sshd(8): Fix compilation by automatically disabling ciphers
not supported by OpenSSL. bz#2466
* misc: Fix compilation failures on some versions of AIX's compiler
related to the definition of the VA_COPY macro. bz#2589
* sshd(8): Whitelist more architectures to enable the seccomp-bpf
sandbox. bz#2590
* ssh-agent(1), sftp-server(8): Disable process tracing on Solaris
using setpflags(__PROC_PROTECT, ...). bz#2584
* sshd(8): On Solaris, don't call Solaris setproject() with
UsePAM=yes it's PAM's responsibility. bz#2425
Checksums:
==========
- SHA1 (openssh-7.3.tar.gz) = b1641e5265d9ec68a9a19decc3a7edd1203cbd33
- SHA256 (openssh-7.3.tar.gz) = vS0X35qrX9OOPBkyDMYhOje/DBwHBVEV7nv5rkzw4vM=
- SHA1 (openssh-7.3p1.tar.gz) = bfade84283fcba885e2084343ab19a08c7d123a5
- SHA256 (openssh-7.3p1.tar.gz) = P/uYmm3KppWUw7VQ1IVaWi4XGMzd5/XjY4e0JCIPvsw=
Please note that the SHA256 signatures are base64 encoded and not
hexadecimal (which is the default for most checksum tools). The PGP
key used to sign the releases is available as RELEASE_KEY.asc from
the mirror sites.
Reporting Bugs:
===============
- Please read http://www.openssh.com/report.html
Security bugs should be reported directly to openssh@openssh.com
OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de
Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre,
Tim Rice and Ben Lindstrom.
2016-08-02 16:29:05 +03:00
|
|
|
/*
|
|
|
|
* Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
|
|
|
|
*
|
|
|
|
* Permission to use, copy, modify, and distribute this software for any
|
|
|
|
* purpose with or without fee is hereby granted, provided that the above
|
|
|
|
* copyright notice and this permission notice appear in all copies.
|
|
|
|
*
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
|
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
|
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
|
|
|
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
|
|
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
|
|
|
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
|
|
|
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Utility functions for multibyte-character handling,
|
|
|
|
* in particular to sanitize untrusted strings for terminal output.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <sys/types.h>
|
|
|
|
#include <langinfo.h>
|
|
|
|
#include <limits.h>
|
|
|
|
#include <stdarg.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <vis.h>
|
|
|
|
#include <wchar.h>
|
|
|
|
|
|
|
|
#include "utf8.h"
|
|
|
|
|
|
|
|
static int dangerous_locale(void);
|
|
|
|
static int grow_dst(char **, size_t *, size_t, char **, size_t);
|
|
|
|
static int vasnmprintf(char **, size_t, int *, const char *, va_list);
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
* For US-ASCII and UTF-8 encodings, we can safely recover from
|
|
|
|
* encoding errors and from non-printable characters. For any
|
|
|
|
* other encodings, err to the side of caution and abort parsing:
|
|
|
|
* For state-dependent encodings, recovery is impossible.
|
|
|
|
* For arbitrary encodings, replacement of non-printable
|
|
|
|
* characters would be non-trivial and too fragile.
|
|
|
|
*/
|
|
|
|
|
|
|
|
static int
|
|
|
|
dangerous_locale(void) {
|
|
|
|
char *loc;
|
|
|
|
|
|
|
|
loc = nl_langinfo(CODESET);
|
OpenSSH 7.5 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support. OpenSSH also includes
transitional support for the legacy SSH 1.3 and 1.5 protocols
that may be enabled at compile-time.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
http://www.openssh.com/donations.html
Future deprecation notice
=========================
We plan on retiring more legacy cryptography in future releases,
specifically:
* In the next major release (expected June-August), removing remaining
support for the SSH v.1 protocol (currently client-only and compile-
time disabled).
* In the same release, removing support for Blowfish and RC4 ciphers
and the RIPE-MD160 HMAC. (These are currently run-time disabled).
* In the same release, removing the remaining CBC ciphers from being
offered by default in the client (These have not been offered in
sshd by default for several years).
