Date: Mon, 8 Jan 2024 04:10:21 GMT From: Ed Maste <emaste@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: f26eafdfafb0 - stable/13 - ssh: Update to OpenSSH 9.4p1 Message-ID: <202401080410.4084ALhK066356@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=f26eafdfafb0fbd378b2f0c1e9af1dd807d852ca commit f26eafdfafb0fbd378b2f0c1e9af1dd807d852ca Author: Ed Maste <emaste@FreeBSD.org> AuthorDate: 2023-08-11 03:10:18 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2024-01-08 00:49:07 +0000 ssh: Update to OpenSSH 9.4p1 Excerpts from the release notes: * ssh-agent(1): PKCS#11 modules must now be specified by their full paths. Previously dlopen(3) could search for them in system library directories. * ssh(1): allow forwarding Unix Domain sockets via ssh -W. * ssh(1): add support for configuration tags to ssh(1). This adds a ssh_config(5) "Tag" directive and corresponding "Match tag" predicate that may be used to select blocks of configuration similar to the pf.conf(5) keywords of the same name. * ssh(1): add a "match localnetwork" predicate. This allows matching on the addresses of available network interfaces and may be used to vary the effective client configuration based on network location. * ssh-agent(1): improve isolation between loaded PKCS#11 modules by running separate ssh-pkcs11-helpers for each loaded provider. * ssh-agent(1), ssh(1): improve defences against invalid PKCS#11 modules being loaded by checking that the requested module contains the required symbol before loading it. * ssh(1): don't incorrectly disable hostname canonicalization when CanonicalizeHostname=yes and ProxyJump was expicitly set to "none". bz3567 Full release notes at https://www.openssh.com/txt/release-9.4 Relnotes: Yes Sponsored by: The FreeBSD Foundation (cherry picked from commit 535af610a4fdace6d50960c0ad9be0597eea7a1b) (cherry picked from commit 33a23ef2878fe525700983fb754f6f9f9f8fc4b7) --- crypto/openssh/.github/ci-status.md | 6 +- crypto/openssh/.github/configs | 45 +- crypto/openssh/.github/setup_ci.sh | 17 +- crypto/openssh/.github/workflows/c-cpp.yml | 26 +- crypto/openssh/.github/workflows/selfhosted.yml | 2 +- crypto/openssh/ChangeLog | 13191 ++++++++++--------- crypto/openssh/INSTALL | 8 +- crypto/openssh/PROTOCOL.agent | 4 +- crypto/openssh/PROTOCOL.krl | 55 +- crypto/openssh/README | 2 +- crypto/openssh/addr.c | 4 +- crypto/openssh/auth-options.c | 29 +- crypto/openssh/auth-pam.c | 4 +- crypto/openssh/auth2-gss.c | 12 +- crypto/openssh/auth2-pubkey.c | 35 +- crypto/openssh/canohost.c | 4 +- crypto/openssh/chacha.c | 3 +- crypto/openssh/channels.c | 19 +- crypto/openssh/channels.h | 8 +- crypto/openssh/cipher-aes.c | 2 +- crypto/openssh/cipher-chachapoly-libcrypto.c | 3 +- crypto/openssh/cipher-chachapoly.c | 3 +- crypto/openssh/clientloop.c | 14 +- crypto/openssh/config.h | 94 +- crypto/openssh/configure.ac | 107 +- crypto/openssh/contrib/redhat/openssh.spec | 2 +- crypto/openssh/contrib/ssh-copy-id | 75 +- crypto/openssh/contrib/ssh-copy-id.1 | 79 +- crypto/openssh/contrib/suse/openssh.spec | 2 +- crypto/openssh/gss-serv.c | 2 +- crypto/openssh/kexgexs.c | 4 +- crypto/openssh/krl.c | 280 +- crypto/openssh/krl.h | 10 +- crypto/openssh/match.c | 5 +- crypto/openssh/misc.c | 95 +- crypto/openssh/misc.h | 3 +- crypto/openssh/moduli | 868 +- crypto/openssh/monitor.c | 5 +- crypto/openssh/monitor_wrap.c | 6 +- crypto/openssh/mux.c | 76 +- crypto/openssh/openbsd-compat/bsd-getentropy.c | 6 +- crypto/openssh/openbsd-compat/bsd-snprintf.c | 31 +- .../openssh/openbsd-compat/libressl-api-compat.c | 556 +- crypto/openssh/openbsd-compat/openssl-compat.c | 20 +- crypto/openssh/openbsd-compat/openssl-compat.h | 158 +- crypto/openssh/openbsd-compat/port-linux.c | 39 +- .../openbsd-compat/regress/opensslvertest.c | 29 +- .../openssh/openbsd-compat/regress/snprintftest.c | 6 +- .../openssh/openbsd-compat/regress/strtonumtest.c | 2 +- crypto/openssh/packet.c | 4 +- crypto/openssh/poly1305.c | 3 +- crypto/openssh/progressmeter.c | 3 +- crypto/openssh/readconf.c | 108 +- crypto/openssh/readconf.h | 3 +- crypto/openssh/regress/Makefile | 10 +- crypto/openssh/regress/agent-ptrace.sh | 2 +- crypto/openssh/regress/forcecommand.sh | 8 +- crypto/openssh/regress/forward-control.sh | 6 +- crypto/openssh/regress/misc/sk-dummy/sk-dummy.c | 27 +- crypto/openssh/regress/percent.sh | 5 +- crypto/openssh/regress/sftp-chroot.sh | 23 +- .../openssh/regress/unittests/misc/test_ptimeout.c | 4 +- .../openssh/regress/unittests/sshkey/test_file.c | 2 + crypto/openssh/regress/unittests/sshsig/tests.c | 2 +- .../regress/unittests/test_helper/test_helper.c | 2 +- crypto/openssh/scp.c | 23 +- crypto/openssh/servconf.c | 20 +- crypto/openssh/sftp-client.c | 54 +- crypto/openssh/sftp-common.c | 4 +- crypto/openssh/sftp-server.c | 4 +- crypto/openssh/sftp.c | 12 +- crypto/openssh/sk-usbhid.c | 14 +- crypto/openssh/ssh-add.c | 6 +- crypto/openssh/ssh-agent.1 | 14 +- crypto/openssh/ssh-agent.c | 8 +- crypto/openssh/ssh-keygen.1 | 6 +- crypto/openssh/ssh-keygen.c | 16 +- crypto/openssh/ssh-keyscan.c | 28 +- crypto/openssh/ssh-pkcs11-client.c | 389 +- crypto/openssh/ssh-pkcs11.c | 43 +- crypto/openssh/ssh-sk.c | 8 +- crypto/openssh/ssh-xmss.c | 4 +- crypto/openssh/ssh.1 | 19 +- crypto/openssh/ssh.c | 59 +- crypto/openssh/ssh_config | 2 +- crypto/openssh/ssh_config.5 | 39 +- crypto/openssh/ssh_namespace.h | 3 + crypto/openssh/sshconnect2.c | 12 +- crypto/openssh/sshd_config | 2 +- crypto/openssh/sshd_config.5 | 14 +- crypto/openssh/sshkey.c | 18 +- crypto/openssh/sshkey.h | 4 +- crypto/openssh/sshsig.c | 11 +- crypto/openssh/version.h | 8 +- 94 files changed, 8883 insertions(+), 8229 deletions(-) diff --git a/crypto/openssh/.github/ci-status.md b/crypto/openssh/.github/ci-status.md index c57c3d83d11a..f3e088fd6043 100644 --- a/crypto/openssh/.github/ci-status.md +++ b/crypto/openssh/.github/ci-status.md @@ -6,6 +6,6 @@ master : [](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh) [](https://scan.coverity.com/projects/openssh-portable) -9.2 : -[](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_2) -[](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_2) +9.3 : +[](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_3) +[](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_3) diff --git a/crypto/openssh/.github/configs b/crypto/openssh/.github/configs index 8f21fc54a268..e054eb3196b5 100755 --- a/crypto/openssh/.github/configs +++ b/crypto/openssh/.github/configs @@ -81,7 +81,8 @@ case "$config" in CFLAGS="-fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer" LDFLAGS="-fsanitize=memory" CPPFLAGS='-Dchroot=chdir -Dexplicit_bzero=bzero -DMSAN_OPTIONS=\"log_path='$SANLOGS'/msan.log\"' - CONFIGFLAGS="--without-openssl --without-zlib --without-shadow" + CONFIGFLAGS="--without-zlib --without-shadow" + LIBCRYPTOFLAGS="--without-openssl" TEST_TARGET="t-exec" ;; *-sanitize-undefined) @@ -139,6 +140,10 @@ case "$config" in CONFIGFLAGS="--with-pam" SSHD_CONFOPTS="UsePam yes" ;; + boringssl) + CONFIGFLAGS="--disable-pkcs11" + LIBCRYPTOFLAGS="--with-ssl-dir=/opt/boringssl --with-rpath=-Wl,-rpath," + ;; libressl-*) LIBCRYPTOFLAGS="--with-ssl-dir=/opt/libressl --with-rpath=-Wl,-rpath," ;; @@ -209,13 +214,15 @@ esac # The Solaris 64bit targets are special since they need a non-flag arg. case "$config" in sol64*) - CONFIGFLAGS="x86_64 --with-cflags=-m64 --with-ldflags=-m64 ${CONFIGFLAGS}" - LIBCRYPTOFLAGS="--with-ssl-dir=/usr/local/ssl64" + CONFIGFLAGS="--target=x86_64 --with-cflags=-m64 --with-ldflags=-m64 ${CONFIGFLAGS}" + LIBCRYPTOFLAGS="--with-ssl-dir=/usr/local/ssl64 --with-rpath=-Wl,-rpath," ;; esac case "${TARGET_HOST}" in aix*) + CONFIGFLAGS="--disable-security-key" + LIBCRYPTOFLAGS="--without-openssl" # These are slow real or virtual machines so skip the slowest tests # (which tend to be thw ones that transfer lots of data) so that the # test run does not time out. @@ -240,7 +247,8 @@ case "${TARGET_HOST}" in SKIP_LTESTS="forwarding multiplex proxy-connect hostkey-agent agent-ptrace" ;; minix3) - LIBCRYPTOFLAGS="--without-openssl --disable-security-key" + CONFIGFLAGS="${CONFIGFLAGS} --disable-security-key" + LIBCRYPTOFLAGS="--without-openssl" # Minix does not have a loopback interface so we have to skip any # test that relies on one. # Also, Minix seems to be very limited in the number of select() @@ -264,7 +272,8 @@ case "${TARGET_HOST}" in CONFIGFLAGS="${CONFIGFLAGS} --without-hardening --disable-security-key" ;; openwrt-*) - CONFIGFLAGS="${CONFIGFLAGS} --without-openssl --without-zlib" + CONFIGFLAGS="${CONFIGFLAGS} --without-zlib" + LIBCRYPTOFLAGS="--without-openssl" TEST_TARGET="t-exec" ;; sol10|sol11) @@ -278,7 +287,8 @@ case "${TARGET_HOST}" in ;; esac -case "`./config.guess`" in +host=`./config.guess` +case "$host" in *cygwin) SUDO="" # Don't run compat tests on cygwin as they don't currently compile. @@ -289,17 +299,34 @@ case "`./config.guess`" in # modern versions don't ship with libcrypto. LIBCRYPTOFLAGS="--without-openssl" TEST_TARGET=t-exec + case "$host" in + *-darwin22.