From nobody Fri Jul 21 14:41:54 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4R6shL5sD8z4db39; Fri, 21 Jul 2023 14:41:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4R6shL5PHxz42XQ; Fri, 21 Jul 2023 14:41:54 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1689950514; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=HbiETvy1hYHOVMQqksJ/iJ9GfFB5LsLIKp9o5n+NrmA=; b=cjcQQVOfAC2a6+BswR3rCXTXZoQHmrDOSnsydtfCfv0uz4l4BVrO/qaEEG9/ce2ebvYbHO 7QuFKw5HAozsrHKHVrw1ueQT2g1vdzjLdhDjo5NioaZiGw+hoPA1FgEf7UAxE4No+EW2tW HxbIAKrDJImKINmhmqk+kf94CwzgbkJVAskvYxGnTuqV63dQDxWWfKr7KJYdwmIknGuI2d KXevw+1lQawZzUG3L7GNcqAnnD1HjP22fppIFrfjcxmpKVJozfFFjaCvBE4xQ1QYdw+CaW +Xhi32AMMlhnkYppLih1iXu0+Jwk/Hv2C31fDwfROuSV55xzNI4oYN2/VQr56g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1689950514; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=HbiETvy1hYHOVMQqksJ/iJ9GfFB5LsLIKp9o5n+NrmA=; b=XgrUNhcUUwECqDH8W+ETeMNEZlHRgLro74kb3+8bRbQbN6vkoumi9HGhoGiFxPhO81MjTT YnjuPve/Mu32lgk3UsHKQmkv2/Is7KAYT4+YIeQ1p4mSXXw7FKiqZm77avsU1KNRjds0SX zS1iygtXC3jGrZIqrnn1cC/gpThSsOqd91hIjbPfTU/xLEIAJ3jnLU2oox2BD/5kOYBvTN hyukC816ABif/vCybD518DHLYN19NjiKes6xf3wQ4Q35diwXmPxUjbXgMhslQyIvTDAX+e BB87/1ya7Qx36rM3nEjPSEmZ/IvVOhX8JoNQHrjctKRLooUoBa3S1oQjl+fSSQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1689950514; a=rsa-sha256; cv=none; b=tEhFIoAFZl+tiwyKArb4h5JTgjWIMC5mIr08AfDIhA+uZ1fR5/hfnC7NFJ42tNrIFK3S1H 2eGoewk55DrWNnnVYGe9n8QRnIoIen5IpPThgsx05nKzj3EFInQQFzUxb5EmAwJIv4jm/n TtxzjvRRQaVTdmcnYUSUaB9NUQxwQUAax8KaZK8QUAfshn1jj2qFxx3aBZqG5Vz4CVNDqi XZwZdiZEOtQH1Qu6uGZdlqrfZnqOA+UziQO0eKi7CVtLonQNzOIgxGskG9aMesz0lPBA6J q1cu6BBIthTr4oGplaQarpYvPcZJsNOkD0fsbv0UuvMVlZHdH/g2lJsaYmMvXw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4R6shL4TRqzGJ8; Fri, 21 Jul 2023 14:41:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 36LEfs85023846; Fri, 21 Jul 2023 14:41:54 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 36LEfsWt023845; Fri, 21 Jul 2023 14:41:54 GMT (envelope-from git) Date: Fri, 21 Jul 2023 14:41:54 GMT Message-Id: <202307211441.36LEfsWt023845@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: d578a19e2cd3 - stable/13 - ssh: Update to OpenSSH 9.3p2 List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: d578a19e2cd312ef0ec842c9f16f97d66caea22a Auto-Submitted: auto-generated The branch stable/13 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=d578a19e2cd312ef0ec842c9f16f97d66caea22a commit d578a19e2cd312ef0ec842c9f16f97d66caea22a Author: Ed Maste AuthorDate: 2023-07-19 17:02:33 +0000 Commit: Ed Maste CommitDate: 2023-07-21 14:41:41 +0000 ssh: Update to OpenSSH 9.3p2 From the release notes: Changes since OpenSSH 9.3 ========================= This release fixes a security bug. Security ======== Fix CVE-2023-38408 - a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if the following conditions are met: * Exploitation requires the presence of specific libraries on the victim system. * Remote exploitation requires that the agent was forwarded to an attacker-controlled system. Exploitation can also be prevented by starting ssh-agent(1) with an empty PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that contains only specific provider libraries. This vulnerability was discovered and demonstrated to be exploitable by the Qualys Security Advisory team. In addition to removing the main precondition for exploitation, this release removes the ability for remote ssh-agent(1) clients to load PKCS#11 modules by default (see below). Potentially-incompatible changes -------------------------------- * ssh-agent(8): the agent will now refuse requests to load PKCS#11 modules issued by remote clients by default. A flag has been added to restore the previous behaviour "-Oallow-remote-pkcs11". Note that ssh-agent(8) depends on the SSH client to identify requests that are remote. The OpenSSH >=8.9 ssh(1) client does this, but forwarding access to an agent socket using other tools may circumvent this restriction. Security: CVE-2023-38408 Sponsored by: The FreeBSD Foundation (cherry picked from commit 66fd12cf4896eb08ad8e7a2627537f84ead84dd3) --- crypto/openssh/ChangeLog | 1867 +--------------------------- crypto/openssh/README | 2 +- crypto/openssh/contrib/redhat/openssh.spec | 2 +- crypto/openssh/contrib/suse/openssh.spec | 2 +- crypto/openssh/ssh-agent.1 | 22 +- crypto/openssh/ssh-agent.c | 21 +- crypto/openssh/ssh-pkcs11.c | 6 +- crypto/openssh/sshd_config | 2 +- crypto/openssh/sshd_config.5 | 2 +- crypto/openssh/version.h | 4 +- 10 files changed, 82 insertions(+), 1848 deletions(-) diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog index f1d1b37d583c..40ca976a61b3 100644 --- a/crypto/openssh/ChangeLog +++ b/crypto/openssh/ChangeLog @@ -1,3 +1,36 @@ +commit 9795c4016ae35162072144df032c8b262433b462 +Author: Damien Miller +Date: Wed Jul 19 16:27:12 2023 +1000 + + OpenSSH 9.3p2 + +commit bde3635f3c9324bad132cf9ed917813d6abb599e +Author: Damien Miller +Date: Wed Jul 19 16:31:09 2023 +1000 + + update version in README + +commit f673f2f3e5f67099018fc281a6b5fb918142472e +Author: Damien Miller +Date: Wed Jul 19 16:31:00 2023 +1000 + + update RPM spec versions + +commit d7790cdce72a1b6982795baa2b4d6f0bdbb0100d +Author: Damien Miller +Date: Fri Jul 7 13:30:15 2023 +1000 + + disallow remote addition of FIDO/PKCS11 keys + + Depends on the local client performing the session-bind@openssh.com + operation, so non-OpenSSH local client may circumvent this. + +commit b23fe83f06ee7e721033769cfa03ae840476d280 +Author: Damien Miller +Date: Thu Jul 13 12:09:34 2023 +1000 + + terminate pkcs11 process for bad libraries + commit cb30fbdbee869f1ce11f06aa97e1cb8717a0b645 Author: Damien Miller Date: Thu Mar 16 08:28:19 2023 +1100 @@ -9402,1837 +9435,3 @@ Date: Mon Jul 19 05:08:54 2021 +0000 reliability on very heavily loaded hosts. OpenBSD-Regress-ID: 4c28a0fce3ea89ebde441d7091464176e9730533 - -commit 7953e1bfce9e76bec41c1331a29bc6cff9d416b8 -Author: Darren Tucker -Date: Mon Jul 19 13:47:51 2021 +1000 - - Add sshfp-connect.sh file missed in previous. - -commit b75a80fa8369864916d4c93a50576155cad4df03 -Author: dtucker@openbsd.org -Date: Mon Jul 19 03:13:28 2021 +0000 - - upstream: Ensure that all returned SSHFP records for the specified host - - name and hostkey type match instead of only one. While there, simplify the - code somewhat and add some debugging. Based on discussion in bz#3322, ok - djm@. - - OpenBSD-Commit-ID: 0a6a0a476eb7f9dfe8fe2c05a1a395e3e9b22ee4 - -commit 1cc1fd095393663cd72ddac927d82c6384c622ba -Author: dtucker@openbsd.org -Date: Mon Jul 19 02:21:50 2021 +0000 - - upstream: Id sync only, -portable already has this. - - Put dh_set_moduli_file call inside ifdef WITH_OPENSSL. Fixes - build with OPENSSL=no. - - OpenBSD-Commit-ID: af54abbebfb12bcde6219a44d544e18204defb15 - -commit 33abbe2f4153f5ca5c874582f6a7cc91ae167485 -Author: dtucker@openbsd.org -Date: Mon Jul 19 02:46:34 2021 +0000 - - upstream: Add test for host key verification via SSHFP records. This - - requires some external setup to operate so is disabled by default (see - comments in sshfp-connect.sh). - - OpenBSD-Regress-ID: c52c461bd1df3a803d17498917d156ef64512fd9 - -commit f0cd000d8e3afeb0416dce1c711c3d7c28d89bdd -Author: dtucker@openbsd.org -Date: Mon Jul 19 02:29:28 2021 +0000 - - upstream: Add ed25519 key and test SSHFP export of it. Only test - - RSA SSHFP export if we have RSA functionality compiled in. - - OpenBSD-Regress-ID: b4ff5181b8c9a5862e7f0ecdd96108622333a9af - -commit 0075511e27e5394faa28edca02bfbf13b9a6693e -Author: dtucker@openbsd.org -Date: Mon Jul 19 00:16:26 2021 +0000 - - upstream: Group keygen tests together. - - OpenBSD-Regress-ID: 07e2d25c527bb44f03b7c329d893a1f2d6c5c40c - -commit 034828820c7e62652e7c48f9ee6b67fb7ba6fa26 -Author: dtucker@openbsd.org -Date: Sun Jul 18 23:10:10 2021 +0000 - - upstream: Add test for ssh-keygen printing of SSHFP records. - - OpenBSD-Regress-ID: fde9566b56eeb980e149bbe157a884838507c46b - -commit 52c3b6985ef1d5dadb4c4fe212f8b3a78ca96812 -Author: djm@openbsd.org -Date: Sat Jul 17 00:38:11 2021 +0000 - - upstream: wrap some long lines - - OpenBSD-Commit-ID: 4f5186b1466656762dae37d3e569438d900c350d - -commit 43ec991a782791d0b3f42898cd789f99a07bfaa4 -Author: djm@openbsd.org -Date: Sat Jul 17 00:36:53 2021 +0000 - - upstream: fix sftp on ControlPersist connections, broken by recent - - SessionType change; spotted by sthen@ - - OpenBSD-Commit-ID: 4c5ddc5698790ae6ff50d2a4f8f832f0eeeaa234 - -commit 073f45c236550f158c9a94003e4611c07dea5279 -Author: djm@openbsd.org -Date: Fri Jul 16 09:00:23 2021 +0000 - - upstream: Explicitly check for and start time-based rekeying in the - - client and server mainloops. - - Previously the rekey timeout could expire but rekeying would not start - until a packet was sent or received. This could cause us to spin in - select() on the rekey timeout if the connection was quiet. - - ok markus@ - - OpenBSD-Commit-ID: 4356cf50d7900f3df0a8f2117d9e07c91b9ff987 - -commit ef7c4e52d5d840607f9ca3a302a4cbb81053eccf -Author: jmc@openbsd.org -Date: Wed Jul 14 06:46:38 2021 +0000 - - upstream: reorder SessionType; ok djm - - OpenBSD-Commit-ID: c7dd0b39e942b1caf4976a0b1cf0fed33d05418c - -commit 8aa2f9aeb56506dca996d68ab90ab9c0bebd7ec3 -Author: Darren Tucker -Date: Wed Jul 14 11:26:50 2021 +1000 - - Make whitespace consistent. - -commit 4f4297ee9b8a39f4dfd243a74c5f51f9e7a05723 -Author: Darren Tucker -Date: Wed Jul 14 11:26:12 2021 +1000 - - Add ARM64 Linux self-hosted runner. - -commit eda8909d1b0a85b9c3804a04d03ec6738fd9dc7f -Author: djm@openbsd.org -Date: Tue Jul 13 23:48:36 2021 +0000 - - upstream: add a SessionType directive to ssh_config, allowing the - - configuration file to offer equivalent control to the -N (no session) and -s - (subsystem) command-line flags. - - Part of GHPR#231 by Volker Diels-Grabsch with some minor tweaks; - feedback and ok dtucker@ - - OpenBSD-Commit-ID: 726ee931dd4c5cc7f1d7a187b26f41257f9a2d12 - -commit 7ae69f2628e338ba6e0eae7ee8a63bcf8fea7538 -Author: djm@openbsd.org -Date: Mon Jul 12 02:12:22 2021 +0000 - - upstream: fix some broken tests; clean up output - - OpenBSD-Regress-ID: 1d5038edb511dc4ce1622344c1e724626a253566 - -commit f5fc6a4c3404bbf65c21ca6361853b33d78aa87e -Author: Darren Tucker -Date: Mon Jul 12 18:00:05 2021 +1000 - - Add configure-time detection for SSH_TIME_T_MAX. - - Should fix printing cert times exceeding INT_MAX (bz#3329) on platforms - were time_t is a long long. The limit used is for the signed type, so if - some system has a 32bit unsigned time_t then the lower limit will still - be imposed and we would need to add some way to detect this. Anyone using - an unsigned 64bit can let us know when it starts being a problem. - -commit fd2d06ae4442820429d634c0a8bae11c8e40c174 -Author: dtucker@openbsd.org -Date: Mon Jul 12 06:22:57 2021 +0000 - - upstream: Make limit for time_t test unconditional in the - - format_absolute_time fix for bz#3329 that allows printing of timestamps past - INT_MAX. This was incorrectly included with the previous commit. Based on - discussion with djm@. - - OpenBSD-Commit-ID: 835936f6837c86504b07cabb596b613600cf0f6e - -commit 6c29b387cd64a57b0ec8ae7d2c8d02789d88fcc3 -Author: dtucker@openbsd.org -Date: Mon Jul 12 06:08:57 2021 +0000 - - upstream: Use existing format_absolute_time() function when - - printing cert validity instead of doing it inline. Part of bz#3329. - - OpenBSD-Commit-ID: a13d4e3c4f59644c23745eb02a09b2a4e717c00c - -commit 99981d5f8bfa383791afea03f6bce8454e96e323 -Author: djm@openbsd.org -Date: Fri Jul 9 09:55:56 2021 +0000 - - upstream: silence redundant error message; reported by Fabian Stelzer - - OpenBSD-Commit-ID: 9349a703016579a60557dafd03af2fe1d44e6aa2 - -commit e86097813419b49d5bff5c4b51d1c3a5d4d2d804 -Author: John Ericson -Date: Sat Dec 26 11:40:49 2020 -0500 - - Re-indent krb5 section after pkg-config addition. - -commit 32dd2daa56c294e40ff7efea482c9eac536d8cbb -Author: John Ericson -Date: Sat Dec 26 11:40:49 2020 -0500 - - Support finding Kerberos via pkg-config - - This makes cross compilation easier. - -commit def7a72234d7e4f684d72d33a0f7229f9eee0aa4 -Author: Darren Tucker -Date: Fri Jul 9 14:34:06 2021 +1000 - - Update comments about EGD to include prngd. - -commit b5d23150b4e3368f4983fd169d432c07afeee45a -Author: dtucker@openbsd.org -Date: Mon Jul 5 01:21:07 2021 +0000 - - upstream: Fix a couple of whitespace things. Portable already has - - these so this removes two diffs between the two. - - OpenBSD-Commit-ID: 769f017ebafd8e741e337b3e9e89eb5ac73c9c56 - -commit 8f57be9f279b8e905f9883066aa633c7e67b31cf -Author: dtucker@openbsd.org -Date: Mon Jul 5 01:16:46 2021 +0000 - - upstream: Order includes as per style(9). Portable already has - - these so this removes a