git: 20bcfc33d3f2 - releng/13.2 - ssh: Update to OpenSSH 9.3p2
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 01 Aug 2023 20:04:18 UTC
The branch releng/13.2 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=20bcfc33d3f2549e121f34b3839e33e176a313fc commit 20bcfc33d3f2549e121f34b3839e33e176a313fc Author: Ed Maste <emaste@FreeBSD.org> AuthorDate: 2023-08-01 14:38:11 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2023-08-01 19:50:47 +0000 ssh: Update to OpenSSH 9.3p2 Approved by: so Security: FreeBSD-SA-23:08.ssh Security: CVE-2023-38408 --- crypto/openssh/ChangeLog | 1867 +--------------------------- crypto/openssh/README | 2 +- crypto/openssh/contrib/redhat/openssh.spec | 2 +- crypto/openssh/contrib/suse/openssh.spec | 2 +- crypto/openssh/ssh-agent.1 | 22 +- crypto/openssh/ssh-agent.c | 21 +- crypto/openssh/ssh-pkcs11.c | 6 +- crypto/openssh/sshd_config | 2 +- crypto/openssh/sshd_config.5 | 2 +- crypto/openssh/version.h | 4 +- 10 files changed, 82 insertions(+), 1848 deletions(-) diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog index f1d1b37d583c..40ca976a61b3 100644 --- a/crypto/openssh/ChangeLog +++ b/crypto/openssh/ChangeLog @@ -1,3 +1,36 @@ +commit 9795c4016ae35162072144df032c8b262433b462 +Author: Damien Miller <djm@mindrot.org> +Date: Wed Jul 19 16:27:12 2023 +1000 + + OpenSSH 9.3p2 + +commit bde3635f3c9324bad132cf9ed917813d6abb599e +Author: Damien Miller <djm@mindrot.org> +Date: Wed Jul 19 16:31:09 2023 +1000 + + update version in README + +commit f673f2f3e5f67099018fc281a6b5fb918142472e +Author: Damien Miller <djm@mindrot.org> +Date: Wed Jul 19 16:31:00 2023 +1000 + + update RPM spec versions + +commit d7790cdce72a1b6982795baa2b4d6f0bdbb0100d +Author: Damien Miller <djm@mindrot.org> +Date: Fri Jul 7 13:30:15 2023 +1000 + + disallow remote addition of FIDO/PKCS11 keys + + Depends on the local client performing the session-bind@openssh.com + operation, so non-OpenSSH local client may circumvent this. + +commit b23fe83f06ee7e721033769cfa03ae840476d280 +Author: Damien Miller <djm@mindrot.org> +Date: Thu Jul 13 12:09:34 2023 +1000 + + terminate pkcs11 process for bad libraries + commit cb30fbdbee869f1ce11f06aa97e1cb8717a0b645 Author: Damien Miller <djm@mindrot.org> Date: Thu Mar 16 08:28:19 2023 +1100 @@ -9402,1837 +9435,3 @@ Date: Mon Jul 19 05:08:54 2021 +0000 reliability on very heavily loaded hosts. OpenBSD-Regress-ID: 4c28a0fce3ea89ebde441d7091464176e9730533 - -commit 7953e1bfce9e76bec41c1331a29bc6cff9d416b8 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Mon Jul 19 13:47:51 2021 +1000 - - Add sshfp-connect.sh file missed in previous. - -commit b75a80fa8369864916d4c93a50576155cad4df03 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Mon Jul 19 03:13:28 2021 +0000 - - upstream: Ensure that all returned SSHFP records for the specified host - - name and hostkey type match instead of only one. While there, simplify the - code somewhat and add some debugging. Based on discussion in bz#3322, ok - djm@. - - OpenBSD-Commit-ID: 0a6a0a476eb7f9dfe8fe2c05a1a395e3e9b22ee4 - -commit 1cc1fd095393663cd72ddac927d82c6384c622ba -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Mon Jul 19 02:21:50 2021 +0000 - - upstream: Id sync only, -portable already has this. - - Put dh_set_moduli_file call inside ifdef WITH_OPENSSL. Fixes - build with OPENSSL=no. - - OpenBSD-Commit-ID: af54abbebfb12bcde6219a44d544e18204defb15 - -commit 33abbe2f4153f5ca5c874582f6a7cc91ae167485 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Mon Jul 19 02:46:34 2021 +0000 - - upstream: Add test for host key verification via SSHFP records. This - - requires some external setup to operate so is disabled by default (see - comments in sshfp-connect.sh). - - OpenBSD-Regress-ID: c52c461bd1df3a803d17498917d156ef64512fd9 - -commit f0cd000d8e3afeb0416dce1c711c3d7c28d89bdd -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Mon Jul 19 02:29:28 2021 +0000 - - upstream: Add ed25519 key and test SSHFP export of it. Only test - - RSA SSHFP export if we have RSA functionality compiled in. - - OpenBSD-Regress-ID: b4ff5181b8c9a5862e7f0ecdd96108622333a9af - -commit 0075511e27e5394faa28edca02bfbf13b9a6693e -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Mon Jul 19 00:16:26 2021 +0000 - - upstream: Group keygen tests together. - - OpenBSD-Regress-ID: 07e2d25c527bb44f03b7c329d893a1f2d6c5c40c - -commit 034828820c7e62652e7c48f9ee6b67fb7ba6fa26 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Sun Jul 18 23:10:10 2021 +0000 - - upstream: Add test for ssh-keygen printing of SSHFP records. - - OpenBSD-Regress-ID: fde9566b56eeb980e149bbe157a884838507c46b - -commit 52c3b6985ef1d5dadb4c4fe212f8b3a78ca96812 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Jul 17 00:38:11 2021 +0000 - - upstream: wrap some long lines - - OpenBSD-Commit-ID: 4f5186b1466656762dae37d3e569438d900c350d - -commit 43ec991a782791d0b3f42898cd789f99a07bfaa4 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Jul 17 00:36:53 2021 +0000 - - upstream: fix sftp on ControlPersist connections, broken by recent - - SessionType change; spotted by sthen@ - - OpenBSD-Commit-ID: 4c5ddc5698790ae6ff50d2a4f8f832f0eeeaa234 - -commit 073f45c236550f158c9a94003e4611c07dea5279 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jul 16 09:00:23 2021 +0000 - - upstream: Explicitly check for and start time-based rekeying in the - - client and server mainloops. - - Previously the rekey timeout could expire but rekeying would not start - until a packet was sent or received. This could cause us to spin in - select() on the rekey timeout if the connection was quiet. - - ok markus@ - - OpenBSD-Commit-ID: 4356cf50d7900f3df0a8f2117d9e07c91b9ff987 - -commit ef7c4e52d5d840607f9ca3a302a4cbb81053eccf -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Wed Jul 14 06:46:38 2021 +0000 - - upstream: reorder SessionType; ok djm - - OpenBSD-Commit-ID: c7dd0b39e942b1caf4976a0b1cf0fed33d05418c - -commit 8aa2f9aeb56506dca996d68ab90ab9c0bebd7ec3 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Wed Jul 14 11:26:50 2021 +1000 - - Make whitespace consistent. - -commit 4f4297ee9b8a39f4dfd243a74c5f51f9e7a05723 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Wed Jul 14 11:26:12 2021 +1000 - - Add ARM64 Linux self-hosted runner. - -commit eda8909d1b0a85b9c3804a04d03ec6738fd9dc7f -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jul 13 23:48:36 2021 +0000 - - upstream: add a SessionType directive to ssh_config, allowing the - - configuration file to offer equivalent control to the -N (no session) and -s - (subsystem) command-line flags. - - Part of GHPR#231 by Volker Diels-Grabsch with some minor tweaks; - feedback and ok dtucker@ - - OpenBSD-Commit-ID: 726ee931dd4c5cc7f1d7a187b26f41257f9a2d12 - -commit 7ae69f2628e338ba6e0eae7ee8a63bcf8fea7538 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jul 12 02:12:22 2021 +0000 - - upstream: fix some broken tests; clean up output - - OpenBSD-Regress-ID: 1d5038edb511dc4ce1622344c1e724626a253566 - -commit f5fc6a4c3404bbf65c21ca6361853b33d78aa87e -Author: Darren Tucker <dtucker@dtucker.net> -Date: Mon Jul 12 18:00:05 2021 +1000 - - Add configure-time detection for SSH_TIME_T_MAX. - - Should fix printing cert times exceeding INT_MAX (bz#3329) on platforms - were time_t is a long long. The limit used is for the signed type, so if - some system has a 32bit unsigned time_t then the lower limit will still - be imposed and we would need to add some way to detect this. Anyone using - an unsigned 64bit can let us know when it starts being a problem. - -commit fd2d06ae4442820429d634c0a8bae11c8e40c174 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Mon Jul 12 06:22:57 2021 +0000 - - upstream: Make limit for time_t test unconditional in the - - format_absolute_time fix for bz#3329 that allows printing of timestamps past - INT_MAX. This was incorrectly included with the previous commit. Based on - discussion with djm@. - - OpenBSD-Commit-ID: 835936f6837c86504b07cabb596b613600cf0f6e - -commit 6c29b387cd64a57b0ec8ae7d2c8d02789d88fcc3 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Mon Jul 12 06:08:57 2021 +0000 - - upstream: Use existing format_absolute_time() function when - - printing cert validity instead of doing it inline. Part of bz#3329. - - OpenBSD-Commit-ID: a13d4e3c4f59644c23745eb02a09b2a4e717c00c - -commit 99981d5f8bfa383791afea03f6bce8454e96e323 