Makefile.in | 3 2 + 1 - 0 !
README.md | 33 33 + 0 - 0 !
auth.c | 96 2 + 94 - 0 !
auth2-gss.c | 56 53 + 3 - 0 !
auth2.c | 2 2 + 0 - 0 !
canohost.c | 93 93 + 0 - 0 !
canohost.h | 3 3 + 0 - 0 !
clientloop.c | 15 14 + 1 - 0 !
configure.ac | 24 24 + 0 - 0 !
gss-genr.c | 300 296 + 4 - 0 !
gss-serv-krb5.c | 85 78 + 7 - 0 !
gss-serv.c | 186 171 + 15 - 0 !
kex.c | 66 63 + 3 - 0 !
kex.h | 29 29 + 0 - 0 !
kexdh.c | 10 10 + 0 - 0 !
kexgen.c | 2 1 + 1 - 0 !
kexgssc.c | 606 606 + 0 - 0 !
kexgsss.c | 474 474 + 0 - 0 !
monitor.c | 139 128 + 11 - 0 !
monitor.h | 2 2 + 0 - 0 !
monitor_wrap.c | 57 56 + 1 - 0 !
monitor_wrap.h | 4 3 + 1 - 0 !
readconf.c | 70 70 + 0 - 0 !
readconf.h | 6 6 + 0 - 0 !
servconf.c | 47 47 + 0 - 0 !
servconf.h | 3 3 + 0 - 0 !
session.c | 10 8 + 2 - 0 !
ssh-gss.h | 54 50 + 4 - 0 !
ssh.1 | 8 8 + 0 - 0 !
ssh.c | 6 4 + 2 - 0 !
ssh_config | 2 2 + 0 - 0 !
ssh_config.5 | 57 57 + 0 - 0 !
sshconnect2.c | 154 149 + 5 - 0 !
sshd.c | 62 58 + 4 - 0 !
sshd_config | 2 2 + 0 - 0 !
sshd_config.5 | 30 30 + 0 - 0 !
sshkey.c | 3 2 + 1 - 0 !
sshkey.h | 1 1 + 0 - 0 !
38 files changed, 2640 insertions(+), 160 deletions(-)

 gssapi key exchange support

This patch has been rejected upstream: "None of the OpenSSH developers are
in favour of adding this, and this situation has not changed for several
years.  This is not a slight on Simon's patch, which is of fine quality, but
just that a) we don't trust GSSAPI implementations that much and b) we don't
like adding new KEX since they are pre-auth attack surface.  This one is
particularly scary, since it requires hooks out to typically root-owned
system resources."

However, quite a lot of people rely on this in Debian, and it's better to
have it merged into the main openssh package rather than having separate
-krb5 packages (as we used to have).  It seems to have a generally good
security history.

configure.ac | 57 57 + 0 - 0 !
sshd.8 | 7 7 + 0 - 0 !
sshd.c | 25 25 + 0 - 0 !
3 files changed, 89 insertions(+)

 restore tcp wrappers support

Support for TCP wrappers was dropped in OpenSSH 6.7.  See this message
and thread:

  https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032497.html

It is true that this reduces preauth attack surface in sshd.  On the
other hand, this support seems to be quite widely used, and abruptly
dropping it (from the perspective of users who don't read
openssh-unix-dev) could easily cause more serious problems in practice.

It's not entirely clear what the right long-term answer for Debian is,
but it at least probably doesn't involve dropping this feature shortly
before a freeze.

auth.h | 1 1 + 0 - 0 !
auth2.c | 10 8 + 2 - 0 !
monitor.c | 37 33 + 4 - 0 !
monitor.h | 2 2 + 0 - 0 !
monitor_wrap.c | 27 24 + 3 - 0 !
monitor_wrap.h | 3 2 + 1 - 0 !
openbsd-compat/port-linux.c | 21 14 + 7 - 0 !
openbsd-compat/port-linux.h | 4 2 + 2 - 0 !
platform.c | 4 2 + 2 - 0 !
platform.h | 2 1 + 1 - 0 !
session.c | 10 5 + 5 - 0 !
session.h | 2 1 + 1 - 0 !
sshd.c | 2 1 + 1 - 0 !
sshpty.c | 4 2 + 2 - 0 !
sshpty.h | 2 1 + 1 - 0 !
15 files changed, 99 insertions(+), 32 deletions(-)

 handle selinux authorisation roles

Rejected upstream due to discomfort with magic usernames; a better approach
will need an SSH protocol change.  In the meantime, this came from Debian's
SELinux maintainer, so we'll keep it until we have something better.

Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641
Bug-Debian: http://bugs.debian.org/394795

readconf.c | 1 1 + 0 - 0 !
servconf.c | 1 1 + 0 - 0 !
2 files changed, 2 insertions(+)

 accept obsolete ssh-vulnkey configuration options

These options were used as part of Debian's response to CVE-2008-0166.
Nearly six years later, we no longer need to continue carrying the bulk
of that patch, but we do need to avoid failing when the associated
configuration options are still present.

readconf.c | 14 12 + 2 - 0 !
ssh_config.5 | 21 19 + 2 - 0 !
sshd_config.5 | 3 3 + 0 - 0 !
3 files changed, 34 insertions(+), 4 deletions(-)

 various keepalive extensions

Add compatibility aliases for ProtocolKeepAlives and SetupTimeOut, supported
in previous versions of Debian's OpenSSH package but since superseded by
ServerAliveInterval.  (We're probably stuck with this bit for
compatibility.)

In batch mode, default ServerAliveInterval to five minutes.

Adjust documentation to match and to give some more advice on use of
keepalives.

log.c | 1 1 + 0 - 0 !
ssh.c | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 1 deletion(-)

 "loglevel silent" compatibility

"LogLevel SILENT" (-qq) was introduced in Debian openssh 1:3.0.1p1-1 to
match the behaviour of non-free SSH, in which -q does not suppress fatal
errors.  However, this was unintentionally broken in 1:4.6p1-2 and nobody
complained, so we've dropped most of it.  The parts that remain are basic
configuration file compatibility, and an adjustment to "Pseudo-terminal will
not be allocated ..." which should be split out into a separate patch.

auth-rhosts.c | 6 2 + 4 - 0 !
auth.c | 3 1 + 2 - 0 !
misc.c | 58 53 + 5 - 0 !
misc.h | 2 2 + 0 - 0 !
readconf.c | 3 1 + 2 - 0 !
ssh.1 | 2 2 + 0 - 0 !
ssh_config.5 | 2 2 + 0 - 0 !
7 files changed, 63 insertions(+), 13 deletions(-)

 allow harmless group-writability

Allow secure files (~/.ssh/config, ~/.ssh/authorized_keys, etc.) to be
group-writable, provided that the group in question contains only the file's
owner.  Rejected upstream for IMO incorrect reasons (e.g. a misunderstanding
about the contents of gr->gr_mem).  Given that per-user groups and umask 002
are the default setup in Debian (for good reasons - this makes operating in
setgid directories with other groups much easier), we need to permit this by
default.

Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347

scp.c | 12 10 + 2 - 0 !
1 file changed, 10 insertions(+), 2 deletions(-)

 adjust scp quoting in verbose mode

Tweak scp's reporting of filenames in verbose mode to be a bit less
confusing with spaces.

This should be revised to mimic real shell quoting.

Bug-Ubuntu: https://bugs.launchpad.net/bugs/89945

sshconnect.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 look for $shell on the path for proxycommand/localcommand

There's some debate on the upstream bug about whether POSIX requires this.
I (Colin Watson) agree with Vincent and think it does.

Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1494
Bug-Debian: http://bugs.debian.org/492728

dns.c | 14 13 + 1 - 0 !
openbsd-compat/getrrsetbyname.c | 10 5 + 5 - 0 !
openbsd-compat/getrrsetbyname.h | 3 3 + 0 - 0 !
3 files changed, 21 insertions(+), 6 deletions(-)

 force use of dnssec even if "options edns0" isn't in resolv.conf

This allows SSHFP DNS records to be verified if glibc 2.11 is installed.

sshconnect.c | 9 8 + 1 - 0 !
1 file changed, 8 insertions(+), 1 deletion(-)

 mention ssh-keygen in ssh fingerprint changed warning

kex.c | 2 1 + 1 - 0 !
version.h | 7 6 + 1 - 0 !
2 files changed, 7 insertions(+), 2 deletions(-)

 include the debian version in our identification

This makes it easier to audit networks for versions patched against security
vulnerabilities.  It has little detrimental effect, as attackers will
generally just try attacks rather than bothering to scan for
vulnerable-looking version strings.  (However, see debian-banner.patch.)

kex.c | 5 3 + 2 - 0 !
kex.h | 2 1 + 1 - 0 !
servconf.c | 9 9 + 0 - 0 !
servconf.h | 2 2 + 0 - 0 !
sshconnect.c | 2 1 + 1 - 0 !
sshd.c | 2 1 + 1 - 0 !
sshd_config.5 | 5 5 + 0 - 0 !
7 files changed, 22 insertions(+), 5 deletions(-)

 add debianbanner server configuration option

Setting this to "no" causes sshd to omit the Debian revision from its
initial protocol handshake, for those scared by package-versioning.patch.

