Hi, OpenSSH 5.6 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a moderately large release, with a number of new features and bug fixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via anonymous CVS using the instructions at http://www.openssh.com/portable.html#cvs Running the regression tests supplied with Portable OpenSSH does not require installation and is a simply: $ ./configure && make tests Live testing on suitable non-production systems is also appreciated. Please send reports of success or failure to openssh-unix-dev at mindrot.org. Below is a summary of changes. More detail may be found in the ChangeLog in the portable OpenSSH tarballs. Thanks to the many people who contributed to this release. ------------------------------- Features: * Added a ControlPersist option to ssh_config(5) that automatically starts a background ssh(1) multiplex master when connecting. This connection can stay alive indefinitely, or can be set to automatically close after a user-specified duration of inactivity. * Hostbased authentication may now use certificate host keys. CA keys must be specified in a known_hosts file using the @cert-authority marker. * ssh-keygen(1) now supports signing certificates using a CA key that has been stored in a PKCS#11 token. * ssh(1) will now log the hostname and address that we connected to at LogLevel=verbose after authentication is successful to mitigate "phishing" attacks by servers with trusted keys that accept authentication silently and automatically before presenting fake password/passphrase prompts. Note that, for such an attack to be successful, the user must have disabled StrictHostKeyChecking (enabled by default) or an attacker must have access to a trusted host key for the destination server. * Expand %h to the hostname in ssh_config Hostname options. While this sounds useless, it is actually handy for working with unqualified hostnames: Host *.* Hostname %h Host * Hostname %h.example.org * Allow ssh-keygen(1) to import (-i) and export (-e) of PEM and PKCS#8 keys in addition to RFC4716 (SSH.COM) encodings via a new -m option (bz#1749) * sshd(8) will now queue debug messages for bad ownership or permissions on the user's keyfiles encountered during authentication. These messages will be sent after the user has successfully authenticated. These messages may be viewed in ssh(1) at LogLevel=debug or higher. * ssh(1) connection multiplexing now supports remote forwarding with dynamic port allocation and can report the allocated port back to the user: LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost` * sshd(8) now supports indirection in matching of principal names listed in certificates. By default, if a certificate has an embedded principals list then the destination username must match one of the names in the list for it to be accepted for authentication. sshd(8) now supports an optional AuthorizedPrincipalsFile to specify a list of names that may be accepted in place of the username when authorizing a certificate trusted via the sshd_config(5) TrustedCAKeys option. Similarly, authentication using a CA trusted in ~/.ssh/authorized_keys now accepts a principals="name1[,name2,...]" to specify a list of permitted names. If either option is absent, the current behaviour of requiring the username to appear in principals continues to apply. These options are useful for role accounts, disjoint account namespaces and "user at realm"-style naming policies in certificates. * Expose some more sshd_config(5) options inside Match blocks: AuthorizedKeysFile AuthorizedPrincipalsFile HostbasedUsesNameFromPacketOnly PermitTunnel * Revised the format of certificate keys. The new format, identified as ssh-{dss,rsa}-cert-v01 at openssh.com includes the following changes: - Addition of a serial number field. This may be specified by the CA at the time of certificate signing. - Moving the nonce field to the beginning of the certificate where it can better protect against chosen-prefix attacks on the signature hash (currently infeasible against the SHA1 hash used) - Renaming of the "constraints" field to "critical options" - Addng of a new non-critical "extensions" field. The "permit-*" options are now extensions, rather than critical options to permit non-OpenSSH implementation of this key format to degrade gracefully when encountering keys with options they do not recognize. The older format is still support for authentication and cert generation (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate). The older format, introduced in OpenSSH 5.4, will be supported for at least one year from this release, after which it will be deprecated and removed. BugFixes: * The PKCS#11 code now retries a lookup for a private key if there's no matching key with CKA_SIGN attribute enabled; this fixes fixes MuscleCard support (bz#1736) * Unbreak strdelim() skipping past quoted strings, e.g. AllowUsers "blah blah" blah was broken (bz#1757) * sftp(1): fix swapped args in upload_dir_internal(), breaking recursive upload depth checks and causing verbose printing of transfers to always be turned on (bz#1797) * Fix a longstanding problem where if you suspend scp(1) at the password/passphrase prompt the terminal mode is not restored. * Fix PKCS#11 crash on some smartcards by checking the length returned for C_GetAttributValue for != 0 (bz#1773) * sftp(1): unbreak ls in working directories that contain globbing characters in their pathnames (bz#1655) * Print warning for missing home directory when ChrootDirectory=none (bz#1564) * sftp(1): fix memory leak in do_realpath() error path (bz#1771) * ssk-keygen(1): Standardise error messages when attempting to open private key files to include "progname: filename: error reason" (bz#1783) * Replace verbose and overflow-prone Linebuf code with read_keyfile_line() (bz#1565) * Include the user name on "subsystem request for ..." log messages * ssh(1) and sshd(8): remove hardcoded limit of 100 permitopen clauses and port forwards per direction (bz#1327) * sshd(8): ignore stderr output from subsystems to avoid hangs if a subsystem or shell initialisation writes to stderr (bz#1750) * Skip the initial check for access with an empty password when PermitEmptyPasswords=no (bz#1638) * sshd(8): fix logspam when key options (from="..." especially) deny non-matching keys (bz#1765) * ssh-keygen(1): display a more helpful error message when $HOME is inaccessible while trying to create .ssh directory (bz#1740) * ssh(1): fix hang when terminating a mux slave using ~. (bz#1758) * ssh-keygen(1): refuse to generate keys longer than OPENSSL_[RD]SA_MAX_MODULUS_BITS, since we would refuse to use them anyway (bz#1516) * Suppress spurious tty warning when using -O and stdin is not a tty (bz#1746) * Kill channel when pty allocation requests fail. Fixed stuck client if the server refuses pty allocation (bz#1698) Portable OpenSSH Bugfixes: - sshd(8): increase the maximum username length for login recording to 512 characters (bz#1579) * Initialize the values to be returned from PAM to sane values in case the PAM method doesn't write to them. (bz#1795) - Let configure find OpenSSL libraries in a lib64 subdirectory. (bz#1756) Checksums: ========= - SHA1 (openssh-5.5.tar.gz) = XXX - SHA1 (openssh-5.5p1.tar.gz) = XXX Reporting Bugs: ============== - Please read http://www.openssh.com/report.html Security bugs should be reported directly to openssh at openssh.com OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and Ben Lindstrom.
On Mon, Aug 09, 2010 at 13:22:29 -0500, Damien Miller wrote:> Hi, > > OpenSSH 5.6 is almost ready for release, so we would appreciate testing > on as many platforms and systems as possible. This is a moderately large > release, with a number of new features and bug fixes. > > Snapshot releases for portable OpenSSH are available from > http://www.mindrot.org/openssh_snap/ >Hi Damien, In anticipation of this message, I had already begun testing. ;) The current snapshot builds on RHEL 5, but fails regress/login-timeout.sh. I was able to reproduce the problem several times during the process of debugging, but am not able to do so at the moment. The problem was occurring between the test without privilege separation and the one with it. The error indicated that port 4242 was in use, although after the failure there were no stray sshd processes. And netstat showed that the port was in a TIME_WAIT state. I suspect that the issue is the explicit kill in login-timeout.sh. I replaced it with a call to cleanup() and managed to complete the rest of the tests. 13-${SSH} -F $OBJ/ssh_config somehost true 14-if [ $? -ne 0 ]; then 15- fail "ssh connect after login grace timeout failed with privsep" 16-fi 17- 18:$SUDO kill `cat $PIDFILE` 19- 20-trace "test login grace without privsep" 21-echo "UsePrivilegeSeparation no" >> $OBJ/sshd_config 22-start_sshd 23- -- Iain Morgan
On 08/09/2010 08:22 PM, Damien Miller wrote:> Running the regression tests supplied with Portable OpenSSH does not > require installation and is a simply: > > $ ./configure && make tests > > Live testing on suitable non-production systems is also > appreciated. Please send reports of success or failure to > openssh-unix-dev at mindrot.org. >Hi, I gave it a try and I'm happy to report that all tests were passed. This is on Linux 2.6.32 x86_64. Regards Luis MartinGarcia.
