Date: Sun, 14 Feb 2021 21:08:26 GMT From: Ed Maste <emaste@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org Subject: git: db903103f467 - vendor/openssh - Vendor import of OpenSSH 8.3p1 Message-ID: <202102142108.11EL8QiG023693@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch vendor/openssh has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=db903103f46785ea0bba0f228691e1f8fb3a643d commit db903103f46785ea0bba0f228691e1f8fb3a643d Author: Ed Maste <emaste@FreeBSD.org> AuthorDate: 2021-02-14 21:07:21 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2021-02-14 21:07:21 +0000 Vendor import of OpenSSH 8.3p1 --- .depend | 11 +- .skipped-commit-ids | 3 + ChangeLog | 16806 +++++++++++---------- INSTALL | 8 +- Makefile.in | 73 +- PROTOCOL | 6 +- PROTOCOL.chacha20poly1305 | 4 +- PROTOCOL.mux | 4 +- PROTOCOL.u2f | 6 +- README | 10 +- auth-options.c | 13 +- auth-rhosts.c | 6 +- auth2-chall.c | 5 +- auth2-passwd.c | 5 +- auth2.c | 4 +- authfd.c | 10 +- authfile.c | 101 +- channels.c | 17 +- cipher-chachapoly-libcrypto.c | 166 + cipher-chachapoly.c | 32 +- cipher-chachapoly.h | 13 +- cipher.c | 26 +- clientloop.c | 28 +- clientloop.h | 5 +- config.guess | 882 +- config.h.in | 13 + config.sub | 2528 ++-- configure | 137 +- configure.ac | 72 +- contrib/cygwin/README | 2 +- contrib/redhat/openssh.spec | 50 +- contrib/suse/openssh.spec | 2 +- defines.h | 7 + digest-libc.c | 5 +- gss-serv.c | 4 +- hmac.c | 5 +- hostfile.c | 7 +- kex.c | 17 +- krl.c | 97 +- krl.h | 3 +- misc.c | 6 +- moduli | 819 +- moduli.0 | 2 +- monitor.c | 7 +- mux.c | 3 +- openbsd-compat/bsd-misc.c | 2 + openbsd-compat/bsd-snprintf.c | 2 +- openbsd-compat/fnmatch.c | 4 +- openbsd-compat/glob.c | 10 +- openbsd-compat/openbsd-compat.h | 2 +- openbsd-compat/openssl-compat.h | 6 + openbsd-compat/port-aix.c | 10 +- openbsd-compat/port-aix.h | 2 +- openbsd-compat/port-linux.c | 2 +- packet.c | 10 +- packet.h | 5 +- readconf.c | 28 +- readconf.h | 4 +- regress/Makefile | 7 +- regress/addrmatch.sh | 4 +- regress/key-options.sh | 10 +- regress/keygen-comment.sh | 52 + regress/misc/kexfuzz/Makefile | 4 +- regress/misc/sk-dummy/sk-dummy.c | 14 +- regress/netcat.c | 3 + regress/percent.sh | 88 + regress/reexec.sh | 5 +- regress/sftp-badcmds.sh | 4 +- regress/sshsig.sh | 4 +- regress/test-exec.sh | 22 +- regress/unittests/hostkeys/Makefile | 3 +- regress/unittests/kex/Makefile | 3 +- regress/unittests/sshkey/Makefile | 3 +- regress/unittests/sshkey/mktestdata.sh | 34 +- regress/unittests/sshkey/testdata/dsa_n | 33 +- regress/unittests/sshkey/testdata/ecdsa_n | 13 +- regress/unittests/sshkey/testdata/rsa1_1 | Bin 533 -> 0 bytes regress/unittests/sshkey/testdata/rsa1_1.fp | 1 - regress/unittests/sshkey/testdata/rsa1_1.fp.bb | 1 - regress/unittests/sshkey/testdata/rsa1_1.param.n | 1 - regress/unittests/sshkey/testdata/rsa1_1.pub | 1 - regress/unittests/sshkey/testdata/rsa1_1_pw | Bin 533 -> 0 bytes regress/unittests/sshkey/testdata/rsa1_2 | Bin 981 -> 0 bytes regress/unittests/sshkey/testdata/rsa1_2.fp | 1 - regress/unittests/sshkey/testdata/rsa1_2.fp.bb | 1 - regress/unittests/sshkey/testdata/rsa1_2.param.n | 1 - regress/unittests/sshkey/testdata/rsa1_2.pub | 1 - regress/unittests/sshkey/testdata/rsa_n | 31 +- sandbox-seccomp-filter.c | 1 + scp.0 | 5 +- scp.1 | 9 +- scp.c | 101 +- servconf.c | 30 +- servconf.h | 7 +- session.c | 6 +- sftp-server.0 | 2 +- sftp.0 | 7 +- sftp.1 | 14 +- sftp.c | 23 +- sk-api.h | 4 +- sk-usbhid.c | 37 +- ssh-add.0 | 2 +- ssh-add.c | 22 +- ssh-agent.0 | 2 +- ssh-agent.c | 7 +- ssh-dss.c | 8 +- ssh-ed25519-sk.c | 8 +- ssh-ed25519.c | 20 +- ssh-keygen.0 | 9 +- ssh-keygen.1 | 10 +- ssh-keygen.c | 157 +- ssh-keyscan.0 | 2 +- ssh-keysign.0 | 2 +- ssh-pkcs11-helper.0 | 2 +- ssh-pkcs11-helper.c | 10 +- ssh-pkcs11.c | 25 +- ssh-sk.c | 20 +- ssh-xmss.c | 20 +- ssh.0 | 27 +- ssh.1 | 9 +- ssh.c | 274 +- ssh_config.0 | 59 +- ssh_config.5 | 53 +- sshbuf-misc.c | 11 +- sshbuf.c | 5 +- sshbuf.h | 6 +- sshconnect.c | 7 +- sshconnect2.c | 4 +- sshd.0 | 2 +- sshd.c | 17 +- sshd_config.0 | 23 +- sshd_config.5 | 36 +- sshkey.c | 487 +- sshkey.h | 4 +- sshlogin.c | 5 +- sshsig.c | 26 +- umac.c | 7 +- utf8.c | 27 +- utf8.h | 5 +- version.h | 4 +- 140 files changed, 12610 insertions(+), 11522 deletions(-) diff --git a/.depend b/.depend index 707890f63906..1ccc1dcc75c2 100644 --- a/.depend +++ b/.depend @@ -1,5 +1,7 @@ -# DO NOT DELETE +# Automatically generated by makedepend. +# Run "make depend" to rebuild. +# DO NOT DELETE addrmatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h match.h log.h atomicio.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h audit-bsm.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h @@ -34,6 +36,7 @@ chacha.