git: 1323ec571215 - main - ssh: update to OpenSSH v8.9p1

From: Ed Maste <emaste_at_FreeBSD.org>
Date: Wed, 13 Apr 2022 20:49:00 UTC
The branch main has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=1323ec571215a77ddd21294f0871979d5ad6b992

commit 1323ec571215a77ddd21294f0871979d5ad6b992
Merge: 595ac4a11893 85d1f2d49355
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2022-04-13 20:00:56 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2022-04-13 20:00:56 +0000

    ssh: update to OpenSSH v8.9p1
    
    Release notes are available at https://www.openssh.com/txt/release-8.9
    
    Some highlights:
    
     * ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
       restricting forwarding and use of keys added to ssh-agent(1)
    
     * ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid
       ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the
       default KEXAlgorithms list (after the ECDH methods but before the
       prime-group DH ones). The next release of OpenSSH is likely to
       make this key exchange the default method.
    
     * sshd(8), portable OpenSSH only: this release removes in-built
       support for MD5-hashed passwords. If you require these on your
       system then we recommend linking against libxcrypt or similar.
    
    Future deprecation notice
    =========================
    
    A near-future release of OpenSSH will switch scp(1) from using the
    legacy scp/rcp protocol to using SFTP by default.
    
    Legacy scp/rcp performs wildcard expansion of remote filenames (e.g.
    "scp host:* .") through the remote shell. This has the side effect of
    requiring double quoting of shell meta-characters in file names
    included on scp(1) command-lines, otherwise they could be interpreted
    as shell commands on the remote side.
    
    MFC after:      1 month
    Relnotes:       Yes
    Sponsored by:   The FreeBSD Foundation

 crypto/openssh/.depend                             |    11 +-
 crypto/openssh/.github/configs                     |    76 +-
 crypto/openssh/.github/configure.sh                |    17 +-
 crypto/openssh/.github/setup_ci.sh                 |    41 +-
 crypto/openssh/.github/workflows/c-cpp.yml         |    24 +-
 crypto/openssh/.github/workflows/selfhosted.yml    |    14 +-
 crypto/openssh/.github/workflows/upstream.yml      |     3 +-
 crypto/openssh/.skipped-commit-ids                 |     1 +
 crypto/openssh/ChangeLog                           | 17378 +++++++++----------
 crypto/openssh/INSTALL                             |     5 -
 crypto/openssh/LICENCE                             |    21 +-
 crypto/openssh/Makefile.in                         |    55 +-
 crypto/openssh/PROTOCOL                            |    69 +-
 crypto/openssh/PROTOCOL.agent                      |    85 +-
 crypto/openssh/PROTOCOL.mux                        |     6 +-
 crypto/openssh/README                              |     2 +-
 crypto/openssh/SECURITY.md                         |     5 +
 crypto/openssh/addr.c                              |    30 +-
 crypto/openssh/atomicio.c                          |     1 -
 crypto/openssh/auth-options.c                      |     4 +-
 crypto/openssh/auth-rhosts.c                       |    38 +-
 crypto/openssh/auth.c                              |    16 +-
 crypto/openssh/auth.h                              |     5 +-
 crypto/openssh/auth2-gss.c                         |     5 +-
 crypto/openssh/auth2-hostbased.c                   |    11 +-
 crypto/openssh/auth2-kbdint.c                      |     5 +-
 crypto/openssh/auth2-none.c                        |     5 +-
 crypto/openssh/auth2-passwd.c                      |     5 +-
 crypto/openssh/auth2-pubkey.c                      |    49 +-
 crypto/openssh/auth2.c                             |    70 +-
 crypto/openssh/authfd.c                            |   116 +-
 crypto/openssh/authfd.h                            |    35 +-
 crypto/openssh/authfile.c                          |     4 +-
 crypto/openssh/channels.c                          |   554 +-
 crypto/openssh/channels.h                          |    31 +-
 crypto/openssh/clientloop.c                        |   236 +-
 crypto/openssh/config.h                            |    36 +-
 crypto/openssh/configure.ac                        |   126 +-
 crypto/openssh/contrib/redhat/openssh.spec         |    10 +-
 crypto/openssh/contrib/suse/openssh.spec           |     2 +-
 crypto/openssh/defines.h                           |    39 +-
 crypto/openssh/digest-libc.c                       |    10 +
 crypto/openssh/dns.c                               |     4 +-
 crypto/openssh/gss-genr.c                          |     1 +
 crypto/openssh/hostfile.c                          |    22 +-
 crypto/openssh/includes.h                          |     1 -
 crypto/openssh/kex.c                               |    48 +-
 crypto/openssh/kex.h                               |    13 +-
 crypto/openssh/kexgen.c                            |    35 +-
 crypto/openssh/kexgexc.c                           |    24 +-