The snapshots until current unvariably unpack to openssh Why not add e.g. a timestamp/version-id to the name to inhibit overwriting the directory of (say) yesterday? Some extra precautions could then be avoided. Regards, R. ==================================================================== On Tue, 10 Aug 2010, Damien Miller wrote:> Hi, > > OpenSSH 5.6 is almost ready for release, so we would appreciate testing > on as many platforms and systems as possible. This is a moderately large > release, with a number of new features and bug fixes. > > Snapshot releases for portable OpenSSH are available from > http://www.mindrot.org/openssh_snap/ > > The OpenBSD version is available in CVS HEAD: > http://www.openbsd.org/anoncvs.html > > Portable OpenSSH is also available via anonymous CVS using the > instructions at http://www.openssh.com/portable.html#cvs > > Running the regression tests supplied with Portable OpenSSH does not > require installation and is a simply: > > $ ./configure && make tests > > Live testing on suitable non-production systems is also > appreciated. Please send reports of success or failure to > openssh-unix-dev at mindrot.org. > > Below is a summary of changes. More detail may be found in the ChangeLog > in the portable OpenSSH tarballs. > > Thanks to the many people who contributed to this release. > > ------------------------------- > > Features: > > * Added a ControlPersist option to ssh_config(5) that automatically > starts a background ssh(1) multiplex master when connecting. This > connection can stay alive indefinitely, or can be set to > automatically close after a user-specified duration of inactivity. > > * Hostbased authentication may now use certificate host keys. CA keys > must be specified in a known_hosts file using the @cert-authority > marker. > > * ssh-keygen(1) now supports signing certificates using a CA key that > has been stored in a PKCS#11 token. > > * ssh(1) will now log the hostname and address that we connected to at > LogLevel=verbose after authentication is successful to mitigate > "phishing" attacks by servers with trusted keys that accept > authentication silently and automatically before presenting fake > password/passphrase prompts. > > Note that, for such an attack to be successful, the user must have > disabled StrictHostKeyChecking (enabled by default) or an attacker > must have access to a trusted host key for the destination server. > > * Expand %h to the hostname in ssh_config Hostname options. While this > sounds useless, it is actually handy for working with unqualified > hostnames: > > Host *.* > Hostname %h > Host * > Hostname %h.example.org > > * Allow ssh-keygen(1) to import (-i) and export (-e) of PEM and PKCS#8 > keys in addition to RFC4716 (SSH.COM) encodings via a new -m option > (bz#1749) > > * sshd(8) will now queue debug messages for bad ownership or > permissions on the user's keyfiles encountered during authentication. > These messages will be sent after the user has successfully > authenticated. These messages may be viewed in ssh(1) at > LogLevel=debug or higher. > > * ssh(1) connection multiplexing now supports remote forwarding with > dynamic port allocation and can report the allocated port back to > the user: > > LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost` > > * sshd(8) now supports indirection in matching of principal names > listed in certificates. By default, if a certificate has an > embedded principals list then the destination username must match > one of the names in the list for it to be accepted for > authentication. > > sshd(8) now supports an optional AuthorizedPrincipalsFile to specify > a list of names that may be accepted in place of the username when > authorizing a certificate trusted via the sshd_config(5) > TrustedCAKeys option. Similarly, authentication using a CA trusted > in ~/.ssh/authorized_keys now accepts a principals="name1[,name2,...]" > to specify a list of permitted names. > > If either option is absent, the current behaviour of requiring the > username to appear in principals continues to apply. These options > are useful for role accounts, disjoint account namespaces and > "user at realm"-style naming policies in certificates. > > * Expose some more sshd_config(5) options inside Match blocks: > > AuthorizedKeysFile > AuthorizedPrincipalsFile > HostbasedUsesNameFromPacketOnly > PermitTunnel > > * Revised the format of certificate keys. The new format, identified as > ssh-{dss,rsa}-cert-v01 at openssh.com includes the following changes: > > - Addition of a serial number field. This may be specified by the CA > at the time of certificate signing. > > - Moving the nonce field to the beginning of the certificate where > it can better protect against chosen-prefix attacks on the > signature hash (currently infeasible against the SHA1 hash used) > > - Renaming of the "constraints" field to "critical options" > > - Addng of a new