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat channels.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h ssherr.h sshbuf.h packet.h dispatch.h log.h misc.h channels.h compat.h canohost.h sshkey.h authfd.h pathnames.h match.h cipher-aes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h cipher-aesctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher-aesctr.h rijndael.h +cipher-chachapoly-libcrypto.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher-chachapoly.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h sshbuf.h ssherr.h cipher-chachapoly.h chacha.h poly1305.h cipher-ctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h misc.h sshbuf.h ssherr.h digest.h openbsd-compat/openssl-compat.h @@ -68,7 +71,7 @@ kexgex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat kexgexc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h kexgexs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h kexsntrup4591761x25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ssherr.h -krl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h sshbuf.h ssherr.h sshkey.h authfile.h misc.h log.h digest.h bitmap.h krl.h +krl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h sshbuf.h ssherr.h sshkey.h authfile.h misc.h log.h digest.h bitmap.h utf8.h krl.h log.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h loginrec.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h hostfile.h ssh.h loginrec.h log.h atomicio.h packet.h openbsd-compat/sys-queue.h dispatch.h canohost.h auth.h auth-pam.h audit.h sshbuf.h ssherr.h logintest.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h loginrec.h @@ -141,8 +144,8 @@ ssh-sk-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd ssh-sk-helper.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h sshkey.h authfd.h misc.h sshbuf.h msg.h uidswap.h ssherr.h ssh-sk.h ssh-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h -ssh.o: channels.h sshkey.h authfd.h authfile.h pathnames.h clientloop.h log.h misc.h readconf.h sshconnect.h kex.h mac.h crypto_api.h sshpty.h match.h msg.h version.h ssherr.h myproposal.h utf8.h -ssh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h canohost.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h packet.h dispatch.h sshbuf.h +ssh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h canohost.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h packet.h dispatch.h sshbuf.h channels .h +ssh.o: sshkey.h authfd.h authfile.h pathnames.h clientloop.h log.h misc.h readconf.h sshconnect.h kex.h mac.h crypto_api.h sshpty.h match.h msg.h version.h ssherr.h myproposal.h utf8.h ssh_api.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh_api.h openbsd-compat/sys-queue.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h ssh.h ssh2.h packet.h dispatch.h compat.h log.h authfile.h misc. h ssh_api.o: version.h myproposal.h ssherr.h sshbuf.h openbsd-compat/openssl-compat.h sshbuf-getput-basic.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h diff --git a/.skipped-commit-ids b/.skipped-commit-ids index ac469cfe35b6..611d1093d1b8 100644 --- a/.skipped-commit-ids +++ b/.skipped-commit-ids @@ -16,6 +16,9 @@ db6375fc302e3bdf07d96430c63c991b2c2bd3ff moduli update 14806a59353152f843eb349e618abbf6f4dd3ada Makefile.inc 8ea4455a2d9364a0a04f9e4a2cbfa4c9fcefe77e Makefile.inc d9b910e412d139141b072a905e66714870c38ac0 Makefile.inc +7b7b619c1452a459310b0cf4391c5757c6bdbc0f moduli update +5010ff08f7ad92082e87dde098b20f5c24921a8f moduli regen script update +3bcae7a754db3fc5ad3cab63dd46774edb35b8ae moduli regen script update Old upstream tree: diff --git a/ChangeLog b/ChangeLog index fbbbca0edec5..f283a8b3f455 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,12663 +1,12677 @@ -commit 8aa3455b16fddea4c0144a7c4a1edb10ec67dcc8 +commit 9ca7e9c861775dd6c6312bc8aaab687403d24676 +Author: Damien Miller <djm@mindrot.org> +Date: Wed May 27 10:38:00 2020 +1000 + + depend + +commit b6d251ed9af90e16c08a72c4aac2cb8ace8f94b1 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Feb 14 00:39:20 2020 +0000 +Date: Mon May 18 04:29:35 2020 +0000 - upstream: openssh-8.2 + upstream: avoid possible NULL deref; from Pedro Martelletto - OpenBSD-Commit-ID: 0a1340ff65fad0d84b997ac58dd1b393dec7c19b + OpenBSD-Commit-ID: e6099c3fbb70aa67eb106e84d8b43f1fa919b721 -commit 72f0ce33f0d5a37f31bad5800d1eb2fbdb732de6 +commit 3ab6fccc3935e9b778ff52f9c8d40f215d58e01d Author: Damien Miller <djm@mindrot.org> -Date: Wed Feb 12 09:28:35 2020 +1100 +Date: Thu May 14 12:22:09 2020 +1000 - crank version numbers + prefer ln to cp for temporary copy of sshd + + I saw failures on the reexec fallback test on Darwin 19.4 where + fork()ed children of a process that had