diff options
| -rw-r--r-- | usr.bin/ssh/kex.c | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/kex.h | 5 | ||||
| -rw-r--r-- | usr.bin/ssh/packet.c | 7 | ||||
| -rw-r--r-- | usr.bin/ssh/servconf.c | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/sshconnect2.c | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd_config.5 | 12 |
6 files changed, 17 insertions, 19 deletions
diff --git a/usr.bin/ssh/kex.c b/usr.bin/ssh/kex.c index 94c508de89d..6f98e6c10c1 100644 --- a/usr.bin/ssh/kex.c +++ b/usr.bin/ssh/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.124 2016/09/22 17:52:53 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.125 2016/09/28 20:32:42 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -662,8 +662,6 @@ choose_comp(struct sshcomp *comp, char *client, char *server) return SSH_ERR_NO_COMPRESS_ALG_MATCH; if (strcmp(name, "zlib@openssh.com") == 0) { comp->type = COMP_DELAYED; - } else if (strcmp(name, "zlib") == 0) { - comp->type = COMP_ZLIB; } else if (strcmp(name, "none") == 0) { comp->type = COMP_NONE; } else { diff --git a/usr.bin/ssh/kex.h b/usr.bin/ssh/kex.h index 16060b0011c..e0b5c285dcd 100644 --- a/usr.bin/ssh/kex.h +++ b/usr.bin/ssh/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.79 2016/09/22 21:15:41 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.80 2016/09/28 20:32:42 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -50,8 +50,7 @@ #define KEX_CURVE25519_SHA256_OLD "curve25519-sha256@libssh.org" #define COMP_NONE 0 -#define COMP_ZLIB 1 -#define COMP_DELAYED 2 +#define COMP_DELAYED 1 #define CURVE25519_SIZE 32 diff --git a/usr.bin/ssh/packet.c b/usr.bin/ssh/packet.c index 36f7fdff61b..6d66a17358e 100644 --- a/usr.bin/ssh/packet.c +++ b/usr.bin/ssh/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.239 2016/09/28 16:33:07 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.240 2016/09/28 20:32:42 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -954,9 +954,8 @@ ssh_set_newkeys(struct ssh *ssh, int mode) /* explicit_bzero(enc->iv, enc->block_size); explicit_bzero(enc->key, enc->key_len); explicit_bzero(mac->key, mac->key_len); */ - if ((comp->type == COMP_ZLIB || - (comp->type == COMP_DELAYED && - state->after_authentication)) && comp->enabled == 0) { + if (comp->type == COMP_DELAYED && state->after_authentication && + comp->enabled == 0) { if ((r = ssh_packet_init_compression(ssh)) < 0) return r; if (mode == MODE_OUT) { diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c index 33faabfaf36..dd854a70ef7 100644 --- a/usr.bin/ssh/servconf.c +++ b/usr.bin/ssh/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.296 2016/09/28 16:33:07 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.297 2016/09/28 20:32:42 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -874,8 +874,8 @@ static const struct multistate multistate_permitrootlogin[] = { { NULL, -1 } }; static const struct multistate multistate_compression[] = { - { "delayed", COMP_DELAYED }, { "yes", COMP_DELAYED }, + { "delayed", COMP_DELAYED }, { "no", COMP_NONE }, { NULL, -1 } }; diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index f975accacdc..460948ec927 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.249 2016/09/28 16:33:07 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.250 2016/09/28 20:32:42 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -168,7 +168,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) compat_cipher_proposal(options.ciphers); myproposal[PROPOSAL_COMP_ALGS_CTOS] = myproposal[PROPOSAL_COMP_ALGS_STOC] = options.compression ? - "zlib@openssh.com,none" : "none,zlib@openssh.com"; + "zlib@openssh.com,zlib,none" : "none,zlib@openssh.com,zlib"; myproposal[PROPOSAL_MAC_ALGS_CTOS] = myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; if (options.hostkeyalgorithms != NULL) { diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5 index c9509b63d58..e35b7045636 100644 --- a/usr.bin/ssh/sshd_config.5 +++ b/usr.bin/ssh/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.235 2016/09/22 19:19:01 jmc Exp $ -.Dd $Mdocdate: September 22 2016 $ +.\" $OpenBSD: sshd_config.5,v 1.236 2016/09/28 20:32:42 djm Exp $ +.Dd $Mdocdate: September 28 2016 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -530,15 +530,17 @@ channel to request a response from the client. The default is 0, indicating that these messages will not be sent to the client. .It Cm Compression -Specifies whether compression is allowed, or delayed until +Specifies whether compression is enabled after the user has authenticated successfully. The argument must be .Dq yes , -.Dq delayed , +.Dq delayed +(a legacy synonym for +.Dq yes ) or .Dq no . The default is -.Dq delayed . +.Dq yes . .It Cm DenyGroups This keyword can be followed by a list of group name patterns, separated by spaces. |