 crypto/openssh/kexgexs.c                           |    14 +-
 crypto/openssh/kexsntrup761x25519.c                |     4 +-
 crypto/openssh/loginrec.c                          |     3 +-
 crypto/openssh/md5crypt.c                          |   165 -
 crypto/openssh/md5crypt.h                          |    22 -
 crypto/openssh/misc.c                              |    90 +-
 crypto/openssh/misc.h                              |     4 +-
 crypto/openssh/moduli                              |   831 +-
 crypto/openssh/monitor.c                           |    31 +-
 crypto/openssh/mux.c                               |     4 +-
 crypto/openssh/myproposal.h                        |     3 +-
 crypto/openssh/nchan.c                             |    10 +-
 crypto/openssh/openbsd-compat/arc4random.c         |     8 +-
 crypto/openssh/openbsd-compat/base64.c             |     1 -
 crypto/openssh/openbsd-compat/bcrypt_pbkdf.c       |    41 +-
 crypto/openssh/openbsd-compat/bindresvport.c       |     1 +
 crypto/openssh/openbsd-compat/blf.h                |     7 +-
 crypto/openssh/openbsd-compat/blowfish.c           |     7 +-
 crypto/openssh/openbsd-compat/bsd-closefrom.c      |     8 +-
 crypto/openssh/openbsd-compat/bsd-cygwin_util.c    |     4 +-
 crypto/openssh/openbsd-compat/bsd-getline.c        |     2 +-
 crypto/openssh/openbsd-compat/bsd-openpty.c        |    76 +-
 crypto/openssh/openbsd-compat/bsd-poll.c           |    68 +-
 crypto/openssh/openbsd-compat/bsd-poll.h           |    26 +-
 crypto/openssh/openbsd-compat/bsd-statvfs.c        |     1 -
 crypto/openssh/openbsd-compat/dirname.c            |     1 -
 crypto/openssh/openbsd-compat/getcwd.c             |     1 -
 crypto/openssh/openbsd-compat/inet_aton.c          |     1 -
 crypto/openssh/openbsd-compat/inet_ntop.c          |     1 -
 crypto/openssh/openbsd-compat/openbsd-compat.h     |     4 +-
 crypto/openssh/openbsd-compat/port-solaris.c       |     1 -
 crypto/openssh/openbsd-compat/xcrypt.c             |    17 +-
 crypto/openssh/packet.c                            |   103 +-
 crypto/openssh/packet.h                            |     3 +-
 crypto/openssh/platform-tracing.c                  |    13 +-
 crypto/openssh/readconf.c                          |    27 +-
 crypto/openssh/readconf.h                          |     7 +-
 crypto/openssh/regress/Makefile                    |    14 +-
 crypto/openssh/regress/agent-getpeereid.sh         |     3 +
 crypto/openssh/regress/agent-restrict.sh           |   495 +
 crypto/openssh/regress/cert-hostkey.sh             |    86 +-
 crypto/openssh/regress/cert-userkey.sh             |   326 +-
 crypto/openssh/regress/cipher-speed.sh             |    10 +
 crypto/openssh/regress/hostbased.sh                |    66 +
 crypto/openssh/regress/hostkey-agent.sh            |    84 +-
 crypto/openssh/regress/hostkey-rotate.sh           |    17 +-
 crypto/openssh/regress/keys-command.sh             |     6 +-
 crypto/openssh/regress/knownhosts.sh               |    17 +
 crypto/openssh/regress/login-timeout.sh            |     4 +-
 crypto/openssh/regress/misc/fuzz-harness/Makefile  |     2 +-
 .../openssh/regress/misc/fuzz-harness/kex_fuzz.cc  |     3 +-
 .../regress/misc/fuzz-harness/ssh-sk-null.cc       |     3 +-
 crypto/openssh/regress/misc/sk-dummy/sk-dummy.c    |    55 +-
 crypto/openssh/regress/percent.sh                  |     5 +-
 crypto/openssh/regress/principals-command.sh       |   220 +-
 crypto/openssh/regress/sshd-log-wrapper.sh         |     3 +-
 crypto/openssh/regress/sshsig.sh                   |   256 +-
 crypto/openssh/regress/test-exec.sh                |    30 +-
 crypto/openssh/regress/unittests/authopt/tests.c   |     3 +-
 crypto/openssh/regress/unittests/bitmap/tests.c    |     3 +-
 .../openssh/regress/unittests/conversion/tests.c   |     3 +-
 .../regress/unittests/hostkeys/test_iterate.c      |     3 +-
 crypto/openssh/regress/unittests/kex/test_kex.c    |     3 +-
 crypto/openssh/regress/unittests/match/tests.c     |     3 +-
 crypto/openssh/regress/unittests/misc/test_argv.c  |     3 +-
 .../openssh/regress/unittests/misc/test_convtime.c |     4 +-
 .../openssh/regress/unittests/misc/test_expand.c   |     3 +-
 .../openssh/regress/unittests/misc/test_hpdelim.c  |    82 +
 crypto/openssh/regress/unittests/misc/test_parse.c |     3 +-
 .../openssh/regress/unittests/misc/test_strdelim.c |     3 +-
 crypto/openssh/regress/unittests/misc/tests.c      |     5 +-
 .../openssh/regress/unittests/sshbuf/test_sshbuf.c |     7 +-
 .../regress/unittests/sshbuf/test_sshbuf_fixed.c   |     3 +-
 .../regress/unittests/sshbuf/test_sshbuf_fuzz.c    |     5 +-
 .../unittests/sshbuf/test_sshbuf_getput_basic.c    |     3 +-
 .../unittests/sshbuf/test_sshbuf_getput_crypto.c   |     3 +-
 .../unittests/sshbuf/test_sshbuf_getput_fuzz.c     |     5 +-
 .../regress/unittests/sshbuf/test_sshbuf_misc.c    |     3 +-
 crypto/openssh/regress/unittests/sshkey/common.c   |     3 +-
 .../openssh/regress/unittests/sshkey/test_file.c   |     5 +-
 .../openssh/regress/unittests/sshkey/test_fuzz.c   |     5 +-
 .../openssh/regress/unittests/sshkey/test_sshkey.c |     5 +-