it's executable removed + would instantly fail. Using ln to preserve the inode avoids this. -commit b763ed05bd1f1f15ae1727c86a4498546bc36ca8 +commit f700d316c6b15a9cfbe87230d2dca81a5d916279 Author: Darren Tucker <dtucker@dtucker.net> -Date: Tue Feb 11 12:51:24 2020 +1100 +Date: Wed May 13 15:24:51 2020 +1000 - Minor documentation update: - - - remove duplication of dependency information (it's all in INSTALL). - - SSHFP is now an RFC. + Actually skip pty tests when needed. -commit 14ccfdb7248e33b1dc8bbac1425ace4598e094cb +commit 08ce6b2210f46f795e7db747809f8e587429dfd2 Author: Darren Tucker <dtucker@dtucker.net> -Date: Sun Feb 9 11:23:35 2020 +1100 +Date: Wed May 13 13:56:45 2020 +1000 - Check if UINT32_MAX is defined before redefining. + Skip building sk-dummy library if no SK support. -commit be075110c735a451fd9d79a864e01e2e0d9f19d2 +commit 102d106bc2e50347d0e545fad6ff5ce408d67247 Author: Damien Miller <djm@mindrot.org> -Date: Fri Feb 7 15:07:27 2020 +1100 +Date: Wed May 13 12:08:34 2020 +1000 - typo; reported by Phil Pennock + explicitly manage .depend and .depend.bak + + Bring back removal of .depend to give the file a known state before + running makedepend, but manually move aside the current .depend file + and restore it as .depend.bak afterwards so the stale .depend check + works as expected. -commit 963d71851e727ffdd2a97fe0898fad61d4a70ba1 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Feb 7 03:57:31 2020 +0000 +commit 83a6dc6ba1e03b3fa39d12a8522b8b0e68dd6390 +Author: Damien Miller <djm@mindrot.org> +Date: Wed May 13 12:03:42 2020 +1000 - upstream: sync the description of the $SSH_SK_PROVIDER environment + make depend + +commit 7c0bbed967abed6301a63e0267cc64144357a99a +Author: Damien Miller <djm@mindrot.org> +Date: Wed May 13 12:01:10 2020 +1000 + + revert removal of .depend before makedepend - variable with that of the SecurityKeyProvider ssh/sshd_config(5) directive, - as the latter was more descriptive. + Commit 83657eac4 started removing .depend before running makedepend + to reset the contents of .depend to a known state. Unfortunately + this broke the depend-check step as now .depend.bak would only ever + be created as an empty file. - OpenBSD-Commit-ID: 0488f09530524a7e53afca6b6e1780598022552f + ok dtucker -commit d4d9e1d40514e2746f9e05335d646512ea1020c6 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Feb 7 03:54:44 2020 +0000 +commit 58ad004acdcabf3b9f40bc3aaa206b25d998db8c +Author: Damien Miller <djm@mindrot.org> +Date: Tue May 12 12:58:46 2020 +1000 - upstream: Add ssh -Q key-sig for all key and signature types. + prepare for 8.3 release + +commit 4fa9e048c2af26beb7dc2ee9479ff3323e92a7b5 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri May 8 21:50:43 2020 +1000 + + Ensure SA_SIGNAL test only signals itself. - Teach ssh -Q to accept ssh_config(5) and sshd_config(5) algorithm keywords as - an alias for the corresponding query. Man page help jmc@, ok djm@. + When the test's child signals its parent and it exits the result of + getppid changes. On Ubuntu 20.04 this results in the ppid being that + of the GDM session, causing it to exit. Analysis and testing from pedro + at ambientworks.net + +commit dc2da29aae76e170d22f38bb36f1f5d1edd5ec2b +Author: Damien Miller <djm@mindrot.org> +Date: Fri May 8 13:31:53 2020 +1000 + + sync config.guess/config.sub with latest versions - OpenBSD-Commit-ID: 1e110aee3db2fc4bc5bee2d893b7128fd622e0f8 + ok dtucker@ -commit fd68dc27864b099b552a6d9d507ca4b83afd6a76 +commit a8265bd64c14881fc7f4fa592f46dfc66b911f17 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Feb 7 03:27:54 2020 +0000 +Date: Wed May 6 20:58:01 2020 +0000 - upstream: fix two PIN entry bugs on FIDO keygen: 1) it would allow more - - than the intended number of prompts (3) and 2) it would SEGV too many - incorrect PINs were entered; based on patch by Gabriel Kihlman + upstream: openssh-8.3; ok deraadt@ - OpenBSD-Commit-ID: 9c0011f28ba8bd8adf2014424b64960333da1718 + OpenBSD-Commit-ID: c8831ec88b9c750f5816aed9051031fb535d22c1 -commit 96bd895a0a0b3a36f81c14db8c91513578fc5563 +commit 955854cafca88e0cdcd3d09ca1ad4ada465364a1 Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Feb 6 22:48:23 2020 +0000 +Date: Wed May 6 20:57:38 2020 +0000 - upstream: When using HostkeyAlgorithms to merely append or remove + upstream: another case where a utimes() failure could make scp send - algorithms from the default set (i.e. HostkeyAlgorithms=+/-...), retain the - default behaviour of preferring those algorithms that have existing keys in - known_hosts; ok markus + a desynchronising error; reminded by Aymeric Vincent ok deraadt markus - OpenBSD-Commit-ID: 040e7fcc38ea00146b5d224ce31ce7a1795ee6ed + OpenBSD-Commit-ID: 2ea611d34d8ff6d703a7a8bf858aa5dbfbfa7381 -commit c7288486731734a864b58d024b1395029b55bbc5 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Feb 6 22:46:31 2020 +0000 +commit 59d531553fd90196946743da391f3a27cf472f4e +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu May 7 15:34:12 2020 +1000 - upstream: expand HostkeyAlgorithms prior to config dump, matching - - other algorithm lists; ok markus@ + Check if -D_REENTRANT is needed for localtime_r. - OpenBSD-Commit-ID: a66f0fca8cc5ce30405a2867bc115fff600671d0 + On at least HP-UX 11.11, the localtime_r declararation is behind + ifdef _REENTRANT. Check for and add if needed. -commit a6ac5d36efc072b15690c65039754f8e44247bdf -Author: naddy@openbsd.org <naddy@openbsd.org> -Date: Thu Feb 6 22:34:58 2020 +0000 +commit c13403e55de8cdbb9da628ed95017b1d4c0f205f +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue May 5 11:32:43 2020 +1000 - upstream: Add Include to the list of permitted keywords after a + Skip security key tests if ENABLE_SK not set. + +commit 4da393f87cd52d788c84112ee3f2191c9bcaaf30 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri May 1 04:03:14 2020 +0000 + + upstream: sure enough, some of the test data that we though were in - Match keyword. ok markus@ + new format were actually in the old format; fix from Michael Forney - OpenBSD-Commit-ID: 342e940538b13dd41e0fa167dc9ab192b9f6e2eb + OpenBSD-Regress-ID: a41a5c43a61b0f0b1691994dbf16dfb88e8af933 -commit a47f6a6c0e06628eed0c2a08dc31a8923bcc37ba -Author: naddy@openbsd.org <naddy@openbsd.org> -Date: Thu Feb 6 22:30:54 2020 +0000 +commit 15bfafc1db4c8792265ada9623a96f387990f732 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri May 1 04:00:29 2020 +0000 - upstream: Replace "security key" with "authenticator" in program + upstream: make mktestdata.sh generate old/new format keys that we - messages. + expect. This script was written before OpenSSH switched to new-format private + keys by default and was never updated to the change (until now) From Michael + Forney - This replaces "security key" in error/usage/verbose messages and - distinguishes between "authenticator" and "authenticator-hosted key". + OpenBSD-Regress-ID: 38cf354715c96852e5b71c2393fb6e7ad28b7ca7 + +commit 7882d2eda6ad3eb82220a85294de545d20ef82db +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri May 1 03:58:02 2020 +0000 + + upstream: portability fix for sed that always emil a newline even - ok djm@ + if the input does not contain one; from Michael Forney - OpenBSD-Commit-ID: 7c63800e9c340c59440a054cde9790a78f18592e + OpenBSD-Regress-ID: 9190c3ddf0d2562ccc02c4a95fce0e392196bfc7 -commit 849a9b87144f8a5b1771de6c85e44bfeb86be9a9 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Thu Feb 6 11:28:14 2020 +1100 +commit 8074f9499e454df0acdacea33598858a1453a357 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri May 1 03:36:25 2020 +0000 - Don't look for UINT32_MAX in inttypes.h + upstream: remove obsolete RSA1 test keys; spotted by Michael Forney - ... unless we are actually going to use it. Fixes build on HP-UX - without the potential impact to other platforms of a header change - shortly before release. + OpenBSD-Regress-ID: 6384ba889594e217d166908ed8253718ab0866da -commit a2437f8ed0c3be54ddd21630a93c68ebd168286f -Author: Damien Miller <djm@mindrot.org> -Date: Thu Feb 6 12:02:22 2020 +1100 +commit c697e46c314aa94574af0d393d80f23e0ebc9748 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat May 2 18:34:47 2020 +1000 - depend + Update .depend. -commit 9716e8c4956acdd7b223d1642bfa376e07e7503d -Author: Michael Forney <mforney@mforney.org> -Date: Wed Nov 27 19:17:26 2019 -0800 +commit 83657eac42941f270c4b02b2c46d9a21f616ef99 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat May 2 18:29:40 2020 +1000 - Fix sha2 MAKE_CLONE no-op definition + Remove use of tail for 'make depend'. - The point of the dummy declaration is so that MAKE_CLONE(...) can have - a trailing semicolon without introducing an empty declaration. So, - the macro replacement text should *not* have a trailing semicolon, - just like DEF_WEAK. + Not every tail supports +N and we can do with out it so just remove it. + Prompted by mforney at mforney.org. -commit d596b1d30dc158915a3979fa409d21ff2465b6ee +commit d25d630d24c5a1c64d4e646510e79dc22d6d7b88 Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Feb 4 09:58:04 2020 +0000 +Date: Sat May 2 07:19:43 2020 +0000 - upstream: require FIDO application strings to start with "ssh:"; ok + upstream: we have a sshkey_save_public() function to save public keys; - markus@ + use it and save a bunch of redundant code. - OpenBSD-Commit-ID: 94e9c1c066d42b76f035a3d58250a32b14000afb + Patch