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jul 9 09:55:56 2021 +0000 - - upstream: silence redundant error message; reported by Fabian Stelzer - - OpenBSD-Commit-ID: 9349a703016579a60557dafd03af2fe1d44e6aa2 - -commit e86097813419b49d5bff5c4b51d1c3a5d4d2d804 -Author: John Ericson <John.Ericson@Obsidian.Systems> -Date: Sat Dec 26 11:40:49 2020 -0500 - - Re-indent krb5 section after pkg-config addition. - -commit 32dd2daa56c294e40ff7efea482c9eac536d8cbb -Author: John Ericson <John.Ericson@Obsidian.Systems> -Date: Sat Dec 26 11:40:49 2020 -0500 - - Support finding Kerberos via pkg-config - - This makes cross compilation easier. - -commit def7a72234d7e4f684d72d33a0f7229f9eee0aa4 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Jul 9 14:34:06 2021 +1000 - - Update comments about EGD to include prngd. - -commit b5d23150b4e3368f4983fd169d432c07afeee45a -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Mon Jul 5 01:21:07 2021 +0000 - - upstream: Fix a couple of whitespace things. Portable already has - - these so this removes two diffs between the two. - - OpenBSD-Commit-ID: 769f017ebafd8e741e337b3e9e89eb5ac73c9c56 - -commit 8f57be9f279b8e905f9883066aa633c7e67b31cf -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Mon Jul 5 01:16:46 2021 +0000 - - upstream: Order includes as per style(9). Portable already has - - these so this removes a handful of diffs between the two. - - OpenBSD-Commit-ID: 8bd7452d809b199c19bfc49511a798f414eb4a77 - -commit b75624f8733b3ed9e240f86cac5d4a39dae11848 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Mon Jul 5 00:50:25 2021 +0000 - - upstream: Remove comment referencing now-removed - - RhostsRSAAuthentication. ok djm@ - - OpenBSD-Commit-ID: 3d864bfbd99a1d4429a58e301688f3be464827a9 - -commit b67eb12f013c5441bb4f0893a97533582ad4eb13 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jul 5 00:25:42 2021 +0000 - - upstream: allow spaces to appear in usernames for local to remote, - - and scp -3 remote to remote copies. with & ok dtucker bz#1164 - - OpenBSD-Commit-ID: e9b550f3a85ffbb079b6720833da31317901d6dd - -commit 8c4ef0943e574f614fc7c6c7e427fd81ee64ab87 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Jul 2 07:20:44 2021 +0000 - - upstream: Remove obsolete comments about SSHv1 auth methods. ok - - djm@ - - OpenBSD-Commit-ID: 6060f70966f362d8eb4bec3da2f6c4712fbfb98f - -commit 88908c9b61bcb99f16e8d398fc41e2b3b4be2003 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sat Jul 3 23:00:19 2021 +1000 - - Remove reference to ChallengeResponse. - - challenge_response_authentication was removed from the struct, keeping - kbd_interactive_authentication. - -commit 321874416d610ad2158ce6112f094a4862c2e37f -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sat Jul 3 20:38:09 2021 +1000 - - Move signal.h up include order to match upstream. - -commit 4fa83e2d0e32c2dd758653e0359984bbf1334f32 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sat Jul 3 20:36:06 2021 +1000 - - Remove old OpenBSD version marker. - - Looks like an accidental leftover from a sync. - -commit 9d5e31f55d5f3899b72645bac41a932d298ad73b -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sat Jul 3 20:34:19 2021 +1000 - - Remove duplicate error on error path. - - There's an extra error() call on the listen error path, it looks like - its removal was missed during an upstream sync. - -commit 888c459925c7478ce22ff206c9ac1fb812a40caf -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sat Jul 3 20:32:46 2021 +1000 - - Remove some whitespace not in upstream. - - Reduces diff vs OpenBSD by a small amount. - -commit 4d2d4d47a18d93f3e0a91a241a6fdb545bbf7dc2 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sat Jul 3 19:27:43 2021 +1000 - - Replace remaining references to ChallengeResponse. - - Portable had a few additional references to ChallengeResponse related to - UsePAM, replaces these with equivalent keyboard-interactive ones. - -commit 53237ac789183946dac6dcb8838bc3b6b9b43be1 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sat Jul 3 19:23:28 2021 +1000 - - Sync remaining ChallengeResponse removal. - - These were omitted from commit 88868fd131. - -commit 2c9e4b319f7e98744b188b0f58859d431def343b -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sat Jul 3 19:17:31 2021 +1000 - - Disable rocky84 to figure out why agent test fails - -commit bfe19197a92b7916f64a121fbd3c179abf15e218 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Jul 2 15:43:28 2021 +1000 - - Remove now-unused SSHv1 enums. - - sRhostsRSAAuthentication and sRSAAuthentication are protocol 1 options - and are no longer used. - -commit c73b02d92d72458a5312bd098f32ce88868fd131 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Jul 2 05:11:20 2021 +0000 - - upstream: Remove references to ChallengeResponseAuthentication in - - favour of KbdInteractiveAuthentication. The former is what was in SSHv1, the - latter is what is in SSHv2 (RFC4256) and they were treated as somewhat but - not entirely equivalent. We retain the old name as deprecated alias so - config files continue to work and a reference in the man page for people - looking for it. - - Prompted by bz#3303 which pointed out the discrepancy between the two - when used with Match. Man page help & ok jmc@, with & ok djm@ - - OpenBSD-Commit-ID: 2c1bff8e5c9852cfcdab1f3ea94dfef5a22f3b7e - -commit f841fc9c8c7568a3b5d84a4cc0cefacb7dbc16b9 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Jul 2 15:20:32 2021 +1000 - - Fix ifdefs around get_random_bytes_prngd. - - get_random_bytes_prngd() is used if either of PRNGD_PORT or PRNGD_SOCKET - are defined, so adjust ifdef accordingly. - -commit 0767627cf66574484b9c0834500b42ea04fe528a -Author: Damien Miller <djm@mindrot.org> -Date: Fri Jul 2 14:30:23 2021 +1000 - - wrap get_random_bytes_prngd() in ifdef - - avoid unused static function warning - -commit f93fdc4de158386efe1116bd44c5b3f4a7a82c25 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Mon Jun 28 13:06:37 2021 +1000 - - Add rocky84 test target. - -commit d443006c0ddfa7f6a5bd9c0ae92036f3d5f2fa3b -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jun 25 06:30:22 2021 +0000 - - upstream: fix decoding of X.509 subject name; from Leif Thuresson - - via bz3327 ok markus@ - - OpenBSD-Commit-ID: 0ea2e28f39750dd388b7e317bc43dd997a217ae8 - -commit 2a5704ec142202d387fda2d6872fd4715ab81347 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Jun 25 06:20:39 2021 +0000 - - upstream: Use better language to refer to the user. From l1ving - - via github PR#250, ok jmc@ - - OpenBSD-Commit-ID: 07ca3526626996613e128aeddf7748c93c4d6bbf - -commit 4bdf7a04797a0ea1c431a9d54588417c29177d19 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Jun 25 03:38:17 2021 +0000 - - upstream: Replace SIGCHLD/notify_pipe kludge with pselect. - - Previously sshd's SIGCHLD handler would wake up select() by writing a - byte to notify_pipe. We can remove this by blocking SIGCHLD, checking - for child terminations then passing the original signal mask through - to pselect. This ensures that the pselect will immediately wake up if - a child terminates between wait()ing on them and the pselect. - - In -portable, for platforms that do not have pselect the kludge is still - there but is hidden behind a pselect interface. - - Based on other changes for bz#2158, ok djm@ - - OpenBSD-Commit-ID: 202c85de0b3bdf1744fe53529a05404c5480d813 - -commit c9f7bba2e6f70b7ac1f5ea190d890cb5162ce127 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Jun 25 15:08:18 2021 +1000 - - Move closefrom() to before first malloc. - - When built against tcmalloc, tcmalloc allocates a descriptor for its - internal use, so calling closefrom() afterward causes the descriptor - number to be reused resulting in a corrupted connection. Moving the - closefrom a little earlier should resolve this. From kircherlike at - outlook.com via bz#3321, ok djm@ - -commit 7ebfe4e439853b88997c9cfc2ff703408a1cca92 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Jun 18 20:41:45 2021 +1000 - - Put second -lssh in link line for sftp-server. - - When building --without-openssl the recent port-prngd.c change adds - a dependency on atomicio, but since nothing else in sftp-server uses - it, the linker may not find it. Add a second -lssh similar to other - binaries. - -commit e409d7966785cfd9f5970e66a820685c42169717 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Jun 