Date: Thu, 20 Feb 2025 17:57:01 GMT From: Ed Maste <emaste@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 6e688e6d4f93 - stable/13 - openssh: Update to 9.9p1 Message-ID: <202502201757.51KHv1Kg068120@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=6e688e6d4f9305441adce78079beaf1030e2881b commit 6e688e6d4f9305441adce78079beaf1030e2881b Author: Ed Maste <emaste@FreeBSD.org> AuthorDate: 2025-02-19 19:08:59 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2025-02-20 17:56:23 +0000 openssh: Update to 9.9p1 Highlights from the release notes are reproduced below. Bug fixes and improvements that were previously merged into FreeBSD have been elided. See the upstream release notes for full details of the 9.9p1 release (https://www.openssh.com/releasenotes.html). --- Future deprecation notice ========================= OpenSSH plans to remove support for the DSA signature algorithm in early 2025. Potentially-incompatible changes -------------------------------- * ssh(1): remove support for pre-authentication compression. * ssh(1), sshd(8): processing of the arguments to the "Match" configuration directive now follows more shell-like rules for quoted strings, including allowing nested quotes and \-escaped characters. New features ------------ * ssh(1), sshd(8): add support for a new hybrid post-quantum key exchange based on the FIPS 203 Module-Lattice Key Enapsulation mechanism (ML-KEM) combined with X25519 ECDH as described by https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03 This algorithm "mlkem768x25519-sha256" is available by default. * ssh(1), sshd(8), ssh-agent(1): prevent private keys from being included in core dump files for most of their lifespans. This is in addition to pre-existing controls in ssh-agent(1) and sshd(8) that prevented coredumps. This feature is supported on OpenBSD, Linux and FreeBSD. * All: convert key handling to use the libcrypto EVP_PKEY API, with the exception of DSA. Bugfixes -------- * sshd(8): do not apply authorized_keys options when signature verification fails. Prevents more restrictive key options being incorrectly applied to subsequent keys in authorized_keys. bz3733 * ssh-keygen(1): include pathname in some of ssh-keygen's passphrase prompts. Helps the user know what's going on when ssh-keygen is invoked via other tools. Requested in GHPR503 * ssh(1), ssh-add(1): make parsing user@host consistently look for the last '@' in the string rather than the first. This makes it possible to more consistently use usernames that contain '@' characters. * ssh(1), sshd(8): be more strict in parsing key type names. Only allow short names (e.g "rsa") in user-interface code and require full SSH protocol names (e.g. "ssh-rsa") everywhere else. bz3725 * ssh-keygen(1): clarify that ed25519 is the default key type generated and clarify that rsa-sha2-512 is the default signature scheme when RSA is in use. GHPR505 --- Reviewed by: jlduran (build infrastructure) Reviewed by: cy (build infrastructure) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D48947 (cherry picked from commit 3d9fd9fcb432750f3716b28f6ccb0104cd9d351a) Approved by: re (accelerated MFC) (cherry picked from commit 802386cd37f638eec9606cb10d3dd03c8f1d6c17) --- crypto/openssh/.depend | 3 +- crypto/openssh/.github/ci-status.md | 4 + crypto/openssh/.github/configs | 8 +- crypto/openssh/.github/setup_ci.sh | 2 +- crypto/openssh/.github/workflows/c-cpp.yml | 1 - crypto/openssh/.github/workflows/selfhosted.yml | 3 + crypto/openssh/ChangeLog | 11538 ++++++++--------- crypto/openssh/LICENCE | 41 + crypto/openssh/Makefile.in | 2 +- crypto/openssh/README | 2 +- crypto/openssh/auth.c | 5 +- crypto/openssh/channels.c | 8 +- crypto/openssh/channels.h | 4 +- crypto/openssh/cipher.c | 8 +- crypto/openssh/config.h | 6 + crypto/openssh/configure.ac | 11 +- crypto/openssh/contrib/redhat/openssh.spec | 6 +- crypto/openssh/contrib/ssh-copy-id | 62 +- crypto/openssh/contrib/ssh-copy-id.1 | 21 +- crypto/openssh/contrib/suse/openssh.spec | 2 +- crypto/openssh/crypto_api.h | 7 +- crypto/openssh/defines.h | 4 +- crypto/openssh/kex-names.c | 8 +- crypto/openssh/kex.c | 4 +- crypto/openssh/kex.h | 16 +- crypto/openssh/kexc25519.c | 4 +- crypto/openssh/kexgen.c | 15 +- crypto/openssh/kexmlkem768x25519.c | 280 + crypto/openssh/kexsntrup761x25519.c | 6 +- crypto/openssh/libcrux_mlkem768_sha3.h | 12332 +++++++++++++++++++ crypto/openssh/loginrec.c | 89 +- crypto/openssh/match.c | 8 +- crypto/openssh/mlkem768.sh | 148 + crypto/openssh/moduli | 879 +- crypto/openssh/monitor.c | 15 +- crypto/openssh/mux.c | 28 +- crypto/openssh/myproposal.h | 4 +- crypto/openssh/nchan.c | 6 +- crypto/openssh/openbsd-compat/arc4random.h | 2 + crypto/openssh/openbsd-compat/openssl-compat.c | 26 + crypto/openssh/openbsd-compat/openssl-compat.h | 10 + crypto/openssh/openbsd-compat/port-linux.c | 2 +- crypto/openssh/packet.c | 24 +- crypto/openssh/packet.h | 6 +- crypto/openssh/readconf.c | 164 +- crypto/openssh/regress/cfginclude.sh | 26 +- crypto/openssh/regress/misc/fuzz-harness/Makefile | 44 +- .../regress/misc/fuzz-harness/mkcorpus_sntrup761.c | 82 + .../misc/fuzz-harness/sntrup761_dec_fuzz.cc | 74 + .../misc/fuzz-harness/sntrup761_enc_fuzz.cc | 57 + .../regress/misc/fuzz-harness/watch-sntrup761.sh | 20 + crypto/openssh/regress/multiplex.sh | 29 +- crypto/openssh/regress/rekey.sh | 118 +- crypto/openssh/regress/unittests/kex/Makefile | 3 +- crypto/openssh/regress/unittests/kex/test_kex.c | 6 +- crypto/openssh/regress/unittests/sshkey/common.c | 18 +- .../openssh/regress/unittests/sshkey/test_file.c | 11 +- .../openssh/regress/unittests/sshkey/test_sshkey.c | 26 +- .../openssh/regress/unittests/test_helper/fuzz.c | 2 +- crypto/openssh/servconf.c | 79 +- crypto/openssh/servconf.h | 6 +- crypto/openssh/sntrup761.c | 2886 +++-- crypto/openssh/sntrup761.sh | 62 +- crypto/openssh/srclimit.c | 4 + crypto/openssh/srclimit.h | 12 +- crypto/openssh/ssh-add.c | 4 +- crypto/openssh/ssh-ecdsa-sk.c | 49 +- crypto/openssh/ssh-ecdsa.c | 258 +- crypto/openssh/ssh-keygen.1 | 8 +- crypto/openssh/ssh-keygen.c | 93 +- crypto/openssh/ssh-keyscan.c | 5 +- crypto/openssh/ssh-pkcs11-client.c | 83 +- crypto/openssh/ssh-pkcs11-helper.c | 89 +- crypto/openssh/ssh-pkcs11.c | 42 +- crypto/openssh/ssh-rsa.c | 385 +- crypto/openssh/ssh-sk.c | 29 +- crypto/openssh/ssh.1 | 6 +- crypto/openssh/ssh_api.c | 4 +- crypto/openssh/ssh_config.5 | 22 +- crypto/openssh/ssh_namespace.h | 31 +- crypto/openssh/sshbuf-getput-crypto.c | 12 +- crypto/openssh/sshbuf.c | 18 +- crypto/openssh/sshbuf.h | 4 +- crypto/openssh/sshconnect2.c | 3 +- crypto/openssh/sshd-session.c | 31 +- crypto/openssh/sshd.8 | 8 +- crypto/openssh/sshd.c | 14 +- crypto/openssh/sshd_config.5 | 45 +- crypto/openssh/sshkey.c | 290 +- crypto/openssh/sshkey.h | 27 +- crypto/openssh/version.h | 4 +- secure/lib/libssh/Makefile | 2 +- 92 files changed, 22746 insertions(+), 8209 deletions(-) diff --git a/crypto/openssh/.depend b/crypto/openssh/.depend index 1d7d0606c657..45fc6b9afea1 100644 --- a/crypto/openssh/.depend +++ b/crypto/openssh/.depend @@ -71,6 +71,7 @@ kexgen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat kexgex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h kexgexc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h kexgexs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h +kexmlkem768x25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ssherr.h log.h kexsntrup761x25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h krl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h sshbuf.h ssherr.h sshkey.h authfile.h misc.h log.h digest.h bitmap.h utf8.h krl.h log.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h match.h @@ -80,7 +81,7 @@ mac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h match.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h misc.h misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h log.h ssherr.h ssh.h sshbuf.h moduli.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h -monitor.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h dh.h packet.h dispatch.h auth-options.h sshpty.h channels.h session.h sshlogin.h canohost.h log.h ssherr.h misc.h servconf.h monitor.h monitor_wrap.h monitor_fdpass.h compat.h ssh2.h authfd.h match.h sk-api.h +monitor.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h dh.h packet.h dispatch.h auth-options.h sshpty.h channels.h session.h sshlogin.h canohost.h log.h ssherr.h misc.h servconf.h monitor.h monitor_wrap.h monitor_fdpass.h compat.h ssh2.h authfd.h match.h sk-api.h srclimit.h monitor.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h openbsd-compat/openssl-compat.h atomicio.h xmalloc.h ssh.h sshkey.h sshbuf.h hostfile.h auth.h auth-pam.h audit.h loginrec.h cipher.h cipher-chachapoly.h monitor_fdpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h monitor_fdpass.h monitor_wrap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h diff --git a/crypto/openssh/.github/ci-status.md b/crypto/openssh/.github/ci-status.md index fbf7c5fd6117..4fa73894ce76 100644 --- a/crypto/openssh/.github/ci-status.md +++ b/crypto/openssh/.github/ci-status.md @@ -6,6 +6,10 @@ master : [](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh) [](https://scan.coverity.com/projects/openssh-portable) +9.8 : +[](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_8) +[](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_8) + 9.7 : [](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_7) [](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_7) diff --git a/crypto/openssh/.github/configs b/crypto/openssh/.github/configs index 6134cb6ed5e9..4f47f820b506 100755 --- a/crypto/openssh/.github/configs +++ b/crypto/openssh/.github/configs @@ -187,7 +187,7 @@ case "$config" in LIBCRYPTOFLAGS="--without-openssl" TEST_TARGET=t-exec ;; - valgrind-[1-5]|valgrind-unit) + valgrind-[1-4]|valgrind-unit) # rlimit sandbox and FORTIFY_SOURCE confuse Valgrind. CONFIGFLAGS="--without-sandbox --without-hardening" CONFIGFLAGS="$CONFIGFLAGS --with-cppflags=-D_FORTIFY_SOURCE=0" @@ -197,10 +197,9 @@ case "$config" in # Valgrind slows things down enough that the agent timeout test # won't reliably pass, and the unit tests run longer than allowed # by github so split into separate tests. - tests2="integrity try-ciphers" + tests2="integrity try-ciphers rekey" tests3="krl forward-control sshsig agent-restrict kextype sftp" tests4="cert-userkey cert-hostkey kextype sftp-perm keygen-comment percent" - tests5="rekey" case "$config" in valgrind-1) # All tests except agent-timeout (which is flaky under valgrind), @@ -220,9 +219,6 @@ case "$config" in valgrind-4) LTESTS="${tests4}" ;; - valgrind-5) - LTESTS="${tests5}" - ;; valgrind-unit) TEST_TARGET="unit USE_VALGRIND=1" ;; diff --git a/crypto/openssh/.github/setup_ci.sh b/crypto/openssh/.github/setup_ci.sh index f0f2761c7107..7e1becaac2df 100755 --- a/crypto/openssh/.github/setup_ci.sh +++ b/crypto/openssh/.github/setup_ci.sh @@ -14,7 +14,7 @@ case "$host" in echo Removing extended ACLs so umask works as expected. setfacl -b . regress PACKAGES="$PACKAGES,autoconf,automake,cygwin-devel,gcc-core" - PACKAGES="$PACKAGES,make,openssl-devel,zlib-devel" + PACKAGES="$PACKAGES,make,openssl,libssl-devel,zlib-devel" ;; *-darwin*) PACKAGER=brew diff --git a/crypto/openssh/.github/workflows/c-cpp.yml b/crypto/openssh/.github/workflows/c-cpp.yml index 609028703f80..c179f73d16e0 100644 --- a/crypto/openssh/.github/workflows/c-cpp.yml +++ b/crypto/openssh/.github/workflows/c-cpp.yml @@ -32,7 +32,6 @@ jobs: - { target: ubuntu-20.04, config: valgrind-2 } - { target: ubuntu-20.04, config: valgrind-3 } - { target: ubuntu-20.04, config: valgrind-4 } - - { target: ubuntu-20.04, config: valgrind-5 } - { target: ubuntu-20.04, config: valgrind-unit } - { target: ubuntu-20.04, config: c89 } - { target: ubuntu-20.04, config: clang-6.0 } diff --git a/crypto/openssh/.github/workflows/selfhosted.yml b/crypto/openssh/.github/workflows/selfhosted.yml index 167297359383..755bb0cacb69 100644 --- a/crypto/openssh/.github/workflows/selfhosted.yml +++ b/crypto/openssh/.github/workflows/selfhosted.yml @@ -52,6 +52,7 @@ jobs: - obsd74 - obsdsnap - obsdsnap-i386 + - omnios - openindiana - ubuntu-2204 config: @@ -75,6 +76,7 @@ jobs: - { target: dfly58, config: pam, host: libvirt } - { target: dfly60, config: pam, host: libvirt } - { target: dfly62, config: pam, host: libvirt } + - { target: dfly64, config: pam, host: libvirt } - { target: fbsd10, config: pam, host: libvirt } - { target: fbsd12, config: pam, host: libvirt } - { target: fbsd13, config: pam, host: libvirt } @@ -82,6 +84,7 @@ jobs: - { target: nbsd8, config: pam, host: libvirt } - { target: nbsd9, config: pam, host: libvirt } - { target: nbsd10, config: pam, host: libvirt } + - { target: omnios, config: pam, host: libvirt } # ARM64 VMs - { target: obsd-arm64, config: default, host: libvirt-arm64 } # VMs with persistent disks that have their own runner. diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog index a1a52651718e..c085866f19f6 100644 --- a/crypto/openssh/ChangeLog +++ b/crypto/openssh/ChangeLog @@ -1,8666 +1,8676 @@ -commit fa41f6592ff1b6ead4a652ac75af31eabb05b912 +commit 46d1fb16b20e971b9ac15e86a3d3e350b49c9ad6 Author: Damien Miller <djm@mindrot.org> -Date: Mon Jul 1 14:33:26 2024 +1000 +Date: Fri Sep 20 08:20:13 2024 +1000 - version numbers + update version numbers -commit bfebb8a5130a792c5356bd06e1ddef72a0a0449f +commit 0bdca1f218971b38728a0a129f482476baff0968 Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jul 1 04:31:59 2024 +0000 +Date: Thu Sep 19 22:17:44 2024 +0000 - upstream: openssh-9.8 + upstream: openssh-9.9 - OpenBSD-Commit-ID: 5f8b89e38a4c5f7c6d52ffa19f796d49f36fab19 + OpenBSD-Commit-ID: 303417285f1a73b9cb7a2ae78d3f493bbbe31f98 -commit 146c420d29d055cc75c8606327a1cf8439fe3a08 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jul 1 04:31:17 2024 +0000 +commit ef2d7f2d3e1b4c9ae71bacf963e76a92ab8be543 +Author: Damien Miller <djm@mindrot.org> +Date: Wed Sep 18 16:03:23 2024 +1000 - upstream: when sending ObscureKeystrokeTiming chaff packets, we - - can't rely on channel_did_enqueue to tell that there is data to send. This - flag indicates that the channels code enqueued a packet on _this_ ppoll() - iteration, not that data was enqueued in _any_ ppoll() iteration in the - timeslice. ok markus@ + include openbsd-compat/base64.c license in LICENSE + +commit 7ef362b989c8d1f7596f557f22e5924b9c08f0ea +Author: Damien Miller <djm@mindrot.org> +Date: Wed Sep 18 09:01:23 2024 +1000 + + conditionally include mman.h in arc4random code + +commit 5fb2b5ad0e748732a27fd8cc16a7ca3c21770806 +Author: Damien Miller <djm@mindrot.org> +Date: Tue Sep 17 11:53:24 2024 +1000 + + fix bug in recently-added sntrup761 fuzzer - OpenBSD-Commit-ID: 009b74fd2769b36b5284a0188ade182f00564136 + key values need to be static to persist across invocations; + spotted by the Qualys Security Advisory team. -commit 637e4dfea4ed81264e264b6200172ce319c64ead +commit 0ca128c9ee894f1b0067abd473bfb33171df67f8 Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jul 1 03:10:19 2024 +0000 +Date: Mon Sep 16 05:37:05 2024 +0000 - upstream: use "lcd" to change directory before "lls" rather then "cd", + upstream: use 64 bit math to avoid signed underflow. upstream code - since the directory we're trying to list is local. Spotted by Corinna - Vinschen + relies on using -fwrapv to provide defined over/underflow behaviour, but we + use -ftrapv to catch integer errors and abort the program. ok dtucker@ - OpenBSD-Regress-ID: 821feca4a4bebe491944e624c8f7f2990b891415 + OpenBSD-Commit-ID: 8933369b33c17b5f02479503d0a92d87bc3a574b -commit c8cfe258cee0b8466ea84597bf15e1fcff3bc328 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jun 27 23:01:15 2024 +0000 +commit f82e5e22cad88c81d8a117de74241328c7b101c3 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Sun Sep 15 08:27:38 2024 +0000 - upstream: delete obsolete comment + upstream: minor grammar/sort fixes for refuseconnection; ok djm - OpenBSD-Commit-ID: 5fb04f298ed155053f3fbfdf0c6fe7cdf84bbfa2 + OpenBSD-Commit-ID: 1c81f37b138b8b66abba811fec836388a0f3e6da -commit 94b9d37100f6fa536aaa1d1a0e4926fe44fbf04d +commit 0c1165fc78e8fe69b5df71f81a8f944554a68b53 +Author: Damien Miller <djm@mindrot.org> +Date: Sun Sep 15 13:30:13 2024 +1000 + + avoid gcc warning in fuzz test + +commit ce171d0718104b643854b53443ff72f7283d33f2 Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jun 27 22:36:44 2024 +0000 +Date: Sun Sep 15 03:09:44 2024 +0000 - upstream: retire unused API + upstream: bad whitespace in config dump output - OpenBSD-Commit-ID: 3e30d7b0615e2707f6bbe70f61b1c2f72f78161b + OpenBSD-Commit-ID: d899c13b0e8061d209298eaf58fe53e3643e967c -commit 268c3a7f5783e731ed60f4e28da66ee3743581d3 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Thu Jun 27 21:02:16 2024 +0000 +commit 671c440786a5a66216922f15d0007b60f1e6733f +Author: Damien Miller <djm@mindrot.org> +Date: Sun Sep 15 12:53:59 2024 +1000 - upstream: ssl(8) no longer contains a HISTORY section; + use construct_utmp to construct btmp records - OpenBSD-Commit-ID: 83b7ff34433d79595e9c2a5d2a561a6660251245 + Simpler and removes some code with the old-style BSD license. -commit 12b6cc09ce6c430681f03af2a8069e37a664690b +commit 930cb02b6113df72fbc732b9feb8e4f490952a81 Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jun 26 23:47:46 2024 +0000 +Date: Sun Sep 15 02:20:51 2024 +0000 - upstream: move child process waitpid() loop out of SIGCHLD handler; + upstream: update the Streamlined NTRU Prime code from the "ref" - ok deraadt + implementation in SUPERCOP 20201130 to the "compact" implementation in + SUPERCOP 20240808. The new version is substantially faster. Thanks to Daniel + J Bernstein for pointing out the new implementation (and of course for + writing it). - OpenBSD-Commit-ID: 65815a39564e431414aed7c5ace8076f4e9ca741 + tested in snaps/ok deraadt@ + + OpenBSD-Commit-ID: bf1a77924c125ecdbf03e2f3df8ad13bd3dafdcb -commit d6bcd13297c2ab8b528df5a6898f994734849031 -Author: deraadt@openbsd.org <deraadt@openbsd.org> -Date: Wed Jun 26 23:16:52 2024 +0000 +commit 9306d6017e0ce5dea6824c29ca5ba5673c2923ad +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Sep 15 01:19:56 2024 +0000 - upstream: Instead of using possibly complex ssh_signal(), write all - - the parts of the grace_alarm_handler() using the exact things allowed by the - signal-safe rules. This is a good rule of thumb: Handlers should be written - to either set a global volatile sig_atomic_t inspected from outside, and/or - directly perform only safe operations listed in our sigaction(2) manual page. - ok djm markus + upstream: document Match invalid-user - OpenBSD-Commit-ID: 14168ae8368aab76e4ed79e17a667cb46f404ecd + OpenBSD-Commit-ID: 2c84a9b517283e9711e2812c1f268081dcb02081 -commit b8793e2b0851f7d71b97554fa5260b23796d6277 -Author: deraadt@openbsd.org <deraadt@openbsd.org> -Date: Wed Jun 26 23:14:14 2024 +0000 +commit 0118a4da21147a88a56dc8b90bbc2849fefd5c1e +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Sep 15 01:18:26 2024 +0000 - upstream: save_errno wrappers inside two small signal handlers that + upstream: add a "Match invalid-user" predicate to sshd_config Match - perform system calls, for systems with libc that do perform libc sigtramps. - ok djm markus + options. - OpenBSD-Commit-ID: 7749b56419a7c9dcfe4c6c04811e429813346c62 + This allows writing Match conditions that trigger for invalid username. + E.g. + + PerSourcePenalties refuseconnection:90s + Match invalid-user + RefuseConnection yes + + Will effectively penalise bots try to guess passwords for bogus accounts, + at the cost of implicitly revealing which accounts are invalid. + + feedback markus@ + + OpenBSD-Commit-ID: 93d3a46ca04bbd9d84a94d1e1d9d3a21073fbb07 -commit f23e9332c4c8df37465c4a4f38275ea98980ed7e -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Mon Jun 24 06:59:39 2024 +0000 +commit 7875975136f275619427604900cb0ffd7020e845 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Sep 15 01:11:26 2024 +0000 - upstream: - uppercase start of sentence - correct sentence grammar + upstream: Add a "refuseconnection" penalty class to sshd_config - ok djm + PerSourcePenalties - OpenBSD-Commit-ID: 1ec4b0fdb633a43667f2c8fff1d600bd647dde25 + This allows penalising connection sources that have had connections + dropped by the RefuseConnection option. ok markus@ + + OpenBSD-Commit-ID: 3c8443c427470bb3eac1880aa075cb4864463cb6 -commit 1839e3eb71a759aa795602c1e4196300f4ac2615 +commit 8d21713b669b8516ca6d43424a356fccc37212bb Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jun 24 04:05:11 2024 +0000 +Date: Sun Sep 15 01:09:40 2024 +0000 - upstream: mention SshdSessionPath option + upstream: Add a sshd_config "RefuseConnection" option - OpenBSD-Commit-ID: c29734d36c21003973b15c1c9965c35f36cef30c + If set, this will terminate the connection at the first authentication + request (this is the earliest we can evaluate sshd_config Match blocks) + + ok markus@ + + OpenBSD-Commit-ID: 43cc2533984074c44d0d2f92eb93f661e7a0b09c -commit 603193e32aef5db7d60c58066d5de89806e79312 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Thu Jun 20 18:45:14 2024 +1000 +commit acad117e66018fe1fa5caf41b36e6dfbd61f76a1 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Sep 15 00:58:01 2024 +0000 - Rerun upstream tests on .sh file changes too. + upstream: switch sshd_config Match processing to the argv tokeniser + + too; ok markus@ + + OpenBSD-Commit-ID: b74b5b0385f2e0379670e2b869318a65b0bc3923 -commit dbbf9337c19381786a8e5a8a49152fe6b80c780d -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Thu Jun 20 08:23:18 2024 +0000 +commit baec3f7f4c60cd5aa1bb9adbeb6dfa4a172502a8 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Sep 15 00:57:36 2024 +0000 - upstream: Work around dbclient cipher/mac query bug. + upstream: switch "Match" directive processing over to the argv - Unlike earlier versions, recent Dropbear (at least v2024.85) requires - a host arg when querying supported ciphers and macs via "-c/-m - help". Earlier versions accept but do not require it, so always - provide it. If these queries fail, skip the test with a warning. + string tokeniser, making it possible to use shell-like quoting in Match + directives, particularly "Match exec". ok markus@ - OpenBSD-Regress-ID: 98eb863a3f0363416922efb273885e6b3c7f68d4 + OpenBSD-Commit-ID: 0877309650b76f624b2194c35dbacaf065e769a5 -commit 8de2c8cebc46bbdb94b7a2c120fcadfb66a3cccc -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Thu Jun 20 08:18:34 2024 +0000 +commit dd424d7c382c2074ab70f1b8ad4f169a10f60ee7 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Sep 15 00:47:01 2024 +0000 - upstream: Remove dropbear key types not supported + upstream: include pathname in some of the ssh-keygen passphrase - by current OpenSSH. Allows subsequent test runs to work if OpenSSH is - rebuilt w/out OpenSSL. + prompts. Helps the user know what's going on when ssh-keygen is invoked via + other tools. Requested in GHPR503 - OpenBSD-Regress-ID: e0129eb2b1d31771105903a8055216fbba20a770 + OpenBSD-Commit-ID: 613b0bb6cf845b7e787d69a5b314057ceda6a8b6 -commit e9b6471c59b21e5d9ef1b3832d4bf727338add85 +commit 62bbf8f825cc390ecb0523752ddac1435006f206 Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jun 20 00:18:05 2024 +0000 +Date: Sun Sep 15 00:41:18 2024 +0000 - upstream: stricter check for overfull tables in penalty record path + upstream: Do not apply authorized_keys options when signature - OpenBSD-Commit-ID: 7df01e648a0723418c554e64a9f2b6d38db060a6 + verification fails. Prevents restrictive key options being incorrectly + applied to subsequent keys in authorized_keys. bz3733, ok markus@ + + OpenBSD-Commit-ID: ba3776d9da4642443c19dbc015a1333622eb5a4e -commit d9336d344eb2a1e898c5e66147b3f108c7214694 +commit 49f325fd47af4e53fcd7aafdbcc280e53f5aa5ce +Author: Wu Weixin <wuweixin@gmail.com> +Date: Fri Aug 2 22:16:40 2024 +0800 + + Fix without_openssl always being set to 1 + + In Fedora systems, %{?rhel} is empty. In RHEL systems, %{?fedora} is + empty. Therefore, the original code always sets without_openssl to 1. + +commit