*) + # sudo -S nobody doesn't work on macos 13 for some reason. + SKIP_LTESTS="agent-getpeereid" ;; + esac ;; esac -# If we have a local openssl/libressl, use that. +# Unless specifically configured, search for a suitable version of OpenSSL, +# otherwise build without it. if [ -z "${LIBCRYPTOFLAGS}" ]; then + LIBCRYPTOFLAGS="--without-openssl" # last-match - for i in /usr/local /usr/local/ssl /usr/local/opt/openssl; do + for i in /usr /usr/local /usr/local/ssl /usr/local/opt/openssl; do + ver="none" if [ -x ${i}/bin/openssl ]; then - LIBCRYPTOFLAGS="--with-ssl-dir=${i}" + ver="$(${i}/bin/openssl version)" fi + case "$ver" in + none) ;; + "OpenSSL 0."*|"OpenSSL 1.0."*|"OpenSSL 1.1.0"*) ;; + "LibreSSL 2."*|"LibreSSL 3.0."*) ;; + *) LIBCRYPTOFLAGS="--with-ssl-dir=${i}" ;; + esac done + if [ "${LIBCRYPTOFLAGS}" = "--without-openssl" ]; then + TEST_TARGET="t-exec" + fi fi CONFIGFLAGS="${CONFIGFLAGS} ${LIBCRYPTOFLAGS}" diff --git a/crypto/openssh/.github/setup_ci.sh b/crypto/openssh/.github/setup_ci.sh index 691c70dd7ed6..154f51bdc205 100755 --- a/crypto/openssh/.github/setup_ci.sh +++ b/crypto/openssh/.github/setup_ci.sh @@ -4,7 +4,9 @@ PACKAGES="" . .github/configs $@ -case "`./config.guess`" in +host=`./config.guess` +echo "config.guess: $host" +case "$host" in *cygwin) PACKAGER=setup echo Setting CYGWIN system environment variable. @@ -124,6 +126,10 @@ for TARGET in $TARGETS; do esac PACKAGES="${PACKAGES} putty-tools" ;; + boringssl) + INSTALL_BORINGSSL=1 + PACKAGES="${PACKAGES} cmake ninja-build" + ;; valgrind*) PACKAGES="$PACKAGES valgrind" ;; @@ -199,3 +205,12 @@ if [ ! -z "${INSTALL_LIBRESSL}" ]; then ./configure --prefix=/opt/libressl && make -j2 && sudo make install) fi fi + +if [ ! -z "${INSTALL_BORINGSSL}" ]; then + (cd ${HOME} && git clone https://boringssl.googlesource.com/boringssl && + cd ${HOME}/boringssl && mkdir build && cd build && + cmake -GNinja -DCMAKE_POSITION_INDEPENDENT_CODE=ON .. && ninja && + mkdir -p /opt/boringssl/lib && + cp ${HOME}/boringssl/build/crypto/libcrypto.a /opt/boringssl/lib && + cp -r ${HOME}/boringssl/include /opt/boringssl) +fi diff --git a/crypto/openssh/.github/workflows/c-cpp.yml b/crypto/openssh/.github/workflows/c-cpp.yml index f3163884a037..e4e2a64e05d2 100644 --- a/crypto/openssh/.github/workflows/c-cpp.yml +++ b/crypto/openssh/.github/workflows/c-cpp.yml @@ -13,7 +13,14 @@ jobs: fail-fast: false matrix: # First we test all OSes in the default configuration. - target: [ubuntu-20.04, ubuntu-22.04, macos-11, macos-12, windows-2019, windows-2022] + target: + - ubuntu-20.04 + - ubuntu-22.04 + - macos-11 + - macos-12 + - macos-13 + - windows-2019 + - windows-2022 config: [default] # Then we include any extra configs we want to test for specific VMs. # Valgrind slows things down quite a bit, so start them first. @@ -43,33 +50,27 @@ jobs: - { target: ubuntu-20.04, config: gcc-11-Werror } - { target: ubuntu-20.04, config: pam } - { target: ubuntu-20.04, config: kitchensink } - - { target: ubuntu-20.04, config: hardenedmalloc } + - { target: ubuntu-22.04, config: hardenedmalloc } - { target: ubuntu-20.04, config: tcmalloc } - { target: ubuntu-20.04, config: musl } + - { target: ubuntu-latest, config: boringssl } - { target: ubuntu-latest, config: libressl-master } - - { target: ubuntu-latest, config: libressl-2.2.9 } - - { target: ubuntu-latest, config: libressl-2.8.3 } - - { target: ubuntu-latest, config: libressl-3.0.2 } - { target: ubuntu-latest, config: libressl-3.2.6 } - { target: ubuntu-latest, config: libressl-3.3.6 } - { target: ubuntu-latest, config: libressl-3.4.3 } - { target: ubuntu-latest, config: libressl-3.5.3 } - { target: ubuntu-latest, config: libressl-3.6.1 } - - { target: ubuntu-latest, config: libressl-3.7.0 } + - { target: ubuntu-latest, config: libressl-3.7.2 } - { target: ubuntu-latest, config: openssl-master } - { target: ubuntu-latest, config: openssl-noec } - - { target: ubuntu-latest, config: openssl-1.0.1 } - - { target: ubuntu-latest, config: openssl-1.0.1u } - - { target: ubuntu-latest, config: openssl-1.0.2u } - - { target: ubuntu-latest, config: openssl-1.1.0h } - { target: ubuntu-latest, config: openssl-1.1.1 } - { target: ubuntu-latest, config: openssl-1.1.1k } - { target: ubuntu-latest, config: openssl-1.1.1n } - { target: ubuntu-latest, config: openssl-1.1.1q } - - { target: ubuntu-latest, config: openssl-1.1.1s } + - { target: ubuntu-latest, config: openssl-1.1.1t } - { target: ubuntu-latest, config: openssl-3.0.0 } - - { target: ubuntu-latest, config: openssl-3.0.5 } - { target: ubuntu-latest, config: openssl-3.0.7 } + - { target: ubuntu-latest, config: openssl-3.1.0 } - { target: ubuntu-latest, config: openssl-1.1.1_stable } - { target: ubuntu-latest, config: openssl-3.0 } # stable branch - { target: ubuntu-22.04, config: pam } @@ -82,6 +83,7 @@ jobs: - { target: ubuntu-22.04, config: without-openssl } - { target: macos-11, config: pam } - { target: macos-12, config: pam } + - { target: macos-13, config: pam } runs-on: ${{ matrix.target }} steps: - name: set cygwin git params diff --git a/crypto/openssh/.github/workflows/selfhosted.yml b/crypto/openssh/.github/workflows/selfhosted.yml index d38cba520500..e84db699ea31 100644 --- a/crypto/openssh/.github/workflows/selfhosted.yml +++ b/crypto/openssh/.github/workflows/selfhosted.yml @@ -25,9 +25,9 @@ jobs: - debian-i386 - dfly30 - dfly48 - - dfly58 - dfly60 - dfly62 + - dfly64 - fbsd10 - fbsd12 - fbsd13 diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog index 40ca976a61b3..3e16fbfd346d 100644 --- a/crypto/openssh/ChangeLog +++ b/crypto/openssh/ChangeLog @@ -1,9437 +1,10174 @@ -commit 9795c4016ae35162072144df032c8b262433b462 +commit daa5b2d869ee5a16f3ef9035aa0ad3c70cf4028e Author: Damien Miller <djm@mindrot.org> -Date: Wed Jul 19 16:27:12 2023 +1000 +Date: Thu Aug 10 11:10:22 2023 +1000 - OpenSSH 9.3p2 + depend -commit bde3635f3c9324bad132cf9ed917813d6abb599e +commit 41bfb63f5101fbacde9d8d2ada863f9ee16df194 Author: Damien Miller <djm@mindrot.org> -Date: Wed Jul 19 16:31:09 2023 +1000 +Date: Thu Aug 10 11:05:42 2023 +1000 - update version in README + update versions in RPM specs -commit f673f2f3e5f67099018fc281a6b5fb918142472e +commit e598b92b1eecedac21667edf1fe92078eaf8f2b1 Author: Damien Miller <djm@mindrot.org> -Date: Wed Jul 19 16:31:00 2023 +1000 +Date: Thu Aug 10 11:05:14 2023 +1000 - update RPM spec versions + update version in README -commit d7790cdce72a1b6982795baa2b4d6f0bdbb0100d -Author: Damien Miller <djm@mindrot.org> -Date: Fri Jul 7 13:30:15 2023 +1000 +commit e797e5ffa74377c8696e3b0559a258d836479239 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Aug 10 01:01:07 2023 +0000 - disallow remote addition of FIDO/PKCS11 keys + upstream: openssh-9.4 - Depends on the local client performing the session-bind@openssh.com - operation, so non-OpenSSH local client may circumvent this. + OpenBSD-Commit-ID: 71fc1e01a4c4ea061b252bd399cda7be757e6e35 -commit b23fe83f06ee7e721033769cfa03ae840476d280 +commit 3961ed02dc578517a9d2535128cff5c3a5460d28 Author: Damien Miller <djm@mindrot.org> -Date: Thu Jul 13 12:09:34 2023 +1000 +Date: Thu Aug 10 09:08:49 2023 +1000 - terminate pkcs11 process for bad libraries + wrap poll.h include in HAVE_POLL_H -commit cb30fbdbee869f1ce11f06aa97e1cb8717a0b645 -Author: Damien Miller <djm@mindrot.org> -Date: Thu Mar 16 08:28:19 2023 +1100 +commit e535fbe2af893046c28adfcd787c1fdbae36a24a +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Aug 4 06:32:40 2023 +0000 - depend + upstream: Apply ConnectTimeout to multiplexing local socket + + connections. If the multiplex socket exists but the connection times out, + ssh will fall back to a direct connection the same way it would if the socket + did not exist at all. ok djm@ + + OpenBSD-Commit-ID: 2fbe1a36d4a24b98531b2d298a6557c8285dc1b4 -commit 1dba63eb10c40b6fda9f5012ed6ae87e2d3d028e -Author: Damien Miller <djm@mindrot.org> -Date: Thu Mar 16 08:27:54 2023 +1100 +commit 9d92e7b24848fcc605945f7c2e3460c7c31832ce +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Aug 3 19:35:33 2023 +1000 - crank version + Fix RNG seeding for OpenSSL w/out self seeding. + + When sshd is built with an OpenSSL that does not self-seed, it would + fail in the preauth privsep process while handling a new connection. + Sanity checked by djm@ -commit ba7532d0dac9aaf0ad7270664c43837fc9f64a5f +commit f70010d9b0b3e7e95de8aa0b961e1d74362cfb5d Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Mar 15 21:19:57 2023 +0000 +Date: Wed Aug 2 23:04:38 2023 +0000 - upstream: openssh-9.3 + upstream: CheckHostIP has defaulted to 'no' for a while; make the - OpenBSD-Commit-ID: 8011495f2449c1029bb316bd015eab2e00509848 + commented- out config option match. From Ed Maste + + OpenBSD-Commit-ID: e66e934c45a9077cb1d51fc4f8d3df4505db58d9 -commit 6fd4daafb949b66bf555f3100f715a9ec64c3390 +commit c88a8788f9865d02b986d00405b9f0be65ad0b5a Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Tue Mar 14 07:28:47 2023 +0000 +Date: Tue Aug 1 08:15:04 2023 +0000 - upstream: Free KRL ptr in addition to its contents. + upstream: remove unnecessary if statement. - From Coverity CID 291841, ok djm@ + github PR#422 from eyalasulin999, ok djm@ - OpenBSD-Commit-ID: f146ba08b1b43af4e0d7ad8c4dae3748b4fa31b6 + OpenBSD-Commit-ID: 2b6b0dde4407e039f58f86c8d2ff584a8205ea55 -commit 1d270bd303afaf6d94e9098cbbf18e5e539e2088 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Tue Mar 14 07:26:25 2023 +0000 +commit 77b8b865cd5a8c79a47605c0c5b2bacf4692c4d5 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Fri Jul 28 05:42:36 2023 +0000 - upstream: Check