diff options
| author | Ed Maste <emaste@FreeBSD.org> | 2022-04-15 14:41:08 +0000 |
|---|---|---|
| committer | Ed Maste <emaste@FreeBSD.org> | 2022-04-15 14:41:08 +0000 |
| commit | 87c1498d1a7473ff983e5c0456f30608f3f1e601 (patch) | |
| tree | 3ed1840d45c074e4d86037c24ccacce8cc35b2e7 | |
| parent | 10aa36702cdb1112ac368c449d60ee4e8eb832d0 (diff) | |
| parent | 7f9f5c27f6f623a2081f2b436692418fd962b903 (diff) | |
| download | src-87c1498d1a7473ff983e5c0456f30608f3f1e601.tar.gz src-87c1498d1a7473ff983e5c0456f30608f3f1e601.zip | |
ssh: update to OpenSSH v9.0p1
Release notes are available at https://www.openssh.com/txt/release-9.0
Some highlights:
* ssh(1), sshd(8): use the hybrid Streamlined NTRU Prime + x25519 key
exchange method by default ("sntrup761x25519-sha512@openssh.com").
The NTRU algorithm is believed to resist attacks enabled by future
quantum computers and is paired with the X25519 ECDH key exchange
(the previous default) as a backstop against any weaknesses in
NTRU Prime that may be discovered in the future. The combination
ensures that the hybrid exchange offers at least as good security
as the status quo.
* sftp-server(8): support the "copy-data" extension to allow server-
side copying of files/data, following the design in
draft-ietf-secsh-filexfer-extensions-00. bz2948
* sftp(1): add a "cp" command to allow the sftp client to perform
server-side file copies.
This commit excludes the scp(1) change to use the SFTP protocol by
default; that change will immediately follow.
MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
53 files changed, 1166 insertions, 870 deletions
diff --git a/crypto/openssh/.depend b/crypto/openssh/.depend index 945a01dcc05d..cd38d15f8f52 100644 --- a/crypto/openssh/.depend +++ b/crypto/openssh/.depend @@ -121,7 +121,7 @@ sftp-common.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-c sftp-glob.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h sftp-realpath.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sftp-server-main.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h sftp.h misc.h xmalloc.h -sftp-server.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshbuf.h ssherr.h log.h misc.h match.h uidswap.h sftp.h sftp-common.h +sftp-server.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h sshbuf.h ssherr.h log.h misc.h match.h uidswap.h sftp.h sftp-common.h sftp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ssherr.h pathnames.h misc.h utf8.h sftp.h sshbuf.h sftp-common.h sftp-client.h openbsd-compat/glob.h sk-usbhid.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sntrup761.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h diff --git a/crypto/openssh/.github/configs b/crypto/openssh/.github/configs index 853da58a51e3..871a3d414d94 100755 --- a/crypto/openssh/.github/configs +++ b/crypto/openssh/.github/configs @@ -38,13 +38,13 @@ case "$config" in CC="clang-12" # clang's implicit-fallthrough requires that the code be annotated with # __attribute__((fallthrough)) and does not understand /* FALLTHROUGH */ - CFLAGS="-Wall -Wextra -O2 -Wno-error=implicit-fallthrough" + CFLAGS="-Wall -Wextra -O2 -Wno-error=implicit-fallthrough -Wno-error=unused-parameter" CONFIGFLAGS="--with-pam --with-Werror" ;; gcc-11-Werror) CC="gcc" # -Wnoformat-truncation in gcc 7.3.1 20180130 fails on fmt_scaled - CFLAGS="-Wall -Wextra -Wno-format-truncation -O2 -Wimplicit-fallthrough=4" + CFLAGS="-Wall -Wextra -O2 -Wno-format-truncation -Wimplicit-fallthrough=4 -Wno-unused-parameter" CONFIGFLAGS="--with-pam --with-Werror" ;; clang*|gcc*) @@ -145,10 +145,23 @@ case "$config" in esac case "${TARGET_HOST}" in + aix*) + # These are slow real or virtual machines so skip the slowest tests + # (which tend to be thw ones that transfer lots of data) so that the + # test run does not time out. + # The agent-restrict test fails due to some quoting issue when run + # with sh or ksh so specify bash for now. + TEST_TARGET="t-exec TEST_SHELL=bash" + SKIP_LTESTS="rekey sftp" + ;; dfly58*|dfly60*) # scp 3-way connection hangs on these so skip until sorted. SKIP_LTESTS=scp3 ;; + fbsd6) + # Native linker is not great with PIC so OpenSSL is built w/out. + CONFIGFLAGS="${CONFIGFLAGS} --disable-security-key" + ;; hurd) SKIP_LTESTS="forwarding multiplex proxy-connect hostkey-agent agent-ptrace" ;; @@ -173,6 +186,10 @@ case "${TARGET_HOST}" in # SHA256 functions in sha2.h conflict with OpenSSL's breaking sk-dummy CONFIGFLAGS="${CONFIGFLAGS} --without-hardening --disable-security-key" ;; + openwrt-*) + CONFIGFLAGS="${CONFIGFLAGS} --without-openssl --without-zlib" + TEST_TARGET="t-exec" + ;; sol10|sol11) # sol10 VM is 32bit and the unit tests are slow. # sol11 has 4 test configs so skip unit tests to speed up. diff --git a/crypto/openssh/.github/setup_ci.sh b/crypto/openssh/.github/setup_ci.sh index ca37f8c5512f..a3bb8587eab1 100755 --- a/crypto/openssh/.github/setup_ci.sh +++ b/crypto/openssh/.github/setup_ci.sh @@ -80,7 +80,7 @@ for TARGET in $TARGETS; do INSTALL_LIBRESSL=$(echo ${TARGET} | cut -f2 -d-) case ${INSTALL_LIBRESSL} in master) ;; - *) INSTALL_LIBRESSL="v$(echo ${TARGET} | cut -f2 -d-)" ;; + *) INSTALL_LIBRESSL="$(echo ${TARGET} | cut -f2 -d-)" ;; esac PACKAGES="${PACKAGES} putty-tools" ;; @@ -122,11 +122,20 @@ if [ ! -z "${INSTALL_OPENSSL}" ]; then fi if [ ! -z "${INSTALL_LIBRESSL}" ]; then - (mkdir -p ${HOME}/libressl && cd ${HOME}/libressl && - git clone https://github.com/libressl-portable/portable.git && - cd ${HOME}/libressl/portable && - git checkout ${INSTALL_LIBRESSL} && - sh update.sh && sh autogen.sh && - ./configure --prefix=/opt/libressl && - make -j2 && sudo make install) + if [ "${INSTALL_LIBRESSL}" = "master" ]; then + (mkdir -p ${HOME}/libressl && cd ${HOME}/libressl && + git clone https://github.com/libressl-portable/portable.git && + cd ${HOME}/libressl/portable && + git checkout ${INSTALL_LIBRESSL} && + sh update.sh && sh autogen.sh && + ./configure --prefix=/opt/libressl && + make -j2 && sudo make install) + else + LIBRESSL_URLBASE=https://cdn.openbsd.org/pub/OpenBSD/LibreSSL + (cd ${HOME} && + wget ${LIBRESSL_URLBASE}/libressl-${INSTALL_LIBRESSL}.tar.gz && + tar xfz libressl-${INSTALL_LIBRESSL}.tar.gz && + cd libressl-${INSTALL_LIBRESSL} && + ./configure --prefix=/opt/libressl && make -j2 && sudo make install) + fi fi diff --git a/crypto/openssh/.github/workflows/c-cpp.yml b/crypto/openssh/.github/workflows/c-cpp.yml index 5ee896308478..b778c9804203 100644 --- a/crypto/openssh/.github/workflows/c-cpp.yml +++ b/crypto/openssh/.github/workflows/c-cpp.yml @@ -46,6 +46,7 @@ jobs: - { os: ubuntu-latest, configs: libressl-3.2.6 } - { os: ubuntu-latest, configs: libressl-3.3.4 } - { os: ubuntu-latest, configs: libressl-3.4.1 } + - { os: ubuntu-latest, configs: libressl-3.5.0 } - { os: ubuntu-latest, configs: openssl-master } - { os: ubuntu-latest, configs: openssl-noec } - { os: ubuntu-latest, configs: openssl-1.0.1 } @@ -54,7 +55,9 @@ jobs: - { os: ubuntu-latest, configs: openssl-1.1.0h } - { os: ubuntu-latest, configs: openssl-1.1.1 } - { os: ubuntu-latest, configs: openssl-1.1.1k } + - { os: ubuntu-latest, configs: openssl-1.1.1m } - { os: ubuntu-latest, configs: openssl-3.0.0 } + - { os: ubuntu-latest, configs: openssl-3.0.1 } - { os: ubuntu-latest, configs: openssl-1.1.1_stable } # stable branch - { os: ubuntu-latest, configs: openssl-3.0 } # stable branch - { os: ubuntu-18.04, configs: pam } diff --git a/crypto/openssh/.github/workflows/selfhosted.yml b/crypto/openssh/.github/workflows/selfhosted.yml index 09f7af939912..ec2c29825c85 100644 --- a/crypto/openssh/.github/workflows/selfhosted.yml +++ b/crypto/openssh/.github/workflows/selfhosted.yml @@ -16,9 +16,11 @@ jobs: # default config. "os" corresponds to a label associated with the worker. matrix: os: + - aix51 - ARM64 - alpine - bbone + - debian-i386 - dfly30 - dfly48 - dfly58 @@ -40,6 +42,8 @@ jobs: - obsd70 - obsdsnap - openindiana + - openwrt-mips + - openwrt-mipsel # - rocky84 - sol10 - sol11 @@ -49,6 +53,7 @@ jobs: # Then we include any extra configs we want to test for specific VMs. include: - { os: ARM64, configs: pam } + - { os: debian-i386, configs: pam } - { os: dfly30, configs: without-openssl} - { os: dfly48, configs: pam } - { os: dfly58, configs: pam } @@ -87,7 +92,7 @@ jobs: run: vmrun make - name: make tests run: vmrun ./.github/run_test.sh ${{ matrix.configs }} - timeout-minutes: 300 + timeout-minutes: 600 - name: save logs if: failure() uses: actions/upload-artifact@v2 diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog index c225b94dfd3e..063b54769d53 100644 --- a/crypto/openssh/ChangeLog +++ b/crypto/openssh/ChangeLog @@ -1,3 +1,504 @@ +commit 94eb6858efecc1b4f02d8a6bd35e149f55c814c8 +Author: Damien Miller <djm@mindrot.org> +Date: Wed Apr 6 10:47:48 2022 +1000 + + update version numbers for release + +commit 8e4a8eadf4fe74e65e6492f34250f8cf7d67e8da +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Apr 4 22:45:25 2022 +0000 + + upstream: openssh-9.0 + + OpenBSD-Commit-ID: 0dfb461188f4513ec024c1534da8c1ce14c20b64 + +commit a9f23ea2e3227f406880c2634d066f6f50fa5eaa +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Thu Mar 31 17:58:44 2022 +0000 + + upstream: ssh: document sntrup761x25519-sha512@openssh.com as + + default KEX + + OpenBSD-Commit-ID: 12545bfa10bcbf552d04d9d9520d0f4e98b0e171 + +commit 9ec2713d122af79d66ebb9c1d6d9ae8621a8945f +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Thu Mar 31 17:27:27 2022 +0000 + + upstream: man pages: add missing commas between subordinate and + + main clauses + + jmc@ dislikes a comma before "then" in a conditional, so leave those + untouched. + + ok jmc@ + + OpenBSD-Commit-ID: 9520801729bebcb3c9fe43ad7f9776ab4dd05ea3 + +commit 3741df98ffaaff92b474ee70d8ef276b5882f85a +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Apr 4 23:52:11 2022 +1000 + + Disable security key on fbsd6 test host. + +commit 32c12236f27ae83bfe6d2983b67c9bc67a83a417 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Apr 4 15:16:51 2022 +1000 + + Specify TEST_SHELL=bash on AIX. + + The system shells cause the agent-restrict test to fail due to some + quoting so explicitly specify bash until we can get configure to + autmatically work around that. + +commit 90452c8b69d065b7c7c285ff78b81418a75bcd76 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Apr 1 23:38:44 2022 +1100 + + Only return events from ppoll that were requested. + + If the