non-critical "extensions" field. The "permit-*" > options are now extensions, rather than critical options to > permit non-OpenSSH implementation of this key format to degrade > gracefully when encountering keys with options they do not > recognize. > > The older format is still support for authentication and cert generation > (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate). > The older format, introduced in OpenSSH 5.4, will be supported for at > least one year from this release, after which it will be deprecated and > removed. > > BugFixes: > > * The PKCS#11 code now retries a lookup for a private key if there's > no matching key with CKA_SIGN attribute enabled; this fixes fixes > MuscleCard support (bz#1736) > > * Unbreak strdelim() skipping past quoted strings, e.g. > > AllowUsers "blah blah" blah > > was broken (bz#1757) > > * sftp(1): fix swapped args in upload_dir_internal(), breaking > recursive upload depth checks and causing verbose printing of > transfers to always be turned on (bz#1797) > > * Fix a longstanding problem where if you suspend scp(1) at the > password/passphrase prompt the terminal mode is not restored. > > * Fix PKCS#11 crash on some smartcards by checking the length > returned for C_GetAttributValue for != 0 (bz#1773) > > * sftp(1): unbreak ls in working directories that contain globbing > characters in their pathnames (bz#1655) > > * Print warning for missing home directory when ChrootDirectory=none > (bz#1564) > > * sftp(1): fix memory leak in do_realpath() error path (bz#1771) > > * ssk-keygen(1): Standardise error messages when attempting to open > private key files to include "progname: filename: error reason" > (bz#1783) > > * Replace verbose and overflow-prone Linebuf code with > read_keyfile_line() (bz#1565) > > * Include the user name on "subsystem request for ..." log messages > > * ssh(1) and sshd(8): remove hardcoded limit of 100 permitopen clauses > and port forwards per direction (bz#1327) > > * sshd(8): ignore stderr output from subsystems to avoid hangs if a > subsystem or shell initialisation writes to stderr (bz#1750) > > * Skip the initial check for access with an empty password when > PermitEmptyPasswords=no (bz#1638) > > * sshd(8): fix logspam when key options (from="..." especially) deny > non-matching keys (bz#1765) > > * ssh-keygen(1): display a more helpful error message when $HOME is > inaccessible while trying to create .ssh directory (bz#1740) > > * ssh(1): fix hang when terminating a mux slave using ~. (bz#1758) > > * ssh-keygen(1): refuse to generate keys longer than > OPENSSL_[RD]SA_MAX_MODULUS_BITS, since we would refuse to use > them anyway (bz#1516) > > * Suppress spurious tty warning when using -O and stdin is not a tty > (bz#1746) > > * Kill channel when pty allocation requests fail. Fixed stuck client > if the server refuses pty allocation (bz#1698) > > Portable OpenSSH Bugfixes: > > - sshd(8): increase the maximum username length for login recording > to 512 characters (bz#1579) > > * Initialize the values to be returned from PAM to sane values in case > the PAM method doesn't write to them. (bz#1795) > > - Let configure find OpenSSL libraries in a lib64 subdirectory. (bz#1756) > > Checksums: > =========> > - SHA1 (openssh-5.5.tar.gz) = XXX > - SHA1 (openssh-5.5p1.tar.gz) = XXX > > Reporting Bugs: > ==============> > - Please read http://www.openssh.com/report.html > Security bugs should be reported directly to openssh at openssh.com > > OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, > Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and > Ben Lindstrom. > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev >
On Aug 10 04:22, Damien Miller wrote:> Hi, > > OpenSSH 5.6 is almost ready for release, so we would appreciate testing > on as many platforms and systems as possible. This is a moderately large > release, with a number of new features and bug fixes.Builds OOTB on Cygwin. All tests pass except for the expected problems in sftp-glob due to Win32/POSIX path weirdness. Corinna -- Corinna Vinschen Cygwin Project Co-Leader Red Hat
On Mon, Aug 09, 2010 at 13:22:29 -0500, Damien Miller wrote:> Hi, > > OpenSSH 5.6 is almost ready for release, so we would appreciate testing > on as many platforms and systems as possible. This is a moderately large > release, with a number of new features and bug fixes. >All tests passed with the 20100811 snapshot on the following platforms: RHEL 5/x86_64 SLES 10/x86_64 SLES 10/Itanium Solaris 9/SPARC Mac OS X 10.5.8/Intel -- Iain Morgan
