diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2016-09-28 20:32:42 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2016-09-29 06:54:50 +1000 |
| commit | 4577adead6a7d600c8e764619d99477a08192c8f (patch) | |
| tree | 1f825ee75953b95abab5a88ee9f8e241cab9eec1 | |
| parent | 80d1c963b4dc84ffd11d09617b39c4bffda08956 (diff) | |
upstream commit
restore pre-auth compression support in the client -- the
previous commit was intended to remove it from the server only.
remove a few server-side pre-auth compression bits that escaped
adjust wording of Compression directive in sshd_config(5)
pointed out by naddy@ ok markus@
Upstream-ID: d23696ed72a228dacd4839dd9f2dec424ba2016b
| -rw-r--r-- | kex.c | 4 | ||||
| -rw-r--r-- | kex.h | 5 | ||||
| -rw-r--r-- | packet.c | 7 | ||||
| -rw-r--r-- | servconf.c | 4 | ||||
| -rw-r--r-- | sshconnect2.c | 4 | ||||
| -rw-r--r-- | sshd_config.5 | 12 |
6 files changed, 17 insertions, 19 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.124 2016/09/22 17:52:53 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.125 2016/09/28 20:32:42 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -684,8 +684,6 @@ choose_comp(struct sshcomp *comp, char *client, char *server) return SSH_ERR_NO_COMPRESS_ALG_MATCH; if (strcmp(name, "zlib@openssh.com") == 0) { comp->type = COMP_DELAYED; - } else if (strcmp(name, "zlib") == 0) { - comp->type = COMP_ZLIB; } else if (strcmp(name, "none") == 0) { comp->type = COMP_NONE; } else { @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.79 2016/09/22 21:15:41 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.80 2016/09/28 20:32:42 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -64,8 +64,7 @@ #define KEX_CURVE25519_SHA256_OLD "curve25519-sha256@libssh.org" #define COMP_NONE 0 -#define COMP_ZLIB 1 -#define COMP_DELAYED 2 +#define COMP_DELAYED 1 #define CURVE25519_SIZE 32 @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.239 2016/09/28 16:33:07 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.240 2016/09/28 20:32:42 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -965,9 +965,8 @@ ssh_set_newkeys(struct ssh *ssh, int mode) /* explicit_bzero(enc->iv, enc->block_size); explicit_bzero(enc->key, enc->key_len); explicit_bzero(mac->key, mac->key_len); */ - if ((comp->type == COMP_ZLIB || - (comp->type == COMP_DELAYED && - state->after_authentication)) && comp->enabled == 0) { + if (comp->type == COMP_DELAYED && state->after_authentication && + comp->enabled == 0) { if ((r = ssh_packet_init_compression(ssh)) < 0) return r; if (mode == MODE_OUT) { @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.296 2016/09/28 16:33:07 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.297 2016/09/28 20:32:42 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -920,8 +920,8 @@ static const struct multistate multistate_permitrootlogin[] = { { NULL, -1 } }; static const struct multistate multistate_compression[] = { - { "delayed", COMP_DELAYED }, { "yes", COMP_DELAYED }, + { "delayed", COMP_DELAYED }, { "no", COMP_NONE }, { NULL, -1 } }; diff --git a/sshconnect2.c b/sshconnect2.c index a633e76c..7a8b7ea9 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.249 2016/09/28 16:33:07 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.250 2016/09/28 20:32:42 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -174,7 +174,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) compat_cipher_proposal(options.ciphers); myproposal[PROPOSAL_COMP_ALGS_CTOS] = myproposal[PROPOSAL_COMP_ALGS_STOC] = options.compression ? - "zlib@openssh.com,none" : "none,zlib@openssh.com"; + "zlib@openssh.com,zlib,none" : "none,zlib@openssh.com,zlib"; myproposal[PROPOSAL_MAC_ALGS_CTOS] = myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; if (options.hostkeyalgorithms != NULL) { diff --git a/sshd_config.5 b/sshd_config.5 index 59c9ea47..b5d361e1 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.235 2016/09/22 19:19:01 jmc Exp $ -.Dd $Mdocdate: September 22 2016 $ +.\" $OpenBSD: sshd_config.5,v 1.236 2016/09/28 20:32:42 djm Exp $ +.Dd $Mdocdate: September 28 2016 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -529,15 +529,17 @@ channel to request a response from the client. The default is 0, indicating that these messages will not be sent to the client. .It Cm Compression -Specifies whether compression is allowed, or delayed until +Specifies whether compression is enabled after the user has authenticated successfully. The argument must be .Dq yes , -.Dq delayed , +.Dq delayed +(a legacy synonym for +.Dq yes ) or .Dq no . The default is -.Dq delayed . +.Dq yes . .It Cm DenyGroups This keyword can be followed by a list of group name patterns, separated by spaces. |