 crypto/openssh/regress/unittests/sshsig/tests.c    |     7 +-
 .../openssh/regress/unittests/sshsig/webauthn.html |     6 +-
 .../regress/unittests/test_helper/test_helper.c    |    11 +-
 crypto/openssh/rijndael.h                          |     5 +-
 crypto/openssh/sandbox-capsicum.c                  |     1 -
 crypto/openssh/sandbox-seccomp-filter.c            |    14 +-
 crypto/openssh/scp.1                               |     4 +-
 crypto/openssh/scp.c                               |    85 +-
 crypto/openssh/servconf.c                          |    21 +-
 crypto/openssh/serverloop.c                        |   157 +-
 crypto/openssh/session.c                           |     5 +-
 crypto/openssh/sftp-client.c                       |   200 +-
 crypto/openssh/sftp-client.h                       |     4 +-
 crypto/openssh/sftp-server.c                       |    85 +-
 crypto/openssh/sftp.c                              |     1 -
 crypto/openssh/sk-api.h                            |     7 +-
 crypto/openssh/sk-usbhid.c                         |   225 +-
 crypto/openssh/sk_config.h                         |     2 +
 crypto/openssh/ssh-add.1                           |    88 +-
 crypto/openssh/ssh-add.c                           |   218 +-
 crypto/openssh/ssh-agent.c                         |   716 +-
 crypto/openssh/ssh-keygen.1                        |    37 +-
 crypto/openssh/ssh-keygen.c                        |   246 +-
 crypto/openssh/ssh-keyscan.c                       |    70 +-
 crypto/openssh/ssh-keysign.c                       |    42 +-
 crypto/openssh/ssh-pkcs11-client.c                 |    16 +-
 crypto/openssh/ssh-pkcs11-helper.c                 |     4 +-
 crypto/openssh/ssh-pkcs11.c                        |    35 +-
 crypto/openssh/ssh-sk-client.c                     |    98 +-
 crypto/openssh/ssh-sk-helper.c                     |    33 +-
 crypto/openssh/ssh-sk.c                            |   106 +-
 crypto/openssh/ssh-sk.h                            |    14 +-
 crypto/openssh/ssh.1                               |    10 +-
 crypto/openssh/ssh.c                               |    20 +-
 crypto/openssh/ssh_config                          |     2 +-
 crypto/openssh/ssh_config.5                        |    22 +-
 crypto/openssh/ssh_namespace.h                     |    40 +-
 crypto/openssh/sshbuf-misc.c                       |    39 +-
 crypto/openssh/sshbuf.h                            |     8 +-
 crypto/openssh/sshconnect.c                        |     4 +-
 crypto/openssh/sshconnect2.c                       |    79 +-
 crypto/openssh/sshd.c                              |    76 +-
 crypto/openssh/sshd_config                         |     2 +-
 crypto/openssh/sshd_config.5                       |     8 +-
 crypto/openssh/sshkey.c                            |    31 +-
 crypto/openssh/sshkey.h                            |     6 +-
 crypto/openssh/sshsig.c                            |   284 +-
 crypto/openssh/sshsig.h                            |     6 +-
 crypto/openssh/umac.c                              |     4 +-
 crypto/openssh/umac.h                              |     4 +-
 crypto/openssh/version.h                           |     6 +-
 lib/libpam/modules/pam_ssh/pam_ssh.c               |     2 +-
 secure/usr.sbin/sshd/Makefile                      |     2 +-
 185 files changed, 13876 insertions(+), 12229 deletions(-)

diff --cc crypto/openssh/INSTALL
index 8ab8a403a4e2,000000000000..114d15314243
mode 100644,000000..100644
--- a/crypto/openssh/INSTALL
+++ b/crypto/openssh/INSTALL
@@@ -1,301 -1,0 +1,296 @@@
 +1. Prerequisites
 +----------------
 +
 +A C compiler.  Any C89 or better compiler should work.  Where supported,
 +configure will attempt to enable the compiler's run-time integrity checking
 +options.  Some notes about specific compilers:
 + - clang: -ftrapv and -sanitize=integer require the compiler-rt runtime
 +  (CC=clang LDFLAGS=--rtlib=compiler-rt ./configure)
 +
 +To support Privilege Separation (which is now required) you will need
 +to create the user, group and directory used by sshd for privilege
 +separation.  See README.privsep for details.
 +
 +
 +The remaining items are optional.
 +
 +A working installation of zlib:
 +Zlib 1.1.4 or 1.2.1.2 or greater (earlier 1.2.x versions have problems):
 +http://www.gzip.org/zlib/
 +
 +libcrypto from either of LibreSSL or OpenSSL.  Building without libcrypto
 +is supported but severely restricts the available ciphers and algorithms.
 + - LibreSSL (https://www.libressl.org/)
 + - OpenSSL (https://www.openssl.org) with any of the following versions:
 +   - 1.0.x >= 1.0.1 or 1.1.0 >= 1.1.0g or any 1.1.1
 +
 +Note that due to a bug in EVP_CipherInit OpenSSL 1.1 versions prior to
 +1.1.0g can't be used.
 +
 +LibreSSL/OpenSSL should be compiled as a position-independent library
 +(i.e. -fPIC, eg by configuring OpenSSL as "./config [options] -fPIC"
 +or LibreSSL as "CFLAGS=-fPIC ./configure") otherwise OpenSSH will not
 +be able to link with it.  If you must use a non-position-independent
 +libcrypto, then you may need to configure OpenSSH --without-pie.