18 18:34:08 2021 +1000 - - Try EGD/PRNGD if random device fails. - - When built --without-openssl, try EGD/PRGGD (if configured) as a last - resort before failing. - -commit e43a898043faa3a965dbaa1193cc60e0b479033d -Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Jun 18 18:32:51 2021 +1000 - - Split EGD/PRNGD interface into its own file. - - This will allow us to use it when building --without-openssl. - -commit acb2887a769a1b1912cfd7067f3ce04fad240260 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Thu Jun 17 21:03:19 2021 +1000 - - Handle GIDs > 2^31 in getgrouplist. - - When compiled in 32bit mode, the getgrouplist implementation may fail - for GIDs greater than LONG_MAX. Analysis and change from ralf.winkel - at tui.com. - -commit 31fac20c941126281b527605b73bff30a8f02edd -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Thu Jun 10 09:46:28 2021 +0000 - - upstream: Use $SUDO when reading sshd's pidfile here too. - - OpenBSD-Regress-ID: 6bfb0d455d493f24839034a629c5306f84dbd409 - -commit a3a58acffc8cc527f8fc6729486d34e4c3d27643 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Thu Jun 10 09:43:51 2021 +0000 - - upstream: Use $SUDO when reading sshd's pidfile in case it was - - created with a very restrictive umask. This resyncs with -portable. - - OpenBSD-Regress-ID: 07fd2af06df759d4f64b82c59094accca1076a5d - -commit 249ad4ae51cd3bc235e75a4846eccdf8b1416611 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Thu Jun 10 09:37:59 2021 +0000 - - upstream: Set umask when creating hostkeys to prevent excessive - - permissions warning. - - OpenBSD-Regress-ID: 382841db0ee28dfef7f7bffbd511803e1b8ab0ef - -commit 9d0892153c005cc65897e9372b01fa66fcbe2842 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Thu Jun 10 03:45:31 2021 +0000 - - upstream: Add regress test for SIGHUP restart - - while handling active and unauthenticated clients. Should catch anything - similar to the pselect bug just fixed in sshd.c. - - OpenBSD-Regress-ID: 3b3c19b5e75e43af1ebcb9586875b3ae3a4cac73 - -commit 73f6f191f44440ca3049b9d3c8e5401d10b55097 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Thu Jun 10 03:14:14 2021 +0000 - - upstream: Continue accept loop when pselect - - returns -1, eg if it was interrupted by a signal. This should prevent - the hang discovered by sthen@ wherein sshd receives a SIGHUP while it has - an unauthenticated child and goes on to a blocking read on a notify_pipe. - feedback deraadt@, ok djm@ - - OpenBSD-Commit-ID: 0243c1c5544fca0974dae92cd4079543a3fceaa0 - -commit c785c0ae134a8e8b5c82b2193f64c632a98159e4 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jun 8 22:30:27 2021 +0000 - - upstream: test that UserKnownHostsFile correctly accepts multiple - - arguments; would have caught readconf.c r1.356 regression - - OpenBSD-Regress-ID: 71ca54e66c2a0211b04999263e56390b1f323a6a - -commit 1a6f6b08e62c78906a3032e8d9a83e721c84574e -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jun 8 22:06:12 2021 +0000 - - upstream: fix regression in r1.356: for ssh_config options that - - accepted multiple string arguments, ssh was only recording the first. - Reported by Lucas via bugs@ - - OpenBSD-Commit-ID: 7cbf182f7449bf1cb7c5b4452667dc2b41170d6d - -commit 78e30af3e2b2dd540a341cc827c6b98dd8b0a6de -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jun 8 07:40:12 2021 +0000 - - upstream: test argv_split() optional termination on comments - - OpenBSD-Regress-ID: 9fd1c4a27a409897437c010cfd79c54b639a059c - -commit a023138957ea2becf1c7f93fcc42b0aaac6f2b03 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Tue Jun 8 07:05:27 2021 +0000 - - upstream: Add testcases from bz#3319 for IPQoS and TunnelDevice - - being overridden on the command line. - - OpenBSD-Regress-ID: 801674d5d2d02abd58274a78cab2711f11de14a8 - -commit 660cea10b2cdc11f13ba99c89b1bbb368a4d9ff2 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jun 8 06:52:43 2021 +0000 - - upstream: sprinkle some "# comment" at end of configuration lines - - to test comment handling - - OpenBSD-Regress-ID: cb82fbf40bda5c257a9f742c63b1798e5a8fdda7 - -commit acc9c32dcb6def6c7d3688bceb4c0e59bd26b411 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jun 8 