From nobody Mon Feb 17 07:35:17 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YxDvn5ddmz5n9jX; Mon, 17 Feb 2025 07:35:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YxDvn4yMcz3LFY; Mon, 17 Feb 2025 07:35:17 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739777717; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rwPFs8TqurPASJ9f1aziC+zQQH3SbLOEzUU5nrmuE6M=; b=UONezUNuZGzwpX+tYW0ocHNIEYayCQja4U+BhqBKjx5qPRl11StiDYP3UotD3oq05adKij yPNEadCb8kkcuEiG3y/1cHAHZ1p7OUzDo7iG4L/D1nawuFHGl5LoTVWS+CyzeCfUkkPwxa k4aqt3nTMQLbVG17kOyG5XKqXTAC/snSgKRMjgFQfOxXEfMi2IOVSG/lARAq/mRWhFE6iz EjpnfoUNlzKIDf34u6aRcVNkDWKuakQYT3OOT3D2pcm2uHof0e0bRASe/XtzZs6PkGK183 kP4Ig97CnTxhlcpfLc6+WpGo79gJX0G7P1N4RaJ+kV+uOFScZyJZYT30S0+1HQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739777717; a=rsa-sha256; cv=none; b=tq1DkYVv2/6iL6UoGiL88HIapOE48VSxCFJTi2CRYVDBBlkDgoHItVT5qNL1oz47Hjq8nA icBXqJMWLENGufSionCLS8rfJqEeOjfKEWPgXZP2lG9U6KUYVmJaV784aTfutHk/KsJ9tj i+79q3OOl3NcuzeJeZclKrwy2b5MLO7k8kQjzJHfPUdp1D0Bk9pbp1bswfNdweWzFjRqTy vmMby7LS4A7bHoaqtqqFFYmnVOnhMaoPrS7aMUu65Wb7ABByoMxjrKNap9GQzSLHkjHlX8 wMo+m+iK/ScGYh12Xxb/YhTNiQGCqrPiMB9WbCEHmyWioBrfjUaJYpCaLLudzA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739777717; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rwPFs8TqurPASJ9f1aziC+zQQH3SbLOEzUU5nrmuE6M=; b=wvqfgU1QXWPrJ7/HFDjEgJXp5Cjraqc3OZyn1r3fQ5XTqQ1FqREGd6uz7+q4i1RGsjg/hH M/xoCBtD9Qu7Ay9S/KyodnpTIS5e3K16fRblNzWSATf6fwDqukMlqPvjeHpSdezBiZR3OK 7Is9AlX//xHWcppX10/nqnz7cdSyj4nuqEsk56wsYzI0CFR8HAkU/gZSTVEsozvSoBLO0M x+4yWYeUTaYxDVvsvQaF3xlEiYUb096YfvKtzoDjQKw5D57Olny8wMCd5UqdIkJSYZe+Ye VRKoVzNCy4Z2MufOCuMDkr1zV8/7viL4NPdQlZrVnenkP5QzzcpUjGb2A2576w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YxDvn4HDGz8DB; Mon, 17 Feb 2025 07:35:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51H7ZHFW046494; Mon, 17 Feb 2025 07:35:17 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51H7ZHFE046491; Mon, 17 Feb 2025 07:35:17 GMT (envelope-from git) Date: Mon, 17 Feb 2025 07:35:17 GMT Message-Id: <202502170735.51H7ZHFE046491@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: "Andrey V. Elsukov" Subject: git: 09def8d654e7 - stable/14 - ipfw: add missing initializer for 'limit' table value List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: ae X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 09def8d654e7be0454925ab57c4e6e1d1d173911 Auto-Submitted: auto-generated The branch stable/14 has been updated by ae: URL: https://cgit.FreeBSD.org/src/commit/?id=09def8d654e7be0454925ab57c4e6e1d1d173911 commit 09def8d654e7be0454925ab57c4e6e1d1d173911 Author: Andrey V. Elsukov AuthorDate: 2025-02-10 07:58:23 +0000 Commit: Andrey V. Elsukov CommitDate: 2025-02-17 07:33:59 +0000 ipfw: add missing initializer for 'limit' table value PR: 284691 (cherry picked from commit 95ab7b3223c08cf48ccf764815523ea995a7ea0e) --- sys/netpfil/ipfw/ip_fw_table_value.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sys/netpfil/ipfw/ip_fw_table_value.c b/sys/netpfil/ipfw/ip_fw_table_value.c index 1d4e1db2dcbb..431707ae5d74 100644 --- a/sys/netpfil/ipfw/ip_fw_table_value.c +++ b/sys/netpfil/ipfw/ip_fw_table_value.c @@ -112,6 +112,7 @@ mask_table_value(struct table_value *src, struct table_value *dst, _MCPY(netgraph, IPFW_VTYPE_NETGRAPH); _MCPY(fib, IPFW_VTYPE_FIB); _MCPY(nat, IPFW_VTYPE_NAT); + _MCPY(limit, IPFW_VTYPE_LIMIT); _MCPY(mark, IPFW_VTYPE_MARK); _MCPY(dscp, IPFW_VTYPE_DSCP); _MCPY(nh4, IPFW_VTYPE_NH4); From nobody Mon Feb 17 07:41:30 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YxF301nppz5n9sd; Mon, 17 Feb 2025 07:41:32 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YxF2z0hZpz3PfJ; Mon, 17 Feb 2025 07:41:31 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739778091; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=RBb5p4LFDRYyLSc43i1uhhwR2eyJvM8FbbP+5xXTzUs=; b=RxTmDS9nYTWNKkdqDjW8e2fpEjADrI3YxV8FeJKLuf2gq5/D/ZBRaWiQaY4VqBBH6M4hSg cK4WZLEq5Uzbk3QB7s5Iruc2Ca2yjoywr4fW74Q62e8xf5oOeJ1oLuAaXSJhBjadDp/8ww WHKr8DV+DzxfECxtm/tZ6dJz7iBn5uqeZ01CDa5Or8LlUCezi3gsPENz9zYKkTT0c1sL/e fE7Q3SxilYESXU3DgYJyQlrk8x4aOFVI5FT8kIu3yUTAFVCpHTEe0N9psdwOh6brLYQkER 0O9TUjzq9few+0i7yCU8V2l+scHpW731bn8EllU1ofJNmx4jgtfCH0ujwlpVlQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739778091; a=rsa-sha256; cv=none; b=dpcQIocAcUOoEvkyfHcjUMtYcWg0sDrb6ucESrReIyXsqA++0Re6TZ8EI2LBRTWhZydTGQ RhV1EMP5LCSltyyIZgyZz9hNfWrekt06s33yBlfQp0XQTG+3apOUvy5JYGz0Dg6adH9UWq MmaSAJdpm/eeVpprC2DgDniAHAy2/aOoLCkJpGMlIQ59QZmKPQan0Sli3QDzBZoUxTiJ++ k1LyeajpOaXHJSulh/SsiuqbCau0+1vK5Ng8GSl859xZ4SUjpqQ3TDifDwpSLPA5v0VwLJ SE1Dxunw6PnQbS7W+JgDAoQFaY9rWsKetzL7oEGPh7v7bqVFCQqLghEnyxLkOQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739778091; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=RBb5p4LFDRYyLSc43i1uhhwR2eyJvM8FbbP+5xXTzUs=; b=IiwYmnmmlh7Vi0UTZFdHR60xtMoM7IXTRteZ1Q9H7/mprL9Cx7pNE1SeBrtj5AiFFkZEID YTkml+Kw8vTajpp/mfDh9YcDjflDMtDSSkxhZhZPdoZotPy/MmwgTWYkmXaDtuMsVj/8Ua RAIIxYQcwxKinYIcpkYl17P1ZoWwJTxX/8yxSZMsJSEqwh8TKB7lcFsbJUFRI3H9qfswpQ 3oIjHI2lvwLU5FhlWplwygpsydjI+BxvA/m/vCISBePou4aNqZQ8AUdS0A8lBgSgXyT99W IQrKlAaoz+ToiYpPDXR2qoXhcpjz8m1qHVF4fsShitcKNgQKeJ+o9pK8ABWDxw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YxF2z0JK9z8K3; Mon, 17 Feb 2025 07:41:31 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51H7fUnD061953; Mon, 17 Feb 2025 07:41:30 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51H7fUpP061950; Mon, 17 Feb 2025 07:41:30 GMT (envelope-from git) Date: Mon, 17 Feb 2025 07:41:30 GMT Message-Id: <202502170741.51H7fUpP061950@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: "Andrey V. Elsukov" Subject: git: ff2588f2ac0a - stable/13 - ipfw: add missing initializer for 'limit' table value List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: ae X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: ff2588f2ac0a7a4d15496e2654f22d4d300037bf Auto-Submitted: auto-generated The branch stable/13 has been updated by ae: URL: https://cgit.FreeBSD.org/src/commit/?id=ff2588f2ac0a7a4d15496e2654f22d4d300037bf commit ff2588f2ac0a7a4d15496e2654f22d4d300037bf Author: Andrey V. Elsukov AuthorDate: 2025-02-10 07:58:23 +0000 Commit: Andrey V. Elsukov CommitDate: 2025-02-17 07:40:29 +0000 ipfw: add missing initializer for 'limit' table value PR: 284691 (cherry picked from commit 95ab7b3223c08cf48ccf764815523ea995a7ea0e) --- sys/netpfil/ipfw/ip_fw_table_value.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sys/netpfil/ipfw/ip_fw_table_value.c b/sys/netpfil/ipfw/ip_fw_table_value.c index 0004713b4a70..bd86d9e22209 100644 --- a/sys/netpfil/ipfw/ip_fw_table_value.c +++ b/sys/netpfil/ipfw/ip_fw_table_value.c @@ -112,6 +112,7 @@ mask_table_value(struct table_value *src, struct table_value *dst, _MCPY(netgraph, IPFW_VTYPE_NETGRAPH); _MCPY(fib, IPFW_VTYPE_FIB); _MCPY(nat, IPFW_VTYPE_NAT); + _MCPY(limit, IPFW_VTYPE_LIMIT); _MCPY(dscp, IPFW_VTYPE_DSCP); _MCPY(nh4, IPFW_VTYPE_NH4); _MCPY(nh6, IPFW_VTYPE_NH6); From nobody Mon Feb 17 19:34:17 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YxXsP4Yxyz5p3pq; Mon, 17 Feb 2025 19:34:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YxXsP3s1Jz3Snr; Mon, 17 Feb 2025 19:34:17 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739820857; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=g+u7bdtoMyeVSHx5gcL88IxFxjc8Vma+UpduVTHLVps=; b=WCUKgpooDNIqcl2ruZBJ+qnVE4tjINde+Bzj6lV1C3Co9qL1e4D53zOP6nFQYSYSat66LQ 8zjZJWJmWC+Y/LjwQFbuzayh0+s9r1Y3WAT8E3dh5vfEU4IRike9ddGxGM7zoVmlwAPe39 nOU6Y+XF+RYQiUYizKy8hkbb5U28izC/iYojeDmfqBcYhIroRaxz0s/tG2VVZ3Q8DbrS8X tLQxcxEeXnKfQE/Y35nE1ywspVjgE6BmkemQTymTv9xneY2ClVLiVtntYGMWY53q3se0Vl 4T1zIeciwvygamfARfN8RbdjNdBUGoXd5f87cRdQ4t3GQUT0dHyth/BsIcL2Tw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739820857; a=rsa-sha256; cv=none; b=F1lm43/GVU+Pr0M4mflRRTzIbgdOnp4JN4B+oS6cxYo9JZUTgnAFKo3yXt9vlViNA42SvB QluoFdBEleagTWAPhmhFs2DLrwyZGuY26dnIHA8cdvRk8aR7YuIxp7oce/ShN9qgd/EKwA neUAjf99Rdm3lt85YIuRc2TjxTUMcRGfAklplbzZQmYttSn1H/nQ4m/WWUwV0cxipC4PPC lpyB2qavCY/3Uor1DVWSpNWmM3q9b8DK5TkT2hAhNH9cc5h/Qq06lrbCayGJPMieR5W07I 53XoN2k61lIoGn++hWY8NinJ4hnmFHBkW/Ed0kW90vuWXChERqRHrJKZmUvOKA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739820857; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=g+u7bdtoMyeVSHx5gcL88IxFxjc8Vma+UpduVTHLVps=; b=lzj73yg3j13E0mEOR8+IlMRlQDjvN3gn7HgIWRgVfpq7Ya1QSVj+zxUnMIOH+nLPx/Cczz nQb3belngX2mqkZFeV6bBn+Bsygfmlobe3GSiAX3b5mQ248ORTGwUoAh9wcc3jjfmV9oql HRB3948OK/aTFypWqt/m2/arEixgXqwxuw5U1YCz6KsWv2iFlxc+EIljAzKR8toJRUreP5 bpqdsVcOT/SlgmrUCE01G7yYxS7LesWmHhjkIdBV4LwEaaH+PhAETyugZq6wEx0wvYfUDU kfqxyoVkmgiSfk73Tf9U6oJP3DkaWeYJo/WT+JeLA8MkALnbjiEqo3NvwHqPbA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YxXsP3KrwznQt; Mon, 17 Feb 2025 19:34:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51HJYHED020711; Mon, 17 Feb 2025 19:34:17 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51HJYH6X020708; Mon, 17 Feb 2025 19:34:17 GMT (envelope-from git) Date: Mon, 17 Feb 2025 19:34:17 GMT Message-Id: <202502171934.51HJYH6X020708@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Jamie Gritton Subject: git: 486af41443e8 - stable/14 - MFC jls: admit that jail parameters with newlines print multiple lines PR: 283414 Reported by: dch List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jamie X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 486af41443e825feb6f075a7e5b14afc49215642 Auto-Submitted: auto-generated The branch stable/14 has been updated by jamie: URL: https://cgit.FreeBSD.org/src/commit/?id=486af41443e825feb6f075a7e5b14afc49215642 commit 486af41443e825feb6f075a7e5b14afc49215642 Author: Jamie Gritton AuthorDate: 2025-02-13 15:47:12 +0000 Commit: Jamie Gritton CommitDate: 2025-02-17 19:33:24 +0000 MFC jls: admit that jail parameters with newlines print multiple lines PR: 283414 Reported by: dch (cherry picked from commit b144e883cac8c60175c89508f14fc6804869181a) --- usr.sbin/jls/jls.8 | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/usr.sbin/jls/jls.8 b/usr.sbin/jls/jls.8 index ce148da0d138..f7a5eeb321ef 100644 --- a/usr.sbin/jls/jls.8 +++ b/usr.sbin/jls/jls.8 @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd January 20, 2025 +.Dd February 13, 2025 .Dt JLS 8 .Os .Sh NAME @@ -39,12 +39,12 @@ The .Nm utility lists all active jails, or the specified jail. -Each jail is represented by one row which contains space-separated values of -the listed +Each jail is represented by space-separated values of the listed .Ar parameters , -including the pseudo-parameter +one jail per line (unless the parameters themselves contain newlines). +The pseudo-parameter .Va all -which will show all available jail parameters. +will show all available jail parameters. A list of available parameters can be retrieved via .Dq Nm sysctl Fl d Va security.jail.param . See From nobody Mon Feb 17 19:41:45 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YxY221fvqz5p4K6; Mon, 17 Feb 2025 19:41:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YxY220fRWz3XsV; Mon, 17 Feb 2025 19:41:46 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739821306; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ZGgk4jBhx0QJCtTypVlaQ6a1zuBWKozLWOFPdGTEZiE=; b=OGd+APkHHfFAfJUCkdfP6F1wjtcv8J1EfpexeQ82ogIAtJjI2z2S/HuYnkU8WiUIRqakaJ n9PdC5tFfE8Dpy1p5qFFXvgLYPVGBn9nzJ0N9nssOY3cLN9YJm3qiJjYdsgacUa/w3nUCu hiweAqJnELGiMQG1nYhPes0wciIes1/RUQAH2W5APBcaY+nyCm9czNuiQvL2oO4XIYEcTs XHO6vZEMGIUVbtpxYoWUHeKMyPt1ouKDPCVdtSzz9Hp1VMJ+XKgNtp84JBgRFkVP4b9BBE 4b3rjj09DwpWZuMhvRjr0LlrYbfSRUyYDCflNYCqO1XaBZDCZoqD2UokL8yXow== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739821306; a=rsa-sha256; cv=none; b=RJJJoiVr3qFCOJ0iWIhjp80peqo59BCORtSyu/wYG/YYQSL4YC0RUSRMGrN1uuWKsyDbc0 4duUu1WqBQG6RxrkLh8gVn73rUKGR9zQV+qdruMqMMsTJXRVHotBQTLKJdUEKM1AyvcdM3 8T91K8m1nFXZMWGRF4OHYah+qqh0/+8ORboODD9B5Py+CYi9p4tu5dfrJBIyAiDCKMRXki rTBgSqD0pB6Dxje4lbbY0b1Yw3YJLNsPN6AT9dSOn4/gWZ2h63zw3Uu7LtwlpNBic/9xJc uybwUG6xp54ExShiHBWB58+chpWJX++AhvAAqKmYGABmIiTZaPtWPzje7rBGVQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739821306; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ZGgk4jBhx0QJCtTypVlaQ6a1zuBWKozLWOFPdGTEZiE=; b=LwqNo+XOyzKWtxtVfsEYa/VUixqT9cjDG/u1jY2d1T/U2EfXTe7R0t24E2iSTeKABrQ66Q tN4moxSYbkPKdgvXWx71/FK4IOWKW9PHDH/h5HIxYA3ZHLp8nZiDr8LNhDpnD6kBqEbNQ+ 5vAs7t0RFEspoK0Yu6LxzkMiJWVnk3RSrkWcnKh5u7zmZlNsUiLah5MpXFkK5vAkmIXlJh jAlhQ2u6jsPuIw1vEmIApnj7Vipit6Y/G0wJYgGwjGSqRgJ5VgIsOa7iBpeGgFuAzx62m9 Lldi3Soe6afOTxbRa4zWh03s4XZ57F8X86FGXVmrIxk/0FkkHa+Wyku00HuXuA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YxY2202rmzmln; Mon, 17 Feb 2025 19:41:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51HJfjH5036106; Mon, 17 Feb 2025 19:41:45 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51HJfjwB036103; Mon, 17 Feb 2025 19:41:45 GMT (envelope-from git) Date: Mon, 17 Feb 2025 19:41:45 GMT Message-Id: <202502171941.51HJfjwB036103@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Jamie Gritton Subject: git: dc384b96228f - stable/14 - MFC jls: fix the -q option to put quotes around all whitespace PR: 283414 List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jamie X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: dc384b96228f1ffa64afe56abe636a2b6db66a48 Auto-Submitted: auto-generated The branch stable/14 has been updated by jamie: URL: https://cgit.FreeBSD.org/src/commit/?id=dc384b96228f1ffa64afe56abe636a2b6db66a48 commit dc384b96228f1ffa64afe56abe636a2b6db66a48 Author: Jamie Gritton AuthorDate: 2025-02-13 15:48:18 +0000 Commit: Jamie Gritton CommitDate: 2025-02-17 19:41:08 +0000 MFC jls: fix the -q option to put quotes around all whitespace PR: 283414 (cherry picked from commit 3d11af1e595b5a3646be370e33c4aa850dc62bb0) --- usr.sbin/jls/jls.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/usr.sbin/jls/jls.c b/usr.sbin/jls/jls.c index c1cf074cd605..bd0bdfc83f2d 100644 --- a/usr.sbin/jls/jls.c +++ b/usr.sbin/jls/jls.c @@ -38,6 +38,7 @@ #include #include +#include #include #include #include @@ -516,13 +517,21 @@ quoted_print(int pflags, char *name, char *value) } /* - * The value will be surrounded by quotes if it contains spaces - * or quotes. + * The value will be surrounded by quotes if it contains + * whitespace or quotes. */ - qc = strchr(p, '\'') ? '"' - : strchr(p, '"') ? '\'' - : strchr(p, ' ') || strchr(p, '\t') ? '"' - : 0; + if (strchr(p, '\'')) + qc = '"'; + else if (strchr(p, '"')) + qc = '\''; + else { + qc = 0; + for (; *p; ++p) + if (isspace(*p)) { + qc = '"'; + break; + } + } if (qc && pflags & PRINT_QUOTED) xo_emit("{P:/%c}", qc); From nobody Mon Feb 17 20:12:51 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YxYjv5GwKz5p5tF; Mon, 17 Feb 2025 20:12:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YxYjv4mpMz3php; Mon, 17 Feb 2025 20:12:51 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739823171; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=nWXs9h8QbDhA8W/XltQBfpEowYY7H+QD0wBJx5CWMSk=; b=DcQO17vR01tfKnho1IUh2S1RxYQlgveTOp803Ab+dzw4nEZJbu+8CMs9YqPQtwP69RpMsf zU9iKYmPkWtOEN8CnFBWji6495FYuuX2GfFnYO0LPd++RD8apZCImjYDt3BP+BNS5JOd5+ /IMZR0kUpXNs/d5NNeb1HXQ92vp+AfP7U7N7/I/nAhBpg4cKJEp9aU9ODXrpf94hxLAQqH OL1NNF6ChH45ymdgHV8a4WjXMDwfB+TJBd0BZuRG9HU/1TC7K/wPQPxxYGHm8UL2/0Unl8 w1udY7vSFgxwiVGB7Rpkbf5i5fJtaRRDmEPEdEstRwiLrmr0ZMSeCiGujGknvg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739823171; a=rsa-sha256; cv=none; b=Iq9oUAxdhZ4veaZ+6gK1HrCk0HgJur9JkoU7Xb7GlRspjDBinx0LTq71Edc/m9iHK+I1VK 3JQBfdn3SdKwhkwTAE2KYrUa7ZCaW5YQHCdwCDheWvUxSHqk/KjXmCNRasnPOY4HGDDmkK 1bucxqB3GjXc7G/ZW+thsnvIi5zG9xhTn2PiJfZhKAKAPjKHZ7srd+hahWhs7XCLS1rJmw XE8qq9Xjkf3CUPk84p2iedB1zYImB/3BQVQsN9rTyTFBgFKyKJQUPLgcT6Z0T2ppoEMSA6 IHk+eXdWeRFomgmv8U6gWGylw0iCXcWW0xMvS/fmMt3KfLNC1QleunUg7qSeKg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739823171; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=nWXs9h8QbDhA8W/XltQBfpEowYY7H+QD0wBJx5CWMSk=; b=AMdTfMG8VzYJLjO6jL1TOtO+o/Cm7jQvZDpsF6TjdJPphyrswM1Ygc2a0oYUgfkk9As3zE ZvSUa3Dtob404AEE1q8PfgWkN0FGiuwd9Z1U70e6Dh8uvmiJN4V62Mwokl6LwuT6G3Oe96 Vr6F+dyme6bm6PQIMmxo7/3cIiaGuvKDj3aijIu11RnsSIb3iuioJeaiGYmBpYAqpokBp8 dFZCIM36CYuuP0avE0Fa0hzVDUvKLUloisahgQnG6ZPK4oYTucJyGHbdHpGSV48qoHsN9L 4v980ZhOTBq9/ZDLHsJLBoAYITMEkWilNdchn1skCEQvOh0ehJ5VYenZZCyF6A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YxYjv4CfDzpHx; Mon, 17 Feb 2025 20:12:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51HKCpLT096425; Mon, 17 Feb 2025 20:12:51 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51HKCpBJ096422; Mon, 17 Feb 2025 20:12:51 GMT (envelope-from git) Date: Mon, 17 Feb 2025 20:12:51 GMT Message-Id: <202502172012.51HKCpBJ096422@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Jose Luis Duran Subject: git: 3593da6a4e86 - stable/14 - mtree: Add missing flua entry List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jlduran X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 3593da6a4e86d2e3fa6f352a9a52df5d796d6f22 Auto-Submitted: auto-generated The branch stable/14 has been updated by jlduran: URL: https://cgit.FreeBSD.org/src/commit/?id=3593da6a4e86d2e3fa6f352a9a52df5d796d6f22 commit 3593da6a4e86d2e3fa6f352a9a52df5d796d6f22 Author: Jose Luis Duran AuthorDate: 2025-02-17 20:08:46 +0000 Commit: Jose Luis Duran CommitDate: 2025-02-17 20:09:00 +0000 mtree: Add missing flua entry This is a direct commit to the stable/14 and stable/13 branch. Reviewed by: emaste Approved by: emaste (mentor) Fixes: bceabe277e12 ("flua: initial support for "require" in the base system") Differential Revision: https://reviews.freebsd.org/D49011 --- etc/mtree/BSD.debug.dist | 2 ++ 1 file changed, 2 insertions(+) diff --git a/etc/mtree/BSD.debug.dist b/etc/mtree/BSD.debug.dist index f64dc79a297f..435da9d14d43 100644 --- a/etc/mtree/BSD.debug.dist +++ b/etc/mtree/BSD.debug.dist @@ -37,6 +37,8 @@ .. engines-3 .. + flua + .. i18n .. libxo From nobody Mon Feb 17 20:13:13 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YxYkK4Qj8z5p5tS; Mon, 17 Feb 2025 20:13:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YxYkK3xS4z3q3H; Mon, 17 Feb 2025 20:13:13 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739823193; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=2JoJytY5pKv7jPIk8pNMdHc3+6fo8pnNYGpMV1VvR1o=; b=Dd159krJFlKXk632KejKVoIKxVh/ySFHExBvwjmSOx3+wWezk5up42c5eakXJCM+v+iM1L YPwayn9NzBP4rzFO25dKvYnpXSyBIV4PfdOGZtAUxLzDdUpiEugVwvm7lE4z7aQ4wvZgh8 ksfPBuF/V5p6M7S/o7QsbafFGy6Z5X9/p9iJUJhJyZU2tKy94G1yVRBQQ4EAVYk3cyfw7k tXKcLRrai7qHbzWpvRGQRo3GFS6jGKtweHu4Uy3mumX4Cjvm1IuSGqzNlxRn+KIk6f/IKC HV1Jyj+2qRbW22ZBdhmQh7td8qE6q+1m+hC4roBvXoePshJsBidMUhM12uthuA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739823193; a=rsa-sha256; cv=none; b=OHnzC2e473lXljiu9OowlmBTohnP2n9J2i9KTZL1g1dqW2i7VyD7ILPlFrAZLIH3Jl7AEb P8Os1mwVzUBQPw4wuL9lnogvRANpOIVFTEWreV9cHrs1eTslvE3fpJstPfhho443s5fXwM oSaq693HAegrkDA2r6LwUcNtwXRgbYZjcHWKTFg8/b3IyToLElDX5zhkOMhF5MonExMwDj HPHjaurz6KE3P3cFRIkHuIyo6avmIvf/DXbQFfUuAODaqeRVFTQrD32idt7grKG7qr/8g4 ORaLll8FzQBlfJ9ExT0F4/CP22FIlA0h0NkzShDWP2I8/lnm4inzuBRF3cQ6Og== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739823193; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=2JoJytY5pKv7jPIk8pNMdHc3+6fo8pnNYGpMV1VvR1o=; b=qSAX6rm5M+gam26J3UBqaG7Iakbwlsk711lKIEsfNtQtDr45CDDFiAF/SBPQ0nUIPxircc Qvrm36pPK+8SNb1m60bF1L0ggp2dCE87hFNI13HGPCF5YlfOTTMMngRNnzYFXGrrM1eT2k Teu0QppgFaGFxLjBJlNpL6i5UiVFCVUVD2/zDg5SPRm0TqpCMjT1pccrXKaFltAwpgHmxW lod9u8LhJ/XMgQPoP/kUf21duxURSmUsQ9K2X8KqfsaCQLmDD1vxvU/a3XtkV0f0DmaHZg 79eDSZ9WkojzVSgsSjXM0yiCppKqRE/YIHMLNHO7b29+oXkPafx8wHr2v9bjIQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YxYkK3LfZzp2j; Mon, 17 Feb 2025 20:13:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51HKDDFQ096678; Mon, 17 Feb 2025 20:13:13 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51HKDDoc096675; Mon, 17 Feb 2025 20:13:13 GMT (envelope-from git) Date: Mon, 17 Feb 2025 20:13:13 GMT Message-Id: <202502172013.51HKDDoc096675@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Jose Luis Duran Subject: git: 057598ba1862 - stable/13 - mtree: Add missing flua entry List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jlduran X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 057598ba1862047c22a31153ffdc9631cf7762ca Auto-Submitted: auto-generated The branch stable/13 has been updated by jlduran: URL: https://cgit.FreeBSD.org/src/commit/?id=057598ba1862047c22a31153ffdc9631cf7762ca commit 057598ba1862047c22a31153ffdc9631cf7762ca Author: Jose Luis Duran AuthorDate: 2025-02-17 20:08:46 +0000 Commit: Jose Luis Duran CommitDate: 2025-02-17 20:11:19 +0000 mtree: Add missing flua entry This is a direct commit to the stable/14 and stable/13 branch. Reviewed by: emaste Approved by: emaste (mentor) Fixes: bceabe277e12 ("flua: initial support for "require" in the base system") Differential Revision: https://reviews.freebsd.org/D49011 --- etc/mtree/BSD.debug.dist | 2 ++ 1 file changed, 2 insertions(+) diff --git a/etc/mtree/BSD.debug.dist b/etc/mtree/BSD.debug.dist index 53eb1910304a..c0e9fcbbabbd 100644 --- a/etc/mtree/BSD.debug.dist +++ b/etc/mtree/BSD.debug.dist @@ -39,6 +39,8 @@ .. engines .. + flua + .. i18n .. libxo From nobody Mon Feb 17 20:51:31 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YxZZW5yNZz5p8Tj; Mon, 17 Feb 2025 20:51:31 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YxZZW3jSnz4HcV; Mon, 17 Feb 2025 20:51:31 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739825491; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=X3eMKm3gP2Z4qLiQaz72iYd/y93HOUht8Cc4f8IJHsg=; b=g+MkwPzYLU7egszEqNqihKdUtu7q6bRgtudDpG6S/nvQAshMFQsIPRTvJyTDHhBrcsvQ2I ncawg4lsEIychTUnQlNNsz31iw9D6DdvySsSHY09FCBxK7Hw3Wn1Jy+xbG185yZz/A0vsN W5tPU6TtJ8tO+8weusAtudvEAaVZQI4eBqyIRhuz0L+IDfac6Ad+HMuDG05pHOwr7bjk2T AGtvmu2fpy8cyhpD/ECHrTVZi1lb4sR4ne4AKwxM6+qjmGUn/Rp4cDL57Fo1E371TWlbn2 w9+I+LCzE/LBlZYmftCcJWukZz0mJxA+24dV16E0PBsCMW8sdGvOBhpDTVmR1A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739825491; a=rsa-sha256; cv=none; b=Hqtafm0w6TEfWT2tql16c4sQai7jR1togf7Yn9OkXVBRXFYXCvy4/UdPeqXLMI1Ombw6X4 jiEYgQ5GxqKF+NXVoZzgSCElFR/kyVLUNUoMHKlXGHYKhVs+R7HvN65klT0MkrI7JYwiWi w+WiluJHvYDXRNloxEF1lQ8CpEyzykqSivEgQYkA4Fm7Cymo8qWP5OPcktsq/9Gb1ksXCZ 7/ycsN3gL0Q6PYpBnZnky/py5rLSL/pbnsZA4OnsUdeoqqNn95jKjw5V0UfZrV/+XXos2/ QPBJ2/pkJTFeiXNjLkHQd0Dod49+rb/q/2trhSSZJ2ZstgXIg9ohmileTz0jvQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739825491; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=X3eMKm3gP2Z4qLiQaz72iYd/y93HOUht8Cc4f8IJHsg=; b=YmaLxlfrSbos+fQBDVpeZNc94Rf3dJbKuJUK7P77aNXwHb31AlPjE7v0Oh9TaSlX6ozrGJ 6Km9qz9TA/bu1/4VEDjomuchFxPsmG1tErf89jDomrFMeAQGO960e/Dlyts6plXJFrknqK zLBYgB9G54GqXA8EtnC/03QixtgFdizuSi37EhxXrbACRsjdgL2cb5ToftgKOIOyzVfTcW SpkgzQd4sOD9mtOSzBQFu2W9mu3dtDXthXfR55CkdCrMx7NEojLY8byZUg6GmqAZe+EUDy yvRmuyKB+ZKnwJ75E4hdZP6t63rOciuWFp+oKMHQQhSk5gPkkrnjwiOsUTdEGw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YxZZW3C5zzpyk; Mon, 17 Feb 2025 20:51:31 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51HKpVbP066907; Mon, 17 Feb 2025 20:51:31 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51HKpVxL066904; Mon, 17 Feb 2025 20:51:31 GMT (envelope-from git) Date: Mon, 17 Feb 2025 20:51:31 GMT Message-Id: <202502172051.51HKpVxL066904@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Jose Luis Duran Subject: git: 8bd278e2707e - stable/13 - mtree: Add missing directories generated by certctl List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jlduran X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 8bd278e2707e9522210a1ee164f78a7cacc2e48d Auto-Submitted: auto-generated The branch stable/13 has been updated by jlduran: URL: https://cgit.FreeBSD.org/src/commit/?id=8bd278e2707e9522210a1ee164f78a7cacc2e48d commit 8bd278e2707e9522210a1ee164f78a7cacc2e48d Author: Jose Luis Duran AuthorDate: 2025-02-17 20:27:31 +0000 Commit: Jose Luis Duran CommitDate: 2025-02-17 20:49:30 +0000 mtree: Add missing directories generated by certctl This is a direct commit to the stable/13 branch, cherry-picking commit 5b7f73ce16cb ("mtree: Add missing directories generated by certctl"), because the "untrusted" directory is called "blacklisted" on stable/13. PR: 255639 Reviewed by: imp Approved by: emaste (mentor) Differential Revision: https://reviews.freebsd.org/D49037 --- etc/mtree/BSD.root.dist | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/etc/mtree/BSD.root.dist b/etc/mtree/BSD.root.dist index 81476d60bb0e..c405a5819019 100644 --- a/etc/mtree/BSD.root.dist +++ b/etc/mtree/BSD.root.dist @@ -94,6 +94,10 @@ ssh .. ssl + blacklisted + .. + certs + .. .. syslog.d .. From nobody Tue Feb 18 03:03:14 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YxkqQ355mz5ns4b; Tue, 18 Feb 2025 03:03:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YxkqQ2S5Yz3GTm; Tue, 18 Feb 2025 03:03:14 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739847794; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=yAcFZtEzCA2QLlkp7op11vXDpROPj303ojrntlds66s=; b=rFZkYurpFBVUsUrDIy7oSStJr8SxW6Hq3zHBkSd8ZmzNiF5AowOjsKMEgoJ8ez59wFRjlA Q++1apbnS9jhnD78pS1pudb3sOPKignoIg7VtJj0sTvyI6dzLhQy5RYkehfXFDeCT+lG7Q WlrN2EFBxZbD7t2cDM58Zy0kq1JGWHZg4kvK5oSrRGfI0HzEse0e9bkv+boyJlNySPxVMu VHzMFyjDAtQE4Ymo8YCX7wDoRu3VsJFH34kodajX/ntfayk0ous69BB8UwAhI4LHmflOsf fJegTSiTFs0QLaAus1+KlHJRtQps4z+xYxJIZi50qkJPRZX1HFXUOOoLKV2+bw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739847794; a=rsa-sha256; cv=none; b=bOArK0NHpBid7fR6xXRCIHZQfv85Z1Iwl6m5DUppiq4t+lFJeoRNoBqX9dvEyZ8QfEgMx3 0GWxJzQBry076BmWupAvHs/EBM7Mop0gN+DHQMfwH/Hls5iBoKlawKxrX5psLIOEk4ZaF0 V9LpByalUKwKKjEDZT74oFYd6n2oYN8GtOmVD4qVEgHb24+hpjP3E2JmyvQfGufeco868d SsZOq/6VMUvm7lFYvbWFr7BQ4IzjofudJZnYF+Z3OKbqjnJCfr8qZDXJ3NWKnIME51UqCq 2qwPrlJbjBRlJ4CDUphiCiDYGTznF4+NsYJouMs9GgPgLlo8LPNoilWG44rang== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739847794; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=yAcFZtEzCA2QLlkp7op11vXDpROPj303ojrntlds66s=; b=yxGNs7u9XrGf9YbVxVp0dIUcbhqJjlQXpDGqIM0zy2XbgsObCgerdJz630XxTfqJwEaADY bmtvPadj6sZAQBPeiNP9FshX7+EoWsdk3M1Oa41EEICNQGW+HX37McJJfAcTVb8fIyMs33 iAgGyqDMLPRCdQlt4FYP5pKxmVtc4pQ1DYsVstUe5mhfL4IVoUyIQ0RjpXlkuKjMmD/qJG mIh8rA8Opx+27yWO9zTEeEw09AbzS27to2VlcIAWVJk0S707qZWaAqaL7RLaSROWImKhBe kkmfJsE+CtwmEGihogJBzWPfDHqgPqV8y5/DpkxoVhNLO5dO7DrmYb8221CTEA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YxkqQ1tmzz11L9; Tue, 18 Feb 2025 03:03:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51I33E8o069606; Tue, 18 Feb 2025 03:03:14 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51I33Ed8069603; Tue, 18 Feb 2025 03:03:14 GMT (envelope-from git) Date: Tue, 18 Feb 2025 03:03:14 GMT Message-Id: <202502180303.51I33Ed8069603@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kevin Bowling Subject: git: 24491b4acce5 - stable/14 - ixgbe: x550 support for 1000BASE-BX SFP modules List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kbowling X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 24491b4acce5e244ff87fedbd873fc29558762b2 Auto-Submitted: auto-generated The branch stable/14 has been updated by kbowling: URL: https://cgit.FreeBSD.org/src/commit/?id=24491b4acce5e244ff87fedbd873fc29558762b2 commit 24491b4acce5e244ff87fedbd873fc29558762b2 Author: Kevin Bowling AuthorDate: 2025-02-10 04:02:17 +0000 Commit: Kevin Bowling CommitDate: 2025-02-18 03:02:49 +0000 ixgbe: x550 support for 1000BASE-BX SFP modules Add support for 1Gbit BiDi modules to x550 derivatives (cherry picked from commit 183621655613bcc97e4ec7d22adbc829347ed426) --- sys/dev/ixgbe/ixgbe_x550.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/sys/dev/ixgbe/ixgbe_x550.c b/sys/dev/ixgbe/ixgbe_x550.c index ba72b5d1366e..7f07190f832c 100644 --- a/sys/dev/ixgbe/ixgbe_x550.c +++ b/sys/dev/ixgbe/ixgbe_x550.c @@ -1496,6 +1496,8 @@ static s32 ixgbe_supported_sfp_modules_X550em(struct ixgbe_hw *hw, bool *linear) case ixgbe_sfp_type_1g_sx_core1: case ixgbe_sfp_type_1g_lx_core0: case ixgbe_sfp_type_1g_lx_core1: + case ixgbe_sfp_type_1g_bx_core0: + case ixgbe_sfp_type_1g_bx_core1: *linear = false; break; case ixgbe_sfp_type_unknown: @@ -1829,9 +1831,11 @@ s32 ixgbe_get_link_capabilities_X550em(struct ixgbe_hw *hw, /* Check if 1G SFP module. */ if (hw->phy.sfp_type == ixgbe_sfp_type_1g_sx_core0 || - hw->phy.sfp_type == ixgbe_sfp_type_1g_sx_core1 - || hw->phy.sfp_type == ixgbe_sfp_type_1g_lx_core0 || - hw->phy.sfp_type == ixgbe_sfp_type_1g_lx_core1) { + hw->phy.sfp_type == ixgbe_sfp_type_1g_sx_core1 || + hw->phy.sfp_type == ixgbe_sfp_type_1g_lx_core0 || + hw->phy.sfp_type == ixgbe_sfp_type_1g_lx_core1 || + hw->phy.sfp_type == ixgbe_sfp_type_1g_bx_core0 || + hw->phy.sfp_type == ixgbe_sfp_type_1g_bx_core1) { *speed = IXGBE_LINK_SPEED_1GB_FULL; return IXGBE_SUCCESS; } From nobody Tue Feb 18 03:27:41 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YxlMf1Tq0z5ntvW; Tue, 18 Feb 2025 03:27:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YxlMf0Vyvz3Hvx; Tue, 18 Feb 2025 03:27:42 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739849262; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=QaO+dpOiegLb/vxXbeJhJePnIf+ok4KzTPi0LpLCxZM=; b=gsHg/r/bhpMF/Q/dcDOG7WyhmTegdfPIBm3uCv5b9nPWxDVEd93agWtDXdFV5MKM9nzcQ9 ZZtylyu4EaxakDPpYhJq/k9AS1cebt//GnHJJhD5S6kXv1Tv0n6wg/+HqBn8gR3G2gC+XT xWTzPwghL8Re9xqpNCtsOuvQp5Vm2CCn2LL23EgUzxu/2CUGkLEQdTgPFbkX9IitxNLcnc 1+KYJySsZX7laNz6n5ayrpl/QosDuZ19rvTAu8/vsxPjUy0e03UAhjwL3KzsFYZdhG6K0u rkJHvl6Fp5J0TFEOHOpLvf+G/341JJaQFl+jkb5TlaOE+3s0IqbtX2Bv6CnI3w== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739849262; a=rsa-sha256; cv=none; b=J6OqZYwGn9Pl6MouiiVJyY/D/T9UopN8RH3UbiU9cuPeTvZQY84MYaYSVFejeQ31mqjRES GDmcGfBHZhQNWg7E+aJtydXblfU+M3fEIsKBLBF/JaGYXoElGnuzibAv7OjNu99PO9km2h j2uWNgDefYhUireowY10kenQTGo4+nnzgN8SQ4VZdCB80AszEJnTfP0FpPnuijHyVS0Lh1 WbruUr7mB6tPihgLScqA3nS+0MQFRfQZ0JomyeKdNPL/ijHgW7mzxRpzvndtzvndpj33qj bMiCKluHdtHTtek/oJ5sJ5hdrawci1HPpT1swj4G6kR1GRG81cstyd6qpD2kYg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739849262; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=QaO+dpOiegLb/vxXbeJhJePnIf+ok4KzTPi0LpLCxZM=; b=SN7oYayQqCNVd+mNbmyRgAA/9h8bOxxavegu8dlaallQTWCOi/E7veqKyQXVt/1yumtEHR zzVG7TcVdwHqFBKhbmY2IK9QqE3Z4UXbzqOkYUnfxH4+R/R+jL7Qq7tUStxc9AiT49sxg6 cdX38Iv9xRrST7M05Cdz7UDrmQ/ybahDNqJeQDlKDMHcNbnrpQmBTrMdBYqXyBHsLBhahB phlXNCszWnbj9iXKKJ8LdZrHbb2PDq5rnmOxhbzU9ePnMwrwOYORCxWeemCMFGWkLzXf7T pjhpjjfgQu72V1Ro/imbLoL+6YnUT59tP+nT3zrul/hrem91f1Qljys6mdw6hw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YxlMf03Msz12MR; Tue, 18 Feb 2025 03:27:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51I3RfY9008619; Tue, 18 Feb 2025 03:27:41 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51I3RfPt008616; Tue, 18 Feb 2025 03:27:41 GMT (envelope-from git) Date: Tue, 18 Feb 2025 03:27:41 GMT Message-Id: <202502180327.51I3RfPt008616@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kevin Bowling Subject: git: d22c7294544e - stable/13 - ixgbe: x550 support for 1000BASE-BX SFP modules List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kbowling X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: d22c7294544e8b672c959b7374ee5c0e863af7f4 Auto-Submitted: auto-generated The branch stable/13 has been updated by kbowling: URL: https://cgit.FreeBSD.org/src/commit/?id=d22c7294544e8b672c959b7374ee5c0e863af7f4 commit d22c7294544e8b672c959b7374ee5c0e863af7f4 Author: Kevin Bowling AuthorDate: 2025-02-10 04:02:17 +0000 Commit: Kevin Bowling CommitDate: 2025-02-18 03:27:25 +0000 ixgbe: x550 support for 1000BASE-BX SFP modules Add support for 1Gbit BiDi modules to x550 derivatives (cherry picked from commit 183621655613bcc97e4ec7d22adbc829347ed426) --- sys/dev/ixgbe/ixgbe_x550.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/sys/dev/ixgbe/ixgbe_x550.c b/sys/dev/ixgbe/ixgbe_x550.c index 2c9ead8fd247..7274a5ccf2ab 100644 --- a/sys/dev/ixgbe/ixgbe_x550.c +++ b/sys/dev/ixgbe/ixgbe_x550.c @@ -1496,6 +1496,8 @@ static s32 ixgbe_supported_sfp_modules_X550em(struct ixgbe_hw *hw, bool *linear) case ixgbe_sfp_type_1g_sx_core1: case ixgbe_sfp_type_1g_lx_core0: case ixgbe_sfp_type_1g_lx_core1: + case ixgbe_sfp_type_1g_bx_core0: + case ixgbe_sfp_type_1g_bx_core1: *linear = false; break; case ixgbe_sfp_type_unknown: @@ -1829,9 +1831,11 @@ s32 ixgbe_get_link_capabilities_X550em(struct ixgbe_hw *hw, /* Check if 1G SFP module. */ if (hw->phy.sfp_type == ixgbe_sfp_type_1g_sx_core0 || - hw->phy.sfp_type == ixgbe_sfp_type_1g_sx_core1 - || hw->phy.sfp_type == ixgbe_sfp_type_1g_lx_core0 || - hw->phy.sfp_type == ixgbe_sfp_type_1g_lx_core1) { + hw->phy.sfp_type == ixgbe_sfp_type_1g_sx_core1 || + hw->phy.sfp_type == ixgbe_sfp_type_1g_lx_core0 || + hw->phy.sfp_type == ixgbe_sfp_type_1g_lx_core1 || + hw->phy.sfp_type == ixgbe_sfp_type_1g_bx_core0 || + hw->phy.sfp_type == ixgbe_sfp_type_1g_bx_core1) { *speed = IXGBE_LINK_SPEED_1GB_FULL; return IXGBE_SUCCESS; } From nobody Tue Feb 18 13:13:13 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Yy0MG1BYNz5nbCp; Tue, 18 Feb 2025 13:13:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Yy0MG0YvMz3VdY; Tue, 18 Feb 2025 13:13:14 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739884394; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+itOJVUc6slUlxf+S0LKt9B0pIgt5wLT7XTw1qeOCrc=; b=TAMtqYnIJyOYKQZQ70v7AXaMdDRuEn041EvXr7TWjIY5RORLCE1gKQPinV1bpQZAfeAxsc Rt9fFFn7iyDJb9/ueuYzIgVY0ktr93QDX8icnHnagEC/MYotF/d+wakNa4k7CQzS80FQ6m G6b+urb+5Nd5e3CWnmJM/l8iIm49tEW6HdxYRhlA2rpqBjZ/6pkXaDtn3+xx5wACPYYp8c 2Wt7VXgmlCgLU4uHSGWmaHnzLHGCnt75IKaMnF5Yq/54ELyE3+0WXP7d4WrBTd4YOTw4it B6fCdNWNNqyGqRmRiBpnLYYk3l+hw/wTyKq4gEcu85NdDUTCcPH2u22VnG6AEQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739884394; a=rsa-sha256; cv=none; b=SAVq1a3YsHxJk1/SeAfhJetigX7yu6V4KCWGSC7crQlzo3uBF3MN9qthcKJbVvr0Lt/fo4 KihdIUu96xGCR+67AV7fOmLp+ugS7rNmcVLNM//v6McPJoLng11HblWAHKK8ydoluzvKHI +GnR8dyJryBwLH+k+NFlW+eFpkACEYPuTHWR6nPYV7jZ0IOC7PMlkOeGHxEA86/6RPnQTg qHiLcfyWsULmYLU8ukTrigmcmBT4KwW/hHnWdsMIgEWpXTalPZF/mOtfLSUFCefah15pW+ FuB228YJbf6kTD+SCs4jOSBtNiwKL8/Rt19DVJ/FzpoMNYXgQg6s+kca8LfMfA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739884394; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+itOJVUc6slUlxf+S0LKt9B0pIgt5wLT7XTw1qeOCrc=; b=uQbpgqcMRk1XMbfB0MrmIlD2F2hYgrKf2wP2d6dCn6YOUYscEheWybJ9RPS/SIHTORx/L8 9gCp0aqir/Eakg5aAT87miI2vBWvMmft3clQ+fBrlApe9wBZBKigOidpCdcnS5k81stkgd 7y3jlNIOm2TU3m+9ig7eOdaRfZpzCGl9b0+vhTELEaUcFYWRpBnLv/7bvztSTf8agnTHCa g23Y8a7WH0vblR/zBvoIqA1aCSs9N/HrpOjVtgONP5oDbpwFevtD0riPbTFQCpgedCv3fV cmk+9UMbzuVAlPbCqb2v2l7I6Xl/j/UGkbiAyCHzwPurvC1LszteG+umrNXzqw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Yy0MG08lYz5Tp; Tue, 18 Feb 2025 13:13:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51IDDDRO011738; Tue, 18 Feb 2025 13:13:13 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51IDDDV3011735; Tue, 18 Feb 2025 13:13:13 GMT (envelope-from git) Date: Tue, 18 Feb 2025 13:13:13 GMT Message-Id: <202502181313.51IDDDV3011735@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 4f48ab042c97 - stable/14 - ssh: Update config.h for OpenSSL ED25519 List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 4f48ab042c97ed6cfaa174600e3d17755c889512 Auto-Submitted: auto-generated The branch stable/14 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=4f48ab042c97ed6cfaa174600e3d17755c889512 commit 4f48ab042c97ed6cfaa174600e3d17755c889512 Author: Ed Maste AuthorDate: 2025-02-11 13:52:07 +0000 Commit: Ed Maste CommitDate: 2025-02-18 13:12:45 +0000 ssh: Update config.h for OpenSSL ED25519 OpenSSH-portable had a configure bug that prevented it from detecting OpenSSL ED25519 support, fixed in 8d0e46c1ddb5 ("Fix OpenSSL ED25519 support detection"). This will come in with the OpenSSH 9.8p1 update, but fix the error in config.h now. Reported by: jlduran Reviewed by: jlduran Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D48942 (cherry picked from commit 975c6f3337039d14ecf87d674af72ac5ab0fee02) --- crypto/openssh/config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/openssh/config.h b/crypto/openssh/config.h index 6462ff16d8d9..751bb631c221 100644 --- a/crypto/openssh/config.h +++ b/crypto/openssh/config.h @@ -1754,7 +1754,7 @@ #define OPENSSL_HAS_ECC 1 /* libcrypto has ed25519 support */ -/* #undef OPENSSL_HAS_ED25519 */ +#define OPENSSL_HAS_ED25519 1 /* libcrypto has NID_X9_62_prime256v1 */ #define OPENSSL_HAS_NISTP256 1 From nobody Tue Feb 18 15:15:49 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Yy34k0ZZMz5nlZn; Tue, 18 Feb 2025 15:15:50 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Yy34k01f0z3X5q; Tue, 18 Feb 2025 15:15:50 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739891750; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=p8x3n1ViuAvC3AC/eLsnjfOhdsKufi6meVcVzNSppWU=; b=HiCy2WDtYC6RCRt7+0o6CZ+ZAOtvij/1UURZTg5hmZEZhyAbBnR6MiTbW2yvU5Gbjw2jOx U24QgCauIQSAjYv/9Y0OVA0OG3pP2qkHGjZ56DEBxMy6cqg88Vr6esrXecEL7fkg70at/Y QOD3z8wVu37ImXa+npaYePbLMfMlIMZ2XCpXQUGDfnRx6LCafWxCZ7rsZ7TVk1T5S6/7SN VxJZno3lqiDUBbMkFlAcvYpp6QFM2YustIETdkRWclpDyks2eMc4lM2Ekk5UYw7VwcWvS8 zf3ANnp2J+UZX9irPbjbEMr1/EBNII7CEMqf/HucLUA0ig0f5+iKDmW1C/cg+Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739891750; a=rsa-sha256; cv=none; b=tPV0xW1ryRETjEx1CTCYrQrY3JsT3dPcbxKPxJsexnZ05xNC5P6Gpk9i6DeEsihavn6wSp EabliBs8vbIv/fWgLCS6zUHSQ0wShlByn4QUvMxUrrswQMiS7gN95IMIVCyh4It8imAw7r HUjA/GikHWrUlx8zYUgRhtpuug51BCNKOVfo+ZbHSwpgGpN6S2VsHQmszo1ToEHnyN9OiW RDF0QuXFr/ZbehvRe53ckaXRjWyn2AFCx8OoEQy7iC4pYAlYyJKM10IdAZ3vO/dfoII5Wv tDW+/c5P3h9VUzADbz+2+p2iwBQtW4xzxYEeRHWyZNm35aZW2bwE/PlNjuXikg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739891750; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=p8x3n1ViuAvC3AC/eLsnjfOhdsKufi6meVcVzNSppWU=; b=mHGDZkFXOxgUwujDGDGUnqJBiG9QUhlDn2dp0ilnd6CqZAkfNyOQTT+NaidabY/mhXku+t a+fZGeMJorwt5VEqtlOTp6v0wc9xjmJh/YMOG0olRnWrmd6iX30Lwhil7Gev79fSqHqYf3 jF8W/cAViGoSNGzu92zfMPkn20c1mIxEACc/sqCgK0pEJk/W899chjRj+EgC7KhP8CzGXM Wi+gDx5sNGifHLVwZLptUMh7ylY0Vw99yzN2T7g5l1c9G0lZmke5zoRIClc354kyE/ZKtS 0vS3g6FCjGqyYqdwiLhS1RFvLhTotf1or7LUcMC8Ol3TZHHn/veV+4TTNm074Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Yy34j6Wmkz8jH; Tue, 18 Feb 2025 15:15:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51IFFnlm041563; Tue, 18 Feb 2025 15:15:49 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51IFFnr1041559; Tue, 18 Feb 2025 15:15:49 GMT (envelope-from git) Date: Tue, 18 Feb 2025 15:15:49 GMT Message-Id: <202502181515.51IFFnr1041559@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Zhenlei Huang Subject: git: 7775f4c5c752 - stable/14 - powerpc: Remove flag CTLFLAG_TUN from sysctl knob hw.platform List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: zlei X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 7775f4c5c75221cd9b2aadf12fb1d9a329c08be4 Auto-Submitted: auto-generated The branch stable/14 has been updated by zlei: URL: https://cgit.FreeBSD.org/src/commit/?id=7775f4c5c75221cd9b2aadf12fb1d9a329c08be4 commit 7775f4c5c75221cd9b2aadf12fb1d9a329c08be4 Author: Zhenlei Huang AuthorDate: 2025-02-13 14:42:45 +0000 Commit: Zhenlei Huang CommitDate: 2025-02-18 15:14:49 +0000 powerpc: Remove flag CTLFLAG_TUN from sysctl knob hw.platform Prior to change [1] this flag is useless but harmless. After the change plat_name[] will be fetched from kernel environment after invoking the platform probe function `platform_probe_and_attach()`. The probe function runs at early boot stage prior to `mi_startup()` thus it is too late and pointless to set plat_name[] after the probe. Nathan mentioned that the logic to specify the platform pre-dates the powerpc64 work, and is from the original pre-FDT Book-E bringup from like 2008, so it's irrelevant these days. Instead of fixing setting the sysctl knob hw.platform, let's clean it up now. [1] 3da1cf1e88f8 Extend the meaning of the CTLFLAG_TUN flag to ... Discussed with: nwhitehorn Reviewed by: olce (previous version), jhibbits, #powerpc MFC after: 5 days Differential Revision: https://reviews.freebsd.org/D48897 (cherry picked from commit b61fbbed73ea3bf0c84589b56cca160c46a3739d) --- sys/powerpc/powerpc/platform.c | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/sys/powerpc/powerpc/platform.c b/sys/powerpc/powerpc/platform.c index fc840063e766..6453e47a58f9 100644 --- a/sys/powerpc/powerpc/platform.c +++ b/sys/powerpc/powerpc/platform.c @@ -65,9 +65,9 @@ static platform_t plat_obj; static struct kobj_ops plat_kernel_kops; static struct platform_kobj plat_kernel_obj; -static char plat_name[64] = ""; -SYSCTL_STRING(_hw, OID_AUTO, platform, CTLFLAG_RDTUN, - plat_name, 0, "Platform currently in use"); +static char plat_name[64]; +SYSCTL_CONST_STRING(_hw, OID_AUTO, platform, CTLFLAG_RD, plat_name, + "Platform currently in use"); static struct mem_affinity mem_info[VM_PHYSSEG_MAX + 1]; static int vm_locality_table[MAXMEMDOM * MAXMEMDOM]; @@ -364,16 +364,7 @@ platform_probe_and_attach(void) if (prio > 0) continue; - /* - * Check if this module was specifically requested through - * the loader tunable we provide. - */ - if (strcmp(platp->name,plat_name) == 0) { - plat_def_impl = platp; - break; - } - - /* Otherwise, see if it is better than our current best */ + /* See if it is better than our current best */ if (plat_def_impl == NULL || prio > best_prio) { best_prio = prio; plat_def_impl = platp; From nobody Tue Feb 18 15:24:20 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Yy3GY0vf5z5nlr2; Tue, 18 Feb 2025 15:24:21 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Yy3GY0GfNz3cGR; Tue, 18 Feb 2025 15:24:21 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739892261; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0Axla0jrxwxrm8PkNTcy1eIi1JacOJW5JYOVmWhuRZk=; b=bjz7U+hD3TyK5LqGJvSNjdwkMgr9Xi4qqXetKr1VkeVq+Fr5EIP7EA0je5qB4j1TMCT5Sh z4MQFq1y32AGyTvGk4YSDjkiEpanfqayKdgQcZtT0BS0qOMBz0YWaJA8tw/ToSuz3hrR+m RhmZRrQii97DZ7O7EvMhY9fAvpMMD2sG/OFuVZvN6zpx8oEeOBSaUSuN5vWOnj6W9Cacne q2SfgK6+8MkPK3Crfu5Ji7x3kTHRuvbioHqvTEZH593XO8mllpXuC/odA2gt3KxP//oa9h 9SbzBCy/jAcsS8oY1KrPMDljmyrbW1veMFqeRGCXYidlDGWsKsitxO25/ziLpw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739892261; a=rsa-sha256; cv=none; b=gDN2M5QQk7E73Ecli4+e10kkFQRptePOgMkinS8Rjd1lM9ypmioQj4t/gk+Wr9RD1yF54x DKZYv0c6RwupYaf1YFMmiE8wscBX+y8nIjoxP8pzPfHR0HPAR8jp5/0TTsVk9z+C9SEqPa DDSiWrVIzSdTnu9126psLQ1aKxgHQXAgjEgQe9sG4N14wImpBb0y/mNYZjNdNnSC2D7DMN 9jFw5z8tNIT5iAVYtQnqR7NolfGFqpUwBwBG7j5CEsCdiRvxAmCPTDQYxBHPQPtA86FZqE ArX0sQROzSaW+4VyQBFFbJfhqD+LMLj6H4e/Nhkp2MfPcM2rRWJOZJQS+7q3Fw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739892261; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0Axla0jrxwxrm8PkNTcy1eIi1JacOJW5JYOVmWhuRZk=; b=aT8+q6v7moP/nVUcb5BcX59uSIKmz2WLZUR3ILjecHtJZ9WQLUxHNYpD+WQNgHsj0fLmyb p16EYO0X1qo3roiNVW7Df8eKsyRXruD1H+beHKr89kirpHgtxqqGnQrs0kxMV2H9KeL3tx sGaFPn0FKCWCYiRK3xVpZqDevriKs5iJHuRlr5CNPf3t/H5tlZONug4cH4qdlJjpIKHS26 FP0VPYksUs1Z/8gixWonfzojMoJIywKJZ3cLTC0QpSyPwL84YqwKN2oQcAt/69VclcKbF2 rGfGS6eXURfUc2r7Sy0xjbUpsIezA8Cruc/jcirDfnqjLK+bCKZsrmu6xhcz7g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Yy3GX6FZnz8wB; Tue, 18 Feb 2025 15:24:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51IFOKON059170; Tue, 18 Feb 2025 15:24:20 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51IFOKUq059167; Tue, 18 Feb 2025 15:24:20 GMT (envelope-from git) Date: Tue, 18 Feb 2025 15:24:20 GMT Message-Id: <202502181524.51IFOKUq059167@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Zhenlei Huang Subject: git: 904510b2ac56 - stable/13 - powerpc: Remove flag CTLFLAG_TUN from sysctl knob hw.platform List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: zlei X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 904510b2ac56900be976dbe739cfb64cb3d37a24 Auto-Submitted: auto-generated The branch stable/13 has been updated by zlei: URL: https://cgit.FreeBSD.org/src/commit/?id=904510b2ac56900be976dbe739cfb64cb3d37a24 commit 904510b2ac56900be976dbe739cfb64cb3d37a24 Author: Zhenlei Huang AuthorDate: 2025-02-13 14:42:45 +0000 Commit: Zhenlei Huang CommitDate: 2025-02-18 15:23:37 +0000 powerpc: Remove flag CTLFLAG_TUN from sysctl knob hw.platform Prior to change [1] this flag is useless but harmless. After the change plat_name[] will be fetched from kernel environment after invoking the platform probe function `platform_probe_and_attach()`. The probe function runs at early boot stage prior to `mi_startup()` thus it is too late and pointless to set plat_name[] after the probe. Nathan mentioned that the logic to specify the platform pre-dates the powerpc64 work, and is from the original pre-FDT Book-E bringup from like 2008, so it's irrelevant these days. Instead of fixing setting the sysctl knob hw.platform, let's clean it up now. [1] 3da1cf1e88f8 Extend the meaning of the CTLFLAG_TUN flag to ... Discussed with: nwhitehorn Reviewed by: olce (previous version), jhibbits, #powerpc MFC after: 5 days Differential Revision: https://reviews.freebsd.org/D48897 (cherry picked from commit b61fbbed73ea3bf0c84589b56cca160c46a3739d) (cherry picked from commit 7775f4c5c75221cd9b2aadf12fb1d9a329c08be4) --- sys/powerpc/powerpc/platform.c | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/sys/powerpc/powerpc/platform.c b/sys/powerpc/powerpc/platform.c index 0d1ab792abef..4d21ddd36b77 100644 --- a/sys/powerpc/powerpc/platform.c +++ b/sys/powerpc/powerpc/platform.c @@ -65,9 +65,9 @@ static platform_t plat_obj; static struct kobj_ops plat_kernel_kops; static struct platform_kobj plat_kernel_obj; -static char plat_name[64] = ""; -SYSCTL_STRING(_hw, OID_AUTO, platform, CTLFLAG_RDTUN, - plat_name, 0, "Platform currently in use"); +static char plat_name[64]; +SYSCTL_CONST_STRING(_hw, OID_AUTO, platform, CTLFLAG_RD, plat_name, + "Platform currently in use"); static struct mem_affinity mem_info[VM_PHYSSEG_MAX + 1]; static int vm_locality_table[MAXMEMDOM * MAXMEMDOM]; @@ -364,16 +364,7 @@ platform_probe_and_attach() if (prio > 0) continue; - /* - * Check if this module was specifically requested through - * the loader tunable we provide. - */ - if (strcmp(platp->name,plat_name) == 0) { - plat_def_impl = platp; - break; - } - - /* Otherwise, see if it is better than our current best */ + /* See if it is better than our current best */ if (plat_def_impl == NULL || prio > best_prio) { best_prio = prio; plat_def_impl = platp; From nobody Tue Feb 18 17:20:33 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Yy5rf5HF4z5nv9g; Tue, 18 Feb 2025 17:20:34 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Yy5rf0JJkz3KxB; Tue, 18 Feb 2025 17:20:34 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739899234; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=5H4UqJWdk/0RhZi4UClXG8SmFSfTI+90QM816l1pvdg=; b=bs6U21KOt7EIohSpGhEZX1OgdKnlsxlSi/IozHMmOxq7gNo1xKW0LxbD59YX0SriG4J1Tn /0eTeJt+YOHC1cvKtwYOzacrJ3xA84EdQoTTnxWpC6ys8mNsI4oYqrSyfz+ToptqgHvy6r 51YfQrYBxr3SgNzdIiSZ7Fh22U3eBFqNCBzNBClPv7O0s3uaCPiFZOqPZQYTUqv9FX1Rgx 66IsYl8ZUzCiTFyFV/l9t7ga1zzGlSPJy8FCZ9NGOIGJgIxd/Ii0o73N6O+AsFzqAayyGF ASVIRJ1eY8xjFvmg5g6twsz4uH1JfPgtmkP2vtL8GsBGx/sfrX0Qp20Vrk5NHQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739899234; a=rsa-sha256; cv=none; b=LHwnPNIT55l7w2utrOuPg0L2MGLTE3aFM8tFro2rZN801Nx/2M+DfSxYWsPx1i/DlrSGXB kCwFQCatvvlhCvXg2bdNIT6fOa08yH3OePwj3/5BomEX/2q7g/IZVV+/VlKPD67cZ61Y+Z ppLvhMxR/CwbaKRDht6khZ8RIlaB3vPdw7vx1H1cmQOWUEEGO2KNh3X8b3MN4SU+mS+mCM B2l+a7VkSNl0xdMmg3hHcROBeue24c9u53awZhj8mCG2sHqeDiLqSyHNDb/spDnitsH1nv x6qqQZkDQg09efXOwGHA/MOYrGWhEUoRgLGnEqh6PLlYZSAMvqObEJhArBwfdg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739899234; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=5H4UqJWdk/0RhZi4UClXG8SmFSfTI+90QM816l1pvdg=; b=Wy5GoXMMepwV8REO4/2+uuyHy1ER4n2RrugLTFIObJV3s7ZdbiJhLvQGpBKhF44v7ABlPN dAx1q0INgpcQjXAaDmZCIB2sEfiaZGogzgZOSe8RXlzLf0+NgvRrgpZR7jhgmE3na2w+Wu warMC1+OF2qORC0OIqZclqmXRqD7LCpleJFpBeduwl9LcZuAwORfqA2AmSgeetaLt0ztW1 zlCD3gomMtp1uP/xn4ADn1F25GncL6KLGl2N6aeIFeem/EJp37FgrEVgKNIkRV7zzawMHF X6Cq+MhYeqBRuEKS2adeIrdOJYQ6z8aa2mrCNNLSK2PHxvXNBcSBKWvOHCErJg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Yy5rd6w5wzCd4; Tue, 18 Feb 2025 17:20:33 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51IHKXAs076026; Tue, 18 Feb 2025 17:20:33 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51IHKXiS076023; Tue, 18 Feb 2025 17:20:33 GMT (envelope-from git) Date: Tue, 18 Feb 2025 17:20:33 GMT Message-Id: <202502181720.51IHKXiS076023@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 65835073dc3d - stable/14 - csh: Remove gethost dependency on tc.const.h List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 65835073dc3d126fe446d732cd3ce0d93509c92c Auto-Submitted: auto-generated The branch stable/14 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=65835073dc3d126fe446d732cd3ce0d93509c92c commit 65835073dc3d126fe446d732cd3ce0d93509c92c Author: Ed Maste AuthorDate: 2025-02-18 17:19:16 +0000 Commit: Ed Maste CommitDate: 2025-02-18 17:19:16 +0000 csh: Remove gethost dependency on tc.const.h gethost is a build tool built in stage 2.3, but it had a dependency on tc.const.h, which requires target headers (that are not installed until stage 4.1). The build falls back to the host's headers if the target headers don't yet exist, which may result in a build failure if the host's headers don't match the target. As gethost.c doesn't actually require the definitions in tc.const.h, add a hack to skip the include of tc.const.h and remove the dependency. PR: 283273 Reviewed by: imp Sponsored by: The FreeBSD Foundation Fixes: e754e5f36195 ("Upgrade to 6.10") Differential Revision: https://reviews.freebsd.org/D48880 (cherry picked from commit ed8b456f82ed822652f2abb24d65ab73ac3dbb0a) --- bin/csh/Makefile | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/bin/csh/Makefile b/bin/csh/Makefile index 94e1ba763d6e..7e20c187dee2 100644 --- a/bin/csh/Makefile +++ b/bin/csh/Makefile @@ -123,9 +123,14 @@ build-tools: gethost tc.defs.c: gethost DEPENDOBJS+= gethost -gethost: gethost.c sh.err.h tc.const.h sh.h ${BUILD_TOOLS_META} +gethost: gethost.c sh.err.h sh.h ${BUILD_TOOLS_META} @rm -f ${.TARGET} + # Define _h_tc_const so that tc.h will skip including tc.const.h. + # gethost.c does not actually require any of the definitions in there, + # and building tc.const.h requires target headers which are not + # available when we need to build gethost. ${CC:N${CCACHE_BIN}} -o gethost ${LDFLAGS} ${CFLAGS:C/-DHAVE_ICONV//} \ + -D_h_tc_const \ ${TCSHDIR}/gethost.c .endif From nobody Tue Feb 18 17:43:12 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Yy6Lm5cxKz5nwQG; Tue, 18 Feb 2025 17:43:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Yy6Lm51XBz3WRF; Tue, 18 Feb 2025 17:43:12 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739900592; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+WuNPfmbxbCNXsN7IvvZOsPcx+ZG6PrtQObNE4gZPOg=; b=QwVi76nxzoLB2ugCytx5kvFyM7I/axeceh4+Nq2eyQF9yOuL9EiPuRPfrM/FQLAQVUs++8 E5xbLif7HvQQcFc5/whcvcPWOLzDoDOlWHOfSPaaxdwVlTuV28ru/+xwvB/fFUroML9Jxr CdvRgva/iaNtXg3oCfBJ2RWmsaJ2BSowygLvfm4+ZGS9F8qjU6vUKHBnS6sMC5Xea/fomJ xyQtdpt05L4ZjR0kKoGmfiPzb16hsPmxBol+eDWxTqM3eBucQRVWvl4hnng1qYvIWds3Qi F0pHo/knabgscGCxHmMNBnyaLYCGia2d1H+sF9e3ETBkQXxxadmEcSxXGZSlUg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739900592; a=rsa-sha256; cv=none; b=hJdIw9Ob5QsIJN9U/k4PTw3gpVEAwTshOoaHnQ+HQ6/UTXEUsGSinTw5yzbgHd8ViBkhb/ D5/GCsXeqxWATLfzUbc+WHCkAL4KLPTpmY3c8pWiNs/dm4BjQsu6ZS3nQNgN12CRUwgOd8 cWmart3IfA/j8juomZcXEuSaGzWkXbM2z6U68ZaJP1YeToA6XRZYM9eLoI53zc0PEvw9u0 4yZf+ms6qF4gXlZWJ32bhhXCcVXUd72wYS0KWx9NFaoJwUOVgXib6a5Hw2oBOAE5EqMtkr dkKZ4ItrFiLS0690mhFYvsUCFACEvtcJX/5ZAMcaKy4QkioaZGWBg5OHKTCUOw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739900592; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+WuNPfmbxbCNXsN7IvvZOsPcx+ZG6PrtQObNE4gZPOg=; b=aYF28icNP5TFQgrjobtG7h8Dgdzh6XX6bPF4rYSsnI9CrpVKMGa+ODdUPMJeXPYW/eMcaG RM+GvIFt1CseaGSrhVqyxNtIZ/i2s0dmc8ICVBzkd6zp0Q1Ba2eq2G5FsFuueJ9O37/VQW bF/icpFbTtSzI13DvU/pH6HjaDYJ9Ue6FM9mU5CbM4V2nZRRXUaErleuKk6J9zT4AsXtEq x0ME8oftC8TvUG8Uh5BZgIjYke3KSNG5G9GAv3hCfEOBkWv5SwJNSO6HI5dNcrovPmoBEP 5ZEkYXMyzVhwtDS15RjqATs0xj80MOPzmRTxb0aenpgy33UZaQv4RplB215qww== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Yy6Lm4Tq3zDXb; Tue, 18 Feb 2025 17:43:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51IHhCrO021110; Tue, 18 Feb 2025 17:43:12 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51IHhCK9021107; Tue, 18 Feb 2025 17:43:12 GMT (envelope-from git) Date: Tue, 18 Feb 2025 17:43:12 GMT Message-Id: <202502181743.51IHhCK9021107@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: 91ff75b756ec - stable/13 - =?utf-8?Q?pf.conf.5: fix =E2=89=A4?= List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 91ff75b756ec4563e3cc2c466e3841462451794d Auto-Submitted: auto-generated The branch stable/13 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=91ff75b756ec4563e3cc2c466e3841462451794d commit 91ff75b756ec4563e3cc2c466e3841462451794d Author: Kristof Provost AuthorDate: 2025-02-05 14:52:15 +0000 Commit: Kristof Provost CommitDate: 2025-02-18 16:49:41 +0000 pf.conf.5: fix ≤ pf.conf expects <=, not ≤ (and the same applies to ≥ and >=). Make sure the man page reflects this. MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 85c333a947e950d9267517afd1d9c30a655b7bfb) --- share/man/man5/pf.conf.5 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index 6168bc3e8089..6eeb2ede9c49 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1619,9 +1619,9 @@ Ports and ranges of ports are specified by using these operators: = (equal) != (unequal) \*(Lt (less than) -\*(Le (less than or equal) +<= (less than or equal) \*(Gt (greater than) -\*(Ge (greater than or equal) +>= (greater than or equal) : (range including boundaries) \*(Gt\*(Lt (range excluding boundaries) \*(Lt\*(Gt (except range) @@ -1662,7 +1662,7 @@ pass in all pass in from any to any pass in proto tcp from any port \*(Le 1024 to any pass in proto tcp from any to any port 25 -pass in proto tcp from 10.0.0.0/8 port \*(Gt 1024 \e +pass in proto tcp from 10.0.0.0/8 port >= 1024 \e to ! 10.1.2.3 port != ssh pass in proto tcp from any os "OpenBSD" .Ed @@ -3100,7 +3100,7 @@ os = "os" ( os-name | "{" os-list "}" ) user = "user" ( unary-op | binary-op | "{" op-list "}" ) group = "group" ( unary-op | binary-op | "{" op-list "}" ) -unary-op = [ "=" | "!=" | "\*(Lt" | "\*(Le" | "\*(Gt" | "\*(Ge" ] +unary-op = [ "=" | "!=" | "\*(Lt" | "<=" | "\*(Gt" | ">=" ] ( name | number ) binary-op = number ( "\*(Lt\*(Gt" | "\*(Gt\*(Lt" | ":" ) number op-list = ( unary-op | binary-op ) [ [ "," ] op-list ] From nobody Tue Feb 18 17:43:13 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Yy6Lp0c3Gz5nx00; Tue, 18 Feb 2025 17:43:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Yy6Ln5wWTz3WYN; Tue, 18 Feb 2025 17:43:13 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739900593; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hdy36wdjWeor658kvqjEtOEQHjrdhW1MEnOk5gmbmH0=; b=oZSf7Y88SqU0zV4Dx7gRJgGEg8Ha5HJg+97yasDjrNmAsX6e7bhNjfRTRgbxCckD1Zji5b N6TdK8ZLaukzkl1t721/Z8wdnq8MkVUq1iv7Fg2xC6xLA/LXrVqUnMUR5bs7Dl/Suy/xB7 H8PV8pdyciCQveha7Gq1Rb9jcd1yWEJDspDVphkmQjzb2Umoj+m2yElUuao5bpBX+M6V9A /6wyK5DXlj4Dtlb5NNjPjwemyXDqIixIzIT7uUffaXvLXge9U15PsUANfzcDZweZorlj5V T9+47hxy/EjvrUVycLcdYl9kLjPVZWyJ8dCS3oosZQVIDtm7I4orBW+3IP1Piw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739900593; a=rsa-sha256; cv=none; b=Ply9TLgXXpBvgVnmyKiI7Q87z9IxWaSAW51PCrBv5Q1kP/MZ4LlGkvweWSnv46L5zAHV7J nmmoUv852OKNS+yrr1MSTUjOPUy9o1I5TqeUnXJf2rvi0Det0TePlYLgTV8MHk5IsKEyrl xPW670+xCkohxWMw94d+j78UuvY+M7JS8fknHWVCaIPamZk1d4dDaah38ZIClOXUp9tRxd 71jjednrG3ITEUW/k7Y4LnufMFu8tEsEXWHWQ1+PU5/ciW39YrLdYLIvUADTwOIwyc/RYl RnSkAZ7R2uPFgvYnRI94vWfkyOXBhB9ysSCe0KeIbOExdULZN1B37PikTj+XqQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739900593; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hdy36wdjWeor658kvqjEtOEQHjrdhW1MEnOk5gmbmH0=; b=gIq4h7cMa6q/NJSsno5XKcub1ABUn+bewFbOkpOO80hlNmWTn61CZ6ChzeTsD6IVXZfw1e 7mJWbXHLET4behWA/lBJ/UgqhQBSIb/tcx5n6voc1BwAevPCNz0oNAey/iOGxM/8gpag0L 5uNTHTeBTeuvKM0m8G6Tr2g5oWhOZyJaX2wYaDgDsvDETNlwceotV3L1pcZVofcWhXmdrJ 3tBKe0UdJGVpdjZW8w6fIift6B5hxWwv2Rc7E3sgt6O2siFE2SwoALdKu5cQTsPIxbh9nf dlbRxG4KeNeOQyYR4BCVeIF+kgc2v1o6c2X4Ta8/N/75c7t3CpY6cBVQmSrBIQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Yy6Ln4VdWzTyD; Tue, 18 Feb 2025 17:43:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51IHhDOX021214; Tue, 18 Feb 2025 17:43:13 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51IHhDng021211; Tue, 18 Feb 2025 17:43:13 GMT (envelope-from git) Date: Tue, 18 Feb 2025 17:43:13 GMT Message-Id: <202502181743.51IHhDng021211@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: ea54fe79b464 - stable/14 - pf: drop IPv6 packets built from overlapping fragments in pf reassembly List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: ea54fe79b46451b571050fbe05e282cd8496607d Auto-Submitted: auto-generated The branch stable/14 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=ea54fe79b46451b571050fbe05e282cd8496607d commit ea54fe79b46451b571050fbe05e282cd8496607d Author: Kristof Provost AuthorDate: 2025-01-08 13:34:22 +0000 Commit: Kristof Provost CommitDate: 2025-02-18 17:40:26 +0000 pf: drop IPv6 packets built from overlapping fragments in pf reassembly The reassembly state will be dropped after timeout, all related fragments are dropped until that. This is conforming to RFC 5722. - Sort pf_fragment fields while there. - If the fr_queue is empty, we had overlapping fragments, don't add new ones. - If we detect overlapping IPv6 fragments, flush the fr_queue and drop all fragments immediately. - Rearrange debug output, to make clear what happens. - An IPv4 fragment that is totaly overlapped does not inclease the bad fragment counter. - Put an KASSERT into pf_isfull_fragment() to make sure that the fr_queue is never emtpy there. discussed with Fernando Gont; ok henning@ Obtained from: OpenBSD, bluhm , 8b45f36762 Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 6a3266f72e437aecf3edcfb8aa919466b270d548) --- sys/netpfil/pf/pf_norm.c | 46 +++++++++++++++++++++++++++++++++++-------- tests/sys/netpfil/pf/frag6.py | 44 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 82 insertions(+), 8 deletions(-) diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c index de4df7ebf4de..69548e6a997f 100644 --- a/sys/netpfil/pf/pf_norm.c +++ b/sys/netpfil/pf/pf_norm.c @@ -95,9 +95,9 @@ struct pf_fragment { RB_ENTRY(pf_fragment) fr_entry; TAILQ_ENTRY(pf_fragment) frag_next; uint32_t fr_timeout; + TAILQ_HEAD(pf_fragq, pf_frent) fr_queue; uint16_t fr_maxlen; /* maximum length of single fragment */ u_int16_t fr_holes; /* number of holes in the queue */ - TAILQ_HEAD(pf_fragq, pf_frent) fr_queue; }; struct pf_fragment_tag { @@ -593,9 +593,9 @@ pf_fillup_fragment(struct pf_fragment_cmp *key, struct pf_frent *frent, memset(frag->fr_firstoff, 0, sizeof(frag->fr_firstoff)); memset(frag->fr_entries, 0, sizeof(frag->fr_entries)); frag->fr_timeout = time_uptime; + TAILQ_INIT(&frag->fr_queue); frag->fr_maxlen = frent->fe_len; frag->fr_holes = 1; - TAILQ_INIT(&frag->fr_queue); RB_INSERT(pf_frag_tree, &V_pf_frag_tree, frag); TAILQ_INSERT_HEAD(&V_pf_fragqueue, frag, frag_next); @@ -606,7 +606,15 @@ pf_fillup_fragment(struct pf_fragment_cmp *key, struct pf_frent *frent, return (frag); } - KASSERT(!TAILQ_EMPTY(&frag->fr_queue), ("!TAILQ_EMPTY()->fr_queue")); + if (TAILQ_EMPTY(&frag->fr_queue)) { + /* + * Overlapping IPv6 fragments have been detected. Do not + * reassemble packet but also drop future fragments. + * This will be done for this ident/src/dst combination + * until fragment queue timeout. + */ + goto drop_fragment; + } /* Remember maximum fragment len for refragmentation. */ if (frent->fe_len > frag->fr_maxlen) @@ -642,10 +650,15 @@ pf_fillup_fragment(struct pf_fragment_cmp *key, struct pf_frent *frent, if (prev != NULL && prev->fe_off + prev->fe_len > frent->fe_off) { uint16_t precut; + if (frag->fr_af == AF_INET6) + goto flush_fragentries; + precut = prev->fe_off + prev->fe_len - frent->fe_off; - if (precut >= frent->fe_len) - goto bad_fragment; - DPFPRINTF(("overlap -%d\n", precut)); + if (precut >= frent->fe_len) { + DPFPRINTF(("new frag overlapped\n")); + goto drop_fragment; + } + DPFPRINTF(("frag head overlap %d\n", precut)); m_adj(frent->fe_m, precut); frent->fe_off += precut; frent->fe_len -= precut; @@ -664,7 +677,7 @@ pf_fillup_fragment(struct pf_fragment_cmp *key, struct pf_frent *frent, after->fe_len -= aftercut; new_index = pf_frent_index(after); if (old_index != new_index) { - DPFPRINTF(("frag index %d, new %d", + DPFPRINTF(("frag index %d, new %d\n", old_index, new_index)); /* Fragment switched queue as fe_off changed */ after->fe_off -= aftercut; @@ -676,7 +689,7 @@ pf_fillup_fragment(struct pf_fragment_cmp *key, struct pf_frent *frent, /* Insert into correct queue */ if (pf_frent_insert(frag, after, prev)) { DPFPRINTF( - ("fragment requeue limit exceeded")); + ("fragment requeue limit exceeded\n")); m_freem(after->fe_m); uma_zfree(V_pf_frent_z, after); /* There is not way to recover */ @@ -687,6 +700,7 @@ pf_fillup_fragment(struct pf_fragment_cmp *key, struct pf_frent *frent, } /* This fragment is completely overlapped, lose it. */ + DPFPRINTF(("old frag overlapped\n")); next = TAILQ_NEXT(after, fr_next); pf_frent_remove(frag, after); m_freem(after->fe_m); @@ -701,6 +715,22 @@ pf_fillup_fragment(struct pf_fragment_cmp *key, struct pf_frent *frent, return (frag); +flush_fragentries: + /* + * RFC5722: When reassembling an IPv6 datagram, if one or + * more its constituent fragments is determined to be an + * overlapping fragment, the entire datagram (and any constituent + * fragments, including those not yet received) MUST be + * silently discarded. + */ + DPFPRINTF(("flush overlapping fragments\n")); + while ((prev = TAILQ_FIRST(&frag->fr_queue)) != NULL) { + TAILQ_REMOVE(&frag->fr_queue, prev, fr_next); + + m_freem(prev->fe_m); + uma_zfree(V_pf_frent_z, prev); + } + bad_fragment: REASON_SET(reason, PFRES_FRAG); drop_fragment: diff --git a/tests/sys/netpfil/pf/frag6.py b/tests/sys/netpfil/pf/frag6.py index 28b1829d418c..f54381fba8cb 100644 --- a/tests/sys/netpfil/pf/frag6.py +++ b/tests/sys/netpfil/pf/frag6.py @@ -58,3 +58,47 @@ class TestFrag6(VnetTestTemplate): timeout=3) for p in packets: assert not p.getlayer(sp.ICMPv6EchoReply) + +class TestFrag6_Overlap(VnetTestTemplate): + REQUIRED_MODULES = ["pf"] + TOPOLOGY = { + "vnet1": {"ifaces": ["if1"]}, + "vnet2": {"ifaces": ["if1"]}, + "if1": {"prefixes6": [("2001:db8::1/64", "2001:db8::2/64")]}, + } + + def vnet2_handler(self, vnet): + ToolsHelper.print_output("/sbin/pfctl -e") + ToolsHelper.print_output("/sbin/pfctl -x loud") + ToolsHelper.pf_rules([ + "scrub fragment reassemble", + "pass", + ]) + + @pytest.mark.require_user("root") + def test_overlap(self): + "Ensure we discard packets with overlapping fragments" + + # Import in the correct vnet, so at to not confuse Scapy + import scapy.all as sp + + packet = sp.IPv6(src="2001:db8::1", dst="2001:db8::2") \ + / sp.ICMPv6EchoRequest(data=sp.raw(bytes.fromhex('f00f') * 90)) + frags = sp.fragment6(packet, 128) + assert len(frags) == 3 + + f = frags[0].getlayer(sp.IPv6ExtHdrFragment) + # Fragment with overlap + overlap = sp.IPv6(src="2001:db8::1", dst="2001:db8::2") \ + / sp.IPv6ExtHdrFragment(offset = 4, m = 1, id = f.id, nh = f.nh) \ + / sp.raw(bytes.fromhex('f00f') * 4) + frags = [ frags[0], frags[1], overlap, frags[2] ] + + # Delay the send so the sniffer is running when we transmit. + s = DelayedSend(frags) + + packets = sp.sniff(iface=self.vnet.iface_alias_map["if1"].name, + timeout=3) + for p in packets: + p.show() + assert not p.getlayer(sp.ICMPv6EchoReply) From nobody Tue Feb 18 17:43:13 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Yy6Lp2Zgcz5nwQH; Tue, 18 Feb 2025 17:43:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Yy6Lp04mdz3WN9; Tue, 18 Feb 2025 17:43:14 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739900594; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=oab1E6FHbzyRDx9gG64oeyPu/y7JiVsMpabncJOps9I=; b=IcGOM9oLE7gw4I69whWS8rbic3/VhW7y39cQkoscLD9RMXLCs324Qn0FGOdx4uromJweDu zldwue1WY6E/1TdsQGpjmjG+VfqY+E1bnzPuewWu2m4rCU6gvrD50e3ca5HvtmlwmApvTh t/ZlZsh9lh+/7QK+xcsi2C5qhOeipgPMHi4EmHh7n/hcuLNhfFcKI/KBX8l80RuiwhbfqJ cv/rJ9X5Sbr1bPo6Sai0E9xqFiZ6rk2A7ihjgogYsqV4l7pErS9WBUgHDJSrXcFkJwdD5k yXlXmJ9vTX15ihaNjBpux2pZfImPP5d28Xpztb5Q0vhS2gHH909UvOxA6gDd7w== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739900594; a=rsa-sha256; cv=none; b=M7ZvIOYPTdcluRstlKOTP8S9XCRIGAR4eZITeLkuprHZJ0hDo6zhdhOKV6rikMPY1foIkF kWlTO8N92BhAikS4m4uO7T8p4SMMU5sQ0d7tsUb/nH2D5Gi+DsCp6aQNGfcIoduigwVXRK 6BKv64GOrCPR8L+PsIqMjKlP2mr8VObTnuY3qx+0YniQn6QJC/9AsFJFE8NWvvEKFLPibJ Po3DqX8bAkB996jWDKmLFRWUCB5Pwr1Y2Q9YClQ8Wi2iyykUCFWQjRcXI5TfTqoyYiGfNp /sMLib7Ljk0DFarEOR8vw+G8bQXwQDNsL9+WYoH7vLu/WnVIe4TCeuKpJyX19g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739900594; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=oab1E6FHbzyRDx9gG64oeyPu/y7JiVsMpabncJOps9I=; b=KIhHgALR7F1nSGfFDDKG8rohnXP//1DBgCjNY+6rEetvN19VF5pCLGD0ZRm09FHCz/HE/y ZsCq0GgrJpEv5DHiyg9XDBnyqoyOtHDFS9ZBhAUvqIoQhbTS10L8D2cziq5aRfzaRzPm5b pCZWlzQpoidaQQh+vrpAkeBoiEdqA55VOaQNYK48w9IN29dzeHlt3E4fBqjovlhtC7zklx JbQ19KlHzaJ0BRpxWPCbJt64VlWAgHR1XmfvcznuuDf/cD+yrNAVDFNyzcRSW9sFWrASAo 8Tv4REZsAfCGlriXgzVFI4ypSlFHtIh8kzNcBpVn8fVmdL86SAhsH/1MG++8+A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Yy6Ln4g9BzTZc; Tue, 18 Feb 2025 17:43:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51IHhDXe021244; Tue, 18 Feb 2025 17:43:13 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51IHhD9b021241; Tue, 18 Feb 2025 17:43:13 GMT (envelope-from git) Date: Tue, 18 Feb 2025 17:43:13 GMT Message-Id: <202502181743.51IHhD9b021241@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: a61c2617f189 - stable/13 - pf: drop IPv6 packets built from overlapping fragments in pf reassembly List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: a61c2617f1894c1e09297334160a1ddbe9f32652 Auto-Submitted: auto-generated The branch stable/13 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=a61c2617f1894c1e09297334160a1ddbe9f32652 commit a61c2617f1894c1e09297334160a1ddbe9f32652 Author: Kristof Provost AuthorDate: 2025-01-08 13:34:22 +0000 Commit: Kristof Provost CommitDate: 2025-02-18 16:49:42 +0000 pf: drop IPv6 packets built from overlapping fragments in pf reassembly The reassembly state will be dropped after timeout, all related fragments are dropped until that. This is conforming to RFC 5722. - Sort pf_fragment fields while there. - If the fr_queue is empty, we had overlapping fragments, don't add new ones. - If we detect overlapping IPv6 fragments, flush the fr_queue and drop all fragments immediately. - Rearrange debug output, to make clear what happens. - An IPv4 fragment that is totaly overlapped does not inclease the bad fragment counter. - Put an KASSERT into pf_isfull_fragment() to make sure that the fr_queue is never emtpy there. discussed with Fernando Gont; ok henning@ Obtained from: OpenBSD, bluhm , 8b45f36762 Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 6a3266f72e437aecf3edcfb8aa919466b270d548) --- sys/netpfil/pf/pf_norm.c | 46 +++++++++++++++++++++++++++++++++++-------- tests/sys/netpfil/pf/frag6.py | 44 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 82 insertions(+), 8 deletions(-) diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c index d1ffa21d7873..936aa3c3c0e4 100644 --- a/sys/netpfil/pf/pf_norm.c +++ b/sys/netpfil/pf/pf_norm.c @@ -94,9 +94,9 @@ struct pf_fragment { RB_ENTRY(pf_fragment) fr_entry; TAILQ_ENTRY(pf_fragment) frag_next; uint32_t fr_timeout; + TAILQ_HEAD(pf_fragq, pf_frent) fr_queue; uint16_t fr_maxlen; /* maximum length of single fragment */ u_int16_t fr_holes; /* number of holes in the queue */ - TAILQ_HEAD(pf_fragq, pf_frent) fr_queue; }; struct pf_fragment_tag { @@ -595,9 +595,9 @@ pf_fillup_fragment(struct pf_fragment_cmp *key, struct pf_frent *frent, memset(frag->fr_firstoff, 0, sizeof(frag->fr_firstoff)); memset(frag->fr_entries, 0, sizeof(frag->fr_entries)); frag->fr_timeout = time_uptime; + TAILQ_INIT(&frag->fr_queue); frag->fr_maxlen = frent->fe_len; frag->fr_holes = 1; - TAILQ_INIT(&frag->fr_queue); RB_INSERT(pf_frag_tree, &V_pf_frag_tree, frag); TAILQ_INSERT_HEAD(&V_pf_fragqueue, frag, frag_next); @@ -608,7 +608,15 @@ pf_fillup_fragment(struct pf_fragment_cmp *key, struct pf_frent *frent, return (frag); } - KASSERT(!TAILQ_EMPTY(&frag->fr_queue), ("!TAILQ_EMPTY()->fr_queue")); + if (TAILQ_EMPTY(&frag->fr_queue)) { + /* + * Overlapping IPv6 fragments have been detected. Do not + * reassemble packet but also drop future fragments. + * This will be done for this ident/src/dst combination + * until fragment queue timeout. + */ + goto drop_fragment; + } /* Remember maximum fragment len for refragmentation. */ if (frent->fe_len > frag->fr_maxlen) @@ -644,10 +652,15 @@ pf_fillup_fragment(struct pf_fragment_cmp *key, struct pf_frent *frent, if (prev != NULL && prev->fe_off + prev->fe_len > frent->fe_off) { uint16_t precut; + if (frag->fr_af == AF_INET6) + goto flush_fragentries; + precut = prev->fe_off + prev->fe_len - frent->fe_off; - if (precut >= frent->fe_len) - goto bad_fragment; - DPFPRINTF(("overlap -%d\n", precut)); + if (precut >= frent->fe_len) { + DPFPRINTF(("new frag overlapped\n")); + goto drop_fragment; + } + DPFPRINTF(("frag head overlap %d\n", precut)); m_adj(frent->fe_m, precut); frent->fe_off += precut; frent->fe_len -= precut; @@ -666,7 +679,7 @@ pf_fillup_fragment(struct pf_fragment_cmp *key, struct pf_frent *frent, after->fe_len -= aftercut; new_index = pf_frent_index(after); if (old_index != new_index) { - DPFPRINTF(("frag index %d, new %d", + DPFPRINTF(("frag index %d, new %d\n", old_index, new_index)); /* Fragment switched queue as fe_off changed */ after->fe_off -= aftercut; @@ -678,7 +691,7 @@ pf_fillup_fragment(struct pf_fragment_cmp *key, struct pf_frent *frent, /* Insert into correct queue */ if (pf_frent_insert(frag, after, prev)) { DPFPRINTF( - ("fragment requeue limit exceeded")); + ("fragment requeue limit exceeded\n")); m_freem(after->fe_m); uma_zfree(V_pf_frent_z, after); /* There is not way to recover */ @@ -689,6 +702,7 @@ pf_fillup_fragment(struct pf_fragment_cmp *key, struct pf_frent *frent, } /* This fragment is completely overlapped, lose it. */ + DPFPRINTF(("old frag overlapped\n")); next = TAILQ_NEXT(after, fr_next); pf_frent_remove(frag, after); m_freem(after->fe_m); @@ -703,6 +717,22 @@ pf_fillup_fragment(struct pf_fragment_cmp *key, struct pf_frent *frent, return (frag); +flush_fragentries: + /* + * RFC5722: When reassembling an IPv6 datagram, if one or + * more its constituent fragments is determined to be an + * overlapping fragment, the entire datagram (and any constituent + * fragments, including those not yet received) MUST be + * silently discarded. + */ + DPFPRINTF(("flush overlapping fragments\n")); + while ((prev = TAILQ_FIRST(&frag->fr_queue)) != NULL) { + TAILQ_REMOVE(&frag->fr_queue, prev, fr_next); + + m_freem(prev->fe_m); + uma_zfree(V_pf_frent_z, prev); + } + bad_fragment: REASON_SET(reason, PFRES_FRAG); drop_fragment: diff --git a/tests/sys/netpfil/pf/frag6.py b/tests/sys/netpfil/pf/frag6.py index 28b1829d418c..f54381fba8cb 100644 --- a/tests/sys/netpfil/pf/frag6.py +++ b/tests/sys/netpfil/pf/frag6.py @@ -58,3 +58,47 @@ class TestFrag6(VnetTestTemplate): timeout=3) for p in packets: assert not p.getlayer(sp.ICMPv6EchoReply) + +class TestFrag6_Overlap(VnetTestTemplate): + REQUIRED_MODULES = ["pf"] + TOPOLOGY = { + "vnet1": {"ifaces": ["if1"]}, + "vnet2": {"ifaces": ["if1"]}, + "if1": {"prefixes6": [("2001:db8::1/64", "2001:db8::2/64")]}, + } + + def vnet2_handler(self, vnet): + ToolsHelper.print_output("/sbin/pfctl -e") + ToolsHelper.print_output("/sbin/pfctl -x loud") + ToolsHelper.pf_rules([ + "scrub fragment reassemble", + "pass", + ]) + + @pytest.mark.require_user("root") + def test_overlap(self): + "Ensure we discard packets with overlapping fragments" + + # Import in the correct vnet, so at to not confuse Scapy + import scapy.all as sp + + packet = sp.IPv6(src="2001:db8::1", dst="2001:db8::2") \ + / sp.ICMPv6EchoRequest(data=sp.raw(bytes.fromhex('f00f') * 90)) + frags = sp.fragment6(packet, 128) + assert len(frags) == 3 + + f = frags[0].getlayer(sp.IPv6ExtHdrFragment) + # Fragment with overlap + overlap = sp.IPv6(src="2001:db8::1", dst="2001:db8::2") \ + / sp.IPv6ExtHdrFragment(offset = 4, m = 1, id = f.id, nh = f.nh) \ + / sp.raw(bytes.fromhex('f00f') * 4) + frags = [ frags[0], frags[1], overlap, frags[2] ] + + # Delay the send so the sniffer is running when we transmit. + s = DelayedSend(frags) + + packets = sp.sniff(iface=self.vnet.iface_alias_map["if1"].name, + timeout=3) + for p in packets: + p.show() + assert not p.getlayer(sp.ICMPv6EchoReply) From nobody Tue Feb 18 17:43:14 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Yy6Lr0Kz4z5nwn3; Tue, 18 Feb 2025 17:43:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Yy6Lq2gWdz3WcS; Tue, 18 Feb 2025 17:43:15 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739900595; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=MvudcoPHqRNpoOczTkn2uSgjMEyDawzEKG4vt3n+q6E=; b=I2WNJ1sMTKfz4hZZQekuZE3Ifqtl/arseoBQUKJhbuUZT79VLnAfyZM9WATd5uIwSEy2xa TprthXBOprpadhWoJ1IDoxA7R05bn1mlYjqqM66s/kZdzaurTDAw4GV7RbYxlL7jTeJwLL Jt3ZRJMLSJYF9NBsMG01JkuBtUcXv+/qqEWjm1o1WZ4qZXzShelHGAEX4g2x/65CBB4QN3 j3ZdG8cradF1LFCF/yv8pW8+vPJCZhYc61cSxtR3FNJM4EtuU69lPrXN60M7b7YWgiIpBC aKKgHwudDGme9Fp0EpTP3siZ6+vNwq8CH+oVxv04QHT42fJXOah+jFx3ZrXayA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739900595; a=rsa-sha256; cv=none; b=nmBWwd1vM1b5/UAnLSu3J3rDtWm9MrwUVo/N1hnziC8LgOxKfIE0s7UMtiKgliLH5gZpcX pyJYWeGV7ELqzMP++ddMNUpkOPWsbeusHimYwzEMUKWwwNtB4RspVHa51i2+xkZtRB6W2A 7eccwdGj4dAfyd76upzIdRwbhcRPD4YmykAn+uilhFvAzszGiUmeEffN+cC9f6vaysxyTk zTGjG/VMZ5xWCy266JQsRMvpCrc9rpsxGIc/eVH5kXCDMaP1ezwnHgfkmmWauSuvz+VbEF ZgaSB/lBFIlL+QQfeODqqMcygu2vp0mVpSI7rzxSq/elGF97VJOYElVSeGyaTw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739900595; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=MvudcoPHqRNpoOczTkn2uSgjMEyDawzEKG4vt3n+q6E=; b=ZZUF0D0bLTnteSkA26p84FHDCGbCJU3Pi2h86CuAet0i0rqoC2x6HMACWoVNLknUxNCKOR 1zXebs03DmgXYdC2y+Pr+wMkDBjMtjOrDEAAZLV7iIOM+/NtlOA7ER8/VC/5qL/oM1Vh5Z 3hWxu5jDlF8sVztFWdm2rGoWboUbjZ++fRLLe1Nfh54GmsPrsVc7N1Ghs+30ZH/lelLn5c X4o19DiFzQsObz7XAvXxSshkglRcA8MGL7nCb8QMBLgfFrHW2ORJuSbSPzev6Wje1+Gz7j WcMZFiMFrSRjkNDR83HmyBzpKuBY00OOtCVj/RREoahXdRcho5hI+3nIHLLrYg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Yy6Lp5WtVzTt8; Tue, 18 Feb 2025 17:43:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51IHhESL021299; Tue, 18 Feb 2025 17:43:14 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51IHhENC021289; Tue, 18 Feb 2025 17:43:14 GMT (envelope-from git) Date: Tue, 18 Feb 2025 17:43:14 GMT Message-Id: <202502181743.51IHhENC021289@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: d02fb54b5a90 - stable/14 - pf: do not keep state when dropping overlapping IPv6 fragments List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: d02fb54b5a901c47ee8faf8a63334af2e0971c90 Auto-Submitted: auto-generated The branch stable/14 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=d02fb54b5a901c47ee8faf8a63334af2e0971c90 commit d02fb54b5a901c47ee8faf8a63334af2e0971c90 Author: Kristof Provost AuthorDate: 2025-01-09 13:11:11 +0000 Commit: Kristof Provost CommitDate: 2025-02-18 17:40:26 +0000 pf: do not keep state when dropping overlapping IPv6 fragments ok sperreault@ Obtained from: OpenBSD, bluhm , cd45765685 Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 3b79f6d2d39405bcac395dc036ceb6f8fd09ce99) --- sys/netpfil/pf/pf_norm.c | 30 ++++++++---------------------- 1 file changed, 8 insertions(+), 22 deletions(-) diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c index 69548e6a997f..e6e1549d3689 100644 --- a/sys/netpfil/pf/pf_norm.c +++ b/sys/netpfil/pf/pf_norm.c @@ -606,15 +606,7 @@ pf_fillup_fragment(struct pf_fragment_cmp *key, struct pf_frent *frent, return (frag); } - if (TAILQ_EMPTY(&frag->fr_queue)) { - /* - * Overlapping IPv6 fragments have been detected. Do not - * reassemble packet but also drop future fragments. - * This will be done for this ident/src/dst combination - * until fragment queue timeout. - */ - goto drop_fragment; - } + KASSERT(!TAILQ_EMPTY(&frag->fr_queue), ("!TAILQ_EMPTY()->fr_queue")); /* Remember maximum fragment len for refragmentation. */ if (frent->fe_len > frag->fr_maxlen) @@ -651,7 +643,7 @@ pf_fillup_fragment(struct pf_fragment_cmp *key, struct pf_frent *frent, uint16_t precut; if (frag->fr_af == AF_INET6) - goto flush_fragentries; + goto free_fragment; precut = prev->fe_off + prev->fe_len - frent->fe_off; if (precut >= frent->fe_len) { @@ -715,21 +707,15 @@ pf_fillup_fragment(struct pf_fragment_cmp *key, struct pf_frent *frent, return (frag); -flush_fragentries: +free_fragment: /* - * RFC5722: When reassembling an IPv6 datagram, if one or - * more its constituent fragments is determined to be an - * overlapping fragment, the entire datagram (and any constituent - * fragments, including those not yet received) MUST be - * silently discarded. + * RFC 5722, Errata 3089: When reassembling an IPv6 datagram, if one + * or more its constituent fragments is determined to be an overlapping + * fragment, the entire datagram (and any constituent fragments) MUST + * be silently discarded. */ DPFPRINTF(("flush overlapping fragments\n")); - while ((prev = TAILQ_FIRST(&frag->fr_queue)) != NULL) { - TAILQ_REMOVE(&frag->fr_queue, prev, fr_next); - - m_freem(prev->fe_m); - uma_zfree(V_pf_frent_z, prev); - } + pf_free_fragment(frag); bad_fragment: REASON_SET(reason, PFRES_FRAG); From nobody Tue Feb 18 17:43:15 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Yy6Ls0fCTz5nwf5; Tue, 18 Feb 2025 17:43:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Yy6Lr0jZgz3Wfd; Tue, 18 Feb 2025 17:43:16 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739900596; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=bt0YVcMiEt9QBJaWLlVT6OrkHxfOxd9LM8hKoc8FHPs=; b=TwVw1YHI+urdf6L7QQZOy+a5B0ltgC7aXjIRyQIhjTfUch+M9L5A5Jrg75tAKNZxDS5q76 jJTbhJNEVG77LHaHOPSn7Ytpi0N2gKl9cXyFADlGmWrktiMXCKnSWr51v123TCtBqNm50q m2B0yt5hdK1VIqyxJEyt+QH0HXCMd3OexOxMOMImBBy4yVNzhhACVZA1hVksA1l6FLxYiZ A+408fmaMYxChGZwJ+gTnhkr4qJ00kaGVeiADI4LgIY6Gi5K7qLHq41dm4pq8EwSSxMJa1 ESxBTkQ4xAH968zo500lwuNQq5dyaYVC9I6RJtGj5D53s3JZGIDTG0iUfMw2Bw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739900596; a=rsa-sha256; cv=none; b=BljjSiCgYL0lHc80BUNbqPB0R9LOvUpL3ZuHP/MvJINy/m40wS/PrwLxcDuWs5UcALlYVc PZh55LWAzq6a3f4Lf2WpjeXLZa5DZGHL9ae+cjxQz+nSCQWCMWwT8h3SLXjQqldlcKXRVI lP/z7jPyMB5aOY3ZdASJN6VBhnCGTlk6Ec+rhw9THDl69I6kzAM1txpbmNuwrmGfeyLBLn Io+P6+dSpv2bsMs/F7KlYkJs7/92dIYKdV13AsLBArdxPYlQq3i0lSHgikVcwQIPqF5vAJ Cwj75JLy+S8RexFt1202AqSQuNb8ThWhPY+Lo2hjJHohkEDnt5M0zLk+SuaD6g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739900596; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=bt0YVcMiEt9QBJaWLlVT6OrkHxfOxd9LM8hKoc8FHPs=; b=ALI0qkKiprcxvO1BYn8ESlvp7Hvep2Iz+2X+516dkcJpCUzvPH14Dz6T5bcG7vV5C1MNh3 cyCMjVMQLSSv5LdX/iP0eN2j+aPZ6qd79EZnb14CyHNtuZin0SmVwEfVpxIsf2bPkkgEG0 Z9pH0Wb3YJs+OOhwLFLXZDCesZktKosHblnBDbgtBN8S5erktuWWNzcfR6VKfIcMtxiQOo WUo3uiKlpdKWi5Q+fQlMnoHRwWvvAVBZha3PZyQYTLB3fk8nZosZLPAjzSXxz+us5v9pAf hKtiMwKRg1IQJeEzSN7cL41h6eDybBsfkx+DyjQlNjQcNk023gQMUHSaeLPAmA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Yy6Lq6kSfzDXc; Tue, 18 Feb 2025 17:43:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51IHhFnJ021372; Tue, 18 Feb 2025 17:43:15 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51IHhF2M021363; Tue, 18 Feb 2025 17:43:15 GMT (envelope-from git) Date: Tue, 18 Feb 2025 17:43:15 GMT Message-Id: <202502181743.51IHhF2M021363@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: 2e0f053ad52b - stable/14 - pf: fix fragment hole count List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 2e0f053ad52b38bd8bca72f817d7347df87dbe98 Auto-Submitted: auto-generated The branch stable/14 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=2e0f053ad52b38bd8bca72f817d7347df87dbe98 commit 2e0f053ad52b38bd8bca72f817d7347df87dbe98 Author: Kristof Provost AuthorDate: 2025-02-04 16:19:55 +0000 Commit: Kristof Provost CommitDate: 2025-02-18 17:40:26 +0000 pf: fix fragment hole count Fragment reassembly finishes when no holes are left in the fragment queue. In certain overlap conditions, the hole counter was wrong and pf(4) created an incomplete IP packet. Before adjusting the length, remove the overlapping fragment from the queue and insert it again afterwards. pf_frent_remove() and pf_frent_insert() adjust the hole counter automatically. bug reported and fix tested by Lucas Aubard with Johan Mazel, Gilles Guette and Pierre Chifflier; OK claudio@ MFC after: 1 week Obtained from: OpenBSD, bluhm , 9915416fe8 Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 8b2feafb535d10a559b995c6fc2529715f927e2a) --- sys/netpfil/pf/pf_norm.c | 33 ++++++++++----------------------- 1 file changed, 10 insertions(+), 23 deletions(-) diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c index e6e1549d3689..414dc258cfa5 100644 --- a/sys/netpfil/pf/pf_norm.c +++ b/sys/netpfil/pf/pf_norm.c @@ -547,7 +547,6 @@ pf_fillup_fragment(struct pf_fragment_cmp *key, struct pf_frent *frent, struct pf_frent *after, *next, *prev; struct pf_fragment *frag; uint16_t total; - int old_index, new_index; PF_FRAG_ASSERT(); @@ -661,32 +660,20 @@ pf_fillup_fragment(struct pf_fragment_cmp *key, struct pf_frent *frent, uint16_t aftercut; aftercut = frent->fe_off + frent->fe_len - after->fe_off; - DPFPRINTF(("adjust overlap %d\n", aftercut)); if (aftercut < after->fe_len) { + DPFPRINTF(("frag tail overlap %d", aftercut)); m_adj(after->fe_m, aftercut); - old_index = pf_frent_index(after); + /* Fragment may switch queue as fe_off changes */ + pf_frent_remove(frag, after); after->fe_off += aftercut; after->fe_len -= aftercut; - new_index = pf_frent_index(after); - if (old_index != new_index) { - DPFPRINTF(("frag index %d, new %d\n", - old_index, new_index)); - /* Fragment switched queue as fe_off changed */ - after->fe_off -= aftercut; - after->fe_len += aftercut; - /* Remove restored fragment from old queue */ - pf_frent_remove(frag, after); - after->fe_off += aftercut; - after->fe_len -= aftercut; - /* Insert into correct queue */ - if (pf_frent_insert(frag, after, prev)) { - DPFPRINTF( - ("fragment requeue limit exceeded\n")); - m_freem(after->fe_m); - uma_zfree(V_pf_frent_z, after); - /* There is not way to recover */ - goto bad_fragment; - } + /* Insert into correct queue */ + if (pf_frent_insert(frag, after, prev)) { + DPFPRINTF(("fragment requeue limit exceeded")); + m_freem(after->fe_m); + uma_zfree(V_pf_frent_z, after); + /* There is not way to recover */ + goto free_fragment; } break; } From nobody Tue Feb 18 17:43:14 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Yy6Lr0MWqz5nwQJ; Tue, 18 Feb 2025 17:43:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Yy6Lq2wRPz3WfY; Tue, 18 Feb 2025 17:43:15 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739900595; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=PZcrdqxGVu5SckVoJ/R+eficLU8TY2Ikrvw3vO7MGng=; b=xMzdRKN648/wkL4BPkQ5dX+qCq33YiSgrJzM28Un0PIWVgS/jhqlYKKMxQYFYrHnivm6Mf ADG0+KiFkr5AzZqos6ZxUTUtOOjdWlTcA2pkatGd/kmwvnnEaL5hW2SvItnoY59xqV7TMI 9gm3t8Cut7VzsRItrrNDIci5kXDrzNShas6m1f5hiYK9VHDjPH0x1JdOQk7VxQvkCNJUNI Y2I2Qic9p8SFN09ad6x/MyoZ9bURuv62LyNR/VRhjYjG9eIlIJznIvuXWM+Hl/130gr1vt sZvg4EVnHqnH8e4Jw+wFBN3DHgcpT6qf9cuLs4QxSBkWjSEsufx9VUB0jtIZSQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739900595; a=rsa-sha256; cv=none; b=wT4SvGs5b4gXMSWaZSVZRIrqB09U6OP+NytL4LL2UAwN/Qtuk0eFKAElkS1tB/+8aDLrU9 b6mMucCoxkPySwEtDirJCM12eT0QfJsX7RXQJaONu2m8CBC2xNA7Cq6NdVTy9S1VPcDHS8 qUPfIQvD+mryl86qbeQXSFJU0UyghGieuro9GCL/Tz/UD3n/QyIxdbM/bxBTKMdcZ+Xchg q/qmQqiA2a3g6O8YXzV3mrtGmLi2QGWpATFbfAD8OQ6q56WnPXStSUQR0cbjUjRww+blz5 n5Dk47RG3qUGtIvo6npRbbPzS7ToS00HPS09zXxocr467Ljl/zdIPu1EviQ6CQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739900595; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=PZcrdqxGVu5SckVoJ/R+eficLU8TY2Ikrvw3vO7MGng=; b=bb+SsqPXfOzAel6wwsMtzx+OJHF6Jb68N9ZLEV5EkavFx4jHTTaf+GhBaXC0ax77GrvwpD YD7ZVH4+yK0lhYH++dfXTzxJvBADC3aq8jBbxT7JP71kC53OyqVy2AI+w8UnoYVA/vioka spDxCLiFwxGkQnKecXKZ39eBcNxOC7YSBIRLQL8F+vZymqQB9dXW+VtURyQRZ/fvnP5s6w B/zFPsnSHu19TlcBcbaEU5J55S7wgx50+laDaAyV9pbIMluIQ+7jrrItMNteBGrNxDPqso 7vtm+N8Yr/rJ7k/ZTczCn/hXz2pTkThJDvrL01H7wCagLf5jH7yK7tvlUyVJNQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Yy6Lp5XwVzTt9; Tue, 18 Feb 2025 17:43:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51IHhEiZ021305; Tue, 18 Feb 2025 17:43:14 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51IHhEcq021302; Tue, 18 Feb 2025 17:43:14 GMT (envelope-from git) Date: Tue, 18 Feb 2025 17:43:14 GMT Message-Id: <202502181743.51IHhEcq021302@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: a5b6cff9a6ce - stable/13 - pf: do not keep state when dropping overlapping IPv6 fragments List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: a5b6cff9a6ce7f57c4489a715dd30254823a770b Auto-Submitted: auto-generated The branch stable/13 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=a5b6cff9a6ce7f57c4489a715dd30254823a770b commit a5b6cff9a6ce7f57c4489a715dd30254823a770b Author: Kristof Provost AuthorDate: 2025-01-09 13:11:11 +0000 Commit: Kristof Provost CommitDate: 2025-02-18 16:49:42 +0000 pf: do not keep state when dropping overlapping IPv6 fragments ok sperreault@ Obtained from: OpenBSD, bluhm , cd45765685 Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 3b79f6d2d39405bcac395dc036ceb6f8fd09ce99) --- sys/netpfil/pf/pf_norm.c | 30 ++++++++---------------------- 1 file changed, 8 insertions(+), 22 deletions(-) diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c index 936aa3c3c0e4..40296aff27bb 100644 --- a/sys/netpfil/pf/pf_norm.c +++ b/sys/netpfil/pf/pf_norm.c @@ -608,15 +608,7 @@ pf_fillup_fragment(struct pf_fragment_cmp *key, struct pf_frent *frent, return (frag); } - if (TAILQ_EMPTY(&frag->fr_queue)) { - /* - * Overlapping IPv6 fragments have been detected. Do not - * reassemble packet but also drop future fragments. - * This will be done for this ident/src/dst combination - * until fragment queue timeout. - */ - goto drop_fragment; - } + KASSERT(!TAILQ_EMPTY(&frag->fr_queue), ("!TAILQ_EMPTY()->fr_queue")); /* Remember maximum fragment len for refragmentation. */ if (frent->fe_len > frag->fr_maxlen) @@ -653,7 +645,7 @@ pf_fillup_fragment(struct pf_fragment_cmp *key, struct pf_frent *frent, uint16_t precut; if (frag->fr_af == AF_INET6) - goto flush_fragentries; + goto free_fragment; precut = prev->fe_off + prev->fe_len - frent->fe_off; if (precut >= frent->fe_len) { @@ -717,21 +709,15 @@ pf_fillup_fragment(struct pf_fragment_cmp *key, struct pf_frent *frent, return (frag); -flush_fragentries: +free_fragment: /* - * RFC5722: When reassembling an IPv6 datagram, if one or - * more its constituent fragments is determined to be an - * overlapping fragment, the entire datagram (and any constituent - * fragments, including those not yet received) MUST be - * silently discarded. + * RFC 5722, Errata 3089: When reassembling an IPv6 datagram, if one + * or more its constituent fragments is determined to be an overlapping + * fragment, the entire datagram (and any constituent fragments) MUST + * be silently discarded. */ DPFPRINTF(("flush overlapping fragments\n")); - while ((prev = TAILQ_FIRST(&frag->fr_queue)) != NULL) { - TAILQ_REMOVE(&frag->fr_queue, prev, fr_next); - - m_freem(prev->fe_m); - uma_zfree(V_pf_frent_z, prev); - } + pf_free_fragment(frag); bad_fragment: REASON_SET(reason, PFRES_FRAG); From nobody Tue Feb 18 17:43:15 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Yy6Ls0pfnz5nwQK; Tue, 18 Feb 2025 17:43:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Yy6Lr0rTWz3Wff; Tue, 18 Feb 2025 17:43:16 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739900596; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=WSwAEuVhqKZ3m1IBiJhmEXWQb2n3kwysAyhWR1KR3zA=; b=Vuqx3jmljUqAq1S6Qk7lUiVrioM+EKuARrOCF12GHN1FYVTWZ55ix/JySvoxhhv7IYJvEu whhOCA5Gi4ozA5XJdHnSDvu/Sy7XcmVHXDAzT1cHKoucUGxjxKJg1V6B6zmZtkMRA6fVb2 CjbgIAAix58s93VhjGm4P4BE0agWjqf/GRRR42CIl754pJ9w67tMaeqs8LLh0eVMbSxEP0 QPs8+yawHNIJex2lcU9KfAgwArRRMUFuzbrO33lyEK6aqBXof2bS0wAgkxOwu/TYFEVjYO 3S6EqOu4svp+AuHxClG0PdKy+HlSFaoRABnND+VlLf8bH5KZJSXRdZIH5YHOqw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739900596; a=rsa-sha256; cv=none; b=IuiNVJjEp5ZyW+gWdCEzCivce2g6LoPzS3lVE4ssn7IigdCF8PTi38bE09yMajg1TqpxaY LKgqbeZ3JK2ex2aevqVbro0b8cnajD9WPviX8R4qaH4gnwUFjM4gBGAzuURL9bOPGV6AXl NpZxjw8/glRX4vBPRQ6v3Z1v3WdHFEjZj9RWMlOYxwY8cho6K/a9cwvrn9c38jL/KvShnT CIzPRU09paDUpAHwLjn+W7ESbPbiyyWglV+P4bRafRr1fGNwVzGVIekzFJbd6foteg/32o fuQbcKZZROx0GhyB4lUo8TGTE2/sAc2P4irL3dVBOuO5evrQ8OrWGgbOiS0crQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739900596; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=WSwAEuVhqKZ3m1IBiJhmEXWQb2n3kwysAyhWR1KR3zA=; b=rC29zDYS5k+ezvekp1S/2pMlQBhaMGvzIe5PBz+zvCjj4hn8uANL9A2oARNMKKIvCPqrcX Iumnq95N0r1AjLY1YQOLe0CgRNe6FYYOlZqrzF125Ii1T0NFXZU/FJfNQux7js/smn1sUV dzEqPoimfCdt+cJvfkdcgwlMC3iG3kpUPLXSn/xUKKTmYQzxPBr/4DpWrQNeB/WwoTS0V+ h/daL+k9e0i8BYazPd68Zh+VXdkrsEN6Rtxhct4lUFFh1vzf679oSS27o5TLcLCJy5CsFD ntqeLUhwuOUJ1r9itnNljHV0au6CkBXqjAc4litrvQK/1mPvDfLuT/WDuX8fVw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Yy6Lq6vh5zV70; Tue, 18 Feb 2025 17:43:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51IHhFEl021371; Tue, 18 Feb 2025 17:43:15 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51IHhF07021368; Tue, 18 Feb 2025 17:43:15 GMT (envelope-from git) Date: Tue, 18 Feb 2025 17:43:15 GMT Message-Id: <202502181743.51IHhF07021368@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: f84494807ec4 - stable/13 - pf: fix fragment hole count List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: f84494807ec4cc393e09bc6e37d574fd2a691f4a Auto-Submitted: auto-generated The branch stable/13 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=f84494807ec4cc393e09bc6e37d574fd2a691f4a commit f84494807ec4cc393e09bc6e37d574fd2a691f4a Author: Kristof Provost AuthorDate: 2025-02-04 16:19:55 +0000 Commit: Kristof Provost CommitDate: 2025-02-18 16:49:42 +0000 pf: fix fragment hole count Fragment reassembly finishes when no holes are left in the fragment queue. In certain overlap conditions, the hole counter was wrong and pf(4) created an incomplete IP packet. Before adjusting the length, remove the overlapping fragment from the queue and insert it again afterwards. pf_frent_remove() and pf_frent_insert() adjust the hole counter automatically. bug reported and fix tested by Lucas Aubard with Johan Mazel, Gilles Guette and Pierre Chifflier; OK claudio@ MFC after: 1 week Obtained from: OpenBSD, bluhm , 9915416fe8 Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 8b2feafb535d10a559b995c6fc2529715f927e2a) --- sys/netpfil/pf/pf_norm.c | 33 ++++++++++----------------------- 1 file changed, 10 insertions(+), 23 deletions(-) diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c index 40296aff27bb..38d92c372da5 100644 --- a/sys/netpfil/pf/pf_norm.c +++ b/sys/netpfil/pf/pf_norm.c @@ -549,7 +549,6 @@ pf_fillup_fragment(struct pf_fragment_cmp *key, struct pf_frent *frent, struct pf_frent *after, *next, *prev; struct pf_fragment *frag; uint16_t total; - int old_index, new_index; PF_FRAG_ASSERT(); @@ -663,32 +662,20 @@ pf_fillup_fragment(struct pf_fragment_cmp *key, struct pf_frent *frent, uint16_t aftercut; aftercut = frent->fe_off + frent->fe_len - after->fe_off; - DPFPRINTF(("adjust overlap %d\n", aftercut)); if (aftercut < after->fe_len) { + DPFPRINTF(("frag tail overlap %d", aftercut)); m_adj(after->fe_m, aftercut); - old_index = pf_frent_index(after); + /* Fragment may switch queue as fe_off changes */ + pf_frent_remove(frag, after); after->fe_off += aftercut; after->fe_len -= aftercut; - new_index = pf_frent_index(after); - if (old_index != new_index) { - DPFPRINTF(("frag index %d, new %d\n", - old_index, new_index)); - /* Fragment switched queue as fe_off changed */ - after->fe_off -= aftercut; - after->fe_len += aftercut; - /* Remove restored fragment from old queue */ - pf_frent_remove(frag, after); - after->fe_off += aftercut; - after->fe_len -= aftercut; - /* Insert into correct queue */ - if (pf_frent_insert(frag, after, prev)) { - DPFPRINTF( - ("fragment requeue limit exceeded\n")); - m_freem(after->fe_m); - uma_zfree(V_pf_frent_z, after); - /* There is not way to recover */ - goto bad_fragment; - } + /* Insert into correct queue */ + if (pf_frent_insert(frag, after, prev)) { + DPFPRINTF(("fragment requeue limit exceeded")); + m_freem(after->fe_m); + uma_zfree(V_pf_frent_z, after); + /* There is not way to recover */ + goto free_fragment; } break; } From nobody Tue Feb 18 17:43:16 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Yy6Lt1fSdz5nwfB; Tue, 18 Feb 2025 17:43:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Yy6Ls0Yqvz3WNT; Tue, 18 Feb 2025 17:43:17 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739900597; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Ww286Yo2Ryn5Qk7gkfyVQiBG1UgeK5tLiMBOjR+tM8I=; b=TM1xjO8ag0wDJuBp3MoGUi+YSZ2qDeg7eJBDPHo+KintfB9FtItkcVlTcA7fa/hgr9/WcG HIfcYFlJXqEds3wZNs2g9J+zphAcXnIWyzUDIHNa1f67JIdDsJQkclnvmE9dnJlb3orzcQ n4SGpZbrswkFg0Ekpbjqragd4A0JEFFCENkuBEH7adN4idsL2Vqmasufu3uEDHIO75jzB6 OqZerDUKV+FQslXkptHxC5hG7nj3YpxKqCPuBsgh6JO15M585rc0Aloj6lNdnWeWeX2p/g fq4iL+8tZH9khGayR227ig4HRxka7H3jeC7MjdisMmT3aPdnQg2umjnZNt9+uA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739900597; a=rsa-sha256; cv=none; b=ftkn74pG0SIfSvNwpsIZdJFqHBxlqWZhSLPsp4LJa33e8XsgKYtBIZQLn0KjWCyQcIXshQ aCb8i+3Rcr5Q05uCo8vt9Oe7PF+STcsjJAs89056Bq5VZsdDAr+rjBa7sDzzM4VCDP+/id F3fAIfiNdC0bvmzdW0BDR6Tv6JSN2FdPEvQRZYDO/avLyT/zXI+AEuTYZMYaG2V9C0wdPZ 5Ci9j484CY+G2oMqPvltlgHYgC7cq1KbHkCqhzzu1E/cK/h4aEIhxoJJfunrOEKJ5RnI1q 7RWJnO5pUwS+9Yi3XEM7lE6dyuVLpbU2M3wpYlJgugqRLnx7kfGHuY8JuHKOIg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739900597; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Ww286Yo2Ryn5Qk7gkfyVQiBG1UgeK5tLiMBOjR+tM8I=; b=bVMBNQzskqncPGpO3kjup3WYUOvPF875KM3ptxllteRXT5kQUGnhD4p6jMYEQ2842xSYon tpIVuUe4lPk3sri8T+y/EmT1A6ILSpXl6oORruFLkQebTTjMnSULxRdiDK1sYd185rra12 Q147V8N+bdiowr069dgcXYyA/cjhMPC4r+sVEiGH7QPnSbBI9sNCDnpLnkKsq93VgDKOIn TUhHx0XDHtJXcWmOZoweOSG/WkMyh4/uZRQNplXEz7n1lBzRyRbFWCc1a4gzyRCkE0dokq I62W9AGNHr6Gy5VjF4UTsLS1GySQrnUTVnHMTdWTRm6YP3lAa0JOGRoz5WdXkA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Yy6Lr72w6zDWL; Tue, 18 Feb 2025 17:43:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51IHhGk7021424; Tue, 18 Feb 2025 17:43:16 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51IHhGNS021418; Tue, 18 Feb 2025 17:43:16 GMT (envelope-from git) Date: Tue, 18 Feb 2025 17:43:16 GMT Message-Id: <202502181743.51IHhGNS021418@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: 5ff91b71bb67 - stable/14 - pf tests: add more fragmentation test cases List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 5ff91b71bb67f4408a2541a13cd270b7370c6766 Auto-Submitted: auto-generated The branch stable/14 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=5ff91b71bb67f4408a2541a13cd270b7370c6766 commit 5ff91b71bb67f4408a2541a13cd270b7370c6766 Author: Kristof Provost AuthorDate: 2025-02-04 13:06:33 +0000 Commit: Kristof Provost CommitDate: 2025-02-18 17:40:26 +0000 pf tests: add more fragmentation test cases Add more test cases for pf fragment hole counter. Also look into final fragment of echo reply and check total length of IP packet. MFC after: 1 week Obtained from: OpenBSD, bluhm , 640736615b Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit db100bd93036855c7688dc088b811dc7b660f51d) --- tests/sys/netpfil/pf/Makefile | 4 ++ tests/sys/netpfil/pf/frag-adjhole.py | 58 +++++++++++++++++++++ tests/sys/netpfil/pf/frag-overhole.py | 83 ++++++++++++++++++++++++++++++ tests/sys/netpfil/pf/fragmentation_pass.sh | 38 ++++++++++++++ 4 files changed, 183 insertions(+) diff --git a/tests/sys/netpfil/pf/Makefile b/tests/sys/netpfil/pf/Makefile index dc77fd67b2c6..f2ccd5aa6ec2 100644 --- a/tests/sys/netpfil/pf/Makefile +++ b/tests/sys/netpfil/pf/Makefile @@ -62,6 +62,8 @@ ${PACKAGE}FILES+= CVE-2019-5597.py \ frag-overindex.py \ frag-overlimit.py \ frag-overreplace.py \ + frag-overhole.py \ + frag-adjhole.py \ pfsync_defer.py \ pft_ether.py \ rdr-srcport.py \ @@ -73,6 +75,8 @@ ${PACKAGE}FILESMODE_fragcommon.py= 0555 ${PACKAGE}FILESMODE_frag-overindex.py= 0555 ${PACKAGE}FILESMODE_frag-overlimit.py= 0555 ${PACKAGE}FILESMODE_frag-overreplace.py= 0555 +${PACKAGE}FILESMODE_frag-overhole.py= 0555 +${PACKAGE}FILESMODE_frag-adjhole.py= 0555 ${PACKAGE}FILESMODE_pfsync_defer.py= 0555 ${PACKAGE}FILESMODE_pft_ether.py= 0555 diff --git a/tests/sys/netpfil/pf/frag-adjhole.py b/tests/sys/netpfil/pf/frag-adjhole.py new file mode 100644 index 000000000000..99caf66617dd --- /dev/null +++ b/tests/sys/netpfil/pf/frag-adjhole.py @@ -0,0 +1,58 @@ +#!/usr/bin/env python3 +# +# Copyright (c) 2025 Alexander Bluhm + +from fragcommon import * + +# |--------| +# |--------| +# |-------| +# |----| + +def send(src, dst, send_if, recv_if): + pid = os.getpid() + eid = pid & 0xffff + payload = b"ABCDEFGHIJKLMNOP" * 2 + packet = sp.IP(src=src, dst=dst)/ \ + sp.ICMP(type='echo-request', id=eid) / payload + frag = [] + fid = pid & 0xffff + frag.append(sp.IP(src=src, dst=dst, proto=1, id=fid, + flags='MF') / bytes(packet)[20:36]) + frag.append(sp.IP(src=src, dst=dst, proto=1, id=fid, + frag=2, flags='MF') / bytes(packet)[36:52]) + frag.append(sp.IP(src=src, dst=dst, proto=1, id=fid, + frag=1, flags='MF') / bytes(packet)[28:44]) + frag.append(sp.IP(src=src, dst=dst, proto=1, id=fid, + frag=4) / bytes(packet)[52:60]) + eth=[] + for f in frag: + eth.append(sp.Ether()/f) + if os.fork() == 0: + time.sleep(1) + sp.sendp(eth, iface=send_if) + os._exit(0) + + ans = sp.sniff(iface=recv_if, timeout=3, filter= + "ip and src " + dst + " and dst " + src + " and icmp") + for a in ans: + if a and a.type == sp.ETH_P_IP and \ + a.payload.proto == 1 and \ + a.payload.frag == 0 and a.payload.flags == 0 and \ + sp.icmptypes[a.payload.payload.type] == 'echo-reply': + id = a.payload.payload.id + print("id=%#x" % (id)) + if id != eid: + print("WRONG ECHO REPLY ID") + exit(2) + data = a.payload.payload.payload.load + print("payload=%s" % (data)) + if data == payload: + exit(0) + print("PAYLOAD!=%s" % (payload)) + exit(1) + print("NO ECHO REPLY") + exit(2) + +if __name__ == '__main__': + main(send) diff --git a/tests/sys/netpfil/pf/frag-overhole.py b/tests/sys/netpfil/pf/frag-overhole.py new file mode 100644 index 000000000000..91697b6b83c6 --- /dev/null +++ b/tests/sys/netpfil/pf/frag-overhole.py @@ -0,0 +1,83 @@ +#!/usr/bin/env python3 +# +# Copyright (c) 2025 Alexander Bluhm + +from fragcommon import * + +# index boundary 4096 | +# |--------------| +# .... +# |--------------| +# |----------| +# |XXXX----------| +# |XXXX----| +# |---| + +# this should trigger "frag tail overlap %d" and "frag head overlap %d" +def send(src, dst, send_if, recv_if): + pid = os.getpid() + eid = pid & 0xffff + payload = b"ABCDEFGHIJKLMNOP" + dummy = b"01234567" + fragsize = 1024 + boundary = 4096 + fragnum = int(boundary / fragsize) + packet = sp.IP(src=src, dst=dst)/ \ + sp.ICMP(type='echo-request', id=eid)/ \ + ((int((boundary + fragsize) / len(payload)) + 1) * payload) + packet_length = len(packet) + frag = [] + fid = pid & 0xffff + for i in range(fragnum-1): + frag.append(sp.IP(src=src, dst=dst, proto=1, id=fid, + frag=(i * fragsize)>>3, flags='MF')/ + bytes(packet)[20 + i * fragsize:20 + (i + 1) * fragsize]) + frag.append(sp.IP(src=src, dst=dst, proto=1, id=fid, + frag=(boundary - fragsize) >> 3, flags='MF')/ + bytes(packet)[20 + boundary - fragsize:20 + boundary - len(dummy)]) + frag.append(sp.IP(src=src, dst=dst, proto=1, id=fid, + frag=(boundary - len(dummy)) >> 3, flags='MF')/ + (dummy+bytes(packet)[20 + boundary:20 + boundary + fragsize])) + frag.append(sp.IP(src=src, dst=dst, proto=1, id=fid, + frag=(boundary - 8 - len(dummy)) >> 3, flags='MF')/ + (dummy+bytes(packet)[20 + boundary - 8:20 + boundary])) + frag.append(sp.IP(src=src, dst=dst, proto=1, id=fid, + frag=(boundary + fragsize) >> 3)/bytes(packet)[20 + boundary + fragsize:]) + eth=[] + for f in frag: + eth.append(sp.Ether() / f) + + if os.fork() == 0: + time.sleep(1) + for e in eth: + sp.sendp(e, iface=send_if) + time.sleep(0.001) + os._exit(0) + + ans = sp.sniff(iface=recv_if, timeout=3, filter= + "ip and src " + dst + " and dst " + src + " and icmp") + for a in ans: + if a and a.type == sp.ETH_P_IP and \ + a.payload.proto == 1 and \ + a.payload.frag == 0 and \ + sp.icmptypes[a.payload.payload.type] == 'echo-reply': + id = a.payload.payload.id + print("id=%#x" % (id)) + if id != eid: + print("WRONG ECHO REPLY ID") + exit(2) + if a and a.type == sp.ETH_P_IP and \ + a.payload.proto == 1 and \ + a.payload.frag > 0 and \ + a.payload.flags == '': + length = (a.payload.frag << 3) + a.payload.len + print("len=%d" % (length)) + if length != packet_length: + print("WRONG ECHO REPLY LENGTH") + exit(1) + exit(0) + print("NO ECHO REPLY") + exit(1) + +if __name__ == '__main__': + main(send) diff --git a/tests/sys/netpfil/pf/fragmentation_pass.sh b/tests/sys/netpfil/pf/fragmentation_pass.sh index 5e92bb2d9a97..66fe336dff34 100644 --- a/tests/sys/netpfil/pf/fragmentation_pass.sh +++ b/tests/sys/netpfil/pf/fragmentation_pass.sh @@ -285,6 +285,42 @@ overlimit_cleanup() pft_cleanup } +atf_test_case "overhole" "cleanup" +overhole_head() +{ + atf_set descr 'ping fragment at index boundary which modifies pf hole counter' + atf_set require.user root + atf_set require.progs scapy +} + +overhole_body() +{ + frag_common overhole +} + +overhole_cleanup() +{ + pft_cleanup +} + +atf_test_case "adjhole" "cleanup" +adjhole_head() +{ + atf_set descr 'overlapping ping fragments which modifies pf hole counter' + atf_set require.user root + atf_set require.progs scapy +} + +adjhole_body() +{ + frag_common adjhole +} + +adjhole_cleanup() +{ + pft_cleanup +} + atf_test_case "reassemble" "cleanup" reassemble_head() { @@ -476,6 +512,8 @@ atf_init_test_cases() atf_add_test_case "overreplace" atf_add_test_case "overindex" atf_add_test_case "overlimit" + atf_add_test_case "overhole" + atf_add_test_case "adjhole" atf_add_test_case "reassemble" atf_add_test_case "no_df" atf_add_test_case "reassemble_slowpath" From nobody Tue Feb 18 17:43:18 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Yy6Lt5pLRz5nwfC; Tue, 18 Feb 2025 17:43:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Yy6Lt40W5z3Wkv; Tue, 18 Feb 2025 17:43:18 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739900598; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/WPN1+MnTp3iqrioMWfrQ9NiFi0R1EbH/YU3p5Mlewg=; b=ErUwBHxPobbl2LYL/BYXQPX4BlcLni+OIkE2E8f65FBi1ZIKeEqhUUldvyDd2wGJFG9VCr wUtyfrbgoqmkqYymHomLIs+KfwpheDViZt+PGdcYQdXKRC1ILFYsfMYYpt1sWKKuDvphsb uzmKjoO6Cv0a6g+hHtHXM8Ta+XFagmaUQZ1yuEgqSmzn7Xg2CUQ6Mnj5Z7LbfNtnpGIVIt 6K7kBaYjnBBhP0lZnQNA/20jBhERJuLR+AiuZRAgwXV/IzpAPKXhkgcNwO/vusxa+tqQmQ lYDh3CWPbC16qPp+3g2OdqcbIFXdRK3GG0nWCNEterVZGnFefb1pKy5EbTmYbQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739900598; a=rsa-sha256; cv=none; b=pjgP710HP3Si13lW4pJbBTZaeSJ6Jb3LbgikJfvrtn3iilSgNjTzpDXOeQKsjHXnFzfmm4 MtfVKIwd+YwAEvMvW00DQJlBsxPPNc1YmBodUDi7MyrsbuRWaSfs5IUyUyMCE7OfDaVdVi nQ3MBb66YJ3RSFPVZuSwEcSBiKYbc4FDMTE0EdLVFthGpku9Bf4ww887y7MnlqOT+te5Bc KaM7LePnF0nMABSov4Kr/LS+tBr+B5PnjYfO4Oh7Rdsvk+aNMVZt4X1g+a+6IvC6+XVY9U 8JBw2W12BmmleO1dFtIOR/GfyzALqP/B3Iqo4DZKAdG+gmKflOUm4kW5etAQsw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739900598; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/WPN1+MnTp3iqrioMWfrQ9NiFi0R1EbH/YU3p5Mlewg=; b=RJ+z5TOBUD6rQrgvABAxfVLg4f7LEwZFCjBaOWU81bnpg8QNYveEfKmR4R8+pJROZtWeCh 3klobXIYitbe1eQL5Ms7w86nB5fhce9raeGYOTHUQ+X4enpgSffZM/PXQ1ExppUbDbuDLl n0q5dFqYWITUA55b96XdNz4nltIWurPigxUPI+fNqvcwAGwZRvM0l4JtQaLZUlYZtgL2ZN 8+mx1sobC9MGoWEePOpwkSMkMlyky1/NtTlaLw3BhB37pX1oWQghBeb/beKsnzDivNB3pN u0JVjbRR8mnUi/le8NJt26G9Bx3oQE+afGAc6t8r2ghvukr0dmFeLgEd8FVn7Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Yy6Lt0YWHzTZd; Tue, 18 Feb 2025 17:43:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51IHhIgW021481; Tue, 18 Feb 2025 17:43:18 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51IHhI0W021478; Tue, 18 Feb 2025 17:43:18 GMT (envelope-from git) Date: Tue, 18 Feb 2025 17:43:18 GMT Message-Id: <202502181743.51IHhI0W021478@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: 8a96306eb7d9 - stable/14 - =?utf-8?Q?pf.conf.5: fix =E2=89=A4?= List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 8a96306eb7d9708079430ba6aa2efd28144eb1c9 Auto-Submitted: auto-generated The branch stable/14 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=8a96306eb7d9708079430ba6aa2efd28144eb1c9 commit 8a96306eb7d9708079430ba6aa2efd28144eb1c9 Author: Kristof Provost AuthorDate: 2025-02-05 14:52:15 +0000 Commit: Kristof Provost CommitDate: 2025-02-18 17:40:26 +0000 pf.conf.5: fix ≤ pf.conf expects <=, not ≤ (and the same applies to ≥ and >=). Make sure the man page reflects this. MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 85c333a947e950d9267517afd1d9c30a655b7bfb) --- share/man/man5/pf.conf.5 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index 96deca5788c8..0b73ba6b5e02 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1816,9 +1816,9 @@ Ports and ranges of ports are specified by using these operators: = (equal) != (unequal) \*(Lt (less than) -\*(Le (less than or equal) +<= (less than or equal) \*(Gt (greater than) -\*(Ge (greater than or equal) +>= (greater than or equal) : (range including boundaries) \*(Gt\*(Lt (range excluding boundaries) \*(Lt\*(Gt (except range) @@ -1859,7 +1859,7 @@ pass in all pass in from any to any pass in proto tcp from any port \*(Le 1024 to any pass in proto tcp from any to any port 25 -pass in proto tcp from 10.0.0.0/8 port \*(Gt 1024 \e +pass in proto tcp from 10.0.0.0/8 port >= 1024 \e to ! 10.1.2.3 port != ssh pass in proto tcp from any os "OpenBSD" .Ed @@ -3330,7 +3330,7 @@ os = "os" ( os-name | "{" os-list "}" ) user = "user" ( unary-op | binary-op | "{" op-list "}" ) group = "group" ( unary-op | binary-op | "{" op-list "}" ) -unary-op = [ "=" | "!=" | "\*(Lt" | "\*(Le" | "\*(Gt" | "\*(Ge" ] +unary-op = [ "=" | "!=" | "\*(Lt" | "<=" | "\*(Gt" | ">=" ] ( name | number ) binary-op = number ( "\*(Lt\*(Gt" | "\*(Gt\*(Lt" | ":" ) number op-list = ( unary-op | binary-op ) [ [ "," ] op-list ] From nobody Tue Feb 18 18:39:39 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Yy7bv2hGBz5p19G; Tue, 18 Feb 2025 18:39:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Yy7bv1zlhz3GS9; Tue, 18 Feb 2025 18:39:39 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739903979; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=XBWp+EIhyZNcmEvVDD/NVC2rBlNHUKORzPlCqGoVtgs=; b=UVdovC0Fx/lasYmGN8iXZz35IjNAAW3YW4nrxKAsSp4nVAFOGa/gCI3q3rZzP6LeJyM5Jx qDPDt1J+uLeam0z4vKsrkE+9UILzdEjgREgeeSn/TC7esvowAqBLpFh04k1UoYKyIfzntV gvBHDLcPjcy84GC+NCLcLGEY8CIzUcbnCaJYWmPty3P/NF8WtFD9S0hloYtMBh7BVXkqDZ v7ZZpna03digXTm2T2miqLgxKKw57wdrdGRBMSmpWMx/YsOfvnHdVjZh3oAdFs5x8Ag4LR Fo2lEhfXrn7GkpqTMwQ2QKvPIyrAGOHLufFPO5yapMs+HepqHJeE6ElLs2RIfQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739903979; a=rsa-sha256; cv=none; b=NLb78pjSUXWyg1eS6roCUSFHSkMiDV2AVijQ7xrcVg6DnLf0yPw6jpsRfe5UtzvkpXvZIn SuyStKaYQjDsix7ipIQFyP8G+OPt/3cRTkZUTzBINxCF1R9sAftLGmmOR2wXvGxkuhT2Qz GBBqXKfQDbU2zkmap/Ajb9scHIehSDLO6cqbo+t+tcF8K2fYSWJ3MYO+RnyLSHNRMp0mN3 b7fKoWCh5L+PFGxTfZWxGi9tpboposuPcTtJ7B5+6xVAxEGBnNbR98lfVDV9e7KVgffKzZ YN+UfH37JHHdXQCfxdgKuGliEReRKNee6MUTJOBpYSTYOp7/Per0P6JKrVnITw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739903979; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=XBWp+EIhyZNcmEvVDD/NVC2rBlNHUKORzPlCqGoVtgs=; b=tYN73/WqQeV0ilnmY/21v4gszN8V1T8jQj9Q2OSMfR/C6n9/KxZlCj3VbYNBBpRLV2Q8R9 /bqIo9Oyz7C8dZue33QHth7iShigb3qQ9weCAqA0Av7gikrJDVMEa+QtiWpu7gcV3on2Zu ACvKX/NMT739DEqlCh3AUoz3NxYupTmmyO4CwWsYBROxgLMeTYc+FS2kuu4vdfR++fObFI +nfJJI2eimnXYxIiS7xbyuvqegfevI94ajOobsmSoUguPpnu7mJy5EWQjWj/ssO1lViuCh UjA8T9Nmyv+4u3AVnbUyxw6BXbAfVzOTtIaagFTFoVlfUWrgp0DrCe5CNiT1TQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Yy7bv1V6dzXV3; Tue, 18 Feb 2025 18:39:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51IIddFb017510; Tue, 18 Feb 2025 18:39:39 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51IIddiT017507; Tue, 18 Feb 2025 18:39:39 GMT (envelope-from git) Date: Tue, 18 Feb 2025 18:39:39 GMT Message-Id: <202502181839.51IIddiT017507@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: cbb7dbbde25d - stable/14 - iwmbtfw: Check firmware exists before trying to upload it List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: cbb7dbbde25daa89718a7d8b36be782776bcaabb Auto-Submitted: auto-generated The branch stable/14 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=cbb7dbbde25daa89718a7d8b36be782776bcaabb commit cbb7dbbde25daa89718a7d8b36be782776bcaabb Author: Gavin Atkinson AuthorDate: 2025-01-07 00:02:20 +0000 Commit: Ed Maste CommitDate: 2025-02-18 18:39:18 +0000 iwmbtfw: Check firmware exists before trying to upload it In the case of an Intel 7260 device, the device needs to be put into something called "manufacturer mode" before the firmware is uploaded. The firmware is then upladed, and the card is taken out of this mode, at which point it disconnects and reconnects to the USB bus, and is at that point usable. However, iwmbtfw(8) puts the device into manufacturer mode before verifying that there exists a copy of the firmware to upload. As a result, in the case where there is no firmware available on disk, the device is put into manufacturer mode, the firmware can't be found so isn't uploaded, and the card is brought out of manufacturer mode, so it disconnects and reconnects to the USB bus. Enter devd(8). There are rules in /etc/devd/iwmbtfw.conf to call iwmbtfw(8) when the device appears. When there's no firmware on disk, devd will call iwmbtfw, iwmbtfw will try to do its thing and fail, the device will dis/reconnect, and devd will notice the device reappear and start the whole loop again. Fix is to verify that the firmware exists before putting the device into its special mode. The fix only changes things for the 7260 and not the other chips supported, I don't believe the issue exists with other chips as those do not need to be switched into manufacturer mode before uploading. PR: 283896 Reviewed by: emaste (cherry picked from commit b8cdbe1852ef5df4ba3c7a021d9632bde2e61327) --- usr.sbin/bluetooth/iwmbtfw/main.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/usr.sbin/bluetooth/iwmbtfw/main.c b/usr.sbin/bluetooth/iwmbtfw/main.c index c2b67ce01906..9c899d374e92 100644 --- a/usr.sbin/bluetooth/iwmbtfw/main.c +++ b/usr.sbin/bluetooth/iwmbtfw/main.c @@ -518,6 +518,13 @@ main(int argc, char *argv[]) iwmbt_debug("firmware_path = %s", firmware_path); + /* Check firmware file exists before changing HW mode */ + r = access(firmware_path, R_OK); + if (r) { + perror("Failed to open firmware"); + goto shutdown; + } + /* Enter manufacturer mode */ r = iwmbt_enter_manufacturer(hdl); if (r < 0) { From nobody Tue Feb 18 18:41:26 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Yy7dz2pldz5p19R; Tue, 18 Feb 2025 18:41:27 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Yy7dy433Tz3HV1; Tue, 18 Feb 2025 18:41:26 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739904086; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=PlyW/WOs2yjbVET+tjvo4C8OFobrOZMrUndFgCvC41c=; b=rHXZ1dq89vZiBvr6LfpO/LCeQ6f/H8aY9qW6KxmHPmbziWSMLcgruB9IMuFzwTKZ5in8V7 TEAQp7CdmBwZ3NsrVX8xcFjy9SyJBu3GcK9afPWkzSJp9uM65hPmJGCLWGSJ0N2dOf4VA9 ju+5NeoOkomrgmnaYSg2z8eV5PWEJc5TfSdzy5UueRCOHnU+4Vso1BBg/ipWfUOnP+hzlM PbDquifRXE294e7M8Ul7nDfZzDGwKJgRgKFQH8DfGJ8NdBp5Ecde6onJQ2iziBDHX43kLi mBGtQXLRgLmrOM5HPr/aQ+bNEoZmZQqYCmm0du1gdULpc7mm26cTE2U5XX/nkg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739904086; a=rsa-sha256; cv=none; b=I4IhqfoYa2FF5ZtHequY7gzXw0QcdiwQEUCDZNQKH6ciQvPcZ/jVsiEOda9QUVAtE7agEi VN/kd0aUaUgQ9tJ4wZ33Pf4cJ6bnBPeru8bQGp6UZsPub/5hEykVDDtD9ZgA7AXVBudDzA Qre3DtoVucl3jFnlyFQEQbjHcyDoaUqpd80gWBSDhxkiM7HBfgezb3Ys604U+ZlUdNm6rl xieE2/Kk+D1GXL/lnyLphiOhHpGZ23myFL9tVrYR9LhLMMPs0L6StancF3BlThqxDh4iwb Zywd17hZIceLCkcoa4E1JhQzXslv8OIrT21hyAMPDHBEQNz92xZilIyMoRzCjQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739904086; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=PlyW/WOs2yjbVET+tjvo4C8OFobrOZMrUndFgCvC41c=; b=wtAeE1NnzqPIb4wB2rJLLAo6o9Ln+fxp2erH1iDLAEV2WS4QvVNB/Np6rH1IgxevuEF91f DPQM/Y7a+EqihlJswBJMpJnil5gEqzgTBEtmRx241bKWvGKw3uo51hAadD+LgLqG6b1yqX EYgn2cHcWEMgcKhWyt0wKtqlbFxLq3t85GYf/gskmKWZZ4TsQZAQfSt54YpmgwC67s9acv 1M+Yja5Bow7bgJ0f5ocDRmeoThVSwnrjb1hAy7tttldNuL8rN4JvEMBizUxNCruQIU/TMA 7Jno2C/SCR9a+JHVoXvrPvVCHfGR7enORkrnoJP5/GGWy5zPUbZDZruY6xZpEw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Yy7dy3P2fzXb0; Tue, 18 Feb 2025 18:41:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51IIfQ2G028927; Tue, 18 Feb 2025 18:41:26 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51IIfQ5a028924; Tue, 18 Feb 2025 18:41:26 GMT (envelope-from git) Date: Tue, 18 Feb 2025 18:41:26 GMT Message-Id: <202502181841.51IIfQ5a028924@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 0ea2924f8126 - stable/14 - libsecureboot: Report failure for unsupported hash algorithm List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 0ea2924f8126bb32ee704b071a87185140297ab3 Auto-Submitted: auto-generated The branch stable/14 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=0ea2924f8126bb32ee704b071a87185140297ab3 commit 0ea2924f8126bb32ee704b071a87185140297ab3 Author: Huwyler AuthorDate: 2025-01-17 14:55:15 +0000 Commit: Ed Maste CommitDate: 2025-02-18 18:41:07 +0000 libsecureboot: Report failure for unsupported hash algorithm Reviewed by: sjg Pull request: https://github.com/freebsd/freebsd-src/pull/1574 (cherry picked from commit caaeab697bf98bf96e2fa8cb4a1e22240511fbcc) --- lib/libsecureboot/openpgp/opgp_sig.c | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/libsecureboot/openpgp/opgp_sig.c b/lib/libsecureboot/openpgp/opgp_sig.c index a6aa787ee5c0..d69dbe4cfb2b 100644 --- a/lib/libsecureboot/openpgp/opgp_sig.c +++ b/lib/libsecureboot/openpgp/opgp_sig.c @@ -343,6 +343,7 @@ openpgp_verify(const char *filename, break; default: warnx("unsupported hash algorithm: %s", hname); + rc = -1; goto oops; } md->init(&mctx.vtable); From nobody Wed Feb 19 00:19:11 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YyH7h1QxGz5nPts; Wed, 19 Feb 2025 00:19:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YyH7g5SVtz3nZc; Wed, 19 Feb 2025 00:19:11 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739924351; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=UHo7JjcxGd/zdvn6ubKe4lu9pe+B4k4V8oS9gjhQjMc=; b=GTpxCr5FhajCEmB1Lh5ufcXjecM2NKMLlvjNQFYmZeJ3A244NlEM2xjSnCnuARX+OLA7AM MTDr/qJlVwRbVYL3JUXToR6RJ6Hus41V3L1zzwVOHWzgZgizZILkjpc0sX6QT9HrgxhE43 JqubBTSpsZhGuVeHbKnazdnV7WGtRVlajyqRZQ2TqFotCNcX5Xkd23/ZfxkjfwAlT/BNLx 15RLMhP8xFtAt4tXxGmNAMmYOLcelCLleI1XePOH5/YhtPUeFin4jfaqzu9QNKTtMXrCAy VYqtNEyKeo0a+qGbs2bNV9eP1QeNtpyBH27KSpS4VjSi3Dk4RdF9B2UrtRJC2g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739924351; a=rsa-sha256; cv=none; b=TqdHXhVwV8iMwPzA8RoSWiyV5ongpajzLYmtBm3hVNtDR/d/on2hrwszKZkFOTt+WP1nyc BObha36M7mGS3wUbUjMhWIYIWrRMP4QczUJYVJTjhNT7D0SteIstiiq3/esM7YHKxA+SRO ob3vGtL8tpuQkY60LYmxQGZlwOPgF2FsK7GiuwZYnyrv3/kAa81RDkzUjWlgnWNojbEx1J DTJXWD5KXhBbPgjcnCfrKBKTUIdPupKXMyuv4bgVjptxWVMMeLLCwMSj0r3xxcwX7r/TNm lzOdL0BQK5+iQT0CqkPKtODikEp9kQKw0Al64jf3fsmtW/6WARiYUnPaYhiepQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739924351; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=UHo7JjcxGd/zdvn6ubKe4lu9pe+B4k4V8oS9gjhQjMc=; b=hvXTYdkSQb3PZs2oXIgmA9BJra4OVdhy4UvJHmZGaWuLiDE0Wpm/QZ7M5uwhuZZuTOjjBC hw4hc8tTrAbz3YQHogQ/GUHvmw8QGGcu02LT9+hbcGZ5QJr5MzU+YsvTpakXC9srJBDxl7 B81wNE0Jk2Ps5ErCDOYoyR59YVgNq6OzoA2cA2eN2ii7MvtR73+aiFNCKzDjcl5Ca0H9cF gKZtvDzXQNUIZAXligISJ9FBVo3nich8WxNYxrm4KVnbKrOsqUTUXDO3+Xb6zSFfjsVaNE UxIDJ2Xde/TF1b2Upld10ND2a9dy/zUIV29MP09hKqkHng0jMgxgthTx+3j8Cg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YyH7g53GTzjdS; Wed, 19 Feb 2025 00:19:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51J0JBYT052986; Wed, 19 Feb 2025 00:19:11 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51J0JBwv052983; Wed, 19 Feb 2025 00:19:11 GMT (envelope-from git) Date: Wed, 19 Feb 2025 00:19:11 GMT Message-Id: <202502190019.51J0JBwv052983@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Warner Losh Subject: git: 417e57b4764a - stable/14 - hptrr: Better error recovery List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: imp X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 417e57b4764ae29e3fbcb7e17466fa6c55fa95a1 Auto-Submitted: auto-generated The branch stable/14 has been updated by imp: URL: https://cgit.FreeBSD.org/src/commit/?id=417e57b4764ae29e3fbcb7e17466fa6c55fa95a1 commit 417e57b4764ae29e3fbcb7e17466fa6c55fa95a1 Author: Warner Losh AuthorDate: 2025-02-05 01:31:25 +0000 Commit: Warner Losh CommitDate: 2025-02-18 23:59:44 +0000 hptrr: Better error recovery This bug and https://www.mail-archive.com/freebsd-stable@freebsd.org/msg124458.html both have this fix. It turns unknown errors into an autosense failure, which causes us to grab the sense buffer manually. It also sets a condition that we use to retry timed out commands that jmg reports as being helpful. I'm torn on committing it. The code seems fine in terms of fixing things. But this is a 10-year-old bug with few other bugs and a short CC list for a driver that might go away in 15 anyway. I'm going to commit and close the bug, and MFC it in a week, unless someone complains (which seems unliekly, given the age of this hardware, I susepct most of it is out of service). Suggested by: jmg, Scott Long PR: 191135 MFC After: 1 week Reviewed by: imp (cherry picked from commit f52154a2044a4d1f324952af05542f93fdf0a088) --- sys/dev/hptrr/hptrr_osm_bsd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/dev/hptrr/hptrr_osm_bsd.c b/sys/dev/hptrr/hptrr_osm_bsd.c index 055ad13b14cb..8061f7bcafb7 100644 --- a/sys/dev/hptrr/hptrr_osm_bsd.c +++ b/sys/dev/hptrr/hptrr_osm_bsd.c @@ -463,7 +463,7 @@ static void os_cmddone(PCOMMAND pCmd) ccb->ccb_h.status = CAM_BUSY; break; default: - ccb->ccb_h.status = CAM_SCSI_STATUS_ERROR; + ccb->ccb_h.status = CAM_AUTOSENSE_FAIL; break; } @@ -557,7 +557,7 @@ static void hpt_scsi_io(PVBUS_EXT vbus_ext, union ccb *ccb) ccb->ccb_h.target_id >= osm_max_targets || (ccb->ccb_h.flags & CAM_CDB_PHYS)) { - ccb->ccb_h.status = CAM_TID_INVALID; + ccb->ccb_h.status = CAM_SEL_TIMEOUT; xpt_done(ccb); return; } From nobody Wed Feb 19 14:54:34 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YyfYl1VjGz5pSsP; Wed, 19 Feb 2025 14:54:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YyfYk70C8z4Dxr; Wed, 19 Feb 2025 14:54:34 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739976875; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hRDf3aieRRWtFiV92+ibjx1MzMPJxqxlwra+CLnG2nw=; b=Mhd/otRV/mFWZh5M+v2F7k5sGdklQhl7wNAWWWJkzlpoDbu2Q1pL/Z2XvPgZ25GpOj2lT8 rBmXMCf7O3gkFQX3NIyNv+PjTBKZHtlk2v1FxBhU7kzDIysGG0VfdAxbvhTyjGn8DlBXwX hEC/2S45ha0XR7r4H9zYlKUkqbz8A5giV2wZWHUZtP5Dl6KzpYXAw3RhBnI1l5lar0FvKn UPvgeatccD5zwZD3aYhpnj87isPXLjcxlAqnZx3aVfi1NrTBih8we8PHDhrvfOFUz4mq85 1ot0SuyemHCvH9tmA6ZYuS3B4hXeoao4M5QmHM/7x1Aapp2rKz8unKdoFI9wEw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739976875; a=rsa-sha256; cv=none; b=MPuhl+Rxk8rCDla5WQE5BbM6lZh7T1KE6c9Hm5jvl2E5a9GnfjsOO49qVNXuzHLuLpVysO C/7EFqA2gKyR4rZiRDk3DNR30C4+Ql2EbriV/vhBuiV1IHVwE8/8xUrRQmQm4Hau53tLdr L+EXBBdCPN85rQ1yR/zvAMGlXjTDFTKbsnpuE/magNcmSKaWWCuLzjKmMEI7ulXsDO0IoH bnY6XmMd2j6nMPoLAaof+vZVRo0sVoUDRrfiX2lTcXieNXdHfLkyhrEfHS0gIYwnfOT2Y2 RXH8mOCvBN8qu3Zy1yr7oEpTHUO6JWTmGJb4z6+evHl+gE4jTFmQSuGAPYmd6Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739976875; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hRDf3aieRRWtFiV92+ibjx1MzMPJxqxlwra+CLnG2nw=; b=M0eINOnEnoRJiXgf5A2+7QXWSprwnWajADpenvfi/bIT9sjALDzvao5anToyQTv8f1UPBM P13RKPNmJvgqmgHxBNLeSOPH12N3pmrM2yziqETXWhd4ZqPu/ozX/y6EOwJ2IxwLGFkZ70 ZuBio2PJwk4vKpk1DNWpNIR3c+r6vv8OpJUhosHQGUObs1IO09ThlZkpv5No1ff4xE2CrX mzBrSuqCvVVz3zDPTrY/GpcF8xl14XQozDAYQYlEJwcjtyH+G09auR4nD4OVGv6cyUiPQf xGPf8v+brjU1rcCQHAHgQxFFj/2b1XNeqXw+iXlTywxJhTXbjKcbWbB4mJUFig== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YyfYk6RXHz19H9; Wed, 19 Feb 2025 14:54:34 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51JEsYBE013130; Wed, 19 Feb 2025 14:54:34 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51JEsYDT013127; Wed, 19 Feb 2025 14:54:34 GMT (envelope-from git) Date: Wed, 19 Feb 2025 14:54:34 GMT Message-Id: <202502191454.51JEsYDT013127@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 34798cb576bb - stable/14 - ssh: Don't reply to PING in preauth phase or during KEX List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 34798cb576bbd2064ab8da372112482bf8e2a7e6 Auto-Submitted: auto-generated The branch stable/14 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=34798cb576bbd2064ab8da372112482bf8e2a7e6 commit 34798cb576bbd2064ab8da372112482bf8e2a7e6 Author: Ed Maste AuthorDate: 2025-02-19 03:00:45 +0000 Commit: Ed Maste CommitDate: 2025-02-19 14:42:35 +0000 ssh: Don't reply to PING in preauth phase or during KEX Obtained from: OpenSSH 5e07dee272c3 Security: CVE-2025-26466 Approved by: so Sponsored by: The FreeBSD Foundation (cherry picked from commit 8a16d0831e70530b2fbd682e748bd051de35f192) --- crypto/openssh/packet.