underlying system's select() returns bits that were not in the + request set, our ppoll() implementation can return revents for events + not requested, which can apparently cause a hang. Only return revents + for activity in the requested event set. bz#3416, analysis and fix by + yaroslav.kuzmin at vmssoftware com, ok djm@ + +commit 6c49eb5fabc56f4865164ed818aa5112d09c31a8 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Apr 1 23:21:40 2022 +1100 + + Only run regression tests on slow VMs. + +commit f67e47903977b42cb6abcd5565a61bd7293e4dc3 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Apr 1 23:21:06 2022 +1100 + + Increase test timeout to allow slow VMs to finish + +commit 02488c1b54065ddc4f25835dbd2618b2a2fe21f5 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Apr 1 16:27:38 2022 +1100 + + Use bash or ksh if available for SH in Makefile. + +commit 34c7018c316af4773e432066de28d0ef9d0888cd +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Apr 1 14:56:54 2022 +1100 + + Set Makefile SHELL as determined by configure. + + This should improve compatibility for users with non-POSIX shells. If + using Makefile.in directly (eg make -f Makefile.in distprep) then SHELL + will need to be specified on the command line (along with MANFMT in that + particular case). ok djm@ + +commit 5b054d76402faab38c48377efd112426469553a0 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Apr 1 13:16:47 2022 +1100 + + Skip slow tests on (very) slow test targets. + +commit b275818065b31a865142c48c2acf6a7c1655c542 +Author: Damien Miller <djm@mindrot.org> +Date: Thu Mar 31 14:11:36 2022 +1100 + + depend + +commit 3fa539c3ffaabd6211995512d33e29150f88c5c5 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Mar 31 03:07:03 2022 +0000 + + upstream: add a sftp client "cp" command that supports server-side + + copying of files. Useful for this task and for testing the copy-data + extension. Patch from Mike Frysinger; ok dtucker@ + + OpenBSD-Commit-ID: 1bb1b950af0d49f0d5425b1f267e197aa1b57444 + +commit 7988bfc4b701c4b3fe9b36c8561a3d1c5d4c9a74 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Mar 31 03:05:49 2022 +0000 + + upstream: add support for the "corp-data" protocol extension to + + allow server-side copies to be performed without having to go via the client. + Patch by Mike Frysinger, ok dtucker@ + + OpenBSD-Commit-ID: 00aa510940fedd66dab1843b58682de4eb7156d5 + +commit 32dc1c29a4ac9c592ddfef0a4895eb36c1f567ba +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Mar 30 21:13:23 2022 +0000 + + upstream: select post-quantum KEX + + sntrup761x25519-sha512@openssh.com as the default; ok markus@ + + OpenBSD-Commit-ID: f02d99cbfce22dffec2e2ab1b60905fbddf48fb9 + +commit d6556de1db0822c76ba2745cf5c097d9472adf7c +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Mar 30 21:10:25 2022 +0000 + + upstream: fix poll() spin when a channel's output fd closes without + + data in the channel buffer. Introduce more exact packing of channel fds into + the pollfd array. fixes bz3405 and bz3411; ok deraadt@ markus@ + + OpenBSD-Commit-ID: 06740737849c9047785622ad5d472cb6a3907d10 + +commit 8a74a96d25ca4d32fbf298f6c0ac5a148501777d +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Mar 30 04:33:09 2022 +0000 + + upstream: ssh is almost out of getopt() characters; note the + + remaining remaining available ones in a comment + + OpenBSD-Commit-ID: 48d38cef59d6bc8e84c6c066f6d601875d3253fd + +commit 6d4fc51adb9d8a42f67b5474f02f877422379de6 