06:51:47 2021 +0000 - - upstream: more descriptive failure message - - OpenBSD-Regress-ID: 5300f6faf1d9e99c0cd10827b51756c5510e3509 - -commit ce04dd4eae23d1c9cf7c424a702f48ee78573bc1 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jun 7 01:16:34 2021 +0000 - - upstream: test AuthenticationMethods inside a Match block as well - - as in the main config section - - OpenBSD-Regress-ID: ebe0a686621b7cb8bb003ac520975279c28747f7 - -commit 9018bd821fca17e26e92f7a7e51d9b24cd62f2db -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jun 7 00:00:50 2021 +0000 - - upstream: prepare for stricter sshd_config parsing that will refuse - - a config that has {Allow,Deny}{Users,Groups} on a line with no subsequent - arguments. Such lines are permitted but are nonsensical noops ATM - - OpenBSD-Regress-ID: ef65463fcbc0bd044e27f3fe400ea56eb4b8f650 - -commit a10f929d1ce80640129fc5b6bc1acd9bf689169e -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jun 8 07:09:42 2021 +0000 - - upstream: switch sshd_config parsing to argv_split() - - similar to the previous commit, this switches sshd_config parsing to - the newer tokeniser. Config parsing will be a little stricter wrt - quote correctness and directives appearing without arguments. - - feedback and ok markus@ - - tested in snaps for the last five or so days - thanks Theo and those who - caught bugs - - OpenBSD-Commit-ID: 9c4305631d20c2d194661504ce11e1f68b20d93e - -commit ea9e45c89a4822d74a9d97fef8480707d584da4d -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jun 8 07:07:15 2021 +0000 - - upstream: Switch ssh_config parsing to use argv_split() - - This fixes a couple of problems with the previous tokeniser, - strdelim() - - 1. strdelim() is permissive wrt accepting '=' characters. This is - intended to allow it to tokenise "Option=value" but because it - cannot keep state, it will incorrectly split "Opt=val=val2". - 2. strdelim() has rudimentry handling of quoted strings, but it - is incomplete and inconsistent. E.g. it doesn't handle escaped - quotes inside a quoted string. - 3. It has no support for stopping on a (unquoted) comment. Because - of this readconf.c r1.343 added chopping of lines at '#', but - this caused a regression because these characters may legitimately - appear inside quoted strings. - - The new tokeniser is stricter is a number of cases, including #1 above - but previously it was also possible for some directives to appear - without arguments. AFAIK these were nonsensical in all cases, and the - new tokeniser refuses to accept them. - - The new code handles quotes much better, permitting quoted space as - well as escaped closing quotes. Finally, comment handling should be - fixed - the tokeniser will terminate only on unquoted # characters. - - feedback & ok markus@ - - tested in snaps for the last five or so days - thanks Theo and those who - caught bugs - - OpenBSD-Commit-ID: dc72fd12af9d5398f4d9e159d671f9269c5b14d5 - -commit d786424986c04d1d375f231fda177c8408e05c3e -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Tue Jun 8 07:02:46 2021 +0000 - - upstream: Check if IPQoS or TunnelDevice are already set before - - overriding. Prevents values in config files from overriding values supplied - on the command line. bz#3319, ok markus. - - OpenBSD-Commit-ID: f3b08b898c324debb9195e6865d8999406938f74 - -commit aae4b4d3585b9f944d7dbd3c9e5ba0006c55e457 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jun 8 06:54:40 2021 +0000 - - upstream: Allow argv_split() to optionally terminate tokenisation - - when it encounters an unquoted comment. - - Add some additional utility function for working with argument - vectors, since we'll be switching to using them to parse - ssh/sshd_config shortly. - - ok markus@ as part of a larger diff; tested in snaps - - OpenBSD-Commit-ID: fd9c108cef2f713f24e3bc5848861d221bb3a1ac - -commit da9f9acaac5bab95dca642b48e0c8182b246ab69 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Mon Jun 7 19:19:23 2021 +1000 - - Save logs on failure for upstream test - -commit 76883c60161e5f3808787085a27a8c37f8cc4e08 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Mon Jun 7 14:36:32 2021 +1000 - - Add obsdsnap-i386 upstream test