 +
 +If you build either from source, running the OpenSSL self-test ("make
 +tests") or the LibreSSL equivalent ("make check") and ensuring that all
 +tests pass is strongly recommended.
 +
 +NB. If you operating system supports /dev/random, you should configure
 +libcrypto (LibreSSL/OpenSSL) to use it. OpenSSH relies on libcrypto's
 +direct support of /dev/random, or failing that, either prngd or egd.
 +
 +PRNGD:
 +
 +If your system lacks kernel-based random collection, the use of Lutz
 +Jaenicke's PRNGd is recommended. It requires that libcrypto be configured
 +to support it.
 +
 +http://prngd.sourceforge.net/
 +
 +EGD:
 +
 +The Entropy Gathering Daemon (EGD) supports the same interface as prngd.
 +It also supported only if libcrypto is configured to support it.
 +
 +http://egd.sourceforge.net/
 +
 +PAM:
 +
 +OpenSSH can utilise Pluggable Authentication Modules (PAM) if your
 +system supports it. PAM is standard most Linux distributions, Solaris,
 +HP-UX 11, AIX >= 5.2, FreeBSD, NetBSD and Mac OS X.
 +
 +Information about the various PAM implementations are available:
 +
 +Solaris PAM:	http://www.sun.com/software/solaris/pam/
 +Linux PAM:	http://www.kernel.org/pub/linux/libs/pam/
 +OpenPAM:	http://www.openpam.org/
 +
 +If you wish to build the GNOME passphrase requester, you will need the GNOME
 +libraries and headers.
 +
 +GNOME:
 +http://www.gnome.org/
 +
 +Alternatively, Jim Knoble <jmknoble@pobox.com> has written an excellent X11
 +passphrase requester. This is maintained separately at:
 +
 +http://www.jmknoble.net/software/x11-ssh-askpass/
 +
 +TCP Wrappers:
 +
 +If you wish to use the TCP wrappers functionality you will need at least
 +tcpd.h and libwrap.a, either in the standard include and library paths,
 +or in the directory specified by --with-tcp-wrappers.  Version 7.6 is
 +known to work.
 +
 +http://ftp.porcupine.org/pub/security/index.html
 +
 +LibEdit:
 +
 +sftp supports command-line editing via NetBSD's libedit.  If your platform
 +has it available natively you can use that, alternatively you might try
 +these multi-platform ports:
 +
 +http://www.thrysoee.dk/editline/
 +http://sourceforge.net/projects/libedit/
 +
 +LDNS:
 +
 +LDNS is a DNS BSD-licensed resolver library which supports DNSSEC.
 +
 +http://nlnetlabs.nl/projects/ldns/
 +
 +Autoconf:
 +
 +If you modify configure.ac or configure doesn't exist (eg if you checked
 +the code out of git yourself) then you will need autoconf-2.69 and
 +automake-1.16.1 to rebuild the automatically generated files by running
 +"autoreconf".  Earlier versions may also work but this is not guaranteed.
 +
 +http://www.gnu.org/software/autoconf/
 +http://www.gnu.org/software/automake/
 +
 +Basic Security Module (BSM):
 +
 +Native BSM support is known to exist in Solaris from at least 2.5.1,
 +FreeBSD 6.1 and OS X.  Alternatively, you may use the OpenBSM
 +implementation (http://www.openbsm.org).
 +
 +makedepend:
 +
 +https://www.x.org/archive/individual/util/
 +
 +If you are making significant changes to the code you may need to rebuild
 +the dependency (.depend) file using "make depend", which requires the
 +"makedepend" tool from the X11 distribution.
 +
 +libfido2:
 +
 +libfido2 allows the use of hardware security keys over USB.  libfido2
 +in turn depends on libcbor.  libfido2 >= 1.5.0 is strongly recommended.
 +Limited functionality is possible with earlier libfido2 versions.
 +
 +https://github.com/Yubico/libfido2
 +https://github.com/pjk/libcbor
 +
 +
 +2. Building / Installation
 +--------------------------
 +
 +To install OpenSSH with default options:
 +
 +./configure
 +make
 +make install
 +
 +This will install the OpenSSH binaries in /usr/local/bin, configuration files
 +in /usr/local/etc, the server in /usr/local/sbin, etc. To specify a different
 +installation prefix, use the --prefix option to configure:
 +
 +./configure --prefix=/opt
 +make
 +make install
 +
 +Will install OpenSSH in /opt/{bin,etc,lib,sbin}. You can also override
 +specific paths, for example:
 +
 +./configure --prefix=/opt --sysconfdir=/etc/ssh
 +make
 +make install
 +
 +This will install the binaries in /opt/{bin,lib,sbin}, but will place the
 +configuration files in /etc/ssh.
 +
 +If you are using PAM, you may need to manually install a PAM control
 +file as "/etc/pam.d/sshd" (or wherever your system prefers to keep
 +them).  Note that the service name used to start PAM is __progname,
 +which is the basename of the path of your sshd (e.g., the service name
 +for /usr/sbin/osshd will be osshd).  If you have renamed your sshd
 +executable, your PAM configuration may need to be modified.