Bug-Debian: http://bugs.debian.org/562048

Makefile.in | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 install authorized_keys(5) as a symlink to sshd(8)

Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1720
Bug-Debian: http://bugs.debian.org/441817

moduli.5 | 4 2 + 2 - 0 !
ssh-keygen.1 | 12 4 + 8 - 0 !
ssh.1 | 4 4 + 0 - 0 !
sshd.8 | 5 2 + 3 - 0 !
sshd_config.5 | 3 1 + 2 - 0 !
5 files changed, 13 insertions(+), 15 deletions(-)

 adjust various openbsd-specific references in manual pages

No single bug reference for this patch, but history includes:
 http://bugs.debian.org/154434 (login.conf(5))
 http://bugs.debian.org/513417 (/etc/rc)
 http://bugs.debian.org/530692 (ssl(8))
 https://bugs.launchpad.net/bugs/456660 (ssl(8))

ssh.1 | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 ssh(1): refer to ssh-argv0(1)

Old versions of OpenSSH (up to 2.5 or thereabouts) allowed creating symlinks
to ssh with the name of the host you want to connect to.  Debian ships an
ssh-argv0 script restoring this feature; this patch refers to its manual
page from ssh(1).

Bug-Debian: http://bugs.debian.org/111341

ssh_config.5 | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 document that hashknownhosts may break tab-completion

Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1727
Bug-Debian: http://bugs.debian.org/430154

ssh-agent.1 | 15 15 + 0 - 0 !
1 file changed, 15 insertions(+)

 document consequences of ssh-agent being setgid in ssh-agent(1)

Bug-Debian: http://bugs.debian.org/711623

openbsd-compat/openssl-compat.c | 6 3 + 3 - 0 !
openbsd-compat/regress/opensslvertest.c | 1 1 + 0 - 0 !
2 files changed, 4 insertions(+), 3 deletions(-)

 don't check the status field of the openssl version

There is no reason to check the version of OpenSSL (in Debian).  If it's
not compatible the soname will change.  OpenSSH seems to want to do a
check for the soname based on the version number, but wants to keep the
status of the release the same.  Remove that check on the status since
it doesn't tell you anything about how compatible that version is.

contrib/gnome-ssh-askpass2.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 give the ssh-askpass-gnome window a default icon

Bug-Ubuntu: https://bugs.launchpad.net/bugs/27152

configure.ac | 24 24 + 0 - 0 !
sshd.c | 9 9 + 0 - 0 !
2 files changed, 33 insertions(+)

 add systemd readiness notification support

Bug-Debian: https://bugs.debian.org/778913

readconf.c | 2 1 + 1 - 0 !
ssh.1 | 24 24 + 0 - 0 !
ssh_config | 8 7 + 1 - 0 !
ssh_config.5 | 26 25 + 1 - 0 !
sshd_config | 18 12 + 6 - 0 !
sshd_config.5 | 29 29 + 0 - 0 !
6 files changed, 98 insertions(+), 9 deletions(-)

 various debian-specific configuration changes

ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause
fewer problems with existing setups (http://bugs.debian.org/237021).

ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024).

ssh: Enable HashKnownHosts by default to try to limit the spread of ssh
worms.

ssh: Enable GSSAPIAuthentication by default.

ssh: Include /etc/ssh/ssh_config.d/*.conf.

sshd: Enable PAM, disable ChallengeResponseAuthentication, and disable
PrintMotd.

sshd: Enable X11Forwarding.

sshd: Set 'AcceptEnv LANG LC_*' by default.

sshd: Change sftp subsystem path to /usr/lib/openssh/sftp-server.

sshd: Include /etc/ssh/sshd_config.d/*.conf.

Document all of this.

sshd_config | 5 2 + 3 - 0 !
1 file changed, 2 insertions(+), 3 deletions(-)

 restore reading authorized_keys2 by default

Upstream seems to intend to gradually phase this out, so don't assume
that this will remain the default forever.  However, we were late in
adopting the upstream sshd_config changes, so it makes sense to extend
the grace period.

Bug-Debian: https://bugs.debian.org/852320

regress/Makefile | 2 1 + 1 - 0 !
regress/conch-ciphers.sh | 2 1 + 1 - 0 !
regress/test-exec.sh | 12 12 + 0 - 0 !
3 files changed, 14 insertions(+), 2 deletions(-)

 work around conch interoperability failure

Twisted Conch fails to read private keys in the new format
(https://twistedmatrix.com/trac/ticket/9515).  Work around this until it
can be fixed in Twisted.

readconf.c | 4 2 + 2 - 0 !
servconf.c | 4 2 + 2 - 0 !
ssh_config.5 | 6 2 + 4 - 0 !
sshd_config.5 | 6 2 + 4 - 0 !
4 files changed, 8 insertions(+), 12 deletions(-)

 revert "upstream: update default ipqos in ssh(1), sshd(8) to dscp
 AF21 for"

This reverts commit 5ee8448ad7c306f05a9f56769f95336a8269f379.