target. - -commit d45b9c63f947ec5ec314696e70281f6afddc0ac3 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jun 7 03:38:38 2021 +0000 - - upstream: fix debug message when finding a private key to match a - - certificate being attempted for user authentication. Previously it would - print the certificate's path, whereas it was supposed to be showing the - private key's path. Patch from Alex Sherwin via GHPR247 - - OpenBSD-Commit-ID: d5af3be66d0f22c371dc1fe6195e774a18b2327b - -commit 530739d42f6102668aecd699be0ce59815c1eceb -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Jun 6 11:34:16 2021 +0000 - - upstream: Match host certificates against host public keys, not private - - keys. Allows use of certificates with private keys held in a ssh-agent. - Reported by Miles Zhou in bz3524; ok dtucker@ - - OpenBSD-Commit-ID: 25f5bf70003126d19162862d9eb380bf34bac22a - -commit 4265215d7300901fd7097061c7517688ade82f8e -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Jun 6 03:40:39 2021 +0000 - - upstream: Client-side workaround for a bug in OpenSSH 7.4: this release - - allows RSA/SHA2 signatures for public key authentication but fails to - advertise this correctly via SSH2_MSG_EXT_INFO. This causes clients of these - server to incorrectly match PubkeyAcceptedAlgorithms and potentially refuse - to offer valid keys. - - Reported by and based on patch from Gordon Messmer via bz3213, thanks - also for additional analysis by Jakub Jelen. ok dtucker - - OpenBSD-Commit-ID: d6d0b7351d5d44c45f3daaa26efac65847a564f7 - -commit bda270d7fb8522d43c21a79a4b02a052d7c64de8 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Jun 6 03:17:02 2021 +0000 - - upstream: degrade gracefully if a sftp-server offers the - - limits@openssh.com extension but fails when the client tries to invoke it. - Reported by Hector Martin via bz3318 - - OpenBSD-Commit-ID: bd9d1839c41811616ede4da467e25746fcd9b967 - -commit d345d5811afdc2d6923019b653cdd93c4cc95f76 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Jun 6 03:15:39 2021 +0000 - - upstream: the limits@openssh.com extension was incorrectly marked - - as an operation that writes to the filesystem, which made it unavailable in - sftp-server read-only mode. Spotted by Hector Martin via bz3318 - - OpenBSD-Commit-ID: f054465230787e37516c4b57098fc7975e00f067 - -commit 2b71010d9b43d7b8c9ec1bf010beb00d98fa765a -Author: naddy@openbsd.org <naddy@openbsd.org> -Date: Sat Jun 5 13:47:00 2021 +0000 - - upstream: PROTOCOL.certkeys: update reference from IETF draft to - - RFC - - Also fix some typos. - ok djm@ - - OpenBSD-Commit-ID: 5e855b6c5a22b5b13f8ffa3897a868e40d349b44 - -commit aa99b2d9a3e45b943196914e8d8bf086646fdb54 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Jun 4 23:41:29 2021 +1000 - - Clear notify_pipe from readset if present. - - Prevents leaking an implementation detail to the caller. - -commit 6de8dadf6b4d0627d35bca0667ca44b1d61c2c6b -Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Jun 4 23:24:25 2021 +1000 - - space->tabs. - -commit c8677065070ee34c05c7582a9c2f58d8642e552d -Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Jun 4 18:39:48 2021 +1000 - - Add pselect implementation for platforms without. - - This is basically the existing notify_pipe kludge from serverloop.c - moved behind a pselect interface. It works by installing a signal - handler that writes to a pipe that the select is watching, then calls - the original handler. - - The select call in serverloop will become pselect soon, at which point the - kludge will be removed from thereand will only exist in the compat layer. - Original code by markus, help from djm. - -commit 7cd7f302d3a072748299f362f9e241d81fcecd26 -Author: Vincent Brillault <vincent.brillault@cern.ch> -Date: Sun May 24 09:15:06 2020 +0200 - - auth_log: dont log partial successes as failures - - By design, 'partial' logins are successful logins, so initially with - authenticated set to 1, for which another authentication is required. As - a result, authenticated is always reset to 0 when partial is set to 1. - However, even if authenticated is 0, those are not failed login - attempts, similarly to attempts with authctxt->postponed set to 1. - -commit