c21c3a2419bbc1c59cb1a16ea356e703e99a90d9 Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jun 19 23:24:47 2024 +0000 +Date: Thu Sep 12 00:36:27 2024 +0000 - upstream: put back reaping of preauth child process when writes + upstream: Relax absolute path requirement back to what it was prior to - from the monitor fail. Not sure how this got lost in the avalanche of - patches. + OpenSSH 9.8, which incorrectly required that sshd was started with an + absolute path in inetd mode. bz3717, patch from Colin Wilson - OpenBSD-Commit-ID: eb7eb36371e1ac01050b32b70fb2b3e5d98e72f5 + OpenBSD-Commit-ID: 25c57f22764897242d942853f8cccc5e991ea058 -commit 579d9adb70ec0206a788eb5c63804c31a67e9310 +commit 1bc426f51b0a5cfdcfbd205218f0b6839ffe91e9 Author: naddy@openbsd.org <naddy@openbsd.org> -Date: Mon Jun 17 13:50:18 2024 +0000 +Date: Mon Sep 9 14:41:21 2024 +0000 - upstream: remove one more mention of DSA + upstream: document the mlkem768x25519-sha256 key exchange algorithm - OpenBSD-Commit-ID: 8515f55a15f02836ba657df341415f63c60526ca + OpenBSD-Commit-ID: fa18dccdd9753dd287e62ecab189b3de45672521 -commit 7089b5f8436ef0b8d3d3ad9ce01045fb9e7aab15 +commit 0a2db61a5ffc64d2e2961c52964f933879952fc7 Author: Darren Tucker <dtucker@dtucker.net> -Date: Wed Jun 19 23:09:05 2024 +1000 +Date: Tue Sep 10 21:11:14 2024 +1000 - Move -f to the place needed to restart sshd. + Spell omnios test host correctly. -commit d5f83cfd852b14a25f347f082ab539a9454702ad +commit 059ed698a47c9af541a49cf754fd09f984ac5a21 Author: Darren Tucker <dtucker@dtucker.net> -Date: Wed Jun 19 21:04:01 2024 +1000 +Date: Tue Sep 10 18:52:02 2024 +1000 - Need to supply "-f" to restart sshd. + Add omnios test target. -commit fad34b4ca25c0ef31e5aa841d461b6f21da5b8c1 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Wed Jun 19 10:15:51 2024 +0000 +commit f4ff91575a448b19176ceaa8fd6843a25f39d572 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Sep 10 18:45:55 2024 +1000 - upstream: Provide defaults for ciphers and macs - - if querying for them fails since on some versions of Dropbear (at least - v2024.85) "-m help" doesn't seem to work. Enable all supported pubkey - algorithms in the server. - - OpenBSD-Regress-ID: 4f95556a49ee9f621789f25217c367a33d2745ca + Wrap stdint.h in ifdef. -commit 5521060e35ada9f957cecdddc06d0524e75409ef -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Wed Jun 19 10:10:46 2024 +0000 +commit ff714f001d20a9c843ee1fd9d92a16d40567d264 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Sep 9 19:31:54 2024 +1000 - upstream: Use ed25519 keys for kex tests - - since that's supported by OpenSSH even when built without OpenSSL. - Only test diffie-hellman kex if OpenSSH is compiled with support for it. - - OpenBSD-Regress-ID: a5d09ef9bbd171f9e4ec73ed0d9eeb49a8878e97 + Also test PAM on dfly64. -commit dbd3b833f6e3815e58f2dc6e14f61a51bcd4d6bd -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Wed Jun 19 10:08:34 2024 +0000 +commit 509b757c052ea969b3a41fc36818b44801caf1cf +Author: Damien Miller <djm@mindrot.org> +Date: Mon Sep 9 21:50:14 2024 +1000 - upstream: Rework dropbear key setup - - to always generate ed25519 keys, other types only if OpenSSH has support - for the corresponding key type. + stubs for ML-KEM KEX functions - OpenBSD-Regress-ID: 8f91f12604cddb9f8d93aa34f3f93a3f6074395d + used for C89 compilers -commit d6218504e11ae9148adf410fc69b0710a052be36 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Wed Jun 19 20:20:24 2024 +1000 +commit 273581210c99ce7275b8efdefbb9f89e1c22e341 +Author: Damien Miller <djm@mindrot.org> +Date: Mon Sep 9 17:30:38 2024 +1000 - Restart sshd after installing it for testing. + declare defeat trying to detect C89 compilers - When installing an sshd built without OpenSSL the mismatch between - the running sshd and newly installed sshd-session will cause the - remainder of the test to fail. + I can't find a reliable way to detect the features the ML-KEM code + requires in configure. Give up for now and use VLA support (that we + can detect) as a proxy for "old compiler" and turn off ML-KEM if + it isn't supported. -commit 786a4465b6bb702daf4fb17b7c3bcb42b52f0b46 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Tue Jun 18 19:59:59 2024 +1000 +commit e8a0f19b56dfa20f98ea9876d7171ec315fb338a +Author: Damien Miller <djm@mindrot.org> +Date: Mon Sep 9 16:46:40 2024 +1000 - Remove macos-11 runner. + fix previous; check for C99 compound literals - Github is retiring them soon. + The previous commit was incorrect (or at least insufficient), the + ML-KEM code is actually using compound literals, so test for them. -commit df1c72a55edbebac14363b57de66ac6a147ecc67 +commit 7c07bec1446978bebe0780ed822c8fedfb377ae8 Author: Damien Miller <djm@mindrot.org> -Date: Wed Jun 19 09:34:34 2024 +1000 - - PAMServiceName may appear in a Match block - -commit