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/crypto/openssh/packet.c b/crypto/openssh/packet.c index 2d1401e7c9f5..d8fbfa28b800 100644 --- a/crypto/openssh/packet.c +++ b/crypto/openssh/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.313 2023/12/18 14:45:17 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.318 2025/02/18 08:02:12 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1774,6 +1774,14 @@ ssh_packet_read_poll_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) if ((r = sshpkt_get_string_direct(ssh, &d, &len)) != 0) return r; DBG(debug("Received SSH2_MSG_PING len %zu", len)); + if (!ssh->state->after_authentication) { + DBG(debug("Won't reply to PING in preauth")); + break; + } + if (ssh_packet_is_rekeying(ssh)) { + DBG(debug("Won't reply to PING during KEX")); + break; + } if ((r = sshpkt_start(ssh, SSH2_MSG_PONG)) != 0 || (r = sshpkt_put_string(ssh, d, len)) != 0 || (r = sshpkt_send(ssh)) != 0) From nobody Wed Feb 19 14:54:35 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YyfYm4Tw3z5pT0n; Wed, 19 Feb 2025 14:54:36 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YyfYm0mfJz4DlX; Wed, 19 Feb 2025 14:54:36 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739976876; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=1NHnM776CJvjYMR+ACWXNX273NZ3mCUJycsa6V14cbw=; b=RZ1AboDEKV8iRQd0ABtak33WwPI7nSiZOMz3pnP/A9BvYtalFe7opszex7791B3/R/B/rj yKWbvwPZo3lw22deqWB92LFprBJ4q8i6E4Lt17c59BFebOkJ9AK7pBanMYenDaf3f/PSsy qhE45ZGUNaIAW4QAw4ctsW7A5T9WEuKvA5qRDZb4VzzpXPiegeZlerE9yraXDRKKxa2xC6 JXFBOpybf6TQq68sj2l5KO5UDGQTsFi6lFMUVF75SGY45Ac5AI7zRAtT56wbKB0AS7ZoA9 Za8baeLAIg7MbbvCBmuD5hafNtkwn5QBYUG00HGvwXfcH8IuwVle+/X5fngDCA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739976876; a=rsa-sha256; cv=none; b=loLqXfjm2s87WOJ8QvDb0KyOhXRjoAmxgvvJ2mgEoqnhxgeZNAy4biN1Ts1CVowrXiZTzL MFys/2iBl/r0OPboDIgskbJ0fOImRRouEik4z25wasNCRQ7BpkU6VFnBftD85Su/Cl4wKS qaq2/rqXnRbpfGMh0lFAQdx6OiumdO7t/mA9WNsRVThuZetxY0x6wV2aqbfyujKUAVpLK/ rQmWh085L/BuLFU0YEmDtey3okSz3ZG+j7cSkWmYbX7GcRxqZTMJ5+9D2KpIVRSbNfu/O0 gf+I7frCfZRIi/TmE1644CzD5j/5JVTteWMDeGcPKThvL4Gn24Eb3fHwBsU19Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739976876; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=1NHnM776CJvjYMR+ACWXNX273NZ3mCUJycsa6V14cbw=; b=YAzmdvHZuVbCdLUn8xHaVP25kJ7bOgXTf5RkVKM672zWbRSE0kjFIdP7FPaGeECwCy+LxT 2gy2Hdnki2bhbmMUEPUDhz2IakYx30b81mNRX1KzkkhZfCuNnic6hkLZpHreIJ0mh4QRxa aXorXSVYjjKuUSdMfJWhVPdp8jJW6Tr7MOSjXDybT+2Jkk0a7URYUDCBBiW0f7YWz7REcX cKA+cOdB1/8l2qT8vR4F2JjEt4UnNBz1/IUh3xH3NhkGhsV2Xk73+q/1sTWKMQMJ5dZuHG jcGnFE7w8lF4Jzih8NykT02OxV1RS/jNZorN8MqqzMAub4gZC3wV6+8w+NrwaQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YyfYm0Gzxz1955; Wed, 19 Feb 2025 14:54:36 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51JEsZeV013164; Wed, 19 Feb 2025 14:54:35 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51JEsZwb013161; Wed, 19 Feb 2025 14:54:35 GMT (envelope-from git) Date: Wed, 19 Feb 2025 14:54:35 GMT Message-Id: <202502191454.51JEsZwb013161@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 4ad8c195cf54 - stable/14 - ssh: Fix cases where error codes were not correctly set List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 4ad8c195cf54411e3b3fa0bec227eb83ca078404 Auto-Submitted: auto-generated The branch stable/14 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=4ad8c195cf54411e3b3fa0bec227eb83ca078404 commit 4ad8c195cf54411e3b3fa0bec227eb83ca078404 Author: Ed Maste AuthorDate: 2025-02-19 03:03:26 +0000 Commit: Ed Maste CommitDate: 2025-02-19 14:42:52 +0000 ssh: Fix cases where error codes were not correctly set Obtained from: OpenSSH 38df39ecf278 Security: CVE-2025-26465 Approved by: so Sponsored by: The FreeBSD Foundation (cherry picked from commit 170059d6d33cf4e890067097f3c0beb3061cabbd) --- crypto/openssh/krl.c | 4 +++- crypto/openssh/ssh-agent.c | 5 +++++ crypto/openssh/ssh-sk-client.c | 4 +++- crypto/openssh/sshconnect2.c | 5 ++++- crypto/openssh/sshsig.c | 1 + 5 files changed, 16 insertions(+), 3 deletions(-) diff --git a/crypto/openssh/krl.c b/crypto/openssh/krl.c index e2efdf0667a7..0d0f69534182 100644 --- a/crypto/openssh/krl.c +++ b/crypto/openssh/krl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: krl.c,v 1.59 2023/07/17 05:22:30 djm Exp $ */ +/* $OpenBSD: krl.c,v 1.60 2025/02/18 08:02:48 djm Exp $ */ /* * Copyright (c) 2012 Damien Miller * @@ -674,6 +674,7 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf) break; case KRL_SECTION_CERT_SERIAL_BITMAP: if (rs->lo - bitmap_start > INT_MAX) { + r = SSH_ERR_INVALID_FORMAT; error_f("insane bitmap gap"); goto out; } @@ -1059,6 +1060,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp) } if ((krl = ssh_krl_init()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; error_f("alloc failed"); goto out; } diff --git a/crypto/openssh/ssh-agent.c b/crypto/openssh/ssh-agent.c index 67fa376a36ff..5ea283ddaf29 100644 --- a/crypto/openssh/ssh-agent.c +++ b/crypto/openssh/ssh-agent.c @@ -1226,6 +1226,7 @@ parse_key_constraint_extension(struct sshbuf *m, char **sk_providerp, "restrict-destination-v00@openssh.com") == 0) { if (*dcsp != NULL) { error_f("%s already set", ext_name); + r = SSH_ERR_INVALID_FORMAT; goto out; } if ((r = sshbuf_froms(m, &b)) != 0) { @@ -1235,6 +1236,7 @@ parse_key_constraint_extension(struct sshbuf *m, char **sk_providerp, while (sshbuf_len(b) != 0) { if (*ndcsp >= AGENT_MAX_DEST_CONSTRAINTS) { error_f("too many %s constraints", ext_name); + r = SSH_ERR_INVALID_FORMAT; goto out; } *dcsp = xrecallocarray(*dcsp, *ndcsp, *ndcsp + 1, @@ -1252,6 +1254,7 @@ parse_key_constraint_extension(struct sshbuf *m, char **sk_providerp, } if (*certs != NULL) { error_f("%s already set", ext_name); + r = SSH_ERR_INVALID_FORMAT; goto out; } if ((r = sshbuf_get_u8(m, &v)) != 0 || @@ -1263,6 +1266,7 @@ parse_key_constraint_extension(struct sshbuf *m, char **sk_providerp, while (sshbuf_len(b) != 0) { if (*ncerts >= AGENT_MAX_EXT_CERTS) { error_f("too many %s constraints", ext_name); + r = SSH_ERR_INVALID_FORMAT; goto out; } *certs = xrecallocarray(*certs, *ncerts, *ncerts + 1, @@ -1759,6 +1763,7 @@ process_ext_session_bind(SocketEntry *e) /* record new key/sid */ if (e->nsession_ids >= AGENT_MAX_SESSION_IDS) { error_f("too many session IDs recorded"); + r = -1; goto out; } e->session_ids = xrecallocarray(e->session_ids, e->nsession_ids, diff --git a/crypto/openssh/ssh-sk-client.c b/crypto/openssh/ssh-sk-client.c index 321fe53a2d91..06fad22134fb 100644 --- a/crypto/openssh/ssh-sk-client.c +++ b/crypto/openssh/ssh-sk-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-sk-client.c,v 1.12 2022/01/14 03:34:00 djm Exp $ */ +/* $OpenBSD: ssh-sk-client.c,v 1.13 2025/02/18 08:02:48 djm Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -439,6 +439,7 @@ sshsk_load_resident(const char *provider_path, const char *device, } if ((srk = calloc(1, sizeof(*srk))) == NULL) { error_f("calloc failed"); + r = SSH_ERR_ALLOC_FAIL; goto out; } srk->key = key; @@ -450,6 +451,7 @@ sshsk_load_resident(const char *provider_path, const char *device, if ((tmp = recallocarray(srks, nsrks, nsrks + 1, sizeof(*srks))) == NULL) { error_f("recallocarray keys failed"); + r = SSH_ERR_ALLOC_FAIL; goto out; } debug_f("srks[%zu]: %s %s uidlen %zu", nsrks, diff --git a/crypto/openssh/sshconnect2.c b/crypto/openssh/sshconnect2.c index 745c2a0517f3..51079f067d8a 100644 --- a/crypto/openssh/sshconnect2.c +++ b/crypto/openssh/sshconnect2.c @@ -101,7 +101,7 @@ verify_host_key_callback(struct sshkey *hostkey, struct ssh *ssh) options.required_rsa_size)) != 0) fatal_r(r, "Bad server host key"); if (verify_host_key(xxx_host, xxx_hostaddr, hostkey, - xxx_conn_info) == -1) + xxx_conn_info) != 0) fatal("Host key verification failed."); return 0; } @@ -700,6 +700,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) if ((pktype = sshkey_type_from_name(pkalg)) == KEY_UNSPEC) { debug_f("server sent unknown pkalg %s", pkalg); + r = SSH_ERR_INVALID_FORMAT; goto done; } if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) { @@ -710,6 +711,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) error("input_userauth_pk_ok: type mismatch " "for decoded key (received %d, expected %d)", key->type, pktype); + r = SSH_ERR_INVALID_FORMAT; goto done; } @@ -729,6 +731,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) SSH_FP_DEFAULT); error_f("server replied with unknown key: %s %s", sshkey_type(key), fp == NULL ? "" : fp); + r = SSH_ERR_INVALID_FORMAT; goto done; } ident = format_identity(id); diff --git a/crypto/openssh/sshsig.c b/crypto/openssh/sshsig.c index 470b286a3a98..057e1df02381 100644 --- a/crypto/openssh/sshsig.c +++ b/crypto/openssh/sshsig.c @@ -874,6 +874,7 @@ cert_filter_principals(const char *path, u_long linenum, } if ((principals = sshbuf_dup_string(nprincipals)) == NULL) { error_f("buffer error"); + r = SSH_ERR_ALLOC_FAIL; goto out; } /* success */ From nobody Wed Feb 19 14:54:37 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YyfYn5jNrz5pSpR; Wed, 19 Feb 2025 14:54:37 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YyfYn25D6z4F1Y; Wed, 19 Feb 2025 14:54:37 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739976877; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Cq172GB70rlmYSAuRbWx7m8zVv5h34y5tosj1Pjk5ws=; b=eCWR91zpy3wBGwsJ8CzGNsSEcOHmf4L7xFTIW1aas3m4WUUdqAfGldpoimsAAb64pssTId TKx1cfON4Wbnwu83fZELSXHqZRiBqYFpum4T1lswPuAT3k+xYqB6U94Hpop0b2508pDxkQ NhQhYI21z4KcpCYgEOLXpnHTusp/xbmM3GnnOUMGsqOG2x9lspXLKapDNa0CR/DCkp1nZ6 lg05Cxir2UDHJL2Hu+ywkDWMYefIa6RiN4sqcs/jjJlB00TmUUAWF/xWf4q/w4YSu8t3tS SUnNgsX7UkKHIazZryxBxtXhb/myjEheVotD2tUqN0w5xH+ESe4l66QDucwrKw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739976877; a=rsa-sha256; cv=none; b=cbj91gU78iSELG7aZHK3HbyUsIzGf8r+kwAP3sBJIzZfs12YbDeHtNMyloapmX9VvzAmT1 sfnf5m7xItQjYBxpjDamoHqfYLBtng90D59vyntubx6k8/Q9zJvj1TWgLbQV/THzuhVGRa quoUED2PQfmyqWwuWo6WIOqkJu+J/1n7EYiGnQdTNG2o1T2KuIUJKAH5Kue1eBkbzDsjfq mQSObLca3UqjnwfcLt/oZRhrTZ3BtQMPpSbKYBNLrBGMXzRQQt/JW61x9PKkty+1t3Rs3p dsC8cqtF7NvTsxD07sANvwPXTB8nuHjmo+jAS85fink/zZCTwwWApP2ogLvEQg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739976877; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Cq172GB70rlmYSAuRbWx7m8zVv5h34y5tosj1Pjk5ws=; b=u2LD7cg5sSfE6mLju6VOQxcHGdewQVQIPT3iEilrr2K/kianWWuMBfR164g2CpIqSwFwUv 8aXopWYsyBwUxkDQ+Jshk+ULvv2LElKRL0xmG6gutp8shVTSQcOrnwDewafHpFxxUN6Gl1 FZH5msxYpdplR2M4r4WSls/LYyF7ehoBZ7lRO/6/DfldkjGE2TIw98HPtF5zuxzk+JLQmX Y1Q8gg9SW2ZNLQx4z3o4z8ANsyBR5eXt/wn9xvRiBUvTLytcS4po4jyLeuIst7TXJEpKJz RVfevkL3C0RHx+HRABx1sKNvpAY6akKPKu0pKAixzSNWxKABD8iB3p6IES24oQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YyfYn1Xr6z18pj; Wed, 19 Feb 2025 14:54:37 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51JEsbDp013203; Wed, 19 Feb 2025 14:54:37 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51JEsbvu013200; Wed, 19 Feb 2025 14:54:37 GMT (envelope-from git) Date: Wed, 19 Feb 2025 14:54:37 GMT Message-Id: <202502191454.51JEsbvu013200@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 24ce323f020f - stable/14 - ssh: Bump VersionAddendum for CVE fixes List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 24ce323f020fb1ee1b463e524a7a6c15f47ec2a4 Auto-Submitted: auto-generated The branch stable/14 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=24ce323f020fb1ee1b463e524a7a6c15f47ec2a4 commit 24ce323f020fb1ee1b463e524a7a6c15f47ec2a4 Author: Ed Maste AuthorDate: 2025-02-19 14:00:42 +0000 Commit: Ed Maste CommitDate: 2025-02-19 14:43:06 +0000 ssh: Bump VersionAddendum for CVE fixes Approved by: so Sponsored by: The FreeBSD Foundation (cherry picked from commit 62df41ae0a71e77ccb1e8fae06d82eec5dff441a) --- crypto/openssh/sshd_config | 2 +- crypto/openssh/sshd_config.5 | 2 +- crypto/openssh/version.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config index 7f559775e3b3..a17484b1da2d 100644 --- a/crypto/openssh/sshd_config +++ b/crypto/openssh/sshd_config @@ -105,7 +105,7 @@ AuthorizedKeysFile .ssh/authorized_keys #PermitTunnel no #ChrootDirectory none #UseBlacklist no -#VersionAddendum FreeBSD-20240806 +#VersionAddendum FreeBSD-20250219 # no default banner path #Banner none diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5 index 4de510ac8795..bc7d9e7df969 100644 --- a/crypto/openssh/sshd_config.5 +++ b/crypto/openssh/sshd_config.5 @@ -1944,7 +1944,7 @@ The default is Optionally specifies additional text to append to the SSH protocol banner sent by the server upon connection. The default is -.Qq FreeBSD-20240806 . +.Qq FreeBSD-20250219 . The value .Cm none may be used to disable this. diff --git a/crypto/openssh/version.h b/crypto/openssh/version.h index 82be0be8498f..f3fb7fe333eb 100644 --- a/crypto/openssh/version.h +++ b/crypto/openssh/version.h @@ -5,4 +5,4 @@ #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE -#define SSH_VERSION_FREEBSD "FreeBSD-20240806" +#define SSH_VERSION_FREEBSD "FreeBSD-20250219" From nobody Wed Feb 19 14:59:16 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Yyfg94Cw0z5pSyR; Wed, 19 Feb 2025 14:59:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Yyfg91Q2jz4H9S; Wed, 19 Feb 2025 14:59:17 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739977157; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KNnLzKBl5ltGsjxob0t000O9XSyStQNa55X7p71wFAY=; b=IlDL8wT92Fy/8FnR2Umba/v3Tke/9fPBAFFnVI0sN6/+Sk5h6DatbBNyY0D7sqfC83sKMO qDn3XuUKayFzkfQRbHwhmGp+piJ4D1R9ENyHSKQCU3IYJttn2jxIKISAHC0nCKNXlOebp2 g3+PGYpwCTL7h8/a1yDCQbcOWx+d1yEWq/Kb6aTyVuIuXe2cNPmuW9k2x4ZgT4H/s3X+aA Om2LhlWq+1IyF5UXpgH95cHzVxMiID73lqhraWgfn9vpBvCVhNX/A5OAApI1UIZ3spSTo1 Qxbzitv4KsWRvSptgq5DKs+NhiK1FaJo4Tc5CBjjiX9QymYQwhZPesiXZtJrwg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739977157; a=rsa-sha256; cv=none; b=O/N1x89wE69D66J+dAlJpDHmjPLlZ99F7byaWTF++5mD+IVuDnOkmqZ8TRX3NF+EtC3qv2 vXs9weX8oEpmkIdKoFPeawJTAukoUkhxzibEbzxpMoDuCLKmsefR7INFJD003jokrpfIKd bHdAbc3U61uqt+CKvFsDLrOvMd/liEWOBxJeIZDaa40fExk06rFrXrp1zt4iVJb9qR7f0d VrMCpGiAaKXx1iYt4OY4uS6DwWvDASuF+Km1xvmlOD7PFwCbHBG+X4WTURy9ILJTywutyk l733StgpPkI55bil10JXxjEu0yHW7+gpmOwnBPL/oe5wjXN/J5RHHGso4co1DA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739977157; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KNnLzKBl5ltGsjxob0t000O9XSyStQNa55X7p71wFAY=; b=vA1LWNBjM6k8FJsG/pRJj/O06fc0rsx8DYcjJwBHYybjo/rYYG+Ioaf3Nq4mydO++OfjAS SMPwUXZLwxoN3jM6xDas1M/DsxX+hwHPPHIopx1gO+GaLqJHYvw4lvTggjddXBzw6HErAT i5X3nJqeMsW4Z2Ta4uvRnqcfxaR/7YzhtRaiYQUQjhZumtLfHJoKzm0ylBlVfG21E4dMMt MX/6YjD6FjT5JJsBeVi/YtwqtIb0fK9G78wBYLV1b1WIE9Xsc4opbCVqUeUK8JXOZvBm5J ebg7pgy1ZyYE4N3pZcoIz/g47mJCkrjzlwjvrfGcr/eZRL7mPv40dcx0ZYjU5A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Yyfg90gNSz192n; Wed, 19 Feb 2025 14:59:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51JExGAD014707; Wed, 19 Feb 2025 14:59:16 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51JExGNS014704; Wed, 19 Feb 2025 14:59:16 GMT (envelope-from git) Date: Wed, 19 Feb 2025 14:59:16 GMT Message-Id: <202502191459.51JExGNS014704@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: ef3ed0726f22 - stable/14 - Canonicalize the name of the FreeBSD Foundation List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: ef3ed0726f2230e38df76a32a3b9ff145147af65 Auto-Submitted: auto-generated The branch stable/14 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=ef3ed0726f2230e38df76a32a3b9ff145147af65 commit ef3ed0726f2230e38df76a32a3b9ff145147af65 Author: Li-Wen Hsu AuthorDate: 2024-10-23 21:03:07 +0000 Commit: Ed Maste CommitDate: 2025-02-19 14:58:47 +0000 Canonicalize the name of the FreeBSD Foundation Reviewed by: emaste Sponsored by: The FreeBSD Foundation (cherry picked from commit dab59af3bcc7cb7ba01569d3044894b3e860ad56) --- crypto/openssh/blacklist.c | 2 +- crypto/openssh/blacklist_client.h | 2 +- lib/libc/sys/_umtx_op.2 | 2 +- lib/libc/sys/fsync.2 | 2 +- lib/libc/sys/getrlimitusage.2 | 2 +- lib/libc/sys/sigfastblock.2 | 2 +- lib/libc/sys/thr_exit.2 | 2 +- lib/libc/sys/thr_kill.2 | 2 +- lib/libc/sys/thr_new.2 | 2 +- lib/libc/sys/thr_self.2 | 2 +- lib/libc/sys/thr_set_name.2 | 2 +- lib/libc/sys/thr_suspend.2 | 2 +- lib/libc/sys/thr_wake.2 | 2 +- lib/libc/x86/sys/pkru.3 | 2 +- lib/libthr/libthr.3 | 2 +- sbin/ldconfig/ldconfig.8 | 2 +- share/man/man3/pthread_mutex_consistent.3 | 2 +- share/man/man3/pthread_mutexattr.3 | 2 +- share/man/man3/pthread_sigqueue.3 | 2 +- share/man/man4/nvdimm.4 | 2 +- share/man/man5/fdescfs.5 | 2 +- share/man/man5/tmpfs.5 | 2 +- share/man/man7/security.7 | 2 +- share/man/man9/VOP_READ_PGCACHE.9 | 2 +- share/man/man9/refcount.9 | 2 +- share/man/man9/vm_map_protect.9 | 2 +- stand/man/loader.efi.8 | 2 +- sys/dev/mgb/if_mgb.c | 2 +- sys/dev/mgb/if_mgb.h | 2 +- usr.bin/posixshmcontrol/posixshmcontrol.1 | 2 +- usr.bin/proccontrol/proccontrol.1 | 2 +- 31 files changed, 31 insertions(+), 31 deletions(-) diff --git a/crypto/openssh/blacklist.c b/crypto/openssh/blacklist.c index f118edab40cf..33d02607dd98 100644 --- a/crypto/openssh/blacklist.c +++ b/crypto/openssh/blacklist.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2015 The NetBSD Foundation, Inc. - * Copyright (c) 2016 The FreeBSD Foundation, Inc. + * Copyright (c) 2016 The FreeBSD Foundation * All rights reserved. * * Portions of this software were developed by Kurt Lidl diff --git a/crypto/openssh/blacklist_client.h b/crypto/openssh/blacklist_client.h index 236884092010..601a44461e20 100644 --- a/crypto/openssh/blacklist_client.h +++ b/crypto/openssh/blacklist_client.h @@ -1,6 +1,6 @@ /*- * Copyright (c) 2015 The NetBSD Foundation, Inc. - * Copyright (c) 2016 The FreeBSD Foundation, Inc. + * Copyright (c) 2016 The FreeBSD Foundation * All rights reserved. * * Portions of this software were developed by Kurt Lidl diff --git a/lib/libc/sys/_umtx_op.2 b/lib/libc/sys/_umtx_op.2 index 60f90c32ba35..974850fb8425 100644 --- a/lib/libc/sys/_umtx_op.2 +++ b/lib/libc/sys/_umtx_op.2 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2016 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2016 The FreeBSD Foundation .\" .\" This documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/lib/libc/sys/fsync.2 b/lib/libc/sys/fsync.2 index 02cdf9bd656b..24435e018815 100644 --- a/lib/libc/sys/fsync.2 +++ b/lib/libc/sys/fsync.2 @@ -1,6 +1,6 @@ .\" Copyright (c) 1983, 1993 .\" The Regents of the University of California. All rights reserved. -.\" Copyright (c) 2016 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2016 The FreeBSD Foundation .\" .\" Parts of this documentation were written by .\" Konstantin Belousov under sponsorship diff --git a/lib/libc/sys/getrlimitusage.2 b/lib/libc/sys/getrlimitusage.2 index e82e7b4443fd..e2114def56c2 100644 --- a/lib/libc/sys/getrlimitusage.2 +++ b/lib/libc/sys/getrlimitusage.2 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2024 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2024 The FreeBSD Foundation .\" .\" This documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/lib/libc/sys/sigfastblock.2 b/lib/libc/sys/sigfastblock.2 index 72897191c4bc..19d649e63db9 100644 --- a/lib/libc/sys/sigfastblock.2 +++ b/lib/libc/sys/sigfastblock.2 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2016 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2016 The FreeBSD Foundation .\" .\" This documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/lib/libc/sys/thr_exit.2 b/lib/libc/sys/thr_exit.2 index 62d6e6da22ce..98c6dd63f7ec 100644 --- a/lib/libc/sys/thr_exit.2 +++ b/lib/libc/sys/thr_exit.2 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2016 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2016 The FreeBSD Foundation .\" .\" This documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/lib/libc/sys/thr_kill.2 b/lib/libc/sys/thr_kill.2 index 63a6e40ef6fc..3f3cb0af2a00 100644 --- a/lib/libc/sys/thr_kill.2 +++ b/lib/libc/sys/thr_kill.2 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2016 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2016 The FreeBSD Foundation .\" .\" This documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/lib/libc/sys/thr_new.2 b/lib/libc/sys/thr_new.2 index 27408008c1a0..c0bcc8bbc7c2 100644 --- a/lib/libc/sys/thr_new.2 +++ b/lib/libc/sys/thr_new.2 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2016 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2016 The FreeBSD Foundation .\" .\" This documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/lib/libc/sys/thr_self.2 b/lib/libc/sys/thr_self.2 index 0637dca1d7b7..42d146448c05 100644 --- a/lib/libc/sys/thr_self.2 +++ b/lib/libc/sys/thr_self.2 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2016 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2016 The FreeBSD Foundation .\" .\" This documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/lib/libc/sys/thr_set_name.2 b/lib/libc/sys/thr_set_name.2 index f43a60a4b3a5..38205f7f30b8 100644 --- a/lib/libc/sys/thr_set_name.2 +++ b/lib/libc/sys/thr_set_name.2 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2016 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2016 The FreeBSD Foundation .\" .\" This documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/lib/libc/sys/thr_suspend.2 b/lib/libc/sys/thr_suspend.2 index ee4261b3676c..74eacb0daa3c 100644 --- a/lib/libc/sys/thr_suspend.2 +++ b/lib/libc/sys/thr_suspend.2 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2016 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2016 The FreeBSD Foundation .\" .\" This documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/lib/libc/sys/thr_wake.2 b/lib/libc/sys/thr_wake.2 index 0a196c2dd18b..9091a2b0c06e 100644 --- a/lib/libc/sys/thr_wake.2 +++ b/lib/libc/sys/thr_wake.2 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2016 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2016 The FreeBSD Foundation .\" .\" This documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/lib/libc/x86/sys/pkru.3 b/lib/libc/x86/sys/pkru.3 index 7b5ceb025d62..95bc66c979ac 100644 --- a/lib/libc/x86/sys/pkru.3 +++ b/lib/libc/x86/sys/pkru.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2019 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2019 The FreeBSD Foundation .\" .\" This documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/lib/libthr/libthr.3 b/lib/libthr/libthr.3 index 35a7467eec14..b84176abcd32 100644 --- a/lib/libthr/libthr.3 +++ b/lib/libthr/libthr.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 2005 Robert N. M. Watson -.\" Copyright (c) 2014,2015,2021 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2014,2015,2021 The FreeBSD Foundation .\" All rights reserved. .\" .\" Part of this documentation was written by diff --git a/sbin/ldconfig/ldconfig.8 b/sbin/ldconfig/ldconfig.8 index f3ced2220e9a..f8e5348e5faf 100644 --- a/sbin/ldconfig/ldconfig.8 +++ b/sbin/ldconfig/ldconfig.8 @@ -1,7 +1,7 @@ .\" .\" Copyright (c) 1993 Paul Kranenburg .\" All rights reserved. -.\" Copyright (c) 2021 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2021 The FreeBSD Foundation .\" .\" Portions of this documentation were written by .\" Konstantin Belousov under sponsorship diff --git a/share/man/man3/pthread_mutex_consistent.3 b/share/man/man3/pthread_mutex_consistent.3 index ac44a8d99718..e22be52ba618 100644 --- a/share/man/man3/pthread_mutex_consistent.3 +++ b/share/man/man3/pthread_mutex_consistent.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2016 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2016 The FreeBSD Foundation .\" .\" This documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/share/man/man3/pthread_mutexattr.3 b/share/man/man3/pthread_mutexattr.3 index 8f4d0d9a06a4..b18d93e2e13e 100644 --- a/share/man/man3/pthread_mutexattr.3 +++ b/share/man/man3/pthread_mutexattr.3 @@ -1,5 +1,5 @@ .\" Copyright (C) 2000 Jason Evans . -.\" Copyright (c) 2021 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2021 The FreeBSD Foundation .\" All rights reserved. .\" .\" Part of this documentation was written by diff --git a/share/man/man3/pthread_sigqueue.3 b/share/man/man3/pthread_sigqueue.3 index bf5dd62f04e6..852f6314e9d0 100644 --- a/share/man/man3/pthread_sigqueue.3 +++ b/share/man/man3/pthread_sigqueue.3 @@ -1,6 +1,6 @@ .\" SPDX-License-Identifier: BSD-2-Clause .\" -.\" Copyright 2024 The FreeBSD Foundation, Inc. +.\" Copyright 2024 The FreeBSD Foundation .\" .\" This documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/share/man/man4/nvdimm.4 b/share/man/man4/nvdimm.4 index ffeac1a673fd..5b7dbe435c46 100644 --- a/share/man/man4/nvdimm.4 +++ b/share/man/man4/nvdimm.4 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2019 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2019 The FreeBSD Foundation .\" .\" This documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/share/man/man5/fdescfs.5 b/share/man/man5/fdescfs.5 index fa260cbc12f3..0d060685b0b5 100644 --- a/share/man/man5/fdescfs.5 +++ b/share/man/man5/fdescfs.5 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2021 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2021 The FreeBSD Foundation .\" .\" Copyright (c) 1996 .\" Mike Pritchard . All rights reserved. diff --git a/share/man/man5/tmpfs.5 b/share/man/man5/tmpfs.5 index c01aefd8550a..186bb812db6f 100644 --- a/share/man/man5/tmpfs.5 +++ b/share/man/man5/tmpfs.5 @@ -1,6 +1,6 @@ .\"- .\" Copyright (c) 2007 Xin LI -.\" Copyright (c) 2017 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2017 The FreeBSD Foundation .\" .\" Part of this documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/share/man/man7/security.7 b/share/man/man7/security.7 index 697d860a9836..0701fd2f8cba 100644 --- a/share/man/man7/security.7 +++ b/share/man/man7/security.7 @@ -1,5 +1,5 @@ .\" Copyright (C) 1998 Matthew Dillon. All rights reserved. -.\" Copyright (c) 2019 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2019 The FreeBSD Foundation .\" .\" Parts of this documentation were written by .\" Konstantin Belousov under sponsorship diff --git a/share/man/man9/VOP_READ_PGCACHE.9 b/share/man/man9/VOP_READ_PGCACHE.9 index f8f67eb00f13..8a99365eba28 100644 --- a/share/man/man9/VOP_READ_PGCACHE.9 +++ b/share/man/man9/VOP_READ_PGCACHE.9 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2021 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2021 The FreeBSD Foundation .\" .\" This documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/share/man/man9/refcount.9 b/share/man/man9/refcount.9 index 0c8e4380aed3..78631f9a865a 100644 --- a/share/man/man9/refcount.9 +++ b/share/man/man9/refcount.9 @@ -3,7 +3,7 @@ .\" Written by: John H. Baldwin .\" All rights reserved. .\" -.\" Copyright (c) 2019 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2019 The FreeBSD Foundation .\" .\" Parts of this documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/share/man/man9/vm_map_protect.9 b/share/man/man9/vm_map_protect.9 index 21e7b53a6bc6..5ece889a85df 100644 --- a/share/man/man9/vm_map_protect.9 +++ b/share/man/man9/vm_map_protect.9 @@ -1,6 +1,6 @@ .\" .\" Copyright (c) 2003 Bruce M Simpson -.\" Copyright (c) 2021 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2021 The FreeBSD Foundation .\" All rights reserved. .\" .\" Parts of this documentation were written by diff --git a/stand/man/loader.efi.8 b/stand/man/loader.efi.8 index 616d08f81302..7cb2f1e96595 100644 --- a/stand/man/loader.efi.8 +++ b/stand/man/loader.efi.8 @@ -3,7 +3,7 @@ .\" .\" Copyright (c) 2019-2022 Netflix, Inc .\" Copyright (c) 2022 Mateusz Piotrowski <0mp@FreeBSD.org> -.\" Copyright 2022 The FreeBSD Foundation, Inc. +.\" Copyright 2022 The FreeBSD Foundation .\" .\" Part of this documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/sys/dev/mgb/if_mgb.c b/sys/dev/mgb/if_mgb.c index 6fafb303143c..05c4c242f739 100644 --- a/sys/dev/mgb/if_mgb.c +++ b/sys/dev/mgb/if_mgb.c @@ -1,7 +1,7 @@ /*- * SPDX-License-Identifier: BSD-2-Clause * - * Copyright (c) 2019 The FreeBSD Foundation, Inc. + * Copyright (c) 2019 The FreeBSD Foundation * * This driver was written by Gerald ND Aryeetey * under sponsorship from the FreeBSD Foundation. diff --git a/sys/dev/mgb/if_mgb.h b/sys/dev/mgb/if_mgb.h index fa49805d73b7..19f6d4a20cc7 100644 --- a/sys/dev/mgb/if_mgb.h +++ b/sys/dev/mgb/if_mgb.h @@ -1,7 +1,7 @@ /*- * SPDX-License-Identifier: BSD-2-Clause * - * Copyright (c) 2019 The FreeBSD Foundation, Inc. + * Copyright (c) 2019 The FreeBSD Foundation * * This driver was written by Gerald ND Aryeetey * under sponsorship from the FreeBSD Foundation. diff --git a/usr.bin/posixshmcontrol/posixshmcontrol.1 b/usr.bin/posixshmcontrol/posixshmcontrol.1 index 84c2b845b99b..bfa43a0bbeab 100644 --- a/usr.bin/posixshmcontrol/posixshmcontrol.1 +++ b/usr.bin/posixshmcontrol/posixshmcontrol.1 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2019 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2019 The FreeBSD Foundation .\" .\" This documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/usr.bin/proccontrol/proccontrol.1 b/usr.bin/proccontrol/proccontrol.1 index 7ab917e4a61f..73a1eb68fd0d 100644 --- a/usr.bin/proccontrol/proccontrol.1 +++ b/usr.bin/proccontrol/proccontrol.1 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2019 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2019 The FreeBSD Foundation .\" .\" This documentation was written by .\" Konstantin Belousov under sponsorship From nobody Wed Feb 19 15:00:17 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YyfhL1PdTz5pSqb; Wed, 19 Feb 2025 15:00:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YyfhK2L57z4Hns; Wed, 19 Feb 2025 15:00:17 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739977217; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=sHzCxer2C2iEaV3JMJaXIARtO237ucqTZ/SL7UmgF70=; b=CU84uxgLF+A22D+MStirfM1hlHbqBHHMraRYf2BSo3gI/t3o77Q1zYR6bodIlo3MhJ9874 ePoggRCljZ+lRUTXpLvaJQ/RAENOLvFNqrrEtE2CTdMwoTkzNIt6ra6qWCRtclxBh0hwdU 4n5gXUYAmOD3RRG1VuetXwbk62uqPCWH+3E7kHMywWO6wCpj+2Ismyn5viSuEcKFsawtww Ed6FxXVOIMmqSwEq0hTQ0i1aeaKSsZF2Ha2QqqI6dI8TC4u5tU14s+hOLh9EB2lKyGQW5J h2dFVFSCgxuZzbZyrsxtXF68olhK2sGtjvdBdrYloZsGSbWslYHxntu63xO54g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739977217; a=rsa-sha256; cv=none; b=F/uytaNEkIWdZv1OBttx8W5IAAUqUMii4em/oJ8IZKbqtk28ook15N421/QpPi6vqvoR9r 5FUunCfJzPvps1qTVHal2Sf11BZrwOOWVzM+uppkqBDn7aUBX/Yjee1oujvmgWsb7qW1WT fSc1jfsI1NcWu4cW5ybA3uMSnHUr/LNFGpCBPYAPo9TxxWDUBAb0fBf2wjSc7boACeW0Ai GO1JGV/YE8En9E99sGAwU0JVmFRAD6Fl5D7kfnvW61xSN/w1P8foXmka8+2gh2Tf7vAyuW 6nNs6/112iMBrYbHuyCP5LvGAggoeWjLwD7gCoM/KCR9nLQ4AZRR2SEIYAPx4A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739977217; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=sHzCxer2C2iEaV3JMJaXIARtO237ucqTZ/SL7UmgF70=; b=uxgFOjXC6haFhHZPH8sKn9718AihOWqW/IeIlIg3LEDx+vnv3Qf8fOxgzmJ/j7ONWiuWlL Ao+95LobFuwSqQPkxZ7t8W3heJrRK57ezX/FA+nNytnFyGPlR9KcjT3Af6JVteHx18WWx+ ytDtJ0dCrbUplPZG4BT56HKHwLOsB99v7geqWPnwXG6ARCEO6tcyER6B9WmcsFmESFmAB4 A9x2oRS+S5K6VCMeJuNiLh1U9j/4j42pKZKLkysMAtQyYPmzKrNJfnqG8DYaROKVoJyJj2 VqiNQuO6oJpKcWR9Qfih26VUM8GeK96ALBCbfg81y2C5+fKc1U0FtisWMgi96w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YyfhK1dsMz19HB; Wed, 19 Feb 2025 15:00:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51JF0HnK024240; Wed, 19 Feb 2025 15:00:17 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51JF0HQA024233; Wed, 19 Feb 2025 15:00:17 GMT (envelope-from git) Date: Wed, 19 Feb 2025 15:00:17 GMT Message-Id: <202502191500.51JF0HQA024233@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 73dd56ffcd7b - stable/14 - ssh: Move XAUTH_PATH setting to ssh.mk List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 73dd56ffcd7b2c46de58980ac888c0421e3ec0b6 Auto-Submitted: auto-generated The branch stable/14 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=73dd56ffcd7b2c46de58980ac888c0421e3ec0b6 commit 73dd56ffcd7b2c46de58980ac888c0421e3ec0b6 Author: Ed Maste AuthorDate: 2025-02-09 20:37:24 +0000 Commit: Ed Maste CommitDate: 2025-02-19 14:58:47 +0000 ssh: Move XAUTH_PATH setting to ssh.mk XAUTH_PATH is normally set (in the upstream build infrastructure) in config.h. We previously set it in ssh and sshd's Makefiles if LOCALBASE is set, and over time have sometimes also defined it in config.h. Leave it unset in config.h and move the CFLAGS logic to to ssh.mk so that it will be set when building all ssh libraries and programs but still be set by LOCALBASE. Reviewed by: jlduran Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D48907 (cherry picked from commit a63701848fe5462c4e8bbff0131bb42979e603ec) --- crypto/openssh/config.h | 2 +- secure/ssh.mk | 2 ++ secure/usr.bin/ssh/Makefile | 4 ---- secure/usr.sbin/sshd/Makefile | 3 --- 4 files changed, 3 insertions(+), 8 deletions(-) diff --git a/crypto/openssh/config.h b/crypto/openssh/config.h index 751bb631c221..5cf7f0ef2d3a 100644 --- a/crypto/openssh/config.h +++ b/crypto/openssh/config.h @@ -2015,7 +2015,7 @@ #endif /* Define if xauth is found in your path */ -#define XAUTH_PATH "/usr/local/bin/xauth" +/* #undef XAUTH_PATH */ /* Number of bits in a file offset, on hosts where this is settable. */ /* #undef _FILE_OFFSET_BITS */ diff --git a/secure/ssh.mk b/secure/ssh.mk index 9ee533c10eca..c331e40c16f8 100644 --- a/secure/ssh.mk +++ b/secure/ssh.mk @@ -7,6 +7,8 @@ SSHDIR= ${SRCTOP}/crypto/openssh CFLAGS+= -I${SSHDIR} -include ssh_namespace.h SRCS+= ssh_namespace.h +CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE:U/usr/local}/bin/xauth\" + .if ${MK_USB} != "no" # Built-in security key support CFLAGS+= -include sk_config.h diff --git a/secure/usr.bin/ssh/Makefile b/secure/usr.bin/ssh/Makefile index 1d1f5e5e8723..f5560acb8799 100644 --- a/secure/usr.bin/ssh/Makefile +++ b/secure/usr.bin/ssh/Makefile @@ -30,10 +30,6 @@ LIBADD+= gssapi LIBADD+= crypto -.if defined(LOCALBASE) -CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE}/bin/xauth\" -.endif - .include .PATH: ${SSHDIR} diff --git a/secure/usr.sbin/sshd/Makefile b/secure/usr.sbin/sshd/Makefile index c15bd773c77a..3c22819071ea 100644 --- a/secure/usr.sbin/sshd/Makefile +++ b/secure/usr.sbin/sshd/Makefile @@ -63,9 +63,6 @@ LIBADD+= wrap LIBADD+= crypto -.if defined(LOCALBASE) -CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE}/bin/xauth\" -.endif .include From nobody Wed Feb 19 16:05:15 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Yyh7K5lGRz5pXsT; Wed, 19 Feb 2025 16:05:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Yyh7J1S7wz3VwH; Wed, 19 Feb 2025 16:05:16 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739981116; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=06qU3OkussW57YwWQM667MWwQgsQj27Pe3Z7+6KLMRI=; b=HTA6OPseo54hMrc1Fons/XSZfKg1Ac6hmLcfRZCMoCJd8KFpBwxreqgHUwIZ3CYO/k16nb A3L3lay5r+GdylrX4lEbK8Fl7zLs9ZmkfJo2VZCsQcpF4oDydfI3Mpz7/Uu+AAOo2wU3x4 mQJU4dyDpjyp70uIPPgpvYbg3n7A2wMui4dF7DFSd7SD6W9Bf65+TrBdSfeoJJf3ubCsar mYJb3QJzh5wpN9oR71DWccZ9KtZcKthsSLADKf44Nf+DXN5V8XUbJNjA/G1p6uYkwziusw pf/uKGKSzjkNmZsfe/ZnV+H34taZPk/WnbidydyXXSiIuHt+8mmpCJB4nxk8Jg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739981116; a=rsa-sha256; cv=none; b=nuGopiBiaC6gF4KNodZeTYWgLl5dpHEevnuLx5GAlHiHshqTaZfxwVzV0CMF0lHOcDXv8X FWMETign/bwvw9TflNd2jYgUwoN79fFiEw+oeCmquL0YL6Z8QHDUVgP1InRcmn3sjv3yKd TfUM5VIxOx0GHZV18BNIgzg2ujpKVN8m7rMeB1Ng9/BQ1N8MVmrfSYGhDsk/6Uo3DqMUd6 DzImbKMvMeDadkCsPZmRNV23gbA8XAVQlndCrHqH4RfqLKGpdR2qxJou1S88q1hV2moAbG ukoKwaSA0t07FSsD8JDSXNXbc8WjYxt9OkhLKTSvxZAbIuxb5jRseYvEfqerxw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739981116; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=06qU3OkussW57YwWQM667MWwQgsQj27Pe3Z7+6KLMRI=; b=IpVUSq1kftGeSDBwW33gqndbiIhOsVJ7FH0R2zYHmp3GA4LlsmYoSvy+kZQr8HDtYi2ADP rvxvRhQoGe/l50zLbrgvpeDG69/fOBGreLhENXo0ZWk11oAPdJ1C6jG9EPnClAWr4xCpi2 hNOJFChWmBlotmBjLabrYW0YS6Pu0ieF7ry+cmm+CWtsLOCvRlwFu0kFULmR9Sn+vVmEZO /On3zwIF56cpNfBnhqHzWH6HlC2VoAl1EPCu/+P/rXsnGe0n27eEzoNDZRiBMxCeGW+n1M WGZNoKpNfs2yfU8Q6YuqvbqTrA8gaPmUErObn2BPvSBTSbrMO3ZL4377ha/8lw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Yyh7H5BW9z1BQh; Wed, 19 Feb 2025 16:05:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51JG5F2o045655; Wed, 19 Feb 2025 16:05:15 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51JG5FBU045652; Wed, 19 Feb 2025 16:05:15 GMT (envelope-from git) Date: Wed, 19 Feb 2025 16:05:15 GMT Message-Id: <202502191605.51JG5FBU045652@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 8c67967cb14b - stable/13 - ssh: Fix cases where error codes were not correctly set List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 8c67967cb14b0ab7e26ffa9ab6cef470a154e030 Auto-Submitted: auto-generated The branch stable/13 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=8c67967cb14b0ab7e26ffa9ab6cef470a154e030 commit 8c67967cb14b0ab7e26ffa9ab6cef470a154e030 Author: Ed Maste AuthorDate: 2025-02-19 03:03:26 +0000 Commit: Ed Maste CommitDate: 2025-02-19 15:02:39 +0000 ssh: Fix cases where error codes were not correctly set Obtained from: OpenSSH 38df39ecf278 Security: CVE-2025-26465 Approved by: so Sponsored by: The FreeBSD Foundation (cherry picked from commit 170059d6d33cf4e890067097f3c0beb3061cabbd) (cherry picked from commit 4ad8c195cf54411e3b3fa0bec227eb83ca078404) --- crypto/openssh/krl.c | 4 +++- crypto/openssh/ssh-agent.c | 5 +++++ crypto/openssh/ssh-sk-client.c | 4 +++- crypto/openssh/sshconnect2.c | 5 ++++- crypto/openssh/sshsig.c | 1 + 5 files changed, 16 insertions(+), 3 deletions(-) diff --git a/crypto/openssh/krl.c b/crypto/openssh/krl.c index e2efdf0667a7..0d0f69534182 100644 --- a/crypto/openssh/krl.c +++ b/crypto/openssh/krl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: krl.c,v 1.59 2023/07/17 05:22:30 djm Exp $ */ +/* $OpenBSD: krl.c,v 1.60 2025/02/18 08:02:48 djm Exp $ */ /* * Copyright (c) 2012 Damien Miller * @@ -674,6 +674,7 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf) break; case KRL_SECTION_CERT_SERIAL_BITMAP: if (rs->lo - bitmap_start > INT_MAX) { + r = SSH_ERR_INVALID_FORMAT; error_f("insane bitmap gap"); goto out; } @@ -1059,6 +1060,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp) } if ((krl = ssh_krl_init()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; error_f("alloc failed"); goto out; } diff --git a/crypto/openssh/ssh-agent.c b/crypto/openssh/ssh-agent.c index 67fa376a36ff..5ea283ddaf29 100644 --- a/crypto/openssh/ssh-agent.c +++ b/crypto/openssh/ssh-agent.c @@ -1226,6 +1226,7 @@ parse_key_constraint_extension(struct sshbuf *m, char **sk_providerp, "restrict-destination-v00@openssh.com") == 0) { if (*dcsp != NULL) { error_f("%s already set", ext_name); + r = SSH_ERR_INVALID_FORMAT; goto out; } if ((r = sshbuf_froms(m, &b)) != 0) { @@ -1235,6 +1236,7 @@ parse_key_constraint_extension(struct sshbuf *m, char **sk_providerp, while (sshbuf_len(b) != 0) { if (*ndcsp >= AGENT_MAX_DEST_CONSTRAINTS) { error_f("too many %s constraints", ext_name); + r = SSH_ERR_INVALID_FORMAT; goto out; } *dcsp = xrecallocarray(*dcsp, *ndcsp, *ndcsp + 1, @@ -1252,6 +1254,7 @@ parse_key_constraint_extension(struct sshbuf *m, char **sk_providerp, } if (*certs != NULL) { error_f("%s already set", ext_name); + r = SSH_ERR_INVALID_FORMAT; goto out; } if ((r = sshbuf_get_u8(m, &v)) != 0 || @@ -1263,6 +1266,7 @@ parse_key_constraint_extension(struct sshbuf *m, char **sk_providerp, while (sshbuf_len(b) != 0) { if (*ncerts >= AGENT_MAX_EXT_CERTS) { error_f("too many %s constraints", ext_name); + r = SSH_ERR_INVALID_FORMAT; goto out; } *certs = xrecallocarray(*certs, *ncerts, *ncerts + 1, @@ -1759,6 +1763,7 @@ process_ext_session_bind(SocketEntry *e) /* record new key/sid */ if (e->nsession_ids >= AGENT_MAX_SESSION_IDS) { error_f("too many session IDs recorded"); + r = -1; goto out; } e->session_ids = xrecallocarray(e->session_ids, e->nsession_ids, diff --git a/crypto/openssh/ssh-sk-client.c b/crypto/openssh/ssh-sk-client.c index 321fe53a2d91..06fad22134fb 100644 --- a/crypto/openssh/ssh-sk-client.c +++ b/crypto/openssh/ssh-sk-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-sk-client.c,v 1.12 2022/01/14 03:34:00 djm Exp $ */ +/* $OpenBSD: ssh-sk-client.c,v 1.13 2025/02/18 08:02:48 djm Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -439,6 +439,7 @@ sshsk_load_resident(const char *provider_path, const char *device, } if ((srk = calloc(1, sizeof(*srk))) == NULL) { error_f("calloc failed"); + r = SSH_ERR_ALLOC_FAIL; goto out; } srk->key = key; @@ -450,6 +451,7 @@ sshsk_load_resident(const char *provider_path, const char *device, if ((tmp = recallocarray(srks, nsrks, nsrks + 1, sizeof(*srks))) == NULL) { error_f("recallocarray keys failed"); + r = SSH_ERR_ALLOC_FAIL; goto out; } debug_f("srks[%zu]: %s %s uidlen %zu", nsrks, diff --git a/crypto/openssh/sshconnect2.c b/crypto/openssh/sshconnect2.c index 745c2a0517f3..51079f067d8a 100644 --- a/crypto/openssh/sshconnect2.c +++ b/crypto/openssh/sshconnect2.c @@ -101,7 +101,7 @@ verify_host_key_callback(struct sshkey *hostkey, struct ssh *ssh) options.required_rsa_size)) != 0) fatal_r(r, "Bad server host key"); if (verify_host_key(xxx_host, xxx_hostaddr, hostkey, - xxx_conn_info) == -1) + xxx_conn_info) != 0) fatal("Host key verification failed."); return 0; } @@ -700,6 +700,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) if ((pktype = sshkey_type_from_name(pkalg)) == KEY_UNSPEC) { debug_f("server sent unknown pkalg %s", pkalg); + r = SSH_ERR_INVALID_FORMAT; goto done; } if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) { @@ -710,6 +711,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) error("input_userauth_pk_ok: type mismatch " "for decoded key (received %d, expected %d)", key->type, pktype); + r = SSH_ERR_INVALID_FORMAT; goto done; } @@ -729,6 +731,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) SSH_FP_DEFAULT); error_f("server replied with unknown key: %s %s", sshkey_type(key), fp == NULL ? "" : fp); + r = SSH_ERR_INVALID_FORMAT; goto done; } ident = format_identity(id); diff --git a/crypto/openssh/sshsig.c b/crypto/openssh/sshsig.c index 470b286a3a98..057e1df02381 100644 --- a/crypto/openssh/sshsig.c +++ b/crypto/openssh/sshsig.c @@ -874,6 +874,7 @@ cert_filter_principals(const char *path, u_long linenum, } if ((principals = sshbuf_dup_string(nprincipals)) == NULL) { error_f("buffer error"); + r = SSH_ERR_ALLOC_FAIL; goto out; } /* success */ From nobody Wed Feb 19 16:05:14 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Yyh7H4xsJz5pXnx; Wed, 19 Feb 2025 16:05:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Yyh7H0gVZz3Vkx; Wed, 19 Feb 2025 16:05:15 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739981115; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ykos45a8yFjAwf+TKQ6c1tqTqAH61AFWNGSxVVUhxpM=; b=B0gAwiQdreUhdN2sJoqhu/rF7JOxBv546U6a7IvaoXH3l70Qo70g3e1AAN+ek4E2NK/Fk3 df/uW1cnUxlNXWO1jVxhSwIyptZOLtPgv3zJNzmMfajvZkfzSV1/G68Bz1+t4evLnnaxK8 iJFiWmvvu2fORSdtKvTiWWO9YgK8Y3VVd1oLpsb4gk6uenPG6JwX2l8+UR+ez4DH9W0M/q NCK7BbrTiVKFRWYL+AGyTjlFOkQQCTvAR+8KAansk72/ee34/WbmFDuJ9l3Ks5GapIIEGU QuxQOKftKgpJcUVE1tFopPUFdrEXt1C3+xwuCOyiA05QrzjFiUq7vLWF3SMGaw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739981115; a=rsa-sha256; cv=none; b=XMw6Js6Pgwzggb4J8DvAwiRDko36r5K5Li6fPe3M7MFO7x1zwSK8g+QKpLolKaCjaBwXBN 36fHCd/VY5RrAZgSu8ZPwxKgFS3Fx51N9R8sgkkO+S/ugCD/bH1G+4wh9Ok9lhiFKyIfa9 QB6ikAn07eb681ocOmrq1bBOrgQxKj3YYUAE2f/iz2gKK/VeP5OhydW3rNGjTGAR2ijqPB NkXYW1f4UQ7vudor4t09penktWU2Eq6bsB/scQZYR8tJ+IVpRhBUv8DUP8Bp2Xcfn2hrEm Cijs5D6FkUyFPYHzHgfakxx1rZSfp8suFmm5vi6qwG9Wquq0sgbKwfa4C/P50g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739981115; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ykos45a8yFjAwf+TKQ6c1tqTqAH61AFWNGSxVVUhxpM=; b=mR/QzkcuYykT5sHJXZjaB6qivbMP8Mluwd2XpZzlJiQbmoIdnyFS5vfS8vECuTFWRM8uTv jC3PP5hYckYQHd5SpBNXwba57MhsaSsi+DBCpqm8R1gxf1oZfo6i8lT8HG1nxt5KXlNSpE SBPdkIqbIviQJD5RrGGKF78cwnDb1oDZu0GzVT94o8yF1Q/PnnM+aQVcluddSSgILLv57I DD5/IPeAjNQxCP7OIlKZjwtTsc0NV0Z/FyEhCL8ytBzmkpCmxvlscPKHqlT+6hqAat2VB3 aqe22WiKonYi9aMnrlTfQEwIWaJ4Xxk2Ur2+r03F1MWeqTWK85ZwoxuFXlIrCQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Yyh7G5XX6z1BrX; Wed, 19 Feb 2025 16:05:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51JG5EDR045622; Wed, 19 Feb 2025 16:05:14 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51JG5EqV045619; Wed, 19 Feb 2025 16:05:14 GMT (envelope-from git) Date: Wed, 19 Feb 2025 16:05:14 GMT Message-Id: <202502191605.51JG5EqV045619@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 3ea366f74475 - stable/13 - ssh: Don't reply to PING in preauth phase or during KEX List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 3ea366f74475132a743f8667ecafe4a091a29d48 Auto-Submitted: auto-generated The branch stable/13 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=3ea366f74475132a743f8667ecafe4a091a29d48 commit 3ea366f74475132a743f8667ecafe4a091a29d48 Author: Ed Maste AuthorDate: 2025-02-19 03:00:45 +0000 Commit: Ed Maste CommitDate: 2025-02-19 15:02:39 +0000 ssh: Don't reply to PING in preauth phase or during KEX Obtained from: OpenSSH 5e07dee272c3 Security: CVE-2025-26466 Approved by: so Sponsored by: The FreeBSD Foundation (cherry picked from commit 8a16d0831e70530b2fbd682e748bd051de35f192) (cherry picked from commit 34798cb576bbd2064ab8da372112482bf8e2a7e6) --- crypto/openssh/packet.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/crypto/openssh/packet.c b/crypto/openssh/packet.c index 2d1401e7c9f5..d8fbfa28b800 100644 --- a/crypto/openssh/packet.c +++ b/crypto/openssh/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.313 2023/12/18 14:45:17 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.318 2025/02/18 08:02:12 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1774,6 +1774,14 @@ ssh_packet_read_poll_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) if ((r = sshpkt_get_string_direct(ssh, &d, &len)) != 0) return r; DBG(debug("Received SSH2_MSG_PING len %zu", len)); + if (!ssh->state->after_authentication) { + DBG(debug("Won't reply to PING in preauth")); + break; + } + if (ssh_packet_is_rekeying(ssh)) { + DBG(debug("Won't reply to PING during KEX")); + break; + } if ((r = sshpkt_start(ssh, SSH2_MSG_PONG)) != 0 || (r = sshpkt_put_string(ssh, d, len)) != 0 || (r = sshpkt_send(ssh)) != 0) From nobody Wed Feb 19 16:05:16 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Yyh7L1Ntrz5pY7M; Wed, 19 Feb 2025 16:05:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Yyh7K0KZcz3Vpw; Wed, 19 Feb 2025 16:05:17 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739981117; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=QqBjBVAi8F7v3SJE83j1Rnbvg45K+zMJWr5BpdyfDFk=; b=iC7OzEdjYaijX3BCO5BhfEm2uXVl5MI9+Kz+mo1mEuhY35PuS2DxJoPmhPdxi+cA+O2l8F s8C0vdUC001LnIV1Kkh3NLWpnyuezqypBGaeGxLP6dhLhqQmaCcTdGCx0Eibyrw+4xWdKg w10Bz63e+dtgl3oiM2EE3tq5VR8cgcMBj6PpJQ5IA0NXbP/5LtvyfIzoLyYNMXHiVTzlOY LcnFGPWn3VK6QnGWRYs+LxHGO22ucEtEU0sLwPSMJzoBQflpoI8V3O2JxBkU2IeCl9FXz0 B68aIgzbfS2hJktjeQBQWXssFFPovloI6SqkHkZ8p54UgNVagrCTMVW/TVp2TQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739981117; a=rsa-sha256; cv=none; b=xpzG1Sqg1HZdXnddiNUaGfL2hWshpyNOhTwgd8oInpSUSy6JByZRPj2QUrdNnHyEocmx/v 1P/buoRBNlHIsYpEBIzbzQR8x5kKs1+EDRttaTLrlXe/t0Xx/+Krxtwwv8QvZBcRZqkAXk l6UCG3xnEdjPAEwRUG5qfe7Yg+A5giSINZnmfCMHos83/QWMqukbZqySLxWyD2R9ZL9176 mt76D/s86zt8sSLBbg1A7Ew9moeHrSBaGPlUpioyLABpydwd9ynCpgxPnm7qSkEoNFa91C LfOHIA/sn/Xp+8A6H5KvikV0wyQwdtJOtZlK49IgSFStQ9SL4BvqgkL3BN7/FQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739981117; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=QqBjBVAi8F7v3SJE83j1Rnbvg45K+zMJWr5BpdyfDFk=; b=gT3+pk5AQ8OeF+4AI1j9Jn05ou6BZj1Oi5t2pFxUCiHZHDZjC1hyLES0GRVqOBtnazGKtT zN6dvDZlXqUB9nOojdTrj0QC2Zuyx7mB5MGwB+Q8glMmFUa0JGVeiULeXvRMWWYreHtFSZ eSuhZUNaoJWXe7o8JTlB/GAi87KUFbtO8TdutFI15yOIXUosUxm7q6UVdoFSgeS9An3Kv8 ehTszLubKRvQcSLkcuLdvvjDGU/B0d7Xi4ei2Wyqy4bIEfIDjlAEI6SBydXCfGivd7mUW0 5qj+FYSUMvoXXKjnLRMUfGFFQ5sazz+IJo5ez8QNtVcRlAGfk0pQ2H6kkuTd6A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Yyh7J63THz1C80; Wed, 19 Feb 2025 16:05:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51JG5G93045695; Wed, 19 Feb 2025 16:05:16 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51JG5GOB045693; Wed, 19 Feb 2025 16:05:16 GMT (envelope-from git) Date: Wed, 19 Feb 2025 16:05:16 GMT Message-Id: <202502191605.51JG5GOB045693@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 2fc62d0bd4f7 - stable/13 - ssh: Bump VersionAddendum for CVE fixes List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 2fc62d0bd4f7ca90d7abdfaf076dd49022bf7d54 Auto-Submitted: auto-generated The branch stable/13 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=2fc62d0bd4f7ca90d7abdfaf076dd49022bf7d54 commit 2fc62d0bd4f7ca90d7abdfaf076dd49022bf7d54 Author: Ed Maste AuthorDate: 2025-02-19 14:00:42 +0000 Commit: Ed Maste CommitDate: 2025-02-19 15:02:39 +0000 ssh: Bump VersionAddendum for CVE fixes Approved by: so Sponsored by: The FreeBSD Foundation (cherry picked from commit 62df41ae0a71e77ccb1e8fae06d82eec5dff441a) (cherry picked from commit 24ce323f020fb1ee1b463e524a7a6c15f47ec2a4) --- crypto/openssh/ssh_config | 2 +- crypto/openssh/ssh_config.5 | 2 +- crypto/openssh/sshd_config | 2 +- crypto/openssh/sshd_config.5 | 2 +- crypto/openssh/version.h | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/crypto/openssh/ssh_config b/crypto/openssh/ssh_config index a047ce2deb93..518edcd2a01a 100644 --- a/crypto/openssh/ssh_config +++ b/crypto/openssh/ssh_config @@ -44,4 +44,4 @@ # ProxyCommand ssh -q -W %h:%p gateway.example.com # RekeyLimit 1G 1h # UserKnownHostsFile ~/.ssh/known_hosts.d/%k -# VersionAddendum FreeBSD-20240806 +# VersionAddendum FreeBSD-20250219 diff --git a/crypto/openssh/ssh_config.5 b/crypto/openssh/ssh_config.5 index de1903ba43a2..60e4b31a2de5 100644 --- a/crypto/openssh/ssh_config.5 +++ b/crypto/openssh/ssh_config.5 @@ -2137,7 +2137,7 @@ in Specifies a string to append to the regular version string to identify OS- or site-specific modifications. The default is -.Dq FreeBSD-20240806 . +.Dq FreeBSD-20250219 . The value .Cm none may be used to disable this. diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config index 866e905d9515..fddc6fee17e3 100644 --- a/crypto/openssh/sshd_config +++ b/crypto/openssh/sshd_config @@ -105,7 +105,7 @@ AuthorizedKeysFile .ssh/authorized_keys #PermitTunnel no #ChrootDirectory none #UseBlacklist no -#VersionAddendum FreeBSD-20240806 +#VersionAddendum FreeBSD-20250219 # no default banner path #Banner none diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5 index a354c1ef2b0a..a5d6ef07c83f 100644 --- a/crypto/openssh/sshd_config.5 +++ b/crypto/openssh/sshd_config.5 @@ -1947,7 +1947,7 @@ The default is Optionally specifies additional text to append to the SSH protocol banner sent by the server upon connection. The default is -.Qq FreeBSD-20240806 . +.Qq FreeBSD-20250219 . The value .Cm none may be used to disable this. diff --git a/crypto/openssh/version.h b/crypto/openssh/version.h index 82be0be8498f..f3fb7fe333eb 100644 --- a/crypto/openssh/version.h +++ b/crypto/openssh/version.h @@ -5,4 +5,4 @@ #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE -#define SSH_VERSION_FREEBSD "FreeBSD-20240806" +#define SSH_VERSION_FREEBSD "FreeBSD-20250219" From nobody Wed Feb 19 16:05:57 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Yyh864F76z5pXk9; Wed, 19 Feb 2025 16:05:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Yyh8611xnz3Wlq; Wed, 19 Feb 2025 16:05:58 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739981158; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=cNPMrvvkoroX1IjKKeg51u/ts4VqoUi4UdzAbne4AZE=; b=c32shC68ItBvSKQNsm4Q9fAXIYJmgWX/WqAwUWYOyACHRDmRHg6V49ugTBNkfSeyw2zhwF S4VT4hMWN+7oIZJjlv9Sn/PqEM7mfkCqStX/ASQkGukwrJPxIPiqRBSo53l3gAxLg8hN0U WWYVFN7LnGh0pKZ1LZJ/gJFJFWoAC2tSY36Sd9o4i6OLqyLnG63cTKAE/RWCs1BaB/yLA+ HLTVvEh+vbfDykwOmTcmZG89y9NcvpR2Sg3J9QvIInOosmozKYzyS95uG8qO1cO5UOIiBO sRStXcCCVf8meogCprg2YG+DyCH09ZIUP7dIUZ8gBSlVdgELP8Vfoxmkl7QdYA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739981158; a=rsa-sha256; cv=none; b=aMoT9ARG+Np9BXrZRb2v0JAsh4K8+xns6JkUD7PwmpDXxG0vxXQMUnB1b5nksLe03z6Bqn ALwdIW0sQC7Fhj4/728TNrdsX2Zgcat76DwuQRSPPjSmw3nWMB/vIOT/Mz5HlgqICF8zGM Z/Iv35eTD8ZG8GookugSTLxHZQd1i5VxfQ74ZQ8mZAP1TT8e7aXOAO5va2Go+vV6FVT4kv mgUVCRTLPvVVDs6Sn5sXS1CdYukfZdrH/afmqaB7ejH6BvpLuuqGeEoRSaq4MkG1FKoYy6 x2gJKwdyG5MHZduSiiNdf2Xq0aKBvljD9FSjJHwclNuBTZLfjl/MEV+HPQY76Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739981158; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=cNPMrvvkoroX1IjKKeg51u/ts4VqoUi4UdzAbne4AZE=; b=s8U/ixclty2UXELqCmDzPCnk2gYgnSpgl85Km375QY6Ito86T6YLeoPo294WySj1wYR9ER HwdeD4hU/MxfNuhVmbldSiSKciqgm3JzIMWIKVFtEBZO2fVIitCO+pncIVN8/tl1/KhytW r/W94/r/UkibAW9LqwDLqkXSOtz7uCkVNzjCDCc3Q4DFlr3EDDS+Fk5Fl3YsKdPeoX4dfX 43TRwg7WfxnA4SLbFBya6TVZbFnx96S+BGIHDcY9XsHG8AsjB3m6y+qQGO+QxMGiXv4KoH ZI+J/+qB8CIWHnvr5Bu/CeNZSFQgwm5ovK8pqgQqYWeLg5RunsnMB85q14B5IQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Yyh8606Vyz1Bv4; Wed, 19 Feb 2025 16:05:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51JG5vdt046021; Wed, 19 Feb 2025 16:05:57 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51JG5v5l046018; Wed, 19 Feb 2025 16:05:57 GMT (envelope-from git) Date: Wed, 19 Feb 2025 16:05:57 GMT Message-Id: <202502191605.51JG5v5l046018@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: b2674931a281 - stable/13 - ssh: update FREEBSD-upgrade instructions List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: b2674931a281a9d99f8e716d977ffad7f160f2a0 Auto-Submitted: auto-generated The branch stable/13 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=b2674931a281a9d99f8e716d977ffad7f160f2a0 commit b2674931a281a9d99f8e716d977ffad7f160f2a0 Author: Ed Maste AuthorDate: 2022-02-23 18:33:24 +0000 Commit: Ed Maste CommitDate: 2025-02-19 15:26:58 +0000 ssh: update FREEBSD-upgrade instructions Make it clear that the 'freebsd-configure.sh' and 'freebsd-namespace.sh' scripts are run from the crypto/openssh directory. Sponsored by: The FreeBSD Foundation (cherry picked from commit 6834ca8a434b1b934f21bbc068c90ae5c7fec7ef) --- crypto/openssh/FREEBSD-upgrade | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/openssh/FREEBSD-upgrade b/crypto/openssh/FREEBSD-upgrade index 17161df93316..625677c1a5c1 100644 --- a/crypto/openssh/FREEBSD-upgrade +++ b/crypto/openssh/FREEBSD-upgrade @@ -77,6 +77,7 @@ 12) Run the configure script: + $ cd crypto/openssh $ sh freebsd-configure.sh 13) Review changes to config.h very carefully. @@ -89,6 +90,7 @@ 15) Update ssh_namespace.h: + $ cd crypto/openssh $ sh freebsd-namespace.sh 16) Build and install world, reboot, test. Pay particular attention From nobody Wed Feb 19 16:24:58 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YyhZ26kNpz5pZ02; Wed, 19 Feb 2025 16:24:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YyhZ25n8nz3ZdP; Wed, 19 Feb 2025 16:24:58 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739982298; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=JwgfrCT47tdii0qgFCzEbo+JaRbI8PPfpbMy+91mvHA=; b=Y7+ryxXvrA3Wj3L7f97+D4lclEp+cSaiDIP9QW2ASTy1MS+Vm6s9zYQOBPfuOweG06TKr5 GOJrsDM1YGwSTKCH98c491TfMjJF3YDjhEqMIdZuwUKCOkp3Y7AT+oboNRv5Nt64u2062J 6kaxwIkOK7F0OGrEF4dv3qjXgVhTQhZkgh0sUWn7VflSe9sb6Grak8Le2MZixGbjfN9oMY DHpFGCqMNpxDeb45AH1H5/fvs2e26tiTp+drr28EbnCkwrJLoSqJxFhX8Pho9A8prsgRvH OOKt+quefz6n90DXeGUpzLph/w5nJ96vasKdNJQGs1NJ+rMYVTJlGGPKS20NrA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739982298; a=rsa-sha256; cv=none; b=ONH9twctVdS9/j/MesQZztXmG19+OBqjhmfEv7v8z6VvASornYQOiyRdbvMwGWsjaWRt6m c3IxgHjQIm2/QVxhRijh+nH5LWPZYA8ULOqaZj7XDlRtvJOQJRYNlH9dRd9KI2P1O5YC6F DPoaz/gfMlHomyOjbYtXFFlcdq7XtD2f6lxNwEtd+4tU5UN72/JZ/3uBIzj3E6iBxvVgCe DrPk3vkBt21o9un00hWc3XLEYxyCx+dMULpNTLe/+GQimcrhju2v6VosG+eA0EQnvM/PNO ATzfS4k2tqYH/Higp4ODMtdH648O+NwxemqlnH2oDxjr1CuWZ9Zrl5zSippf3Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739982298; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=JwgfrCT47tdii0qgFCzEbo+JaRbI8PPfpbMy+91mvHA=; b=R+ZKqwAzgbuevYWXyVE0VrIe0A1fVhyAi7NMiTdZO1UyxTI9evzUeVeu8IAYED5cysdkWo mCxj8uBCpzUJh0DlMfcbBCy7+PxJ1+IxqpSpnFx6Yyro03mZoGLr4ID16ceSlmRHPW2bg3 +fCUe38uZS++x50EpCeGlHVy8o6cymIhmK2ByPWrO0//S33dpQG2k8S2MgK8qL4e5Sx3aa z7YvnrJFqa3q/ImOc1wdcbNVy9tHsxOuRX5RnOPRHLkAwqJo4e6yirBLyV9ja2sOJTVAXz adLZ7/qz+PnSxwllZ/E+mqs5yb8XCWFjWS7W0w3v2wwv+XqN3Yg7V1WYXZw1rw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YyhZ25LqGz1CXN; Wed, 19 Feb 2025 16:24:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51JGOww8083703; Wed, 19 Feb 2025 16:24:58 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51JGOwwj083700; Wed, 19 Feb 2025 16:24:58 GMT (envelope-from git) Date: Wed, 19 Feb 2025 16:24:58 GMT Message-Id: <202502191624.51JGOwwj083700@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Jose Luis Duran Subject: git: 9fcb7c640e27 - stable/14 - uath: Avoid a NULL dereference List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jlduran X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 9fcb7c640e27088b2b6673f5cc26cbf230d0a28f Auto-Submitted: auto-generated The branch stable/14 has been updated by jlduran: URL: https://cgit.FreeBSD.org/src/commit/?id=9fcb7c640e27088b2b6673f5cc26cbf230d0a28f commit 9fcb7c640e27088b2b6673f5cc26cbf230d0a28f Author: Jose Luis Duran AuthorDate: 2025-02-12 15:31:43 +0000 Commit: Jose Luis Duran CommitDate: 2025-02-19 16:24:39 +0000 uath: Avoid a NULL dereference PR: 284643 Reviewed by: adrian Approved by: emaste (mentor) MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D48948 (cherry picked from commit 4b77a9a80cf8a9cba5607d8d8fa0742334dcf0f4) --- sys/dev/usb/wlan/if_uath.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/sys/dev/usb/wlan/if_uath.c b/sys/dev/usb/wlan/if_uath.c index e78003bc250a..26a1b2c74baf 100644 --- a/sys/dev/usb/wlan/if_uath.c +++ b/sys/dev/usb/wlan/if_uath.c @@ -2303,10 +2303,12 @@ uath_cmdeof(struct uath_softc *sc, struct uath_cmd *cmd) __func__, dlen, sizeof(uint32_t)); return; } - /* XXX have submitter do this */ - /* copy answer into caller's supplied buffer */ - bcopy(hdr+1, cmd->odata, sizeof(uint32_t)); - cmd->olen = sizeof(uint32_t); + if (cmd->odata != NULL) { + /* XXX have submitter do this */ + /* copy answer into caller's supplied buffer */ + bcopy(hdr+1, cmd->odata, sizeof(uint32_t)); + cmd->olen = sizeof(uint32_t); + } wakeup_one(cmd); /* wake up caller */ break; From nobody Wed Feb 19 16:25:17 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YyhZP51QTz5pZ03; Wed, 19 Feb 2025 16:25:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YyhZP46mZz3bBD; Wed, 19 Feb 2025 16:25:17 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739982317; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=HYZcPT0s+2/Q+2vWpnAHbwCzC68pRGD/tsE4QLy6ofw=; b=US0hjZkWTLY6rlxO02sqNdyL1KWRjzi8PfP2+L+1+EGoR+9K27EVouokY4cgDZlXippVXS /Vs/+AUxkTh3dZhkE0TSgXRXTqgW8ZSlkO1BJfqebS7NpZcSbnRP/p+PQ73ECGQJcM9mid H9+BfrqKACke8bYtCZxILQLyxJVPEYb8Up1WPqPLKngv9o2ow5m2tOJpykoVJCt6NcekxK 1TF+JlVDkxrTaoUo/F4uLeVRI1z3IS9RXMTiD6IiT/ZTeurwiNorMdOEttEa5B/NNWjZ3h K2T4dGi7ekBqznuYu4d7I2NhGuukwLpuSWfvdC5f5nXAEuSkZs4fulXPPk6tqA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739982317; a=rsa-sha256; cv=none; b=hEu60888rGeyaqb2a1xUgeCw7xmw9hWQtWSabmpMPARhrrPV6Fj8vSGUUvyPeoqiVGx8mP GF5+QC3LfWKBlYAqEn16TLLNS6JnmlIBzEHDruhaDFoaRtvx02+f8Xk5JdsEwSN/PPbQFx oZPEHdRQMDONfpD4WmziPoKECAhMWpvj8Nr4U5/9xDmNXbkEoINuAvTVcj75FTcjJGZ8m3 mkA5yVMd3Or3x1mdqmUjl27nuuj1WYd3Weeo7AXcU4DvlnYFik/PgPsgO+mfUmlvP3tc3/ 6+WPfTHqZo+/0G5tsw4LuNth5/KqOq3OfSxpSiGirenf56Y7zZavhb0Km6johw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739982317; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=HYZcPT0s+2/Q+2vWpnAHbwCzC68pRGD/tsE4QLy6ofw=; b=o4acm0zLYYFzhwy9ZQveZrwOE9COlMEabRH/Fg+ITITDHv1m88kRz2Q323txacH68eig6j iUZDNEeDrM9BMWcAEOsy41H2fMog8WobclHZjI8UgDa1/lwuuUduJWAjfEpDp/85BsSajV tPCshiWoG6sgFOP3CNraSO3dvxc7yrdQdCAr52zmddmMvO9K8fibcMj3gvuWvgoDyBJZRO 2z4iJbAnmsbMzYHNHC3+PrJh/kOOZVGITnLiPU7i2vwFV3ttMUHCxveBnruiB599ckqll9 NkeQE/wsb2pXAwkpP/EmKfbblRr4vvBGrt0ULOVNmE+08YviKL/aipgihKdaMQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YyhZP3jvgz1CQk; Wed, 19 Feb 2025 16:25:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51JGPHsC083927; Wed, 19 Feb 2025 16:25:17 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51JGPHd0083924; Wed, 19 Feb 2025 16:25:17 GMT (envelope-from git) Date: Wed, 19 Feb 2025 16:25:17 GMT Message-Id: <202502191625.51JGPHd0083924@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Jose Luis Duran Subject: git: 2dcc11d82758 - stable/13 - uath: Avoid a NULL dereference List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jlduran X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 2dcc11d82758b0b1320dbc16c8ce30b0f8d5b4c5 Auto-Submitted: auto-generated The branch stable/13 has been updated by jlduran: URL: https://cgit.FreeBSD.org/src/commit/?id=2dcc11d82758b0b1320dbc16c8ce30b0f8d5b4c5 commit 2dcc11d82758b0b1320dbc16c8ce30b0f8d5b4c5 Author: Jose Luis Duran AuthorDate: 2025-02-12 15:31:43 +0000 Commit: Jose Luis Duran CommitDate: 2025-02-19 16:23:59 +0000 uath: Avoid a NULL dereference PR: 284643 Reviewed by: adrian Approved by: emaste (mentor) MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D48948 (cherry picked from commit 4b77a9a80cf8a9cba5607d8d8fa0742334dcf0f4) --- sys/dev/usb/wlan/if_uath.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/sys/dev/usb/wlan/if_uath.c b/sys/dev/usb/wlan/if_uath.c index 7d5e50590ea2..480e987a924d 100644 --- a/sys/dev/usb/wlan/if_uath.c +++ b/sys/dev/usb/wlan/if_uath.c @@ -2303,10 +2303,12 @@ uath_cmdeof(struct uath_softc *sc, struct uath_cmd *cmd) __func__, dlen, sizeof(uint32_t)); return; } - /* XXX have submitter do this */ - /* copy answer into caller's supplied buffer */ - bcopy(hdr+1, cmd->odata, sizeof(uint32_t)); - cmd->olen = sizeof(uint32_t); + if (cmd->odata != NULL) { + /* XXX have submitter do this */ + /* copy answer into caller's supplied buffer */ + bcopy(hdr+1, cmd->odata, sizeof(uint32_t)); + cmd->olen = sizeof(uint32_t); + } wakeup_one(cmd); /* wake up caller */ break; From nobody Wed Feb 19 19:25:54 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YymZq03JVz5nY2Q; Wed, 19 Feb 2025 19:25:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YymZp6FTmz43G3; Wed, 19 Feb 2025 19:25:54 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739993154; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=B8oOj3AgTUM1fYPlIvVzvLUQ5nFTyRdnurxGabdrX7I=; b=WTQ10USN6Ew59G6PwoLOI6jYZ3rnK+HlIwGllLFh8Ukj/RMppDRNCsNTMkfPA5byiEwWRu dQ0raSpvJafXN6d+5rqJxCi3FnqqyclTsWcFrv6geHZI7+hy0TBhMwxUmXBQv2q8xsguyp bQB/63Gcf11eGhc8YfcV97K1LmRxu3kVNJokA6mj3cjS+nqBUOvhgj3RDMfUL/20quYw6j 4Bd5N8YLR8GFZNjy3aCNwaMjNVZSHzC+4TIBv3AqgmQEydnmVSA466n2rLkvWPalF3mllj Ute5Y8JQ4pjeUmJhLOvBOgbH1bIDwKt06vdTN1gfUEpXMG/zQQ36Oa+URkxgxQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739993154; a=rsa-sha256; cv=none; b=RRY8MSrK7l2lMc4tQyYlJI4N1DMVH5uHNSYeqaYccc62J0HfvuyYmsqJZtO6w3wrNZOk/V GQ6UItPgjHURtsFNNP4RihjWJ5YPKVhCm9Nx5MwV+LApn5Pd/QvDMMz9/YyAljmAh94+QS UoOluK6EMHzMFQajcYXr+p+VcPUiOopeit8tD7G+cwPeWa/s0/olICzdlNUNGLqJNpUdio YN7BoZqDeIrX8aFixczpNOGhjaiArD2L7QO3AfWC5+uTdZEk49kynL3/jrJfqaLBQ3zDrl N+VYBv4EO4/uUlEBE0UThq0eNhF8D8edk+kEJzCUS6MAg/I4OQUM5ybTBs6JQQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739993154; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=B8oOj3AgTUM1fYPlIvVzvLUQ5nFTyRdnurxGabdrX7I=; b=fIvfBgla2btN4UNFMaF6SS9+YZwnvIOXsSn9rLn7lTTNgag3xSG8VNAQxwYgOZhKCavYS5 twgXCBo3e3IMSb1IRv71RSYHWktyFw+TjTAdmDjQNlQastZoOr/alqyNYoY/fBwdYhOYJp OtLx9jPnxJjpu6yFUBvfWtaKgvPX+VQUMUFABmeFK2PsuQug+XucLhPMJGwcbet14tK+80 EHBMY6ZFLGbVr73Di/wLnrlBco4nBmAxM/JPnteuyg3EDqHPpQeR3z/r+1J5vdhILAMdUA hY9lMrfFMuJ46bfF6GHJEHeX9gMz0Qo8xyLXwcFInZeLQYgjw/cMW6fXrPJCeA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YymZp5qHMz3T5; Wed, 19 Feb 2025 19:25:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51JJPsQT022272; Wed, 19 Feb 2025 19:25:54 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51JJPsej022269; Wed, 19 Feb 2025 19:25:54 GMT (envelope-from git) Date: Wed, 19 Feb 2025 19:25:54 GMT Message-Id: <202502191925.51JJPsej022269@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Colin Percival Subject: git: 4ddbb7945c63 - stable/13 - pkg-stage.sh: kde5 -> kde List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cperciva X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 4ddbb7945c633f2675daac78b70c3450e67d0498 Auto-Submitted: auto-generated The branch stable/13 has been updated by cperciva: URL: https://cgit.FreeBSD.org/src/commit/?id=4ddbb7945c633f2675daac78b70c3450e67d0498 commit 4ddbb7945c633f2675daac78b70c3450e67d0498 Author: Colin Percival AuthorDate: 2025-02-19 19:21:04 +0000 Commit: Colin Percival CommitDate: 2025-02-19 19:25:50 +0000 pkg-stage.sh: kde5 -> kde The "kde5" package no longer exists; KDE goes to 6. Note: Depending on the size of 13.5-BETA3 DVD images, KDE might end up being removed from this list in the near future. With hat: re@ MFC after: 30 seconds Sponsored by: Amazon (cherry picked from commit 0d7b98c06c5ec9638020844ee460af075cfc6e54) --- release/scripts/pkg-stage.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/release/scripts/pkg-stage.sh b/release/scripts/pkg-stage.sh index b7305337c012..8e3e1f35e112 100755 --- a/release/scripts/pkg-stage.sh +++ b/release/scripts/pkg-stage.sh @@ -28,7 +28,7 @@ sysutils/tmux www/firefox www/links x11/gnome -x11/kde5 +x11/kde x11/sddm x11/xorg x11-wm/sway" From nobody Wed Feb 19 19:53:05 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YynB940tGz5nZqf; Wed, 19 Feb 2025 19:53:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YynB930pvz468S; Wed, 19 Feb 2025 19:53:05 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739994785; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=15bJ1QTL05Cg0SCdogBHCU6+BR26CDvTX4A5wrNYTP0=; b=EXUnJ1vYj7FeoAcW+yd09NA2016/7pd3HW7mEsXuvhNETo2AS9nSnfx30xXkh7YBOrn8Nk 1JB87kNkthG5FMF4m+iVt236GuB+Ip6iQMo6quAD9xgsLgR5+Gcrqx1o8TkeWGLmBFTrog LeMh1xA4+jku0F8kThAEYmXMBFSKoWuCyfz2acRLLyXx49vPukpiZUA01U18YDhQDFqeYr Pv8wFE5LPv+6clW4MqPSodqFb8nwcKe2MU4a4mZjQzCxvdPLkDOkNSh7r0ocPa+vDghkJZ eFnnrhBGwSgTr8yZtS8hDzZWQaJOyyolFmPW3DtLcJueJn0SYPowvdQbpNF/wg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739994785; a=rsa-sha256; cv=none; b=gjSPEddxOcbNmzhxJW5NZ1/5aA1LJJvLH5xmz9GSk7ZgthNv2pA9l12t5ncpYn0cKxbtTr VS0I6PI4wcYM4uS4GrJSWwVIOVsfr4OQP2vha4tcK9ot3vwDVoAUbDULjgMGnPujOoKS+R ICIICT8OqcRblOfUrzwfhFR7NzSg692VPzm0XR1c6kXkxZrKjktd5n3no4LTJimY4cNneu L5voHCxVCmOEWrp6M1zYCqT01ZgzNEG6a1ZAiFLhcMNPcKTMGkzdCzsVddCq9bDSksxxoi s0XIdETqkz7uQm+BD4op8XJgJPk4U65SEhW5HSgERURbDaE8HDKrPGqtuWddaA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739994785; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=15bJ1QTL05Cg0SCdogBHCU6+BR26CDvTX4A5wrNYTP0=; b=d5jkX84jFYv/LwgBggumJNSVhKySYmR/YkCX15cYXy9oqm+0SprfhF8xO2Nl6ZWABq+hLg B5ZPiwGj7N+terTv6MNJseGgZrOrF4g0GtmFtpRSssQ7uDhp2KNy6RYeODLj/MiwTbrDdf 5QO2JY0a/Nhrwe+TQOLjTF8Nozb9MRS3awmNQ6/0uUdUYUzoIr/TUIGRw5nnkA+nBhtHCo KUL+TlDAun8l1JLYWccGwwjFmHcnp0sTjhuEbN9/1MRKq/r6595qdj1YCcFEbDmuasr7RV nISgtf4PwIlFA+8j/6pXxfkZpcOXWXU4CQi4dhembU3Dt/4BLQ2UUuA3Te3b6Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YynB92V0Yz4Vp; Wed, 19 Feb 2025 19:53:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51JJr587076959; Wed, 19 Feb 2025 19:53:05 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51JJr5Av076955; Wed, 19 Feb 2025 19:53:05 GMT (envelope-from git) Date: Wed, 19 Feb 2025 19:53:05 GMT Message-Id: <202502191953.51JJr5Av076955@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: fd3016b17efb - stable/13 - Canonicalize the name of the FreeBSD Foundation List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: fd3016b17efbfb351c62921e4ec1ac3812baffab Auto-Submitted: auto-generated The branch stable/13 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=fd3016b17efbfb351c62921e4ec1ac3812baffab commit fd3016b17efbfb351c62921e4ec1ac3812baffab Author: Li-Wen Hsu AuthorDate: 2024-10-23 21:03:07 +0000 Commit: Ed Maste CommitDate: 2025-02-19 19:52:36 +0000 Canonicalize the name of the FreeBSD Foundation Reviewed by: emaste Sponsored by: The FreeBSD Foundation (cherry picked from commit dab59af3bcc7cb7ba01569d3044894b3e860ad56) (cherry picked from commit ef3ed0726f2230e38df76a32a3b9ff145147af65) --- crypto/openssh/blacklist.c | 2 +- crypto/openssh/blacklist_client.h | 2 +- lib/libc/sys/_umtx_op.2 | 2 +- lib/libc/sys/fsync.2 | 2 +- lib/libc/sys/sigfastblock.2 | 2 +- lib/libc/sys/thr_exit.2 | 2 +- lib/libc/sys/thr_kill.2 | 2 +- lib/libc/sys/thr_new.2 | 2 +- lib/libc/sys/thr_self.2 | 2 +- lib/libc/sys/thr_set_name.2 | 2 +- lib/libc/sys/thr_suspend.2 | 2 +- lib/libc/sys/thr_wake.2 | 2 +- lib/libc/x86/sys/pkru.3 | 2 +- lib/libthr/libthr.3 | 2 +- sbin/ldconfig/ldconfig.8 | 2 +- share/man/man3/pthread_mutex_consistent.3 | 2 +- share/man/man3/pthread_mutexattr.3 | 2 +- share/man/man4/nvdimm.4 | 2 +- share/man/man5/fdescfs.5 | 2 +- share/man/man5/tmpfs.5 | 2 +- share/man/man7/security.7 | 2 +- share/man/man9/VOP_READ_PGCACHE.9 | 2 +- share/man/man9/refcount.9 | 2 +- stand/man/loader.efi.8 | 2 +- sys/dev/mgb/if_mgb.c | 2 +- sys/dev/mgb/if_mgb.h | 2 +- usr.bin/posixshmcontrol/posixshmcontrol.1 | 2 +- usr.bin/proccontrol/proccontrol.1 | 2 +- 28 files changed, 28 insertions(+), 28 deletions(-) diff --git a/crypto/openssh/blacklist.c b/crypto/openssh/blacklist.c index f118edab40cf..33d02607dd98 100644 --- a/crypto/openssh/blacklist.c +++ b/crypto/openssh/blacklist.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2015 The NetBSD Foundation, Inc. - * Copyright (c) 2016 The FreeBSD Foundation, Inc. + * Copyright (c) 2016 The FreeBSD Foundation * All rights reserved. * * Portions of this software were developed by Kurt Lidl diff --git a/crypto/openssh/blacklist_client.h b/crypto/openssh/blacklist_client.h index 236884092010..601a44461e20 100644 --- a/crypto/openssh/blacklist_client.h +++ b/crypto/openssh/blacklist_client.h @@ -1,6 +1,6 @@ /*- * Copyright (c) 2015 The NetBSD Foundation, Inc. - * Copyright (c) 2016 The FreeBSD Foundation, Inc. + * Copyright (c) 2016 The FreeBSD Foundation * All rights reserved. * * Portions of this software were developed by Kurt Lidl diff --git a/lib/libc/sys/_umtx_op.2 b/lib/libc/sys/_umtx_op.2 index 60f90c32ba35..974850fb8425 100644 --- a/lib/libc/sys/_umtx_op.2 +++ b/lib/libc/sys/_umtx_op.2 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2016 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2016 The FreeBSD Foundation .\" .\" This documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/lib/libc/sys/fsync.2 b/lib/libc/sys/fsync.2 index 02cdf9bd656b..24435e018815 100644 --- a/lib/libc/sys/fsync.2 +++ b/lib/libc/sys/fsync.2 @@ -1,6 +1,6 @@ .\" Copyright (c) 1983, 1993 .\" The Regents of the University of California. All rights reserved. -.\" Copyright (c) 2016 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2016 The FreeBSD Foundation .\" .\" Parts of this documentation were written by .\" Konstantin Belousov under sponsorship diff --git a/lib/libc/sys/sigfastblock.2 b/lib/libc/sys/sigfastblock.2 index 72897191c4bc..19d649e63db9 100644 --- a/lib/libc/sys/sigfastblock.2 +++ b/lib/libc/sys/sigfastblock.2 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2016 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2016 The FreeBSD Foundation .\" .\" This documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/lib/libc/sys/thr_exit.2 b/lib/libc/sys/thr_exit.2 index 62d6e6da22ce..98c6dd63f7ec 100644 --- a/lib/libc/sys/thr_exit.2 +++ b/lib/libc/sys/thr_exit.2 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2016 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2016 The FreeBSD Foundation .\" .\" This documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/lib/libc/sys/thr_kill.2 b/lib/libc/sys/thr_kill.2 index a18e53e61008..8db645a77e54 100644 --- a/lib/libc/sys/thr_kill.2 +++ b/lib/libc/sys/thr_kill.2 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2016 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2016 The FreeBSD Foundation .\" .\" This documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/lib/libc/sys/thr_new.2 b/lib/libc/sys/thr_new.2 index eb57fb67ac2a..0576acebef47 100644 --- a/lib/libc/sys/thr_new.2 +++ b/lib/libc/sys/thr_new.2 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2016 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2016 The FreeBSD Foundation .\" .\" This documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/lib/libc/sys/thr_self.2 b/lib/libc/sys/thr_self.2 index 0637dca1d7b7..42d146448c05 100644 --- a/lib/libc/sys/thr_self.2 +++ b/lib/libc/sys/thr_self.2 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2016 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2016 The FreeBSD Foundation .\" .\" This documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/lib/libc/sys/thr_set_name.2 b/lib/libc/sys/thr_set_name.2 index f43a60a4b3a5..38205f7f30b8 100644 --- a/lib/libc/sys/thr_set_name.2 +++ b/lib/libc/sys/thr_set_name.2 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2016 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2016 The FreeBSD Foundation .\" .\" This documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/lib/libc/sys/thr_suspend.2 b/lib/libc/sys/thr_suspend.2 index ee4261b3676c..74eacb0daa3c 100644 --- a/lib/libc/sys/thr_suspend.2 +++ b/lib/libc/sys/thr_suspend.2 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2016 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2016 The FreeBSD Foundation .\" .\" This documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/lib/libc/sys/thr_wake.2 b/lib/libc/sys/thr_wake.2 index 0a196c2dd18b..9091a2b0c06e 100644 --- a/lib/libc/sys/thr_wake.2 +++ b/lib/libc/sys/thr_wake.2 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2016 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2016 The FreeBSD Foundation .\" .\" This documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/lib/libc/x86/sys/pkru.3 b/lib/libc/x86/sys/pkru.3 index 2bcb6a64baaa..43c6e2423abe 100644 --- a/lib/libc/x86/sys/pkru.3 +++ b/lib/libc/x86/sys/pkru.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2019 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2019 The FreeBSD Foundation .\" .\" This documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/lib/libthr/libthr.3 b/lib/libthr/libthr.3 index 7d0c7669654a..a89c6a4cb4c7 100644 --- a/lib/libthr/libthr.3 +++ b/lib/libthr/libthr.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 2005 Robert N. M. Watson -.\" Copyright (c) 2014,2015,2021 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2014,2015,2021 The FreeBSD Foundation .\" All rights reserved. .\" .\" Part of this documentation was written by diff --git a/sbin/ldconfig/ldconfig.8 b/sbin/ldconfig/ldconfig.8 index 47e0dfa99b50..c9552a974ccc 100644 --- a/sbin/ldconfig/ldconfig.8 +++ b/sbin/ldconfig/ldconfig.8 @@ -1,7 +1,7 @@ .\" .\" Copyright (c) 1993 Paul Kranenburg .\" All rights reserved. -.\" Copyright (c) 2021 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2021 The FreeBSD Foundation .\" .\" Portions of this documentation were written by .\" Konstantin Belousov under sponsorship diff --git a/share/man/man3/pthread_mutex_consistent.3 b/share/man/man3/pthread_mutex_consistent.3 index ac44a8d99718..e22be52ba618 100644 --- a/share/man/man3/pthread_mutex_consistent.3 +++ b/share/man/man3/pthread_mutex_consistent.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2016 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2016 The FreeBSD Foundation .\" .\" This documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/share/man/man3/pthread_mutexattr.3 b/share/man/man3/pthread_mutexattr.3 index 8f4d0d9a06a4..b18d93e2e13e 100644 --- a/share/man/man3/pthread_mutexattr.3 +++ b/share/man/man3/pthread_mutexattr.3 @@ -1,5 +1,5 @@ .\" Copyright (C) 2000 Jason Evans . -.\" Copyright (c) 2021 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2021 The FreeBSD Foundation .\" All rights reserved. .\" .\" Part of this documentation was written by diff --git a/share/man/man4/nvdimm.4 b/share/man/man4/nvdimm.4 index f7eab8f97e88..125fadd851f3 100644 --- a/share/man/man4/nvdimm.4 +++ b/share/man/man4/nvdimm.4 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2019 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2019 The FreeBSD Foundation .\" .\" This documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/share/man/man5/fdescfs.5 b/share/man/man5/fdescfs.5 index fa260cbc12f3..0d060685b0b5 100644 --- a/share/man/man5/fdescfs.5 +++ b/share/man/man5/fdescfs.5 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2021 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2021 The FreeBSD Foundation .\" .\" Copyright (c) 1996 .\" Mike Pritchard . All rights reserved. diff --git a/share/man/man5/tmpfs.5 b/share/man/man5/tmpfs.5 index c01aefd8550a..186bb812db6f 100644 --- a/share/man/man5/tmpfs.5 +++ b/share/man/man5/tmpfs.5 @@ -1,6 +1,6 @@ .\"- .\" Copyright (c) 2007 Xin LI -.\" Copyright (c) 2017 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2017 The FreeBSD Foundation .\" .\" Part of this documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/share/man/man7/security.7 b/share/man/man7/security.7 index 785cfcb6c7e5..4b5b792777f9 100644 --- a/share/man/man7/security.7 +++ b/share/man/man7/security.7 @@ -1,5 +1,5 @@ .\" Copyright (C) 1998 Matthew Dillon. All rights reserved. -.\" Copyright (c) 2019 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2019 The FreeBSD Foundation .\" .\" Parts of this documentation were written by .\" Konstantin Belousov under sponsorship diff --git a/share/man/man9/VOP_READ_PGCACHE.9 b/share/man/man9/VOP_READ_PGCACHE.9 index f8f67eb00f13..8a99365eba28 100644 --- a/share/man/man9/VOP_READ_PGCACHE.9 +++ b/share/man/man9/VOP_READ_PGCACHE.9 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2021 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2021 The FreeBSD Foundation .\" .\" This documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/share/man/man9/refcount.9 b/share/man/man9/refcount.9 index 0c8e4380aed3..78631f9a865a 100644 --- a/share/man/man9/refcount.9 +++ b/share/man/man9/refcount.9 @@ -3,7 +3,7 @@ .\" Written by: John H. Baldwin .\" All rights reserved. .\" -.\" Copyright (c) 2019 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2019 The FreeBSD Foundation .\" .\" Parts of this documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/stand/man/loader.efi.8 b/stand/man/loader.efi.8 index 2128cc99c2a5..82b9aa091de8 100644 --- a/stand/man/loader.efi.8 +++ b/stand/man/loader.efi.8 @@ -3,7 +3,7 @@ .\" .\" Copyright (c) 2019-2022 Netflix, Inc .\" Copyright (c) 2022 Mateusz Piotrowski <0mp@FreeBSD.org> -.\" Copyright 2022 The FreeBSD Foundation, Inc. +.\" Copyright 2022 The FreeBSD Foundation .\" .\" Part of this documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/sys/dev/mgb/if_mgb.c b/sys/dev/mgb/if_mgb.c index 7ac93ec020c4..9308dd9b97b7 100644 --- a/sys/dev/mgb/if_mgb.c +++ b/sys/dev/mgb/if_mgb.c @@ -1,7 +1,7 @@ /*- * SPDX-License-Identifier: BSD-2-Clause * - * Copyright (c) 2019 The FreeBSD Foundation, Inc. + * Copyright (c) 2019 The FreeBSD Foundation * * This driver was written by Gerald ND Aryeetey * under sponsorship from the FreeBSD Foundation. diff --git a/sys/dev/mgb/if_mgb.h b/sys/dev/mgb/if_mgb.h index fa49805d73b7..19f6d4a20cc7 100644 --- a/sys/dev/mgb/if_mgb.h +++ b/sys/dev/mgb/if_mgb.h @@ -1,7 +1,7 @@ /*- * SPDX-License-Identifier: BSD-2-Clause * - * Copyright (c) 2019 The FreeBSD Foundation, Inc. + * Copyright (c) 2019 The FreeBSD Foundation * * This driver was written by Gerald ND Aryeetey * under sponsorship from the FreeBSD Foundation. diff --git a/usr.bin/posixshmcontrol/posixshmcontrol.1 b/usr.bin/posixshmcontrol/posixshmcontrol.1 index 84c2b845b99b..bfa43a0bbeab 100644 --- a/usr.bin/posixshmcontrol/posixshmcontrol.1 +++ b/usr.bin/posixshmcontrol/posixshmcontrol.1 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2019 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2019 The FreeBSD Foundation .\" .\" This documentation was written by .\" Konstantin Belousov under sponsorship diff --git a/usr.bin/proccontrol/proccontrol.1 b/usr.bin/proccontrol/proccontrol.1 index 8ab63d079bbe..820b0f403b01 100644 --- a/usr.bin/proccontrol/proccontrol.1 +++ b/usr.bin/proccontrol/proccontrol.1 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2019 The FreeBSD Foundation, Inc. +.\" Copyright (c) 2019 The FreeBSD Foundation .\" .\" This documentation was written by .\" Konstantin Belousov under sponsorship From nobody Wed Feb 19 21:02:16 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Yypk415qLz5ngSZ; Wed, 19 Feb 2025 21:02:20 +0000 (UTC) (envelope-from makc@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Yypk34LbQz3JXK; Wed, 19 Feb 2025 21:02:19 +0000 (UTC) (envelope-from makc@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739998939; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vcNE0MbzXlN4MoIntdZ3a/0kbl9aVS717+e8ukm7N9o=; b=bkXpSmUZjvt76bW+n7UBc/Q7yDppaUKpYaSfvSdcI9bDC6Gd7pOUwhZtqVmFLT5dUIl0O2 gp5HeTPNLmBa81jU8jWoDDDYHhFILeuH9n25NHYg3WxeA1sC6NUg3GaDkZKBtXhNZB0i4Y fdr5ZNTw74RTSOruqrX60mFTcRsRKZerNwV4+86X7DXVrrMj3Ura3Ctt3ZFItS+KE7/Pzy N6vFCkBMXLZ9tscJHlVEiIoMCOP8ELaP893QR85hvQi23gR6mYJkfpErdVaC/xAoPx87lz 1/k74h84mDBlQ6mcwgffDs07ihUX6tP/0POVz4YjsHzbxzHY9AdBPcm8ZQWwUQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739998939; a=rsa-sha256; cv=none; b=KuEuUlOy8sWngHowbI2jBK7jHONjLdjegv823suHKvagR1/D0lTnWLIulpfh3reuFw2Npn 4zP/1syhxEq49m9W8dKTtrqYISMM23BwbiYqRGQk+cL8qlj6dV2JjB3jWY/T8pjoOV7orp dmhXPV0wifIVcufuD9dGKB1ppdwT/ZGdnw0GAbiWzM9R06WbKpQ6pAOi1jLJS1xeUuG57S /tJq7sDqnfWCoFN0ndjubqiFrNEKdY0STie8O+8L5O/KyDLjEXSC0pUKJJlei9s6Q2Bw0T Q5/Ll0f40VsELxpT4KCxUJzzdK/2PKs21RtjMBKRnJyXDYqveMIjqp0c4IddYQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739998939; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vcNE0MbzXlN4MoIntdZ3a/0kbl9aVS717+e8ukm7N9o=; b=Fo+2DIF/NBtZrVwyb1A4jrhtkrcSaYYiTpIh+D8ma0992k2ld2+UYQ/7IEbdk3W+zB2EWn TvC20rBPVnw1JbafkGxr+bK/1llQ8VdO82J9yg8NYTzpnT9OsdN7s5CoOV1mhN51vH7VJl EFVbXt3/m4+9+hZT60yQO5eTNiLtV3mUKx9y+SEtJ60D1TnrklE5Kngwvq2MtVUdUWplXt zSO/wUf3kztfdTiU08OaE7u5koGVvssLKmeGUZvNMKZ1qoedmPC870VhtgMTjXTzO7MMcw GbEmhCf6hg7oCbjowOJ1oRHXaySbWyvIuqANiqG2EHuxtYUvrJrX2m6sjhfRhg== Received: from mercury.localnet (unknown [62.63.94.159]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: makc) by smtp.freebsd.org (Postfix) with ESMTPSA id 4Yypk25xfZzHCs; Wed, 19 Feb 2025 21:02:18 +0000 (UTC) (envelope-from makc@freebsd.org) From: Max Brazhnikov To: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-branches@freebsd.org, dev-commits-src-branches@freebsd.org Cc: Colin Percival Subject: Re: git: 4ddbb7945c63 - stable/13 - pkg-stage.sh: kde5 -> kde Date: Thu, 20 Feb 2025 00:02:16 +0300 Message-ID: <2238970.PLFibm3KWW@mercury> In-Reply-To: <202502191925.51JJPsej022269@gitrepo.freebsd.org> References: <202502191925.51JJPsej022269@gitrepo.freebsd.org> List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="utf-8" On Wed, 19 Feb 2025 19:25:54 GMT Colin Percival wrote: > The branch stable/13 has been updated by cperciva: > > URL: https://cgit.FreeBSD.org/src/commit/?id=4ddbb7945c633f2675daac78b70c3450e67d0498 > > commit 4ddbb7945c633f2675daac78b70c3450e67d0498 > Author: Colin Percival > AuthorDate: 2025-02-19 19:21:04 +0000 > Commit: Colin Percival > CommitDate: 2025-02-19 19:25:50 +0000 > > pkg-stage.sh: kde5 -> kde > > The "kde5" package no longer exists; KDE goes to 6. > > Note: Depending on the size of 13.5-BETA3 DVD images, KDE might end > up being removed from this list in the near future. I was thinking recently of making x11/kde to install Plasma desktop with minimal set of KDE Application, moving the rest of KDE distribution to a separate meta port. Meanwhile, you can use x11/kde-baseapps and x11/plasma6-plasma meta ports. with kde@ hat on, Max From nobody Wed Feb 19 21:08:11 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Yyprt120tz5ngZx; Wed, 19 Feb 2025 21:08:14 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Yyprt03W8z3K3g; Wed, 19 Feb 2025 21:08:14 +0000 (UTC) (envelope-from cperciva@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739999294; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=itKJKE99DZcC81vtFH15jn7gKFXSR1zw+/3q/FdPW70=; b=S2/+iKQ6BakjVeI3BgLSO7Pw+Xzg1h/1EuLijHmB45+fo7kc1XkdYbKz9hHPIM/5dW4ht6 TZ9ME2q+CbIVRBjlvbZ7mMKnK4QASTGO6hQcf5jMlHDBIN0ca4MtWDSuNVP28t2/OQOi1l X6KzgHk8psUu8lLGKAWUjadokwkcgMfRN5TnvPMiTthP1gnuik19DEUqHdIzlyWQV0WADL 2sGOcsKoc55iOAd6mtoL+cnh0rmDx6AQHbyQ/Z4vbLGgG+EZRFE/YPL8QHeljr6mMm4Orl i2pUMmdLmgFfhVB6nqqoWgrXCZeI1CrzOtkpi1WhdLqm42evgjVctr6Nn6Xd4Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739999294; a=rsa-sha256; cv=none; b=fDq07NQ1kykFFStRxh4FwVSavC3wh7ODdnTy5MjDRVvikCpCAw44aLSHYzmfzyApeF/JUW OiIQr3PRPXDxVm7mDVjjFEsCoUQY9UBqVgboLo7oWU04T25eMrAL3/fHQHx19bVpHF+dhW Vb4vpufLkYRsCiYTSCGb/scBs5rI+ge7z5+uPExnMg/Y53Jb/9/YB9dwGwQwi5T13HnKpu 056Teweck6pczcccCUBOtlcz+KIFm00msGe23Jc4ZXUy545r5u8ZgDpmY1IE6J96m0J7xy W0T7k1Ghe2HToak4DWBYxO6+5MKbo+ElKoPlnqiVOOz6TQ8sg4FU3uECtf1Urg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1739999294; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=itKJKE99DZcC81vtFH15jn7gKFXSR1zw+/3q/FdPW70=; b=fqlTP2wDqo899EjSIHGs/HqaFJAEY1zuqZCWBcUKb7Eh6qo6HOCnLcUe+DJCkxacY+yDPz bt1e+4lzcdzWwNbxPpSd87A9yieigyVVt56QSev0xhCaVo7InWEe5ef34kmqL0/XTUxcM3 ICQz3XuPLyZ7AGnS2y0JJUzh7OgODNzgADuEe3p3enN6wwgs2lSgEPmsZKKj8wbGCEndWT CB5ePHwgDja0w9Tn3xAwDp9bzCjneuxPIEeCovyWXJTUI69gzYu3ASOSheX+/ZwQ2zZlsY a8cRq59mGlcIiKEDnQARc4+rXkXD8GuKQd71B4Xw49S4bgWQpfr9e6wL6maYOw== Received: from [192.168.6.36] (S0106684a76304d01.vf.shawcable.net [70.69.240.84]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: cperciva/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4Yyprs2DdxzFgZ; Wed, 19 Feb 2025 21:08:13 +0000 (UTC) (envelope-from cperciva@freebsd.org) Message-ID: Date: Wed, 19 Feb 2025 13:08:11 -0800 List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: git: 4ddbb7945c63 - stable/13 - pkg-stage.sh: kde5 -> kde To: Max Brazhnikov , src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-branches@freebsd.org References: <202502191925.51JJPsej022269@gitrepo.freebsd.org> <2238970.PLFibm3KWW@mercury> Content-Language: en-US From: Colin Percival Autocrypt: addr=cperciva@freebsd.org; keydata= xsFNBGWMSrYBEACdWRqDn3B3SKO7IG0/fGHYtfs26f3Q5QeAcasy1fQLniwGQWn5rlILhbCD K/jdNoDm5Zxq20eqyffoDNObCjnHgg4tGANdi+RmDy+7CDpE789H8dss9y7Pt5DlGGAXQQnt hxush3EYS/Ctprd9UUL/lzOOLOU1aNtzB84tNrJBtcJmL7OYHfyTSNFxvedqJrrasejIQOLI t/DQ89BPzz+vsKHz7FJPXh3fsVkzLA00DJYcfkgxyABfJNA7U6yMwd4DVSdx/SsvfIDMVXnu UXCXswo106WPZbYGlZPpq0wW6iibtTerJix+8AeuwXvl9O1p8yESK4ErkIxCnmghTSz+pdzj z/6xBRkdDM9VdZ0r+CzsaNXMpDOzFuKyjaiYBdgCLljbDnXIHFcqXenrZ7Xwkm09g/M4uVSh pIUG2RYa6tsHSQoGCp3f2RZv1znfViKQFbbL83QjtPA20AhseZSYbHp1FPhXyy9J0wkGL16L e99g6gdGeIRE82BZjBjKGDkoyDPq+oDRSFl8NtzmIKy+cfz00nViqcTF4bREXEawFGhlpO0X O9q8mijI9iFB6zaPBiSdJGBL5ML5qLTNCl8Zlf4m1TBvmRTqF/lzMHVXHidDoUhpSh/y3AFZ 1KrYc27ztJQywDJPJPWPbtY8YhFLFs377gfP8WldsZjzp8nvoQARAQABzSVDb2xpbiBQZXJj aXZhbCA8Y3BlcmNpdmFARnJlZUJTRC5vcmc+wsGRBBMBCAA7FiEEglY7hNBiDtwN+4ZBOJfy 4i5lrT8FAmWMSrYCGwMICwkNCAwHCwMFFQoJCAsFFgMCAQACHgUCF4AACgkQOJfy4i5lrT++ ig/9GZKdN2fHSyrANKZX38ivd7IX2wAYouqH9DrQM94W8IciaDLmarN4Pl9mY+aucMwQUSyp uNtKOJwKqhVVaalF9Zw0sRMH4CJuvT7vKCtZ3q1Okb7soRvFte4d+vXhvPxCvBFDA5JzU7Lg DR5eqqcvF1dN1OuCq16pl0zCOSH/Jr5ToE3LM3Av1KBGcZD7ZSzHRWsFjV5AOUJKySuA3GwJ e/jASQcQ0YfCnru8ntLmYg/2SKvZFlfthZiCBnAppMt4n4BUAw3TDvf10HIDtdneejawcbLS gofLCvGqumwbZYAMKWrFzT4+7KQvr0pOw8QD7EbxnB4f9hQ7UiVF8qWsyKU3iv6b5JLhbS59 ooKRccyOvdMLcVJ0ZdpqoxrNv061ZUqLL5RiWjBlc1qjBnDxeg5oyM0rT8WLftdgvyH6RQt0 KWngumBAT5AT2DUYL8Uz1490cqfO9K4yEGZAJB9XRVX1g2IWTOjae+0g9ZII+h91UngFz+Rz aKDeseKBbCGDOFXx1TqKiHl2g255ZnUxKYTlucFtguv4gDGBgEk4G9JaEWBw1IWblcKhxH7L 2vWsUhvwghjIxHdO/RkeIeHvSp4YZxCJ7a3TaJLYAlwYopfTKVzNhcDY5h5syEuoHjyJCxXK SyoJYAVu8Yl2KUhvOtOmL1VZ6xyHnpdMRWKJZ5jOwU0EZYxKtgEQANYfgbtUMVnhjxDHhWLp g5kLHK3YW0TfJKzpXqDB7NiqxHofn4OcbZnVC3MKggcbs9o1/UtsjnlsG8550PfiYkDXvPiO RJwgbGs6MGIDK797C6cnBLQ8xwBa9SL4cl5iQFnhWmt6vwnJ+an/cm5JpYves3wL7jV09qU9 57hkHXEUcl38r4FssZzVcLKPUVTa3Un+QGRTGDGe/f4ctjMaqv0ZCM+l2ixPhf/vqESrfSLv V/+T3dmtUfXjazO3SABvsHwxgGuTTYOlKoPCaebr+BRdqm0xeIShoIlhvTI8y4clchqx/Uxg UG5X2kvU13k3DS3Q8uLE4Et9x1CcZT6WGgBZSR6R0WfD0SDnzufNnRWJ0dEPA2MtJHE7+85R Vi9j/IgZV+y5Ur+bnPkjDG1s2SVciX5v9HQ0oilcBhvx0j5lGE9hhurD9F+fCvkr4KdbCknE 6Y8ce8pCNBUoB/DqibJivOzTk9K9MGB5x0De5TerIrFiaw3/mQC9nGeO9dtE7wvDJetWeoTq 4BEaCzpufNqbkpOaTQILr4V6Gp7M6v97g83TVAwZntz/q8ptwuKQPZ2JaSFLZn7oWUpYXA5s +SIODFHLn6iMoYpBQskHQjnj4lEPJadl4qj+ZKA89iDAKsniyoFXsbJe2CPbMS1yzBxKZq6K D/jpt7BOnuHr/JrXABEBAAHCwXYEGAEIACAWIQSCVjuE0GIO3A37hkE4l/LiLmWtPwUCZYxK tgIbDAAKCRA4l/LiLmWtP3jmEACQrh9gWe8F1Tkw3m6VoHKwLc5he4tX3WpQa//soPO6iGG3 S3WPruQ46NrAaAojoOcKI9UONDO5rxG0ZTX53S+lu2EO47jbcLwOCjaEpjKpDRt9ZXBQE8Xl mtBE9Bp3W9gpjB1nE3KNM1mJYgsK0QdRpwwfh4pVgGpOj8j23I6MCK+v99zEBnpgCn2GX8W/ kctRXHqWwndHysOJtRP/zrl7dDaABF1f9efUl0LL3TD3GJ9VDz+DNOin/uK2a1hiJo8QzTRk PpfUQ2ebzDsrd1i/pOWkMSkdH+rEu4AGrXWtaBwrMyrGkL6Icb6yO+P9/z0W2wlgBf3P1YRt JPgQt/Dj3yvA/UnaV/QmuVQPjl13o24UnJGsZM8XGnNdfWBKkC1Q6VXC4QT+dyBHYH9MuE9d 6oGl8pFM1+cTfEfbM62/rRoPkF1yHMsI/903VxEvuUIKfhEZAVLFyHldooNxuchntHQP9y8J 8Ou9bWYQP7MnEn+kwSwrZkjurfPkan+xQvp6dDYnj3V0GwA5pprBMaB928VIDVOv+1PNQI3t Cvk5VPv/skq+TJRMHW7bFSt8PRa91cUf1FOLIz9APDiJOzXkwxUEHGV3zPSaUhs1JYjyBeGT wDAvtLUdjOnRhEUOwlnIrztmvyciutjJoVzKEEjj5WXnHk9L9kQ1bpAjkjTONw== In-Reply-To: <2238970.PLFibm3KWW@mercury> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 2/19/25 13:02, Max Brazhnikov wrote: > On Wed, 19 Feb 2025 19:25:54 GMT Colin Percival wrote: >> The branch stable/13 has been updated by cperciva: >> >> URL: https://cgit.FreeBSD.org/src/commit/?id=4ddbb7945c633f2675daac78b70c3450e67d0498 >> >> commit 4ddbb7945c633f2675daac78b70c3450e67d0498 >> Author: Colin Percival >> AuthorDate: 2025-02-19 19:21:04 +0000 >> Commit: Colin Percival >> CommitDate: 2025-02-19 19:25:50 +0000 >> >> pkg-stage.sh: kde5 -> kde >> >> The "kde5" package no longer exists; KDE goes to 6. >> >> Note: Depending on the size of 13.5-BETA3 DVD images, KDE might end >> up being removed from this list in the near future. > > I was thinking recently of making x11/kde to install Plasma desktop with > minimal set of KDE Application, moving the rest of KDE distribution to > a separate meta port. > Meanwhile, you can use x11/kde-baseapps and x11/plasma6-plasma meta ports. To make sure I understand: If the DVD image with x11/kde turns out to be too large, you think I should try replacing x11/kde with x11/kde-baseapps and x11/plasma6-plasma ? -- Colin Percival FreeBSD Release Engineering Lead & EC2 platform maintainer Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid From nobody Wed Feb 19 22:21:33 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YyrTX61s4z5nmT4; Wed, 19 Feb 2025 22:21:36 +0000 (UTC) (envelope-from makc@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YyrTX4LTKz3TGc; Wed, 19 Feb 2025 22:21:36 +0000 (UTC) (envelope-from makc@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740003696; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=IJ8Pi5e6mQVIhJZa0dU5xIMTZZiNA45kLKX98r52lJk=; b=kDS713ps7RxnvBNP/HWMfgrFSeFwpd5v9qwpRE62Kh4NeJfX/NfsKM3I4vqVjqV3zjJJE2 Roq2USWUOttDdhxxm6tB9PYeIIBNnN/VNq1c8wqOGFYnCD8p8U+9iR0t04j4MRtijnGD9k bthFmnfFV2c0VRxg3+uk99htgDh2n+Bawv30voIzPKTdhq2pWk8YUE6mcT6l5Q36DoQB/l m4aHLGoyPi590546D0auwqWkAsIJ3pRYqzf/oUvaHDJeNhN4CScTQl/Yb+jp5nlXP3p3QP ooxY98JRaCTbIHJURlhkxKd/o7UXfP2lMQ3ExUEj2yuZTUvTUx/hssT49Pm5Pw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740003696; a=rsa-sha256; cv=none; b=W1zTbxClUD1BuWRUBgh1WOYKx+OuscXaM2bt6jIJlJOdIS7gbF7JrSDOOJLBR4Y3S1LqaE 0rdX/z+pTub0P4b9rCgdztJGk14/uaCILNDv2Enrl0utT27seQrbLew0NUibX8FmFFZ2jq F+pqyKO4i4kbpi/fJbt2CF9fHoNyeYiYmWuiH+gUuHJucblf8J7QpVs4twt5srzCSJAtiI WLsG7/CO2uhhmoTWJSaAsYQiOGdFiB0f6g4Wz5oTpot0VnGrjoV3S4X7HDZdRiqMLOHaYV dsUrW3mFuy+Xctm4A7Log3nB11oA2IjGnW+pf3pZSeGu5mSO9KCXdkYDFpAlxQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740003696; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=IJ8Pi5e6mQVIhJZa0dU5xIMTZZiNA45kLKX98r52lJk=; b=dNlC3WRlRoWKChvMKAkYukq+gM6/83c4jwnkUkBCCXJk/jj9eV4dRNMBSUz76jbEjApi/0 OUwPgBDR4GLZ/FBxhJY5Oq4t/MvgiTyJpdKBIrAv93sQrgs9//fusdFRgFtrI2F3v2foBH rZ1gzkS3xjxmaBX1UeVvvhvL13k+myJKZepW0DuqffbAA5XWEoBHzHhNWq6adpEOWNAaQz SrfgrUgBdT06L6/2meXBGqUfCmmQnDtx6TDHquK89YCk7TCBHeySVAvUe+znJv0QhtZEot 0Qt/f935PnldTtIpd7bvnolpLIJCEK1q9oT6wwLO7+qUUTZBhYQXFkRBG9Ywtg== Received: from mercury.localnet (unknown [62.63.94.159]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: makc) by smtp.freebsd.org (Postfix) with ESMTPSA id 4YyrTW6JGPzH3x; Wed, 19 Feb 2025 22:21:35 +0000 (UTC) (envelope-from makc@freebsd.org) From: Max Brazhnikov To: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-branches@freebsd.org, Colin Percival Subject: Re: git: 4ddbb7945c63 - stable/13 - pkg-stage.sh: kde5 -> kde Date: Thu, 20 Feb 2025 01:21:33 +0300 Message-ID: <8367870.G18vQ0XA4d@mercury> In-Reply-To: References: <202502191925.51JJPsej022269@gitrepo.freebsd.org> <2238970.PLFibm3KWW@mercury> List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="utf-8" On Wed, 19 Feb 2025 13:08:11 -0800 Colin Percival wrote: > On 2/19/25 13:02, Max Brazhnikov wrote: > > On Wed, 19 Feb 2025 19:25:54 GMT Colin Percival wrote: > >> The branch stable/13 has been updated by cperciva: > >> > >> URL: https://cgit.FreeBSD.org/src/commit/?id=4ddbb7945c633f2675daac78b70c3450e67d0498 > >> > >> commit 4ddbb7945c633f2675daac78b70c3450e67d0498 > >> Author: Colin Percival > >> AuthorDate: 2025-02-19 19:21:04 +0000 > >> Commit: Colin Percival > >> CommitDate: 2025-02-19 19:25:50 +0000 > >> > >> pkg-stage.sh: kde5 -> kde > >> > >> The "kde5" package no longer exists; KDE goes to 6. > >> > >> Note: Depending on the size of 13.5-BETA3 DVD images, KDE might end > >> up being removed from this list in the near future. > > > > I was thinking recently of making x11/kde to install Plasma desktop with > > minimal set of KDE Application, moving the rest of KDE distribution to > > a separate meta port. > > Meanwhile, you can use x11/kde-baseapps and x11/plasma6-plasma meta ports. > > To make sure I understand: If the DVD image with x11/kde turns out to be > too large, you think I should try replacing x11/kde with x11/kde-baseapps > and x11/plasma6-plasma ? That's right. Moreover, I'm not sure x11/kde package is available for 13-stable, since some KDE ports are marked BROKEN on it. Max From nobody Thu Feb 20 02:31:36 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Yyy2101vYz5p4cf; Thu, 20 Feb 2025 02:31:37 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Yyy206WrXz43Ys; Thu, 20 Feb 2025 02:31:36 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740018696; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Mhsj6QbxF5gDvEeJVIxIpsDVyMbIcSA7yFrGcTGV2c0=; b=qHI6WA7jyqXnKnuTC0mdUU1kk+P02KEEFcoWmM3R7hX3MfEtjSYZup7zdfFY4QonSSfuRQ Afv3esJ+7bL83D4m/3XciGDarW8rRDnaXK0qVJundRiCes6wUKWXoBfYfCU4/nr+Y+gQWN EOpyI0G8dQGTUkv/4SfbXGnJPWX1/phoyg1jg9Farc49C8rGhIhWOwjcZh2cvugcnuVt0l xtuJ3RqEH5clQUdSbxsK+rh62QEC1Dgd9YbO6LautYDNi0dfzTYsZqbRzA9iN5YyebPf9Y VjOv8mtjyG20fggL2emNX7as8UlbT8ysQnjesagcE6ewkn7A+yCAPCIljp5WDQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740018696; a=rsa-sha256; cv=none; b=dnF0jcztBROkuOs5Dvwwj2o9LSv7D24UGspOsNC4UzfVt1U5Y7QfCA/vxHFTjaWzN+jHcb Ut6Mqa2Q8JrL/bvvFo7ZtK3UUwI5cOwAHuXUOUovbtde/xYeDXH/TbpatYEsmY1+O2xoEQ PvobApbQAE6CqBCQVRuaZ7KVm0Z/i/0/O+zu+HDbPLrby/FWGAuiNvgpXfJl6hd2W5B4hb vJDkXfbZSBkdtYy0sPuKvx6ZvNg/H8OpGq42oWiAcyJ/+42zonoq/sgfYk58tEAfGADG7+ Bpb3UQ1svTmCbN1mA7tH6VX66Mzyo5v0ZknO6RuBuUaEhxzvH+R1onnQNmeFkA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740018696; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Mhsj6QbxF5gDvEeJVIxIpsDVyMbIcSA7yFrGcTGV2c0=; b=MEnHw9fSxTIQ8hH5E1kyrG7jKaShXb6p8EMm8E0icM+gCjvA4G2NEogQZGJy2bm19yTNY+ knUsXqzF5QYRq+S2H1CHLrvibHVb0O4af3OntuT59F1d6RJo0tOwjZU2ACaXl25Qmg695/ BKNImdPTaoaAAHQBbVkHmkaxqlpvnjwCMnDHLP2/TQY7Ac4WANMgOUwLtmlLEvjrboHkaE 4n/j8U0BS2qt6alyc3YdGLoedUfhanDmNnjWTTJau8xaHExprOW3/0mh4u301/+XkXZxe7 AqvQmoU5LHYM3tUvVKcNxQSfzIHqo3HbqJMQooyVVeGilfvCTpzOu8iHdZoiUA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Yyy2062LhzYgv; Thu, 20 Feb 2025 02:31:36 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51K2VarF018447; Thu, 20 Feb 2025 02:31:36 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51K2VaQj018444; Thu, 20 Feb 2025 02:31:36 GMT (envelope-from git) Date: Thu, 20 Feb 2025 02:31:36 GMT Message-Id: <202502200231.51K2VaQj018444@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 8a02eb2c1e4f - stable/14 - libssh: Remove progressmeter List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 8a02eb2c1e4f3847fccf3eb1e7ff914871e35be4 Auto-Submitted: auto-generated The branch stable/14 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=8a02eb2c1e4f3847fccf3eb1e7ff914871e35be4 commit 8a02eb2c1e4f3847fccf3eb1e7ff914871e35be4 Author: Ed Maste AuthorDate: 2025-02-06 19:21:12 +0000 Commit: Ed Maste CommitDate: 2025-02-20 02:31:22 +0000 libssh: Remove progressmeter It is used only by scp and sftp, and already included directly in their Makefiles. It does not belong in libssh. Fixes: d8b043c8d497 ("Update for 3.6.1p1; also remove Kerberos IV shims.") Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D48871 (cherry picked from commit c0af32952564099fe30a34aeb335f95a6dc811ba) --- secure/lib/libssh/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/secure/lib/libssh/Makefile b/secure/lib/libssh/Makefile index e6738be94f65..939eddcb48b7 100644 --- a/secure/lib/libssh/Makefile +++ b/secure/lib/libssh/Makefile @@ -17,7 +17,7 @@ SRCS+= authfd.c authfile.c \ atomicio.c dispatch.c mac.c misc.c utf8.c \ monitor_fdpass.c rijndael.c ssh-dss.c ssh-ecdsa.c ssh-ecdsa-sk.c \ ssh-ed25519-sk.c ssh-rsa.c dh.c \ - msg.c progressmeter.c dns.c entropy.c umac.c umac128.c \ + msg.c dns.c entropy.c umac.c umac128.c \ ssh-pkcs11.c smult_curve25519_ref.c \ poly1305.c chacha.c cipher-chachapoly.c cipher-chachapoly-libcrypto.c \ ssh-ed25519.c digest-openssl.c digest-libc.c \ From nobody Thu Feb 20 02:35:02 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Yyy5y2HSvz5p525; Thu, 20 Feb 2025 02:35:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Yyy5y1Zv2z43hm; Thu, 20 Feb 2025 02:35:02 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740018902; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=NOl6qhA5krrmTYzyKC93Xvn8eLPVnsHffYOdC/rZvvw=; b=tgkMs6cT5Vall3YNjWLxaO2PE6qT9DZMVqiuf5BEEMtyeDgvg5VblWPqmPq4z++AhDsaI8 OY1EaElpVp1xpj0XrRa1GXA5ZPMZZyjNMmlSx8qMq/q/UEzYOSZ3LfZP0K1slEOlmASWi3 tsfTLi3fl6xHy8/+bTGSWSCJxuFxmZNbNzZwlck2pldMyxIxnxzHoF0Z2iF+HK1OAZFcl7 BM7KAHRjqBVYauSZKZmU6H17/yLe/CF2S5f0709HlYH+6QEBsACPB9kWcPq3qe0NSsHKmq TpR/3zxLzejTYZV5cmv+f2UASqS/klbAdcK4Xn4kS9Uf91psfwx+6Pl7JWeRFA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740018902; a=rsa-sha256; cv=none; b=EVwOkohD7yUIjS29PCoeh/e1qwCbXuQntXsDZefRHENX1DjxCUs6wJH5vAwSoIUgfxhcfe /+GAQphhodjRhMthcwRbZerHhzblNr/IjfB1D1KX0t6/FJssZ8BZ8n5SPZvuIVeCBdY4gG rPhsg/eKqzSNHCAc2Xq1YsaHuF3F7Q5s3B8hh20Nx7MM1bgyXJhKGmlypWw9pB09Izs+NC nDQxa8Y2IWGkS8hQcSx2ehWzuBvzRUTW6KzGEaXDskjkLQofqDOHfs2pcA60BPVk2aSViL TUVcaq+2icZl5iK+MdIYHed7ZYAMyOzMG5+GJct7MQZXLCr+UAEQhWOczjzHxA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740018902; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=NOl6qhA5krrmTYzyKC93Xvn8eLPVnsHffYOdC/rZvvw=; b=fuy6mD34kgWaSZIEgYhT5aQavxaqderD40MiseRvkQpBuzB/Qo45xa9C74S1ARkjBD2SyB v5QpfKYr95Rgag6MEwAtj6/PbIppAPotPVgnNUPqLAV+cq7qf/+PEKbTrUWEMqC2N7HRtA 2gF8Ex50+18qS4Iqo65p8qP3qQ2JbQYTb9YfvNCroz1GO9y75lZ4/Jdc9E+kbtSShU2rof 6PoVm/rwVNgM3s+SrJpIJeh/uwGrt8XjUBV655UhiUS4TydIFiMTI1G9L0FSxxKM3jo5t3 GsvRXeeacZ4noYIcBX+WDc63hi5q92fX7w87TLpUqanad3q7UgfiQGpTmv0vRg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Yyy5y15DDzYpW; Thu, 20 Feb 2025 02:35:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51K2Z2nW025765; Thu, 20 Feb 2025 02:35:02 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51K2Z2Fb025762; Thu, 20 Feb 2025 02:35:02 GMT (envelope-from git) Date: Thu, 20 Feb 2025 02:35:02 GMT Message-Id: <202502200235.51K2Z2Fb025762@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 9197c04a251b - stable/14 - Deprecate publickey(5) stuff List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 9197c04a251bc531ee5fca8e11cf7b64237a42f3 Auto-Submitted: auto-generated The branch stable/14 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=9197c04a251bc531ee5fca8e11cf7b64237a42f3 commit 9197c04a251bc531ee5fca8e11cf7b64237a42f3 Author: Emmanuel Vadot AuthorDate: 2025-01-22 16:56:58 +0000 Commit: Ed Maste CommitDate: 2025-02-20 02:34:42 +0000 Deprecate publickey(5) stuff This uses DES and it's likely that nobody uses that in 2025. If somebody uses this we help them by deprecating and removing this. Reviewed by: bapt, emaste Differential Revision: https://reviews.freebsd.org/D30682 (cherry picked from commit 723425f837270dd3b22098168ae9464a1ebe38c6) --- usr.bin/chkey/chkey.1 | 5 +++++ usr.bin/chkey/chkey.c | 1 + usr.bin/keylogin/keylogin.1 | 5 +++++ usr.bin/keylogin/keylogin.c | 1 + usr.bin/keylogout/keylogout.1 | 5 +++++ usr.bin/keylogout/keylogout.c | 1 + usr.bin/newkey/newkey.8 | 5 +++++ usr.bin/newkey/newkey.c | 1 + usr.sbin/keyserv/keyserv.8 | 5 +++++ usr.sbin/keyserv/keyserv.c | 1 + 10 files changed, 30 insertions(+) diff --git a/usr.bin/chkey/chkey.1 b/usr.bin/chkey/chkey.1 index 508227ba9601..e754d676e5d1 100644 --- a/usr.bin/chkey/chkey.1 +++ b/usr.bin/chkey/chkey.1 @@ -26,3 +26,8 @@ database. .Xr publickey 5 , .Xr keyserv 8 , .Xr newkey 8 +.Sh HISTORY +The +.Nm +utility was removed from +.Fx 15.0 . diff --git a/usr.bin/chkey/chkey.c b/usr.bin/chkey/chkey.c index afacae4d0f75..922a16b5b227 100644 --- a/usr.bin/chkey/chkey.c +++ b/usr.bin/chkey/chkey.c @@ -96,6 +96,7 @@ main(int argc, char **argv) char *cryptpw; #endif + fprintf(stderr, "chkey is deprecated and removed from FreeBSD 15.\n"); while ((ch = getopt(argc, argv, "f")) != -1) switch(ch) { case 'f': diff --git a/usr.bin/keylogin/keylogin.1 b/usr.bin/keylogin/keylogin.1 index 32a3e8e1b5b4..69b59cb68c5e 100644 --- a/usr.bin/keylogin/keylogin.1 +++ b/usr.bin/keylogin/keylogin.1 @@ -31,3 +31,8 @@ to be used by any secure network services, such as NFS. .Xr publickey 5 , .Xr keyserv 8 , .Xr newkey 8 +.Sh HISTORY +The +.Nm +utility was removed from +.Fx 15.0 . diff --git a/usr.bin/keylogin/keylogin.c b/usr.bin/keylogin/keylogin.c index 021935163a1d..c8a4206df3b3 100644 --- a/usr.bin/keylogin/keylogin.c +++ b/usr.bin/keylogin/keylogin.c @@ -54,6 +54,7 @@ main(void) char fullname[MAXNETNAMELEN + 1]; struct key_netstarg netst; + fprintf(stderr, "keylogin is deprecated and removed from FreeBSD 15.\n"); if (!getnetname(fullname)) { fprintf(stderr, "netname lookup failed -- make sure the "); fprintf(stderr, "system domain name is set.\n"); diff --git a/usr.bin/keylogout/keylogout.1 b/usr.bin/keylogout/keylogout.1 index 1480a83aece5..b2d0071416ef 100644 --- a/usr.bin/keylogout/keylogout.1 +++ b/usr.bin/keylogout/keylogout.1 @@ -43,3 +43,8 @@ This will break secure NFS if it is done on a server. .Xr publickey 5 , .Xr keyserv 8 , .Xr newkey 8 +.Sh HISTORY +The +.Nm +utility was removed from +.Fx 15.0 . diff --git a/usr.bin/keylogout/keylogout.c b/usr.bin/keylogout/keylogout.c index 03eeee0f6417..faad41462340 100644 --- a/usr.bin/keylogout/keylogout.c +++ b/usr.bin/keylogout/keylogout.c @@ -47,6 +47,7 @@ main(int argc, char **argv) { static char secret[HEXKEYBYTES + 1]; + fprintf(stderr, "keylogin is deprecated and removed from FreeBSD 15.\n"); if (geteuid() == 0) { if ((argc != 2 ) || (strcmp(argv[1], "-f") != 0)) { fprintf(stderr, diff --git a/usr.bin/newkey/newkey.8 b/usr.bin/newkey/newkey.8 index 51dca6688bd0..294198c50972 100644 --- a/usr.bin/newkey/newkey.8 +++ b/usr.bin/newkey/newkey.8 @@ -53,6 +53,11 @@ password of the given username. .Xr keylogin 1 , .Xr publickey 5 , .Xr keyserv 8 +.Sh HISTORY +The +.Nm +utility was removed from +.Fx 15.0 . .Sh NOTES The Network Information Service .Pq NIS diff --git a/usr.bin/newkey/newkey.c b/usr.bin/newkey/newkey.c index 6efe64993ec5..6998ddf34658 100644 --- a/usr.bin/newkey/newkey.c +++ b/usr.bin/newkey/newkey.c @@ -105,6 +105,7 @@ main(int argc, char *argv[]) struct hostent *h; #endif + fprintf(stderr, "newkey is deprecated and removed from FreeBSD 15.\n"); if (argc != 3 || !(strcmp(argv[1], "-u") == 0 || strcmp(argv[1], "-h") == 0)) { usage(); diff --git a/usr.sbin/keyserv/keyserv.8 b/usr.sbin/keyserv/keyserv.8 index 17007c7d8f40..578f548cbe73 100644 --- a/usr.sbin/keyserv/keyserv.8 +++ b/usr.sbin/keyserv/keyserv.8 @@ -81,3 +81,8 @@ Display status of DES support (enabled/disabled). .Xr keylogin 1 , .Xr keylogout 1 , .Xr publickey 5 +.Sh HISTORY +The +.Nm +utility was removed from +.Fx 15.0 . diff --git a/usr.sbin/keyserv/keyserv.c b/usr.sbin/keyserv/keyserv.c index bc219e886020..4fe719029d01 100644 --- a/usr.sbin/keyserv/keyserv.c +++ b/usr.sbin/keyserv/keyserv.c @@ -114,6 +114,7 @@ main(int argc, char *argv[]) register SVCXPRT *transp; struct netconfig *nconf = NULL; + fprintf(stderr, "keyserv is deprecated and removed from FreeBSD 15.