pointer for NULL before deref. + upstream: %C is a callable macro in mdoc(7) - None of the existing callers seem to do that, but it's worth checking. - From Coverity CID 291834, ok djm@ + so, as we do for %D, escape it; - OpenBSD-Commit-ID: a0a97113f192a7cb1a2c97b932f677f573cda7a4 + OpenBSD-Commit-ID: 538cfcddbbb59dc3a8739604319491dcb8e0c0c9 -commit d95af508e78c0cd3dce56b83853baaa59ae295cf -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Sun Mar 12 10:40:39 2023 +0000 +commit e0f91aa9c2fbfc951e9ced7e1305455fc614d3f2 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jul 28 05:33:15 2023 +0000 - upstream: Limit number of entries in SSH2_MSG_EXT_INFO + upstream: don't need to start a command here; use ssh -N instead. - request. This is already constrained by the maximum SSH packet size but this - makes it explicit. Prompted by Coverity CID 291868, ok djm@ markus@ + Fixes failure on cygwin spotted by Darren - OpenBSD-Commit-ID: aea023819aa44a2dcb9dd0fbec10561896fc3a09 + OpenBSD-Regress-ID: ff678a8cc69160a3b862733d935ec4a383f93cfb -commit 8f287ba60d342b3e2f750e7332d2131e3ec7ecd0 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Sun Mar 12 09:41:18 2023 +0000 +commit f446a44f30bc680e0d026a4204844b02646c1c2d +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed May 17 05:52:01 2023 +0000 - upstream: calloc can return NULL but xcalloc can't. + upstream: add LTESTS_FROM variable to allow skipping of tests up to - From Coverity CID 291881, ok djm@ + a specific point. e.g. "make LTESTS_FROM=t-sftp" will only run the sftp.sh + test and subsequent ones. ok dtucker@ - OpenBSD-Commit-ID: 50204b755f66b2ec7ac3cfe379d07d85ca161d2b + OpenBSD-Regress-ID: 07f653de731def074b29293db946042706fcead3 -commit 83a56a49fd50f4acf900f934279482e4ef329715 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Mar 10 07:17:08 2023 +0000 +commit 8eb8899d612440a9b608bee7f916081d3d0b7812 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri May 12 06:37:42 2023 +0000 - upstream: Explicitly ignore return from fcntl + upstream: test ChrootDirectory in Match block - (... FD_CLOEXEC) here too. Coverity CID 291853. + OpenBSD-Regress-ID: a6150262f39065939f025e546af2a346ffe674c1 + +commit e43f43d3f19516222e9a143468ea0dc1b3ab67b6 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri May 12 06:36:27 2023 +0000 + + upstream: better error messages - OpenBSD-Commit-ID: 99d8b3da9d0be1d07ca8dd8e98800a890349e9b5 + OpenBSD-Regress-ID: 55e4186604e80259496d841e690ea2090981bc7a -commit 0fda9d704d3bbf54a5e64ce02a6fecb11fe7f047 -Author: Damien Miller <djm@mindrot.org> -Date: Fri Mar 10 15:59:46 2023 +1100 +commit 6958f00acf3b9e0b3730f7287e69996bcf3ceda4 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jul 27 22:26:49 2023 +0000 - bounds checking for getrrsetbyname() replacement; + upstream: don't incorrectly truncate logged strings retrieved from - Spotted by Coverity in CID 405033; ok millert@ + PKCS#11 modules; based on GHPR406 by Jakub Jelen; ok markus + + OpenBSD-Commit-ID: 7ed1082f23a13b38c373008f856fd301d50012f9 -commit 89b8df518f21677045599df0ad3e5dd0f39909b5 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Mar 10 04:06:21 2023 +0000 +commit d1ffde6b55170cd4b9a72bfd9a3f17508e6cf714 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jul 27 22:25:17 2023 +0000 - upstream: Plug mem leak on error path. Coverity CID 405026, ok djm@. + upstream: make sshd_config AuthorizedPrincipalsCommand and - OpenBSD-Commit-ID: 8212ca05d01966fb5e72205c592b2257708a2aac + AuthorizedKeysCommand accept the %D (routing domain) and a new %C (connection + address/port 4-tuple) as expansion sequences; ok markus + + OpenBSD-Commit-ID: ee9a48bf1a74c4ace71b69de69cfdaa2a7388565 -commit bf4dae0ad192c3e2f03f7223834b00d88ace3d3e -Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Mar 10 14:46:57 2023 +1100 +commit 999a2886ca1844a7a74b905e5f2c8c701f9838cd +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jul 27 22:23:05 2023 +0000 - Add prototypes for mkstemp replacements. + upstream: increase default KDF work-factor for OpenSSH format - Should prevent warnings due to our wrapper function. + private keys from 16 to 24; { feedback ok } x { deraadt markus } + + OpenBSD-Commit-ID: a3afb1383f8ff0a49613d449f02395d9e8d4a9ec -commit 4e04d68d6a33cdc73b831fd4b5e6124175555d3d -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Mar 10 03:01:51 2023 +0000 +commit 0fa803a1dd1c7b546c166000e23a869cf6c4ec10 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Jul 27 02:25:09 2023 +1000 - upstream: Expliticly ignore return code from fcntl(.. FD_CLOEXEC) since + Prefer OpenSSL's SHA256 in sk-dummy.so - there's not much we can do