The IPQoS default changes have some unfortunate interactions with
iptables (see https://bugs.debian.org/923880) and VMware, so I'm
temporarily reverting them until those have been fixed.

Bug-Debian: https://bugs.debian.org/923879
Bug-Debian: https://bugs.debian.org/926229
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1822370

configure.ac | 6 0 + 6 - 0 !
1 file changed, 6 deletions(-)

 revert "detect linux/x32 systems"

This reverts commit 5b56bd0affea7b02b540bdbc4d1d271b0e4fc885.  The bug
reporter wasn't actually using x32, but rather an ordinary 32-bit
userspace on a 64-bit kernel; this patch broke the seccomp sandbox on
the actual x32 architecture.

Patch-Name: revert-x32-sandbox-breakage.patch

contrib/ssh-copy-id | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 fix `eof: command not found` error in ssh-copy-id

ssh-agent.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 double free in ssh-agent(1)

sandbox-seccomp-filter.c | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 add new pselect6_time64 syscall on arm.

This is apparently needed on armhfp/armv7hl.  bz#3232, patch from
jjelen at redhat.com.

ssh-pkcs11.c | 6 2 + 4 - 0 !
1 file changed, 2 insertions(+), 4 deletions(-)

 terminate pkcs11 process for bad libraries

misc.c | 79 79 + 0 - 0 !
misc.h | 1 1 + 0 - 0 !
ssh-pkcs11.c | 4 4 + 0 - 0 !
ssh-sk.c | 6 4 + 2 - 0 !
4 files changed, 88 insertions(+), 2 deletions(-)

 upstream: ensure fido/pkcs11 libraries contain expected symbols

This checks via nlist(3) that candidate provider libraries contain one
of the symbols that we will require prior to dlopen(), which can cause
a number of side effects, including execution of constructors.

Feedback deraadt; ok markus

OpenBSD-Commit-ID: 1508a5fbd74e329e69a55b56c453c292029aefbe

auth.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 upstream: need initgroups() before setresgid(); reported by anton@,

ok deraadt@

OpenBSD-Commit-ID: 6aa003ee658b316960d94078f2a16edbc25087ce

Bug-Debian: https://bugs.debian.org/995130

auth.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 initgroups needs grp.h

Bug-Debian: https://bugs.debian.org/995130

PROTOCOL | 26 26 + 0 - 0 !
kex.c | 68 52 + 16 - 0 !
kex.h | 1 1 + 0 - 0 !
packet.c | 80 60 + 20 - 0 !
sshconnect2.c | 14 4 + 10 - 0 !
sshd.c | 8 6 + 2 - 0 !
6 files changed, 149 insertions(+), 48 deletions(-)

 upstream: implement "strict key exchange" in ssh and sshd

This adds a protocol extension to improve the integrity of the SSH
transport protocol, particular in and around the initial key exchange
(KEX) phase.

Full details of the extension are in the PROTOCOL file.

with markus@

OpenBSD-Commit-ID: 2a66ac962f0a630d7945fee54004ed9e9c439f14

ssh.c | 39 39 + 0 - 0 !
1 file changed, 39 insertions(+)

 upstream: ban user/hostnames with most shell metacharacters

This makes ssh(1) refuse user or host names provided on the
commandline that contain most shell metacharacters.

Some programs that invoke ssh(1) using untrusted data do not filter
metacharacters in arguments they supply. This could create
interactions with user-specified ProxyCommand and other directives
that allow shell injection attacks to occur.

It's a mistake to invoke ssh(1) with arbitrary untrusted arguments,
but getting this stuff right can be tricky, so this should prevent
most obvious ways of creating risky situations. It however is not
and cannot be perfect: ssh(1) has no practical way of interpreting
what shell quoting rules are in use and how they interact with the
user's specified ProxyCommand.

To allow configurations that use strange user or hostnames to
continue to work, this strictness is applied only to names coming
from the commandline. Names specified using User or Hostname
directives in ssh_config(5) are not affected.

feedback/ok millert@ markus@ dtucker@ deraadt@

OpenBSD-Commit-ID: 3b487348b5964f3e77b6b4d3da4c3b439e94b2d9