\n"); __key_encryptsession_pk_LOCAL = &key_encrypt_pk_2_svc_prog; __key_decryptsession_pk_LOCAL = &key_decrypt_pk_2_svc_prog; __key_gendes_LOCAL = &key_gen_1_svc_prog; From nobody Thu Feb 20 02:49:38 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YyyQq0fNXz5p5Ff; Thu, 20 Feb 2025 02:49:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YyyQp6swHz45YC; Thu, 20 Feb 2025 02:49:38 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740019779; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=LNdF30+apqnshIXnbOuWcuThHLRLCeg3Pb2rUG6+NXU=; b=hiavJJFYl4U1IirKfZlJx+TjwkqewHpyo/stbPxVVLbdGfnJNUpP+mzXOL+nqXvGX8S3or dftOsO8tL0t67vQtXd7F+YJcfab/JEzpuzEBpNhRjNyMFck4VkhdKePdA+5rUXIytAvZKe IaY5ayiJBq2S9VJ+2t/PVqzvNnjGVdz+HumZxG47vbOBaxyBnvrofvMrLzTV9OmWyHhhib 3yQi3rgj4AbZto00jgDYvrcKnIZN3+3WZ+bVKVa5O7rbCnoYDqZ5+VrY5/duLi0Y3aB+gn 2ETUw1RsCRsowX5NAo1uSwVCYm8f+mwmdPiOJw1MDqJdX0RjMZWmRNA1rweIXw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740019779; a=rsa-sha256; cv=none; b=fwjqGDYcMPllXWGSyI63glBvXzE4WQVIji+3dEBDvoiAWExUXXgcIYWrUKF2cvsrpGNTud 6pkWTtQC34hoIxUPKpBKjSsbpxNuxdEzQVqL8e1RUP4qx7NuYwmE8URQUSWBZcEDp9rcuY zOM87wLAt610kQK0VHg42L0ighjQG8AgtJQ4gsv00xiBfUEmXo8k7eLf1ec6N7IJh0PkPO XtyqVW5pHSVIgRZqxHDdmE+BpEH2g5Lk5OjLX4dWzXe0bysD4ep7lGQKC34VAmaAD7xx7q Eu0ld6rMnBsKPcK4fQiIdpHM4ahvP25tT2N4vaYuhTLRJ0JUuzwib88vzshxbA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740019779; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=LNdF30+apqnshIXnbOuWcuThHLRLCeg3Pb2rUG6+NXU=; b=iEaA6vPOWUGpW2+90ySRmuhWrFxQHIOGt0ubrGweqNjqLYHwC4wQMb6Wkq5ejs8aVRVwp6 3TlrQ69m8UytMpmTD7qp+8R7SW6H/OV5elDbSpD9EowcZwVOPLgVMtR7EcqUG4/5WM4zZa SNy6rSHZmimX0mRLsvoiYSAuEvue9phY/wej+2cBT6k4Mrf8KkZ7xmok498vKDF4+ElC39 nsgPhuhMhjOuPo4N46fSf3Kd6V3aows1tajy7OwLzputfPiBfUiOKvvycMGZoKyjjKs9TY vi69QtjjyZXBfX/kE63pslMiQtDpR9/dMJoN9il3DUfGOPN3Gkr7xShW0eWrGw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YyyQp6LmdzYsv; Thu, 20 Feb 2025 02:49:38 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51K2ncqr045434; Thu, 20 Feb 2025 02:49:38 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51K2ncMD045431; Thu, 20 Feb 2025 02:49:38 GMT (envelope-from git) Date: Thu, 20 Feb 2025 02:49:38 GMT Message-Id: <202502200249.51K2ncMD045431@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: fb4102bc52a6 - stable/13 - vtfontcvt: Improve error message for unsupported DWIDTH List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: fb4102bc52a69e6736d69818460c01c253bd8753 Auto-Submitted: auto-generated The branch stable/13 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=fb4102bc52a69e6736d69818460c01c253bd8753 commit fb4102bc52a69e6736d69818460c01c253bd8753 Author: Ed Maste AuthorDate: 2025-01-20 20:04:20 +0000 Commit: Ed Maste CommitDate: 2025-02-20 02:49:24 +0000 vtfontcvt: Improve error message for unsupported DWIDTH vtfontcvt requires that all glyphs are 1x or 2x a common width, reporting for example "bitmap with unsupported DWIDTH 27 0 on line xxx" if the font is expected to be 32 pixels wide. Add the expected / permitted values to the error message to make the issue more clear - for the same example, "bitmap with unsupported DWIDTH 27 0 (not 32 or 64)". Reviewed by: ziaee Sponsored by: The FreeBSD Foundation (cherry picked from commit 3433daae0d20d55503084c4d17b8a3e685657ad2) (cherry picked from commit 036ce9b76e0ac5bb3a611a4b259a39e3158c25d4) --- usr.bin/vtfontcvt/vtfontcvt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr.bin/vtfontcvt/vtfontcvt.c b/usr.bin/vtfontcvt/vtfontcvt.c index d68516dda360..508e298257a4 100644 --- a/usr.bin/vtfontcvt/vtfontcvt.c +++ b/usr.bin/vtfontcvt/vtfontcvt.c @@ -451,8 +451,8 @@ parse_bdf(FILE *fp, unsigned int map_idx) if (sscanf(ln + 7, "%d %d", &dwidth, &dwy) != 2) errx(1, "invalid DWIDTH at line %u", linenum); if (dwy != 0 || (dwidth != fbbw && dwidth * 2 != fbbw)) - errx(1, "bitmap with unsupported DWIDTH %d %d at line %u", - dwidth, dwy, linenum); + errx(1, "bitmap with unsupported DWIDTH %d %d (not %d or %d) at line %u", + dwidth, dwy, fbbw, 2 * fbbw, linenum); if (dwidth < fbbw) set_width(dwidth); } From nobody Thu Feb 20 13:01:48 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzD191wBtz5nrpY; Thu, 20 Feb 2025 13:01:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzD183W4qz40qv; Thu, 20 Feb 2025 13:01:48 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740056508; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=PJXXZpbVRlLVzmVuJ4qvFc4Wk8Lk7ZfL90QtIcOvgcU=; b=Rril6R/REg71OzFlY6KMFqNuiXwcJhwO/JidaSqrF22uynNopObt9ugjCtu+wyXWGUed8f HklI80nchbSuTJfya2ajvQE2OdJwB8FFQ1rkOFepUfvFbYapvul0rf/6AMAQibyelrA+YI ZQC1eFaBky5VJxwsf+W4qWyR1bq3B46VnuSIlkLLkwATpWqqufnJ9hhmWdtFkz+u5GehnO n9O+JKD9W4sMVVA8J9Zqlgnw3h3sz/U/G50+X6dDQKD/U77eAWfhjPW2qilk5OLgUAmoT3 kSD0X885+PNMAFFWYggbF1DL00qoseqz9KNhzCUjUNZdlI9obkGqPMK4pAjSOA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740056508; a=rsa-sha256; cv=none; b=OXD5byjCwZJ1qDRfPxHKM7haBA8WaUXhJ1ZoJZxHPZ5cfB5f8MWyjfxMCcfHJQWyTbRY1M p3mwzsPwWPciPnWCMSrERPhh+AppDr390D2zHE3TMNJqeDe/ArD75xlFfrraHGtyDDIlDR 6rg4QH6Im+AfJwLncU3khzV7A3OTx2bTYSllawb8rA+qDycLzbOuqdz2S/fs/Oo4ZSOr9w dMMhyvZGq1yRM8AWbf+s67EquVVTcR3OJGedL1HgFlTT7P8AG89Hh65/cPc6G+8T+oD9w4 55qYoK7Q7qIUiI9vldRp9KtOq7YHtHBrM7xfGqUdZkp9Obcnrr1SPfqAA+tF0Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740056508; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=PJXXZpbVRlLVzmVuJ4qvFc4Wk8Lk7ZfL90QtIcOvgcU=; b=CngZUreszh0rWM4quSG8xsSw2NaUbfYReLfdm3auk7xesc3CMdAzYDMOndSWO1OmhsGyTo ZkrU8fqjLZSn367Wvr00+xEk3FAML/PyStzIpG29BEr1VUxvgb2K+doyAKFilmLSf2Zsi7 rZWyP3oIRgqY7itz6r9zcVvxxi+aX3kIoXzRNfMs4pv27bcLqfPrL9GYWvOndQDepxTbyn SeKAhTppFtqudKI7aa01x+PNhN7Pt4tOwilYg0kTCPvwdhZhcB+GokASkAYJyhlZ0vgeE0 hm6XUyWp/KB8M/DmHOxzIaQTTiTPCOAl/S7wB6Y5CtMDkiwEec+jRHEBs9SVvQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzD182qzqzsXv; Thu, 20 Feb 2025 13:01:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51KD1mTE020646; Thu, 20 Feb 2025 13:01:48 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51KD1m61020643; Thu, 20 Feb 2025 13:01:48 GMT (envelope-from git) Date: Thu, 20 Feb 2025 13:01:48 GMT Message-Id: <202502201301.51KD1m61020643@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 2c97e333166d - stable/14 - ssh_config.5: Remove redundant CheckHostIP default text List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 2c97e333166d4f6f6b84da60b96a82982bb19649 Auto-Submitted: auto-generated The branch stable/14 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=2c97e333166d4f6f6b84da60b96a82982bb19649 commit 2c97e333166d4f6f6b84da60b96a82982bb19649 Author: Ed Maste AuthorDate: 2025-01-24 21:15:22 +0000 Commit: Ed Maste CommitDate: 2025-02-20 13:01:24 +0000 ssh_config.5: Remove redundant CheckHostIP default text In 2000 (commit a95c1225217b) we changed the CheckHostIP default to "no". We added text to ssh_config(5) documenting FreeBSD's default. In 2021 OpenSSH made the same change, released with OpenSSH 8.5p1. When we imported the update the added text remained, resulting in: If the option is set to no (the default), the check will not be executed. The default is no. Remove the now-redundant text. Fixes: 206be79acbde ("Vendor import of OpenSSH 8.5p1") Sponsored by: The FreeBSD Foundation (cherry picked from commit 06016adaccca1958cdde4edf845f5b972be7ffc0) --- crypto/openssh/ssh_config.5 | 2 -- 1 file changed, 2 deletions(-) diff --git a/crypto/openssh/ssh_config.5 b/crypto/openssh/ssh_config.5 index 60b9b279d0b3..134587d3b85b 100644 --- a/crypto/openssh/ssh_config.5 +++ b/crypto/openssh/ssh_config.5 @@ -548,8 +548,6 @@ If the option is set to .Cm no (the default), the check will not be executed. -The default is -.Cm no . .It Cm Ciphers Specifies the ciphers allowed and their order of preference. Multiple ciphers must be comma-separated. From nobody Thu Feb 20 13:07:44 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzD8075Y9z5nsG9; Thu, 20 Feb 2025 13:07:44 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzD806Rv6z42wZ; Thu, 20 Feb 2025 13:07:44 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740056864; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=AJRu/vuTjs+UhZ7gvOJr4MITBGp2HlW5+AAwZ7dtL7w=; b=pgO39FEZmYHLocciSibhGRdBVkA8B2I0i45G/SbdNqsCfBmDee6aCbsO2KyYPrb3G+Uv3l vPgUFbx0Cqks5OyI7FjvqmBXMKKIh47k9EF8O3OGG0+JItF5mpiLgMHbT2i5d642t2aC8u /jFbfOl1bVGt7S0KCFdZlriM7aBTriZ8xoQlHsI43ebIMLL/f0VVqyhLinuWW5XoyTCkDU cTyfZWlEJrzg9Ghr5TCVlW4IWb9LHRTlvuXxrmX0LfrN6tg7ZQmBFBBP5FSMHbeXrIYd+t yc3MnKtH+poCZCI7MfSEB7WMWQV/RLB1g4OsHjFz7ue2EuS3zTWYB7uiVov6HA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740056864; a=rsa-sha256; cv=none; b=Z/gMUUWF8y0kbjKmGL+RN8ldoXdZNYSKczOceSCXwbar2RrzfKB8522THCRT1AsCTjPiL9 7h8JSprmL50AE6YhfcDQUeRgCogcli8QqILPt+1VReefMCBBnhWpcjIkfUsW35/iYylU0J q8Nr1+GoI5PdpID0GAKCt6Bey68nU4KZFDyN4qNqHShh7n+E9bjQhhNHBQA1irDeyMt+hp PhHP4EQMod9zt1ZySdPD3lHtt/7a0ugruNXqXwz+vPktjGeG0oGkGVHK1es09amm83r8ZI nmXTV3PkoFuuyZRsiIpYhiaeOtfX2Gi+QEqQhAdN1qEDr04tzIuR7/Nlecgglw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740056864; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=AJRu/vuTjs+UhZ7gvOJr4MITBGp2HlW5+AAwZ7dtL7w=; b=aNxYS77zjpYa5TYaXvtGczwnEqU74kla4+0jwC1KjB4it+NstNVXgehkArPWz0mna46jEz IcRB2TBzvV4JmfF1yJnPtTM3+zHT3W2NADA9nxXD1NOgXiBabWHJ9onIQtC+jHLwC0Zg0P EykzLMuQfDoAqqxuggfdBsLduvXFZddlaLq3wQnefU52Hl1Wra5IKJDQaWie6V7Ipo1FCC WLbTdLRR3X8RV39bTMpoIqhEmjIyi0lv/9bT7xWa9E7z1CadZcC7JjYgFrKW5ru9krmVeo CIv9F7U+EOjljMS8YCzATG+ppWg37NEr3+yHPOE2wvT8ItHpuMM778JJuNbYTQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzD80634gztC5; Thu, 20 Feb 2025 13:07:44 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51KD7ilq025134; Thu, 20 Feb 2025 13:07:44 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51KD7iKN025131; Thu, 20 Feb 2025 13:07:44 GMT (envelope-from git) Date: Thu, 20 Feb 2025 13:07:44 GMT Message-Id: <202502201307.51KD7iKN025131@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: eed04cc1699b - stable/14 - certctl: Clean up. List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: eed04cc1699bf64983bed895280ee5dfb67637d0 Auto-Submitted: auto-generated The branch stable/14 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=eed04cc1699bf64983bed895280ee5dfb67637d0 commit eed04cc1699bf64983bed895280ee5dfb67637d0 Author: Dag-Erling Smørgrav AuthorDate: 2023-10-05 14:49:53 +0000 Commit: Ed Maste CommitDate: 2025-02-20 13:07:17 +0000 certctl: Clean up. MFC after: 3 days Reviewed by: allanjude Differential Revision: https://reviews.freebsd.org/D42086 (cherry picked from commit 1525625c7c945856d4814987fd65784fd62cba74) --- usr.sbin/certctl/certctl.sh | 173 +++++++++++++++++++++++++------------------- 1 file changed, 99 insertions(+), 74 deletions(-) diff --git a/usr.sbin/certctl/certctl.sh b/usr.sbin/certctl/certctl.sh index c216734a6e9a..02d055102c33 100755 --- a/usr.sbin/certctl/certctl.sh +++ b/usr.sbin/certctl/certctl.sh @@ -26,32 +26,53 @@ # POSSIBILITY OF SUCH DAMAGE. # +set -u + ############################################################ CONFIGURATION : ${DESTDIR:=} : ${DISTBASE:=} : ${FILEPAT:="\.pem$|\.crt$|\.cer$|\.crl$"} -: ${VERBOSE:=0} ############################################################ GLOBALS SCRIPTNAME="${0##*/}" ERRORS=0 -NOOP=0 -UNPRIV=0 +NOOP=false +UNPRIV=false +VERBOSE=false ############################################################ FUNCTIONS +info() +{ + echo "${0##*/}: $@" >&2 +} + +verbose() +{ + if "${VERBOSE}" ; then + info "$@" + fi +} + +perform() +{ + if ! "${NOOP}" ; then + "$@" + fi +} + do_hash() { local hash - if hash=$( openssl x509 -noout -subject_hash -in "$1" ); then + if hash=$(openssl x509 -noout -subject_hash -in "$1") ; then echo "$hash" return 0 else - echo "Error: $1" >&2 - ERRORS=$(( $ERRORS + 1 )) + info "Error: $1" + ERRORS=$((ERRORS + 1)) return 1 fi } @@ -64,7 +85,7 @@ get_decimal() hash=$2 decimal=0 - while [ -e "$checkdir/$hash.$decimal" ]; do + while [ -e "$checkdir/$hash.$decimal" ] ; do decimal=$((decimal + 1)) done @@ -74,22 +95,21 @@ get_decimal() create_trusted_link() { - local blisthash certhash hash + local hash certhash otherfile otherhash local suffix - hash=$( do_hash "$1" ) || return - certhash=$( openssl x509 -sha1 -in "$1" -noout -fingerprint ) - for blistfile in $(find $UNTRUSTDESTDIR -name "$hash.*"); do - blisthash=$( openssl x509 -sha1 -in "$blistfile" -noout -fingerprint ) - if [ "$certhash" = "$blisthash" ]; then - echo "Skipping untrusted certificate $1 ($blistfile)" + hash=$(do_hash "$1") || return + certhash=$(openssl x509 -sha1 -in "$1" -noout -fingerprint) + for otherfile in $(find $UNTRUSTDESTDIR -name "$hash.*") ; do + otherhash=$(openssl x509 -sha1 -in "$otherfile" -noout -fingerprint) + if [ "$certhash" = "$otherhash" ] ; then + info "Skipping untrusted certificate $1 ($otherfile)" return 1 fi done suffix=$(get_decimal "$CERTDESTDIR" "$hash") - [ $VERBOSE -gt 0 ] && echo "Adding $hash.$suffix to trust store" - [ $NOOP -eq 0 ] && \ - install ${INSTALLFLAGS} -lrs $(realpath "$1") "$CERTDESTDIR/$hash.$suffix" + verbose "Adding $hash.$suffix to trust store" + perform install ${INSTALLFLAGS} -lrs "$(realpath "$1")" "$CERTDESTDIR/$hash.$suffix" } # Accepts either dot-hash form from `certctl list` or a path to a valid cert. @@ -99,13 +119,13 @@ resolve_certname() local suffix # If it exists as a file, we'll try that; otherwise, we'll scan - if [ -e "$1" ]; then - hash=$( do_hash "$1" ) || return + if [ -e "$1" ] ; then + hash=$(do_hash "$1") || return srcfile=$(realpath "$1") suffix=$(get_decimal "$UNTRUSTDESTDIR" "$hash") filename="$hash.$suffix" echo "$srcfile" "$hash.$suffix" - elif [ -e "${CERTDESTDIR}/$1" ]; then + elif [ -e "${CERTDESTDIR}/$1" ] ; then srcfile=$(realpath "${CERTDESTDIR}/$1") hash=$(echo "$1" | sed -Ee 's/\.([0-9])+$//') suffix=$(get_decimal "$UNTRUSTDESTDIR" "$hash") @@ -122,12 +142,12 @@ create_untrusted() srcfile=$1 filename=$2 - if [ -z "$srcfile" -o -z "$filename" ]; then + if [ -z "$srcfile" -o -z "$filename" ] ; then return fi - [ $VERBOSE -gt 0 ] && echo "Adding $filename to untrusted list" - [ $NOOP -eq 0 ] && install ${INSTALLFLAGS} -lrs "$srcfile" "$UNTRUSTDESTDIR/$filename" + verbose "Adding $filename to untrusted list" + perform install ${INSTALLFLAGS} -lrs "$srcfile" "$UNTRUSTDESTDIR/$filename" } do_scan() @@ -142,10 +162,10 @@ do_scan() IFS="$oldIFS" for CPATH in "$@"; do [ -d "$CPATH" ] || continue - echo "Scanning $CPATH for certificates..." - for CFILE in $(ls -1 "${CPATH}" | grep -Ee "${FILEPAT}"); do + info "Scanning $CPATH for certificates..." + for CFILE in $(ls -1 "${CPATH}" | grep -Ee "${FILEPAT}") ; do [ -e "$CPATH/$CFILE" ] || continue - [ $VERBOSE -gt 0 ] && echo "Reading $CFILE" + verbose "Reading $CFILE" "$CFUNC" "$CPATH/$CFILE" done done @@ -155,21 +175,21 @@ do_list() { local CFILE subject - if [ -e "$1" ]; then + if [ -e "$1" ] ; then cd "$1" - for CFILE in *.[0-9]; do - if [ ! -s "$CFILE" ]; then - echo "Unable to read $CFILE" >&2 - ERRORS=$(( $ERRORS + 1 )) + for CFILE in *.[0-9] ; do + if [ ! -s "$CFILE" ] ; then + info "Unable to read $CFILE" + ERRORS=$((ERRORS + 1)) continue fi subject= - if [ $VERBOSE -eq 0 ]; then - subject=$( openssl x509 -noout -subject -nameopt multiline -in "$CFILE" | - sed -n '/commonName/s/.*= //p' ) + if [ $VERBOSE -eq 0 ] ; then + subject=$(openssl x509 -noout -subject -nameopt multiline -in "$CFILE" | + sed -n '/commonName/s/.*= //p') fi [ "$subject" ] || - subject=$( openssl x509 -noout -subject -in "$CFILE" ) + subject=$(openssl x509 -noout -subject -in "$CFILE") printf "%s\t%s\n" "$CFILE" "$subject" done cd - @@ -179,17 +199,15 @@ do_list() cmd_rehash() { - if [ $NOOP -eq 0 ]; then - if [ -e "$CERTDESTDIR" ]; then - find "$CERTDESTDIR" -type link -delete - else - mkdir -p "$CERTDESTDIR" - fi - if [ -e "$UNTRUSTDESTDIR" ]; then - find "$UNTRUSTDESTDIR" -type link -delete - else - mkdir -p "$UNTRUSTDESTDIR" - fi + if [ -e "$CERTDESTDIR" ] ; then + perform find "$CERTDESTDIR" -type link -delete + else + perform install -d -m 0755 "$CERTDESTDIR" + fi + if [ -e "$UNTRUSTDESTDIR" ] ; then + perform find "$UNTRUSTDESTDIR" -type link -delete + else + perform install -d -m 0755 "$UNTRUSTDESTDIR" fi do_scan create_untrusted "$UNTRUSTPATH" @@ -198,51 +216,51 @@ cmd_rehash() cmd_list() { - echo "Listing Trusted Certificates:" + info "Listing Trusted Certificates:" do_list "$CERTDESTDIR" } cmd_untrust() { - local BPATH + local UTFILE shift # verb - [ $NOOP -eq 0 ] && mkdir -p "$UNTRUSTDESTDIR" - for BFILE in "$@"; do - echo "Adding $BFILE to untrusted list" - create_untrusted "$BFILE" + perform install -d -m 0755 "$UNTRUSTDESTDIR" + for UTFILE in "$@"; do + info "Adding $UTFILE to untrusted list" + create_untrusted "$UTFILE" done } cmd_trust() { - local BFILE blisthash certhash hash + local UTFILE untrustedhash certhash hash shift # verb - for BFILE in "$@"; do - if [ -s "$BFILE" ]; then - hash=$( do_hash "$BFILE" ) - certhash=$( openssl x509 -sha1 -in "$BFILE" -noout -fingerprint ) - for BLISTEDFILE in $(find $UNTRUSTDESTDIR -name "$hash.*"); do - blisthash=$( openssl x509 -sha1 -in "$BLISTEDFILE" -noout -fingerprint ) - if [ "$certhash" = "$blisthash" ]; then - echo "Removing $(basename "$BLISTEDFILE") from untrusted list" - [ $NOOP -eq 0 ] && rm -f $BLISTEDFILE + for UTFILE in "$@"; do + if [ -s "$UTFILE" ] ; then + hash=$(do_hash "$UTFILE") + certhash=$(openssl x509 -sha1 -in "$UTFILE" -noout -fingerprint) + for UNTRUSTEDFILE in $(find $UNTRUSTDESTDIR -name "$hash.*") ; do + untrustedhash=$(openssl x509 -sha1 -in "$UNTRUSTEDFILE" -noout -fingerprint) + if [ "$certhash" = "$untrustedhash" ] ; then + info "Removing $(basename "$UNTRUSTEDFILE") from untrusted list" + perform rm -f $UNTRUSTEDFILE fi done - elif [ -e "$UNTRUSTDESTDIR/$BFILE" ]; then - echo "Removing $BFILE from untrusted list" - [ $NOOP -eq 0 ] && rm -f "$UNTRUSTDESTDIR/$BFILE" + elif [ -e "$UNTRUSTDESTDIR/$UTFILE" ] ; then + info "Removing $UTFILE from untrusted list" + perform rm -f "$UNTRUSTDESTDIR/$UTFILE" else - echo "Cannot find $BFILE" >&2 - ERRORS=$(( $ERRORS + 1 )) + info "Cannot find $UTFILE" + ERRORS=$((ERRORS + 1)) fi done } cmd_untrusted() { - echo "Listing Untrusted Certificates:" + info "Listing Untrusted Certificates:" do_list "$UNTRUSTDESTDIR" } @@ -270,18 +288,23 @@ while getopts D:d:M:nUv flag; do D) DESTDIR=${OPTARG} ;; d) DISTBASE=${OPTARG} ;; M) METALOG=${OPTARG} ;; - n) NOOP=1 ;; - U) UNPRIV=1 ;; - v) VERBOSE=$(( $VERBOSE + 1 )) ;; + n) NOOP=true ;; + U) UNPRIV=true ;; + v) VERBOSE=true ;; esac done -shift $(( $OPTIND - 1 )) +shift $((OPTIND - 1)) DESTDIR=${DESTDIR%/} +if ! [ -z "${CERTCTL_VERBOSE:-}" ] ; then + VERBOSE=true +fi : ${METALOG:=${DESTDIR}/METALOG} INSTALLFLAGS= -[ $UNPRIV -eq 1 ] && INSTALLFLAGS="-U -M ${METALOG} -D ${DESTDIR}" +if "$UNPRIV" ; then + INSTALLFLAGS="-U -M ${METALOG} -D ${DESTDIR}" +fi : ${LOCALBASE:=$(sysctl -n user.localbase)} : ${TRUSTPATH:=${DESTDIR}${DISTBASE}/usr/share/certs/trusted:${DESTDIR}${LOCALBASE}/share/certs:${DESTDIR}${LOCALBASE}/etc/ssl/certs} : ${UNTRUSTPATH:=${DESTDIR}${DISTBASE}/usr/share/certs/untrusted:${DESTDIR}${LOCALBASE}/etc/ssl/untrusted:${DESTDIR}${LOCALBASE}/etc/ssl/blacklisted} @@ -302,7 +325,9 @@ blacklisted) cmd_untrusted ;; esac retval=$? -[ $ERRORS -gt 0 ] && echo "Encountered $ERRORS errors" >&2 +if [ $ERRORS -gt 0 ] ; then + info "Encountered $ERRORS errors" +fi exit $retval ################################################################################ From nobody Thu Feb 20 13:07:45 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzD821Ln5z5nryc; Thu, 20 Feb 2025 13:07:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzD820MXhz434P; Thu, 20 Feb 2025 13:07:46 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740056866; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=fQ4cSn4GTTfL6ZRswGgwFGTRNymVNLuKVixrepFS8Nw=; b=jh6AYuIGDU/qvZzMH/3365mDcfF46zWADvZr9HbcLiWKJDvni5aiRAh7xQgf6oDr6SyykH ko6vlbGdJuRguVrjkyuKDcxZcOvDCrp92zLWVVhnGVp6OUkzdVwL1vakg6oELjWIaE98cJ cYvcSkDdZiudhWh2dryZtchb5JoAXJ8nzobHAwEr16Aj/SPW98H/6K451RX3QFw9uCvsj+ Ehx7v4IZYbb123GGGh/ua4jwlD9FlCzA6E8MooFuSfyJoXWc4Op2lZn88lsfrcxYNDzfNY q57oRPxQg0wKlTZmab70dMa6MLNISm5VO2cu1wlLOm1e7IXD/QP3g68fK3W+ow== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740056866; a=rsa-sha256; cv=none; b=oT/iYxYRDsfW5AnjSd/tL4nVa5Jur0t0APTUooAHI9UsoQxNWGOVI1oaaOE1pTdG2ZDE22 9IMUnql9Ib1xUhfuU5HqgRB8JbWJ0rauJz86lNEiN083SaCGtC4WbI2uYTE7oiNErBX6+P JnLw0F/bZveoc8vDv7nSHh+Q//4hthLmovEDjShVz8HfDj/osJkvUZ5Ws42DM5LftlLyqq 5Sscwxl/aRtR9SZAqRr6SlsT51g36IsLeHAuzb2qMco6eZrj91evDHrG4N4oyPzRWmln4t 2Xr9a05JaVut4iwuDhTLQTddY73EOxNuJcT97ym1kWUVp/sB88pfp83zHKAZFw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740056866; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=fQ4cSn4GTTfL6ZRswGgwFGTRNymVNLuKVixrepFS8Nw=; b=PGWWKWakm82jWN409Sxwa9bYx0qVFOnWg2zmO+dbpU6jOOCHPur4JFvK2b7OhgH7vz/HC5 xtAyCf7UrgpLlF82ZX1oDQgpV9bS8iEnBOmL4IfsKfu5B5v59vwOZ9wI532B8gw0yVluwE GubexrrcsQFTYRmrd/uefJj+mU+z7wPM+KM2yPSZ7LIfRdRuk4f+Xnh1ixtZiij6Avg9Fm w2Et27KxTOVQzZE2RiTryWkSksGLYUn99EEyTGx48SluAMFdmLwXCZO31SCP9S7OdeEk/z RYhC46ywuxraOeIBuzQG2rLPBMctnWYCOugE1X589uniUkODZwS6/mIJ9LMRBw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzD8170SVzt31; Thu, 20 Feb 2025 13:07:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51KD7jQv025168; Thu, 20 Feb 2025 13:07:45 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51KD7jXa025165; Thu, 20 Feb 2025 13:07:45 GMT (envelope-from git) Date: Thu, 20 Feb 2025 13:07:45 GMT Message-Id: <202502201307.51KD7jXa025165@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 546987291380 - stable/14 - certctl: Set METALOG ownership to root:wheel List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 5469872913809c35731605e479f2128ddf75c001 Auto-Submitted: auto-generated The branch stable/14 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=5469872913809c35731605e479f2128ddf75c001 commit 5469872913809c35731605e479f2128ddf75c001 Author: Ed Maste AuthorDate: 2025-02-04 13:48:55 +0000 Commit: Ed Maste CommitDate: 2025-02-20 13:07:17 +0000 certctl: Set METALOG ownership to root:wheel This sets the correct ownership values when building base.txz install(1) does not validate the arguments passed to -o or -g (see PR283355) so there's no need to have the passwd db available for now. Future work includes plumbing the appropriate passwd db path through certctl, and validating uid and gid in install(1). PR: 283340 Reviewed by: jrtc27 Differential Revision: https://reviews.freebsd.org/D48506 (cherry picked from commit 10fa3f2518d4582c98d74527f79af9f30b1eceab) (cherry picked from commit 98bebc20cef7527ccb15f8defc9d52e803a0d506) (cherry picked from commit 4d15b58365ea706129bedfdb37e0c5e8661a640f) --- usr.sbin/certctl/certctl.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr.sbin/certctl/certctl.sh b/usr.sbin/certctl/certctl.sh index 02d055102c33..5af8fecb93ac 100755 --- a/usr.sbin/certctl/certctl.sh +++ b/usr.sbin/certctl/certctl.sh @@ -5,7 +5,7 @@ # Copyright 2018 Allan Jude # # Redistribution and use in source and binary forms, with or without -# modification, are permitted providing that the following conditions +# modification, are permitted providing that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. @@ -303,7 +303,7 @@ fi : ${METALOG:=${DESTDIR}/METALOG} INSTALLFLAGS= if "$UNPRIV" ; then - INSTALLFLAGS="-U -M ${METALOG} -D ${DESTDIR}" + INSTALLFLAGS="-U -M ${METALOG} -D ${DESTDIR} -o root -g wheel" fi : ${LOCALBASE:=$(sysctl -n user.localbase)} : ${TRUSTPATH:=${DESTDIR}${DISTBASE}/usr/share/certs/trusted:${DESTDIR}${LOCALBASE}/share/certs:${DESTDIR}${LOCALBASE}/etc/ssl/certs} From nobody Thu Feb 20 13:21:15 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzDRc18Kjz5nt7R; Thu, 20 Feb 2025 13:21:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzDRc0RM8z46Lv; Thu, 20 Feb 2025 13:21:16 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740057676; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=brVk+N8KlyCUQMLqcNBhqkxjgzb1NSXycQ3RU7w1hvM=; b=XdU+Li0jP7zDM9Fq6SdtvYfu99lqHxX7fyOcyQId2Vgi526mLuFeERvpMd5PdVx/00TNi5 OnLVVdjOZeAwv8F75kPcaD0udrm879IE32Y71tln5nOI2DuEmAerSxpVn7YdUAfZTTiSxy Q+sUsENTK1WCXYJj+XVAbHoVUQwVxFRdnyaiBRgQYbvFoICG4n3UCc336ff/oc4hjyHra0 skbuUcZ1nCODXsCJNdVU8lLgNDdELqAYw/SDIvwYEzTkjv+Q+3D7A6OFLGZeJbuzjGkEom 601f/JCjaWMxmzHnIl9SFTXbDM/QqDT8AuUSUjO7EGLHkcYnmwPCHyopszyriA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740057676; a=rsa-sha256; cv=none; b=UbyCrbZnNqjF5u9UkzazBecK1sW/nZ3tzfqbq9beJq6ksgWcDo+Zm3++0l2IObeA+dXR// u88fLFHlT8GB21WFZ5Zz373oPAFnx1e2Fqr7gMGDuNQBuh0n+tmQyrfxVeptlH0rru0804 LhwrMEi4q/UAp8TUVP7dVfGLbHb988e8Gu7xam5zVOtMw9vNv93jJCOoCfOwaysWczY2ND Fv2Ax98MhKNU2Irfvd9Typ7X3WoWjgpd2IrlK3lKxtx9qclFmH9/F6e9Tnx9/yKg2M8+hg j97NvtyQ5WeFk9QMf++2FgiF0mLXvYGVZvno+L6tzxtzP8spWyWs8J6/TvhfyQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740057676; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=brVk+N8KlyCUQMLqcNBhqkxjgzb1NSXycQ3RU7w1hvM=; b=w49GMRB1nMkGllVUNbw/QqZTLBxNUMTHhY/tQNVhwJRryukFyWqeREsV/nkGWl1370y+CH 8xXTmaTeD7ocRTdC5S278cf+5YvLWm8l9mw7TAu1zVbaOd/Sp35/dnL7lDDTRSQGfp7laY CnkTwa6ZhQ1Ud1HRm0pmONj9h1ZbWjrOqNwexbKfUjDVj1h9K2rIrBRgNt9scugvAdsHSb 4+qzdPGNCKTyjZmwINtEAiDhf+6aO8HwtVhG1BngcknUbUM/EsROyrl6ReRY1QjRI5r6XT nGxtoLLFC595+JG1KZJIy73YcF4BlL+hceDGaRJulnHjN7OBd/jEYUWK/20q8Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzDRb6zMGzsbB; Thu, 20 Feb 2025 13:21:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51KDLFTI056863; Thu, 20 Feb 2025 13:21:15 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51KDLFiM056860; Thu, 20 Feb 2025 13:21:15 GMT (envelope-from git) Date: Thu, 20 Feb 2025 13:21:15 GMT Message-Id: <202502201321.51KDLFiM056860@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 935e29dcdd84 - stable/13 - ssh_config.5: Remove redundant CheckHostIP default text List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 935e29dcdd84a763ce804293dd385c2126d2ec8f Auto-Submitted: auto-generated The branch stable/13 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=935e29dcdd84a763ce804293dd385c2126d2ec8f commit 935e29dcdd84a763ce804293dd385c2126d2ec8f Author: Ed Maste AuthorDate: 2025-01-24 21:15:22 +0000 Commit: Ed Maste CommitDate: 2025-02-20 13:21:02 +0000 ssh_config.5: Remove redundant CheckHostIP default text In 2000 (commit a95c1225217b) we changed the CheckHostIP default to "no". We added text to ssh_config(5) documenting FreeBSD's default. In 2021 OpenSSH made the same change, released with OpenSSH 8.5p1. When we imported the update the added text remained, resulting in: If the option is set to no (the default), the check will not be executed. The default is no. Remove the now-redundant text. Fixes: 206be79acbde ("Vendor import of OpenSSH 8.5p1") Sponsored by: The FreeBSD Foundation (cherry picked from commit 06016adaccca1958cdde4edf845f5b972be7ffc0) (cherry picked from commit 2c97e333166d4f6f6b84da60b96a82982bb19649) --- crypto/openssh/ssh_config.5 | 2 -- 1 file changed, 2 deletions(-) diff --git a/crypto/openssh/ssh_config.5 b/crypto/openssh/ssh_config.5 index 60e4b31a2de5..4a85589d132d 100644 --- a/crypto/openssh/ssh_config.5 +++ b/crypto/openssh/ssh_config.5 @@ -548,8 +548,6 @@ If the option is set to .Cm no (the default), the check will not be executed. -The default is -.Cm no . .It Cm Ciphers Specifies the ciphers allowed and their order of preference. Multiple ciphers must be comma-separated. From nobody Thu Feb 20 14:13:51 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzFcH56srz5nx0q; Thu, 20 Feb 2025 14:13:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzFcH22dzz3X8G; Thu, 20 Feb 2025 14:13:51 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740060831; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=MhrOANEVeLBqOResYtNMUOAQ1I4xltDZjEb9YRnsuJs=; b=ubjMdkU3YymISCjQ2JS1EQqAO02JaXHoAOVuS4n0XSFVHb20Yts71zUgqzsq/9jYNhUmyA IG+V+O7SsABg4xvDK5hVULPgM1mEYaxUpvIdivUI1jnMTuU08acaSVwK0IWguNb9IHbGzD SuwHz0N8RmljxCq1Ak73B7D+E9GfdAfA3VYeuKlwKtMsfbRvNsE08fxhGWXMEgjsgrPkIO X9jCGU73N332mApQ3Zbp1/jsNzeRo7EVq39wi+8evqzq1buf7Rm2qTkGdFJtAnegrCihCG dO6KDPaG0UNmd6GfCmUf7Vdl1wsnNxk85+0ZKKZL8s9bD07No+eVvo9CH5Nbgg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740060831; a=rsa-sha256; cv=none; b=W3ljcd1kT/GI+1HUTRQ+nqqs2Z2SuWf/62oPnOYUzkKhB+AGmoz8SvJU2l8KDHnYn1tj82 g76G1/Q9QkU2mxBVRAZA5M4CqL3cg+1ZRtIvfHRMPUqk95qZ92ntMeKFOoIYhoLvnWZEIh g/UMl1JUP9k7oTrfYUQMiFb+4kXiNVNADBm0C3BqVMc/3Rtdnon75jN9JVbPg0zlU/6kMt fHEWzi3sHzNhqINW3oSTtHUj4ypyM3NiT+D57TovH4FaDl/nlb6HutbOn9oNYpWRn+iYjD 8cxHiQ6KKT3g5Gyp/TjniRiLQMXxE2xwiXQjx3Ww1kjI5JGBswlX3hUyCWqcrA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740060831; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=MhrOANEVeLBqOResYtNMUOAQ1I4xltDZjEb9YRnsuJs=; b=YWCGKNGA2PNQkZhEKjtca1jT6i5zdrh+O9JU9iNfQj7rsNRxGSF40SgYoju52HHNOcASV0 Zzll5uXJu5bsHlOh7itrMwCS4TSIKocVLC7+SfHPTjmZ5CHn6eK2JzhaX7zA7zhlIkGO4u TshVndcTxBY48N9uP1przj4b9TMbhXNJ00rDiAC9aYaEyL11Hj0aoHR+AAAdCxzH8m7CAb o02YOzCAN5KVlNx3rHrGs1YJRKyepm5V828PMiAcALjuekEMmX+vWDa0qZv3niqNoCGiTH NOh3FYiRsaCQ/PQwKOnvRN9mNEtAi0Z97i49IUJ13wdXcpln/9D/YwCzxagEZg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzFcH1Yv6zvsl; Thu, 20 Feb 2025 14:13:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51KEDpTj054469; Thu, 20 Feb 2025 14:13:51 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51KEDpo8054466; Thu, 20 Feb 2025 14:13:51 GMT (envelope-from git) Date: Thu, 20 Feb 2025 14:13:51 GMT Message-Id: <202502201413.51KEDpo8054466@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 18731774734b - stable/14 - cdefs: Bump the defaults for 'all' List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 18731774734bdb7f18a2299110e14ee8652f2be4 Auto-Submitted: auto-generated The branch stable/14 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=18731774734bdb7f18a2299110e14ee8652f2be4 commit 18731774734bdb7f18a2299110e14ee8652f2be4 Author: Warner Losh AuthorDate: 2024-11-14 23:52:50 +0000 Commit: Ed Maste CommitDate: 2025-02-20 14:13:25 +0000 cdefs: Bump the defaults for 'all' Bump default to POSIX at 202405, C at 2023 and xopen at 800... Sponsored by: Netflix Reviewed by: brooks Differential Revision: https://reviews.freebsd.org/D47578 (cherry picked from commit f95d9ec92122e6b4ef99c9a258f31b9564d327d3) --- sys/sys/cdefs.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sys/sys/cdefs.h b/sys/sys/cdefs.h index 1481bc1d89d1..dc5221343dc3 100644 --- a/sys/sys/cdefs.h +++ b/sys/sys/cdefs.h @@ -755,10 +755,10 @@ #define __ISO_C_VISIBLE 2011 #define __EXT1_VISIBLE 0 #else /* Default environment: show everything. */ -#define __POSIX_VISIBLE 200809 -#define __XSI_VISIBLE 700 +#define __POSIX_VISIBLE 202405 +#define __XSI_VISIBLE 800 #define __BSD_VISIBLE 1 -#define __ISO_C_VISIBLE 2011 +#define __ISO_C_VISIBLE 2023 #define __EXT1_VISIBLE 1 #endif #endif From nobody Thu Feb 20 14:13:52 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzFcJ6B9qz5nxCb; Thu, 20 Feb 2025 14:13:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzFcJ3S7bz3WsK; Thu, 20 Feb 2025 14:13:52 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740060832; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/G6f1sy+5PAi2oU50rmIGA1zhMlYFGOlLPLWOYoHgbw=; b=p7pnMJKAgDBx7evH15gypYhfBq+h6Uy/DE3AFejV2dYvD6CxhFpeG8wqpCladrfsLuZNh4 Y4ji1h86Al2LyJ2E1qJ9FrYFNLLqKa4zU73towId+hW3NowcO6CmSLUe0yI/4ezwC+F4yd eK43svVJOn1VjQaLrf17+RwiM9G14PpMPL5sGKeUlOtWDwD+yGcAoDW4MaWxrFUd3IjpZT DExL8evYI1luOrKTUdJn+vv1mWu4pjB+bm2XriN7ntghMxkq2nYx9VV71BDtAuZG+wmZHV oxxWq2cs+v53tkCs/+CdjUfOceJ78AB5icfqspkTNrOHZ19kosOjG9SZVim08Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740060832; a=rsa-sha256; cv=none; b=pPVS2rIgMi+bCPyjO3SNc+TB5SRM5lTVsSs0JDTvrb+ydz6REyMbELf6anh6+a2WQ0paWi 0XRlLgGwxtZtTiTvmv1cndTg1sFO6XhNZYVo++G7b9YySvf/iAKyoeKh5+XGTZcaf8jwk+ Qf777RP3XQqeTkTQ8OPUM7f7g2Fyl+hjxeP5DaqQO0fZpeVKXmTNXZmXssJR+sEky90HyZ 37f+p1FhKgZROWFBx78QpYQuX3VeyJnvRnbaPiS17AhP6BbPooqmlBYjn6/tI2VNF2HE2B k96mGvaNzWuE0mSdUX83IQMSgLpKPVxzmcAPHyFDKB0lrAIg0Cs4rj+JkLWL2A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740060832; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/G6f1sy+5PAi2oU50rmIGA1zhMlYFGOlLPLWOYoHgbw=; b=BpAQZ7DFKAX1ezBcnsn+rZU8NnaQZ9nTeRJN3On+C9tEEdum3VwDcMVZyaLMrQcC7r2LNk 8vrKeF3io+keerDmUUY+LB2w6ZZsEo7GdCRGER8PnNQNBInBLg4Ve5y+Tof2c04BBz7VTf 5n+isNKdLiwW/C6C9akSUWNkWP2ItzVR/QRM0uKcZUyNXTFMASnV3UJAzZbwt+5Z8I0NU5 xCuSLb79uMZBMAd2P4nhPqVkruK2MoZRpA/38vB6D0eVpLqqIkAPxLEuaVfU5F7I7TosVY bJuLzI1gHxHUn+ssYa667JOTVYf3CL6CCTqfamxSB0o3ExXSapgo+MumQ8brZw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzFcJ2Y22zvMk; Thu, 20 Feb 2025 14:13:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51KEDqUX054504; Thu, 20 Feb 2025 14:13:52 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51KEDqgV054501; Thu, 20 Feb 2025 14:13:52 GMT (envelope-from git) Date: Thu, 20 Feb 2025 14:13:52 GMT Message-Id: <202502201413.51KEDqgV054501@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 6789b9f63023 - stable/14 - libc: Fix getentropy POSIX 2024 conformance issues List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 6789b9f630236a9bc0e7b4f2b930c1048c5312ef Auto-Submitted: auto-generated The branch stable/14 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=6789b9f630236a9bc0e7b4f2b930c1048c5312ef commit 6789b9f630236a9bc0e7b4f2b930c1048c5312ef Author: Ed Maste AuthorDate: 2024-11-16 15:14:21 +0000 Commit: Ed Maste CommitDate: 2025-02-20 14:13:25 +0000 libc: Fix getentropy POSIX 2024 conformance issues GETENTROPY_MAX should be defined in limits.h. EINVAL is the return value for buflen > GETENTROPY_MAX. PR: 282783 Reviewed by: markj, asomers, jhb Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47689 --- include/limits.h | 4 ++++ lib/libc/gen/getentropy.3 | 14 ++++---------- lib/libc/gen/getentropy.c | 5 +++-- 3 files changed, 11 insertions(+), 12 deletions(-) diff --git a/include/limits.h b/include/limits.h index 73036ca3ad7b..1a3c872b1ffb 100644 --- a/include/limits.h +++ b/include/limits.h @@ -139,6 +139,10 @@ #define MB_LEN_MAX 6 /* 31-bit UTF-8 */ +#if __POSIX_VISIBLE >= 202405 +#define GETENTROPY_MAX 256 +#endif + #include #if __POSIX_VISIBLE diff --git a/lib/libc/gen/getentropy.3 b/lib/libc/gen/getentropy.3 index 5bbbc80e2414..5f7ee32ebbfc 100644 --- a/lib/libc/gen/getentropy.3 +++ b/lib/libc/gen/getentropy.3 @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd November 20, 2024 +.Dd January 17, 2025 .Dt GETENTROPY 3 .Os .Sh NAME @@ -60,8 +60,8 @@ The .Fa buf parameter points to an invalid address. -.It Bq Er EIO -Too many bytes requested, or some other fatal error occurred. +.It Bq Er EINVAL +Too many bytes requested. .El .Sh SEE ALSO .Xr getrandom 2 , @@ -69,7 +69,7 @@ Too many bytes requested, or some other fatal error occurred. .Xr random 4 .Sh STANDARDS .Fn getentropy -nearly conforms to +conforms to .St -p1003.1-2024 . .Sh HISTORY The @@ -80,9 +80,3 @@ The .Fx libc compatibility shim first appeared in .Fx 12.0 . -.Sh BUGS -.In limits.h -does not define -.Dv GETENTROPY_MAX . -Some error values do not match -.St -p1003.1-2024 . diff --git a/lib/libc/gen/getentropy.c b/lib/libc/gen/getentropy.c index 060c2760bfad..5dffd91c6dee 100644 --- a/lib/libc/gen/getentropy.c +++ b/lib/libc/gen/getentropy.c @@ -31,6 +31,7 @@ #include #include +#include #include #include #include @@ -110,8 +111,8 @@ getentropy(void *buf, size_t buflen) ssize_t rd; bool have_getrandom; - if (buflen > 256) { - errno = EIO; + if (buflen > GETENTROPY_MAX) { + errno = EINVAL; return (-1); } From nobody Thu Feb 20 17:51:21 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzLRG2h8gz5pCPZ; Thu, 20 Feb 2025 17:51:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzLRG2Nt3z44mw; Thu, 20 Feb 2025 17:51:22 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740073882; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=C1udAPBwLOFtbE21Nj5nbb0PfPJ/NwEvnrxChOD9hB4=; b=swu7h9Iga8ZERGQTaO9i370BUUdQAg73AtxGcW6aqS/v4LGQJNC37vtB9FsVzgqWepjbPW InRJu/lbzNpwxUPjR7n9EaYpuMo3nvRIFPQS8TOU5OgmVoM7/W9UiNOyc8cKCzpSYZSZed rRDnwTneh+cq28T6ru9uABUgu224DHrzz0R2MuUKphazr+z+NrCvtdnM3HzOUm7zjcrf/c 4IBwsY/6s/SgxRp4Adlt5+uAW+s3TqEmVCP1/puXcL266WDAyYkDPKBYrn5AVSw7rTEl1N jUhi8dsgfoY0MJ3KwRpqRpx+Pt18Zciwa2n+ACE4NkgvJknDMqSL6URecZWsvQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740073882; a=rsa-sha256; cv=none; b=g8GMwJ3a0nPACFrj+JfN66xPdVsY2Uf5Z4jfB7rSqs+DOZCnQqKcmPuVqXwm6d1bndNEpf GyQYkunHfVGJ8NI7OrFRpeU7whUs1GOaURcmzXj7Pq7UNJodzILKng56dNS7LGb84tEHQn 4MXmkwdDVpYrWuwOiPkzB3RBI7pFLSMD0GG3jVuo2uw8ZkiFliDJW+ck+X5WL5pGwz1y4D feDKxztaJWKR9eZ4PGs55A+VkFqKbGl/FjpIN+ciyhAjJmC+5UNasXXVhS7NnX5pMB3cDi G/3EAZ6q9Xx7kmFWn9j1Zvw92YMXhPnShQ/wRsrCwuORtjF47Fv49cNZQp5klg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740073882; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=C1udAPBwLOFtbE21Nj5nbb0PfPJ/NwEvnrxChOD9hB4=; b=BdaIDqXgbgQ5ZcmBcfEwnErpLFI3vabJh5D4H1VwkgQsYCY9lFaJDloJ1PmGI2huVRryAq B3RCyidxunlzxdsfGL8ZRNP/t9TScEqpw+XqmnSm+wFfPT7y4W2WqH/XknwXtLEq0xFgMe tB3+ZRPYRnq13/BuLcJq+9IABDRtjTM6AC/6ASNERQjtOFZ0AL5/seUJ0tOH7kn5/duazN /pI+3u0uh3XKKwcMlKInJ+oAhSi1mEJoPjpQPB5+p6a31d0Ua2on7c0bct1EJs7NAq3sFs 7tKJ0pTSHIEy88A5SMoPZGmT6dCEvi62Xb0RymrjEjIbn5h3I5disbJkm1kw4w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzLRG1xLtz129j; Thu, 20 Feb 2025 17:51:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51KHpMnL062065; Thu, 20 Feb 2025 17:51:22 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51KHpLmI062062; Thu, 20 Feb 2025 17:51:21 GMT (envelope-from git) Date: Thu, 20 Feb 2025 17:51:21 GMT Message-Id: <202502201751.51KHpLmI062062@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: ff2fd01609cc - stable/14 - openssh: Update to 9.8p1 List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: ff2fd01609cc10bcdc87ebe4de42efaf7ffe2ee9 Auto-Submitted: auto-generated The branch stable/14 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=ff2fd01609cc10bcdc87ebe4de42efaf7ffe2ee9 commit ff2fd01609cc10bcdc87ebe4de42efaf7ffe2ee9 Author: Ed Maste AuthorDate: 2025-02-19 17:20:44 +0000 Commit: Ed Maste CommitDate: 2025-02-20 17:50:11 +0000 openssh: Update to 9.8p1 Highlights from the release notes are reproduced below. Some security and bug fixes were previously merged into FreeBSD and have been elided. See the upstream release notes for full details (https://www.openssh.com/releasenotes.html). --- Future deprecation notice ========================= OpenSSH plans to remove support for the DSA signature algorithm in early 2025. Potentially-incompatible changes -------------------------------- * sshd(8): the server will now block client addresses that repeatedly fail authentication, repeatedly connect without ever completing authentication or that crash the server. See the discussion of PerSourcePenalties below for more information. Operators of servers that accept connections from many users, or servers that accept connections from addresses behind NAT or proxies may need to consider these settings. * sshd(8): the server has been split into a listener binary, sshd(8), and a per-session binary "sshd-session". This allows for a much smaller listener binary, as it no longer needs to support the SSH protocol. As part of this work, support for disabling privilege separation (which previously required code changes to disable) and disabling re-execution of sshd(8) has been removed. Further separation of sshd-session into additional, minimal binaries is planned for the future. * sshd(8): several log messages have changed. In particular, some log messages will be tagged with as originating from a process named "sshd-session" rather than "sshd". * ssh-keyscan(1): this tool previously emitted comment lines containing the hostname and SSH protocol banner to standard error. This release now emits them to standard output, but adds a new "-q" flag to silence them altogether. * sshd(8): (portable OpenSSH only) sshd will no longer use argv[0] as the PAM service name. A new "PAMServiceName" sshd_config(5) directive allows selecting the service name at runtime. This defaults to "sshd". bz2101 New features ------------ * sshd(8): sshd(8) will now penalise client addresses that, for various reasons, do not successfully complete authentication. This feature is controlled by a new sshd_config(5) PerSourcePenalties option and is on by default. * ssh(8): allow the HostkeyAlgorithms directive to disable the implicit fallback from certificate host key to plain host keys. Portability ----------- * sshd(8): expose SSH_AUTH_INFO_0 always to PAM auth modules unconditionally. The previous behaviour was to expose it only when particular authentication methods were in use. * ssh(1), ssh-agent(8): allow the presence of the WAYLAND_DISPLAY environment variable to enable SSH_ASKPASS, similarly to the X11 DISPLAY environment variable. GHPR479 --- Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D48914 (cherry picked from commit 0fdf8fae8b569bf9fff3b5171e669dcd7cf9c79e) (cherry picked from commit b4bb480ae9294d7e4b375f0ead9ae57517c79ef3) (cherry picked from commit e95979047aec384852102cf8bb1d55278ea77eeb) (cherry picked from commit dcb4ae528d357f34e4a4b4882c2757c67c98e395) Approved by: re (accelerated MFC) --- crypto/openssh/.depend | 19 +- crypto/openssh/.git_allowed_signers | 2 + crypto/openssh/.git_allowed_signers.asc | 26 +- crypto/openssh/.github/ci-status.md | 10 +- crypto/openssh/.github/configs | 3 +- crypto/openssh/.github/run_test.sh | 1 + crypto/openssh/.github/workflows/c-cpp.yml | 16 +- crypto/openssh/.github/workflows/cifuzz.yml | 4 +- crypto/openssh/.github/workflows/selfhosted.yml | 55 +- crypto/openssh/.github/workflows/upstream.yml | 18 +- crypto/openssh/.gitignore | 5 +- crypto/openssh/.skipped-commit-ids | 8 + crypto/openssh/ChangeLog | 11260 ++++++++++--------- crypto/openssh/Makefile.in | 25 +- crypto/openssh/PROTOCOL.agent | 5 +- crypto/openssh/PROTOCOL.key | 4 +- crypto/openssh/README | 2 +- crypto/openssh/addr.c | 12 +- crypto/openssh/auth-pam.c | 54 +- crypto/openssh/auth-pam.h | 2 +- crypto/openssh/auth-rhosts.c | 3 +- crypto/openssh/auth.c | 108 +- crypto/openssh/auth.h | 15 +- crypto/openssh/auth2-gss.c | 41 +- crypto/openssh/auth2-hostbased.c | 15 +- crypto/openssh/auth2-kbdint.c | 7 +- crypto/openssh/auth2-methods.c | 134 + crypto/openssh/auth2-none.c | 12 +- crypto/openssh/auth2-passwd.c | 9 +- crypto/openssh/auth2-pubkey.c | 15 +- crypto/openssh/auth2.c | 91 +- crypto/openssh/channels.c | 22 +- crypto/openssh/channels.h | 4 +- crypto/openssh/cipher.c | 4 +- crypto/openssh/clientloop.c | 73 +- crypto/openssh/clientloop.h | 3 +- crypto/openssh/config.h | 21 +- crypto/openssh/configure.ac | 40 +- crypto/openssh/contrib/redhat/openssh.spec | 3 +- crypto/openssh/contrib/suse/openssh.spec | 3 +- crypto/openssh/ed25519.sh | 4 +- crypto/openssh/kex-names.c | 330 + crypto/openssh/kex.c | 270 +- crypto/openssh/kex.h | 9 +- crypto/openssh/kexgexs.c | 4 +- crypto/openssh/log.c | 17 +- crypto/openssh/log.h | 9 +- crypto/openssh/m4/openssh.m4 | 3 + crypto/openssh/misc.c | 100 +- crypto/openssh/misc.h | 11 +- crypto/openssh/moduli | 922 +- crypto/openssh/monitor.c | 57 +- crypto/openssh/monitor.h | 6 +- crypto/openssh/monitor_wrap.c | 234 +- crypto/openssh/monitor_wrap.h | 17 +- crypto/openssh/msg.c | 5 +- crypto/openssh/openbsd-compat/getrrsetbyname.c | 24 +- crypto/openssh/openbsd-compat/port-linux.c | 98 +- crypto/openssh/openbsd-compat/port-linux.h | 5 + crypto/openssh/packet.c | 92 + crypto/openssh/packet.h | 5 +- crypto/openssh/pathnames.h | 7 +- crypto/openssh/platform-listen.c | 84 + crypto/openssh/platform.c | 49 +- crypto/openssh/platform.h | 1 + crypto/openssh/readconf.c | 4 +- crypto/openssh/readpass.c | 9 +- crypto/openssh/regress/Makefile | 6 +- crypto/openssh/regress/cfgmatchlisten.sh | 2 +- crypto/openssh/regress/dropbear-ciphers.sh | 15 +- crypto/openssh/regress/dropbear-kex.sh | 14 +- crypto/openssh/regress/key-options.sh | 2 +- .../regress/misc/fuzz-harness/agent_fuzz_helper.c | 1 - .../openssh/regress/misc/fuzz-harness/kex_fuzz.cc | 8 +- .../openssh/regress/misc/fuzz-harness/sig_fuzz.cc | 8 +- crypto/openssh/regress/penalty-expire.sh | 35 + crypto/openssh/regress/penalty.sh | 52 + crypto/openssh/regress/percent.sh | 5 - crypto/openssh/regress/rekey.sh | 4 +- crypto/openssh/regress/sftp-cmds.sh | 29 +- crypto/openssh/regress/test-exec.sh | 96 +- crypto/openssh/regress/unittests/kex/Makefile | 3 +- crypto/openssh/regress/unittests/kex/test_kex.c | 6 +- crypto/openssh/regress/yes-head.sh | 2 +- crypto/openssh/scp.c | 4 +- crypto/openssh/servconf.c | 283 +- crypto/openssh/servconf.h | 34 +- crypto/openssh/serverloop.c | 50 +- crypto/openssh/session.c | 51 +- crypto/openssh/sftp-client.c | 4 +- crypto/openssh/sftp-server.c | 10 +- crypto/openssh/sftp.c | 8 +- crypto/openssh/srclimit.c | 396 +- crypto/openssh/srclimit.h | 22 +- crypto/openssh/ssh-add.1 | 12 +- crypto/openssh/ssh-gss.h | 3 +- crypto/openssh/ssh-keygen.1 | 20 +- crypto/openssh/ssh-keyscan.1 | 21 +- crypto/openssh/ssh-keyscan.c | 76 +- crypto/openssh/ssh-keysign.8 | 6 +- crypto/openssh/ssh-keysign.c | 4 +- crypto/openssh/ssh-pkcs11.c | 27 +- crypto/openssh/ssh.1 | 25 +- crypto/openssh/ssh_api.c | 17 +- crypto/openssh/ssh_config.5 | 20 +- crypto/openssh/ssh_namespace.h | 27 +- crypto/openssh/sshconnect.c | 34 +- crypto/openssh/sshconnect.h | 6 +- crypto/openssh/sshconnect2.c | 4 +- crypto/openssh/sshd-session.c | 1505 +++ crypto/openssh/sshd.8 | 9 +- crypto/openssh/sshd.c | 1711 +-- crypto/openssh/sshd_config.5 | 110 +- crypto/openssh/sshkey.h | 3 +- crypto/openssh/version.h | 4 +- secure/lib/libssh/Makefile | 2 +- secure/libexec/Makefile | 2 +- secure/libexec/sshd-session/Makefile | 62 + secure/usr.sbin/sshd/Makefile | 42 +- 119 files changed, 10907 insertions(+), 8525 deletions(-) diff --git a/crypto/openssh/.depend b/crypto/openssh/.depend index 4897698ab74a..1d7d0606c657 100644 --- a/crypto/openssh/.depend +++ b/crypto/openssh/.depend @@ -23,6 +23,7 @@ auth2-gss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-com auth2-hostbased.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h kex.h mac.h crypto_api.h sshbuf.h log.h ssherr.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h canohost.h auth2-hostbased.o: monitor_wrap.h pathnames.h match.h auth2-kbdint.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h log.h ssherr.h misc.h servconf.h +auth2-methods.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h misc.h servconf.h openbsd-compat/sys-queue.h xmalloc.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth2-none.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h misc.h servconf.h ssh2.h monitor_wrap.h auth2-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h ssherr.h log.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h monitor_wrap.h misc.h servconf.h auth2-pubkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h kex.h mac.h crypto_api.h sshbuf.h log.h ssherr.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h @@ -60,6 +61,7 @@ gss-serv.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-comp hash.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h hmac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h digest.h hmac.h hostfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h sshkey.h hostfile.h log.h ssherr.h misc.h pathnames.h digest.h hmac.h sshbuf.h +kex-names.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h kex.h mac.h crypto_api.h log.h ssherr.h match.h digest.h misc.h xmalloc.h kex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.h ssh2.h atomicio.h version.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h log.h ssherr.h kex.o: match.h misc.h monitor.h myproposal.h sshbuf.h digest.h xmalloc.h kexc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ssherr.h ssh2.h @@ -82,12 +84,13 @@ monitor.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api monitor.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h openbsd-compat/openssl-compat.h atomicio.h xmalloc.h ssh.h sshkey.h sshbuf.h hostfile.h auth.h auth-pam.h audit.h loginrec.h cipher.h cipher-chachapoly.h monitor_fdpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h monitor_fdpass.h monitor_wrap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h -monitor_wrap.o: loginrec.h auth-options.h packet.h dispatch.h log.h ssherr.h monitor.h monitor_wrap.h atomicio.h monitor_fdpass.h misc.h channels.h session.h servconf.h +monitor_wrap.o: loginrec.h auth-options.h packet.h dispatch.h log.h ssherr.h monitor.h atomicio.h monitor_fdpass.h misc.h channels.h session.h servconf.h monitor_wrap.h srclimit.h msg.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h ssherr.h log.h atomicio.h msg.h misc.h mux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h log.h ssherr.h ssh.h ssh2.h pathnames.h misc.h match.h sshbuf.h channels.h msg.h packet.h dispatch.h monitor_fdpass.h sshpty.h sshkey.h readconf.h clientloop.h nchan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h ssh2.h sshbuf.h ssherr.h packet.h dispatch.h channels.h compat.h log.h packet.o: channels.h ssh.h packet.h dispatch.h sshbuf.h packet.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h compat.h ssh2.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h digest.h log.h ssherr.h canohost.h misc.h +platform-listen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h misc.h platform-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h platform-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h platform-tracing.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h @@ -123,7 +126,7 @@ sftp-usergroup.o: includes.h config.h defines.h platform.h openbsd-compat/openbs sftp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ssherr.h pathnames.h misc.h utf8.h sftp.h sshbuf.h sftp-common.h sftp-client.h openbsd-compat/glob.h sftp-usergroup.h sk-usbhid.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sntrup761.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h -srclimit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h addr.h canohost.h log.h ssherr.h misc.h srclimit.h xmalloc.h +srclimit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h addr.h canohost.h log.h ssherr.h misc.h srclimit.h xmalloc.h servconf.h openbsd-compat/sys-queue.h match.h ssh-add.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h log.h ssherr.h sshkey.h sshbuf.h authfd.h authfile.h pathnames.h misc.h digest.h ssh-sk.h sk-api.h hostfile.h ssh-agent.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h sshkey.h authfd.h log.h ssherr.h misc.h digest.h match.h msg.h pathnames.h ssh-pkcs11.h sk-api.h myproposal.h ssh-dss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h @@ -146,19 +149,21 @@ ssh-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat ssh-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h canohost.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h packet.h dispatch.h sshbuf.h channels .h ssh.o: sshkey.h authfd.h authfile.h pathnames.h clientloop.h log.h ssherr.h misc.h readconf.h sshconnect.h kex.h mac.h crypto_api.h sshpty.h match.h msg.h version.h myproposal.h utf8.h -ssh_api.o: authfile.h misc.h version.h myproposal.h sshbuf.h openbsd-compat/openssl-compat.h +ssh_api.o: authfile.h dh.h misc.h version.h myproposal.h sshbuf.h openbsd-compat/openssl-compat.h ssh_api.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh_api.h openbsd-compat/sys-queue.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h ssh.h ssh2.h packet.h dispatch.h compat.h log.h ssherr.h sshbuf-getput-basic.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h sshbuf-getput-crypto.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf-io.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h atomicio.h sshbuf-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h sshbuf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h misc.h -sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h hostfile.h ssh.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h sshkey.h sshconnect.h log.h ssherr.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h ssh2.h version.h authfile.h authfd.h -sshconnect.o: kex.h mac.h crypto_api.h +sshconnect.o: authfd.h kex.h mac.h crypto_api.h +sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h hostfile.h ssh.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h sshkey.h sshconnect.h log.h ssherr.h match.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h ssh2.h version.h authfile.h sshconnect2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h packet.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h sshconnect2.o: sshconnect.h authfile.h dh.h authfd.h log.h ssherr.h misc.h readconf.h match.h canohost.h msg.h pathnames.h uidswap.h hostfile.h utf8.h ssh-sk.h sk-api.h -sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h log.h ssherr.h sshbuf.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h chacha.h -sshd.o: poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h crypto_api.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h sk-api.h srclimit.h dh.h +sshd-session.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h crypto_api.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h sk-api.h srclimit.h dh.h +sshd-session.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h log.h ssherr.h sshbuf.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h +sshd.o: audit.h loginrec.h authfd.h msg.h version.h sk-api.h addr.h srclimit.h +sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshpty.h log.h ssherr.h sshbuf.h misc.h servconf.h compat.h digest.h sshkey.h authfile.h pathnames.h canohost.h hostfile.h auth.h auth-pam.h ssherr.o: ssherr.h sshkey-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ssh2.h ssherr.h misc.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h match.h ssh-sk.h openbsd-compat/openssl-compat.h diff --git a/crypto/openssh/.git_allowed_signers b/crypto/openssh/.git_allowed_signers index 0313c1ecd17f..2a5fdc67c6ed 100644 --- a/crypto/openssh/.git_allowed_signers +++ b/crypto/openssh/.git_allowed_signers @@ -1,4 +1,6 @@ dtucker@dtucker.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKecyjh9aNmD4rb8WblA8v91JjRb0Cd2JtkzqxcggGeG +dtucker@dtucker.net sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBDV81zWQ1+XVfWH5z4L4klDQ/z/6l2GLphfSTX/Rmq6kL5H8mkfzUlryxLlkN8cD9srtVJBAmwJWfJBNsCo958YAAAAEc3NoOg== + djm@mindrot.org sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBLnJo3ZVDENYZGXm5uO9lU7b0iDFq5gHpTu1MaHPWTEfPdvw+AjFQQ/q5YizuMJkXGsMdYmblJEJZYHpm9IS7ZkAAAAEc3NoOg== djm@mindrot.org sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBJoAXBTQalfg+kC5wy1vE7HkIHtVnmV6AUuuIo9KQ1P+70juHwvsFKpsGaqQbrHJkTVgYDGVP02XHj8+Fb18yBIAAAAEc3NoOg== djm@mindrot.org sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBH+z1I48s6ydOhP5SJmI02zVCLf0K15B+UMHgoTIKVfUIv5oDoVX7e9f+7QiRmTeEOdZfQydiaVqsfi7qPSve+0AAAAEc3NoOg== diff --git a/crypto/openssh/.git_allowed_signers.asc b/crypto/openssh/.git_allowed_signers.asc index 5fc6118ca9a6..1a8401b838a3 100644 --- a/crypto/openssh/.git_allowed_signers.asc +++ b/crypto/openssh/.git_allowed_signers.asc @@ -1,16 +1,16 @@ -----BEGIN PGP SIGNATURE----- -iQIzBAABCgAdFiEEcWi5g4FaXu9ZpK39Kj9BTnNgYLoFAmMMMiIACgkQKj9BTnNg -YLpyGhAAhZ1RxmD62JnT0gnor1aD0inq1fGPRadaFvXH2OScPcxXMIZWx+otnyZ/ -H9s0bIti42dPHqurgh92KS2mDGVIW8Y8MvxFUr678+hdem1U7Xvjoo0uaveNhJhe -GxuQDOvXKRmmfL2c6w3wnFChFA1o3K+JNshjCHhWz7u6+UmY0Q9yIxqbSi+vmEPP -NfWPfGdu4h8r7q11UgTxRSUQkfZXMqpBtb367B9BLduGuKRFKEJNyi6WpjBrqy38 -BvEbAaL52KX8hEp3TKMjo38RbOK+veSoPV5zlLui0WlEwwasgljal3f4RkqCAJob -hqpFJRogM5XNnA2e68TDTf3buJ3wRRjuK39/CusOJz5v4i6+VCdte+BET1Y4gD6y -v8KV4pRyumcdbN3khFUkmaQsjo+fyQjWNrgOvv60J2xUWZdchn8lxHOxrfRVKnOi -BD4bdks7tPQY/XsS5GNJIp21Ji9HGyBajjHo0BlesLodw7FEOf6YE18A3n9qzosR -RliuP4Hs/Z4sCUuDTbpKtQiUVs40kBbkhEL8kS8FsXz3VO89hAWaUqNUYom8AkKv -nfDjrZDBLXuVj1Mi8qNPXxqrB/1Cza2/W4U7SK4TlMFXfoXXWxxhefN5vIdMhAJB -u9Mdz1pY9mowKbd0c0dR+3fauvjM133dzKuyeDHMqDa5JPyd59o= -=kgnS +iQIzBAABCgAdFiEEcWi5g4FaXu9ZpK39Kj9BTnNgYLoFAmYHnZ8ACgkQKj9BTnNg +YLquuQ/6A8E6P2jcgn3wmbbCTXP7kmxoh3nmw/e6PC8CEua1512oT3GHOKVD5cGK +cgYRObpWvjOjg7L1HRABftq7a9M2zfsGnY/WNe3/fbetfkyY8hG8c31vA1ePIOt2 +AjBLCWFblH0CtyH/MssoQ19JCLtXK/GmekB1Q0JzyOog7w/0r3CKuUnZ0juCYR1R +4FBePl5l3nFSZEcFEdptGlNGeuolS5XBCqB9Y91TCzkVkH5eXUUW+shgjNhWCEhT +pZvkxfhsmOEnwNofyPdgKVfDBVkHmvuC67EU395mJVN4c2NZ8pOztb9hOt3xr980 +q44I4kT2NpaApCx1dWIGhMy/37LJ8heI0W1B+ofTA5n34/RU8UXH3SCkj2AK6Ao5 +H2u8vbmuWKUCiECmrw35EeKGmtuK/bWJzx3KBP7fx5J9S3mWUgT4W4xlWNN9RWoU +sSvH1ppie5ARINVaAWl5k44fk60ahTf80DbQBIOZBmQn7myZZka+yGcQbAiZZ1Gc +0l8+Nf5Ao1ckmuyY5o8FyWdsyDeK3+MqjPn5Rr1CqbKCn2VnqrVWbI33Eyu8c96U +bxVgU5H1BDhNjJC8UrT3LFPvJMO8p3a0IJ3eHydjk2jVOhOdBZmA0yoqUTrhPpXq +ymIHESjDJR8TDe4TCfb46o9oEC3cdbDwgnzPqdg0n+0uIsJLYiU= +=gl+l -----END PGP SIGNATURE----- diff --git a/crypto/openssh/.github/ci-status.md b/crypto/openssh/.github/ci-status.md index 8d4cea10dba4..fbf7c5fd6117 100644 --- a/crypto/openssh/.github/ci-status.md +++ b/crypto/openssh/.github/ci-status.md @@ -6,10 +6,6 @@ master : [![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh) [![Coverity Status](https://scan.coverity.com/projects/21341/badge.svg)](https://scan.coverity.com/projects/openssh-portable) -9.4 : -[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_4)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_4) -[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_4)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_4) - -9.3 : -[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_3)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_3) -[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_3)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_3) +9.7 : +[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_7)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_7) +[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_7)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_7) diff --git a/crypto/openssh/.github/configs b/crypto/openssh/.github/configs index 370fe29a3ee4..6134cb6ed5e9 100755 --- a/crypto/openssh/.github/configs +++ b/crypto/openssh/.github/configs @@ -208,6 +208,7 @@ case "$config" in # and hostbased (since valgrind won't let ssh exec keysign). # Slow ones are run separately to increase parallelism. SKIP_LTESTS="agent-timeout connection-timeout hostbased" + SKIP_LTESTS="$SKIP_LTESTS penalty-expire" SKIP_LTESTS="$SKIP_LTESTS ${tests2} ${tests3} ${tests4} ${tests5}" ;; valgrind-2) @@ -289,7 +290,7 @@ case "${TARGET_HOST}" in hostkey-agent key-options keyscan knownhosts-command login-timeout reconfigure reexec rekey scp scp-uri scp3 sftp sftp-badcmds sftp-batch sftp-cmds sftp-glob sftp-perm sftp-uri stderr-data - transfer" + transfer penalty penalty-expire" SKIP_LTESTS="$(echo $T)" TEST_TARGET=t-exec SUDO="" diff --git a/crypto/openssh/.github/run_test.sh b/crypto/openssh/.github/run_test.sh index d5fd487d9009..17c1731ff860 100755 --- a/crypto/openssh/.github/run_test.sh +++ b/crypto/openssh/.github/run_test.sh @@ -9,6 +9,7 @@ set -ex # If we want to test hostbased auth, set up the host for it. if [ ! -z "$SUDO" ] && [ ! -z "$TEST_SSH_HOSTBASED_AUTH" ]; then sshconf=/usr/local/etc + $SUDO mkdir -p "${sshconf}" hostname | $SUDO tee $sshconf/shosts.equiv >/dev/null echo "EnableSSHKeysign yes" | $SUDO tee $sshconf/ssh_config >/dev/null $SUDO mkdir -p $sshconf diff --git a/crypto/openssh/.github/workflows/c-cpp.yml b/crypto/openssh/.github/workflows/c-cpp.yml index edb88f23c0fb..609028703f80 100644 --- a/crypto/openssh/.github/workflows/c-cpp.yml +++ b/crypto/openssh/.github/workflows/c-cpp.yml @@ -2,12 +2,13 @@ name: C/C++ CI on: push: - paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ] + paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/c-cpp.yaml' ] pull_request: - paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ] + paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/c-cpp.yaml' ] jobs: ci: + name: "${{ matrix.target }} ${{ matrix.config }}" if: github.repository != 'openssh/openssh-portable-selfhosted' strategy: fail-fast: false @@ -16,9 +17,9 @@ jobs: target: - ubuntu-20.04 - ubuntu-22.04 - - macos-11 - macos-12 - macos-13 + - macos-14 - windows-2019 - windows-2022 config: [default] @@ -62,8 +63,8 @@ jobs: - { target: ubuntu-latest, config: libressl-3.5.3 } - { target: ubuntu-latest, config: libressl-3.6.1 } - { target: ubuntu-latest, config: libressl-3.7.2 } - - { target: ubuntu-latest, config: libressl-3.8.3 } - - { target: ubuntu-latest, config: libressl-3.9.0 } + - { target: ubuntu-latest, config: libressl-3.8.4 } + - { target: ubuntu-latest, config: libressl-3.9.1 } - { target: ubuntu-latest, config: openssl-master } - { target: ubuntu-latest, config: openssl-noec } - { target: ubuntu-latest, config: openssl-1.1.1 } @@ -74,9 +75,12 @@ jobs: - { target: ubuntu-latest, config: openssl-3.1.0 } - { target: ubuntu-latest, config: openssl-3.1.5 } - { target: ubuntu-latest, config: openssl-3.2.1 } + - { target: ubuntu-latest, config: openssl-3.3.0 } - { target: ubuntu-latest, config: openssl-1.1.1_stable } - { target: ubuntu-latest, config: openssl-3.0 } # stable branch + - { target: ubuntu-latest, config: openssl-3.1 } # stable branch - { target: ubuntu-latest, config: openssl-3.2 } # stable branch + - { target: ubuntu-latest, config: openssl-3.3 } # stable branch - { target: ubuntu-latest, config: putty-0.71 } - { target: ubuntu-latest, config: putty-0.72 } - { target: ubuntu-latest, config: putty-0.73 } @@ -97,9 +101,9 @@ jobs: - { target: ubuntu-22.04, config: selinux } - { target: ubuntu-22.04, config: kitchensink } - { target: ubuntu-22.04, config: without-openssl } - - { target: macos-11, config: pam } - { target: macos-12, config: pam } - { target: macos-13, config: pam } + - { target: macos-14, config: pam } runs-on: ${{ matrix.target }} steps: - name: set cygwin git params diff --git a/crypto/openssh/.github/workflows/cifuzz.yml b/crypto/openssh/.github/workflows/cifuzz.yml index 7ca8c4719b61..ab8b1c6e0971 100644 --- a/crypto/openssh/.github/workflows/cifuzz.yml +++ b/crypto/openssh/.github/workflows/cifuzz.yml @@ -1,9 +1,9 @@ name: CIFuzz on: push: - paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ] + paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/cifuzz.yml' ] pull_request: - paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ] + paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/cifuzz.yml' ] jobs: Fuzzing: diff --git a/crypto/openssh/.github/workflows/selfhosted.yml b/crypto/openssh/.github/workflows/selfhosted.yml index 4f1c587a5779..167297359383 100644 --- a/crypto/openssh/.github/workflows/selfhosted.yml +++ b/crypto/openssh/.github/workflows/selfhosted.yml @@ -2,17 +2,25 @@ name: C/C++ CI self-hosted on: push: - paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ] + paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/selfhosted.yml' ] jobs: selfhosted: + name: "${{ matrix.target }} ${{ matrix.config }}" if: github.repository == 'openssh/openssh-portable-selfhosted' runs-on: ${{ matrix.host }} timeout-minutes: 600 env: + DEBUG_ACTIONS: false HOST: ${{ matrix.host }} TARGET_HOST: ${{ matrix.target }} TARGET_CONFIG: ${{ matrix.config }} + TARGET_DOMAIN: ${{ startsWith(matrix.host, 'libvirt') && format('{0}-{1}-{2}', matrix.target, matrix.config, github.run_id) || matrix.target }} + EPHEMERAL: ${{ startsWith(matrix.host, 'libvirt') }} + PERSISTENT: ${{ startsWith(matrix.host, 'persist') }} + REMOTE: ${{ startsWith(matrix.host, 'remote') }} + VM: ${{ startsWith(matrix.host, 'libvirt') || startsWith(matrix.host, 'persist') }} + SSHFS: ${{ startsWith(matrix.host, 'libvirt') || startsWith(matrix.host, 'persist') || startsWith(matrix.host, 'remote') }} strategy: fail-fast: false # We use a matrix in two parts: firstly all of the VMs are tested with the @@ -74,34 +82,46 @@ jobs: - { target: nbsd8, config: pam, host: libvirt } - { target: nbsd9, config: pam, host: libvirt } - { target: nbsd10, config: pam, host: libvirt } + # ARM64 VMs + - { target: obsd-arm64, config: default, host: libvirt-arm64 } # VMs with persistent disks that have their own runner. - - { target: win10, config: default, host: win10 } - - { target: win10, config: cygwin-release, host: win10 } - # Physical hosts, with either native runners or remote via ssh. + - { target: win10, config: default, host: persist-win10 } + - { target: win10, config: cygwin-release, host: persist-win10 } + # Physical hosts with native runners. - { target: ARM, config: default, host: ARM } - { target: ARM64, config: default, host: ARM64 } - { target: ARM64, config: pam, host: ARM64 } - - { target: debian-riscv64, config: default, host: debian-riscv64 } - - { target: obsd-arm64, config: default, host: obsd-arm64 } - - { target: openwrt-mips, config: default, host: openwrt-mips } - - { target: openwrt-mipsel, config: default, host: openwrt-mipsel } + # Physical hosts with remote runners. + - { target: debian-riscv64, config: default, host: remote-debian-riscv64 } + + - { target: openwrt-mips, config: default, host: remote-openwrt-mips } + - { target: openwrt-mipsel, config: default, host: remote-openwrt-mipsel } steps: + - name: unmount stale workspace + if: env.SSHFS == 'true' + run: fusermount -u ${GITHUB_WORKSPACE} || true + working-directory: ${{ runner.temp }} - name: shutdown VM if running + if: env.VM == 'true' run: vmshutdown - working-directory: ${{ runner.temp }} - uses: actions/checkout@main - name: autoreconf run: autoreconf - name: startup VM + if: env.VM == 'true' run: vmstartup working-directory: ${{ runner.temp }} + - name: copy and mount workspace + if: env.SSHFS == 'true' + run: sshfs_mount + working-directory: ${{ runner.temp }} - name: configure run: vmrun ./.github/configure.sh ${{ matrix.config }} - - name: save config - uses: actions/upload-artifact@main - with: - name: ${{ matrix.target }}-${{ matrix.config }}-config - path: config.h +# - name: save config +# uses: actions/upload-artifact@main +# with: +# name: ${{ matrix.target }}-${{ matrix.config }}-config +# path: config.h - name: make clean run: vmrun make clean - name: make @@ -120,7 +140,10 @@ jobs: regress/*.log regress/log/* regress/valgrind-out/ + - name: unmount workspace + if: always() && env.SSHFS == 'true' + run: fusermount -u ${GITHUB_WORKSPACE} || true + working-directory: ${{ runner.temp }} - name: shutdown VM - if: always() + if: always() && env.VM == 'true' run: vmshutdown - working-directory: ${{ runner.temp }} diff --git a/crypto/openssh/.github/workflows/upstream.yml b/crypto/openssh/.github/workflows/upstream.yml index b280793d31f3..e25adb423917 100644 --- a/crypto/openssh/.github/workflows/upstream.yml +++ b/crypto/openssh/.github/workflows/upstream.yml @@ -3,22 +3,29 @@ name: Upstream self-hosted on: push: branches: [ master ] - paths: [ '**.c', '**.h', '.github/**' ] + paths: [ '**.c', '**.h', '**.sh', '.github/configs', '.github/workflows/upstream.yml' ] jobs: selfhosted: + name: "upstream ${{ matrix.target }} ${{ matrix.config }}" if: github.repository == 'openssh/openssh-portable-selfhosted' runs-on: 'libvirt' env: + DEBUG_ACTIONS: true + EPHEMERAL: true HOST: 'libvirt' TARGET_HOST: ${{ matrix.target }} TARGET_CONFIG: ${{ matrix.config }} + TARGET_DOMAIN: ${{ format('{0}-{1}-{2}', matrix.target, matrix.config, github.run_id) || matrix.target }} strategy: fail-fast: false matrix: target: [ obsdsnap, obsdsnap-i386 ] config: [ default, without-openssl, ubsan ] steps: + - name: unmount stale workspace + run: fusermount -u ${GITHUB_WORKSPACE} || true + working-directory: ${{ runner.temp }} - name: shutdown VM if running run: vmshutdown working-directory: ${{ runner.temp }} @@ -26,6 +33,9 @@ jobs: - name: startup VM run: vmstartup working-directory: ${{ runner.temp }} + - name: copy and mount workspace + run: sshfs_mount + working-directory: ${{ runner.temp }} - name: update source run: vmrun "cd /usr/src && cvs up -dPA usr.bin/ssh regress/usr.bin/ssh" - name: make clean @@ -33,7 +43,7 @@ jobs: - name: make run: vmrun "cd /usr/src/usr.bin/ssh && case ${{ matrix.config }} in without-openssl) make OPENSSL=no;; ubsan) make DEBUG='-fsanitize-minimal-runtime -fsanitize=undefined';; *) make; esac" - name: make install - run: vmrun "cd /usr/src/usr.bin/ssh && sudo make install" + run: vmrun "cd /usr/src/usr.bin/ssh && sudo make install && sudo /etc/rc.d/sshd -f restart" - name: make tests` run: vmrun "cd /usr/src/regress/usr.bin/ssh && case ${{ matrix.config }} in without-openssl) make OPENSSL=no;; ubsan) make DEBUG='-fsanitize-minimal-runtime -fsanitize=undefined';; *) make; esac" env: @@ -47,6 +57,10 @@ jobs: path: | /usr/obj/regress/usr.bin/ssh/obj/*.log /usr/obj/regress/usr.bin/ssh/obj/log/* + - name: unmount workspace + if: always() + run: fusermount -u ${GITHUB_WORKSPACE} || true + working-directory: ${{ runner.temp }} - name: shutdown VM if: always() run: vmshutdown diff --git a/crypto/openssh/.gitignore b/crypto/openssh/.gitignore index 7fccc6fe3dc3..41d505c46dde 100644 --- a/crypto/openssh/.gitignore +++ b/crypto/openssh/.gitignore @@ -1,18 +1,14 @@ Makefile buildpkg.sh config.h -config.h.in config.h.in~ config.log config.status -configure -aclocal.m4 openbsd-compat/Makefile openbsd-compat/regress/Makefile openssh.xml opensshd.init survey.sh -**/*.0 **/*.o **/*.lo **/*.so @@ -36,3 +32,4 @@ sshd !regress/misc/fuzz-harness/Makefile !regress/unittests/sshsig/Makefile tags + diff --git a/crypto/openssh/.skipped-commit-ids b/crypto/openssh/.skipped-commit-ids index 06303955c566..ec7831e5ff53 100644 --- a/crypto/openssh/.skipped-commit-ids +++ b/crypto/openssh/.skipped-commit-ids @@ -29,6 +29,14 @@ f9a0726d957cf10692a231996a1f34e7f9cdfeb0 moduli update 1e0a2692b7e20b126dda60bf04999d1d30d959d8 sshd relinking makefile changes e1dc11143f83082e3154d6094f9136d0dc2637ad more relinking makefile tweaks 5a636f6ca7f25bfe775df4952f7aac90a7fcbbee moduli update +ef9341d5a50f0d33e3a6fbe995e92964bc7ef2d3 Makefile relinking changes +2fe8d707ae35ba23c7916adcb818bb5b66837ba0 ssh-agent relink kit +866cfcc1955aef8f3fc32da0b70c353a1b859f2e ssh-agent relink changes +8b3820adb4da4e139c4b3cffbcc0bde9f08bf0c6 sshd-session relink kit +6d2ded4cd91d4d727c2b26e099b91ea935bed504 relink kit +fb39324748824cb0387e9d67c41d1bef945c54ea Makefile change +5f378c38ad8976d507786dc4db9283a879ec8cd0 Makefile change +112aacedd3b61cc5c34b1fa6d9fb759214179172 Makefile change Old upstream tree: diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog index 3bbccf5ea3eb..a1a52651718e 100644 --- a/crypto/openssh/ChangeLog +++ b/crypto/openssh/ChangeLog @@ -1,8300 +1,8666 @@ -commit 86bdd3853f4d32c85e295e6216a2fe0953ad93f0 +commit fa41f6592ff1b6ead4a652ac75af31eabb05b912 Author: Damien Miller -Date: Mon Mar 11 16:20:49 2024 +1100 +Date: Mon Jul 1 14:33:26 2024 +1000 - version number in README + version numbers -commit 282721418e6465bc39ccfd39bb0133e670ee4423 -Author: Damien Miller -Date: Mon Mar 11 16:20:08 2024 +1100 +commit bfebb8a5130a792c5356bd06e1ddef72a0a0449f +Author: djm@openbsd.org +Date: Mon Jul 1 04:31:59 2024 +0000 - crank RPM spec versions + upstream: openssh-9.8 + + OpenBSD-Commit-ID: 5f8b89e38a4c5f7c6d52ffa19f796d49f36fab19 -commit 3876a3bbd2ca84d23ba20f8b69ba83270c04ce3a +commit 146c420d29d055cc75c8606327a1cf8439fe3a08 Author: djm@openbsd.org -Date: Mon Mar 11 04:59:47 2024 +0000 +Date: Mon Jul 1 04:31:17 2024 +0000 - upstream: openssh-9.7 + upstream: when sending ObscureKeystrokeTiming chaff packets, we - OpenBSD-Commit-ID: 618ececf58b8cdae016b149787af06240f7b0cbc + can't rely on channel_did_enqueue to tell that there is data to send. This + flag indicates that the channels code enqueued a packet on _this_ ppoll() + iteration, not that data was enqueued in _any_ ppoll() iteration in the + timeslice. ok markus@ + + OpenBSD-Commit-ID: 009b74fd2769b36b5284a0188ade182f00564136 -commit 8fc109cc614954a8eb2738c48c0db36a62af9a06 -Author: Darren Tucker -Date: Mon Mar 11 12:59:26 2024 +1100 +commit 637e4dfea4ed81264e264b6200172ce319c64ead +Author: djm@openbsd.org +Date: Mon Jul 1 03:10:19 2024 +0000 - Test against current OpenSSL and LibreSSL releases. + upstream: use "lcd" to change directory before "lls" rather then "cd", - Add LibreSSL 3.9.0, bump older branches to their respective current - releases. + since the directory we're trying to list is local. Spotted by Corinna + Vinschen + + OpenBSD-Regress-ID: 821feca4a4bebe491944e624c8f7f2990b891415 -commit 26b09b45fec7b88ba09042c09be4157e58e231e2 -Author: Damien Miller -Date: Sun Mar 10 16:24:57 2024 +1100 +commit c8cfe258cee0b8466ea84597bf15e1fcff3bc328 +Author: djm@openbsd.org +Date: Thu Jun 27 23:01:15 2024 +0000 - quote regexes used to test for algorithm support + upstream: delete obsolete comment - Fixes test failures on Solaris 8 reported by Tom G. Christensen + OpenBSD-Commit-ID: 5fb04f298ed155053f3fbfdf0c6fe7cdf84bbfa2 -commit a6a740a4948d10a622b505135bb485c10f21db5e +commit 94b9d37100f6fa536aaa1d1a0e4926fe44fbf04d Author: djm@openbsd.org -Date: Sat Mar 9 05:12:13 2024 +0000 +Date: Thu Jun 27 22:36:44 2024 +0000 - upstream: avoid logging in signal handler by converting mainloop to + upstream: retire unused API - ppoll() bz3670, reported by Ben Hamilton; ok dtucker@ + OpenBSD-Commit-ID: 3e30d7b0615e2707f6bbe70f61b1c2f72f78161b + +commit 268c3a7f5783e731ed60f4e28da66ee3743581d3 +Author: jmc@openbsd.org +Date: Thu Jun 27 21:02:16 2024 +0000 + + upstream: ssl(8) no longer contains a HISTORY section; - OpenBSD-Commit-ID: e58f18042b86425405ca09e6e9d7dfa1df9f5f7f + OpenBSD-Commit-ID: 83b7ff34433d79595e9c2a5d2a561a6660251245 -commit cd82f7526e0481720567ae41db7849ab1c27e27b +commit 12b6cc09ce6c430681f03af2a8069e37a664690b Author: djm@openbsd.org -Date: Fri Mar 8 22:16:32 2024 +0000 +Date: Wed Jun 26 23:47:46 2024 +0000 - upstream: skip more whitespace, fixes find-principals on + upstream: move child process waitpid() loop out of SIGCHLD handler; - allowed_signers files with blank lines; reported by Wiktor Kwapisiewicz + ok deraadt - OpenBSD-Commit-ID: b3a22a2afd753d70766f34bc7f309c03706b5298 + OpenBSD-Commit-ID: 65815a39564e431414aed7c5ace8076f4e9ca741 -commit 2f9d2af5cb19905d87f37d1e11c9f035ac5daf3b -Author: dtucker@openbsd.org -Date: Fri Mar 8 11:34:10 2024 +0000 +commit d6bcd13297c2ab8b528df5a6898f994734849031 +Author: deraadt@openbsd.org +Date: Wed Jun 26 23:16:52 2024 +0000 - upstream: Invoke ProxyCommand that uses stderr redirection via + upstream: Instead of using possibly complex ssh_signal(), write all - $TEST_SHELL. Fixes test when run by a user whose login shell is tcsh. - Found by vinschen at redhat.com. + the parts of the grace_alarm_handler() using the exact things allowed by the + signal-safe rules. This is a good rule of thumb: Handlers should be written + to either set a global volatile sig_atomic_t inspected from outside, and/or + directly perform only safe operations listed in our sigaction(2) manual page. + ok djm markus - OpenBSD-Regress-ID: f68d79e7f00caa8d216ebe00ee5f0adbb944062a + OpenBSD-Commit-ID: 14168ae8368aab76e4ed79e17a667cb46f404ecd -commit 9b3f0beb4007a7e01dfedabb429097fb593deae6 -Author: Darren Tucker -Date: Thu Mar 7 17:18:14 2024 +1100 +commit b8793e2b0851f7d71b97554fa5260b23796d6277 +Author: deraadt@openbsd.org +Date: Wed Jun 26 23:14:14 2024 +0000 - Prefer openssl binary from --with-ssl-dir directory. + upstream: save_errno wrappers inside two small signal handlers that - Use openssl in the directory specified by --with-ssl-dir as long - as it's functional. Reported by The Doctor. + perform system calls, for systems with libc that do perform libc sigtramps. + ok djm markus + + OpenBSD-Commit-ID: 7749b56419a7c9dcfe4c6c04811e429813346c62 -commit c47e1c9c7911f38b2fc2fb01b1f6ae3a3121a838 -Author: djm@openbsd.org -Date: Wed Mar 6 02:59:59 2024 +0000 +commit f23e9332c4c8df37465c4a4f38275ea98980ed7e +Author: jmc@openbsd.org +Date: Mon Jun 24 06:59:39 2024 +0000 - upstream: fix memory leak in mux proxy mode when requesting forwarding. + upstream: - uppercase start of sentence - correct sentence grammar - found by RASU JSC, reported by Maks Mishin in GHPR#467 + ok djm - OpenBSD-Commit-ID: 97d96a166b1ad4b8d229864a553e3e56d3116860 + OpenBSD-Commit-ID: 1ec4b0fdb633a43667f2c8fff1d600bd647dde25 -commit 242742827fea4508e68097c128e802edc79addb5 +commit 1839e3eb71a759aa795602c1e4196300f4ac2615 Author: djm@openbsd.org -Date: Wed Mar 6 00:31:04 2024 +0000 +Date: Mon Jun 24 04:05:11 2024 +0000 - upstream: wrap a few PKCS#11-specific bits in ENABLE_PKCS11 + upstream: mention SshdSessionPath option - OpenBSD-Commit-ID: 463e4a69eef3426a43a2b922c4e7b2011885d923 + OpenBSD-Commit-ID: c29734d36c21003973b15c1c9965c35f36cef30c -commit d52b6509210e2043f33e5a1de58dd4a0d5d48c2a -Author: Damien Miller -Date: Wed Mar 6 11:31:36 2024 +1100 +commit 603193e32aef5db7d60c58066d5de89806e79312 +Author: Darren Tucker +Date: Thu Jun 20 18:45:14 2024 +1000 - disable RSA tests when algorithm is not supported + Rerun upstream tests on .sh file changes too. + +commit dbbf9337c19381786a8e5a8a49152fe6b80c780d +Author: dtucker@openbsd.org +Date: Thu Jun 20 08:23:18 2024 +0000 + + upstream: Work around dbclient cipher/mac query bug. - Unbreaks "make test" when compiled --without-openssl. + Unlike earlier versions, recent Dropbear (at least v2024.85) requires + a host arg when querying supported ciphers and macs via "-c/-m + help". Earlier versions accept but do not require it, so always + provide it. If these queries fail, skip the test with a warning. - Similar treatment to how we do DSA and ECDSA. + OpenBSD-Regress-ID: 98eb863a3f0363416922efb273885e6b3c7f68d4 -commit 668d270a6c77e8b5a1da26ecad2e6de9f62c8fe4 -Author: Damien Miller -Date: Wed Mar 6 10:33:20 2024 +1100 +commit 8de2c8cebc46bbdb94b7a2c120fcadfb66a3cccc +Author: dtucker@openbsd.org +Date: Thu Jun 20 08:18:34 2024 +0000 - add a --without-retpoline configure option + upstream: Remove dropbear key types not supported - discussed with deraadt and dtucker a while ago + by current OpenSSH. Allows subsequent test runs to work if OpenSSH is + rebuilt w/out OpenSSL. + + OpenBSD-Regress-ID: e0129eb2b1d31771105903a8055216fbba20a770 -commit 3deb501f86fc47e175ef6a3eaba9b9846a80d444 +commit e9b6471c59b21e5d9ef1b3832d4bf727338add85 Author: djm@openbsd.org -Date: Mon Mar 4 04:13:18 2024 +0000 +Date: Thu Jun 20 00:18:05 2024 +0000 - upstream: fix leak of CanonicalizePermittedCNAMEs on error path; - - spotted by Coverity (CID 438039) + upstream: stricter check for overfull tables in penalty record path - OpenBSD-Commit-ID: 208839699939721f452a4418afc028a9f9d3d8af + OpenBSD-Commit-ID: 7df01e648a0723418c554e64a9f2b6d38db060a6 -commit 65a44a8a4f7d902a64d4e60eda84384b2e2a24a2 +commit d9336d344eb2a1e898c5e66147b3f108c7214694 Author: djm@openbsd.org -Date: Mon Mar 4 02:16:11 2024 +0000 +Date: Wed Jun 19 23:24:47 2024 +0000 - upstream: Separate parsing of string array options from applying them - - to the active configuration. This fixes the config parser from erroneously - rejecting cases like: + upstream: put back reaping of preauth child process when writes - AuthenticationMethods password - Match User ivy - AuthenticationMethods any + from the monitor fail. Not sure how this got lost in the avalanche of + patches. - bz3657 ok markus@ + OpenBSD-Commit-ID: eb7eb36371e1ac01050b32b70fb2b3e5d98e72f5 + +commit 579d9adb70ec0206a788eb5c63804c31a67e9310 +Author: naddy@openbsd.org +Date: Mon Jun 17 13:50:18 2024 +0000 + + upstream: remove one more mention of DSA - OpenBSD-Commit-ID: 7f196cba634c2a3dba115f3fac3c4635a2199491 + OpenBSD-Commit-ID: 8515f55a15f02836ba657df341415f63c60526ca -commit 6886e1b1f55c90942e4e6deed930f8ac32e0f938 +commit 7089b5f8436ef0b8d3d3ad9ce01045fb9e7aab15 Author: Darren Tucker -Date: Thu Feb 22 17:59:35 2024 +1100 +Date: Wed Jun 19 23:09:05 2024 +1000 - Add nbsd10 test target. + Move -f to the place needed to restart sshd. -commit d86bf8a3f6ea4fa7887406c2aa9959db71fa41be -Author: Damien Miller -Date: Thu Feb 22 12:06:10 2024 +1100 +commit d5f83cfd852b14a25f347f082ab539a9454702ad +Author: Darren Tucker +Date: Wed Jun 19 21:04:01 2024 +1000 - more descriptive configure test name + Need to supply "-f" to restart sshd. -commit 9ee335aacc9f5bdc4cc2c19fafb45e27be7d234e -Author: djm@openbsd.org -Date: Wed Feb 21 06:17:29 2024 +0000 +commit fad34b4ca25c0ef31e5aa841d461b6f21da5b8c1 +Author: dtucker@openbsd.org +Date: Wed Jun 19 10:15:51 2024 +0000 - upstream: explain arguments of internal-sftp GHPR#454 from Niklas + upstream: Provide defaults for ciphers and macs - Hambüchen - MIME-Version: 1.0 - Content-Type: text/plain; charset=UTF-8 - Content-Transfer-Encoding: 8bit + if querying for them fails since on some versions of Dropbear (at least + v2024.85) "-m help" doesn't seem to work. Enable all supported pubkey + algorithms in the server. - OpenBSD-Commit-ID: 0335d641ae6b5b6201b9ffd5dd06345ebbd0a3f3 + OpenBSD-Regress-ID: 4f95556a49ee9f621789f25217c367a33d2745ca -commit d1164cb1001dd208fee88aaa9b43d5e6fd917274 -Author: djm@openbsd.org -Date: Wed Feb 21 06:06:43 2024 +0000 +commit 5521060e35ada9f957cecdddc06d0524e75409ef +Author: dtucker@openbsd.org +Date: Wed Jun 19 10:10:46 2024 +0000 - upstream: clarify permissions requirements for ChrootDirectory Part *** 25857 LINES SKIPPED *** From nobody Thu Feb 20 17:51:23 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzLRJ14WTz5pCPb; Thu, 20 Feb 2025 17:51:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzLRJ0LKgz44n1; Thu, 20 Feb 2025 17:51:24 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740073884; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=d98FLhDLgJXAbCc9cu/j1Sl7kaL9aKpPCB2RNrsBCqQ=; b=cENWRvhcps0rMRz2W/iS06+QuNPgNtc3MkGmW/m5pNFBlnaw5ur+yxAdptVPR9Xnbn5Nav dqPocwtP4qU9UIBBD15p5uwPKTV+gJ7+XnooKp592AYH5pQuDpC+pL9E+i1jmlWKhwqilj ZYgZbpOYy1b/gWs1opcJy1ZLldF65S2iV+CsytSDVzGaUZKxUtp6OCW0dEFZQNG3Etk1ks 5vp5ylSGNxdZ6OPynxYJd5p5JkIFHcvJiwqzYQaVTsdJhgMau8PDkFCc3LevMdpdbQeOp3 O71+SJNqx9txnWr8dfF9IX8O/BHrF4d05t7CxRR5z+V7lL+9f4Kq5m/TLt29Tw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740073884; a=rsa-sha256; cv=none; b=utHkctF5zPXYU2M/IQAkBX0i6jdBrlKUbTpyq2VDYEN8JuYG0PLXNzIRdDG/PJ8Yo1Ew1L VrTqt02aLM2yFbFs0k79Bd5sub3HU+yVzhZt3xQgn87raQABSCTJy/v97pzbxhJcbf3yR5 QhsmZ7eP+WbvjOf4xG5h1oEyH0Vj0SzCPiFIYubcbIoLkjO+KAN9hL0iOwh1jLbH+iqdou Sr5Kap55uJkTzJaCI2Fge/16joMKumq/j6sK17MbmFqAsRbcvLwm0ZxHPbXESzq1BsqaCx Dw6J6GfdTzbx8rwNuafg96Xdu7TeHx15mOCV/DBC6wvCtmj0+Gb0ntx62cIDkg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740073884; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=d98FLhDLgJXAbCc9cu/j1Sl7kaL9aKpPCB2RNrsBCqQ=; b=iqpVteHuROd8Iu+nP6DoCyqWMchJpJYHdhRmJYyDl6Nolban0xXd5bNVqS6RXIcpvd2Y50 IpOgUgqMNdonAjSfXII8YKz0xEsNF+87R0v09uuPbJY1rC3MvvCjMC8u8XzGEyocl0AjeS AHWRRqk2hNFb1wdttSNF/18KIPRPiIuspRj9Rntm5yP2Y5rFu192pIQlV8jsySRHrWHK/n VlmrqsWYnoJuL91PV0qG4+B+hUM6UmM9nFYmDa6dY380AN19oiGXvSbfLQxBRLigBD5GRg imZgJmtvB53NiyoESh/RFqrhbWcJhZhhAuGjlz4/ACTMCT7Wpw426jbSeBCdpg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzLRH732Sz11jj; Thu, 20 Feb 2025 17:51:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51KHpNV5062101; Thu, 20 Feb 2025 17:51:23 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51KHpN2j062095; Thu, 20 Feb 2025 17:51:23 GMT (envelope-from git) Date: Thu, 20 Feb 2025 17:51:23 GMT Message-Id: <202502201751.51KHpN2j062095@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 802386cd37f6 - stable/14 - openssh: Update to 9.9p1 List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 802386cd37f638eec9606cb10d3dd03c8f1d6c17 Auto-Submitted: auto-generated The branch stable/14 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=802386cd37f638eec9606cb10d3dd03c8f1d6c17 commit 802386cd37f638eec9606cb10d3dd03c8f1d6c17 Author: Ed Maste AuthorDate: 2025-02-19 19:08:59 +0000 Commit: Ed Maste CommitDate: 2025-02-20 17:50:31 +0000 openssh: Update to 9.9p1 Highlights from the release notes are reproduced below. Bug fixes and improvements that were previously merged into FreeBSD have been elided. See the upstream release notes for full details of the 9.9p1 release (https://www.openssh.com/releasenotes.html). --- Future deprecation notice ========================= OpenSSH plans to remove support for the DSA signature algorithm in early 2025. Potentially-incompatible changes -------------------------------- * ssh(1): remove support for pre-authentication compression. * ssh(1), sshd(8): processing of the arguments to the "Match" configuration directive now follows more shell-like rules for quoted strings, including allowing nested quotes and \-escaped characters. New features ------------ * ssh(1), sshd(8): add support for a new hybrid post-quantum key exchange based on the FIPS 203 Module-Lattice Key Enapsulation mechanism (ML-KEM) combined with X25519 ECDH as described by https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03 This algorithm "mlkem768x25519-sha256" is available by default. * ssh(1), sshd(8), ssh-agent(1): prevent private keys from being included in core dump files for most of their lifespans. This is in addition to pre-existing controls in ssh-agent(1) and sshd(8) that prevented coredumps. This feature is supported on OpenBSD, Linux and FreeBSD. * All: convert key handling to use the libcrypto EVP_PKEY API, with the exception of DSA. Bugfixes -------- * sshd(8): do not apply authorized_keys options when signature verification fails. Prevents more restrictive key options being incorrectly applied to subsequent keys in authorized_keys. bz3733 * ssh-keygen(1): include pathname in some of ssh-keygen's passphrase prompts. Helps the user know what's going on when ssh-keygen is invoked via other tools. Requested in GHPR503 * ssh(1), ssh-add(1): make parsing user@host consistently look for the last '@' in the string rather than the first. This makes it possible to more consistently use usernames that contain '@' characters. * ssh(1), sshd(8): be more strict in parsing key type names. Only allow short names (e.g "rsa") in user-interface code and require full SSH protocol names (e.g. "ssh-rsa") everywhere else. bz3725 * ssh-keygen(1): clarify that ed25519 is the default key type generated and clarify that rsa-sha2-512 is the default signature scheme when RSA is in use. GHPR505 --- Reviewed by: jlduran (build infrastructure) Reviewed by: cy (build infrastructure) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D48947 (cherry picked from commit 3d9fd9fcb432750f3716b28f6ccb0104cd9d351a) Approved by: re (accelerated MFC) --- crypto/openssh/.depend | 3 +- crypto/openssh/.github/ci-status.md | 4 + crypto/openssh/.github/configs | 8 +- crypto/openssh/.github/setup_ci.sh | 2 +- crypto/openssh/.github/workflows/c-cpp.yml | 1 - crypto/openssh/.github/workflows/selfhosted.yml | 3 + crypto/openssh/ChangeLog | 11538 ++++++++--------- crypto/openssh/LICENCE | 41 + crypto/openssh/Makefile.in | 2 +- crypto/openssh/README | 2 +- crypto/openssh/auth.c | 5 +- crypto/openssh/channels.c | 8 +- crypto/openssh/channels.h | 4 +- crypto/openssh/cipher.c | 8 +- crypto/openssh/config.h | 6 + crypto/openssh/configure.ac | 11 +- crypto/openssh/contrib/redhat/openssh.spec | 6 +- crypto/openssh/contrib/ssh-copy-id | 62 +- crypto/openssh/contrib/ssh-copy-id.1 | 21 +- crypto/openssh/contrib/suse/openssh.spec | 2 +- crypto/openssh/crypto_api.h | 7 +- crypto/openssh/defines.h | 4 +- crypto/openssh/kex-names.c | 8 +- crypto/openssh/kex.c | 4 +- crypto/openssh/kex.h | 16 +- crypto/openssh/kexc25519.c | 4 +- crypto/openssh/kexgen.c | 15 +- crypto/openssh/kexmlkem768x25519.c | 280 + crypto/openssh/kexsntrup761x25519.c | 6 +- crypto/openssh/libcrux_mlkem768_sha3.h | 12332 +++++++++++++++++++ crypto/openssh/loginrec.c | 89 +- crypto/openssh/match.c | 8 +- crypto/openssh/mlkem768.sh | 148 + crypto/openssh/moduli | 879 +- crypto/openssh/monitor.c | 15 +- crypto/openssh/mux.c | 28 +- crypto/openssh/myproposal.h | 4 +- crypto/openssh/nchan.c | 6 +- crypto/openssh/openbsd-compat/arc4random.h | 2 + crypto/openssh/openbsd-compat/openssl-compat.c | 26 + crypto/openssh/openbsd-compat/openssl-compat.h | 10 + crypto/openssh/openbsd-compat/port-linux.c | 2 +- crypto/openssh/packet.c | 24 +- crypto/openssh/packet.h | 6 +- crypto/openssh/readconf.c | 164 +- crypto/openssh/regress/cfginclude.sh | 26 +- crypto/openssh/regress/misc/fuzz-harness/Makefile | 44 +- .../regress/misc/fuzz-harness/mkcorpus_sntrup761.c | 82 + .../misc/fuzz-harness/sntrup761_dec_fuzz.cc | 74 + .../misc/fuzz-harness/sntrup761_enc_fuzz.cc | 57 + .../regress/misc/fuzz-harness/watch-sntrup761.sh | 20 + crypto/openssh/regress/multiplex.sh | 29 +- crypto/openssh/regress/rekey.sh | 118 +- crypto/openssh/regress/unittests/kex/Makefile | 3 +- crypto/openssh/regress/unittests/kex/test_kex.c | 6 +- crypto/openssh/regress/unittests/sshkey/common.c | 18 +- .../openssh/regress/unittests/sshkey/test_file.c | 11 +- .../openssh/regress/unittests/sshkey/test_sshkey.c | 26 +- .../openssh/regress/unittests/test_helper/fuzz.c | 2 +- crypto/openssh/servconf.c | 79 +- crypto/openssh/servconf.h | 6 +- crypto/openssh/sntrup761.c | 2886 +++-- crypto/openssh/sntrup761.sh | 62 +- crypto/openssh/srclimit.c | 4 + crypto/openssh/srclimit.h | 12 +- crypto/openssh/ssh-add.c | 4 +- crypto/openssh/ssh-ecdsa-sk.c | 49 +- crypto/openssh/ssh-ecdsa.c | 258 +- crypto/openssh/ssh-keygen.1 | 8 +- crypto/openssh/ssh-keygen.c | 93 +- crypto/openssh/ssh-keyscan.c | 5 +- crypto/openssh/ssh-pkcs11-client.c | 83 +- crypto/openssh/ssh-pkcs11-helper.c | 89 +- crypto/openssh/ssh-pkcs11.c | 42 +- crypto/openssh/ssh-rsa.c | 385 +- crypto/openssh/ssh-sk.c | 29 +- crypto/openssh/ssh.1 | 6 +- crypto/openssh/ssh_api.c | 4 +- crypto/openssh/ssh_config.5 | 22 +- crypto/openssh/ssh_namespace.h | 31 +- crypto/openssh/sshbuf-getput-crypto.c | 12 +- crypto/openssh/sshbuf.c | 18 +- crypto/openssh/sshbuf.h | 4 +- crypto/openssh/sshconnect2.c | 3 +- crypto/openssh/sshd-session.c | 31 +- crypto/openssh/sshd.8 | 8 +- crypto/openssh/sshd.c | 14 +- crypto/openssh/sshd_config.5 | 45 +- crypto/openssh/sshkey.c | 290 +- crypto/openssh/sshkey.h | 27 +- crypto/openssh/version.h | 4 +- secure/lib/libssh/Makefile | 2 +- 92 files changed, 22746 insertions(+), 8209 deletions(-) diff --git a/crypto/openssh/.depend b/crypto/openssh/.depend index 1d7d0606c657..45fc6b9afea1 100644 --- a/crypto/openssh/.depend +++ b/crypto/openssh/.depend @@ -71,6 +71,7 @@ kexgen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat kexgex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h kexgexc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h kexgexs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +kexmlkem768x25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ssherr.h log.h kexsntrup761x25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h krl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h sshbuf.h ssherr.h sshkey.h authfile.h misc.h log.h digest.h bitmap.h utf8.h krl.h log.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h match.h @@ -80,7 +81,7 @@ mac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h match.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h misc.h misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h log.h ssherr.h ssh.h sshbuf.h moduli.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h -monitor.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h dh.h packet.h dispatch.h auth-options.h sshpty.h channels.h session.h sshlogin.h canohost.h log.h ssherr.h misc.h servconf.h monitor.h monitor_wrap.h monitor_fdpass.h compat.h ssh2.h authfd.h match.h sk-api.h +monitor.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h dh.h packet.h dispatch.h auth-options.h sshpty.h channels.h session.h sshlogin.h canohost.h log.h ssherr.h misc.h servconf.h monitor.h monitor_wrap.h monitor_fdpass.h compat.h ssh2.h authfd.h match.h sk-api.h srclimit.h monitor.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h openbsd-compat/openssl-compat.h atomicio.h xmalloc.h ssh.h sshkey.h sshbuf.h hostfile.h auth.h auth-pam.h audit.h loginrec.h cipher.h cipher-chachapoly.h monitor_fdpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h monitor_fdpass.h monitor_wrap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h diff --git a/crypto/openssh/.github/ci-status.md b/crypto/openssh/.github/ci-status.md index fbf7c5fd6117..4fa73894ce76 100644 --- a/crypto/openssh/.github/ci-status.md +++ b/crypto/openssh/.github/ci-status.md @@ -6,6 +6,10 @@ master : [![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh) [![Coverity Status](https://scan.coverity.com/projects/21341/badge.svg)](https://scan.coverity.com/projects/openssh-portable) +9.8 : +[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_8)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_8) +[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_8)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_8) + 9.7 : [![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_7)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_7) [![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_7)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_7) diff --git a/crypto/openssh/.github/configs b/crypto/openssh/.github/configs index 6134cb6ed5e9..4f47f820b506 100755 --- a/crypto/openssh/.github/configs +++ b/crypto/openssh/.github/configs @@ -187,7 +187,7 @@ case "$config" in LIBCRYPTOFLAGS="--without-openssl" TEST_TARGET=t-exec ;; - valgrind-[1-5]|valgrind-unit) + valgrind-[1-4]|valgrind-unit) # rlimit sandbox and FORTIFY_SOURCE confuse Valgrind. CONFIGFLAGS="--without-sandbox --without-hardening" CONFIGFLAGS="$CONFIGFLAGS --with-cppflags=-D_FORTIFY_SOURCE=0" @@ -197,10 +197,9 @@ case "$config" in # Valgrind slows things down enough that the agent timeout test # won't reliably pass, and the unit tests run longer than allowed # by github so split into separate tests. - tests2="integrity try-ciphers" + tests2="integrity try-ciphers rekey" tests3="krl forward-control sshsig agent-restrict kextype sftp" tests4="cert-userkey cert-hostkey kextype sftp-perm keygen-comment percent" - tests5="rekey" case "$config" in valgrind-1) # All tests except agent-timeout (which is flaky under valgrind), @@ -220,9 +219,6 @@ case "$config" in valgrind-4) LTESTS="${tests4}" ;; - valgrind-5) - LTESTS="${tests5}" - ;; valgrind-unit) TEST_TARGET="unit USE_VALGRIND=1" ;; diff --git a/crypto/openssh/.github/setup_ci.sh b/crypto/openssh/.github/setup_ci.sh index f0f2761c7107..7e1becaac2df 100755 --- a/crypto/openssh/.github/setup_ci.sh +++ b/crypto/openssh/.github/setup_ci.sh @@ -14,7 +14,7 @@ case "$host" in echo Removing extended ACLs so umask works as expected. setfacl -b . regress PACKAGES="$PACKAGES,autoconf,automake,cygwin-devel,gcc-core" - PACKAGES="$PACKAGES,make,openssl-devel,zlib-devel" + PACKAGES="$PACKAGES,make,openssl,libssl-devel,zlib-devel" ;; *-darwin*) PACKAGER=brew diff --git a/crypto/openssh/.github/workflows/c-cpp.yml b/crypto/openssh/.github/workflows/c-cpp.yml index 609028703f80..c179f73d16e0 100644 --- a/crypto/openssh/.github/workflows/c-cpp.yml +++ b/crypto/openssh/.github/workflows/c-cpp.yml @@ -32,7 +32,6 @@ jobs: - { target: ubuntu-20.04, config: valgrind-2 } - { target: ubuntu-20.04, config: valgrind-3 } - { target: ubuntu-20.04, config: valgrind-4 } - - { target: ubuntu-20.04, config: valgrind-5 } - { target: ubuntu-20.04, config: valgrind-unit } - { target: ubuntu-20.04, config: c89 } - { target: ubuntu-20.04, config: clang-6.0 } diff --git a/crypto/openssh/.github/workflows/selfhosted.yml b/crypto/openssh/.github/workflows/selfhosted.yml index 167297359383..755bb0cacb69 100644 --- a/crypto/openssh/.github/workflows/selfhosted.yml +++ b/crypto/openssh/.github/workflows/selfhosted.yml @@ -52,6 +52,7 @@ jobs: - obsd74 - obsdsnap - obsdsnap-i386 + - omnios - openindiana - ubuntu-2204 config: @@ -75,6 +76,7 @@ jobs: - { target: dfly58, config: pam, host: libvirt } - { target: dfly60, config: pam, host: libvirt } - { target: dfly62, config: pam, host: libvirt } + - { target: dfly64, config: pam, host: libvirt } - { target: fbsd10, config: pam, host: libvirt } - { target: fbsd12, config: pam, host: libvirt } - { target: fbsd13, config: pam, host: libvirt } @@ -82,6 +84,7 @@ jobs: - { target: nbsd8, config: pam, host: libvirt } - { target: nbsd9, config: pam, host: libvirt } - { target: nbsd10, config: pam, host: libvirt } + - { target: omnios, config: pam, host: libvirt } # ARM64 VMs - { target: obsd-arm64, config: default, host: libvirt-arm64 } # VMs with persistent disks that have their own runner. diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog index a1a52651718e..c085866f19f6 100644 --- a/crypto/openssh/ChangeLog +++ b/crypto/openssh/ChangeLog @@ -1,8666 +1,8676 @@ -commit fa41f6592ff1b6ead4a652ac75af31eabb05b912 +commit 46d1fb16b20e971b9ac15e86a3d3e350b49c9ad6 Author: Damien Miller -Date: Mon Jul 1 14:33:26 2024 +1000 +Date: Fri Sep 20 08:20:13 2024 +1000 - version numbers + update version numbers -commit bfebb8a5130a792c5356bd06e1ddef72a0a0449f +commit 0bdca1f218971b38728a0a129f482476baff0968 Author: djm@openbsd.org -Date: Mon Jul 1 04:31:59 2024 +0000 +Date: Thu Sep 19 22:17:44 2024 +0000 - upstream: openssh-9.8 + upstream: openssh-9.9 - OpenBSD-Commit-ID: 5f8b89e38a4c5f7c6d52ffa19f796d49f36fab19 + OpenBSD-Commit-ID: 303417285f1a73b9cb7a2ae78d3f493bbbe31f98 -commit 146c420d29d055cc75c8606327a1cf8439fe3a08 -Author: djm@openbsd.org -Date: Mon Jul 1 04:31:17 2024 +0000 +commit ef2d7f2d3e1b4c9ae71bacf963e76a92ab8be543 +Author: Damien Miller +Date: Wed Sep 18 16:03:23 2024 +1000 - upstream: when sending ObscureKeystrokeTiming chaff packets, we - - can't rely on channel_did_enqueue to tell that there is data to send. This - flag indicates that the channels code enqueued a packet on _this_ ppoll() - iteration, not that data was enqueued in _any_ ppoll() iteration in the - timeslice. ok markus@ + include openbsd-compat/base64.c license in LICENSE + +commit 7ef362b989c8d1f7596f557f22e5924b9c08f0ea +Author: Damien Miller +Date: Wed Sep 18 09:01:23 2024 +1000 + + conditionally include mman.h in arc4random code + +commit 5fb2b5ad0e748732a27fd8cc16a7ca3c21770806 +Author: Damien Miller +Date: Tue Sep 17 11:53:24 2024 +1000 + + fix bug in recently-added sntrup761 fuzzer - OpenBSD-Commit-ID: 009b74fd2769b36b5284a0188ade182f00564136 + key values need to be static to persist across invocations; + spotted by the Qualys Security Advisory team. -commit 637e4dfea4ed81264e264b6200172ce319c64ead +commit 0ca128c9ee894f1b0067abd473bfb33171df67f8 Author: djm@openbsd.org -Date: Mon Jul 1 03:10:19 2024 +0000 +Date: Mon Sep 16 05:37:05 2024 +0000 - upstream: use "lcd" to change directory before "lls" rather then "cd", + upstream: use 64 bit math to avoid signed underflow. upstream code - since the directory we're trying to list is local. Spotted by Corinna - Vinschen + relies on using -fwrapv to provide defined over/underflow behaviour, but we + use -ftrapv to catch integer errors and abort the program. ok dtucker@ - OpenBSD-Regress-ID: 821feca4a4bebe491944e624c8f7f2990b891415 + OpenBSD-Commit-ID: 8933369b33c17b5f02479503d0a92d87bc3a574b -commit c8cfe258cee0b8466ea84597bf15e1fcff3bc328 -Author: djm@openbsd.org -Date: Thu Jun 27 23:01:15 2024 +0000 +commit f82e5e22cad88c81d8a117de74241328c7b101c3 +Author: jmc@openbsd.org +Date: Sun Sep 15 08:27:38 2024 +0000 - upstream: delete obsolete comment + upstream: minor grammar/sort fixes for refuseconnection; ok djm - OpenBSD-Commit-ID: 5fb04f298ed155053f3fbfdf0c6fe7cdf84bbfa2 + OpenBSD-Commit-ID: 1c81f37b138b8b66abba811fec836388a0f3e6da -commit 94b9d37100f6fa536aaa1d1a0e4926fe44fbf04d +commit 0c1165fc78e8fe69b5df71f81a8f944554a68b53 +Author: Damien Miller +Date: Sun Sep 15 13:30:13 2024 +1000 + + avoid gcc warning in fuzz test + +commit ce171d0718104b643854b53443ff72f7283d33f2 Author: djm@openbsd.org -Date: Thu Jun 27 22:36:44 2024 +0000 +Date: Sun Sep 15 03:09:44 2024 +0000 - upstream: retire unused API + upstream: bad whitespace in config dump output - OpenBSD-Commit-ID: 3e30d7b0615e2707f6bbe70f61b1c2f72f78161b + OpenBSD-Commit-ID: d899c13b0e8061d209298eaf58fe53e3643e967c -commit 268c3a7f5783e731ed60f4e28da66ee3743581d3 -Author: jmc@openbsd.org -Date: Thu Jun 27 21:02:16 2024 +0000 +commit 671c440786a5a66216922f15d0007b60f1e6733f +Author: Damien Miller +Date: Sun Sep 15 12:53:59 2024 +1000 - upstream: ssl(8) no longer contains a HISTORY section; + use construct_utmp to construct btmp records - OpenBSD-Commit-ID: 83b7ff34433d79595e9c2a5d2a561a6660251245 + Simpler and removes some code with the old-style BSD license. -commit 12b6cc09ce6c430681f03af2a8069e37a664690b +commit 930cb02b6113df72fbc732b9feb8e4f490952a81 Author: djm@openbsd.org -Date: Wed Jun 26 23:47:46 2024 +0000 +Date: Sun Sep 15 02:20:51 2024 +0000 - upstream: move child process waitpid() loop out of SIGCHLD handler; + upstream: update the Streamlined NTRU Prime code from the "ref" - ok deraadt + implementation in SUPERCOP 20201130 to the "compact" implementation in + SUPERCOP 20240808. The new version is substantially faster. Thanks to Daniel + J Bernstein for pointing out the new implementation (and of course for + writing it). - OpenBSD-Commit-ID: 65815a39564e431414aed7c5ace8076f4e9ca741 + tested in snaps/ok deraadt@ + + OpenBSD-Commit-ID: bf1a77924c125ecdbf03e2f3df8ad13bd3dafdcb -commit d6bcd13297c2ab8b528df5a6898f994734849031 -Author: deraadt@openbsd.org -Date: Wed Jun 26 23:16:52 2024 +0000 +commit 9306d6017e0ce5dea6824c29ca5ba5673c2923ad +Author: djm@openbsd.org +Date: Sun Sep 15 01:19:56 2024 +0000 - upstream: Instead of using possibly complex ssh_signal(), write all - - the parts of the grace_alarm_handler() using the exact things allowed by the - signal-safe rules. This is a good rule of thumb: Handlers should be written - to either set a global volatile sig_atomic_t inspected from outside, and/or - directly perform only safe operations listed in our sigaction(2) manual page. - ok djm markus + upstream: document Match invalid-user - OpenBSD-Commit-ID: 14168ae8368aab76e4ed79e17a667cb46f404ecd + OpenBSD-Commit-ID: 2c84a9b517283e9711e2812c1f268081dcb02081 -commit b8793e2b0851f7d71b97554fa5260b23796d6277 -Author: deraadt@openbsd.org -Date: Wed Jun 26 23:14:14 2024 +0000 +commit 0118a4da21147a88a56dc8b90bbc2849fefd5c1e +Author: djm@openbsd.org +Date: Sun Sep 15 01:18:26 2024 +0000 - upstream: save_errno wrappers inside two small signal handlers that + upstream: add a "Match invalid-user" predicate to sshd_config Match - perform system calls, for systems with libc that do perform libc sigtramps. - ok djm markus + options. - OpenBSD-Commit-ID: 7749b56419a7c9dcfe4c6c04811e429813346c62 + This allows writing Match conditions that trigger for invalid username. + E.g. + + PerSourcePenalties refuseconnection:90s + Match invalid-user + RefuseConnection yes + + Will effectively penalise bots try to guess passwords for bogus accounts, + at the cost of implicitly revealing which accounts are invalid. + + feedback markus@ + + OpenBSD-Commit-ID: 93d3a46ca04bbd9d84a94d1e1d9d3a21073fbb07 -commit f23e9332c4c8df37465c4a4f38275ea98980ed7e -Author: jmc@openbsd.org -Date: Mon Jun 24 06:59:39 2024 +0000 +commit 7875975136f275619427604900cb0ffd7020e845 +Author: djm@openbsd.org +Date: Sun Sep 15 01:11:26 2024 +0000 - upstream: - uppercase start of sentence - correct sentence grammar + upstream: Add a "refuseconnection" penalty class to sshd_config - ok djm + PerSourcePenalties - OpenBSD-Commit-ID: 1ec4b0fdb633a43667f2c8fff1d600bd647dde25 + This allows penalising connection sources that have had connections + dropped by the RefuseConnection option. ok markus@ + + OpenBSD-Commit-ID: 3c8443c427470bb3eac1880aa075cb4864463cb6 -commit 1839e3eb71a759aa795602c1e4196300f4ac2615 +commit 8d21713b669b8516ca6d43424a356fccc37212bb Author: djm@openbsd.org -Date: Mon Jun 24 04:05:11 2024 +0000 +Date: Sun Sep 15 01:09:40 2024 +0000 - upstream: mention SshdSessionPath option + upstream: Add a sshd_config "RefuseConnection" option - OpenBSD-Commit-ID: c29734d36c21003973b15c1c9965c35f36cef30c + If set, this will terminate the connection at the first authentication + request (this is the earliest we can evaluate sshd_config Match blocks) + + ok markus@ + + OpenBSD-Commit-ID: 43cc2533984074c44d0d2f92eb93f661e7a0b09c -commit 603193e32aef5db7d60c58066d5de89806e79312 -Author: Darren Tucker -Date: Thu Jun 20 18:45:14 2024 +1000 +commit acad117e66018fe1fa5caf41b36e6dfbd61f76a1 +Author: djm@openbsd.org +Date: Sun Sep 15 00:58:01 2024 +0000 - Rerun upstream tests on .sh file changes too. + upstream: switch sshd_config Match processing to the argv tokeniser + + too; ok markus@ + + OpenBSD-Commit-ID: b74b5b0385f2e0379670e2b869318a65b0bc3923 -commit dbbf9337c19381786a8e5a8a49152fe6b80c780d -Author: dtucker@openbsd.org -Date: Thu Jun 20 08:23:18 2024 +0000 +commit baec3f7f4c60cd5aa1bb9adbeb6dfa4a172502a8 +Author: djm@openbsd.org +Date: Sun Sep 15 00:57:36 2024 +0000 - upstream: Work around dbclient cipher/mac query bug. + upstream: switch "Match" directive processing over to the argv - Unlike earlier versions, recent Dropbear (at least v2024.85) requires - a host arg when querying supported ciphers and macs via "-c/-m - help". Earlier versions accept but do not require it, so always - provide it. If these queries fail, skip the test with a warning. + string tokeniser, making it possible to use shell-like quoting in Match + directives, particularly "Match exec". ok markus@ - OpenBSD-Regress-ID: 98eb863a3f0363416922efb273885e6b3c7f68d4 + OpenBSD-Commit-ID: 0877309650b76f624b2194c35dbacaf065e769a5 -commit 8de2c8cebc46bbdb94b7a2c120fcadfb66a3cccc -Author: dtucker@openbsd.org -Date: Thu Jun 20 08:18:34 2024 +0000 +commit dd424d7c382c2074ab70f1b8ad4f169a10f60ee7 +Author: djm@openbsd.org +Date: Sun Sep 15 00:47:01 2024 +0000 - upstream: Remove dropbear key types not supported + upstream: include pathname in some of the ssh-keygen passphrase - by current OpenSSH. Allows subsequent test runs to work if OpenSSH is - rebuilt w/out OpenSSL. + prompts. Helps the user know what's going on when ssh-keygen is invoked via + other tools. Requested in GHPR503 - OpenBSD-Regress-ID: e0129eb2b1d31771105903a8055216fbba20a770 + OpenBSD-Commit-ID: 613b0bb6cf845b7e787d69a5b314057ceda6a8b6 -commit e9b6471c59b21e5d9ef1b3832d4bf727338add85 +commit 62bbf8f825cc390ecb0523752ddac1435006f206 Author: djm@openbsd.org -Date: Thu Jun 20 00:18:05 2024 +0000 +Date: Sun Sep 15 00:41:18 2024 +0000 - upstream: stricter check for overfull tables in penalty record path + upstream: Do not apply authorized_keys options when signature - OpenBSD-Commit-ID: 7df01e648a0723418c554e64a9f2b6d38db060a6 + verification fails. Prevents restrictive key options being incorrectly + applied to subsequent keys in authorized_keys. bz3733, ok markus@ + + OpenBSD-Commit-ID: ba3776d9da4642443c19dbc015a1333622eb5a4e -commit d9336d344eb2a1e898c5e66147b3f108c7214694 +commit 49f325fd47af4e53fcd7aafdbcc280e53f5aa5ce +Author: Wu Weixin +Date: Fri Aug 2 22:16:40 2024 +0800 + + Fix without_openssl always being set to 1 + + In Fedora systems, %{?rhel} is empty. In RHEL systems, %{?fedora} is + empty. Therefore, the original code always sets without_openssl to 1. + +commit c21c3a2419bbc1c59cb1a16ea356e703e99a90d9 Author: djm@openbsd.org -Date: Wed Jun 19 23:24:47 2024 +0000 +Date: Thu Sep 12 00:36:27 2024 +0000 - upstream: put back reaping of preauth child process when writes + upstream: Relax absolute path requirement back to what it was prior to - from the monitor fail. Not sure how this got lost in the avalanche of - patches. + OpenSSH 9.8, which incorrectly required that sshd was started with an + absolute path in inetd mode. bz3717, patch from Colin Wilson - OpenBSD-Commit-ID: eb7eb36371e1ac01050b32b70fb2b3e5d98e72f5 + OpenBSD-Commit-ID: 25c57f22764897242d942853f8cccc5e991ea058 -commit 579d9adb70ec0206a788eb5c63804c31a67e9310 +commit 1bc426f51b0a5cfdcfbd205218f0b6839ffe91e9 Author: naddy@openbsd.org -Date: Mon Jun 17 13:50:18 2024 +0000 +Date: Mon Sep 9 14:41:21 2024 +0000 - upstream: remove one more mention of DSA + upstream: document the mlkem768x25519-sha256 key exchange algorithm - OpenBSD-Commit-ID: 8515f55a15f02836ba657df341415f63c60526ca + OpenBSD-Commit-ID: fa18dccdd9753dd287e62ecab189b3de45672521 -commit 7089b5f8436ef0b8d3d3ad9ce01045fb9e7aab15 +commit 0a2db61a5ffc64d2e2961c52964f933879952fc7 Author: Darren Tucker -Date: Wed Jun 19 23:09:05 2024 +1000 +Date: Tue Sep 10 21:11:14 2024 +1000 - Move -f to the place needed to restart sshd. + Spell omnios test host correctly. -commit d5f83cfd852b14a25f347f082ab539a9454702ad +commit 059ed698a47c9af541a49cf754fd09f984ac5a21 Author: Darren Tucker -Date: Wed Jun 19 21:04:01 2024 +1000 +Date: Tue Sep 10 18:52:02 2024 +1000 - Need to supply "-f" to restart sshd. + Add omnios test target. -commit fad34b4ca25c0ef31e5aa841d461b6f21da5b8c1 -Author: dtucker@openbsd.org -Date: Wed Jun 19 10:15:51 2024 +0000 +commit f4ff91575a448b19176ceaa8fd6843a25f39d572 +Author: Darren Tucker +Date: Tue Sep 10 18:45:55 2024 +1000 - upstream: Provide defaults for ciphers and macs - - if querying for them fails since on some versions of Dropbear (at least - v2024.85) "-m help" doesn't seem to work. Enable all supported pubkey - algorithms in the server. - - OpenBSD-Regress-ID: 4f95556a49ee9f621789f25217c367a33d2745ca + Wrap stdint.h in ifdef. -commit 5521060e35ada9f957cecdddc06d0524e75409ef -Author: dtucker@openbsd.org -Date: Wed Jun 19 10:10:46 2024 +0000 +commit ff714f001d20a9c843ee1fd9d92a16d40567d264 +Author: Darren Tucker +Date: Mon Sep 9 19:31:54 2024 +1000 - upstream: Use ed25519 keys for kex tests - - since that's supported by OpenSSH even when built without OpenSSL. - Only test diffie-hellman kex if OpenSSH is compiled with support for it. - - OpenBSD-Regress-ID: a5d09ef9bbd171f9e4ec73ed0d9eeb49a8878e97 + Also test PAM on dfly64. -commit dbd3b833f6e3815e58f2dc6e14f61a51bcd4d6bd -Author: dtucker@openbsd.org -Date: Wed Jun 19 10:08:34 2024 +0000 +commit 509b757c052ea969b3a41fc36818b44801caf1cf +Author: Damien Miller +Date: Mon Sep 9 21:50:14 2024 +1000 - upstream: Rework dropbear key setup - - to always generate ed25519 keys, other types only if OpenSSH has support - for the corresponding key type. + stubs for ML-KEM KEX functions - OpenBSD-Regress-ID: 8f91f12604cddb9f8d93aa34f3f93a3f6074395d + used for C89 compilers -commit d6218504e11ae9148adf410fc69b0710a052be36 -Author: Darren Tucker -Date: Wed Jun 19 20:20:24 2024 +1000 +commit 273581210c99ce7275b8efdefbb9f89e1c22e341 +Author: Damien Miller +Date: Mon Sep 9 17:30:38 2024 +1000 - Restart sshd after installing it for testing. + declare defeat trying to detect C89 compilers - When installing an sshd built without OpenSSL the mismatch between - the running sshd and newly installed sshd-session will cause the - remainder of the test to fail. + I can't find a reliable way to detect the features the ML-KEM code + requires in configure. Give up for now and use VLA support (that we + can detect) as a proxy for "old compiler" and turn off ML-KEM if + it isn't supported. -commit 786a4465b6bb702daf4fb17b7c3bcb42b52f0b46 -Author: Darren Tucker -Date: Tue Jun 18 19:59:59 2024 +1000 +commit e8a0f19b56dfa20f98ea9876d7171ec315fb338a +Author: Damien Miller +Date: Mon Sep 9 16:46:40 2024 +1000 - Remove macos-11 runner. + fix previous; check for C99 compound literals - Github is retiring them soon. + The previous commit was incorrect (or at least insufficient), the + ML-KEM code is actually using compound literals, so test for them. -commit df1c72a55edbebac14363b57de66ac6a147ecc67 +commit 7c07bec1446978bebe0780ed822c8fedfb377ae8 Author: Damien Miller -Date: Wed Jun 19 09:34:34 2024 +1000 - - PAMServiceName may appear in a Match block - -commit de1c2e70e5a5dc3c8d2fe04b24cc93d8ef6930e7 -Author: dtucker@openbsd.org -Date: Tue Jun 18 08:11:48 2024 +0000 +Date: Mon Sep 9 16:06:21 2024 +1000 - upstream: Re-enable ssh-dss tests + test for compiler feature needed for ML-KEM - ... if ssh is compiled with DSA support - - OpenBSD-Regress-ID: bbfaf8c17f2b50a2d46ac35cb97af99b990c990d + The ML-KEM implementation we uses need the compiler to support + C99-style named struct initialisers (e.g foo = {.bar = 1}). We + still support (barely) building OpenSSH with older compilers, so + add a configure test for this. -commit dabc2c7cf3c141e8e5d5a1a60d6c1d2d2422cf43 -Author: anton@openbsd.org -Date: Tue Jun 18 06:14:27 2024 +0000 +commit d469d5f348772058789d35332d1ccb0b109c28ef +Author: djm@openbsd.org +Date: Mon Sep 9 03:13:39 2024 +0000 - upstream: Stop using DSA in dropbear interop tests. + upstream: test mlkem768x25519-sha256 - OpenBSD-Regress-ID: abfd4457d99d8cc1417fd22ca2c570270f74c1cf + OpenBSD-Regress-ID: 7baf6bc39ae55648db1a2bfdc55a624954847611 -commit 761438012710169445acc179e3870c53c862bda0 -Author: Damien Miller -Date: Tue Jun 18 12:29:45 2024 +1000 +commit 62fb2b51bb7f6863c3ab697f397b2068da1c993f +Author: djm@openbsd.org +Date: Mon Sep 9 02:39:57 2024 +0000 - missed a bit of DSA in the fuzzer + upstream: pull post-quantum ML-KEM/x25519 key exchange out from + + compile-time flag now than an IANA codepoint has been assigned for the + algorithm. + + Add mlkem768x25519-sha256 in 2nd KexAlgorithms preference slot. + + ok markus@ + + OpenBSD-Commit-ID: 9f50a0fae7d7ae8b27fcca11f8dc6f979207451a -commit 3f9cc47da588e8de520720e59f98438043fdaf93 -Author: Damien Miller -Date: Tue Jun 18 09:35:53 2024 +1000 +commit a8ad7a2952111c6ce32949a775df94286550af6b +Author: djm@openbsd.org +Date: Fri Sep 6 02:30:44 2024 +0000 - DSA support is disabled, so remove from fuzzers + upstream: make parsing user@host consistently look for the last '@' in + + the string rather than the first. This makes it possible to use usernames + that contain '@' characters. + MIME-Version: 1.0 + Content-Type: text/plain; charset=UTF-8 + Content-Transfer-Encoding: 8bit + + Prompted by Max Zettlmeißl; feedback/ok millert@ + + OpenBSD-Commit-ID: 0b16eec246cda15469ebdcf3b1e2479810e394c5 -commit 00eb95957dea5484b2c7c043f7d2bbc87301bef2 +commit 13cc78d016b67a74a67f1c97c7c348084cd9212c Author: djm@openbsd.org -Date: Mon Jun 17 08:30:29 2024 +0000 +Date: Wed Sep 4 05:33:34 2024 +0000 - upstream: disable the DSA signature algorithm by default; ok + upstream: be more strict in parsing key type names. Only allow - markus@ + shortnames (e.g "rsa") in user-interface code and require full SSH protocol + names (e.g. "ssh-rsa") everywhere else. - (yes, I know this expands to "the Digitial Signature Algorithm - signature algorithm) + Prompted by bz3725; ok markus@ - OpenBSD-Commit-ID: 961ef594e46dd2dcade8dd5721fa565cee79ffed + OpenBSD-Commit-ID: b3d8de9dac37992eab78adbf84fab2fe0d84b187 -commit 5603befe11c9464ea26fe77cbacc95a7cc0b1ea7 +commit ef8472309a68e319018def6f8ea47aeb40d806f5 Author: djm@openbsd.org -Date: Mon Jun 17 08:28:31 2024 +0000 +Date: Wed Sep 4 05:11:33 2024 +0000 - upstream: promote connection-closed messages from verbose to info + upstream: fix RCSID in output - log level; they could be the only record of the connection terminating if the - client doesn't send a SSH2_MSG_DISCONNECT message. ok dtucker@ - - OpenBSD-Commit-ID: 0c8bfaf5e9fdff945cee09ac21e641f6c5d65d3c + OpenBSD-Commit-ID: 889ae07f2d2193ddc4351711919134664951dd76 -commit b00331402fe5c60d577f3ffcc35e49286cdc6b47 -Author: Damien Miller -Date: Mon Jun 17 17:02:18 2024 +1000 +commit ba2ef20c75c5268d4d1257adfc2ac11c930d31e1 +Author: jmc@openbsd.org +Date: Tue Sep 3 06:17:48 2024 +0000 - propagate PAM crashes to PerSourcePenalties + upstream: envrionment -> environment; - If the PAM subprocess crashes, exit with a crash status that will be - picked up by the sshd(8) listener process where it can be used by - PerSourcePenalties to block the client. This is similar handling to - the privsep preauth process. + OpenBSD-Commit-ID: b719f39c20e8c671ec6135c832d6cc67a595af9c -commit 1c207f456ace38987deda047758d13fbf857f948 +commit e66c0c5673a4304a3a9fbf8305c6a19f8653740f Author: Damien Miller -Date: Mon Jun 17 15:06:01 2024 +1000 +Date: Wed Sep 4 15:35:29 2024 +1000 - minix doesn't have loopback, so skip penalty tests - - pointed out by dtucker@ + add basic fuzzers for our import of sntrup761 -commit 48443d202eaec52d4d39defdd709a4499a7140c6 +commit d19dea6330ecd4eb403fef2423bd7e127f4c9828 Author: djm@openbsd.org -Date: Sun Jun 16 11:54:49 2024 +0000 +Date: Tue Sep 3 05:58:56 2024 +0000 - upstream: same treatment for this test + upstream: regression test for Include variable expansion - OpenBSD-Regress-ID: d0cc9efca7833e673ea7b0cb3a679a3acee8d4c7 + OpenBSD-Regress-ID: 35477da3ba1abd9ca64bc49080c50a9c1350c6ca -commit 45562a95ea11d328c22d97bf39401cd29684fb1f +commit 8c4d6a628051e318bae2f283e8dc38b896400862 Author: djm@openbsd.org -Date: Sun Jun 16 08:18:06 2024 +0000 +Date: Tue Sep 3 05:29:55 2024 +0000 - upstream: penalty test is still a bit racy + upstream: allow the "Include" directive to expand the same set of - OpenBSD-Regress-ID: 90c9ac224db454637baf1ebee5857e007321e824 - -commit 8d0f7eb147ef72d18acb16c0b18672d44941a8ca -Author: djm@openbsd.org -Date: Sat Jun 15 03:59:10 2024 +0000 - - upstream: crank up penalty timeouts so this should work on even the + %-tokens that "Match Exec" and environment variables. - slowest of test builders + ok dtucker@ - OpenBSD-Regress-ID: 70bda39c83e3fc9d0f3c1fad4542ed33e173d468 + OpenBSD-Commit-ID: 12ef521eaa966a9241e684258564f52f1f3c5d37 -commit 93c75471a1202ab3e29db6938648d4e2602c0475 -Author: jmc@openbsd.org -Date: Fri Jun 14 05:20:34 2024 +0000 +commit 51b82648b6827675fc0cde21175fd1ed8e89aab2 +Author: djm@openbsd.org +Date: Mon Sep 2 12:18:35 2024 +0000 - upstream: sort -q in the options list; + upstream: missing ifdef - OpenBSD-Commit-ID: 6839b38378f38f754de638a5e988c13b4164cc7c + OpenBSD-Commit-ID: 85f09da957dd39fd0abe08fe5ee19393f25c2021 -commit dd7807bbe80a93ffb4616f2bd5cf83ad5a5595fb +commit f68312eb593943127b39ba79a4d7fa438c34c153 Author: djm@openbsd.org -Date: Fri Jun 14 05:01:22 2024 +0000 +Date: Mon Sep 2 12:13:56 2024 +0000 - upstream: clarify KEXAlgorithms supported vs available. Inspired by + upstream: Add experimental support for hybrid post-quantum key exchange - bz3701 from Colin Watson. + ML-KEM768 with ECDH/X25519 from the Internet-draft: + https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03 - OpenBSD-Commit-ID: e698e69bea19bd52971d253f2b1094490c4701f7 - -commit d172ad56df85b68316dbadbedad16761a1265874 -Author: djm@openbsd.org -Date: Fri Jun 14 05:00:42 2024 +0000 - - upstream: ssh-keyscan -q man bits + This is based on previous patches from markus@ but adapted to use the + final FIPS203 standard ML-KEM using a formally-verified implementation + from libcrux. - OpenBSD-Commit-ID: ba28d0e1ac609a4c99c453e57e86560c79079db1 + Note this key exchange method is still a draft and thus subject to + change. It is therefore disabled by default; set MLKEM=yes to build it. + We're making it available now to make it easy for other SSH + implementations to test against it. + + ok markus@ deraadt@ + + OpenBSD-Commit-ID: 02a8730a570b63fa8acd9913ec66353735dea42c -commit 092e4ff9ccaacbe035f286feb1b56ed499604743 -Author: Damien Miller -Date: Fri Jun 14 14:46:35 2024 +1000 +commit 05f2b141cfcc60c7cdedf9450d2b9d390c19eaad +Author: Antonio Larrosa +Date: Fri Aug 23 12:21:06 2024 +0200 - skip penalty-expire test in valgrind test env + Don't skip audit before exitting cleanup_exit + + This fixes an issue where the SSH_CONNECTION_ABANDON event is not + audited because cleanup_exit overrides the regular _exit too soon and + as a result, failed auth attempts are not logged correctly. + + The problem was introduced in 81c1099d22b81ebfd20a334ce986c4f753b0db29 + where the code from upstream was merged before the audit_event call when + it should have been merged right before the _exit call in order to honor + the comment that just mentions an override of the exit value. -commit 2866ad08a9c50d7b67ce9424ca990532b806a21a +commit 16eaf9d401e70996f89f3f417738a8db421aa959 Author: djm@openbsd.org -Date: Fri Jun 14 04:43:11 2024 +0000 +Date: Wed Aug 28 12:08:26 2024 +0000 - upstream: split the PerSourcePenalties test in two: one tests penalty + upstream: fix test: -F is the argument to specify a non-default - enforcement but not penalty expiry, the other tests penalty expiry. - - This lets us disable the expiry testing in certain CI test environments. + ssh_config, not -f (this is sadly not a new bug) - OpenBSD-Regress-ID: f56811064f3e3cb52ee73a206b8c2a06af1c8791 + OpenBSD-Regress-ID: 45a7bda4cf33f2cea218507d8b6a55cddbcfb322 *** 36634 LINES SKIPPED *** From nobody Thu Feb 20 17:51:24 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzLRK2z96z5pCQj; Thu, 20 Feb 2025 17:51:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzLRK1YTDz456F; Thu, 20 Feb 2025 17:51:25 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740073885; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=CGCYv2CcOKk9Pvl92Z0PbH6iBhuvfsb9w1AGJHKMDAw=; b=leND8VGj3yfTSXL6BgFDpPjANyIIA/gBYWlREpYLXHrYnYnHrKY/IMUN+HlFulA+h8RN/m sJ816hn0E4ws2wMyyBy5f1Cb+y0bfU142BLalDJS9ZxnBZ//mLU2HhvfglgqY5Ve8ZcQBz L0epqLnS43ogD4tFanD+6vkA8beLyRat3pLxswhDWwGc41gmKGm8J3eua57BBXU2hsD+xI 9W9M9oFQ6K8sj6W6gdREJS8smSHQ33kxczyStoze9iUJwWK1rnPYHkXoM+JD4yk0xgFyeq DGDYjQYkjcCVJW9icOJyBSuxLNx37Nhq/+MACmYGT5k6BpEWPv9RM7PiSA+PNg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740073885; a=rsa-sha256; cv=none; b=MbNe6Lpk5k9YJPj7NuMe4WKZm37nth3BKdSEvCnpr0rUYueVtW/hLgQDJXcD47bvwlZSY/ ytv8r12gFOHoWHa3+GRhmVpRj+uAr+uAvwzFaelZ5FwVACURGf3zzrnSpjselLoawqW8/U b0sAPu1Uqfb8sDDxq0u2Tw2hJR+CtcW4g7qrM0bmTDLBePHSXzHg5Ec2Nmph90ssRMfIo9 ZGfTNM68ptAGVhBsiypyb7ioic1oynN2RR19h5xrtGo6EsPmLbgWUyWbBtdWUdeEx8727u 9z4q4Q715xWGRH5OTNF7DyEPfQWBd9VjkwNc/QheqxhZOmFlNGFmDzTjVwm7dA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740073885; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=CGCYv2CcOKk9Pvl92Z0PbH6iBhuvfsb9w1AGJHKMDAw=; b=j2QF6fjPc+aLTQrdyT8+fXAT4zl70UZF2PMa+BM2r6p/Syv4OgCSmqghUIAlkV9mMGBFN+ FXIpKU+OvEP/T3uycHiQrWH34tLcVHEIp6II6tsRV9Zqtx9tvbxRzJbZ2GXGA2hb5dLcUx 6ocPCu2QR8VmbI8S4r/DIqLttUdArGOVnODM+geQtBmPmxyHniiLI/+oSwMFUNOY11K4yp aPsN+ffJo6IqZEuAWEmq2bKHGc2QF2LfmdDSpqJZUvlute/joFUA4vkmQUNuQ4aeezAAV8 BfOaH87AheJtxUW3f2kShEky8/+jVSjntaMXLbTVQKil9eSj3upIxhuCmruEHA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzLRK0D0qz129l; Thu, 