* Refusing all RSA keys smaller than 1024 bits (the current minimum
is 768 bits)
This list reflects our current intentions, but please check the final
release notes for future releases.
Potentially-incompatible changes
================================
This release includes a number of changes that may affect existing
configurations:
* This release deprecates the sshd_config UsePrivilegeSeparation
option, thereby making privilege separation mandatory. Privilege
separation has been on by default for almost 15 years and
sandboxing has been on by default for almost the last five.
* The format of several log messages emitted by the packet code has
changed to include additional information about the user and
their authentication state. Software that monitors ssh/sshd logs
may need to account for these changes. For example:
Connection closed by user x 1.1.1.1 port 1234 [preauth]
Connection closed by authenticating user x 10.1.1.1 port 1234 [preauth]
Connection closed by invalid user x 1.1.1.1 port 1234 [preauth]
Affected messages include connection closure, timeout, remote
disconnection, negotiation failure and some other fatal messages
generated by the packet code.
* [Portable OpenSSH only] This version removes support for building
against OpenSSL versions prior to 1.0.1. OpenSSL stopped supporting
versions prior to 1.0.1 over 12 months ago (i.e. they no longer
receive fixes for security bugs).
2017-04-18 21:39:17 +03:00
|
|
|
return strcmp(loc, "US-ASCII") != 0 && strcmp(loc, "UTF-8") != 0 &&
|
|
|
|
strcmp(loc, "ANSI_X3.4-1968") != 0;
|
OpenSSH 7.3 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support. OpenSSH also includes
transitional support for the legacy SSH 1.3 and 1.5 protocols
that may be enabled at compile-time.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
http://www.openssh.com/donations.html
Future deprecation notice
=========================
We plan on retiring more legacy cryptography in a near-future
release, specifically:
* Refusing all RSA keys smaller than 1024 bits (the current minimum
is 768 bits)
* Removing server-side support for the SSH v.1 protocol (currently
compile-time disabled).
* In approximately 1 year, removing all support for the SSH v.1
protocol (currently compile-time disabled).
This list reflects our current intentions, but please check the final
release notes for future releases.
Changes since OpenSSH 7.2
=========================
This is primarily a bugfix release.
Security
--------
* sshd(8): Mitigate a potential denial-of-service attack against
the system's crypt(3) function via sshd(8). An attacker could
send very long passwords that would cause excessive CPU use in
crypt(3). sshd(8) now refuses to accept password authentication
requests of length greater than 1024 characters. Independently
reported by Tomas Kuthan (Oracle), Andres Rojas and Javier Nieto.
* sshd(8): Mitigate timing differences in password authentication
that could be used to discern valid from invalid account names
when long passwords were sent and particular password hashing
algorithms are in use on the server. CVE-2016-6210, reported by
EddieEzra.Harari at verint.com
* ssh(1), sshd(8): Fix observable timing weakness in the CBC padding
oracle countermeasures. Reported by Jean Paul Degabriele, Kenny
Paterson, Torben Hansen and Martin Albrecht. Note that CBC ciphers
are disabled by default and only included for legacy compatibility.
* ssh(1), sshd(8): Improve operation ordering of MAC verification for
Encrypt-then-MAC (EtM) mode transport MAC algorithms to verify the
MAC before decrypting any ciphertext. This removes the possibility
of timing differences leaking facts about the plaintext, though no
such leakage has been observed. Reported by Jean Paul Degabriele,
Kenny Paterson, Torben Hansen and Martin Albrecht.
* sshd(8): (portable only) Ignore PAM environment vars when
UseLogin=yes. If PAM is configured to read user-specified
environment variables and UseLogin=yes in sshd_config, then a
hostile local user may attack /bin/login via LD_PRELOAD or
similar environment variables set via PAM. CVE-2015-8325,
found by Shayan Sadigh.
New Features
------------
* ssh(1): Add a ProxyJump option and corresponding -J command-line
flag to allow simplified indirection through a one or more SSH
bastions or "jump hosts".
* ssh(1): Add an IdentityAgent option to allow specifying specific
agent sockets instead of accepting one from the environment.