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Mar 30 04:27:51 2022 +0000 + + upstream: avoid NULL deref via ssh-keygen -Y find-principals. + + bz3409, reported by Mateusz Adamowski + + OpenBSD-Commit-ID: a3b2c02438052ee858e0ee18e5a288586b5df2c5 + +commit e937514920335b92b543fd9be79cd6481d1eb0b6 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Mar 28 17:51:03 2022 +1100 + + Add AIX 5.1 test target. + +commit 4bbe815ba974b4fd89cc3fc3e3ef1be847a0befe +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Mar 26 22:01:31 2022 +1100 + + Drop leading "v" from release version identifier. + + It's present in the git tags but not in the release tarball names. + Also drop extra "/" from URL path. + +commit f5cdd3b3c275dffaebfca91df782dca29975e9ac +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Mar 26 16:28:04 2022 +1100 + + Use tarballs when testing LibreSSL releases. + + This means they'll still work when the combination of -portable and + openbsd github repos no longer match. + +commit 24dc37d198f35a7cf71bf4d5384363c7ef4209d4 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Mar 26 15:02:45 2022 +1100 + + Remove now-unused passwd variable. + +commit 5b467ceef2c356f0a77f5e8ab4eb0fac367e4d24 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Mar 26 13:15:44 2022 +1100 + + Missing semicolon. + +commit 2923d026e55998133c0f6e5186dca2a3c0fa5ff5 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Mar 26 12:49:50 2022 +1100 + + Factor out platform-specific locked account check. + + Also fixes an incorrect free on platforms with both libiaf and shadow + passwords (probably only Unixware). Prompted by github PR#284, + originally from @c3h2_ctf and stoeckmann@. + +commit d23efe4b12886ffe416be10bc0a7da6ca8aa72d1 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Mar 26 08:13:46 2022 +1100 + + Add OpenWRT mips and mipsel test targets. + +commit 16ea8b85838dd7a4dbeba4e51ac4f43fd68b1e5b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Mar 20 08:52:17 2022 +0000 + + upstream: don't leak argument list; bz3404, reported by Balu + + Gajjala ok dtucker@ + + OpenBSD-Commit-ID: fddc32d74e5dd5cff1a49ddd6297b0867eae56a6 + +commit a72bde294fe0518c9a44ba63864093a1ef2425e3 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Mar 20 08:51:21 2022 +0000 + + upstream: make addargs() and replacearg() a little more robust and + + improve error reporting + + make freeargs(NULL) a noop like the other free functions + + ok dtucker as part of bz3403 + + OpenBSD-Commit-ID: 15f86da83176978b4d1d288caa24c766dfa2983d + +commit 731087d2619fa7f01e675b23f57af10d745e8af2 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 18 04:04:11 2022 +0000 + + upstream: don't try to resolve ListenAddress directives in the sshd + + re-exec path - we're never going to use the result and if the operation fails + then it can prevent connections from being accepted. Reported by Aaron + Poffenberger; with / ok dtucker@ + + OpenBSD-Commit-ID: 44c53a43909a328e2f5ab26070fdef3594eded60 + +commit 1c83c082128694ddd11ac05fdf31d70312ff1763 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 18 02:50:21 2022 +0000 + + upstream: remove blank line + + OpenBSD-Commit-ID: d5e0182965b2fbfb03ad5f256d1a1ce5706bcddf + +commit 807be68684da7a1fe969c399ddce2fafb7997dcb +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 18 02:32:22 2022 +0000 + + upstream: helpful comment + + OpenBSD-Commit-ID: e3315a45cb04e7feeb614d76ec80a9fe4ca0e8c7 + +commit