anyway. From Coverity CID 291857, ok djm@ + Previously sk-dummy.so used libc's (or compat's) SHA256 since it may be + built without OpenSSL. In many cases, however, including both libc's + and OpenSSL's headers together caused conflicting definitions. - OpenBSD-Commit-ID: 051429dd07af8db3fec10d82cdc78d90bb051729 + We tried working around this (on OpenSSL <1.1 you could define + OPENSSL_NO_SHA, NetBSD had USE_LIBC_SHA2, various #define hacks) with + varying levels of success. Since OpenSSL >=1.1 removed OPENSSL_NO_SHA + and including most OpenSSL headers would bring sha.h in, even if it + wasn't used directly this was a constant hassle. + + Admit defeat and use OpenSSL's SHA256 unless we aren't using OpenSSL at + all. ok djm@ -commit d6d38fd77cbe091c59e1bb720c3a494df4990640 +commit 36cdb5dbf55c99c0faad06066f56a7c341258c1f +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Jul 27 10:29:44 2023 +1000 + + Retire dfly58 test VM. Add dfly64. + +commit 2d34205dab08ede9b0676efa57647fc49e6decbe Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Mar 10 02:32:04 2023 +0000 +Date: Wed Jul 26 23:06:00 2023 +0000 - upstream: Like sshd_config, some ssh_config options are not + upstream: make ssh -f (fork after authentication) work properly in - first-match-wins. sshd_config.5 was fixed in r1.348, this is the same for - this file + multiplexed cases (inc. ControlPersist). bz3589 bz3589 Based on patches by + Peter Chubb; ok dtucker@ - OpenBSD-Commit-ID: 7be55b9351cde449b136afcc52d07aa4113b215e + OpenBSD-Commit-ID: a7a2976a54b93e6767dc846b85647e6ec26969ac -commit 7187d3f86bf8f2066cc9941f217d23b0cacae25e -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Mar 10 02:24:56 2023 +0000 +commit 076aeda86a7ee9be8fd2f0181ec7b9729a6ceb37 +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Sun Jul 23 20:04:45 2023 +0000 - upstream: Remove no-op (int) > INT_MAX checks + upstream: man page typos; ok jmc@ - since they can never be true. From Coverity CID 405031, ok djm@ + OpenBSD-Commit-ID: e6ddfef94b0eb867ad88abe07cedc8ed581c07f0 + +commit 135e7d5fe31f700e6dfc61ce914970c5ee7175ba +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Thu Jul 20 05:43:39 2023 +0000 + + upstream: tweak the allow-remote-pkcs11 text; - OpenBSD-Commit-ID: 9df3783b181e056595e2bb9edf7ed41d61cf8e84 + OpenBSD-Commit-ID: bc965460a89edf76865b7279b45cf9cbdebd558a -commit 77adde4305542ebe3005dd456122624fe2347b01 +commit 5f83342b61d1f76c141de608ed2bd293990416bd Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Mar 10 13:27:29 2023 +1100 +Date: Tue Jul 25 13:00:22 2023 +1000 - Wrap mkstemp calls with umask set/restore. + Handle a couple more OpenSSL no-ecc cases. - glibc versions 2.06 and earlier did not set a umask on files created by - mkstemp created the world-writable. Wrap mkstemp to set and restore - the umask. From Coverity (CIDs 291826 291886 291891), ok djm@ + ok djm@ -commit 633d3dc2a1e9e2a013d019a0576a0771c8423713 -Author: jcs@openbsd.org <jcs@openbsd.org> -Date: Thu Mar 9 21:06:24 2023 +0000 +commit edc2ef4e418e514c99701451fae4428ec04ce538 +Author: Damien Miller <djm@mindrot.org> +Date: Thu Jul 20 12:53:44 2023 +1000 - upstream: modify parentheses in conditionals to make it clearer what is + depend + +commit 51fda734e0d3c2df256fc03e8b060c4305be6e59 +Author: Damien Miller <djm@mindrot.org> +Date: Thu Jul 20 12:53:21 2023 +1000 + + Bring back OPENSSL_HAS_ECC to ssh-pkcs11-client + +commit 099cdf59ce1e72f55d421c8445bf6321b3004755 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jul 19 14:03:45 2023 +0000 + + upstream: Separate ssh-pkcs11-helpers for each p11 module - being assigned and what is being checked + Make ssh-pkcs11-client start an independent helper for each provider, + providing better isolation between modules and reliability if a single + module misbehaves. - ok djm dtucker + This also implements reference counting of PKCS#11-hosted keys, + allowing ssh-pkcs11-helper subprocesses to be automatically reaped + when no remaining keys reference them. This fixes some bugs we have + that make PKCS11 keys unusable after they have been deleted, e.g. + https://bugzilla.mindrot.org/show_bug.cgi?id=3125 - OpenBSD-Commit-ID: 19c10baa46ae559474409f75a5cb3d0eade7a9b8 + ok markus@ + + OpenBSD-Commit-ID: 0ce188b14fe271ab0568f4500070d96c5657244e -commit 733030840c4772f858de95d5940ec0c37663e8b0 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Thu Mar 9 07:11:05 2023 +0000 +commit 29ef8a04866ca14688d5b7fed7b8b9deab851f77 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jul 19 14:02:27 2023 +0000 - upstream: Re-split the merge of the reorder-hostkeys test. + upstream: Ensure FIDO/PKCS11 libraries contain