* ssh(1): Allow ExitOnForwardFailure and ClearAllForwardings to be
optionally overridden when using ssh -W. bz#2577
* ssh(1), sshd(8): Implement support for the IUTF8 terminal mode as
per draft-sgtatham-secsh-iutf8-00.
* ssh(1), sshd(8): Add support for additional fixed Diffie-Hellman
2K, 4K and 8K groups from draft-ietf-curdle-ssh-kex-sha2-03.
* ssh-keygen(1), ssh(1), sshd(8): support SHA256 and SHA512 RSA
signatures in certificates;
* ssh(1): Add an Include directive for ssh_config(5) files.
* ssh(1): Permit UTF-8 characters in pre-authentication banners sent
from the server. bz#2058
Bugfixes
--------
* ssh(1), sshd(8): Reduce the syslog level of some relatively common
protocol events from LOG_CRIT. bz#2585
* sshd(8): Refuse AuthenticationMethods="" in configurations and
accept AuthenticationMethods=any for the default behaviour of not
requiring multiple authentication. bz#2398
* sshd(8): Remove obsolete and misleading "POSSIBLE BREAK-IN
ATTEMPT!" message when forward and reverse DNS don't match. bz#2585
* ssh(1): Close ControlPersist background process stderr except
in debug mode or when logging to syslog. bz#1988
* misc: Make PROTOCOL description for direct-streamlocal@openssh.com
channel open messages match deployed code. bz#2529
* ssh(1): Deduplicate LocalForward and RemoteForward entries to fix
failures when both ExitOnForwardFailure and hostname
canonicalisation are enabled. bz#2562
* sshd(8): Remove fallback from moduli to obsolete "primes" file
that was deprecated in 2001. bz#2559.
* sshd_config(5): Correct description of UseDNS: it affects ssh
hostname processing for authorized_keys, not known_hosts; bz#2554
* ssh(1): Fix authentication using lone certificate keys in an agent
without corresponding private keys on the filesystem. bz#2550
* sshd(8): Send ClientAliveInterval pings when a time-based
RekeyLimit is set; previously keepalive packets were not being
sent. bz#2252
Portability
-----------
* ssh(1), sshd(8): Fix compilation by automatically disabling ciphers
not supported by OpenSSL. bz#2466
* misc: Fix compilation failures on some versions of AIX's compiler
related to the definition of the VA_COPY macro. bz#2589
* sshd(8): Whitelist more architectures to enable the seccomp-bpf
sandbox. bz#2590
* ssh-agent(1), sftp-server(8): Disable process tracing on Solaris
using setpflags(__PROC_PROTECT, ...). bz#2584
* sshd(8): On Solaris, don't call Solaris setproject() with
UsePAM=yes it's PAM's responsibility. bz#2425
Checksums:
==========
- SHA1 (openssh-7.3.tar.gz) = b1641e5265d9ec68a9a19decc3a7edd1203cbd33
- SHA256 (openssh-7.3.tar.gz) = vS0X35qrX9OOPBkyDMYhOje/DBwHBVEV7nv5rkzw4vM=
- SHA1 (openssh-7.3p1.tar.gz) = bfade84283fcba885e2084343ab19a08c7d123a5
- SHA256 (openssh-7.3p1.tar.gz) = P/uYmm3KppWUw7VQ1IVaWi4XGMzd5/XjY4e0JCIPvsw=
Please note that the SHA256 signatures are base64 encoded and not
hexadecimal (which is the default for most checksum tools). The PGP
key used to sign the releases is available as RELEASE_KEY.asc from
the mirror sites.
Reporting Bugs:
===============
- Please read http://www.openssh.com/report.html
Security bugs should be reported directly to openssh@openssh.com
OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de
Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre,
Tim Rice and Ben Lindstrom.