a0b5816f8f1f645acdf74f7bc11b34455ec30bac +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 18 02:31:25 2022 +0000 + + upstream: ssh-keygen -Y check-novalidate requires namespace or SEGV + + will ensue. Patch from Mateusz Adamowski via GHPR#307 + + OpenBSD-Commit-ID: 99e8ec38f9feb38bce6de240335be34aedeba5fd + +commit 5a252d54a63be30d5ba4be76210942d754a531c0 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Mar 15 05:27:37 2022 +0000 + + upstream: improve DEBUG_CHANNEL_POLL debugging message + + OpenBSD-Commit-ID: 2275eb7bc4707d019b1a0194b9c92c0b78da848f + +commit ce324cf58ba2840e31afeb996935800780c8fa4b +Author: cheloha@openbsd.org <cheloha@openbsd.org> +Date: Sun Mar 13 23:27:54 2022 +0000 + + upstream: ssh: xstrdup(): use memcpy(3) + + Copying the given string into the buffer with strlcpy(3) confers no + benefit in this context because we have already determined the + string's length with strlen(3) in order to allocate that buffer. + + Thread: https://marc.info/?l=openbsd-tech&m=164687525802691&w=2 + + ok dtucker@ millert@ + + OpenBSD-Commit-ID: f8bfc082e36e2d2dc4e1feece02fe274155ca11a + +commit 2893c5e764557f48f9d6a929e224ed49c59545db +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Mar 11 18:43:58 2022 +1100 + + Resync fmt_scaled. with OpenBSD. + + Fixes underflow reported in bz#3401. + +commit 5ae31a0fdd27855af29f48ff027491629fff5979 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Mar 9 09:41:56 2022 +1100 + + Provide killpg implementation. + + Based on github PR#301 for Tandem NonStop. + +commit c41c84b439f4cd74d4fe44298a4b4037ddd7d2ae +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Mar 9 09:29:30 2022 +1100 + + Check for missing ftruncate prototype. + + From github PR#301 in conjunction with rsbeckerca. + +commit 8cf5275452a950869cb90eeac7d220b01f77b12e +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Mar 8 20:04:06 2022 +1100 + + Default to not using sandbox when cross compiling. + + On most systems poll(2) does not work when the number of FDs is reduced + with setrlimit, so assume it doesn't when cross compiling and we can't + run the test. bz#3398. + +commit 379b30120da53d7c84aa8299c26b18c51c2a0dac +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Mar 1 01:59:19 2022 +0000 + + upstream: pack pollfd array before server_accept_loop() ppoll() + + call, and terminate sshd if ppoll() returns errno==EINVAL + + avoids spin in ppoll when MaxStartups > RLIMIT_NOFILE, reported by + Daniel Micay + + feedback/ok deraadt + + OpenBSD-Commit-ID: dbab1c24993ac977ec24d83283b8b7528f7c2c15 + +commit eceafbe0bdbbd9bd2f3cf024ccb350666a9934dd +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Sun Feb 27 01:33:59 2022 +0000 + + upstream: include rejected signature algorithm in error message and + + not the (useless) key type; ok djm@ + + OpenBSD-Commit-ID: d0c0f552a4d9161203e07e95d58a76eb602a76ff + +commit f2f3269423618a83157e18902385e720f9776007 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Feb 25 09:46:24 2022 +0000 + + upstream: Remove the char * casts from arguments to do_lstat, + + do_readdir and do_stat paths since the underlying functions now take a const + char *. Patch from vapier at gentoo.org. + + OpenBSD-Commit-ID: 9e4d964dbfb0ed683a2a2900711b88e7f1c0297b + +commit 4a66dac052c5ff5047161853f36904607649e4f9 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Feb 25 02:09:27 2022 +0000 + + upstream: save an unneccessary alloc/free, based on patch from + + Martin Vahlensieck; ok