from loic AT venez.fr; ok markus@ djm@ + + OpenBSD-Commit-ID: f93e030a0ebcd0fd9054ab30db501ec63454ea5f -commit 501f3582438cb2cb1cb92be0f17be490ae96fb23 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Feb 3 23:47:57 2020 +0000 +commit e9dc9863723e111ae05e353d69df857f0169544a +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri May 1 18:32:25 2020 +1000 - upstream: revert enabling UpdateHostKeys by default - there are still + Use LONG_LONG_MAX and friends if available. - corner cases we need to address; ok markus + If we don't have LLONG_{MIN,MAX} but do have LONG_LONG_{MIN,MAX} + then use those instead. We do calculate these values in configure, + but it turns out that at least one compiler (old HP ANSI C) can't + parse "-9223372036854775808LL" without mangling it. (It can parse + "-9223372036854775807LL" which is presumably why its limits.h defines + LONG_LONG_MIN as the latter minus 1.) - OpenBSD-Commit-ID: ff7ad941bfdc49fb1d8baa95fd0717a61adcad57 + Fixes rekey test when compiled with the aforementioned compiler. -commit 072f3b832d2a4db8d9880effcb6c4d0dad676504 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Mon Feb 3 08:15:37 2020 +0000 +commit aad87b88fc2536b1ea023213729aaf4eaabe1894 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri May 1 06:31:42 2020 +0000 - upstream: use better markup for challenge and write-attestation, and + upstream: when receving a file in sink(), be careful to send at - rejig the challenge text a little; + most a single error response after the file has been opened. Otherwise the + source() and sink() can become desyncronised. Reported by Daniel Goujot, + Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache. - ok djm + ok deraadt@ markus@ - OpenBSD-Commit-ID: 9f351e6da9edfdc907d5c3fdaf2e9ff3ab0a7a6f + OpenBSD-Commit-ID: 6c14d233c97349cb811a8f7921ded3ae7d9e0035 -commit 262eb05a22cb1fabc3bc1746c220566490b80229 -Author: Damien Miller <djm@mindrot.org> -Date: Mon Feb 3 21:22:15 2020 +1100 +commit 31909696c4620c431dd55f6cd15db65c4e9b98da +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri May 1 06:28:52 2020 +0000 - mention libfido2 in dependencies section + upstream: expose vasnmprintf(); ok (as part of other commit) markus + + deraadt + + OpenBSD-Commit-ID: 2e80cea441c599631a870fd40307d2ade5a7f9b5 -commit ccd3b247d59d3bde16c3bef0ea888213fbd6da86 -Author: Damien Miller <djm@mindrot.org> -Date: Mon Feb 3 19:40:12 2020 +1100 +commit 99ce9cefbe532ae979744c6d956b49f4b02aff82 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri May 1 04:23:11 2020 +0000 - add clock_gettime64(2) to sandbox allowed syscalls + upstream: avoid NULL dereference when attempting to convert invalid - bz3093 + ssh.com private keys using "ssh-keygen -i"; spotted by Michael Forney + + OpenBSD-Commit-ID: 2e56e6d26973967d11d13f56ea67145f435bf298 -commit adffbe1c645ad2887ba0b6d24c194aa7a40c5735 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Sun Feb 2 09:45:34 2020 +0000 +commit 6c6072ba8b079e6f5caa38b011a6f4570c14ed38 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri May 1 15:09:26 2020 +1000 - upstream: Output (none) in debug in the case in the CheckHostIP=no case + See if SA_RESTART signals will interrupt select(). - as suggested by markus@ + On some platforms (at least older HP-UXes such as 11.11, possibly others) + setting SA_RESTART on signal handers will cause it to not interrupt + select(), at least for calls that do not specify a timeout. Try to + detect this and if found, don't use SA_RESTART. - OpenBSD-Commit-ID: 4ab9117ee5261cbbd1868717fcc3142eea6385cf + POSIX says "If SA_RESTART has been set for the interrupting signal, it + is implementation-dependent whether select() restarts or returns with + [EINTR]" so this behaviour is within spec. -commit 58c819096a2167983e55ae686486ce317b69b2d1 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Sun Feb 2 09:22:22 2020 +0000 +commit 90a0b434ed41f9c505662dba8782591818599cb3 +Author: Damien Miller <djm@mindrot.org> +Date: Fri May 1 13:55:03 2020 +1000 - upstream: Prevent possible null pointer deref of ip_str in debug. + fix reversed test + +commit c0dfd18dd1c2107c73d18f70cd164f7ebd434b08 +Author: Damien Miller <djm@mindrot.org> +Date: Fri May 1 13:29:16 2020 +1000 + + wrap sha2.h inclusion in #ifdef HAVE_SHA2_H + +commit a01817a9f63dbcbbc6293aacc4019993a4cdc7e3 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Apr 28 04:59:29 2020 +0000 + + upstream: adapt dummy FIDO middleware to API change; ok markus@ - OpenBSD-Commit-ID: 37b252e2e6f690efed6682437ef75734dbc8addf + OpenBSD-Regress-ID: 8bb84ee500c2eaa5616044314dd0247709a1790f -commit 0facae7bc8d3f8f9d02d0f6bed3d163ff7f39806 +commit 261571ddf02ea38fdb5e4a97c69ee53f847ca5b7 Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Sun Feb 2 07:36:50 2020 +0000 +Date: Thu Apr 30 18:28:37 2020 +0000 - upstream: shuffle the challenge keyword to keep the -O list sorted; + upstream: tweak previous; ok markus - OpenBSD-Commit-ID: 08efad608b790949a9a048d65578fae9ed5845fe + OpenBSD-Commit-ID: 41895450ce2294ec44a5713134491cc31f0c09fd -commit 6fb3dd0ccda1c26b06223b87bcd1cab9ec8ec3cc -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Sat Feb 1 06:53:12 2020 +0000 +commit 5de21c82e1d806d3e401b5338371e354b2e0a66f +Author: markus@openbsd.org <markus@openbsd.org> +Date: Thu Apr 30 17:12:20 2020 +0000 - upstream: tweak previous; + upstream: bring back debug() removed in rev 1.74; noted by pradeep - OpenBSD-Commit-ID: 0c42851cdc88583402b4ab2b110a6348563626d3 + kumar + + OpenBSD-Commit-ID: 8d134d22ab25979078a3b48d058557d49c402e65 -commit 92725d4d3fde675acc0ca040b48f3d0c7be73b7f -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sat Feb 1 17:25:09 2020 +1100 +commit ea14103ce9a5e13492e805f7e9277516ff5a4273 +Author: markus@openbsd.org <markus@openbsd.org> +Date: Thu Apr 30 17:07:10 2020 +0000 - Use sys-queue.h from compat library. + upstream: run the 2nd ssh with BatchMode for scp -3 - Fixes build on platforms that don't have sys/queue.h (eg MUSL). + OpenBSD-Commit-ID: 77994fc8c7ca02d88e6d0d06d0f0fe842a935748 -commit 677d0ece67634262b3b96c3cd6410b19f3a603b7 +commit 59d2de956ed29aa5565ed5e5947a7abdb27ac013 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jan 31 23:25:08 2020 +0000 +Date: Tue Apr 28 04:02:29 2020 +0000 - upstream: regress test for sshd_config Include directive; from Jakub + upstream: when signing a challenge using a FIDO toke, perform the - Jelen + hashing in the middleware layer rather than in ssh code. This allows + middlewares that call APIs that perform the hashing implicitly (including + Microsoft's AFAIK). ok markus@ - OpenBSD-Regress-ID: 0d9224de3297c7a5f51ba68d6e3725a2a9345fa4 + OpenBSD-Commit-ID: c9fc8630aba26c75d5016884932f08a5a237f37d -commit d4f4cdd681ab6408a98419f398b75a55497ed324 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jan 31 23:13:04 2020 +0000 +commit c9d10dbc0ccfb1c7568bbb784f7aeb7a0b5ded12 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sun Apr 26 09:38:14 2020 +0000 - upstream: whitespace + upstream: Fix comment typo. Patch from mforney at mforney.org. - OpenBSD-Commit-ID: 564cf7a5407ecf5da2d94ec15474e07427986772 + OpenBSD-Commit-ID: 3565f056003707a5e678e60e03f7a3efd0464a2b -commit 245399dfb3ecebc6abfc2ef4ee2e650fa9f6942b -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jan 31 23:11:25 2020 +0000 +commit 4d2c87b4d1bde019cdd0f00552fcf97dd8b39940 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sat Apr 25 06:59:36 2020 +0000 - upstream: force early logging to stderr if debug_flag (-d) is set; + upstream: We've standardized on memset over bzero, replace a couple - avoids missing messages from re-exec config passing + that had slipped in. ok deraadt markus djm. - OpenBSD-Commit-ID: 02484b8241c1f49010e7a543a7098e6910a8c9ff + OpenBSD-Commit-ID: f5be055554ee93e6cc66b0053b590bef3728dbd6 -commit 7365f28a66d1c443723fbe6f4a2612ea6002901e -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jan 31 23:08:08 2020 +0000 +commit 7f23f42123d64272a7b00754afa6b0841d676691 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri May 1 12:21:58 2020 +1000 - upstream: mistake in previous: filling the incorrect buffer + Include sys/byteorder.h for htons and friends. - OpenBSD-Commit-ID: 862ee84bd4b97b529f64aec5d800c3dcde952e3a + These are usually in netinet/in.h but on HP-UX they are not defined if + _XOPEN_SOURCE_EXTENDED is set. Only needed for netcat in the regression + tests. -commit c2bd7f74b0e0f3a3ee9d19ac549e6ba89013abaf -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jan 31 22:42:45 2020 +0000 +commit d27cba58c972d101a5de976777e518f34ac779cb +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri May 1 09:21:52 2020 +1000 - upstream: Add a sshd_config "Include" directive to allow inclusion + Fix conditional for openssl-based chacha20. - of files. This has sensible semantics wrt Match blocks and accepts glob(3) - patterns to specify the included files. Based on patch by Jakub Jelen in - bz2468; feedback and ok markus@ + Fixes warnings or link errors when building against older OpenSSLs. + ok djm + +commit 20819b962dc1467cd6fad5486a7020c850efdbee +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Apr 24 15:07:55 2020 +1000 + + Error out if given RDomain if unsupported. - OpenBSD-Commit-ID: 36ed0e845b872e33f03355b936a4fff02d5794ff + If the config contained 'RDomain %D' on a platform that did not support + it, the error would not be