 +
 +A generic PAM configuration is included as "contrib/sshd.pam.generic",
 +you may need to edit it before using it on your system. If you are
 +using a recent version of Red Hat Linux, the config file in
 +contrib/redhat/sshd.pam should be more useful.  Failure to install a
 +valid PAM file may result in an inability to use password
 +authentication.  On HP-UX 11 and Solaris, the standard /etc/pam.conf
 +configuration will work with sshd (sshd will match the other service
 +name).
 +
 +There are a few other options to the configure script:
 +
 +--with-audit=[module] enable additional auditing via the specified module.
 +Currently, drivers for "debug" (additional info via syslog) and "bsm"
 +(Sun's Basic Security Module) are supported.
 +
 +--with-pam enables PAM support. If PAM support is compiled in, it must
 +also be enabled in sshd_config (refer to the UsePAM directive).
 +
 +--with-prngd-socket=/some/file allows you to enable EGD or PRNGD
 +support and to specify a PRNGd socket. Use this if your Unix lacks
 +/dev/random.
 +
 +--with-prngd-port=portnum allows you to enable EGD or PRNGD support
 +and to specify a EGD localhost TCP port. Use this if your Unix lacks
 +/dev/random.
 +
 +--with-lastlog=FILE will specify the location of the lastlog file.
 +./configure searches a few locations for lastlog, but may not find
 +it if lastlog is installed in a different place.
 +
 +--without-lastlog will disable lastlog support entirely.
 +
 +--with-osfsia, --without-osfsia will enable or disable OSF1's Security
 +Integration Architecture.  The default for OSF1 machines is enable.
 +
 +--with-tcp-wrappers will enable TCP Wrappers (/etc/hosts.allow|deny)
 +support.
 +
- --with-md5-passwords will enable the use of MD5 passwords. Enable this
- if your operating system uses MD5 passwords and the system crypt() does
- not support them directly (see the crypt(3/3c) man page). If enabled, the
- resulting binary will support both MD5 and traditional crypt passwords.
- 
 +--with-utmpx enables utmpx support. utmpx support is automatic for
 +some platforms.
 +
 +--without-shadow disables shadow password support.
 +
 +--with-ipaddr-display forces the use of a numeric IP address in the
 +$DISPLAY environment variable. Some broken systems need this.
 +
 +--with-default-path=PATH allows you to specify a default $PATH for sessions
 +started by sshd. This replaces the standard path entirely.
 +
 +--with-pid-dir=PATH specifies the directory in which the sshd.pid file is
 +created.
 +
 +--with-xauth=PATH specifies the location of the xauth binary
 +
 +--with-ssl-dir=DIR allows you to specify where your Libre/OpenSSL
 +libraries are installed.
 +
 +--with-ssl-engine enables Libre/OpenSSL's (hardware) ENGINE support
 +
 +--without-openssl builds without using OpenSSL.  Only a subset of ciphers
 +and algorithms are supported in this configuration.
 +
 +--without-zlib builds without zlib.  This disables the Compression option.
 +
 +--with-4in6 Check for IPv4 in IPv6 mapped addresses and convert them to
 +real (AF_INET) IPv4 addresses. Works around some quirks on Linux.
 +
 +If you need to pass special options to the compiler or linker, you
 +can specify these as environment variables before running ./configure.
 +For example:
 +
 +CC="/usr/foo/cc" CFLAGS="-O" LDFLAGS="-s" LIBS="-lrubbish" ./configure
 +
 +3. Configuration
 +----------------
 +
 +The runtime configuration files are installed by in ${prefix}/etc or
 +whatever you specified as your --sysconfdir (/usr/local/etc by default).
 +
 +The default configuration should be instantly usable, though you should
 +review it to ensure that it matches your security requirements.
 +
 +To generate a host key, run "make host-key". Alternately you can do so
 +manually using the following commands:
 +
 +    ssh-keygen -t [type] -f /etc/ssh/ssh_host_key -N ""
 +
 +for each of the types you wish to generate (rsa, dsa or ecdsa) or
 +
 +    ssh-keygen -A
 +
 +to generate keys for all supported types.
 +
 +Replacing /etc/ssh with the correct path to the configuration directory.
 +(${prefix}/etc or whatever you specified with --sysconfdir during
 +configuration).
 +
 +If you have configured OpenSSH with EGD/prngd support, ensure that EGD or
 +prngd is running and has collected some entropy first.
 +
 +For more information on configuration, please refer to the manual pages
 +for sshd, ssh and ssh-agent.
 +
 +4. (Optional) Send survey
 +-------------------------
 +
 +$ make survey
 +[check the contents of the file "survey" to ensure there's no information
 +that you consider sensitive]
 +$ make send-survey
 +
 +This will send configuration information for the currently configured
 +host to a survey address.  This will help determine which configurations
 +are actually in use, and what valid combinations of configure options
 +exist.  The raw data is available only to the OpenSSH developers, however
 +summary data may be published.
 +
 +5. Problems?
 +------------
 +
 +If you experience problems compiling, installing or running OpenSSH,
 +please refer to the "reporting bugs" section of the webpage at
 +https://www.openssh.com/
diff --cc crypto/openssh/SECURITY.md
index 000000000000,ba436c4f176d..ba436c4f176d
mode 000000,100644..100644
--- a/crypto/openssh/SECURITY.md
+++ b/crypto/openssh/SECURITY.md
diff --cc crypto/openssh/auth.c
index 581d8dce2792,000000000000..faa1a4d3c666
mode 100644,000000..100644
--- a/crypto/openssh/auth.c
+++ b/crypto/openssh/auth.c
@@@ -1,1065 -1,0 +1,1075 @@@
- /* $OpenBSD: auth.c,v 1.153 2021/07/05 00:50:25 dtucker Exp $ */
++/* $OpenBSD: auth.c,v 1.154 2022/02/23 11:17:10 djm Exp $ */
 +/*
 + * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 + *
 + * Redistribution and use in source and binary forms, with or without
 + * modification, are permitted provided that the following conditions
 + * are met:
 + * 1. Redistributions of source code must retain the above copyright
 + *    notice, this list of conditions and the following disclaimer.