expected symbols - In the kex_proposal_populate_entries change I merged the the check for - reordering hostkeys with the actual reordering, but kex_assemble_names - mutates options.hostkeyalgorithms which renders the check ineffective. - Put the check back where it was. Spotted and tested by jsg@, ok djm@ + This checks via nlist(3) that candidate provider libraries contain one + of the symbols that we will require prior to dlopen(), which can cause + a number of side effects, including execution of constructors. - OpenBSD-Commit-ID: a7469f25a738db5567395d1881e32479a7ffc9de + Feedback deraadt; ok markus + + OpenBSD-Commit-ID: 1508a5fbd74e329e69a55b56c453c292029aefbe -commit 54ac4ab2b53ce9fcb66b8250dee91c070e4167ed +commit 1f2731f5d7a8f8a8385c6031667ed29072c0d92a Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Mar 9 06:58:26 2023 +0000 +Date: Wed Jul 19 13:56:33 2023 +0000 - upstream: include destination constraints for smartcard keys too. + upstream: Disallow remote addition of FIDO/PKCS11 provider - Spotted by Luci Stanescu; ok deraadt@ markus@ + libraries to ssh-agent by default. - OpenBSD-Commit-ID: add879fac6903a1cb1d1e42c4309e5359c3d870f + The old behaviour of allowing remote clients from loading providers + can be restored using `ssh-agent -O allow-remote-pkcs11`. + + Detection of local/remote clients requires a ssh(1) that supports + the `session-bind@openssh.com` extension. Forwarding access to a + ssh-agent socket using non-OpenSSH tools may circumvent this control. + + ok markus@ + + OpenBSD-Commit-ID: 4c2bdf79b214ae7e60cc8c39a45501344fa7bd7c -commit bfd1ad01d974a316b60622759ad17537fa2d92b4 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Thu Mar 9 18:24:54 2023 +1100 +commit 892506b13654301f69f9545f48213fc210e5c5cc +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jul 19 13:55:53 2023 +0000 - Limit the number of PAM environment variables. + upstream: terminate process if requested to load a PKCS#11 provider - xcalloc has its own limits, but these are specific to PAM. From - Coverity CID 405198, ok djm@ + that isn't a PKCS#11 provider; from / ok markus@ + + OpenBSD-Commit-ID: 39532cf18b115881bb4cfaee32084497aadfa05c -commit a231414970e01a35f45a295d5f93698fa1249b28 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Thu Mar 9 18:19:44 2023 +1100 +commit f3f56df8ec476b2de6cbdbdfdb77a2a61087829d +Author: Damien Miller <djm@mindrot.org> +Date: Wed Jul 19 12:07:18 2023 +1000 - Limit the number of PAM environment variables. + agent_fuzz doesn't want stdint.h conditionalised + +commit 750911fd31d307a767cc86e3bfa90bbbb77b1a25 +Author: Damien Miller <djm@mindrot.org> +Date: Tue Jul 18 15:41:12 2023 +1000 + + conditionalise stdint.h inclusion on HAVE_STDINT_H - From Coverity CID 405194, tweaks and ok djm@ + fixes build on AIX5 at least -commit 36c6c3eff5e4a669ff414b9daf85f919666e8e03 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Wed Mar 8 06:21:32 2023 +0000 +commit ff047504fa6e008c4092f8929881816b8993bea0 +Author: Damien Miller <djm@mindrot.org> +Date: Tue Jul 18 15:30:45 2023 +1000 - upstream: Plug mem leak. Coverity CID 405196, ok djm@ + conditionalise match localnetwork on ifaddrs.h - OpenBSD-Commit-ID: 175f09349387c292f626da68f65f334faaa085f2 + Fixes build breakage on platforms that lack getifaddrs() -commit dfb9b736e1ccf9e6b03eea21cd961f4fd0634c98 -Author: tb@openbsd.org <tb@openbsd.org> -Date: Wed Mar 8 05:33:53 2023 +0000 +commit b87b03282e466ca2927954ce93f5dbf0bfdc68f6 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jul 17 06:16:33 2023 +0000 - upstream: ssh-pkcs11: synchronize error messages with errors + upstream: missing match localnetwork negation check - A handful of error messages contained incorrect function names or - otherwise inaccurate descriptions. Fix them to match reality. + OpenBSD-Commit-ID: 9a08ed8dae27d3f38cf280f1b28d4e0ff41a737a + +commit 6d6e185ba29ef4274164b77eab4dc763907f8821 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Mon Jul 17 05:41:53 2023 +0000 + + upstream: - add -P to usage() - sync the arg name to -J in usage() - input/ok djm + with that in ssh.1 - reformat usage() to match what "man ssh" does on 80width - OpenBSD-Commit-ID: 165a15db52f75b31e1804b043480c36af09f3411 + OpenBSD-Commit-ID: 5235dd7aa42e5bf90ae54579d519f92fc107036e -commit 51875897b81b5c21b80c256a29597916edbde454 -Author: guenther@openbsd.org <guenther@openbsd.org> -Date: Wed Mar 8 04:43:12 2023 +0000 +commit f1a9898283a0638667b587ee4a950afd61ab51b0 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Mon Jul 17 05:38:10 2023 +0000 - upstream: Delete obsolete /* ARGSUSED */ lint comments. - - ok miod@ millert@ + upstream: -P