upstream commit
restore pre-auth compression support in the client -- the previous commit was intended to remove it from the server only. remove a few server-side pre-auth compression bits that escaped adjust wording of Compression directive in sshd_config(5) pointed out by naddy@ ok markus@ Upstream-ID: d23696ed72a228dacd4839dd9f2dec424ba2016b
This commit is contained in:
djm@openbsd.org
Damien Miller
parent
80d1c963b4
commit
4577adead6
4
kex.c
4
kex.c
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: kex.c,v 1.124 2016/09/22 17:52:53 djm Exp $ */
|
||||
/* $OpenBSD: kex.c,v 1.125 2016/09/28 20:32:42 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
|
@ -684,8 +684,6 @@ choose_comp(struct sshcomp *comp, char *client, char *server)
|
|||
return SSH_ERR_NO_COMPRESS_ALG_MATCH;
|
||||
if (strcmp(name, "zlib@openssh.com") == 0) {
|
||||
comp->type = COMP_DELAYED;
|
||||
} else if (strcmp(name, "zlib") == 0) {
|
||||
comp->type = COMP_ZLIB;
|
||||
} else if (strcmp(name, "none") == 0) {
|
||||
comp->type = COMP_NONE;
|
||||
} else {
|
||||
|
|
|
|||
5
kex.h
5
kex.h
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: kex.h,v 1.79 2016/09/22 21:15:41 djm Exp $ */
|
||||
/* $OpenBSD: kex.h,v 1.80 2016/09/28 20:32:42 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
||||
|
|
@ -64,8 +64,7 @@
|
|||
#define KEX_CURVE25519_SHA256_OLD "curve25519-sha256@libssh.org"
|
||||
|
||||
#define COMP_NONE 0
|
||||
#define COMP_ZLIB 1
|
||||
#define COMP_DELAYED 2
|
||||
#define COMP_DELAYED 1
|
||||
|
||||
#define CURVE25519_SIZE 32
|
||||
|
||||
|
|
|
|||
7
packet.c
7
packet.c
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: packet.c,v 1.239 2016/09/28 16:33:07 djm Exp $ */
|
||||
/* $OpenBSD: packet.c,v 1.240 2016/09/28 20:32:42 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
|
@ -965,9 +965,8 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
|
|||
/* explicit_bzero(enc->iv, enc->block_size);
|
||||
explicit_bzero(enc->key, enc->key_len);
|
||||
explicit_bzero(mac->key, mac->key_len); */
|
||||
if ((comp->type == COMP_ZLIB ||
|
||||
(comp->type == COMP_DELAYED &&
|
||||
state->after_authentication)) && comp->enabled == 0) {
|
||||
if (comp->type == COMP_DELAYED && state->after_authentication &&
|
||||
comp->enabled == 0) {
|
||||
if ((r = ssh_packet_init_compression(ssh)) < 0)
|
||||
return r;
|
||||
if (mode == MODE_OUT) {
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
/* $OpenBSD: servconf.c,v 1.296 2016/09/28 16:33:07 djm Exp $ */
|
||||
/* $OpenBSD: servconf.c,v 1.297 2016/09/28 20:32:42 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
* All rights reserved
|
||||
|
|
@ -920,8 +920,8 @@ static const struct multistate multistate_permitrootlogin[] = {
|
|||
{ NULL, -1 }
|
||||
};
|
||||
static const struct multistate multistate_compression[] = {
|
||||
{ "delayed", COMP_DELAYED },
|
||||
{ "yes", COMP_DELAYED },
|
||||
{ "delayed", COMP_DELAYED },
|
||||
{ "no", COMP_NONE },
|
||||
{ NULL, -1 }
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: sshconnect2.c,v 1.249 2016/09/28 16:33:07 djm Exp $ */
|
||||
/* $OpenBSD: sshconnect2.c,v 1.250 2016/09/28 20:32:42 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
* Copyright (c) 2008 Damien Miller. All rights reserved.
|
||||
|
|
@ -174,7 +174,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
|
|||
compat_cipher_proposal(options.ciphers);
|
||||
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
|
||||
myproposal[PROPOSAL_COMP_ALGS_STOC] = options.compression ?
|
||||
"zlib@openssh.com,none" : "none,zlib@openssh.com";
|
||||
"zlib@openssh.com,zlib,none" : "none,zlib@openssh.com,zlib";
|
||||
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
|
||||
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
|
||||
if (options.hostkeyalgorithms != NULL) {
|
||||
|
|
|
|||
|
|
@ -33,8 +33,8 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: sshd_config.5,v 1.235 2016/09/22 19:19:01 jmc Exp $
|
||||
.Dd $Mdocdate: September 22 2016 $
|
||||
.\" $OpenBSD: sshd_config.5,v 1.236 2016/09/28 20:32:42 djm Exp $
|
||||
.Dd $Mdocdate: September 28 2016 $
|
||||
.Dt SSHD_CONFIG 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
|
@ -529,15 +529,17 @@ channel to request a response from the client.
|
|||
The default
|
||||
is 0, indicating that these messages will not be sent to the client.
|
||||
.It Cm Compression
|
||||
Specifies whether compression is allowed, or delayed until
|
||||
Specifies whether compression is enabled after
|
||||
the user has authenticated successfully.
|
||||
The argument must be
|
||||
.Dq yes ,
|
||||
.Dq delayed ,
|
||||
.Dq delayed
|
||||
(a legacy synonym for
|
||||
.Dq yes )
|
||||
or
|
||||
.Dq no .
|
||||
The default is
|
||||
.Dq delayed .
|
||||
.Dq yes .
|
||||
.It Cm DenyGroups
|
||||
This keyword can be followed by a list of group name patterns, separated
|
||||
by spaces.
|
||||
|
|
|
|||
Loading…
Reference in New Issue