 + * 2. Redistributions in binary form must reproduce the above copyright
 + *    notice, this list of conditions and the following disclaimer in the
 + *    documentation and/or other materials provided with the distribution.
 + *
 + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 + */
 +
 +#include "includes.h"
 +__RCSID("$FreeBSD$");
 +
 +#include <sys/types.h>
 +#include <sys/stat.h>
 +#include <sys/socket.h>
 +#include <sys/wait.h>
 +
 +#include <netinet/in.h>
 +
 +#include <stdlib.h>
 +#include <errno.h>
 +#include <fcntl.h>
 +#ifdef HAVE_PATHS_H
 +# include <paths.h>
 +#endif
 +#include <pwd.h>
 +#ifdef HAVE_LOGIN_H
 +#include <login.h>
 +#endif
 +#ifdef USE_SHADOW
 +#include <shadow.h>
 +#endif
 +#include <stdarg.h>
 +#include <stdio.h>
 +#include <string.h>
 +#include <unistd.h>
 +#include <limits.h>
 +#include <netdb.h>
 +#include <time.h>
 +
 +#include "xmalloc.h"
 +#include "match.h"
 +#include "groupaccess.h"
 +#include "log.h"
 +#include "sshbuf.h"
 +#include "misc.h"
 +#include "servconf.h"
 +#include "sshkey.h"
 +#include "hostfile.h"
 +#include "auth.h"
 +#include "auth-options.h"
 +#include "canohost.h"
 +#include "uidswap.h"
 +#include "packet.h"
 +#include "loginrec.h"
 +#ifdef GSSAPI
 +#include "ssh-gss.h"
 +#endif
 +#include "authfile.h"
 +#include "monitor_wrap.h"
 +#include "ssherr.h"
 +#include "compat.h"
 +#include "channels.h"
 +#include "blacklist_client.h"
 +
 +/* import */
 +extern ServerOptions options;
 +extern struct include_list includes;
 +extern int use_privsep;
 +extern struct sshbuf *loginmsg;
 +extern struct passwd *privsep_pw;
 +extern struct sshauthopt *auth_opts;
 +
 +/* Debugging messages */
 +static struct sshbuf *auth_debug;
 +
 +/*
 + * Check if the user is allowed to log in via ssh. If user is listed
 + * in DenyUsers or one of user's groups is listed in DenyGroups, false
 + * will be returned. If AllowUsers isn't empty and user isn't listed
 + * there, or if AllowGroups isn't empty and one of user's groups isn't
 + * listed there, false will be returned.
 + * If the user's shell is not executable, false will be returned.
 + * Otherwise true is returned.
 + */
 +int
 +allowed_user(struct ssh *ssh, struct passwd * pw)
 +{
 +	struct stat st;
 +	const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL;
 +	u_int i;
 +	int r;
 +#ifdef USE_SHADOW
 +	struct spwd *spw = NULL;
 +#endif
 +
 +	/* Shouldn't be called if pw is NULL, but better safe than sorry... */
 +	if (!pw || !pw->pw_name)
 +		return 0;
 +
 +#ifdef USE_SHADOW
 +	if (!options.use_pam)
 +		spw = getspnam(pw->pw_name);
 +#ifdef HAS_SHADOW_EXPIRE
 +	if (!options.use_pam && spw != NULL && auth_shadow_acctexpired(spw))
 +		return 0;
 +#endif /* HAS_SHADOW_EXPIRE */
 +#endif /* USE_SHADOW */
 +
 +	/* grab passwd field for locked account check */
 +	passwd = pw->pw_passwd;
 +#ifdef USE_SHADOW
 +	if (spw != NULL)
 +#ifdef USE_LIBIAF
 +		passwd = get_iaf_password(pw);
 +#else
 +		passwd = spw->sp_pwdp;
 +#endif /* USE_LIBIAF */
 +#endif
 +
 +	/* check for locked account */
 +	if (!options.use_pam && passwd && *passwd) {
 +		int locked = 0;
 +
 +#ifdef LOCKED_PASSWD_STRING
 +		if (strcmp(passwd, LOCKED_PASSWD_STRING) == 0)
 +			 locked = 1;
 +#endif
 +#ifdef LOCKED_PASSWD_PREFIX
 +		if (strncmp(passwd, LOCKED_PASSWD_PREFIX,
 +		    strlen(LOCKED_PASSWD_PREFIX)) == 0)
 +			 locked = 1;
 +#endif
 +#ifdef LOCKED_PASSWD_SUBSTR
 +		if (strstr(passwd, LOCKED_PASSWD_SUBSTR))
 +			locked = 1;
 +#endif
 +#ifdef USE_LIBIAF
 +		free((void *) passwd);
 +#endif /* USE_LIBIAF */
 +		if (locked) {
 +			logit("User %.100s not allowed because account is locked",
 +			    pw->pw_name);
 +			return 0;
 +		}
 +	}
 +
 +	/*
 +	 * Deny if shell does not exist or is not executable unless we
 +	 * are chrooting.
