2e2c8b5bf9
For full changes, please refer ChangeLog file. Future deprecation notice ========================= We plan on retiring more legacy cryptography in future releases, specifically: * In approximately August 2017, removing remaining support for the SSH v.1 protocol (client-only and currently compile-time disabled). * In the same release, removing support for Blowfish and RC4 ciphers and the RIPE-MD160 HMAC. (These are currently run-time disabled). * Refusing all RSA keys smaller than 1024 bits (the current minimum is 768 bits) * The next release of OpenSSH will remove support for running sshd(8) with privilege separation disabled. * The next release of portable OpenSSH will remove support for OpenSSL version prior to 1.0.1. This list reflects our current intentions, but please check the final release notes for future releases. Potentially-incompatible changes ================================ This release includes a number of changes that may affect existing configurations: * This release removes server support for the SSH v.1 protocol. * ssh(1): Remove 3des-cbc from the client's default proposal. 64-bit block ciphers are not safe in 2016 and we don't want to wait until attacks like SWEET32 are extended to SSH. As 3des-cbc was the only mandatory cipher in the SSH RFCs, this may cause problems connecting to older devices using the default configuration, but it's highly likely that such devices already need explicit configuration for key exchange and hostkey algorithms already anyway. * sshd(8): Remove support for pre-authentication compression. Doing compression early in the protocol probably seemed reasonable in the 1990s, but today it's clearly a bad idea in terms of both cryptography (cf. multiple compression oracle attacks in TLS) and attack surface. Pre-auth compression support has been disabled by default for >10 years. Support remains in the client. * ssh-agent will refuse to load PKCS#11 modules outside a whitelist of trusted paths by default. The path whitelist may be specified at run-time. * sshd(8): When a forced-command appears in both a certificate and an authorized keys/principals command= restriction, sshd will now refuse to accept the certificate unless they are identical. The previous (documented) behaviour of having the certificate forced-command override the other could be a bit confusing and error-prone. * sshd(8): Remove the UseLogin configuration directive and support for having /bin/login manage login sessions. Changes since OpenSSH 7.3 ========================= This is primarily a bugfix release. Security -------- * ssh-agent(1): Will now refuse to load PKCS#11 modules from paths outside a trusted whitelist (run-time configurable). Requests to load modules could be passed via agent forwarding and an attacker could attempt to load a hostile PKCS#11 module across the forwarded agent channel: PKCS#11 modules are shared libraries, so this would result in code execution on the system running the ssh-agent if the attacker has control of the forwarded agent-socket (on the host running the sshd server) and the ability to write to the filesystem of the host running ssh-agent (usually the host running the ssh client). Reported by Jann Horn of Project Zero. * sshd(8): When privilege separation is disabled, forwarded Unix- domain sockets would be created by sshd(8) with the privileges of 'root' instead of the authenticated user. This release refuses Unix-domain socket forwarding when privilege separation is disabled (Privilege separation has been enabled by default for 14 years). Reported by Jann Horn of Project Zero. * sshd(8): Avoid theoretical leak of host private key material to privilege-separated child processes via realloc() when reading keys. No such leak was observed in practice for normal-sized keys, nor does a leak to the child processes directly expose key material to unprivileged users. Reported by Jann Horn of Project Zero. * sshd(8): The shared memory manager used by pre-authentication compression support had a bounds checks that could be elided by some optimising compilers. Additionally, this memory manager was incorrectly accessible when pre-authentication compression was disabled. This could potentially allow attacks against the privileged monitor process from the sandboxed privilege-separation process (a compromise of the latter would be required first). This release removes support for pre-authentication compression from sshd(8). Reported by Guido Vranken using the Stack unstable optimisation identification tool (http://css.csail.mit.edu/stack/) * sshd(8): Fix denial-of-service condition where an attacker who sends multiple KEXINIT messages may consume up to 128MB per connection. Reported by Shi Lei of Gear Team, Qihoo 360. * sshd(8): Validate address ranges for AllowUser and DenyUsers directives at configuration load time and refuse to accept invalid ones. It was previously possible to specify invalid CIDR address ranges (e.g. user@127.1.2.3/55) and these would always match, possibly resulting in granting access where it was not intended. Reported by Laurence Parry.
63 lines
1.8 KiB
C
63 lines
1.8 KiB
C
$NetBSD: patch-clientloop.c,v 1.5 2016/12/30 04:43:16 taca Exp $
|
|
|
|
Fix X11 forwarding under Mac OS X Yosemite. Patch taken from MacPorts.
|
|
|
|
https://trac.macports.org/browser/trunk/dports/net/openssh/files/launchd.patch?rev=121205
|
|
|
|
--- clientloop.c.orig 2016-12-19 04:59:41.000000000 +0000
|
|
+++ clientloop.c
|
|
@@ -315,6 +315,10 @@ client_x11_get_proto(const char *display
|
|
struct stat st;
|
|
u_int now, x11_timeout_real;
|
|
|
|
+#if __APPLE__
|
|
+ int is_path_to_socket = 0;
|
|
+#endif /* __APPLE__ */
|
|
+
|
|
*_proto = proto;
|
|
*_data = data;
|
|
proto[0] = data[0] = xauthfile[0] = xauthdir[0] = '\0';
|
|
@@ -331,6 +335,33 @@ client_x11_get_proto(const char *display
|
|
}
|
|
|
|
if (xauth_path != NULL) {
|
|
+#if __APPLE__
|
|
+ {
|
|
+ /*
|
|
+ * If using launchd socket, remove the screen number from the end
|
|
+ * of $DISPLAY. is_path_to_socket is used later in this function
|
|
+ * to determine if an error should be displayed.
|
|
+ */
|
|
+ char path[PATH_MAX];
|
|
+ struct stat sbuf;
|
|
+
|
|
+ strlcpy(path, display, sizeof(path));
|
|
+ if (0 == stat(path, &sbuf)) {
|
|
+ is_path_to_socket = 1;
|
|
+ } else {
|
|
+ char *dot = strrchr(path, '.');
|
|
+ if (dot) {
|
|
+ *dot = '\0';
|
|
+ /* screen = atoi(dot + 1); */
|
|
+ if (0 == stat(path, &sbuf)) {
|
|
+ is_path_to_socket = 1;
|
|
+ debug("x11_get_proto: $DISPLAY is launchd, removing screennum");
|
|
+ setenv("DISPLAY", path, 1);
|
|
+ }
|
|
+ }
|
|
+ }
|
|
+ }
|
|
+#endif /* __APPLE__ */
|
|
/*
|
|
* Handle FamilyLocal case where $DISPLAY does
|
|
* not match an authorization entry. For this we
|
|
@@ -441,6 +472,9 @@ client_x11_get_proto(const char *display
|
|
u_int8_t rnd[16];
|
|
u_int i;
|
|
|
|
+#if __APPLE__
|
|
+ if (!is_path_to_socket)
|
|
+#endif /* __APPLE__ */
|
|
logit("Warning: No xauth data; "
|
|
"using fake authentication data for X11 forwarding.");
|
|
strlcpy(proto, SSH_X11_PROTO, sizeof proto);
|