2016-08-02 16:29:05 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
grow_dst(char **dst, size_t *sz, size_t maxsz, char **dp, size_t need)
|
|
|
|
{
|
|
|
|
char *tp;
|
|
|
|
size_t tsz;
|
|
|
|
|
|
|
|
if (*dp + need < *dst + *sz)
|
|
|
|
return 0;
|
|
|
|
tsz = *sz + 128;
|
|
|
|
if (tsz > maxsz)
|
|
|
|
tsz = maxsz;
|
|
|
|
if ((tp = realloc(*dst, tsz)) == NULL)
|
|
|
|
return -1;
|
|
|
|
*dp = tp + (*dp - *dst);
|
|
|
|
*dst = tp;
|
|
|
|
*sz = tsz;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* The following two functions limit the number of bytes written,
|
|
|
|
* including the terminating '\0', to sz. Unless wp is NULL,
|
|
|
|
* they limit the number of display columns occupied to *wp.
|
|
|
|
* Whichever is reached first terminates the output string.
|
|
|
|
* To stay close to the standard interfaces, they return the number of
|
|
|
|
* non-NUL bytes that would have been written if both were unlimited.
|
|
|
|
* If wp is NULL, newline, carriage return, and tab are allowed;
|
|
|
|
* otherwise, the actual number of columns occupied by what was
|
|
|
|
* written is returned in *wp.
|
|
|
|
*/
|
|
|
|
|
|
|
|
static int
|
|
|
|
vasnmprintf(char **str, size_t maxsz, int *wp, const char *fmt, va_list ap)
|
|
|
|
{
|
|
|
|
char *src; /* Source string returned from vasprintf. */
|
|
|
|
char *sp; /* Pointer into src. */
|
|
|
|
char *dst; /* Destination string to be returned. */
|
|
|
|
char *dp; /* Pointer into dst. */
|
|
|
|
char *tp; /* Temporary pointer for dst. */
|
|
|
|
size_t sz; /* Number of bytes allocated for dst. */
|
|
|
|
wchar_t wc; /* Wide character at sp. */
|
|
|
|
int len; /* Number of bytes in the character at sp. */
|
|
|
|
int ret; /* Number of bytes needed to format src. */
|
|
|
|
int width; /* Display width of the character wc. */
|
|
|
|
int total_width, max_width, print;
|
|
|
|
|
|
|
|
src = NULL;
|
|
|
|
if ((ret = vasprintf(&src, fmt, ap)) <= 0)
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
sz = strlen(src) + 1;
|
|
|
|
if ((dst = malloc(sz)) == NULL) {
|
|
|
|
free(src);
|
OpenSSH 7.5 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support. OpenSSH also includes
transitional support for the legacy SSH 1.3 and 1.5 protocols
that may be enabled at compile-time.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
http://www.openssh.com/donations.html
Future deprecation notice
=========================
We plan on retiring more legacy cryptography in future releases,
specifically:
* In the next major release (expected June-August), removing remaining
support for the SSH v.1 protocol (currently client-only and compile-
time disabled).
* In the same release, removing support for Blowfish and RC4 ciphers
and the RIPE-MD160 HMAC. (These are currently run-time disabled).
* In the same release, removing the remaining CBC ciphers from being
offered by default in the client (These have not been offered in
sshd by default for several years).
* Refusing all RSA keys smaller than 1024 bits (the current minimum
is 768 bits)
This list reflects our current intentions, but please check the final
release notes for future releases.
Potentially-incompatible changes
================================
This release includes a number of changes that may affect existing
configurations:
* This release deprecates the sshd_config UsePrivilegeSeparation
option, thereby making privilege separation mandatory. Privilege
separation has been on by default for almost 15 years and
sandboxing has been on by default for almost the last five.
* The format of several log messages emitted by the packet code has
changed to include additional information about the user and
their authentication state. Software that monitors ssh/sshd logs
may need to account for these changes. For example:
Connection closed by user x 1.1.1.1 port 1234 [preauth]
Connection closed by authenticating user x 10.1.1.1 port 1234 [preauth]
Connection closed by invalid user x 1.1.1.1 port 1234 [preauth]
Affected messages include connection closure, timeout, remote
disconnection, negotiation failure and some other fatal messages
generated by the packet code.
* [Portable OpenSSH only] This version removes support for building
against OpenSSL versions prior to 1.0.1. OpenSSL stopped supporting
versions prior to 1.0.1 over 12 months ago (i.e. they no longer
receive fixes for security bugs).