20 Feb 2025 17:51:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51KHpP5X062141; Thu, 20 Feb 2025 17:51:25 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51KHpOIw062138; Thu, 20 Feb 2025 17:51:24 GMT (envelope-from git) Date: Thu, 20 Feb 2025 17:51:24 GMT Message-Id: <202502201751.51KHpOIw062138@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 059b786b7db5 - stable/14 - openssh: Update to 9.9p2 List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 059b786b7db55b776d82748842f4d6d89cb79664 Auto-Submitted: auto-generated The branch stable/14 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=059b786b7db55b776d82748842f4d6d89cb79664 commit 059b786b7db55b776d82748842f4d6d89cb79664 Author: Ed Maste AuthorDate: 2025-02-19 19:33:38 +0000 Commit: Ed Maste CommitDate: 2025-02-20 17:50:46 +0000 openssh: Update to 9.9p2 This release exists primarily to fix two security bugs. The fixes have been independently imported into FreeBSD. This import serves to update the ssh and sshd version number. A few minor bug fixes are also included; see the upstream release notes for full details of the 9.9p2 release (https://www.openssh.com/releasenotes.html). Sponsored by: The FreeBSD Foundation (cherry picked from commit 0ae642c7dd0c2cfd965a22bf73876cd26cceadd2) Approved by: re (accelerated MFC) --- crypto/openssh/.github/ci-status.md | 10 +- crypto/openssh/ChangeLog | 2186 ++-------------------------- crypto/openssh/README | 2 +- crypto/openssh/config.h | 3 - crypto/openssh/configure.ac | 1 - crypto/openssh/contrib/redhat/openssh.spec | 2 +- crypto/openssh/contrib/suse/openssh.spec | 2 +- crypto/openssh/defines.h | 26 + crypto/openssh/gss-serv.c | 1 + crypto/openssh/kexmlkem768x25519.c | 5 +- crypto/openssh/libcrux_mlkem768_sha3.h | 8 +- crypto/openssh/loginrec.c | 8 +- crypto/openssh/misc.c | 23 +- crypto/openssh/misc.h | 3 +- crypto/openssh/mlkem768.sh | 17 +- crypto/openssh/readconf.c | 28 +- crypto/openssh/servconf.c | 61 +- crypto/openssh/ssh_namespace.h | 1 + crypto/openssh/version.h | 2 +- 19 files changed, 289 insertions(+), 2100 deletions(-) diff --git a/crypto/openssh/.github/ci-status.md b/crypto/openssh/.github/ci-status.md index 4fa73894ce76..17fa97bdc309 100644 --- a/crypto/openssh/.github/ci-status.md +++ b/crypto/openssh/.github/ci-status.md @@ -6,10 +6,6 @@ master : [![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh) [![Coverity Status](https://scan.coverity.com/projects/21341/badge.svg)](https://scan.coverity.com/projects/openssh-portable) -9.8 : -[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_8)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_8) -[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_8)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_8) - -9.7 : -[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_7)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_7) -[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_7)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_7) +9.9 : +[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_9)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_9) +[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_9)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_9) diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog index c085866f19f6..2ef1164e6cfb 100644 --- a/crypto/openssh/ChangeLog +++ b/crypto/openssh/ChangeLog @@ -1,3 +1,140 @@ +commit 6ebc4dd77a479892d5ca0cd2a567a651f70aad82 +Author: Damien Miller +Date: Tue Feb 18 19:03:42 2025 +1100 + + openssh-9.9p2 + +commit 38df39ecf278a7ab5794fb03c01286f2cfe82c0d +Author: djm@openbsd.org +Date: Tue Feb 18 08:02:48 2025 +0000 + + upstream: Fix cases where error codes were not correctly set + + Reported by the Qualys Security Advisory team. ok markus@ + + OpenBSD-Commit-ID: 7bcd4ffe0fa1e27ff98d451fb9c22f5fae6e610d + +commit 5e07dee272c34e193362fba8eda0e3c453f3c773 +Author: djm@openbsd.org +Date: Tue Feb 18 08:02:12 2025 +0000 + + upstream: Don't reply to PING in preauth phase or during KEX + + Reported by the Qualys Security Advisory team. ok markus@ + + OpenBSD-Commit-ID: c656ac4abd1504389d1733d85152044b15830217 + +commit fb071011fb843142282b8b8a69cbb15e9b0b9485 +Author: djm@openbsd.org +Date: Mon Feb 10 23:00:29 2025 +0000 + + upstream: fix "Match invalid-user" from incorrectly being activated + + in initial configuration pass when no other predicates were present on the + match line + + OpenBSD-Commit-ID: 02703b4bd207fafd03788bc4e7774bf80be6c9a8 + +commit 729a26a978dd39db60d4625bdfb5405baa629e59 +Author: Damien Miller +Date: Wed Oct 30 14:25:14 2024 +1100 + + fix uint64_t types; reported by Tom G. Christensen + +commit 33c5f384ae03a5d1a0bd46ca0fac3c62e4eaf784 +Author: Damien Miller +Date: Sun Oct 27 13:28:11 2024 +1100 + + htole64() etc for systems without endian.h + +commit fe8d28a7ebbaa35cfc04a21263627f05c237e460 +Author: djm@openbsd.org +Date: Sun Oct 27 02:06:59 2024 +0000 + + upstream: explicitly include endian.h + + OpenBSD-Commit-ID: 13511fdef7535bdbc35b644c90090013da43a318 + +commit 11f348196b3fb51c3d8d1f4f36db9d73f03149ed +Author: djm@openbsd.org +Date: Sun Oct 27 02:06:01 2024 +0000 + + upstream: fix ML-KEM768x25519 KEX on big-endian systems; spotted by + + jsg@ feedback/ok deraadt@ + + OpenBSD-Commit-ID: 26d81a430811672bc762687166986cad40d28cc0 + +commit 19bcb2d90c6caf14abf386b644fb24eb7afab889 +Author: djm@openbsd.org +Date: Thu Sep 26 23:55:08 2024 +0000 + + upstream: fix previous change to ssh_config Match, which broken on + + negated Matches; spotted by phessler@ ok deraadt@ + + OpenBSD-Commit-ID: b1c6acec66cd5bd1252feff1d02ad7129ced37c7 + +commit 66878e12a207fa9746dee3e2bdcca29b704cf035 +Author: djm@openbsd.org +Date: Wed Sep 25 01:24:04 2024 +0000 + + upstream: fix regression introduced when I switched the "Match" + + criteria tokeniser to a more shell-like one. Apparently the old tokeniser + (accidentally?) allowed "Match criteria=argument" as well as the "Match + criteria argument" syntax that we tested for. + + People were using this syntax so this adds back support for + "Match criteria=argument" + + bz3739 ok dtucker + + OpenBSD-Commit-ID: d1eebedb8c902002b75b75debfe1eeea1801f58a + +commit ff2cd1dd5711ff88efdf26662d6189d980439a1f +Author: Damien Miller +Date: Wed Sep 25 11:15:45 2024 +1000 + + gss-serv.c needs sys/param.h + + From Void Linux + +commit 2c12ae8cf9b0b7549ae097c4123abeda0ee63e5b +Author: Damien Miller +Date: Wed Sep 25 11:13:05 2024 +1000 + + build construct_utmp() when USE_BTMP is set + + Fixes compile error on Void Linux/Musl + +commit c7fda601186ff28128cfe3eab9c9c0622de096e1 +Author: Christoph Ostarek +Date: Wed Jul 3 12:46:59 2024 +0200 + + fix utmpx ifdef + + 02e16ad95fb1f56ab004b01a10aab89f7103c55d did a copy-paste for + utmpx, but forgot to change the ifdef appropriately + +commit 7cf4dc414de689c467e58e49fb83f6609c3ed36b +Author: Darren Tucker +Date: Mon Sep 23 20:54:26 2024 +1000 + + Remove non-9.9 branch statuses. + +commit 8513f4d30ae85d17b3b08da6bc3be76f8c73123c +Author: Darren Tucker +Date: Mon Sep 23 20:52:31 2024 +1000 + + Add 9.9 branch to CI status console. + +commit 53a80baaebda180f46e6e8571f3ff800e1f5c496 +Author: Damien Miller +Date: Fri Sep 20 08:20:48 2024 +1000 + + autogenerated files for release + commit 46d1fb16b20e971b9ac15e86a3d3e350b49c9ad6 Author: Damien Miller Date: Fri Sep 20 08:20:13 2024 +1000 @@ -6625,2052 +6762,3 @@ Date: Mon Feb 20 18:24:39 2023 +1100 This fixes tests on platforms that do not have the openssl tool installed at all. - -commit 2a7e3449908571af601a4c2d12ab140096442e47 -Author: dtucker@openbsd.org -Date: Fri Feb 17 04:22:50 2023 +0000 - - upstream: Remove now-unused compat bit SSH_BUG_RSASIGMD5. The code - - to set this was removed in OpenSSH 7.7 when support for SSH implementations - dating back to before RFC standardization were removed. "burn it all" djm@ - - OpenBSD-Commit-ID: 6330935fbe23dd00be79891505e06d1ffdac7cda - -commit 0833ccf2c8b7ae08b296c06f17bd53e3ab94b0b0 -Author: dtucker@openbsd.org -Date: Fri Feb 17 03:06:18 2023 +0000 - - upstream: Remove now-unused compat bit SSH_BUG_BIGENDIANAES. This - - was previously set for OpenSSH 2.3 (released in 2000) but this check was - removed in OpenSSH 7.7 (2018). ok djm@ deraadt@ - - OpenBSD-Commit-ID: 326426ea328707fc9e83305291ab135c87f678af - -commit c81c2bea6e828d52b62b448b4ffdd3c163177975 -Author: Damien Miller -Date: Fri Feb 17 10:12:40 2023 +1100 - - whitespace fixes - -commit 500f90b39db5f0014e6b0c49ff1f45c994b69293 -Author: Damien Miller -Date: Fri Feb 17 10:02:08 2023 +1100 - - whitespace at EOL - -commit 68350152406339170721c15e97afdf827a5e4001 -Author: dtucker@openbsd.org -Date: Thu Feb 16 10:10:00 2023 +0000 - - upstream: Remove SSH_BUG_PASSWORDPAD compat bit - - since it's no longer used. ok markus@ - - OpenBSD-Commit-ID: b92c21f56fe4b7f9a54790d6a9650725c226820b - -commit 537cccd804eaf65f32bdce037cc31db4e0ab0f44 -Author: dtucker@openbsd.org -Date: Thu Feb 16 07:55:15 2023 +0000 - - upstream: Remove SSH_BUG_IGNOREMSG compat flag - - since it's only applicable to SSH1 and thus no longer used. ok markus@ - "kill it with fire" djm@ - - OpenBSD-Commit-ID: ea13318b1937795d9db4790d3ce0a6ed01584dab - -commit 285cf6cd4b91a0a0ce33193c358c99085af33e43 -Author: jmc@openbsd.org -Date: Fri Feb 10 06:41:53 2023 +0000 - - upstream: space between macro and punctuation; sort usage(); - - OpenBSD-Commit-ID: 6141610cfca037700730e41f868d1d9124958f8c - -commit d39a96f70f81878c77336ed35f5c648c1804b71a -Author: jmc@openbsd.org -Date: Fri Feb 10 06:40:48 2023 +0000 - - upstream: space between macro and punctuation; - - OpenBSD-Commit-ID: abc95e550be9e6d9a7ff64b65c104c7be21ab19e - -commit 16e82bf53fc34e43e3b948d43b68d5b27a7335e6 -Author: jmc@openbsd.org -Date: Fri Feb 10 06:39:27 2023 +0000 - - upstream: sort SYNOPSIS; - - OpenBSD-Commit-ID: dacd9da33277d5669a51213d880632599c890c1e - -commit d9685121ff6d57b8797411f3cb123884a4b96e30 -Author: Darren Tucker -Date: Sat Feb 11 12:32:19 2023 +1100 - - Improve seccomp compat on older systems. - - Check if flags to mmap and madvise are defined before using them. - Should fix problems building on older Linux systems that don't have - these. bz#3537, with & ok djm@. - -commit 6180b0fa4f7996687678702806257e661fd5931e -Author: djm@openbsd.org -Date: Fri Feb 10 05:06:03 2023 +0000 - - upstream: test -Ohashalg=... and that the default output contains both - - specified hash algorithms; prompted by dtucker@ - - OpenBSD-Regress-ID: 26f309208c8d8b8fa9c5f419767b85f1e9b22f51 - -commit d651f5c9fe37e61491eee46c49ba9fa03dbc0e6a -Author: djm@openbsd.org -Date: Fri Feb 10 04:56:30 2023 +0000 - - upstream: let ssh-keygen and ssh-keyscan accept - - -Ohashalg=sha1|sha256 when outputting SSHFP fingerprints to allow algorithm - selection. bz3493 ok dtucker@ - - OpenBSD-Commit-ID: e6e07fe21318a873bd877f333e189eb963a11b3d - -commit 18938d11a90b74d63c20b2d3c965d5bd64786ab1 -Author: djm@openbsd.org -Date: Fri Feb 10 04:47:19 2023 +0000 - - upstream: add a `sshd -G` option that parses and prints the - - effective configuration without attempting to load private keys and perform - other checks. This allows usage of the option before keys have been - generated. - - bz3460 feedback/ok dtucker@ - - OpenBSD-Commit-ID: 774504f629023fc25a559ab1d95401adb3a7fb29 - -commit df7d3dbf7194db8e97730ee0425d4d9d7bdb8b10 -Author: djm@openbsd.org -Date: Fri Feb 10 04:40:28 2023 +0000 - - upstream: make `ssh -Q CASignatureAlgorithms` work as the manpage says - - it should bz3532 - - OpenBSD-Commit-ID: 0ddb17b3fcbd99bfb5baea4ac5e449620cbd3adc - -commit d3b8d4198b6595f23b5859d43dc8fc701f97429b -Author: Darren Tucker -Date: Fri Feb 10 14:26:44 2023 +1100 - - Add CentOS 7 test targets. - -commit 22efb01e355bba4755b730ed417f91c081445bfc -Author: dtucker@openbsd.org -Date: Thu Feb 9 09:55:33 2023 +0000 - - upstream: Test adding terminating newline to known_hosts. - - OpenBSD-Regress-ID: 5fc3010ac450195b3fbdeb68e875564968800365 - -commit caec6da1a583ed8c32c6ad3b81bbcaab46ac8b61 -Author: dtucker@openbsd.org -Date: Wed Feb 8 08:06:03 2023 +0000 - - upstream: ssh-agent doesn't actually take -v, - - so the recently-added ones will result in the test not cleaning up - after itself. Patch from cjwatson at debian.org vi bz#3536. - - OpenBSD-Regress-ID: 1fc8283568f5bf2f918517c2c1e778072cf61b1a - -commit 3c379c9a849a635cc7f05cbe49fe473ccf469ef9 -Author: dtucker@openbsd.org -Date: Thu Feb 9 09:54:11 2023 +0000 - - upstream: Ensure that there is a terminating newline when adding a new - - entry to known_hosts. bz#3529, with git+openssh at limpsquid.nl, ok deraadt@ - markus@ - - OpenBSD-Commit-ID: fa8d90698da1886570512b96f051e266eac105e0 - -commit 95b6bbd2553547260b324b39d602061c88b774bc -Author: Darren Tucker -Date: Tue Feb 7 08:43:47 2023 +1100 - - Replace 9.1 with 9.2 on CI status page. - -commit 195313dfe10a23c82e9d56d5fdd2f59beee1bdcf -Author: Damien Miller -Date: Fri Feb 3 16:33:09 2023 +1100 - - harden Linux seccomp sandbox - - Linux mmap(2) and madvise(2) syscalls support quite a number of funky - flags that we don't expect that sshd/libc will ever need. We can - exclude this kernel attack surface by filtering the mmap(2) flags - and the madvise(2) advice arguments. - - Similarly, the sandboxed process in sshd is a single-threaded program - that does not use shared memory for synchronisation or communication. - Therefore, there should be no reason for the advanced priority - inheritance futex(2) operations to be necessary. These can also be - excluded. - - Motivated by Jann Horn pointing out that there have been kernel bugs - in nearby Linux kernel code, e.g. CVE-2020-29368, CVE-2020-29374 and - CVE-2022-42703. - - Feedback Jann Horn, ok dtucker@ - -commit 6dfb65de949cdd0a5d198edee9a118f265924f33 -Author: Damien Miller -Date: Thu Feb 2 23:21:54 2023 +1100 - - crank versions in RPM specs - -commit d07cfb11a0ca574eb68a3931d8c46fbe862a2021 -Author: Damien Miller -Date: Thu Feb 2 23:21:45 2023 +1100 - - update version in README - -commit 9fe207565b4ab0fe5d1ac5bb85e39188d96fb214 -Author: Damien Miller -Date: Thu Feb 2 23:17:49 2023 +1100 - - adapt compat_kex_proposal() test to portable - -commit 903c556b938fff2d7bff8da2cc460254430963c5 -Author: djm@openbsd.org -Date: Thu Feb 2 12:12:52 2023 +0000 - - upstream: test compat_kex_proposal(); by dtucker@ - - OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2 - -commit 405fba71962dec8409c0c962408e09049e5624b5 -Author: dtucker@openbsd.org -Date: Thu Jan 19 07:53:45 2023 +0000 - - upstream: Check if we can copy sshd or need to use sudo to do so - - during reexec test. Skip test if neither can work. Patch from anton@, tweaks - from me. - - OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d - -commit b2a2a8f69fd7737ea17dc044353c514f2f962f35 -Author: djm@openbsd.org -Date: Thu Feb 2 12:10:22 2023 +0000 - - upstream: openssh-9.2 - - OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923 - -commit 12da7823336434a403f25c7cc0c2c6aed0737a35 -Author: djm@openbsd.org -Date: Thu Feb 2 12:10:05 2023 +0000 - - upstream: fix double-free caused by compat_kex_proposal(); bz3522 - - by dtucker@, ok me - - OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80 - -commit 79efd95ab5ff99f4cb3a955e2d713b3f54fb807e -Author: Darren Tucker -Date: Wed Feb 1 17:17:26 2023 +1100 - - Skip connection-timeout test on minix3. - - Minix 3's Unix domain sockets don't seem to work the way we expect, so - skip connection-timeout test on that platform. While there, group - together all similarly skipped tests and explicitly comment. - -commit 6b508c4e039619842bcf5a16f8a6b08dd6bec44a -Author: Damien Miller -Date: Wed Feb 1 12:12:05 2023 +1100 - - fix libfido2 detection without pkg-config - - Place libfido2 before additional libraries (that it may depend upon) - and not after. bz3530 from James Zhang; ok dtucker@ - -commit 358e300fed5e6def233a2c06326e51e20ebed621 -Author: deraadt@openbsd.org -Date: Wed Jan 18 20:56:36 2023 +0000 - - upstream: delete useless dependency - - OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad - -commit a4cb9be1b021b511e281ee55c356f964487d9e82 -Author: deraadt@openbsd.org -Date: Wed Jan 18 20:43:15 2023 +0000 - - upstream: Create and install sshd random relink kit. - - ../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't - be too fragile, we'll see if we need a different approach. The resulting sshd - binary is tested with the new sshd -V option before installation. As the - binary layout is now semi-unknown (meaning relative, fixed, and gadget - offsets are not precisely known), change the filesystem permissions to 511 to - prevent what I call "logged in BROP". I have ideas for improving this further - but this is a first step ok djm - - OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8 - -commit bc7de6f91a9a0ae2f148a9d31a4027d441a51999 -Author: jmc@openbsd.org -Date: Wed Jan 18 06:55:32 2023 +0000 - - upstream: tweak previous; ok djm - - OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3 - -commit a20b7e999773e6333c8aa9b0a7fa41966e63b037 -Author: Darren Tucker -Date: Tue Jan 31 19:35:44 2023 +1100 - - Skip connection-timeout test under Valgrind. - - Valgrind slows things down so much that the timeout test fails. Skip - this test until we figure out if we can make it work. - -commit c3ffb54b4fc5e608206037921db6ccbc2f5ab25f -Author: Darren Tucker -Date: Wed Jan 25 21:58:40 2023 +1100 - - Skip connection-timeout when missing FD passing. - - This tests uses multiplexing which uses file descriptor passing, so - skip it if we don't have that. Fixes test failures on Cygwin. - -commit 35253af01d8c0ab444c8377402121816e71c71f5 -Author: djm@openbsd.org -Date: Wed Jan 18 02:00:10 2023 +0000 - - upstream: when restoring non-blocking mode to stdio fds, restore - - exactly the flags that ssh started with and don't just clobber them with - zero, as this could also remove the append flag from the set; - - bz3523; ok dtucker@ - - OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0 - -commit 7d17ea151c0b2519f023bd9cc7f141128833ac47 -Author: millert@openbsd.org -Date: Wed Jan 18 01:50:21 2023 +0000 - - upstream: Add a -V (version) option to sshd like the ssh client - - has. OK markus@ deraadt@ - - OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e - -commit 62360feb7f08f2a4c6fc36f3b3449309203c42c9 -Author: millert@openbsd.org -Date: Tue Jan 17 18:52:44 2023 +0000 - - upstream: For "ssh -V" always exit 0, there is no need to check opt - - again. This was missed when the fallthrough in the switch case above it was - removed. OK deraadt@ - - OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120 - -commit 12492c0abf1eb415d08a897cc1d8b9e789888230 -Author: djm@openbsd.org -Date: Tue Jan 17 10:15:10 2023 +0000 - - upstream: also check that an active session inhibits - - UnusedConnectionTimeout idea markus@ - - OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003 - -commit cef2593c33ac46a58238ff998818754eabdf64ff -Author: djm@openbsd.org -Date: Tue Jan 17 10:02:34 2023 +0000 - - upstream: regression test for UnusedConnectionTimeout - - OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084 - -commit aff9493a89c71d6a080419b49ac64eead9730491 -Author: djm@openbsd.org -Date: Mon Jan 16 04:11:29 2023 +0000 - - upstream: unbreak test: cannot access shell positional parameters - - past $9 without wrapping the position in braces (i.e. need ${10}, etc.) - - OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac - -commit 0293c19807f83141cdf33b443154459f9ee471f6 -Author: djm@openbsd.org -Date: Tue Jan 17 09:44:48 2023 +0000 - - upstream: Add a sshd_config UnusedConnectionTimeout option to terminate - - client connections that have no open channels for some length of time. This - complements the recently-added ChannelTimeout option that terminates inactive - channels after a timeout. - - ok markus@ - - OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9 - -commit 8ec2e3123802d2beeca06c1644b0b647f6d36dab -Author: djm@openbsd.org -Date: Sun Jan 15 23:35:10 2023 +0000 - - upstream: adapt to ed25519 changes in src/usr.bin/ssh - - OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5 - -commit 9fbbfeca1ce4c7ec0001c827bbf4189a3ba0964b -Author: djm@openbsd.org -Date: Sun Jan 15 23:05:32 2023 +0000 - - upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP - - (20221122) and change the import approach to the same one we use for - Streamlined NTRUPrime: use a shell script to extract the bits we need from - SUPERCOP, make some minor adjustments and squish them all into a single file. - - ok tb@ tobhe@ - - OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b - -commit 6283f4bd83eee714d0f5fc55802eff836b06fea8 -Author: Darren Tucker -Date: Sat Jan 14 22:02:44 2023 +1100 - - Allow writev is seccomp sandbox. - - This seems to be used by recent glibcs at least in some configurations. - From bz#3512, ok djm@ - -commit 923c3f437f439cfca238fba37e97a7041782f615 -Author: dtucker@openbsd.org -Date: Sat Jan 14 10:05:54 2023 +0000 - - upstream: Shell syntax fix. From ren mingshuai vi github PR#369. - - OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9 - -commit 4d87a00f704e0365e11c3c38b170c1275ec461fc -Author: dtucker@openbsd.org -Date: Sat Jan 14 09:57:08 2023 +0000 - - upstream: Instead of skipping the all-tokens test if we don't have - - OpenSSL (since we use it to compute the hash), put the hash at the end and - just omit it if we don't have it. Prompted by bz#3521. - - OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea - -commit b05406d6f93b8c8ec11ec8b27e7c76cc7a5a55fb -Author: jmc@openbsd.org -Date: Fri Jan 13 07:13:40 2023 +0000 - - upstream: fix double phrase in previous; - - OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2 - -commit 40564812b659c530eb1f4b62d09e85612aef3107 -Author: dtucker@openbsd.org -Date: Fri Jan 13 03:16:29 2023 +0000 - - upstream: Document "UserKnownHostsFile none". ok djm@ - - OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5 - -commit d03e245e034019a37388f6f5f893ce848ab6d2e2 -Author: Darren Tucker -Date: Fri Jan 13 23:02:34 2023 +1100 - - Retry package installation 3 times. - - When setting up the CI environment, retry package installation 3 times - before going up. Should help prevent spurious failures during - infrastructure issues. - -commit 625f6bc39840167dafb3bf5b6a3e18503ac986e8 -Author: dtucker@openbsd.org -Date: Fri Jan 13 04:47:34 2023 +0000 - - upstream: Move scp path setting to a helper function. The previous - - commit to add scp to the test sshd's path causes the t-envpass test to fail - when the test scp is given using a fully qualified path. Put this in a - helper function and only call it from the scp tests. - - OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4 - -commit 6e6f88647042b3cde54a628545c2f5fb656a9327 -Author: dtucker@openbsd.org -Date: Fri Jan 13 04:23:00 2023 +0000 - - upstream: Add scp's path to test sshd's PATH. - - If the scp we're testing is fully qualified (eg it's not in the system - PATH) then add its path to the under-test sshd's PATH so we can find - it. Prompted by bz#3518. - - OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0 - -commit 8a5e99a70fcf9b022a8aa175ebf6a71f58511da3 -Author: Darren Tucker -Date: Fri Jan 13 15:49:48 2023 +1100 - - Remove skipping test when scp not in path. - - An upcoming change renders this obsolete by adding scp's path to the - test sshd's PATH, and removing this first will make the subsequent sync - easier. - -commit 41f36dd896c8fb8337d403fcf476762986976e9d -Author: dtucker@openbsd.org -Date: Fri Jan 13 02:58:20 2023 +0000 - - upstream: Add a "Host" line to the output of ssh -G showing the - - original host arg. Inspired by patch from vincent at bernat.ch via bz#3343, - ok djm@ - - OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883 - -commit f673b49f3be3eb51074fbb8a405beb6cd0f7d93e -Author: djm@openbsd.org -Date: Fri Jan 13 02:44:02 2023 +0000 - - upstream: avoid printf("%s", NULL) if using ssh - - -oUserKnownHostsFile=none and a hostkey in one of the system known hosts file - changes; ok dtucker@ - - OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614 - -commit 93fc7c576563e3d88a1dc019dd213f65607784cc -Author: djm@openbsd.org -Date: Wed Jan 11 05:39:38 2023 +0000 - - upstream: clamp the minimum buffer lengths and number of inflight - - requests too - - OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56 - -commit 48bf234322e639d279c5a28435eae50155e9b514 -Author: djm@openbsd.org -Date: Wed Jan 11 05:36:50 2023 +0000 - - upstream: ignore bogus upload/download buffer lengths in the limits - - extension - - OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8 - -commit 36b00d31833ca74cb0f7c7d8eda1bde55700f929 -Author: djm@openbsd.org -Date: Wed Jan 11 02:13:52 2023 +0000 - - upstream: remove whitespace at EOL from code extracted from SUPERCOP - - OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4 - -commit d888de06c5e4d7dbf2f2b85f2b5bf028c570cf78 -Author: djm@openbsd.org -Date: Wed Jan 11 00:51:27 2023 +0000 - - upstream: rewrite this test to use a multiplexed ssh session so we can - - control its lifecycle without risk of race conditions; fixes some of the - Github integration tests for openssh-portable - - OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969 - -commit 4bcc737a35fdd9cc4af7423d6c23dfd0c7ef4786 -Author: Damien Miller -Date: Wed Jan 11 11:45:17 2023 +1100 - - remove buffer len workaround for NetBSD 4.x - - Switching to from pipes to a socketpair for communicating with the - ssh process avoids the (kernel bug?) problem. - -commit f5154d2aac3e6a32a1b13dec23a701a087850cdc -Author: Damien Miller -Date: Wed Jan 11 11:44:19 2023 +1100 - - add back use of pipes in scp.c under USE_PIPES - - This matches sftp.c which prefers socketpair but uses pipes on - some older platforms. - -commit eec737b59cf13841de46134967a206607000acd4 -Author: millert@openbsd.org -Date: Tue Jan 10 23:22:15 2023 +0000 - - upstream: Switch scp from using pipes to a socketpair for - - communication with it's ssh sub-processes. We no longer need to reserve two - descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is - handled by sanitise_stdfd() in main(). Based on an original diff from djm@. - OK deraadt@ djm@ - - OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d - -commit d213d126a4a343abd3a1eb13687d39c1891fe5c8 -Author: jmc@openbsd.org -Date: Fri Jan 6 08:44:11 2023 +0000 - - upstream: tweak previous; ok djm - - OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858 - -commit 4a5590a5ee47b7dfd49773e9fdba48ad3089fe64 -Author: Damien Miller -Date: Mon Jan 9 16:33:56 2023 +1100 - - try to improve logging for dynamic-forward test - - previously the logs from the ssh used to exercise the forwarding - channel would clobber the logs from the ssh actually doing the - forwarding - -commit 715bc25dcfccf9fb2bee820155fe071d01a618db -Author: Darren Tucker -Date: Sat Jan 7 23:24:50 2023 +1100 - - Skip dynamic-forward test on minix3. - - This test relies on loopback addresses which minix does not have. - Previously the test would not run at all since it also doesn't have - netcat, but now we use our own netcat it tries and fails. - -commit dd1249bd5c45128a908395c61b26996a70f82205 -Author: Damien Miller -Date: Sun Jan 8 12:08:59 2023 +1100 - - don't test IPv6 addresses if platform lacks support - -commit d77fc611a62f2dfee0b654c31a50a814b13310dd -Author: dtucker@openbsd.org -Date: Fri Jan 6 12:33:33 2023 +0000 - - upstream: When OpenSSL is not available, skip parts of percent test - - that require it. Based on github pr#368 from ren mingshuai. - - OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2 - -commit 1cd2aac312af9172f1b5cb06c2e1cd090abb83cf -Author: Darren Tucker -Date: Sat Jan 7 23:01:11 2023 +1100 - - Use our own netcat for dynamic-forward test. - - That way we can be surer about its behaviour rather than trying to - second-guess the behaviour of various netcat implementations. - -commit 26cab41c05d7b0859d2a1ea5b6ed253d91848a80 -Author: Darren Tucker -Date: Sat Jan 7 14:30:43 2023 +1100 - - Use autoconf to find openssl binary. - - It's possible to install an OpenSSL in a path not in the system's - default library search path. OpenSSH can still use this (eg if you - specify an rpath) but the openssl binary there may not work. If one is - available on the system path just use that. - -commit 5532e010a0eeb6aa264396514f9aed7948471538 -Author: Darren Tucker -Date: Sat Jan 7 10:34:18 2023 +1100 - - Check openssl_bin path is executable before using. - -commit 5d7b16cff48598d5908db970bfdc9ff9326142c8 -Author: Darren Tucker -Date: Fri Jan 6 23:19:07 2023 +1100 - - Set OPENSSL_BIN from OpenSSL directory. - -commit 344a0e8240eaf08da5d46a5e3a9ecad6e4f64c35 -Author: dtucker@openbsd.org -Date: Fri Jan 6 08:50:33 2023 +0000 - - upstream: Save debug logs from ssh for debugging purposes. - - OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0 - -commit e1ef172646f7f49c80807eea90225ef5e0be55a8 -Author: djm@openbsd.org -Date: Fri Jan 6 08:07:39 2023 +0000 - - upstream: regression test for ChannelTimeout - - OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685 - -commit 2393ea8daf25853459eb07a528d7577688847777 -Author: djm@openbsd.org -Date: Fri Jan 6 07:18:18 2023 +0000 - - upstream: fix typo in verbose logging - - OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9 - -commit 161a5378a3cc2e7aa3f9674cb7f4686ae6ce9586 -Author: djm@openbsd.org -Date: Fri Jan 6 02:59:50 2023 +0000 - - upstream: unit tests for misc.c:ptimeout_* API - - OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94 - -commit 018d671d78145f03d6f07ae9d64d51321da70325 -Author: tb@openbsd.org -Date: Wed Jan 4 22:48:57 2023 +0000 - - upstream: Copy bytes from the_banana[] rather than banana() - - Fixes test failure due to segfault seen on arm64 with xonly snap. - - ok djm - - OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046 - -commit ab6bb69e251faa8b24f81b25c72ec0120f20cad4 -Author: Damien Miller -Date: Fri Jan 6 19:13:36 2023 +1100 - - unbreak scp on NetBSD 4.x - - e555d5cad5 effectively increased the default copy buffer size for SFTP - transfers. This caused NetBSD 4.x to hang during the "copy local file to - remote file in place" scp.sh regression test. - - This puts back the original 32KB copy buffer size until we can properly - figure out why. - - lots of debugging assistance from dtucker@ - -commit 2d1ff2b9431393ad99ef496d5e3b9dd0d4f5ac8c -Author: djm@openbsd.org -Date: Fri Jan 6 02:47:18 2023 +0000 - - upstream: Implement channel inactivity timeouts - - This adds a sshd_config ChannelTimeouts directive that allows channels that - have not seen traffic in a configurable interval to be automatically closed. - Different timeouts may be applied to session, X11, agent and TCP forwarding - channels. - - Note: this only affects channels over an opened SSH connection and not - the connection itself. Most clients close the connection when their channels - go away, with a notable exception being ssh(1) in multiplexing mode. - - ok markus dtucker - - OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8 - -commit 0e34348d0bc0b1522f75d6212a53d6d1d1367980 -Author: djm@openbsd.org -Date: Fri Jan 6 02:42:34 2023 +0000 - - upstream: Add channel_set_xtype() - - This sets an "extended" channel type after channel creation (e.g. - "session:subsystem:sftp") that will be used for setting channel inactivity - timeouts. - - ok markus dtucker - - OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca - -commit ceedf09b2977f3a756c759a6e7eb8f8e9db86a18 -Author: djm@openbsd.org -Date: Fri Jan 6 02:41:49 2023 +0000 *** 1820 LINES SKIPPED *** From nobody Thu Feb 20 17:56:57 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzLYj4Dbpz5pCvR; Thu, 20 Feb 2025 17:56:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzLYj2z46z49WF; Thu, 20 Feb 2025 17:56:57 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740074217; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+IJkSDliwrw7DUr0Q1ydP4+FUnAQRErWzf4C7pcJR3o=; b=rX5hPha0zGu+pwVuiiy41LmT0/xJClfOjoxYJjtNdWko+LsEFxjnm4eQULxlGdRLnASTk5 fjzJF9fx2IUOouB1Ksu85dtHNMIno3HlF9Zt06urmrrEVeb0R7HeW3CLZ0attU5pYlwzb1 RytmCBNTeqHfCi4vXfM/BOdctOxZfzFIbgaJi7Ey1viYsCIlbSJTB6t6zSKhx24bZwV8+H 7UHJYOI9HjSKy4W+8AVwHsAcvjEyVsgffDX7bxJtd8mGOJv39CiCAGwYMcKMp1TeD0bkj6 UjzDibh3dHzKZSJCCnljonswUUnAxgPvlsXaEZsjHUI1GB/ZX03bMdNmwbQZEQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740074217; a=rsa-sha256; cv=none; b=iidJbGSZFeh+ORnscMMWuR7bgJECCRphstAtrk8rk/BYwanO4Kdwk/ChaSK4bdJhx7T1vV 1Kl3e08Lg6sPGIbPoNOuoRWqNyYFZeCTC+cNnA1Jb9RDdW/Y/MsaM1gGhFqsoaNqGE4CS0 0ORGD5LfD+ixOaKxpzf1apoZyofHrMAIsgA+yakuHiTfIHh8RILt/NTe4JuZPIinYH3VNl 3xRQex2UuYY/yfzUqZeka9776defH9YbBkJA8pADejHbLm+YUckNgEnFax4LLD6djMmWDG ++ekelwyywlmYeKLQ0jyIqXSo6nxWkg3SncDSd0fjxldgyx/kjyM04OaoMvNSg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740074217; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+IJkSDliwrw7DUr0Q1ydP4+FUnAQRErWzf4C7pcJR3o=; b=rYjonFeHn9s+Bn868vruGatamP+HslLUcN35XRMKakswNIEDaE2UkPrTWJUzyomWE7XyT8 qzbtKy4YPQook6Gk5evJQvyOnnAyjFNsC6Jt0LeZOSpn5pQbrPLV6kRmApTzh2sKqPm4PH UOnjNyqpAfgx+K7tf41GrTBai/twLw3d47J+O/at/XZgr2c3Ci904tAIPT9cRsRAKVdEg1 EXPxNPos4UKOFRZBICWidEbMu1pjuYiFsQo2wE75OYDHubNHFa5Tst7TA2MnUqv37hwpVL WEvgZDa4OKiu3Ebgh0h/Q/RGkl+qiHLA6vIeIU9X6G6opYi/LbeKpRi4wN2nNg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzLYj2TzVz12Rh; Thu, 20 Feb 2025 17:56:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51KHuvSi068010; Thu, 20 Feb 2025 17:56:57 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51KHuvQi068007; Thu, 20 Feb 2025 17:56:57 GMT (envelope-from git) Date: Thu, 20 Feb 2025 17:56:57 GMT Message-Id: <202502201756.51KHuvQi068007@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 10e9add50f93 - stable/13 - ssh: Move XAUTH_PATH setting to ssh.mk List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 10e9add50f9358b6b74e1d481b270ba32f3e85da Auto-Submitted: auto-generated The branch stable/13 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=10e9add50f9358b6b74e1d481b270ba32f3e85da commit 10e9add50f9358b6b74e1d481b270ba32f3e85da Author: Ed Maste AuthorDate: 2025-02-09 20:37:24 +0000 Commit: Ed Maste CommitDate: 2025-02-20 13:21:02 +0000 ssh: Move XAUTH_PATH setting to ssh.mk XAUTH_PATH is normally set (in the upstream build infrastructure) in config.h. We previously set it in ssh and sshd's Makefiles if LOCALBASE is set, and over time have sometimes also defined it in config.h. Leave it unset in config.h and move the CFLAGS logic to to ssh.mk so that it will be set when building all ssh libraries and programs but still be set by LOCALBASE. Reviewed by: jlduran Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D48907 (cherry picked from commit a63701848fe5462c4e8bbff0131bb42979e603ec) (cherry picked from commit 73dd56ffcd7b2c46de58980ac888c0421e3ec0b6) --- crypto/openssh/config.h | 2 +- secure/ssh.mk | 2 ++ secure/usr.bin/ssh/Makefile | 4 ---- secure/usr.sbin/sshd/Makefile | 3 --- 4 files changed, 3 insertions(+), 8 deletions(-) diff --git a/crypto/openssh/config.h b/crypto/openssh/config.h index 78bd4280818a..e36d766039df 100644 --- a/crypto/openssh/config.h +++ b/crypto/openssh/config.h @@ -2015,7 +2015,7 @@ #endif /* Define if xauth is found in your path */ -#define XAUTH_PATH "/usr/local/bin/xauth" +/* #undef XAUTH_PATH */ /* Number of bits in a file offset, on hosts where this is settable. */ /* #undef _FILE_OFFSET_BITS */ diff --git a/secure/ssh.mk b/secure/ssh.mk index 9ee533c10eca..c331e40c16f8 100644 --- a/secure/ssh.mk +++ b/secure/ssh.mk @@ -7,6 +7,8 @@ SSHDIR= ${SRCTOP}/crypto/openssh CFLAGS+= -I${SSHDIR} -include ssh_namespace.h SRCS+= ssh_namespace.h +CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE:U/usr/local}/bin/xauth\" + .if ${MK_USB} != "no" # Built-in security key support CFLAGS+= -include sk_config.h diff --git a/secure/usr.bin/ssh/Makefile b/secure/usr.bin/ssh/Makefile index 1d1f5e5e8723..f5560acb8799 100644 --- a/secure/usr.bin/ssh/Makefile +++ b/secure/usr.bin/ssh/Makefile @@ -30,10 +30,6 @@ LIBADD+= gssapi LIBADD+= crypto -.if defined(LOCALBASE) -CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE}/bin/xauth\" -.endif - .include .PATH: ${SSHDIR} diff --git a/secure/usr.sbin/sshd/Makefile b/secure/usr.sbin/sshd/Makefile index fd9eacebe68d..73aedb25a84b 100644 --- a/secure/usr.sbin/sshd/Makefile +++ b/secure/usr.sbin/sshd/Makefile @@ -63,9 +63,6 @@ LIBADD+= wrap LIBADD+= crypto -.if defined(LOCALBASE) -CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE}/bin/xauth\" -.endif .include From nobody Thu Feb 20 17:56:58 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzLYk6n0Pz5pCtH; Thu, 20 Feb 2025 17:56:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzLYk3znNz49Km; Thu, 20 Feb 2025 17:56:58 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740074218; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FHV5RWrlDt4DVHKp38WJQ1iQ8PcVvwkQGevohmMXIbw=; b=xmpLSD2SwSZNfh+NWz8uuIMJKp9zbgGdKXLdkNYGmzPkBoV0BfOdpoM9XaW0yXLCZL2c/3 XwhIE2njVDYEpRC3MFW88efu0P2gXsgy71MHjTs/g28QwBXwQBw7lY85w+Q5J4YN6qG+0Q dRvJzSwLf1dy4L4+elHczPsw8cpsi4rF/9hFSkWbCZKzuS/pf+ybUSBmqxRNzcWRohX3sP 7AY91Q5Kfcstk9+DROlaBynWfH5Wohair7B/5z/FluG/Q44/kWOBfem/aGSO/FY9LvCKZm uyOSyUuex9tOiF15GC/tLBvC9GtJgEGljvWHkbqdiijsUjf+NVVVElaVIOJI/w== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740074218; a=rsa-sha256; cv=none; b=YUpv1hFkRMzwl5VqeduDfeAH0iHc4D534lF8SHILuylJHpXmjiHNlL4RBYv3kwhrJgEHQ1 XE7+Xn1BJuwiCC2qyDiXuzOWCV3nznfZDxam0ubgOB6Fev+shtyOZ8ybpR3kV7GyWI9tLU zvWgrdY4V/7gX1yjwW+bqV+mJyZICcAAyRRZIywmXih/WCtIatsbcHPRyhlw4w/TtIPmag 9RVSBX14Z6tVqXtHbuTj5XV1pWf7NVEoJfFMoNQPQ8iIqanQOmHXETS6fqR6XCNe0G8tA6 Yij/JtIw4eh3uLx8QfyDzjfzwq7cToLODT6udx8KjQtmtZr+pnvyWnbSDZiREg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740074218; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FHV5RWrlDt4DVHKp38WJQ1iQ8PcVvwkQGevohmMXIbw=; b=baPN/yeyTJ8KJVDtvnXqeCYkx3C+LUlyOVZQNobA3nl44bo2YjZEsx/7K8fn+5uzppIzUd tbqt8HxO13PCXv1n62IRn6OkVaBlQRl/W0N3UjBe8Ot43d9HFnT5Q4hsLlhbFijCiM91jN DToIJI6DK6GRZQwQBlgE36V3q2WiNF+5zTiGq1gHX6Xp/ab9j0A6DKZ/yB/nR+pWh2h2VT EZj8+XhI/h2wCLt3YkrEXXD4y7WnhjQdH/bC/0kTD9nTvZ74fgtiIe25mUVo7HERwFAKFj S4lGSVTEofajJ+N6yrDzbRSyRXf/x0FXY0QM96sRku7vOqNAR92rfVh7R6Idcw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzLYk3R1rz12Rj; Thu, 20 Feb 2025 17:56:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51KHuwxp068044; Thu, 20 Feb 2025 17:56:58 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51KHuwQF068041; Thu, 20 Feb 2025 17:56:58 GMT (envelope-from git) Date: Thu, 20 Feb 2025 17:56:58 GMT Message-Id: <202502201756.51KHuwQF068041@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 63d3c245221d - stable/13 - libssh: Remove progressmeter List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 63d3c245221d79f16b59771e84467bdd1abf11dd Auto-Submitted: auto-generated The branch stable/13 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=63d3c245221d79f16b59771e84467bdd1abf11dd commit 63d3c245221d79f16b59771e84467bdd1abf11dd Author: Ed Maste AuthorDate: 2025-02-06 19:21:12 +0000 Commit: Ed Maste CommitDate: 2025-02-20 13:21:02 +0000 libssh: Remove progressmeter It is used only by scp and sftp, and already included directly in their Makefiles. It does not belong in libssh. Fixes: d8b043c8d497 ("Update for 3.6.1p1; also remove Kerberos IV shims.") Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D48871 (cherry picked from commit c0af32952564099fe30a34aeb335f95a6dc811ba) (cherry picked from commit 8a02eb2c1e4f3847fccf3eb1e7ff914871e35be4) --- secure/lib/libssh/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/secure/lib/libssh/Makefile b/secure/lib/libssh/Makefile index e6738be94f65..939eddcb48b7 100644 --- a/secure/lib/libssh/Makefile +++ b/secure/lib/libssh/Makefile @@ -17,7 +17,7 @@ SRCS+= authfd.c authfile.c \ atomicio.c dispatch.c mac.c misc.c utf8.c \ monitor_fdpass.c rijndael.c ssh-dss.c ssh-ecdsa.c ssh-ecdsa-sk.c \ ssh-ed25519-sk.c ssh-rsa.c dh.c \ - msg.c progressmeter.c dns.c entropy.c umac.c umac128.c \ + msg.c dns.c entropy.c umac.c umac128.c \ ssh-pkcs11.c smult_curve25519_ref.c \ poly1305.c chacha.c cipher-chachapoly.c cipher-chachapoly-libcrypto.c \ ssh-ed25519.c digest-openssl.c digest-libc.c \ From nobody Thu Feb 20 17:56:59 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzLYm5JNZz5pCk4; Thu, 20 Feb 2025 17:57:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzLYm1J5Zz49L2; Thu, 20 Feb 2025 17:57:00 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740074220; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=eTBoQqvHlcX9SEdB3KBNlTwSgQmS4fySEidtMCEEUsA=; b=T81aUyIN+Dc8bzadk7fuGbLpyB6FfK0P1uoiH5SE51SqMg8cHQ6d139B8PzrWjWU2o3YB/ R4YbKxKF6b93LJIQtXoWBXsU2dBlWXlkZ3noFK0TOdxlTPs8pijWk/wkUshL3pSFQca0tu V+ayliYlTbaBJECta1rMko+5RK/1sTOx45yS0V/3lAkMqVlJEvwbzDiD6RYyuNRUWqQ2Ga lgIRVSZUhuubzkCN+zXk/sksUpLzTM6rmul/z3M8wI430Me2l+OjfrzMoWbC5rXfyqjtKX OCWZGsRUuMu9Z2UReIguwGpTGbIxbZa/YWa3rwSiC2aslqYwxY5VpipB0SxwaA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740074220; a=rsa-sha256; cv=none; b=HUgsukbcUDTzfaZ06XpqIZrBZ+Mv3F16zyoN7qfwYmDBqmvZsaUYilewKq3nT5agq2R5lC ap+h2n17pVzlBd1ocPqFDNRr9MLiIvgXitxdsYgPp6H7QNkJAF38hrZIby0RAUQt6QlaGl IRqjeFrtyFMM0gLNz9v99lRB5sMtyDj65I8VNgEvMz0Ta0dsdcYZZbIgUGLHFRzDYoZ2VI rl1H/+8a1jsBf2qJfmrFU8e2wNTlMmHADlJ7x5UrmAJiFIx9OQX/J78FTUzLhwteUFl89I N/nBkE8h3t3hhPsicM+/C8x/505jww3MAxhu3EuJo7PkU9KDi7y2oC85+sgPGg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740074220; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=eTBoQqvHlcX9SEdB3KBNlTwSgQmS4fySEidtMCEEUsA=; b=d2UO3QN+0mf/STnDvrcfFXkxde/mm/PiBPUavyIL5t97umOv6mLiy66457hFH+yptUOlgB 9AE8L9AGZWuEbprIeIR2tVMtun0G8cPW85WTQNVe9u1B87uu9Y8zf/UrjBI20ht8r2ZIYR Qjjr/Cim4HAT4WHv2h2UUFNxNJ5ZeFYCX1aLAQkRMT9Z+4EDgx/ZQ9VJdcB4urSqw129Zm cG0C9IhDkIBQa4UcuheIp+DAT+rV6Yc6T2LWtciyuqZ/smcCpsSVEAVNPxBaOXDYQ4c2RR zUOdMumUyCtUg3KTVQ6aavdq+HgITLAxGGQsa1YyXgFsIKZNdjJ/lhwUPAhqIw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzLYm0tfGz12hT; Thu, 20 Feb 2025 17:57:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51KHv0WV068089; Thu, 20 Feb 2025 17:57:00 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51KHuxuK068076; Thu, 20 Feb 2025 17:56:59 GMT (envelope-from git) Date: Thu, 20 Feb 2025 17:56:59 GMT Message-Id: <202502201756.51KHuxuK068076@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: c845ae475579 - stable/13 - openssh: Update to 9.8p1 List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: c845ae475579d9b38cd1e3061f3896b44d1cb172 Auto-Submitted: auto-generated The branch stable/13 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=c845ae475579d9b38cd1e3061f3896b44d1cb172 commit c845ae475579d9b38cd1e3061f3896b44d1cb172 Author: Ed Maste AuthorDate: 2025-02-19 17:20:44 +0000 Commit: Ed Maste CommitDate: 2025-02-20 17:56:23 +0000 openssh: Update to 9.8p1 Highlights from the release notes are reproduced below. Some security and bug fixes were previously merged into FreeBSD and have been elided. See the upstream release notes for full details (https://www.openssh.com/releasenotes.html). --- Future deprecation notice ========================= OpenSSH plans to remove support for the DSA signature algorithm in early 2025. Potentially-incompatible changes -------------------------------- * sshd(8): the server will now block client addresses that repeatedly fail authentication, repeatedly connect without ever completing authentication or that crash the server. See the discussion of PerSourcePenalties below for more information. Operators of servers that accept connections from many users, or servers that accept connections from addresses behind NAT or proxies may need to consider these settings. * sshd(8): the server has been split into a listener binary, sshd(8), and a per-session binary "sshd-session". This allows for a much smaller listener binary, as it no longer needs to support the SSH protocol. As part of this work, support for disabling privilege separation (which previously required code changes to disable) and disabling re-execution of sshd(8) has been removed. Further separation of sshd-session into additional, minimal binaries is planned for the future. * sshd(8): several log messages have changed. In particular, some log messages will be tagged with as originating from a process named "sshd-session" rather than "sshd". * ssh-keyscan(1): this tool previously emitted comment lines containing the hostname and SSH protocol banner to standard error. This release now emits them to standard output, but adds a new "-q" flag to silence them altogether. * sshd(8): (portable OpenSSH only) sshd will no longer use argv[0] as the PAM service name. A new "PAMServiceName" sshd_config(5) directive allows selecting the service name at runtime. This defaults to "sshd". bz2101 New features ------------ * sshd(8): sshd(8) will now penalise client addresses that, for various reasons, do not successfully complete authentication. This feature is controlled by a new sshd_config(5) PerSourcePenalties option and is on by default. * ssh(8): allow the HostkeyAlgorithms directive to disable the implicit fallback from certificate host key to plain host keys. Portability ----------- * sshd(8): expose SSH_AUTH_INFO_0 always to PAM auth modules unconditionally. The previous behaviour was to expose it only when particular authentication methods were in use. * ssh(1), ssh-agent(8): allow the presence of the WAYLAND_DISPLAY environment variable to enable SSH_ASKPASS, similarly to the X11 DISPLAY environment variable. GHPR479 --- Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D48914 (cherry picked from commit 0fdf8fae8b569bf9fff3b5171e669dcd7cf9c79e) (cherry picked from commit b4bb480ae9294d7e4b375f0ead9ae57517c79ef3) (cherry picked from commit e95979047aec384852102cf8bb1d55278ea77eeb) (cherry picked from commit dcb4ae528d357f34e4a4b4882c2757c67c98e395) Approved by: re (accelerated MFC) (cherry picked from commit ff2fd01609cc10bcdc87ebe4de42efaf7ffe2ee9) --- crypto/openssh/.depend | 19 +- crypto/openssh/.git_allowed_signers | 2 + crypto/openssh/.git_allowed_signers.asc | 26 +- crypto/openssh/.github/ci-status.md | 10 +- crypto/openssh/.github/configs | 3 +- crypto/openssh/.github/run_test.sh | 1 + crypto/openssh/.github/workflows/c-cpp.yml | 16 +- crypto/openssh/.github/workflows/cifuzz.yml | 4 +- crypto/openssh/.github/workflows/selfhosted.yml | 55 +- crypto/openssh/.github/workflows/upstream.yml | 18 +- crypto/openssh/.gitignore | 5 +- crypto/openssh/.skipped-commit-ids | 8 + crypto/openssh/ChangeLog | 11260 ++++++++++--------- crypto/openssh/Makefile.in | 25 +- crypto/openssh/PROTOCOL.agent | 5 +- crypto/openssh/PROTOCOL.key | 4 +- crypto/openssh/README | 2 +- crypto/openssh/addr.c | 12 +- crypto/openssh/auth-pam.c | 54 +- crypto/openssh/auth-pam.h | 2 +- crypto/openssh/auth-rhosts.c | 3 +- crypto/openssh/auth.c | 108 +- crypto/openssh/auth.h | 15 +- crypto/openssh/auth2-gss.c | 41 +- crypto/openssh/auth2-hostbased.c | 15 +- crypto/openssh/auth2-kbdint.c | 7 +- crypto/openssh/auth2-methods.c | 134 + crypto/openssh/auth2-none.c | 12 +- crypto/openssh/auth2-passwd.c | 9 +- crypto/openssh/auth2-pubkey.c | 15 +- crypto/openssh/auth2.c | 91 +- crypto/openssh/channels.c | 22 +- crypto/openssh/channels.h | 4 +- crypto/openssh/cipher.c | 4 +- crypto/openssh/clientloop.c | 73 +- crypto/openssh/clientloop.h | 3 +- crypto/openssh/config.h | 21 +- crypto/openssh/configure.ac | 40 +- crypto/openssh/contrib/redhat/openssh.spec | 3 +- crypto/openssh/contrib/suse/openssh.spec | 3 +- crypto/openssh/ed25519.sh | 4 +- crypto/openssh/kex-names.c | 330 + crypto/openssh/kex.c | 270 +- crypto/openssh/kex.h | 9 +- crypto/openssh/kexgexs.c | 4 +- crypto/openssh/log.c | 17 +- crypto/openssh/log.h | 9 +- crypto/openssh/m4/openssh.m4 | 3 + crypto/openssh/misc.c | 100 +- crypto/openssh/misc.h | 11 +- crypto/openssh/moduli | 922 +- crypto/openssh/monitor.c | 57 +- crypto/openssh/monitor.h | 6 +- crypto/openssh/monitor_wrap.c | 234 +- crypto/openssh/monitor_wrap.h | 17 +- crypto/openssh/msg.c | 5 +- crypto/openssh/openbsd-compat/getrrsetbyname.c | 24 +- crypto/openssh/openbsd-compat/port-linux.c | 98 +- crypto/openssh/openbsd-compat/port-linux.h | 5 + crypto/openssh/packet.c | 92 + crypto/openssh/packet.h | 5 +- crypto/openssh/pathnames.h | 7 +- crypto/openssh/platform-listen.c | 84 + crypto/openssh/platform.c | 49 +- crypto/openssh/platform.h | 1 + crypto/openssh/readconf.c | 4 +- crypto/openssh/readpass.c | 9 +- crypto/openssh/regress/Makefile | 6 +- crypto/openssh/regress/cfgmatchlisten.sh | 2 +- crypto/openssh/regress/dropbear-ciphers.sh | 15 +- crypto/openssh/regress/dropbear-kex.sh | 14 +- crypto/openssh/regress/key-options.sh | 2 +- .../regress/misc/fuzz-harness/agent_fuzz_helper.c | 1 - .../openssh/regress/misc/fuzz-harness/kex_fuzz.cc | 8 +- .../openssh/regress/misc/fuzz-harness/sig_fuzz.cc | 8 +- crypto/openssh/regress/penalty-expire.sh | 35 + crypto/openssh/regress/penalty.sh | 52 + crypto/openssh/regress/percent.sh | 5 - crypto/openssh/regress/rekey.sh | 4 +- crypto/openssh/regress/sftp-cmds.sh | 29 +- crypto/openssh/regress/test-exec.sh | 96 +- crypto/openssh/regress/unittests/kex/Makefile | 3 +- crypto/openssh/regress/unittests/kex/test_kex.c | 6 +- crypto/openssh/regress/yes-head.sh | 2 +- crypto/openssh/scp.c | 4 +- crypto/openssh/servconf.c | 283 +- crypto/openssh/servconf.h | 34 +- crypto/openssh/serverloop.c | 50 +- crypto/openssh/session.c | 51 +- crypto/openssh/sftp-client.c | 4 +- crypto/openssh/sftp-server.c | 10 +- crypto/openssh/sftp.c | 8 +- crypto/openssh/srclimit.c | 396 +- crypto/openssh/srclimit.h | 22 +- crypto/openssh/ssh-add.1 | 12 +- crypto/openssh/ssh-gss.h | 3 +- crypto/openssh/ssh-keygen.1 | 20 +- crypto/openssh/ssh-keyscan.1 | 21 +- crypto/openssh/ssh-keyscan.c | 76 +- crypto/openssh/ssh-keysign.8 | 6 +- crypto/openssh/ssh-keysign.c | 4 +- crypto/openssh/ssh-pkcs11.c | 27 +- crypto/openssh/ssh.1 | 25 +- crypto/openssh/ssh_api.c | 17 +- crypto/openssh/ssh_config.5 | 20 +- crypto/openssh/ssh_namespace.h | 27 +- crypto/openssh/sshconnect.c | 34 +- crypto/openssh/sshconnect.h | 6 +- crypto/openssh/sshconnect2.c | 4 +- crypto/openssh/sshd-session.c | 1505 +++ crypto/openssh/sshd.8 | 9 +- crypto/openssh/sshd.c | 1711 +-- crypto/openssh/sshd_config.5 | 110 +- crypto/openssh/sshkey.h | 3 +- crypto/openssh/version.h | 4 +- secure/lib/libssh/Makefile | 2 +- secure/libexec/Makefile | 2 +- secure/libexec/sshd-session/Makefile | 62 + secure/usr.sbin/sshd/Makefile | 42 +- 119 files changed, 10907 insertions(+), 8525 deletions(-) diff --git a/crypto/openssh/.depend b/crypto/openssh/.depend index 4897698ab74a..1d7d0606c657 100644 --- a/crypto/openssh/.depend +++ b/crypto/openssh/.depend @@ -23,6 +23,7 @@ auth2-gss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-com auth2-hostbased.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h kex.h mac.h crypto_api.h sshbuf.h log.h ssherr.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h canohost.h auth2-hostbased.o: monitor_wrap.h pathnames.h match.h auth2-kbdint.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h log.h ssherr.h misc.h servconf.h +auth2-methods.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h misc.h servconf.h openbsd-compat/sys-queue.h xmalloc.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth2-none.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h misc.h servconf.h ssh2.h monitor_wrap.h auth2-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h ssherr.h log.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h monitor_wrap.h misc.h servconf.h auth2-pubkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h kex.h mac.h crypto_api.h sshbuf.h log.h ssherr.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h @@ -60,6 +61,7 @@ gss-serv.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-comp hash.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h hmac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h digest.h hmac.h hostfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h sshkey.h hostfile.h log.h ssherr.h misc.h pathnames.h digest.h hmac.h sshbuf.h +kex-names.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h kex.h mac.h crypto_api.h log.h ssherr.h match.h digest.h misc.h xmalloc.h kex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.h ssh2.h atomicio.h version.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h log.h ssherr.h kex.o: match.h misc.h monitor.h myproposal.h sshbuf.h digest.h xmalloc.h kexc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ssherr.h ssh2.h @@ -82,12 +84,13 @@ monitor.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api monitor.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h openbsd-compat/openssl-compat.h atomicio.h xmalloc.h ssh.h sshkey.h sshbuf.h hostfile.h auth.h auth-pam.h audit.h loginrec.h cipher.h cipher-chachapoly.h monitor_fdpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h monitor_fdpass.h monitor_wrap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h -monitor_wrap.o: loginrec.h auth-options.h packet.h dispatch.h log.h ssherr.h monitor.h monitor_wrap.h atomicio.h monitor_fdpass.h misc.h channels.h session.h servconf.h +monitor_wrap.o: loginrec.h auth-options.h packet.h dispatch.h log.h ssherr.h monitor.h atomicio.h monitor_fdpass.h misc.h channels.h session.h servconf.h monitor_wrap.h srclimit.h msg.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h ssherr.h log.h atomicio.h msg.h misc.h mux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h log.h ssherr.h ssh.h ssh2.h pathnames.h misc.h match.h sshbuf.h channels.h msg.h packet.h dispatch.h monitor_fdpass.h sshpty.h sshkey.h readconf.h clientloop.h nchan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h ssh2.h sshbuf.h ssherr.h packet.h dispatch.h channels.h compat.h log.h packet.o: channels.h ssh.h packet.h dispatch.h sshbuf.h packet.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h compat.h ssh2.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h digest.h log.h ssherr.h canohost.h misc.h +platform-listen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h misc.h platform-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h platform-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h platform-tracing.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h @@ -123,7 +126,7 @@ sftp-usergroup.o: includes.h config.h defines.h platform.h openbsd-compat/openbs sftp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ssherr.h pathnames.h misc.h utf8.h sftp.h sshbuf.h sftp-common.h sftp-client.h openbsd-compat/glob.h sftp-usergroup.h sk-usbhid.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sntrup761.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h -srclimit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h addr.h canohost.h log.h ssherr.h misc.h srclimit.h xmalloc.h +srclimit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h addr.h canohost.h log.h ssherr.h misc.h srclimit.h xmalloc.h servconf.h openbsd-compat/sys-queue.h match.h ssh-add.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h log.h ssherr.h sshkey.h sshbuf.h authfd.h authfile.h pathnames.h misc.h digest.h ssh-sk.h sk-api.h hostfile.h ssh-agent.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h sshkey.h authfd.h log.h ssherr.h misc.h digest.h match.h msg.h pathnames.h ssh-pkcs11.h sk-api.h myproposal.h ssh-dss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h @@ -146,19 +149,21 @@ ssh-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat ssh-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h canohost.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h packet.h dispatch.h sshbuf.h channels .h ssh.o: sshkey.h authfd.h authfile.h pathnames.h clientloop.h log.h ssherr.h misc.h readconf.h sshconnect.h kex.h mac.h crypto_api.h sshpty.h match.h msg.h version.h myproposal.h utf8.h -ssh_api.o: authfile.h misc.h version.h myproposal.h sshbuf.h openbsd-compat/openssl-compat.h +ssh_api.o: authfile.h dh.h misc.h version.h myproposal.h sshbuf.h openbsd-compat/openssl-compat.h ssh_api.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh_api.h openbsd-compat/sys-queue.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h ssh.h ssh2.h packet.h dispatch.h compat.h log.h ssherr.h sshbuf-getput-basic.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h sshbuf-getput-crypto.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf-io.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h atomicio.h sshbuf-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h sshbuf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h misc.h -sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h hostfile.h ssh.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h sshkey.h sshconnect.h log.h ssherr.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h ssh2.h version.h authfile.h authfd.h -sshconnect.o: kex.h mac.h crypto_api.h +sshconnect.o: authfd.h kex.h mac.h crypto_api.h +sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h hostfile.h ssh.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h sshkey.h sshconnect.h log.h ssherr.h match.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h ssh2.h version.h authfile.h sshconnect2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h packet.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h sshconnect2.o: sshconnect.h authfile.h dh.h authfd.h log.h ssherr.h misc.h readconf.h match.h canohost.h msg.h pathnames.h uidswap.h hostfile.h utf8.h ssh-sk.h sk-api.h -sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h log.h ssherr.h sshbuf.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h chacha.h -sshd.o: poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h crypto_api.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h sk-api.h srclimit.h dh.h +sshd-session.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h crypto_api.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h sk-api.h srclimit.h dh.h +sshd-session.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h log.h ssherr.h sshbuf.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h +sshd.o: audit.h loginrec.h authfd.h msg.h version.h sk-api.h addr.h srclimit.h +sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshpty.h log.h ssherr.h sshbuf.h misc.h servconf.h compat.h digest.h sshkey.h authfile.h pathnames.h canohost.h hostfile.h auth.h auth-pam.h ssherr.o: ssherr.h sshkey-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ssh2.h ssherr.h misc.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h match.h ssh-sk.h openbsd-compat/openssl-compat.h diff --git a/crypto/openssh/.git_allowed_signers b/crypto/openssh/.git_allowed_signers index 0313c1ecd17f..2a5fdc67c6ed 100644 --- a/crypto/openssh/.git_allowed_signers +++ b/crypto/openssh/.git_allowed_signers @@ -1,4 +1,6 @@ dtucker@dtucker.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKecyjh9aNmD4rb8WblA8v91JjRb0Cd2JtkzqxcggGeG +dtucker@dtucker.net sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBDV81zWQ1+XVfWH5z4L4klDQ/z/6l2GLphfSTX/Rmq6kL5H8mkfzUlryxLlkN8cD9srtVJBAmwJWfJBNsCo958YAAAAEc3NoOg== + djm@mindrot.org sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBLnJo3ZVDENYZGXm5uO9lU7b0iDFq5gHpTu1MaHPWTEfPdvw+AjFQQ/q5YizuMJkXGsMdYmblJEJZYHpm9IS7ZkAAAAEc3NoOg== djm@mindrot.org sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBJoAXBTQalfg+kC5wy1vE7HkIHtVnmV6AUuuIo9KQ1P+70juHwvsFKpsGaqQbrHJkTVgYDGVP02XHj8+Fb18yBIAAAAEc3NoOg== djm@mindrot.org sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBH+z1I48s6ydOhP5SJmI02zVCLf0K15B+UMHgoTIKVfUIv5oDoVX7e9f+7QiRmTeEOdZfQydiaVqsfi7qPSve+0AAAAEc3NoOg== diff --git a/crypto/openssh/.git_allowed_signers.asc b/crypto/openssh/.git_allowed_signers.asc index 5fc6118ca9a6..1a8401b838a3 100644 --- a/crypto/openssh/.git_allowed_signers.asc +++ b/crypto/openssh/.git_allowed_signers.asc @@ -1,16 +1,16 @@ -----BEGIN PGP SIGNATURE----- -iQIzBAABCgAdFiEEcWi5g4FaXu9ZpK39Kj9BTnNgYLoFAmMMMiIACgkQKj9BTnNg -YLpyGhAAhZ1RxmD62JnT0gnor1aD0inq1fGPRadaFvXH2OScPcxXMIZWx+otnyZ/ -H9s0bIti42dPHqurgh92KS2mDGVIW8Y8MvxFUr678+hdem1U7Xvjoo0uaveNhJhe -GxuQDOvXKRmmfL2c6w3wnFChFA1o3K+JNshjCHhWz7u6+UmY0Q9yIxqbSi+vmEPP -NfWPfGdu4h8r7q11UgTxRSUQkfZXMqpBtb367B9BLduGuKRFKEJNyi6WpjBrqy38 -BvEbAaL52KX8hEp3TKMjo38RbOK+veSoPV5zlLui0WlEwwasgljal3f4RkqCAJob -hqpFJRogM5XNnA2e68TDTf3buJ3wRRjuK39/CusOJz5v4i6+VCdte+BET1Y4gD6y -v8KV4pRyumcdbN3khFUkmaQsjo+fyQjWNrgOvv60J2xUWZdchn8lxHOxrfRVKnOi -BD4bdks7tPQY/XsS5GNJIp21Ji9HGyBajjHo0BlesLodw7FEOf6YE18A3n9qzosR -RliuP4Hs/Z4sCUuDTbpKtQiUVs40kBbkhEL8kS8FsXz3VO89hAWaUqNUYom8AkKv -nfDjrZDBLXuVj1Mi8qNPXxqrB/1Cza2/W4U7SK4TlMFXfoXXWxxhefN5vIdMhAJB -u9Mdz1pY9mowKbd0c0dR+3fauvjM133dzKuyeDHMqDa5JPyd59o= -=kgnS +iQIzBAABCgAdFiEEcWi5g4FaXu9ZpK39Kj9BTnNgYLoFAmYHnZ8ACgkQKj9BTnNg +YLquuQ/6A8E6P2jcgn3wmbbCTXP7kmxoh3nmw/e6PC8CEua1512oT3GHOKVD5cGK +cgYRObpWvjOjg7L1HRABftq7a9M2zfsGnY/WNe3/fbetfkyY8hG8c31vA1ePIOt2 +AjBLCWFblH0CtyH/MssoQ19JCLtXK/GmekB1Q0JzyOog7w/0r3CKuUnZ0juCYR1R +4FBePl5l3nFSZEcFEdptGlNGeuolS5XBCqB9Y91TCzkVkH5eXUUW+shgjNhWCEhT +pZvkxfhsmOEnwNofyPdgKVfDBVkHmvuC67EU395mJVN4c2NZ8pOztb9hOt3xr980 +q44I4kT2NpaApCx1dWIGhMy/37LJ8heI0W1B+ofTA5n34/RU8UXH3SCkj2AK6Ao5 +H2u8vbmuWKUCiECmrw35EeKGmtuK/bWJzx3KBP7fx5J9S3mWUgT4W4xlWNN9RWoU +sSvH1ppie5ARINVaAWl5k44fk60ahTf80DbQBIOZBmQn7myZZka+yGcQbAiZZ1Gc +0l8+Nf5Ao1ckmuyY5o8FyWdsyDeK3+MqjPn5Rr1CqbKCn2VnqrVWbI33Eyu8c96U +bxVgU5H1BDhNjJC8UrT3LFPvJMO8p3a0IJ3eHydjk2jVOhOdBZmA0yoqUTrhPpXq +ymIHESjDJR8TDe4TCfb46o9oEC3cdbDwgnzPqdg0n+0uIsJLYiU= +=gl+l -----END PGP SIGNATURE----- diff --git a/crypto/openssh/.github/ci-status.md b/crypto/openssh/.github/ci-status.md index 8d4cea10dba4..fbf7c5fd6117 100644 --- a/crypto/openssh/.github/ci-status.md +++ b/crypto/openssh/.github/ci-status.md @@ -6,10 +6,6 @@ master : [![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh) [![Coverity Status](https://scan.coverity.com/projects/21341/badge.svg)](https://scan.coverity.com/projects/openssh-portable) -9.4 : -[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_4)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_4) -[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_4)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_4) - -9.3 : -[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_3)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_3) -[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_3)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_3) +9.7 : +[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_7)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_7) +[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_7)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_7) diff --git a/crypto/openssh/.github/configs b/crypto/openssh/.github/configs index 370fe29a3ee4..6134cb6ed5e9 100755 --- a/crypto/openssh/.github/configs +++ b/crypto/openssh/.github/configs @@ -208,6 +208,7 @@ case "$config" in # and hostbased (since valgrind won't let ssh exec keysign). # Slow ones are run separately to increase parallelism. SKIP_LTESTS="agent-timeout connection-timeout hostbased" + SKIP_LTESTS="$SKIP_LTESTS penalty-expire" SKIP_LTESTS="$SKIP_LTESTS ${tests2} ${tests3} ${tests4} ${tests5}" ;; valgrind-2) @@ -289,7 +290,7 @@ case "${TARGET_HOST}" in hostkey-agent key-options keyscan knownhosts-command login-timeout reconfigure reexec rekey scp scp-uri scp3 sftp sftp-badcmds sftp-batch sftp-cmds sftp-glob sftp-perm sftp-uri stderr-data - transfer" + transfer penalty penalty-expire" SKIP_LTESTS="$(echo $T)" TEST_TARGET=t-exec SUDO="" diff --git a/crypto/openssh/.github/run_test.sh b/crypto/openssh/.github/run_test.sh index d5fd487d9009..17c1731ff860 100755 --- a/crypto/openssh/.github/run_test.sh +++ b/crypto/openssh/.github/run_test.sh @@ -9,6 +9,7 @@ set -ex # If we want to test hostbased auth, set up the host for it. if [ ! -z "$SUDO" ] && [ ! -z "$TEST_SSH_HOSTBASED_AUTH" ]; then sshconf=/usr/local/etc + $SUDO mkdir -p "${sshconf}" hostname | $SUDO tee $sshconf/shosts.equiv >/dev/null echo "EnableSSHKeysign yes" | $SUDO tee $sshconf/ssh_config >/dev/null $SUDO mkdir -p $sshconf diff --git a/crypto/openssh/.github/workflows/c-cpp.yml b/crypto/openssh/.github/workflows/c-cpp.yml index edb88f23c0fb..609028703f80 100644 --- a/crypto/openssh/.github/workflows/c-cpp.yml +++ b/crypto/openssh/.github/workflows/c-cpp.yml @@ -2,12 +2,13 @@ name: C/C++ CI on: push: - paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ] + paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/c-cpp.yaml' ] pull_request: - paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ] + paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/c-cpp.yaml' ] jobs: ci: + name: "${{ matrix.target }} ${{ matrix.config }}" if: github.repository != 'openssh/openssh-portable-selfhosted' strategy: fail-fast: false @@ -16,9 +17,9 @@ jobs: target: - ubuntu-20.04 - ubuntu-22.04 - - macos-11 - macos-12 - macos-13 + - macos-14 - windows-2019 - windows-2022 config: [default] @@ -62,8 +63,8 @@ jobs: - { target: ubuntu-latest, config: libressl-3.5.3 } - { target: ubuntu-latest, config: libressl-3.6.1 } - { target: ubuntu-latest, config: libressl-3.7.2 } - - { target: ubuntu-latest, config: libressl-3.8.3 } - - { target: ubuntu-latest, config: libressl-3.9.0 } + - { target: ubuntu-latest, config: libressl-3.8.4 } + - { target: ubuntu-latest, config: libressl-3.9.1 } - { target: ubuntu-latest, config: openssl-master } - { target: ubuntu-latest, config: openssl-noec } - { target: ubuntu-latest, config: openssl-1.1.1 } @@ -74,9 +75,12 @@ jobs: - { target: ubuntu-latest, config: openssl-3.1.0 } - { target: ubuntu-latest, config: openssl-3.1.5 } - { target: ubuntu-latest, config: openssl-3.2.1 } + - { target: ubuntu-latest, config: openssl-3.3.0 } - { target: ubuntu-latest, config: openssl-1.1.1_stable } - { target: ubuntu-latest, config: openssl-3.0 } # stable branch + - { target: ubuntu-latest, config: openssl-3.1 } # stable branch - { target: ubuntu-latest, config: openssl-3.2 } # stable branch + - { target: ubuntu-latest, config: openssl-3.3 } # stable branch - { target: ubuntu-latest, config: putty-0.71 } - { target: ubuntu-latest, config: putty-0.72 } - { target: ubuntu-latest, config: putty-0.73 } @@ -97,9 +101,9 @@ jobs: - { target: ubuntu-22.04, config: selinux } - { target: ubuntu-22.04, config: kitchensink } - { target: ubuntu-22.04, config: without-openssl } - - { target: macos-11, config: pam } - { target: macos-12, config: pam } - { target: macos-13, config: pam } + - { target: macos-14, config: pam } runs-on: ${{ matrix.target }} steps: - name: set cygwin git params diff --git a/crypto/openssh/.github/workflows/cifuzz.yml b/crypto/openssh/.github/workflows/cifuzz.yml index 7ca8c4719b61..ab8b1c6e0971 100644 --- a/crypto/openssh/.github/workflows/cifuzz.yml +++ b/crypto/openssh/.github/workflows/cifuzz.yml @@ -1,9 +1,9 @@ name: CIFuzz on: push: - paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ] + paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/cifuzz.yml' ] pull_request: - paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ] + paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/cifuzz.yml' ] jobs: Fuzzing: diff --git a/crypto/openssh/.github/workflows/selfhosted.yml b/crypto/openssh/.github/workflows/selfhosted.yml index 4f1c587a5779..167297359383 100644 --- a/crypto/openssh/.github/workflows/selfhosted.yml +++ b/crypto/openssh/.github/workflows/selfhosted.yml @@ -2,17 +2,25 @@ name: C/C++ CI self-hosted on: push: - paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ] + paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/selfhosted.yml' ] jobs: selfhosted: + name: "${{ matrix.target }} ${{ matrix.config }}" if: github.repository == 'openssh/openssh-portable-selfhosted' runs-on: ${{ matrix.host }} timeout-minutes: 600 env: + DEBUG_ACTIONS: false HOST: ${{ matrix.host }} TARGET_HOST: ${{ matrix.target }} TARGET_CONFIG: ${{ matrix.config }} + TARGET_DOMAIN: ${{ startsWith(matrix.host, 'libvirt') && format('{0}-{1}-{2}', matrix.target, matrix.config, github.run_id) || matrix.target }} + EPHEMERAL: ${{ startsWith(matrix.host, 'libvirt') }} + PERSISTENT: ${{ startsWith(matrix.host, 'persist') }} + REMOTE: ${{ startsWith(matrix.host, 'remote') }} + VM: ${{ startsWith(matrix.host, 'libvirt') || startsWith(matrix.host, 'persist') }} + SSHFS: ${{ startsWith(matrix.host, 'libvirt') || startsWith(matrix.host, 'persist') || startsWith(matrix.host, 'remote') }} strategy: fail-fast: false # We use a matrix in two parts: firstly all of the VMs are tested with the @@ -74,34 +82,46 @@ jobs: - { target: nbsd8, config: pam, host: libvirt } - { target: nbsd9, config: pam, host: libvirt } - { target: nbsd10, config: pam, host: libvirt } + # ARM64 VMs + - { target: obsd-arm64, config: default, host: libvirt-arm64 } # VMs with persistent disks that have their own runner. - - { target: win10, config: default, host: win10 } - - { target: win10, config: cygwin-release, host: win10 } - # Physical hosts, with either native runners or remote via ssh. + - { target: win10, config: default, host: persist-win10 } + - { target: win10, config: cygwin-release, host: persist-win10 } + # Physical hosts with native runners. - { target: ARM, config: default, host: ARM } - { target: ARM64, config: default, host: ARM64 } - { target: ARM64, config: pam, host: ARM64 } - - { target: debian-riscv64, config: default, host: debian-riscv64 } - - { target: obsd-arm64, config: default, host: obsd-arm64 } - - { target: openwrt-mips, config: default, host: openwrt-mips } - - { target: openwrt-mipsel, config: default, host: openwrt-mipsel } + # Physical hosts with remote runners. + - { target: debian-riscv64, config: default, host: remote-debian-riscv64 } + + - { target: openwrt-mips, config: default, host: remote-openwrt-mips } + - { target: openwrt-mipsel, config: default, host: remote-openwrt-mipsel } steps: + - name: unmount stale workspace + if: env.SSHFS == 'true' + run: fusermount -u ${GITHUB_WORKSPACE} || true + working-directory: ${{ runner.temp }} - name: shutdown VM if running + if: env.VM == 'true' run: vmshutdown - working-directory: ${{ runner.temp }} - uses: actions/checkout@main - name: autoreconf run: autoreconf - name: startup VM + if: env.VM == 'true' run: vmstartup working-directory: ${{ runner.temp }} + - name: copy and mount workspace + if: env.SSHFS == 'true' + run: sshfs_mount + working-directory: ${{ runner.temp }} - name: configure run: vmrun ./.github/configure.sh ${{ matrix.config }} - - name: save config - uses: actions/upload-artifact@main - with: - name: ${{ matrix.target }}-${{ matrix.config }}-config - path: config.h +# - name: save config +# uses: actions/upload-artifact@main +# with: +# name: ${{ matrix.target }}-${{ matrix.config }}-config +# path: config.h - name: make clean run: vmrun make clean - name: make @@ -120,7 +140,10 @@ jobs: regress/*.log regress/log/* regress/valgrind-out/ + - name: unmount workspace + if: always() && env.SSHFS == 'true' + run: fusermount -u ${GITHUB_WORKSPACE} || true + working-directory: ${{ runner.temp }} - name: shutdown VM - if: always() + if: always() && env.VM == 'true' run: vmshutdown - working-directory: ${{ runner.temp }} diff --git a/crypto/openssh/.github/workflows/upstream.yml b/crypto/openssh/.github/workflows/upstream.yml index b280793d31f3..e25adb423917 100644 --- a/crypto/openssh/.github/workflows/upstream.yml +++ b/crypto/openssh/.github/workflows/upstream.yml @@ -3,22 +3,29 @@ name: Upstream self-hosted on: push: branches: [ master ] - paths: [ '**.c', '**.h', '.github/**' ] + paths: [ '**.c', '**.h', '**.sh', '.github/configs', '.github/workflows/upstream.yml' ] jobs: selfhosted: + name: "upstream ${{ matrix.target }} ${{ matrix.config }}" if: github.repository == 'openssh/openssh-portable-selfhosted' runs-on: 'libvirt' env: + DEBUG_ACTIONS: true + EPHEMERAL: true HOST: 'libvirt' TARGET_HOST: ${{ matrix.target }} TARGET_CONFIG: ${{ matrix.config }} + TARGET_DOMAIN: ${{ format('{0}-{1}-{2}', matrix.target, matrix.config, github.run_id) || matrix.target }} strategy: fail-fast: false matrix: target: [ obsdsnap, obsdsnap-i386 ] config: [ default, without-openssl, ubsan ] steps: + - name: unmount stale workspace + run: fusermount -u ${GITHUB_WORKSPACE} || true + working-directory: ${{ runner.temp }} - name: shutdown VM if running run: vmshutdown working-directory: ${{ runner.temp }} @@ -26,6 +33,9 @@ jobs: - name: startup VM run: vmstartup working-directory: ${{ runner.temp }} + - name: copy and mount workspace + run: sshfs_mount + working-directory: ${{ runner.temp }} - name: update source run: vmrun "cd /usr/src && cvs up -dPA usr.bin/ssh regress/usr.bin/ssh" - name: make clean @@ -33,7 +43,7 @@ jobs: - name: make run: vmrun "cd /usr/src/usr.bin/ssh && case ${{ matrix.config }} in without-openssl) make OPENSSL=no;; ubsan) make DEBUG='-fsanitize-minimal-runtime -fsanitize=undefined';; *) make; esac" - name: make install - run: vmrun "cd /usr/src/usr.bin/ssh && sudo make install" + run: vmrun "cd /usr/src/usr.bin/ssh && sudo make install && sudo /etc/rc.d/sshd -f restart" - name: make tests` run: vmrun "cd /usr/src/regress/usr.bin/ssh && case ${{ matrix.config }} in without-openssl) make OPENSSL=no;; ubsan) make DEBUG='-fsanitize-minimal-runtime -fsanitize=undefined';; *) make; esac" env: @@ -47,6 +57,10 @@ jobs: path: | /usr/obj/regress/usr.bin/ssh/obj/*.log /usr/obj/regress/usr.bin/ssh/obj/log/* + - name: unmount workspace + if: always() + run: fusermount -u ${GITHUB_WORKSPACE} || true + working-directory: ${{ runner.temp }} - name: shutdown VM if: always() run: vmshutdown diff --git a/crypto/openssh/.gitignore b/crypto/openssh/.gitignore index 7fccc6fe3dc3..41d505c46dde 100644 --- a/crypto/openssh/.gitignore +++ b/crypto/openssh/.gitignore @@ -1,18 +1,14 @@ Makefile buildpkg.sh config.h -config.h.in config.h.in~ config.log config.status -configure -aclocal.m4 openbsd-compat/Makefile openbsd-compat/regress/Makefile openssh.xml opensshd.init survey.sh -**/*.0 **/*.o **/*.lo **/*.so @@ -36,3 +32,4 @@ sshd !regress/misc/fuzz-harness/Makefile !regress/unittests/sshsig/Makefile tags + diff --git a/crypto/openssh/.skipped-commit-ids b/crypto/openssh/.skipped-commit-ids index 06303955c566..ec7831e5ff53 100644 --- a/crypto/openssh/.skipped-commit-ids +++ b/crypto/openssh/.skipped-commit-ids @@ -29,6 +29,14 @@ f9a0726d957cf10692a231996a1f34e7f9cdfeb0 moduli update 1e0a2692b7e20b126dda60bf04999d1d30d959d8 sshd relinking makefile changes e1dc11143f83082e3154d6094f9136d0dc2637ad more relinking makefile tweaks 5a636f6ca7f25bfe775df4952f7aac90a7fcbbee moduli update +ef9341d5a50f0d33e3a6fbe995e92964bc7ef2d3 Makefile relinking changes +2fe8d707ae35ba23c7916adcb818bb5b66837ba0 ssh-agent relink kit +866cfcc1955aef8f3fc32da0b70c353a1b859f2e ssh-agent relink changes +8b3820adb4da4e139c4b3cffbcc0bde9f08bf0c6 sshd-session relink kit +6d2ded4cd91d4d727c2b26e099b91ea935bed504 relink kit +fb39324748824cb0387e9d67c41d1bef945c54ea Makefile change +5f378c38ad8976d507786dc4db9283a879ec8cd0 Makefile change +112aacedd3b61cc5c34b1fa6d9fb759214179172 Makefile change Old upstream tree: diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog index 3bbccf5ea3eb..a1a52651718e 100644 --- a/crypto/openssh/ChangeLog +++ b/crypto/openssh/ChangeLog @@ -1,8300 +1,8666 @@ -commit 86bdd3853f4d32c85e295e6216a2fe0953ad93f0 +commit fa41f6592ff1b6ead4a652ac75af31eabb05b912 Author: Damien Miller -Date: Mon Mar 11 16:20:49 2024 +1100 +Date: Mon Jul 1 14:33:26 2024 +1000 - version number in README + version numbers -commit 282721418e6465bc39ccfd39bb0133e670ee4423 -Author: Damien Miller -Date: Mon Mar 11 16:20:08 2024 +1100 +commit bfebb8a5130a792c5356bd06e1ddef72a0a0449f +Author: djm@openbsd.org +Date: Mon Jul 1 04:31:59 2024 +0000 - crank RPM spec versions + upstream: openssh-9.8 + + OpenBSD-Commit-ID: 5f8b89e38a4c5f7c6d52ffa19f796d49f36fab19 -commit 3876a3bbd2ca84d23ba20f8b69ba83270c04ce3a +commit 146c420d29d055cc75c8606327a1cf8439fe3a08 Author: djm@openbsd.org -Date: Mon Mar 11 04:59:47 2024 +0000 +Date: Mon Jul 1 04:31:17 2024 +0000 - upstream: openssh-9.7 + upstream: when sending ObscureKeystrokeTiming chaff packets, we - OpenBSD-Commit-ID: 618ececf58b8cdae016b149787af06240f7b0cbc + can't rely on channel_did_enqueue to tell that there is data to send. This + flag indicates that the channels code enqueued a packet on _this_ ppoll() + iteration, not that data was enqueued in _any_ ppoll() iteration in the + timeslice. ok markus@ + + OpenBSD-Commit-ID: 009b74fd2769b36b5284a0188ade182f00564136 -commit 8fc109cc614954a8eb2738c48c0db36a62af9a06 -Author: Darren Tucker -Date: Mon Mar 11 12:59:26 2024 +1100 +commit 637e4dfea4ed81264e264b6200172ce319c64ead +Author: djm@openbsd.org +Date: Mon Jul 1 03:10:19 2024 +0000 - Test against current OpenSSL and LibreSSL releases. + upstream: use "lcd" to change directory before "lls" rather then "cd", - Add LibreSSL 3.9.0, bump older branches to their respective current - releases. + since the directory we're trying to list is local. Spotted by Corinna + Vinschen + + OpenBSD-Regress-ID: 821feca4a4bebe491944e624c8f7f2990b891415 -commit 26b09b45fec7b88ba09042c09be4157e58e231e2 -Author: Damien Miller -Date: Sun Mar 10 16:24:57 2024 +1100 +commit c8cfe258cee0b8466ea84597bf15e1fcff3bc328 +Author: djm@openbsd.org +Date: Thu Jun 27 23:01:15 2024 +0000 - quote regexes used to test for algorithm support + upstream: delete obsolete comment - Fixes test failures on Solaris 8 reported by Tom G. Christensen + OpenBSD-Commit-ID: 5fb04f298ed155053f3fbfdf0c6fe7cdf84bbfa2 -commit a6a740a4948d10a622b505135bb485c10f21db5e +commit 94b9d37100f6fa536aaa1d1a0e4926fe44fbf04d Author: djm@openbsd.org -Date: Sat Mar 9 05:12:13 2024 +0000 +Date: Thu Jun 27 22:36:44 2024 +0000 - upstream: avoid logging in signal handler by converting mainloop to + upstream: retire unused API - ppoll() bz3670, reported by Ben Hamilton; ok dtucker@ + OpenBSD-Commit-ID: 3e30d7b0615e2707f6bbe70f61b1c2f72f78161b + +commit 268c3a7f5783e731ed60f4e28da66ee3743581d3 +Author: jmc@openbsd.org +Date: Thu Jun 27 21:02:16 2024 +0000 + + upstream: ssl(8) no longer contains a HISTORY section; - OpenBSD-Commit-ID: e58f18042b86425405ca09e6e9d7dfa1df9f5f7f + OpenBSD-Commit-ID: 83b7ff34433d79595e9c2a5d2a561a6660251245 -commit cd82f7526e0481720567ae41db7849ab1c27e27b +commit 12b6cc09ce6c430681f03af2a8069e37a664690b Author: djm@openbsd.org -Date: Fri Mar 8 22:16:32 2024 +0000 +Date: Wed Jun 26 23:47:46 2024 +0000 - upstream: skip more whitespace, fixes find-principals on + upstream: move child process waitpid() loop out of SIGCHLD handler; - allowed_signers files with blank lines; reported by Wiktor Kwapisiewicz + ok deraadt - OpenBSD-Commit-ID: b3a22a2afd753d70766f34bc7f309c03706b5298 + OpenBSD-Commit-ID: 65815a39564e431414aed7c5ace8076f4e9ca741 -commit 2f9d2af5cb19905d87f37d1e11c9f035ac5daf3b -Author: dtucker@openbsd.org -Date: Fri Mar 8 11:34:10 2024 +0000 +commit d6bcd13297c2ab8b528df5a6898f994734849031 +Author: deraadt@openbsd.org +Date: Wed Jun 26 23:16:52 2024 +0000 - upstream: Invoke ProxyCommand that uses stderr redirection via + upstream: Instead of using possibly complex ssh_signal(), write all - $TEST_SHELL. Fixes test when run by a user whose login shell is tcsh. - Found by vinschen at redhat.com. + the parts of the grace_alarm_handler() using the exact things allowed by the + signal-safe rules. This is a good rule of thumb: Handlers should be written + to either set a global volatile sig_atomic_t inspected from outside, and/or + directly perform only safe operations listed in our sigaction(2) manual page. + ok djm markus - OpenBSD-Regress-ID: f68d79e7f00caa8d216ebe00ee5f0adbb944062a + OpenBSD-Commit-ID: 14168ae8368aab76e4ed79e17a667cb46f404ecd -commit 9b3f0beb4007a7e01dfedabb429097fb593deae6 -Author: Darren Tucker -Date: Thu Mar 7 17:18:14 2024 +1100 +commit b8793e2b0851f7d71b97554fa5260b23796d6277 +Author: deraadt@openbsd.org +Date: Wed Jun 26 23:14:14 2024 +0000 - Prefer openssl binary from --with-ssl-dir directory. + upstream: save_errno wrappers inside two small signal handlers that - Use openssl in the directory specified by --with-ssl-dir as long - as it's functional. Reported by The Doctor. + perform system calls, for systems with libc that do perform libc sigtramps. + ok djm markus + + OpenBSD-Commit-ID: 7749b56419a7c9dcfe4c6c04811e429813346c62 -commit c47e1c9c7911f38b2fc2fb01b1f6ae3a3121a838 -Author: djm@openbsd.org -Date: Wed Mar 6 02:59:59 2024 +0000 +commit f23e9332c4c8df37465c4a4f38275ea98980ed7e +Author: jmc@openbsd.org +Date: Mon Jun 24 06:59:39 2024 +0000 - upstream: fix memory leak in mux proxy mode when requesting forwarding. + upstream: - uppercase start of sentence - correct sentence grammar - found by RASU JSC, reported by Maks Mishin in GHPR#467 + ok djm - OpenBSD-Commit-ID: 97d96a166b1ad4b8d229864a553e3e56d3116860 + OpenBSD-Commit-ID: 1ec4b0fdb633a43667f2c8fff1d600bd647dde25 -commit 242742827fea4508e68097c128e802edc79addb5 +commit 1839e3eb71a759aa795602c1e4196300f4ac2615 Author: djm@openbsd.org -Date: Wed Mar 6 00:31:04 2024 +0000 +Date: Mon Jun 24 04:05:11 2024 +0000 - upstream: wrap a few PKCS#11-specific bits in ENABLE_PKCS11 + upstream: mention SshdSessionPath option - OpenBSD-Commit-ID: 463e4a69eef3426a43a2b922c4e7b2011885d923 + OpenBSD-Commit-ID: c29734d36c21003973b15c1c9965c35f36cef30c -commit d52b6509210e2043f33e5a1de58dd4a0d5d48c2a -Author: Damien Miller -Date: Wed Mar 6 11:31:36 2024 +1100 +commit 603193e32aef5db7d60c58066d5de89806e79312 +Author: Darren Tucker +Date: Thu Jun 20 18:45:14 2024 +1000 - disable RSA tests when algorithm is not supported + Rerun upstream tests on .sh file changes too. + +commit dbbf9337c19381786a8e5a8a49152fe6b80c780d +Author: dtucker@openbsd.org +Date: Thu Jun 20 08:23:18 2024 +0000 + + upstream: Work around dbclient cipher/mac query bug. - Unbreaks "make test" when compiled --without-openssl. + Unlike earlier versions, recent Dropbear (at least v2024.85) requires + a host arg when querying supported ciphers and macs via "-c/-m + help". Earlier versions accept but do not require it, so always + provide it. If these queries fail, skip the test with a warning. - Similar treatment to how we do DSA and ECDSA. + OpenBSD-Regress-ID: 98eb863a3f0363416922efb273885e6b3c7f68d4 -commit 668d270a6c77e8b5a1da26ecad2e6de9f62c8fe4 -Author: Damien Miller -Date: Wed Mar 6 10:33:20 2024 +1100 +commit 8de2c8cebc46bbdb94b7a2c120fcadfb66a3cccc +Author: dtucker@openbsd.org +Date: Thu Jun 20 08:18:34 2024 +0000 - add a --without-retpoline configure option + upstream: Remove dropbear key types not supported - discussed with deraadt and dtucker a while ago + by current OpenSSH. Allows subsequent test runs to work if OpenSSH is + rebuilt w/out OpenSSL. + + OpenBSD-Regress-ID: e0129eb2b1d31771105903a8055216fbba20a770 -commit 3deb501f86fc47e175ef6a3eaba9b9846a80d444 +commit e9b6471c59b21e5d9ef1b3832d4bf727338add85 Author: djm@openbsd.org -Date: Mon Mar 4 04:13:18 2024 +0000 +Date: Thu Jun 20 00:18:05 2024 +0000 - upstream: fix leak of CanonicalizePermittedCNAMEs on error path; - - spotted by Coverity (CID 438039) + upstream: stricter check for overfull tables in penalty record path - OpenBSD-Commit-ID: 208839699939721f452a4418afc028a9f9d3d8af + OpenBSD-Commit-ID: 7df01e648a0723418c554e64a9f2b6d38db060a6 -commit 65a44a8a4f7d902a64d4e60eda84384b2e2a24a2 +commit d9336d344eb2a1e898c5e66147b3f108c7214694 Author: djm@openbsd.org -Date: Mon Mar 4 02:16:11 2024 +0000 +Date: Wed Jun 19 23:24:47 2024 +0000 - upstream: Separate parsing of string array options from applying them - - to the active configuration. This fixes the config parser from erroneously - rejecting cases like: + upstream: put back reaping of preauth child process when writes - AuthenticationMethods password - Match User ivy - AuthenticationMethods any + from the monitor fail. Not sure how this got lost in the avalanche of + patches. - bz3657 ok markus@ + OpenBSD-Commit-ID: eb7eb36371e1ac01050b32b70fb2b3e5d98e72f5 + +commit 579d9adb70ec0206a788eb5c63804c31a67e9310 +Author: naddy@openbsd.org +Date: Mon Jun 17 13:50:18 2024 +0000 + + upstream: remove one more mention of DSA - OpenBSD-Commit-ID: 7f196cba634c2a3dba115f3fac3c4635a2199491 + OpenBSD-Commit-ID: 8515f55a15f02836ba657df341415f63c60526ca -commit 6886e1b1f55c90942e4e6deed930f8ac32e0f938 +commit 7089b5f8436ef0b8d3d3ad9ce01045fb9e7aab15 Author: Darren Tucker -Date: Thu Feb 22 17:59:35 2024 +1100 +Date: Wed Jun 19 23:09:05 2024 +1000 - Add nbsd10 test target. + Move -f to the place needed to restart sshd. -commit d86bf8a3f6ea4fa7887406c2aa9959db71fa41be -Author: Damien Miller -Date: Thu Feb 22 12:06:10 2024 +1100 +commit d5f83cfd852b14a25f347f082ab539a9454702ad +Author: Darren Tucker +Date: Wed Jun 19 21:04:01 2024 +1000 - more descriptive configure test name + Need to supply "-f" to restart sshd. -commit 9ee335aacc9f5bdc4cc2c19fafb45e27be7d234e -Author: djm@openbsd.org -Date: Wed Feb 21 06:17:29 2024 +0000 +commit fad34b4ca25c0ef31e5aa841d461b6f21da5b8c1 +Author: dtucker@openbsd.org +Date: Wed Jun 19 10:15:51 2024 +0000 - upstream: explain arguments of internal-sftp GHPR#454 from Niklas + upstream: Provide defaults for ciphers and macs - Hambüchen - MIME-Version: 1.0 - Content-Type: text/plain; charset=UTF-8 - Content-Transfer-Encoding: 8bit + if querying for them fails since on some versions of Dropbear (at least + v2024.85) "-m help" doesn't seem to work. Enable all supported pubkey + algorithms in the server. - OpenBSD-Commit-ID: 0335d641ae6b5b6201b9ffd5dd06345ebbd0a3f3 + OpenBSD-Regress-ID: 4f95556a49ee9f621789f25217c367a33d2745ca -commit d1164cb1001dd208fee88aaa9b43d5e6fd917274 -Author: djm@openbsd.org -Date: Wed Feb 21 06:06:43 2024 +0000 +commit 5521060e35ada9f957cecdddc06d0524e75409ef +Author: dtucker@openbsd.org +Date: Wed Jun 19 10:10:46 2024 +0000 *** 25859 LINES SKIPPED *** From nobody Thu Feb 20 17:57:01 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzLYp24M4z5pCvX; Thu, 20 Feb 2025 17:57:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzLYn6qLJz49Qm; Thu, 20 Feb 2025 17:57:01 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740074221; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Whh1XaqHgZELbSOZJxgnIVOAmZvk8s0Z6kEs4SNxk7o=; b=fGLQesx70A33HMECqCR1RiRzc8GGyXTAc2s4fD4LRCihwlk+BE/fRD+gC0GXVV9ITI+S5T TtdSibut1E5oqP1nfGZ1AeVtLltZFfbrPos2/T/RLecNDVhzkKMnZw0A29F+A/xjE3lwwc 3gpowZY0939Vba83cd9YgXPsORJ51cqUfkTloS4KXc79DGJ/0jHvgiAwHSF9pz+O7STb5x YleSyQIbXr/7UJ/WiFx3HKmTTHT/SKqTrX3aQpP2btzmKijG4s3N9uZRTxxjXuK/VRQbN+ HB7WA+MrZI5V8HRi5ReazK+VQynbby+84yvrZ7vM8qQcT1LvWHjXMXXizGaaAA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740074221; a=rsa-sha256; cv=none; b=kCElJXb0UbF2NqUuNl/+GfqWSXR7t5zBQhd4Q0mgmLHysgYxHhPz61iRJGhCoofZ4A/8Pi 8GXRE9ag5uLvGnZMQQD/HMmofjV5gOCZmB9cHZDCCGKW4zM41nfhDbrT5k9uDD93maY6hc YTPaa73BML+J+eteE77+I0kwQWxRCXWsRBdO3XxDry3lFf9lNKx/NknkLesaY1OMVUE1oq W6OB/CXGImKWVp/ibfCWA/gL1eaFHnpj+G7PhsIatoTZXQoQHcPz1sZOFuK8lnau9H2R5E hOin6dRSnOYBnpWPbWrmJQvG23BiqS9PoXwMhUxOHYnABHLVabx15J9wRzZ8Eg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740074221; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Whh1XaqHgZELbSOZJxgnIVOAmZvk8s0Z6kEs4SNxk7o=; b=D3rxo5Wz0u+X4WdpjpnNjAMKrNmBaAiZWLoxU5AA0AcxSdH5Ns61/OWt966/0m1neGF+B6 2+N87XjWIO0XFo9cJqMC6IiYvkSrwtm2tyaR9USYoacqU2aR7kenNJZz63zM7qFE3sWJvh CABYTQUEkWzajuqRaVUCwyGKDT7Ctg4WK4o+LELpUBWYBu1Zm+d4UIAk6hvMT5jaFDPBzI dwYs2n4zD8EIuQ+lqnp1xWyqw3k1jaEIEOSBzqpI0aazLXplpaCn2TWXNJ+Wbw9HPQukVj //MpuYn9szYue30bNTP9+r64rGf/3hjziNJ/b4d6uUvWzCmQ0Cf6PTqwE6SJ8A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzLYn6Hngz12hV; Thu, 20 Feb 2025 17:57:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51KHv13t068127; Thu, 20 Feb 2025 17:57:01 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51KHv1Kg068120; Thu, 20 Feb 2025 17:57:01 GMT (envelope-from git) Date: Thu, 20 Feb 2025 17:57:01 GMT Message-Id: <202502201757.51KHv1Kg068120@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 6e688e6d4f93 - stable/13 - openssh: Update to 9.9p1 List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 6e688e6d4f9305441adce78079beaf1030e2881b Auto-Submitted: auto-generated The branch stable/13 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=6e688e6d4f9305441adce78079beaf1030e2881b commit 6e688e6d4f9305441adce78079beaf1030e2881b Author: Ed Maste AuthorDate: 2025-02-19 19:08:59 +0000 Commit: Ed Maste CommitDate: 2025-02-20 17:56:23 +0000 openssh: Update to 9.9p1 Highlights from the release notes are reproduced below. Bug fixes and improvements that were previously merged into FreeBSD have been elided. See the upstream release notes for full details of the 9.9p1 release (https://www.openssh.com/releasenotes.html). --- Future deprecation notice ========================= OpenSSH plans to remove support for the DSA signature algorithm in early 2025. Potentially-incompatible changes -------------------------------- * ssh(1): remove support for pre-authentication compression. * ssh(1), sshd(8): processing of the arguments to the "Match" configuration directive now follows more shell-like rules for quoted strings, including allowing nested quotes and \-escaped characters. New features ------------ * ssh(1), sshd(8): add support for a new hybrid post-quantum key exchange based on the FIPS 203 Module-Lattice Key Enapsulation mechanism (ML-KEM) combined with X25519 ECDH as described by https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03 This algorithm "mlkem768x25519-sha256" is available by default. * ssh(1), sshd(8), ssh-agent(1): prevent private keys from being included in core dump files for most of their lifespans. This is in addition to pre-existing controls in ssh-agent(1) and sshd(8) that prevented coredumps. This feature is supported on OpenBSD, Linux and FreeBSD. * All: convert key handling to use the libcrypto EVP_PKEY API, with the exception of DSA. Bugfixes -------- * sshd(8): do not apply authorized_keys options when signature verification fails. Prevents more restrictive key options being incorrectly applied to subsequent keys in authorized_keys. bz3733 * ssh-keygen(1): include pathname in some of ssh-keygen's passphrase prompts. Helps the user know what's going on when ssh-keygen is invoked via other tools. Requested in GHPR503 * ssh(1), ssh-add(1): make parsing user@host consistently look for the last '@' in the string rather than the first. This makes it possible to more consistently use usernames that contain '@' characters. * ssh(1), sshd(8): be more strict in parsing key type names. Only allow short names (e.g "rsa") in user-interface code and require full SSH protocol names (e.g. "ssh-rsa") everywhere else. bz3725 * ssh-keygen(1): clarify that ed25519 is the default key type generated and clarify that rsa-sha2-512 is the default signature scheme when RSA is in use. GHPR505 --- Reviewed by: jlduran (build infrastructure) Reviewed by: cy (build infrastructure) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D48947 (cherry picked from commit 3d9fd9fcb432750f3716b28f6ccb0104cd9d351a) Approved by: re (accelerated MFC) (cherry picked from commit 802386cd37f638eec9606cb10d3dd03c8f1d6c17) --- crypto/openssh/.depend | 3 +- crypto/openssh/.github/ci-status.md | 4 + crypto/openssh/.github/configs | 8 +- crypto/openssh/.github/setup_ci.sh | 2 +- crypto/openssh/.github/workflows/c-cpp.yml | 1 - crypto/openssh/.github/workflows/selfhosted.yml | 3 + crypto/openssh/ChangeLog | 11538 ++++++++--------- crypto/openssh/LICENCE | 41 + crypto/openssh/Makefile.in | 2 +- crypto/openssh/README | 2 +- crypto/openssh/auth.c | 5 +- crypto/openssh/channels.c | 8 +- crypto/openssh/channels.h | 4 +- crypto/openssh/cipher.c | 8 +- crypto/openssh/config.h | 6 + crypto/openssh/configure.ac | 11 +- crypto/openssh/contrib/redhat/openssh.spec | 6 +- crypto/openssh/contrib/ssh-copy-id | 62 +- crypto/openssh/contrib/ssh-copy-id.1 | 21 +- crypto/openssh/contrib/suse/openssh.spec | 2 +- crypto/openssh/crypto_api.h | 7 +- crypto/openssh/defines.h | 4 +- crypto/openssh/kex-names.c | 8 +- crypto/openssh/kex.c | 4 +- crypto/openssh/kex.h | 16 +- crypto/openssh/kexc25519.c | 4 +- crypto/openssh/kexgen.c | 15 +- crypto/openssh/kexmlkem768x25519.c | 280 + crypto/openssh/kexsntrup761x25519.c | 6 +- crypto/openssh/libcrux_mlkem768_sha3.h | 12332 +++++++++++++++++++ crypto/openssh/loginrec.c | 89 +- crypto/openssh/match.c | 8 +- crypto/openssh/mlkem768.sh | 148 + crypto/openssh/moduli | 879 +- crypto/openssh/monitor.c | 15 +- crypto/openssh/mux.c | 28 +- crypto/openssh/myproposal.h | 4 +- crypto/openssh/nchan.c | 6 +- crypto/openssh/openbsd-compat/arc4random.h | 2 + crypto/openssh/openbsd-compat/openssl-compat.c | 26 + crypto/openssh/openbsd-compat/openssl-compat.h | 10 + crypto/openssh/openbsd-compat/port-linux.c | 2 +- crypto/openssh/packet.c | 24 +- crypto/openssh/packet.h | 6 +- crypto/openssh/readconf.c | 164 +- crypto/openssh/regress/cfginclude.sh | 26 +- crypto/openssh/regress/misc/fuzz-harness/Makefile | 44 +- .../regress/misc/fuzz-harness/mkcorpus_sntrup761.c | 82 + .../misc/fuzz-harness/sntrup761_dec_fuzz.cc | 74 + .../misc/fuzz-harness/sntrup761_enc_fuzz.cc | 57 + .../regress/misc/fuzz-harness/watch-sntrup761.sh | 20 + crypto/openssh/regress/multiplex.sh | 29 +- crypto/openssh/regress/rekey.sh | 118 +- crypto/openssh/regress/unittests/kex/Makefile | 3 +- crypto/openssh/regress/unittests/kex/test_kex.c | 6 +- crypto/openssh/regress/unittests/sshkey/common.c | 18 +- .../openssh/regress/unittests/sshkey/test_file.c | 11 +- .../openssh/regress/unittests/sshkey/test_sshkey.c | 26 +- .../openssh/regress/unittests/test_helper/fuzz.c | 2 +- crypto/openssh/servconf.c | 79 +- crypto/openssh/servconf.h | 6 +- crypto/openssh/sntrup761.c | 2886 +++-- crypto/openssh/sntrup761.sh | 62 +- crypto/openssh/srclimit.c | 4 + crypto/openssh/srclimit.h | 12 +- crypto/openssh/ssh-add.c | 4 +- crypto/openssh/ssh-ecdsa-sk.c | 49 +- crypto/openssh/ssh-ecdsa.c | 258 +- crypto/openssh/ssh-keygen.1 | 8 +- crypto/openssh/ssh-keygen.c | 93 +- crypto/openssh/ssh-keyscan.c | 5 +- crypto/openssh/ssh-pkcs11-client.c | 83 +- crypto/openssh/ssh-pkcs11-helper.c | 89 +- crypto/openssh/ssh-pkcs11.c | 42 +- crypto/openssh/ssh-rsa.c | 385 +- crypto/openssh/ssh-sk.c | 29 +- crypto/openssh/ssh.1 | 6 +- crypto/openssh/ssh_api.c | 4 +- crypto/openssh/ssh_config.5 | 22 +- crypto/openssh/ssh_namespace.h | 31 +- crypto/openssh/sshbuf-getput-crypto.c | 12 +- crypto/openssh/sshbuf.c | 18 +- crypto/openssh/sshbuf.h | 4 +- crypto/openssh/sshconnect2.c | 3 +- crypto/openssh/sshd-session.c | 31 +- crypto/openssh/sshd.8 | 8 +- crypto/openssh/sshd.c | 14 +- crypto/openssh/sshd_config.5 | 45 +- crypto/openssh/sshkey.c | 290 +- crypto/openssh/sshkey.h | 27 +- crypto/openssh/version.h | 4 +- secure/lib/libssh/Makefile | 2 +- 92 files changed, 22746 insertions(+), 8209 deletions(-) diff --git a/crypto/openssh/.depend b/crypto/openssh/.depend index 1d7d0606c657..45fc6b9afea1 100644 --- a/crypto/openssh/.depend +++ b/crypto/openssh/.depend @@ -71,6 +71,7 @@ kexgen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat kexgex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h kexgexc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h kexgexs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +kexmlkem768x25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ssherr.h log.h kexsntrup761x25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h krl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h sshbuf.h ssherr.h sshkey.h authfile.h misc.h log.h digest.h bitmap.h utf8.h krl.h log.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h match.h @@ -80,7 +81,7 @@ mac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h match.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h misc.h misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h log.h ssherr.h ssh.h sshbuf.h moduli.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h -monitor.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h dh.h packet.h dispatch.h auth-options.h sshpty.h channels.h session.h sshlogin.h canohost.h log.h ssherr.h misc.h servconf.h monitor.h monitor_wrap.h monitor_fdpass.h compat.h ssh2.h authfd.h match.h sk-api.h +monitor.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h dh.h packet.h dispatch.h auth-options.h sshpty.h channels.h session.h sshlogin.h canohost.h log.h ssherr.h misc.h servconf.h monitor.h monitor_wrap.h monitor_fdpass.h compat.h ssh2.h authfd.h match.h sk-api.h srclimit.h monitor.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h openbsd-compat/openssl-compat.h atomicio.h xmalloc.h ssh.h sshkey.h sshbuf.h hostfile.h auth.h auth-pam.h audit.h loginrec.h cipher.h cipher-chachapoly.h monitor_fdpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h monitor_fdpass.h monitor_wrap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h diff --git a/crypto/openssh/.github/ci-status.md b/crypto/openssh/.github/ci-status.md index fbf7c5fd6117..4fa73894ce76 100644 --- a/crypto/openssh/.github/ci-status.md +++ b/crypto/openssh/.github/ci-status.md @@ -6,6 +6,10 @@ master : [![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh) [![Coverity Status](https://scan.coverity.com/projects/21341/badge.svg)](https://scan.coverity.com/projects/openssh-portable) +9.8 : +[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_8)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_8) +[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_8)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_8) + 9.7 : [![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_7)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_7) [![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_7)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_7) diff --git a/crypto/openssh/.github/configs b/crypto/openssh/.github/configs index 6134cb6ed5e9..4f47f820b506 100755 --- a/crypto/openssh/.github/configs +++ b/crypto/openssh/.github/configs @@ -187,7 +187,7 @@ case "$config" in LIBCRYPTOFLAGS="--without-openssl" TEST_TARGET=t-exec ;; - valgrind-[1-5]|valgrind-unit) + valgrind-[1-4]|valgrind-unit) # rlimit sandbox and FORTIFY_SOURCE confuse Valgrind. CONFIGFLAGS="--without-sandbox --without-hardening" CONFIGFLAGS="$CONFIGFLAGS --with-cppflags=-D_FORTIFY_SOURCE=0" @@ -197,10 +197,9 @@ case "$config" in # Valgrind slows things down enough that the agent timeout test # won't reliably pass, and the unit tests run longer than allowed # by github so split into separate tests. - tests2="integrity try-ciphers" + tests2="integrity try-ciphers rekey" tests3="krl forward-control sshsig agent-restrict kextype sftp" tests4="cert-userkey cert-hostkey kextype sftp-perm keygen-comment percent" - tests5="rekey" case "$config" in valgrind-1) # All tests except agent-timeout (which is flaky under valgrind), @@ -220,9 +219,6 @@ case "$config" in valgrind-4) LTESTS="${tests4}" ;; - valgrind-5) - LTESTS="${tests5}" - ;; valgrind-unit) TEST_TARGET="unit USE_VALGRIND=1" ;; diff --git a/crypto/openssh/.github/setup_ci.sh b/crypto/openssh/.github/setup_ci.sh index f0f2761c7107..7e1becaac2df 100755 --- a/crypto/openssh/.github/setup_ci.sh +++ b/crypto/openssh/.github/setup_ci.sh @@ -14,7 +14,7 @@ case "$host" in echo Removing extended ACLs so umask works as expected. setfacl -b . regress PACKAGES="$PACKAGES,autoconf,automake,cygwin-devel,gcc-core" - PACKAGES="$PACKAGES,make,openssl-devel,zlib-devel" + PACKAGES="$PACKAGES,make,openssl,libssl-devel,zlib-devel" ;; *-darwin*) PACKAGER=brew diff --git a/crypto/openssh/.github/workflows/c-cpp.yml b/crypto/openssh/.github/workflows/c-cpp.yml index 609028703f80..c179f73d16e0 100644 --- a/crypto/openssh/.github/workflows/c-cpp.yml +++ b/crypto/openssh/.github/workflows/c-cpp.yml @@ -32,7 +32,6 @@ jobs: - { target: ubuntu-20.04, config: valgrind-2 } - { target: ubuntu-20.04, config: valgrind-3 } - { target: ubuntu-20.04, config: valgrind-4 } - - { target: ubuntu-20.04, config: valgrind-5 } - { target: ubuntu-20.04, config: valgrind-unit } - { target: ubuntu-20.04, config: c89 } - { target: ubuntu-20.04, config: clang-6.0 } diff --git a/crypto/openssh/.github/workflows/selfhosted.yml b/crypto/openssh/.github/workflows/selfhosted.yml index 167297359383..755bb0cacb69 100644 --- a/crypto/openssh/.github/workflows/selfhosted.yml +++ b/crypto/openssh/.github/workflows/selfhosted.yml @@ -52,6 +52,7 @@ jobs: - obsd74 - obsdsnap - obsdsnap-i386 + - omnios - openindiana - ubuntu-2204 config: @@ -75,6 +76,7 @@ jobs: - { target: dfly58, config: pam, host: libvirt } - { target: dfly60, config: pam, host: libvirt } - { target: dfly62, config: pam, host: libvirt } + - { target: dfly64, config: pam, host: libvirt } - { target: fbsd10, config: pam, host: libvirt } - { target: fbsd12, config: pam, host: libvirt } - { target: fbsd13, config: pam, host: libvirt } @@ -82,6 +84,7 @@ jobs: - { target: nbsd8, config: pam, host: libvirt } - { target: nbsd9, config: pam, host: libvirt } - { target: nbsd10, config: pam, host: libvirt } + - { target: omnios, config: pam, host: libvirt } # ARM64 VMs - { target: obsd-arm64, config: default, host: libvirt-arm64 } # VMs with persistent disks that have their own runner. diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog index a1a52651718e..c085866f19f6 100644 --- a/crypto/openssh/ChangeLog +++ b/crypto/openssh/ChangeLog @@ -1,8666 +1,8676 @@ -commit fa41f6592ff1b6ead4a652ac75af31eabb05b912 +commit 46d1fb16b20e971b9ac15e86a3d3e350b49c9ad6 Author: Damien Miller -Date: Mon Jul 1 14:33:26 2024 +1000 +Date: Fri Sep 20 08:20:13 2024 +1000 - version numbers + update version numbers -commit bfebb8a5130a792c5356bd06e1ddef72a0a0449f +commit 0bdca1f218971b38728a0a129f482476baff0968 Author: djm@openbsd.org -Date: Mon Jul 1 04:31:59 2024 +0000 +Date: Thu Sep 19 22:17:44 2024 +0000 - upstream: openssh-9.8 + upstream: openssh-9.9 - OpenBSD-Commit-ID: 5f8b89e38a4c5f7c6d52ffa19f796d49f36fab19 + OpenBSD-Commit-ID: 303417285f1a73b9cb7a2ae78d3f493bbbe31f98 -commit 146c420d29d055cc75c8606327a1cf8439fe3a08 -Author: djm@openbsd.org -Date: Mon Jul 1 04:31:17 2024 +0000 +commit ef2d7f2d3e1b4c9ae71bacf963e76a92ab8be543 +Author: Damien Miller +Date: Wed Sep 18 16:03:23 2024 +1000 - upstream: when sending ObscureKeystrokeTiming chaff packets, we - - can't rely on channel_did_enqueue to tell that there is data to send. This - flag indicates that the channels code enqueued a packet on _this_ ppoll() - iteration, not that data was enqueued in _any_ ppoll() iteration in the - timeslice. ok markus@ + include openbsd-compat/base64.c license in LICENSE + +commit 7ef362b989c8d1f7596f557f22e5924b9c08f0ea +Author: Damien Miller +Date: Wed Sep 18 09:01:23 2024 +1000 + + conditionally include mman.h in arc4random code + +commit 5fb2b5ad0e748732a27fd8cc16a7ca3c21770806 +Author: Damien Miller +Date: Tue Sep 17 11:53:24 2024 +1000 + + fix bug in recently-added sntrup761 fuzzer - OpenBSD-Commit-ID: 009b74fd2769b36b5284a0188ade182f00564136 + key values need to be static to persist across invocations; + spotted by the Qualys Security Advisory team. -commit 637e4dfea4ed81264e264b6200172ce319c64ead +commit 0ca128c9ee894f1b0067abd473bfb33171df67f8 Author: djm@openbsd.org -Date: Mon Jul 1 03:10:19 2024 +0000 +Date: Mon Sep 16 05:37:05 2024 +0000 - upstream: use "lcd" to change directory before "lls" rather then "cd", + upstream: use 64 bit math to avoid signed underflow. upstream code - since the directory we're trying to list is local. Spotted by Corinna - Vinschen + relies on using -fwrapv to provide defined over/underflow behaviour, but we + use -ftrapv to catch integer errors and abort the program. ok dtucker@ - OpenBSD-Regress-ID: 821feca4a4bebe491944e624c8f7f2990b891415 + OpenBSD-Commit-ID: 8933369b33c17b5f02479503d0a92d87bc3a574b -commit c8cfe258cee0b8466ea84597bf15e1fcff3bc328 -Author: djm@openbsd.org -Date: Thu Jun 27 23:01:15 2024 +0000 +commit f82e5e22cad88c81d8a117de74241328c7b101c3 +Author: jmc@openbsd.org +Date: Sun Sep 15 08:27:38 2024 +0000 - upstream: delete obsolete comment + upstream: minor grammar/sort fixes for refuseconnection; ok djm - OpenBSD-Commit-ID: 5fb04f298ed155053f3fbfdf0c6fe7cdf84bbfa2 + OpenBSD-Commit-ID: 1c81f37b138b8b66abba811fec836388a0f3e6da -commit 94b9d37100f6fa536aaa1d1a0e4926fe44fbf04d +commit 0c1165fc78e8fe69b5df71f81a8f944554a68b53 +Author: Damien Miller +Date: Sun Sep 15 13:30:13 2024 +1000 + + avoid gcc warning in fuzz test + +commit ce171d0718104b643854b53443ff72f7283d33f2 Author: djm@openbsd.org -Date: Thu Jun 27 22:36:44 2024 +0000 +Date: Sun Sep 15 03:09:44 2024 +0000 - upstream: retire unused API + upstream: bad whitespace in config dump output - OpenBSD-Commit-ID: 3e30d7b0615e2707f6bbe70f61b1c2f72f78161b + OpenBSD-Commit-ID: d899c13b0e8061d209298eaf58fe53e3643e967c -commit 268c3a7f5783e731ed60f4e28da66ee3743581d3 -Author: jmc@openbsd.org -Date: Thu Jun 27 21:02:16 2024 +0000 +commit 671c440786a5a66216922f15d0007b60f1e6733f +Author: Damien Miller +Date: Sun Sep 15 12:53:59 2024 +1000 - upstream: ssl(8) no longer contains a HISTORY section; + use construct_utmp to construct btmp records - OpenBSD-Commit-ID: 83b7ff34433d79595e9c2a5d2a561a6660251245 + Simpler and removes some code with the old-style BSD license. -commit 12b6cc09ce6c430681f03af2a8069e37a664690b +commit 930cb02b6113df72fbc732b9feb8e4f490952a81 Author: djm@openbsd.org -Date: Wed Jun 26 23:47:46 2024 +0000 +Date: Sun Sep 15 02:20:51 2024 +0000 - upstream: move child process waitpid() loop out of SIGCHLD handler; + upstream: update the Streamlined NTRU Prime code from the "ref" - ok deraadt + implementation in SUPERCOP 20201130 to the "compact" implementation in + SUPERCOP 20240808. The new version is substantially faster. Thanks to Daniel + J Bernstein for pointing out the new implementation (and of course for + writing it). - OpenBSD-Commit-ID: 65815a39564e431414aed7c5ace8076f4e9ca741 + tested in snaps/ok deraadt@ + + OpenBSD-Commit-ID: bf1a77924c125ecdbf03e2f3df8ad13bd3dafdcb -commit d6bcd13297c2ab8b528df5a6898f994734849031 -Author: deraadt@openbsd.org -Date: Wed Jun 26 23:16:52 2024 +0000 +commit 9306d6017e0ce5dea6824c29ca5ba5673c2923ad +Author: djm@openbsd.org +Date: Sun Sep 15 01:19:56 2024 +0000 - upstream: Instead of using possibly complex ssh_signal(), write all - - the parts of the grace_alarm_handler() using the exact things allowed by the - signal-safe rules. This is a good rule of thumb: Handlers should be written - to either set a global volatile sig_atomic_t inspected from outside, and/or - directly perform only safe operations listed in our sigaction(2) manual page. - ok djm markus + upstream: document Match invalid-user - OpenBSD-Commit-ID: 14168ae8368aab76e4ed79e17a667cb46f404ecd + OpenBSD-Commit-ID: 2c84a9b517283e9711e2812c1f268081dcb02081 -commit b8793e2b0851f7d71b97554fa5260b23796d6277 -Author: deraadt@openbsd.org -Date: Wed Jun 26 23:14:14 2024 +0000 +commit 0118a4da21147a88a56dc8b90bbc2849fefd5c1e +Author: djm@openbsd.org +Date: Sun Sep 15 01:18:26 2024 +0000 - upstream: save_errno wrappers inside two small signal handlers that + upstream: add a "Match invalid-user" predicate to sshd_config Match - perform system calls, for systems with libc that do perform libc sigtramps. - ok djm markus + options. - OpenBSD-Commit-ID: 7749b56419a7c9dcfe4c6c04811e429813346c62 + This allows writing Match conditions that trigger for invalid username. + E.g. + + PerSourcePenalties refuseconnection:90s + Match invalid-user + RefuseConnection yes + + Will effectively penalise bots try to guess passwords for bogus accounts, + at the cost of implicitly revealing which accounts are invalid. + + feedback markus@ + + OpenBSD-Commit-ID: 93d3a46ca04bbd9d84a94d1e1d9d3a21073fbb07 -commit f23e9332c4c8df37465c4a4f38275ea98980ed7e -Author: jmc@openbsd.org -Date: Mon Jun 24 06:59:39 2024 +0000 +commit 7875975136f275619427604900cb0ffd7020e845 +Author: djm@openbsd.org +Date: Sun Sep 15 01:11:26 2024 +0000 - upstream: - uppercase start of sentence - correct sentence grammar + upstream: Add a "refuseconnection" penalty class to sshd_config - ok djm + PerSourcePenalties - OpenBSD-Commit-ID: 1ec4b0fdb633a43667f2c8fff1d600bd647dde25 + This allows penalising connection sources that have had connections + dropped by the RefuseConnection option. ok markus@ + + OpenBSD-Commit-ID: 3c8443c427470bb3eac1880aa075cb4864463cb6 -commit 1839e3eb71a759aa795602c1e4196300f4ac2615 +commit 8d21713b669b8516ca6d43424a356fccc37212bb Author: djm@openbsd.org -Date: Mon Jun 24 04:05:11 2024 +0000 +Date: Sun Sep 15 01:09:40 2024 +0000 - upstream: mention SshdSessionPath option + upstream: Add a sshd_config "RefuseConnection" option - OpenBSD-Commit-ID: c29734d36c21003973b15c1c9965c35f36cef30c + If set, this will terminate the connection at the first authentication + request (this is the earliest we can evaluate sshd_config Match blocks) + + ok markus@ + + OpenBSD-Commit-ID: 43cc2533984074c44d0d2f92eb93f661e7a0b09c -commit 603193e32aef5db7d60c58066d5de89806e79312 -Author: Darren Tucker -Date: Thu Jun 20 18:45:14 2024 +1000 +commit acad117e66018fe1fa5caf41b36e6dfbd61f76a1 +Author: djm@openbsd.org +Date: Sun Sep 15 00:58:01 2024 +0000 - Rerun upstream tests on .sh file changes too. + upstream: switch sshd_config Match processing to the argv tokeniser + + too; ok markus@ + + OpenBSD-Commit-ID: b74b5b0385f2e0379670e2b869318a65b0bc3923 -commit dbbf9337c19381786a8e5a8a49152fe6b80c780d -Author: dtucker@openbsd.org -Date: Thu Jun 20 08:23:18 2024 +0000 +commit baec3f7f4c60cd5aa1bb9adbeb6dfa4a172502a8 +Author: djm@openbsd.org +Date: Sun Sep 15 00:57:36 2024 +0000 - upstream: Work around dbclient cipher/mac query bug. + upstream: switch "Match" directive processing over to the argv - Unlike earlier versions, recent Dropbear (at least v2024.85) requires - a host arg when querying supported ciphers and macs via "-c/-m - help". Earlier versions accept but do not require it, so always - provide it. If these queries fail, skip the test with a warning. + string tokeniser, making it possible to use shell-like quoting in Match + directives, particularly "Match exec". ok markus@ - OpenBSD-Regress-ID: 98eb863a3f0363416922efb273885e6b3c7f68d4 + OpenBSD-Commit-ID: 0877309650b76f624b2194c35dbacaf065e769a5 -commit 8de2c8cebc46bbdb94b7a2c120fcadfb66a3cccc -Author: dtucker@openbsd.org -Date: Thu Jun 20 08:18:34 2024 +0000 +commit dd424d7c382c2074ab70f1b8ad4f169a10f60ee7 +Author: djm@openbsd.org +Date: Sun Sep 15 00:47:01 2024 +0000 - upstream: Remove dropbear key types not supported + upstream: include pathname in some of the ssh-keygen passphrase - by current OpenSSH. Allows subsequent test runs to work if OpenSSH is - rebuilt w/out OpenSSL. + prompts. Helps the user know what's going on when ssh-keygen is invoked via + other tools. Requested in GHPR503 - OpenBSD-Regress-ID: e0129eb2b1d31771105903a8055216fbba20a770 + OpenBSD-Commit-ID: 613b0bb6cf845b7e787d69a5b314057ceda6a8b6 -commit e9b6471c59b21e5d9ef1b3832d4bf727338add85 +commit 62bbf8f825cc390ecb0523752ddac1435006f206 Author: djm@openbsd.org -Date: Thu Jun 20 00:18:05 2024 +0000 +Date: Sun Sep 15 00:41:18 2024 +0000 - upstream: stricter check for overfull tables in penalty record path + upstream: Do not apply authorized_keys options when signature - OpenBSD-Commit-ID: 7df01e648a0723418c554e64a9f2b6d38db060a6 + verification fails. Prevents restrictive key options being incorrectly + applied to subsequent keys in authorized_keys. bz3733, ok markus@ + + OpenBSD-Commit-ID: ba3776d9da4642443c19dbc015a1333622eb5a4e -commit d9336d344eb2a1e898c5e66147b3f108c7214694 +commit 49f325fd47af4e53fcd7aafdbcc280e53f5aa5ce +Author: Wu Weixin +Date: Fri Aug 2 22:16:40 2024 +0800 + + Fix without_openssl always being set to 1 + + In Fedora systems, %{?rhel} is empty. In RHEL systems, %{?fedora} is + empty. Therefore, the original code always sets without_openssl to 1. + +commit c21c3a2419bbc1c59cb1a16ea356e703e99a90d9 Author: djm@openbsd.org -Date: Wed Jun 19 23:24:47 2024 +0000 +Date: Thu Sep 12 00:36:27 2024 +0000 - upstream: put back reaping of preauth child process when writes + upstream: Relax absolute path requirement back to what it was prior to - from the monitor fail. Not sure how this got lost in the avalanche of - patches. + OpenSSH 9.8, which incorrectly required that sshd was started with an + absolute path in inetd mode. bz3717, patch from Colin Wilson - OpenBSD-Commit-ID: eb7eb36371e1ac01050b32b70fb2b3e5d98e72f5 + OpenBSD-Commit-ID: 25c57f22764897242d942853f8cccc5e991ea058 -commit 579d9adb70ec0206a788eb5c63804c31a67e9310 +commit 1bc426f51b0a5cfdcfbd205218f0b6839ffe91e9 Author: naddy@openbsd.org -Date: Mon Jun 17 13:50:18 2024 +0000 +Date: Mon Sep 9 14:41:21 2024 +0000 - upstream: remove one more mention of DSA + upstream: document the mlkem768x25519-sha256 key exchange algorithm - OpenBSD-Commit-ID: 8515f55a15f02836ba657df341415f63c60526ca + OpenBSD-Commit-ID: fa18dccdd9753dd287e62ecab189b3de45672521 -commit 7089b5f8436ef0b8d3d3ad9ce01045fb9e7aab15 +commit 0a2db61a5ffc64d2e2961c52964f933879952fc7 Author: Darren Tucker -Date: Wed Jun 19 23:09:05 2024 +1000 +Date: Tue Sep 10 21:11:14 2024 +1000 - Move -f to the place needed to restart sshd. + Spell omnios test host correctly. -commit d5f83cfd852b14a25f347f082ab539a9454702ad +commit 059ed698a47c9af541a49cf754fd09f984ac5a21 Author: Darren Tucker -Date: Wed Jun 19 21:04:01 2024 +1000 +Date: Tue Sep 10 18:52:02 2024 +1000 - Need to supply "-f" to restart sshd. + Add omnios test target. -commit fad34b4ca25c0ef31e5aa841d461b6f21da5b8c1 -Author: dtucker@openbsd.org -Date: Wed Jun 19 10:15:51 2024 +0000 +commit f4ff91575a448b19176ceaa8fd6843a25f39d572 +Author: Darren Tucker +Date: Tue Sep 10 18:45:55 2024 +1000 - upstream: Provide defaults for ciphers and macs - - if querying for them fails since on some versions of Dropbear (at least - v2024.85) "-m help" doesn't seem to work. Enable all supported pubkey - algorithms in the server. - - OpenBSD-Regress-ID: 4f95556a49ee9f621789f25217c367a33d2745ca + Wrap stdint.h in ifdef. -commit 5521060e35ada9f957cecdddc06d0524e75409ef -Author: dtucker@openbsd.org -Date: Wed Jun 19 10:10:46 2024 +0000 +commit ff714f001d20a9c843ee1fd9d92a16d40567d264 +Author: Darren Tucker +Date: Mon Sep 9 19:31:54 2024 +1000 - upstream: Use ed25519 keys for kex tests - - since that's supported by OpenSSH even when built without OpenSSL. - Only test diffie-hellman kex if OpenSSH is compiled with support for it. - - OpenBSD-Regress-ID: a5d09ef9bbd171f9e4ec73ed0d9eeb49a8878e97 + Also test PAM on dfly64. -commit dbd3b833f6e3815e58f2dc6e14f61a51bcd4d6bd -Author: dtucker@openbsd.org -Date: Wed Jun 19 10:08:34 2024 +0000 +commit 509b757c052ea969b3a41fc36818b44801caf1cf +Author: Damien Miller +Date: Mon Sep 9 21:50:14 2024 +1000 - upstream: Rework dropbear key setup - - to always generate ed25519 keys, other types only if OpenSSH has support - for the corresponding key type. + stubs for ML-KEM KEX functions - OpenBSD-Regress-ID: 8f91f12604cddb9f8d93aa34f3f93a3f6074395d + used for C89 compilers -commit d6218504e11ae9148adf410fc69b0710a052be36 -Author: Darren Tucker -Date: Wed Jun 19 20:20:24 2024 +1000 +commit 273581210c99ce7275b8efdefbb9f89e1c22e341 +Author: Damien Miller +Date: Mon Sep 9 17:30:38 2024 +1000 - Restart sshd after installing it for testing. + declare defeat trying to detect C89 compilers - When installing an sshd built without OpenSSL the mismatch between - the running sshd and newly installed sshd-session will cause the - remainder of the test to fail. + I can't find a reliable way to detect the features the ML-KEM code + requires in configure. Give up for now and use VLA support (that we + can detect) as a proxy for "old compiler" and turn off ML-KEM if + it isn't supported. -commit 786a4465b6bb702daf4fb17b7c3bcb42b52f0b46 -Author: Darren Tucker -Date: Tue Jun 18 19:59:59 2024 +1000 +commit e8a0f19b56dfa20f98ea9876d7171ec315fb338a +Author: Damien Miller +Date: Mon Sep 9 16:46:40 2024 +1000 - Remove macos-11 runner. + fix previous; check for C99 compound literals - Github is retiring them soon. + The previous commit was incorrect (or at least insufficient), the + ML-KEM code is actually using compound literals, so test for them. -commit df1c72a55edbebac14363b57de66ac6a147ecc67 +commit 