e7606919180661edc7f698e6a1b4ef2cfb363ebf -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jun 4 06:19:07 2021 +0000 - - upstream: The RB_GENERATE_STATIC(3) macro expands to a series of - - function definitions and not a statement, so there should be no semicolon - following them. Patch from Michael Forney - - OpenBSD-Commit-ID: c975dd180580f0bdc0a4d5b7d41ab1f5e9b7bedd - -commit c298c4da574ab92df2f051561aeb3e106b0ec954 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jun 4 05:59:18 2021 +0000 - - upstream: rework authorized_keys example section, removing irrelevant - - stuff, de-wrapping the example lines and better aligning the examples with - common usage and FAQs; ok jmc - - OpenBSD-Commit-ID: d59f1c9281f828148e2a2e49eb9629266803b75c - -commit d9cb35bbec5f623589d7c58fc094817b33030f35 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jun 4 05:10:03 2021 +0000 - - upstream: adjust SetEnv description to clarify $TERM handling - - OpenBSD-Commit-ID: 8b8cc0124856bc1094949d55615e5c44390bcb22 - -commit 771f57a8626709f2ad207058efd68fbf30d31553 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Jun 4 05:09:08 2021 +0000 - - upstream: Switch the listening select loop from select() to - - pselect() and mask signals while checking signal flags, umasking for pselect - and restoring afterwards. Also restore signals before sighup_restart so they - don't remain blocked after restart. - - This prevents a race where a SIGTERM or SIGHUP can arrive between - checking the flag and calling select (eg if sshd is processing a - new connection) resulting in sshd not shutting down until the next - time it receives a new connection. bz#2158, with & ok djm@ - - OpenBSD-Commit-ID: bf85bf880fd78e00d7478657644fcda97b9a936f - -commit f64f8c00d158acc1359b8a096835849b23aa2e86 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jun 4 05:02:40 2021 +0000 - - upstream: allow ssh_config SetEnv to override $TERM, which is otherwise - - handled specially by the protocol. Useful in ~/.ssh/config to set TERM to - something generic (e.g. "xterm" instead of "xterm-256color") for destinations - that lack terminfo entries. feedback and ok dtucker@ - - OpenBSD-Commit-ID: 38b1ef4d5bc159c7d9d589d05e3017433e2d5758 - -commit 60107677dc0ce1e93c61f23c433ad54687fcd9f5 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jun 4 04:02:21 2021 +0000 - - upstream: correct extension name "no-presence-required" => - - "no-touch-required" - - document "verify-required" option - - OpenBSD-Commit-ID: 1879ff4062cf61d79b515e433aff0bf49a6c55c5 - -commit ecc186e46e3e30f27539b4311366dfda502f0a08 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Wed Jun 2 13:54:11 2021 +1000 - - Retire fbsd7 test target. - - It's the slowest of the selfhosted targets (since it's 32bit but has - most of the crypto algos). We still have coverage for 32bit i386. - -commit 5de0867b822ec48b5eec9abde0f5f95d1d646546 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Wed Jun 2 11:21:40 2021 +1000 - - Check for $OPENSSL in md5 fallback too. - -commit 1db69d1b6542f8419c04cee7fd523a4a11004be2 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Wed Jun 2 11:17:54 2021 +1000 - - Add dfly60 target. - -commit a3f2dd955f1c19cad387a139f0e719af346ca6ef -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Wed Jun 2 00:17:45 2021 +0000 - - upstream: Merge back shell portability changes - - bringing it back in sync with -portable. - - OpenBSD-Regress-ID: c07905ba931e66ad7d849b87b7d19648007175d1 - -commit 9d482295c9f073e84d75af46b720a1c0f7ec2867 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Tue Jun 1 23:56:20 2021 +0000 - - upstream: Use a default value for $OPENSSL, - - allowing it to be overridden. Do the same in the PuTTY tests since it's - needed there and not exported by test-exec.sh. - - OpenBSD-Regress-ID: c49dcd6aa7602a8606b7afa192196ca1fa65de16 - -commit 07660b3c99f8ea74ddf4a440e55c16c9f7fb3dd1 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Mon May 24 10:25:18 2021 +0000 - - upstream: Find openssl binary via environment variable. This - - allows overriding if necessary (eg in -portable where we're testing against a - specific version of OpenSSL). *** 1097 LINES SKIPPED ***