2017-04-18 21:39:17 +03:00
|
|
|
ret = -1;
|
OpenSSH 7.3 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support. OpenSSH also includes
transitional support for the legacy SSH 1.3 and 1.5 protocols
that may be enabled at compile-time.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
http://www.openssh.com/donations.html
Future deprecation notice
=========================
We plan on retiring more legacy cryptography in a near-future
release, specifically:
* Refusing all RSA keys smaller than 1024 bits (the current minimum
is 768 bits)
* Removing server-side support for the SSH v.1 protocol (currently
compile-time disabled).
* In approximately 1 year, removing all support for the SSH v.1
protocol (currently compile-time disabled).
This list reflects our current intentions, but please check the final
release notes for future releases.
Changes since OpenSSH 7.2
=========================
This is primarily a bugfix release.
Security
--------
* sshd(8): Mitigate a potential denial-of-service attack against
the system's crypt(3) function via sshd(8). An attacker could
send very long passwords that would cause excessive CPU use in
crypt(3). sshd(8) now refuses to accept password authentication
requests of length greater than 1024 characters. Independently
reported by Tomas Kuthan (Oracle), Andres Rojas and Javier Nieto.
* sshd(8): Mitigate timing differences in password authentication
that could be used to discern valid from invalid account names
when long passwords were sent and particular password hashing
algorithms are in use on the server. CVE-2016-6210, reported by
EddieEzra.Harari at verint.com
* ssh(1), sshd(8): Fix observable timing weakness in the CBC padding
oracle countermeasures. Reported by Jean Paul Degabriele, Kenny
Paterson, Torben Hansen and Martin Albrecht. Note that CBC ciphers
are disabled by default and only included for legacy compatibility.
* ssh(1), sshd(8): Improve operation ordering of MAC verification for
Encrypt-then-MAC (EtM) mode transport MAC algorithms to verify the
MAC before decrypting any ciphertext. This removes the possibility
of timing differences leaking facts about the plaintext, though no
such leakage has been observed. Reported by Jean Paul Degabriele,
Kenny Paterson, Torben Hansen and Martin Albrecht.
* sshd(8): (portable only) Ignore PAM environment vars when
UseLogin=yes. If PAM is configured to read user-specified
environment variables and UseLogin=yes in sshd_config, then a
hostile local user may attack /bin/login via LD_PRELOAD or
similar environment variables set via PAM. CVE-2015-8325,
found by Shayan Sadigh.
New Features
------------
* ssh(1): Add a ProxyJump option and corresponding -J command-line
flag to allow simplified indirection through a one or more SSH
bastions or "jump hosts".
* ssh(1): Add an IdentityAgent option to allow specifying specific
agent sockets instead of accepting one from the environment.
* ssh(1): Allow ExitOnForwardFailure and ClearAllForwardings to be
optionally overridden when using ssh -W. bz#2577
* ssh(1), sshd(8): Implement support for the IUTF8 terminal mode as
per draft-sgtatham-secsh-iutf8-00.
* ssh(1), sshd(8): Add support for additional fixed Diffie-Hellman
2K, 4K and 8K groups from draft-ietf-curdle-ssh-kex-sha2-03.
* ssh-keygen(1), ssh(1), sshd(8): support SHA256 and SHA512 RSA
signatures in certificates;
* ssh(1): Add an Include directive for ssh_config(5) files.
* ssh(1): Permit UTF-8 characters in pre-authentication banners sent
from the server. bz#2058
Bugfixes
--------
* ssh(1), sshd(8): Reduce the syslog level of some relatively common
protocol events from LOG_CRIT. bz#2585
* sshd(8): Refuse AuthenticationMethods="" in configurations and
accept AuthenticationMethods=any for the default behaviour of not
requiring multiple authentication. bz#2398
* sshd(8): Remove obsolete and misleading "POSSIBLE BREAK-IN
ATTEMPT!" message when forward and reverse DNS don't match. bz#2585
* ssh(1): Close ControlPersist background process stderr except
in debug mode or when logging to syslog. bz#1988
* misc: Make PROTOCOL description for direct-streamlocal@openssh.com
channel open messages match deployed code. bz#2529
* ssh(1): Deduplicate LocalForward and RemoteForward entries to fix
failures when both ExitOnForwardFailure and hostname
canonicalisation are enabled. bz#2562
* sshd(8): Remove fallback from moduli to obsolete "primes" file
that was deprecated in 2001. bz#2559.