7c07bec1446978bebe0780ed822c8fedfb377ae8 Author: Damien Miller -Date: Wed Jun 19 09:34:34 2024 +1000 - - PAMServiceName may appear in a Match block - -commit de1c2e70e5a5dc3c8d2fe04b24cc93d8ef6930e7 -Author: dtucker@openbsd.org -Date: Tue Jun 18 08:11:48 2024 +0000 +Date: Mon Sep 9 16:06:21 2024 +1000 - upstream: Re-enable ssh-dss tests + test for compiler feature needed for ML-KEM - ... if ssh is compiled with DSA support - - OpenBSD-Regress-ID: bbfaf8c17f2b50a2d46ac35cb97af99b990c990d + The ML-KEM implementation we uses need the compiler to support + C99-style named struct initialisers (e.g foo = {.bar = 1}). We + still support (barely) building OpenSSH with older compilers, so + add a configure test for this. -commit dabc2c7cf3c141e8e5d5a1a60d6c1d2d2422cf43 -Author: anton@openbsd.org -Date: Tue Jun 18 06:14:27 2024 +0000 +commit d469d5f348772058789d35332d1ccb0b109c28ef +Author: djm@openbsd.org +Date: Mon Sep 9 03:13:39 2024 +0000 - upstream: Stop using DSA in dropbear interop tests. + upstream: test mlkem768x25519-sha256 - OpenBSD-Regress-ID: abfd4457d99d8cc1417fd22ca2c570270f74c1cf + OpenBSD-Regress-ID: 7baf6bc39ae55648db1a2bfdc55a624954847611 -commit 761438012710169445acc179e3870c53c862bda0 -Author: Damien Miller -Date: Tue Jun 18 12:29:45 2024 +1000 +commit 62fb2b51bb7f6863c3ab697f397b2068da1c993f +Author: djm@openbsd.org +Date: Mon Sep 9 02:39:57 2024 +0000 - missed a bit of DSA in the fuzzer + upstream: pull post-quantum ML-KEM/x25519 key exchange out from + + compile-time flag now than an IANA codepoint has been assigned for the + algorithm. + + Add mlkem768x25519-sha256 in 2nd KexAlgorithms preference slot. + + ok markus@ + + OpenBSD-Commit-ID: 9f50a0fae7d7ae8b27fcca11f8dc6f979207451a -commit 3f9cc47da588e8de520720e59f98438043fdaf93 -Author: Damien Miller -Date: Tue Jun 18 09:35:53 2024 +1000 +commit a8ad7a2952111c6ce32949a775df94286550af6b +Author: djm@openbsd.org +Date: Fri Sep 6 02:30:44 2024 +0000 - DSA support is disabled, so remove from fuzzers + upstream: make parsing user@host consistently look for the last '@' in + + the string rather than the first. This makes it possible to use usernames + that contain '@' characters. + MIME-Version: 1.0 + Content-Type: text/plain; charset=UTF-8 + Content-Transfer-Encoding: 8bit + + Prompted by Max Zettlmeißl; feedback/ok millert@ + + OpenBSD-Commit-ID: 0b16eec246cda15469ebdcf3b1e2479810e394c5 -commit 00eb95957dea5484b2c7c043f7d2bbc87301bef2 +commit 13cc78d016b67a74a67f1c97c7c348084cd9212c Author: djm@openbsd.org -Date: Mon Jun 17 08:30:29 2024 +0000 +Date: Wed Sep 4 05:33:34 2024 +0000 - upstream: disable the DSA signature algorithm by default; ok + upstream: be more strict in parsing key type names. Only allow - markus@ + shortnames (e.g "rsa") in user-interface code and require full SSH protocol + names (e.g. "ssh-rsa") everywhere else. - (yes, I know this expands to "the Digitial Signature Algorithm - signature algorithm) + Prompted by bz3725; ok markus@ - OpenBSD-Commit-ID: 961ef594e46dd2dcade8dd5721fa565cee79ffed + OpenBSD-Commit-ID: b3d8de9dac37992eab78adbf84fab2fe0d84b187 -commit 5603befe11c9464ea26fe77cbacc95a7cc0b1ea7 +commit ef8472309a68e319018def6f8ea47aeb40d806f5 Author: djm@openbsd.org -Date: Mon Jun 17 08:28:31 2024 +0000 +Date: Wed Sep 4 05:11:33 2024 +0000 - upstream: promote connection-closed messages from verbose to info + upstream: fix RCSID in output - log level; they could be the only record of the connection terminating if the - client doesn't send a SSH2_MSG_DISCONNECT message. ok dtucker@ - - OpenBSD-Commit-ID: 0c8bfaf5e9fdff945cee09ac21e641f6c5d65d3c + OpenBSD-Commit-ID: 889ae07f2d2193ddc4351711919134664951dd76 -commit b00331402fe5c60d577f3ffcc35e49286cdc6b47 -Author: Damien Miller -Date: Mon Jun 17 17:02:18 2024 +1000 +commit ba2ef20c75c5268d4d1257adfc2ac11c930d31e1 +Author: jmc@openbsd.org +Date: Tue Sep 3 06:17:48 2024 +0000 - propagate PAM crashes to PerSourcePenalties + upstream: envrionment -> environment; - If the PAM subprocess crashes, exit with a crash status that will be - picked up by the sshd(8) listener process where it can be used by - PerSourcePenalties to block the client. This is similar handling to - the privsep preauth process. + OpenBSD-Commit-ID: b719f39c20e8c671ec6135c832d6cc67a595af9c -commit 1c207f456ace38987deda047758d13fbf857f948 +commit e66c0c5673a4304a3a9fbf8305c6a19f8653740f Author: Damien Miller -Date: Mon Jun 17 15:06:01 2024 +1000 +Date: Wed Sep 4 15:35:29 2024 +1000 - minix doesn't have loopback, so skip penalty tests - - pointed out by dtucker@ + add basic fuzzers for our import of sntrup761 -commit 48443d202eaec52d4d39defdd709a4499a7140c6 +commit d19dea6330ecd4eb403fef2423bd7e127f4c9828 Author: djm@openbsd.org -Date: Sun Jun 16 11:54:49 2024 +0000 +Date: Tue Sep 3 05:58:56 2024 +0000 - upstream: same treatment for this test + upstream: regression test for Include variable expansion - OpenBSD-Regress-ID: d0cc9efca7833e673ea7b0cb3a679a3acee8d4c7 + OpenBSD-Regress-ID: 35477da3ba1abd9ca64bc49080c50a9c1350c6ca -commit 45562a95ea11d328c22d97bf39401cd29684fb1f +commit 8c4d6a628051e318bae2f283e8dc38b896400862 Author: djm@openbsd.org -Date: Sun Jun 16 08:18:06 2024 +0000 +Date: Tue Sep 3 05:29:55 2024 +0000 - upstream: penalty test is still a bit racy + upstream: allow the "Include" directive to expand the same set of - OpenBSD-Regress-ID: 90c9ac224db454637baf1ebee5857e007321e824 - -commit 8d0f7eb147ef72d18acb16c0b18672d44941a8ca -Author: djm@openbsd.org -Date: Sat Jun 15 03:59:10 2024 +0000 - - upstream: crank up penalty timeouts so this should work on even the + %-tokens that "Match Exec" and environment variables. - slowest of test builders + ok dtucker@ - OpenBSD-Regress-ID: 70bda39c83e3fc9d0f3c1fad4542ed33e173d468 + OpenBSD-Commit-ID: 12ef521eaa966a9241e684258564f52f1f3c5d37 -commit 93c75471a1202ab3e29db6938648d4e2602c0475 -Author: jmc@openbsd.org -Date: Fri Jun 14 05:20:34 2024 +0000 +commit 51b82648b6827675fc0cde21175fd1ed8e89aab2 +Author: djm@openbsd.org +Date: Mon Sep 2 12:18:35 2024 +0000 - upstream: sort -q in the options list; + upstream: missing ifdef - OpenBSD-Commit-ID: 6839b38378f38f754de638a5e988c13b4164cc7c + OpenBSD-Commit-ID: 85f09da957dd39fd0abe08fe5ee19393f25c2021 -commit dd7807bbe80a93ffb4616f2bd5cf83ad5a5595fb +commit f68312eb593943127b39ba79a4d7fa438c34c153 Author: djm@openbsd.org -Date: Fri Jun 14 05:01:22 2024 +0000 +Date: Mon Sep 2 12:13:56 2024 +0000 - upstream: clarify KEXAlgorithms supported vs available. Inspired by + upstream: Add experimental support for hybrid post-quantum key exchange - bz3701 from Colin Watson. + ML-KEM768 with ECDH/X25519 from the Internet-draft: + https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03 - OpenBSD-Commit-ID: e698e69bea19bd52971d253f2b1094490c4701f7 - -commit d172ad56df85b68316dbadbedad16761a1265874 -Author: djm@openbsd.org -Date: Fri Jun 14 05:00:42 2024 +0000 - - upstream: ssh-keyscan -q man bits + This is based on previous patches from markus@ but adapted to use the + final FIPS203 standard ML-KEM using a formally-verified implementation + from libcrux. - OpenBSD-Commit-ID: ba28d0e1ac609a4c99c453e57e86560c79079db1 + Note this key exchange method is still a draft and thus subject to + change. It is therefore disabled by default; set MLKEM=yes to build it. + We're making it available now to make it easy for other SSH + implementations to test against it. + + ok markus@ deraadt@ + + OpenBSD-Commit-ID: 02a8730a570b63fa8acd9913ec66353735dea42c -commit 092e4ff9ccaacbe035f286feb1b56ed499604743 -Author: Damien Miller -Date: Fri Jun 14 14:46:35 2024 +1000 +commit 05f2b141cfcc60c7cdedf9450d2b9d390c19eaad +Author: Antonio Larrosa +Date: Fri Aug 23 12:21:06 2024 +0200 - skip penalty-expire test in valgrind test env + Don't skip audit before exitting cleanup_exit + + This fixes an issue where the SSH_CONNECTION_ABANDON event is not + audited because cleanup_exit overrides the regular _exit too soon and + as a result, failed auth attempts are not logged correctly. + + The problem was introduced in 81c1099d22b81ebfd20a334ce986c4f753b0db29 + where the code from upstream was merged before the audit_event call when + it should have been merged right before the _exit call in order to honor + the comment that just mentions an override of the exit value. -commit 2866ad08a9c50d7b67ce9424ca990532b806a21a +commit 16eaf9d401e70996f89f3f417738a8db421aa959 Author: djm@openbsd.org -Date: Fri Jun 14 04:43:11 2024 +0000 +Date: Wed Aug 28 12:08:26 2024 +0000 - upstream: split the PerSourcePenalties test in two: one tests penalty + upstream: fix test: -F is the argument to specify a non-default - enforcement but not penalty expiry, the other tests penalty expiry. - - This lets us disable the expiry testing in certain CI test environments. + ssh_config, not -f (this is sadly not a new bug) - OpenBSD-Regress-ID: f56811064f3e3cb52ee73a206b8c2a06af1c8791 *** 36636 LINES SKIPPED *** From nobody Thu Feb 20 17:57:02 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzLYq49YTz5pCpq; Thu, 20 Feb 2025 17:57:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzLYq0l2rz49Bv; Thu, 20 Feb 2025 17:57:03 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740074223; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=BlHXu6dHOt2G5Bt72nc9lKKeeqhBaakCcvkf3CXe80w=; b=GeFCb63JoZw7IZ8jNTfjOdpqQODkx4a/zYKcb9P6ZG6L40XuDUUjnnQ+VuxdraTas4Lt0B aRRzmdzinA/zgkUNgtNbKkT3jDtZ5tV1xMZyygs2qzyNVqJwQFkOH9/YfDmV7UTt48DEVD 5+jfj3un+9s0aNvD7m+urMKI2g8wiV+rXdoKgF13LRkn3+PM7f8b+UCmjSMLZMJkfIQuqE 4XaWIo9NLoOD42vEac1u4XWF/hSRpqliX7td3xE9gLL2QL8xKPWY7pdipAJQj2i29Mw7FZ hEw1ue1QnDElo/Es1lPTj0iaeDXje9pMsdIHRzhnQlWmpMWdhZIddQLBG15NRw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740074223; a=rsa-sha256; cv=none; b=Xja/Emz46z0AF8ThWDIkNi/rJJIlEJbH55DQrrwSjscsF7ojaacIj4wH1m+i2Z9zHF/+j6 J0tpxYviJmUCtzjTaCHQxWa/b2N0M+2/ES5P7WJYpi8wcWe7afXmcqms0ldmmdMBsyZvLt 8z1TDyJmXRnudfH/ZX0/UTskr2zxGx57e/7blWEvsF2ddRRTYnbkjXQzRh2hEoBhe7wzxp MkSWLFuQtoojkUD84lYx5WO1vYyuS1ZBta0iHVSw90H9MvDLTKM6tTH6b7tir9nAsxVd3u OvDGTYGK7ITW0oqzx/p/GgY9IvRD8Q1dVe0jr44S7nnsGZmOANb2d1Dzd6uT0A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740074223; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=BlHXu6dHOt2G5Bt72nc9lKKeeqhBaakCcvkf3CXe80w=; b=urt9/ST15XlUjRc/yB871j0iGbOxEHXCWSNhQ6j5YQPR8YNayIJ/LXBjVy7IPIeOQPPsgZ JO7QaYE9KP+uWSNz77Eh4nSXJgW56TWU82w2uyJ0lG6rJ37es63K2AEHYBn32FnJlpjEW3 POiVyC2JVGuK9HhGN0kT7wE3LkNiu3/exNRatlgw5iJ7ysjRAf5MRvLNyktTRi53rkaGPw j5O/jvrjxRtQiuH8mKzSyh5aAPF0uplGZvGWWUgL6rRj7q3A/hRG1Z9MEAiZ9T47mzmNg/ DeF4EtuQgIPzHKynbRmdEHE44+HITnOH03YQbme/D0TyD/LYLlHFDmCEgpSw1Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzLYq06vYz12jx; Thu, 20 Feb 2025 17:57:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51KHv20g068168; Thu, 20 Feb 2025 17:57:02 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51KHv2kR068165; Thu, 20 Feb 2025 17:57:02 GMT (envelope-from git) Date: Thu, 20 Feb 2025 17:57:02 GMT Message-Id: <202502201757.51KHv2kR068165@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: a8c1ea2614a4 - stable/13 - openssh: Update to 9.9p2 List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: a8c1ea2614a43922dff9598c7948df32473c720c Auto-Submitted: auto-generated The branch stable/13 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=a8c1ea2614a43922dff9598c7948df32473c720c commit a8c1ea2614a43922dff9598c7948df32473c720c Author: Ed Maste AuthorDate: 2025-02-19 19:33:38 +0000 Commit: Ed Maste CommitDate: 2025-02-20 17:56:24 +0000 openssh: Update to 9.9p2 This release exists primarily to fix two security bugs. The fixes have been independently imported into FreeBSD. This import serves to update the ssh and sshd version number. A few minor bug fixes are also included; see the upstream release notes for full details of the 9.9p2 release (https://www.openssh.com/releasenotes.html). Sponsored by: The FreeBSD Foundation (cherry picked from commit 0ae642c7dd0c2cfd965a22bf73876cd26cceadd2) Approved by: re (accelerated MFC) (cherry picked from commit 059b786b7db55b776d82748842f4d6d89cb79664) --- crypto/openssh/.github/ci-status.md | 10 +- crypto/openssh/ChangeLog | 2186 ++-------------------------- crypto/openssh/README | 2 +- crypto/openssh/config.h | 3 - crypto/openssh/configure.ac | 1 - crypto/openssh/contrib/redhat/openssh.spec | 2 +- crypto/openssh/contrib/suse/openssh.spec | 2 +- crypto/openssh/defines.h | 26 + crypto/openssh/gss-serv.c | 1 + crypto/openssh/kexmlkem768x25519.c | 5 +- crypto/openssh/libcrux_mlkem768_sha3.h | 8 +- crypto/openssh/loginrec.c | 8 +- crypto/openssh/misc.c | 23 +- crypto/openssh/misc.h | 3 +- crypto/openssh/mlkem768.sh | 17 +- crypto/openssh/readconf.c | 28 +- crypto/openssh/servconf.c | 61 +- crypto/openssh/ssh_namespace.h | 1 + crypto/openssh/version.h | 2 +- 19 files changed, 289 insertions(+), 2100 deletions(-) diff --git a/crypto/openssh/.github/ci-status.md b/crypto/openssh/.github/ci-status.md index 4fa73894ce76..17fa97bdc309 100644 --- a/crypto/openssh/.github/ci-status.md +++ b/crypto/openssh/.github/ci-status.md @@ -6,10 +6,6 @@ master : [![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh) [![Coverity Status](https://scan.coverity.com/projects/21341/badge.svg)](https://scan.coverity.com/projects/openssh-portable) -9.8 : -[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_8)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_8) -[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_8)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_8) - -9.7 : -[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_7)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_7) -[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_7)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_7) +9.9 : +[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_9)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_9) +[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_9)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_9) diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog index c085866f19f6..2ef1164e6cfb 100644 --- a/crypto/openssh/ChangeLog +++ b/crypto/openssh/ChangeLog @@ -1,3 +1,140 @@ +commit 6ebc4dd77a479892d5ca0cd2a567a651f70aad82 +Author: Damien Miller +Date: Tue Feb 18 19:03:42 2025 +1100 + + openssh-9.9p2 + +commit 38df39ecf278a7ab5794fb03c01286f2cfe82c0d +Author: djm@openbsd.org +Date: Tue Feb 18 08:02:48 2025 +0000 + + upstream: Fix cases where error codes were not correctly set + + Reported by the Qualys Security Advisory team. ok markus@ + + OpenBSD-Commit-ID: 7bcd4ffe0fa1e27ff98d451fb9c22f5fae6e610d + +commit 5e07dee272c34e193362fba8eda0e3c453f3c773 +Author: djm@openbsd.org +Date: Tue Feb 18 08:02:12 2025 +0000 + + upstream: Don't reply to PING in preauth phase or during KEX + + Reported by the Qualys Security Advisory team. ok markus@ + + OpenBSD-Commit-ID: c656ac4abd1504389d1733d85152044b15830217 + +commit fb071011fb843142282b8b8a69cbb15e9b0b9485 +Author: djm@openbsd.org +Date: Mon Feb 10 23:00:29 2025 +0000 + + upstream: fix "Match invalid-user" from incorrectly being activated + + in initial configuration pass when no other predicates were present on the + match line + + OpenBSD-Commit-ID: 02703b4bd207fafd03788bc4e7774bf80be6c9a8 + +commit 729a26a978dd39db60d4625bdfb5405baa629e59 +Author: Damien Miller +Date: Wed Oct 30 14:25:14 2024 +1100 + + fix uint64_t types; reported by Tom G. Christensen + +commit 33c5f384ae03a5d1a0bd46ca0fac3c62e4eaf784 +Author: Damien Miller +Date: Sun Oct 27 13:28:11 2024 +1100 + + htole64() etc for systems without endian.h + +commit fe8d28a7ebbaa35cfc04a21263627f05c237e460 +Author: djm@openbsd.org +Date: Sun Oct 27 02:06:59 2024 +0000 + + upstream: explicitly include endian.h + + OpenBSD-Commit-ID: 13511fdef7535bdbc35b644c90090013da43a318 + +commit 11f348196b3fb51c3d8d1f4f36db9d73f03149ed +Author: djm@openbsd.org +Date: Sun Oct 27 02:06:01 2024 +0000 + + upstream: fix ML-KEM768x25519 KEX on big-endian systems; spotted by + + jsg@ feedback/ok deraadt@ + + OpenBSD-Commit-ID: 26d81a430811672bc762687166986cad40d28cc0 + +commit 19bcb2d90c6caf14abf386b644fb24eb7afab889 +Author: djm@openbsd.org +Date: Thu Sep 26 23:55:08 2024 +0000 + + upstream: fix previous change to ssh_config Match, which broken on + + negated Matches; spotted by phessler@ ok deraadt@ + + OpenBSD-Commit-ID: b1c6acec66cd5bd1252feff1d02ad7129ced37c7 + +commit 66878e12a207fa9746dee3e2bdcca29b704cf035 +Author: djm@openbsd.org +Date: Wed Sep 25 01:24:04 2024 +0000 + + upstream: fix regression introduced when I switched the "Match" + + criteria tokeniser to a more shell-like one. Apparently the old tokeniser + (accidentally?) allowed "Match criteria=argument" as well as the "Match + criteria argument" syntax that we tested for. + + People were using this syntax so this adds back support for + "Match criteria=argument" + + bz3739 ok dtucker + + OpenBSD-Commit-ID: d1eebedb8c902002b75b75debfe1eeea1801f58a + +commit ff2cd1dd5711ff88efdf26662d6189d980439a1f +Author: Damien Miller +Date: Wed Sep 25 11:15:45 2024 +1000 + + gss-serv.c needs sys/param.h + + From Void Linux + +commit 2c12ae8cf9b0b7549ae097c4123abeda0ee63e5b +Author: Damien Miller +Date: Wed Sep 25 11:13:05 2024 +1000 + + build construct_utmp() when USE_BTMP is set + + Fixes compile error on Void Linux/Musl + +commit c7fda601186ff28128cfe3eab9c9c0622de096e1 +Author: Christoph Ostarek +Date: Wed Jul 3 12:46:59 2024 +0200 + + fix utmpx ifdef + + 02e16ad95fb1f56ab004b01a10aab89f7103c55d did a copy-paste for + utmpx, but forgot to change the ifdef appropriately + +commit 7cf4dc414de689c467e58e49fb83f6609c3ed36b +Author: Darren Tucker +Date: Mon Sep 23 20:54:26 2024 +1000 + + Remove non-9.9 branch statuses. + +commit 8513f4d30ae85d17b3b08da6bc3be76f8c73123c +Author: Darren Tucker +Date: Mon Sep 23 20:52:31 2024 +1000 + + Add 9.9 branch to CI status console. + +commit 53a80baaebda180f46e6e8571f3ff800e1f5c496 +Author: Damien Miller +Date: Fri Sep 20 08:20:48 2024 +1000 + + autogenerated files for release + commit 46d1fb16b20e971b9ac15e86a3d3e350b49c9ad6 Author: Damien Miller Date: Fri Sep 20 08:20:13 2024 +1000 @@ -6625,2052 +6762,3 @@ Date: Mon Feb 20 18:24:39 2023 +1100 This fixes tests on platforms that do not have the openssl tool installed at all. - -commit 2a7e3449908571af601a4c2d12ab140096442e47 -Author: dtucker@openbsd.org -Date: Fri Feb 17 04:22:50 2023 +0000 - - upstream: Remove now-unused compat bit SSH_BUG_RSASIGMD5. The code - - to set this was removed in OpenSSH 7.7 when support for SSH implementations - dating back to before RFC standardization were removed. "burn it all" djm@ - - OpenBSD-Commit-ID: 6330935fbe23dd00be79891505e06d1ffdac7cda - -commit 0833ccf2c8b7ae08b296c06f17bd53e3ab94b0b0 -Author: dtucker@openbsd.org -Date: Fri Feb 17 03:06:18 2023 +0000 - - upstream: Remove now-unused compat bit SSH_BUG_BIGENDIANAES. This - - was previously set for OpenSSH 2.3 (released in 2000) but this check was - removed in OpenSSH 7.7 (2018). ok djm@ deraadt@ - - OpenBSD-Commit-ID: 326426ea328707fc9e83305291ab135c87f678af - -commit c81c2bea6e828d52b62b448b4ffdd3c163177975 -Author: Damien Miller -Date: Fri Feb 17 10:12:40 2023 +1100 - - whitespace fixes - -commit 500f90b39db5f0014e6b0c49ff1f45c994b69293 -Author: Damien Miller -Date: Fri Feb 17 10:02:08 2023 +1100 - - whitespace at EOL - -commit 68350152406339170721c15e97afdf827a5e4001 -Author: dtucker@openbsd.org -Date: Thu Feb 16 10:10:00 2023 +0000 - - upstream: Remove SSH_BUG_PASSWORDPAD compat bit - - since it's no longer used. ok markus@ - - OpenBSD-Commit-ID: b92c21f56fe4b7f9a54790d6a9650725c226820b - -commit 537cccd804eaf65f32bdce037cc31db4e0ab0f44 -Author: dtucker@openbsd.org -Date: Thu Feb 16 07:55:15 2023 +0000 - - upstream: Remove SSH_BUG_IGNOREMSG compat flag - - since it's only applicable to SSH1 and thus no longer used. ok markus@ - "kill it with fire" djm@ - - OpenBSD-Commit-ID: ea13318b1937795d9db4790d3ce0a6ed01584dab - -commit 285cf6cd4b91a0a0ce33193c358c99085af33e43 -Author: jmc@openbsd.org -Date: Fri Feb 10 06:41:53 2023 +0000 - - upstream: space between macro and punctuation; sort usage(); - - OpenBSD-Commit-ID: 6141610cfca037700730e41f868d1d9124958f8c - -commit d39a96f70f81878c77336ed35f5c648c1804b71a -Author: jmc@openbsd.org -Date: Fri Feb 10 06:40:48 2023 +0000 - - upstream: space between macro and punctuation; - - OpenBSD-Commit-ID: abc95e550be9e6d9a7ff64b65c104c7be21ab19e - -commit 16e82bf53fc34e43e3b948d43b68d5b27a7335e6 -Author: jmc@openbsd.org -Date: Fri Feb 10 06:39:27 2023 +0000 - - upstream: sort SYNOPSIS; - - OpenBSD-Commit-ID: dacd9da33277d5669a51213d880632599c890c1e - -commit d9685121ff6d57b8797411f3cb123884a4b96e30 -Author: Darren Tucker -Date: Sat Feb 11 12:32:19 2023 +1100 - - Improve seccomp compat on older systems. - - Check if flags to mmap and madvise are defined before using them. - Should fix problems building on older Linux systems that don't have - these. bz#3537, with & ok djm@. - -commit 6180b0fa4f7996687678702806257e661fd5931e -Author: djm@openbsd.org -Date: Fri Feb 10 05:06:03 2023 +0000 - - upstream: test -Ohashalg=... and that the default output contains both - - specified hash algorithms; prompted by dtucker@ - - OpenBSD-Regress-ID: 26f309208c8d8b8fa9c5f419767b85f1e9b22f51 - -commit d651f5c9fe37e61491eee46c49ba9fa03dbc0e6a -Author: djm@openbsd.org -Date: Fri Feb 10 04:56:30 2023 +0000 - - upstream: let ssh-keygen and ssh-keyscan accept - - -Ohashalg=sha1|sha256 when outputting SSHFP fingerprints to allow algorithm - selection. bz3493 ok dtucker@ - - OpenBSD-Commit-ID: e6e07fe21318a873bd877f333e189eb963a11b3d - -commit 18938d11a90b74d63c20b2d3c965d5bd64786ab1 -Author: djm@openbsd.org -Date: Fri Feb 10 04:47:19 2023 +0000 - - upstream: add a `sshd -G` option that parses and prints the - - effective configuration without attempting to load private keys and perform - other checks. This allows usage of the option before keys have been - generated. - - bz3460 feedback/ok dtucker@ - - OpenBSD-Commit-ID: 774504f629023fc25a559ab1d95401adb3a7fb29 - -commit df7d3dbf7194db8e97730ee0425d4d9d7bdb8b10 -Author: djm@openbsd.org -Date: Fri Feb 10 04:40:28 2023 +0000 - - upstream: make `ssh -Q CASignatureAlgorithms` work as the manpage says - - it should bz3532 - - OpenBSD-Commit-ID: 0ddb17b3fcbd99bfb5baea4ac5e449620cbd3adc - -commit d3b8d4198b6595f23b5859d43dc8fc701f97429b -Author: Darren Tucker -Date: Fri Feb 10 14:26:44 2023 +1100 - - Add CentOS 7 test targets. - -commit 22efb01e355bba4755b730ed417f91c081445bfc -Author: dtucker@openbsd.org -Date: Thu Feb 9 09:55:33 2023 +0000 - - upstream: Test adding terminating newline to known_hosts. - - OpenBSD-Regress-ID: 5fc3010ac450195b3fbdeb68e875564968800365 - -commit caec6da1a583ed8c32c6ad3b81bbcaab46ac8b61 -Author: dtucker@openbsd.org -Date: Wed Feb 8 08:06:03 2023 +0000 - - upstream: ssh-agent doesn't actually take -v, - - so the recently-added ones will result in the test not cleaning up - after itself. Patch from cjwatson at debian.org vi bz#3536. - - OpenBSD-Regress-ID: 1fc8283568f5bf2f918517c2c1e778072cf61b1a - -commit 3c379c9a849a635cc7f05cbe49fe473ccf469ef9 -Author: dtucker@openbsd.org -Date: Thu Feb 9 09:54:11 2023 +0000 - - upstream: Ensure that there is a terminating newline when adding a new - - entry to known_hosts. bz#3529, with git+openssh at limpsquid.nl, ok deraadt@ - markus@ - - OpenBSD-Commit-ID: fa8d90698da1886570512b96f051e266eac105e0 - -commit 95b6bbd2553547260b324b39d602061c88b774bc -Author: Darren Tucker -Date: Tue Feb 7 08:43:47 2023 +1100 - - Replace 9.1 with 9.2 on CI status page. - -commit 195313dfe10a23c82e9d56d5fdd2f59beee1bdcf -Author: Damien Miller -Date: Fri Feb 3 16:33:09 2023 +1100 - - harden Linux seccomp sandbox - - Linux mmap(2) and madvise(2) syscalls support quite a number of funky - flags that we don't expect that sshd/libc will ever need. We can - exclude this kernel attack surface by filtering the mmap(2) flags - and the madvise(2) advice arguments. - - Similarly, the sandboxed process in sshd is a single-threaded program - that does not use shared memory for synchronisation or communication. - Therefore, there should be no reason for the advanced priority - inheritance futex(2) operations to be necessary. These can also be - excluded. - - Motivated by Jann Horn pointing out that there have been kernel bugs - in nearby Linux kernel code, e.g. CVE-2020-29368, CVE-2020-29374 and - CVE-2022-42703. - - Feedback Jann Horn, ok dtucker@ - -commit 6dfb65de949cdd0a5d198edee9a118f265924f33 -Author: Damien Miller -Date: Thu Feb 2 23:21:54 2023 +1100 - - crank versions in RPM specs - -commit d07cfb11a0ca574eb68a3931d8c46fbe862a2021 -Author: Damien Miller -Date: Thu Feb 2 23:21:45 2023 +1100 - - update version in README - -commit 9fe207565b4ab0fe5d1ac5bb85e39188d96fb214 -Author: Damien Miller -Date: Thu Feb 2 23:17:49 2023 +1100 - - adapt compat_kex_proposal() test to portable - -commit 903c556b938fff2d7bff8da2cc460254430963c5 -Author: djm@openbsd.org -Date: Thu Feb 2 12:12:52 2023 +0000 - - upstream: test compat_kex_proposal(); by dtucker@ - - OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2 - -commit 405fba71962dec8409c0c962408e09049e5624b5 -Author: dtucker@openbsd.org -Date: Thu Jan 19 07:53:45 2023 +0000 - - upstream: Check if we can copy sshd or need to use sudo to do so - - during reexec test. Skip test if neither can work. Patch from anton@, tweaks - from me. - - OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d - -commit b2a2a8f69fd7737ea17dc044353c514f2f962f35 -Author: djm@openbsd.org -Date: Thu Feb 2 12:10:22 2023 +0000 - - upstream: openssh-9.2 - - OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923 - -commit 12da7823336434a403f25c7cc0c2c6aed0737a35 -Author: djm@openbsd.org -Date: Thu Feb 2 12:10:05 2023 +0000 - - upstream: fix double-free caused by compat_kex_proposal(); bz3522 - - by dtucker@, ok me - - OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80 - -commit 79efd95ab5ff99f4cb3a955e2d713b3f54fb807e -Author: Darren Tucker -Date: Wed Feb 1 17:17:26 2023 +1100 - - Skip connection-timeout test on minix3. - - Minix 3's Unix domain sockets don't seem to work the way we expect, so - skip connection-timeout test on that platform. While there, group - together all similarly skipped tests and explicitly comment. - -commit 6b508c4e039619842bcf5a16f8a6b08dd6bec44a -Author: Damien Miller -Date: Wed Feb 1 12:12:05 2023 +1100 - - fix libfido2 detection without pkg-config - - Place libfido2 before additional libraries (that it may depend upon) - and not after. bz3530 from James Zhang; ok dtucker@ - -commit 358e300fed5e6def233a2c06326e51e20ebed621 -Author: deraadt@openbsd.org -Date: Wed Jan 18 20:56:36 2023 +0000 - - upstream: delete useless dependency - - OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad - -commit a4cb9be1b021b511e281ee55c356f964487d9e82 -Author: deraadt@openbsd.org -Date: Wed Jan 18 20:43:15 2023 +0000 - - upstream: Create and install sshd random relink kit. - - ../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't - be too fragile, we'll see if we need a different approach. The resulting sshd - binary is tested with the new sshd -V option before installation. As the - binary layout is now semi-unknown (meaning relative, fixed, and gadget - offsets are not precisely known), change the filesystem permissions to 511 to - prevent what I call "logged in BROP". I have ideas for improving this further - but this is a first step ok djm - - OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8 - -commit bc7de6f91a9a0ae2f148a9d31a4027d441a51999 -Author: jmc@openbsd.org -Date: Wed Jan 18 06:55:32 2023 +0000 - - upstream: tweak previous; ok djm - - OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3 - -commit a20b7e999773e6333c8aa9b0a7fa41966e63b037 -Author: Darren Tucker -Date: Tue Jan 31 19:35:44 2023 +1100 - - Skip connection-timeout test under Valgrind. - - Valgrind slows things down so much that the timeout test fails. Skip - this test until we figure out if we can make it work. - -commit c3ffb54b4fc5e608206037921db6ccbc2f5ab25f -Author: Darren Tucker -Date: Wed Jan 25 21:58:40 2023 +1100 - - Skip connection-timeout when missing FD passing. - - This tests uses multiplexing which uses file descriptor passing, so - skip it if we don't have that. Fixes test failures on Cygwin. - -commit 35253af01d8c0ab444c8377402121816e71c71f5 -Author: djm@openbsd.org -Date: Wed Jan 18 02:00:10 2023 +0000 - - upstream: when restoring non-blocking mode to stdio fds, restore - - exactly the flags that ssh started with and don't just clobber them with - zero, as this could also remove the append flag from the set; - - bz3523; ok dtucker@ - - OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0 - -commit 7d17ea151c0b2519f023bd9cc7f141128833ac47 -Author: millert@openbsd.org -Date: Wed Jan 18 01:50:21 2023 +0000 - - upstream: Add a -V (version) option to sshd like the ssh client - - has. OK markus@ deraadt@ - - OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e - -commit 62360feb7f08f2a4c6fc36f3b3449309203c42c9 -Author: millert@openbsd.org -Date: Tue Jan 17 18:52:44 2023 +0000 - - upstream: For "ssh -V" always exit 0, there is no need to check opt - - again. This was missed when the fallthrough in the switch case above it was - removed. OK deraadt@ - - OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120 - -commit 12492c0abf1eb415d08a897cc1d8b9e789888230 -Author: djm@openbsd.org -Date: Tue Jan 17 10:15:10 2023 +0000 - - upstream: also check that an active session inhibits - - UnusedConnectionTimeout idea markus@ - - OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003 - -commit cef2593c33ac46a58238ff998818754eabdf64ff -Author: djm@openbsd.org -Date: Tue Jan 17 10:02:34 2023 +0000 - - upstream: regression test for UnusedConnectionTimeout - - OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084 - -commit aff9493a89c71d6a080419b49ac64eead9730491 -Author: djm@openbsd.org -Date: Mon Jan 16 04:11:29 2023 +0000 - - upstream: unbreak test: cannot access shell positional parameters - - past $9 without wrapping the position in braces (i.e. need ${10}, etc.) - - OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac - -commit 0293c19807f83141cdf33b443154459f9ee471f6 -Author: djm@openbsd.org -Date: Tue Jan 17 09:44:48 2023 +0000 - - upstream: Add a sshd_config UnusedConnectionTimeout option to terminate - - client connections that have no open channels for some length of time. This - complements the recently-added ChannelTimeout option that terminates inactive - channels after a timeout. - - ok markus@ - - OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9 - -commit 8ec2e3123802d2beeca06c1644b0b647f6d36dab -Author: djm@openbsd.org -Date: Sun Jan 15 23:35:10 2023 +0000 - - upstream: adapt to ed25519 changes in src/usr.bin/ssh - - OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5 - -commit 9fbbfeca1ce4c7ec0001c827bbf4189a3ba0964b -Author: djm@openbsd.org -Date: Sun Jan 15 23:05:32 2023 +0000 - - upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP - - (20221122) and change the import approach to the same one we use for - Streamlined NTRUPrime: use a shell script to extract the bits we need from - SUPERCOP, make some minor adjustments and squish them all into a single file. - - ok tb@ tobhe@ - - OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b - -commit 6283f4bd83eee714d0f5fc55802eff836b06fea8 -Author: Darren Tucker -Date: Sat Jan 14 22:02:44 2023 +1100 - - Allow writev is seccomp sandbox. - - This seems to be used by recent glibcs at least in some configurations. - From bz#3512, ok djm@ - -commit 923c3f437f439cfca238fba37e97a7041782f615 -Author: dtucker@openbsd.org -Date: Sat Jan 14 10:05:54 2023 +0000 - - upstream: Shell syntax fix. From ren mingshuai vi github PR#369. - - OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9 - -commit 4d87a00f704e0365e11c3c38b170c1275ec461fc -Author: dtucker@openbsd.org -Date: Sat Jan 14 09:57:08 2023 +0000 - - upstream: Instead of skipping the all-tokens test if we don't have - - OpenSSL (since we use it to compute the hash), put the hash at the end and - just omit it if we don't have it. Prompted by bz#3521. - - OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea - -commit b05406d6f93b8c8ec11ec8b27e7c76cc7a5a55fb -Author: jmc@openbsd.org -Date: Fri Jan 13 07:13:40 2023 +0000 - - upstream: fix double phrase in previous; - - OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2 - -commit 40564812b659c530eb1f4b62d09e85612aef3107 -Author: dtucker@openbsd.org -Date: Fri Jan 13 03:16:29 2023 +0000 - - upstream: Document "UserKnownHostsFile none". ok djm@ - - OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5 - -commit d03e245e034019a37388f6f5f893ce848ab6d2e2 -Author: Darren Tucker -Date: Fri Jan 13 23:02:34 2023 +1100 - - Retry package installation 3 times. - - When setting up the CI environment, retry package installation 3 times - before going up. Should help prevent spurious failures during - infrastructure issues. - -commit 625f6bc39840167dafb3bf5b6a3e18503ac986e8 -Author: dtucker@openbsd.org -Date: Fri Jan 13 04:47:34 2023 +0000 - - upstream: Move scp path setting to a helper function. The previous - - commit to add scp to the test sshd's path causes the t-envpass test to fail - when the test scp is given using a fully qualified path. Put this in a - helper function and only call it from the scp tests. - - OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4 - -commit 6e6f88647042b3cde54a628545c2f5fb656a9327 -Author: dtucker@openbsd.org -Date: Fri Jan 13 04:23:00 2023 +0000 - - upstream: Add scp's path to test sshd's PATH. - - If the scp we're testing is fully qualified (eg it's not in the system - PATH) then add its path to the under-test sshd's PATH so we can find - it. Prompted by bz#3518. - - OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0 - -commit 8a5e99a70fcf9b022a8aa175ebf6a71f58511da3 -Author: Darren Tucker -Date: Fri Jan 13 15:49:48 2023 +1100 - - Remove skipping test when scp not in path. - - An upcoming change renders this obsolete by adding scp's path to the - test sshd's PATH, and removing this first will make the subsequent sync - easier. - -commit 41f36dd896c8fb8337d403fcf476762986976e9d -Author: dtucker@openbsd.org -Date: Fri Jan 13 02:58:20 2023 +0000 - - upstream: Add a "Host" line to the output of ssh -G showing the - - original host arg. Inspired by patch from vincent at bernat.ch via bz#3343, - ok djm@ - - OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883 - -commit f673b49f3be3eb51074fbb8a405beb6cd0f7d93e -Author: djm@openbsd.org -Date: Fri Jan 13 02:44:02 2023 +0000 - - upstream: avoid printf("%s", NULL) if using ssh - - -oUserKnownHostsFile=none and a hostkey in one of the system known hosts file - changes; ok dtucker@ - - OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614 - -commit 93fc7c576563e3d88a1dc019dd213f65607784cc -Author: djm@openbsd.org -Date: Wed Jan 11 05:39:38 2023 +0000 - - upstream: clamp the minimum buffer lengths and number of inflight - - requests too - - OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56 - -commit 48bf234322e639d279c5a28435eae50155e9b514 -Author: djm@openbsd.org -Date: Wed Jan 11 05:36:50 2023 +0000 - - upstream: ignore bogus upload/download buffer lengths in the limits - - extension - - OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8 - -commit 36b00d31833ca74cb0f7c7d8eda1bde55700f929 -Author: djm@openbsd.org -Date: Wed Jan 11 02:13:52 2023 +0000 - - upstream: remove whitespace at EOL from code extracted from SUPERCOP - - OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4 - -commit d888de06c5e4d7dbf2f2b85f2b5bf028c570cf78 -Author: djm@openbsd.org -Date: Wed Jan 11 00:51:27 2023 +0000 - - upstream: rewrite this test to use a multiplexed ssh session so we can - - control its lifecycle without risk of race conditions; fixes some of the - Github integration tests for openssh-portable - - OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969 - -commit 4bcc737a35fdd9cc4af7423d6c23dfd0c7ef4786 -Author: Damien Miller -Date: Wed Jan 11 11:45:17 2023 +1100 - - remove buffer len workaround for NetBSD 4.x - - Switching to from pipes to a socketpair for communicating with the - ssh process avoids the (kernel bug?) problem. - -commit f5154d2aac3e6a32a1b13dec23a701a087850cdc -Author: Damien Miller -Date: Wed Jan 11 11:44:19 2023 +1100 - - add back use of pipes in scp.c under USE_PIPES - - This matches sftp.c which prefers socketpair but uses pipes on - some older platforms. - -commit eec737b59cf13841de46134967a206607000acd4 -Author: millert@openbsd.org -Date: Tue Jan 10 23:22:15 2023 +0000 - - upstream: Switch scp from using pipes to a socketpair for - - communication with it's ssh sub-processes. We no longer need to reserve two - descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is - handled by sanitise_stdfd() in main(). Based on an original diff from djm@. - OK deraadt@ djm@ - - OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d - -commit d213d126a4a343abd3a1eb13687d39c1891fe5c8 -Author: jmc@openbsd.org -Date: Fri Jan 6 08:44:11 2023 +0000 - - upstream: tweak previous; ok djm - - OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858 - -commit 4a5590a5ee47b7dfd49773e9fdba48ad3089fe64 -Author: Damien Miller -Date: Mon Jan 9 16:33:56 2023 +1100 - - try to improve logging for dynamic-forward test - - previously the logs from the ssh used to exercise the forwarding - channel would clobber the logs from the ssh actually doing the - forwarding - -commit 715bc25dcfccf9fb2bee820155fe071d01a618db -Author: Darren Tucker -Date: Sat Jan 7 23:24:50 2023 +1100 - - Skip dynamic-forward test on minix3. - - This test relies on loopback addresses which minix does not have. - Previously the test would not run at all since it also doesn't have - netcat, but now we use our own netcat it tries and fails. - -commit dd1249bd5c45128a908395c61b26996a70f82205 -Author: Damien Miller -Date: Sun Jan 8 12:08:59 2023 +1100 - - don't test IPv6 addresses if platform lacks support - -commit d77fc611a62f2dfee0b654c31a50a814b13310dd -Author: dtucker@openbsd.org -Date: Fri Jan 6 12:33:33 2023 +0000 - - upstream: When OpenSSL is not available, skip parts of percent test - - that require it. Based on github pr#368 from ren mingshuai. - - OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2 - -commit 1cd2aac312af9172f1b5cb06c2e1cd090abb83cf -Author: Darren Tucker -Date: Sat Jan 7 23:01:11 2023 +1100 - - Use our own netcat for dynamic-forward test. - - That way we can be surer about its behaviour rather than trying to - second-guess the behaviour of various netcat implementations. - -commit 26cab41c05d7b0859d2a1ea5b6ed253d91848a80 -Author: Darren Tucker -Date: Sat Jan 7 14:30:43 2023 +1100 - - Use autoconf to find openssl binary. - - It's possible to install an OpenSSL in a path not in the system's - default library search path. OpenSSH can still use this (eg if you - specify an rpath) but the openssl binary there may not work. If one is - available on the system path just use that. - -commit 5532e010a0eeb6aa264396514f9aed7948471538 -Author: Darren Tucker -Date: Sat Jan 7 10:34:18 2023 +1100 - - Check openssl_bin path is executable before using. - -commit 5d7b16cff48598d5908db970bfdc9ff9326142c8 -Author: Darren Tucker -Date: Fri Jan 6 23:19:07 2023 +1100 - - Set OPENSSL_BIN from OpenSSL directory. - -commit 344a0e8240eaf08da5d46a5e3a9ecad6e4f64c35 -Author: dtucker@openbsd.org -Date: Fri Jan 6 08:50:33 2023 +0000 - - upstream: Save debug logs from ssh for debugging purposes. - - OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0 - -commit e1ef172646f7f49c80807eea90225ef5e0be55a8 -Author: djm@openbsd.org -Date: Fri Jan 6 08:07:39 2023 +0000 - - upstream: regression test for ChannelTimeout - - OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685 - -commit 2393ea8daf25853459eb07a528d7577688847777 -Author: djm@openbsd.org -Date: Fri Jan 6 07:18:18 2023 +0000 - - upstream: fix typo in verbose logging - - OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9 - -commit 161a5378a3cc2e7aa3f9674cb7f4686ae6ce9586 -Author: djm@openbsd.org -Date: Fri Jan 6 02:59:50 2023 +0000 - - upstream: unit tests for misc.c:ptimeout_* API - - OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94 - -commit 018d671d78145f03d6f07ae9d64d51321da70325 -Author: tb@openbsd.org -Date: Wed Jan 4 22:48:57 2023 +0000 - - upstream: Copy bytes from the_banana[] rather than banana() - - Fixes test failure due to segfault seen on arm64 with xonly snap. - - ok djm - - OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046 - -commit ab6bb69e251faa8b24f81b25c72ec0120f20cad4 -Author: Damien Miller -Date: Fri Jan 6 19:13:36 2023 +1100 - - unbreak scp on NetBSD 4.x - - e555d5cad5 effectively increased the default copy buffer size for SFTP - transfers. This caused NetBSD 4.x to hang during the "copy local file to - remote file in place" scp.sh regression test. - - This puts back the original 32KB copy buffer size until we can properly - figure out why. - - lots of debugging assistance from dtucker@ - -commit 2d1ff2b9431393ad99ef496d5e3b9dd0d4f5ac8c -Author: djm@openbsd.org -Date: Fri Jan 6 02:47:18 2023 +0000 - - upstream: Implement channel inactivity timeouts - - This adds a sshd_config ChannelTimeouts directive that allows channels that - have not seen traffic in a configurable interval to be automatically closed. - Different timeouts may be applied to session, X11, agent and TCP forwarding - channels. - - Note: this only affects channels over an opened SSH connection and not - the connection itself. Most clients close the connection when their channels - go away, with a notable exception being ssh(1) in multiplexing mode. - - ok markus dtucker - - OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8 - -commit 0e34348d0bc0b1522f75d6212a53d6d1d1367980 -Author: djm@openbsd.org -Date: Fri Jan 6 02:42:34 2023 +0000 - - upstream: Add channel_set_xtype() - - This sets an "extended" channel type after channel creation (e.g. - "session:subsystem:sftp") that will be used for setting channel inactivity - timeouts. - - ok markus dtucker - - OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca - -commit ceedf09b2977f3a756c759a6e7eb8f8e9db86a18 *** 1822 LINES SKIPPED *** From nobody Thu Feb 20 18:00:45 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzLf64JP5z5pD85; Thu, 20 Feb 2025 18:00:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzLf55jvYz3F9J; Thu, 20 Feb 2025 18:00:45 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740074445; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=81AKLMHe0QVYdeppVsvABUXSkBX2iaqyUow+72Zj0No=; b=QWsCJyU8VyTictX9Sg4Q5HLfP2rhPjY1pTj1PoXG2tXQEJhsRF8UuyntGxEV4IlHWMyoUh znAUKj4sGaLwnOHBiPiBASwyccgqresCLo3iNr8l18LEo1XcAiL1MzlWag846O2/eS96CZ jQemMFiFsxcLcnoafDXriHUktLZsrz8qFW9qcZ6nIVzbJBTVRIRPpSMXWVce0Ko5ri6Nsy EZjxVZGjdzolPO4QWp9p++6AzF1mGhSBDOpt99H6iu88fzDTi3a3Z6AowADX00zmuoNrCL L2Gvoa0rZBfJEbyRVUt1yrWrRgoK++Y0XkBwFqQ7noRXYJzjuUCbuSO5lgzB6Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740074445; a=rsa-sha256; cv=none; b=kFFyUavzgUR58BGTbPAWoIenkzbSpCbQaacBDOiEU3MMH1SYkykn/FqJ2jbBS697eA2Rwo J6l6c0owpNRwhgv7Kl5vX9J7nQpLg0un8iia1XZySLIQ37L9/zimKVlzawjm93NdHErvQv mg53R2IogbDHg6pBZes9V8FHqKd8yes1pZl8JcGGNTv89Wfpaj86RAC7jbwUHSu4f9SeCc g1rXpIpmKjk94FS/f6DuCShHYZaoeRfDeAMFMgSqZa8WRou8FyMd3wziYih5R0ApMV/FDJ 7hOH010a0OK4izvjOC1cfKZlcv6Lu3AspmWPgVVTQbWDjPiXROvmKRM4T663JQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740074445; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=81AKLMHe0QVYdeppVsvABUXSkBX2iaqyUow+72Zj0No=; b=vcVftlW9MrnhhzK0furC4n3emK2d4coLmfh1lYXigNTR7a7+PH001wAPnxWUcCePhL8Z8X xvPFfcjzpgakFM6ulqweJ7neYReWo+iYjbV/03EqBWB4mstMHi3rHyEz74LRIVoNbPc1Sz ELArSpZRlZZ9uKYi9XMyhYBNHVJZJNZJPGqdD77xgu/+hdXfRdzO2IkrIlft8nILvmIJo/ Vdse2Sl9jPzoinE4X/uZ0TZsNk48fbuJURtd4/oBZOATiaZgxVPWK1x4MgBoU9gb6a42ew NN0YUicWxQo5I8fTpesKDm+2boUuHq/H1p2ySEZletuYBhdZ0g3UmL2Lwjq3cA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzLf54MXbz12Rl; Thu, 20 Feb 2025 18:00:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51KI0jNC079235; Thu, 20 Feb 2025 18:00:45 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51KI0jgd079232; Thu, 20 Feb 2025 18:00:45 GMT (envelope-from git) Date: Thu, 20 Feb 2025 18:00:45 GMT Message-Id: <202502201800.51KI0jgd079232@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: fb309875333c - releng/13.5 - ssh: Don't reply to PING in preauth phase or during KEX List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.5 X-Git-Reftype: branch X-Git-Commit: fb309875333c2b8c664acad77ad54f87c698925c Auto-Submitted: auto-generated The branch releng/13.5 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=fb309875333c2b8c664acad77ad54f87c698925c commit fb309875333c2b8c664acad77ad54f87c698925c Author: Ed Maste AuthorDate: 2025-02-19 03:00:45 +0000 Commit: Ed Maste CommitDate: 2025-02-20 18:00:11 +0000 ssh: Don't reply to PING in preauth phase or during KEX Obtained from: OpenSSH 5e07dee272c3 Security: CVE-2025-26466 Approved by: so Sponsored by: The FreeBSD Foundation (cherry picked from commit 8a16d0831e70530b2fbd682e748bd051de35f192) (cherry picked from commit 34798cb576bbd2064ab8da372112482bf8e2a7e6) (cherry picked from commit 3ea366f74475132a743f8667ecafe4a091a29d48) Approved by: re (implicit) --- crypto/openssh/packet.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/crypto/openssh/packet.c b/crypto/openssh/packet.c index 2d1401e7c9f5..d8fbfa28b800 100644 --- a/crypto/openssh/packet.c +++ b/crypto/openssh/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.313 2023/12/18 14:45:17 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.318 2025/02/18 08:02:12 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1774,6 +1774,14 @@ ssh_packet_read_poll_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) if ((r = sshpkt_get_string_direct(ssh, &d, &len)) != 0) return r; DBG(debug("Received SSH2_MSG_PING len %zu", len)); + if (!ssh->state->after_authentication) { + DBG(debug("Won't reply to PING in preauth")); + break; + } + if (ssh_packet_is_rekeying(ssh)) { + DBG(debug("Won't reply to PING during KEX")); + break; + } if ((r = sshpkt_start(ssh, SSH2_MSG_PONG)) != 0 || (r = sshpkt_put_string(ssh, d, len)) != 0 || (r = sshpkt_send(ssh)) != 0) From nobody Thu Feb 20 18:00:47 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzLf96qtDz5pD88; Thu, 20 Feb 2025 18:00:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzLf82SD0z3FJ3; Thu, 20 Feb 2025 18:00:48 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740074448; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=qA3XdGEd+jqH5fNFa9MviLlrOdBpm0q6ldQyVJrhqvw=; b=yiCfM9F9HV2KeohuxgnpM5gmhl2FUy6T59Lbfm+18QaWiIHYN/jjSanM0/XYUmDVogDX6M 8dk/+Uxpy7ZNttUOnb5yJjO9vDZaGJL+XVSQgvUfGTxsTgtau0OtntFD1xbNP/WbZ3UpeV yhbM5XQyV9DzsmurPGXZOAHpJGRnvRC6YUydYyBAwJ5V4UY0DuSFYnsaf7qZ7MKCwIieYk 7sQJtNoENpK1Z0GjER1drFImbC0Otpp7Q4Ewuqkxq2xWUAY6rgW/lgiWgGWYVFxJBnkAPv J5Qc/HyWvueOvMBVXDZ6T/CTRj5jjCvt+4SAjYq32LKCRoK0ETja1wu9QtfdFw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740074448; a=rsa-sha256; cv=none; b=eKRo5QliRvAysla4ZmNsCiHpEQE8ZQuM+vlXF1+mLbXRRR1P1MiBrryQ9S932x/vs96ESS brpYsuhR/0kd0Xpb3I1VzQ3FGuTvCsnofA9sxlwTL8AAsGBLX2MvMYfYNYSszWZV/+16Kc lvvPEZqAvCnuK0koxeiiy6DZa49u8aBVuf9AuP9vA6w6SfwkXCFhOd0S2jO+9FqA542MzP dPbVwvcYbgIy/IVmC+OeYncRe96vgDWrgZTMTjhQN1ah8RuSWOc5I8DgphDqTPkgcAm1CU rZOAwIbrRfGnVNeUuGejf/nh0Ijaj9xGUT6x/jGkb+0ZxBNdGXCk9bP9R60/HA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740074448; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=qA3XdGEd+jqH5fNFa9MviLlrOdBpm0q6ldQyVJrhqvw=; b=TpAvE8xUljoS+SOqJU4+vEPOs120upYecJydGR27/4LtEqjFozU8GRhhxaZDfwQP8ZD82F byG7TWumVUG52tN+uRLs0+0fyz2coXbxFA66VIijXQY3apYLZicnwJfvSm02P0Hh3nVREz xvaQR6BOYoMTKyj0QJiXA942+5EMH8cgSfR3+IyljlFaIVbCVkDw5o7Y/29CFtn22uJXkL a8x45N2bVS+Ebw6hk3fzZS1S9BPupTyfYovyzM/0teJ+mG3h7KeRlkFwZcJ9+rV5v7/GDU YAFOp/EwCEKHoNMHTdB8dCsZs+ivKvpPPKQd2vm9QfFgsJ2YxDsjN6bvFdBUVw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzLf767FSz12Rn; Thu, 20 Feb 2025 18:00:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51KI0lfD079309; Thu, 20 Feb 2025 18:00:47 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51KI0lb2079306; Thu, 20 Feb 2025 18:00:47 GMT (envelope-from git) Date: Thu, 20 Feb 2025 18:00:47 GMT Message-Id: <202502201800.51KI0lb2079306@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 78b4f775184c - releng/13.5 - ssh: Bump VersionAddendum for CVE fixes List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.5 X-Git-Reftype: branch X-Git-Commit: 78b4f775184c368821586565dde4b9ab7f08c00c Auto-Submitted: auto-generated The branch releng/13.5 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=78b4f775184c368821586565dde4b9ab7f08c00c commit 78b4f775184c368821586565dde4b9ab7f08c00c Author: Ed Maste AuthorDate: 2025-02-19 14:00:42 +0000 Commit: Ed Maste CommitDate: 2025-02-20 18:00:27 +0000 ssh: Bump VersionAddendum for CVE fixes Approved by: so Sponsored by: The FreeBSD Foundation (cherry picked from commit 62df41ae0a71e77ccb1e8fae06d82eec5dff441a) (cherry picked from commit 24ce323f020fb1ee1b463e524a7a6c15f47ec2a4) (cherry picked from commit 2fc62d0bd4f7ca90d7abdfaf076dd49022bf7d54) Approved by: re (implicit) --- crypto/openssh/ssh_config | 2 +- crypto/openssh/ssh_config.5 | 2 +- crypto/openssh/sshd_config | 2 +- crypto/openssh/sshd_config.5 | 2 +- crypto/openssh/version.h | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/crypto/openssh/ssh_config b/crypto/openssh/ssh_config index a047ce2deb93..518edcd2a01a 100644 --- a/crypto/openssh/ssh_config +++ b/crypto/openssh/ssh_config @@ -44,4 +44,4 @@ # ProxyCommand ssh -q -W %h:%p gateway.example.com # RekeyLimit 1G 1h # UserKnownHostsFile ~/.ssh/known_hosts.d/%k -# VersionAddendum FreeBSD-20240806 +# VersionAddendum FreeBSD-20250219 diff --git a/crypto/openssh/ssh_config.5 b/crypto/openssh/ssh_config.5 index de1903ba43a2..60e4b31a2de5 100644 --- a/crypto/openssh/ssh_config.5 +++ b/crypto/openssh/ssh_config.5 @@ -2137,7 +2137,7 @@ in Specifies a string to append to the regular version string to identify OS- or site-specific modifications. The default is -.Dq FreeBSD-20240806 . +.Dq FreeBSD-20250219 . The value .Cm none may be used to disable this. diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config index 866e905d9515..fddc6fee17e3 100644 --- a/crypto/openssh/sshd_config +++ b/crypto/openssh/sshd_config @@ -105,7 +105,7 @@ AuthorizedKeysFile .ssh/authorized_keys #PermitTunnel no #ChrootDirectory none #UseBlacklist no -#VersionAddendum FreeBSD-20240806 +#VersionAddendum FreeBSD-20250219 # no default banner path #Banner none diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5 index a354c1ef2b0a..a5d6ef07c83f 100644 --- a/crypto/openssh/sshd_config.5 +++ b/crypto/openssh/sshd_config.5 @@ -1947,7 +1947,7 @@ The default is Optionally specifies additional text to append to the SSH protocol banner sent by the server upon connection. The default is -.Qq FreeBSD-20240806 . +.Qq FreeBSD-20250219 . The value .Cm none may be used to disable this. diff --git a/crypto/openssh/version.h b/crypto/openssh/version.h index 82be0be8498f..f3fb7fe333eb 100644 --- a/crypto/openssh/version.h +++ b/crypto/openssh/version.h @@ -5,4 +5,4 @@ #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE -#define SSH_VERSION_FREEBSD "FreeBSD-20240806" +#define SSH_VERSION_FREEBSD "FreeBSD-20250219" From nobody Thu Feb 20 18:46:09 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzMfT6fxNz5pGw6; Thu, 20 Feb 2025 18:46:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzMfT6FvGz3gVv; Thu, 20 Feb 2025 18:46:09 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740077169; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=bDgUIGAvMVPPdDlEY5O8cSqZ3CrfcUfJCEOAq6VExYw=; b=P3NPySZUzU0VPkFj/1R73jBnw//qbhD3O1Y6jzl717fPmRecVwMe0YcWTrjZYlXE/bt7Je DUY5CYcELyGnkNmzZ/764Im1O0CxjGWGobJ238EFQLxJ0xUg3Kh8+54BcQUohFDXhTZlQy Xx6xMA/uIS+/keEjm2c2hCNS1i47m64Z1RPht7/bW+QiZ9mVQVnqtL3bWv/gFTrTxEuKTF W2VYMhxJVqqWWIDPslCxVWP9WDz7czKNDGwMVVlyXHtaMQzATtrlU94MpF+5DBT88rX7aZ tSWljYHP6VaXtFzHsiOSy8pyfeB6KGXMFg+aF+QQOWoS1ReMBiTBup/VhZXw2A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740077169; a=rsa-sha256; cv=none; b=pRtE5m8JsoU0c6S58y58p5nWyIwwWFw8v0pKvntb5utqRVbjrC2Xrk5ZzHwxK9DViacfvR vjNylCdngrC0ASurjVFZPRsxb4vyGIRyF+F1X7fRb3Sp/vAzFYDKvcIoOs3lElhgJO1uc2 XM6/49azLuFTxRjQVH3keI0Zp5D2LMEqbC+9ISqvBaCQ2Pg7HbwRl+rXpZ4khcvkpab4Zt PouRopUo5TwZsvZ2EdG9AtbF/RGTnFlXUVkCAbN/zIYfO5h5deF3RNxUbOCGrVTBnMEcBK helfgKSbyjOJJ+s46JQ7xJpkmhVwWCMKQv4WMSjTqF1T989h3Y2z3DGMRxXf4A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740077169; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=bDgUIGAvMVPPdDlEY5O8cSqZ3CrfcUfJCEOAq6VExYw=; b=xXvn0DE/MaCDxfviPUnLKAuBXjscH++IVpJ4lD46XqsSfeNCJgIqyKRUi0WZk5s/lh1xPW xRz0w57kt7wA99QXq9xbF+tGbdzs9U5YyZ7pQzl41Koi0d6WtUKaYlFqxXwEltphiklsxJ D5hLHw0XdIvtaQyKyQubpZCFX9UPDd7N/VWK8H+dIP2zwwAwENQkkCnrTXaUzrJIO8yY+r bs+0iDxUA4Nag3MzsJ47WsvwTb6j1zZ2BhMtFbdn/RNpAi1OwpBXFF7C5dPtXWNXb34rcO vlsKw0scVQVUJMnh9mkQuo1OmgogCeTFAFN9foxrikWyM/9b1BBHGys4Syzkwg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzMfT5Rhbz13y5; Thu, 20 Feb 2025 18:46:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51KIk94X062025; Thu, 20 Feb 2025 18:46:09 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51KIk9YC062022; Thu, 20 Feb 2025 18:46:09 GMT (envelope-from git) Date: Thu, 20 Feb 2025 18:46:09 GMT Message-Id: <202502201846.51KIk9YC062022@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 6cb9cfffa89a - releng/13.5 - ssh: Move XAUTH_PATH setting to ssh.mk List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.5 X-Git-Reftype: branch X-Git-Commit: 6cb9cfffa89a1f2faf5a7fa3dd29f4e54e79c6fb Auto-Submitted: auto-generated The branch releng/13.5 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=6cb9cfffa89a1f2faf5a7fa3dd29f4e54e79c6fb commit 6cb9cfffa89a1f2faf5a7fa3dd29f4e54e79c6fb Author: Ed Maste AuthorDate: 2025-02-09 20:37:24 +0000 Commit: Ed Maste CommitDate: 2025-02-20 18:44:55 +0000 ssh: Move XAUTH_PATH setting to ssh.mk XAUTH_PATH is normally set (in the upstream build infrastructure) in config.h. We previously set it in ssh and sshd's Makefiles if LOCALBASE is set, and over time have sometimes also defined it in config.h. Leave it unset in config.h and move the CFLAGS logic to to ssh.mk so that it will be set when building all ssh libraries and programs but still be set by LOCALBASE. Reviewed by: jlduran Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D48907 (cherry picked from commit a63701848fe5462c4e8bbff0131bb42979e603ec) (cherry picked from commit 73dd56ffcd7b2c46de58980ac888c0421e3ec0b6) (cherry picked from commit 10e9add50f9358b6b74e1d481b270ba32f3e85da) Approved by: re (cperciva) --- crypto/openssh/config.h | 2 +- secure/ssh.mk | 2 ++ secure/usr.bin/ssh/Makefile | 4 ---- secure/usr.sbin/sshd/Makefile | 3 --- 4 files changed, 3 insertions(+), 8 deletions(-) diff --git a/crypto/openssh/config.h b/crypto/openssh/config.h index 78bd4280818a..e36d766039df 100644 --- a/crypto/openssh/config.h +++ b/crypto/openssh/config.h @@ -2015,7 +2015,7 @@ #endif /* Define if xauth is found in your path */ -#define XAUTH_PATH "/usr/local/bin/xauth" +/* #undef XAUTH_PATH */ /* Number of bits in a file offset, on hosts where this is settable. */ /* #undef _FILE_OFFSET_BITS */ diff --git a/secure/ssh.mk b/secure/ssh.mk index 9ee533c10eca..c331e40c16f8 100644 --- a/secure/ssh.mk +++ b/secure/ssh.mk @@ -7,6 +7,8 @@ SSHDIR= ${SRCTOP}/crypto/openssh CFLAGS+= -I${SSHDIR} -include ssh_namespace.h SRCS+= ssh_namespace.h +CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE:U/usr/local}/bin/xauth\" + .if ${MK_USB} != "no" # Built-in security key support CFLAGS+= -include sk_config.h diff --git a/secure/usr.bin/ssh/Makefile b/secure/usr.bin/ssh/Makefile index 1d1f5e5e8723..f5560acb8799 100644 --- a/secure/usr.bin/ssh/Makefile +++ b/secure/usr.bin/ssh/Makefile @@ -30,10 +30,6 @@ LIBADD+= gssapi LIBADD+= crypto -.if defined(LOCALBASE) -CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE}/bin/xauth\" -.endif - .include .PATH: ${SSHDIR} diff --git a/secure/usr.sbin/sshd/Makefile b/secure/usr.sbin/sshd/Makefile index fd9eacebe68d..73aedb25a84b 100644 --- a/secure/usr.sbin/sshd/Makefile +++ b/secure/usr.sbin/sshd/Makefile @@ -63,9 +63,6 @@ LIBADD+= wrap LIBADD+= crypto -.if defined(LOCALBASE) -CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE}/bin/xauth\" -.endif .include From nobody Thu Feb 20 18:46:10 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzMfW1jr2z5pH28; Thu, 20 Feb 2025 18:46:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzMfV6zFLz3ghJ; Thu, 20 Feb 2025 18:46:10 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740077171; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Jh/ca1Ewb+D7tn3x1GBozyRpUDQ6gx6zH/H6N9RDN5s=; b=iWpVdrfhqN+NIgK/WOrL8b7kOtGlFKgh4yrIgxSGvgCmDpG7vDFXN8D3vNQeNxcl+TNKNg x1UQHpNXQ62R1Y+LtE0oq3Aurtf1kP/J0Ty28VWnaLRKYtbuXP017Oe5iXM3/t4pUx5ZWF k7jQt6DyUoYbaM3G6sOjyf30gh1fwvP2MH1vaFpjDp4oYiSv3Y1Z5bqVxWaIK9iVfXAJOT ivhcjh7e5m9QUEB9LglErQeRcTH/MQCXBveybJfz1L56kAkhu6+EgSsBcp6RgB2o6hhOo3 IyZLxQbgpSEPhJ/zBWPYpW7EH4agtG48LY/Ah/gyK5AtwpEvk4ugTQYlUxSp2A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740077171; a=rsa-sha256; cv=none; b=x2ISpVNauRv/OaBnuNBNBz5ZnWLyVfFVjvHBm1KgbEqQJQfTpgIrtbVjQyzsVxANVA+pzE QotaYcNhZNgczP2QoIHgdVBRZmz8m8D/wsSzAGNbu07ovplEdVeTGtUEXr13sSugR6RTvi 5VWdjRzGFsau493tjIp85ZZh2bjxXencEpuLA/SGzEdW2iK+RSv7jU/+ApDdGcdHYcsumH 7v5QPe+4ERH6/dMZV9iipvZqiAaAmJ7nbNMs9xeoXUXI5HM+WM7IRrqOI7ou/T3Nr0+dvA iE7dinqtJEZmwWk6c1OBOcGiMLP6CUjK1xzF8IPqzdkVCBGNBc3wJwvWxkj9qg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740077171; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Jh/ca1Ewb+D7tn3x1GBozyRpUDQ6gx6zH/H6N9RDN5s=; b=lQg9AY4Rv0O3n83Tu7Thoa//ZiXELBPwfJlAmgG7bwHrrFiPYGikndUyLeK3cHAjeStGwm c4SiTYy3uMT14YEMEO0g6PI1RltCc2+eqb4B1mQTgunM8ZOamwIY6XgV8b9/meYOxMDMY5 FvEqUGEjzdeI+IzefdcbFBo3RyxewGElFTYhswNBz8OtbcfrUTUQHn0YfSjexcY9qKLat1 R8SLNcxHeVPiP0EUU7N0vt9wB505Oz89Xtjq9rDjz/lkfZ6T4ZDdzhiNwrgrIcTDA56aEy kl9hB2AENbAMPddL9RQcCyj1LsxTnVuGup5ZctamQQNcLYb/pq0AbUrfx/Vdew== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzMfV6MzKz13Wf; Thu, 20 Feb 2025 18:46:10 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51KIkAUR062058; Thu, 20 Feb 2025 18:46:10 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51KIkARa062055; Thu, 20 Feb 2025 18:46:10 GMT (envelope-from git) Date: Thu, 20 Feb 2025 18:46:10 GMT Message-Id: <202502201846.51KIkARa062055@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: ef280c2e5fe4 - releng/13.5 - libssh: Remove progressmeter List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.5 X-Git-Reftype: branch X-Git-Commit: ef280c2e5fe46241e12d2ddc5a557927eaadf584 Auto-Submitted: auto-generated The branch releng/13.5 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=ef280c2e5fe46241e12d2ddc5a557927eaadf584 commit ef280c2e5fe46241e12d2ddc5a557927eaadf584 Author: Ed Maste AuthorDate: 2025-02-06 19:21:12 +0000 Commit: Ed Maste CommitDate: 2025-02-20 18:45:03 +0000 libssh: Remove progressmeter It is used only by scp and sftp, and already included directly in their Makefiles. It does not belong in libssh. Fixes: d8b043c8d497 ("Update for 3.6.1p1; also remove Kerberos IV shims.") Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D48871 (cherry picked from commit c0af32952564099fe30a34aeb335f95a6dc811ba) (cherry picked from commit 8a02eb2c1e4f3847fccf3eb1e7ff914871e35be4) (cherry picked from commit 63d3c245221d79f16b59771e84467bdd1abf11dd) Approved by: re (cperciva) --- secure/lib/libssh/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/secure/lib/libssh/Makefile b/secure/lib/libssh/Makefile index e6738be94f65..939eddcb48b7 100644 --- a/secure/lib/libssh/Makefile +++ b/secure/lib/libssh/Makefile @@ -17,7 +17,7 @@ SRCS+= authfd.c authfile.c \ atomicio.c dispatch.c mac.c misc.c utf8.c \ monitor_fdpass.c rijndael.c ssh-dss.c ssh-ecdsa.c ssh-ecdsa-sk.c \ ssh-ed25519-sk.c ssh-rsa.c dh.c \ - msg.c progressmeter.c dns.c entropy.c umac.c umac128.c \ + msg.c dns.c entropy.c umac.c umac128.c \ ssh-pkcs11.c smult_curve25519_ref.c \ poly1305.c chacha.c cipher-chachapoly.c cipher-chachapoly-libcrypto.c \ ssh-ed25519.c digest-openssl.c digest-libc.c \ From nobody Thu Feb 20 18:46:11 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzMfX4Yt0z5pH29; Thu, 20 Feb 2025 18:46:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzMfX0mF5z3gSF; Thu, 20 Feb 2025 18:46:12 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740077172; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KioSG9Kmhm5diFDxP9VCICjMu41sV3yB/XK+R5hgx0Q=; b=Wq4iSbwStarG/Z2g/eVunVcQo2a6RKsvJzu72yTE5iuYdT3B83kSui5IdfxlLkCV4SRJ3B jZgCunkbuG1Uk+ehGlnaAO1N9zpkTGe6Yhh/yZKznyDN9uEkfOxoQEukQRYs2cwYCnirnV phw5WtRDuUI9Trw9wI/LFoNkKc5JmEZslwSW0hse+ccbfcUdFTH02VIn2G+tJJgdA9LbHF p5358NNiWVKXKGHLbvH4l1dXbPZUO7j0OPtk8eU4LgbbXYKpkZiqgVv1M9PJlwKgkOPBiy udp20NYznHX6Wy7xeg7mTMhdXtMhy3RBIT5oCkZrLLUs5eL9wAHFB7bSapxAWA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740077172; a=rsa-sha256; cv=none; b=o6dYCF/OdzxbqPzk72xAz+Ql9TsHZuWNAxLrwe6jh+z/W9zoC4NH7SpAxPBVacBc+EI2np CC73MVWVzCLPEOdwZTDN65p2FGHBQSqVaMdXqwlCXHJSRitQ69KiT4eNXxcRvu2gYH6YlT TDO39ZRVQvrvSAzRq6S+zSso+B/FzdL8+TSIOj0eae3rBljTpCOHVpjdwTOloE81FDrXaB QTeEJLjQyqSTLhKtEcsZ3v6sr6y+b3CDFBnfDnvheb9JA90Uh9hF3dR5BR0DpIkP7UFm6e SaggwOuz579AWLaP8ix4B28rT+XhcnRQs7QXDuWqXhLbUW4+WPZz6R55nlmJYA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740077172; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KioSG9Kmhm5diFDxP9VCICjMu41sV3yB/XK+R5hgx0Q=; b=bDNYR7DSTf8+MUxi1LqmJKr+/KoVBgkCsUjqijVOTsB9ssSuxVxC8p8+zBTTpMz3XeTd6L D2THOi++++GfqF0V+V1DUHrCu4n5o8boeK5jEoSkptbwPwm7xVv1wk+YUlD0qeZoXukqyZ Stc91tVdnEK0Wzou57HqXTkiKW222Qz1+q1V2WlmevGIAeUt5HKdHkzy/obNiLkqnAzMV1 R+vBMxk6yZoXSgl9kbLJuGlQwZtH5gCFtpEaD3TiWPOHhD0Z8Ry1+d6Bo6Wq4c5w1dHV73 Li4rfC5uFqDy9I4aJRo/z6ackaGqvhxsZ860HZSdrE0Uiltx8ejmG1wtNG6LaA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzMfX0DFDz1419; Thu, 20 Feb 2025 18:46:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51KIkBME062090; Thu, 20 Feb 2025 18:46:11 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51KIkBEn062087; Thu, 20 Feb 2025 18:46:11 GMT (envelope-from git) Date: Thu, 20 Feb 2025 18:46:11 GMT Message-Id: <202502201846.51KIkBEn062087@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: d2b7937c2c5c - releng/13.5 - ssh_config.5: Remove redundant CheckHostIP default text List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.5 X-Git-Reftype: branch X-Git-Commit: d2b7937c2c5c538f83ca42102cea603fd882b999 Auto-Submitted: auto-generated The branch releng/13.5 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=d2b7937c2c5c538f83ca42102cea603fd882b999 commit d2b7937c2c5c538f83ca42102cea603fd882b999 Author: Ed Maste AuthorDate: 2025-01-24 21:15:22 +0000 Commit: Ed Maste CommitDate: 2025-02-20 18:45:11 +0000 ssh_config.5: Remove redundant CheckHostIP default text In 2000 (commit a95c1225217b) we changed the CheckHostIP default to "no". We added text to ssh_config(5) documenting FreeBSD's default. In 2021 OpenSSH made the same change, released with OpenSSH 8.5p1. When we imported the update the added text remained, resulting in: If the option is set to no (the default), the check will not be executed. The default is no. Remove the now-redundant text. Fixes: 206be79acbde ("Vendor import of OpenSSH 8.5p1") Sponsored by: The FreeBSD Foundation (cherry picked from commit 06016adaccca1958cdde4edf845f5b972be7ffc0) (cherry picked from commit 2c97e333166d4f6f6b84da60b96a82982bb19649) (cherry picked from commit 935e29dcdd84a763ce804293dd385c2126d2ec8f) Approved by: re (cperciva) --- crypto/openssh/ssh_config.5 | 2 -- 1 file changed, 2 deletions(-) diff --git a/crypto/openssh/ssh_config.5 b/crypto/openssh/ssh_config.5 index 60e4b31a2de5..4a85589d132d 100644 --- a/crypto/openssh/ssh_config.5 +++ b/crypto/openssh/ssh_config.5 @@ -548,8 +548,6 @@ If the option is set to .Cm no (the default), the check will not be executed. -The default is -.Cm no . .It Cm Ciphers Specifies the ciphers allowed and their order of preference. Multiple ciphers must be comma-separated. From nobody Thu Feb 20 18:46:13 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzMfZ3Gw3z5pGY2; Thu, 20 Feb 2025 18:46:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzMfY5QBxz3ghg; Thu, 20 Feb 2025 18:46:13 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740077173; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=a/mB2OLcz4qHwgmQ7xcA7nq5GrrvMavGeUymwHVFen0=; b=JOPUc15oqcD5ghz/ju02lDHTeIrricFEl9VJ9nJRC7BQe969WLjrpIEIAvF6bLP99374q/ RAFjAt9Bbc4gBru8oZmL4iKPwBO4HdzzpMJZOKsE/SE4tpTnWTXzxLE3bXAUOhfFsv6fzN NNWCbZh3UxgVUd1ubUlorCPsptqr4qOqWRV8dIZ105FziMIqwlZeRajfuSCqg9J/s+zWK4 MNCTQ3k6qVGmmv16B02TW6GMySE1mro3GIn3NTpevTF2XHR8+/oOcRiPC6NtRjnfGfiqaR LUGtvFYvErbVJ9WzBDz/MYcwq6WC7jYikfEfcTeyNZzW3Yj6uqJ2aCfRh+Tk4g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740077173; a=rsa-sha256; cv=none; b=bjC0okYRYR9EuVa6CFxwuTgLffRoDt09X01Ee4WsgC9dhGqWuPnxbhxX2SlQvG6AY9qBQe CjvbxxmOiPUK7Da+MCrWFNjTW7u9CDSpLYXZp2Hyb1MGhgxjB74sYyTyqX0z7Ln7YGI2CY UH6tCkl/DP4y83ayE6D2od6ejVSdMiN/0mAAGatP44f5WhbeC1v8NIESjGEuFV0s4PTklZ qVeY7HkZZoFmAEz/kdTKtpqIeOwGE3+cagtMftXx3kPivYZsxIekJL5rmVjo+rbxoJBSxh VrmnU3QeFxQdC5gUN1KDWkUYoUaPhFGntauFv78XKQO0ToMou9QH44y2fKZpXg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740077173; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=a/mB2OLcz4qHwgmQ7xcA7nq5GrrvMavGeUymwHVFen0=; b=sAOwn18TRyGP/17uJSqHwVkRJyZl53y5vDBGdfrpkyRNZHiW7kGCeFt6GF1TrNh+4fmXnN ipPX1L+7qwkl6zPpu/cBJuSUCSLyvd/bZ32i5hV8j0ZTbH3NamtyNFPZMCv993nlFCyCHD as8ONUI0M4idtbyB5/SRZN+MECImHfFk5PqFqUn83sAhlWdf3KrfbP8BMQsyRqFiQt9xmE ISPXcCmLXYrEgHPhFwTJPi0taGOCjjOAStWK9khVTm1iwmIOjXsy2Mt4ODiceaEN8ISJoM AhoHegYY2aNkgpUan4eYw9e+RtUYilgFqM3gtA5EDObgHG0PD++5ndN0lfTnEA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzMfY4PwBz13y6; Thu, 20 Feb 2025 18:46:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51KIkDMX062122; Thu, 20 Feb 2025 18:46:13 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51KIkDw9062119; Thu, 20 Feb 2025 18:46:13 GMT (envelope-from git) Date: Thu, 20 Feb 2025 18:46:13 GMT Message-Id: <202502201846.51KIkDw9062119@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: b74bb7f01193 - releng/13.5 - openssh: Update to 9.8p1 List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.5 X-Git-Reftype: branch X-Git-Commit: b74bb7f01193eaf1f69735e530e85ac7cb6faa26 Auto-Submitted: auto-generated The branch releng/13.5 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=b74bb7f01193eaf1f69735e530e85ac7cb6faa26 commit b74bb7f01193eaf1f69735e530e85ac7cb6faa26 Author: Ed Maste AuthorDate: 2025-02-19 17:20:44 +0000 Commit: Ed Maste CommitDate: 2025-02-20 18:45:19 +0000 openssh: Update to 9.8p1 Highlights from the release notes are reproduced below. Some security and bug fixes were previously merged into FreeBSD and have been elided. See the upstream release notes for full details (https://www.openssh.com/releasenotes.html). --- Future deprecation notice ========================= OpenSSH plans to remove support for the DSA signature algorithm in early 2025. Potentially-incompatible changes -------------------------------- * sshd(8): the server will now block client addresses that repeatedly fail authentication, repeatedly connect without ever completing authentication or that crash the server. See the discussion of PerSourcePenalties below for more information. Operators of servers that accept connections from many users, or servers that accept connections from addresses behind NAT or proxies may need to consider these settings. * sshd(8): the server has been split into a listener binary, sshd(8), and a per-session binary "sshd-session". This allows for a much smaller listener binary, as it no longer needs to support the SSH protocol. As part of this work, support for disabling privilege separation (which previously required code changes to disable) and disabling re-execution of sshd(8) has been removed. Further separation of sshd-session into additional, minimal binaries is planned for the future. * sshd(8): several log messages have changed. In particular, some log messages will be tagged with as originating from a process named "sshd-session" rather than "sshd". * ssh-keyscan(1): this tool previously emitted comment lines containing the hostname and SSH protocol banner to standard error. This release now emits them to standard output, but adds a new "-q" flag to silence them altogether. * sshd(8): (portable OpenSSH only) sshd will no longer use argv[0] as the PAM service name. A new "PAMServiceName" sshd_config(5) directive allows selecting the service name at runtime. This defaults to "sshd". bz2101 New features ------------ * sshd(8): sshd(8) will now penalise client addresses that, for various reasons, do not successfully complete authentication. This feature is controlled by a new sshd_config(5) PerSourcePenalties option and is on by default. * ssh(8): allow the HostkeyAlgorithms directive to disable the implicit fallback from certificate host key to plain host keys. Portability ----------- * sshd(8): expose SSH_AUTH_INFO_0 always to PAM auth modules unconditionally. The previous behaviour was to expose it only when particular authentication methods were in use. * ssh(1), ssh-agent(8): allow the presence of the WAYLAND_DISPLAY environment variable to enable SSH_ASKPASS, similarly to the X11 DISPLAY environment variable. GHPR479 --- Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D48914 (cherry picked from commit 0fdf8fae8b569bf9fff3b5171e669dcd7cf9c79e) (cherry picked from commit b4bb480ae9294d7e4b375f0ead9ae57517c79ef3) (cherry picked from commit e95979047aec384852102cf8bb1d55278ea77eeb) (cherry picked from commit dcb4ae528d357f34e4a4b4882c2757c67c98e395) Approved by: re (accelerated MFC) (cherry picked from commit ff2fd01609cc10bcdc87ebe4de42efaf7ffe2ee9) (cherry picked from commit c845ae475579d9b38cd1e3061f3896b44d1cb172) Approved by: re (cperciva) --- crypto/openssh/.depend | 19 +- crypto/openssh/.git_allowed_signers | 2 + crypto/openssh/.git_allowed_signers.asc | 26 +- crypto/openssh/.github/ci-status.md | 10 +- crypto/openssh/.github/configs | 3 +- crypto/openssh/.github/run_test.sh | 1 + crypto/openssh/.github/workflows/c-cpp.yml | 16 +- crypto/openssh/.github/workflows/cifuzz.yml | 4 +- crypto/openssh/.github/workflows/selfhosted.yml | 55 +- crypto/openssh/.github/workflows/upstream.yml | 18 +- crypto/openssh/.gitignore | 5 +- crypto/openssh/.skipped-commit-ids | 8 + crypto/openssh/ChangeLog | 11260 ++++++++++--------- crypto/openssh/Makefile.in | 25 +- crypto/openssh/PROTOCOL.agent | 5 +- crypto/openssh/PROTOCOL.key | 4 +- crypto/openssh/README | 2 +- crypto/openssh/addr.c | 12 +- crypto/openssh/auth-pam.c | 54 +- crypto/openssh/auth-pam.h | 2 +- crypto/openssh/auth-rhosts.c | 3 +- crypto/openssh/auth.c | 108 +- crypto/openssh/auth.h | 15 +- crypto/openssh/auth2-gss.c | 41 +- crypto/openssh/auth2-hostbased.c | 15 +- crypto/openssh/auth2-kbdint.c | 7 +- crypto/openssh/auth2-methods.c | 134 + crypto/openssh/auth2-none.c | 12 +- crypto/openssh/auth2-passwd.c | 9 +- crypto/openssh/auth2-pubkey.c | 15 +- crypto/openssh/auth2.c | 91 +- crypto/openssh/channels.c | 22 +- crypto/openssh/channels.h | 4 +- crypto/openssh/cipher.c | 4 +- crypto/openssh/clientloop.c | 73 +- crypto/openssh/clientloop.h | 3 +- crypto/openssh/config.h | 21 +- crypto/openssh/configure.ac | 40 +- crypto/openssh/contrib/redhat/openssh.spec | 3 +- crypto/openssh/contrib/suse/openssh.spec | 3 +- crypto/openssh/ed25519.sh | 4 +- crypto/openssh/kex-names.c | 330 + crypto/openssh/kex.c | 270 +- crypto/openssh/kex.h | 9 +- crypto/openssh/kexgexs.c | 4 +- crypto/openssh/log.c | 17 +- crypto/openssh/log.h | 9 +- crypto/openssh/m4/openssh.m4 | 3 + crypto/openssh/misc.c | 100 +- crypto/openssh/misc.h | 11 +- crypto/openssh/moduli | 922 +- crypto/openssh/monitor.c | 57 +- crypto/openssh/monitor.h | 6 +- crypto/openssh/monitor_wrap.c | 234 +- crypto/openssh/monitor_wrap.h | 17 +- crypto/openssh/msg.c | 5 +- crypto/openssh/openbsd-compat/getrrsetbyname.c | 24 +- crypto/openssh/openbsd-compat/port-linux.c | 98 +- crypto/openssh/openbsd-compat/port-linux.h | 5 + crypto/openssh/packet.c | 92 + crypto/openssh/packet.h | 5 +- crypto/openssh/pathnames.h | 7 +- crypto/openssh/platform-listen.c | 84 + crypto/openssh/platform.c | 49 +- crypto/openssh/platform.h | 1 + crypto/openssh/readconf.c | 4 +- crypto/openssh/readpass.c | 9 +- crypto/openssh/regress/Makefile | 6 +- crypto/openssh/regress/cfgmatchlisten.sh | 2 +- crypto/openssh/regress/dropbear-ciphers.sh | 15 +- crypto/openssh/regress/dropbear-kex.sh | 14 +- crypto/openssh/regress/key-options.sh | 2 +- .../regress/misc/fuzz-harness/agent_fuzz_helper.c | 1 - .../openssh/regress/misc/fuzz-harness/kex_fuzz.cc | 8 +- .../openssh/regress/misc/fuzz-harness/sig_fuzz.cc | 8 +- crypto/openssh/regress/penalty-expire.sh | 35 + crypto/openssh/regress/penalty.sh | 52 + crypto/openssh/regress/percent.sh | 5 - crypto/openssh/regress/rekey.sh | 4 +- crypto/openssh/regress/sftp-cmds.sh | 29 +- crypto/openssh/regress/test-exec.sh | 96 +- crypto/openssh/regress/unittests/kex/Makefile | 3 +- crypto/openssh/regress/unittests/kex/test_kex.c | 6 +- crypto/openssh/regress/yes-head.sh | 2 +- crypto/openssh/scp.c | 4 +- crypto/openssh/servconf.c | 283 +- crypto/openssh/servconf.h | 34 +- crypto/openssh/serverloop.c | 50 +- crypto/openssh/session.c | 51 +- crypto/openssh/sftp-client.c | 4 +- crypto/openssh/sftp-server.c | 10 +- crypto/openssh/sftp.c | 8 +- crypto/openssh/srclimit.c | 396 +- crypto/openssh/srclimit.h | 22 +- crypto/openssh/ssh-add.1 | 12 +- crypto/openssh/ssh-gss.h | 3 +- crypto/openssh/ssh-keygen.1 | 20 +- crypto/openssh/ssh-keyscan.1 | 21 +- crypto/openssh/ssh-keyscan.c | 76 +- crypto/openssh/ssh-keysign.8 | 6 +- crypto/openssh/ssh-keysign.c | 4 +- crypto/openssh/ssh-pkcs11.c | 27 +- crypto/openssh/ssh.1 | 25 +- crypto/openssh/ssh_api.c | 17 +- crypto/openssh/ssh_config.5 | 20 +- crypto/openssh/ssh_namespace.h | 27 +- crypto/openssh/sshconnect.c | 34 +- crypto/openssh/sshconnect.h | 6 +- crypto/openssh/sshconnect2.c | 4 +- crypto/openssh/sshd-session.c | 1505 +++ crypto/openssh/sshd.8 | 9 +- crypto/openssh/sshd.c | 1711 +-- crypto/openssh/sshd_config.5 | 110 +- crypto/openssh/sshkey.h | 3 +- crypto/openssh/version.h | 4 +- secure/lib/libssh/Makefile | 2 +- secure/libexec/Makefile | 2 +- secure/libexec/sshd-session/Makefile | 62 + secure/usr.sbin/sshd/Makefile | 42 +- 119 files changed, 10907 insertions(+), 8525 deletions(-) diff --git a/crypto/openssh/.depend b/crypto/openssh/.depend index 4897698ab74a..1d7d0606c657 100644 --- a/crypto/openssh/.depend +++ b/crypto/openssh/.depend @@ -23,6 +23,7 @@ auth2-gss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-com auth2-hostbased.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h kex.h mac.h crypto_api.h sshbuf.h log.h ssherr.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h canohost.h auth2-hostbased.o: monitor_wrap.h pathnames.h match.h auth2-kbdint.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h log.h ssherr.h misc.h servconf.h +auth2-methods.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h misc.h servconf.h openbsd-compat/sys-queue.h xmalloc.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth2-none.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h misc.h servconf.h ssh2.h monitor_wrap.h auth2-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h ssherr.h log.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h monitor_wrap.h misc.h servconf.h auth2-pubkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h kex.h mac.h crypto_api.h sshbuf.h log.h ssherr.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h @@ -60,6 +61,7 @@ gss-serv.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-comp hash.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h hmac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h digest.h hmac.h hostfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h sshkey.h hostfile.h log.h ssherr.h misc.h pathnames.h digest.h hmac.h sshbuf.h +kex-names.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h kex.h mac.h crypto_api.h log.h ssherr.h match.h digest.h misc.h xmalloc.h kex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.h ssh2.h atomicio.h version.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h log.h ssherr.h kex.o: match.h misc.h monitor.h myproposal.h sshbuf.h digest.h xmalloc.h kexc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ssherr.h ssh2.h @@ -82,12 +84,13 @@ monitor.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api monitor.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h openbsd-compat/openssl-compat.h atomicio.h xmalloc.h ssh.h sshkey.h sshbuf.h hostfile.h auth.h auth-pam.h audit.h loginrec.h cipher.h cipher-chachapoly.h monitor_fdpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h monitor_fdpass.h monitor_wrap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h -monitor_wrap.o: loginrec.h auth-options.h packet.h dispatch.h log.h ssherr.h monitor.h monitor_wrap.h atomicio.h monitor_fdpass.h misc.h channels.h session.h servconf.h +monitor_wrap.o: loginrec.h auth-options.h packet.h dispatch.h log.h ssherr.h monitor.h atomicio.h monitor_fdpass.h misc.h channels.h session.h servconf.h monitor_wrap.h srclimit.h msg.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h ssherr.h log.h atomicio.h msg.h misc.h mux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h log.h ssherr.h ssh.h ssh2.h pathnames.h misc.h match.h sshbuf.h channels.h msg.h packet.h dispatch.h monitor_fdpass.h sshpty.h sshkey.h readconf.h clientloop.h nchan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h ssh2.h sshbuf.h ssherr.h packet.h dispatch.h channels.h compat.h log.h packet.o: channels.h ssh.h packet.h dispatch.h sshbuf.h packet.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h compat.h ssh2.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h digest.h log.h ssherr.h canohost.h misc.h +platform-listen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h misc.h platform-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h platform-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h platform-tracing.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h @@ -123,7 +126,7 @@ sftp-usergroup.o: includes.h config.h defines.h platform.h openbsd-compat/openbs sftp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ssherr.h pathnames.h misc.h utf8.h sftp.h sshbuf.h sftp-common.h sftp-client.h openbsd-compat/glob.h sftp-usergroup.h sk-usbhid.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sntrup761.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h -srclimit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h addr.h canohost.h log.h ssherr.h misc.h srclimit.h xmalloc.h +srclimit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h addr.h canohost.h log.h ssherr.h misc.h srclimit.h xmalloc.h servconf.h openbsd-compat/sys-queue.h match.h ssh-add.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h log.h ssherr.h sshkey.h sshbuf.h authfd.h authfile.h pathnames.h misc.h digest.h ssh-sk.h sk-api.h hostfile.h ssh-agent.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h sshkey.h authfd.h log.h ssherr.h misc.h digest.h match.h msg.h pathnames.h ssh-pkcs11.h sk-api.h myproposal.h ssh-dss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h @@ -146,19 +149,21 @@ ssh-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat ssh-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h canohost.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h packet.h dispatch.h sshbuf.h channels .h ssh.o: sshkey.h authfd.h authfile.h pathnames.h clientloop.h log.h ssherr.h misc.h readconf.h sshconnect.h kex.h mac.h crypto_api.h sshpty.h match.h msg.h version.h myproposal.h utf8.h -ssh_api.o: authfile.h misc.h version.h myproposal.h sshbuf.h openbsd-compat/openssl-compat.h +ssh_api.o: authfile.h dh.h misc.h version.h myproposal.h sshbuf.h openbsd-compat/openssl-compat.h ssh_api.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh_api.h openbsd-compat/sys-queue.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h ssh.h ssh2.h packet.h dispatch.h compat.h log.h ssherr.h sshbuf-getput-basic.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h sshbuf-getput-crypto.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf-io.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h atomicio.h sshbuf-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h sshbuf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h misc.h -sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h hostfile.h ssh.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h sshkey.h sshconnect.h log.h ssherr.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h ssh2.h version.h authfile.h authfd.h -sshconnect.o: kex.h mac.h crypto_api.h +sshconnect.o: authfd.h kex.h mac.h crypto_api.h +sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h hostfile.h ssh.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h sshkey.h sshconnect.h log.h ssherr.h match.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h ssh2.h version.h authfile.h sshconnect2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h packet.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h sshconnect2.o: sshconnect.h authfile.h dh.h authfd.h log.h ssherr.h misc.h readconf.h match.h canohost.h msg.h pathnames.h uidswap.h hostfile.h utf8.h ssh-sk.h sk-api.h -sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h log.h ssherr.h sshbuf.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h chacha.h -sshd.o: poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h crypto_api.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h sk-api.h srclimit.h dh.h +sshd-session.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h crypto_api.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h sk-api.h srclimit.h dh.h +sshd-session.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h log.h ssherr.h sshbuf.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h +sshd.o: audit.h loginrec.h authfd.h msg.h version.h sk-api.h addr.h srclimit.h +sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshpty.h log.h ssherr.h sshbuf.h misc.h servconf.h compat.h digest.h sshkey.h authfile.h pathnames.h canohost.h hostfile.h auth.h auth-pam.h ssherr.o: ssherr.h sshkey-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ssh2.h ssherr.h misc.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h match.h ssh-sk.h openbsd-compat/openssl-compat.h diff --git a/crypto/openssh/.git_allowed_signers b/crypto/openssh/.git_allowed_signers index 0313c1ecd17f..2a5fdc67c6ed 100644 --- a/crypto/openssh/.git_allowed_signers +++ b/crypto/openssh/.git_allowed_signers @@ -1,4 +1,6 @@ dtucker@dtucker.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKecyjh9aNmD4rb8WblA8v91JjRb0Cd2JtkzqxcggGeG +dtucker@dtucker.net sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBDV81zWQ1+XVfWH5z4L4klDQ/z/6l2GLphfSTX/Rmq6kL5H8mkfzUlryxLlkN8cD9srtVJBAmwJWfJBNsCo958YAAAAEc3NoOg== + djm@mindrot.org sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBLnJo3ZVDENYZGXm5uO9lU7b0iDFq5gHpTu1MaHPWTEfPdvw+AjFQQ/q5YizuMJkXGsMdYmblJEJZYHpm9IS7ZkAAAAEc3NoOg== djm@mindrot.org sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBJoAXBTQalfg+kC5wy1vE7HkIHtVnmV6AUuuIo9KQ1P+70juHwvsFKpsGaqQbrHJkTVgYDGVP02XHj8+Fb18yBIAAAAEc3NoOg== djm@mindrot.org sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBH+z1I48s6ydOhP5SJmI02zVCLf0K15B+UMHgoTIKVfUIv5oDoVX7e9f+7QiRmTeEOdZfQydiaVqsfi7qPSve+0AAAAEc3NoOg== diff --git a/crypto/openssh/.git_allowed_signers.asc b/crypto/openssh/.git_allowed_signers.asc index 5fc6118ca9a6..1a8401b838a3 100644 --- a/crypto/openssh/.git_allowed_signers.asc +++ b/crypto/openssh/.git_allowed_signers.asc @@ -1,16 +1,16 @@ -----BEGIN PGP SIGNATURE----- -iQIzBAABCgAdFiEEcWi5g4FaXu9ZpK39Kj9BTnNgYLoFAmMMMiIACgkQKj9BTnNg -YLpyGhAAhZ1RxmD62JnT0gnor1aD0inq1fGPRadaFvXH2OScPcxXMIZWx+otnyZ/ -H9s0bIti42dPHqurgh92KS2mDGVIW8Y8MvxFUr678+hdem1U7Xvjoo0uaveNhJhe -GxuQDOvXKRmmfL2c6w3wnFChFA1o3K+JNshjCHhWz7u6+UmY0Q9yIxqbSi+vmEPP -NfWPfGdu4h8r7q11UgTxRSUQkfZXMqpBtb367B9BLduGuKRFKEJNyi6WpjBrqy38 -BvEbAaL52KX8hEp3TKMjo38RbOK+veSoPV5zlLui0WlEwwasgljal3f4RkqCAJob -hqpFJRogM5XNnA2e68TDTf3buJ3wRRjuK39/CusOJz5v4i6+VCdte+BET1Y4gD6y -v8KV4pRyumcdbN3khFUkmaQsjo+fyQjWNrgOvv60J2xUWZdchn8lxHOxrfRVKnOi -BD4bdks7tPQY/XsS5GNJIp21Ji9HGyBajjHo0BlesLodw7FEOf6YE18A3n9qzosR -RliuP4Hs/Z4sCUuDTbpKtQiUVs40kBbkhEL8kS8FsXz3VO89hAWaUqNUYom8AkKv -nfDjrZDBLXuVj1Mi8qNPXxqrB/1Cza2/W4U7SK4TlMFXfoXXWxxhefN5vIdMhAJB -u9Mdz1pY9mowKbd0c0dR+3fauvjM133dzKuyeDHMqDa5JPyd59o= -=kgnS +iQIzBAABCgAdFiEEcWi5g4FaXu9ZpK39Kj9BTnNgYLoFAmYHnZ8ACgkQKj9BTnNg +YLquuQ/6A8E6P2jcgn3wmbbCTXP7kmxoh3nmw/e6PC8CEua1512oT3GHOKVD5cGK +cgYRObpWvjOjg7L1HRABftq7a9M2zfsGnY/WNe3/fbetfkyY8hG8c31vA1ePIOt2 +AjBLCWFblH0CtyH/MssoQ19JCLtXK/GmekB1Q0JzyOog7w/0r3CKuUnZ0juCYR1R +4FBePl5l3nFSZEcFEdptGlNGeuolS5XBCqB9Y91TCzkVkH5eXUUW+shgjNhWCEhT +pZvkxfhsmOEnwNofyPdgKVfDBVkHmvuC67EU395mJVN4c2NZ8pOztb9hOt3xr980 +q44I4kT2NpaApCx1dWIGhMy/37LJ8heI0W1B+ofTA5n34/RU8UXH3SCkj2AK6Ao5 +H2u8vbmuWKUCiECmrw35EeKGmtuK/bWJzx3KBP7fx5J9S3mWUgT4W4xlWNN9RWoU +sSvH1ppie5ARINVaAWl5k44fk60ahTf80DbQBIOZBmQn7myZZka+yGcQbAiZZ1Gc +0l8+Nf5Ao1ckmuyY5o8FyWdsyDeK3+MqjPn5Rr1CqbKCn2VnqrVWbI33Eyu8c96U +bxVgU5H1BDhNjJC8UrT3LFPvJMO8p3a0IJ3eHydjk2jVOhOdBZmA0yoqUTrhPpXq +ymIHESjDJR8TDe4TCfb46o9oEC3cdbDwgnzPqdg0n+0uIsJLYiU= +=gl+l -----END PGP SIGNATURE----- diff --git a/crypto/openssh/.github/ci-status.md b/crypto/openssh/.github/ci-status.md index 8d4cea10dba4..fbf7c5fd6117 100644 --- a/crypto/openssh/.github/ci-status.md +++ b/crypto/openssh/.github/ci-status.md @@ -6,10 +6,6 @@ master : [![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh) [![Coverity Status](https://scan.coverity.com/projects/21341/badge.svg)](https://scan.coverity.com/projects/openssh-portable) -9.4 : -[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_4)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_4) -[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_4)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_4) - -9.3 : -[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_3)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_3) -[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_3)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_3) +9.7 : +[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_7)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_7) +[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_7)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_7) diff --git a/crypto/openssh/.github/configs b/crypto/openssh/.github/configs index 370fe29a3ee4..6134cb6ed5e9 100755 --- a/crypto/openssh/.github/configs +++ b/crypto/openssh/.github/configs @@ -208,6 +208,7 @@ case "$config" in # and hostbased (since valgrind won't let ssh exec keysign). # Slow ones are run separately to increase parallelism. SKIP_LTESTS="agent-timeout connection-timeout hostbased" + SKIP_LTESTS="$SKIP_LTESTS penalty-expire" SKIP_LTESTS="$SKIP_LTESTS ${tests2} ${tests3} ${tests4} ${tests5}" ;; valgrind-2) @@ -289,7 +290,7 @@ case "${TARGET_HOST}" in hostkey-agent key-options keyscan knownhosts-command login-timeout reconfigure reexec rekey scp scp-uri scp3 sftp sftp-badcmds sftp-batch sftp-cmds sftp-glob sftp-perm sftp-uri stderr-data - transfer" + transfer penalty penalty-expire" SKIP_LTESTS="$(echo $T)" TEST_TARGET=t-exec SUDO="" diff --git a/crypto/openssh/.github/run_test.sh b/crypto/openssh/.github/run_test.sh index d5fd487d9009..17c1731ff860 100755 --- a/crypto/openssh/.github/run_test.sh +++ b/crypto/openssh/.github/run_test.sh @@ -9,6 +9,7 @@ set -ex # If we want to test hostbased auth, set up the host for it. if [ ! -z "$SUDO" ] && [ ! -z "$TEST_SSH_HOSTBASED_AUTH" ]; then sshconf=/usr/local/etc + $SUDO mkdir -p "${sshconf}" hostname | $SUDO tee $sshconf/shosts.equiv >/dev/null echo "EnableSSHKeysign yes" | $SUDO tee $sshconf/ssh_config >/dev/null $SUDO mkdir -p $sshconf diff --git a/crypto/openssh/.github/workflows/c-cpp.yml b/crypto/openssh/.github/workflows/c-cpp.yml index edb88f23c0fb..609028703f80 100644 --- a/crypto/openssh/.github/workflows/c-cpp.yml +++ b/crypto/openssh/.github/workflows/c-cpp.yml @@ -2,12 +2,13 @@ name: C/C++ CI on: push: - paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ] + paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/c-cpp.yaml' ] pull_request: - paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ] + paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/c-cpp.yaml' ] jobs: ci: + name: "${{ matrix.target }} ${{ matrix.config }}" if: github.repository != 'openssh/openssh-portable-selfhosted' strategy: fail-fast: false @@ -16,9 +17,9 @@ jobs: target: - ubuntu-20.04 - ubuntu-22.04 - - macos-11 - macos-12 - macos-13 + - macos-14 - windows-2019 - windows-2022 config: [default] @@ -62,8 +63,8 @@ jobs: - { target: ubuntu-latest, config: libressl-3.5.3 } - { target: ubuntu-latest, config: libressl-3.6.1 } - { target: ubuntu-latest, config: libressl-3.7.2 } - - { target: ubuntu-latest, config: libressl-3.8.3 } - - { target: ubuntu-latest, config: libressl-3.9.0 } + - { target: ubuntu-latest, config: libressl-3.8.4 } + - { target: ubuntu-latest, config: libressl-3.9.1 } - { target: ubuntu-latest, config: openssl-master } - { target: ubuntu-latest, config: openssl-noec } - { target: ubuntu-latest, config: openssl-1.1.1 } @@ -74,9 +75,12 @@ jobs: - { target: ubuntu-latest, config: openssl-3.1.0 } - { target: ubuntu-latest, config: openssl-3.1.5 } - { target: ubuntu-latest, config: openssl-3.2.1 } + - { target: ubuntu-latest, config: openssl-3.3.0 } - { target: ubuntu-latest, config: openssl-1.1.1_stable } - { target: ubuntu-latest, config: openssl-3.0 } # stable branch + - { target: ubuntu-latest, config: openssl-3.1 } # stable branch - { target: ubuntu-latest, config: openssl-3.2 } # stable branch + - { target: ubuntu-latest, config: openssl-3.3 } # stable branch - { target: ubuntu-latest, config: putty-0.71 } - { target: ubuntu-latest, config: putty-0.72 } - { target: ubuntu-latest, config: putty-0.73 } @@ -97,9 +101,9 @@ jobs: - { target: ubuntu-22.04, config: selinux } - { target: ubuntu-22.04, config: kitchensink } - { target: ubuntu-22.04, config: without-openssl } - - { target: macos-11, config: pam } - { target: macos-12, config: pam } - { target: macos-13, config: pam } + - { target: macos-14, config: pam } runs-on: ${{ matrix.target }} steps: - name: set cygwin git params diff --git a/crypto/openssh/.github/workflows/cifuzz.yml b/crypto/openssh/.github/workflows/cifuzz.yml index 7ca8c4719b61..ab8b1c6e0971 100644 --- a/crypto/openssh/.github/workflows/cifuzz.yml +++ b/crypto/openssh/.github/workflows/cifuzz.yml @@ -1,9 +1,9 @@ name: CIFuzz on: push: - paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ] + paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/cifuzz.yml' ] pull_request: - paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ] + paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/cifuzz.yml' ] jobs: Fuzzing: diff --git a/crypto/openssh/.github/workflows/selfhosted.yml b/crypto/openssh/.github/workflows/selfhosted.yml index 4f1c587a5779..167297359383 100644 --- a/crypto/openssh/.github/workflows/selfhosted.yml +++ b/crypto/openssh/.github/workflows/selfhosted.yml @@ -2,17 +2,25 @@ name: C/C++ CI self-hosted on: push: - paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ] + paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/selfhosted.yml' ] jobs: selfhosted: + name: "${{ matrix.target }} ${{ matrix.config }}" if: github.repository == 'openssh/openssh-portable-selfhosted' runs-on: ${{ matrix.host }} timeout-minutes: 600 env: + DEBUG_ACTIONS: false HOST: ${{ matrix.host }} TARGET_HOST: ${{ matrix.target }} TARGET_CONFIG: ${{ matrix.config }} + TARGET_DOMAIN: ${{ startsWith(matrix.host, 'libvirt') && format('{0}-{1}-{2}', matrix.target, matrix.config, github.run_id) || matrix.target }} + EPHEMERAL: ${{ startsWith(matrix.host, 'libvirt') }} + PERSISTENT: ${{ startsWith(matrix.host, 'persist') }} + REMOTE: ${{ startsWith(matrix.host, 'remote') }} + VM: ${{ startsWith(matrix.host, 'libvirt') || startsWith(matrix.host, 'persist') }} + SSHFS: ${{ startsWith(matrix.host, 'libvirt') || startsWith(matrix.host, 'persist') || startsWith(matrix.host, 'remote') }} strategy: fail-fast: false # We use a matrix in two parts: firstly all of the VMs are tested with the @@ -74,34 +82,46 @@ jobs: - { target: nbsd8, config: pam, host: libvirt } - { target: nbsd9, config: pam, host: libvirt } - { target: nbsd10, config: pam, host: libvirt } + # ARM64 VMs + - { target: obsd-arm64, config: default, host: libvirt-arm64 } # VMs with persistent disks that have their own runner. - - { target: win10, config: default, host: win10 } - - { target: win10, config: cygwin-release, host: win10 } - # Physical hosts, with either native runners or remote via ssh. + - { target: win10, config: default, host: persist-win10 } + - { target: win10, config: cygwin-release, host: persist-win10 } + # Physical hosts with native runners. - { target: ARM, config: default, host: ARM } - { target: ARM64, config: default, host: ARM64 } - { target: ARM64, config: pam, host: ARM64 } - - { target: debian-riscv64, config: default, host: debian-riscv64 } - - { target: obsd-arm64, config: default, host: obsd-arm64 } - - { target: openwrt-mips, config: default, host: openwrt-mips } - - { target: openwrt-mipsel, config: default, host: openwrt-mipsel } + # Physical hosts with remote runners. + - { target: debian-riscv64, config: default, host: remote-debian-riscv64 } + + - { target: openwrt-mips, config: default, host: remote-openwrt-mips } + - { target: openwrt-mipsel, config: default, host: remote-openwrt-mipsel } steps: + - name: unmount stale workspace + if: env.SSHFS == 'true' + run: fusermount -u ${GITHUB_WORKSPACE} || true + working-directory: ${{ runner.temp }} - name: shutdown VM if running + if: env.VM == 'true' run: vmshutdown - working-directory: ${{ runner.temp }} - uses: actions/checkout@main - name: autoreconf run: autoreconf - name: startup VM + if: env.VM == 'true' run: vmstartup working-directory: ${{ runner.temp }} + - name: copy and mount workspace + if: env.SSHFS == 'true' + run: sshfs_mount + working-directory: ${{ runner.temp }} - name: configure run: vmrun ./.github/configure.sh ${{ matrix.config }} - - name: save config - uses: actions/upload-artifact@main - with: - name: ${{ matrix.target }}-${{ matrix.config }}-config - path: config.h +# - name: save config +# uses: actions/upload-artifact@main +# with: +# name: ${{ matrix.target }}-${{ matrix.config }}-config +# path: config.h - name: make clean run: vmrun make clean - name: make @@ -120,7 +140,10 @@ jobs: regress/*.log regress/log/* regress/valgrind-out/ + - name: unmount workspace + if: always() && env.SSHFS == 'true' + run: fusermount -u ${GITHUB_WORKSPACE} || true + working-directory: ${{ runner.temp }} - name: shutdown VM - if: always() + if: always() && env.VM == 'true' run: vmshutdown - working-directory: ${{ runner.temp }} diff --git a/crypto/openssh/.github/workflows/upstream.yml b/crypto/openssh/.github/workflows/upstream.yml index b280793d31f3..e25adb423917 100644 --- a/crypto/openssh/.github/workflows/upstream.yml +++ b/crypto/openssh/.github/workflows/upstream.yml @@ -3,22 +3,29 @@ name: Upstream self-hosted on: push: branches: [ master ] - paths: [ '**.c', '**.h', '.github/**' ] + paths: [ '**.c', '**.h', '**.sh', '.github/configs', '.github/workflows/upstream.yml' ] jobs: selfhosted: + name: "upstream ${{ matrix.target }} ${{ matrix.config }}" if: github.repository == 'openssh/openssh-portable-selfhosted' runs-on: 'libvirt' env: + DEBUG_ACTIONS: true + EPHEMERAL: true HOST: 'libvirt' TARGET_HOST: ${{ matrix.target }} TARGET_CONFIG: ${{ matrix.config }} + TARGET_DOMAIN: ${{ format('{0}-{1}-{2}', matrix.target, matrix.config, github.run_id) || matrix.target }} strategy: fail-fast: false matrix: target: [ obsdsnap, obsdsnap-i386 ] config: [ default, without-openssl, ubsan ] steps: + - name: unmount stale workspace + run: fusermount -u ${GITHUB_WORKSPACE} || true + working-directory: ${{ runner.temp }} - name: shutdown VM if running run: vmshutdown working-directory: ${{ runner.temp }} @@ -26,6 +33,9 @@ jobs: - name: startup VM run: vmstartup working-directory: ${{ runner.temp }} + - name: copy and mount workspace + run: sshfs_mount + working-directory: ${{ runner.temp }} - name: update source run: vmrun "cd /usr/src && cvs up -dPA usr.bin/ssh regress/usr.bin/ssh" - name: make clean @@ -33,7 +43,7 @@ jobs: - name: make run: vmrun "cd /usr/src/usr.bin/ssh && case ${{ matrix.config }} in without-openssl) make OPENSSL=no;; ubsan) make DEBUG='-fsanitize-minimal-runtime -fsanitize=undefined';; *) make; esac" - name: make install - run: vmrun "cd /usr/src/usr.bin/ssh && sudo make install" + run: vmrun "cd /usr/src/usr.bin/ssh && sudo make install && sudo /etc/rc.d/sshd -f restart" - name: make tests` run: vmrun "cd /usr/src/regress/usr.bin/ssh && case ${{ matrix.config }} in without-openssl) make OPENSSL=no;; ubsan) make DEBUG='-fsanitize-minimal-runtime -fsanitize=undefined';; *) make; esac" env: @@ -47,6 +57,10 @@ jobs: path: | /usr/obj/regress/usr.bin/ssh/obj/*.log /usr/obj/regress/usr.bin/ssh/obj/log/* + - name: unmount workspace + if: always() + run: fusermount -u ${GITHUB_WORKSPACE} || true + working-directory: ${{ runner.temp }} - name: shutdown VM if: always() run: vmshutdown diff --git a/crypto/openssh/.gitignore b/crypto/openssh/.gitignore index 7fccc6fe3dc3..41d505c46dde 100644 --- a/crypto/openssh/.gitignore +++ b/crypto/openssh/.gitignore @@ -1,18 +1,14 @@ Makefile buildpkg.sh config.h -config.h.in config.h.in~ config.log config.status -configure -aclocal.m4 openbsd-compat/Makefile openbsd-compat/regress/Makefile openssh.xml opensshd.init survey.sh -**/*.0 **/*.o **/*.lo **/*.so @@ -36,3 +32,4 @@ sshd !regress/misc/fuzz-harness/Makefile !regress/unittests/sshsig/Makefile tags + diff --git a/crypto/openssh/.skipped-commit-ids b/crypto/openssh/.skipped-commit-ids index 06303955c566..ec7831e5ff53 100644 --- a/crypto/openssh/.skipped-commit-ids +++ b/crypto/openssh/.skipped-commit-ids @@ -29,6 +29,14 @@ f9a0726d957cf10692a231996a1f34e7f9cdfeb0 moduli update 1e0a2692b7e20b126dda60bf04999d1d30d959d8 sshd relinking makefile changes e1dc11143f83082e3154d6094f9136d0dc2637ad more relinking makefile tweaks 5a636f6ca7f25bfe775df4952f7aac90a7fcbbee moduli update +ef9341d5a50f0d33e3a6fbe995e92964bc7ef2d3 Makefile relinking changes +2fe8d707ae35ba23c7916adcb818bb5b66837ba0 ssh-agent relink kit +866cfcc1955aef8f3fc32da0b70c353a1b859f2e ssh-agent relink changes +8b3820adb4da4e139c4b3cffbcc0bde9f08bf0c6 sshd-session relink kit +6d2ded4cd91d4d727c2b26e099b91ea935bed504 relink kit +fb39324748824cb0387e9d67c41d1bef945c54ea Makefile change +5f378c38ad8976d507786dc4db9283a879ec8cd0 Makefile change +112aacedd3b61cc5c34b1fa6d9fb759214179172 Makefile change Old upstream tree: diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog index 3bbccf5ea3eb..a1a52651718e 100644 --- a/crypto/openssh/ChangeLog +++ b/crypto/openssh/ChangeLog @@ -1,8300 +1,8666 @@ -commit 86bdd3853f4d32c85e295e6216a2fe0953ad93f0 +commit fa41f6592ff1b6ead4a652ac75af31eabb05b912 Author: Damien Miller -Date: Mon Mar 11 16:20:49 2024 +1100 +Date: Mon Jul 1 14:33:26 2024 +1000 - version number in README + version numbers -commit 282721418e6465bc39ccfd39bb0133e670ee4423 -Author: Damien Miller -Date: Mon Mar 11 16:20:08 2024 +1100 +commit bfebb8a5130a792c5356bd06e1ddef72a0a0449f +Author: djm@openbsd.org +Date: Mon Jul 1 04:31:59 2024 +0000 - crank RPM spec versions + upstream: openssh-9.8 + + OpenBSD-Commit-ID: 5f8b89e38a4c5f7c6d52ffa19f796d49f36fab19 -commit 3876a3bbd2ca84d23ba20f8b69ba83270c04ce3a +commit 146c420d29d055cc75c8606327a1cf8439fe3a08 Author: djm@openbsd.org -Date: Mon Mar 11 04:59:47 2024 +0000 +Date: Mon Jul 1 04:31:17 2024 +0000 - upstream: openssh-9.7 + upstream: when sending ObscureKeystrokeTiming chaff packets, we - OpenBSD-Commit-ID: 618ececf58b8cdae016b149787af06240f7b0cbc + can't rely on channel_did_enqueue to tell that there is data to send. This + flag indicates that the channels code enqueued a packet on _this_ ppoll() + iteration, not that data was enqueued in _any_ ppoll() iteration in the + timeslice. ok markus@ + + OpenBSD-Commit-ID: 009b74fd2769b36b5284a0188ade182f00564136 -commit 8fc109cc614954a8eb2738c48c0db36a62af9a06 -Author: Darren Tucker -Date: Mon Mar 11 12:59:26 2024 +1100 +commit 637e4dfea4ed81264e264b6200172ce319c64ead +Author: djm@openbsd.org +Date: Mon Jul 1 03:10:19 2024 +0000 - Test against current OpenSSL and LibreSSL releases. + upstream: use "lcd" to change directory before "lls" rather then "cd", - Add LibreSSL 3.9.0, bump older branches to their respective current - releases. + since the directory we're trying to list is local. Spotted by Corinna + Vinschen + + OpenBSD-Regress-ID: 821feca4a4bebe491944e624c8f7f2990b891415 -commit 26b09b45fec7b88ba09042c09be4157e58e231e2 -Author: Damien Miller -Date: Sun Mar 10 16:24:57 2024 +1100 +commit c8cfe258cee0b8466ea84597bf15e1fcff3bc328 +Author: djm@openbsd.org +Date: Thu Jun 27 23:01:15 2024 +0000 - quote regexes used to test for algorithm support + upstream: delete obsolete comment - Fixes test failures on Solaris 8 reported by Tom G. Christensen + OpenBSD-Commit-ID: 5fb04f298ed155053f3fbfdf0c6fe7cdf84bbfa2 -commit a6a740a4948d10a622b505135bb485c10f21db5e +commit 94b9d37100f6fa536aaa1d1a0e4926fe44fbf04d Author: djm@openbsd.org -Date: Sat Mar 9 05:12:13 2024 +0000 +Date: Thu Jun 27 22:36:44 2024 +0000 - upstream: avoid logging in signal handler by converting mainloop to + upstream: retire unused API - ppoll() bz3670, reported by Ben Hamilton; ok dtucker@ + OpenBSD-Commit-ID: 3e30d7b0615e2707f6bbe70f61b1c2f72f78161b + +commit 268c3a7f5783e731ed60f4e28da66ee3743581d3 +Author: jmc@openbsd.org +Date: Thu Jun 27 21:02:16 2024 +0000 + + upstream: ssl(8) no longer contains a HISTORY section; - OpenBSD-Commit-ID: e58f18042b86425405ca09e6e9d7dfa1df9f5f7f + OpenBSD-Commit-ID: 83b7ff34433d79595e9c2a5d2a561a6660251245 -commit cd82f7526e0481720567ae41db7849ab1c27e27b +commit 12b6cc09ce6c430681f03af2a8069e37a664690b Author: djm@openbsd.org -Date: Fri Mar 8 22:16:32 2024 +0000 +Date: Wed Jun 26 23:47:46 2024 +0000 - upstream: skip more whitespace, fixes find-principals on + upstream: move child process waitpid() loop out of SIGCHLD handler; - allowed_signers files with blank lines; reported by Wiktor Kwapisiewicz + ok deraadt - OpenBSD-Commit-ID: b3a22a2afd753d70766f34bc7f309c03706b5298 + OpenBSD-Commit-ID: 65815a39564e431414aed7c5ace8076f4e9ca741 -commit 2f9d2af5cb19905d87f37d1e11c9f035ac5daf3b -Author: dtucker@openbsd.org -Date: Fri Mar 8 11:34:10 2024 +0000 +commit d6bcd13297c2ab8b528df5a6898f994734849031 +Author: deraadt@openbsd.org +Date: Wed Jun 26 23:16:52 2024 +0000 - upstream: Invoke ProxyCommand that uses stderr redirection via + upstream: Instead of using possibly complex ssh_signal(), write all - $TEST_SHELL. Fixes test when run by a user whose login shell is tcsh. - Found by vinschen at redhat.com. + the parts of the grace_alarm_handler() using the exact things allowed by the + signal-safe rules. This is a good rule of thumb: Handlers should be written + to either set a global volatile sig_atomic_t inspected from outside, and/or + directly perform only safe operations listed in our sigaction(2) manual page. + ok djm markus - OpenBSD-Regress-ID: f68d79e7f00caa8d216ebe00ee5f0adbb944062a + OpenBSD-Commit-ID: 14168ae8368aab76e4ed79e17a667cb46f404ecd -commit 9b3f0beb4007a7e01dfedabb429097fb593deae6 -Author: Darren Tucker -Date: Thu Mar 7 17:18:14 2024 +1100 +commit b8793e2b0851f7d71b97554fa5260b23796d6277 +Author: deraadt@openbsd.org +Date: Wed Jun 26 23:14:14 2024 +0000 - Prefer openssl binary from --with-ssl-dir directory. + upstream: save_errno wrappers inside two small signal handlers that - Use openssl in the directory specified by --with-ssl-dir as long - as it's functional. Reported by The Doctor. + perform system calls, for systems with libc that do perform libc sigtramps. + ok djm markus + + OpenBSD-Commit-ID: 7749b56419a7c9dcfe4c6c04811e429813346c62 -commit c47e1c9c7911f38b2fc2fb01b1f6ae3a3121a838 -Author: djm@openbsd.org -Date: Wed Mar 6 02:59:59 2024 +0000 +commit f23e9332c4c8df37465c4a4f38275ea98980ed7e +Author: jmc@openbsd.org +Date: Mon Jun 24 06:59:39 2024 +0000 - upstream: fix memory leak in mux proxy mode when requesting forwarding. + upstream: - uppercase start of sentence - correct sentence grammar - found by RASU JSC, reported by Maks Mishin in GHPR#467 + ok djm - OpenBSD-Commit-ID: 97d96a166b1ad4b8d229864a553e3e56d3116860 + OpenBSD-Commit-ID: 1ec4b0fdb633a43667f2c8fff1d600bd647dde25 -commit 242742827fea4508e68097c128e802edc79addb5 +commit 1839e3eb71a759aa795602c1e4196300f4ac2615 Author: djm@openbsd.org -Date: Wed Mar 6 00:31:04 2024 +0000 +Date: Mon Jun 24 04:05:11 2024 +0000 - upstream: wrap a few PKCS#11-specific bits in ENABLE_PKCS11 + upstream: mention SshdSessionPath option - OpenBSD-Commit-ID: 463e4a69eef3426a43a2b922c4e7b2011885d923 + OpenBSD-Commit-ID: c29734d36c21003973b15c1c9965c35f36cef30c -commit d52b6509210e2043f33e5a1de58dd4a0d5d48c2a -Author: Damien Miller -Date: Wed Mar 6 11:31:36 2024 +1100 +commit 603193e32aef5db7d60c58066d5de89806e79312 +Author: Darren Tucker +Date: Thu Jun 20 18:45:14 2024 +1000 - disable RSA tests when algorithm is not supported + Rerun upstream tests on .sh file changes too. + +commit dbbf9337c19381786a8e5a8a49152fe6b80c780d +Author: dtucker@openbsd.org +Date: Thu Jun 20 08:23:18 2024 +0000 + + upstream: Work around dbclient cipher/mac query bug. - Unbreaks "make test" when compiled --without-openssl. + Unlike earlier versions, recent Dropbear (at least v2024.85) requires + a host arg when querying supported ciphers and macs via "-c/-m + help". Earlier versions accept but do not require it, so always + provide it. If these queries fail, skip the test with a warning. - Similar treatment to how we do DSA and ECDSA. + OpenBSD-Regress-ID: 98eb863a3f0363416922efb273885e6b3c7f68d4 -commit 668d270a6c77e8b5a1da26ecad2e6de9f62c8fe4 -Author: Damien Miller -Date: Wed Mar 6 10:33:20 2024 +1100 +commit 8de2c8cebc46bbdb94b7a2c120fcadfb66a3cccc +Author: dtucker@openbsd.org +Date: Thu Jun 20 08:18:34 2024 +0000 - add a --without-retpoline configure option + upstream: Remove dropbear key types not supported - discussed with deraadt and dtucker a while ago + by current OpenSSH. Allows subsequent test runs to work if OpenSSH is + rebuilt w/out OpenSSL. + + OpenBSD-Regress-ID: e0129eb2b1d31771105903a8055216fbba20a770 -commit 3deb501f86fc47e175ef6a3eaba9b9846a80d444 +commit e9b6471c59b21e5d9ef1b3832d4bf727338add85 Author: djm@openbsd.org -Date: Mon Mar 4 04:13:18 2024 +0000 +Date: Thu Jun 20 00:18:05 2024 +0000 - upstream: fix leak of CanonicalizePermittedCNAMEs on error path; - - spotted by Coverity (CID 438039) + upstream: stricter check for overfull tables in penalty record path - OpenBSD-Commit-ID: 208839699939721f452a4418afc028a9f9d3d8af + OpenBSD-Commit-ID: 7df01e648a0723418c554e64a9f2b6d38db060a6 -commit 65a44a8a4f7d902a64d4e60eda84384b2e2a24a2 +commit d9336d344eb2a1e898c5e66147b3f108c7214694 Author: djm@openbsd.org -Date: Mon Mar 4 02:16:11 2024 +0000 +Date: Wed Jun 19 23:24:47 2024 +0000 - upstream: Separate parsing of string array options from applying them - - to the active configuration. This fixes the config parser from erroneously - rejecting cases like: + upstream: put back reaping of preauth child process when writes - AuthenticationMethods password - Match User ivy - AuthenticationMethods any + from the monitor fail. Not sure how this got lost in the avalanche of + patches. - bz3657 ok markus@ + OpenBSD-Commit-ID: eb7eb36371e1ac01050b32b70fb2b3e5d98e72f5 + +commit 579d9adb70ec0206a788eb5c63804c31a67e9310 +Author: naddy@openbsd.org +Date: Mon Jun 17 13:50:18 2024 +0000 + + upstream: remove one more mention of DSA - OpenBSD-Commit-ID: 7f196cba634c2a3dba115f3fac3c4635a2199491 + OpenBSD-Commit-ID: 8515f55a15f02836ba657df341415f63c60526ca -commit 6886e1b1f55c90942e4e6deed930f8ac32e0f938 +commit 7089b5f8436ef0b8d3d3ad9ce01045fb9e7aab15 Author: Darren Tucker -Date: Thu Feb 22 17:59:35 2024 +1100 +Date: Wed Jun 19 23:09:05 2024 +1000 - Add nbsd10 test target. + Move -f to the place needed to restart sshd. -commit d86bf8a3f6ea4fa7887406c2aa9959db71fa41be -Author: Damien Miller -Date: Thu Feb 22 12:06:10 2024 +1100 +commit d5f83cfd852b14a25f347f082ab539a9454702ad +Author: Darren Tucker +Date: Wed Jun 19 21:04:01 2024 +1000 - more descriptive configure test name + Need to supply "-f" to restart sshd. -commit 9ee335aacc9f5bdc4cc2c19fafb45e27be7d234e -Author: djm@openbsd.org -Date: Wed Feb 21 06:17:29 2024 +0000 +commit fad34b4ca25c0ef31e5aa841d461b6f21da5b8c1 +Author: dtucker@openbsd.org +Date: Wed Jun 19 10:15:51 2024 +0000 - upstream: explain arguments of internal-sftp GHPR#454 from Niklas + upstream: Provide defaults for ciphers and macs - Hambüchen - MIME-Version: 1.0 - Content-Type: text/plain; charset=UTF-8 - Content-Transfer-Encoding: 8bit + if querying for them fails since on some versions of Dropbear (at least + v2024.85) "-m help" doesn't seem to work. Enable all supported pubkey + algorithms in the server. - OpenBSD-Commit-ID: 0335d641ae6b5b6201b9ffd5dd06345ebbd0a3f3 + OpenBSD-Regress-ID: 4f95556a49ee9f621789f25217c367a33d2745ca -commit d1164cb1001dd208fee88aaa9b43d5e6fd917274 -Author: djm@openbsd.org -Date: Wed Feb 21 06:06:43 2024 +0000 *** 25862 LINES SKIPPED *** From nobody Thu Feb 20 18:46:14 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzMfc2sk9z5pGw4; Thu, 20 Feb 2025 18:46:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzMfb2jrKz3gkT; Thu, 20 Feb 2025 18:46:15 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740077175; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=MC0DOFCRWTA630krc+S7HIunC7lDoZt7aeJJ2qbz2ns=; b=IzaYaGYeAmgZnefUWiL7wDJxbq6RhXKm5naDJYxv+KB4oovVNJju7WH+9eYLuZjqQJIHIM HNWxhKmlJvCCma8S/Z9+9lKHwaDdZqDsk90E3IlencUmfqS0Nhl62aplYp3OppjHqdFZeN 5VZ0EPeDPTCMB6PiCpzw9+9ewcx7/391a639kNxo1eD8PaHweiu2Fx8i++yJS9nBT3ApLF UD8rN5sYa00wOsMB6QpXYkcwV6Ew92MwK4x/OE7aZh8LoMzRdtLxR81NHdgjQMlYkCjxyy bpseDiwuC03uXjxtrOXoJeXQgqCiwnpoWktBLj+O0BAySP3LmixiNCvJE4va3w== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740077175; a=rsa-sha256; cv=none; b=RkpSEsIR66K0mEbKEixjPx01THf1pgOvaSWK/Rfc25M9fkwAC4kYrHKDHqU8ZIUunGXfcz 6BQ2Eb0lnM2vN/RS+D5C/8COEfFhq8/ciWKwDTliWZdddJq+9ZPNaf1eU4BScwSBf1oykw waM3rkaeuPZZPZI807FBH09wDuPDz+eA2SjwVX7AmUa6H8AC8f0opWf03CkWXSJjGIpy2t qLs0YMFAykP+T64amV+6QgMEllhYaFe8ICabS5XPj/Wg0QSDM0noji0YWDKtpIpK4DbdA5 7wdnQacOEeiKLTjaGyPqbclF2n7uveHpMJ1f/yG+AgDGz2ME4UpuV69oj3nMew== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740077175; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=MC0DOFCRWTA630krc+S7HIunC7lDoZt7aeJJ2qbz2ns=; b=o7s0+icgM/jJqjfbvmFEYSEZtJysL4szcMBNNEL27ylGeucbAq7vGO9kXNph+HmbuJelfU LcrXnFhKtJdnsThGQ9GUHbfU2nwp5iQ0eBo9q/L8j7vksPkt0U3itoDAhDXtFKmcUhNxzD Yp2tWWRf8G6NOGvNIMKLxCHkKIQeUe6xVcs7CfZ0ilS72QZJVqTdY+hoPfbiJIipPBYDrI grIrFm1lElwyZuwvOrAYrNZcw5pinpQnubx97BzKrLWz4Xu5/t9OBLMuL+h6NYdDWevUTK /u64oZotV7yySLpK3kH6X5h8RVoNx9dB7FLOPdTlcdk+Ljuano7/DxBWNTekDw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzMfb2FG4z13y7; Thu, 20 Feb 2025 18:46:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51KIkFJn062156; Thu, 20 Feb 2025 18:46:15 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51KIkEXb062151; Thu, 20 Feb 2025 18:46:14 GMT (envelope-from git) Date: Thu, 20 Feb 2025 18:46:14 GMT Message-Id: <202502201846.51KIkEXb062151@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: cb8e164fbb15 - releng/13.5 - openssh: Update to 9.9p1 List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.5 X-Git-Reftype: branch X-Git-Commit: cb8e164fbb1544a82dee9bfbb49dfcd1659f63b1 Auto-Submitted: auto-generated The branch releng/13.5 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=cb8e164fbb1544a82dee9bfbb49dfcd1659f63b1 commit cb8e164fbb1544a82dee9bfbb49dfcd1659f63b1 Author: Ed Maste AuthorDate: 2025-02-19 19:08:59 +0000 Commit: Ed Maste CommitDate: 2025-02-20 18:45:36 +0000 openssh: Update to 9.9p1 Highlights from the release notes are reproduced below. Bug fixes and improvements that were previously merged into FreeBSD have been elided. See the upstream release notes for full details of the 9.9p1 release (https://www.openssh.com/releasenotes.html). --- Future deprecation notice ========================= OpenSSH plans to remove support for the DSA signature algorithm in early 2025. Potentially-incompatible changes -------------------------------- * ssh(1): remove support for pre-authentication compression. * ssh(1), sshd(8): processing of the arguments to the "Match" configuration directive now follows more shell-like rules for quoted strings, including allowing nested quotes and \-escaped characters. New features ------------ * ssh(1), sshd(8): add support for a new hybrid post-quantum key exchange based on the FIPS 203 Module-Lattice Key Enapsulation mechanism (ML-KEM) combined with X25519 ECDH as described by https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03 This algorithm "mlkem768x25519-sha256" is available by default. * ssh(1), sshd(8), ssh-agent(1): prevent private keys from being included in core dump files for most of their lifespans. This is in addition to pre-existing controls in ssh-agent(1) and sshd(8) that prevented coredumps. This feature is supported on OpenBSD, Linux and FreeBSD. * All: convert key handling to use the libcrypto EVP_PKEY API, with the exception of DSA. Bugfixes -------- * sshd(8): do not apply authorized_keys options when signature verification fails. Prevents more restrictive key options being incorrectly applied to subsequent keys in authorized_keys. bz3733 * ssh-keygen(1): include pathname in some of ssh-keygen's passphrase prompts. Helps the user know what's going on when ssh-keygen is invoked via other tools. Requested in GHPR503 * ssh(1), ssh-add(1): make parsing user@host consistently look for the last '@' in the string rather than the first. This makes it possible to more consistently use usernames that contain '@' characters. * ssh(1), sshd(8): be more strict in parsing key type names. Only allow short names (e.g "rsa") in user-interface code and require full SSH protocol names (e.g. "ssh-rsa") everywhere else. bz3725 * ssh-keygen(1): clarify that ed25519 is the default key type generated and clarify that rsa-sha2-512 is the default signature scheme when RSA is in use. GHPR505 --- Reviewed by: jlduran (build infrastructure) Reviewed by: cy (build infrastructure) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D48947 (cherry picked from commit 3d9fd9fcb432750f3716b28f6ccb0104cd9d351a) Approved by: re (accelerated MFC) (cherry picked from commit 802386cd37f638eec9606cb10d3dd03c8f1d6c17) (cherry picked from commit 6e688e6d4f9305441adce78079beaf1030e2881b) Approved by: re (cperciva) --- crypto/openssh/.depend | 3 +- crypto/openssh/.github/ci-status.md | 4 + crypto/openssh/.github/configs | 8 +- crypto/openssh/.github/setup_ci.sh | 2 +- crypto/openssh/.github/workflows/c-cpp.yml | 1 - crypto/openssh/.github/workflows/selfhosted.yml | 3 + crypto/openssh/ChangeLog | 11538 ++++++++--------- crypto/openssh/LICENCE | 41 + crypto/openssh/Makefile.in | 2 +- crypto/openssh/README | 2 +- crypto/openssh/auth.c | 5 +- crypto/openssh/channels.c | 8 +- crypto/openssh/channels.h | 4 +- crypto/openssh/cipher.c | 8 +- crypto/openssh/config.h | 6 + crypto/openssh/configure.ac | 11 +- crypto/openssh/contrib/redhat/openssh.spec | 6 +- crypto/openssh/contrib/ssh-copy-id | 62 +- crypto/openssh/contrib/ssh-copy-id.1 | 21 +- crypto/openssh/contrib/suse/openssh.spec | 2 +- crypto/openssh/crypto_api.h | 7 +- crypto/openssh/defines.h | 4 +- crypto/openssh/kex-names.c | 8 +- crypto/openssh/kex.c | 4 +- crypto/openssh/kex.h | 16 +- crypto/openssh/kexc25519.c | 4 +- crypto/openssh/kexgen.c | 15 +- crypto/openssh/kexmlkem768x25519.c | 280 + crypto/openssh/kexsntrup761x25519.c | 6 +- crypto/openssh/libcrux_mlkem768_sha3.h | 12332 +++++++++++++++++++ crypto/openssh/loginrec.c | 89 +- crypto/openssh/match.c | 8 +- crypto/openssh/mlkem768.sh | 148 + crypto/openssh/moduli | 879 +- crypto/openssh/monitor.c | 15 +- crypto/openssh/mux.c | 28 +- crypto/openssh/myproposal.h | 4 +- crypto/openssh/nchan.c | 6 +- crypto/openssh/openbsd-compat/arc4random.h | 2 + crypto/openssh/openbsd-compat/openssl-compat.c | 26 + crypto/openssh/openbsd-compat/openssl-compat.h | 10 + crypto/openssh/openbsd-compat/port-linux.c | 2 +- crypto/openssh/packet.c | 24 +- crypto/openssh/packet.h | 6 +- crypto/openssh/readconf.c | 164 +- crypto/openssh/regress/cfginclude.sh | 26 +- crypto/openssh/regress/misc/fuzz-harness/Makefile | 44 +- .../regress/misc/fuzz-harness/mkcorpus_sntrup761.c | 82 + .../misc/fuzz-harness/sntrup761_dec_fuzz.cc | 74 + .../misc/fuzz-harness/sntrup761_enc_fuzz.cc | 57 + .../regress/misc/fuzz-harness/watch-sntrup761.sh | 20 + crypto/openssh/regress/multiplex.sh | 29 +- crypto/openssh/regress/rekey.sh | 118 +- crypto/openssh/regress/unittests/kex/Makefile | 3 +- crypto/openssh/regress/unittests/kex/test_kex.c | 6 +- crypto/openssh/regress/unittests/sshkey/common.c | 18 +- .../openssh/regress/unittests/sshkey/test_file.c | 11 +- .../openssh/regress/unittests/sshkey/test_sshkey.c | 26 +- .../openssh/regress/unittests/test_helper/fuzz.c | 2 +- crypto/openssh/servconf.c | 79 +- crypto/openssh/servconf.h | 6 +- crypto/openssh/sntrup761.c | 2886 +++-- crypto/openssh/sntrup761.sh | 62 +- crypto/openssh/srclimit.c | 4 + crypto/openssh/srclimit.h | 12 +- crypto/openssh/ssh-add.c | 4 +- crypto/openssh/ssh-ecdsa-sk.c | 49 +- crypto/openssh/ssh-ecdsa.c | 258 +- crypto/openssh/ssh-keygen.1 | 8 +- crypto/openssh/ssh-keygen.c | 93 +- crypto/openssh/ssh-keyscan.c | 5 +- crypto/openssh/ssh-pkcs11-client.c | 83 +- crypto/openssh/ssh-pkcs11-helper.c | 89 +- crypto/openssh/ssh-pkcs11.c | 42 +- crypto/openssh/ssh-rsa.c | 385 +- crypto/openssh/ssh-sk.c | 29 +- crypto/openssh/ssh.1 | 6 +- crypto/openssh/ssh_api.c | 4 +- crypto/openssh/ssh_config.5 | 22 +- crypto/openssh/ssh_namespace.h | 31 +- crypto/openssh/sshbuf-getput-crypto.c | 12 +- crypto/openssh/sshbuf.c | 18 +- crypto/openssh/sshbuf.h | 4 +- crypto/openssh/sshconnect2.c | 3 +- crypto/openssh/sshd-session.c | 31 +- crypto/openssh/sshd.8 | 8 +- crypto/openssh/sshd.c | 14 +- crypto/openssh/sshd_config.5 | 45 +- crypto/openssh/sshkey.c | 290 +- crypto/openssh/sshkey.h | 27 +- crypto/openssh/version.h | 4 +- secure/lib/libssh/Makefile | 2 +- 92 files changed, 22746 insertions(+), 8209 deletions(-) diff --git a/crypto/openssh/.depend b/crypto/openssh/.depend index 1d7d0606c657..45fc6b9afea1 100644 --- a/crypto/openssh/.depend +++ b/crypto/openssh/.depend @@ -71,6 +71,7 @@ kexgen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat kexgex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h kexgexc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h kexgexs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +kexmlkem768x25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ssherr.h log.h kexsntrup761x25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h krl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h sshbuf.h ssherr.h sshkey.h authfile.h misc.h log.h digest.h bitmap.h utf8.h krl.h log.