Hi there, All tests passed on slackware-13.0 32-bit. On slackware-12.0, there were problems. make works fine, but `make tests' fails. Attached is the output (stdout and stderr) from `make tests'. From the affected machine: andyt at majesty: openssh> cat /etc/slackware-version Slackware 12.0.0 andyt at majesty: openssh> gcc -v Reading specs from /usr/lib/gcc/i486-slackware-linux/4.1.2/specs Target: i486-slackware-linux Configured with: ../gcc-4.1.2/configure --prefix=/usr --enable-shared --enable-languages=ada,c,c++,fortran,java,objc --enable-threads=posix --enable-__cxa_atexit --disable-checking --with-gnu-ld --verbose --with-arch=i486 --target=i486-slackware-linux --host=i486-slackware-linux Thread model: posix gcc version 4.1.2 Anything I need to do/re-run to help? Regards, Andy On Tue, 10 Aug 2010, Damien Miller wrote:> Hi, > > OpenSSH 5.6 is almost ready for release, so we would appreciate testing > on as many platforms and systems as possible. This is a moderately large > release, with a number of new features and bug fixes. > > Snapshot releases for portable OpenSSH are available from > http://www.mindrot.org/openssh_snap/ > > The OpenBSD version is available in CVS HEAD: > http://www.openbsd.org/anoncvs.html > > Portable OpenSSH is also available via anonymous CVS using the > instructions at http://www.openssh.com/portable.html#cvs > > Running the regression tests supplied with Portable OpenSSH does not > require installation and is a simply: > > $ ./configure && make tests > > Live testing on suitable non-production systems is also > appreciated. Please send reports of success or failure to > openssh-unix-dev at mindrot.org. > > Below is a summary of changes. More detail may be found in the ChangeLog > in the portable OpenSSH tarballs. > > Thanks to the many people who contributed to this release. > > ------------------------------- > > Features: > > * Added a ControlPersist option to ssh_config(5) that automatically > starts a background ssh(1) multiplex master when connecting. This > connection can stay alive indefinitely, or can be set to > automatically close after a user-specified duration of inactivity. > > * Hostbased authentication may now use certificate host keys. CA keys > must be specified in a known_hosts file using the @cert-authority > marker. > > * ssh-keygen(1) now supports signing certificates using a CA key that > has been stored in a PKCS#11 token. > > * ssh(1) will now log the hostname and address that we connected to at > LogLevel=verbose after authentication is successful to mitigate > "phishing" attacks by servers with trusted keys that accept > authentication silently and automatically before presenting fake > password/passphrase prompts. > > Note that, for such an attack to be successful, the user must have > disabled StrictHostKeyChecking (enabled by default) or an attacker > must have access to a trusted host key for the destination server. > > * Expand %h to the hostname in ssh_config Hostname options. While this > sounds useless, it is actually handy for working with unqualified > hostnames: > > Host *.* > Hostname %h > Host * > Hostname %h.example.org > > * Allow ssh-keygen(1) to import (-i) and export (-e) of PEM and PKCS#8 > keys in addition to RFC4716 (SSH.COM) encodings via a new -m option > (bz#1749) > > * sshd(8) will now queue debug messages for bad ownership or > permissions on the user's keyfiles encountered during authentication. > These messages will be sent after the user has successfully > authenticated. These messages may be viewed in ssh(1) at > LogLevel=debug or higher. > > * ssh(1) connection multiplexing now supports remote forwarding with > dynamic port allocation and can report the allocated port back to > the user: > > LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost` > > * sshd(8) now supports indirection in matching of principal names > listed in certificates. By default, if a certificate has an > embedded principals list then the destination username must match > one of the names in the list for it to be accepted for > authentication. > > sshd(8) now supports an optional AuthorizedPrincipalsFile to specify > a list of names that may be accepted in place of the username when > authorizing a certificate trusted via the sshd_config(5) > TrustedCAKeys option. Similarly, authentication using a CA trusted > in ~/.ssh/authorized_keys now accepts a principals="name1[,name2,...]" > to specify a list of permitted names. > > If either option is absent, the current behaviour of requiring the > username to appear in principals continues to apply. These options > are useful for role accounts, disjoint account namespaces and > "user at realm"-style naming policies in certificates. > > * Expose some more sshd_config(5) options inside Match blocks: > > AuthorizedKeysFile > AuthorizedPrincipalsFile > HostbasedUsesNameFromPacketOnly > PermitTunnel > > * Revised the format of certificate keys. The new format, identified as > ssh-{dss,rsa}-cert-v01 at openssh.com includes the following changes: > > - Addition of a serial number field. This may be specified by the CA > at the time of certificate signing. > > - Moving the nonce field to the beginning of the certificate where > it can better protect against chosen-prefix attacks on the > signature hash (currently infeasible against the