handful of diffs between the two. - - OpenBSD-Commit-ID: 8bd7452d809b199c19bfc49511a798f414eb4a77 - -commit b75624f8733b3ed9e240f86cac5d4a39dae11848 -Author: dtucker@openbsd.org -Date: Mon Jul 5 00:50:25 2021 +0000 - - upstream: Remove comment referencing now-removed - - RhostsRSAAuthentication. ok djm@ - - OpenBSD-Commit-ID: 3d864bfbd99a1d4429a58e301688f3be464827a9 - -commit b67eb12f013c5441bb4f0893a97533582ad4eb13 -Author: djm@openbsd.org -Date: Mon Jul 5 00:25:42 2021 +0000 - - upstream: allow spaces to appear in usernames for local to remote, - - and scp -3 remote to remote copies. with & ok dtucker bz#1164 - - OpenBSD-Commit-ID: e9b550f3a85ffbb079b6720833da31317901d6dd - -commit 8c4ef0943e574f614fc7c6c7e427fd81ee64ab87 -Author: dtucker@openbsd.org -Date: Fri Jul 2 07:20:44 2021 +0000 - - upstream: Remove obsolete comments about SSHv1 auth methods. ok - - djm@ - - OpenBSD-Commit-ID: 6060f70966f362d8eb4bec3da2f6c4712fbfb98f - -commit 88908c9b61bcb99f16e8d398fc41e2b3b4be2003 -Author: Darren Tucker -Date: Sat Jul 3 23:00:19 2021 +1000 - - Remove reference to ChallengeResponse. - - challenge_response_authentication was removed from the struct, keeping - kbd_interactive_authentication. - -commit 321874416d610ad2158ce6112f094a4862c2e37f -Author: Darren Tucker -Date: Sat Jul 3 20:38:09 2021 +1000 - - Move signal.h up include order to match upstream. - -commit 4fa83e2d0e32c2dd758653e0359984bbf1334f32 -Author: Darren Tucker -Date: Sat Jul 3 20:36:06 2021 +1000 - - Remove old OpenBSD version marker. - - Looks like an accidental leftover from a sync. - -commit 9d5e31f55d5f3899b72645bac41a932d298ad73b -Author: Darren Tucker -Date: Sat Jul 3 20:34:19 2021 +1000 - - Remove duplicate error on error path. - - There's an extra error() call on the listen error path, it looks like - its removal was missed during an upstream sync. - -commit 888c459925c7478ce22ff206c9ac1fb812a40caf -Author: Darren Tucker -Date: Sat Jul 3 20:32:46 2021 +1000 - - Remove some whitespace not in upstream. - - Reduces diff vs OpenBSD by a small amount. - -commit 4d2d4d47a18d93f3e0a91a241a6fdb545bbf7dc2 -Author: Darren Tucker -Date: Sat Jul 3 19:27:43 2021 +1000 - - Replace remaining references to ChallengeResponse. - - Portable had a few additional references to ChallengeResponse related to - UsePAM, replaces these with equivalent keyboard-interactive ones. - -commit 53237ac789183946dac6dcb8838bc3b6b9b43be1 -Author: Darren Tucker -Date: Sat Jul 3 19:23:28 2021 +1000 - - Sync remaining ChallengeResponse removal. - - These were omitted from commit 88868fd131. - -commit 2c9e4b319f7e98744b188b0f58859d431def343b -Author: Darren Tucker -Date: Sat Jul 3 19:17:31 2021 +1000 - - Disable rocky84 to figure out why agent test fails - -commit bfe19197a92b7916f64a121fbd3c179abf15e218 -Author: Darren Tucker -Date: Fri Jul 2 15:43:28 2021 +1000 - - Remove now-unused SSHv1 enums. - - sRhostsRSAAuthentication and sRSAAuthentication are protocol 1 options - and are no longer used. - -commit c73b02d92d72458a5312bd098f32ce88868fd131 -Author: dtucker@openbsd.org -Date: Fri Jul 2 05:11:20 2021 +0000 - - upstream: Remove references to ChallengeResponseAuthentication in - - favour of KbdInteractiveAuthentication. The former is what was in SSHv1, the - latter is what is in SSHv2 (RFC4256) and they were treated as somewhat but - not entirely equivalent. We retain the old name as deprecated alias so - config files continue to work and a reference in the man page for people - looking for it. - - Prompted by bz#3303 which pointed out the discrepancy between the two - when used with Match. Man page help & ok jmc@, with & ok djm@ - - OpenBSD-Commit-ID: 2c1bff8e5c9852cfcdab1f3ea94dfef5a22f3b7e - -commit f841fc9c8c7568a3b5d84a4cc0cefacb7dbc16b9 -Author: Darren Tucker -Date: Fri Jul 2 15:20:32 2021 +1000 - - Fix ifdefs around get_random_bytes_prngd. - - get_random_bytes_prngd() is used if either of PRNGD_PORT or PRNGD_SOCKET - are defined, so adjust ifdef accordingly. - -commit 0767627cf66574484b9c0834500b42ea04fe528a -Author: Damien Miller -Date: Fri Jul 2 14:30:23 2021 +1000 - - wrap get_random_bytes_prngd() in ifdef - - avoid unused static function warning - -commit f93fdc4de158386efe1116bd44c5b3f4a7a82c25 -Author: Darren Tucker -Date: Mon Jun 28 13:06:37 2021 +1000 - - Add rocky84 test target. - -commit d443006c0ddfa7f6a5bd9c0ae92036f3d5f2fa3b -Author: djm@openbsd.org -Date: Fri Jun 25 06:30:22 2021 +0000 - - upstream: fix decoding of X.509 subject name; from Leif Thuresson - - via bz3327 ok markus@ - - OpenBSD-Commit-ID: 0ea2e28f39750dd388b7e317bc43dd997a217ae8 - -commit 2a5704ec142202d387fda2d6872fd4715ab81347 -Author: dtucker@openbsd.org -Date: Fri Jun 25 06:20:39 2021 +0000 - - upstream: Use better language to refer to the user. From l1ving - - via github PR#250, ok jmc@ - - OpenBSD-Commit-ID: 07ca3526626996613e128aeddf7748c93c4d6bbf - -commit 4bdf7a04797a0ea1c431a9d54588417c29177d19 -Author: dtucker@openbsd.org -Date: Fri Jun 25 03:38:17 2021 +0000 - - upstream: Replace SIGCHLD/notify_pipe kludge with pselect. - - Previously sshd's SIGCHLD handler would wake up select() by writing a - byte to notify_pipe. We can remove this by blocking SIGCHLD, checking - for child terminations then passing the original signal mask through - to pselect. This ensures that the pselect will immediately wake up if - a child terminates between wait()ing on them and the pselect. - - In -portable, for platforms that do not have pselect the kludge is still - there but is hidden behind a pselect interface. - - Based on other changes for bz#2158, ok djm@ - - OpenBSD-Commit-ID: 202c85de0b3bdf1744fe53529a05404c5480d813 - -commit c9f7bba2e6f70b7ac1f5ea190d890cb5162ce127 -Author: Darren Tucker -Date: Fri Jun 25 15:08:18 2021 +1000 - - Move closefrom() to before first malloc. - - When built against tcmalloc, tcmalloc allocates a descriptor for its - internal use, so calling closefrom() afterward causes the descriptor - number to be reused resulting in a corrupted connection. Moving the - closefrom a little earlier should resolve this. From kircherlike at - outlook.com via bz#3321, ok djm@ - -commit 7ebfe4e439853b88997c9cfc2ff703408a1cca92 -Author: Darren Tucker -Date: Fri Jun 18 20:41:45 2021 +1000 - - Put second -lssh in link line for sftp-server. - - When building --without-openssl the recent port-prngd.c change adds - a dependency on atomicio, but since nothing else in sftp-server uses - it, the linker may not find it. Add a second -lssh similar to other - binaries. - -commit e409d7966785cfd9f5970e66a820685c42169717 -Author: Darren Tucker -Date: Fri Jun 18 18:34:08 2021 +1000 - - Try EGD/PRNGD if random device fails. - - When built --without-openssl, try EGD/PRGGD (if configured) as a last - resort before failing. - -commit e43a898043faa3a965dbaa1193cc60e0b479033d -Author: Darren Tucker -Date: Fri Jun 18 18:32:51 2021 +1000 - - Split EGD/PRNGD interface into its own file. - - This will allow us to use it when building --without-openssl. - -commit acb2887a769a1b1912cfd7067f3ce04fad240260 -Author: Darren Tucker -Date: Thu Jun 17 21:03:19 2021 +1000 - - Handle GIDs > 2^31 in getgrouplist. - - When compiled in 32bit mode, the getgrouplist implementation may fail - for GIDs greater than LONG_MAX. Analysis and change from ralf.winkel - at tui.com. - -commit 31fac20c941126281b527605b73bff30a8f02edd -Author: dtucker@openbsd.org -Date: Thu Jun 10 09:46:28 2021 +0000 - - upstream: Use $SUDO when reading sshd's pidfile here too. - - OpenBSD-Regress-ID: 6bfb0d455d493f24839034a629c5306f84dbd409 - -commit a3a58acffc8cc527f8fc6729486d34e4c3d27643 -Author: dtucker@openbsd.org -Date: Thu Jun 10 09:43:51 2021 +0000 - - upstream: Use $SUDO when reading sshd's pidfile in case it was - - created with a very restrictive umask. This resyncs with -portable. - - OpenBSD-Regress-ID: 07fd2af06df759d4f64b82c59094accca1076a5d - -commit 249ad4ae51cd3bc235e75a4846eccdf8b1416611 -Author: dtucker@openbsd.org -Date: Thu Jun 10 09:37:59 2021 +0000 - - upstream: Set umask when creating hostkeys to prevent excessive - - permissions warning. - - OpenBSD-Regress-ID: 382841db0ee28dfef7f7bffbd511803e1b8ab0ef - -commit 9d0892153c005cc65897e9372b01fa66fcbe2842 -Author: dtucker@openbsd.org -Date: Thu Jun 10 03:45:31 2021 +0000 - - upstream: Add regress test for SIGHUP restart - - while handling active and unauthenticated clients. Should catch anything - similar to the pselect bug just fixed in sshd.c. - - OpenBSD-Regress-ID: 3b3c19b5e75e43af1ebcb9586875b3ae3a4cac73 - -commit 73f6f191f44440ca3049b9d3c8e5401d10b55097 -Author: dtucker@openbsd.org -Date: Thu Jun 10 03:14:14 2021 +0000 - - upstream: Continue accept loop when pselect - - returns -1, eg if it was interrupted by a signal. This should prevent - the hang discovered by sthen@ wherein sshd receives a SIGHUP while it has - an unauthenticated child and goes on to a blocking read on a notify_pipe. - feedback deraadt@, ok djm@ - - OpenBSD-Commit-ID: 0243c1c5544fca0974dae92cd4079543a3fceaa0 - -commit c785c0ae134a8e8b5c82b2193f64c632a98159e4 -Author: djm@openbsd.org -Date: Tue Jun 8 22:30:27 2021 +0000 - - upstream: test that UserKnownHostsFile correctly accepts multiple - - arguments; would have caught readconf.c r1.356 regression - - OpenBSD-Regress-ID: 71ca54e66c2a0211b04999263e56390b1f323a6a - -commit 1a6f6b08e62c78906a3032e8d9a83e721c84574e -Author: djm@openbsd.org -Date: Tue Jun 8 22:06:12 2021 +0000 - - upstream: fix regression in r1.356: for ssh_config options that - - accepted multiple string arguments, ssh was only recording the first. - Reported by Lucas via bugs@ - - OpenBSD-Commit-ID: 7cbf182f7449bf1cb7c5b4452667dc2b41170d6d - -commit 78e30af3e2b2dd540a341cc827c6b98dd8b0a6de -Author: djm@openbsd.org -Date: Tue Jun 8 07:40:12 2021 +0000 - - upstream: test argv_split() optional termination on comments - - OpenBSD-Regress-ID: 9fd1c4a27a409897437c010cfd79c54b639a059c - -commit a023138957ea2becf1c7f93fcc42b0aaac6f2b03 -Author: dtucker@openbsd.org -Date: Tue Jun 8 07:05:27 2021 +0000 - - upstream: Add testcases from bz#3319 for IPQoS and TunnelDevice - - being overridden on the command line. - - OpenBSD-Regress-ID: 801674d5d2d02abd58274a78cab2711f11de14a8 - -commit 660cea10b2cdc11f13ba99c89b1bbb368a4d9ff2 -Author: djm@openbsd.org -Date: Tue Jun 8 06:52:43 2021 +0000 - - upstream: sprinkle some "# comment" at end of configuration lines - - to test comment handling - - OpenBSD-Regress-ID: cb82fbf40bda5c257a9f742c63b1798e5a8fdda7 - -commit acc9c32dcb6def6c7d3688bceb4c0e59bd26b411 -Author: djm@openbsd.org -Date: Tue Jun 8 06:51:47 2021 +0000 - - upstream: more descriptive failure message - - OpenBSD-Regress-ID: 5300f6faf1d9e99c0cd10827b51756c5510e3509 - -commit ce04dd4eae23d1c9cf7c424a702f48ee78573bc1 -Author: djm@openbsd.org -Date: Mon Jun 7 01:16:34 2021 +0000 - - upstream: test AuthenticationMethods inside a Match block as well - - as in the main config section - - OpenBSD-Regress-ID: ebe0a686621b7cb8bb003ac520975279c28747f7 - -commit 9018bd821fca17e26e92f7a7e51d9b24cd62f2db -Author: djm@openbsd.org -Date: Mon Jun 7 00:00:50 2021 +0000 - - upstream: prepare for stricter sshd_config parsing that will refuse - - a config that has {Allow,Deny}{Users,Groups} on a line with no subsequent - arguments. Such lines are permitted but are nonsensical noops ATM - - OpenBSD-Regress-ID: ef65463fcbc0bd044e27f3fe400ea56eb4b8f650 - -commit a10f929d1ce80640129fc5b6bc1acd9bf689169e -Author: djm@openbsd.org -Date: Tue Jun 8 07:09:42 2021 +0000 - - upstream: switch sshd_config parsing to argv_split() - - similar to the previous commit, this switches sshd_config parsing to - the newer tokeniser. Config parsing will be a little stricter wrt - quote correctness and directives appearing without arguments. - - feedback and ok markus@ - - tested in snaps for the last five or so days - thanks Theo and those who - caught bugs - - OpenBSD-Commit-ID: 9c4305631d20c2d194661504ce11e1f68b20d93e - -commit ea9e45c89a4822d74a9d97fef8480707d584da4d -Author: djm@openbsd.org -Date: Tue Jun 8 07:07:15 2021 +0000 - - upstream: Switch ssh_config parsing to use argv_split() - - This fixes a couple of problems with the previous tokeniser, - strdelim() - - 1. strdelim() is permissive wrt accepting '=' characters. This is - intended to allow it to tokenise "Option=value" but because it - cannot keep state, it will incorrectly split "Opt=val=val2". - 2. strdelim() has rudimentry handling of quoted strings, but it - is incomplete and inconsistent. E.g. it doesn't handle escaped - quotes inside a quoted string. - 3. It has no support for stopping on a (unquoted) comment. Because - of this readconf.c r1.343 added chopping of lines at '#', but - this caused a regression because these characters may