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h match.h @@ -80,7 +81,7 @@ mac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h match.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h misc.h misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h log.h ssherr.h ssh.h sshbuf.h moduli.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h -monitor.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h dh.h packet.h dispatch.h auth-options.h sshpty.h channels.h session.h sshlogin.h canohost.h log.h ssherr.h misc.h servconf.h monitor.h monitor_wrap.h monitor_fdpass.h compat.h ssh2.h authfd.h match.h sk-api.h +monitor.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h dh.h packet.h dispatch.h auth-options.h sshpty.h channels.h session.h sshlogin.h canohost.h log.h ssherr.h misc.h servconf.h monitor.h monitor_wrap.h monitor_fdpass.h compat.h ssh2.h authfd.h match.h sk-api.h srclimit.h monitor.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h openbsd-compat/openssl-compat.h atomicio.h xmalloc.h ssh.h sshkey.h sshbuf.h hostfile.h auth.h auth-pam.h audit.h loginrec.h cipher.h cipher-chachapoly.h monitor_fdpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h monitor_fdpass.h monitor_wrap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h diff --git a/crypto/openssh/.github/ci-status.md b/crypto/openssh/.github/ci-status.md index fbf7c5fd6117..4fa73894ce76 100644 --- a/crypto/openssh/.github/ci-status.md +++ b/crypto/openssh/.github/ci-status.md @@ -6,6 +6,10 @@ master : [![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh) [![Coverity Status](https://scan.coverity.com/projects/21341/badge.svg)](https://scan.coverity.com/projects/openssh-portable) +9.8 : +[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_8)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_8) +[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_8)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_8) + 9.7 : [![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_7)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_7) [![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_7)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_7) diff --git a/crypto/openssh/.github/configs b/crypto/openssh/.github/configs index 6134cb6ed5e9..4f47f820b506 100755 --- a/crypto/openssh/.github/configs +++ b/crypto/openssh/.github/configs @@ -187,7 +187,7 @@ case "$config" in LIBCRYPTOFLAGS="--without-openssl" TEST_TARGET=t-exec ;; - valgrind-[1-5]|valgrind-unit) + valgrind-[1-4]|valgrind-unit) # rlimit sandbox and FORTIFY_SOURCE confuse Valgrind. CONFIGFLAGS="--without-sandbox --without-hardening" CONFIGFLAGS="$CONFIGFLAGS --with-cppflags=-D_FORTIFY_SOURCE=0" @@ -197,10 +197,9 @@ case "$config" in # Valgrind slows things down enough that the agent timeout test # won't reliably pass, and the unit tests run longer than allowed # by github so split into separate tests. - tests2="integrity try-ciphers" + tests2="integrity try-ciphers rekey" tests3="krl forward-control sshsig agent-restrict kextype sftp" tests4="cert-userkey cert-hostkey kextype sftp-perm keygen-comment percent" - tests5="rekey" case "$config" in valgrind-1) # All tests except agent-timeout (which is flaky under valgrind), @@ -220,9 +219,6 @@ case "$config" in valgrind-4) LTESTS="${tests4}" ;; - valgrind-5) - LTESTS="${tests5}" - ;; valgrind-unit) TEST_TARGET="unit USE_VALGRIND=1" ;; diff --git a/crypto/openssh/.github/setup_ci.sh b/crypto/openssh/.github/setup_ci.sh index f0f2761c7107..7e1becaac2df 100755 --- a/crypto/openssh/.github/setup_ci.sh +++ b/crypto/openssh/.github/setup_ci.sh @@ -14,7 +14,7 @@ case "$host" in echo Removing extended ACLs so umask works as expected. setfacl -b . regress PACKAGES="$PACKAGES,autoconf,automake,cygwin-devel,gcc-core" - PACKAGES="$PACKAGES,make,openssl-devel,zlib-devel" + PACKAGES="$PACKAGES,make,openssl,libssl-devel,zlib-devel" ;; *-darwin*) PACKAGER=brew diff --git a/crypto/openssh/.github/workflows/c-cpp.yml b/crypto/openssh/.github/workflows/c-cpp.yml index 609028703f80..c179f73d16e0 100644 --- a/crypto/openssh/.github/workflows/c-cpp.yml +++ b/crypto/openssh/.github/workflows/c-cpp.yml @@ -32,7 +32,6 @@ jobs: - { target: ubuntu-20.04, config: valgrind-2 } - { target: ubuntu-20.04, config: valgrind-3 } - { target: ubuntu-20.04, config: valgrind-4 } - - { target: ubuntu-20.04, config: valgrind-5 } - { target: ubuntu-20.04, config: valgrind-unit } - { target: ubuntu-20.04, config: c89 } - { target: ubuntu-20.04, config: clang-6.0 } diff --git a/crypto/openssh/.github/workflows/selfhosted.yml b/crypto/openssh/.github/workflows/selfhosted.yml index 167297359383..755bb0cacb69 100644 --- a/crypto/openssh/.github/workflows/selfhosted.yml +++ b/crypto/openssh/.github/workflows/selfhosted.yml @@ -52,6 +52,7 @@ jobs: - obsd74 - obsdsnap - obsdsnap-i386 + - omnios - openindiana - ubuntu-2204 config: @@ -75,6 +76,7 @@ jobs: - { target: dfly58, config: pam, host: libvirt } - { target: dfly60, config: pam, host: libvirt } - { target: dfly62, config: pam, host: libvirt } + - { target: dfly64, config: pam, host: libvirt } - { target: fbsd10, config: pam, host: libvirt } - { target: fbsd12, config: pam, host: libvirt } - { target: fbsd13, config: pam, host: libvirt } @@ -82,6 +84,7 @@ jobs: - { target: nbsd8, config: pam, host: libvirt } - { target: nbsd9, config: pam, host: libvirt } - { target: nbsd10, config: pam, host: libvirt } + - { target: omnios, config: pam, host: libvirt } # ARM64 VMs - { target: obsd-arm64, config: default, host: libvirt-arm64 } # VMs with persistent disks that have their own runner. diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog index a1a52651718e..c085866f19f6 100644 --- a/crypto/openssh/ChangeLog +++ b/crypto/openssh/ChangeLog @@ -1,8666 +1,8676 @@ -commit fa41f6592ff1b6ead4a652ac75af31eabb05b912 +commit 46d1fb16b20e971b9ac15e86a3d3e350b49c9ad6 Author: Damien Miller -Date: Mon Jul 1 14:33:26 2024 +1000 +Date: Fri Sep 20 08:20:13 2024 +1000 - version numbers + update version numbers -commit bfebb8a5130a792c5356bd06e1ddef72a0a0449f +commit 0bdca1f218971b38728a0a129f482476baff0968 Author: djm@openbsd.org -Date: Mon Jul 1 04:31:59 2024 +0000 +Date: Thu Sep 19 22:17:44 2024 +0000 - upstream: openssh-9.8 + upstream: openssh-9.9 - OpenBSD-Commit-ID: 5f8b89e38a4c5f7c6d52ffa19f796d49f36fab19 + OpenBSD-Commit-ID: 303417285f1a73b9cb7a2ae78d3f493bbbe31f98 -commit 146c420d29d055cc75c8606327a1cf8439fe3a08 -Author: djm@openbsd.org -Date: Mon Jul 1 04:31:17 2024 +0000 +commit ef2d7f2d3e1b4c9ae71bacf963e76a92ab8be543 +Author: Damien Miller +Date: Wed Sep 18 16:03:23 2024 +1000 - upstream: when sending ObscureKeystrokeTiming chaff packets, we - - can't rely on channel_did_enqueue to tell that there is data to send. This - flag indicates that the channels code enqueued a packet on _this_ ppoll() - iteration, not that data was enqueued in _any_ ppoll() iteration in the - timeslice. ok markus@ + include openbsd-compat/base64.c license in LICENSE + +commit 7ef362b989c8d1f7596f557f22e5924b9c08f0ea +Author: Damien Miller +Date: Wed Sep 18 09:01:23 2024 +1000 + + conditionally include mman.h in arc4random code + +commit 5fb2b5ad0e748732a27fd8cc16a7ca3c21770806 +Author: Damien Miller +Date: Tue Sep 17 11:53:24 2024 +1000 + + fix bug in recently-added sntrup761 fuzzer - OpenBSD-Commit-ID: 009b74fd2769b36b5284a0188ade182f00564136 + key values need to be static to persist across invocations; + spotted by the Qualys Security Advisory team. -commit 637e4dfea4ed81264e264b6200172ce319c64ead +commit 0ca128c9ee894f1b0067abd473bfb33171df67f8 Author: djm@openbsd.org -Date: Mon Jul 1 03:10:19 2024 +0000 +Date: Mon Sep 16 05:37:05 2024 +0000 - upstream: use "lcd" to change directory before "lls" rather then "cd", + upstream: use 64 bit math to avoid signed underflow. upstream code - since the directory we're trying to list is local. Spotted by Corinna - Vinschen + relies on using -fwrapv to provide defined over/underflow behaviour, but we + use -ftrapv to catch integer errors and abort the program. ok dtucker@ - OpenBSD-Regress-ID: 821feca4a4bebe491944e624c8f7f2990b891415 + OpenBSD-Commit-ID: 8933369b33c17b5f02479503d0a92d87bc3a574b -commit c8cfe258cee0b8466ea84597bf15e1fcff3bc328 -Author: djm@openbsd.org -Date: Thu Jun 27 23:01:15 2024 +0000 +commit f82e5e22cad88c81d8a117de74241328c7b101c3 +Author: jmc@openbsd.org +Date: Sun Sep 15 08:27:38 2024 +0000 - upstream: delete obsolete comment + upstream: minor grammar/sort fixes for refuseconnection; ok djm - OpenBSD-Commit-ID: 5fb04f298ed155053f3fbfdf0c6fe7cdf84bbfa2 + OpenBSD-Commit-ID: 1c81f37b138b8b66abba811fec836388a0f3e6da -commit 94b9d37100f6fa536aaa1d1a0e4926fe44fbf04d +commit 0c1165fc78e8fe69b5df71f81a8f944554a68b53 +Author: Damien Miller +Date: Sun Sep 15 13:30:13 2024 +1000 + + avoid gcc warning in fuzz test + +commit ce171d0718104b643854b53443ff72f7283d33f2 Author: djm@openbsd.org -Date: Thu Jun 27 22:36:44 2024 +0000 +Date: Sun Sep 15 03:09:44 2024 +0000 - upstream: retire unused API + upstream: bad whitespace in config dump output - OpenBSD-Commit-ID: 3e30d7b0615e2707f6bbe70f61b1c2f72f78161b + OpenBSD-Commit-ID: d899c13b0e8061d209298eaf58fe53e3643e967c -commit 268c3a7f5783e731ed60f4e28da66ee3743581d3 -Author: jmc@openbsd.org -Date: Thu Jun 27 21:02:16 2024 +0000 +commit 671c440786a5a66216922f15d0007b60f1e6733f +Author: Damien Miller +Date: Sun Sep 15 12:53:59 2024 +1000 - upstream: ssl(8) no longer contains a HISTORY section; + use construct_utmp to construct btmp records - OpenBSD-Commit-ID: 83b7ff34433d79595e9c2a5d2a561a6660251245 + Simpler and removes some code with the old-style BSD license. -commit 12b6cc09ce6c430681f03af2a8069e37a664690b +commit 930cb02b6113df72fbc732b9feb8e4f490952a81 Author: djm@openbsd.org -Date: Wed Jun 26 23:47:46 2024 +0000 +Date: Sun Sep 15 02:20:51 2024 +0000 - upstream: move child process waitpid() loop out of SIGCHLD handler; + upstream: update the Streamlined NTRU Prime code from the "ref" - ok deraadt + implementation in SUPERCOP 20201130 to the "compact" implementation in + SUPERCOP 20240808. The new version is substantially faster. Thanks to Daniel + J Bernstein for pointing out the new implementation (and of course for + writing it). - OpenBSD-Commit-ID: 65815a39564e431414aed7c5ace8076f4e9ca741 + tested in snaps/ok deraadt@ + + OpenBSD-Commit-ID: bf1a77924c125ecdbf03e2f3df8ad13bd3dafdcb -commit d6bcd13297c2ab8b528df5a6898f994734849031 -Author: deraadt@openbsd.org -Date: Wed Jun 26 23:16:52 2024 +0000 +commit 9306d6017e0ce5dea6824c29ca5ba5673c2923ad +Author: djm@openbsd.org +Date: Sun Sep 15 01:19:56 2024 +0000 - upstream: Instead of using possibly complex ssh_signal(), write all - - the parts of the grace_alarm_handler() using the exact things allowed by the - signal-safe rules. This is a good rule of thumb: Handlers should be written - to either set a global volatile sig_atomic_t inspected from outside, and/or - directly perform only safe operations listed in our sigaction(2) manual page. - ok djm markus + upstream: document Match invalid-user - OpenBSD-Commit-ID: 14168ae8368aab76e4ed79e17a667cb46f404ecd + OpenBSD-Commit-ID: 2c84a9b517283e9711e2812c1f268081dcb02081 -commit b8793e2b0851f7d71b97554fa5260b23796d6277 -Author: deraadt@openbsd.org -Date: Wed Jun 26 23:14:14 2024 +0000 +commit 0118a4da21147a88a56dc8b90bbc2849fefd5c1e +Author: djm@openbsd.org +Date: Sun Sep 15 01:18:26 2024 +0000 - upstream: save_errno wrappers inside two small signal handlers that + upstream: add a "Match invalid-user" predicate to sshd_config Match - perform system calls, for systems with libc that do perform libc sigtramps. - ok djm markus + options. - OpenBSD-Commit-ID: 7749b56419a7c9dcfe4c6c04811e429813346c62 + This allows writing Match conditions that trigger for invalid username. + E.g. + + PerSourcePenalties refuseconnection:90s + Match invalid-user + RefuseConnection yes + + Will effectively penalise bots try to guess passwords for bogus accounts, + at the cost of implicitly revealing which accounts are invalid. + + feedback markus@ + + OpenBSD-Commit-ID: 93d3a46ca04bbd9d84a94d1e1d9d3a21073fbb07 -commit f23e9332c4c8df37465c4a4f38275ea98980ed7e -Author: jmc@openbsd.org -Date: Mon Jun 24 06:59:39 2024 +0000 +commit 7875975136f275619427604900cb0ffd7020e845 +Author: djm@openbsd.org +Date: Sun Sep 15 01:11:26 2024 +0000 - upstream: - uppercase start of sentence - correct sentence grammar + upstream: Add a "refuseconnection" penalty class to sshd_config - ok djm + PerSourcePenalties - OpenBSD-Commit-ID: 1ec4b0fdb633a43667f2c8fff1d600bd647dde25 + This allows penalising connection sources that have had connections + dropped by the RefuseConnection option. ok markus@ + + OpenBSD-Commit-ID: 3c8443c427470bb3eac1880aa075cb4864463cb6 -commit 1839e3eb71a759aa795602c1e4196300f4ac2615 +commit 8d21713b669b8516ca6d43424a356fccc37212bb Author: djm@openbsd.org -Date: Mon Jun 24 04:05:11 2024 +0000 +Date: Sun Sep 15 01:09:40 2024 +0000 - upstream: mention SshdSessionPath option + upstream: Add a sshd_config "RefuseConnection" option - OpenBSD-Commit-ID: c29734d36c21003973b15c1c9965c35f36cef30c + If set, this will terminate the connection at the first authentication + request (this is the earliest we can evaluate sshd_config Match blocks) + + ok markus@ + + OpenBSD-Commit-ID: 43cc2533984074c44d0d2f92eb93f661e7a0b09c -commit 603193e32aef5db7d60c58066d5de89806e79312 -Author: Darren Tucker -Date: Thu Jun 20 18:45:14 2024 +1000 +commit acad117e66018fe1fa5caf41b36e6dfbd61f76a1 +Author: djm@openbsd.org +Date: Sun Sep 15 00:58:01 2024 +0000 - Rerun upstream tests on .sh file changes too. + upstream: switch sshd_config Match processing to the argv tokeniser + + too; ok markus@ + + OpenBSD-Commit-ID: b74b5b0385f2e0379670e2b869318a65b0bc3923 -commit dbbf9337c19381786a8e5a8a49152fe6b80c780d -Author: dtucker@openbsd.org -Date: Thu Jun 20 08:23:18 2024 +0000 +commit baec3f7f4c60cd5aa1bb9adbeb6dfa4a172502a8 +Author: djm@openbsd.org +Date: Sun Sep 15 00:57:36 2024 +0000 - upstream: Work around dbclient cipher/mac query bug. + upstream: switch "Match" directive processing over to the argv - Unlike earlier versions, recent Dropbear (at least v2024.85) requires - a host arg when querying supported ciphers and macs via "-c/-m - help". Earlier versions accept but do not require it, so always - provide it. If these queries fail, skip the test with a warning. + string tokeniser, making it possible to use shell-like quoting in Match + directives, particularly "Match exec". ok markus@ - OpenBSD-Regress-ID: 98eb863a3f0363416922efb273885e6b3c7f68d4 + OpenBSD-Commit-ID: 0877309650b76f624b2194c35dbacaf065e769a5 -commit 8de2c8cebc46bbdb94b7a2c120fcadfb66a3cccc -Author: dtucker@openbsd.org -Date: Thu Jun 20 08:18:34 2024 +0000 +commit dd424d7c382c2074ab70f1b8ad4f169a10f60ee7 +Author: djm@openbsd.org +Date: Sun Sep 15 00:47:01 2024 +0000 - upstream: Remove dropbear key types not supported + upstream: include pathname in some of the ssh-keygen passphrase - by current OpenSSH. Allows subsequent test runs to work if OpenSSH is - rebuilt w/out OpenSSL. + prompts. Helps the user know what's going on when ssh-keygen is invoked via + other tools. Requested in GHPR503 - OpenBSD-Regress-ID: e0129eb2b1d31771105903a8055216fbba20a770 + OpenBSD-Commit-ID: 613b0bb6cf845b7e787d69a5b314057ceda6a8b6 -commit e9b6471c59b21e5d9ef1b3832d4bf727338add85 +commit 62bbf8f825cc390ecb0523752ddac1435006f206 Author: djm@openbsd.org -Date: Thu Jun 20 00:18:05 2024 +0000 +Date: Sun Sep 15 00:41:18 2024 +0000 - upstream: stricter check for overfull tables in penalty record path + upstream: Do not apply authorized_keys options when signature - OpenBSD-Commit-ID: 7df01e648a0723418c554e64a9f2b6d38db060a6 + verification fails. Prevents restrictive key options being incorrectly + applied to subsequent keys in authorized_keys. bz3733, ok markus@ + + OpenBSD-Commit-ID: ba3776d9da4642443c19dbc015a1333622eb5a4e -commit d9336d344eb2a1e898c5e66147b3f108c7214694 +commit 49f325fd47af4e53fcd7aafdbcc280e53f5aa5ce +Author: Wu Weixin +Date: Fri Aug 2 22:16:40 2024 +0800 + + Fix without_openssl always being set to 1 + + In Fedora systems, %{?rhel} is empty. In RHEL systems, %{?fedora} is + empty. Therefore, the original code always sets without_openssl to 1. + +commit c21c3a2419bbc1c59cb1a16ea356e703e99a90d9 Author: djm@openbsd.org -Date: Wed Jun 19 23:24:47 2024 +0000 +Date: Thu Sep 12 00:36:27 2024 +0000 - upstream: put back reaping of preauth child process when writes + upstream: Relax absolute path requirement back to what it was prior to - from the monitor fail. Not sure how this got lost in the avalanche of - patches. + OpenSSH 9.8, which incorrectly required that sshd was started with an + absolute path in inetd mode. bz3717, patch from Colin Wilson - OpenBSD-Commit-ID: eb7eb36371e1ac01050b32b70fb2b3e5d98e72f5 + OpenBSD-Commit-ID: 25c57f22764897242d942853f8cccc5e991ea058 -commit 579d9adb70ec0206a788eb5c63804c31a67e9310 +commit 1bc426f51b0a5cfdcfbd205218f0b6839ffe91e9 Author: naddy@openbsd.org -Date: Mon Jun 17 13:50:18 2024 +0000 +Date: Mon Sep 9 14:41:21 2024 +0000 - upstream: remove one more mention of DSA + upstream: document the mlkem768x25519-sha256 key exchange algorithm - OpenBSD-Commit-ID: 8515f55a15f02836ba657df341415f63c60526ca + OpenBSD-Commit-ID: fa18dccdd9753dd287e62ecab189b3de45672521 -commit 7089b5f8436ef0b8d3d3ad9ce01045fb9e7aab15 +commit 0a2db61a5ffc64d2e2961c52964f933879952fc7 Author: Darren Tucker -Date: Wed Jun 19 23:09:05 2024 +1000 +Date: Tue Sep 10 21:11:14 2024 +1000 - Move -f to the place needed to restart sshd. + Spell omnios test host correctly. -commit d5f83cfd852b14a25f347f082ab539a9454702ad +commit 059ed698a47c9af541a49cf754fd09f984ac5a21 Author: Darren Tucker -Date: Wed Jun 19 21:04:01 2024 +1000 +Date: Tue Sep 10 18:52:02 2024 +1000 - Need to supply "-f" to restart sshd. + Add omnios test target. -commit fad34b4ca25c0ef31e5aa841d461b6f21da5b8c1 -Author: dtucker@openbsd.org -Date: Wed Jun 19 10:15:51 2024 +0000 +commit f4ff91575a448b19176ceaa8fd6843a25f39d572 +Author: Darren Tucker +Date: Tue Sep 10 18:45:55 2024 +1000 - upstream: Provide defaults for ciphers and macs - - if querying for them fails since on some versions of Dropbear (at least - v2024.85) "-m help" doesn't seem to work. Enable all supported pubkey - algorithms in the server. - - OpenBSD-Regress-ID: 4f95556a49ee9f621789f25217c367a33d2745ca + Wrap stdint.h in ifdef. -commit 5521060e35ada9f957cecdddc06d0524e75409ef -Author: dtucker@openbsd.org -Date: Wed Jun 19 10:10:46 2024 +0000 +commit ff714f001d20a9c843ee1fd9d92a16d40567d264 +Author: Darren Tucker +Date: Mon Sep 9 19:31:54 2024 +1000 - upstream: Use ed25519 keys for kex tests - - since that's supported by OpenSSH even when built without OpenSSL. - Only test diffie-hellman kex if OpenSSH is compiled with support for it. - - OpenBSD-Regress-ID: a5d09ef9bbd171f9e4ec73ed0d9eeb49a8878e97 + Also test PAM on dfly64. -commit dbd3b833f6e3815e58f2dc6e14f61a51bcd4d6bd -Author: dtucker@openbsd.org -Date: Wed Jun 19 10:08:34 2024 +0000 +commit 509b757c052ea969b3a41fc36818b44801caf1cf +Author: Damien Miller +Date: Mon Sep 9 21:50:14 2024 +1000 - upstream: Rework dropbear key setup - - to always generate ed25519 keys, other types only if OpenSSH has support - for the corresponding key type. + stubs for ML-KEM KEX functions - OpenBSD-Regress-ID: 8f91f12604cddb9f8d93aa34f3f93a3f6074395d + used for C89 compilers -commit d6218504e11ae9148adf410fc69b0710a052be36 -Author: Darren Tucker -Date: Wed Jun 19 20:20:24 2024 +1000 +commit 273581210c99ce7275b8efdefbb9f89e1c22e341 +Author: Damien Miller +Date: Mon Sep 9 17:30:38 2024 +1000 - Restart sshd after installing it for testing. + declare defeat trying to detect C89 compilers - When installing an sshd built without OpenSSL the mismatch between - the running sshd and newly installed sshd-session will cause the - remainder of the test to fail. + I can't find a reliable way to detect the features the ML-KEM code + requires in configure. Give up for now and use VLA support (that we + can detect) as a proxy for "old compiler" and turn off ML-KEM if + it isn't supported. -commit 786a4465b6bb702daf4fb17b7c3bcb42b52f0b46 -Author: Darren Tucker -Date: Tue Jun 18 19:59:59 2024 +1000 +commit e8a0f19b56dfa20f98ea9876d7171ec315fb338a +Author: Damien Miller +Date: Mon Sep 9 16:46:40 2024 +1000 - Remove macos-11 runner. + fix previous; check for C99 compound literals - Github is retiring them soon. + The previous commit was incorrect (or at least insufficient), the + ML-KEM code is actually using compound literals, so test for them. -commit df1c72a55edbebac14363b57de66ac6a147ecc67 +commit 7c07bec1446978bebe0780ed822c8fedfb377ae8 Author: Damien Miller -Date: Wed Jun 19 09:34:34 2024 +1000 - - PAMServiceName may appear in a Match block - -commit de1c2e70e5a5dc3c8d2fe04b24cc93d8ef6930e7 -Author: dtucker@openbsd.org -Date: Tue Jun 18 08:11:48 2024 +0000 +Date: Mon Sep 9 16:06:21 2024 +1000 - upstream: Re-enable ssh-dss tests + test for compiler feature needed for ML-KEM - ... if ssh is compiled with DSA support - - OpenBSD-Regress-ID: bbfaf8c17f2b50a2d46ac35cb97af99b990c990d + The ML-KEM implementation we uses need the compiler to support + C99-style named struct initialisers (e.g foo = {.bar = 1}). We + still support (barely) building OpenSSH with older compilers, so + add a configure test for this. -commit dabc2c7cf3c141e8e5d5a1a60d6c1d2d2422cf43 -Author: anton@openbsd.org -Date: Tue Jun 18 06:14:27 2024 +0000 +commit d469d5f348772058789d35332d1ccb0b109c28ef +Author: djm@openbsd.org +Date: Mon Sep 9 03:13:39 2024 +0000 - upstream: Stop using DSA in dropbear interop tests. + upstream: test mlkem768x25519-sha256 - OpenBSD-Regress-ID: abfd4457d99d8cc1417fd22ca2c570270f74c1cf + OpenBSD-Regress-ID: 7baf6bc39ae55648db1a2bfdc55a624954847611 -commit 761438012710169445acc179e3870c53c862bda0 -Author: Damien Miller -Date: Tue Jun 18 12:29:45 2024 +1000 +commit 62fb2b51bb7f6863c3ab697f397b2068da1c993f +Author: djm@openbsd.org +Date: Mon Sep 9 02:39:57 2024 +0000 - missed a bit of DSA in the fuzzer + upstream: pull post-quantum ML-KEM/x25519 key exchange out from + + compile-time flag now than an IANA codepoint has been assigned for the + algorithm. + + Add mlkem768x25519-sha256 in 2nd KexAlgorithms preference slot. + + ok markus@ + + OpenBSD-Commit-ID: 9f50a0fae7d7ae8b27fcca11f8dc6f979207451a -commit 3f9cc47da588e8de520720e59f98438043fdaf93 -Author: Damien Miller -Date: Tue Jun 18 09:35:53 2024 +1000 +commit a8ad7a2952111c6ce32949a775df94286550af6b +Author: djm@openbsd.org +Date: Fri Sep 6 02:30:44 2024 +0000 - DSA support is disabled, so remove from fuzzers + upstream: make parsing user@host consistently look for the last '@' in + + the string rather than the first. This makes it possible to use usernames + that contain '@' characters. + MIME-Version: 1.0 + Content-Type: text/plain; charset=UTF-8 + Content-Transfer-Encoding: 8bit + + Prompted by Max Zettlmeißl; feedback/ok millert@ + + OpenBSD-Commit-ID: 0b16eec246cda15469ebdcf3b1e2479810e394c5 -commit 00eb95957dea5484b2c7c043f7d2bbc87301bef2 +commit 13cc78d016b67a74a67f1c97c7c348084cd9212c Author: djm@openbsd.org -Date: Mon Jun 17 08:30:29 2024 +0000 +Date: Wed Sep 4 05:33:34 2024 +0000 - upstream: disable the DSA signature algorithm by default; ok + upstream: be more strict in parsing key type names. Only allow - markus@ + shortnames (e.g "rsa") in user-interface code and require full SSH protocol + names (e.g. "ssh-rsa") everywhere else. - (yes, I know this expands to "the Digitial Signature Algorithm - signature algorithm) + Prompted by bz3725; ok markus@ - OpenBSD-Commit-ID: 961ef594e46dd2dcade8dd5721fa565cee79ffed + OpenBSD-Commit-ID: b3d8de9dac37992eab78adbf84fab2fe0d84b187 -commit 5603befe11c9464ea26fe77cbacc95a7cc0b1ea7 +commit ef8472309a68e319018def6f8ea47aeb40d806f5 Author: djm@openbsd.org -Date: Mon Jun 17 08:28:31 2024 +0000 +Date: Wed Sep 4 05:11:33 2024 +0000 - upstream: promote connection-closed messages from verbose to info + upstream: fix RCSID in output - log level; they could be the only record of the connection terminating if the - client doesn't send a SSH2_MSG_DISCONNECT message. ok dtucker@ - - OpenBSD-Commit-ID: 0c8bfaf5e9fdff945cee09ac21e641f6c5d65d3c + OpenBSD-Commit-ID: 889ae07f2d2193ddc4351711919134664951dd76 -commit b00331402fe5c60d577f3ffcc35e49286cdc6b47 -Author: Damien Miller -Date: Mon Jun 17 17:02:18 2024 +1000 +commit ba2ef20c75c5268d4d1257adfc2ac11c930d31e1 +Author: jmc@openbsd.org +Date: Tue Sep 3 06:17:48 2024 +0000 - propagate PAM crashes to PerSourcePenalties + upstream: envrionment -> environment; - If the PAM subprocess crashes, exit with a crash status that will be - picked up by the sshd(8) listener process where it can be used by - PerSourcePenalties to block the client. This is similar handling to - the privsep preauth process. + OpenBSD-Commit-ID: b719f39c20e8c671ec6135c832d6cc67a595af9c -commit 1c207f456ace38987deda047758d13fbf857f948 +commit e66c0c5673a4304a3a9fbf8305c6a19f8653740f Author: Damien Miller -Date: Mon Jun 17 15:06:01 2024 +1000 +Date: Wed Sep 4 15:35:29 2024 +1000 - minix doesn't have loopback, so skip penalty tests - - pointed out by dtucker@ + add basic fuzzers for our import of sntrup761 -commit 48443d202eaec52d4d39defdd709a4499a7140c6 +commit d19dea6330ecd4eb403fef2423bd7e127f4c9828 Author: djm@openbsd.org -Date: Sun Jun 16 11:54:49 2024 +0000 +Date: Tue Sep 3 05:58:56 2024 +0000 - upstream: same treatment for this test + upstream: regression test for Include variable expansion - OpenBSD-Regress-ID: d0cc9efca7833e673ea7b0cb3a679a3acee8d4c7 + OpenBSD-Regress-ID: 35477da3ba1abd9ca64bc49080c50a9c1350c6ca -commit 45562a95ea11d328c22d97bf39401cd29684fb1f +commit 8c4d6a628051e318bae2f283e8dc38b896400862 Author: djm@openbsd.org -Date: Sun Jun 16 08:18:06 2024 +0000 +Date: Tue Sep 3 05:29:55 2024 +0000 - upstream: penalty test is still a bit racy + upstream: allow the "Include" directive to expand the same set of - OpenBSD-Regress-ID: 90c9ac224db454637baf1ebee5857e007321e824 - -commit 8d0f7eb147ef72d18acb16c0b18672d44941a8ca -Author: djm@openbsd.org -Date: Sat Jun 15 03:59:10 2024 +0000 - - upstream: crank up penalty timeouts so this should work on even the + %-tokens that "Match Exec" and environment variables. - slowest of test builders + ok dtucker@ - OpenBSD-Regress-ID: 70bda39c83e3fc9d0f3c1fad4542ed33e173d468 + OpenBSD-Commit-ID: 12ef521eaa966a9241e684258564f52f1f3c5d37 -commit 93c75471a1202ab3e29db6938648d4e2602c0475 -Author: jmc@openbsd.org -Date: Fri Jun 14 05:20:34 2024 +0000 +commit 51b82648b6827675fc0cde21175fd1ed8e89aab2 +Author: djm@openbsd.org +Date: Mon Sep 2 12:18:35 2024 +0000 - upstream: sort -q in the options list; + upstream: missing ifdef - OpenBSD-Commit-ID: 6839b38378f38f754de638a5e988c13b4164cc7c + OpenBSD-Commit-ID: 85f09da957dd39fd0abe08fe5ee19393f25c2021 -commit dd7807bbe80a93ffb4616f2bd5cf83ad5a5595fb +commit f68312eb593943127b39ba79a4d7fa438c34c153 Author: djm@openbsd.org -Date: Fri Jun 14 05:01:22 2024 +0000 +Date: Mon Sep 2 12:13:56 2024 +0000 - upstream: clarify KEXAlgorithms supported vs available. Inspired by + upstream: Add experimental support for hybrid post-quantum key exchange - bz3701 from Colin Watson. + ML-KEM768 with ECDH/X25519 from the Internet-draft: + https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03 - OpenBSD-Commit-ID: e698e69bea19bd52971d253f2b1094490c4701f7 - -commit d172ad56df85b68316dbadbedad16761a1265874 -Author: djm@openbsd.org -Date: Fri Jun 14 05:00:42 2024 +0000 - - upstream: ssh-keyscan -q man bits + This is based on previous patches from markus@ but adapted to use the + final FIPS203 standard ML-KEM using a formally-verified implementation + from libcrux. - OpenBSD-Commit-ID: ba28d0e1ac609a4c99c453e57e86560c79079db1 + Note this key exchange method is still a draft and thus subject to + change. It is therefore disabled by default; set MLKEM=yes to build it. + We're making it available now to make it easy for other SSH + implementations to test against it. + + ok markus@ deraadt@ + + OpenBSD-Commit-ID: 02a8730a570b63fa8acd9913ec66353735dea42c -commit 092e4ff9ccaacbe035f286feb1b56ed499604743 -Author: Damien Miller -Date: Fri Jun 14 14:46:35 2024 +1000 +commit 05f2b141cfcc60c7cdedf9450d2b9d390c19eaad +Author: Antonio Larrosa +Date: Fri Aug 23 12:21:06 2024 +0200 - skip penalty-expire test in valgrind test env + Don't skip audit before exitting cleanup_exit + + This fixes an issue where the SSH_CONNECTION_ABANDON event is not + audited because cleanup_exit overrides the regular _exit too soon and + as a result, failed auth attempts are not logged correctly. + + The problem was introduced in 81c1099d22b81ebfd20a334ce986c4f753b0db29 + where the code from upstream was merged before the audit_event call when + it should have been merged right before the _exit call in order to honor + the comment that just mentions an override of the exit value. -commit 2866ad08a9c50d7b67ce9424ca990532b806a21a +commit 16eaf9d401e70996f89f3f417738a8db421aa959 Author: djm@openbsd.org -Date: Fri Jun 14 04:43:11 2024 +0000 +Date: Wed Aug 28 12:08:26 2024 +0000 - upstream: split the PerSourcePenalties test in two: one tests penalty + upstream: fix test: -F is the argument to specify a non-default - enforcement but not penalty expiry, the other tests penalty expiry. - - This lets us disable the expiry testing in certain CI test environments. *** 36639 LINES SKIPPED *** From nobody Thu Feb 20 18:46:16 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzMfd1S48z5pGw5; Thu, 20 Feb 2025 18:46:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzMfc3m81z3gpl; Thu, 20 Feb 2025 18:46:16 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740077176; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Swpm4eo8iFWsyghoEMTideAEt2qH2uTshBJLFrz8G6Y=; b=BdkBg9RqFjdPyWCyss1ajwVeYvhGzo25fK5+Wxnot8zRaa0p0gulmJtJVuC2s7dF4tIivr 2eX5RiCFGVsIxTBze7ryMc9J7xsUX9qrfkTOTGwozwM87hei3ZhpvcWLFEK3OHSsk//2lT fdnz3JUHtEoYbYnFiJ+QF+Oi9NzHu75pmPwo37UzJDsvncQ+7EsmW9wU1cGr3WyvGL0pEt RzYXGfQlc5rRABt1bqOb5BbUQ5YU9GegAzF1JY0MogMKDsnOo7d/rqMqneE285KJHJZjHR HcTaX3horWj9w2TU/3oPaY7eIYwTisQPpf5EYEhEHR2Eg+RI2soejRGd81j6sQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740077176; a=rsa-sha256; cv=none; b=ykQ7/qoSbmJnVysDHtE1zkmZpW2ZNqvwAJvB8ym0ZIwDZIrCqD+RAUuBUa/ZBNaiCU8PFV 1JESg+atsy//1gRYqvSuv/cT+OdIytWxzesBD5k+YsUNk33cntNQio3d6ByppT5FnoUmeh nvCW7rV+cMsI5nqqrrUQWIUBWyoxgyOFROja3aUYoc+pm93OGgY7eLQtelAskUmvjLDij1 /wOMUlX7orY/6jt/KAsmVHowdhejF311+fLFh6kkP1Ni5WGb5JYo/2zu7Qt3enkr3VJ9+E K7k/FF+XQvtY0gSCMVqRqpTsgK64bk4SLprlsZsXHKrAXgqw3/lGSdh5WLgbPA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740077176; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Swpm4eo8iFWsyghoEMTideAEt2qH2uTshBJLFrz8G6Y=; b=vzFBtn7LTLR0IoV1UUiC5nYxqCh/VeBowza2uQsM/3OG81R/kfBsCHN+agLz8N/GE9NAGD NtNK+m2E2o4yZXfp83ZgSC42PrsNwqdhOxWuAWNerywrI5lylz+eSfzoLbEyvShAWE9Bla vvdFUwtV9qEHELV1BhXk+dEhX3pTkiyVSOaNdJFMRlpx3D8A7petweciGYAf5lVSWE+4Pq KsaZCtUil+ZKPXfm+5iVWnSlaCORHFJmqqkjmmLWZPMLcMHkQSBIRyFYTUQEqxE2na+7Il O9KHQLQRb8rV7lbYqBuBIoY4ZnxYYtbZISCJeM/fmGJi0mAGLg5qG1Qz4ABDlQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzMfc32Zmz13tH; Thu, 20 Feb 2025 18:46:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51KIkGsu062194; Thu, 20 Feb 2025 18:46:16 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51KIkGTY062191; Thu, 20 Feb 2025 18:46:16 GMT (envelope-from git) Date: Thu, 20 Feb 2025 18:46:16 GMT Message-Id: <202502201846.51KIkGTY062191@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 31dcdee20afc - releng/13.5 - openssh: Update to 9.9p2 List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.5 X-Git-Reftype: branch X-Git-Commit: 31dcdee20afc31f6e0f09c1277e5e0894765f1d0 Auto-Submitted: auto-generated The branch releng/13.5 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=31dcdee20afc31f6e0f09c1277e5e0894765f1d0 commit 31dcdee20afc31f6e0f09c1277e5e0894765f1d0 Author: Ed Maste AuthorDate: 2025-02-19 19:33:38 +0000 Commit: Ed Maste CommitDate: 2025-02-20 18:45:48 +0000 openssh: Update to 9.9p2 This release exists primarily to fix two security bugs. The fixes have been independently imported into FreeBSD. This import serves to update the ssh and sshd version number. A few minor bug fixes are also included; see the upstream release notes for full details of the 9.9p2 release (https://www.openssh.com/releasenotes.html). Sponsored by: The FreeBSD Foundation (cherry picked from commit 0ae642c7dd0c2cfd965a22bf73876cd26cceadd2) Approved by: re (accelerated MFC) (cherry picked from commit 059b786b7db55b776d82748842f4d6d89cb79664) (cherry picked from commit a8c1ea2614a43922dff9598c7948df32473c720c) Approved by: re (cperciva) --- crypto/openssh/.github/ci-status.md | 10 +- crypto/openssh/ChangeLog | 2186 ++-------------------------- crypto/openssh/README | 2 +- crypto/openssh/config.h | 3 - crypto/openssh/configure.ac | 1 - crypto/openssh/contrib/redhat/openssh.spec | 2 +- crypto/openssh/contrib/suse/openssh.spec | 2 +- crypto/openssh/defines.h | 26 + crypto/openssh/gss-serv.c | 1 + crypto/openssh/kexmlkem768x25519.c | 5 +- crypto/openssh/libcrux_mlkem768_sha3.h | 8 +- crypto/openssh/loginrec.c | 8 +- crypto/openssh/misc.c | 23 +- crypto/openssh/misc.h | 3 +- crypto/openssh/mlkem768.sh | 17 +- crypto/openssh/readconf.c | 28 +- crypto/openssh/servconf.c | 61 +- crypto/openssh/ssh_namespace.h | 1 + crypto/openssh/version.h | 2 +- 19 files changed, 289 insertions(+), 2100 deletions(-) diff --git a/crypto/openssh/.github/ci-status.md b/crypto/openssh/.github/ci-status.md index 4fa73894ce76..17fa97bdc309 100644 --- a/crypto/openssh/.github/ci-status.md +++ b/crypto/openssh/.github/ci-status.md @@ -6,10 +6,6 @@ master : [![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh) [![Coverity Status](https://scan.coverity.com/projects/21341/badge.svg)](https://scan.coverity.com/projects/openssh-portable) -9.8 : -[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_8)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_8) -[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_8)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_8) - -9.7 : -[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_7)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_7) -[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_7)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_7) +9.9 : +[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_9)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_9) +[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_9)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_9) diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog index c085866f19f6..2ef1164e6cfb 100644 --- a/crypto/openssh/ChangeLog +++ b/crypto/openssh/ChangeLog @@ -1,3 +1,140 @@ +commit 6ebc4dd77a479892d5ca0cd2a567a651f70aad82 +Author: Damien Miller +Date: Tue Feb 18 19:03:42 2025 +1100 + + openssh-9.9p2 + +commit 38df39ecf278a7ab5794fb03c01286f2cfe82c0d +Author: djm@openbsd.org +Date: Tue Feb 18 08:02:48 2025 +0000 + + upstream: Fix cases where error codes were not correctly set + + Reported by the Qualys Security Advisory team. ok markus@ + + OpenBSD-Commit-ID: 7bcd4ffe0fa1e27ff98d451fb9c22f5fae6e610d + +commit 5e07dee272c34e193362fba8eda0e3c453f3c773 +Author: djm@openbsd.org +Date: Tue Feb 18 08:02:12 2025 +0000 + + upstream: Don't reply to PING in preauth phase or during KEX + + Reported by the Qualys Security Advisory team. ok markus@ + + OpenBSD-Commit-ID: c656ac4abd1504389d1733d85152044b15830217 + +commit fb071011fb843142282b8b8a69cbb15e9b0b9485 +Author: djm@openbsd.org +Date: Mon Feb 10 23:00:29 2025 +0000 + + upstream: fix "Match invalid-user" from incorrectly being activated + + in initial configuration pass when no other predicates were present on the + match line + + OpenBSD-Commit-ID: 02703b4bd207fafd03788bc4e7774bf80be6c9a8 + +commit 729a26a978dd39db60d4625bdfb5405baa629e59 +Author: Damien Miller +Date: Wed Oct 30 14:25:14 2024 +1100 + + fix uint64_t types; reported by Tom G. Christensen + +commit 33c5f384ae03a5d1a0bd46ca0fac3c62e4eaf784 +Author: Damien Miller +Date: Sun Oct 27 13:28:11 2024 +1100 + + htole64() etc for systems without endian.h + +commit fe8d28a7ebbaa35cfc04a21263627f05c237e460 +Author: djm@openbsd.org +Date: Sun Oct 27 02:06:59 2024 +0000 + + upstream: explicitly include endian.h + + OpenBSD-Commit-ID: 13511fdef7535bdbc35b644c90090013da43a318 + +commit 11f348196b3fb51c3d8d1f4f36db9d73f03149ed +Author: djm@openbsd.org +Date: Sun Oct 27 02:06:01 2024 +0000 + + upstream: fix ML-KEM768x25519 KEX on big-endian systems; spotted by + + jsg@ feedback/ok deraadt@ + + OpenBSD-Commit-ID: 26d81a430811672bc762687166986cad40d28cc0 + +commit 19bcb2d90c6caf14abf386b644fb24eb7afab889 +Author: djm@openbsd.org +Date: Thu Sep 26 23:55:08 2024 +0000 + + upstream: fix previous change to ssh_config Match, which broken on + + negated Matches; spotted by phessler@ ok deraadt@ + + OpenBSD-Commit-ID: b1c6acec66cd5bd1252feff1d02ad7129ced37c7 + +commit 66878e12a207fa9746dee3e2bdcca29b704cf035 +Author: djm@openbsd.org +Date: Wed Sep 25 01:24:04 2024 +0000 + + upstream: fix regression introduced when I switched the "Match" + + criteria tokeniser to a more shell-like one. Apparently the old tokeniser + (accidentally?) allowed "Match criteria=argument" as well as the "Match + criteria argument" syntax that we tested for. + + People were using this syntax so this adds back support for + "Match criteria=argument" + + bz3739 ok dtucker + + OpenBSD-Commit-ID: d1eebedb8c902002b75b75debfe1eeea1801f58a + +commit ff2cd1dd5711ff88efdf26662d6189d980439a1f +Author: Damien Miller +Date: Wed Sep 25 11:15:45 2024 +1000 + + gss-serv.c needs sys/param.h + + From Void Linux + +commit 2c12ae8cf9b0b7549ae097c4123abeda0ee63e5b +Author: Damien Miller +Date: Wed Sep 25 11:13:05 2024 +1000 + + build construct_utmp() when USE_BTMP is set + + Fixes compile error on Void Linux/Musl + +commit c7fda601186ff28128cfe3eab9c9c0622de096e1 +Author: Christoph Ostarek +Date: Wed Jul 3 12:46:59 2024 +0200 + + fix utmpx ifdef + + 02e16ad95fb1f56ab004b01a10aab89f7103c55d did a copy-paste for + utmpx, but forgot to change the ifdef appropriately + +commit 7cf4dc414de689c467e58e49fb83f6609c3ed36b +Author: Darren Tucker +Date: Mon Sep 23 20:54:26 2024 +1000 + + Remove non-9.9 branch statuses. + +commit 8513f4d30ae85d17b3b08da6bc3be76f8c73123c +Author: Darren Tucker +Date: Mon Sep 23 20:52:31 2024 +1000 + + Add 9.9 branch to CI status console. + +commit 53a80baaebda180f46e6e8571f3ff800e1f5c496 +Author: Damien Miller +Date: Fri Sep 20 08:20:48 2024 +1000 + + autogenerated files for release + commit 46d1fb16b20e971b9ac15e86a3d3e350b49c9ad6 Author: Damien Miller Date: Fri Sep 20 08:20:13 2024 +1000 @@ -6625,2052 +6762,3 @@ Date: Mon Feb 20 18:24:39 2023 +1100 This fixes tests on platforms that do not have the openssl tool installed at all. - -commit 2a7e3449908571af601a4c2d12ab140096442e47 -Author: dtucker@openbsd.org -Date: Fri Feb 17 04:22:50 2023 +0000 - - upstream: Remove now-unused compat bit SSH_BUG_RSASIGMD5. The code - - to set this was removed in OpenSSH 7.7 when support for SSH implementations - dating back to before RFC standardization were removed. "burn it all" djm@ - - OpenBSD-Commit-ID: 6330935fbe23dd00be79891505e06d1ffdac7cda - -commit 0833ccf2c8b7ae08b296c06f17bd53e3ab94b0b0 -Author: dtucker@openbsd.org -Date: Fri Feb 17 03:06:18 2023 +0000 - - upstream: Remove now-unused compat bit SSH_BUG_BIGENDIANAES. This - - was previously set for OpenSSH 2.3 (released in 2000) but this check was - removed in OpenSSH 7.7 (2018). ok djm@ deraadt@ - - OpenBSD-Commit-ID: 326426ea328707fc9e83305291ab135c87f678af - -commit c81c2bea6e828d52b62b448b4ffdd3c163177975 -Author: Damien Miller -Date: Fri Feb 17 10:12:40 2023 +1100 - - whitespace fixes - -commit 500f90b39db5f0014e6b0c49ff1f45c994b69293 -Author: Damien Miller -Date: Fri Feb 17 10:02:08 2023 +1100 - - whitespace at EOL - -commit 68350152406339170721c15e97afdf827a5e4001 -Author: dtucker@openbsd.org -Date: Thu Feb 16 10:10:00 2023 +0000 - - upstream: Remove SSH_BUG_PASSWORDPAD compat bit - - since it's no longer used. ok markus@ - - OpenBSD-Commit-ID: b92c21f56fe4b7f9a54790d6a9650725c226820b - -commit 537cccd804eaf65f32bdce037cc31db4e0ab0f44 -Author: dtucker@openbsd.org -Date: Thu Feb 16 07:55:15 2023 +0000 - - upstream: Remove SSH_BUG_IGNOREMSG compat flag - - since it's only applicable to SSH1 and thus no longer used. ok markus@ - "kill it with fire" djm@ - - OpenBSD-Commit-ID: ea13318b1937795d9db4790d3ce0a6ed01584dab - -commit 285cf6cd4b91a0a0ce33193c358c99085af33e43 -Author: jmc@openbsd.org -Date: Fri Feb 10 06:41:53 2023 +0000 - - upstream: space between macro and punctuation; sort usage(); - - OpenBSD-Commit-ID: 6141610cfca037700730e41f868d1d9124958f8c - -commit d39a96f70f81878c77336ed35f5c648c1804b71a -Author: jmc@openbsd.org -Date: Fri Feb 10 06:40:48 2023 +0000 - - upstream: space between macro and punctuation; - - OpenBSD-Commit-ID: abc95e550be9e6d9a7ff64b65c104c7be21ab19e - -commit 16e82bf53fc34e43e3b948d43b68d5b27a7335e6 -Author: jmc@openbsd.org -Date: Fri Feb 10 06:39:27 2023 +0000 - - upstream: sort SYNOPSIS; - - OpenBSD-Commit-ID: dacd9da33277d5669a51213d880632599c890c1e - -commit d9685121ff6d57b8797411f3cb123884a4b96e30 -Author: Darren Tucker -Date: Sat Feb 11 12:32:19 2023 +1100 - - Improve seccomp compat on older systems. - - Check if flags to mmap and madvise are defined before using them. - Should fix problems building on older Linux systems that don't have - these. bz#3537, with & ok djm@. - -commit 6180b0fa4f7996687678702806257e661fd5931e -Author: djm@openbsd.org -Date: Fri Feb 10 05:06:03 2023 +0000 - - upstream: test -Ohashalg=... and that the default output contains both - - specified hash algorithms; prompted by dtucker@ - - OpenBSD-Regress-ID: 26f309208c8d8b8fa9c5f419767b85f1e9b22f51 - -commit d651f5c9fe37e61491eee46c49ba9fa03dbc0e6a -Author: djm@openbsd.org -Date: Fri Feb 10 04:56:30 2023 +0000 - - upstream: let ssh-keygen and ssh-keyscan accept - - -Ohashalg=sha1|sha256 when outputting SSHFP fingerprints to allow algorithm - selection. bz3493 ok dtucker@ - - OpenBSD-Commit-ID: e6e07fe21318a873bd877f333e189eb963a11b3d - -commit 18938d11a90b74d63c20b2d3c965d5bd64786ab1 -Author: djm@openbsd.org -Date: Fri Feb 10 04:47:19 2023 +0000 - - upstream: add a `sshd -G` option that parses and prints the - - effective configuration without attempting to load private keys and perform - other checks. This allows usage of the option before keys have been - generated. - - bz3460 feedback/ok dtucker@ - - OpenBSD-Commit-ID: 774504f629023fc25a559ab1d95401adb3a7fb29 - -commit df7d3dbf7194db8e97730ee0425d4d9d7bdb8b10 -Author: djm@openbsd.org -Date: Fri Feb 10 04:40:28 2023 +0000 - - upstream: make `ssh -Q CASignatureAlgorithms` work as the manpage says - - it should bz3532 - - OpenBSD-Commit-ID: 0ddb17b3fcbd99bfb5baea4ac5e449620cbd3adc - -commit d3b8d4198b6595f23b5859d43dc8fc701f97429b -Author: Darren Tucker -Date: Fri Feb 10 14:26:44 2023 +1100 - - Add CentOS 7 test targets. - -commit 22efb01e355bba4755b730ed417f91c081445bfc -Author: dtucker@openbsd.org -Date: Thu Feb 9 09:55:33 2023 +0000 - - upstream: Test adding terminating newline to known_hosts. - - OpenBSD-Regress-ID: 5fc3010ac450195b3fbdeb68e875564968800365 - -commit caec6da1a583ed8c32c6ad3b81bbcaab46ac8b61 -Author: dtucker@openbsd.org -Date: Wed Feb 8 08:06:03 2023 +0000 - - upstream: ssh-agent doesn't actually take -v, - - so the recently-added ones will result in the test not cleaning up - after itself. Patch from cjwatson at debian.org vi bz#3536. - - OpenBSD-Regress-ID: 1fc8283568f5bf2f918517c2c1e778072cf61b1a - -commit 3c379c9a849a635cc7f05cbe49fe473ccf469ef9 -Author: dtucker@openbsd.org -Date: Thu Feb 9 09:54:11 2023 +0000 - - upstream: Ensure that there is a terminating newline when adding a new - - entry to known_hosts. bz#3529, with git+openssh at limpsquid.nl, ok deraadt@ - markus@ - - OpenBSD-Commit-ID: fa8d90698da1886570512b96f051e266eac105e0 - -commit 95b6bbd2553547260b324b39d602061c88b774bc -Author: Darren Tucker -Date: Tue Feb 7 08:43:47 2023 +1100 - - Replace 9.1 with 9.2 on CI status page. - -commit 195313dfe10a23c82e9d56d5fdd2f59beee1bdcf -Author: Damien Miller -Date: Fri Feb 3 16:33:09 2023 +1100 - - harden Linux seccomp sandbox - - Linux mmap(2) and madvise(2) syscalls support quite a number of funky - flags that we don't expect that sshd/libc will ever need. We can - exclude this kernel attack surface by filtering the mmap(2) flags - and the madvise(2) advice arguments. - - Similarly, the sandboxed process in sshd is a single-threaded program - that does not use shared memory for synchronisation or communication. - Therefore, there should be no reason for the advanced priority - inheritance futex(2) operations to be necessary. These can also be - excluded. - - Motivated by Jann Horn pointing out that there have been kernel bugs - in nearby Linux kernel code, e.g. CVE-2020-29368, CVE-2020-29374 and - CVE-2022-42703. - - Feedback Jann Horn, ok dtucker@ - -commit 6dfb65de949cdd0a5d198edee9a118f265924f33 -Author: Damien Miller -Date: Thu Feb 2 23:21:54 2023 +1100 - - crank versions in RPM specs - -commit d07cfb11a0ca574eb68a3931d8c46fbe862a2021 -Author: Damien Miller -Date: Thu Feb 2 23:21:45 2023 +1100 - - update version in README - -commit 9fe207565b4ab0fe5d1ac5bb85e39188d96fb214 -Author: Damien Miller -Date: Thu Feb 2 23:17:49 2023 +1100 - - adapt compat_kex_proposal() test to portable - -commit 903c556b938fff2d7bff8da2cc460254430963c5 -Author: djm@openbsd.org -Date: Thu Feb 2 12:12:52 2023 +0000 - - upstream: test compat_kex_proposal(); by dtucker@ - - OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2 - -commit 405fba71962dec8409c0c962408e09049e5624b5 -Author: dtucker@openbsd.org -Date: Thu Jan 19 07:53:45 2023 +0000 - - upstream: Check if we can copy sshd or need to use sudo to do so - - during reexec test. Skip test if neither can work. Patch from anton@, tweaks - from me. - - OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d - -commit b2a2a8f69fd7737ea17dc044353c514f2f962f35 -Author: djm@openbsd.org -Date: Thu Feb 2 12:10:22 2023 +0000 - - upstream: openssh-9.2 - - OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923 - -commit 12da7823336434a403f25c7cc0c2c6aed0737a35 -Author: djm@openbsd.org -Date: Thu Feb 2 12:10:05 2023 +0000 - - upstream: fix double-free caused by compat_kex_proposal(); bz3522 - - by dtucker@, ok me - - OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80 - -commit 79efd95ab5ff99f4cb3a955e2d713b3f54fb807e -Author: Darren Tucker -Date: Wed Feb 1 17:17:26 2023 +1100 - - Skip connection-timeout test on minix3. - - Minix 3's Unix domain sockets don't seem to work the way we expect, so - skip connection-timeout test on that platform. While there, group - together all similarly skipped tests and explicitly comment. - -commit 6b508c4e039619842bcf5a16f8a6b08dd6bec44a -Author: Damien Miller -Date: Wed Feb 1 12:12:05 2023 +1100 - - fix libfido2 detection without pkg-config - - Place libfido2 before additional libraries (that it may depend upon) - and not after. bz3530 from James Zhang; ok dtucker@ - -commit 358e300fed5e6def233a2c06326e51e20ebed621 -Author: deraadt@openbsd.org -Date: Wed Jan 18 20:56:36 2023 +0000 - - upstream: delete useless dependency - - OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad - -commit a4cb9be1b021b511e281ee55c356f964487d9e82 -Author: deraadt@openbsd.org -Date: Wed Jan 18 20:43:15 2023 +0000 - - upstream: Create and install sshd random relink kit. - - ../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't - be too fragile, we'll see if we need a different approach. The resulting sshd - binary is tested with the new sshd -V option before installation. As the - binary layout is now semi-unknown (meaning relative, fixed, and gadget - offsets are not precisely known), change the filesystem permissions to 511 to - prevent what I call "logged in BROP". I have ideas for improving this further - but this is a first step ok djm - - OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8 - -commit bc7de6f91a9a0ae2f148a9d31a4027d441a51999 -Author: jmc@openbsd.org -Date: Wed Jan 18 06:55:32 2023 +0000 - - upstream: tweak previous; ok djm - - OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3 - -commit a20b7e999773e6333c8aa9b0a7fa41966e63b037 -Author: Darren Tucker -Date: Tue Jan 31 19:35:44 2023 +1100 - - Skip connection-timeout test under Valgrind. - - Valgrind slows things down so much that the timeout test fails. Skip - this test until we figure out if we can make it work. - -commit c3ffb54b4fc5e608206037921db6ccbc2f5ab25f -Author: Darren Tucker -Date: Wed Jan 25 21:58:40 2023 +1100 - - Skip connection-timeout when missing FD passing. - - This tests uses multiplexing which uses file descriptor passing, so - skip it if we don't have that. Fixes test failures on Cygwin. - -commit 35253af01d8c0ab444c8377402121816e71c71f5 -Author: djm@openbsd.org -Date: Wed Jan 18 02:00:10 2023 +0000 - - upstream: when restoring non-blocking mode to stdio fds, restore - - exactly the flags that ssh started with and don't just clobber them with - zero, as this could also remove the append flag from the set; - - bz3523; ok dtucker@ - - OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0 - -commit 7d17ea151c0b2519f023bd9cc7f141128833ac47 -Author: millert@openbsd.org -Date: Wed Jan 18 01:50:21 2023 +0000 - - upstream: Add a -V (version) option to sshd like the ssh client - - has. OK markus@ deraadt@ - - OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e - -commit 62360feb7f08f2a4c6fc36f3b3449309203c42c9 -Author: millert@openbsd.org -Date: Tue Jan 17 18:52:44 2023 +0000 - - upstream: For "ssh -V" always exit 0, there is no need to check opt - - again. This was missed when the fallthrough in the switch case above it was - removed. OK deraadt@ - - OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120 - -commit 12492c0abf1eb415d08a897cc1d8b9e789888230 -Author: djm@openbsd.org -Date: Tue Jan 17 10:15:10 2023 +0000 - - upstream: also check that an active session inhibits - - UnusedConnectionTimeout idea markus@ - - OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003 - -commit cef2593c33ac46a58238ff998818754eabdf64ff -Author: djm@openbsd.org -Date: Tue Jan 17 10:02:34 2023 +0000 - - upstream: regression test for UnusedConnectionTimeout - - OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084 - -commit aff9493a89c71d6a080419b49ac64eead9730491 -Author: djm@openbsd.org -Date: Mon Jan 16 04:11:29 2023 +0000 - - upstream: unbreak test: cannot access shell positional parameters - - past $9 without wrapping the position in braces (i.e. need ${10}, etc.) - - OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac - -commit 0293c19807f83141cdf33b443154459f9ee471f6 -Author: djm@openbsd.org -Date: Tue Jan 17 09:44:48 2023 +0000 - - upstream: Add a sshd_config UnusedConnectionTimeout option to terminate - - client connections that have no open channels for some length of time. This - complements the recently-added ChannelTimeout option that terminates inactive - channels after a timeout. - - ok markus@ - - OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9 - -commit 8ec2e3123802d2beeca06c1644b0b647f6d36dab -Author: djm@openbsd.org -Date: Sun Jan 15 23:35:10 2023 +0000 - - upstream: adapt to ed25519 changes in src/usr.bin/ssh - - OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5 - -commit 9fbbfeca1ce4c7ec0001c827bbf4189a3ba0964b -Author: djm@openbsd.org -Date: Sun Jan 15 23:05:32 2023 +0000 - - upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP - - (20221122) and change the import approach to the same one we use for - Streamlined NTRUPrime: use a shell script to extract the bits we need from - SUPERCOP, make some minor adjustments and squish them all into a single file. - - ok tb@ tobhe@ - - OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b - -commit 6283f4bd83eee714d0f5fc55802eff836b06fea8 -Author: Darren Tucker -Date: Sat Jan 14 22:02:44 2023 +1100 - - Allow writev is seccomp sandbox. - - This seems to be used by recent glibcs at least in some configurations. - From bz#3512, ok djm@ - -commit 923c3f437f439cfca238fba37e97a7041782f615 -Author: dtucker@openbsd.org -Date: Sat Jan 14 10:05:54 2023 +0000 - - upstream: Shell syntax fix. From ren mingshuai vi github PR#369. - - OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9 - -commit 4d87a00f704e0365e11c3c38b170c1275ec461fc -Author: dtucker@openbsd.org -Date: Sat Jan 14 09:57:08 2023 +0000 - - upstream: Instead of skipping the all-tokens test if we don't have - - OpenSSL (since we use it to compute the hash), put the hash at the end and - just omit it if we don't have it. Prompted by bz#3521. - - OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea - -commit b05406d6f93b8c8ec11ec8b27e7c76cc7a5a55fb -Author: jmc@openbsd.org -Date: Fri Jan 13 07:13:40 2023 +0000 - - upstream: fix double phrase in previous; - - OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2 - -commit 40564812b659c530eb1f4b62d09e85612aef3107 -Author: dtucker@openbsd.org -Date: Fri Jan 13 03:16:29 2023 +0000 - - upstream: Document "UserKnownHostsFile none". ok djm@ - - OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5 - -commit d03e245e034019a37388f6f5f893ce848ab6d2e2 -Author: Darren Tucker -Date: Fri Jan 13 23:02:34 2023 +1100 - - Retry package installation 3 times. - - When setting up the CI environment, retry package installation 3 times - before going up. Should help prevent spurious failures during - infrastructure issues. - -commit 625f6bc39840167dafb3bf5b6a3e18503ac986e8 -Author: dtucker@openbsd.org -Date: Fri Jan 13 04:47:34 2023 +0000 - - upstream: Move scp path setting to a helper function. The previous - - commit to add scp to the test sshd's path causes the t-envpass test to fail - when the test scp is given using a fully qualified path. Put this in a - helper function and only call it from the scp tests. - - OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4 - -commit 6e6f88647042b3cde54a628545c2f5fb656a9327 -Author: dtucker@openbsd.org -Date: Fri Jan 13 04:23:00 2023 +0000 - - upstream: Add scp's path to test sshd's PATH. - - If the scp we're testing is fully qualified (eg it's not in the system - PATH) then add its path to the under-test sshd's PATH so we can find - it. Prompted by bz#3518. - - OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0 - -commit 8a5e99a70fcf9b022a8aa175ebf6a71f58511da3 -Author: Darren Tucker -Date: Fri Jan 13 15:49:48 2023 +1100 - - Remove skipping test when scp not in path. - - An upcoming change renders this obsolete by adding scp's path to the - test sshd's PATH, and removing this first will make the subsequent sync - easier. - -commit 41f36dd896c8fb8337d403fcf476762986976e9d -Author: dtucker@openbsd.org -Date: Fri Jan 13 02:58:20 2023 +0000 - - upstream: Add a "Host" line to the output of ssh -G showing the - - original host arg. Inspired by patch from vincent at bernat.ch via bz#3343, - ok djm@ - - OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883 - -commit f673b49f3be3eb51074fbb8a405beb6cd0f7d93e -Author: djm@openbsd.org -Date: Fri Jan 13 02:44:02 2023 +0000 - - upstream: avoid printf("%s", NULL) if using ssh - - -oUserKnownHostsFile=none and a hostkey in one of the system known hosts file - changes; ok dtucker@ - - OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614 - -commit 93fc7c576563e3d88a1dc019dd213f65607784cc -Author: djm@openbsd.org -Date: Wed Jan 11 05:39:38 2023 +0000 - - upstream: clamp the minimum buffer lengths and number of inflight - - requests too - - OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56 - -commit 48bf234322e639d279c5a28435eae50155e9b514 -Author: djm@openbsd.org -Date: Wed Jan 11 05:36:50 2023 +0000 - - upstream: ignore bogus upload/download buffer lengths in the limits - - extension - - OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8 - -commit 36b00d31833ca74cb0f7c7d8eda1bde55700f929 -Author: djm@openbsd.org -Date: Wed Jan 11 02:13:52 2023 +0000 - - upstream: remove whitespace at EOL from code extracted from SUPERCOP - - OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4 - -commit d888de06c5e4d7dbf2f2b85f2b5bf028c570cf78 -Author: djm@openbsd.org -Date: Wed Jan 11 00:51:27 2023 +0000 - - upstream: rewrite this test to use a multiplexed ssh session so we can - - control its lifecycle without risk of race conditions; fixes some of the - Github integration tests for openssh-portable - - OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969 - -commit 4bcc737a35fdd9cc4af7423d6c23dfd0c7ef4786 -Author: Damien Miller -Date: Wed Jan 11 11:45:17 2023 +1100 - - remove buffer len workaround for NetBSD 4.x - - Switching to from pipes to a socketpair for communicating with the - ssh process avoids the (kernel bug?) problem. - -commit f5154d2aac3e6a32a1b13dec23a701a087850cdc -Author: Damien Miller -Date: Wed Jan 11 11:44:19 2023 +1100 - - add back use of pipes in scp.c under USE_PIPES - - This matches sftp.c which prefers socketpair but uses pipes on - some older platforms. - -commit eec737b59cf13841de46134967a206607000acd4 -Author: millert@openbsd.org -Date: Tue Jan 10 23:22:15 2023 +0000 - - upstream: Switch scp from using pipes to a socketpair for - - communication with it's ssh sub-processes. We no longer need to reserve two - descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is - handled by sanitise_stdfd() in main(). Based on an original diff from djm@. - OK deraadt@ djm@ - - OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d - -commit d213d126a4a343abd3a1eb13687d39c1891fe5c8 -Author: jmc@openbsd.org -Date: Fri Jan 6 08:44:11 2023 +0000 - - upstream: tweak previous; ok djm - - OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858 - -commit 4a5590a5ee47b7dfd49773e9fdba48ad3089fe64 -Author: Damien Miller -Date: Mon Jan 9 16:33:56 2023 +1100 - - try to improve logging for dynamic-forward test - - previously the logs from the ssh used to exercise the forwarding - channel would clobber the logs from the ssh actually doing the - forwarding - -commit 715bc25dcfccf9fb2bee820155fe071d01a618db -Author: Darren Tucker -Date: Sat Jan 7 23:24:50 2023 +1100 - - Skip dynamic-forward test on minix3. - - This test relies on loopback addresses which minix does not have. - Previously the test would not run at all since it also doesn't have - netcat, but now we use our own netcat it tries and fails. - -commit dd1249bd5c45128a908395c61b26996a70f82205 -Author: Damien Miller -Date: Sun Jan 8 12:08:59 2023 +1100 - - don't test IPv6 addresses if platform lacks support - -commit d77fc611a62f2dfee0b654c31a50a814b13310dd -Author: dtucker@openbsd.org -Date: Fri Jan 6 12:33:33 2023 +0000 - - upstream: When OpenSSL is not available, skip parts of percent test - - that require it. Based on github pr#368 from ren mingshuai. - - OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2 - -commit 1cd2aac312af9172f1b5cb06c2e1cd090abb83cf -Author: Darren Tucker -Date: Sat Jan 7 23:01:11 2023 +1100 - - Use our own netcat for dynamic-forward test. - - That way we can be surer about its behaviour rather than trying to - second-guess the behaviour of various netcat implementations. - -commit 26cab41c05d7b0859d2a1ea5b6ed253d91848a80 -Author: Darren Tucker -Date: Sat Jan 7 14:30:43 2023 +1100 - - Use autoconf to find openssl binary. - - It's possible to install an OpenSSL in a path not in the system's - default library search path. OpenSSH can still use this (eg if you - specify an rpath) but the openssl binary there may not work. If one is - available on the system path just use that. - -commit 5532e010a0eeb6aa264396514f9aed7948471538 -Author: Darren Tucker -Date: Sat Jan 7 10:34:18 2023 +1100 - - Check openssl_bin path is executable before using. - -commit 5d7b16cff48598d5908db970bfdc9ff9326142c8 -Author: Darren Tucker -Date: Fri Jan 6 23:19:07 2023 +1100 - - Set OPENSSL_BIN from OpenSSL directory. - -commit 344a0e8240eaf08da5d46a5e3a9ecad6e4f64c35 -Author: dtucker@openbsd.org -Date: Fri Jan 6 08:50:33 2023 +0000 - - upstream: Save debug logs from ssh for debugging purposes. - - OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0 - -commit e1ef172646f7f49c80807eea90225ef5e0be55a8 -Author: djm@openbsd.org -Date: Fri Jan 6 08:07:39 2023 +0000 - - upstream: regression test for ChannelTimeout - - OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685 - -commit 2393ea8daf25853459eb07a528d7577688847777 -Author: djm@openbsd.org -Date: Fri Jan 6 07:18:18 2023 +0000 - - upstream: fix typo in verbose logging - - OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9 - -commit 161a5378a3cc2e7aa3f9674cb7f4686ae6ce9586 -Author: djm@openbsd.org -Date: Fri Jan 6 02:59:50 2023 +0000 - - upstream: unit tests for misc.c:ptimeout_* API - - OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94 - -commit 018d671d78145f03d6f07ae9d64d51321da70325 -Author: tb@openbsd.org -Date: Wed Jan 4 22:48:57 2023 +0000 - - upstream: Copy bytes from the_banana[] rather than banana() - - Fixes test failure due to segfault seen on arm64 with xonly snap. - - ok djm - - OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046 - -commit ab6bb69e251faa8b24f81b25c72ec0120f20cad4 -Author: Damien Miller -Date: Fri Jan 6 19:13:36 2023 +1100 - - unbreak scp on NetBSD 4.x - - e555d5cad5 effectively increased the default copy buffer size for SFTP - transfers. This caused NetBSD 4.x to hang during the "copy local file to - remote file in place" scp.sh regression test. - - This puts back the original 32KB copy buffer size until we can properly - figure out why. - - lots of debugging assistance from dtucker@ - -commit 2d1ff2b9431393ad99ef496d5e3b9dd0d4f5ac8c -Author: djm@openbsd.org -Date: Fri Jan 6 02:47:18 2023 +0000 - - upstream: Implement channel inactivity timeouts - - This adds a sshd_config ChannelTimeouts directive that allows channels that - have not seen traffic in a configurable interval to be automatically closed. - Different timeouts may be applied to session, X11, agent and TCP forwarding - channels. - - Note: this only affects channels over an opened SSH connection and not - the connection itself. Most clients close the connection when their channels - go away, with a notable exception being ssh(1) in multiplexing mode. - - ok markus dtucker - - OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8 - -commit 0e34348d0bc0b1522f75d6212a53d6d1d1367980 -Author: djm@openbsd.org -Date: Fri Jan 6 02:42:34 2023 +0000 - - upstream: Add channel_set_xtype() - - This sets an "extended" channel type after channel creation (e.g. - "session:subsystem:sftp") that will be used for setting channel inactivity - timeouts. - - ok markus dtucker - *** 1825 LINES SKIPPED *** From nobody Fri Feb 21 00:05:31 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzVl00hMkz5pcY3; Fri, 21 Feb 2025 00:05:32 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzVkz6J93z3J7d; Fri, 21 Feb 2025 00:05:31 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740096331; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=QJ3KUMo/ZRXKVAaVp9V2vbWFZLq8+WLg9ujWjS5cXfU=; b=TliJRKhjchODvut0RLjPLRkJRkyGrz2ks1XWkLZXDkvhA8sGLXc9pp5sFvw4rdLIfsdear OH6iacz8fA9mIhqgJumScqY7FpsIih0CDGfS8SOK+uIJG7/l+iJ6qkh45CH7u8SlWhOfo4 5sAgNegcguPH4buHdPwDHF2p0CaWUUko5FFWbsYLMa//qvJor9hCvHEkkJT4bYNOmxOR9q Eyqa1zA4IxwUQawiELz0JaFcmn4w2duXFGrWvVnUmCGHtXJ2Yhqg3JOYKN2GKmtpzH3wQA 9JBRjKTdFy9iJawrIabeMx9qrhXPBwtVQLdogmRQ29DirUZbvIQ1uyMHQeimbQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740096331; a=rsa-sha256; cv=none; b=t7qKOAcCP9hGOSrtAPtTWs+gWXxsxymPgZi9pSCD4sbhyn2eZkixqPDXAnZSfaybvDRIzR 3npSJ18AP1m5ZyVkcEgRJRBQy8h4spRzQZCzoUMIkMmZF72Cyedmk1Odv8sJHfusCn9Wup 44nfUsXcNllEV8QRmQZl4ySV254bpFuc94M3GCMVwXQVz0yeC0DL9SZ/VYpLXi1cT3eKPt KFH9i5E7G4tNHvR6JQhN2b16zKlSlz+fbePZpX20hH9AuSzKTcuQXFQBb6lR5OqBKPZLjy XYcIuMgG+KuDkzn3s1jSPnV/yEpTXAcSj8v+kf+qXUCY49Iq4Q+tYkAr5xTTsQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740096331; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=QJ3KUMo/ZRXKVAaVp9V2vbWFZLq8+WLg9ujWjS5cXfU=; b=nRz5Z/c49P/5K9QxHu6+nOoBqHMG+wuEa7yFxx/EMmA9uOjxlCpSAupZPctDSQkCW5y6+5 Y8INggcJL3xHhsyNNIi3RksOteZO3ZktGAdEu2jYOoR8JVNnKcNzF+Txmw00hz24D6HTUO 9YeO8Ug4l60UGfkjSxZuGDsf/BjtbekSod6m4i+GtFe9oDag3is4v17zqWaADO71ZX7DUN q6M+xm/M1pyCRZSN/oI9jTO4liMmyy8U1vhHF8fdn6g+0OInOvZVPH2FmzI9o+YrYroH6x udXvbEHZ4xsL6CjyK+k1s0KnjbHSAebSx3aH71cnvKpDvTe1PAxwJI199S82uw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzVkz5tPxz1DDf; Fri, 21 Feb 2025 00:05:31 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51L05Vw5062288; Fri, 21 Feb 2025 00:05:31 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51L05VK0062285; Fri, 21 Feb 2025 00:05:31 GMT (envelope-from git) Date: Fri, 21 Feb 2025 00:05:31 GMT Message-Id: <202502210005.51L05VK0062285@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Colin Percival Subject: git: ee6c7bf50b93 - releng/13.5 - pkg-stage.sh: kde5 -> kde List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cperciva X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.5 X-Git-Reftype: branch X-Git-Commit: ee6c7bf50b938628347b38123a646925f1b6b75e Auto-Submitted: auto-generated The branch releng/13.5 has been updated by cperciva: URL: https://cgit.FreeBSD.org/src/commit/?id=ee6c7bf50b938628347b38123a646925f1b6b75e commit ee6c7bf50b938628347b38123a646925f1b6b75e Author: Colin Percival AuthorDate: 2025-02-19 19:21:04 +0000 Commit: Colin Percival CommitDate: 2025-02-21 00:05:11 +0000 pkg-stage.sh: kde5 -> kde The "kde5" package no longer exists; KDE goes to 6. Note: Depending on the size of 13.5-BETA3 DVD images, KDE might end up being removed from this list in the near future. With hat: re@ Approved by: re (cperciva) MFC after: 30 seconds Sponsored by: Amazon (cherry picked from commit 0d7b98c06c5ec9638020844ee460af075cfc6e54) (cherry picked from commit 4ddbb7945c633f2675daac78b70c3450e67d0498) --- release/scripts/pkg-stage.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/release/scripts/pkg-stage.sh b/release/scripts/pkg-stage.sh index b7305337c012..8e3e1f35e112 100755 --- a/release/scripts/pkg-stage.sh +++ b/release/scripts/pkg-stage.sh @@ -28,7 +28,7 @@ sysutils/tmux www/firefox www/links x11/gnome -x11/kde5 +x11/kde x11/sddm x11/xorg x11-wm/sway" From nobody Fri Feb 21 00:05:32 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzVl1390Pz5pcdT; Fri, 21 Feb 2025 00:05:33 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzVl10W5Lz3J5s; Fri, 21 Feb 2025 00:05:33 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740096333; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=fCrZjOhokOJwcfBjKHu/vX0P7i42ztx3f+fs9Hh6gI8=; b=BfSreq7ceKlgXICzONvzkYEWdIynxdgy/HUGhGwI+trWu0Hhkwj88uN1bjqfN1ImgvEKIL 679PydVbysCw58BuaZS8tmenD12yhr2Kydp4r7DUTxHOOrzqykNW7K3jp0Cg7jPEHL+kbC vRx8naPJqBo8puRAWcv2L6ZqSYHqnA2rn4DFKZ2Y2hAy9JcY34zuMDdMiHhYipz4DpQGTI ZEDz3gAS4RCPwXBmCkTGg5p6PQkznzBQiqiPE3hq6EydAAYbRGwDg6SZedehbcC9/8gtYg zgXlkmp9v7/D2RYO/0Tj7xGp5VmFa9Q6OH7k5dCZuByvQ+pI0gCEH5EUbA/2lg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740096333; a=rsa-sha256; cv=none; b=S7jme8xfpJbq7oyRoGRvnr0YW811UOZzZKZ6sHd41hf5GKK91znHZtX7K3gegt/jynXRfH Piw9knixDTXp1myXUx9mZnIg7YwqcdiYxIw0cEszyxplYVfp+bwpso4mkPTtOkZI7pPKLu uGcGx7Zm5aTMOPg17DKAB0Xvn0Ov5eKlMAAPPDZm5TR7Sph8f0l6INbd5QJy2HWsGGlmA+ YWEG3Y/gqPAGte8VNxO+cX11oRwKPI5zrJlb7TZMb3rzjfLsxyZ3r7njq9PmwHc9fAJcUO 9iprGGYWlLFPrIMb2GUJaIteSqqKgP8+hRziu9N/uvGIituWxgFmTuV5oZqSsg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740096333; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=fCrZjOhokOJwcfBjKHu/vX0P7i42ztx3f+fs9Hh6gI8=; b=avw0ahS2fJrMsLk1H7RXe3b5NHIBdhomweWrCZ2sVtTSk/6LAgy2czmNf76XYiq1lXyGv0 lQcFBll7oHjxvZHiMV66/NdslkbFWYd/WPxhYr2uGliObgDRvhclebIf8swEBo4+85dzE5 mB9Nu7PqJO90q0FvRqchfmLB4u0W0FuexsgnzMVvMxePydWXuDI6OSxWOeMPPQ2lNxJWgu GmKBkYky4GCyWuf45eLNpnY1o/q38XmgOGH9DpMMweiMbrw66LIQKEY/RqOmh+wVIZxf6k g21bjHm7iI3xFIGmX8BKSufZkukc8IrMMi6S9xyRz1O65OKWZoTN7UzC71jRGw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzVl103NTz1CfG; Fri, 21 Feb 2025 00:05:33 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51L05WcL062322; Fri, 21 Feb 2025 00:05:32 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51L05WIE062319; Fri, 21 Feb 2025 00:05:32 GMT (envelope-from git) Date: Fri, 21 Feb 2025 00:05:32 GMT Message-Id: <202502210005.51L05WIE062319@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Colin Percival Subject: git: 7f6d09003ada - releng/13.5 - 13.5: Update to BETA3 List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cperciva X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.5 X-Git-Reftype: branch X-Git-Commit: 7f6d09003adaf916bf93855a4fab98ad420fbeda Auto-Submitted: auto-generated The branch releng/13.5 has been updated by cperciva: URL: https://cgit.FreeBSD.org/src/commit/?id=7f6d09003adaf916bf93855a4fab98ad420fbeda commit 7f6d09003adaf916bf93855a4fab98ad420fbeda Author: Colin Percival AuthorDate: 2025-02-21 00:00:00 +0000 Commit: Colin Percival CommitDate: 2025-02-21 00:05:22 +0000 13.5: Update to BETA3 Approved by: re (implicit) Sponsored by: Amazon --- sys/conf/newvers.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index db4cef33816e..fee92b14d847 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -53,7 +53,7 @@ TYPE="FreeBSD" REVISION="13.5" -BRANCH="BETA2" +BRANCH="BETA3" if [ -n "${BRANCH_OVERRIDE}" ]; then BRANCH=${BRANCH_OVERRIDE} fi From nobody Fri Feb 21 01:57:13 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzYCs5WyHz5nmKv; Fri, 21 Feb 2025 01:57:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzYCs41lLz3nZr; Fri, 21 Feb 2025 01:57:13 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740103033; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=cvte9nzIG7EXjmubPguK/5enDZ9/pvQu3QcKvW6Yz/Q=; b=lUbDmDuh8hDtPxr6Hcvfr22rJg5CnHeusU1/bwCDANqQ/zK2ubzlhc8OTsmUmY5YhDGoYc dSOo2KOhFw4AJ4NZle//4hG6jIO6fIzda5PR4XWIQJRh71G45ClDfAQ7ROyhaNpuej4evS m685V/CL5HrtJX0TzdkGRbmJbtDAj4DI1n2aiBSZvVVcVgnvdKFL4jvsdy1LAv+xIyXcQd 2EdVNcAFhRKfVquWhn9Y42BqVPVwpABPPhQL4iwSvKGb2LUa5W0T/9u71svWlSYdUsox/p XL9O5Mda945zVbfiquDT3P8/rU7SrE5VnW40VseuHmdjKoV/Dm02i0wdkQ6Vdw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740103033; a=rsa-sha256; cv=none; b=ZQy+C34VbPUmZn2gaqJcGCqDJiyNpr4S6NRW3YvtUDdr+zI6AJU0XlLqQgRDm6HVmX5Ohq 1IckByRHdfz/BQ8dbpcQ7P2dcPbPvEF4ZtIMJ5Rqv/FcsegLfYOiBGwOn1a87LjV/RZYCk BF8j/8X0bVSxvcBvSWr/rUPnT3QWKy1qkN7RVPflYNI3HIgZCv3ofJ4/e8QVgeLonTKvKA Mqvi6bWUZv9SuQgksSbPP3+SE2sZxULtcLlukJsQiBWGvpwtHs12iA2EiNaKl2nE/7roFb L4qqLaKKm4Ke7Wfgpy5ipuIpq0/Y7MsReFEJ16xf9AlTq5bC2Hc0frGXPKppMg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740103033; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=cvte9nzIG7EXjmubPguK/5enDZ9/pvQu3QcKvW6Yz/Q=; b=kMPO5aejak7VbAVJP8mMlEULttoDWXJROf6Z8sPdysmpe5RXIdGtcFuhpc9e+IJ1dtachX ebR5mjHkIh6Hyc+CrAo/SshijECwNlpcrV5bgZ1mZVNtbvvE4NIPAqI0Z7h7D+ZYwV79Re P84InDVtZ8XmR7PBcka2h4xIFeIoMT9eozN87YQhAjWhznpA9xWLwAFNBm0E/j2zfshAJE FsyPxbSqH+U4jwPHjvuAZ6Cbd6Jr/loDdxOAyd+wNse7gCB31tvqhCYx0NhTLjM8oGLWRe msyZvisMWW7cdo0WIHIFYvtuR4zYpQEGcmL/fyl2SaQ2R/bp1dsBNocRbHQbkw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzYCs3NR7z1GXc; Fri, 21 Feb 2025 01:57:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51L1vDGm067322; Fri, 21 Feb 2025 01:57:13 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51L1vDKt067319; Fri, 21 Feb 2025 01:57:13 GMT (envelope-from git) Date: Fri, 21 Feb 2025 01:57:13 GMT Message-Id: <202502210157.51L1vDKt067319@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 0629203c5392 - stable/14 - inpcb: Remove some unused parameters in internal hash lookup functions List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 0629203c53927bed33b1c87cde1a8e692d3a959e Auto-Submitted: auto-generated The branch stable/14 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=0629203c53927bed33b1c87cde1a8e692d3a959e commit 0629203c53927bed33b1c87cde1a8e692d3a959e Author: Mark Johnston AuthorDate: 2024-11-08 14:25:19 +0000 Commit: Mark Johnston CommitDate: 2025-02-21 01:04:49 +0000 inpcb: Remove some unused parameters in internal hash lookup functions in_pcblookup_hash_wild_* looks up unconnected inpcbs, so there is no point in passing the foreign address and port, and indeed those parameters are not used. So, remove them. No functional change intended. MFC after: 1 week Sponsored by: Klara, Inc. Sponsored by: Stormshield Differential Revision: https://reviews.freebsd.org/D47385 (cherry picked from commit 21d7ac8c79a34cf3b7205d0c32014ee39f1f28ab) --- sys/netinet/in_pcb.c | 17 ++++++++--------- sys/netinet6/in6_pcb.c | 14 ++++++-------- 2 files changed, 14 insertions(+), 17 deletions(-) diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index 937fa6f826c0..32b7f1f96492 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -2256,9 +2256,8 @@ in_pcblookup_wild_match(const struct inpcb *inp, struct in_addr laddr, #define INP_LOOKUP_AGAIN ((struct inpcb *)(uintptr_t)-1) static struct inpcb * -in_pcblookup_hash_wild_smr(struct inpcbinfo *pcbinfo, struct in_addr faddr, - u_short fport, struct in_addr laddr, u_short lport, - const inp_lookup_t lockflags) +in_pcblookup_hash_wild_smr(struct inpcbinfo *pcbinfo, struct in_addr laddr, + u_short lport, const inp_lookup_t lockflags) { struct inpcbhead *head; struct inpcb *inp; @@ -2294,8 +2293,8 @@ in_pcblookup_hash_wild_smr(struct inpcbinfo *pcbinfo, struct in_addr faddr, } static struct inpcb * -in_pcblookup_hash_wild_locked(struct inpcbinfo *pcbinfo, struct in_addr faddr, - u_short fport, struct in_addr laddr, u_short lport) +in_pcblookup_hash_wild_locked(struct inpcbinfo *pcbinfo, struct in_addr laddr, + u_short lport) { struct inpcbhead *head; struct inpcb *inp, *local_wild, *local_exact, *jail_wild; @@ -2396,8 +2395,8 @@ in_pcblookup_hash_locked(struct inpcbinfo *pcbinfo, struct in_addr faddr, inp = in_pcblookup_lbgroup(pcbinfo, &faddr, fport, &laddr, lport, numa_domain); if (inp == NULL) { - inp = in_pcblookup_hash_wild_locked(pcbinfo, faddr, - fport, laddr, lport); + inp = in_pcblookup_hash_wild_locked(pcbinfo, laddr, + lport); } } @@ -2479,8 +2478,8 @@ in_pcblookup_hash_smr(struct inpcbinfo *pcbinfo, struct in_addr faddr, } inp = INP_LOOKUP_AGAIN; } else { - inp = in_pcblookup_hash_wild_smr(pcbinfo, faddr, fport, - laddr, lport, lockflags); + inp = in_pcblookup_hash_wild_smr(pcbinfo, laddr, lport, + lockflags); } if (inp == INP_LOOKUP_AGAIN) { return (in_pcblookup_hash(pcbinfo, faddr, fport, laddr, diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c index a88e47abef64..c2cf856d0dfd 100644 --- a/sys/netinet6/in6_pcb.c +++ b/sys/netinet6/in6_pcb.c @@ -1066,8 +1066,7 @@ in6_pcblookup_wild_match(const struct inpcb *inp, const struct in6_addr *laddr, static struct inpcb * in6_pcblookup_hash_wild_smr(struct inpcbinfo *pcbinfo, - const struct in6_addr *faddr, u_short fport, const struct in6_addr *laddr, - u_short lport, const inp_lookup_t lockflags) + const struct in6_addr *laddr, u_short lport, const inp_lookup_t lockflags) { struct inpcbhead *head; struct inpcb *inp; @@ -1104,8 +1103,7 @@ in6_pcblookup_hash_wild_smr(struct inpcbinfo *pcbinfo, static struct inpcb * in6_pcblookup_hash_wild_locked(struct inpcbinfo *pcbinfo, - const struct in6_addr *faddr, u_short fport, const struct in6_addr *laddr, - u_short lport) + const struct in6_addr *laddr, u_short lport) { struct inpcbhead *head; struct inpcb *inp, *jail_wild, *local_exact, *local_wild; @@ -1187,8 +1185,8 @@ in6_pcblookup_hash_locked(struct inpcbinfo *pcbinfo, inp = in6_pcblookup_lbgroup(pcbinfo, faddr, fport, laddr, lport, numa_domain); if (inp == NULL) { - inp = in6_pcblookup_hash_wild_locked(pcbinfo, faddr, - fport, laddr, lport); + inp = in6_pcblookup_hash_wild_locked(pcbinfo, + laddr, lport); } } return (inp); @@ -1264,8 +1262,8 @@ in6_pcblookup_hash_smr(struct inpcbinfo *pcbinfo, const struct in6_addr *faddr, } inp = INP_LOOKUP_AGAIN; } else { - inp = in6_pcblookup_hash_wild_smr(pcbinfo, faddr, fport, - laddr, lport, lockflags); + inp = in6_pcblookup_hash_wild_smr(pcbinfo, laddr, lport, + lockflags); } if (inp == INP_LOOKUP_AGAIN) { return (in6_pcblookup_hash(pcbinfo, faddr, fport, laddr, From nobody Fri Feb 21 01:57:14 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzYCv0gRDz5nmMx; Fri, 21 Feb 2025 01:57:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzYCt4nysz3ncw; Fri, 21 Feb 2025 01:57:14 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740103034; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ytKsEFPjXnPcd3U7MJGwRAzTui2S54Bb8wZbbBz+FT8=; b=C3+vLVe4or+qgs/faPlymfZMhrgHfnuhGAfca7hotcBlF9z+3lo/fUHZNAIpzTcSK4fXzd wY/XiWpQm7ZkGD/w6U1ng6Zzlb868wjxdFygREq8uRBy2UZBfV28WR9gQYJ5zF8IiFryMu xEhi7+/WxDOcVrNzLtTlTxf62JIbCw36+JUwJWyg+PLTcqPlEX7KKTOu/smkxtCI221AY3 wRU4kptjgrThRZ4mUPiC0PMFtElH3NvezkcGz1QevmEluBdpB6V413bE02W1qz4qj7NLlV CtB6KMWm8ZV+1iEggK1HIb9QrT0raYHiAwyryVuKLEduNpquxPzZt0ngwu6B7g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740103034; a=rsa-sha256; cv=none; b=UIfqK5h9bInnLyUR0W4Km4byE8iLVrzhN1U6pYOCxnpx+IwXKpkn7qPYRK2OKyKgl69NjC 5M0njxMJYvadEJ0KaHbChVL0zpxCu7leLRFRVRtAIQ6rz9KWtLHmcImrIIj3CO7QncNkIe uKMBNjRP4JEBn6HaQDD1z6XlMv4owgYf8+iesJxY+J/tItHNCNDCq2qlzz+pMaAAxMl8wE 4ipI7kwoijcMYp/jHzJVLa35guao4VrzML7cDgGGLejtN7xE5osN2nHGDvyc7arKj0Hyms ry3754ZiVi2jOwPwq3xDmq+Cvk3hKD6/ABFOdqaIcOxNGsCz7htq8gpPtVYyXw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740103034; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ytKsEFPjXnPcd3U7MJGwRAzTui2S54Bb8wZbbBz+FT8=; b=fzOEJCbY8/C89X/pM6MwZw66D1FW6g7DveoK3+u193Qjy0n8nl2XwKYAJ/A9Fb+Vy7nEfM N57MdqH/gDfjw7t2pG+Rtz+n2DvQnSSvEDfIviAE+MabfK0AezsjdmoukXSvUkJkfa5ywy ERA8Is4ezLJVJwtm3vH5hvK1Zq1uiFk1O0sl3MS3IFwaAsmn/5SRqChdvy4cVZdd4wH+vc 0ls4jw9E0kqaVhyxoFaCtDmURztvXHw6Za5yyjrlUxBrisNPnom1h9QxnLm4LigwniR9Kn wiOROxH9qlEvOTh1OaThWrnZJtum2MsyD7iPni3tfBofHsjDQW4xRm8kFeUR0g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzYCt4KYxz1GQZ; Fri, 21 Feb 2025 01:57:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51L1vELn067354; Fri, 21 Feb 2025 01:57:14 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51L1vEvA067351; Fri, 21 Feb 2025 01:57:14 GMT (envelope-from git) Date: Fri, 21 Feb 2025 01:57:14 GMT Message-Id: <202502210157.51L1vEvA067351@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 062ca7e887e3 - stable/14 - inpcb: Imbue in(6)_pcblookup_local() with a FIB parameter List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 062ca7e887e33267c85c698a6c318d5f29c3d786 Auto-Submitted: auto-generated The branch stable/14 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=062ca7e887e33267c85c698a6c318d5f29c3d786 commit 062ca7e887e33267c85c698a6c318d5f29c3d786 Author: Mark Johnston AuthorDate: 2025-02-06 14:14:09 +0000 Commit: Mark Johnston CommitDate: 2025-02-21 01:04:49 +0000 inpcb: Imbue in(6)_pcblookup_local() with a FIB parameter This is to enable a mode where duplicate inpcb bindings are permitted, and we want to look up an inpcb with a particular FIB. Thus, add a "fib" parameter to in_pcblookup() and related functions, and plumb it through. A fib value of RT_ALL_FIBS indicates that the lookup should ignore FIB numbers when searching. Otherwise, it should refer to a valid FIB number, and the returned inpcb should belong to the specific FIB. For now, just add the fib parameter where needed, as there are several layers to plumb through. No functional change intended. Reviewed by: glebius MFC after: 2 weeks Sponsored by: Klara, Inc. Sponsored by: Stormshield Differential Revision: https://reviews.freebsd.org/D48660 (cherry picked from commit 9a4131629bb3083ddc02a32950e4eb4806a07710) --- sys/netinet/in_pcb.c | 23 ++++++++++++++++------- sys/netinet/in_pcb_var.h | 4 ++-- sys/netinet6/in6_pcb.c | 20 +++++++++++++------- sys/netinet6/in6_pcb.h | 2 +- 4 files changed, 32 insertions(+), 17 deletions(-) diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index 32b7f1f96492..84229ce39eb2 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -818,12 +818,14 @@ in_pcb_lport_dest(struct inpcb *inp, struct sockaddr *lsa, u_short *lportp, #ifdef INET6 if ((inp->inp_vflag & INP_IPV6) != 0) { tmpinp = in6_pcblookup_local(pcbinfo, - &inp->in6p_laddr, lport, lookupflags, cred); + &inp->in6p_laddr, lport, RT_ALL_FIBS, + lookupflags, cred); #ifdef INET if (tmpinp == NULL && (inp->inp_vflag & INP_IPV4)) tmpinp = in_pcblookup_local(pcbinfo, - laddr, lport, lookupflags, cred); + laddr, lport, RT_ALL_FIBS, + lookupflags, cred); #endif } #endif @@ -832,7 +834,7 @@ in_pcb_lport_dest(struct inpcb *inp, struct sockaddr *lsa, u_short *lportp, #endif #ifdef INET tmpinp = in_pcblookup_local(pcbinfo, laddr, - lport, lookupflags, cred); + lport, RT_ALL_FIBS, lookupflags, cred); #endif } } while (tmpinp != NULL); @@ -931,7 +933,7 @@ in_pcbbind_avail(struct inpcb *inp, const struct in_addr laddr, * which has a unique 4-tuple. */ t = in_pcblookup_local(inp->inp_pcbinfo, laddr, lport, - INPLOOKUP_WILDCARD, cred); + RT_ALL_FIBS, INPLOOKUP_WILDCARD, cred); if (t != NULL && (inp->inp_socket->so_type != SOCK_STREAM || in_nullhost(t->inp_faddr)) && @@ -939,7 +941,7 @@ in_pcbbind_avail(struct inpcb *inp, const struct in_addr laddr, return (EADDRINUSE); } t = in_pcblookup_local(inp->inp_pcbinfo, laddr, lport, - lookupflags, cred); + RT_ALL_FIBS, lookupflags, cred); if (t != NULL && ((reuseport | reuseport_lb) & t->inp_socket->so_options) == 0) { #ifdef INET6 @@ -1991,7 +1993,7 @@ restart: #define INP_LOOKUP_MAPPED_PCB_COST 3 struct inpcb * in_pcblookup_local(struct inpcbinfo *pcbinfo, struct in_addr laddr, - u_short lport, int lookupflags, struct ucred *cred) + u_short lport, int fib, int lookupflags, struct ucred *cred) { struct inpcb *inp; #ifdef INET6 @@ -2003,6 +2005,9 @@ in_pcblookup_local(struct inpcbinfo *pcbinfo, struct in_addr laddr, KASSERT((lookupflags & ~(INPLOOKUP_WILDCARD)) == 0, ("%s: invalid lookup flags %d", __func__, lookupflags)); + KASSERT(fib == RT_ALL_FIBS || (fib >= 0 && fib < V_rt_numfibs), + ("%s: invalid fib %d", __func__, fib)); + INP_HASH_LOCK_ASSERT(pcbinfo); if ((lookupflags & INPLOOKUP_WILDCARD) == 0) { @@ -2021,7 +2026,8 @@ in_pcblookup_local(struct inpcbinfo *pcbinfo, struct in_addr laddr, #endif if (inp->inp_faddr.s_addr == INADDR_ANY && inp->inp_laddr.s_addr == laddr.s_addr && - inp->inp_lport == lport) { + inp->inp_lport == lport && (fib == RT_ALL_FIBS || + inp->inp_inc.inc_fibnum == fib)) { /* * Found? */ @@ -2060,6 +2066,9 @@ in_pcblookup_local(struct inpcbinfo *pcbinfo, struct in_addr laddr, if (!prison_equal_ip4(inp->inp_cred->cr_prison, cred->cr_prison)) continue; + if (fib != RT_ALL_FIBS && + inp->inp_inc.inc_fibnum != fib) + continue; #ifdef INET6 /* XXX inp locking */ if ((inp->inp_vflag & INP_IPV4) == 0) diff --git a/sys/netinet/in_pcb_var.h b/sys/netinet/in_pcb_var.h index f2191cf73386..1780a9859f5f 100644 --- a/sys/netinet/in_pcb_var.h +++ b/sys/netinet/in_pcb_var.h @@ -55,8 +55,8 @@ int in_pcb_lport(struct inpcb *, struct in_addr *, u_short *, int in_pcb_lport_dest(struct inpcb *inp, struct sockaddr *lsa, u_short *lportp, struct sockaddr *fsa, u_short fport, struct ucred *cred, int lookupflags); -struct inpcb * in_pcblookup_local(struct inpcbinfo *, struct in_addr, u_short, - int, struct ucred *); +struct inpcb *in_pcblookup_local(struct inpcbinfo *, struct in_addr, u_short, + int, int, struct ucred *); struct inpcbport { struct inpcbhead phd_pcblist; diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c index c2cf856d0dfd..9584dcf7474c 100644 --- a/sys/netinet6/in6_pcb.c +++ b/sys/netinet6/in6_pcb.c @@ -251,7 +251,7 @@ in6_pcbbind_avail(struct inpcb *inp, const struct sockaddr_in6 *sin6, * which has a unique 4-tuple. */ t = in6_pcblookup_local(inp->inp_pcbinfo, laddr, lport, - INPLOOKUP_WILDCARD, cred); + RT_ALL_FIBS, INPLOOKUP_WILDCARD, cred); if (t != NULL && (inp->inp_socket->so_type != SOCK_STREAM || IN6_IS_ADDR_UNSPECIFIED(&t->in6p_faddr)) && @@ -265,8 +265,8 @@ in6_pcbbind_avail(struct inpcb *inp, const struct sockaddr_in6 *sin6, in6_sin6_2_sin(&sin, sin6); t = in_pcblookup_local(inp->inp_pcbinfo, - sin.sin_addr, lport, INPLOOKUP_WILDCARD, - cred); + sin.sin_addr, lport, RT_ALL_FIBS, + INPLOOKUP_WILDCARD, cred); if (t != NULL && (inp->inp_socket->so_type != SOCK_STREAM || in_nullhost(t->inp_faddr)) && @@ -277,7 +277,7 @@ in6_pcbbind_avail(struct inpcb *inp, const struct sockaddr_in6 *sin6, #endif } t = in6_pcblookup_local(inp->inp_pcbinfo, laddr, lport, - lookupflags, cred); + RT_ALL_FIBS, lookupflags, cred); if (t != NULL && ((reuseport | reuseport_lb) & t->inp_socket->so_options) == 0) return (EADDRINUSE); @@ -288,7 +288,7 @@ in6_pcbbind_avail(struct inpcb *inp, const struct sockaddr_in6 *sin6, in6_sin6_2_sin(&sin, sin6); t = in_pcblookup_local(inp->inp_pcbinfo, sin.sin_addr, - lport, lookupflags, cred); + lport, RT_ALL_FIBS, lookupflags, cred); if (t != NULL && ((reuseport | reuseport_lb) & t->inp_socket->so_options) == 0 && (!in_nullhost(t->inp_laddr) || @@ -751,13 +751,15 @@ in6_pcbnotify(struct inpcbinfo *pcbinfo, struct sockaddr_in6 *sa6_dst, */ struct inpcb * in6_pcblookup_local(struct inpcbinfo *pcbinfo, const struct in6_addr *laddr, - u_short lport, int lookupflags, struct ucred *cred) + u_short lport, int fib, int lookupflags, struct ucred *cred) { struct inpcb *inp; int matchwild = 3, wildcard; KASSERT((lookupflags & ~(INPLOOKUP_WILDCARD)) == 0, ("%s: invalid lookup flags %d", __func__, lookupflags)); + KASSERT(fib == RT_ALL_FIBS || (fib >= 0 && fib < V_rt_numfibs), + ("%s: invalid fib %d", __func__, fib)); INP_HASH_LOCK_ASSERT(pcbinfo); @@ -775,7 +777,8 @@ in6_pcblookup_local(struct inpcbinfo *pcbinfo, const struct in6_addr *laddr, continue; if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr) && IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, laddr) && - inp->inp_lport == lport) { + inp->inp_lport == lport && (fib == RT_ALL_FIBS || + inp->inp_inc.inc_fibnum == fib)) { /* Found. */ if (prison_equal_ip6(cred->cr_prison, inp->inp_cred->cr_prison)) @@ -815,6 +818,9 @@ in6_pcblookup_local(struct inpcbinfo *pcbinfo, const struct in6_addr *laddr, /* XXX inp locking */ if ((inp->inp_vflag & INP_IPV6) == 0) continue; + if (fib != RT_ALL_FIBS && + inp->inp_inc.inc_fibnum != fib) + continue; if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) wildcard++; if (!IN6_IS_ADDR_UNSPECIFIED( diff --git a/sys/netinet6/in6_pcb.h b/sys/netinet6/in6_pcb.h index edf7023747bb..5118b4b412a4 100644 --- a/sys/netinet6/in6_pcb.h +++ b/sys/netinet6/in6_pcb.h @@ -77,7 +77,7 @@ int in6_pcbconnect(struct inpcb *, struct sockaddr_in6 *, struct ucred *, bool); void in6_pcbdisconnect(struct inpcb *); struct inpcb *in6_pcblookup_local(struct inpcbinfo *, const struct in6_addr *, - u_short, int, struct ucred *); + u_short, int, int, struct ucred *); struct inpcb *in6_pcblookup_hash_locked(struct inpcbinfo *pcbinfo, const struct in6_addr *faddr, u_int fport_arg, const struct in6_addr *laddr, u_int lport_arg, From nobody Fri Feb 21 01:57:15 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzYCw0J33z5nmN1; Fri, 21 Feb 2025 01:57:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzYCv5l1vz3ngW; Fri, 21 Feb 2025 01:57:15 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740103035; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0bb2vzMRS/nKUifXz9Z4i+KEF4L2Y3PUtXOJlOWarLo=; b=eejfjwg2tqeaDKN4r1x2DSxNl9mjE+ZdNA8z01zYCQ7H84P4aMuKILiHXrDlcoJKhO80Mj Q6jTfcKUOEeNjxeo8EMrcu1vlSy/zNqydcbUwx5ue5Cq98lG/JYkbfRJ6OPHzsQ4rVKO2J T0e3k+GkvUrQKrq4garUOeW/GCPAazvNJ5hmbS+8AIqFc/tfhHhNacTFExBmjTKusYDPYF o/i0dS5DVVyqY8NMbwjSF/7glYQCUK/JihkPAqr8xl2S/G52PQS98Cofujr6NPx12yMwJY LEr0EMVvgMGJEmy4W0UdgzShSRvNDOX5C1csaQcpFX9ZXBs7baSNt3I7YKajVg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740103035; a=rsa-sha256; cv=none; b=OjOxcTolPiRkIrW+isgikT9CTarytSE03xb/c1xUwh7WOw5UckPtXbehEBP4W+wyO7KEaH HsRxS0pOQtziGk5E7pZQwjzrIPv1eG/aissQEsXLOWbUwXbUqn/hhRSvFJWwvJWoxTbFuO XhRBAkJNxCrsu9ULC1xLVoQIgAtPx78eN3vuOXAp/dqXTcs7XAuXDphGPtcpdCqEtJG8yg i9+0QA8EwRYNXKKVncFa50JR4ra/pheBpPN79Q2QW5sbMEsU8CeAUiKqiYJjcnR1hnekeL E89yg0KomOA7BTe7J9x3jaJr4sILfr8T8lXPqKstHm0kh5mo1itm3IopMPFpVw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740103035; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0bb2vzMRS/nKUifXz9Z4i+KEF4L2Y3PUtXOJlOWarLo=; b=YwK6ln11Xd5SRlcCTtP0PcmBmd1cgpac7vJG6tmkDgyT08YKp5Wtj8ovBJp6cpdebdXIhV V2HC4GkC1gnFIKNdd+KjOq2Rh4oQGSoUslSenh2h7Iaaugsa23aVH1ZCPws+QDZsSnorRo AwRexxcQscQetVrV5jAdBLsZLsvJV2olt2pauvpaalDS+hpwg0vpveJ27q3ublb2B27+p4 OYiJsfeQzb80D0RyZillkp6yq6BWb5esSXcwnRdRgcB0IZvU3dxDNsCp7cn0JTyJy2EVkk r+LtFzFR4bSgYvjaXLedl7gohG3eszOdgy4n3Xw8Hk34p3z44iuXUN2gkxjkng== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzYCv5KH0z1Gyd; Fri, 21 Feb 2025 01:57:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51L1vF3H067392; Fri, 21 Feb 2025 01:57:15 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51L1vFjB067389; Fri, 21 Feb 2025 01:57:15 GMT (envelope-from git) Date: Fri, 21 Feb 2025 01:57:15 GMT Message-Id: <202502210157.51L1vFjB067389@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: ff45a1ca2e7a - stable/14 - inpcb: Add a flags parameter to in_pcbbind() List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: ff45a1ca2e7a06cbbae3722f0a37733421d07023 Auto-Submitted: auto-generated The branch stable/14 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=ff45a1ca2e7a06cbbae3722f0a37733421d07023 commit ff45a1ca2e7a06cbbae3722f0a37733421d07023 Author: Mark Johnston AuthorDate: 2025-02-06 14:14:23 +0000 Commit: Mark Johnston CommitDate: 2025-02-21 01:04:49 +0000 inpcb: Add a flags parameter to in_pcbbind() Add a flag, INPBIND_FIB, which means that the inpcb is local to its FIB number. When this flag is specified, duplicate bindings are permitted, so long as each FIB contains at most one inpcb bound to the same address/port. If an inpcb is bound with this flag, it'll have the INP_BOUNDFIB flag set. No functional change intended. Reviewed by: glebius MFC after: 2 weeks Sponsored by: Klara, Inc. Sponsored by: Stormshield Differential Revision: https://reviews.freebsd.org/D48661 (cherry picked from commit bbd0084baf7539c7042ce94f8c6770210f83f765) --- sys/netinet/in_pcb.c | 37 +++++++++++++++++++++++++------------ sys/netinet/in_pcb.h | 9 +++++---- sys/netinet/tcp_usrreq.c | 10 +++++----- sys/netinet/udp_usrreq.c | 4 ++-- sys/netinet6/in6_pcb.c | 18 +++++++++++++----- sys/netinet6/in6_pcb.h | 2 +- sys/netinet6/udp6_usrreq.c | 4 ++-- 7 files changed, 53 insertions(+), 31 deletions(-) diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index 84229ce39eb2..25b1d51e4a79 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -256,7 +256,7 @@ static void in_pcbremhash(struct inpcb *); static struct inpcblbgroup * in_pcblbgroup_alloc(struct ucred *cred, u_char vflag, uint16_t port, - const union in_dependaddr *addr, int size, uint8_t numa_domain) + const union in_dependaddr *addr, int size, uint8_t numa_domain, int fib) { struct inpcblbgroup *grp; size_t bytes; @@ -269,6 +269,7 @@ in_pcblbgroup_alloc(struct ucred *cred, u_char vflag, uint16_t port, grp->il_vflag = vflag; grp->il_lport = port; grp->il_numa_domain = numa_domain; + grp->il_fibnum = fib; grp->il_dependladdr = *addr; grp->il_inpsiz = size; return (grp); @@ -319,7 +320,7 @@ in_pcblbgroup_resize(struct inpcblbgrouphead *hdr, grp = in_pcblbgroup_alloc(old_grp->il_cred, old_grp->il_vflag, old_grp->il_lport, &old_grp->il_dependladdr, size, - old_grp->il_numa_domain); + old_grp->il_numa_domain, old_grp->il_fibnum); if (grp == NULL) return (NULL); @@ -347,12 +348,16 @@ in_pcbinslbgrouphash(struct inpcb *inp, uint8_t numa_domain) struct inpcblbgrouphead *hdr; struct inpcblbgroup *grp; uint32_t idx; + int fib; pcbinfo = inp->inp_pcbinfo; INP_WLOCK_ASSERT(inp); INP_HASH_WLOCK_ASSERT(pcbinfo); + fib = (inp->inp_flags & INP_BOUNDFIB) != 0 ? + inp->inp_inc.inc_fibnum : RT_ALL_FIBS; + #ifdef INET6 /* * Don't allow IPv4 mapped INET6 wild socket. @@ -371,6 +376,7 @@ in_pcbinslbgrouphash(struct inpcb *inp, uint8_t numa_domain) grp->il_vflag == inp->inp_vflag && grp->il_lport == inp->inp_lport && grp->il_numa_domain == numa_domain && + grp->il_fibnum == fib && memcmp(&grp->il_dependladdr, &inp->inp_inc.inc_ie.ie_dependladdr, sizeof(grp->il_dependladdr)) == 0) { @@ -381,7 +387,7 @@ in_pcbinslbgrouphash(struct inpcb *inp, uint8_t numa_domain) /* Create new load balance group. */ grp = in_pcblbgroup_alloc(inp->inp_cred, inp->inp_vflag, inp->inp_lport, &inp->inp_inc.inc_ie.ie_dependladdr, - INPCBLBGROUP_SIZMIN, numa_domain); + INPCBLBGROUP_SIZMIN, numa_domain, fib); if (grp == NULL) return (ENOBUFS); in_pcblbgroup_insert(grp, inp); @@ -675,7 +681,8 @@ out: #ifdef INET int -in_pcbbind(struct inpcb *inp, struct sockaddr_in *sin, struct ucred *cred) +in_pcbbind(struct inpcb *inp, struct sockaddr_in *sin, int flags, + struct ucred *cred) { int anonport, error; @@ -690,12 +697,13 @@ in_pcbbind(struct inpcb *inp, struct sockaddr_in *sin, struct ucred *cred) return (EINVAL); anonport = sin == NULL || sin->sin_port == 0; error = in_pcbbind_setup(inp, sin, &inp->inp_laddr.s_addr, - &inp->inp_lport, cred); + &inp->inp_lport, flags, cred); if (error) return (error); if (in_pcbinshash(inp) != 0) { inp->inp_laddr.s_addr = INADDR_ANY; inp->inp_lport = 0; + inp->inp_flags &= ~INP_BOUNDFIB; return (EAGAIN); } if (anonport) @@ -869,7 +877,8 @@ in_pcb_lport(struct inpcb *inp, struct in_addr *laddrp, u_short *lportp, */ static int in_pcbbind_avail(struct inpcb *inp, const struct in_addr laddr, - const u_short lport, int sooptions, int lookupflags, struct ucred *cred) + const u_short lport, const int fib, int sooptions, int lookupflags, + struct ucred *cred) { int reuseport, reuseport_lb; @@ -940,8 +949,8 @@ in_pcbbind_avail(struct inpcb *inp, const struct in_addr laddr, (inp->inp_cred->cr_uid != t->inp_cred->cr_uid)) return (EADDRINUSE); } - t = in_pcblookup_local(inp->inp_pcbinfo, laddr, lport, - RT_ALL_FIBS, lookupflags, cred); + t = in_pcblookup_local(inp->inp_pcbinfo, laddr, lport, fib, + lookupflags, cred); if (t != NULL && ((reuseport | reuseport_lb) & t->inp_socket->so_options) == 0) { #ifdef INET6 @@ -967,13 +976,12 @@ in_pcbbind_avail(struct inpcb *inp, const struct in_addr laddr, */ int in_pcbbind_setup(struct inpcb *inp, struct sockaddr_in *sin, in_addr_t *laddrp, - u_short *lportp, struct ucred *cred) + u_short *lportp, int flags, struct ucred *cred) { struct socket *so = inp->inp_socket; struct in_addr laddr; u_short lport = 0; - int lookupflags, sooptions; - int error; + int error, fib, lookupflags, sooptions; /* * No state changes, so read locks are sufficient here. @@ -1009,8 +1017,11 @@ in_pcbbind_setup(struct inpcb *inp, struct sockaddr_in *sin, in_addr_t *laddrp, } laddr = sin->sin_addr; + fib = (flags & INPBIND_FIB) != 0 ? inp->inp_inc.inc_fibnum : + RT_ALL_FIBS; + /* See if this address/port combo is available. */ - error = in_pcbbind_avail(inp, laddr, lport, sooptions, + error = in_pcbbind_avail(inp, laddr, lport, fib, sooptions, lookupflags, cred); if (error != 0) return (error); @@ -1024,6 +1035,8 @@ in_pcbbind_setup(struct inpcb *inp, struct sockaddr_in *sin, in_addr_t *laddrp, } *laddrp = laddr.s_addr; *lportp = lport; + if ((flags & INPBIND_FIB) != 0) + inp->inp_flags |= INP_BOUNDFIB; return (0); } diff --git a/sys/netinet/in_pcb.h b/sys/netinet/in_pcb.h index 4844bbee3b54..edc05322d211 100644 --- a/sys/netinet/in_pcb.h +++ b/sys/netinet/in_pcb.h @@ -436,7 +436,7 @@ struct inpcblbgroup { uint16_t il_lport; /* (c) */ u_char il_vflag; /* (c) */ uint8_t il_numa_domain; - uint32_t il_pad2; + int il_fibnum; union in_dependaddr il_dependladdr; /* (c) */ #define il_laddr il_dependladdr.id46_addr.ia46_addr4 #define il6_laddr il_dependladdr.id6_addr @@ -578,7 +578,7 @@ void inp_4tuple_get(struct inpcb *inp, uint32_t *laddr, uint16_t *lp, #define INP_DROPPED 0x04000000 /* protocol drop flag */ #define INP_SOCKREF 0x08000000 /* strong socket reference */ #define INP_RESERVED_0 0x10000000 /* reserved field */ -#define INP_RESERVED_1 0x20000000 /* reserved field */ +#define INP_BOUNDFIB 0x20000000 /* Bound to a specific FIB. */ #define IN6P_RFC2292 0x40000000 /* used RFC2292 API on the socket */ #define IN6P_MTU 0x80000000 /* receive path MTU */ @@ -665,9 +665,10 @@ void in_pcbstorage_destroy(void *); void in_pcbpurgeif0(struct inpcbinfo *, struct ifnet *); int in_pcballoc(struct socket *, struct inpcbinfo *); -int in_pcbbind(struct inpcb *, struct sockaddr_in *, struct ucred *); +#define INPBIND_FIB 0x0001 /* bind to the PCB's FIB only */ +int in_pcbbind(struct inpcb *, struct sockaddr_in *, int, struct ucred *); int in_pcbbind_setup(struct inpcb *, struct sockaddr_in *, in_addr_t *, - u_short *, struct ucred *); + u_short *, int, struct ucred *); int in_pcbconnect(struct inpcb *, struct sockaddr_in *, struct ucred *, bool); int in_pcbconnect_setup(struct inpcb *, struct sockaddr_in *, in_addr_t *, diff --git a/sys/netinet/tcp_usrreq.c b/sys/netinet/tcp_usrreq.c index 6bc11c6bbd13..34a4bc15ff0d 100644 --- a/sys/netinet/tcp_usrreq.c +++ b/sys/netinet/tcp_usrreq.c @@ -264,7 +264,7 @@ tcp_usr_bind(struct socket *so, struct sockaddr *nam, struct thread *td) goto out; } INP_HASH_WLOCK(&V_tcbinfo); - error = in_pcbbind(inp, sinp, td->td_ucred); + error = in_pcbbind(inp, sinp, 0, td->td_ucred); INP_HASH_WUNLOCK(&V_tcbinfo); out: tcp_bblog_pru(tp, PRU_BIND, error); @@ -332,13 +332,13 @@ tcp6_usr_bind(struct socket *so, struct sockaddr *nam, struct thread *td) } inp->inp_vflag |= INP_IPV4; inp->inp_vflag &= ~INP_IPV6; - error = in_pcbbind(inp, &sin, td->td_ucred); + error = in_pcbbind(inp, &sin, 0, td->td_ucred); INP_HASH_WUNLOCK(&V_tcbinfo); goto out; } } #endif - error = in6_pcbbind(inp, sin6, td->td_ucred); + error = in6_pcbbind(inp, sin6, 0, td->td_ucred); INP_HASH_WUNLOCK(&V_tcbinfo); out: if (error != 0) @@ -378,7 +378,7 @@ tcp_usr_listen(struct socket *so, int backlog, struct thread *td) } if (inp->inp_lport == 0) { INP_HASH_WLOCK(&V_tcbinfo); - error = in_pcbbind(inp, NULL, td->td_ucred); + error = in_pcbbind(inp, NULL, 0, td->td_ucred); INP_HASH_WUNLOCK(&V_tcbinfo); } if (error == 0) { @@ -435,7 +435,7 @@ tcp6_usr_listen(struct socket *so, int backlog, struct thread *td) inp->inp_vflag &= ~INP_IPV4; if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0) inp->inp_vflag |= INP_IPV4; - error = in6_pcbbind(inp, NULL, td->td_ucred); + error = in6_pcbbind(inp, NULL, 0, td->td_ucred); } INP_HASH_WUNLOCK(&V_tcbinfo); if (error == 0) { diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index 47f7eb65f119..75af0055c680 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -1218,7 +1218,7 @@ udp_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *addr, inp->inp_vflag &= ~INP_IPV6; } INP_HASH_WLOCK(pcbinfo); - error = in_pcbbind_setup(inp, &src, &laddr.s_addr, &lport, + error = in_pcbbind_setup(inp, &src, &laddr.s_addr, &lport, 0, td->td_ucred); INP_HASH_WUNLOCK(pcbinfo); if ((flags & PRUS_IPV6) != 0) @@ -1568,7 +1568,7 @@ udp_bind(struct socket *so, struct sockaddr *nam, struct thread *td) INP_WLOCK(inp); INP_HASH_WLOCK(pcbinfo); - error = in_pcbbind(inp, sinp, td->td_ucred); + error = in_pcbbind(inp, sinp, 0, td->td_ucred); INP_HASH_WUNLOCK(pcbinfo); INP_WUNLOCK(inp); return (error); diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c index 9584dcf7474c..e692ab755c25 100644 --- a/sys/netinet6/in6_pcb.c +++ b/sys/netinet6/in6_pcb.c @@ -166,7 +166,7 @@ in6_pcbsetport(struct in6_addr *laddr, struct inpcb *inp, struct ucred *cred) * Determine whether the inpcb can be bound to the specified address/port tuple. */ static int -in6_pcbbind_avail(struct inpcb *inp, const struct sockaddr_in6 *sin6, +in6_pcbbind_avail(struct inpcb *inp, const struct sockaddr_in6 *sin6, int fib, int sooptions, int lookupflags, struct ucred *cred) { const struct in6_addr *laddr; @@ -277,7 +277,7 @@ in6_pcbbind_avail(struct inpcb *inp, const struct sockaddr_in6 *sin6, #endif } t = in6_pcblookup_local(inp->inp_pcbinfo, laddr, lport, - RT_ALL_FIBS, lookupflags, cred); + fib, lookupflags, cred); if (t != NULL && ((reuseport | reuseport_lb) & t->inp_socket->so_options) == 0) return (EADDRINUSE); @@ -302,11 +302,12 @@ in6_pcbbind_avail(struct inpcb *inp, const struct sockaddr_in6 *sin6, } int -in6_pcbbind(struct inpcb *inp, struct sockaddr_in6 *sin6, struct ucred *cred) +in6_pcbbind(struct inpcb *inp, struct sockaddr_in6 *sin6, int flags, + struct ucred *cred) { struct socket *so = inp->inp_socket; u_short lport = 0; - int error, lookupflags, sooptions; + int error, fib, lookupflags, sooptions; INP_WLOCK_ASSERT(inp); INP_HASH_WLOCK_ASSERT(inp->inp_pcbinfo); @@ -335,8 +336,11 @@ in6_pcbbind(struct inpcb *inp, struct sockaddr_in6 *sin6, struct ucred *cred) ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0) return (error); + fib = (flags & INPBIND_FIB) != 0 ? inp->inp_inc.inc_fibnum : + RT_ALL_FIBS; + /* See if this address/port combo is available. */ - error = in6_pcbbind_avail(inp, sin6, sooptions, lookupflags, + error = in6_pcbbind_avail(inp, sin6, fib, sooptions, lookupflags, cred); if (error != 0) return (error); @@ -344,15 +348,19 @@ in6_pcbbind(struct inpcb *inp, struct sockaddr_in6 *sin6, struct ucred *cred) lport = sin6->sin6_port; inp->in6p_laddr = sin6->sin6_addr; } + if ((flags & INPBIND_FIB) != 0) + inp->inp_flags |= INP_BOUNDFIB; if (lport == 0) { if ((error = in6_pcbsetport(&inp->in6p_laddr, inp, cred)) != 0) { /* Undo an address bind that may have occurred. */ + inp->inp_flags &= ~INP_BOUNDFIB; inp->in6p_laddr = in6addr_any; return (error); } } else { inp->inp_lport = lport; if (in_pcbinshash(inp) != 0) { + inp->inp_flags &= ~INP_BOUNDFIB; inp->in6p_laddr = in6addr_any; inp->inp_lport = 0; return (EAGAIN); diff --git a/sys/netinet6/in6_pcb.h b/sys/netinet6/in6_pcb.h index 5118b4b412a4..5a24d1398b47 100644 --- a/sys/netinet6/in6_pcb.h +++ b/sys/netinet6/in6_pcb.h @@ -72,7 +72,7 @@ void in6_pcbpurgeif0(struct inpcbinfo *, struct ifnet *); void in6_losing(struct inpcb *); -int in6_pcbbind(struct inpcb *, struct sockaddr_in6 *, struct ucred *); +int in6_pcbbind(struct inpcb *, struct sockaddr_in6 *, int, struct ucred *); int in6_pcbconnect(struct inpcb *, struct sockaddr_in6 *, struct ucred *, bool); void in6_pcbdisconnect(struct inpcb *); diff --git a/sys/netinet6/udp6_usrreq.c b/sys/netinet6/udp6_usrreq.c index c8b38c24d193..5b902129920b 100644 --- a/sys/netinet6/udp6_usrreq.c +++ b/sys/netinet6/udp6_usrreq.c @@ -1050,13 +1050,13 @@ udp6_bind(struct socket *so, struct sockaddr *nam, struct thread *td) in6_sin6_2_sin(&sin, sin6_p); inp->inp_vflag |= INP_IPV4; inp->inp_vflag &= ~INP_IPV6; - error = in_pcbbind(inp, &sin, td->td_ucred); + error = in_pcbbind(inp, &sin, 0, td->td_ucred); goto out; } #endif } - error = in6_pcbbind(inp, sin6_p, td->td_ucred); + error = in6_pcbbind(inp, sin6_p, 0, td->td_ucred); #ifdef INET out: #endif From nobody Fri Feb 21 01:57:16 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzYCx1syCz5nmSl; Fri, 21 Feb 2025 01:57:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzYCw67V7z3nVW; Fri, 21 Feb 2025 01:57:16 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740103036; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=AfXg9hddPBr5msKSi8PDseV9lxulwkvByKK0QdQbaFc=; b=BBWCsD5oztAMpQYaZrIOACc4bSPySN27ExhSNGfDkFlY452yE6PAcLNi5Ajd4F26Zpx93L ws+3PUehMN7i+i9lb/naefGDDfr+rlp7srw4WuZ7xfYMrdgfS7ECic/MfH3OhUADNtaQ8G +CW/zm/BbLX5gDqYIn5/ep6xm/JAGOReTjxDIJUif0UcxVHnbco/KSlcSYBUAcCRvYSg1v p7rJU1W4odweQKs13DXEH54hyiJbXbez4e5oxFHK+LLc2KbBsc/a5VHVsB8yUdbT/mxcm3 4RMGKwCAu+N8ywLFKSSX9PGpA0cbDpf/6pUnFkObSrGuVZE6CpZw2d/UGz2y8w== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740103036; a=rsa-sha256; cv=none; b=nvlMsI/0asU218Bq5+yoWTkMQNRoioTophxDbpfC8XcLsV/A1oeE405p3a+RgSlHYHGIMl rFHSKkJEOGyfBN6Z5aivjSxOPfvLQASInEHFsblDGpyPf2F1ZMrW2cK9E5m6t8dCc4P6L7 0Wj2BcSLw3WltDHrsRPS9Jb6FtNBA1VnK5CqnObmZ1HrTW2pNVmCjbHemk229HTpwXHCDI DDfyk38daoJ5lknOAZenQMYGC2ZcuU6XacPuy1z8kyPolMyeyvYCfRJGJ6Z6bNJbrC+AiZ 3QCZLK5YijVPA8LlRUGQiSZKOahrCaBaH1Ay5QZ8hg3Sxe1SyoZBrna6nAFJOQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740103036; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=AfXg9hddPBr5msKSi8PDseV9lxulwkvByKK0QdQbaFc=; b=ULIP1Z4MOlstqLPUr90N+w9eBMyKfWt2R448qyq8jS/qWgqSSL3p32zE9cwdU8SWian86U ZpD8h0IElprUXp888umfLekE/H2Y+KCxRDzSEBb/XsSdegUCRlbHQt8QM9BOuPpx9NHpjF Opv8rwIZXsEndy8141k7Q1mIIGGBFYu7HqjvmQnCeSOVLAoPyaAgCwfWrUCxfDwdrnUu4V hxk2FgdY4jlbCuOWCT2oAzXL+5+K+YXrDrWt0h+g7VdgXwGvJyooVR899z0iuGadmhVKWL 3ffdhEsQ4H/MgE3xYnS5s8dYa2WAH8nGfWvAIV9YBVyxN9IFdcdghu25Uspdwg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzYCw5fwrz1Gyf; Fri, 21 Feb 2025 01:57:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51L1vG36067425; Fri, 21 Feb 2025 01:57:16 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51L1vG6a067422; Fri, 21 Feb 2025 01:57:16 GMT (envelope-from git) Date: Fri, 21 Feb 2025 01:57:16 GMT Message-Id: <202502210157.51L1vG6a067422@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 685d1d78bf9c - stable/14 - inpcb: Add FIB-aware inpcb lookup List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 685d1d78bf9cd367d1a73a303c1559a3720733af Auto-Submitted: auto-generated The branch stable/14 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=685d1d78bf9cd367d1a73a303c1559a3720733af commit 685d1d78bf9cd367d1a73a303c1559a3720733af Author: Mark Johnston AuthorDate: 2025-02-06 14:14:39 +0000 Commit: Mark Johnston CommitDate: 2025-02-21 01:04:50 +0000 inpcb: Add FIB-aware inpcb lookup Allow protocol layers to look up an inpcb belonging to a particular FIB. This is indicated by setting INPLOOKUP_FIB; if it is set, the FIB to be used is obtained from the specificed mbuf or ifnet. No functional change intended. Reviewed by: glebius, melifaro MFC after: 2 weeks Sponsored by: Klara, Inc. Sponsored by: Stormshield Differential Revision: https://reviews.freebsd.org/D48662 (cherry picked from commit da806e8db685eead02bc67888b16ebac6badb6b6) --- sys/netinet/in_pcb.c | 74 ++++++++++++++++++++++++++++---------------------- sys/netinet/in_pcb.h | 3 +- sys/netinet6/in6_pcb.c | 71 ++++++++++++++++++++++++++++-------------------- sys/netinet6/in6_pcb.h | 2 +- 4 files changed, 87 insertions(+), 63 deletions(-) diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index 25b1d51e4a79..89000a521bff 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -141,7 +141,7 @@ VNET_DEFINE(int, ipport_randomized) = 1; static struct inpcb *in_pcblookup_hash_locked(struct inpcbinfo *pcbinfo, struct in_addr faddr, u_int fport_arg, struct in_addr laddr, u_int lport_arg, - int lookupflags, uint8_t numa_domain); + int lookupflags, uint8_t numa_domain, int fib); #define RANGECHK(var, min, max) \ if ((var) < (min)) { (var) = (min); } \ @@ -812,14 +812,14 @@ in_pcb_lport_dest(struct inpcb *inp, struct sockaddr *lsa, u_short *lportp, if (lsa->sa_family == AF_INET) { tmpinp = in_pcblookup_hash_locked(pcbinfo, faddr, fport, laddr, lport, lookupflags, - M_NODOM); + M_NODOM, RT_ALL_FIBS); } #endif #ifdef INET6 if (lsa->sa_family == AF_INET6) { tmpinp = in6_pcblookup_hash_locked(pcbinfo, faddr6, fport, laddr6, lport, lookupflags, - M_NODOM); + M_NODOM, RT_ALL_FIBS); } #endif } else { @@ -1412,7 +1412,7 @@ in_pcbconnect_setup(struct inpcb *inp, struct sockaddr_in *sin, if (lport != 0) { if (in_pcblookup_hash_locked(inp->inp_pcbinfo, faddr, - fport, laddr, lport, 0, M_NODOM) != NULL) + fport, laddr, lport, 0, M_NODOM, RT_ALL_FIBS) != NULL) return (EADDRINUSE); } else { struct sockaddr_in lsin, fsin; @@ -2127,15 +2127,16 @@ in_pcblookup_local(struct inpcbinfo *pcbinfo, struct in_addr laddr, #undef INP_LOOKUP_MAPPED_PCB_COST static bool -in_pcblookup_lb_numa_match(const struct inpcblbgroup *grp, int domain) +in_pcblookup_lb_match(const struct inpcblbgroup *grp, int domain, int fib) { - return (domain == M_NODOM || domain == grp->il_numa_domain); + return ((domain == M_NODOM || domain == grp->il_numa_domain) && + (fib == RT_ALL_FIBS || fib == grp->il_fibnum)); } static struct inpcb * in_pcblookup_lbgroup(const struct inpcbinfo *pcbinfo, const struct in_addr *faddr, uint16_t fport, const struct in_addr *laddr, - uint16_t lport, int domain) + uint16_t lport, int domain, int fib) { const struct inpcblbgrouphead *hdr; struct inpcblbgroup *grp; @@ -2174,20 +2175,20 @@ in_pcblookup_lbgroup(const struct inpcbinfo *pcbinfo, if (grp->il_laddr.s_addr == laddr->s_addr) { if (injail) { jail_exact = grp; - if (in_pcblookup_lb_numa_match(grp, domain)) + if (in_pcblookup_lb_match(grp, domain, fib)) /* This is a perfect match. */ goto out; } else if (local_exact == NULL || - in_pcblookup_lb_numa_match(grp, domain)) { + in_pcblookup_lb_match(grp, domain, fib)) { local_exact = grp; } } else if (grp->il_laddr.s_addr == INADDR_ANY) { if (injail) { if (jail_wild == NULL || - in_pcblookup_lb_numa_match(grp, domain)) + in_pcblookup_lb_match(grp, domain, fib)) jail_wild = grp; } else if (local_wild == NULL || - in_pcblookup_lb_numa_match(grp, domain)) { + in_pcblookup_lb_match(grp, domain, fib)) { local_wild = grp; } } @@ -2259,7 +2260,7 @@ typedef enum { static inp_lookup_match_t in_pcblookup_wild_match(const struct inpcb *inp, struct in_addr laddr, - u_short lport) + u_short lport, int fib) { #ifdef INET6 /* XXX inp locking */ @@ -2268,6 +2269,8 @@ in_pcblookup_wild_match(const struct inpcb *inp, struct in_addr laddr, #endif if (inp->inp_faddr.s_addr != INADDR_ANY || inp->inp_lport != lport) return (INPLOOKUP_MATCH_NONE); + if (fib != RT_ALL_FIBS && inp->inp_inc.inc_fibnum != fib) + return (INPLOOKUP_MATCH_NONE); if (inp->inp_laddr.s_addr == INADDR_ANY) return (INPLOOKUP_MATCH_WILD); if (inp->inp_laddr.s_addr == laddr.s_addr) @@ -2279,7 +2282,7 @@ in_pcblookup_wild_match(const struct inpcb *inp, struct in_addr laddr, static struct inpcb * in_pcblookup_hash_wild_smr(struct inpcbinfo *pcbinfo, struct in_addr laddr, - u_short lport, const inp_lookup_t lockflags) + u_short lport, int fib, const inp_lookup_t lockflags) { struct inpcbhead *head; struct inpcb *inp; @@ -2292,12 +2295,12 @@ in_pcblookup_hash_wild_smr(struct inpcbinfo *pcbinfo, struct in_addr laddr, CK_LIST_FOREACH(inp, head, inp_hash_wild) { inp_lookup_match_t match; - match = in_pcblookup_wild_match(inp, laddr, lport); + match = in_pcblookup_wild_match(inp, laddr, lport, fib); if (match == INPLOOKUP_MATCH_NONE) continue; if (__predict_true(inp_smr_lock(inp, lockflags))) { - match = in_pcblookup_wild_match(inp, laddr, lport); + match = in_pcblookup_wild_match(inp, laddr, lport, fib); if (match != INPLOOKUP_MATCH_NONE && prison_check_ip4_locked(inp->inp_cred->cr_prison, &laddr) == 0) @@ -2316,7 +2319,7 @@ in_pcblookup_hash_wild_smr(struct inpcbinfo *pcbinfo, struct in_addr laddr, static struct inpcb * in_pcblookup_hash_wild_locked(struct inpcbinfo *pcbinfo, struct in_addr laddr, - u_short lport) + u_short lport, int fib) { struct inpcbhead *head; struct inpcb *inp, *local_wild, *local_exact, *jail_wild; @@ -2343,7 +2346,7 @@ in_pcblookup_hash_wild_locked(struct inpcbinfo *pcbinfo, struct in_addr laddr, inp_lookup_match_t match; bool injail; - match = in_pcblookup_wild_match(inp, laddr, lport); + match = in_pcblookup_wild_match(inp, laddr, lport, fib); if (match == INPLOOKUP_MATCH_NONE) continue; @@ -2396,12 +2399,12 @@ in_pcblookup_hash_wild_locked(struct inpcbinfo *pcbinfo, struct in_addr laddr, static struct inpcb * in_pcblookup_hash_locked(struct inpcbinfo *pcbinfo, struct in_addr faddr, u_int fport_arg, struct in_addr laddr, u_int lport_arg, int lookupflags, - uint8_t numa_domain) + uint8_t numa_domain, int fib) { struct inpcb *inp; const u_short fport = fport_arg, lport = lport_arg; - KASSERT((lookupflags & ~INPLOOKUP_WILDCARD) == 0, + KASSERT((lookupflags & ~(INPLOOKUP_WILDCARD | INPLOOKUP_FIB)) == 0, ("%s: invalid lookup flags %d", __func__, lookupflags)); KASSERT(faddr.s_addr != INADDR_ANY, ("%s: invalid foreign address", __func__)); @@ -2415,10 +2418,10 @@ in_pcblookup_hash_locked(struct inpcbinfo *pcbinfo, struct in_addr faddr, if ((lookupflags & INPLOOKUP_WILDCARD) != 0) { inp = in_pcblookup_lbgroup(pcbinfo, &faddr, fport, - &laddr, lport, numa_domain); + &laddr, lport, numa_domain, fib); if (inp == NULL) { inp = in_pcblookup_hash_wild_locked(pcbinfo, laddr, - lport); + lport, fib); } } @@ -2428,7 +2431,7 @@ in_pcblookup_hash_locked(struct inpcbinfo *pcbinfo, struct in_addr faddr, static struct inpcb * in_pcblookup_hash(struct inpcbinfo *pcbinfo, struct in_addr faddr, u_int fport, struct in_addr laddr, u_int lport, int lookupflags, - uint8_t numa_domain) + uint8_t numa_domain, int fib) { struct inpcb *inp; const inp_lookup_t lockflags = lookupflags & INPLOOKUP_LOCKMASK; @@ -2438,7 +2441,7 @@ in_pcblookup_hash(struct inpcbinfo *pcbinfo, struct in_addr faddr, INP_HASH_WLOCK(pcbinfo); inp = in_pcblookup_hash_locked(pcbinfo, faddr, fport, laddr, lport, - lookupflags & ~INPLOOKUP_LOCKMASK, numa_domain); + lookupflags & ~INPLOOKUP_LOCKMASK, numa_domain, fib); if (inp != NULL && !inp_trylock(inp, lockflags)) { in_pcbref(inp); INP_HASH_WUNLOCK(pcbinfo); @@ -2455,7 +2458,7 @@ in_pcblookup_hash(struct inpcbinfo *pcbinfo, struct in_addr faddr, static struct inpcb * in_pcblookup_hash_smr(struct inpcbinfo *pcbinfo, struct in_addr faddr, u_int fport_arg, struct in_addr laddr, u_int lport_arg, int lookupflags, - uint8_t numa_domain) + uint8_t numa_domain, int fib) { struct inpcb *inp; const inp_lookup_t lockflags = lookupflags & INPLOOKUP_LOCKMASK; @@ -2485,27 +2488,27 @@ in_pcblookup_hash_smr(struct inpcbinfo *pcbinfo, struct in_addr faddr, * out from under us. Fall back to a precise search. */ return (in_pcblookup_hash(pcbinfo, faddr, fport, laddr, lport, - lookupflags, numa_domain)); + lookupflags, numa_domain, fib)); } if ((lookupflags & INPLOOKUP_WILDCARD) != 0) { inp = in_pcblookup_lbgroup(pcbinfo, &faddr, fport, - &laddr, lport, numa_domain); + &laddr, lport, numa_domain, fib); if (inp != NULL) { if (__predict_true(inp_smr_lock(inp, lockflags))) { if (__predict_true(in_pcblookup_wild_match(inp, - laddr, lport) != INPLOOKUP_MATCH_NONE)) + laddr, lport, fib) != INPLOOKUP_MATCH_NONE)) return (inp); inp_unlock(inp, lockflags); } inp = INP_LOOKUP_AGAIN; } else { inp = in_pcblookup_hash_wild_smr(pcbinfo, laddr, lport, - lockflags); + fib, lockflags); } if (inp == INP_LOOKUP_AGAIN) { return (in_pcblookup_hash(pcbinfo, faddr, fport, laddr, - lport, lookupflags, numa_domain)); + lport, lookupflags, numa_domain, fib)); } } @@ -2522,10 +2525,13 @@ in_pcblookup_hash_smr(struct inpcbinfo *pcbinfo, struct in_addr faddr, struct inpcb * in_pcblookup(struct inpcbinfo *pcbinfo, struct in_addr faddr, u_int fport, struct in_addr laddr, u_int lport, int lookupflags, - struct ifnet *ifp __unused) + struct ifnet *ifp) { + int fib; + + fib = (lookupflags & INPLOOKUP_FIB) ? if_getfib(ifp) : RT_ALL_FIBS; return (in_pcblookup_hash_smr(pcbinfo, faddr, fport, laddr, lport, - lookupflags, M_NODOM)); + lookupflags, M_NODOM, fib)); } struct inpcb * @@ -2533,8 +2539,12 @@ in_pcblookup_mbuf(struct inpcbinfo *pcbinfo, struct in_addr faddr, u_int fport, struct in_addr laddr, u_int lport, int lookupflags, struct ifnet *ifp __unused, struct mbuf *m) { + int fib; + + M_ASSERTPKTHDR(m); + fib = (lookupflags & INPLOOKUP_FIB) ? M_GETFIB(m) : RT_ALL_FIBS; return (in_pcblookup_hash_smr(pcbinfo, faddr, fport, laddr, lport, - lookupflags, m->m_pkthdr.numa_domain)); + lookupflags, m->m_pkthdr.numa_domain, fib)); } #endif /* INET */ diff --git a/sys/netinet/in_pcb.h b/sys/netinet/in_pcb.h index edc05322d211..6ea99b58f246 100644 --- a/sys/netinet/in_pcb.h +++ b/sys/netinet/in_pcb.h @@ -624,10 +624,11 @@ typedef enum { INPLOOKUP_WILDCARD = 0x00000001, /* Allow wildcard sockets. */ INPLOOKUP_RLOCKPCB = 0x00000002, /* Return inpcb read-locked. */ INPLOOKUP_WLOCKPCB = 0x00000004, /* Return inpcb write-locked. */ + INPLOOKUP_FIB = 0x00000008, /* inp must be from same FIB. */ } inp_lookup_t; #define INPLOOKUP_MASK (INPLOOKUP_WILDCARD | INPLOOKUP_RLOCKPCB | \ - INPLOOKUP_WLOCKPCB) + INPLOOKUP_WLOCKPCB | INPLOOKUP_FIB) #define INPLOOKUP_LOCKMASK (INPLOOKUP_RLOCKPCB | INPLOOKUP_WLOCKPCB) #define sotoinpcb(so) ((struct inpcb *)(so)->so_pcb) diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c index e692ab755c25..fc7504a5bc34 100644 --- a/sys/netinet6/in6_pcb.c +++ b/sys/netinet6/in6_pcb.c @@ -501,7 +501,7 @@ in6_pcbconnect(struct inpcb *inp, struct sockaddr_in6 *sin6, struct ucred *cred, if (in6_pcblookup_hash_locked(pcbinfo, &sin6->sin6_addr, sin6->sin6_port, IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr) ? &laddr6.sin6_addr : &inp->in6p_laddr, inp->inp_lport, 0, - M_NODOM) != NULL) + M_NODOM, RT_ALL_FIBS) != NULL) return (EADDRINUSE); if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) { if (inp->inp_lport == 0) { @@ -930,15 +930,16 @@ in6_rtchange(struct inpcb *inp, int errno __unused) } static bool -in6_pcblookup_lb_numa_match(const struct inpcblbgroup *grp, int domain) +in6_pcblookup_lb_match(const struct inpcblbgroup *grp, int domain, int fib) { - return (domain == M_NODOM || domain == grp->il_numa_domain); + return ((domain == M_NODOM || domain == grp->il_numa_domain) && + (fib == RT_ALL_FIBS || fib == grp->il_fibnum)); } static struct inpcb * in6_pcblookup_lbgroup(const struct inpcbinfo *pcbinfo, const struct in6_addr *faddr, uint16_t fport, const struct in6_addr *laddr, - uint16_t lport, uint8_t domain) + uint16_t lport, uint8_t domain, int fib) { const struct inpcblbgrouphead *hdr; struct inpcblbgroup *grp; @@ -947,6 +948,7 @@ in6_pcblookup_lbgroup(const struct inpcbinfo *pcbinfo, u_int count; INP_HASH_LOCK_ASSERT(pcbinfo); + NET_EPOCH_ASSERT(); hdr = &pcbinfo->ipi_lbgrouphashbase[ INP_PCBPORTHASH(lport, pcbinfo->ipi_lbgrouphashmask)]; @@ -976,20 +978,20 @@ in6_pcblookup_lbgroup(const struct inpcbinfo *pcbinfo, if (IN6_ARE_ADDR_EQUAL(&grp->il6_laddr, laddr)) { if (injail) { jail_exact = grp; - if (in6_pcblookup_lb_numa_match(grp, domain)) + if (in6_pcblookup_lb_match(grp, domain, fib)) /* This is a perfect match. */ goto out; } else if (local_exact == NULL || - in6_pcblookup_lb_numa_match(grp, domain)) { + in6_pcblookup_lb_match(grp, domain, fib)) { local_exact = grp; } } else if (IN6_IS_ADDR_UNSPECIFIED(&grp->il6_laddr)) { if (injail) { if (jail_wild == NULL || - in6_pcblookup_lb_numa_match(grp, domain)) + in6_pcblookup_lb_match(grp, domain, fib)) jail_wild = grp; } else if (local_wild == NULL || - in6_pcblookup_lb_numa_match(grp, domain)) { + in6_pcblookup_lb_match(grp, domain, fib)) { local_wild = grp; } } @@ -1061,7 +1063,7 @@ typedef enum { static inp_lookup_match_t in6_pcblookup_wild_match(const struct inpcb *inp, const struct in6_addr *laddr, - u_short lport) + u_short lport, int fib) { /* XXX inp locking */ if ((inp->inp_vflag & INP_IPV6) == 0) @@ -1069,6 +1071,8 @@ in6_pcblookup_wild_match(const struct inpcb *inp, const struct in6_addr *laddr, if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr) || inp->inp_lport != lport) return (INPLOOKUP_MATCH_NONE); + if (fib != RT_ALL_FIBS && inp->inp_inc.inc_fibnum != fib) + return (INPLOOKUP_MATCH_NONE); if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) return (INPLOOKUP_MATCH_WILD); if (IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, laddr)) @@ -1080,7 +1084,8 @@ in6_pcblookup_wild_match(const struct inpcb *inp, const struct in6_addr *laddr, static struct inpcb * in6_pcblookup_hash_wild_smr(struct inpcbinfo *pcbinfo, - const struct in6_addr *laddr, u_short lport, const inp_lookup_t lockflags) + const struct in6_addr *laddr, u_short lport, int fib, + const inp_lookup_t lockflags) { struct inpcbhead *head; struct inpcb *inp; @@ -1093,12 +1098,13 @@ in6_pcblookup_hash_wild_smr(struct inpcbinfo *pcbinfo, CK_LIST_FOREACH(inp, head, inp_hash_wild) { inp_lookup_match_t match; - match = in6_pcblookup_wild_match(inp, laddr, lport); + match = in6_pcblookup_wild_match(inp, laddr, lport, fib); if (match == INPLOOKUP_MATCH_NONE) continue; if (__predict_true(inp_smr_lock(inp, lockflags))) { - match = in6_pcblookup_wild_match(inp, laddr, lport); + match = in6_pcblookup_wild_match(inp, laddr, lport, + fib); if (match != INPLOOKUP_MATCH_NONE && prison_check_ip6_locked(inp->inp_cred->cr_prison, laddr) == 0) @@ -1117,7 +1123,7 @@ in6_pcblookup_hash_wild_smr(struct inpcbinfo *pcbinfo, static struct inpcb * in6_pcblookup_hash_wild_locked(struct inpcbinfo *pcbinfo, - const struct in6_addr *laddr, u_short lport) + const struct in6_addr *laddr, u_short lport, int fib) { struct inpcbhead *head; struct inpcb *inp, *jail_wild, *local_exact, *local_wild; @@ -1138,7 +1144,7 @@ in6_pcblookup_hash_wild_locked(struct inpcbinfo *pcbinfo, inp_lookup_match_t match; bool injail; - match = in6_pcblookup_wild_match(inp, laddr, lport); + match = in6_pcblookup_wild_match(inp, laddr, lport, fib); if (match == INPLOOKUP_MATCH_NONE) continue; @@ -1178,12 +1184,12 @@ struct inpcb * in6_pcblookup_hash_locked(struct inpcbinfo *pcbinfo, const struct in6_addr *faddr, u_int fport_arg, const struct in6_addr *laddr, u_int lport_arg, - int lookupflags, uint8_t numa_domain) + int lookupflags, uint8_t numa_domain, int fib) { struct inpcb *inp; u_short fport = fport_arg, lport = lport_arg; - KASSERT((lookupflags & ~INPLOOKUP_WILDCARD) == 0, + KASSERT((lookupflags & ~(INPLOOKUP_WILDCARD | INPLOOKUP_FIB)) == 0, ("%s: invalid lookup flags %d", __func__, lookupflags)); KASSERT(!IN6_IS_ADDR_UNSPECIFIED(faddr), ("%s: invalid foreign address", __func__)); @@ -1197,10 +1203,10 @@ in6_pcblookup_hash_locked(struct inpcbinfo *pcbinfo, if ((lookupflags & INPLOOKUP_WILDCARD) != 0) { inp = in6_pcblookup_lbgroup(pcbinfo, faddr, fport, laddr, - lport, numa_domain); + lport, numa_domain, fib); if (inp == NULL) { inp = in6_pcblookup_hash_wild_locked(pcbinfo, - laddr, lport); + laddr, lport, fib); } } return (inp); @@ -1209,7 +1215,7 @@ in6_pcblookup_hash_locked(struct inpcbinfo *pcbinfo, static struct inpcb * in6_pcblookup_hash(struct inpcbinfo *pcbinfo, const struct in6_addr *faddr, u_int fport, const struct in6_addr *laddr, u_int lport, int lookupflags, - uint8_t numa_domain) + uint8_t numa_domain, int fib) { struct inpcb *inp; const inp_lookup_t lockflags = lookupflags & INPLOOKUP_LOCKMASK; @@ -1219,7 +1225,7 @@ in6_pcblookup_hash(struct inpcbinfo *pcbinfo, const struct in6_addr *faddr, INP_HASH_WLOCK(pcbinfo); inp = in6_pcblookup_hash_locked(pcbinfo, faddr, fport, laddr, lport, - lookupflags & ~INPLOOKUP_LOCKMASK, numa_domain); + lookupflags & ~INPLOOKUP_LOCKMASK, numa_domain, fib); if (inp != NULL && !inp_trylock(inp, lockflags)) { in_pcbref(inp); INP_HASH_WUNLOCK(pcbinfo); @@ -1236,7 +1242,7 @@ in6_pcblookup_hash(struct inpcbinfo *pcbinfo, const struct in6_addr *faddr, static struct inpcb * in6_pcblookup_hash_smr(struct inpcbinfo *pcbinfo, const struct in6_addr *faddr, u_int fport_arg, const struct in6_addr *laddr, u_int lport_arg, - int lookupflags, uint8_t numa_domain) + int lookupflags, uint8_t numa_domain, int fib) { struct inpcb *inp; const inp_lookup_t lockflags = lookupflags & INPLOOKUP_LOCKMASK; @@ -1261,27 +1267,27 @@ in6_pcblookup_hash_smr(struct inpcbinfo *pcbinfo, const struct in6_addr *faddr, * out from under us. Fall back to a precise search. */ return (in6_pcblookup_hash(pcbinfo, faddr, fport, laddr, lport, - lookupflags, numa_domain)); + lookupflags, numa_domain, fib)); } if ((lookupflags & INPLOOKUP_WILDCARD) != 0) { inp = in6_pcblookup_lbgroup(pcbinfo, faddr, fport, - laddr, lport, numa_domain); + laddr, lport, numa_domain, fib); if (inp != NULL) { if (__predict_true(inp_smr_lock(inp, lockflags))) { if (__predict_true(in6_pcblookup_wild_match(inp, - laddr, lport) != INPLOOKUP_MATCH_NONE)) + laddr, lport, fib) != INPLOOKUP_MATCH_NONE)) return (inp); inp_unlock(inp, lockflags); } inp = INP_LOOKUP_AGAIN; } else { inp = in6_pcblookup_hash_wild_smr(pcbinfo, laddr, lport, - lockflags); + fib, lockflags); } if (inp == INP_LOOKUP_AGAIN) { return (in6_pcblookup_hash(pcbinfo, faddr, fport, laddr, - lport, lookupflags, numa_domain)); + lport, lookupflags, numa_domain, fib)); } } @@ -1298,10 +1304,13 @@ in6_pcblookup_hash_smr(struct inpcbinfo *pcbinfo, const struct in6_addr *faddr, struct inpcb * in6_pcblookup(struct inpcbinfo *pcbinfo, const struct in6_addr *faddr, u_int fport, const struct in6_addr *laddr, u_int lport, int lookupflags, - struct ifnet *ifp __unused) + struct ifnet *ifp) { + int fib; + + fib = (lookupflags & INPLOOKUP_FIB) ? if_getfib(ifp) : RT_ALL_FIBS; return (in6_pcblookup_hash_smr(pcbinfo, faddr, fport, laddr, lport, - lookupflags, M_NODOM)); + lookupflags, M_NODOM, fib)); } struct inpcb * @@ -1309,8 +1318,12 @@ in6_pcblookup_mbuf(struct inpcbinfo *pcbinfo, const struct in6_addr *faddr, u_int fport, const struct in6_addr *laddr, u_int lport, int lookupflags, struct ifnet *ifp __unused, struct mbuf *m) { + int fib; + + M_ASSERTPKTHDR(m); + fib = (lookupflags & INPLOOKUP_FIB) ? M_GETFIB(m) : RT_ALL_FIBS; return (in6_pcblookup_hash_smr(pcbinfo, faddr, fport, laddr, lport, - lookupflags, m->m_pkthdr.numa_domain)); + lookupflags, m->m_pkthdr.numa_domain, fib)); } void diff --git a/sys/netinet6/in6_pcb.h b/sys/netinet6/in6_pcb.h index 5a24d1398b47..d578c6a66241 100644 --- a/sys/netinet6/in6_pcb.h +++ b/sys/netinet6/in6_pcb.h @@ -81,7 +81,7 @@ struct inpcb *in6_pcblookup_local(struct inpcbinfo *, const struct in6_addr *, struct inpcb *in6_pcblookup_hash_locked(struct inpcbinfo *pcbinfo, const struct in6_addr *faddr, u_int fport_arg, const struct in6_addr *laddr, u_int lport_arg, - int lookupflags, uint8_t); + int lookupflags, uint8_t numa_domain, int fib); struct inpcb *in6_pcblookup(struct inpcbinfo *, const struct in6_addr *, u_int, const struct in6_addr *, u_int, int, struct ifnet *); struct inpcb *in6_pcblookup_mbuf(struct inpcbinfo *, const struct in6_addr *, From nobody Fri Feb 21 01:57:17 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzYCy3GD2z5nmc1; Fri, 21 Feb 2025 01:57:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzYCy0gHsz3nVm; Fri, 21 Feb 2025 01:57:18 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740103038; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=01U58VBQcMJoaUTZ9JWvFiGGgeFWJVYhH8K7eDJsvDU=; b=X/dkbeRHHAu0rMq9PpqaJ/9eUYHHiywc/i7X/C2bNFMdXFMb9rLX2f/9jXBACF0jXwApZx mgt2XZVqEarKm1J8BvdZivPIqIMOFmrSAGbE9kmW0gggXON/9mGCvJQDB2n7NXWk9ZaOnq Rx26vS/p/hVNILZlJHmbDIPbd8eDqx6UsLYJ4sue3F6QxRHsZmFwh/xCir5jly9uGTaGJa h9R6hCZVcUMXL9/ip6jzC+/au2/G/mWOhlDmQeoDQywFlhIvaibKhNdYVOTk27I8tC9z9r 3tJeIsncGF0uzgqUJwgLwmhGjrdbv2BuGycGGT2eIXsHiAajZBtE1gVAcNE40g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740103038; a=rsa-sha256; cv=none; b=cCXMhnXE9rAGTBheFuKziiZPLMOkhYGhFNQfgxza5LgYsZvm/KcAQdIvUKBJ1roPvZrBUI hUmsKSXusYLUSgdg8Qx0Bes5MtMsasA4U/hejWV29BNhBbABxG1BFKlTF9BNmn0v20Dk5F FZnkKlDLAHL0n1KNJMD/LizXe4DMtKp6Xn72kE2GWM/5+MRaoWy6b9Wamb/fgGcwdJ85EL aYBlasppA+z7I6PHEVFmd4/Hlcew6HieLwPKu8STIsnKnV/gaEtw7xs4k/WqTigweNhTQf q3OAz0UwsAHaeKikgfqey3XVZyps13kZiTkNf48UXYgK9c/WBwPbXbDaSsGyYg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740103038; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=01U58VBQcMJoaUTZ9JWvFiGGgeFWJVYhH8K7eDJsvDU=; b=uab+/Ew9+NHADBLY0FRzf79gbYy3uyghrFd3GoZ7EnPgiV1jE/k5TUzQr+lSyGttFay8C2 5bR0eKMhyMJUoDQrRjQFJ1Mwgpvcq83i+uNICDyESW0l4FLvzsfaPPY34+8tUzB7Yqy1jc 2LYbXNSCGYuIFOnwWBbWQ5/pB+znsjfTZSftT+ucP1E1MPS1euGl7w3pYF06327qvEf7n6 RlpjGAwdT9cYPJ+FHKDVgPiYRVnSU2/LSsr7RkfDk1MMiZgb3B0EDky+WnTlxreSKCx4Ut XDbpxuKY0HlJIoQ5fzQiu/IZsFtX8GqbRrRQLNu97Z4lssx9d2VAwNB4HVzZoQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzYCx6z8fz1GwR; Fri, 21 Feb 2025 01:57:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51L1vHLT067457; Fri, 21 Feb 2025 01:57:17 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51L1vHrA067454; Fri, 21 Feb 2025 01:57:17 GMT (envelope-from git) Date: Fri, 21 Feb 2025 01:57:17 GMT Message-Id: <202502210157.51L1vHrA067454@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: aa6163ff658b - stable/14 - tcp: Add a sysctl to modify listening socket FIB inheritance List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: aa6163ff658b65f4a58d7603a7f7cfd1c39ee086 Auto-Submitted: auto-generated The branch stable/14 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=aa6163ff658b65f4a58d7603a7f7cfd1c39ee086 commit aa6163ff658b65f4a58d7603a7f7cfd1c39ee086 Author: Mark Johnston AuthorDate: 2025-02-06 14:14:49 +0000 Commit: Mark Johnston CommitDate: 2025-02-21 01:04:50 +0000 tcp: Add a sysctl to modify listening socket FIB inheritance Introduce the net.inet.tcp.bind_all_fibs tunable, set to 1 by default for compatibility with current behaviour. When set to 0, all TCP listening sockets are private to their FIB. Inbound connection requests will only succeed if a matching inpcb is bound to the same FIB as the request. No functional change intended, as the new behaviour is not enabled by default. Reviewed by: glebius MFC after: 2 weeks Sponsored by: Klara, Inc. Sponsored by: Stormshield Differential Revision: https://reviews.freebsd.org/D48663 (cherry picked from commit 5dc99e9bb985dce58e8fc85c09ef4e49bf051971) --- share/man/man4/tcp.4 | 32 +++++++++++++++++++++++++++++++- sys/netinet/tcp_input.c | 8 +++++++- sys/netinet/tcp_usrreq.c | 12 ++++++++---- sys/netinet/tcp_var.h | 2 ++ 4 files changed, 48 insertions(+), 6 deletions(-) diff --git a/share/man/man4/tcp.4 b/share/man/man4/tcp.4 index da88a30bf86a..bf86a8d35feb 100644 --- a/share/man/man4/tcp.4 +++ b/share/man/man4/tcp.4 @@ -33,7 +33,7 @@ .