SHA1 hash used) > > - Renaming of the "constraints" field to "critical options" > > - Addng of a new non-critical "extensions" field. The "permit-*" > options are now extensions, rather than critical options to > permit non-OpenSSH implementation of this key format to degrade > gracefully when encountering keys with options they do not > recognize. > > The older format is still support for authentication and cert generation > (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate). > The older format, introduced in OpenSSH 5.4, will be supported for at > least one year from this release, after which it will be deprecated and > removed. > > BugFixes: > > * The PKCS#11 code now retries a lookup for a private key if there's > no matching key with CKA_SIGN attribute enabled; this fixes fixes > MuscleCard support (bz#1736) > > * Unbreak strdelim() skipping past quoted strings, e.g. > > AllowUsers "blah blah" blah > > was broken (bz#1757) > > * sftp(1): fix swapped args in upload_dir_internal(), breaking > recursive upload depth checks and causing verbose printing of > transfers to always be turned on (bz#1797) > > * Fix a longstanding problem where if you suspend scp(1) at the > password/passphrase prompt the terminal mode is not restored. > > * Fix PKCS#11 crash on some smartcards by checking the length > returned for C_GetAttributValue for != 0 (bz#1773) > > * sftp(1): unbreak ls in working directories that contain globbing > characters in their pathnames (bz#1655) > > * Print warning for missing home directory when ChrootDirectory=none > (bz#1564) > > * sftp(1): fix memory leak in do_realpath() error path (bz#1771) > > * ssk-keygen(1): Standardise error messages when attempting to open > private key files to include "progname: filename: error reason" > (bz#1783) > > * Replace verbose and overflow-prone Linebuf code with > read_keyfile_line() (bz#1565) > > * Include the user name on "subsystem request for ..." log messages > > * ssh(1) and sshd(8): remove hardcoded limit of 100 permitopen clauses > and port forwards per direction (bz#1327) > > * sshd(8): ignore stderr output from subsystems to avoid hangs if a > subsystem or shell initialisation writes to stderr (bz#1750) > > * Skip the initial check for access with an empty password when > PermitEmptyPasswords=no (bz#1638) > > * sshd(8): fix logspam when key options (from="..." especially) deny > non-matching keys (bz#1765) > > * ssh-keygen(1): display a more helpful error message when $HOME is > inaccessible while trying to create .ssh directory (bz#1740) > > * ssh(1): fix hang when terminating a mux slave using ~. (bz#1758) > > * ssh-keygen(1): refuse to generate keys longer than > OPENSSL_[RD]SA_MAX_MODULUS_BITS, since we would refuse to use > them anyway (bz#1516) > > * Suppress spurious tty warning when using -O and stdin is not a tty > (bz#1746) > > * Kill channel when pty allocation requests fail. Fixed stuck client > if the server refuses pty allocation (bz#1698) > > Portable OpenSSH Bugfixes: > > - sshd(8): increase the maximum username length for login recording > to 512 characters (bz#1579) > > * Initialize the values to be returned from PAM to sane values in case > the PAM method doesn't write to them. (bz#1795) > > - Let configure find OpenSSL libraries in a lib64 subdirectory. (bz#1756) > > Checksums: > =========> > - SHA1 (openssh-5.5.tar.gz) = XXX > - SHA1 (openssh-5.5p1.tar.gz) = XXX > > Reporting Bugs: > ==============> > - Please read http://www.openssh.com/report.html > Security bugs should be reported directly to openssh at openssh.com > > OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, > Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and > Ben Lindstrom. > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev >Dr Andy Tsouladze Sr Unix/Storage SysAdmin
On Tue, 10 Aug 2010, Damien Miller wrote:> OpenSSH 5.6 is almost ready for release, so we would appreciate testing > on as many platforms and systems as possible. This is a moderately large > release, with a number of new features and bug fixes.I attach two patches relative to the 20100810 snapshot. 1) ctype(3) functions should not be called with char arguments; they should be called with unsigned char arguments. 