before -p in SYNOPSIS; - OpenBSD-Commit-ID: 7be168a570264d59e96a7d2d22e927d45fee0e4c + OpenBSD-Commit-ID: 535f5257c779e26c6a662a038d241b017f8cab7c -commit a76085bda883c2104afb33ab0334eca190927362 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Wed Mar 8 17:25:37 2023 +1100 +commit eef4d7e873568e1c84c36bb4034e2c3378250a61 +Author: jsg@openbsd.org <jsg@openbsd.org> +Date: Mon Jul 17 05:36:14 2023 +0000 - Extra brackets to prevent warning. + upstream: configuation -> configuration + + OpenBSD-Commit-ID: 4776ced33b780f1db0b2902faec99312f26a726b -commit 147ae57d4dfa0508109f93b78a7d8b92819e1f83 +commit dc1dbe94cf6532bd546a3373ad436404f8850e5f Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Mar 8 00:05:58 2023 +0000 +Date: Mon Jul 17 05:26:38 2023 +0000 - upstream: use RSA/SHA256 when testing usability of private key in + upstream: move other RCSIDs to before their respective license blocks - agent; with/ok dtucker + too no code change - OpenBSD-Commit-ID: fe1382e2fdf23fcae631308e72342bad56066a56 + OpenBSD-Commit-ID: ef5bf46b57726e4260a63b032b0b5ac3b4fe9cd4 -commit 27fd251bc906a763e70ce0f27c8abdf8bbd1e416 +commit ebe11044681caff78834ca6b78311ad19c1860b8 Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Mar 8 00:05:37 2023 +0000 +Date: Mon Jul 17 05:22:30 2023 +0000 - upstream: use RSA/SHA256 when testing usability of private key; + upstream: Move RCSID to before license block and away from #includes, - based on fix in bz3546 by Dmitry Belyavskiy; with/ok dtucker + where it caused merge conflict in -portable for each commit :( - OpenBSD-Commit-ID: 0ef414cc363a832f9fab92a5da0234448bce2eba + OpenBSD-Commit-ID: 756ebac963df3245258b962e88150ebab9d5fc20 -commit eee9f3fc3d52ae7d2106929bb06b7f291fb0b81a +commit 05c08e5f628de3ecf6f7ea20947735bcfa3201e0 Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Mar 7 21:47:42 2023 +0000 +Date: Mon Jul 17 05:20:15 2023 +0000 - upstream: refactor to be more readable top to bottom. Prompted by + upstream: return SSH_ERR_KRL_BAD_MAGIC when a KRL doesn't contain a - Coverity CID 405048 which was a false-positive fd leak; ok dtucker@ + valid magic number and not SSH_ERR_MESSAGE_INCOMPLETE; the former is needed + to fall back to text revocation lists in some cases; fixes t-cert-hostkey. - OpenBSD-Commit-ID: fc55ec2af622a017defb9b768bf26faefc792c00 + OpenBSD-Commit-ID: 5c670a6c0f027e99b7774ef29f18ba088549c7e1 -commit 42a06b29a4c99272bf690f9b3be520b08b448dc5 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Tue Mar 7 18:34:41 2023 +1100 +commit c6fad2c3d19b74f0bd0af1ef040fc74f3a1d9ebb +Author: Damien Miller <djm@mindrot.org> +Date: Mon Jul 17 14:56:14 2023 +1000 - Add header changes missed in previous. + avoid AF_LINK on platforms that don't define it -commit 4710077096edff2e6926dd5b15bf586491d317db -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Tue Mar 7 06:09:14 2023 +0000 +commit 919bc3d3b712c920de1ae6be5ac6561c98886d7e +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jul 17 04:08:31 2023 +0000 - upstream: Fix mem leak in environment setup. + upstream: Add support for configuration tags to ssh(1). - From jjelen at redhat.com via bz#2687, ok djm@ + This adds a ssh_config(5) "Tag" directive and corresponding + "Match tag" predicate that may be used to select blocks of + configuration similar to the pf.conf(5) keywords of the same + name. - OpenBSD-Commit-ID: 9f9e4ba3cac003e6f81da3bcebd1b9ec43e7f353 + ok markus + + OpenBSD-Commit-ID: dc08358e70e702b59ac3e591827e5a96141b06a3 -commit 03acc50d0ccb78fc91d1570de1cd0fdfea646028 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Mon Mar 6 12:15:47 2023 +0000 +commit 3071d85a47061c1bdaf11a0ac233b501ecba862c +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jul 17 04:04:36 2023 +0000 - upstream: Unit test for kex_proposal_populate_entries. + upstream: add a "match localnetwork" predicate. - OpenBSD-Regress-ID: bdb211d80d572a08bf14b49fe2a58b9ff265c006 + This allows matching on the addresses of available network interfaces + and may be used to vary the effective client configuration based on + network location (e.g. to use a ProxyJump when not on a particular *** 22641 LINES SKIPPED ***
](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh){kind=link}
](https://scan.coverity.com/projects/openssh-portable){kind=link}
](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_2){kind=link}
](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_2){kind=link}
](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_3){kind=link}
](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_3){kind=link}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202401080410.4084ALhK066356>