 +	 */
 +	if (options.chroot_directory == NULL ||
 +	    strcasecmp(options.chroot_directory, "none") == 0) {
 +		char *shell = xstrdup((pw->pw_shell[0] == '\0') ?
 +		    _PATH_BSHELL : pw->pw_shell); /* empty = /bin/sh */
 +
 +		if (stat(shell, &st) == -1) {
 +			logit("User %.100s not allowed because shell %.100s "
 +			    "does not exist", pw->pw_name, shell);
 +			free(shell);
 +			return 0;
 +		}
 +		if (S_ISREG(st.st_mode) == 0 ||
 +		    (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) {
 +			logit("User %.100s not allowed because shell %.100s "
 +			    "is not executable", pw->pw_name, shell);
 +			free(shell);
 +			return 0;
 +		}
 +		free(shell);
 +	}
 +
 +	if (options.num_deny_users > 0 || options.num_allow_users > 0 ||
 +	    options.num_deny_groups > 0 || options.num_allow_groups > 0) {
 +		hostname = auth_get_canonical_hostname(ssh, options.use_dns);
 +		ipaddr = ssh_remote_ipaddr(ssh);
 +	}
 +
 +	/* Return false if user is listed in DenyUsers */
 +	if (options.num_deny_users > 0) {
 +		for (i = 0; i < options.num_deny_users; i++) {
 +			r = match_user(pw->pw_name, hostname, ipaddr,
 +			    options.deny_users[i]);
 +			if (r < 0) {
 +				fatal("Invalid DenyUsers pattern \"%.100s\"",
 +				    options.deny_users[i]);
 +			} else if (r != 0) {
 +				logit("User %.100s from %.100s not allowed "
 +				    "because listed in DenyUsers",
 +				    pw->pw_name, hostname);
 +				return 0;
 +			}
 +		}
 +	}
 +	/* Return false if AllowUsers isn't empty and user isn't listed there */
 +	if (options.num_allow_users > 0) {
 +		for (i = 0; i < options.num_allow_users; i++) {
 +			r = match_user(pw->pw_name, hostname, ipaddr,
 +			    options.allow_users[i]);
 +			if (r < 0) {
 +				fatal("Invalid AllowUsers pattern \"%.100s\"",
 +				    options.allow_users[i]);
 +			} else if (r == 1)
 +				break;
 +		}
 +		/* i < options.num_allow_users iff we break for loop */
 +		if (i >= options.num_allow_users) {
 +			logit("User %.100s from %.100s not allowed because "
 +			    "not listed in AllowUsers", pw->pw_name, hostname);
 +			return 0;
 +		}
 +	}
 +	if (options.num_deny_groups > 0 || options.num_allow_groups > 0) {
 +		/* Get the user's group access list (primary and supplementary) */
 +		if (ga_init(pw->pw_name, pw->pw_gid) == 0) {
 +			logit("User %.100s from %.100s not allowed because "
 +			    "not in any group", pw->pw_name, hostname);
 +			return 0;
 +		}
 +
 +		/* Return false if one of user's groups is listed in DenyGroups */
 +		if (options.num_deny_groups > 0)
 +			if (ga_match(options.deny_groups,
 +			    options.num_deny_groups)) {
 +				ga_free();
 +				logit("User %.100s from %.100s not allowed "
 +				    "because a group is listed in DenyGroups",
 +				    pw->pw_name, hostname);
 +				return 0;
 +			}
 +		/*
 +		 * Return false if AllowGroups isn't empty and one of user's groups
 +		 * isn't listed there
 +		 */
 +		if (options.num_allow_groups > 0)
 +			if (!ga_match(options.allow_groups,
 +			    options.num_allow_groups)) {
 +				ga_free();
 +				logit("User %.100s from %.100s not allowed "
 +				    "because none of user's groups are listed "
 +				    "in AllowGroups", pw->pw_name, hostname);
 +				return 0;
 +			}
 +		ga_free();
 +	}
 +
 +#ifdef CUSTOM_SYS_AUTH_ALLOWED_USER
 +	if (!sys_auth_allowed_user(pw, loginmsg))
 +		return 0;
 +#endif
 +
 +	/* We found no reason not to let this user try to log on... */
 +	return 1;
 +}
 +
 +/*
 + * Formats any key left in authctxt->auth_method_key for inclusion in
 + * auth_log()'s message. Also includes authxtct->auth_method_info if present.