\" .\" From: @(#)tcp.4 8.1 (Berkeley) 6/5/93 .\" -.Dd July 28, 2024 +.Dd January 10, 2025 .Dt TCP 4 .Os .Sh NAME @@ -202,6 +202,35 @@ The alternate TCP stack must already be loaded in the kernel. To list the available TCP stacks, see .Va functions_available in the +.Sx FIB support +TCP sockets are FIB-aware. +They inherit the FIB of the process which created the socket, or that of the +listening socket for sockets created by +.Xr accept 2 . +In particular, the FIB is not inherited from that of the interface where the +initiating SYN packet was received. +When an incoming connection request arrives to a listening socket, the initial +handshake also occurs in the FIB of the listening socket, not that of the +received packet. +.Pp +By default, a TCP listening socket can accept connections originating from any +FIB. +If the +.Va net.inet.tcp.bind_all_fibs +tunable is set to 0, a listening socket will only accept connections +originating +from the FIB's listening socket. +Connection requests from other FIBs will be treated as though there is no +listening socket for the destination address and port. +In this mode, multiple listening sockets owned by the same user can listen on +the same address and port so long as they belong to different FIBs, similar to +the behavior of the +.Dv SO_REUSEPORT +socket option. +If the tunable is set to 0, all sockets added to a load-balancing group created +with the +.Dv SO_REUSEPORT_LB +socket option must belong to the same FIB. .Sx MIB (sysctl) Variables section further down. To list the default TCP stack, see @@ -1048,6 +1077,7 @@ when trying to use a TCP function block that is not available; .El .Sh SEE ALSO .Xr getsockopt 2 , +.Xr setfib 2 , .Xr socket 2 , .Xr stats 3 , .Xr sysctl 3 , diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 83f85a50ed40..fe67710fadd6 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -137,6 +137,11 @@ SYSCTL_INT(_net_inet_tcp, OID_AUTO, log_in_vain, CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(tcp_log_in_vain), 0, "Log all incoming TCP segments to closed ports"); +VNET_DEFINE(int, tcp_bind_all_fibs) = 1; +SYSCTL_INT(_net_inet_tcp, OID_AUTO, bind_all_fibs, CTLFLAG_VNET | CTLFLAG_RDTUN, + &VNET_NAME(tcp_bind_all_fibs), 0, + "Bound sockets receive traffic from all FIBs"); + VNET_DEFINE(int, blackhole) = 0; #define V_blackhole VNET(blackhole) SYSCTL_INT(_net_inet_tcp, OID_AUTO, blackhole, CTLFLAG_VNET | CTLFLAG_RW, @@ -832,7 +837,8 @@ tcp_input_with_port(struct mbuf **mp, int *offp, int proto, uint16_t port) */ lookupflag = INPLOOKUP_WILDCARD | ((thflags & (TH_ACK|TH_SYN)) == TH_SYN ? - INPLOOKUP_RLOCKPCB : INPLOOKUP_WLOCKPCB); + INPLOOKUP_RLOCKPCB : INPLOOKUP_WLOCKPCB) | + (V_tcp_bind_all_fibs ? 0 : INPLOOKUP_FIB); findpcb: tp = NULL; #ifdef INET6 diff --git a/sys/netinet/tcp_usrreq.c b/sys/netinet/tcp_usrreq.c index 34a4bc15ff0d..67645827cb58 100644 --- a/sys/netinet/tcp_usrreq.c +++ b/sys/netinet/tcp_usrreq.c @@ -264,7 +264,8 @@ tcp_usr_bind(struct socket *so, struct sockaddr *nam, struct thread *td) goto out; } INP_HASH_WLOCK(&V_tcbinfo); - error = in_pcbbind(inp, sinp, 0, td->td_ucred); + error = in_pcbbind(inp, sinp, V_tcp_bind_all_fibs ? 0 : INPBIND_FIB, + td->td_ucred); INP_HASH_WUNLOCK(&V_tcbinfo); out: tcp_bblog_pru(tp, PRU_BIND, error); @@ -338,7 +339,8 @@ tcp6_usr_bind(struct socket *so, struct sockaddr *nam, struct thread *td) } } #endif - error = in6_pcbbind(inp, sin6, 0, td->td_ucred); + error = in6_pcbbind(inp, sin6, V_tcp_bind_all_fibs ? 0 : INPBIND_FIB, + td->td_ucred); INP_HASH_WUNLOCK(&V_tcbinfo); out: if (error != 0) @@ -378,7 +380,8 @@ tcp_usr_listen(struct socket *so, int backlog, struct thread *td) } if (inp->inp_lport == 0) { INP_HASH_WLOCK(&V_tcbinfo); - error = in_pcbbind(inp, NULL, 0, td->td_ucred); + error = in_pcbbind(inp, NULL, + V_tcp_bind_all_fibs ? 0 : INPBIND_FIB, td->td_ucred); INP_HASH_WUNLOCK(&V_tcbinfo); } if (error == 0) { @@ -435,7 +438,8 @@ tcp6_usr_listen(struct socket *so, int backlog, struct thread *td) inp->inp_vflag &= ~INP_IPV4; if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0) inp->inp_vflag |= INP_IPV4; - error = in6_pcbbind(inp, NULL, 0, td->td_ucred); + error = in6_pcbbind(inp, NULL, + V_tcp_bind_all_fibs ? 0 : INPBIND_FIB, td->td_ucred); } INP_HASH_WUNLOCK(&V_tcbinfo); if (error == 0) { diff --git a/sys/netinet/tcp_var.h b/sys/netinet/tcp_var.h index b75210acad33..d5f7f0d4dc19 100644 --- a/sys/netinet/tcp_var.h +++ b/sys/netinet/tcp_var.h @@ -1283,6 +1283,7 @@ VNET_DECLARE(uint32_t, tcp_ack_war_time_window); VNET_DECLARE(int, tcp_autorcvbuf_max); VNET_DECLARE(int, tcp_autosndbuf_inc); VNET_DECLARE(int, tcp_autosndbuf_max); +VNET_DECLARE(int, tcp_bind_all_fibs); VNET_DECLARE(int, tcp_delack_enabled); VNET_DECLARE(int, tcp_do_autorcvbuf); VNET_DECLARE(int, tcp_do_autosndbuf); @@ -1335,6 +1336,7 @@ VNET_DECLARE(struct inpcbinfo, tcbinfo); #define V_tcp_autorcvbuf_max VNET(tcp_autorcvbuf_max) #define V_tcp_autosndbuf_inc VNET(tcp_autosndbuf_inc) #define V_tcp_autosndbuf_max VNET(tcp_autosndbuf_max) +#define V_tcp_bind_all_fibs VNET(tcp_bind_all_fibs) #define V_tcp_delack_enabled VNET(tcp_delack_enabled) #define V_tcp_do_autorcvbuf VNET(tcp_do_autorcvbuf) #define V_tcp_do_autosndbuf VNET(tcp_do_autosndbuf) From nobody Fri Feb 21 01:57:18 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzYD000P0z5nmW2; Fri, 21 Feb 2025 01:57:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzYCz15G5z3ngn; Fri, 21 Feb 2025 01:57:19 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740103039; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3nZ4vYSNmy/+mxmRH7LayY9qyMivX05wJ9u5Iog7UUs=; b=mCWmgyd4lusvSI3x8m86hs5T8ptvMldqzewPggdJ8e16ur9FrbboZeKe5Z2bvUZ9gl2Ped oy+DowU46AI5+lo6MICwmwsZ4jN/mI5/qfQg1/FGztHkKAIwsIj+5B1mGpSNz3/Fmvkcxz VEfioFvdPlHAJ8yjZbai1FUE/tq2L76+zA+AvLdXwM8zah2IE4kovvEZV8FxO3nNN0numv niQ6LfeOKiKKhYct/sshrdOLpsB8uPRhfEAMFLg9g1xi8ZtJZZYl++XYAO1yleWAr5Qo5L NLHYabaVi1benxdWJT5ulk8CEdzzvvmmKUdozFjqcOoCWeQYvSBRqfoGMn7xqg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740103039; a=rsa-sha256; cv=none; b=V4F0Y+DWnJ8aZ407QqDiebguFIBWULPVc+Np/UAi1jWo5nnVIAs9krJqNUw9uZ2LDgE6zr VnixVSpMSmchpG2HOshnxgsqz9M8/EzC1A6b3me1dJJ/fNd626yjbOPhDpbmu5NVVeVhAz o4a5kCjJBf9NvAoAnXAO5Ek66oi+dzQgOs+BsUzdmmGA1cRtJsTiRn84wWgOp06KfcrL5l qP1jaFW4pSXb5vQs2CCQeQamHpKLtpgei3MlCmtJiyCpz+IcKon8c7bibqpwtMPQIkSFa8 Y+AlAIVkPoyrQb+3hls02bPK09BdjU8NIU948vMteO6UM/65GQF6qI5BHfu+9Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740103039; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3nZ4vYSNmy/+mxmRH7LayY9qyMivX05wJ9u5Iog7UUs=; b=N1JLVzDEymDc70bATq165QWG4lsCszEUXxSKwH0/1ioccsPgm5E8ABS5vKEz62o6NgNSJj Ri/rBToFQqiwggzu7eJQ939r5WTISdge7tqohvyfldH+dWN3+wMoCUkO3LomcYBxzl/PRP EEVbJu3pWKNsFI12WOiEZ6qNKkR+eCsbb0pnj5G7sBa8M+Fg8XGuTBt3wztAoAhR834+2H bpOY6SC25SPM7qkeTuIiK6h+JqL5o5l44G3oX3yJU+X6n1u0WNLp3nRYYUer6eUmqSPnLw 3/U1Hp0I6ddDFisI6lLTYjPbnbqhgrvDf0dh/gOFXRwtKtunQoYG1Rq2BqAYHQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzYCz0ZVCz1Gjx; Fri, 21 Feb 2025 01:57:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51L1vIvT067489; Fri, 21 Feb 2025 01:57:18 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51L1vIEQ067486; Fri, 21 Feb 2025 01:57:18 GMT (envelope-from git) Date: Fri, 21 Feb 2025 01:57:18 GMT Message-Id: <202502210157.51L1vIEQ067486@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: e83d93bb28ac - stable/14 - udp: Add a sysctl to modify listening socket FIB inheritance List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: e83d93bb28ac84fe10c23191212e2c53e344132d Auto-Submitted: auto-generated The branch stable/14 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=e83d93bb28ac84fe10c23191212e2c53e344132d commit e83d93bb28ac84fe10c23191212e2c53e344132d Author: Mark Johnston AuthorDate: 2025-02-06 14:15:41 +0000 Commit: Mark Johnston CommitDate: 2025-02-21 01:04:50 +0000 udp: Add a sysctl to modify listening socket FIB inheritance Introduce the net.inet.udp.bind_all_fibs tunable, set to 1 by default for compatibility with current behaviour. When set to 0, all received datagrams will be dropped unless an inpcb bound to the same FIB exists. No functional change intended, as the new behaviour is not enabled by default. Reviewed by: glebius MFC after: 2 weeks Sponsored by: Klara, Inc. Sponsored by: Stormshield Differential Revision: https://reviews.freebsd.org/D48664 (cherry picked from commit 08e638c089ab57531f08994d03c9dde54c4744f9) --- share/man/man4/udp.4 | 15 ++++++++++++++- sys/netinet/udp_usrreq.c | 40 ++++++++++++++++++++++++++++++---------- sys/netinet/udp_var.h | 6 ++++-- sys/netinet6/udp6_usrreq.c | 18 ++++++++++++------ 4 files changed, 60 insertions(+), 19 deletions(-) diff --git a/share/man/man4/udp.4 b/share/man/man4/udp.4 index 1edfe1519156..3973708a259f 100644 --- a/share/man/man4/udp.4 +++ b/share/man/man4/udp.4 @@ -27,7 +27,7 @@ .\" .\" @(#)udp.4 8.1 (Berkeley) 6/5/93 .\" -.Dd August 1, 2022 +.Dd January 20, 2025 .Dt UDP 4 .Os .Sh NAME @@ -109,6 +109,19 @@ Only one value is supported for this option: .Tn UDP_ENCAP_ESPINUDP from RFC 3948, defined in .In netinet/udp.h . +.Sh FIB support +UDP sockets are FIB-aware. +They inherit the FIB of the process which created the socket. +By default, a UDP socket bound to an address can receive datagrams originating +from any FIB. +If the +.Va net.inet.udp.bind_all_fibs +tunable is set to 0, all UDP sockets will receive only datagrams originating +from the same FIB as the socket. +In this mode, multiple sockets can be bound to the same address, so long as +each socket belongs to a different FIB, similar to the behavior of the +.Dv SO_REUSEPORT +option. .Sh MIB (sysctl) Variables The .Nm diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index 75af0055c680..9a3d9a810481 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -107,6 +107,11 @@ * Per RFC 3828, July, 2004. */ +VNET_DEFINE(int, udp_bind_all_fibs) = 1; +SYSCTL_INT(_net_inet_udp, OID_AUTO, bind_all_fibs, CTLFLAG_VNET | CTLFLAG_RDTUN, + &VNET_NAME(udp_bind_all_fibs), 0, + "Bound sockets receive traffic from all FIBs"); + /* * BSD 4.2 defaulted the udp checksum to be off. Turning off udp checksums * removes the only data integrity mechanism for packets and malformed @@ -361,10 +366,12 @@ udp_multi_input(struct mbuf *m, int proto, struct sockaddr_in *udp_in) #endif struct inpcb *inp; struct mbuf *n; - int appends = 0; + int appends = 0, fib; MPASS(ip->ip_hl == sizeof(struct ip) >> 2); + fib = M_GETFIB(m); + while ((inp = inp_next(&inpi)) != NULL) { /* * XXXRW: Because we weren't holding either the inpcb @@ -372,6 +379,14 @@ udp_multi_input(struct mbuf *m, int proto, struct sockaddr_in *udp_in) * before, we should probably recheck now that the * inpcb lock is held. */ + + if (V_udp_bind_all_fibs == 0 && fib != inp->inp_inc.inc_fibnum) + /* + * Sockets bound to a specific FIB can only receive + * packets from that FIB. + */ + continue; + /* * Handle socket delivery policy for any-source * and source-specific multicast. [RFC3678] @@ -455,7 +470,7 @@ udp_input(struct mbuf **mp, int *offp, int proto) struct sockaddr_in udp_in[2]; struct mbuf *m; struct m_tag *fwd_tag; - int cscov_partial, iphlen; + int cscov_partial, iphlen, lookupflags; m = *mp; iphlen = *offp; @@ -577,7 +592,11 @@ udp_input(struct mbuf **mp, int *offp, int proto) /* * Locate pcb for datagram. - * + */ + lookupflags = INPLOOKUP_RLOCKPCB | + (V_udp_bind_all_fibs ? 0 : INPLOOKUP_FIB); + + /* * Grab info from PACKET_TAG_IPFORWARD tag prepended to the chain. */ if ((m->m_flags & M_IP_NEXTHOP) && @@ -591,7 +610,7 @@ udp_input(struct mbuf **mp, int *offp, int proto) * Already got one like this? */ inp = in_pcblookup_mbuf(pcbinfo, ip->ip_src, uh->uh_sport, - ip->ip_dst, uh->uh_dport, INPLOOKUP_RLOCKPCB, ifp, m); + ip->ip_dst, uh->uh_dport, lookupflags, ifp, m); if (!inp) { /* * It's new. Try to find the ambushing socket. @@ -601,8 +620,8 @@ udp_input(struct mbuf **mp, int *offp, int proto) inp = in_pcblookup(pcbinfo, ip->ip_src, uh->uh_sport, next_hop->sin_addr, next_hop->sin_port ? htons(next_hop->sin_port) : - uh->uh_dport, INPLOOKUP_WILDCARD | - INPLOOKUP_RLOCKPCB, ifp); + uh->uh_dport, INPLOOKUP_WILDCARD | lookupflags, + ifp); } /* Remove the tag from the packet. We don't need it anymore. */ m_tag_delete(m, fwd_tag); @@ -610,7 +629,7 @@ udp_input(struct mbuf **mp, int *offp, int proto) } else inp = in_pcblookup_mbuf(pcbinfo, ip->ip_src, uh->uh_sport, ip->ip_dst, uh->uh_dport, INPLOOKUP_WILDCARD | - INPLOOKUP_RLOCKPCB, ifp, m); + lookupflags, ifp, m); if (inp == NULL) { if (V_udp_log_in_vain) { char src[INET_ADDRSTRLEN]; @@ -1218,8 +1237,8 @@ udp_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *addr, inp->inp_vflag &= ~INP_IPV6; } INP_HASH_WLOCK(pcbinfo); - error = in_pcbbind_setup(inp, &src, &laddr.s_addr, &lport, 0, - td->td_ucred); + error = in_pcbbind_setup(inp, &src, &laddr.s_addr, &lport, + V_udp_bind_all_fibs ? 0 : INPBIND_FIB, td->td_ucred); INP_HASH_WUNLOCK(pcbinfo); if ((flags & PRUS_IPV6) != 0) inp->inp_vflag = vflagsav; @@ -1568,7 +1587,8 @@ udp_bind(struct socket *so, struct sockaddr *nam, struct thread *td) INP_WLOCK(inp); INP_HASH_WLOCK(pcbinfo); - error = in_pcbbind(inp, sinp, 0, td->td_ucred); + error = in_pcbbind(inp, sinp, V_udp_bind_all_fibs ? 0 : INPBIND_FIB, + td->td_ucred); INP_HASH_WUNLOCK(pcbinfo); INP_WUNLOCK(inp); return (error); diff --git a/sys/netinet/udp_var.h b/sys/netinet/udp_var.h index a2e9c3388160..51272e7c9349 100644 --- a/sys/netinet/udp_var.h +++ b/sys/netinet/udp_var.h @@ -149,13 +149,15 @@ VNET_DECLARE(struct inpcbinfo, ulitecbinfo); extern u_long udp_sendspace; extern u_long udp_recvspace; -VNET_DECLARE(int, udp_cksum); +VNET_DECLARE(int, udp_bind_all_fibs); VNET_DECLARE(int, udp_blackhole); VNET_DECLARE(bool, udp_blackhole_local); +VNET_DECLARE(int, udp_cksum); VNET_DECLARE(int, udp_log_in_vain); -#define V_udp_cksum VNET(udp_cksum) +#define V_udp_bind_all_fibs VNET(udp_bind_all_fibs) #define V_udp_blackhole VNET(udp_blackhole) #define V_udp_blackhole_local VNET(udp_blackhole_local) +#define V_udp_cksum VNET(udp_cksum) #define V_udp_log_in_vain VNET(udp_log_in_vain) VNET_DECLARE(int, zero_checksum_port); diff --git a/sys/netinet6/udp6_usrreq.c b/sys/netinet6/udp6_usrreq.c index 5b902129920b..a23bbabab236 100644 --- a/sys/netinet6/udp6_usrreq.c +++ b/sys/netinet6/udp6_usrreq.c @@ -349,6 +349,7 @@ udp6_input(struct mbuf **mp, int *offp, int proto) int off = *offp; int cscov_partial; int plen, ulen; + int lookupflags; struct sockaddr_in6 fromsa[2]; struct m_tag *fwd_tag; uint16_t uh_sum; @@ -446,6 +447,8 @@ skip_checksum: /* * Locate pcb for datagram. */ + lookupflags = INPLOOKUP_RLOCKPCB | + (V_udp_bind_all_fibs ? 0 : INPLOOKUP_FIB); /* * Grab info from PACKET_TAG_IPFORWARD tag prepended to the chain. @@ -462,7 +465,7 @@ skip_checksum: */ inp = in6_pcblookup_mbuf(pcbinfo, &ip6->ip6_src, uh->uh_sport, &ip6->ip6_dst, uh->uh_dport, - INPLOOKUP_RLOCKPCB, m->m_pkthdr.rcvif, m); + lookupflags, m->m_pkthdr.rcvif, m); if (!inp) { /* * It's new. Try to find the ambushing socket. @@ -472,8 +475,8 @@ skip_checksum: inp = in6_pcblookup(pcbinfo, &ip6->ip6_src, uh->uh_sport, &next_hop6->sin6_addr, next_hop6->sin6_port ? htons(next_hop6->sin6_port) : - uh->uh_dport, INPLOOKUP_WILDCARD | - INPLOOKUP_RLOCKPCB, m->m_pkthdr.rcvif); + uh->uh_dport, INPLOOKUP_WILDCARD | lookupflags, + m->m_pkthdr.rcvif); } /* Remove the tag from the packet. We don't need it anymore. */ m_tag_delete(m, fwd_tag); @@ -481,7 +484,7 @@ skip_checksum: } else inp = in6_pcblookup_mbuf(pcbinfo, &ip6->ip6_src, uh->uh_sport, &ip6->ip6_dst, uh->uh_dport, - INPLOOKUP_WILDCARD | INPLOOKUP_RLOCKPCB, + INPLOOKUP_WILDCARD | lookupflags, m->m_pkthdr.rcvif, m); if (inp == NULL) { if (V_udp_log_in_vain) { @@ -1050,13 +1053,16 @@ udp6_bind(struct socket *so, struct sockaddr *nam, struct thread *td) in6_sin6_2_sin(&sin, sin6_p); inp->inp_vflag |= INP_IPV4; inp->inp_vflag &= ~INP_IPV6; - error = in_pcbbind(inp, &sin, 0, td->td_ucred); + error = in_pcbbind(inp, &sin, + V_udp_bind_all_fibs ? 0 : INPBIND_FIB, + td->td_ucred); goto out; } #endif } - error = in6_pcbbind(inp, sin6_p, 0, td->td_ucred); + error = in6_pcbbind(inp, sin6_p, V_udp_bind_all_fibs ? 0 : INPBIND_FIB, + td->td_ucred); #ifdef INET out: #endif From nobody Fri Feb 21 01:57:20 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzYD118PWz5nmc4; Fri, 21 Feb 2025 01:57:21 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzYD01lzRz3nh2; Fri, 21 Feb 2025 01:57:20 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740103040; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=43OEh+A+P6ndDi1StwWu8rPkEi0V3GIWYarCdEVcQMQ=; b=AI06OJAVqP8nJg/ef0+A6vev+srwz/3LOKwdUKHW9KGn6rvcXT78Y/yXCW0pJNQEjncaya WCIPJLk46bK3S+OAbgOEJTGx/cOcVoXc6fzYkef7V7ZKzOE1pSdkrvcscJiGab7K++fV+U ZOIpI3lqwg/YQetHvSx6lNJXBVVcyMol9u/W4NoLbZyeKWLD152I6iT+DcHdzBb3QAeVC/ 5TBJjXwCbOagVkKSj40k49g8f6MC9q6ZHFk61Cv/qVxihwSqZf6mc5Rb5zZ/5jQbKoHntI WGju34vKtuCyq+ZD4XRmb+MClfOh/y7xRbhfrvBoFNyjskZiQ96WzaaFqoiDZw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740103040; a=rsa-sha256; cv=none; b=v72bw8gUoqD0gsztW60Oij942ZzzGM+dlU5RIlTBUceXF4CK6AzOyURCNGgkuRIetJfrV5 gAVwbauubfzoUEIg5CtGiPM+2cT/gnMCbVp2scz6V7uIaqBTBKkvP41U98AI8l5x5B0mbf qck9/cUmbwaaBPOwUlTm3ncvrqX+RB/P+IIHpXP0o59xXvzSBH5+QMnIPIxF/t/MkLoKqh EgiOc2XtJNsNZqiG/qQIffIOiuTfT6kF0/uELgH5tthJ90gmPrkCBEtM4ebg32xpOP/zHp AIB3z2rtBaJAiTsodIPdp8ErgFRM+4Pl9n0uGVs8Nzu5vtGEM5x+8E+PQjwGpQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740103040; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=43OEh+A+P6ndDi1StwWu8rPkEi0V3GIWYarCdEVcQMQ=; b=dlgf4rxueZNGl3CCaOwKB9pRuFvuvlbHC3IxPSmQq77yJfOV5Jz3t8JIGIXhuboi5j9cx1 wkobJpYLBTE98rwY7I6TUMeYNViKQdGHcUAWKCzg7St/HN/ocM4YCkYkjsD+hDB7UzKPzu ij/XTq8DrxwGMvzeWn+W4j36mH0ujZnRJLCIc18nVoxhQlEZnTUBKmqCb3P/q3WDkuCOtW 36Aitcw5RWZXWMm7L3m5BjK5UiGXA1n/hr2KFQppRvpGyxV4/FfZZuQcIKZL4wLC1bmXWd WBOSZ3KRzq3BA6paRdeRiFGqVRxpIwF5mhSK6CB3PkO3D22lceCbjFAdT3x9vQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzYD01KfJz1GwS; Fri, 21 Feb 2025 01:57:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51L1vKdl067522; Fri, 21 Feb 2025 01:57:20 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51L1vKIl067519; Fri, 21 Feb 2025 01:57:20 GMT (envelope-from git) Date: Fri, 21 Feb 2025 01:57:20 GMT Message-Id: <202502210157.51L1vKIl067519@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: d2ae0070a1d3 - stable/14 - tests: Add some FIB multibind test cases List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: d2ae0070a1d34555fd70d05488bf04f42a81e075 Auto-Submitted: auto-generated The branch stable/14 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=d2ae0070a1d34555fd70d05488bf04f42a81e075 commit d2ae0070a1d34555fd70d05488bf04f42a81e075 Author: Mark Johnston AuthorDate: 2025-02-06 14:16:04 +0000 Commit: Mark Johnston CommitDate: 2025-02-21 01:04:50 +0000 tests: Add some FIB multibind test cases Reviewed by: glebius MFC after: 2 weeks Sponsored by: Klara, Inc. Sponsored by: Stormshield Differential Revision: https://reviews.freebsd.org/D48665 (cherry picked from commit 7034563f8ef3acbe5bada582f0bb335fcba9dfb4) --- tests/sys/netinet/Makefile | 3 +- tests/sys/netinet/fibs_multibind_test.c | 754 ++++++++++++++++++++++++++++++++ 2 files changed, 756 insertions(+), 1 deletion(-) diff --git a/tests/sys/netinet/Makefile b/tests/sys/netinet/Makefile index 6019da4f6baa..acb259701a3f 100644 --- a/tests/sys/netinet/Makefile +++ b/tests/sys/netinet/Makefile @@ -6,7 +6,8 @@ BINDIR= ${TESTSDIR} TESTS_SUBDIRS+= libalias -ATF_TESTS_C= ip_reass_test \ +ATF_TESTS_C= fibs_multibind_test \ + ip_reass_test \ ip6_v4mapped_test \ so_reuseport_lb_test \ socket_afinet \ diff --git a/tests/sys/netinet/fibs_multibind_test.c b/tests/sys/netinet/fibs_multibind_test.c new file mode 100644 index 000000000000..c62e8abdf81b --- /dev/null +++ b/tests/sys/netinet/fibs_multibind_test.c @@ -0,0 +1,754 @@ +/*- + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2024-2025 Stormshield + */ + +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +#include + +#define MAKETEST_TCP(name) \ +ATF_TC_WITHOUT_HEAD(name ## _tcp); \ +ATF_TC_BODY(name ## _tcp, tc) \ +{ \ + name(PF_INET, SOCK_STREAM, tc); \ +} \ +ATF_TC_WITHOUT_HEAD(name ## _tcp6); \ +ATF_TC_BODY(name ## _tcp6, tc) \ +{ \ + name(PF_INET6, SOCK_STREAM, tc); \ +} +#define MAKETEST_UDP(name) \ +ATF_TC_WITHOUT_HEAD(name ## _udp); \ +ATF_TC_BODY(name ## _udp, tc) \ +{ \ + name(PF_INET, SOCK_DGRAM, tc); \ +} \ +ATF_TC_WITHOUT_HEAD(name ## _udp6); \ +ATF_TC_BODY(name ## _udp6, tc) \ +{ \ + name(PF_INET6, SOCK_DGRAM, tc); \ +} +#define MAKETEST_RAW(name) \ +ATF_TC(name ## _raw); \ +ATF_TC_HEAD(name ## _raw, tc) \ +{ \ + atf_tc_set_md_var(tc, "require.user", \ + "root"); \ +} \ +ATF_TC_BODY(name ## _raw, tc) \ +{ \ + name(PF_INET, SOCK_RAW, tc); \ +} \ +ATF_TC(name ## _raw6); \ +ATF_TC_HEAD(name ## _raw6, tc) \ +{ \ + atf_tc_set_md_var(tc, "require.user", \ + "root"); \ +} \ +ATF_TC_BODY(name ## _raw6, tc) \ +{ \ + name(PF_INET6, SOCK_RAW, tc); \ +} + +#define MAKETEST(name) \ + MAKETEST_TCP(name) \ + MAKETEST_UDP(name) + +#define LISTTEST_TCP(name) \ + ATF_TP_ADD_TC(tp, name ## _tcp); \ + ATF_TP_ADD_TC(tp, name ## _tcp6); +#define LISTTEST_UDP(name) \ + ATF_TP_ADD_TC(tp, name ## _udp); \ + ATF_TP_ADD_TC(tp, name ## _udp6); +#define LISTTEST_RAW(name) \ + ATF_TP_ADD_TC(tp, name ## _raw); \ + ATF_TP_ADD_TC(tp, name ## _raw6); +#define LISTTEST(name) \ + LISTTEST_TCP(name) \ + LISTTEST_UDP(name) + +static void +checked_close(int s) +{ + int error; + + error = close(s); + ATF_REQUIRE_MSG(error == 0, "close failed: %s", strerror(errno)); +} + +static int +mksockp(int domain, int type, int fib, int proto) +{ + int error, s; + + s = socket(domain, type, proto); + ATF_REQUIRE(s != -1); + error = setsockopt(s, SOL_SOCKET, SO_SETFIB, &fib, sizeof(fib)); + ATF_REQUIRE_MSG(error == 0, "setsockopt failed: %s", strerror(errno)); + + return (s); +} + +static int +mksock(int domain, int type, int fib) +{ + return (mksockp(domain, type, fib, 0)); +} + +static void +require_fibs_multibind(int socktype, int minfibs) +{ + const char *sysctl; + size_t sz; + int error, fibs, multibind; + + fibs = 0; + sz = sizeof(fibs); + error = sysctlbyname("net.fibs", &fibs, &sz, NULL, 0); + ATF_REQUIRE_MSG(error == 0, "sysctlbyname failed: %s", strerror(errno)); + ATF_REQUIRE_MSG(fibs >= 1, "strange FIB count %d", fibs); + if (fibs == 1) + atf_tc_skip("multiple FIBs not enabled"); + if (fibs < minfibs) + atf_tc_skip("not enough FIBs, need %d", minfibs); + + switch (socktype) { + case SOCK_STREAM: + sysctl = "net.inet.tcp.bind_all_fibs"; + break; + case SOCK_DGRAM: + sysctl = "net.inet.udp.bind_all_fibs"; + break; + case SOCK_RAW: + sysctl = "net.inet.raw.bind_all_fibs"; + break; + default: + atf_tc_fail("unknown socket type %d", socktype); + break; + } + + multibind = -1; + sz = sizeof(multibind); + error = sysctlbyname(sysctl, &multibind, &sz, NULL, 0); + ATF_REQUIRE_MSG(error == 0, "sysctlbyname failed: %s", strerror(errno)); + if (multibind != 0) + atf_tc_skip("FIB multibind not configured (%s)", sysctl); +} + +/* + * Make sure that different users can't bind to the same port from different + * FIBs. + */ +static void +multibind_different_user(int domain, int type, const atf_tc_t *tc) +{ + struct sockaddr_storage ss; + struct passwd *passwd; + const char *user; + socklen_t sslen; + int error, s[2]; + + if (geteuid() != 0) + atf_tc_skip("need root privileges"); + if (!atf_tc_has_config_var(tc, "unprivileged_user")) + atf_tc_skip("unprivileged_user not set"); + + ATF_REQUIRE(domain == PF_INET || domain == PF_INET6); + sslen = domain == PF_INET ? sizeof(struct sockaddr_in) : + sizeof(struct sockaddr_in6); + + require_fibs_multibind(type, 2); + + s[0] = mksock(domain, type, 0); + + memset(&ss, 0, sizeof(ss)); + ss.ss_family = domain; + ss.ss_len = sslen; + error = bind(s[0], (struct sockaddr *)&ss, sslen); + ATF_REQUIRE_MSG(error == 0, "bind failed: %s", strerror(errno)); + + error = getsockname(s[0], (struct sockaddr *)&ss, &sslen); + ATF_REQUIRE_MSG(error == 0, "getsockname failed: %s", strerror(errno)); + + /* + * Create a second socket in a different FIB, and bind it to the same + * address/port tuple. This should succeed if done as the same user as + * the first socket, and should fail otherwise. + */ + s[1] = mksock(domain, type, 1); + error = bind(s[1], (struct sockaddr *)&ss, sslen); + ATF_REQUIRE_MSG(error == 0, "bind failed: %s", strerror(errno)); + ATF_REQUIRE_MSG(close(s[1]) == 0, "close failed: %s", strerror(errno)); + + user = atf_tc_get_config_var(tc, "unprivileged_user"); + passwd = getpwnam(user); + ATF_REQUIRE(passwd != NULL); + error = seteuid(passwd->pw_uid); + ATF_REQUIRE_MSG(error == 0, "seteuid failed: %s", strerror(errno)); + + /* Repeat the bind as a different user. */ + s[1] = mksock(domain, type, 1); + error = bind(s[1], (struct sockaddr *)&ss, sslen); + ATF_REQUIRE_ERRNO(EADDRINUSE, error == -1); + ATF_REQUIRE_MSG(close(s[1]) == 0, "close failed: %s", strerror(errno)); +} +MAKETEST(multibind_different_user); + +/* + * Verify that a listening socket only accepts connections originating from the + * same FIB. + */ +static void +per_fib_listening_socket(int domain, int type, const atf_tc_t *tc __unused) +{ + struct sockaddr_storage ss; + socklen_t sslen; + int cs1, cs2, error, fib1, fib2, ls1, ls2, ns; + + ATF_REQUIRE(type == SOCK_STREAM); + ATF_REQUIRE(domain == PF_INET || domain == PF_INET6); + require_fibs_multibind(type, 2); + + fib1 = 0; + fib2 = 1; + + ls1 = mksock(domain, type, fib1); + ls2 = mksock(domain, type, fib2); + + sslen = domain == PF_INET ? sizeof(struct sockaddr_in) : + sizeof(struct sockaddr_in6); + + memset(&ss, 0, sizeof(ss)); + ss.ss_family = domain; + ss.ss_len = sslen; + error = bind(ls1, (struct sockaddr *)&ss, sslen); + ATF_REQUIRE_MSG(error == 0, "bind failed: %s", strerror(errno)); + + error = getsockname(ls1, (struct sockaddr *)&ss, &sslen); + ATF_REQUIRE_MSG(error == 0, "getsockname failed: %s", strerror(errno)); + + error = listen(ls1, 5); + ATF_REQUIRE_MSG(error == 0, "listen failed: %s", strerror(errno)); + + cs1 = mksock(domain, type, fib1); + cs2 = mksock(domain, type, fib2); + + /* + * Make sure we can connect from the same FIB. + */ + error = connect(cs1, (struct sockaddr *)&ss, sslen); + ATF_REQUIRE_MSG(error == 0, "connect failed: %s", strerror(errno)); + ns = accept(ls1, NULL, NULL); + ATF_REQUIRE_MSG(ns != -1, "accept failed: %s", strerror(errno)); + checked_close(ns); + checked_close(cs1); + cs1 = mksock(domain, type, fib1); + + /* + * ... but not from a different FIB. + */ + error = connect(cs2, (struct sockaddr *)&ss, sslen); + ATF_REQUIRE_MSG(error == -1, "connect succeeded unexpectedly"); + ATF_REQUIRE_MSG(errno == ECONNREFUSED, "unexpected error %d", errno); + checked_close(cs2); + cs2 = mksock(domain, type, fib2); + + /* + * ... but if there are multiple listening sockets, we always connect to + * the same FIB. + */ + error = bind(ls2, (struct sockaddr *)&ss, sslen); + ATF_REQUIRE_MSG(error == 0, "bind failed: %s", strerror(errno)); + error = listen(ls2, 5); + ATF_REQUIRE_MSG(error == 0, "listen failed: %s", strerror(errno)); + + for (int i = 0; i < 10; i++) { + error = connect(cs1, (struct sockaddr *)&ss, sslen); + ATF_REQUIRE_MSG(error == 0, "connect failed: %s", + strerror(errno)); + ns = accept(ls1, NULL, NULL); + ATF_REQUIRE_MSG(ns != -1, "accept failed: %s", strerror(errno)); + + checked_close(ns); + checked_close(cs1); + cs1 = mksock(domain, type, fib1); + } + for (int i = 0; i < 10; i++) { + error = connect(cs2, (struct sockaddr *)&ss, sslen); + ATF_REQUIRE_MSG(error == 0, "connect failed: %s", + strerror(errno)); + ns = accept(ls2, NULL, NULL); + ATF_REQUIRE_MSG(ns != -1, "accept failed: %s", strerror(errno)); + + checked_close(ns); + checked_close(cs2); + cs2 = mksock(domain, type, fib2); + } + + /* + * ... and if we close one of the listening sockets, we're back to only + * being able to connect from the same FIB. + */ + checked_close(ls1); + error = connect(cs1, (struct sockaddr *)&ss, sslen); + ATF_REQUIRE_MSG(error == -1, "connect succeeded unexpectedly"); + ATF_REQUIRE_MSG(errno == ECONNREFUSED, "unexpected error %d", errno); + checked_close(cs1); + + error = connect(cs2, (struct sockaddr *)&ss, sslen); + ATF_REQUIRE_MSG(error == 0, "connect failed: %s", strerror(errno)); + ns = accept(ls2, NULL, NULL); + ATF_REQUIRE_MSG(ns != -1, "accept failed: %s", strerror(errno)); + checked_close(ns); + checked_close(cs2); + checked_close(ls2); +} +MAKETEST_TCP(per_fib_listening_socket); + +/* + * Verify that a bound datagram socket only accepts data from the same FIB. + */ +static void +per_fib_dgram_socket(int domain, int type, const atf_tc_t *tc __unused) +{ + struct sockaddr_storage ss; + struct sockaddr_in6 *sin6p; + socklen_t sslen; + ssize_t n; + int error, cs1, cs2, fib1, fib2, ss1, ss2; + char b; + + ATF_REQUIRE(type == SOCK_DGRAM); + ATF_REQUIRE(domain == PF_INET || domain == PF_INET6); + require_fibs_multibind(type, 2); + + fib1 = 0; + fib2 = 1; + + cs1 = mksock(domain, type, fib1); + cs2 = mksock(domain, type, fib2); + + ss1 = mksock(domain, type, fib1); + ss2 = mksock(domain, type, fib2); + + sslen = domain == PF_INET ? sizeof(struct sockaddr_in) : + sizeof(struct sockaddr_in6); + + memset(&ss, 0, sizeof(ss)); + ss.ss_family = domain; + ss.ss_len = sslen; + error = bind(ss1, (struct sockaddr *)&ss, sslen); + ATF_REQUIRE_MSG(error == 0, "bind failed: %s", strerror(errno)); + + error = getsockname(ss1, (struct sockaddr *)&ss, &sslen); + ATF_REQUIRE_MSG(error == 0, "getsockname failed: %s", strerror(errno)); + + if (domain == PF_INET6) { + sin6p = (struct sockaddr_in6 *)&ss; + sin6p->sin6_addr = in6addr_loopback; + } + + /* If we send a byte from cs1, it should be recieved by ss1. */ + b = 42; + n = sendto(cs1, &b, sizeof(b), 0, (struct sockaddr *)&ss, sslen); + ATF_REQUIRE_MSG(n == 1, "sendto failed: %s", strerror(errno)); + n = recv(ss1, &b, sizeof(b), 0); + ATF_REQUIRE(n == 1); + ATF_REQUIRE(b == 42); + + /* If we send a byte from cs2, it should not be received by ss1. */ + b = 42; + n = sendto(cs2, &b, sizeof(b), 0, (struct sockaddr *)&ss, sslen); + ATF_REQUIRE_MSG(n == 1, "sendto failed: %s", strerror(errno)); + usleep(10000); + n = recv(ss1, &b, sizeof(b), MSG_DONTWAIT); + ATF_REQUIRE_ERRNO(EWOULDBLOCK, n == -1); + + error = bind(ss2, (struct sockaddr *)&ss, sslen); + ATF_REQUIRE_MSG(error == 0, "bind failed: %s", strerror(errno)); + + /* Repeat now that ss2 is bound. */ + b = 42; + n = sendto(cs1, &b, sizeof(b), 0, (struct sockaddr *)&ss, sslen); + ATF_REQUIRE_MSG(n == 1, "sendto failed: %s", strerror(errno)); + n = recv(ss1, &b, sizeof(b), 0); + ATF_REQUIRE(n == 1); + ATF_REQUIRE(b == 42); + + b = 42; + n = sendto(cs2, &b, sizeof(b), 0, (struct sockaddr *)&ss, sslen); + ATF_REQUIRE_MSG(n == 1, "sendto failed: %s", strerror(errno)); + n = recv(ss2, &b, sizeof(b), 0); + ATF_REQUIRE(n == 1); + ATF_REQUIRE(b == 42); + + checked_close(ss1); + checked_close(ss2); + checked_close(cs1); + checked_close(cs2); +} +MAKETEST_UDP(per_fib_dgram_socket); + +static size_t +ping(int s, const struct sockaddr *sa, socklen_t salen) +{ + struct { + struct icmphdr icmp; + char data[64]; + } icmp; + ssize_t n; + + memset(&icmp, 0, sizeof(icmp)); + icmp.icmp.icmp_type = ICMP_ECHO; + icmp.icmp.icmp_code = 0; + icmp.icmp.icmp_cksum = htons(~(ICMP_ECHO << 8)); + n = sendto(s, &icmp, sizeof(icmp), 0, sa, salen); + ATF_REQUIRE_MSG(n == (ssize_t)sizeof(icmp), "sendto failed: %s", + strerror(errno)); + + return (sizeof(icmp) + sizeof(struct ip)); +} + +static size_t +ping6(int s, const struct sockaddr *sa, socklen_t salen) +{ + struct { + struct icmp6_hdr icmp6; + char data[64]; + } icmp6; + ssize_t n; + + memset(&icmp6, 0, sizeof(icmp6)); + icmp6.icmp6.icmp6_type = ICMP6_ECHO_REQUEST; + icmp6.icmp6.icmp6_code = 0; + icmp6.icmp6.icmp6_cksum = htons(~(ICMP6_ECHO_REQUEST << 8)); + n = sendto(s, &icmp6, sizeof(icmp6), 0, sa, salen); + ATF_REQUIRE_MSG(n == (ssize_t)sizeof(icmp6), "sendto failed: %s", + strerror(errno)); + + return (sizeof(icmp6)); +} + +static void +per_fib_raw_socket(int domain, int type, const atf_tc_t *tc __unused) +{ + struct sockaddr_in sin; + struct sockaddr_in6 sin6; + ssize_t n; + size_t sz; + int error, cs, s[2], proto; + uint8_t b[256]; + + ATF_REQUIRE(type == SOCK_RAW); + ATF_REQUIRE(domain == PF_INET || domain == PF_INET6); + require_fibs_multibind(type, 2); + + proto = domain == PF_INET ? IPPROTO_ICMP : IPPROTO_ICMPV6; + s[0] = mksockp(domain, type, 0, proto); + s[1] = mksockp(domain, type, 1, proto); + + if (domain == PF_INET) { + memset(&sin, 0, sizeof(sin)); + sin.sin_family = domain; + sin.sin_len = sizeof(sin); + sin.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + error = bind(s[0], (struct sockaddr *)&sin, sizeof(sin)); + } else /* if (domain == PF_INET6) */ { + memset(&sin6, 0, sizeof(sin6)); + sin6.sin6_family = domain; + sin6.sin6_len = sizeof(sin6); + sin6.sin6_addr = in6addr_loopback; + error = bind(s[0], (struct sockaddr *)&sin6, sizeof(sin6)); + } + ATF_REQUIRE_MSG(error == 0, "bind failed: %s", strerror(errno)); + + for (int i = 0; i < 2; i++) { + cs = mksockp(domain, type, i, proto); + if (domain == PF_INET) { + sz = ping(cs, (struct sockaddr *)&sin, sizeof(sin)); + } else /* if (domain == PF_INET6) */ { + sz = ping6(cs, (struct sockaddr *)&sin6, sizeof(sin6)); + } + n = recv(s[i], b, sizeof(b), 0); + ATF_REQUIRE_MSG(n > 0, "recv failed: %s", strerror(errno)); + ATF_REQUIRE_MSG(n == (ssize_t)sz, + "short packet received: %zd", n); + + if (domain == PF_INET6) { + /* Get the echo reply as well. */ + n = recv(s[i], b, sizeof(b), 0); + ATF_REQUIRE_MSG(n > 0, + "recv failed: %s", strerror(errno)); + ATF_REQUIRE_MSG(n == (ssize_t)sz, + "short packet received: %zd", n); + } + + /* Make sure that the other socket didn't receive anything. */ + n = recv(s[1 - i], b, sizeof(b), MSG_DONTWAIT); + printf("n = %zd i = %d\n", n, i); + ATF_REQUIRE_ERRNO(EWOULDBLOCK, n == -1); + + checked_close(cs); + } + + checked_close(s[0]); + checked_close(s[1]); +} +MAKETEST_RAW(per_fib_raw_socket); + +/* + * Create a pair of load-balancing listening socket groups, one in each FIB, and + * make sure that connections to the group are only load-balanced within the + * same FIB. + */ +static void +multibind_lbgroup_stream(int domain, int type, const atf_tc_t *tc __unused) +{ + struct sockaddr_storage ss; + socklen_t sslen; + int error, as, cs, s[3]; + + ATF_REQUIRE(type == SOCK_STREAM); + ATF_REQUIRE(domain == PF_INET || domain == PF_INET6); + require_fibs_multibind(type, 2); + + s[0] = mksock(domain, type, 0); + ATF_REQUIRE(setsockopt(s[0], SOL_SOCKET, SO_REUSEPORT_LB, &(int){1}, + sizeof(int)) == 0); + ATF_REQUIRE(fcntl(s[0], F_SETFL, O_NONBLOCK) == 0); + s[1] = mksock(domain, type, 0); + ATF_REQUIRE(setsockopt(s[1], SOL_SOCKET, SO_REUSEPORT_LB, &(int){1}, + sizeof(int)) == 0); + ATF_REQUIRE(fcntl(s[1], F_SETFL, O_NONBLOCK) == 0); + s[2] = mksock(domain, type, 1); + ATF_REQUIRE(setsockopt(s[2], SOL_SOCKET, SO_REUSEPORT_LB, &(int){1}, + sizeof(int)) == 0); + + sslen = domain == PF_INET ? sizeof(struct sockaddr_in) : + sizeof(struct sockaddr_in6); + memset(&ss, 0, sizeof(ss)); + ss.ss_family = domain; + ss.ss_len = sslen; + error = bind(s[0], (struct sockaddr *)&ss, sslen); + ATF_REQUIRE_MSG(error == 0, "bind failed: %s", strerror(errno)); + error = listen(s[0], 5); + ATF_REQUIRE_MSG(error == 0, "listen failed: %s", strerror(errno)); + error = getsockname(s[0], (struct sockaddr *)&ss, &sslen); + ATF_REQUIRE_MSG(error == 0, "getsockname failed: %s", strerror(errno)); + + error = bind(s[1], (struct sockaddr *)&ss, sslen); + ATF_REQUIRE_MSG(error == 0, "bind failed: %s", strerror(errno)); + error = listen(s[1], 5); + ATF_REQUIRE_MSG(error == 0, "listen failed: %s", strerror(errno)); + + error = bind(s[2], (struct sockaddr *)&ss, sslen); + ATF_REQUIRE_MSG(error == 0, "bind failed: %s", strerror(errno)); + error = listen(s[2], 5); + ATF_REQUIRE_MSG(error == 0, "listen failed: %s", strerror(errno)); + + /* + * Initiate connections from FIB 0, make sure they go to s[0] or s[1]. + */ + for (int count = 0; count < 100; count++) { + cs = mksock(domain, type, 0); + error = connect(cs, (struct sockaddr *)&ss, sslen); + ATF_REQUIRE_MSG(error == 0, "connect failed: %s", + strerror(errno)); + + do { + as = accept(s[0], NULL, NULL); + if (as == -1) { + ATF_REQUIRE_MSG(errno == EWOULDBLOCK, + "accept failed: %s", strerror(errno)); + as = accept(s[1], NULL, NULL); + if (as == -1) { + ATF_REQUIRE_MSG(errno == EWOULDBLOCK, + "accept failed: %s", + strerror(errno)); + } + } + } while (as == -1); + checked_close(as); + checked_close(cs); + } + + /* + * Initiate connections from FIB 1, make sure they go to s[2]. + */ + for (int count = 0; count < 100; count++) { + cs = mksock(domain, type, 1); + error = connect(cs, (struct sockaddr *)&ss, sslen); + ATF_REQUIRE_MSG(error == 0, "connect failed: %s", + strerror(errno)); + + as = accept(s[2], NULL, NULL); + ATF_REQUIRE_MSG(as != -1, "accept failed: %s", strerror(errno)); + checked_close(as); + checked_close(cs); + } + + checked_close(s[0]); + checked_close(s[1]); + checked_close(s[2]); +} +MAKETEST_TCP(multibind_lbgroup_stream); + +static void +multibind_lbgroup_dgram(int domain, int type, const atf_tc_t *tc __unused) +{ + struct sockaddr_storage ss; + struct sockaddr_in6 *sin6p; + socklen_t sslen; + ssize_t n; + int error, cs, s[3]; + char b; + + ATF_REQUIRE(type == SOCK_DGRAM); + ATF_REQUIRE(domain == PF_INET || domain == PF_INET6); + require_fibs_multibind(type, 2); + + s[0] = mksock(domain, type, 0); + ATF_REQUIRE(setsockopt(s[0], SOL_SOCKET, SO_REUSEPORT_LB, &(int){1}, + sizeof(int)) == 0); + s[1] = mksock(domain, type, 0); + ATF_REQUIRE(setsockopt(s[1], SOL_SOCKET, SO_REUSEPORT_LB, &(int){1}, + sizeof(int)) == 0); + s[2] = mksock(domain, type, 1); + ATF_REQUIRE(setsockopt(s[2], SOL_SOCKET, SO_REUSEPORT_LB, &(int){1}, + sizeof(int)) == 0); + + sslen = domain == PF_INET ? sizeof(struct sockaddr_in) : + sizeof(struct sockaddr_in6); + memset(&ss, 0, sizeof(ss)); + ss.ss_family = domain; + ss.ss_len = sslen; + error = bind(s[0], (struct sockaddr *)&ss, sslen); + ATF_REQUIRE_MSG(error == 0, "bind failed: %s", strerror(errno)); + error = getsockname(s[0], (struct sockaddr *)&ss, &sslen); + ATF_REQUIRE_MSG(error == 0, "getsockname failed: %s", strerror(errno)); + + error = bind(s[1], (struct sockaddr *)&ss, sslen); + ATF_REQUIRE_MSG(error == 0, "bind failed: %s", strerror(errno)); + error = bind(s[2], (struct sockaddr *)&ss, sslen); + ATF_REQUIRE_MSG(error == 0, "bind failed: %s", strerror(errno)); + + if (domain == PF_INET6) { + sin6p = (struct sockaddr_in6 *)&ss; + sin6p->sin6_addr = in6addr_loopback; + } + + /* + * Send a packet from FIB 0, make sure it goes to s[0] or s[1]. + */ + cs = mksock(domain, type, 0); + for (int count = 0; count < 100; count++) { + int bytes, rs; + + b = 42; + n = sendto(cs, &b, sizeof(b), 0, (struct sockaddr *)&ss, sslen); + ATF_REQUIRE_MSG(n == 1, "sendto failed: %s", strerror(errno)); + usleep(1000); + + error = ioctl(s[0], FIONREAD, &bytes); + ATF_REQUIRE_MSG(error == 0, "ioctl failed: %s", + strerror(errno)); + if (bytes == 0) { + error = ioctl(s[1], FIONREAD, &bytes); + ATF_REQUIRE_MSG(error == 0, "ioctl failed: %s", + strerror(errno)); + rs = s[1]; + } else { + rs = s[0]; + } + n = recv(rs, &b, sizeof(b), 0); + ATF_REQUIRE(n == 1); + ATF_REQUIRE(b == 42); + ATF_REQUIRE(bytes == 1); + } + checked_close(cs); + + /* + * Send a packet from FIB 1, make sure it goes to s[2]. + */ + cs = mksock(domain, type, 1); + for (int count = 0; count < 100; count++) { + b = 42; + n = sendto(cs, &b, sizeof(b), 0, (struct sockaddr *)&ss, sslen); + ATF_REQUIRE_MSG(n == 1, "sendto failed: %s", strerror(errno)); + usleep(1000); + + n = recv(s[2], &b, sizeof(b), 0); + ATF_REQUIRE(n == 1); + ATF_REQUIRE(b == 42); + } + checked_close(cs); + + checked_close(s[0]); + checked_close(s[1]); + checked_close(s[2]); +} +MAKETEST_UDP(multibind_lbgroup_dgram); + +/* + * Make sure that we can't change the FIB of a bound socket. + */ +static void +no_setfib_after_bind(int domain, int type, const atf_tc_t *tc __unused) +{ + struct sockaddr_storage ss; + socklen_t sslen; + int error, s; + + ATF_REQUIRE(domain == PF_INET || domain == PF_INET6); + require_fibs_multibind(type, 2); + + s = mksock(domain, type, 0); + + sslen = domain == PF_INET ? sizeof(struct sockaddr_in) : + sizeof(struct sockaddr_in6); + memset(&ss, 0, sizeof(ss)); + ss.ss_family = domain; + ss.ss_len = sslen; + error = bind(s, (struct sockaddr *)&ss, sslen); + ATF_REQUIRE_MSG(error == 0, "bind failed: %s", strerror(errno)); + + error = setsockopt(s, SOL_SOCKET, SO_SETFIB, &(int){1}, sizeof(int)); + ATF_REQUIRE_ERRNO(EISCONN, error == -1); + + /* It's ok to set the FIB number to its current value. */ + error = setsockopt(s, SOL_SOCKET, SO_SETFIB, &(int){0}, sizeof(int)); + ATF_REQUIRE_MSG(error == 0, "setsockopt failed: %s", strerror(errno)); + + checked_close(s); +} +MAKETEST(no_setfib_after_bind); + +ATF_TP_ADD_TCS(tp) +{ + LISTTEST(multibind_different_user); + LISTTEST_TCP(per_fib_listening_socket); + LISTTEST_UDP(per_fib_dgram_socket); + LISTTEST_RAW(per_fib_raw_socket); + LISTTEST_TCP(multibind_lbgroup_stream); + LISTTEST_UDP(multibind_lbgroup_dgram); + LISTTEST(no_setfib_after_bind); + + return (atf_no_error()); +} From nobody Fri Feb 21 01:57:22 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzYD26TBPz5nmN4; Fri, 21 Feb 2025 01:57:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzYD23hgVz3nmY; Fri, 21 Feb 2025 01:57:22 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740103042; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9UXkE+JX/OTy37BkhRdqODupG1rQKcxeeHVIfupBz4o=; b=BJCfAPlgI44wiWJCDg1T2J9XYiIj9V9UvIeJnKpGCTqhGPAUIkBZ4163ZpGmgg1d7AvcHO VQEuG6j5u/MfQkUy11FXzIAdo5AgMDsMiq4MCkP2QkLFZ8dVRotlXIphZ9xJqOMIsoY52J JC4dM28JidpPTjs0hf2YUzxMftjzsLL1Q4YH6f8c4+ilNL49ZYM82cxbamwpCrll+kpFJg KSqnJk3tqggL9kPw8Da7x54TW9OtMZ5ze7HJEk9h21yiBfRWZbTlzcRlJEEIyKdFN9w69H fTIOww1jfA9UXJmb6K95GXQJ8lEMNqWM7EzL8WYUCsHW4UjjbgPFt4LRe9uFyA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740103042; a=rsa-sha256; cv=none; b=A/MFS3Y2xUGI61A2NKCx7yVaByRHfHEtgw8BqrSCu8fUluQ+Gq43gZxryFtOctiHrx8+gM yVj9NJ7WIwuZSCGKyDr4qY+vkkUjQNWOGTItMmvVAo2BryZvXg1t6BoVs+FSbk0QW0yNVk 2N4z5pc6MyeUUaC4rBHRdjBU/YYi9+nXXUxnq1dwbQc4a/OWpswZLxfaS4UVSnfaxVoPrz 2GLJlA6E9R26BCF6tad0b88Cd3Zay+g0dgjcSb6CsAfFXQlVyZ0EcwNYdcUtRkL2YAYUGU DhMZzchRKpmY2kGcx5qBoTF4n2H17tPM8ejWMNMzGCPc4C72Pek+ng31t72EXA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740103042; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9UXkE+JX/OTy37BkhRdqODupG1rQKcxeeHVIfupBz4o=; b=F/Epy+dSfecFwU2W5pT1CfuYUvi3AmBoEZc31U/kPqP+MmYI/3tfbwxlz/vE7rgH81zK2V g8YfMe7k+oLRY7ebQ2y5Am2/KF4xZ5sxY2jwENzPQ1YaSvHdaVekRHRu3cF7eaGYwiSgvs sbjy4byNrBt+RzMXXHkOeJn1oapSF46dFxnJ56HP8Wv8KGt3WdBiWcAvI2gxY84DIWBvHT hlXBUU5pVTrY2U4m/IWSfJtBUKoeUlRAMxuoevOqGRrgBRxCU8slFleRPrhEqCvz9ftFGD qdoS4F7Qi1mZLviIAoFuqZCxRy/TYZ/MovG1KkhwHpsBO/LR9YGlzwlupQK47Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzYD23GSYz1GXd; Fri, 21 Feb 2025 01:57:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51L1vMJI067594; Fri, 21 Feb 2025 01:57:22 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51L1vMmc067591; Fri, 21 Feb 2025 01:57:22 GMT (envelope-from git) Date: Fri, 21 Feb 2025 01:57:22 GMT Message-Id: <202502210157.51L1vMmc067591@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: ce80cdeb1370 - stable/14 - rawip: Add a bind_all_fibs sysctl List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: ce80cdeb1370705d72a7aa6c5784581592c89a61 Auto-Submitted: auto-generated The branch stable/14 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=ce80cdeb1370705d72a7aa6c5784581592c89a61 commit ce80cdeb1370705d72a7aa6c5784581592c89a61 Author: Mark Johnston AuthorDate: 2025-02-06 14:16:36 +0000 Commit: Mark Johnston CommitDate: 2025-02-21 01:04:50 +0000 rawip: Add a bind_all_fibs sysctl As with net.inet.{tcp,udp}.bind_all_fibs, this causes raw sockets to accept only packets from the same FIB. Reviewed by: glebius Sponsored by: Klara, Inc. Sponsored by: Stormshield Differential Revision: https://reviews.freebsd.org/D48707 (cherry picked from commit 4009a98fe80b8a51837d471076152e6ff505b675) --- sys/netinet/raw_ip.c | 21 +++++++++++++++++++-- sys/netinet6/icmp6.c | 13 ++++++++++++- sys/netinet6/raw_ip6.c | 14 ++++++++++++-- 3 files changed, 43 insertions(+), 5 deletions(-) diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index 287a806845c4..36258b3283d6 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -32,7 +32,6 @@ * @(#)raw_ip.c 8.7 (Berkeley) 5/15/95 */ -#include #include "opt_inet.h" #include "opt_inet6.h" #include "opt_ipsec.h" @@ -130,6 +129,12 @@ int (*ip_rsvp_vif)(struct socket *, struct sockopt *); void (*ip_rsvp_force_done)(struct socket *); #endif /* INET */ +#define V_rip_bind_all_fibs VNET(rip_bind_all_fibs) +VNET_DEFINE(int, rip_bind_all_fibs) = 1; +SYSCTL_INT(_net_inet_raw, OID_AUTO, bind_all_fibs, CTLFLAG_VNET | CTLFLAG_RDTUN, + &VNET_NAME(rip_bind_all_fibs), 0, + "Bound sockets receive traffic from all FIBs"); + u_long rip_sendspace = 9216; SYSCTL_ULONG(_net_inet_raw, OID_AUTO, maxdgram, CTLFLAG_RW, &rip_sendspace, 0, "Maximum outgoing raw IP datagram size"); @@ -304,7 +309,9 @@ rip_input(struct mbuf **mp, int *offp, int proto) struct mbuf *m = *mp; struct inpcb *inp; struct sockaddr_in ripsrc; - int appended; + int appended, fib; + + M_ASSERTPKTHDR(m); *mp = NULL; appended = 0; @@ -314,6 +321,7 @@ rip_input(struct mbuf **mp, int *offp, int proto) ripsrc.sin_family = AF_INET; ripsrc.sin_addr = ctx.ip->ip_src; + fib = M_GETFIB(m); ifp = m->m_pkthdr.rcvif; inpi.hash = INP_PCBHASH_RAW(proto, ctx.ip->ip_src.s_addr, @@ -328,6 +336,12 @@ rip_input(struct mbuf **mp, int *offp, int proto) */ continue; } + if (V_rip_bind_all_fibs == 0 && fib != inp->inp_inc.inc_fibnum) + /* + * Sockets bound to a specific FIB can only receive + * packets from that FIB. + */ + continue; appended += rip_append(inp, ctx.ip, m, &ripsrc); } @@ -345,6 +359,9 @@ rip_input(struct mbuf **mp, int *offp, int proto) * and fall through into normal filter path if so. */ continue; + if (V_rip_bind_all_fibs == 0 && fib != inp->inp_inc.inc_fibnum) + continue; + /* * If this raw socket has multicast state, and we * have received a multicast, check if this socket diff --git a/sys/netinet6/icmp6.c b/sys/netinet6/icmp6.c index 39c252e16b75..0a0ca80de721 100644 --- a/sys/netinet6/icmp6.c +++ b/sys/netinet6/icmp6.c @@ -145,6 +145,9 @@ SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_NODEINFO, nodeinfo, VNET_DECLARE(struct inpcbinfo, ripcbinfo); #define V_ripcbinfo VNET(ripcbinfo) +VNET_DECLARE(int, rip_bind_all_fibs); +#define V_rip_bind_all_fibs VNET(rip_bind_all_fibs) + static void icmp6_errcount(int, int); static int icmp6_rip6_input(struct mbuf **, int); static void icmp6_reflect(struct mbuf *, size_t); @@ -1936,7 +1939,7 @@ icmp6_rip6_input(struct mbuf **mp, int off) struct sockaddr_in6 fromsa; struct icmp6_hdr *icmp6; struct mbuf *opts = NULL; - int delivered = 0; + int delivered = 0, fib; /* This is assumed to be safe; icmp6_input() does a pullup. */ icmp6 = (struct icmp6_hdr *)((caddr_t)ip6 + off); @@ -1955,7 +1958,15 @@ icmp6_rip6_input(struct mbuf **mp, int off) return (IPPROTO_DONE); } + fib = M_GETFIB(m); + while ((inp = inp_next(&inpi)) != NULL) { + if (V_rip_bind_all_fibs == 0 && fib != inp->inp_inc.inc_fibnum) + /* + * Sockets bound to a specific FIB can only receive + * packets from that FIB. + */ + continue; if (ICMP6_FILTER_WILLBLOCK(icmp6->icmp6_type, inp->in6p_icmp6filt)) continue; diff --git a/sys/netinet6/raw_ip6.c b/sys/netinet6/raw_ip6.c index 803dc3c1804e..caee18cab071 100644 --- a/sys/netinet6/raw_ip6.c +++ b/sys/netinet6/raw_ip6.c @@ -61,7 +61,6 @@ * @(#)raw_ip.c 8.2 (Berkeley) 1/4/94 */ -#include #include "opt_ipsec.h" #include "opt_inet6.h" #include "opt_route.h" @@ -120,6 +119,9 @@ VNET_DECLARE(struct inpcbinfo, ripcbinfo); #define V_ripcbinfo VNET(ripcbinfo) +VNET_DECLARE(int, rip_bind_all_fibs); +#define V_rip_bind_all_fibs VNET(rip_bind_all_fibs) + extern u_long rip_sendspace; extern u_long rip_recvspace; @@ -192,14 +194,16 @@ rip6_input(struct mbuf **mp, int *offp, int proto) struct rip6_inp_match_ctx ctx = { .ip6 = ip6, .proto = proto }; struct inpcb_iterator inpi = INP_ITERATOR(&V_ripcbinfo, INPLOOKUP_RLOCKPCB, rip6_inp_match, &ctx); - int delivered = 0; + int delivered = 0, fib; + M_ASSERTPKTHDR(m); NET_EPOCH_ASSERT(); RIP6STAT_INC(rip6s_ipackets); init_sin6(&fromsa, m, 0); /* general init */ + fib = M_GETFIB(m); ifp = m->m_pkthdr.rcvif; while ((inp = inp_next(&inpi)) != NULL) { @@ -223,6 +227,12 @@ rip6_input(struct mbuf **mp, int *offp, int proto) * and fall through into normal filter path if so. */ continue; + if (V_rip_bind_all_fibs == 0 && fib != inp->inp_inc.inc_fibnum) + /* + * Sockets bound to a specific FIB can only receive + * packets from that FIB. + */ + continue; if (inp->in6p_cksum != -1) { RIP6STAT_INC(rip6s_isum); if (m->m_pkthdr.len - (*offp + inp->in6p_cksum) < 2 || From nobody Fri Feb 21 01:57:21 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzYD14LY9z5nmSt; Fri, 21 Feb 2025 01:57:21 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzYD12myVz3ns8; Fri, 21 Feb 2025 01:57:21 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740103041; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=kTnf+fmWjd+mBdvfCCI2wDGoq45okjZu3Y3CcSI6oxo=; b=rDRYBUm+t/etVdhLyu2iJNnLWT1BiL2OtZHXHfpyoAmO0gCL1J6t5TrEJh4ZsSrVZEtwBh kZEIotGeYw6fx0oX3cZ9dgMo7g6umjv3V3CiNaL5fjdXozV+vh+6hVpxVY63Gfqf6n1zQz lj9B+fhS/nQ0AeAffECUYT/tHJFYXj2gMOt/U+EHs9ZT9t+Q5ma7XO9XZ1nj8qTXQvkX2F F/ZBbxEHJplQ8QOVmsWlp6HjgIHQF4CPlrZ7L9lXw0HfnEFv2HM5S1rcidW4xCEhyDZvMu u5ngSB+vEn9wMYgmqIyDPhSd8drWOFEG3vhK7tek9o/C8sRdFMDzgFf+/ZzwIA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740103041; a=rsa-sha256; cv=none; b=LPjpB39PHM6FalR81kvVeqWcJk7ndtbTT4isDFTWRj7V+Io57u3D+ZNZKkwABXM6HbiQRB anXZHAmIB7Su2lQDkeBsqRxWoUkk3BM29BhaYjUKTZ/cKQCzZldjnlYNvMCLUp8Ji9LWUN Bk1FNwBkz/UsPYhN1Tv3M5GkFe2vm7H/fzUUr75Wa7kL/c0TuStDc9hARUIItOb9Gnu4/t 5zZam8GGgh0E/8ltozldqrO0y5go4IWsfP+9+oU0q8xZU7HR6F48gfrTt/0Koc4rzjfcE9 aAXCIQvy94YTTFYtlytfUf+yyAAcQ2+bXeAKdziNujEEcYQiYC1vQ246SaQ7DA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740103041; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=kTnf+fmWjd+mBdvfCCI2wDGoq45okjZu3Y3CcSI6oxo=; b=jWY2XB6li9gEgAI+TY7qnOKc8Vgoso7qfZ28D6gCGX6AJqpdJHzvA4S7VEv09gdW/o80kw aYKV93v+aLZHMcGOkFisrGDtAmi/izi7AyOKuR/+m5RU6W3uZeXsoVOn+RsXl9PphthXQM Cg2qvaze5jRNsepNxlQaf00w7QmZ67ijkXw1BReR06qybXq0mKrCzGelkwMgSvpl6/z9F0 Xavf7hANrVGwRz5U/KUwEPmOwQovhBjE4pMUAOuEMz8iUlghg0DpxeyXbsmjfmuc4tOlDm SrxfQwkfV5/hkic4T8SY8x6Uu8e5q/HVW3sdD73khna/UKq8YHB++nqi3H8x5A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzYD12MBtz1Gtd; Fri, 21 Feb 2025 01:57:21 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51L1vLrl067556; Fri, 21 Feb 2025 01:57:21 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51L1vLow067553; Fri, 21 Feb 2025 01:57:21 GMT (envelope-from git) Date: Fri, 21 Feb 2025 01:57:21 GMT Message-Id: <202502210157.51L1vLow067553@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: a55bde2328e5 - stable/14 - socket: Move SO_SETFIB handling to protocol layers List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: a55bde2328e53b718faa68d00479b9652dbe44ad Auto-Submitted: auto-generated The branch stable/14 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=a55bde2328e53b718faa68d00479b9652dbe44ad commit a55bde2328e53b718faa68d00479b9652dbe44ad Author: Mark Johnston AuthorDate: 2025-02-06 14:16:21 +0000 Commit: Mark Johnston CommitDate: 2025-02-21 01:04:50 +0000 socket: Move SO_SETFIB handling to protocol layers In particular, we store a FIB number in both struct socket and in struct inpcb. When updating the FIB number with setsockopt(SO_SETFIB), make the update atomic. This is required to support the new bind_all_fibs mode, since in that mode changing the FIB of a bound socket is not permitted. This requires a bit more code, but avoids a layering violation in sosetopt(), where we hard-code the list of protocol families that implement SO_SETFIB. Reviewed by: glebius MFC after: 2 weeks Sponsored by: Klara, Inc. Sponsored by: Stormshield Differential Revision: https://reviews.freebsd.org/D48666 (cherry picked from commit caccbaef8e263b1d769e7bcac1c4617bdc12d484) --- sys/kern/uipc_socket.c | 29 ++++++++++++++--------------- sys/net/rtsock.c | 25 +++++++++++++++++++++++++ sys/netinet/ip_output.c | 16 ++++++++++++++-- sys/netinet/raw_ip.c | 11 ++++------- sys/netinet6/ip6_output.c | 16 ++++++++++++++-- sys/netinet6/raw_ip6.c | 11 ++++------- sys/sys/socketvar.h | 1 + 7 files changed, 76 insertions(+), 33 deletions(-) diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c index fcec1ef166fc..58090b28fcc8 100644 --- a/sys/kern/uipc_socket.c +++ b/sys/kern/uipc_socket.c @@ -3698,6 +3698,19 @@ sorflush(struct socket *so) } +int +sosetfib(struct socket *so, int fibnum) +{ + if (fibnum < 0 || fibnum >= rt_numfibs) + return (EINVAL); + + SOCK_LOCK(so); + so->so_fibnum = fibnum; + SOCK_UNLOCK(so); + + return (0); +} + /* * Wrapper for Socket established helper hook. * Parameters: socket, context of the hook point, hook id. @@ -3844,21 +3857,7 @@ sosetopt(struct socket *so, struct sockopt *sopt) break; case SO_SETFIB: - error = sooptcopyin(sopt, &optval, sizeof optval, - sizeof optval); - if (error) - goto bad; - - if (optval < 0 || optval >= rt_numfibs) { - error = EINVAL; - goto bad; - } - if (((so->so_proto->pr_domain->dom_family == PF_INET) || - (so->so_proto->pr_domain->dom_family == PF_INET6) || - (so->so_proto->pr_domain->dom_family == PF_ROUTE))) - so->so_fibnum = optval; - else - so->so_fibnum = 0; + error = so->so_proto->pr_ctloutput(so, sopt); break; case SO_USER_COOKIE: diff --git a/sys/net/rtsock.c b/sys/net/rtsock.c index 4678edeb06d5..8b4e716a0508 100644 --- a/sys/net/rtsock.c +++ b/sys/net/rtsock.c @@ -425,6 +425,30 @@ rts_attach(struct socket *so, int proto, struct thread *td) return (0); } +static int +rts_ctloutput(struct socket *so, struct sockopt *sopt) +{ + int error, optval; + + error = ENOPROTOOPT; + if (sopt->sopt_dir == SOPT_SET) { + switch (sopt->sopt_level) { + case SOL_SOCKET: + switch (sopt->sopt_name) { + case SO_SETFIB: + error = sooptcopyin(sopt, &optval, + sizeof(optval), sizeof(optval)); + if (error != 0) + break; + error = sosetfib(so, optval); + break; + } + break; + } + } + return (error); +} + static void rts_detach(struct socket *so) { @@ -2687,6 +2711,7 @@ static struct protosw routesw = { .pr_flags = PR_ATOMIC|PR_ADDR, .pr_abort = rts_close, .pr_attach = rts_attach, + .pr_ctloutput = rts_ctloutput, .pr_detach = rts_detach, .pr_send = rts_send, .pr_shutdown = rts_shutdown, diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 892a54eb628d..e798431397f7 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1100,10 +1100,22 @@ ip_ctloutput(struct socket *so, struct sockopt *sopt) sopt->sopt_dir == SOPT_SET) { switch (sopt->sopt_name) { case SO_SETFIB: + error = sooptcopyin(sopt, &optval, + sizeof(optval), sizeof(optval)); + if (error != 0) + break; + INP_WLOCK(inp); - inp->inp_inc.inc_fibnum = so->so_fibnum; + if ((inp->inp_flags & INP_BOUNDFIB) != 0 && + optval != so->so_fibnum) { + INP_WUNLOCK(inp); + error = EISCONN; + break; + } + error = sosetfib(inp->inp_socket, optval); + if (error == 0) + inp->inp_inc.inc_fibnum = optval; INP_WUNLOCK(inp); - error = 0; break; case SO_MAX_PACING_RATE: #ifdef RATELIMIT diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index c30878d48c74..287a806845c4 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -635,13 +635,10 @@ rip_ctloutput(struct socket *so, struct sockopt *sopt) int error, optval; if (sopt->sopt_level != IPPROTO_IP) { - if ((sopt->sopt_level == SOL_SOCKET) && - (sopt->sopt_name == SO_SETFIB)) { - INP_WLOCK(inp); - inp->inp_inc.inc_fibnum = so->so_fibnum; - INP_WUNLOCK(inp); - return (0); - } + if (sopt->sopt_dir == SOPT_SET && + sopt->sopt_level == SOL_SOCKET && + sopt->sopt_name == SO_SETFIB) + return (ip_ctloutput(so, sopt)); return (EINVAL); } diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index d98d7c5aa928..afc8b60e4cbe 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -1658,10 +1658,22 @@ ip6_ctloutput(struct socket *so, struct sockopt *sopt) sopt->sopt_dir == SOPT_SET) { switch (sopt->sopt_name) { case SO_SETFIB: + error = sooptcopyin(sopt, &optval, + sizeof(optval), sizeof(optval)); + if (error != 0) + break; + INP_WLOCK(inp); - inp->inp_inc.inc_fibnum = so->so_fibnum; + if ((inp->inp_flags & INP_BOUNDFIB) != 0 && + optval != so->so_fibnum) { + INP_WUNLOCK(inp); + error = EISCONN; + break; + } + error = sosetfib(inp->inp_socket, optval); + if (error == 0) + inp->inp_inc.inc_fibnum = optval; INP_WUNLOCK(inp); - error = 0; break; case SO_MAX_PACING_RATE: #ifdef RATELIMIT diff --git a/sys/netinet6/raw_ip6.c b/sys/netinet6/raw_ip6.c index 66fe0afbe918..803dc3c1804e 100644 --- a/sys/netinet6/raw_ip6.c +++ b/sys/netinet6/raw_ip6.c @@ -578,13 +578,10 @@ rip6_ctloutput(struct socket *so, struct sockopt *sopt) */ return (icmp6_ctloutput(so, sopt)); else if (sopt->sopt_level != IPPROTO_IPV6) { - if (sopt->sopt_level == SOL_SOCKET && - sopt->sopt_name == SO_SETFIB) { - INP_WLOCK(inp); - inp->inp_inc.inc_fibnum = so->so_fibnum; - INP_WUNLOCK(inp); - return (0); - } + if (sopt->sopt_dir == SOPT_SET && + sopt->sopt_level == SOL_SOCKET && + sopt->sopt_name == SO_SETFIB) + return (ip6_ctloutput(so, sopt)); return (EINVAL); } diff --git a/sys/sys/socketvar.h b/sys/sys/socketvar.h index b60c8726833b..f7b23d239157 100644 --- a/sys/sys/socketvar.h +++ b/sys/sys/socketvar.h @@ -555,6 +555,7 @@ int sosend_dgram(struct socket *so, struct sockaddr *addr, int sosend_generic(struct socket *so, struct sockaddr *addr, struct uio *uio, struct mbuf *top, struct mbuf *control, int flags, struct thread *td); +int sosetfib(struct socket *so, int fibnum); int soshutdown(struct socket *so, int how); void soupcall_clear(struct socket *, sb_which); void soupcall_set(struct socket *, sb_which, so_upcall_t, void *); From nobody Fri Feb 21 01:57:23 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzYD40BpQz5nmYl; Fri, 21 Feb 2025 01:57:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzYD34z6Xz3nfZ; Fri, 21 Feb 2025 01:57:23 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740103043; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=EdwSp62UBxAqvmzJHB5E8uZ2DYnC3QJsT3JR0YcxI2g=; b=NVjbSF0cqtOvvLDDWUGNCvJx8qt7juumbifCX+5nP1WWHnU1FNaH8j8HoTazeqx3ZVxIAr pBQvGvY+F0kJqgzJ2nw3ENlBczjJCpuwfjjk9s8fVXPCVl4NqOZ2dgUyTDfi7xwFEagkv6 b7cH/uT2s+uAkF/xFVkm9CXtjQP0uD+L2pmJPp8LRPT9DskEncrP9ey5XkkWP763lhSja2 LbxBvxEQRdpEAfVSbCR5IboIgsZkwJyH40RSXiSnOywrBNA6bNeKSWFCvc+Rtg0fqRIKsB 2uLpWRP48iaD/k78kj9zrJk5axPWR9UOhjjzKQuoLawtslbO4iqxHdhvCYX2XA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740103043; a=rsa-sha256; cv=none; b=qv5QdMKJuJAfESRgAMYv1hIrn6A09bEst4u03lPzQ9vbLGQhJHXqIqWi41AGzVPeF+O1oU qiKzGaBKPn0PhHGWxWZO5AmjVKU6B0TTqrB0U5WH20rRs4M8HBmjvVI54tBjFxhPYtNt8S x9dNwkea9KNc+c8vgbN1wqpLJqgK4KQiuehLqxwZmmJWKdQyrU4SxeNJkhttBCuePqooBh fWbKHzSFs73eJ8D3F036GMqx19u0oN57rOPEWFB+gRbqrCjqTudAlDIG9T3dYJ1/ejsWNu Fog/SEN5qfBJaNduQaCigPgqQFqqFYLkl6GxbQvZ94CsqQ4cCTo+h33cYNCZ7A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740103043; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=EdwSp62UBxAqvmzJHB5E8uZ2DYnC3QJsT3JR0YcxI2g=; b=tpdzeB+FoJwkUzyVj4XRumBH5liYAIydvKvhEpUCX382B/xEhCS8khGSvZe4K951dNU7xA fF1VS2Yf47D5jOz5+zjBz0R79fhaJhKPNRExe7LFQMglcxsVXuyOHw7mu2TsbvmTPxOxVC 55Fqufc94xaCh5rqq8nF62cR501Trhrt/rZ7tGElVNWSS0AK2a6rwl/ebOCCYaLPk474l2 r2ZbDJuC9iWT6Bw0sIY6B11kTf1hqKhLl30caqdnl2pOS8/oXCxLOwmFTz6d6VN2Gt1fCL l/sKLkfMLoGGrwyBZXgYy5L4aR6QFSrf+sQ7ciXc4c5dpo5cqQlS6b5WJYktuQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzYD34FJWz1GDf; Fri, 21 Feb 2025 01:57:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51L1vNSN067627; Fri, 21 Feb 2025 01:57:23 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51L1vNBQ067624; Fri, 21 Feb 2025 01:57:23 GMT (envelope-from git) Date: Fri, 21 Feb 2025 01:57:23 GMT Message-Id: <202502210157.51L1vNBQ067624@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: b0f2df45e7a6 - stable/14 - socket: Add an option to retrieve a socket's FIB number List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: b0f2df45e7a6f1db28bd96fc5da690618a0c38a6 Auto-Submitted: auto-generated The branch stable/14 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=b0f2df45e7a6f1db28bd96fc5da690618a0c38a6 commit b0f2df45e7a6f1db28bd96fc5da690618a0c38a6 Author: Mark Johnston AuthorDate: 2025-02-06 14:17:19 +0000 Commit: Mark Johnston CommitDate: 2025-02-21 01:04:50 +0000 socket: Add an option to retrieve a socket's FIB number The SO_SETFIB option can be used to set a socket's FIB number, but there is no way to retrieve it. Rename SO_SETFIB to SO_FIB and implement a handler for it for getsockopt(2). Reviewed by: glebius MFC after: 2 weeks Sponsored by: Klara, Inc. Sponsored by: Stormshield Differential Revision: https://reviews.freebsd.org/D48834 (cherry picked from commit ee951eb59f2136a604e3fbb12abf8d8344da0c99) --- lib/libc/sys/getsockopt.2 | 4 ++-- sys/kern/uipc_socket.c | 6 ++++++ sys/sys/socket.h | 3 ++- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/lib/libc/sys/getsockopt.2 b/lib/libc/sys/getsockopt.2 index 548e2f738e22..868f40e97773 100644 --- a/lib/libc/sys/getsockopt.2 +++ b/lib/libc/sys/getsockopt.2 @@ -177,7 +177,7 @@ for the socket .It Dv SO_PROTOTYPE Ta "SunOS alias for the Linux SO_PROTOCOL (get only)" .It Dv SO_ERROR Ta "get and clear error on the socket (get only)" .It Dv SO_RERROR Ta "enables receive error reporting" -.It Dv SO_SETFIB Ta "set the associated FIB (routing table) for the socket (set only)" +.It Dv SO_FIB Ta "get or set the associated FIB (routing table) for the socket" .El .Pp The following options are recognized in @@ -360,7 +360,7 @@ or with the error .Er EWOULDBLOCK if no data were received. .Pp -.Dv SO_SETFIB +.Dv SO_FIB can be used to over-ride the default FIB (routing table) for the given socket. The value must be from 0 to one less than the number returned from the sysctl diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c index 58090b28fcc8..58e374d7aed2 100644 --- a/sys/kern/uipc_socket.c +++ b/sys/kern/uipc_socket.c @@ -4101,6 +4101,12 @@ integer: error = sooptcopyout(sopt, &optval, sizeof optval); break; + case SO_FIB: + SOCK_LOCK(so); + optval = so->so_fibnum; + SOCK_UNLOCK(so); + goto integer; + case SO_DOMAIN: optval = so->so_proto->pr_domain->dom_family; goto integer; diff --git a/sys/sys/socket.h b/sys/sys/socket.h index 65b5c5ee001d..b2afc735a383 100644 --- a/sys/sys/socket.h +++ b/sys/sys/socket.h @@ -166,7 +166,8 @@ typedef __uintptr_t uintptr_t; #define SO_LISTENQLIMIT 0x1011 /* socket's backlog limit */ #define SO_LISTENQLEN 0x1012 /* socket's complete queue length */ #define SO_LISTENINCQLEN 0x1013 /* socket's incomplete queue length */ -#define SO_SETFIB 0x1014 /* use this FIB to route */ +#define SO_FIB 0x1014 /* get or set socket FIB */ +#define SO_SETFIB SO_FIB /* backward compat alias */ #define SO_USER_COOKIE 0x1015 /* user cookie (dummynet etc.) */ #define SO_PROTOCOL 0x1016 /* get socket protocol (Linux name) */ #define SO_PROTOTYPE SO_PROTOCOL /* alias for SO_PROTOCOL (SunOS name) */ From nobody Fri Feb 21 01:57:24 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzYD51wP5z5nmcJ; Fri, 21 Feb 2025 01:57:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzYD45ZHhz3nsk; Fri, 21 Feb 2025 01:57:24 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740103044; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=XMJIiciZkk2c0+VFzYLDQud0/P9Ey6nvXPjzbABZX6g=; b=BceDoYGoZ7pf7XR1tMW+LILKEKdH1W4lCNgMtGe+UefJHSJlZTkvTpH+64ztWNb2Stxf+N C4viCdmG5p6Y895o++nxSG12lMIjbBEIauAC8wOG493iJ9gTpn7ZKNQlWNFJb1h5XoKziS Tygu9B4KgUwEvCM3pfl34KCQQysFIKOunaQboP6kbnBvFcdsV5H4iEb17JnfShK7PzyQGC Csfx7wpUhh8SRwoA6uc7A2yIvY6nvmGhYx3P7sNjVlSIVbT/u30Jb6/xx0PE325MHLpT5Y GgLdbUeyIA2s9AjI2/3XbmN3dWz8rqRg6/e3N8A3DgeKjRROFRwVH5bvXOV99Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740103044; a=rsa-sha256; cv=none; b=KSApcUXIxriD6c6KZ83ERIVe6rFXgFbfgogn5lwKQoHrdThpJYWhmtZu+RYUEiXsV05/8C OM4yZWtCYes20ZCkF8Fk4XYhnsRhwuEReTyIxEAcqpGQhL5hRTOKG/E77zszYdxoPx4/E7 HO9he9IMoECdVChm4xrZtSxpWbv7wIrcgnLbqprVgXs1Vggt8qJ5kWJXa16MYxWPjPVydT 0EcGPtbgQg4DYRUPe5KCiZNS0l3gBxmtNsj3m3RDA+omBUZK13AhXKVpNItFOdAAUkpgdS q0/gNYRGRWYGxcun88x3iB4V1L4L5XBnGnsSXDOHNYbJzdpDuNBjUELUWj/gwQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740103044; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=XMJIiciZkk2c0+VFzYLDQud0/P9Ey6nvXPjzbABZX6g=; b=Pa/GtyFlcovoBN0JYaUAJXK2neIDnRwb3x2rUE/9anTKVcFqIrTjfUs3iuI+TKpGT9swsc D1ePK4lXoGXvIGj4QRdzgOFy0JQ6qOcA4HexwWMCz5rSiJMX7XF5ayBSEIhDKwxJ4lN91U fsHE7Ifqsqcrw/M7gexr9HS1prh3ZTKTTJlCCfuLpjx6Cn2fBfr49QLw/80rwSH2PLSKlo VYOCKL14nOcFV/gmYj/JNNrkpj7LJr440B1+S2yfUu/zN62M3x1aSMmDOswstw4joGm8Uk sPvHdGwjpRk4tmB3TvvVWpGLIwHAWUL74gBk/qm++fAKKI8HVNozVGwZawm/+Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzYD4595jz1GQb; Fri, 21 Feb 2025 01:57:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51L1vOcd067663; Fri, 21 Feb 2025 01:57:24 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51L1vOun067660; Fri, 21 Feb 2025 01:57:24 GMT (envelope-from git) Date: Fri, 21 Feb 2025 01:57:24 GMT Message-Id: <202502210157.51L1vOun067660@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: b65e307e9458 - stable/14 - inpcb: Move the definition of struct inpcblbgroup to in_pcb_var.h List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: b65e307e9458bac617b77cac171a2d953ebd11dc Auto-Submitted: auto-generated The branch stable/14 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=b65e307e9458bac617b77cac171a2d953ebd11dc commit b65e307e9458bac617b77cac171a2d953ebd11dc Author: Mark Johnston AuthorDate: 2025-01-23 16:20:55 +0000 Commit: Mark Johnston CommitDate: 2025-02-21 01:04:50 +0000 inpcb: Move the definition of struct inpcblbgroup to in_pcb_var.h It's only needed for in_pcb.c and in6_pcb.c, so can go to the private header. No functional change intended. Reported by: glebius MFC after: 2 weeks Sponsored by: Klara, Inc. Sponsored by: Stormshield (cherry picked from commit ca94f92c23fd09b28ac3398657ae2ae9367bcdf5) --- sys/netinet/in_pcb.h | 22 ---------------------- sys/netinet/in_pcb_var.h | 22 ++++++++++++++++++++++ 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/sys/netinet/in_pcb.h b/sys/netinet/in_pcb.h index 6ea99b58f246..17f24ba0bee7 100644 --- a/sys/netinet/in_pcb.h +++ b/sys/netinet/in_pcb.h @@ -423,28 +423,6 @@ SYSINIT(prot##_inpcbstorage_init, SI_SUB_PROTO_DOMAIN, \ SYSUNINIT(prot##_inpcbstorage_uninit, SI_SUB_PROTO_DOMAIN, \ SI_ORDER_SECOND, in_pcbstorage_destroy, &prot) -/* - * Load balance groups used for the SO_REUSEPORT_LB socket option. Each group - * (or unique address:port combination) can be re-used at most - * INPCBLBGROUP_SIZMAX (256) times. The inpcbs are stored in il_inp which - * is dynamically resized as processes bind/unbind to that specific group. - */ -struct inpcblbgroup { - CK_LIST_ENTRY(inpcblbgroup) il_list; - struct epoch_context il_epoch_ctx; - struct ucred *il_cred; - uint16_t il_lport; /* (c) */ - u_char il_vflag; /* (c) */ - uint8_t il_numa_domain; - int il_fibnum; - union in_dependaddr il_dependladdr; /* (c) */ -#define il_laddr il_dependladdr.id46_addr.ia46_addr4 -#define il6_laddr il_dependladdr.id6_addr - uint32_t il_inpsiz; /* max count in il_inp[] (h) */ - uint32_t il_inpcnt; /* cur count in il_inp[] (h) */ - struct inpcb *il_inp[]; /* (h) */ -}; - #define INP_LOCK_DESTROY(inp) rw_destroy(&(inp)->inp_lock) #define INP_RLOCK(inp) rw_rlock(&(inp)->inp_lock) #define INP_WLOCK(inp) rw_wlock(&(inp)->inp_lock) diff --git a/sys/netinet/in_pcb_var.h b/sys/netinet/in_pcb_var.h index 1780a9859f5f..261cd5408956 100644 --- a/sys/netinet/in_pcb_var.h +++ b/sys/netinet/in_pcb_var.h @@ -64,4 +64,26 @@ struct inpcbport { u_short phd_port; }; +/* + * Load balance groups used for the SO_REUSEPORT_LB socket option. Each group + * (or unique address:port combination) can be re-used at most + * INPCBLBGROUP_SIZMAX (256) times. The inpcbs are stored in il_inp which + * is dynamically resized as processes bind/unbind to that specific group. + */ +struct inpcblbgroup { + CK_LIST_ENTRY(inpcblbgroup) il_list; + struct epoch_context il_epoch_ctx; + struct ucred *il_cred; + uint16_t il_lport; /* (c) */ + u_char il_vflag; /* (c) */ + uint8_t il_numa_domain; + int il_fibnum; + union in_dependaddr il_dependladdr; /* (c) */ +#define il_laddr il_dependladdr.id46_addr.ia46_addr4 +#define il6_laddr il_dependladdr.id6_addr + uint32_t il_inpsiz; /* max count in il_inp[] (h) */ + uint32_t il_inpcnt; /* cur count in il_inp[] (h) */ + struct inpcb *il_inp[]; /* (h) */ +}; + #endif /* !_NETINET_IN_PCB_VAR_H_ */ From nobody Fri Feb 21 01:57:25 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzYD61VfBz5nmRb; Fri, 21 Feb 2025 01:57:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzYD569gGz3nqm; Fri, 21 Feb 2025 01:57:25 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740103045; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=vTLOgN+6eD81oGqn8XONYDsmYtIjdpJpU4C1vfPUhYU=; b=IzsnS2n5hIzukyBLTwM9h1Uc63bA2vg0+pIF8S73oJRGcRNfbXhJVH69Soi8UYeK3oDyN6 t5EIKmXJshjJ3UcFCJ3+TH1SOdsUUDjByD9oIKvDMuhLXmLliqexbZvRJ8Nu5rJhTKL0T+ 60VX45ZQrxcYsAKdEWRyCqv8+Zv24F5ljeSRBQk3bYb36nEp2HSIe9AWSBiqtpkHx6ZSUM PPdQzJN58g9tY2YI/91GdOUhFyQrmi1ytVjWm9o6NQM899zmTe5HMy6f8owPEvy09NAnFP MGs3g4rEwVMRK0kzifmRBKPQ8eCr4kPiyHxMpGKpDzeYiSQ5r4nAfo0oBBTQWA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740103045; a=rsa-sha256; cv=none; b=CPu4dmfqUjL95zA9GRtxbqTw5Bn+UGrKNhW7xRgcs5SRMzZhQH5YTZiR2nOWwK8oLCu/RU TDUB3Ry2mvKxGtydi6xtTOx58dS5+XzEZDCwsitHRZZxCysEHWi7MJuVk51olv8Cnm/Xtk 29nfw0oOeoCxfUvW4fGQLrTCGwpzURKJLqD4W/y2D79BRiA2zb+qACcOfCZkVJjAAwlaPR WY7UvQRn1n4vhyt7lwxzsNm1AgNozBGf4foiILrOkXreXctFz6WI++BJeK3cP74x7EuKcV XI0tAseIURr3s78uL4paPtV7LA5Brql5qBRabqLJNNESFPktI4f8Fs2jxTN7mg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740103045; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=vTLOgN+6eD81oGqn8XONYDsmYtIjdpJpU4C1vfPUhYU=; b=IjASpn6bJlV4dx4xMyehhlgAdBkI8MKhsI/c0DybWCIFY2cQjdRy9nwcy/eASB+IrP6vHc NAZwAL5bbIOTrwUvJGTtXMQdejBSs9X2H7i0WKRtXWbu+MybRo43CsIuWu540xwL00w1dL 9/2Zytd3aYzIn861K4+PS/BOUTXFfCJtH+yoj7SACluWt8QF0BWPHp/+1x3IBDmrXZRGvF 9u3T1InEVu9qhxZCxYEpOkTQwvA+Y2PLoBhQRV4MQ4eh11IaNJCo2H0ZDuIVLvc6JECMwn C4wOf4l5CjYmB3MkGkUxVhQUQ0t2GbvK83qGWyuU0+vEZVXDEG/h7WOpJZ/oww== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzYD55lRsz1GDg; Fri, 21 Feb 2025 01:57:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51L1vPU2067696; Fri, 21 Feb 2025 01:57:25 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51L1vPfJ067693; Fri, 21 Feb 2025 01:57:25 GMT (envelope-from git) Date: Fri, 21 Feb 2025 01:57:25 GMT Message-Id: <202502210157.51L1vPfJ067693@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 3ff5faee9e75 - stable/14 - tools: Add a small program to demonstrate FIB handling in bind(2) List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 3ff5faee9e753e70191bb17489600dceaee0424a Auto-Submitted: auto-generated The branch stable/14 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=3ff5faee9e753e70191bb17489600dceaee0424a commit 3ff5faee9e753e70191bb17489600dceaee0424a Author: Mark Johnston AuthorDate: 2025-02-04 16:45:21 +0000 Commit: Mark Johnston CommitDate: 2025-02-21 01:04:50 +0000 tools: Add a small program to demonstrate FIB handling in bind(2) MFC after: 2 weeks Sponsored by: Klara, Inc. Sponsored by: Stormshield (cherry picked from commit 3fa552149885766b009d95d20bdf651786fac7b7) --- tools/tools/fib_multibind/Makefile | 4 + tools/tools/fib_multibind/sink.c | 237 +++++++++++++++++++++++++++++++++++++ 2 files changed, 241 insertions(+) diff --git a/tools/tools/fib_multibind/Makefile b/tools/tools/fib_multibind/Makefile new file mode 100644 index 000000000000..1d447e788a4f --- /dev/null +++ b/tools/tools/fib_multibind/Makefile @@ -0,0 +1,4 @@ +PROG= sink +MAN= + +.include diff --git a/tools/tools/fib_multibind/sink.c b/tools/tools/fib_multibind/sink.c new file mode 100644 index 000000000000..fe93a66fe266 --- /dev/null +++ b/tools/tools/fib_multibind/sink.c @@ -0,0 +1,237 @@ +/* + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2025 Klara, Inc. + */ + +/* + * A program to demonstrate the effects of the net.inet.tcp.bind_all_fibs and + * net.inet.udp.bind_all_fibs sysctls when they are set to 0. + * + * The program accepts TCP connections (default) or UDP datagrams (-u flag) and + * prints the FIB on which they were received, then discards them. If -a is + * specific, the program accepts data from all FIBs, otherwise it only accepts + * data from the FIB specified by the -f option. + */ + +#include +#include +#include + +#include + +#include +#include +#include +#include +#include +#include +#include + +struct sink_softc { + struct sockaddr_storage ss; + enum { SINK_TCP, SINK_UDP } type; + int nfibs; + int kq; + int *fds; +}; + +static void _Noreturn +usage(void) +{ + fprintf(stderr, + "usage: sink [-au] [-f ] [] \n"); + exit(1); +} + +static void +check_multibind(struct sink_softc *sc) +{ + const char *sysctl; + size_t len; + int error, val; + + sysctl = sc->type == SINK_TCP ? "net.inet.tcp.bind_all_fibs" : + "net.inet.udp.bind_all_fibs"; + len = sizeof(val); + error = sysctlbyname(sysctl, &val, &len, NULL, 0); + if (error != 0) + err(1, "sysctlbyname(%s)", sysctl); + if (val != 0) + errx(1, "multibind is disabled, set %s=0 to enable", sysctl); +} + +static void +addrinfo(struct sink_softc *sc, const char *addr, int port) +{ + struct addrinfo hints, *res, *res1; + char portstr[8]; + int error; + + memset(&sc->ss, 0, sizeof(sc->ss)); + + memset(&hints, 0, sizeof(hints)); + hints.ai_socktype = sc->type == SINK_TCP ? SOCK_STREAM : SOCK_DGRAM; + snprintf(portstr, sizeof(portstr), "%d", port); + error = getaddrinfo(addr, portstr, &hints, &res); + if (error != 0) + errx(1, "%s", gai_strerror(error)); + for (res1 = res; res != NULL; res = res->ai_next) { + if ((res->ai_protocol == IPPROTO_TCP && sc->type == SINK_TCP) || + (res->ai_protocol == IPPROTO_UDP && sc->type == SINK_UDP)) { + memcpy(&sc->ss, res->ai_addr, res->ai_addrlen); + break; + } + } + if (res == NULL) { + errx(1, "no %s address found for '%s'", + sc->type == SINK_TCP ? "TCP" : "UDP", addr); + } + freeaddrinfo(res1); +} + +int +main(int argc, char **argv) +{ + struct sink_softc sc; + const char *laddr; + int ch, error, fib, lport; + bool all; + + all = false; + sc.type = SINK_TCP; + fib = -1; + while ((ch = getopt(argc, argv, "af:u")) != -1) { + switch (ch) { + case 'a': + all = true; + break; + case 'f': + fib = atoi(optarg); + break; + case 'u': + sc.type = SINK_UDP; + break; + default: + usage(); + break; + } + } + argc -= optind; + argv += optind; + + if (all && fib != -1) + errx(1, "-a and -f are mutually exclusive"); + if (fib == -1) { + size_t len; + + error = sysctlbyname("net.my_fibnum", &fib, &len, NULL, 0); + if (error != 0) + err(1, "sysctlbyname(net.my_fibnum)"); + } + + if (argc == 2) { + laddr = argv[0]; + lport = atoi(argv[1]); + } else if (argc == 1) { + laddr = NULL; + lport = atoi(argv[0]); + } else { + usage(); + } + addrinfo(&sc, laddr, lport); + + check_multibind(&sc); + + sc.kq = kqueue(); + if (sc.kq == -1) + err(1, "kqueue"); + + if (all) { + size_t len; + + len = sizeof(sc.nfibs); + error = sysctlbyname("net.fibs", &sc.nfibs, &len, NULL, 0); + if (error != 0) + err(1, "sysctlbyname(net.fibs)"); + } else { + sc.nfibs = 1; + } + + sc.fds = calloc(all ? sc.nfibs : 1, sizeof(int)); + if (sc.fds == NULL) + err(1, "calloc"); + for (int i = 0; i < sc.nfibs; i++) { + struct kevent kev; + int s; + + if (sc.type == SINK_TCP) + s = socket(sc.ss.ss_family, SOCK_STREAM, 0); + else + s = socket(sc.ss.ss_family, SOCK_DGRAM, 0); + if (s == -1) + err(1, "socket"); + error = setsockopt(s, SOL_SOCKET, SO_SETFIB, + all ? &i : &fib, sizeof(int)); + if (error != 0) + err(1, "setsockopt(SO_SETFIB)"); + + error = bind(s, (struct sockaddr *)&sc.ss, sc.ss.ss_len); + if (error != 0) + err(1, "bind"); + + if (sc.type == SINK_TCP) { + error = listen(s, 5); + if (error != 0) + err(1, "listen"); + } + + EV_SET(&kev, s, EVFILT_READ, EV_ADD, 0, 0, NULL); + error = kevent(sc.kq, &kev, 1, NULL, 0, NULL); + if (error != 0) + err(1, "kevent"); + + sc.fds[i] = s; + } + + for (;;) { + struct kevent kev; + socklen_t optlen; + int n; + + n = kevent(sc.kq, NULL, 0, &kev, 1, NULL); + if (n == -1) + err(1, "kevent"); + if (n == 0) + continue; + + optlen = sizeof(fib); + error = getsockopt((int)kev.ident, SOL_SOCKET, SO_FIB, + &fib, &optlen); + if (error == -1) + err(1, "getsockopt(SO_FIB)"); + + if (sc.type == SINK_TCP) { + int cs; + + printf("accepting connection from FIB %d\n", fib); + + cs = accept((int)kev.ident, NULL, NULL); + if (cs == -1) + err(1, "accept"); + close(cs); + } else { + char buf[1024]; + ssize_t nb; + + printf("receiving datagram from FIB %d\n", fib); + + nb = recvfrom((int)kev.ident, buf, sizeof(buf), 0, + NULL, NULL); + if (nb == -1) + err(1, "recvfrom"); + } + } + + return (0); +} From nobody Fri Feb 21 01:57:26 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzYD75pBMz5nmNG; Fri, 21 Feb 2025 01:57:27 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzYD66mdBz3p46; Fri, 21 Feb 2025 01:57:26 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740103047; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9zHYTASgD8mGOy+wrbKdd3pmbBRhMvVIJM72rPXgSpI=; b=hvlKTgJ4cCd9hq923hpXeQaBGPtNAAXkgI+XDFNq3rmgxWuJa5wia1agyQAZu5F2gOCXTU cnN6s4zb6HMfRMZTcUbf2BzkSEXAyQstQIPqVX32WqDj6q+d9XqY9d4kTV+PNJJ2Wzy8dB hkmpYzQ0Ya5KvzckQzF6BkeJ4NT0B9OUsx2cU+JMXobcWBPYj0PUTKTHmzjthRc+k1Z3GT ledISs6xOGnNU2p8GiAcMplT58rCceNmRc5tdQViYJpIarkyQLBIojrCnBOsn6/qCyYDSz zag6gTZUYpMKyGM7m4Ktsf6CbuZtNoN2qLtrrbQukqvOBU9/PGI6Js6CtgY8ZQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740103047; a=rsa-sha256; cv=none; b=yd4V5Wx2/vizPeP/yjQGSNAOsl0QJSuHcOHXVULt6BCegnpbPGkVrXtyO9ww79Ih/jeafv 3+NIyR6VBNEBDYN14DY7Gfj4wW+frwWfk4erOSmXSigNpiwG3ODI3YzdKIZWVtp84MIQ9M kW6SYt50jzFGZozGtmr4qEEq1C6F2/107yoVTIFCDFEVlwARd8n0C416L+OPm71Im51sdJ pyulaGta6w4+XPEo25Ur7nkENMb/NNyJMXkXDHFIDYcamSnrXTFSObBdLdRYk0Nuq1kh6F BuygU95TPagd9/5ipyb1CotrCZ5UMYbj6zfYmP6modEWVlg9QyHy262H04isIQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740103047; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9zHYTASgD8mGOy+wrbKdd3pmbBRhMvVIJM72rPXgSpI=; b=MZHRffYZs4i/Z4hJu3AfbZUka3lUFFL9W0ruSOQltEDbJ0bahX0xI/UKG3mswMaNCO7gpj ULJLcwEYErU79uFxfGacKvhvrtaV9Cztqg1ic4XFnNv24dJcT0U0P7Ics1xFLn2Hvtyv3g ESvCGRbPr2e6NJ7IfD2kgWwyWVxH+SF+uIy8nhN8LwQYir6eIkIBqXmDp/J/4U6SltFr1r R9/jUBHViM2Hfu2cmAaWYGAyCF5ePMznL7+gnGIvtaPJbKK5QFcKxcq7A+7S6XYgwDIRQD /FfuZgn2XDweHdFlDM8zrYJnMQ72BsAQ+vHQcwrVssO19U44Eolizht87ccFlQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzYD66Ndhz1GQc; Fri, 21 Feb 2025 01:57:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51L1vQhS067729; Fri, 21 Feb 2025 01:57:26 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51L1vQID067726; Fri, 21 Feb 2025 01:57:26 GMT (envelope-from git) Date: Fri, 21 Feb 2025 01:57:26 GMT Message-Id: <202502210157.51L1vQID067726@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: bf5056741d6e - stable/14 - savecore tests: Update to match output from savecore(8) List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: bf5056741d6ed263b8e8fbac24d6460a4646c72d Auto-Submitted: auto-generated The branch stable/14 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=bf5056741d6ed263b8e8fbac24d6460a4646c72d commit bf5056741d6ed263b8e8fbac24d6460a4646c72d Author: Mark Johnston AuthorDate: 2025-01-24 14:32:36 +0000 Commit: Mark Johnston CommitDate: 2025-02-21 01:04:50 +0000 savecore tests: Update to match output from savecore(8) (cherry picked from commit ff13773802dcc22f3585fb953c9fffbb605ce3ac) --- sbin/savecore/tests/livedump_test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sbin/savecore/tests/livedump_test.sh b/sbin/savecore/tests/livedump_test.sh index 42c726bfad4e..382b090235ee 100644 --- a/sbin/savecore/tests/livedump_test.sh +++ b/sbin/savecore/tests/livedump_test.sh @@ -13,7 +13,7 @@ livedump_kldstat_head() } livedump_kldstat_body() { - atf_check savecore -L . + atf_check -e match:"savecore .*- livedump" savecore -L . kernel=$(sysctl -n kern.bootfile) From nobody Fri Feb 21 01:57:27 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzYD84Kzyz5nmRh; Fri, 21 Feb 2025 01:57:28 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzYD80bx1z3p1y; Fri, 21 Feb 2025 01:57:28 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740103048; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=TB5UmC21xD5yw//Os2LWdjdxoqzpoDDTZe80bNVI4tE=; b=Mj3TW09Q30Axy5vRQlNbg15wnlKz3iwvLWoT6//BHMa+1m4KZpOjCbdLSIrINkYKbM+TiL bs+qOjKLdeSr1TrCqGN7vAd50xh+Jo/ogP/GyGudRobwUN8DoUhuHslc5b1dTDdsNqjbdh aaMDI+8UlVE6AJcvS55Fyl9yYFKNHSJqglZfMG0vrnnHsh2tPT4rg/NBXnmpgMliEPN0/J QLnyo0EPWTbhjCgfRhI4CtlAO2JADi89EGK35/pk/8M4PNwD1t/We1cgOTSKKNHqU9+VOa BRChOnrifKCmPaveThbbT35hV+EQL3puZDnFU2W+rCudvY1/Uyu6vLbVeAu0Vg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740103048; a=rsa-sha256; cv=none; b=d4K/u8S/f3/E7HOrCKh5Pj8zy+niS9V63mfhc3sk5Geu3FcOxr5PyNoHKiAvogXIjF59s1 Xj3dxeF7z0eSN2Y0jn5xJbyn02j9lYNxzC2J3pq6osBdeU0PlVOv2HXiCTdilLz5GE74F+ bhLo4nUzfJ4cEWXh+6lslQH+FkDnEMKJuuD/Gp8s/VYaT0RX+R4Hic2SQXvuo1vP3ahGmM ErmRMfvTJV+Ymcf/rA9XdlDBoCY/3iwSCro7bUfhl8upupF7sam5OJYjkS7mtFo9X9Nwi1 xXLkPEiSolQVOvKO0Zko0qyRr8QO8P7ySzT7PsQMyfg/rgNwDeMW8I5OQ1KSLA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740103048; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=TB5UmC21xD5yw//Os2LWdjdxoqzpoDDTZe80bNVI4tE=; b=Sc/FmFmjNzT6luGmH18m8sRi59J7Vmb2m7fGNKB1kQps850G72Ou1hVE1hxEjQd6NP6hb8 7GB1Vpe0adUqtxequlMAzwwfZZgpSq58sGqTSlSKkXCsfArP+ypoc9q/c6/hODCgL04cw7 K8LQprkfXjHf1bdg0L6Mj1xr/MwX0N7clijxU+uWI8j+gOA1zsqaUZJJ7pasSubEToQIJa F1o/HsayexdQoHyF9CEFHfUvPEzGN3bmfj84qEn/xgpd0Webnumw1MGqSPAhHP8qOg8Iep pXYiphu4vJ1QpYdY8WFcK0r/UVfpHktPtbyTkmfc4dwzrZGGdkTVC8HKzlAiZw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzYD808ywz1Gjy; Fri, 21 Feb 2025 01:57:28 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51L1vR0c067768; Fri, 21 Feb 2025 01:57:27 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51L1vRA7067765; Fri, 21 Feb 2025 01:57:27 GMT (envelope-from git) Date: Fri, 21 Feb 2025 01:57:27 GMT Message-Id: <202502210157.51L1vRA7067765@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 5dbfe9631dc1 - stable/14 - tools/fib_multibind: Remove a redundant calculation List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 5dbfe9631dc1a5539f5021ed68698878624d051e Auto-Submitted: auto-generated The branch stable/14 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=5dbfe9631dc1a5539f5021ed68698878624d051e commit 5dbfe9631dc1a5539f5021ed68698878624d051e Author: Mark Johnston AuthorDate: 2025-02-14 15:16:52 +0000 Commit: Mark Johnston CommitDate: 2025-02-21 01:04:50 +0000 tools/fib_multibind: Remove a redundant calculation No functional change intended. Reported by: kevans Fixes: 3fa552149885 ("tools: Add a small program to demonstrate FIB handling in bind(2)") Sponsored by: Klara, Inc. Sponsored by: Stormshield (cherry picked from commit d46d45bf4b196cd2daba42d5413f8e4d7ffedeed) --- tools/tools/fib_multibind/sink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/tools/fib_multibind/sink.c b/tools/tools/fib_multibind/sink.c index fe93a66fe266..8f8c31f0c8ea 100644 --- a/tools/tools/fib_multibind/sink.c +++ b/tools/tools/fib_multibind/sink.c @@ -158,7 +158,7 @@ main(int argc, char **argv) sc.nfibs = 1; } - sc.fds = calloc(all ? sc.nfibs : 1, sizeof(int)); + sc.fds = calloc(sc.nfibs, sizeof(int)); if (sc.fds == NULL) err(1, "calloc"); for (int i = 0; i < sc.nfibs; i++) { From nobody Fri Feb 21 01:57:29 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzYD92n5xz5nmRj; Fri, 21 Feb 2025 01:57:29 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzYD91x0Kz3p2C; Fri, 21 Feb 2025 01:57:29 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740103049; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9cIs94h7iUUCDSjncehC1beAoH/luwIHCLK8HsSAfd8=; b=h5wXA/sUSLKY4KXx5hp/FNZMcL8H7bnx+qxhEagu12Bi0ojU5n8zmVuQ8ss4CmD11AyFN3 G6gCj5ttybyd1aBIi0zqB34EJGser2rFzP7wFacrFlXXVl1MR7rDc7sChzLnanPszvEZx5 14iDGntvPZT0On0NCGfEyet1XF2Hoauv6HOk203ht2k7PCz7oU+vZswIqn/r969EeAM11d u+YAZJ1Dd94EDVVd08P9ir57NZgLzO7ADOFGgkwjI1RkYc4aE0BAakoTSDZKDUdkWBy5v0 dg/RE2zr5MviZIzINK/kjKSRWce2+zn8qOACMP0aV3weWTrdIUC3PSMgAdB8TA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740103049; a=rsa-sha256; cv=none; b=gA7c6zYDzJIB7jF16ZKDDbWmW+qjSi4E9x+1L9JtJcHe1QUaBxijMx9tzoG3uHloRm2PoR wmiFQx0uSD787+7VfCe2e2tJYUIN4EGGhL6VgBskN1U5BVI+EeF9ySqmlkacfQJpzYG8Vj e7T5YKHogDYZeXEv9sIZBnShHPeJ8AT/DuHyJ6D8cmxZ9Km5FHqZaBKJMTEpdw3z3nOK4M yp/56x+cJ9/3SqDt1AVJQz12aDluoqZuXOrjpyxvI1kHDABx554c6sGbf7oUjWxgpB/tkP T4g1P32JzPgEQe+QrKHn9u1B05yT938jeXYCnSy7JxSi/RS7KymKQlYMyTuFIA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740103049; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9cIs94h7iUUCDSjncehC1beAoH/luwIHCLK8HsSAfd8=; b=r5svbyzFBhqmgEG17/MtsJyqqXXqANx5mkDpSW5mLC9tSqvIYL51Wz3M46+8ohHmXaCQ/r Vgplz5jIxoBGorbviDuFJneSuGw68C/+HWWveoBV/1Yl/iSw9pEgYt8ysD+Ne4fkMnFWsz uPuLnXLyfVut9wKyDnX+kuzbXmJhj6WqSX8zkNpzhiO/ubn9oybn64W4IBN4pGVydNsmjU xEzFdwQE4FBOfy7sWwQhzXL+evtHT5mOWVPk0XpH75O0ifnytZ2cgEXEUiewXLHvPvWhx5 atw5z8L2deltKWrJgJPQ+8JmQnA3fPSMTWyPBNYg90r/0dwQznA9cfZvKam45g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzYD91Qvfz1Gk0; Fri, 21 Feb 2025 01:57:29 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51L1vTr7067801; Fri, 21 Feb 2025 01:57:29 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51L1vT8C067798; Fri, 21 Feb 2025 01:57:29 GMT (envelope-from git) Date: Fri, 21 Feb 2025 01:57:29 GMT Message-Id: <202502210157.51L1vT8C067798@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: b9e59283efeb - stable/14 - fibs_multibind_test: Explicitly cast the checksum value List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: b9e59283efebef0e206106b6306e803e2909e8ab Auto-Submitted: auto-generated The branch stable/14 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=b9e59283efebef0e206106b6306e803e2909e8ab commit b9e59283efebef0e206106b6306e803e2909e8ab Author: Mark Johnston AuthorDate: 2025-02-08 14:42:49 +0000 Commit: Mark Johnston CommitDate: 2025-02-21 01:04:50 +0000 fibs_multibind_test: Explicitly cast the checksum value Otherwise gcc warns about the (intentionall) truncated value and raises an error. Fixes: 7034563f8ef3 ("tests: Add some FIB multibind test cases") (cherry picked from commit 400ce6248be986d52b3944c1ed01db3b26243454) --- tests/sys/netinet/fibs_multibind_test.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/sys/netinet/fibs_multibind_test.c b/tests/sys/netinet/fibs_multibind_test.c index c62e8abdf81b..61ebf83c56ef 100644 --- a/tests/sys/netinet/fibs_multibind_test.c +++ b/tests/sys/netinet/fibs_multibind_test.c @@ -418,7 +418,7 @@ ping(int s, const struct sockaddr *sa, socklen_t salen) memset(&icmp, 0, sizeof(icmp)); icmp.icmp.icmp_type = ICMP_ECHO; icmp.icmp.icmp_code = 0; - icmp.icmp.icmp_cksum = htons(~(ICMP_ECHO << 8)); + icmp.icmp.icmp_cksum = htons((unsigned short)~(ICMP_ECHO << 8)); n = sendto(s, &icmp, sizeof(icmp), 0, sa, salen); ATF_REQUIRE_MSG(n == (ssize_t)sizeof(icmp), "sendto failed: %s", strerror(errno)); @@ -438,7 +438,8 @@ ping6(int s, const struct sockaddr *sa, socklen_t salen) memset(&icmp6, 0, sizeof(icmp6)); icmp6.icmp6.icmp6_type = ICMP6_ECHO_REQUEST; icmp6.icmp6.icmp6_code = 0; - icmp6.icmp6.icmp6_cksum = htons(~(ICMP6_ECHO_REQUEST << 8)); + icmp6.icmp6.icmp6_cksum = + htons((unsigned short)~(ICMP6_ECHO_REQUEST << 8)); n = sendto(s, &icmp6, sizeof(icmp6), 0, sa, salen); ATF_REQUIRE_MSG(n == (ssize_t)sizeof(icmp6), "sendto failed: %s", strerror(errno)); From nobody Fri Feb 21 02:56:23 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzZX81lhPz5nrJx; Fri, 21 Feb 2025 02:56:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzZX80zPGz3d07; Fri, 21 Feb 2025 02:56:24 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740106584; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=cHhSrmudUeGloG39r+m/pkc2nQewaREI+GQY1yXmnkw=; b=gzpqu8g5wYhYasB/CmgMwDtFmIqFYejTrxc979koqHM1mAyBCVAWpfrwGtddA+YL85zyrW Ffe3Byzi8SfNqN+KkOcPwh5b/IUvwo9aFbmQeAOqJwIy5FsSDtq+Snx1wI2iGuo8ymI4en K8ux+faXCugcZt2MKjokEnwot8xjIPKUs0cwnh6FILaRRaoAOW/oSa5m6pxd4xT5F3TaTM 0cQUnWsik+1ii8fA49Ao2M7nsOHf4OiWHUbfX6y4Muil8gGvWLzLms7M93PUMFIO+oV/3s k3IrfGgRI1dKGbFCbn8Y2l/RMV2utu5yPxj6ZSCDGoxl2j9MHDnANxukuaVq9w== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740106584; a=rsa-sha256; cv=none; b=TFZvL9TzS4Y/8C7YbX3fzZOCu9j8I8tNT0LRKAXFIk4AuyB2C1KV0CAO0tJrZUVjbgF8Z2 CXKhucyqukLTdrfHzjPEq4Aw3Fvwa9UWJbNxIAAzEWMDD78253VEd9d4cpifyin/D4DzAF 3RgU4DAGYGPhLmF9MTwhiN+x3MTee+bGiZWBbzrQc7D8U2Mfr+bOM7G8D1/7kx1VVdyHE9 gL3Ic8TelB1ZKIpxyoQdm8vkur+88eBoiiX/AxBe//sefJwJrMXvwG872sMOhtnFfPNGD5 EjGGZmsK7WCy1+zgoQrDAz3RUlyyQD0D9HNgVkohKy74SwiZcKMRlflLtXmtEg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740106584; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=cHhSrmudUeGloG39r+m/pkc2nQewaREI+GQY1yXmnkw=; b=J3im8n0zbFeuNy/SU5VLYSIJAPJbkb+wVIfZJu5Pn60dPmEhmyUbt0BGKiw8/UdXjjLp8E ZN6XCtw2wOVelWi+duubndNliuoQp737EAC/Qb0q2s5qf3hAM/ZCamM39quhzWvsgl+EmA aQHx+DtybWYhupUFJGWF0HilU9WeCtmBtj+ILXDqrDnlwoYejjX2XqomsCbwly0RivaX+Z 3+dPIc1dau7jIsNX5Bfd1DxXKc4D0BGnun8K4dV4JhWp2vQRxr8T+qHTiyf0A6eKmeoBfU zaNiacQg+3YJEYXxR4ursV2ZpE2yyzmWI9+Lv6RiQkGYUrUeUraZeWziPjKsFg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzZX80ZMLz1J2w; Fri, 21 Feb 2025 02:56:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51L2uN9U079613; Fri, 21 Feb 2025 02:56:23 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51L2uNkq079610; Fri, 21 Feb 2025 02:56:23 GMT (envelope-from git) Date: Fri, 21 Feb 2025 02:56:23 GMT Message-Id: <202502210256.51L2uNkq079610@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Gordon Tetlow Subject: git: 3ae196925d29 - releng/14.2 - ssh: Don't reply to PING in preauth phase or during KEX List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: gordon X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.2 X-Git-Reftype: branch X-Git-Commit: 3ae196925d2915e95e549dbc1687c75845ce87a9 Auto-Submitted: auto-generated The branch releng/14.2 has been updated by gordon: URL: https://cgit.FreeBSD.org/src/commit/?id=3ae196925d2915e95e549dbc1687c75845ce87a9 commit 3ae196925d2915e95e549dbc1687c75845ce87a9 Author: Ed Maste AuthorDate: 2025-02-19 03:00:45 +0000 Commit: Gordon Tetlow CommitDate: 2025-02-21 02:34:15 +0000 ssh: Don't reply to PING in preauth phase or during KEX Obtained from: OpenSSH 5e07dee272c3 Security: CVE-2025-26466 Security: FreeBSD-SA-25:05.openssh Approved by: so Sponsored by: The FreeBSD Foundation (cherry picked from commit 8a16d0831e70530b2fbd682e748bd051de35f192) (cherry picked from commit 34798cb576bbd2064ab8da372112482bf8e2a7e6) --- crypto/openssh/packet.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/crypto/openssh/packet.c b/crypto/openssh/packet.c index 2d1401e7c9f5..d8fbfa28b800 100644 --- a/crypto/openssh/packet.c +++ b/crypto/openssh/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.313 2023/12/18 14:45:17 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.318 2025/02/18 08:02:12 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1774,6 +1774,14 @@ ssh_packet_read_poll_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) if ((r = sshpkt_get_string_direct(ssh, &d, &len)) != 0) return r; DBG(debug("Received SSH2_MSG_PING len %zu", len)); + if (!ssh->state->after_authentication) { + DBG(debug("Won't reply to PING in preauth")); + break; + } + if (ssh_packet_is_rekeying(ssh)) { + DBG(debug("Won't reply to PING during KEX")); + break; + } if ((r = sshpkt_start(ssh, SSH2_MSG_PONG)) != 0 || (r = sshpkt_put_string(ssh, d, len)) != 0 || (r = sshpkt_send(ssh)) != 0) From nobody Fri Feb 21 02:56:25 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzZX94PKpz5nrS0; Fri, 21 Feb 2025 02:56:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzZX929d7z3d4L; Fri, 21 Feb 2025 02:56:25 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740106585; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=sMSc+bfptX/XHPHlcI0wQ0EYRlvaioDd9+0lrPMbbb0=; b=hq67+hPla6gdghboidyRuZD59VqJ1jH64dvz8Q+y7GdLHOmDb3gKuEu15yZ54hunuQsJ4Z NkthrYauTdxahIMRswmwQHwMWxlF3NibUSCglWdPxNM6WzXM8eeq6aoH3oxuxPakoaKXfP MmwrXpUXkZoGtHcj5AbdpYhqepE1ZR7/3R/EFLzGnCZVCst3O2ZvhPGSOsWlzAffzdJsde ywnrX/zfrhP6+ofhkRYS72M49YtIoa3mQ+E/g3GWCooBj2VZ8S0iQ/CWI/yop/miGMnxzK QmLsp96XKdAQIJ460GvAaPYh+dV8YXYVqUIwt+9GIER5rP17mKNreZnq9durdQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740106585; a=rsa-sha256; cv=none; b=HeHv48NVtRstux+KNvM2OoRCgtT9asZk1PDo2Xpv786M+J+HAA4PLX/jhbxjdJs0HtYxMv 0SG2QkrhXXWrByx6I0Mv6vurEwyzFScyhchN3CGTu+mGSPg7jtkXv9UXTKZU3qH8a2USS5 u/SdtkZ75M8mDBCq+ELpzurs/TPORiS/4L8YnDwoJDtC6TkriwZ25UJi1C4HesCt4qD93O j77XT59KPq/qeaJ7/tULjNgaSorsQWDkmFL3FvAhFqDphh7bXUVzaep+JNR4YBQD2GuEt0 13Htqw5qS1vK91OgIumN5oIxU6m3yXxP4fMLSVh6CqYlorJYgba0MNrFv6E7Jg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740106585; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=sMSc+bfptX/XHPHlcI0wQ0EYRlvaioDd9+0lrPMbbb0=; b=qFtAB/QF9GMiD3AJBkLow/0C0rlcMkWhEYLH+qpaOk8d+hdKv9LQg5WsejfMNV4ERCbBGn rZevsNJGKlgn1GP2DezflP869P1PDe3Zp6wW7cBBG+OixaH2DDXUK6WDN6tYwEPWmjvcMR vOLKd9NYdrpdwtfTWcUlyvsXjEU1gQJp6sffIsaYLYTyXjSZwsdPuJm2/2L8FEzqCaqP9h HY9ONLqQoK6kdcnWEFtbBDboxZoLPFDMDLTbGGQq22uw7z6hbVcnYIepduJJjAKZ1B8hHz TrV2wc589Mok567hPyEar9jJgW70Q0lxv2iDm+8B7ExOOw/j0z2QJHAhmql9cQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzZX91WLKz1J5P; Fri, 21 Feb 2025 02:56:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51L2uPEO079648; Fri, 21 Feb 2025 02:56:25 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51L2uPGw079645; Fri, 21 Feb 2025 02:56:25 GMT (envelope-from git) Date: Fri, 21 Feb 2025 02:56:25 GMT Message-Id: <202502210256.51L2uPGw079645@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Gordon Tetlow Subject: git: 1920babc310a - releng/14.2 - ssh: Fix cases where error codes were not correctly set List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: gordon X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.2 X-Git-Reftype: branch X-Git-Commit: 1920babc310ab8ebaa76188decf1aa5ed88e9d84 Auto-Submitted: auto-generated The branch releng/14.2 has been updated by gordon: URL: https://cgit.FreeBSD.org/src/commit/?id=1920babc310ab8ebaa76188decf1aa5ed88e9d84 commit 1920babc310ab8ebaa76188decf1aa5ed88e9d84 Author: Ed Maste AuthorDate: 2025-02-19 03:03:26 +0000 Commit: Gordon Tetlow CommitDate: 2025-02-21 02:35:04 +0000 ssh: Fix cases where error codes were not correctly set Obtained from: OpenSSH 38df39ecf278 Security: CVE-2025-26465 Security: FreeBSD-SA-25:05.openssh Approved by: so Sponsored by: The FreeBSD Foundation (cherry picked from commit 170059d6d33cf4e890067097f3c0beb3061cabbd) (cherry picked from commit 4ad8c195cf54411e3b3fa0bec227eb83ca078404) --- crypto/openssh/krl.c | 4 +++- crypto/openssh/ssh-agent.c | 5 +++++ crypto/openssh/ssh-sk-client.c | 4 +++- crypto/openssh/sshconnect2.c | 5 ++++- crypto/openssh/sshsig.c | 1 + 5 files changed, 16 insertions(+), 3 deletions(-) diff --git a/crypto/openssh/krl.c b/crypto/openssh/krl.c index e2efdf0667a7..0d0f69534182 100644 --- a/crypto/openssh/krl.c +++ b/crypto/openssh/krl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: krl.c,v 1.59 2023/07/17 05:22:30 djm Exp $ */ +/* $OpenBSD: krl.c,v 1.60 2025/02/18 08:02:48 djm Exp $ */ /* * Copyright (c) 2012 Damien Miller * @@ -674,6 +674,7 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf) break; case KRL_SECTION_CERT_SERIAL_BITMAP: if (rs->lo - bitmap_start > INT_MAX) { + r = SSH_ERR_INVALID_FORMAT; error_f("insane bitmap gap"); goto out; } @@ -1059,6 +1060,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp) } if ((krl = ssh_krl_init()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; error_f("alloc failed"); goto out; } diff --git a/crypto/openssh/ssh-agent.c b/crypto/openssh/ssh-agent.c index 67fa376a36ff..5ea283ddaf29 100644 --- a/crypto/openssh/ssh-agent.c +++ b/crypto/openssh/ssh-agent.c @@ -1226,6 +1226,7 @@ parse_key_constraint_extension(struct sshbuf *m, char **sk_providerp, "restrict-destination-v00@openssh.com") == 0) { if (*dcsp != NULL) { error_f("%s already set", ext_name); + r = SSH_ERR_INVALID_FORMAT; goto out; } if ((r = sshbuf_froms(m, &b)) != 0) { @@ -1235,6 +1236,7 @@ parse_key_constraint_extension(struct sshbuf *m, char **sk_providerp, while (sshbuf_len(b) != 0) { if (*ndcsp >= AGENT_MAX_DEST_CONSTRAINTS) { error_f("too many %s constraints", ext_name); + r = SSH_ERR_INVALID_FORMAT; goto out; } *dcsp = xrecallocarray(*dcsp, *ndcsp, *ndcsp + 1, @@ -1252,6 +1254,7 @@ parse_key_constraint_extension(struct sshbuf *m, char **sk_providerp, } if (*certs != NULL) { error_f("%s already set", ext_name); + r = SSH_ERR_INVALID_FORMAT; goto out; } if ((r = sshbuf_get_u8(m, &v)) != 0 || @@ -1263,6 +1266,7 @@ parse_key_constraint_extension(struct sshbuf *m, char **sk_providerp, while (sshbuf_len(b) != 0) { if (*ncerts >= AGENT_MAX_EXT_CERTS) { error_f("too many %s constraints", ext_name); + r = SSH_ERR_INVALID_FORMAT; goto out; } *certs = xrecallocarray(*certs, *ncerts, *ncerts + 1, @@ -1759,6 +1763,7 @@ process_ext_session_bind(SocketEntry *e) /* record new key/sid */ if (e->nsession_ids >= AGENT_MAX_SESSION_IDS) { error_f("too many session IDs recorded"); + r = -1; goto out; } e->session_ids = xrecallocarray(e->session_ids, e->nsession_ids, diff --git a/crypto/openssh/ssh-sk-client.c b/crypto/openssh/ssh-sk-client.c index 321fe53a2d91..06fad22134fb 100644 --- a/crypto/openssh/ssh-sk-client.c +++ b/crypto/openssh/ssh-sk-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-sk-client.c,v 1.12 2022/01/14 03:34:00 djm Exp $ */ +/* $OpenBSD: ssh-sk-client.c,v 1.13 2025/02/18 08:02:48 djm Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -439,6 +439,7 @@ sshsk_load_resident(const char *provider_path, const char *device, } if ((srk = calloc(1, sizeof(*srk))) == NULL) { error_f("calloc failed"); + r = SSH_ERR_ALLOC_FAIL; goto out; } srk->key = key; @@ -450,6 +451,7 @@ sshsk_load_resident(const char *provider_path, const char *device, if ((tmp = recallocarray(srks, nsrks, nsrks + 1, sizeof(*srks))) == NULL) { error_f("recallocarray keys failed"); + r = SSH_ERR_ALLOC_FAIL; goto out; } debug_f("srks[%zu]: %s %s uidlen %zu", nsrks, diff --git a/crypto/openssh/sshconnect2.c b/crypto/openssh/sshconnect2.c index 745c2a0517f3..51079f067d8a 100644 --- a/crypto/openssh/sshconnect2.c +++ b/crypto/openssh/sshconnect2.c @@ -101,7 +101,7 @@ verify_host_key_callback(struct sshkey *hostkey, struct ssh *ssh) options.required_rsa_size)) != 0) fatal_r(r, "Bad server host key"); if (verify_host_key(xxx_host, xxx_hostaddr, hostkey, - xxx_conn_info) == -1) + xxx_conn_info) != 0) fatal("Host key verification failed."); return 0; } @@ -700,6 +700,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) if ((pktype = sshkey_type_from_name(pkalg)) == KEY_UNSPEC) { debug_f("server sent unknown pkalg %s", pkalg); + r = SSH_ERR_INVALID_FORMAT; goto done; } if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) { @@ -710,6 +711,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) error("input_userauth_pk_ok: type mismatch " "for decoded key (received %d, expected %d)", key->type, pktype); + r = SSH_ERR_INVALID_FORMAT; goto done; } @@ -729,6 +731,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) SSH_FP_DEFAULT); error_f("server replied with unknown key: %s %s", sshkey_type(key), fp == NULL ? "" : fp); + r = SSH_ERR_INVALID_FORMAT; goto done; } ident = format_identity(id); diff --git a/crypto/openssh/sshsig.c b/crypto/openssh/sshsig.c index 470b286a3a98..057e1df02381 100644 --- a/crypto/openssh/sshsig.c +++ b/crypto/openssh/sshsig.c @@ -874,6 +874,7 @@ cert_filter_principals(const char *path, u_long linenum, } if ((principals = sshbuf_dup_string(nprincipals)) == NULL) { error_f("buffer error"); + r = SSH_ERR_ALLOC_FAIL; goto out; } /* success */ From nobody Fri Feb 21 02:56:26 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzZXB6JF0z5nqwx; Fri, 21 Feb 2025 02:56:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzZXB2jMKz3cty; Fri, 21 Feb 2025 02:56:26 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740106586; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3qLM9sAo8WyecAaLB/lcb2QfWSLQrtRtJx7YQKBCNd0=; b=GLEo8pBRw6F6P6wSVKleV/buSKKSAvJctc+1NID4PgGi5yEnfxdR7u6Bw8iUts3RaCnhZm Y7wRrhUPcKbYXfrqdRcuAjNmVOHCOWJ3316di6tk/I8PTehs1tbgd8VLycY5rC1fx5Ve9J d0Bw5MEUN7mN0R5zcWq3rpkdoVIseKA+CgNkB+ZwQFyVujXCAgJcg8+o88RMfj2HL0hwPl szMxeWAJSpP2qlYac26HUvt7SNXlRBGG4V83wPBPWRotxdUNV5wJZCvht5jZVxx8AcW8A5 L2CEC6ue8vCM7oGwFrGy/6u2CL4N5XwcjUl+wEsG6bkBVQjFZoQQB7al8pfgbQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740106586; a=rsa-sha256; cv=none; b=a0WjUFA3CWmkRUcQxroctF3g8FfKSNQJw4NYq7h6FzlnlIILocvgwoB1wQ+uVLVZ/Y6oTV dnYKsMrg3EC6JWBVv4w/S75UnHIT1Sz0y/8+pg6tZ/FcFVgJQdKdV4B8do7n/qOMlfwQbj UbTXoG8N30vcVyQLk5T3Mv4xjpq4PlU/8JFTbz5GbQ2aVwA74ebyPpXn5JfnEuZAR+TC0Z Jelpx1PGdtR6r+E14MwGNsfd0nvZLT/XHP/Fhz9dh69iq6Ls2bULNzcdeGvAJyeCqW1tqe SOqp5fLkRSPxYbBBsqVegnaql3syVk/N+Mz2ji1aRVFCgdpGoKZPDAY03Xt4Hw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740106586; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3qLM9sAo8WyecAaLB/lcb2QfWSLQrtRtJx7YQKBCNd0=; b=G/dq58wEB7VaJsdjJpnVWNtjvI7loodUd3E3dTdMK+gmrB0mRh0nMyWxK+46ybpBcV+ZBv gplCAsn+OeiEzY98bsEWumU28uxAYAdOJinaXINNh8Bfxk6yZeu23AxfvHr6DwwCJzLqsl 6zZy/hw616KFlcDsI/9FXrLkca4+0GdUz7nGJ8TbjHiUk1W9A0mrjoGtyY2ZzW51MztulC NpL7Cv3nk4d/P9yTv+jnkwDC5vctZ+1l3uzL0HzF1E5ALJGIfpL+WTczyibvddXfjWNt1r UzHPEFUNO8LYSX2/c3m3gF7s+wHGQhg9mXqyDqJjB0p/LyhXMp0eMKu1PSfQ7g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzZXB2B3Lz1JG9; Fri, 21 Feb 2025 02:56:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51L2uQ1q079686; Fri, 21 Feb 2025 02:56:26 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51L2uQJO079683; Fri, 21 Feb 2025 02:56:26 GMT (envelope-from git) Date: Fri, 21 Feb 2025 02:56:26 GMT Message-Id: <202502210256.51L2uQJO079683@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Gordon Tetlow Subject: git: 4b8a2f716588 - releng/14.2 - ssh: Bump VersionAddendum for CVE fixes List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: gordon X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.2 X-Git-Reftype: branch X-Git-Commit: 4b8a2f716588e58ddb39ccdb60189e8c57239457 Auto-Submitted: auto-generated The branch releng/14.2 has been updated by gordon: URL: https://cgit.FreeBSD.org/src/commit/?id=4b8a2f716588e58ddb39ccdb60189e8c57239457 commit 4b8a2f716588e58ddb39ccdb60189e8c57239457 Author: Ed Maste AuthorDate: 2025-02-19 14:00:42 +0000 Commit: Gordon Tetlow CommitDate: 2025-02-21 02:45:50 +0000 ssh: Bump VersionAddendum for CVE fixes Security: FreeBSD-SA-25:05.openssh Approved by: so Sponsored by: The FreeBSD Foundation (cherry picked from commit 62df41ae0a71e77ccb1e8fae06d82eec5dff441a) (cherry picked from commit 24ce323f020fb1ee1b463e524a7a6c15f47ec2a4) --- crypto/openssh/sshd_config | 2 +- crypto/openssh/sshd_config.5 | 2 +- crypto/openssh/version.