de1c2e70e5a5dc3c8d2fe04b24cc93d8ef6930e7 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Tue Jun 18 08:11:48 2024 +0000 +Date: Mon Sep 9 16:06:21 2024 +1000 - upstream: Re-enable ssh-dss tests + test for compiler feature needed for ML-KEM - ... if ssh is compiled with DSA support - - OpenBSD-Regress-ID: bbfaf8c17f2b50a2d46ac35cb97af99b990c990d + The ML-KEM implementation we uses need the compiler to support + C99-style named struct initialisers (e.g foo = {.bar = 1}). We + still support (barely) building OpenSSH with older compilers, so + add a configure test for this. -commit dabc2c7cf3c141e8e5d5a1a60d6c1d2d2422cf43 -Author: anton@openbsd.org <anton@openbsd.org> -Date: Tue Jun 18 06:14:27 2024 +0000 +commit d469d5f348772058789d35332d1ccb0b109c28ef +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Sep 9 03:13:39 2024 +0000 - upstream: Stop using DSA in dropbear interop tests. + upstream: test mlkem768x25519-sha256 - OpenBSD-Regress-ID: abfd4457d99d8cc1417fd22ca2c570270f74c1cf + OpenBSD-Regress-ID: 7baf6bc39ae55648db1a2bfdc55a624954847611 -commit 761438012710169445acc179e3870c53c862bda0 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Jun 18 12:29:45 2024 +1000 +commit 62fb2b51bb7f6863c3ab697f397b2068da1c993f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Sep 9 02:39:57 2024 +0000 - missed a bit of DSA in the fuzzer + upstream: pull post-quantum ML-KEM/x25519 key exchange out from + + compile-time flag now than an IANA codepoint has been assigned for the + algorithm. + + Add mlkem768x25519-sha256 in 2nd KexAlgorithms preference slot. + + ok markus@ + + OpenBSD-Commit-ID: 9f50a0fae7d7ae8b27fcca11f8dc6f979207451a -commit 3f9cc47da588e8de520720e59f98438043fdaf93 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Jun 18 09:35:53 2024 +1000 +commit a8ad7a2952111c6ce32949a775df94286550af6b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Sep 6 02:30:44 2024 +0000 - DSA support is disabled, so remove from fuzzers + upstream: make parsing user@host consistently look for the last '@' in + + the string rather than the first. This makes it possible to use usernames + that contain '@' characters. + MIME-Version: 1.0 + Content-Type: text/plain; charset=UTF-8 + Content-Transfer-Encoding: 8bit + + Prompted by Max Zettlmeißl; feedback/ok millert@ + + OpenBSD-Commit-ID: 0b16eec246cda15469ebdcf3b1e2479810e394c5 -commit 00eb95957dea5484b2c7c043f7d2bbc87301bef2 +commit 13cc78d016b67a74a67f1c97c7c348084cd9212c Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jun 17 08:30:29 2024 +0000 +Date: Wed Sep 4 05:33:34 2024 +0000 - upstream: disable the DSA signature algorithm by default; ok + upstream: be more strict in parsing key type names. Only allow - markus@ + shortnames (e.g "rsa") in user-interface code and require full SSH protocol + names (e.g. "ssh-rsa") everywhere else. - (yes, I know this expands to "the Digitial Signature Algorithm - signature algorithm) + Prompted by bz3725; ok markus@ - OpenBSD-Commit-ID: 961ef594e46dd2dcade8dd5721fa565cee79ffed + OpenBSD-Commit-ID: b3d8de9dac37992eab78adbf84fab2fe0d84b187 -commit 5603befe11c9464ea26fe77cbacc95a7cc0b1ea7 +commit ef8472309a68e319018def6f8ea47aeb40d806f5 Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jun 17 08:28:31 2024 +0000 +Date: Wed Sep 4 05:11:33 2024 +0000 - upstream: promote connection-closed messages from verbose to info + upstream: fix RCSID in output - log level; they could be the only record of the connection terminating if the - client doesn't send a SSH2_MSG_DISCONNECT message. ok dtucker@ - - OpenBSD-Commit-ID: 0c8bfaf5e9fdff945cee09ac21e641f6c5d65d3c + OpenBSD-Commit-ID: 889ae07f2d2193ddc4351711919134664951dd76 -commit b00331402fe5c60d577f3ffcc35e49286cdc6b47 -Author: Damien Miller <djm@mindrot.org> -Date: Mon Jun 17 17:02:18 2024 +1000 +commit ba2ef20c75c5268d4d1257adfc2ac11c930d31e1 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Tue Sep 3 06:17:48 2024 +0000 - propagate PAM crashes to PerSourcePenalties + upstream: envrionment -> environment; - If the PAM subprocess crashes, exit with a crash status that will be - picked up by the sshd(8) listener process where it can be used by - PerSourcePenalties to block the client. This is similar handling to - the privsep preauth process. + OpenBSD-Commit-ID: b719f39c20e8c671ec6135c832d6cc67a595af9c -commit 1c207f456ace38987deda047758d13fbf857f948 +commit e66c0c5673a4304a3a9fbf8305c6a19f8653740f Author: Damien Miller <djm@mindrot.org> -Date: Mon Jun 17 15:06:01 2024 +1000 +Date: Wed Sep 4 15:35:29 2024 +1000 - minix doesn't have loopback, so skip penalty tests - - pointed out by dtucker@ + add basic fuzzers for our import of sntrup761 -commit 48443d202eaec52d4d39defdd709a4499a7140c6 +commit d19dea6330ecd4eb403fef2423bd7e127f4c9828 Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Jun 16 11:54:49 