detected until runtime resulting in a broken + sshd. Detect this earlier and error out if found. bz#3126, based on a + patch from jjelen at redhat.com, tweaks and ok djm@ -commit ba261a1dd33266168ead4f8f40446dcece4d1600 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Fri Jan 31 22:25:59 2020 +0000 +commit 2c1690115a585c624eed2435075a93a463a894e2 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Apr 24 03:33:21 2020 +0000 - upstream: spelling fix; + upstream: Fix incorrect error message for "too many known hosts files." - OpenBSD-Commit-ID: 3c079523c4b161725a4b15dd06348186da912402 + bz#3149, patch from jjelen at redhat.com. + + OpenBSD-Commit-ID: e0fcb07ed5cf7fd54ce340471a747c24454235e5 -commit 771891a044f763be0711493eca14b6b0082e030f -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jan 30 22:25:34 2020 +0000 +commit 3beb7276e7a8aedd3d4a49f9c03b97f643448c92 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Apr 24 02:19:40 2020 +0000 - upstream: document changed default for UpdateHostKeys + upstream: Remove leave_non_blocking() which is now dead code - OpenBSD-Commit-ID: 25c390b21d142f78ac0106241d13441c4265fd2c + because nothing sets in_non_blocking_mode any more. Patch from + michaael.meeks at collabora.com, ok djm@ + + OpenBSD-Commit-ID: c403cefe97a5a99eca816e19cc849cdf926bd09c -commit d53a518536c552672c00e8892e2aea28f664148c -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jan 30 22:19:32 2020 +0000 +commit 8654e3561772f0656e7663a0bd6a1a8cb6d43300 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Thu Apr 23 21:28:09 2020 +0000 - upstream: enable UpdateKnownHosts=yes if the configuration + upstream: ce examples of "Ar arg Ar arg" with "Ar arg arg" and - specifies only the default known_hosts files, otherwise select - UpdateKnownHosts=ask; ok markus@ + stop the spread; - OpenBSD-Commit-ID: ab401a5ec4a33d2e1a9449eae6202e4b6d427df7 + OpenBSD-Commit-ID: af0e952ea0f5e2019c2ce953ed1796eca47f0705 -commit bb63ff844e818d188da4fed3c016e0a4eecbbf25 +commit 67697e4a8246dd8423e44b8785f3ee31fee72d07 Author: Darren Tucker <dtucker@dtucker.net> -Date: Thu Jan 30 18:54:42 2020 +1100 +Date: Fri Apr 24 11:10:18 2020 +1000 - Look in inttypes.h for UINT32_MAX. + Update .depend. + +commit d6cc76176216fe3fac16cd20d148d75cb9c50876 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Apr 22 14:07:00 2020 +1000 + + Mailing list is now closed to non-subscribers. - Should prevent warnings on at least some AIX versions. + While there, add a reference to the bugzilla. ok djm@ -commit afeb6a960da23f0a5cbc4b80cca107c7504e932a -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jan 30 07:21:38 2020 +0000 +commit cecde6a41689d0ae585ec903b190755613a6de79 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Apr 22 12:09:40 2020 +1000 - upstream: use sshpkt_fatal() instead of plain fatal() for + Put the values from env vars back. - ssh_packet_write_poll() failures here too as the former yields better error - messages; ok dtucker@ + This merges the values from the recently removed environment into make's + command line arguments since we actually need those. + +commit 300c4322b92e98d3346efa0aec1c094c94d0f964 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Apr 22 11:33:15 2020 +1000 + + Pass configure's egrep through to test-exec.sh. - OpenBSD-Commit-ID: 1f7a6ca95bc2b716c2e948fc1370753be772d8e3 + Use it to create a wrapper function to call it from tests. Fixes the + keygen-comment test on platforms with impoverished default egrep (eg + Solaris). -commit 65d6fd0a8a6f31c3ddf0c1192429a176575cf701 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jan 30 07:20:57 2020 +0000 +commit c8d9796cfe046f00eb8b2096d2b7028d6a523a84 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Apr 22 10:56:44 2020 +1000 - upstream: check the return value of ssh_packet_write_poll() and + Remove unneeded env vars from t-exec invocation. + +commit 01d4cdcd4514e99a4b6eb9523cd832bbf008d1d7 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Apr 21 23:14:58 2020 +0000 + + upstream: Backslash '$' at then end of string. Prevents warning on - call sshpkt_fatal() if it fails; avoid potential busy-loop under some - circumstances. Based on patch by Mike Frysinger; ok dtucker@ + some shells. - OpenBSD-Commit-ID: c79fe5cf4f0cd8074cb6db257c1394d5139408ec + OpenBSD-Regress-ID: 5dc27ab624c09d34078fd326b10e38c1ce9c741f -commit dce74eab0c0f9010dc84c62500a17771d0131ff3 +commit 8854724ccefc1fa16f10b37eda2e759c98148caa +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Apr 21 18:27:23 2020 +1000 + + Sync rev 1.49. + + Prevent infinite for loop since i went from ssize_t to size_t. Patch from + eagleoflqj via OpenSSH github PR#178, ok djm@, feedback & ok