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config index 7f559775e3b3..a17484b1da2d 100644 --- a/crypto/openssh/sshd_config +++ b/crypto/openssh/sshd_config @@ -105,7 +105,7 @@ AuthorizedKeysFile .ssh/authorized_keys #PermitTunnel no #ChrootDirectory none #UseBlacklist no -#VersionAddendum FreeBSD-20240806 +#VersionAddendum FreeBSD-20250219 # no default banner path #Banner none diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5 index 4de510ac8795..bc7d9e7df969 100644 --- a/crypto/openssh/sshd_config.5 +++ b/crypto/openssh/sshd_config.5 @@ -1944,7 +1944,7 @@ The default is Optionally specifies additional text to append to the SSH protocol banner sent by the server upon connection. The default is -.Qq FreeBSD-20240806 . +.Qq FreeBSD-20250219 . The value .Cm none may be used to disable this. diff --git a/crypto/openssh/version.h b/crypto/openssh/version.h index 82be0be8498f..f3fb7fe333eb 100644 --- a/crypto/openssh/version.h +++ b/crypto/openssh/version.h @@ -5,4 +5,4 @@ #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE -#define SSH_VERSION_FREEBSD "FreeBSD-20240806" +#define SSH_VERSION_FREEBSD "FreeBSD-20250219" From nobody Fri Feb 21 02:56:27 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzZXD4wjrz5nrS3; Fri, 21 Feb 2025 02:56:28 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzZXC6Spzz3d8x; Fri, 21 Feb 2025 02:56:27 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740106587; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=46ZxHt93FyXYbsXWmwmvKBsvg/9L4yOO6cQNk7c97NM=; b=NB+AJcrBEoNy93IRSuNaxJooqfmGfxoGNJ8+i+u//95GTt3RdjMbiNsPX8wdZgwdH6xd+v 9C6Sc4p5LdAoiinRgbyaUTzt4qfimOIi0KsT00hWROzMnzYg/gWZT+hF0prjknNJF9tW5h V1ppE4jurvaP2wqL2mcGkuk93oqmQzFBApcJt7fsG/hoPm99irU3upGI5wNCBFJ/xfvT3l poFbGdx5xJ2Rxa/FiQcVarWPQKDXKHpB8yRJjXnVK2br34bzO8qfSPeipXOCbYaQBz72Qp jePnn3/Lio753LXyR0SwsgsNFQdjfIw+Caxqva1/P87JgXNDfIfqBdzD1fUmlg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740106587; a=rsa-sha256; cv=none; b=WWYE62mxBY8T5yXoFbzqu/wPKltsYHIWwuLEildFeeBN9tLQWahD0HeO0W95kv2EuL6EPJ 5CB7kduOsDoh0nXX1exDzJmgnaQf8U+W8VAmWHnnUy2eK4APo6e60AjxV1UNBmClBGQBCc I5I68x+YMMnFBk9fsqw3fMxfEvqbjWL7N0UfflgzPS1TIbKFqhZjQMYjVUnxOMoU/i0bBR l0i2f9QEpTgm2JkVTRZcPNV/kouGxnNK4QfNTsa+JHeOoykZrN0cTteUq4rGblORYuPrAK bk8XMCkSlPAk0CFGL3Nu7kyJTQwhIJ51Xag5Hg9gHu2Wo7Hm8MsbKgcCdP1kWQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740106587; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=46ZxHt93FyXYbsXWmwmvKBsvg/9L4yOO6cQNk7c97NM=; b=izQYCmFW72JOF7QLEqx8ngZL3yfBx6cM3UXygkcn9yRePxGAUGKt+EBCtrzZeqeoR3gzqR ub6NTSOScLLunApYKirVlqUdYxRqlMDIPhmv6F6SnLplymaCm5+5AGxVE2u1Szv6kgx1pj /rYbpbtd357KVbB9/w/vlBLVuaBE2elcVZN+MIVh/M/DD0roF3rUfnT8U2bw31rmLc1kNi QutkzSLnUHn77MXXR0vtZemnwdvckDJ8fqr2ajUik1/SxtbYPRqy0GEhry+QVO2oEmLwa2 3Nkq4f3Cobgh3Lt2KfpESmfoG4TZ04RvgD93y+ZbRPXyGYNwkP2U60gfTL0swA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzZXC3QzDz1JVc; Fri, 21 Feb 2025 02:56:27 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51L2uRXm079722; Fri, 21 Feb 2025 02:56:27 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51L2uR6B079719; Fri, 21 Feb 2025 02:56:27 GMT (envelope-from git) Date: Fri, 21 Feb 2025 02:56:27 GMT Message-Id: <202502210256.51L2uR6B079719@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Gordon Tetlow Subject: git: ac2cbb46b5f1 - releng/14.2 - Add UPDATING entries and bump version List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: gordon X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.2 X-Git-Reftype: branch X-Git-Commit: ac2cbb46b5f1efa7f7b5d4eb15631337329ec5b2 Auto-Submitted: auto-generated The branch releng/14.2 has been updated by gordon: URL: https://cgit.FreeBSD.org/src/commit/?id=ac2cbb46b5f1efa7f7b5d4eb15631337329ec5b2 commit ac2cbb46b5f1efa7f7b5d4eb15631337329ec5b2 Author: Gordon Tetlow AuthorDate: 2025-02-21 02:38:02 +0000 Commit: Gordon Tetlow CommitDate: 2025-02-21 02:45:53 +0000 Add UPDATING entries and bump version Approved by: so --- UPDATING | 5 +++++ sys/conf/newvers.sh | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/UPDATING b/UPDATING index 90037d45bd19..d9103d7b1e29 100644 --- a/UPDATING +++ b/UPDATING @@ -12,6 +12,11 @@ Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before updating system packages and/or ports. +20250221: + 14.2-RELEASE-p2 SA-25:05.openssh + + Multiple vulnerabilities in OpenSSH [SA-25:05.openssh] + 20250129: 14.2-RELEASE-p1 SA-25:02.fs SA-25:03.etcupdate diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index 9bfa4bd5853f..49d6f96be2c8 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -53,7 +53,7 @@ TYPE="FreeBSD" REVISION="14.2" -BRANCH="RELEASE-p1" +BRANCH="RELEASE-p2" if [ -n "${BRANCH_OVERRIDE}" ]; then BRANCH=${BRANCH_OVERRIDE} fi From nobody Fri Feb 21 02:56:37 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzZXQ39GWz5nrHL; Fri, 21 Feb 2025 02:56:38 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzZXQ116Jz3dNr; Fri, 21 Feb 2025 02:56:38 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740106598; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+WFdbHoS/8Wp1vn99CQ3tU3PXPqMY9h1WX+s3rDbpPE=; b=SFhR58ou5MCQzEDDtPme5PuWmSama05srSVisrUY4uDhQr6xYdEUMPuSbIDRIAkDEKYImG 3MNJs36O3wyaUvFArFsw7juhAeD0MtRNy/sXL0Dor7CY79ZdAHNrjIr9PsbfGo/pIKATcM /UoYKePftLWUiAN2cZhwYHh+CvxF1aUfkSugh+JB32QypqIdRTSNw9MUL8mX2mOlqkDc6Z Hdj2iekDFbb1KKWcB8xfYuDM+RDAI9ZSCXedpsrQqKP7by7X3Iv8JmO0J3wDEyq2qOMPk1 yItTAzKj6GaM4BSIq88Ma5PQ6/KhVm8UMhJ4rhB7znDMjDHGb83peImZbHPrBA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740106598; a=rsa-sha256; cv=none; b=pBaSwpTIqPW+JjVcURp0c3CpI40WwLi4xAEOIARz8X1Y80Ij0xmqh6kiCdnkftyLyi2Bjc tswvQsGIFQFrVE5WZU1b/Zxn1kv1X1Q1duudq8WDXEx0O+UplcWthR+Qg5wl068ejWSBT3 iChT5hnCUbKE4C7VO2ULKJPmAFUXXXExtbBu3lIqV3EDN/JXz+mh5NioUOYVtaST7hhQhl byMEV9vtf/v4ecfkbl1Y/LuVe1emOf73XW9qwsKxic5gUVmWGHe5yXUxi+W9QLJ01NtJ5L ymSDberOF50+ihpixbtIekDsALOqNlE+EHGGiQPo9wc5FAr4XUS3MyT1ww576Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740106598; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+WFdbHoS/8Wp1vn99CQ3tU3PXPqMY9h1WX+s3rDbpPE=; b=XPldNEgpQ7F85AmsXVyZxtIcH6sfd7O8ZTNl+WgJmYKoHkIxLBVohBMgO9UbsgwuKb1O31 OYHyaMPQ47m7HmSfQ/+tHq2kYcW2KXtSSjSmJ96fRoWT18hdLNsiisN/qGkwHM6e8Weq0S VCN1ZCepJdcmIhvejQentbBBeLGIZqAf1QcGvzvW/HvdoDidfmE0uo7IQeyhvMfODvKgFl n/wlWJhVLX9JMm3xrvXikWID9dwoEpzxm49JrKZCRruQrOk1VPN6pSkRck900Zyrq4mIXn Nj5rrPeSH5OcaQOgYWxjIh7Uy/WCYjMGzm+bNkFhSeGQiEWd66vOwjTAToDyMg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzZXQ0PCtz1J2x; Fri, 21 Feb 2025 02:56:38 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51L2ubtK079921; Fri, 21 Feb 2025 02:56:37 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51L2ubaX079918; Fri, 21 Feb 2025 02:56:37 GMT (envelope-from git) Date: Fri, 21 Feb 2025 02:56:37 GMT Message-Id: <202502210256.51L2ubaX079918@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Gordon Tetlow Subject: git: 8d0540600b1e - releng/14.1 - ssh: Don't reply to PING in preauth phase or during KEX List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: gordon X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.1 X-Git-Reftype: branch X-Git-Commit: 8d0540600b1ea1a58d14dfe01b8196070900ebe2 Auto-Submitted: auto-generated The branch releng/14.1 has been updated by gordon: URL: https://cgit.FreeBSD.org/src/commit/?id=8d0540600b1ea1a58d14dfe01b8196070900ebe2 commit 8d0540600b1ea1a58d14dfe01b8196070900ebe2 Author: Ed Maste AuthorDate: 2025-02-19 03:00:45 +0000 Commit: Gordon Tetlow CommitDate: 2025-02-21 02:39:07 +0000 ssh: Don't reply to PING in preauth phase or during KEX Obtained from: OpenSSH 5e07dee272c3 Security: CVE-2025-26466 Security: FreeBSD-SA-25:05.openssh Approved by: so Sponsored by: The FreeBSD Foundation (cherry picked from commit 8a16d0831e70530b2fbd682e748bd051de35f192) (cherry picked from commit 34798cb576bbd2064ab8da372112482bf8e2a7e6) --- crypto/openssh/packet.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/crypto/openssh/packet.c b/crypto/openssh/packet.c index 2d1401e7c9f5..d8fbfa28b800 100644 --- a/crypto/openssh/packet.c +++ b/crypto/openssh/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.313 2023/12/18 14:45:17 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.318 2025/02/18 08:02:12 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1774,6 +1774,14 @@ ssh_packet_read_poll_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) if ((r = sshpkt_get_string_direct(ssh, &d, &len)) != 0) return r; DBG(debug("Received SSH2_MSG_PING len %zu", len)); + if (!ssh->state->after_authentication) { + DBG(debug("Won't reply to PING in preauth")); + break; + } + if (ssh_packet_is_rekeying(ssh)) { + DBG(debug("Won't reply to PING during KEX")); + break; + } if ((r = sshpkt_start(ssh, SSH2_MSG_PONG)) != 0 || (r = sshpkt_put_string(ssh, d, len)) != 0 || (r = sshpkt_send(ssh)) != 0) From nobody Fri Feb 21 02:56:39 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzZXR4Ycmz5nrHM; Fri, 21 Feb 2025 02:56:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzZXR2Dvzz3dct; Fri, 21 Feb 2025 02:56:39 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740106599; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=EmV5TcOxgT99+t72rR5sFNDTho34LwS3Jn9Q3BA0kZg=; b=Y37BKlvRF+/iUfS9x4+Hvj5UTrBrZ/7VjqQtIE6PEu6GHGngBC1omDZ12xB7BHA5xmtr+6 pbq8E/UXhy/UHftbpy/qaKSSLxFLrDcN6BCngFIt9ngSFGkLenFIE+TV85ifKQimpQfdy4 DPsr9J5LpgTvmMmgwO85luhp5HrA1wzaCTQ5ulZX4NGDcKVykpdPBBIxSqfe79XRAFXchh uCNgtlhKuhfHkZ1AGUBE2MsT6IWRSLcKvbxl++KlLkTSJ3uRQqPKoGxgF7f/Y4TwTtkVAu ddvJMPlqndyOGlOqIM4WRUxCXCqZu5+mLt6y0KdCpTJFtJxTlFCJ9eNKUbsBLQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740106599; a=rsa-sha256; cv=none; b=uFPbUETNh/kDqDf0KN5uz+rUf08df1F3WkiBuhzA946ofeisQmiBJPk+bo24/Vfu8kWAum vjdHTbJn5THKXHH8KQqCHplvdhVRxoQMRQ7DJdbwJidg/qQMUvck17mRe9b/SCslCFzZTU JloWP3Skg0wf3h2GzSR37Ul16YCrnM9XJJJwuw9Tn36oKh9pQLO7fEjNCAuEImfJVQ9FH7 vhzYYyvcjii+UjwRc2eNoa9XW6HVoq+WB67q8VJ54bR7L+Nv7nxEQPBRGPFtuOUTnyQpYF X4wXmHFSzhSikVVQHcCrKJmqIhGGAS1jIwC1hac+oFyz4tivKji6rUpBRt2+jg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740106599; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=EmV5TcOxgT99+t72rR5sFNDTho34LwS3Jn9Q3BA0kZg=; b=iK/cjqOgCBIs26cwXtRw58e3wMK5SlKSduByX/g87lb+tO09dxulYlk7jRgNRHZJnlFF+w zJg07kOzoo9Wa5TL58+ukiXWRUu0sStd5WP/V3PQCQowgskcULD1c5CHRtc2Ufktgidf2y lDcPmULQI/TSks8bJocxPUsCxNBsdmclbTHO8l2AmqJVYhocgETuaAee2oMVpCTkxJPnJG UqTUbFUllrj2926zFZHRUvZzNvxEsVEsnniQP9YE2oUcIH9CfrBrHYSiO4eJkt6u2zXRxR TGAsbA5hROOCTs5fA3xZf4PsWguSj7MgUP/DC2R4eYk99+qSw/6DtgJZlOJiFg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzZXR1fLGz1J5Q; Fri, 21 Feb 2025 02:56:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51L2udDS079955; Fri, 21 Feb 2025 02:56:39 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51L2udrb079952; Fri, 21 Feb 2025 02:56:39 GMT (envelope-from git) Date: Fri, 21 Feb 2025 02:56:39 GMT Message-Id: <202502210256.51L2udrb079952@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Gordon Tetlow Subject: git: 3053f92a163c - releng/14.1 - ssh: Fix cases where error codes were not correctly set List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: gordon X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.1 X-Git-Reftype: branch X-Git-Commit: 3053f92a163c91b6dc5e2834b037463dc109fa40 Auto-Submitted: auto-generated The branch releng/14.1 has been updated by gordon: URL: https://cgit.FreeBSD.org/src/commit/?id=3053f92a163c91b6dc5e2834b037463dc109fa40 commit 3053f92a163c91b6dc5e2834b037463dc109fa40 Author: Ed Maste AuthorDate: 2025-02-19 03:03:26 +0000 Commit: Gordon Tetlow CommitDate: 2025-02-21 02:39:27 +0000 ssh: Fix cases where error codes were not correctly set Obtained from: OpenSSH 38df39ecf278 Security: CVE-2025-26465 Security: FreeBSD-SA-25:05.openssh Approved by: so Sponsored by: The FreeBSD Foundation (cherry picked from commit 170059d6d33cf4e890067097f3c0beb3061cabbd) (cherry picked from commit 4ad8c195cf54411e3b3fa0bec227eb83ca078404) --- crypto/openssh/krl.c | 4 +++- crypto/openssh/ssh-agent.c | 5 +++++ crypto/openssh/ssh-sk-client.c | 4 +++- crypto/openssh/sshconnect2.c | 5 ++++- crypto/openssh/sshsig.c | 1 + 5 files changed, 16 insertions(+), 3 deletions(-) diff --git a/crypto/openssh/krl.c b/crypto/openssh/krl.c index e2efdf0667a7..0d0f69534182 100644 --- a/crypto/openssh/krl.c +++ b/crypto/openssh/krl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: krl.c,v 1.59 2023/07/17 05:22:30 djm Exp $ */ +/* $OpenBSD: krl.c,v 1.60 2025/02/18 08:02:48 djm Exp $ */ /* * Copyright (c) 2012 Damien Miller * @@ -674,6 +674,7 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf) break; case KRL_SECTION_CERT_SERIAL_BITMAP: if (rs->lo - bitmap_start > INT_MAX) { + r = SSH_ERR_INVALID_FORMAT; error_f("insane bitmap gap"); goto out; } @@ -1059,6 +1060,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp) } if ((krl = ssh_krl_init()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; error_f("alloc failed"); goto out; } diff --git a/crypto/openssh/ssh-agent.c b/crypto/openssh/ssh-agent.c index 67fa376a36ff..5ea283ddaf29 100644 --- a/crypto/openssh/ssh-agent.c +++ b/crypto/openssh/ssh-agent.c @@ -1226,6 +1226,7 @@ parse_key_constraint_extension(struct sshbuf *m, char **sk_providerp, "restrict-destination-v00@openssh.com") == 0) { if (*dcsp != NULL) { error_f("%s already set", ext_name); + r = SSH_ERR_INVALID_FORMAT; goto out; } if ((r = sshbuf_froms(m, &b)) != 0) { @@ -1235,6 +1236,7 @@ parse_key_constraint_extension(struct sshbuf *m, char **sk_providerp, while (sshbuf_len(b) != 0) { if (*ndcsp >= AGENT_MAX_DEST_CONSTRAINTS) { error_f("too many %s constraints", ext_name); + r = SSH_ERR_INVALID_FORMAT; goto out; } *dcsp = xrecallocarray(*dcsp, *ndcsp, *ndcsp + 1, @@ -1252,6 +1254,7 @@ parse_key_constraint_extension(struct sshbuf *m, char **sk_providerp, } if (*certs != NULL) { error_f("%s already set", ext_name); + r = SSH_ERR_INVALID_FORMAT; goto out; } if ((r = sshbuf_get_u8(m, &v)) != 0 || @@ -1263,6 +1266,7 @@ parse_key_constraint_extension(struct sshbuf *m, char **sk_providerp, while (sshbuf_len(b) != 0) { if (*ncerts >= AGENT_MAX_EXT_CERTS) { error_f("too many %s constraints", ext_name); + r = SSH_ERR_INVALID_FORMAT; goto out; } *certs = xrecallocarray(*certs, *ncerts, *ncerts + 1, @@ -1759,6 +1763,7 @@ process_ext_session_bind(SocketEntry *e) /* record new key/sid */ if (e->nsession_ids >= AGENT_MAX_SESSION_IDS) { error_f("too many session IDs recorded"); + r = -1; goto out; } e->session_ids = xrecallocarray(e->session_ids, e->nsession_ids, diff --git a/crypto/openssh/ssh-sk-client.c b/crypto/openssh/ssh-sk-client.c index 321fe53a2d91..06fad22134fb 100644 --- a/crypto/openssh/ssh-sk-client.c +++ b/crypto/openssh/ssh-sk-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-sk-client.c,v 1.12 2022/01/14 03:34:00 djm Exp $ */ +/* $OpenBSD: ssh-sk-client.c,v 1.13 2025/02/18 08:02:48 djm Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -439,6 +439,7 @@ sshsk_load_resident(const char *provider_path, const char *device, } if ((srk = calloc(1, sizeof(*srk))) == NULL) { error_f("calloc failed"); + r = SSH_ERR_ALLOC_FAIL; goto out; } srk->key = key; @@ -450,6 +451,7 @@ sshsk_load_resident(const char *provider_path, const char *device, if ((tmp = recallocarray(srks, nsrks, nsrks + 1, sizeof(*srks))) == NULL) { error_f("recallocarray keys failed"); + r = SSH_ERR_ALLOC_FAIL; goto out; } debug_f("srks[%zu]: %s %s uidlen %zu", nsrks, diff --git a/crypto/openssh/sshconnect2.c b/crypto/openssh/sshconnect2.c index 745c2a0517f3..51079f067d8a 100644 --- a/crypto/openssh/sshconnect2.c +++ b/crypto/openssh/sshconnect2.c @@ -101,7 +101,7 @@ verify_host_key_callback(struct sshkey *hostkey, struct ssh *ssh) options.required_rsa_size)) != 0) fatal_r(r, "Bad server host key"); if (verify_host_key(xxx_host, xxx_hostaddr, hostkey, - xxx_conn_info) == -1) + xxx_conn_info) != 0) fatal("Host key verification failed."); return 0; } @@ -700,6 +700,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) if ((pktype = sshkey_type_from_name(pkalg)) == KEY_UNSPEC) { debug_f("server sent unknown pkalg %s", pkalg); + r = SSH_ERR_INVALID_FORMAT; goto done; } if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) { @@ -710,6 +711,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) error("input_userauth_pk_ok: type mismatch " "for decoded key (received %d, expected %d)", key->type, pktype); + r = SSH_ERR_INVALID_FORMAT; goto done; } @@ -729,6 +731,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) SSH_FP_DEFAULT); error_f("server replied with unknown key: %s %s", sshkey_type(key), fp == NULL ? "" : fp); + r = SSH_ERR_INVALID_FORMAT; goto done; } ident = format_identity(id); diff --git a/crypto/openssh/sshsig.c b/crypto/openssh/sshsig.c index 470b286a3a98..057e1df02381 100644 --- a/crypto/openssh/sshsig.c +++ b/crypto/openssh/sshsig.c @@ -874,6 +874,7 @@ cert_filter_principals(const char *path, u_long linenum, } if ((principals = sshbuf_dup_string(nprincipals)) == NULL) { error_f("buffer error"); + r = SSH_ERR_ALLOC_FAIL; goto out; } /* success */ From nobody Fri Feb 21 02:56:40 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzZXS5lV5z5nr2Q; Fri, 21 Feb 2025 02:56:40 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzZXS301nz3dhy; Fri, 21 Feb 2025 02:56:40 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740106600; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=nTS3tHsBaL3bgS9/CoRNFEU7qZ1MNt1gD4uOAhtlZ8Y=; b=IT/nIFUMYegCHIH1dI7Ag5HGg9tvMUk+lOEuEIboyKKzoWXZDgzEOuVUyc+bpeaP9gbKNF PR5Xz/DUKBHsfujRtrs11WaHPUXqjAWPeQ3Q5K03LCoIsPJ/vUoCq1KoNuPF6DNxqat3uO Rb510YjEfwOhdpOMukgE9NzV0Vfi7jwa6k6943h1bFlIHguPVSUdIeN9j553TGCFfJOfSC EM23ynk/5ls96MlknKEIk/c+3hlPFWCwcZe5GNSvjl0najhf9vvcpYmITmPw7cHpIxLWqY 5Z8C+rT96xQNvDOmF6z1dawcAFfrSHIZ2pcz8gwg2OGtgzvwvpCyGdqCJYt4Mw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740106600; a=rsa-sha256; cv=none; b=gPRxdtT65JCXWS5ZhxncKIrUdhvGJuYymnna9B14CRQusQmj0eXTCA3tP2pkxTKtQcBdyp Y1NhzCBj6mouf8rSRCKdA89/kZF1Sm73H19RlsrDy/I42mn3810aiTvSSBqckiTXADg+ii Y2HPeI84Ny7ne3zXVSEMl+qKWExEqcNGqtqgqfvcQA7JGHpWFcC3NxodsDleYkIjocm1y8 epz0xP+eHIuBPqO+RAqKn6txWzEQinWN4ikIpydkJ4UPNr6FUEKOQIyIZvO1tulNBVq80Q 28sLSs+r3g969spUyc/Tp5eFwrOYCR2ad64gVlLttpk9VcyrmLwHxgIN6EnWkA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740106600; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=nTS3tHsBaL3bgS9/CoRNFEU7qZ1MNt1gD4uOAhtlZ8Y=; b=wGqNEsgPnqOT3X1jNqPZvUsTfw0mcB2ePfnN86XE2dcbiXpRyDJBRCuqZJjCUR8KF0ZOfy yO8dyf3bHQIyErfVDSC8ieI/eTOFLbRVqwz8Msj2QRr8zVGSDzLI9HB6Nhnsrn3piAlj0i VwnIdo+LDAebE72nlLyIWkNc4/3ag55mckVlf+crrk6VwCs14MTNgMO3NQx0ekbIkC2tQn b8rE/UpOgZOD7bEWuGgkxbwt1EDm5jsdbBibGzEIDZMTpDREtFdhurz91iWbnWMdmQuWeY eOpe0WHDWY2x5NNGpzlSEKQqk1a+u3VXe0z1b71XRW90Kj6JnodVh3tpIhrDJQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzZXS1zszz1J5R; Fri, 21 Feb 2025 02:56:40 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51L2ueaS079993; Fri, 21 Feb 2025 02:56:40 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51L2ueBZ079990; Fri, 21 Feb 2025 02:56:40 GMT (envelope-from git) Date: Fri, 21 Feb 2025 02:56:40 GMT Message-Id: <202502210256.51L2ueBZ079990@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Gordon Tetlow Subject: git: fe49460873e0 - releng/14.1 - ssh: Bump VersionAddendum for CVE fixes List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: gordon X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.1 X-Git-Reftype: branch X-Git-Commit: fe49460873e0cc87f938922a0f6f22890929adc7 Auto-Submitted: auto-generated The branch releng/14.1 has been updated by gordon: URL: https://cgit.FreeBSD.org/src/commit/?id=fe49460873e0cc87f938922a0f6f22890929adc7 commit fe49460873e0cc87f938922a0f6f22890929adc7 Author: Ed Maste AuthorDate: 2025-02-19 14:00:42 +0000 Commit: Gordon Tetlow CommitDate: 2025-02-21 02:45:28 +0000 ssh: Bump VersionAddendum for CVE fixes Security: FreeBSD-SA-25:05.openssh Approved by: so Sponsored by: The FreeBSD Foundation (cherry picked from commit 62df41ae0a71e77ccb1e8fae06d82eec5dff441a) (cherry picked from commit 24ce323f020fb1ee1b463e524a7a6c15f47ec2a4) --- crypto/openssh/sshd_config | 2 +- crypto/openssh/sshd_config.5 | 2 +- crypto/openssh/version.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config index 7f559775e3b3..a17484b1da2d 100644 --- a/crypto/openssh/sshd_config +++ b/crypto/openssh/sshd_config @@ -105,7 +105,7 @@ AuthorizedKeysFile .ssh/authorized_keys #PermitTunnel no #ChrootDirectory none #UseBlacklist no -#VersionAddendum FreeBSD-20240806 +#VersionAddendum FreeBSD-20250219 # no default banner path #Banner none diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5 index 4de510ac8795..bc7d9e7df969 100644 --- a/crypto/openssh/sshd_config.5 +++ b/crypto/openssh/sshd_config.5 @@ -1944,7 +1944,7 @@ The default is Optionally specifies additional text to append to the SSH protocol banner sent by the server upon connection. The default is -.Qq FreeBSD-20240806 . +.Qq FreeBSD-20250219 . The value .Cm none may be used to disable this. diff --git a/crypto/openssh/version.h b/crypto/openssh/version.h index 82be0be8498f..f3fb7fe333eb 100644 --- a/crypto/openssh/version.h +++ b/crypto/openssh/version.h @@ -5,4 +5,4 @@ #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE -#define SSH_VERSION_FREEBSD "FreeBSD-20240806" +#define SSH_VERSION_FREEBSD "FreeBSD-20250219" From nobody Fri Feb 21 02:56:41 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzZXT6z9Sz5nqx6; Fri, 21 Feb 2025 02:56:41 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzZXT3tnCz3ddb; Fri, 21 Feb 2025 02:56:41 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740106601; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=WIpn6Bjh9nkd9hD41oSl+/+fJch+hPmd20ofPUKqxWc=; b=MsQKOKo/5S9tMgmUJj0YVVHD3UCtHkt43yrbmv1IMu6bgAuZc87tFLYhehLfY97zsoY8dl y9ie95IwunSRkjuIOfh4iHpv2Q79Gdz3TUEvyLfcyqC2/w9w1Ju1jcGLaTbJ0dOoIfHer7 AAHbChAMNvYbAD5jRTu8YWuQaIO8gzRnqymLMlFiaucE53V9HPgEZ8X8VEDIdY0GN4Z1gQ NcGxkubKIZHSsmXhTNo5p0HbE3IGOfAngIbltxgtRDuhb9wJoSMaGkCDvnEFUin1tccht6 Dj/PMmOG2zPy9qRShs7rK3j0bN5HZ1WSbnY/gwq310cQW4CQ3+11506A01xmJg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740106601; a=rsa-sha256; cv=none; b=hiePRwVRaqJC2DiiCcvY5WIUkeoPC1neVbubNJhsuX+JIjN6KA9utsANFSOvXyBWF2F8sl sWhPlwrdGSUNjMVpfw2ESgPhqzctn/K99kjICJFRNN1FWUTVhe+/NEvl8SMbV/fNkb4MI/ TTsn226pZcuKCvWBcKZtnwxuKiZbikrHAc2yqYjozzEyuH3fX7OKd9acUjw/mkrylwaNnb vCldFjPtsAx0J1JmTDrf66W98TgECj5sz+pfKcNJdKa3lPmZLHdXpQRncwin5CB384cheU lm5oV6ME2pxCmKHgzIMlFvWDlpEyLNcLw2+otC5Umd48CPvKqWppAoJTqbZLdA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740106601; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=WIpn6Bjh9nkd9hD41oSl+/+fJch+hPmd20ofPUKqxWc=; b=t32qIbJeASixaS4aAg1JbXfGSf58XUQG4CR0OF3hyd+IKF4fe1lpinn/EbkEA3jnV+NJ/z eCYnDKu0CtpeY2esS/4DgxFERJimLNuaR92PJN8DV2wB54C2509eXRqYD4wYRNYsVgGCjE HTIhijg46oHtOXLS7mkLl5IHJAY+A+if+UOWSFSq62Z9yIkmM2EPIsF+rPH5mR5UaLlu9h a/O04Wq1ySV5TOCimH6I1S/yByNp/0+Wxeu+UxWoH8crFW85fbGwIItF+qjEW4BPXprX8z FLUxt68RwculqHbbov/PW9MobNRLpDnErCg36a4qdl7X3+B6Y2MhWizw/bxEgQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzZXT3DF4z1J2y; Fri, 21 Feb 2025 02:56:41 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51L2ufH9080027; Fri, 21 Feb 2025 02:56:41 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51L2ufk7080024; Fri, 21 Feb 2025 02:56:41 GMT (envelope-from git) Date: Fri, 21 Feb 2025 02:56:41 GMT Message-Id: <202502210256.51L2ufk7080024@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Gordon Tetlow Subject: git: f389e68ca980 - releng/14.1 - Add UPDATING entries and bump version. List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: gordon X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.1 X-Git-Reftype: branch X-Git-Commit: f389e68ca980b7e053a34d9eddde89b4c2a1ee6c Auto-Submitted: auto-generated The branch releng/14.1 has been updated by gordon: URL: https://cgit.FreeBSD.org/src/commit/?id=f389e68ca980b7e053a34d9eddde89b4c2a1ee6c commit f389e68ca980b7e053a34d9eddde89b4c2a1ee6c Author: Gordon Tetlow AuthorDate: 2025-02-21 02:40:31 +0000 Commit: Gordon Tetlow CommitDate: 2025-02-21 02:45:32 +0000 Add UPDATING entries and bump version. Approved by: so --- UPDATING | 5 +++++ sys/conf/newvers.sh | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/UPDATING b/UPDATING index 7d2136381614..932e207fe45c 100644 --- a/UPDATING +++ b/UPDATING @@ -12,6 +12,11 @@ Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before updating system packages and/or ports. +20250221: + 14.1-RELEASE-p8 SA-25:05.openssh + + Multiple vulnerabilities in OpenSSH [SA-25:05.openssh] + 20250129: 14.1-RELEASE-p7 SA-25:01.openssh SA-25:02.fs diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index 388b566b79b0..e8107172d005 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -53,7 +53,7 @@ TYPE="FreeBSD" REVISION="14.1" -BRANCH="RELEASE-p7" +BRANCH="RELEASE-p8" if [ -n "${BRANCH_OVERRIDE}" ]; then BRANCH=${BRANCH_OVERRIDE} fi From nobody Fri Feb 21 02:56:47 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzZXc1k5nz5nrHc; Fri, 21 Feb 2025 02:56:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzZXc08NKz3dvg; Fri, 21 Feb 2025 02:56:48 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740106608; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=UO73cVl15/ogTzQtKK/ofWacc18WAIpoeADNpjCz5lY=; b=Zu1Q2RYMvhdo+1eJbG+CtYgQLFpWVyUe1RAtvHb3XL4jMAWJ2i73Lw9vZkQjQ7aZhyP+Mn /edn1duxRdmlULUYfrtDyA+IoqtHR5UAuhkgVTM2m5JLeRCXOcAr/ExW9tsa0joZoe5Dmn NQ9zKi07p15yf5md/t+r2IGFT6QOMCjJ9BdP9Tk7R/A4vxmCtTRlUiV55wWc+XCNs1didv JfMG579/GSp52cSFfHlv/PfeezweRLwI+iI+0poLZ0EdWr6DcOZ2jYvNu7dmRi2QNECtiV 7CLOpEJ4xHBDIxvF4d4LS2pRyp5e9yNRwKsWhkHFECtUyaH4CWpW1xpLJkbRdg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740106608; a=rsa-sha256; cv=none; b=v35DAbXJk/t3PW+tv/Y2Ev80FUg42JnVqo6xQTFs8kNfroDLwYD6UBodFA6d9C8/nOONES h9SVU0VGO4tpLs0NerHLRPmXUJTIeki6w6oQb+TDGEAbT8z56wVF/Z9V6uMaqcpAoWMil0 ZAAtrqvFHUVWzdCBOt0EOHysFclSAgVM07tVgB56ZUuQj1ZHrNU9naywDI2XKVzZQBAUNo CfDOM9FY27d6Rp6IIVbzPHMupUInngPs7TP2UbLPDyGJjfTbjP4TfzFodi/fv7d/HPMqwU JbcSA+GdDWewITvdUOis6n/PcA7BfQ856/p5QyI7LNqiSYx+xz7r4oDMyLMqYg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740106608; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=UO73cVl15/ogTzQtKK/ofWacc18WAIpoeADNpjCz5lY=; b=HmnGo6enY2NRpq1t7TMTsm9GnFKfbef1RV/iEW3kUbUWCk3EQQjGYUzSDrvDJroFGhgQKR 4YxHYnJjKjVjXjDYMkCMVZsBi0z0vjq7YrseXkb50VKUgvbvkn0uDCKZm/r5SuI0LoLfgB Fn6FRAdBhul8DVhfAxZcGjT8kZtMIt8/1gXxDvpSO2Tq7JMnmtWGKAEYLh5cj0z8aSrwV6 g8fuiJLaEYpFPWGHpsx2XsEvppGFpCccHgRUriXZZf1zz1iGR3XPtZcSc/aXuHD7WSjzm5 wxBrci6K8KCBF/qZNRoE0uU4XJnp9A3vKAVs9aTq4qq80TVO/WaIJMvSW+iE9A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzZXb6kpwz1Hhm; Fri, 21 Feb 2025 02:56:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51L2ulGj080200; Fri, 21 Feb 2025 02:56:47 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51L2ulLK080197; Fri, 21 Feb 2025 02:56:47 GMT (envelope-from git) Date: Fri, 21 Feb 2025 02:56:47 GMT Message-Id: <202502210256.51L2ulLK080197@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Gordon Tetlow Subject: git: c57fcc2d5307 - releng/13.4 - ssh: Don't reply to PING in preauth phase or during KEX List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: gordon X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.4 X-Git-Reftype: branch X-Git-Commit: c57fcc2d5307cf1ad7e2d45d75f5bca9461d3c5b Auto-Submitted: auto-generated The branch releng/13.4 has been updated by gordon: URL: https://cgit.FreeBSD.org/src/commit/?id=c57fcc2d5307cf1ad7e2d45d75f5bca9461d3c5b commit c57fcc2d5307cf1ad7e2d45d75f5bca9461d3c5b Author: Ed Maste AuthorDate: 2025-02-19 03:00:45 +0000 Commit: Gordon Tetlow CommitDate: 2025-02-21 02:42:06 +0000 ssh: Don't reply to PING in preauth phase or during KEX Obtained from: OpenSSH 5e07dee272c3 Security: CVE-2025-26466 Security: FreeBSD-SA-25:05.openssh Approved by: so Sponsored by: The FreeBSD Foundation (cherry picked from commit 8a16d0831e70530b2fbd682e748bd051de35f192) (cherry picked from commit 34798cb576bbd2064ab8da372112482bf8e2a7e6) (cherry picked from commit 3ea366f74475132a743f8667ecafe4a091a29d48) --- crypto/openssh/packet.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/crypto/openssh/packet.c b/crypto/openssh/packet.c index 2d1401e7c9f5..d8fbfa28b800 100644 --- a/crypto/openssh/packet.c +++ b/crypto/openssh/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.313 2023/12/18 14:45:17 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.318 2025/02/18 08:02:12 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1774,6 +1774,14 @@ ssh_packet_read_poll_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) if ((r = sshpkt_get_string_direct(ssh, &d, &len)) != 0) return r; DBG(debug("Received SSH2_MSG_PING len %zu", len)); + if (!ssh->state->after_authentication) { + DBG(debug("Won't reply to PING in preauth")); + break; + } + if (ssh_packet_is_rekeying(ssh)) { + DBG(debug("Won't reply to PING during KEX")); + break; + } if ((r = sshpkt_start(ssh, SSH2_MSG_PONG)) != 0 || (r = sshpkt_put_string(ssh, d, len)) != 0 || (r = sshpkt_send(ssh)) != 0) From nobody Fri Feb 21 02:56:48 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzZXd3Gb8z5nr2X; Fri, 21 Feb 2025 02:56:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzZXd0kvYz3f5T; Fri, 21 Feb 2025 02:56:49 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740106609; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=xJLxcBCkfSgPfeYDBsCOcrleAoghubzOW6dM1EgyDto=; b=hNGfSeFpRHHTYOkH03ybdZadotLBWc/rEKAZzPRO41BEa+E42/bdABS/ZtBiJbTHaS6kH1 cxZMAfJz+L54rjZYOOdSI+jsPY7/i+7rh5iterv0pnyu7WOWgZGfgn5EGe7Y6rGAXEeRAi wM4NHveRsBL3Mede/QIZFh5qR5NeqEf+PKdAhjsng5kAcRtd4aLavONNl57JXi51i93QnB kDgHolnIKSAbxcy20m9ZN8wgytZzDEnkd1WfRIaJog+mxpCS3dWIqh2USLJWVUBbS7czj8 FeRONDMBK9+u17aR9VDKvUqpMHZnAyN4YcW8kMDCwnAbwy9xjXIGJ0dnK4fNXw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740106609; a=rsa-sha256; cv=none; b=fU3VJopEnnNLB5tLN8Jnzkm8+ZKQ2LOoPGoTuuW1g3TAcachpi5ntiArTuLpqbeFn/jTJG D8RFmIMY9N4bgpTcQXoKeY5AdSQqZfiRzJvbz89/Po7V6W7slKdjP/9s/H6ngsFz9ZxaT5 AKZehj1OTJNoHaJvI0ZAuLHuvnBiR4O7h8Z8HFfwXIHKvW1CUUBwQyBJzeKIenPqnwMGzy p/Bb+aoKjSphlFFB03qskB87sPNq0AomDTniTHoEMaU/++byILwJDz6wsRfPM+lLPUpndB sa1zDmGjJjnqySz7FEdjw1HfJKjWk4E+cAc2sRhfPYNLg7MfLj/EWOVTZ2vZPg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740106609; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=xJLxcBCkfSgPfeYDBsCOcrleAoghubzOW6dM1EgyDto=; b=XT+VLh4HlZiDdSqReUlUKsCVJSunkFLOZ3PscgLz4wzUgHTfN8bDI1d13CGsbFBQVq4bs/ YQP5T8O6J3eIrKeoE3XlIOl03c4OY69Cj+iKXjtVrgbs/xPT4C/7Fa2XxvTykdJQ+hIwF4 AK/trWpMMACXzEbmYUUheO/qBT/eTswMblNDUCpndEKgvo0zDYSXHSbd4u7cDNpIoRR1L7 yxN9oiV5kgThlgg1vwaC1mqGXGawbSfAdgX2IYt05ATv+Pjxg0w4nLmOTfilVAFT/A60Xu dOe0LVzd+dcPmzmuN71yfrmX7viflC1SvLlPxELNMSY5ty2KhxTWJLjUiqUb0Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzZXd0KdYz1JGB; Fri, 21 Feb 2025 02:56:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51L2umdZ080239; Fri, 21 Feb 2025 02:56:48 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51L2um3n080236; Fri, 21 Feb 2025 02:56:48 GMT (envelope-from git) Date: Fri, 21 Feb 2025 02:56:48 GMT Message-Id: <202502210256.51L2um3n080236@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Gordon Tetlow Subject: git: 469f61e89ff7 - releng/13.4 - ssh: Fix cases where error codes were not correctly set List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: gordon X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.4 X-Git-Reftype: branch X-Git-Commit: 469f61e89ff74936a22d2ac7405690f0e55cfbb3 Auto-Submitted: auto-generated The branch releng/13.4 has been updated by gordon: URL: https://cgit.FreeBSD.org/src/commit/?id=469f61e89ff74936a22d2ac7405690f0e55cfbb3 commit 469f61e89ff74936a22d2ac7405690f0e55cfbb3 Author: Ed Maste AuthorDate: 2025-02-19 03:03:26 +0000 Commit: Gordon Tetlow CommitDate: 2025-02-21 02:42:33 +0000 ssh: Fix cases where error codes were not correctly set Obtained from: OpenSSH 38df39ecf278 Security: CVE-2025-26465 Security: FreeBSD-SA-25:05.openssh Approved by: so Sponsored by: The FreeBSD Foundation (cherry picked from commit 170059d6d33cf4e890067097f3c0beb3061cabbd) (cherry picked from commit 4ad8c195cf54411e3b3fa0bec227eb83ca078404) (cherry picked from commit 8c67967cb14b0ab7e26ffa9ab6cef470a154e030) --- crypto/openssh/krl.c | 4 +++- crypto/openssh/ssh-agent.c | 5 +++++ crypto/openssh/ssh-sk-client.c | 4 +++- crypto/openssh/sshconnect2.c | 5 ++++- crypto/openssh/sshsig.c | 1 + 5 files changed, 16 insertions(+), 3 deletions(-) diff --git a/crypto/openssh/krl.c b/crypto/openssh/krl.c index e2efdf0667a7..0d0f69534182 100644 --- a/crypto/openssh/krl.c +++ b/crypto/openssh/krl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: krl.c,v 1.59 2023/07/17 05:22:30 djm Exp $ */ +/* $OpenBSD: krl.c,v 1.60 2025/02/18 08:02:48 djm Exp $ */ /* * Copyright (c) 2012 Damien Miller * @@ -674,6 +674,7 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf) break; case KRL_SECTION_CERT_SERIAL_BITMAP: if (rs->lo - bitmap_start > INT_MAX) { + r = SSH_ERR_INVALID_FORMAT; error_f("insane bitmap gap"); goto out; } @@ -1059,6 +1060,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp) } if ((krl = ssh_krl_init()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; error_f("alloc failed"); goto out; } diff --git a/crypto/openssh/ssh-agent.c b/crypto/openssh/ssh-agent.c index 67fa376a36ff..5ea283ddaf29 100644 --- a/crypto/openssh/ssh-agent.c +++ b/crypto/openssh/ssh-agent.c @@ -1226,6 +1226,7 @@ parse_key_constraint_extension(struct sshbuf *m, char **sk_providerp, "restrict-destination-v00@openssh.com") == 0) { if (*dcsp != NULL) { error_f("%s already set", ext_name); + r = SSH_ERR_INVALID_FORMAT; goto out; } if ((r = sshbuf_froms(m, &b)) != 0) { @@ -1235,6 +1236,7 @@ parse_key_constraint_extension(struct sshbuf *m, char **sk_providerp, while (sshbuf_len(b) != 0) { if (*ndcsp >= AGENT_MAX_DEST_CONSTRAINTS) { error_f("too many %s constraints", ext_name); + r = SSH_ERR_INVALID_FORMAT; goto out; } *dcsp = xrecallocarray(*dcsp, *ndcsp, *ndcsp + 1, @@ -1252,6 +1254,7 @@ parse_key_constraint_extension(struct sshbuf *m, char **sk_providerp, } if (*certs != NULL) { error_f("%s already set", ext_name); + r = SSH_ERR_INVALID_FORMAT; goto out; } if ((r = sshbuf_get_u8(m, &v)) != 0 || @@ -1263,6 +1266,7 @@ parse_key_constraint_extension(struct sshbuf *m, char **sk_providerp, while (sshbuf_len(b) != 0) { if (*ncerts >= AGENT_MAX_EXT_CERTS) { error_f("too many %s constraints", ext_name); + r = SSH_ERR_INVALID_FORMAT; goto out; } *certs = xrecallocarray(*certs, *ncerts, *ncerts + 1, @@ -1759,6 +1763,7 @@ process_ext_session_bind(SocketEntry *e) /* record new key/sid */ if (e->nsession_ids >= AGENT_MAX_SESSION_IDS) { error_f("too many session IDs recorded"); + r = -1; goto out; } e->session_ids = xrecallocarray(e->session_ids, e->nsession_ids, diff --git a/crypto/openssh/ssh-sk-client.c b/crypto/openssh/ssh-sk-client.c index 321fe53a2d91..06fad22134fb 100644 --- a/crypto/openssh/ssh-sk-client.c +++ b/crypto/openssh/ssh-sk-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-sk-client.c,v 1.12 2022/01/14 03:34:00 djm Exp $ */ +/* $OpenBSD: ssh-sk-client.c,v 1.13 2025/02/18 08:02:48 djm Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -439,6 +439,7 @@ sshsk_load_resident(const char *provider_path, const char *device, } if ((srk = calloc(1, sizeof(*srk))) == NULL) { error_f("calloc failed"); + r = SSH_ERR_ALLOC_FAIL; goto out; } srk->key = key; @@ -450,6 +451,7 @@ sshsk_load_resident(const char *provider_path, const char *device, if ((tmp = recallocarray(srks, nsrks, nsrks + 1, sizeof(*srks))) == NULL) { error_f("recallocarray keys failed"); + r = SSH_ERR_ALLOC_FAIL; goto out; } debug_f("srks[%zu]: %s %s uidlen %zu", nsrks, diff --git a/crypto/openssh/sshconnect2.c b/crypto/openssh/sshconnect2.c index 745c2a0517f3..51079f067d8a 100644 --- a/crypto/openssh/sshconnect2.c +++ b/crypto/openssh/sshconnect2.c @@ -101,7 +101,7 @@ verify_host_key_callback(struct sshkey *hostkey, struct ssh *ssh) options.required_rsa_size)) != 0) fatal_r(r, "Bad server host key"); if (verify_host_key(xxx_host, xxx_hostaddr, hostkey, - xxx_conn_info) == -1) + xxx_conn_info) != 0) fatal("Host key verification failed."); return 0; } @@ -700,6 +700,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) if ((pktype = sshkey_type_from_name(pkalg)) == KEY_UNSPEC) { debug_f("server sent unknown pkalg %s", pkalg); + r = SSH_ERR_INVALID_FORMAT; goto done; } if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) { @@ -710,6 +711,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) error("input_userauth_pk_ok: type mismatch " "for decoded key (received %d, expected %d)", key->type, pktype); + r = SSH_ERR_INVALID_FORMAT; goto done; } @@ -729,6 +731,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) SSH_FP_DEFAULT); error_f("server replied with unknown key: %s %s", sshkey_type(key), fp == NULL ? "" : fp); + r = SSH_ERR_INVALID_FORMAT; goto done; } ident = format_identity(id); diff --git a/crypto/openssh/sshsig.c b/crypto/openssh/sshsig.c index 470b286a3a98..057e1df02381 100644 --- a/crypto/openssh/sshsig.c +++ b/crypto/openssh/sshsig.c @@ -874,6 +874,7 @@ cert_filter_principals(const char *path, u_long linenum, } if ((principals = sshbuf_dup_string(nprincipals)) == NULL) { error_f("buffer error"); + r = SSH_ERR_ALLOC_FAIL; goto out; } /* success */ From nobody Fri Feb 21 02:56:50 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzZXf3JyJz5nrPr; Fri, 21 Feb 2025 02:56:50 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzZXf1SMXz3f1j; Fri, 21 Feb 2025 02:56:50 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740106610; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=vTD2WtayFGAHJMroESLR9RkWyjwYqKqWn9MNFDGGRdc=; b=vs6J2tQgcOEat1rA3i/krN5maq75zp3pRu6UGoIRocJVHakumKP0rkH2qi/alGEMnYDCRt zwjC724pl0ThWuzLtxLfyfVXb3bhzzcBxqp9K8Fox8qLs1rF5PIMcIhnHFBX9uK/PNZATb lJkf8kxva/JKyF+bjSsS1Xwr8XOD1GoluY1O1xGq2ySs44SqLj3acCB5arG1b+uPSAeMr4 UUzGwOZMMWgj93nwHvXhEeCJOesVUC0dSux6i4gYQ2O/BYIr/ilyLHLB0h0nzpspGZ6Zh0 sIapZHPhkMVrNKeaYvNBIGjN2JvDxeTAUB5aADpwlkW+cIEnUkciu8GbS7oSXA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740106610; a=rsa-sha256; cv=none; b=MPlmg59Xm3mHaZikiwG6pRon1bMwL5MTA5VWql8rVaF1F0q1xEcu5ysg5mMqv1dEEtyheJ neCMEvg5DnnEW7cMAr4VzQ9np7DEdWOY1zLemub68dMVnbB7NvPUq1eO2reS3sj8v1giwt TKsivHqVFuQH/3f/R2rBTHdiM7FFzezaYfAdRhM8c0s+y1DFT1ja7DFW6ORPZ1Ho5W20x+ vFnCYdCNBYYjNoPcl9T+jyWv5BniOC+PCMyt6UPn8XXZg+tqe0Gne0bFXGXrqEksLElBF0 vyrws4iqFfUoSdTyDz2qnlw1FLuFo9WXtPWQpF+aIIfqZFuw8hpH68aqNO8tDw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740106610; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=vTD2WtayFGAHJMroESLR9RkWyjwYqKqWn9MNFDGGRdc=; b=fFjYnAK+PGoGTskydzreZwMp3SbtsR6HyKWAMy6wzp5CXzTMjkZzmhgdKjr5+YZlwyaX3S MB5Uce662PWBVkl8kSdtlIua9ZUZhET3TjNv85sYaSfBqRYdW9ttf/KKYDoFC5Leo3PUpq H1BL2ogBUsN4w6Zm21vNr2qYDe8ZXgx3ZAtdF9sK0Tc9EVyANcEzRR7i482BKxP1esB24h rPTDYXgfxjsSY6WvA9RaOIsJUBdnSSiweDxz4PaUs3viWITgkeTpe+Y4+PuPU2I6WPOnGL jsLdX+TBIocxvNLs0E+2W1BVnH7YsZUF/UTtfwc4v6AUuPQeIGiACQDGTmMe7w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzZXf12H4z1JCC; Fri, 21 Feb 2025 02:56:50 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51L2uocd080274; Fri, 21 Feb 2025 02:56:50 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51L2uoS1080271; Fri, 21 Feb 2025 02:56:50 GMT (envelope-from git) Date: Fri, 21 Feb 2025 02:56:50 GMT Message-Id: <202502210256.51L2uoS1080271@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Gordon Tetlow Subject: git: 14c733f25493 - releng/13.4 - ssh: Bump VersionAddendum for CVE fixes List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: gordon X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.4 X-Git-Reftype: branch X-Git-Commit: 14c733f25493bad48235272ccea0b59b956bfe1f Auto-Submitted: auto-generated The branch releng/13.4 has been updated by gordon: URL: https://cgit.FreeBSD.org/src/commit/?id=14c733f25493bad48235272ccea0b59b956bfe1f commit 14c733f25493bad48235272ccea0b59b956bfe1f Author: Ed Maste AuthorDate: 2025-02-19 14:00:42 +0000 Commit: Gordon Tetlow CommitDate: 2025-02-21 02:45:10 +0000 ssh: Bump VersionAddendum for CVE fixes Security: FreeBSD-SA-25:05.openssh Approved by: so Sponsored by: The FreeBSD Foundation (cherry picked from commit 62df41ae0a71e77ccb1e8fae06d82eec5dff441a) (cherry picked from commit 24ce323f020fb1ee1b463e524a7a6c15f47ec2a4) (cherry picked from commit 2fc62d0bd4f7ca90d7abdfaf076dd49022bf7d54) --- crypto/openssh/ssh_config | 2 +- crypto/openssh/ssh_config.5 | 2 +- crypto/openssh/sshd_config | 2 +- crypto/openssh/sshd_config.5 | 2 +- crypto/openssh/version.h | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/crypto/openssh/ssh_config b/crypto/openssh/ssh_config index a047ce2deb93..518edcd2a01a 100644 --- a/crypto/openssh/ssh_config +++ b/crypto/openssh/ssh_config @@ -44,4 +44,4 @@ # ProxyCommand ssh -q -W %h:%p gateway.example.com # RekeyLimit 1G 1h # UserKnownHostsFile ~/.ssh/known_hosts.d/%k -# VersionAddendum FreeBSD-20240806 +# VersionAddendum FreeBSD-20250219 diff --git a/crypto/openssh/ssh_config.5 b/crypto/openssh/ssh_config.5 index de1903ba43a2..60e4b31a2de5 100644 --- a/crypto/openssh/ssh_config.5 +++ b/crypto/openssh/ssh_config.5 @@ -2137,7 +2137,7 @@ in Specifies a string to append to the regular version string to identify OS- or site-specific modifications. The default is -.Dq FreeBSD-20240806 . +.Dq FreeBSD-20250219 . The value .Cm none may be used to disable this. diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config index 866e905d9515..fddc6fee17e3 100644 --- a/crypto/openssh/sshd_config +++ b/crypto/openssh/sshd_config @@ -105,7 +105,7 @@ AuthorizedKeysFile .ssh/authorized_keys #PermitTunnel no #ChrootDirectory none #UseBlacklist no -#VersionAddendum FreeBSD-20240806 +#VersionAddendum FreeBSD-20250219 # no default banner path #Banner none diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5 index a354c1ef2b0a..a5d6ef07c83f 100644 --- a/crypto/openssh/sshd_config.5 +++ b/crypto/openssh/sshd_config.5 @@ -1947,7 +1947,7 @@ The default is Optionally specifies additional text to append to the SSH protocol banner sent by the server upon connection. The default is -.Qq FreeBSD-20240806 . +.Qq FreeBSD-20250219 . The value .Cm none may be used to disable this. diff --git a/crypto/openssh/version.h b/crypto/openssh/version.h index 82be0be8498f..f3fb7fe333eb 100644 --- a/crypto/openssh/version.h +++ b/crypto/openssh/version.h @@ -5,4 +5,4 @@ #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE -#define SSH_VERSION_FREEBSD "FreeBSD-20240806" +#define SSH_VERSION_FREEBSD "FreeBSD-20250219" From nobody Fri Feb 21 02:56:51 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzZXg4gCMz5nr0k; Fri, 21 Feb 2025 02:56:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzZXg2VtDz3dwJ; Fri, 21 Feb 2025 02:56:51 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740106611; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=jWo8ga6bBDGM7F+gAzzyT+O7AlONr5ur91h8VslCAG8=; b=MKdXpCAR03h6LQkjS5xXZeZMJqZ0P6/hbgAoy5PkbxmaS9V2Ki562yjl2mM9tc8HrufLXI oWC+IcweDt/S64jdN6RuvZBNX1CS1xCdO34saWH7btrGp9WGT9kz4uLRLDGfBfU0e8oQ15 RkIS12TVwVDFGr+EE6lGT6B0vV2jSXnBq6VQXc3I0kKbHQxN3JRSPJQ8WU0HR4rxjpC7NM pm537QQ4Ms3nxrp7mmvDK4aNaD5w6/ir/UDDdp7tprX7z6cJ/WEkpxYdJBjQflm+LWpDMr v/t3GLxxR6hp1afmNSAenyFGgECd4nOcCJFGYpxmxMWjtcPQqR9tdEtRqWLM1w== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740106611; a=rsa-sha256; cv=none; b=UvAw22+cKG9DFnymECz97Ttf2YL4By+8fuVSJn2tGRQn/Jn0AW5ujieAFZYMEbMIpMMMbj 25jRLrXHqjyiZT9cXyrdcEf7x+DLvkrt9Xci12lLgIuB4EaoRJj8HxTx94qLNoIqpwtX5y znN2A7ikQ+xdFHYCu72whQsyhXKwI2TdKgjrghk6yKLWg+7uUm96uF6T6xXaO1T+FbkpF9 iZ4rOTIlLElBsmrcmhIqHwwj11Y7TEHkzHYwJcot+dWZ06euVeEOaYRosOkngzKLuVwIiq FZyHD2U3c7whza1G+3T7V8tXtdg3utxhvt1PRMfAdHUrakQ4IAiHpzRfooK3JQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740106611; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=jWo8ga6bBDGM7F+gAzzyT+O7AlONr5ur91h8VslCAG8=; b=JQUSzX7YaMq6f11gL5rc/oOu6VjWXbmFdjUrf3cgluAOKOUDrRgIXPrPSNT6382aq6UBDV jhqk58q9Max6XfWv1UqO2WTAhP9LCwF88vpUqZQz3aqsWeEYnXvdEdNbKIPulNvtQVcqg2 1n1vi6LmfyvzDirJzj0jm5sqijrFdM0LHA8MCQmjtno4B/YLhqu9ePUH8Olu5b4k1GjtnE Si2xsN6UX7U1xTsSzF4wZXeSHZRwRCjf+zkWSdXod8x+r1hwOtFP2bLLfh6d3WsqJLDvWv iLvrJV5uGKvPsoTGY5nhDLbftSFNATwFmpJhuT4nia5FVm6R2MsD6o/pA+gO6A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzZXg1y0Tz1Hhn; Fri, 21 Feb 2025 02:56:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51L2up06080308; Fri, 21 Feb 2025 02:56:51 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51L2upvl080305; Fri, 21 Feb 2025 02:56:51 GMT (envelope-from git) Date: Fri, 21 Feb 2025 02:56:51 GMT Message-Id: <202502210256.51L2upvl080305@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Gordon Tetlow Subject: git: 27f132c05c39 - releng/13.4 - Add updating entries and bump version. List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: gordon X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.4 X-Git-Reftype: branch X-Git-Commit: 27f132c05c39138b375591d2bf9f73f680997de3 Auto-Submitted: auto-generated The branch releng/13.4 has been updated by gordon: URL: https://cgit.FreeBSD.org/src/commit/?id=27f132c05c39138b375591d2bf9f73f680997de3 commit 27f132c05c39138b375591d2bf9f73f680997de3 Author: Gordon Tetlow AuthorDate: 2025-02-21 02:43:38 +0000 Commit: Gordon Tetlow CommitDate: 2025-02-21 02:45:14 +0000 Add updating entries and bump version. Approved by: so --- UPDATING | 5 +++++ sys/conf/newvers.sh | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/UPDATING b/UPDATING index 0e6b2e1ebb53..45564a7b95a2 100644 --- a/UPDATING +++ b/UPDATING @@ -12,6 +12,11 @@ Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before updating system packages and/or ports. +20250221: + 13.4-RELEASE-p4 SA-25:05.openssh + + Multiple vulnerabilities in OpenSSH [SA-25:05.openssh] + 20250129: 13.4-RELEASE-p3 SA-25:02.fs SA-25:03.etcupdate diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index 8654f15c500f..e91c38608048 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -53,7 +53,7 @@ TYPE="FreeBSD" REVISION="13.4" -BRANCH="RELEASE-p3" +BRANCH="RELEASE-p4" if [ -n "${BRANCH_OVERRIDE}" ]; then BRANCH=${BRANCH_OVERRIDE} fi From nobody Fri Feb 21 11:17:53 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Yznfn51bpz5pdYw; Fri, 21 Feb 2025 11:17:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Yznfn4KrFz3mk4; Fri, 21 Feb 2025 11:17:53 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740136673; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=nNzvv+A99Ue/71R5a+shJtyC7uIGIOVU3nZG+wlNKL0=; b=SJ765Bmo0E+R/MSZZgoOxsi95EeYFhqDxyfHdLncw9PvTNnfOaQ1tpLWwf7slphBjT0baf 6IuNDflt9vdjReaqfIFGIa9juQ8oPzBB4oxuiYsv50doyuna1IsWKdy5GlkAmlA3ZeH7Dk j+1ZVgCz55Cit5ptPWEvkiUNinopVl8QExGoM5uIH+PfSbRUTblYKaNswCAnWAZHpyMxtQ ZrG2512NlWv9pShEOxgleYrfod0nGZZky3sbt7Ie/pTQb8n3nI0aUQEEZXzeYb9QG4f32t vDZNzsA0zgpTSEeGabE7IR84fmyn5suF0T8ZpipcI5LqBdYxC8GsvKO0sAk8oA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740136673; a=rsa-sha256; cv=none; b=GwfyMcXgY+J0B2R/AJyOkCccq74tWidzKcGpTxGz++Z0Jw0va/Au6hESo918TuyA6h57i+ dPkRhn198ZGBJ183j23/yaH8nrJm0bnGl9aG9ak/WXP8zzc4WD8xJ0WjIIBG+DUlVDkAP5 /qnd4VrIllRqP8LjQi+EZfaAWBvAnoxpYzt5NQdd0glUqIz089EOyY/lZ1lcVnwUmwvLis eHUZTgjI8oP/rEFHSn255lvNObtgprRMfG65KCHX8TfkyJRqA2yt6+rl3hLH3oTT9RX9bj eAOQ5X3m+QffccWz531dUPALOP3qUs82jLGYwkMaHT91R1ox46z2VNGpaZoIcg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740136673; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=nNzvv+A99Ue/71R5a+shJtyC7uIGIOVU3nZG+wlNKL0=; b=HOUqInWKNyd0df4dxH+80fhhThAP+tCtbEss1I2j26nxTH1CAjp6sDfOqnJts9Fe71YXrZ E34Gs7FmeWFFH9jBtmwrAzEWYpZJHJ6EHJqlvx0bjQvnrNyWv3IpF4hsB5SAGK5ZTC6qEe b/k+/fRI4QaUhlsFf+whzSZkjKavwTGqT6K6hqUEj7h4uNMgcrmq+Xfm25KPnz9DcXFAbQ cacUszVJypaDHXDfBr19XAF589MBbg9ocBnQSTwvwUQjqtLNdJzpXRetNbkmeUEwjX+tLS NUvXaN73ogz8xCh2WxCo0G5s5upyZHyj4tbjZ23upWVrtx2dFFGVHesgj5sh0Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Yznfn3jSlz4Bf; Fri, 21 Feb 2025 11:17:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51LBHrVE016094; Fri, 21 Feb 2025 11:17:53 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51LBHrMc016091; Fri, 21 Feb 2025 11:17:53 GMT (envelope-from git) Date: Fri, 21 Feb 2025 11:17:53 GMT Message-Id: <202502211117.51LBHrMc016091@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: "Andrey V. Elsukov" Subject: git: fd258b6dd15b - stable/14 - ipfw: make 'ipfw show' output compatible with 'ipfw add' command List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: ae X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: fd258b6dd15b663767a2c919489ba278333abd95 Auto-Submitted: auto-generated The branch stable/14 has been updated by ae: URL: https://cgit.FreeBSD.org/src/commit/?id=fd258b6dd15b663767a2c919489ba278333abd95 commit fd258b6dd15b663767a2c919489ba278333abd95 Author: Andrey V. Elsukov AuthorDate: 2025-02-11 09:48:17 +0000 Commit: Andrey V. Elsukov CommitDate: 2025-02-21 11:16:15 +0000 ipfw: make 'ipfw show' output compatible with 'ipfw add' command If rule was added in compact form and rule body is empty, print 'proto ip' opcode to be compatible with ipfw(8) syntax parser. Before: $ ipfw add allow proto ip 000700 allow After: $ ipfw add allow proto ip 000700 allow proto ip (cherry picked from commit 706a03f61bbb6e0cf10e6c3727966495b30d763e) --- sbin/ipfw/ipfw2.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c index 7a8601aad46a..beff243ecdbd 100644 --- a/sbin/ipfw/ipfw2.c +++ b/sbin/ipfw/ipfw2.c @@ -2380,6 +2380,13 @@ show_static_rule(struct cmdline_opts *co, struct format_opts *fo, if (rule->flags & IPFW_RULE_JUSTOPTS) { state.flags |= HAVE_PROTO | HAVE_SRCIP | HAVE_DSTIP; + /* + * Print `proto ip` if all opcodes has been already printed. + */ + if (memchr(state.printed, 0, rule->act_ofs) == NULL) { + bprintf(bp, " proto ip"); + goto end; + } goto justopts; } From nobody Fri Feb 21 11:19:54 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Yznj717pkz5pdcD; Fri, 21 Feb 2025 11:19:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Yznj70Lyjz3mrg; Fri, 21 Feb 2025 11:19:55 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740136795; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=7aSMadKsSHdxz/At2qLihppbzzCOHMIj1WObPL0xIaM=; b=DEGs0o7YavjqEDN+799Biidn7zQWHLQw+ByGFk8QAOP66XlALt3R2nqQVFiERePc7XPRVP SocNmyMJ0lAAorGfco3Aib8EtjdGagPEheUT60Ax85+9Lz1XncnidVNjXNeEIqRhEt2V/C 9/GXepZpUvvcNWJh7vLdGFtsN5mzeN50VNwC795O9z+DhHK1SI+80dR0OVp2bg4AwpDWkl iHqZP4CncdfoGKsLg+u70s9/woH0H/TNVqN8D2gImdCjw12qmgqvxb8qr/0R2V5jMT5TQU NN+ALZn0P7+RbsAKq+DTUAYmj3fEUfBWDoNWI/DcW11OYhI2LLdzzTw3WWIFFg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740136795; a=rsa-sha256; cv=none; b=S7dhAhPcQm1/Iajks5nUF5LSf3bT6xeCAUUz3a2uRNQlwP8TZWzGwTeHCqqfR0Gxq/b5T2 KC6VUD5tc56pEIN4xw9GTKQ6JnOLLRdkw7Whf9yu/7kdmS46ZtA8Q+rlkL604hnzEe4mhP qB9BuHzXvNjbCBPx1eZ+Gy7jN3H7j5aMTGBEkw8IqIyvOF5Xn0cl0QTwT1jbOl+G7mwLBA AKbAj7G/YwlsldWAhGwX9/cR6AVQhLXl+R6/Ieuxwr2jZjP9ulxytUKZeO2zo86hx41I/K yJbOsWBZN68ciQJZzSEDdBA8NK4BM+wOoPEagnjPSuHN35ICuGAALeD/qIx6BA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740136795; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=7aSMadKsSHdxz/At2qLihppbzzCOHMIj1WObPL0xIaM=; b=TV3tX+Bp7VzYoOBUVNHoWDPMOP1ukuvTGxbdtryXITvGJON/6Nfqho+J/OmrGBPeTYAkgs T4PMyZzz13XYpqaK36feNhw/QmCXL/N0NK/gHQdJnxwyjtwye2PVDwyJUs89se3ptMdd0+ qNwFX3C3UVor1PgIKRq6G3eb0OZPSVx8eGnfx9NzNOmocZC55YgnoAg2yh+M0dTIHhQKGD PXkgiKkxNb8uhnWTxgTtHe3qTvVE0fUBUZxYnGLS6V5POqVRnVSlwUgwJWppFVCs+f92xb Rg0QOLkCMl+nV97qU7u6q/L88k1KIV9r1TDszLf3e0HV67ybuIJbo/o2QMa6lw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Yznj66lNjz4Lx; Fri, 21 Feb 2025 11:19:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51LBJsjT016777; Fri, 21 Feb 2025 11:19:54 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51LBJst4016774; Fri, 21 Feb 2025 11:19:54 GMT (envelope-from git) Date: Fri, 21 Feb 2025 11:19:54 GMT Message-Id: <202502211119.51LBJst4016774@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: "Andrey V. Elsukov" Subject: git: 63422982e074 - stable/13 - ipfw: make 'ipfw show' output compatible with 'ipfw add' command List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: ae X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 63422982e074a144cfb420408be06e6dc154f9fe Auto-Submitted: auto-generated The branch stable/13 has been updated by ae: URL: https://cgit.FreeBSD.org/src/commit/?id=63422982e074a144cfb420408be06e6dc154f9fe commit 63422982e074a144cfb420408be06e6dc154f9fe Author: Andrey V. Elsukov AuthorDate: 2025-02-11 09:48:17 +0000 Commit: Andrey V. Elsukov CommitDate: 2025-02-21 11:18:44 +0000 ipfw: make 'ipfw show' output compatible with 'ipfw add' command If rule was added in compact form and rule body is empty, print 'proto ip' opcode to be compatible with ipfw(8) syntax parser. Before: $ ipfw add allow proto ip 000700 allow After: $ ipfw add allow proto ip 000700 allow proto ip (cherry picked from commit 706a03f61bbb6e0cf10e6c3727966495b30d763e) --- sbin/ipfw/ipfw2.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c index 46c51081ded4..7a084249c4eb 100644 --- a/sbin/ipfw/ipfw2.c +++ b/sbin/ipfw/ipfw2.c @@ -2276,6 +2276,13 @@ show_static_rule(struct cmdline_opts *co, struct format_opts *fo, if (rule->flags & IPFW_RULE_JUSTOPTS) { state.flags |= HAVE_PROTO | HAVE_SRCIP | HAVE_DSTIP; + /* + * Print `proto ip` if all opcodes has been already printed. + */ + if (memchr(state.printed, 0, rule->act_ofs) == NULL) { + bprintf(bp, " proto ip"); + goto end; + } goto justopts; } From nobody Fri Feb 21 14:41:26 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Yzt9f6j8xz5njDF; Fri, 21 Feb 2025 14:41:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Yzt9f62Jpz3bgF; Fri, 21 Feb 2025 14:41:26 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740148886; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Ffue+iHhg54ur+hoFjP+Sgi8Vm4d/UKkWx4BEKRAttg=; b=V8cMsDi53Os/cKhbGGAvbGCnwGIchtL60xnxkhTID9IbrQGW4IK8YFgajo+7mGbDm6HT/f umLzgSqFZa2ppNLXJeU5lNUGPGdD+EzWkM8Luy2GB/6dRzWTbFV/SYkG74HbGtW9yIk5KJ 38cF03hJQkdohgXrZWfOiDgWvYr6x4n34fBY3OUM+hS3Us2WBbbR436Iried+Hy5QAaHsV 5BVRksu3P17NXN+0W3u4DzQBywv5S8aPs5IRPnnWVOt6RAL4DKzzub+JUIlpgyYQsBUGb5 nZe4wiaibU0PBxOcepH8pMYnKmGgeFCz229BLk7+iDqfKaCN/mPxGts5MUAigA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740148886; a=rsa-sha256; cv=none; b=PD9UyNOTG+KFrLqw/7JZPZ4G6Nlze1+wfizZOdRzPgSo2dDYLy533LzjgvH0FIEjY0eYP9 c46bUS/07yLpr8VuCfT/ocF+EkwNdJPyhNlyLX6W07VzWmJIe0RVJC/Tt9CtmF2KOUf+vV AYJM7RcP3fhp/LkSBGrPS5LClrI1kCMmrofv3Cu9OlkIRfe6+ZefZOi5WwtTOdLdy3e82Z 31Otyrkw3hMnu2dl9DsRNlBf7Z3isc0AwTiYhkNkFjUt4zjm2jyLGEZrBSzozLFD2Uf9L8 9WtcZIpmzWiU4jPs/wI17fBfPfd+rQ7tuPMIHR24RcP6tHGI8cFOM6WhWSg8kg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740148886; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Ffue+iHhg54ur+hoFjP+Sgi8Vm4d/UKkWx4BEKRAttg=; b=ZZT3ghFVuNpcG7vjHCCFjXfbrtJMl6XDAiePouwUFVvuzfIcdOFxIkM2shMcDbFG/VaAF1 Vn8kOHMx/AwdKd7X6/Z7RtqN+zTkPoYYQJm/u1RUiVu0J6OltSq60wC2OSfJrruJ0ZStKA 1Ki8NCXLGT412aiJlf1RjaON4uLIOb/A2+YH9DE/X4IGo8p3JW/pk1gV7S4i1WKW0YM9DM CV0KxiFiIX1Z+oqkYunR3yZmXu0JCIap+u3qllcthkBbXzckeMCsH27MZmurGFYMEQ08hF tTHxKCaKl5rp4xkQxU24tuI0TnbN0+XIcVjR0GNNIzUrKAgO4MTj0vtUfEZGbQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Yzt9f5MsSzB35; Fri, 21 Feb 2025 14:41:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51LEfQXk006937; Fri, 21 Feb 2025 14:41:26 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51LEfQlW006934; Fri, 21 Feb 2025 14:41:26 GMT (envelope-from git) Date: Fri, 21 Feb 2025 14:41:26 GMT Message-Id: <202502211441.51LEfQlW006934@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 860c84bc7618 - stable/14 - pf: Stop using net_epoch to synchronize access to eth rules List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 860c84bc76180910605a1794c624b55cc12926f7 Auto-Submitted: auto-generated The branch stable/14 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=860c84bc76180910605a1794c624b55cc12926f7 commit 860c84bc76180910605a1794c624b55cc12926f7 Author: Mark Johnston AuthorDate: 2025-02-06 14:36:20 +0000 Commit: Mark Johnston CommitDate: 2025-02-21 14:41:18 +0000 pf: Stop using net_epoch to synchronize access to eth rules Commit 20c4899a8eea4 modified pf_test_eth_rule() to not acquire the rules read lock, so pf_commit_eth() was changed to wait until the now-inactive rules are no longer in use before freeing them. In particular, it uses the net_epoch to schedule callbacks once the inactive rules are no longer visible to packet processing threads. However, since commit 812839e5aaaf4, pf_test_eth_rule() acquires the rules read lock, so this deferred action is unneeded. This patch reverts a portion of 20c4899a8eea4 such that we avoid using deferred callbacks to free inactive rules. The main motivation is performance: epoch_drain_callbacks() is quite slow, especially on busy systems, and its use in the DIOCXBEGIN handler in particular causes long stalls in relayd when reloading configuration. Reviewed by: kp MFC after: 2 weeks Sponsored by: Klara, Inc. Sponsored by: Modirum MDPay Differential Revision: https://reviews.freebsd.org/D48822 (cherry picked from commit 7a66b3008693ce61957e8b2a3d99829063e1e4af) --- sys/net/pfvar.h | 1 - sys/netpfil/pf/pf.c | 9 +++------ sys/netpfil/pf/pf_ioctl.c | 32 +++----------------------------- 3 files changed, 6 insertions(+), 36 deletions(-) diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 30050896b44e..9ceed54fd52b 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -667,7 +667,6 @@ struct pf_keth_ruleset { int open; uint32_t ticket; } active, inactive; - struct epoch_context epoch_ctx; struct vnet *vnet; struct pf_keth_anchor *anchor; }; diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 064277082475..b14ab91cd7aa 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -4422,11 +4422,6 @@ pf_test_eth_rule(int dir, struct pfi_kkif *kif, struct mbuf **m0) return (PF_PASS); } - ruleset = V_pf_keth; - rules = ck_pr_load_ptr(&ruleset->active.rules); - r = TAILQ_FIRST(rules); - rm = NULL; - e = mtod(m, struct ether_header *); proto = ntohs(e->ether_type); @@ -4463,7 +4458,9 @@ pf_test_eth_rule(int dir, struct pfi_kkif *kif, struct mbuf **m0) PF_RULES_RLOCK(); - while (r != NULL) { + ruleset = V_pf_keth; + rules = atomic_load_ptr(&ruleset->active.rules); + for (r = TAILQ_FIRST(rules), rm = NULL; r != NULL;) { counter_u64_add(r->evaluations, 1); SDT_PROBE2(pf, eth, test_rule, test, r->nr, r); diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index e67a0ddadfb7..d95f36d06ee3 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -106,7 +106,6 @@ static void pf_empty_kpool(struct pf_kpalist *); static int pfioctl(struct cdev *, u_long, caddr_t, int, struct thread *); static int pf_begin_eth(uint32_t *, const char *); -static void pf_rollback_eth_cb(struct epoch_context *); static int pf_rollback_eth(uint32_t, const char *); static int pf_commit_eth(uint32_t, const char *); static void pf_free_eth_rule(struct pf_keth_rule *); @@ -782,23 +781,6 @@ pf_begin_eth(uint32_t *ticket, const char *anchor) return (0); } -static void -pf_rollback_eth_cb(struct epoch_context *ctx) -{ - struct pf_keth_ruleset *rs; - - rs = __containerof(ctx, struct pf_keth_ruleset, epoch_ctx); - - CURVNET_SET(rs->vnet); - - PF_RULES_WLOCK(); - pf_rollback_eth(rs->inactive.ticket, - rs->anchor ? rs->anchor->path : ""); - PF_RULES_WUNLOCK(); - - CURVNET_RESTORE(); -} - static int pf_rollback_eth(uint32_t ticket, const char *anchor) { @@ -892,15 +874,12 @@ pf_commit_eth(uint32_t ticket, const char *anchor) pf_eth_calc_skip_steps(rs->inactive.rules); rules = rs->active.rules; - ck_pr_store_ptr(&rs->active.rules, rs->inactive.rules); + atomic_store_ptr(&rs->active.rules, rs->inactive.rules); rs->inactive.rules = rules; rs->inactive.ticket = rs->active.ticket; - /* Clean up inactive rules (i.e. previously active rules), only when - * we're sure they're no longer used. */ - NET_EPOCH_CALL(pf_rollback_eth_cb, &rs->epoch_ctx); - - return (0); + return (pf_rollback_eth(rs->inactive.ticket, + rs->anchor ? rs->anchor->path : "")); } #ifdef ALTQ @@ -5208,8 +5187,6 @@ DIOCCHANGEADDR_error: free(ioes, M_TEMP); break; } - /* Ensure there's no more ethernet rules to clean up. */ - NET_EPOCH_DRAIN_CALLBACKS(); PF_RULES_WLOCK(); for (i = 0, ioe = ioes; i < io->size; i++, ioe++) { ioe->anchor[sizeof(ioe->anchor) - 1] = '\0'; @@ -6852,9 +6829,6 @@ pf_unload_vnet(void) shutdown_pf(); PF_RULES_WUNLOCK(); - /* Make sure we've cleaned up ethernet rules before we continue. */ - NET_EPOCH_DRAIN_CALLBACKS(); - ret = swi_remove(V_pf_swi_cookie); MPASS(ret == 0); ret = intr_event_destroy(V_pf_swi_ie); From nobody Fri Feb 21 16:25:54 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzwVB2RxJz5nt0c; Fri, 21 Feb 2025 16:25:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzwVB1gKVz3mDr; Fri, 21 Feb 2025 16:25:54 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740155154; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=SsW6wyY7JT7D5JF1k9kYE16drgb7uq2NqTrEn6gQlcI=; b=GXEj8lI7J2ZehR+N8oZ6dluEGJfaHaj9t3mMuaykXmcv2cD8YgPTLV11bW/fhvwvvv0zZK B8lZzBkAFKSLOS8bwwdp7NsvAOaGcIXiWL1KrCCkzLJ/Qi4jv2Dvcu8GyfCFKr0Cx4R+dA WOBlZEKyqRegEMjoaHfxDPfOa+MDDusxmm15/1ntBRWHArI1eykSgUmAOB4TGlhq2cDlsl XHHRQ/7i9yNFyUSR1qI9CE6/XsqCZx3bgMH9SjGKrZL7Ezcj3o1yKHcBoNIvhqFzxt4417 Q0mxZpEN+LBLLvA+G3mZsAN39na5ltQhLMZAD7OtN47AAG+R5xtiSG6x4q+qCA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740155154; a=rsa-sha256; cv=none; b=RSvaaM2IJ4p3coYJSuKv24fJRpzAfhhGqXYGGwqLbdT0rrUF0zH01VxAaF24Rl1HuW4LIX +kFgB0ijdkHQLxYdjxDQmxxpclubR4310TVOKxxpvTeYo7PlrurkXCJhtGfx8TxyAOlP0Z matI+l3oHSHzUKv0lBJ3OTcrhclzpUgIIudgj81eERQOw5cMpdDnKV+y+LMZespX2/pMsp KyO72Sb6OLyQuB7VaJiwmyUxHXXHATwSD9txi7ZLWBZ8IiZq23ArgRQHRstBib3ILalmpN V6AbITT/LYo4Wt0WLLxJkwq/4lF5TamHV3jL950lvPPtornnSMHh5znWISQuRQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740155154; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=SsW6wyY7JT7D5JF1k9kYE16drgb7uq2NqTrEn6gQlcI=; b=OI44+R6Nhb+vvcUcj57Pfur9F85XY1OMidcNKuQuHrQfhe7D0RAaqTy7eum+D6AOIu1RbH e4YwEaY74Dsa2RnJguwnPHcW9evd/aJQC5ALla0WS7IAV3iZObz/pcPippWYkswZVTqN5x yFAzma6vc87HcE2aXabihSKDNeIJMBIv3yXP3BtZdkhK+GckovQRgmAiT+M861kPr2RmFp dq+u+Ay7mswpeaUGbs7vvNUVuZx89G6EY7xeytKHMxq4kHB3MVwXCldDicCwx3sLt83RkX 9ieNjH+npzfEj2mvZirU5LUytvdW5SiRMzX+HYOJ88EH4bZtc6oioSnq5bL7Hg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzwVB1F6SzTX6; Fri, 21 Feb 2025 16:25:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51LGPst0096049; Fri, 21 Feb 2025 16:25:54 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51LGPsEo096046; Fri, 21 Feb 2025 16:25:54 GMT (envelope-from git) Date: Fri, 21 Feb 2025 16:25:54 GMT Message-Id: <202502211625.51LGPsEo096046@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Colin Percival Subject: git: 93b7f9301c56 - releng/13.5 - pkg-stage.sh: Remove kde entirely List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cperciva X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.5 X-Git-Reftype: branch X-Git-Commit: 93b7f9301c56867ab1ebdf1ac245106c9bf592d4 Auto-Submitted: auto-generated The branch releng/13.5 has been updated by cperciva: URL: https://cgit.FreeBSD.org/src/commit/?id=93b7f9301c56867ab1ebdf1ac245106c9bf592d4 commit 93b7f9301c56867ab1ebdf1ac245106c9bf592d4 Author: Colin Percival AuthorDate: 2025-02-21 16:18:19 +0000 Commit: Colin Percival CommitDate: 2025-02-21 16:18:19 +0000 pkg-stage.sh: Remove kde entirely The package set for FreeBSD 13.5 comes from the 2025Q1 branch, which doesn't have the new x11/kde (aka KDE 6) port; but shipping x11/kde5 (which is still in the 2025Q1 branch) doesn't make much sense either since a few weeks after the release that will no longer be available in either "latest" or "quarterly" package sets. Just remove KDE packages from the 13.5 DVD entirely; this also makes the DVD image fit into 4.7 GB size limit of physical DVDs again. Direct commit to releng/13.5. With hat: re Approved by: re (cperciva) Fixes: ee6c7bf50b93 ("pkg-stage.sh: kde5 -> kde") Sponsored by: Amazon --- release/scripts/pkg-stage.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/release/scripts/pkg-stage.sh b/release/scripts/pkg-stage.sh index 8e3e1f35e112..2bb2f791508f 100755 --- a/release/scripts/pkg-stage.sh +++ b/release/scripts/pkg-stage.sh @@ -28,7 +28,6 @@ sysutils/tmux www/firefox www/links x11/gnome -x11/kde x11/sddm x11/xorg x11-wm/sway" From nobody Sat Feb 22 00:32:00 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Z07H46NjBz5nfwQ; Sat, 22 Feb 2025 00:32:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Z07H45p49z3Xx0; Sat, 22 Feb 2025 00:32:00 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740184320; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=k3ablwamMavFThjowaQvNTYdEqc2LwQN2oU4BV4gv3U=; b=HWyEOmseSe4Zsm8MeGmmZNfOFuUq6JjuEROs3CgaiKmYqIRkG7jYJKNacCecEe4LaBWQPF 9D9Xqb/BgPIbKiMVKjf0xxDppUZUf1R3vyohdTWoofdCX8ZjPdYX3xphcYmjVqigq3Stb+ QUX8LH4henQsTI6SBHacnoZlTRqDgdt2i/v5X4iD6hjdK4/tq6wQPWK5vytToemL+DG+CI tXhExU8qFri8ZKUnuW3j4wxEnVzr5JjKFnirgdKZ2Dm5yGTJOzhJNGaReWppYEJN9jv5L6 HzmI8zQQdJYNqssEjbbh35WdwJCYTa2k/s0/ttq+i4byP8g0yfb6Dw6rzElLcA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740184320; a=rsa-sha256; cv=none; b=Agl+80xl+av3zl8X5Ug/xFIz+n+oCX2/1PZy+jhrETPuTCZNwSni0UoCi7o8zFF8X6ZZkS baPT3OImuzKCymCdoiegUBrW/oFhmSh1/C1iNhlf2ual+YTF9oghK2SuZpM7GaHD3JYXeC UAYK3WmvwTq8N7hv94k4aStM+9IQitFFEuX+tpCht2t5jEbLYW/6q/VZMwQbPMkImQx98O VbZ3bigYY0allavMypLjZeec1VwX7Z7KBYw6Y1ZNGZzY1f1DG5sANGd9tUILB7s+ZTYHqv 3FRizAzuvS5urSe1ahOoa41GvYQNTNMe2W2BplOg4JmWIEQ5r5/Ke9Ul9k1ZYg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740184320; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=k3ablwamMavFThjowaQvNTYdEqc2LwQN2oU4BV4gv3U=; b=uhuC5Zum28Ir26zx3Kk7K9xOZbaPDYkzMuCkN2eO0U/D1vBUlHkKo/G1EIoiR/NgNZ6I/y g3sdjXVTTqJ9EtLWOjr3IM9fLJ+sggpiBv3QjCziywb/vKarBQqDn6AjI+zYda0jl0/FXo uPkUnielmks571O8EPEeqn+SFJopP5HdUM89rSnsFgKhju8Rn3xTNPT8mhWyBgr8DR7fC4 4h7aneU9uPk8CLCpzMEpjOjEMsu9iqvnayJQkPq8IkXJWy2cYiA3qnjPtayeugGQvU/P+l U1xlmu6IHg9+W6eQb8Wnlrb4rQ4ggEngTbof9Yp+r0/PNtOekwHiuVew/hZ9ng== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Z07H45N40zknv; Sat, 22 Feb 2025 00:32:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51M0W0lP007518; Sat, 22 Feb 2025 00:32:00 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51M0W0e4007517; Sat, 22 Feb 2025 00:32:00 GMT (envelope-from git) Date: Sat, 22 Feb 2025 00:32:00 GMT Message-Id: <202502220032.51M0W0e4007517@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Philip Paeps Subject: git: 4a2644860cbe - Create tag release/14.2.0-p2 List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: philip X-Git-Repository: src X-Git-Refname: refs/tags/release/14.2.0-p2 X-Git-Reftype: annotated tag X-Git-Commit: 4a2644860cbe768fd2d4ca631e48d9f2b37f614a Auto-Submitted: auto-generated The annotated tag release/14.2.0-p2 has been created by philip: URL: https://cgit.FreeBSD.org/src/tag/?h=release/14.2.0-p2 tag release/14.2.0-p2 Tagger: Philip Paeps TaggerDate: 2025-02-22 00:30:55 +0000 Tag FreeBSD 14.2-RELEASE-p2 commit ac2cbb46b5f1efa7f7b5d4eb15631337329ec5b2 Author: Gordon Tetlow AuthorDate: 2025-02-21 02:38:02 +0000 Commit: Gordon Tetlow CommitDate: 2025-02-21 02:45:53 +0000 Add UPDATING entries and bump version Approved by: so From nobody Sat Feb 22 00:32:44 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Z07Hw6fYGz5nftj; Sat, 22 Feb 2025 00:32:44 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Z07Hw65ltz3YNM; Sat, 22 Feb 2025 00:32:44 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740184364; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=iALAKsy7YzXpv8bWD8b+qYpK8loH+QPMFPT8qMgU5OE=; b=Ho/X8W27USl8SDEpsbqzFwh496FZmtBb9Xym8H0vJQXVeRR8Hm71qAz2xZb9N5+H+2wsQ1 +PJ5xEDYq33WNfEZBwj5m0q8SrS4R9/FP11RzsdAPLayBWqde0sS5NAh0XAIr4eb0tp3hW 5GGrmD0uq86VZs7jxlt5pShzJ4M2n4Y/l0tRPrxyhFqsAIspiFKEgPF6fTtEJIEKi6TGTZ jNpjoFWIZYTukzL/6iFdDIy7XeltYA5IIwPoelfZ/sDJbWCBEdqTN72kVP1sx91m5zf7GN PrzwlpbfmEmXJiWPCiG1fUDJZS8LKtDiyvgfgH39pE7SDjRx4Sa5sLUmS/DKtw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740184364; a=rsa-sha256; cv=none; b=kc0r1rllJWNt2ZyZf1P8MoGVHyDhwoKsbeVtNZBdi2DgJ8+y3uQp+g8GoV4piN5bWcWOAL ER4Pt3glZtl0CA51D6phhqW0NmbDMbE005nLTkwtYCU7IYX+7ZeZFxxtcqdA1+Ibah7/el TctTW371CYzBKOuDHV57a3uyHxn15eFQDc8izcjCmPX0IEpFCBxrp6cHn1jCTSD69VIlkl pD2XFjJp/gThMPVnNPcCfKq9N5+TUCSQGjiKRmU7Gv0JTM7XQvkvu/9nNVtbTNMLg9WYaB VgBYI8QTO+j+wD5KEZMOzS2gH2j+G30UyXT/gegnyWY3YeydUiCtI/9VJkcM6A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740184364; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=iALAKsy7YzXpv8bWD8b+qYpK8loH+QPMFPT8qMgU5OE=; b=NOI/B8pRq3XKSKoEio/B/dJjZspvA9hcGyHN6kjVMub13AhaQG8RccONQJ5jxE7ogGgo8o B6vqzL9jxsl4/zQ0d4xvbJQbA4yn4mJh6R3w8OK13pVIsiGEYOFouxeNdplivZEtMFmQ47 s7L7XyKUwIQH/VPLMQ3Eh7nnInwtMuvbFrDMIAtpdUXUoKRr7bhDD+GjBBPNepfDECvSBJ Nb9tvUSOgxLkwNFHwPbbLjtJwSKkbaeqzedfvufxtElOCIXHz0LjJ45JJ5QOSPlYaBCU0T RTmRonv4gd9xDteAq1YEplp4hCOEEEM6kzsJN7ZffvnYNY5YH2HwgAumt1BUZQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Z07Hw5LVfzm0x; Sat, 22 Feb 2025 00:32:44 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51M0WijF012221; Sat, 22 Feb 2025 00:32:44 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51M0WiJc012220; Sat, 22 Feb 2025 00:32:44 GMT (envelope-from git) Date: Sat, 22 Feb 2025 00:32:44 GMT Message-Id: <202502220032.51M0WiJc012220@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Philip Paeps Subject: git: 49358ecfbded - Create tag release/14.1.0-p8 List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: philip X-Git-Repository: src X-Git-Refname: refs/tags/release/14.1.0-p8 X-Git-Reftype: annotated tag X-Git-Commit: 49358ecfbded609ea044867241d85d349a411e6f Auto-Submitted: auto-generated The annotated tag release/14.1.0-p8 has been created by philip: URL: https://cgit.FreeBSD.org/src/tag/?h=release/14.1.0-p8 tag release/14.1.0-p8 Tagger: Philip Paeps TaggerDate: 2025-02-22 00:32:27 +0000 Tag FreeBSD 14.1-RELEASE-p8 commit f389e68ca980b7e053a34d9eddde89b4c2a1ee6c Author: Gordon Tetlow AuthorDate: 2025-02-21 02:40:31 +0000 Commit: Gordon Tetlow CommitDate: 2025-02-21 02:45:32 +0000 Add UPDATING entries and bump version. Approved by: so From nobody Sat Feb 22 00:33:23 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Z07Jg4hcSz5nftn; Sat, 22 Feb 2025 00:33:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Z07Jg40xkz3YjQ; Sat, 22 Feb 2025 00:33:23 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740184403; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=S+E/oT/CHFfXmGNW4df6DQr7VuqtElx418NjkrRNBu4=; b=pdrUqLGQTrcUL1UgENCPkjY/559X9hizdgyvZEoEorn2WNxr2gdXGWBGYyCe53bm1N3bAK TmbddEDD5e0RbXdhcmkZbh0c1ybBuHYkpxLwU1+wQetAMmhApjdFXMdtKiU5RCJhFobrHF 2qGEc5PwDJe4ss0aqff+oqS+bHcyTnglFQfee8RUGuo+Kia6+xvE0afw3m6ivc4Xt5+PMO 6Hc8ZSNA0Id2O4PsowY1nJ2CDYYoKGlFI9oR3tVHvlhoN/mhMeecn3F/k7G8vuVzNXdpZh Y96p4zZpT2206spIGCp17/H8ZdF1/ozjbJP/nolT0lh5tPZugUCpBT83SNt/8Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740184403; a=rsa-sha256; cv=none; b=q92udvhSDMKDpGzdfj2DIumYCZFdnvOoM83moHoRtAb5XQ9h/Jfg98bpaSeG7Cro7cio6f cVpZKIfLfFYZU9AxyJNysfDxxuhCo6s+GMmexJEoJrXh2k+eUfl1H/l3BUJSP/prQrdooJ 9boLJJ5uR/HLQyKDQx/u+GSpqaVIlxmCxMa1g2tV/CbKSxn3YdInIgAOe3Qb1jKZDI04we 3A791D0PW0aoS+0fc7z9R1cF9YTqWlDsvFimUu1VdlwZDzIfyzv6jfPqFY7cVecQJDhqi3 isv+m47MS93WoAqZumX802IP7r1eY3L7AK/JSsYjOvByN6eqs1OvjNlyBZ88ZQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740184403; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=S+E/oT/CHFfXmGNW4df6DQr7VuqtElx418NjkrRNBu4=; b=BqBTyI8vE3/xxk+apRRVuh+oZarYeLGt1xm7mL4NjMHD0Cxhr2rCVfla3qupkrFdKBdlag OjvPSPAoRurUmn9llClbWBt5EIczkN76LLUl3CJM/pT+mcnJEQtuK61ok0RT1eCmnSws5j 5QsWzwnUOeuR+3pVU0/aGLN9AL7sPXHJ9Y/Lc4Ofe9ucUpPKkDKDAmevxZWhvOVHeQKBEG EJWPAKnlhnL6miwr8q7iE1wX2pyF60o7nMxhGJ30pTgusA75boYDIC0cN7trOfqKeuf2Ta edtDfSr38E4lBXIIZgRHf+WSmW9fp+uqwObLG/jlfPkTRIPRHFThLT6oIbx7Iw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Z07Jg3XRpzm3R; Sat, 22 Feb 2025 00:33:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51M0XNix012551; Sat, 22 Feb 2025 00:33:23 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51M0XNhx012550; Sat, 22 Feb 2025 00:33:23 GMT (envelope-from git) Date: Sat, 22 Feb 2025 00:33:23 GMT Message-Id: <202502220033.51M0XNhx012550@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Philip Paeps Subject: git: dcf13ce5c17f - Create tag release/13.4.0-p4 List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: philip X-Git-Repository: src X-Git-Refname: refs/tags/release/13.4.0-p4 X-Git-Reftype: annotated tag X-Git-Commit: dcf13ce5c17fc20553a6e2384272394912ff8696 Auto-Submitted: auto-generated The annotated tag release/13.4.0-p4 has been created by philip: URL: https://cgit.FreeBSD.org/src/tag/?h=release/13.4.0-p4 tag release/13.4.0-p4 Tagger: Philip Paeps TaggerDate: 2025-02-22 00:33:05 +0000 Tag FreeBSD 13.4-RELEASE-p4 commit 27f132c05c39138b375591d2bf9f73f680997de3 Author: Gordon Tetlow AuthorDate: 2025-02-21 02:43:38 +0000 Commit: Gordon Tetlow CommitDate: 2025-02-21 02:45:14 +0000 Add updating entries and bump version. Approved by: so From nobody Sat Feb 22 02:51:37 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Z0BN973Zmz5ntbs; Sat, 22 Feb 2025 02:51:37 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Z0BN96N4hz3nF9; Sat, 22 Feb 2025 02:51:37 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740192697; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rPwy6ew7rDkeblYlawYP/86WcigO6ofeSWhWk72Z2rA=; b=RJ+QRwV8Nvg6xpnokXXgMesjqnh8iUAUX4DyhtnGXNvKleeHle5ccrC8ApPJKyhSTx4ArP afi7ahjGwKF7Y4hI9yTPatuu6hn1d4kbNt2JR/Sx/tflAjJfJOOC+StufLFKFBrseZca4p kEx11I7UotbSx1K1y5QzQxIFDZYX9hpEQT2bc6sClChakfAZyCTJ9oDNK+kYqiR4srWom/ dlvMmOvfgKDJSbDRRXOm05WNJAp+SypIWXWaNz8Pi52AuXeG85nG0/lWAtBJ7NT4vdQShF /d5+Fb2h4lztNBwgxNJqDACz7a7zKsbkgzWN8vGk3Etfk0WjqQaWtHgDBYpmFg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740192697; a=rsa-sha256; cv=none; b=mOyjf8Jl4HJtXPFOpFdknffTzxCGZl7L3p4lFzM1xZD7e1BZcTRti1GE42VX+qU5lNM9DO GHlIHc1mQRii/lfMqHRdFpsWNA273O1u/QCfejDcVBT1+HFQgO7YEqwWiE5zDviI1DaxGS WyzPAIgiantzVfhNB/7twfDMabNuNtO5ojH6OCQsuLpredUraaN4S2ty89JMu+UoA3T8VS z4PJbW1VG4HD14UfIK+YkwJ8hmkEwjupos/1LPG/GQBXYTagtDFMOrpsvfhdDt+Ip6HI8E sw+w38HjIaYtOOgkO/HHWBGWvdnE+KRps8c6QztuZg1EjT5eQHANhvVCO9C+EQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740192697; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rPwy6ew7rDkeblYlawYP/86WcigO6ofeSWhWk72Z2rA=; b=WPOOUrdt5br+YQGrjDZeXzbshiAn20Ln/qJTy/B1K6+xFgshm93zJqkHJrN+eMkOvokGQU FuUXw8h6/89AJ7/CNst4F8vedtb8RXMCQNY9oT2VhMrCVvSrgltMp6YJCke+eROOJD0Cjg I6cuiMm2K3Mh+HJUajYaSJWxCANqgjKxn3bBe+mEuUS7BPAfko33P2/uTW510M4UidG9+l 0Tr2Jbinoi0eOysjD7awRdCYZisWw9XFRpglhXNGfxIzTZyQHFZoG18hkM3F2KtK1smEPE LaANj5E0CY4FEPc0X1xmgOiA6NwoMz4YtXd5fYyKNmFny1twQ/HFm1S4PsDUqw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Z0BN95LmSzqBV; Sat, 22 Feb 2025 02:51:37 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51M2pbjb069760; Sat, 22 Feb 2025 02:51:37 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51M2pb5X069757; Sat, 22 Feb 2025 02:51:37 GMT (envelope-from git) Date: Sat, 22 Feb 2025 02:51:37 GMT Message-Id: <202502220251.51M2pb5X069757@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Zhenlei Huang Subject: git: acc2d4712391 - stable/14 - bnxt_en: Retrieve maximum of 128 APP TLVs List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: zlei X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: acc2d47123913d3d5582da2e1eaaacb3096faca8 Auto-Submitted: auto-generated The branch stable/14 has been updated by zlei: URL: https://cgit.FreeBSD.org/src/commit/?id=acc2d47123913d3d5582da2e1eaaacb3096faca8 commit acc2d47123913d3d5582da2e1eaaacb3096faca8 Author: Zhenlei Huang AuthorDate: 2025-02-14 10:38:29 +0000 Commit: Zhenlei Huang CommitDate: 2025-02-22 02:50:55 +0000 bnxt_en: Retrieve maximum of 128 APP TLVs It appears that the maximum number of APP TLVs supported by the hardware is 128 according to D45005. Well Daniel Porsch reported an issue PR284073 which shows that the number can exceed the limit, causing out of bound write to on-stack allocated variable app[128] and the kernel panics. Limit to 128 while retrieving APP TLVs. PR: 284073 Reviewed by: markj Tested by: Daniel Porsch Fixes: 35b53f8c989f bnxt_en: Add PFC, ETS & App TLVs protocols support MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D48589 (cherry picked from commit 3de231b4d956f7b9c22e31f75805030a417f7bf3) --- sys/dev/bnxt/bnxt_en/bnxt.h | 3 ++- sys/dev/bnxt/bnxt_en/bnxt_dcb.c | 17 ++++++++++------- sys/dev/bnxt/bnxt_en/bnxt_mgmt.c | 1 + sys/dev/bnxt/bnxt_en/bnxt_sysctl.c | 2 +- 4 files changed, 14 insertions(+), 9 deletions(-) diff --git a/sys/dev/bnxt/bnxt_en/bnxt.h b/sys/dev/bnxt/bnxt_en/bnxt.h index cf4f99077b58..e615566595ec 100644 --- a/sys/dev/bnxt/bnxt_en/bnxt.h +++ b/sys/dev/bnxt/bnxt_en/bnxt.h @@ -1309,6 +1309,7 @@ int bnxt_dcb_ieee_getpfc(struct bnxt_softc *softc, struct bnxt_ieee_pfc *pfc); int bnxt_dcb_ieee_setpfc(struct bnxt_softc *softc, struct bnxt_ieee_pfc *pfc); int bnxt_dcb_ieee_setapp(struct bnxt_softc *softc, struct bnxt_dcb_app *app); int bnxt_dcb_ieee_delapp(struct bnxt_softc *softc, struct bnxt_dcb_app *app); -int bnxt_dcb_ieee_listapp(struct bnxt_softc *softc, struct bnxt_dcb_app *app, int *num_inputs); +int bnxt_dcb_ieee_listapp(struct bnxt_softc *softc, struct bnxt_dcb_app *app, + size_t nitems, int *num_inputs); #endif /* _BNXT_H */ diff --git a/sys/dev/bnxt/bnxt_en/bnxt_dcb.c b/sys/dev/bnxt/bnxt_en/bnxt_dcb.c index e1e0581d3c24..e0643f200021 100644 --- a/sys/dev/bnxt/bnxt_en/bnxt_dcb.c +++ b/sys/dev/bnxt/bnxt_en/bnxt_dcb.c @@ -313,7 +313,8 @@ bnxt_hwrm_queue_pfc_qcfg(struct bnxt_softc *softc, struct bnxt_ieee_pfc *pfc) } static int -bnxt_hwrm_get_dcbx_app(struct bnxt_softc *softc, struct bnxt_dcb_app *app, int *num_inputs) +bnxt_hwrm_get_dcbx_app(struct bnxt_softc *softc, struct bnxt_dcb_app *app, + size_t nitems, int *num_inputs) { struct hwrm_fw_get_structured_data_input get = {0}; struct hwrm_struct_data_dcbx_app *fw_app; @@ -350,7 +351,7 @@ bnxt_hwrm_get_dcbx_app(struct bnxt_softc *softc, struct bnxt_dcb_app *app, int * } n = data->count; - for (i = 0; i < n; i++, fw_app++) { + for (i = 0; i < n && *num_inputs < nitems; i++, fw_app++) { app[*num_inputs].priority = fw_app->priority; app[*num_inputs].protocol = htobe16(fw_app->protocol_id); app[*num_inputs].selector = fw_app->protocol_selector; @@ -472,7 +473,8 @@ bnxt_hwrm_queue_dscp_qcaps(struct bnxt_softc *softc) } static int -bnxt_hwrm_queue_dscp2pri_qcfg(struct bnxt_softc *softc, struct bnxt_dcb_app *app, int *num_inputs) +bnxt_hwrm_queue_dscp2pri_qcfg(struct bnxt_softc *softc, struct bnxt_dcb_app *app, + size_t nitems, int *num_inputs) { struct hwrm_queue_dscp2pri_qcfg_input req = {0}; struct hwrm_queue_dscp2pri_qcfg_output *resp = @@ -503,7 +505,7 @@ bnxt_hwrm_queue_dscp2pri_qcfg(struct bnxt_softc *softc, struct bnxt_dcb_app *app goto end; entry_cnt = le16toh(resp->entry_cnt); - for (i = 0; i < entry_cnt; i++) { + for (i = 0; i < entry_cnt && *num_inputs < nitems; i++) { app[*num_inputs].priority = dscp2pri[i].pri; app[*num_inputs].protocol = dscp2pri[i].dscp; app[*num_inputs].selector = BNXT_IEEE_8021QAZ_APP_SEL_DSCP; @@ -774,10 +776,11 @@ bnxt_dcb_ieee_delapp(struct bnxt_softc *softc, struct bnxt_dcb_app *app) } int -bnxt_dcb_ieee_listapp(struct bnxt_softc *softc, struct bnxt_dcb_app *app, int *num_inputs) +bnxt_dcb_ieee_listapp(struct bnxt_softc *softc, struct bnxt_dcb_app *app, + size_t nitems, int *num_inputs) { - bnxt_hwrm_get_dcbx_app(softc, app, num_inputs); - bnxt_hwrm_queue_dscp2pri_qcfg(softc, app, num_inputs); + bnxt_hwrm_get_dcbx_app(softc, app, nitems, num_inputs); + bnxt_hwrm_queue_dscp2pri_qcfg(softc, app, nitems, num_inputs); return 0; } diff --git a/sys/dev/bnxt/bnxt_en/bnxt_mgmt.c b/sys/dev/bnxt/bnxt_en/bnxt_mgmt.c index 72704c3db452..bbc12b96d8c6 100644 --- a/sys/dev/bnxt/bnxt_en/bnxt_mgmt.c +++ b/sys/dev/bnxt/bnxt_en/bnxt_mgmt.c @@ -139,6 +139,7 @@ bnxt_mgmt_process_dcb(struct cdev *dev, u_long cmd, caddr_t data, break; case BNXT_MGMT_DCB_LIST_APP: bnxt_dcb_ieee_listapp(softc, &mgmt_dcb.req.app_tlv.app[0], + nitems(mgmt_dcb.req.app_tlv.app), &mgmt_dcb.req.app_tlv.num_app); break; default: diff --git a/sys/dev/bnxt/bnxt_en/bnxt_sysctl.c b/sys/dev/bnxt/bnxt_en/bnxt_sysctl.c index cf4e995e1aba..78e531362db4 100644 --- a/sys/dev/bnxt/bnxt_en/bnxt_sysctl.c +++ b/sys/dev/bnxt/bnxt_en/bnxt_sysctl.c @@ -1953,7 +1953,7 @@ bnxt_dcb_list_app(SYSCTL_HANDLER_ARGS) if (!buf) return ENOMEM; - bnxt_dcb_ieee_listapp(softc, app, &num_inputs); + bnxt_dcb_ieee_listapp(softc, app, nitems(app), &num_inputs); bnxt_app_tlv_get_string(softc, buf, app, num_inputs); rc = sysctl_handle_string(oidp, buf, BNXT_APP_TLV_STR_LEN, req); From nobody Sat Feb 22 02:51:38 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Z0BNC1cYgz5nv1d; Sat, 22 Feb 2025 02:51:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Z0BNC0XKJz3mv5; Sat, 22 Feb 2025 02:51:39 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740192699; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=SfiapYbdfkODEIXfkpnPNTLMZaktkuJV4VQf09atk1c=; b=QB5PsqvVhKyN90Kkv9ws7348cdcHqA4USWQheexfb/iI4Gkz8iTf0laXh4IFf43FLjRriQ t7W+j5PXUF9pLyh9eMWxDhp8EzDvFWm/bRbQfwXY87OC8pqU8Va+kiiKcWH/0CLOaITp6u FS28P4AhxQR5LaIFVMnnexFejUanSiqdz34dH9DcoocvVBSRnx2oZLftBLbpGu19SwD1Iq 4J7J3oMatgU1Gn2KvSVTo0lihKhBVB0+RcjFkQJKruiFg573Fmxh46UJzz0/FQALwwXgYq iUnnszV8uV1btfAzXZI4c+gd4w90bbWQzAUvlfWsOnyges08ky+rkJdHEukSZw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740192699; a=rsa-sha256; cv=none; b=xMOY7ge+0HIDswrQSe0vJOleOkFdo2CXHKs4gKGf5KzJOTRf2ogDHM9ACIExWHloglbJ2l UXTFg8YVOn2jikV0dP1Tt5PdDBJnytvbAnRDcHUMK8/4Li/5uQpCqLw7ek5tMbGK/9IfbA Q518IKcKVWkqwQasbC2sfsffDUN8CmomiYEiLH/u8A25HFa/Ohdq0pq6A63z0SYFBe9FoT G59aeLfIl4LZUDTYvbTDREqtdIRPRNkgqOKUicKBbBYNOMxd+J98/3Ou3xu2jTqD8EPzNV WstqaCtdy7DmZyr9qT5PL9nVW348Io7jOz70fFOENE7xLjZfTvUKKqJnwofnjA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740192699; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=SfiapYbdfkODEIXfkpnPNTLMZaktkuJV4VQf09atk1c=; b=X9sqlsT+ZvMDZLIArwosubR17nrCUAzpXFIsULTRYRpd+P7UGBPNpE/3H0bJvM/L1hJoZQ cw/9MGzIJPSy8emSeURmJR1eWkPBGXa5tiE+R2E077Sh4uSEwVB3mboHUKeN29rC3RaJr7 SK2VGWVnebb8wlcTKonSiCS6n8xO+tEWOAtMBjICUG2H+XhZJG+72rNnV45g46SFTmC6Yx B5VbuYbQCLH8pEAmSAVfUuUpQ0hoc9vr7nWLqTVPZsuaHqLdNlWizWStyDC2if7axjfxc3 MgbxEX4QjDj18YSlYMbgNbx3AR7LiJ2FLenS+aVpbF6WSSNKhG5UebM1ezxDOQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Z0BNC014Nzq4y; Sat, 22 Feb 2025 02:51:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51M2pcpd069798; Sat, 22 Feb 2025 02:51:38 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51M2pcK5069795; Sat, 22 Feb 2025 02:51:38 GMT (envelope-from git) Date: Sat, 22 Feb 2025 02:51:38 GMT Message-Id: <202502220251.51M2pcK5069795@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Zhenlei Huang Subject: git: 83c27109b977 - stable/14 - bnxt_en: Fix the description of sysctl knob dev.bnxt.X.dcb.dcbx_cap List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: zlei X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 83c27109b9772c5e462f007b9dfbb7563ea33648 Auto-Submitted: auto-generated The branch stable/14 has been updated by zlei: URL: https://cgit.FreeBSD.org/src/commit/?id=83c27109b9772c5e462f007b9dfbb7563ea33648 commit 83c27109b9772c5e462f007b9dfbb7563ea33648 Author: Zhenlei Huang AuthorDate: 2025-02-14 10:38:30 +0000 Commit: Zhenlei Huang CommitDate: 2025-02-22 02:50:55 +0000 bnxt_en: Fix the description of sysctl knob dev.bnxt.X.dcb.dcbx_cap While here, update the description of dev.bnxt.X.dcb to more informative words "Data Center Bridging". Reviewed by: markj Fixes: 35b53f8c989f bnxt_en: Add PFC, ETS & App TLVs protocols support MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D48993 (cherry picked from commit 0bc672b38f1b224d5eaed35533cb6f6bfb3a5fa3) --- sys/dev/bnxt/bnxt_en/bnxt_sysctl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/dev/bnxt/bnxt_en/bnxt_sysctl.c b/sys/dev/bnxt/bnxt_en/bnxt_sysctl.c index 78e531362db4..9114f5d1deaa 100644 --- a/sys/dev/bnxt/bnxt_en/bnxt_sysctl.c +++ b/sys/dev/bnxt/bnxt_en/bnxt_sysctl.c @@ -116,7 +116,7 @@ bnxt_init_sysctl_ctx(struct bnxt_softc *softc) ctx = device_get_sysctl_ctx(softc->dev); softc->dcb_oid = SYSCTL_ADD_NODE(ctx, SYSCTL_CHILDREN(device_get_sysctl_tree(softc->dev)), OID_AUTO, - "dcb", CTLFLAG_RD | CTLFLAG_MPSAFE, 0, "dcb"); + "dcb", CTLFLAG_RD | CTLFLAG_MPSAFE, 0, "Data Center Bridging"); if (!softc->dcb_oid) { sysctl_ctx_free(&softc->dcb_ctx); return ENOMEM; @@ -2132,7 +2132,7 @@ bnxt_create_dcb_sysctls(struct bnxt_softc *softc) SYSCTL_ADD_PROC(&softc->dcb_ctx, SYSCTL_CHILDREN(oid), OID_AUTO, "dcbx_cap", CTLTYPE_INT | CTLFLAG_RWTUN, softc, 0, bnxt_dcb_dcbx_cap, "A", - "Enable or Disable LRO: 0 / 1"); + "Enable DCB Capability Exchange Protocol (DCBX) capabilities"); SYSCTL_ADD_PROC(&softc->dcb_ctx, SYSCTL_CHILDREN(oid), OID_AUTO, "ets", CTLTYPE_STRING | CTLFLAG_RWTUN, softc, 0, From nobody Sat Feb 22 02:51:39 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Z0BND5BS5z5ntXn; Sat, 22 Feb 2025 02:51:40 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Z0BND0djGz3n0S; Sat, 22 Feb 2025 02:51:40 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740192700; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=z4g/1CKPneYmlZUvS0WpzVJWNqS+W0Z44o100dxHysY=; b=TZhgONQiqeUgB6hwcRjqDEQCOHv7/5Awl/LVddeTo6H2+FgkKurhe4DWuk2s1Yp+liXgrH 1pyEI24+Wonnz+XgGVEMD/ScjtJznL9GFKMDUXYs8t21LQ2QKUN4YLlfPfYlQEqI8l90Eg plfrlLoVIHEeo8n5krU5J6tPqv0pDmbJO2/cFui8ssP+Yh7rRbTp0FimZat+s7Z8r/hYI2 jXmFXDKQp3PXf50fJJ4F0YCKRLKO/Y91UFZTW5mrFlkrewX/lXeu0nGHbxEdK9+F63RwL9 /FLLdBygpcPA63Yy2WZZpESaEJeFc/1J7e+zjd/0Q3sIu3NcMd63+VyIj6iW3w== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740192700; a=rsa-sha256; cv=none; b=FSwzMbKw1PHMm8YBVMMRBD38rsGhaoJZxd6WScXmUE5UWCAVZmxSdmDR9XbiYnbombheoo 8ZZL+zvDYk/Ggku5b53/3jHwvwpyneCq7/bhdR6AT7BBEvcvEKMNeYAgB1FY7IBdm0iVnF Kyz5CIJszJS+8j8RXeEnyrODvWpU+I6r6zCM0L7bUUAwhnz14dP22PTjGAUGHmkX5RY6/e kFjcrww76aC8ysE29BMJui1VVWLRJqLttzuoD03fwY5hN+PIesmrmARE6T+WsHfiOs97Gy iPzFh7rAHz0GHAaheniMSm8ENwwStfuVvY36CYzr/0sEsBWFgSOpLA31W0tEqA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740192700; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=z4g/1CKPneYmlZUvS0WpzVJWNqS+W0Z44o100dxHysY=; b=i3OwNmcH3gAetYvHkPXjHYxYarCjxm9t7uAnaMGLIVo0FBR7nWSVFSuImPyoRiB2k/c1GV FNHvR+nW+lg/uhrZfhPxaQqAG+8aqxl4zVcnF6y3pwe8gSj8fP1d4iGrSY5QEAofp0fSG5 H1IcImp7feuPTSme5Yfn0OVYQ/o5fAgBo7ey8vD8QcfC07fdJZGEhJoEUmJAt0qxvXZ2jF F41ZTBlEvK7vvgLc7LPGrxscj6J+ZukPBQ1joZkSpM77MLeHWuZllEA5RaU5051ZahkVG9 7EoO9+qluIGpo/LWyprMWAF3vJk/MfTl00Ytbj/d6vt1A8S35o8D4aFGPcNXnA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Z0BND08z9zqP2; Sat, 22 Feb 2025 02:51:40 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51M2pdju069832; Sat, 22 Feb 2025 02:51:39 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51M2pdFL069829; Sat, 22 Feb 2025 02:51:39 GMT (envelope-from git) Date: Sat, 22 Feb 2025 02:51:39 GMT Message-Id: <202502220251.51M2pdFL069829@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Zhenlei Huang Subject: git: 072303d432eb - stable/14 - bnxt_en: Remove pointless NULL check for sysctl arg1 List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: zlei X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 072303d432ebe02637c2fbfaf9d6a2805c5514ed Auto-Submitted: auto-generated The branch stable/14 has been updated by zlei: URL: https://cgit.FreeBSD.org/src/commit/?id=072303d432ebe02637c2fbfaf9d6a2805c5514ed commit 072303d432ebe02637c2fbfaf9d6a2805c5514ed Author: Zhenlei Huang AuthorDate: 2025-02-14 10:38:30 +0000 Commit: Zhenlei Huang CommitDate: 2025-02-22 02:50:55 +0000 bnxt_en: Remove pointless NULL check for sysctl arg1 Those sysctl handlers have been guaranteed to have non-null softc. No need for NULL check within sysctl handlers. No functional change intended. Reviewed by: markj Tested by: Daniel Porsch MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D48495 (cherry picked from commit 747fd2db538a85df84ae6ac1e58494295b4a65ee) --- sys/dev/bnxt/bnxt_en/bnxt_sysctl.c | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/sys/dev/bnxt/bnxt_en/bnxt_sysctl.c b/sys/dev/bnxt/bnxt_en/bnxt_sysctl.c index 9114f5d1deaa..671ceef570f4 100644 --- a/sys/dev/bnxt/bnxt_en/bnxt_sysctl.c +++ b/sys/dev/bnxt/bnxt_en/bnxt_sysctl.c @@ -1793,9 +1793,6 @@ bnxt_dcb_dcbx_cap(SYSCTL_HANDLER_ARGS) int val; int rc; - if (softc == NULL) - return EBUSY; - val = bnxt_dcb_getdcbx(softc); rc = sysctl_handle_int(oidp, &val, 0, req); if (rc || !req->newptr) @@ -1945,9 +1942,6 @@ bnxt_dcb_list_app(SYSCTL_HANDLER_ARGS) int rc, num_inputs = 0; char *buf; - if (softc == NULL) - return EBUSY; - #define BNXT_APP_TLV_STR_LEN 4096 buf = malloc(BNXT_APP_TLV_STR_LEN, M_DEVBUF, M_NOWAIT | M_ZERO); if (!buf) @@ -1973,9 +1967,6 @@ bnxt_dcb_del_app(SYSCTL_HANDLER_ARGS) char buf[256] = {0}; int rc, num_inputs; - if (softc == NULL) - return EBUSY; - rc = sysctl_handle_string(oidp, buf, sizeof(buf), req); if (rc || req->newptr == NULL) return rc; @@ -2000,9 +1991,6 @@ bnxt_dcb_set_app(SYSCTL_HANDLER_ARGS) char buf[256] = {0}; int rc, num_inputs; - if (softc == NULL) - return EBUSY; - rc = sysctl_handle_string(oidp, buf, sizeof(buf), req); if (rc || req->newptr == NULL) return rc; @@ -2030,9 +2018,6 @@ bnxt_dcb_pfc(SYSCTL_HANDLER_ARGS) int pri_mask = 0; char pri[8]; - if (softc == NULL) - return EBUSY; - rc = bnxt_dcb_ieee_getpfc(softc, &pfc); if (!rc) bnxt_pfc_get_string(softc, buf, &pfc); @@ -2088,9 +2073,6 @@ bnxt_dcb_ets(SYSCTL_HANDLER_ARGS) char buf[256] = {0}; char tsa[8]; - if (softc == NULL) - return EBUSY; - rc = bnxt_dcb_ieee_getets(softc, &ets); if (!rc) bnxt_ets_get_string(softc, buf); From nobody Sat Feb 22 02:51:41 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Z0BNF3xqGz5ntwn; Sat, 22 Feb 2025 02:51:41 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Z0BNF28bXz3n0p; Sat, 22 Feb 2025 02:51:41 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740192701; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=AX3665WIw9QzoSMWQTwQDVVz+ti1EFqoHODBQSL3dgY=; b=j0ZUjqtJfxxB/vnYFsPptTfDu1WYrcF4d4/dXFwEUgaOJk9nMyRiJaLSMTDYYV1RowWWIO QFwuyimOkqdbUkJ2GamVla2YjxVDkSeDhiZTQzXttuTykA9iswDFdUfUBOC4srDOgn5ncU aDSAYl2bU6Qau9cOyA1zSTl8Jr14zIFpVWnQZIvkBh9PPj+6mmrPdxXMB40sVoP5fYhk33 7K3tAlYsWk90B/50Nz8xFmUgzNi6HoWkP3FOaz/LcHUUUh1rjwHlFgpLV+RvkeqlQ8+a8p u/d7VX5NH0vVrG5InkMgbyEdZNuQwezYsKK3zxTJ/cSayX+zPROYfuvtxAvTPg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740192701; a=rsa-sha256; cv=none; b=oNcGdIA2FURB9t8oq9vssDnP2PQv1kRVdF6koqvII4nCwfVNiDOZFz9Y+sTXiNHNFxHh9V L6SJSXWAYVxNdTxngIeQ+wF+QT1ApuqqNxakQjxhnS3eCCWEiGMLzHhWhLrmuWKRnP9tZ0 x5Mk3F2oVYiH9Ws1HK2CXoH9rpUDhqVgu/F4YmrD7DxxHLHP2oz0OSkwBID0Mk4BsS2Wjo 4goYjBs29Ev4mJEc4tBRafOwYVGc3Bc7ECE0K8SlFviEykj81TdKw1hk8NpG4Yimwc1cjd x4tmSGj0pfaLfIwxTQPxWcw4SekTb6R2TgU8NycxAWwB6t0dOJwDAepjXRApAA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740192701; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=AX3665WIw9QzoSMWQTwQDVVz+ti1EFqoHODBQSL3dgY=; b=qGhr7umwWz6vXzRTwjb9DPF0kugJpE8OGRveAN4S41nrpGekEXskGKM34g50Lf8qMkilaz IkUHrvJ9HqtCyAqWXpfJ/Blg08hfBWzus7Nv3dwFwad7P2Wn8D6ibKWXRzTJrkv4k4ljWf WrvlxTLwdc8A6Lf7Fztc2jCY655+vXJbxl0/NznGd0oGi6+y2uUFEjfHb6svG4jEKQ2iYp KVYjVwUpMNiRTsHXhnGnu1UEOPxtJgnRF928QQ3TUdl3lGAmNjBMUHz5Ddl3/KbveYjWM7 qZLroMktV8MLXo7kt38fIzctuJUnGTHt/NuetuKQh7/86y+ySVSyejRQbVVhHw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Z0BNF1Q9hzq52; Sat, 22 Feb 2025 02:51:41 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51M2pf3W069866; Sat, 22 Feb 2025 02:51:41 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51M2pfle069863; Sat, 22 Feb 2025 02:51:41 GMT (envelope-from git) Date: Sat, 22 Feb 2025 02:51:41 GMT Message-Id: <202502220251.51M2pfle069863@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Zhenlei Huang Subject: git: 43339e7fc8a0 - stable/14 - bnxt_en: Improve sysctl handler bnxt_dcb_list_app() List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: zlei X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 43339e7fc8a0b07a532015878c5e4f5f36ae8400 Auto-Submitted: auto-generated The branch stable/14 has been updated by zlei: URL: https://cgit.FreeBSD.org/src/commit/?id=43339e7fc8a0b07a532015878c5e4f5f36ae8400 commit 43339e7fc8a0b07a532015878c5e4f5f36ae8400 Author: Zhenlei Huang AuthorDate: 2025-02-14 10:38:30 +0000 Commit: Zhenlei Huang CommitDate: 2025-02-22 02:50:55 +0000 bnxt_en: Improve sysctl handler bnxt_dcb_list_app() Prefer sbuf_new_for_sysctl() over error-prone manually managed buffer. No functional change intended. Reviewed by: markj Tested by: Daniel Porsch MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D48496 (cherry picked from commit 91bae242bc54856c560557b5ba245df94d570e95) --- sys/dev/bnxt/bnxt_en/bnxt_sysctl.c | 44 +++++++++++++++----------------------- 1 file changed, 17 insertions(+), 27 deletions(-) diff --git a/sys/dev/bnxt/bnxt_en/bnxt_sysctl.c b/sys/dev/bnxt/bnxt_en/bnxt_sysctl.c index 671ceef570f4..5a2e3f656278 100644 --- a/sys/dev/bnxt/bnxt_en/bnxt_sysctl.c +++ b/sys/dev/bnxt/bnxt_en/bnxt_sysctl.c @@ -1872,7 +1872,7 @@ bnxt_pfc_get_string(struct bnxt_softc *softc, char *buf, struct bnxt_ieee_pfc *p buf += sprintf(buf, "none"); } -static char *bnxt_get_tlv_selector_str(uint8_t selector) +static const char *bnxt_get_tlv_selector_str(uint8_t selector) { switch (selector) { case BNXT_IEEE_8021QAZ_APP_SEL_ETHERTYPE: @@ -1887,24 +1887,23 @@ static char *bnxt_get_tlv_selector_str(uint8_t selector) } static void -bnxt_app_tlv_get_string(struct bnxt_softc *softc, char *buf, - struct bnxt_dcb_app *app, int num) +bnxt_app_tlv_get_string(struct sbuf *sb, struct bnxt_dcb_app *app, int num) { - uint32_t i; + int i; - if (!num) { - buf += sprintf(buf, " None"); + if (num == 0) { + sbuf_printf(sb, " None"); return; } - buf += sprintf(buf, "\n"); + sbuf_putc(sb, '\n'); for (i = 0; i < num; i++) { - buf += sprintf(buf, "\tAPP#%0d:\tpri: %d,\tSel: %d,\t%s: %d\n", - i, - app[i].priority, - app[i].selector, - bnxt_get_tlv_selector_str(app[i].selector), - app[i].protocol); + sbuf_printf(sb, "\tAPP#%0d:\tpri: %d,\tSel: %d,\t%s: %d\n", + i, + app[i].priority, + app[i].selector, + bnxt_get_tlv_selector_str(app[i].selector), + app[i].protocol); } } @@ -1937,25 +1936,16 @@ bnxt_ets_get_string(struct bnxt_softc *softc, char *buf) static int bnxt_dcb_list_app(SYSCTL_HANDLER_ARGS) { + struct sbuf sb; struct bnxt_dcb_app app[128] = {0}; struct bnxt_softc *softc = arg1; int rc, num_inputs = 0; - char *buf; - -#define BNXT_APP_TLV_STR_LEN 4096 - buf = malloc(BNXT_APP_TLV_STR_LEN, M_DEVBUF, M_NOWAIT | M_ZERO); - if (!buf) - return ENOMEM; + sbuf_new_for_sysctl(&sb, NULL, 128, req); bnxt_dcb_ieee_listapp(softc, app, nitems(app), &num_inputs); - bnxt_app_tlv_get_string(softc, buf, app, num_inputs); - - rc = sysctl_handle_string(oidp, buf, BNXT_APP_TLV_STR_LEN, req); - if (rc || req->newptr == NULL) - goto end; - -end: - free(buf, M_DEVBUF); + bnxt_app_tlv_get_string(&sb, app, num_inputs); + rc = sbuf_finish(&sb); + sbuf_delete(&sb); return rc; } From nobody Sun Feb 23 00:31:08 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Z0lCd2Gc5z5p1ND; Sun, 23 Feb 2025 00:31:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Z0lCd0Zy6z3vW1; Sun, 23 Feb 2025 00:31:09 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740270669; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=MTvaJwMR8VpZUp5njlgc1TmPK1lBUIIGgLt3BA/+CKc=; b=TMbh0uKyexxjcFU9QfOMwP0e24WOOQekWWMinOIOZ8cWr3zFq3e76OniPAB4pbTzVHmApK 1zeor86wuNgwqpRAa6IAN3GsUgWnvGrrh+w74hgb+FJ1PW9gblrxqWV04dka/raWl4Hbgh eCLDR2tPKYj0VPnvJjxlMgY2i8220u1F/4iW+WUPMTH7b/W5cjltuonE+SwCdv58N2tUfA y4CtrOo506z6WSPnLBQhykNH0wIC75V8/uULJCSma6+vdBpg8wleVPEzO788kHTUlZ0ar+ HHoZe9Pu6Q9QZ1uKd9u6eni8xy0h23m6Ayo+KXVhZAj7PPL9rWtlfXPuBS0VBQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740270669; a=rsa-sha256; cv=none; b=GTZdsyL/fA5s+UTnYJICoT4Wi3rsv9PGvmTQAMrDEj1w90HegR9t+dsNRCA5NdoimEpn9Z OzaIKo3MJHuqrNQxZSkM8Ksh4I4vpDOqdvJY4akTCG/+ciACu6C4d5SGWwnRKrI/hl0TSk TdEFA3xAof2y1jzQ4rgG9/GoIoj8ZAhPhygMiMOiykB3pbkZhK928Jasd3YoBP8tU0PLRp JZpmkut0WAOlc0DcJngrAdtXjqDVdQ+J85Vk6oMbkJ9kUVXRcO7rjaoWmTstIVTMSVNrg2 imCTPoYRIYhhSHA3DJ2DZjD9lrsb1OUiz42it84QMkabyygghzauMTcYay7F7g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740270669; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=MTvaJwMR8VpZUp5njlgc1TmPK1lBUIIGgLt3BA/+CKc=; b=EASQSwbWl4dfdAfV9SIfFEirLwUfRtZIEuJ2RXQJDW9Hd2CIitBsClUjeH4evdATWGdwlS dLP8+wAj+VXUAPRrDCrn3SyVxlFT8PafRFEvtMSIQkxQxMlAEvr1PgtzLLuOAC96wjoO56 xLBNpXYsKogtNJs7dAXmGQlOs1QP4dorKJOZkDV6UsQMT53wibcEaaJDpKOehv1cZmJvAd wPDUu5xPgawQQiSZzO7f1yQ0m/dZ81rNtvzVy7sve8gU2DXIeZEw2mQA6u3pxi0xpYreYs VVZfIBLk3WeXZwfbt4dr3TAoKwahQ2lbf0zZaahGwylJUVXv//ZnNzt6KatfBQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Z0lCd0B7HzWZs; Sun, 23 Feb 2025 00:31:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51N0V8tb007624; Sun, 23 Feb 2025 00:31:08 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51N0V8pK007621; Sun, 23 Feb 2025 00:31:08 GMT (envelope-from git) Date: Sun, 23 Feb 2025 00:31:08 GMT Message-Id: <202502230031.51N0V8pK007621@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Konstantin Belousov Subject: git: efa09948218b - stable/14 - statfs.2: uncomment and describe MNT_IGNORE List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: efa09948218b5bd69c1d7f406c18cd85c44ce8b8 Auto-Submitted: auto-generated The branch stable/14 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=efa09948218b5bd69c1d7f406c18cd85c44ce8b8 commit efa09948218b5bd69c1d7f406c18cd85c44ce8b8 Author: Konstantin Belousov AuthorDate: 2025-02-20 14:56:52 +0000 Commit: Konstantin Belousov CommitDate: 2025-02-23 00:30:50 +0000 statfs.2: uncomment and describe MNT_IGNORE (cherry picked from commit 270542d95d0d931ebdd369f4f78871828502d486) --- lib/libc/sys/statfs.2 | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/libc/sys/statfs.2 b/lib/libc/sys/statfs.2 index 7e41537b359c..5bf4e1f8dd53 100644 --- a/lib/libc/sys/statfs.2 +++ b/lib/libc/sys/statfs.2 @@ -143,8 +143,9 @@ The file system is exported read-only. Updating of file access times is disabled. .It Dv MNT_USER The file system has been mounted by a user. -.\".It Dv MNT_IGNORE -.\"XXX +.It Dv MNT_IGNORE +The file system should not be listed, e.g. by +.Xr df 1 . .It Dv MNT_EXPORTED The file system is exported for both reading and writing. .It Dv MNT_DEFEXPORTED From nobody Sun Feb 23 00:31:09 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Z0lCf2m0Nz5p1Cv; Sun, 23 Feb 2025 00:31:10 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Z0lCf1bwSz3vW2; Sun, 23 Feb 2025 00:31:10 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740270670; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+g+4hmpi4ehdiLccO/w0LBz9KtZLL5dlhSKgIMDBV/o=; b=f5/Q1OrN6JxcHOSYuscy5RXLRdV4V1uFbj23OK6t0jze5dd1QVX3AFkWoLbfBV51Y110Vy cJQfk6gGnujkHIU6P671CTt4c5dVw6nxxjGpWLLHk3GQONvAxfxl7MWNox6be+TugJue9v 1F2k6Mym7FbkaEoUHkS1W0T9vrn1H402Ool+eiXby5uzsuJmpKosTVdDA4OCI+AWoHXIq+ e9BjzxDrtQCCMGub+WMR6rYyRrWX4UuKO64JwdcBsNpk6qk4w4WfYaSe4ksc8AYGSn1LXH OojEtkzpWsfTcCIY+gS+3em622RHzK4OUC932O+ocifYDhtL9MjKTSr3+UjkDw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740270670; a=rsa-sha256; cv=none; b=TM2TIydhHkFKX6QLHB49HMzYrt+JkJZwd6QYu+6q5dm7Nv0BJCcAsLGlg3nOX7IpjqyFca htPfhx/D9OsXhSWyEqKrXriVaXVjGhl8tkdAURbUmHa6ihKEMiub5ppD4FkqoXgeJV5RuF FVX7C8osvEtwITseMaDj1LyoNdxbBCmhxaozgVzwHI6CZU1q9L3evRW25dVsSlN5KtvGpm HLsR6rRB5gh1WmlY0fVvLmLgM6Y5fM2McEKjIRfbxnq5mN4nb4NuEd54OXY1e+030etSYM tPK7fHgJ1vOf07kyLOQJ09qDcu4nmgI9HfjRb7hKggdq009FAG3tMYKPnAnZRQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740270670; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+g+4hmpi4ehdiLccO/w0LBz9KtZLL5dlhSKgIMDBV/o=; b=ciq8767XzKpRbza0oxXtU54+2i27RN7KUYm0iDvHXTUkqIFSXaROpw2qp4YAgQJf/NyRcB PCBwp8PFdBRRu0dxZZ7x2wAm603JKJByQkWCnLUBavlNFKIO5PlMDAK5ARnju16f67pFXi frxZ1Qb6ZFG1a70iZkWuTE+JKcWmHj8EhmtX78N8kpN4VYVAbjY5Zn8QlQdJimx4aYv7ge HTXTJf/hoQufsuh6BWdyAepovPW+Ban6oiVS7yLqAJ75XTErQsbc0P6AoJBwVLpoOvwQEY Da05IvGFDcOzf3BE642TYgdXPIYZggP8+L3hAliaELAZYkAIN03CDca1c5XA6g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Z0lCf0ktRzW0q; Sun, 23 Feb 2025 00:31:10 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51N0VAen007662; Sun, 23 Feb 2025 00:31:10 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51N0V9mt007659; Sun, 23 Feb 2025 00:31:09 GMT (envelope-from git) Date: Sun, 23 Feb 2025 00:31:09 GMT Message-Id: <202502230031.51N0V9mt007659@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Konstantin Belousov Subject: git: 743cd4c1affb - stable/14 - statfs.2: remove dead comment List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 743cd4c1affbbbd79e720c5b88a0e332ca6dcbaa Auto-Submitted: auto-generated The branch stable/14 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=743cd4c1affbbbd79e720c5b88a0e332ca6dcbaa commit 743cd4c1affbbbd79e720c5b88a0e332ca6dcbaa Author: Konstantin Belousov AuthorDate: 2025-02-20 14:52:00 +0000 Commit: Konstantin Belousov CommitDate: 2025-02-23 00:30:51 +0000 statfs.2: remove dead comment (cherry picked from commit 13b92ae9655deb22c3ad89f1e90e26f2f1da9961) --- lib/libc/sys/statfs.2 | 2 -- 1 file changed, 2 deletions(-) diff --git a/lib/libc/sys/statfs.2 b/lib/libc/sys/statfs.2 index 5bf4e1f8dd53..c227408737ae 100644 --- a/lib/libc/sys/statfs.2 +++ b/lib/libc/sys/statfs.2 @@ -123,8 +123,6 @@ Symbolic links are not followed. Read clustering is disabled. .It Dv MNT_NOCLUSTERW Write clustering is disabled. -.\".It Dv MNT_JAILDEVFS -.\"XXX .It Dv MNT_MULTILABEL Mandatory Access Control (MAC) support for individual objects (see From nobody Sun Feb 23 00:31:11 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Z0lCg68Nxz5p1BS; Sun, 23 Feb 2025 00:31:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Z0lCg2Mlkz3vfW; Sun, 23 Feb 2025 00:31:11 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740270671; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=qXjUEaEjkeIQ9US90t31PBFJUAZjOa0uv833UvnMg24=; b=AfnD4iQNOQLcqBuYgYiZSqP9eZDb0VQFErqa2Mkcb12/kqXPi1Rq1HlklwZGi8MjjJjs55 MeyJstcubyLrW2CIEIT86fZi8PJ8s/bYwNmGppWSghIxoAw7ZwPbXOQ6VsUw79sKZkrGOK 7o8VLPMvUc9mjmjEx8x3C1xV6oqxXysE4Xcja9YjY8fhaSQofldo8ZW3T9J22zpoF7IQCA CRHO87j7GaFQrA2Jp+RZhoFTC02SrnSWGEw+C5oK6hgLs6EHp39p4bccfmvFDFZykD6IFV TNzU/0VXes3hziBwkLXyjLfX9RoCuI1XkeuFVwpLRtFrzsGcWWT1QzWiuSmDoA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740270671; a=rsa-sha256; cv=none; b=IfdHxjNYNfhJZOAwmsWSa0WWm3Q40ESs3N1QvnFOSt/7XDabWECRPPTC8xOSChyU/uOML+ XaE7cgypWA2iVvVkfr12mMgG/F5I+XLG960/LCDBHOgCEGTfF4bGk8S1dhfamS/VRAF9Oh PU8Kf8zJUwHh9q9gjkm/w/xsOcQ3QU8I7PfjEkSzK/yK85Wqwav0nKIPGS5GfPgQr6DHwB 1AtXk1v6gkQmQV+GqwPb2QELahyrcoar6SDJtVvrbTuBYvT5kWNfQlIvyfr74f0XB+T4CH SfFj1pxpT6LsoC/PjJ0YsCtrK82uYG7pOF+ldPTGhvtAfHVkq7lAripsZ45KiA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740270671; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=qXjUEaEjkeIQ9US90t31PBFJUAZjOa0uv833UvnMg24=; b=lG1qWg2HPNRAu0ynZMrR9qvXwWkue71CE5uybLfDN5g3YPxNuaU1iGNKaLFZ0BNX9P+X9b JuwOxcuCT6J+4DQ1/NUGzqx8kD2sNNm8tl1QMCZqLusJDuQ5ycW3UEKrPNsYX45Y+zdCH5 RMR3AIqxoHJ38aIazUaok3GpipWUEWWGVRpNq84hjcetqAXVRSR5xj8YEk4pLkGqv/4YSD Nqf/rts6RUVa0SupJXYgMovyQz6qGIOPSSp8tK3r7Q7u5SjEbFP5LpnMaH5NkcGugIrYo6 Rk8CgQXFbAi/L3cGRcqIafWxljBtuYVl2AdXSc7YC5mFWS411FIoqY4N4vpAWg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Z0lCg1hXZzXFy; Sun, 23 Feb 2025 00:31:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51N0VBcf007695; Sun, 23 Feb 2025 00:31:11 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51N0VBhF007692; Sun, 23 Feb 2025 00:31:11 GMT (envelope-from git) Date: Sun, 23 Feb 2025 00:31:11 GMT Message-Id: <202502230031.51N0VBhF007692@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Konstantin Belousov Subject: git: 28b1a5a6cd8c - stable/14 - statfs.2: order MNT flags alphabetically List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 28b1a5a6cd8cfedb4206600f07f20c0c1650aa11 Auto-Submitted: auto-generated The branch stable/14 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=28b1a5a6cd8cfedb4206600f07f20c0c1650aa11 commit 28b1a5a6cd8cfedb4206600f07f20c0c1650aa11 Author: Konstantin Belousov AuthorDate: 2025-02-20 14:54:14 +0000 Commit: Konstantin Belousov CommitDate: 2025-02-23 00:30:51 +0000 statfs.2: order MNT flags alphabetically (cherry picked from commit 0738cd9766a570e085831f6241387baa35cd64a3) --- lib/libc/sys/statfs.2 | 86 +++++++++++++++++++++++++-------------------------- 1 file changed, 43 insertions(+), 43 deletions(-) diff --git a/lib/libc/sys/statfs.2 b/lib/libc/sys/statfs.2 index c227408737ae..762183188353 100644 --- a/lib/libc/sys/statfs.2 +++ b/lib/libc/sys/statfs.2 @@ -96,64 +96,64 @@ char f_mntonname[MNAMELEN]; /* directory on which mounted */ .Pp The flags that may be returned include: .Bl -tag -width MNT_SYNCHRONOUS -.It Dv MNT_RDONLY -The file system is mounted read-only; -Even the super-user may not write on it. -.It Dv MNT_NOEXEC -Files may not be executed from the file system. -.It Dv MNT_NOSUID -Setuid and setgid bits on files are not honored when they are executed. -.It Dv MNT_SYNCHRONOUS -All I/O to the file system is done synchronously. +.It Dv MNT_ACLS +Access Control List (ACL) support enabled. .It Dv MNT_ASYNC No file system I/O is done synchronously. -.It Dv MNT_SOFTDEP -Soft updates being done (see -.Xr ffs 7 ) . +.It Dv MNT_DEFEXPORTED +The file system is exported for both reading and writing to any Internet host. .It Dv MNT_GJOURNAL Journaling with gjournal is enabled (see .Xr gjournal 8 ) . -.It Dv MNT_SUIDDIR -Special handling of SUID bit on directories. -.It Dv MNT_UNION -Union with underlying file system. -.It Dv MNT_NOSYMFOLLOW -Symbolic links are not followed. -.It Dv MNT_NOCLUSTERR -Read clustering is disabled. -.It Dv MNT_NOCLUSTERW -Write clustering is disabled. +.It Dv MNT_EXKERB +The file system is exported with Kerberos uid mapping. +.It Dv MNT_EXPORTANON +The file system maps all remote accesses to the anonymous user. +.It Dv MNT_EXPORTED +The file system is exported for both reading and writing. +.It Dv MNT_EXPUBLIC +The file system is exported publicly (WebNFS). +.It Dv MNT_EXRDONLY +The file system is exported read-only. +.It Dv MNT_IGNORE +The file system should not be listed, e.g. by +.Xr df 1 . +.It Dv MNT_LOCAL +The file system resides locally. .It Dv MNT_MULTILABEL Mandatory Access Control (MAC) support for individual objects (see .Xr mac 4 ) . -.It Dv MNT_ACLS -Access Control List (ACL) support enabled. -.It Dv MNT_LOCAL -The file system resides locally. +.It Dv MNT_NOATIME +Updating of file access times is disabled. +.It Dv MNT_NOCLUSTERR +Read clustering is disabled. +.It Dv MNT_NOCLUSTERW +Write clustering is disabled. +.It Dv MNT_NOEXEC +Files may not be executed from the file system. +.It Dv MNT_NOSUID +Setuid and setgid bits on files are not honored when they are executed. +.It Dv MNT_NOSYMFOLLOW +Symbolic links are not followed. +.It Dv MNT_SOFTDEP +Soft updates being done (see +.Xr ffs 7 ) . +.It Dv MNT_SUIDDIR +Special handling of SUID bit on directories. +.It Dv MNT_SYNCHRONOUS +All I/O to the file system is done synchronously. .It Dv MNT_QUOTA The file system has quotas enabled on it. +.It Dv MNT_RDONLY +The file system is mounted read-only; +Even the super-user may not write on it. .It Dv MNT_ROOTFS Identifies the root file system. -.It Dv MNT_EXRDONLY -The file system is exported read-only. -.It Dv MNT_NOATIME -Updating of file access times is disabled. +.It Dv MNT_UNION +Union with underlying file system. .It Dv MNT_USER The file system has been mounted by a user. -.It Dv MNT_IGNORE -The file system should not be listed, e.g. by -.Xr df 1 . -.It Dv MNT_EXPORTED -The file system is exported for both reading and writing. -.It Dv MNT_DEFEXPORTED -The file system is exported for both reading and writing to any Internet host. -.It Dv MNT_EXPORTANON -The file system maps all remote accesses to the anonymous user. -.It Dv MNT_EXKERB -The file system is exported with Kerberos uid mapping. -.It Dv MNT_EXPUBLIC -The file system is exported publicly (WebNFS). .El .Pp Fields that are undefined for a particular file system are set to -1. From nobody Sun Feb 23 00:31:12 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Z0lCj3jvwz5p1NK; Sun, 23 Feb 2025 00:31:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Z0lCh6VmBz3vq2; Sun, 23 Feb 2025 00:31:12 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740270672; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=NpLWve4XiG3/wlGtOBxCkZsy3qAI1ESTnEr/qBoaBmI=; b=TBSfnl5eTiCU2h48IEgBLMQKOr/Hhv3+t8Ppt3ofrCRqEWstRYa9UhXfFjDL4YBaaLzTsj efMynfSfBRFXF4sC4oqbekiu6uVJqMx97PYfjEYFXXGXDS0nbq58kMolrQpDB6mSF9LViS 9nL+fMIQ7e66wPObzKPPH8rXBAvCljohUzCF9R/22+pB6fLwks+mX9HRUSpOAKhX9u1KVE TY2CoSSOwe2OjPzRgsL1tku3ggTbHLDFERthjQ4wwcoVVaPXhg2DI12O6ar300BKiLqWDl SGNEev5I9e9AM8ZtWvCaTmt+auabfF0Z1edPT89MjqhFLSRMbSeqIzLGkP9xLA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740270672; a=rsa-sha256; cv=none; b=mOBk+AWazUUwfX+zmAxQBWv54/KSWi8L5Ro/+RumPyUSXfRp8l4gnNuf5D8BkVSaZ03zVb tF6iTjwXppR5hSNhMO+oEO4sTrsUedhCKlpzfF0HH+PectpIHDN8UhVBLJjx6dKhCUgJoC OD0QSPcY2j9Nhr4APAn+52cTlOd9SXclrPePOKTmpvoxJqOHABnEzuQIPA0MZCZ6auVXTK YulCZD2qfyM0wTKzjpKGBIRcdKmS6ispYVoVIphtiMBkcBdorRKtZ8Ew0jZOiGDob0xMYz BzjIx939+61Zqd1HIMHTgI2NTVLoCEuQ7V2vjPRddoJ03CWKGFpicbK6qqNwEw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740270672; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=NpLWve4XiG3/wlGtOBxCkZsy3qAI1ESTnEr/qBoaBmI=; b=wvzwYgwuUHAhwdzYKMfJS1zslB2ezuk+Ushr2yPJqNXqwMpV2whjJDenNDhqQ6esC+ceqS fmRGx0tUz1xPmzGOgfwIIJlLQVDpImTQQR6qeFwiEksSweF6c/q89OczPtD+2rNdtM5z5u LpWp8dOYxAmFdk3+hCOSj0Ff6RLG59A/bYtmJlnuly7scDHZY0TjtjfqIBPa6MPtuZlYae 040LowTkrcHxTEVesFx8RkO/Wy7MMUf7haMku/AiIHc1s5ie4Ih+imM93zcsdUWwkcdh+C hYie/64nxBXLlEYFThmVpYXCNrmcpvhM2kpALezDcUxkOtUP9tlcDw4sC1plwA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Z0lCh2fK8zXJw; Sun, 23 Feb 2025 00:31:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51N0VCiU007727; Sun, 23 Feb 2025 00:31:12 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51N0VCc5007724; Sun, 23 Feb 2025 00:31:12 GMT (envelope-from git) Date: Sun, 23 Feb 2025 00:31:12 GMT Message-Id: <202502230031.51N0VCc5007724@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Konstantin Belousov Subject: git: b69399170b05 - stable/14 - statfs.2: document missing user-visible MNT flags List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: b69399170b05ca6a1b20bf2da5bdd31b05f0ea11 Auto-Submitted: auto-generated The branch stable/14 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=b69399170b05ca6a1b20bf2da5bdd31b05f0ea11 commit b69399170b05ca6a1b20bf2da5bdd31b05f0ea11 Author: Konstantin Belousov AuthorDate: 2025-02-20 15:11:13 +0000 Commit: Konstantin Belousov CommitDate: 2025-02-23 00:30:51 +0000 statfs.2: document missing user-visible MNT flags (cherry picked from commit e951247a983daf7814d06e9e49bdd503ceaa0b68) --- lib/libc/sys/statfs.2 | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/lib/libc/sys/statfs.2 b/lib/libc/sys/statfs.2 index 762183188353..404a9a0053c1 100644 --- a/lib/libc/sys/statfs.2 +++ b/lib/libc/sys/statfs.2 @@ -100,6 +100,9 @@ The flags that may be returned include: Access Control List (ACL) support enabled. .It Dv MNT_ASYNC No file system I/O is done synchronously. +.It Dv MNT_AUTOMOUNTED +The filesystem was auto-mounted, see +.Xr autofs 4 . .It Dv MNT_DEFEXPORTED The file system is exported for both reading and writing to any Internet host. .It Dv MNT_GJOURNAL @@ -124,6 +127,8 @@ The file system resides locally. Mandatory Access Control (MAC) support for individual objects (see .Xr mac 4 ) . +.It Dv MNT_NFS4ACLS +ACLs in NFSv4 variant are supported. .It Dv MNT_NOATIME Updating of file access times is disabled. .It Dv MNT_NOCLUSTERR @@ -141,6 +146,8 @@ Soft updates being done (see .Xr ffs 7 ) . .It Dv MNT_SUIDDIR Special handling of SUID bit on directories. +.It Dv MNT_SUJ +Soft-updates with journaling being done. .It Dv MNT_SYNCHRONOUS All I/O to the file system is done synchronously. .It Dv MNT_QUOTA @@ -152,8 +159,19 @@ Even the super-user may not write on it. Identifies the root file system. .It Dv MNT_UNION Union with underlying file system. +.It Dv MNT_UNTRUSTED +The file system was mounted with the +.Cm untrusted +option, which indicates media of unknown provenance or integrity. +Currently honored by +.Xr ffs 7 . .It Dv MNT_USER The file system has been mounted by a user. +.It Dv MNT_VERIFIED +The file system is marked as verified, no fingerprint check on +.Xr execve 2 +is needed, see +.Xr mac_veriexec 4 . .El .Pp Fields that are undefined for a particular file system are set to -1.