2024 +0000 +Date: Tue Sep 3 05:58:56 2024 +0000 - upstream: same treatment for this test + upstream: regression test for Include variable expansion - OpenBSD-Regress-ID: d0cc9efca7833e673ea7b0cb3a679a3acee8d4c7 + OpenBSD-Regress-ID: 35477da3ba1abd9ca64bc49080c50a9c1350c6ca -commit 45562a95ea11d328c22d97bf39401cd29684fb1f +commit 8c4d6a628051e318bae2f283e8dc38b896400862 Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Jun 16 08:18:06 2024 +0000 +Date: Tue Sep 3 05:29:55 2024 +0000 - upstream: penalty test is still a bit racy + upstream: allow the "Include" directive to expand the same set of - OpenBSD-Regress-ID: 90c9ac224db454637baf1ebee5857e007321e824 - -commit 8d0f7eb147ef72d18acb16c0b18672d44941a8ca -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Jun 15 03:59:10 2024 +0000 - - upstream: crank up penalty timeouts so this should work on even the + %-tokens that "Match Exec" and environment variables. - slowest of test builders + ok dtucker@ - OpenBSD-Regress-ID: 70bda39c83e3fc9d0f3c1fad4542ed33e173d468 + OpenBSD-Commit-ID: 12ef521eaa966a9241e684258564f52f1f3c5d37 -commit 93c75471a1202ab3e29db6938648d4e2602c0475 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Fri Jun 14 05:20:34 2024 +0000 +commit 51b82648b6827675fc0cde21175fd1ed8e89aab2 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Sep 2 12:18:35 2024 +0000 - upstream: sort -q in the options list; + upstream: missing ifdef - OpenBSD-Commit-ID: 6839b38378f38f754de638a5e988c13b4164cc7c + OpenBSD-Commit-ID: 85f09da957dd39fd0abe08fe5ee19393f25c2021 -commit dd7807bbe80a93ffb4616f2bd5cf83ad5a5595fb +commit f68312eb593943127b39ba79a4d7fa438c34c153 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jun 14 05:01:22 2024 +0000 +Date: Mon Sep 2 12:13:56 2024 +0000 - upstream: clarify KEXAlgorithms supported vs available. Inspired by + upstream: Add experimental support for hybrid post-quantum key exchange - bz3701 from Colin Watson. + ML-KEM768 with ECDH/X25519 from the Internet-draft: + https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03 - OpenBSD-Commit-ID: e698e69bea19bd52971d253f2b1094490c4701f7 - -commit d172ad56df85b68316dbadbedad16761a1265874 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jun 14 05:00:42 2024 +0000 - - upstream: ssh-keyscan -q man bits + This is based on previous patches from markus@ but adapted to use the + final FIPS203 standard ML-KEM using a formally-verified implementation + from libcrux. - OpenBSD-Commit-ID: ba28d0e1ac609a4c99c453e57e86560c79079db1 + Note this key exchange method is still a draft and thus subject to + change. It is therefore disabled by default; set MLKEM=yes to build it. + We're making it available now to make it easy for other SSH + implementations to test against it. + + ok markus@ deraadt@ + + OpenBSD-Commit-ID: 02a8730a570b63fa8acd9913ec66353735dea42c -commit 092e4ff9ccaacbe035f286feb1b56ed499604743 -Author: Damien Miller <djm@mindrot.org> -Date: Fri Jun 14 14:46:35 2024 +1000 +commit 05f2b141cfcc60c7cdedf9450d2b9d390c19eaad +Author: Antonio Larrosa <alarrosa@suse.com> +Date: Fri Aug 23 12:21:06 2024 +0200 - skip penalty-expire test in valgrind test env + Don't skip audit before exitting cleanup_exit + + This fixes an issue where the SSH_CONNECTION_ABANDON event is not + audited because cleanup_exit overrides the regular _exit too soon and + as a result, failed auth attempts are not logged correctly. + + The problem was introduced in 81c1099d22b81ebfd20a334ce986c4f753b0db29 + where the code from upstream was merged before the audit_event call when + it should have been merged right before the _exit call in order to honor + the comment that just mentions an override of the exit value. -commit 2866ad08a9c50d7b67ce9424ca990532b806a21a +commit 16eaf9d401e70996f89f3f417738a8db421aa959 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jun 14 04:43:11 2024 +0000 +Date: Wed Aug 28 12:08:26 2024 +0000 - upstream: split the PerSourcePenalties test in two: one tests penalty + upstream: fix test: -F is the argument to specify a non-default - enforcement but not penalty expiry, the other tests penalty expiry. - - This lets us disable the expiry testing in certain CI test environments. + ssh_config, not -f (this is sadly not a new bug) - OpenBSD-Regress-ID: f56811064f3e3cb52ee73a206b8c2a06af1c8791 *** 36636 LINES SKIPPED ***
](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh){kind=link}
](https://scan.coverity.com/projects/openssh-portable){kind=link}
](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_8){kind=link}
](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_8){kind=link}
](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_7){kind=link}
](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_7){kind=link}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202502201757.51KHv1Kg068120>