legitimately - appear inside quoted strings. - - The new tokeniser is stricter is a number of cases, including #1 above - but previously it was also possible for some directives to appear - without arguments. AFAIK these were nonsensical in all cases, and the - new tokeniser refuses to accept them. - - The new code handles quotes much better, permitting quoted space as - well as escaped closing quotes. Finally, comment handling should be - fixed - the tokeniser will terminate only on unquoted # characters. - - feedback & ok markus@ - - tested in snaps for the last five or so days - thanks Theo and those who - caught bugs - - OpenBSD-Commit-ID: dc72fd12af9d5398f4d9e159d671f9269c5b14d5 - -commit d786424986c04d1d375f231fda177c8408e05c3e -Author: dtucker@openbsd.org -Date: Tue Jun 8 07:02:46 2021 +0000 - - upstream: Check if IPQoS or TunnelDevice are already set before - - overriding. Prevents values in config files from overriding values supplied - on the command line. bz#3319, ok markus. - - OpenBSD-Commit-ID: f3b08b898c324debb9195e6865d8999406938f74 - -commit aae4b4d3585b9f944d7dbd3c9e5ba0006c55e457 -Author: djm@openbsd.org -Date: Tue Jun 8 06:54:40 2021 +0000 - - upstream: Allow argv_split() to optionally terminate tokenisation - - when it encounters an unquoted comment. - - Add some additional utility function for working with argument - vectors, since we'll be switching to using them to parse - ssh/sshd_config shortly. - - ok markus@ as part of a larger diff; tested in snaps - - OpenBSD-Commit-ID: fd9c108cef2f713f24e3bc5848861d221bb3a1ac - -commit da9f9acaac5bab95dca642b48e0c8182b246ab69 -Author: Darren Tucker -Date: Mon Jun 7 19:19:23 2021 +1000 - - Save logs on failure for upstream test - -commit 76883c60161e5f3808787085a27a8c37f8cc4e08 -Author: Darren Tucker -Date: Mon Jun 7 14:36:32 2021 +1000 - - Add obsdsnap-i386 upstream test target. - -commit d45b9c63f947ec5ec314696e70281f6afddc0ac3 -Author: djm@openbsd.org -Date: Mon Jun 7 03:38:38 2021 +0000 - - upstream: fix debug message when finding a private key to match a - - certificate being attempted for user authentication. Previously it would - print the certificate's path, whereas it was supposed to be showing the - private key's path. Patch from Alex Sherwin via GHPR247 - - OpenBSD-Commit-ID: d5af3be66d0f22c371dc1fe6195e774a18b2327b - -commit 530739d42f6102668aecd699be0ce59815c1eceb -Author: djm@openbsd.org -Date: Sun Jun 6 11:34:16 2021 +0000 - - upstream: Match host certificates against host public keys, not private - - keys. Allows use of certificates with private keys held in a ssh-agent. - Reported by Miles Zhou in bz3524; ok dtucker@ - - OpenBSD-Commit-ID: 25f5bf70003126d19162862d9eb380bf34bac22a - -commit 4265215d7300901fd7097061c7517688ade82f8e -Author: djm@openbsd.org -Date: Sun Jun 6 03:40:39 2021 +0000 - - upstream: Client-side workaround for a bug in OpenSSH 7.4: this release - - allows RSA/SHA2 signatures for public key authentication but fails to - advertise this correctly via SSH2_MSG_EXT_INFO. This causes clients of these - server to incorrectly match PubkeyAcceptedAlgorithms and potentially refuse - to offer valid keys. - - Reported by and based on patch from Gordon Messmer via bz3213, thanks - also for additional analysis by Jakub Jelen. ok dtucker - - OpenBSD-Commit-ID: d6d0b7351d5d44c45f3daaa26efac65847a564f7 - -commit bda270d7fb8522d43c21a79a4b02a052d7c64de8 -Author: djm@openbsd.org -Date: Sun Jun 6 03:17:02 2021 +0000 - - upstream: degrade gracefully if a sftp-server offers the - - limits@openssh.com extension but fails when the client tries to invoke it. - Reported by Hector Martin via bz3318 - - OpenBSD-Commit-ID: bd9d1839c41811616ede4da467e25746fcd9b967 - -commit d345d5811afdc2d6923019b653cdd93c4cc95f76 -Author: djm@openbsd.org -Date: Sun Jun 6 03:15:39 2021 +0000 - - upstream: the limits@openssh.com extension was incorrectly marked - - as an operation that writes to the filesystem, which made it unavailable in - sftp-server read-only mode. Spotted by Hector Martin via bz3318 - - OpenBSD-Commit-ID: f054465230787e37516c4b57098fc7975e00f067 - -commit 2b71010d9b43d7b8c9ec1bf010beb00d98fa765a -Author: naddy@openbsd.org -Date: Sat Jun 5 13:47:00 2021 +0000 - - upstream: PROTOCOL.certkeys: update reference from IETF draft to - - RFC - - Also fix some typos. - ok djm@ - - OpenBSD-Commit-ID: 5e855b6c5a22b5b13f8ffa3897a868e40d349b44 - -commit aa99b2d9a3e45b943196914e8d8bf086646fdb54 -Author: Darren Tucker -Date: Fri Jun 4 23:41:29 2021 +1000 - - Clear notify_pipe from readset if present. - - Prevents leaking an implementation detail to the caller. - -commit 6de8dadf6b4d0627d35bca0667ca44b1d61c2c6b -Author: Darren Tucker -Date: Fri Jun 4 23:24:25 2021 +1000 - - space->tabs. - -commit c8677065070ee34c05c7582a9c2f58d8642e552d -Author: Darren Tucker -Date: Fri Jun 4 18:39:48 2021 +1000 - - Add pselect implementation for platforms without. - - This is basically the existing notify_pipe kludge from serverloop.c - moved behind a pselect interface. It works by installing a signal - handler that writes to a pipe that the select is watching, then calls - the original handler. - - The select call in serverloop will become pselect soon, at which point the - kludge will be removed from thereand will only exist in the compat layer. - Original code by markus, help from djm. - -commit 7cd7f302d3a072748299f362f9e241d81fcecd26 -Author: Vincent Brillault -Date: Sun May 24 09:15:06 2020 +0200 - - auth_log: dont log partial successes as failures - - By design, 'partial' logins are successful logins, so initially with - authenticated set to 1, for which another authentication is required. As - a result, authenticated is always reset to 0 when partial is set to 1. - However, even if authenticated is 0, those are not failed login - attempts, similarly to attempts with authctxt->postponed set to 1. - -commit e7606919180661edc7f698e6a1b4ef2cfb363ebf -Author: djm@openbsd.org -Date: Fri Jun 4 06:19:07 2021 +0000 - - upstream: The RB_GENERATE_STATIC(3) macro expands to a series of - - function definitions and not a statement, so there should be no semicolon - following them. Patch from Michael Forney - - OpenBSD-Commit-ID: c975dd180580f0bdc0a4d5b7d41ab1f5e9b7bedd - -commit c298c4da574ab92df2f051561aeb3e106b0ec954 -Author: djm@openbsd.org -Date: Fri Jun 4 05:59:18 2021 +0000 - - upstream: rework authorized_keys example section, removing irrelevant - - stuff, de-wrapping the example lines and better aligning the examples with - common usage and FAQs; ok jmc - - OpenBSD-Commit-ID: d59f1c9281f828148e2a2e49eb9629266803b75c - -commit d9cb35bbec5f623589d7c58fc094817b33030f35 -Author: djm@openbsd.org -Date: Fri Jun 4 05:10:03 2021 +0000 - - upstream: adjust SetEnv description to clarify $TERM handling - - OpenBSD-Commit-ID: 8b8cc0124856bc1094949d55615e5c44390bcb22 - -commit 771f57a8626709f2ad207058efd68fbf30d31553 -Author: dtucker@openbsd.org -Date: Fri Jun 4 05:09:08 2021 +0000 - - upstream: Switch the listening select loop from select() to - - pselect() and mask signals while checking signal flags, umasking for pselect - and restoring afterwards. Also restore signals before sighup_restart so they - don't remain blocked after restart. - - This prevents a race where a SIGTERM or SIGHUP can arrive between - checking the flag and calling select (eg if sshd is processing a - new connection) resulting in sshd not shutting down until the next - time it receives a new connection. bz#2158, with & ok djm@ - - OpenBSD-Commit-ID: bf85bf880fd78e00d7478657644fcda97b9a936f - -commit f64f8c00d158acc1359b8a096835849b23aa2e86 -Author: djm@openbsd.org -Date: Fri Jun 4 05:02:40 2021 +0000 - - upstream: allow ssh_config SetEnv to override $TERM, which is otherwise - - handled specially by the protocol. Useful in ~/.ssh/config to set TERM to - something generic (e.g. "xterm" instead of "xterm-256color") for destinations - that lack terminfo entries. feedback and ok dtucker@ - - OpenBSD-Commit-ID: 38b1ef4d5bc159c7d9d589d05e3017433e2d5758 - -commit 60107677dc0ce1e93c61f23c433ad54687fcd9f5 -Author: djm@openbsd.org -Date: Fri Jun 4 04:02:21 2021 +0000 - - upstream: correct extension name "no-presence-required" => - - "no-touch-required" - - document "verify-required" option - - OpenBSD-Commit-ID: 1879ff4062cf61d79b515e433aff0bf49a6c55c5 - -commit ecc186e46e3e30f27539b4311366dfda502f0a08 -Author: Darren Tucker -Date: Wed Jun 2 13:54:11 2021 +1000 - - Retire fbsd7 test target. - *** 1141 LINES SKIPPED ***