millert@ + +commit d00d07b6744d3b4bb7aca46c734ecd670148da23 Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jan 30 07:20:05 2020 +0000 +Date: Mon Apr 20 04:44:47 2020 +0000 - upstream: have sshpkt_fatal() save/restore errno before we + upstream: regression test for printing of private key fingerprints and - potentially call strerror() (via ssh_err()); ok dtucker + key comments, mostly by loic AT venez.fr (slightly tweaked for portability) + ok dtucker@ - OpenBSD-Commit-ID: 5590df31d21405498c848245b85c24acb84ad787 + OpenBSD-Regress-ID: 8dc6c4feaf4fe58b6d634cd89afac9a13fd19004 -commit 14ef4efe2bf4180e085ea6738fdbebc199458b0c +commit a98d5ba31e5e7e01317352f85fa63b846a960f8c Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jan 29 08:17:49 2020 +0000 +Date: Mon Apr 20 04:43:57 2020 +0000 - upstream: markus suggests a simplification to previous + upstream: fix a bug I introduced in r1.406: when printing private key - OpenBSD-Commit-ID: 10bbfb6607ebbb9a018dcd163f0964941adf58de + fingerprint of old-format key, key comments were not being displayed. Spotted + by loic AT venez.fr, ok dtucker + + OpenBSD-Commit-ID: 2d98e4f9eb168eea733d17e141e1ead9fe26e533 -commit 101ebc3a8cfa78d2e615afffbef9861bbbabf1ff +commit 32f2d0aad42c15e19bd3b07496076ca891573a58 Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jan 29 07:51:30 2020 +0000 +Date: Fri Apr 17 07:16:07 2020 +0000 - upstream: give more context to UpdateHostKeys messages, mentioning + upstream: repair private key fingerprint printing to also print - that the changes are validated by the existing trusted host key. Prompted by - espie@ feedback and ok markus@ + comment after regression caused by my recent pubkey loading refactor. + Reported by loic AT venez.fr, ok dtucker@ - OpenBSD-Commit-ID: b3d95f4a45f2692f4143b9e77bb241184dbb8dc5 + OpenBSD-Commit-ID: f8db49acbee6a6ccb2a4259135693b3cceedb89e -commit 24c0f752adf9021277a7b0a84931bb5fe48ea379 +commit 094dd513f4b42e6a3cebefd18d1837eb709b4d99 Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jan 28 08:01:34 2020 +0000 +Date: Fri Apr 17 07:15:11 2020 +0000 - upstream: changes to support FIDO attestation - - Allow writing to disk the attestation certificate that is generated by - the FIDO token at key enrollment time. These certificates may be used - by an out-of-band workflow to prove that a particular key is held in - trustworthy hardware. + upstream: refactor out some duplicate private key loading code; - Allow passing in a challenge that will be sent to the card during - key enrollment. These are needed to build an attestation workflow - that resists replay attacks. + based on patch from loic AT venez.fr, ok dtucker@ - ok markus@ + OpenBSD-Commit-ID: 5eff2476b0d8d0614924c55e350fb7bb9c84f45e + +commit 4e04f46f248f1708e39b900b76c9693c820eff68 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Fri Apr 17 06:12:41 2020 +0000 + + upstream: add space beteen macro arg and punctuation; - OpenBSD-Commit-ID: 457dc3c3d689ba39eed328f0817ed9b91a5f78f6 + OpenBSD-Commit-ID: c93a6cbb4bf9468fc4c13e64bc1fd4efee201a44 -commit 156bef36f93a48212383235bb8e3d71eaf2b2777 +commit 44ae009a0112081d0d541aeaa90088bedb6f21ce Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jan 28 07:24:15 2020 +0000 +Date: Fri Apr 17 04:27:03 2020 +0000 - upstream: disable UpdateHostKeys=ask when in quiet mode; "work for + upstream: auth2-pubkey r1.89 changed the order of operations to - me" matthieu@ + checking AuthorizedKeysFile first and falling back to AuthorizedKeysCommand + if no key was found in a file. Document this order here; bz3134 - OpenBSD-Commit-ID: 60d7b5eb91accf935ed9852650a826d86db2ddc7 + OpenBSD-Commit-ID: afce0872cbfcfc1d4910ad7722e50f792a1dce12 -commit ec8a759b4045e54d6b38e690ffee4cbffc53c7b7 +commit f96f17f920f38ceea6f3c5cb0b075c46b8929fdc Author: Damien Miller <djm@mindrot.org> -Date: Tue Jan 28 12:57:25 2020 +1100 +Date: Fri Apr 17 14:07:15 2020 +1000 - compat for missing IPTOS_DSCP_LE in system headers + sys/sysctl.h is only used on OpenBSD + + so change the preprocessor test used to include it to check + __OpenBSD__, matching the code that uses the symbols it declares. -commit 4594c7627680c4f41c2ad5fe412e55b7cc79b10c +commit 54688e937a69c7aebef8a3d50cbd4c6345bab2ca Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jan 28 01:49:36 2020 +0000 +Date: Fri Apr 17 03:38:47 2020 +0000 - upstream: make IPTOS_DSCP_LE available via IPQoS directive; bz2986, + upstream: fix reversed test that caused IdentitiesOnly=yes to not - based on patch by veegish AT cyberstorm.mu + apply to keys loaded from a PKCS11Provider; bz3141, ok dtucker@ *** 32592 LINES SKIPPED ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202102142108.11EL8QiG023693>