* sshd_config(5): Correct description of UseDNS: it affects ssh
hostname processing for authorized_keys, not known_hosts; bz#2554
* ssh(1): Fix authentication using lone certificate keys in an agent
without corresponding private keys on the filesystem. bz#2550
* sshd(8): Send ClientAliveInterval pings when a time-based
RekeyLimit is set; previously keepalive packets were not being
sent. bz#2252
Portability
-----------
* ssh(1), sshd(8): Fix compilation by automatically disabling ciphers
not supported by OpenSSL. bz#2466
* misc: Fix compilation failures on some versions of AIX's compiler
related to the definition of the VA_COPY macro. bz#2589
* sshd(8): Whitelist more architectures to enable the seccomp-bpf
sandbox. bz#2590
* ssh-agent(1), sftp-server(8): Disable process tracing on Solaris
using setpflags(__PROC_PROTECT, ...). bz#2584
* sshd(8): On Solaris, don't call Solaris setproject() with
UsePAM=yes it's PAM's responsibility. bz#2425
Checksums:
==========
- SHA1 (openssh-7.3.tar.gz) = b1641e5265d9ec68a9a19decc3a7edd1203cbd33
- SHA256 (openssh-7.3.tar.gz) = vS0X35qrX9OOPBkyDMYhOje/DBwHBVEV7nv5rkzw4vM=
- SHA1 (openssh-7.3p1.tar.gz) = bfade84283fcba885e2084343ab19a08c7d123a5
- SHA256 (openssh-7.3p1.tar.gz) = P/uYmm3KppWUw7VQ1IVaWi4XGMzd5/XjY4e0JCIPvsw=
Please note that the SHA256 signatures are base64 encoded and not
hexadecimal (which is the default for most checksum tools). The PGP
key used to sign the releases is available as RELEASE_KEY.asc from
the mirror sites.
Reporting Bugs:
===============
- Please read http://www.openssh.com/report.html
Security bugs should be reported directly to openssh@openssh.com
OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de
Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre,
Tim Rice and Ben Lindstrom.
2016-08-02 16:29:05 +03:00
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (maxsz > INT_MAX)
|
|
|
|
maxsz = INT_MAX;
|
|
|
|
|
|
|
|
sp = src;
|
|
|
|
dp = dst;
|
|
|
|
ret = 0;
|
|
|
|
print = 1;
|
|
|
|
total_width = 0;
|
|
|
|
max_width = wp == NULL ? INT_MAX : *wp;
|
|
|
|
while (*sp != '\0') {
|
|
|
|
if ((len = mbtowc(&wc, sp, MB_CUR_MAX)) == -1) {
|
|
|
|
(void)mbtowc(NULL, NULL, MB_CUR_MAX);
|
|
|
|
if (dangerous_locale()) {
|
|
|
|
ret = -1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
len = 1;
|
|
|
|
width = -1;
|
|
|
|
} else if (wp == NULL &&
|
|
|
|
(wc == L'\n' || wc == L'\r' || wc == L'\t')) {
|
|
|
|
/*
|
|
|
|
* Don't use width uninitialized; the actual
|
|
|
|
* value doesn't matter because total_width
|
|
|
|
* is only returned for wp != NULL.