2) in sftp-common.c, strmode() requires #include <unistd.h>, and the results of user_from_uid() and group_from_gid() are pointers to const char, not pointers to plain char I also attach the semantic patch that generated patch 1. Use "spatch -inplace -sp_file ctype.spatch -dir .". The result compiles successfully with "-Werror" appended to CFLAGS, and passes all tests on NetBSD-5.99.27/i386. --apb (Alan Barrett) -------------- next part -------------- diff --git a/canohost.c b/canohost.c index ef94d91..8cf7005 100644 --- a/canohost.c +++ b/canohost.c @@ -104,8 +104,8 @@ get_remote_hostname(int sock, int use_dns) * of this software). */ for (i = 0; name[i]; i++) - if (isupper(name[i])) - name[i] = (char)tolower(name[i]); + if (isupper((unsigned char)name[i])) + name[i] = (char)tolower((unsigned char)name[i]); /* * Map it back to an IP address and check that the given * address actually is an address of this host. This is diff --git a/clientloop.c b/clientloop.c index de79793..10bda5f 100644 --- a/clientloop.c +++ b/clientloop.c @@ -831,7 +831,7 @@ process_cmdline(void) cmd = s = read_passphrase("\r\nssh> ", RP_ECHO); if (s == NULL) goto out; - while (isspace(*s)) + while (isspace((unsigned char)*s)) s++; if (*s == '-') s++; /* Skip cmdline '-', if any */ @@ -885,7 +885,7 @@ process_cmdline(void) goto out; } - while (isspace(*++s)) + while (isspace((unsigned char)*++s)) ; /* XXX update list of forwards in options */ diff --git a/match.c b/match.c index 2389477..d36134c 100644 --- a/match.c +++ b/match.c @@ -140,8 +140,8 @@ match_pattern_list(const char *string, const char *pattern, u_int len, for (subi = 0; i < len && subi < sizeof(sub) - 1 && pattern[i] != ','; subi++, i++) - sub[subi] = dolower && isupper(pattern[i]) ? - (char)tolower(pattern[i]) : pattern[i]; + sub[subi] = dolower && isupper((unsigned char)pattern[i]) ? + (char)tolower((unsigned char)pattern[i]) : pattern[i]; /* If subpattern too long, return failure (no match). */ if (subi >= sizeof(sub) - 1) return 0; diff --git a/openbsd-compat/fmt_scaled.c b/openbsd-compat/fmt_scaled.c index edd682a..709db6f 100644 --- a/openbsd-compat/fmt_scaled.c +++ b/openbsd-compat/fmt_scaled.c @@ -81,7 +81,7 @@ scan_scaled(char *scaled, long long *result) long long scale_fact = 1, whole = 0, fpart = 0; /* Skip leading whitespace */ - while (isascii(*p) && isspace(*p)) + while (isascii(*p) && isspace((unsigned char)*p)) ++p; /* Then at most one leading + or - */ @@ -108,7 +108,7 @@ scan_scaled(char *scaled, long long *result) * (but note that E for Exa might look like e to some!). * Advance 'p' to end, to get scale factor. */ - for (; isascii(*p) && (isdigit(*p) || *p=='.'); ++p) { + for (; isascii(*p) && (isdigit((unsigned char)*p) || *p=='.'); ++p) { if (*p == '.') { if (fract_digits > 0) { /* oops, more than one '.' */ errno = EINVAL; @@ -152,10 +152,10 @@ scan_scaled(char *scaled, long long *result) /** Are we there yet? */ if (*p == scale_chars[i] || - *p == tolower(scale_chars[i])) { + *p == tolower((unsigned char)scale_chars[i])) { /* If it ends with alphanumerics after the scale char, bad. */ - if (isalnum(*(p+1))) { + if (isalnum((unsigned char)*(p + 1))) { errno = EINVAL; return -1; } diff --git a/openbsd-compat/inet_aton.c b/openbsd-compat/inet_aton.c index 130597e..7247c8b 100644 --- a/openbsd-compat/inet_aton.c +++ b/openbsd-compat/inet_aton.c @@ -100,7 +100,7 @@ inet_aton(const char *cp, struct in_addr *addr) * Values are specified as for C: * 0x=hex, 0=octal, isdigit=decimal. */ - if (!isdigit(c)) + if (!isdigit((unsigned char)c)) return (0); val = 0; base = 10; if (c == '0') { @@ -111,12 +111,12 @@ inet_aton(const char *cp, struct in_addr *addr) base = 8; } for (;;) { - if (isascii(c) && isdigit(c)) { + if (isascii(c) && isdigit((unsigned char)c)) { val = (val * base) + (c - '0'); c = *++cp; - } else if (base == 16 && isascii(c) && isxdigit(c)) { + } else if (base == 16 && isascii(c) && isxdigit((unsigned char)c)) { val = (val << 4) | - (c + 10 - (islower(c) ? 'a' : 'A')); + (c + 10 - (islower((unsigned char)c) ? 'a' : 'A')); c = *++cp; } else break; @@ -138,7 +138,7 @@ inet_aton(const char *cp, struct in_addr *addr) /* * Check for trailing characters. */ - if (c != '\0' && (!isascii(c) || !isspace(c))) + if (c != '\0' && (!isascii(c) || !isspace((unsigned char)c))) return (0); /* * Concoct the address according to diff --git a/openbsd-compat/mktemp.c b/openbsd-compat/mktemp.c index 2285c84..38f0153 100644 --- a/openbsd-compat/mktemp.c +++ b/openbsd-compat/mktemp.c @@ -159,7 +159,7 @@ _gettemp(path, doopen, domkdir, slen) return (0); *trv++ = 'a'; } else { - if (isdigit(*trv)) + if (isdigit((unsigned char)*trv)) *trv = 'a'; else if (*trv == 'z') /* inc from z to A */ *trv = 'A'; diff --git a/openbsd-compat/readpassphrase.c b/openbsd-compat/readpassphrase.c index 62b6d0d..e4dd1c9 100644 --- a/openbsd-compat/readpassphrase.c +++ b/openbsd-compat/readpassphrase.c @@ -131,11 +131,11 @@ restart: if (p < end) { if ((flags & RPP_SEVENBIT)) ch &= 0x7f; - if (isalpha(ch)) { + if (isalpha((unsigned char)ch)) { if ((flags & RPP_FORCELOWER)) - ch = (char)tolower(ch); + ch = (char)tolower((unsigned char)ch); if ((flags & RPP_FORCEUPPER)) - ch = (char)toupper(ch); + ch = (char)toupper((unsigned char)ch); } *p++ = ch; } diff --git a/readconf.c b/readconf.c index 0296590..3927204 100644 --- a/readconf.c +++ b/readconf.c @@ -539,7 +539,7 @@ parse_yesnoask: orig = val64 = strtoll(arg, &endofnumber, 10); if (arg == endofnumber) fatal("%.200s line %d: Bad number.", filename, linenum); - switch (toupper(*endofnumber)) { + switch (toupper((unsigned char)*endofnumber)) { case '\0': scale = 1; break; @@ -1294,7 +1294,7 @@ parse_forward(Forward *fwd, const char *fwdspec, int dynamicfwd, int remotefwd) cp = p = xstrdup(fwdspec); /* skip leading spaces */ - while (isspace(*cp)) + while (isspace((unsigned char)*cp)) cp++; for (i = 0; i < 4; ++i) diff --git a/scp.c b/scp.c index e07de42..57c1490 100644 --- a/scp.c +++ b/scp.c @@ -988,7 +988,7 @@ sink(int argc, char **argv) if (*cp++ != ' ') SCREWUP("mode not delimited"); - for (size = 0; isdigit(*cp);) + for (size = 0; isdigit((unsigned char)*cp);) size = size * 10 + (*cp++ - '0'); if (*cp++ != ' ') SCREWUP("size not delimited"); diff --git a/sftp.c b/sftp.c index 229f129..ff0cb7f 100644 --- a/sftp.c +++ b/sftp.c @@ -986,7 +986,7 @@ makeargv(const char *arg, int *argcp, int sloppy, char *lastquote, state = MA_START; i = j = 0; for (;;) { - if (isspace(arg[i])) { + if (isspace((unsigned char)arg[i])) { if (state == MA_UNQUOTED) { /* Terminate current argument */ argvs[j++] = '\0'; diff --git a/ssh.c b/ssh.c index ab37c20..60b2284 100644 --- a/ssh.c +++ b/ssh.c @@ -711,8 +711,8 @@ main(int ac, char **av) /* force lowercase for hostkey matching */ if (options.host_key_alias != NULL) { for (p = options.host_key_alias; *p; p++) - if (isupper(*p)) - *p = (char)tolower(*p); + if (isupper((unsigned char)*p)) + *p = (char)tolower((unsigned char)*p); } if (options.proxy_command != NULL && diff --git a/sshconnect.c b/sshconnect.c index f55beff..7d1110f 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1106,8 +1106,8 @@ ssh_login(Sensitive *sensitive, const char *orighost, /* Convert the user-supplied hostname into all lowercase. */ host = xstrdup(orighost); for (cp = host; *cp; cp++) - if (isupper(*cp)) - *cp = (char)tolower(*cp); + if (isupper((unsigned char)*cp)) + *cp = (char)tolower((unsigned char)*cp); /* Exchange protocol version identification strings with the server. */ ssh_exchange_identification(timeout_ms); -------------- next part -------------- diff --git a/sftp-common.c b/sftp-common.c index a042875..d0d7de7 100644 --- a/sftp-common.c +++ b/sftp-common.c @@ -36,6 +36,7 @@ #include <string.h> #include <time.h> #include <stdarg.h> +#include <unistd.h> #ifdef HAVE_UTIL_H #include <util.h> #endif @@ -191,7 +192,7 @@ ls_file(const char *name, const struct stat *st, int remote, int si_units) { int ulen, glen, sz = 0; struct tm *ltime = localtime(&st->st_mtime); - char *user, *group; + const char *user, *group; char buf[1024], mode[11+1], tbuf[12+1], ubuf[11+1], gbuf[11+1]; char sbuf[FMT_SCALED_STRSIZE]; -------------- next part -------------- // cast to (unsigned char) where ctype(3) functions are called // with char args. // // Note that isascii is not included in the list of functions to modify, // because it is well-defined on the entire range of integers. // @ bad_ctype expression @ char X; @@ ( isalpha | isupper | islower | isdigit | isxdigit | isalnum | isspace | isalnum | isspace | ispunct | isprint | isgraph | iscntrl | isblank | toupper | tolower ) -(X) +((unsigned char)X)
Damien Miller wrote:> Hi, > > OpenSSH 5.6 is almost ready for release, so we would appreciate testing > on as many platforms and systems as possible. This is a moderately large > release, with a number of new features and bug fixes. > > Snapshot releases for portable OpenSSH are available from > http://www.mindrot.org/openssh_snap/ > > Running the regression tests supplied with Portable OpenSSH does not > require installation and is a simply: > > $ ./configure && make tests >I tried building openssh-SNAP-20100815 on IRIX 5.3 but it fails because this platform lacks strptime: gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -fno-builtin-memset -std=gnu99 -I. -I. -I/usr/tgcware/include/openssl -I/usr/tgcware/include -DSSHDIR=\"/usr/tgcware/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/tgcware/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/tgcware/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/tgcware/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/tgcware/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/tgcware/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty/sshd\" -DSSH_RAND_HELPER=\"/usr/tgcware/libexec/ssh-rand-helper\" -DHAVE_CONFIG_H -c ssh-keygen.c ssh-keygen.c: In function `parse_absolute_time': ssh-keygen.c:1507: warning: implicit declaration of function `strptime' ssh-keygen.c:1507: warning: comparison between pointer and integer gcc -o ssh-keygen ssh-keygen.o -L. -Lopenbsd-compat/ -Wl,-rpath,/usr/tgcware/lib -L/usr/tgcware/lib -Wl,-no_rqs -lssh -lopenbsd-compat -lcrypto -lz -lgen ld: WARNING 84: /usr/lib/libgen.so is not used for resolving any symbol. ld: ERROR 33: Unresolved text symbol "strptime" -- 1st referenced by ssh-keygen.o. ld: INFO 60: Output file removed because of error. collect2: ld returned 1 exit status make: *** [ssh-keygen] Error 1 This is a regression from 5.3p1 which built fine. Full buildlog + config.log available here: http://jupiterrise.com/tmp -tgc