 + */
 +static char *
 +format_method_key(Authctxt *authctxt)
 +{
 +	const struct sshkey *key = authctxt->auth_method_key;
 +	const char *methinfo = authctxt->auth_method_info;
 +	char *fp, *cafp, *ret = NULL;
 +
 +	if (key == NULL)
 +		return NULL;
 +
 +	if (sshkey_is_cert(key)) {
 +		fp = sshkey_fingerprint(key,
 +		    options.fingerprint_hash, SSH_FP_DEFAULT);
 +		cafp = sshkey_fingerprint(key->cert->signature_key,
 +		    options.fingerprint_hash, SSH_FP_DEFAULT);
 +		xasprintf(&ret, "%s %s ID %s (serial %llu) CA %s %s%s%s",
 +		    sshkey_type(key), fp == NULL ? "(null)" : fp,
 +		    key->cert->key_id,
 +		    (unsigned long long)key->cert->serial,
 +		    sshkey_type(key->cert->signature_key),
 +		    cafp == NULL ? "(null)" : cafp,
 +		    methinfo == NULL ? "" : ", ",
 +		    methinfo == NULL ? "" : methinfo);
 +		free(fp);
 +		free(cafp);
 +	} else {
 +		fp = sshkey_fingerprint(key, options.fingerprint_hash,
 +		    SSH_FP_DEFAULT);
 +		xasprintf(&ret, "%s %s%s%s", sshkey_type(key),
 +		    fp == NULL ? "(null)" : fp,
 +		    methinfo == NULL ? "" : ", ",
 +		    methinfo == NULL ? "" : methinfo);
 +		free(fp);
 +	}
 +	return ret;
 +}
 +
 +void
 +auth_log(struct ssh *ssh, int authenticated, int partial,
 +    const char *method, const char *submethod)
 +{
 +	Authctxt *authctxt = (Authctxt *)ssh->authctxt;
 +	int level = SYSLOG_LEVEL_VERBOSE;
 +	const char *authmsg;
 +	char *extra = NULL;
 +
 +	if (use_privsep && !mm_is_monitor() && !authctxt->postponed)
 +		return;
 +
 +	/* Raise logging level */
 +	if (authenticated == 1 ||
 +	    !authctxt->valid ||
 +	    authctxt->failures >= options.max_authtries / 2 ||
 +	    strcmp(method, "password") == 0)
 +		level = SYSLOG_LEVEL_INFO;
 +
 +	if (authctxt->postponed)
 +		authmsg = "Postponed";
 +	else if (partial)
 +		authmsg = "Partial";
 +	else {
 +		authmsg = authenticated ? "Accepted" : "Failed";
 +		if (authenticated)
 +			BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_OK, "ssh");
 +	}
 +
 +	if ((extra = format_method_key(authctxt)) == NULL) {
 +		if (authctxt->auth_method_info != NULL)
 +			extra = xstrdup(authctxt->auth_method_info);
 +	}
 +
 +	do_log2(level, "%s %s%s%s for %s%.100s from %.200s port %d ssh2%s%s",
 +	    authmsg,
 +	    method,
 +	    submethod != NULL ? "/" : "", submethod == NULL ? "" : submethod,
 +	    authctxt->valid ? "" : "invalid user ",
 +	    authctxt->user,
 +	    ssh_remote_ipaddr(ssh),
 +	    ssh_remote_port(ssh),
 +	    extra != NULL ? ": " : "",
 +	    extra != NULL ? extra : "");
 +
 +	free(extra);
 +
 +#if defined(CUSTOM_FAILED_LOGIN) || defined(SSH_AUDIT_EVENTS)
 +	if (authenticated == 0 && !(authctxt->postponed || partial)) {
 +		/* Log failed login attempt */
 +# ifdef CUSTOM_FAILED_LOGIN
 +		if (strcmp(method, "password") == 0 ||
 +		    strncmp(method, "keyboard-interactive", 20) == 0 ||
 +		    strcmp(method, "challenge-response") == 0)
 +			record_failed_login(ssh, authctxt->user,
 +			    auth_get_canonical_hostname(ssh, options.use_dns), "ssh");
 +# endif
 +# ifdef SSH_AUDIT_EVENTS
 +		audit_event(ssh, audit_classify_auth(method));
 +# endif
 +	}
 +#endif
 +#if defined(CUSTOM_FAILED_LOGIN) && defined(WITH_AIXAUTHENTICATE)
 +	if (authenticated)
 +		sys_auth_record_login(authctxt->user,
 +		    auth_get_canonical_hostname(ssh, options.use_dns), "ssh",
 +		    loginmsg);
 +#endif
 +}
 +
 +void
 +auth_maxtries_exceeded(struct ssh *ssh)
 +{
 +	Authctxt *authctxt = (Authctxt *)ssh->authctxt;
 +
 +	error("maximum authentication attempts exceeded for "
 +	    "%s%.100s from %.200s port %d ssh2",
 +	    authctxt->valid ? "" : "invalid user ",
 +	    authctxt->user,
 +	    ssh_remote_ipaddr(ssh),
 +	    ssh_remote_port(ssh));
 +	ssh_packet_disconnect(ssh, "Too many authentication failures");
 +	/* NOTREACHED */
 +}
 +
 +/*
 + * Check whether root logins are disallowed.
 + */
 +int
 +auth_root_allowed(struct ssh *ssh, const char *method)
 +{
 +	switch (options.permit_root_login) {
 +	case PERMIT_YES:
 +		return 1;
 +	case PERMIT_NO_PASSWD:
 +		if (strcmp(method, "publickey") == 0 ||
 +		    strcmp(method, "hostbased") == 0 ||
 +		    strcmp(method, "gssapi-with-mic") == 0)
 +			return 1;
 +		break;
 +	case PERMIT_FORCED_ONLY:
 +		if (auth_opts->force_command != NULL) {
 +			logit("Root login accepted for forced command.");
 +			return 1;
 +		}
 +		break;
 +	}
 +	logit("ROOT LOGIN REFUSED FROM %.200s port %d",
 +	    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
 +	return 0;
 +}
 +
 +
 +/*
 + * Given a template and a passwd structure, build a filename
 + * by substituting % tokenised options. Currently, %% becomes '%',
 + * %h becomes the home directory and %u the username.
 + *
 + * This returns a buffer allocated by xmalloc.
 + */
 +char *
 +expand_authorized_keys(const char *filename, struct passwd *pw)
 +{
*** 16890 LINES SKIPPED ***