|
|
|
|
*/
|
|
|
|
width = 0;
|
|
|
|
} else if ((width = wcwidth(wc)) == -1 &&
|
|
|
|
dangerous_locale()) {
|
|
|
|
ret = -1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Valid, printable character. */
|
|
|
|
|
|
|
|
if (width >= 0) {
|
|
|
|
if (print && (dp - dst >= (int)maxsz - len ||
|
|
|
|
total_width > max_width - width))
|
|
|
|
print = 0;
|
|
|
|
if (print) {
|
|
|
|
if (grow_dst(&dst, &sz, maxsz,
|
|
|
|
&dp, len) == -1) {
|
|
|
|
ret = -1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
total_width += width;
|
|
|
|
memcpy(dp, sp, len);
|
|
|
|
dp += len;
|
|
|
|
}
|
|
|
|
sp += len;
|
|
|
|
if (ret >= 0)
|
|
|
|
ret += len;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Escaping required. */
|
|
|
|
|
|
|
|
while (len > 0) {
|
|
|
|
if (print && (dp - dst >= (int)maxsz - 4 ||
|
|
|
|
total_width > max_width - 4))
|
|
|
|
print = 0;
|
|
|
|
if (print) {
|
|
|
|
if (grow_dst(&dst, &sz, maxsz,
|
|
|
|
&dp, 4) == -1) {
|
|
|
|
ret = -1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
tp = vis(dp, *sp, VIS_OCTAL | VIS_ALL, 0);
|
|
|
|
width = tp - dp;
|
|
|
|
total_width += width;
|
|
|
|
dp = tp;
|
|
|
|
} else
|
|
|
|
width = 4;
|
|
|
|
len--;
|
|
|
|
sp++;
|
|
|
|
if (ret >= 0)
|
|
|
|
ret += width;
|
|
|
|
}
|
|
|
|
if (len > 0)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
free(src);
|
|
|
|
*dp = '\0';
|
|
|
|
*str = dst;
|
|
|
|
if (wp != NULL)
|
|
|
|
*wp = total_width;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If the string was truncated by the width limit but
|
|
|
|
* would have fit into the size limit, the only sane way
|
|
|
|
* to report the problem is using the return value, such
|
|
|
|
* that the usual idiom "if (ret < 0 || ret >= sz) error"
|
|
|
|
* works as expected.
|
|
|
|
*/
|
|
|
|
|
|
|
|
if (ret < (int)maxsz && !print)
|
|
|
|
ret = -1;
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
fail:
|
|
|
|
if (wp != NULL)
|
|
|
|
*wp = 0;
|
|
|
|
if (ret == 0) {
|
|
|
|
*str = src;
|
|
|
|
return 0;
|
|
|
|
} else {
|
|
|
|
*str = NULL;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
snmprintf(char *str, size_t sz, int *wp, const char *fmt, ...)
|
|
|
|
{
|
|
|
|
va_list ap;
|
|
|
|
char *cp;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
va_start(ap, fmt);
|
|
|
|
ret = vasnmprintf(&cp, sz, wp, fmt, ap);
|
|
|
|
va_end(ap);
|
|
|
|
if (cp != NULL) {
|
|
|
|
(void)strlcpy(str, cp, sz);
|
|
|
|
free(cp);
|
|
|
|
} else
|
|
|
|
*str = '\0';
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* To stay close to the standard interfaces, the following functions
|
|
|
|
* return the number of non-NUL bytes written.
|
|
|
|
*/
|
|
|
|
|
|
|
|
int
|
|
|
|
vfmprintf(FILE *stream, const char *fmt, va_list ap)
|
|
|
|
{
|
|
|
|
char *str;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
if ((ret = vasnmprintf(&str, INT_MAX, NULL, fmt, ap)) < 0)
|
|
|
|
return -1;
|
|
|
|
if (fputs(str, stream) == EOF)
|
|
|
|
ret = -1;
|
|
|
|
free(str);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
fmprintf(FILE *stream, const char *fmt, ...)
|
|
|
|
{
|
|
|
|
va_list ap;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
va_start(ap, fmt);
|
|
|
|
ret = vfmprintf(stream, fmt, ap);
|
|
|
|
va_end(ap);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
mprintf(const char *fmt, ...)
|
|
|
|
{
|
|
|
|
va_list ap;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
va_start(ap, fmt);
|
|
|
|
ret = vfmprintf(stdout, fmt, ap);
|
|
|
|
va_end(ap);
|
|
|
|
return ret;
|
|
|
|
}
|