dtucker@ + + OpenBSD-Commit-ID: 90ffbf1f837e509742f2c31a1fbf2c0fd376fd5f + +commit 6f117cb151efe138ac57bdd8e26165f350328f5f +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Mar 1 09:02:06 2022 +1100 + + Remove unused ivbits argument from chacha_keysetup + +commit 15974235dd528aeab0ec67fb92a0a1d733f62be2 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Mar 1 09:00:20 2022 +1100 + + Add OPENBSD ORIGINAL marker. + +commit f2ff669347d320532e7c1b63cdf5c62f46e73150 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Feb 28 22:21:36 2022 +1100 + + No unused param warnings for clang-12 and gcc-11. + + These have too many false positives in -Werror tests on the github CI + since we often provide empty stub functions for functionality not needed + for particular configurations. + +commit 96558ecd87adac62efa9a2b5479f686ab86b0be1 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Feb 26 14:10:41 2022 +1100 + + Add debian-i386 test target. + +commit 284b6e5394652d519e31782e3b3cdfd7b21d1a81 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Feb 26 14:06:14 2022 +1100 + + Allow ppoll_time64 in seccomp sandbox. + + Should fix sandbox violations on (some? at least i386 and armhf) 32bit + Linux platforms. Patch from chutzpahu at gentoo.org and cjwatson at + debian.org via bz#3396. + +commit 0132056efabc5edb85c3c7105d2fb6dee41843c6 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Feb 25 19:47:48 2022 +1100 + + Improve handling of _getshort and _getlong. + + If the system native ones are exactly as required then use them, + otherwise use the local versions mapped to another name to prevent + name collisions. + +commit 8e206e0dd6b9f757b07979e48f53ad5bf9b7b52b +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Feb 25 15:14:22 2022 +1100 + + Constify utimes in compat library to match specs. + + Patch from vapier at chromium.org. + +commit 1b2920e3b63db2eddebeec7330ffe8b723055573 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Feb 25 13:50:56 2022 +1100 + + ANSIfy getshort and getlong. + + These functions appear to have come from OpenBSD's lib/libc/net/res_comp.c + which made this change in 2005. + +commit 54a86f4f6e1c43a2ca2be23ef799ab8910d4af70 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Feb 25 13:23:04 2022 +1100 + + Use PICFLAG instead of hard coding -fPIC. + +commit 3016ba47035ac3561aabd48e2be70167fe157d6a +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Feb 25 11:37:11 2022 +1100 + + Add tests for latest releases of {Libre,Open}SSL. + +commit f107467179428a0e3ea9e4aa9738ac12ff02822d +Author: Colin Watson <cjwatson@debian.org> +Date: Thu Feb 24 16:04:18 2022 +0000 + + Improve detection of -fzero-call-used-regs=all support + + GCC doesn't tell us whether this option is supported unless it runs into + the situation where it would need to emit corresponding code. + +commit 3383b2cac0e9275bc93c4b4760e6e048f537e1d6 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Feb 23 21:21:49 2022 +0000 + + upstream: free(3) wants stdlib.h + + OpenBSD-Commit-ID: 227a8c70a95b4428c49e46863c9ef4bd318a3b8a + +commit a4537e79ab4ac6db4493c5158744b9ebde5efcb0 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Feb 23 21:21:16 2022 +0000 + + upstream: put back the scp manpage changes for SFTP mode too + + OpenBSD-Commit-ID: 05dc53921f927e1b5e5694e1f3aa314549f2e768 + +commit 449bcb8403adfb9724805d02a51aea76046de185 +Author: deraadt@openbsd.org <deraadt@openbsd.org> +Date: Wed Feb 23 19:01:00 2022 +0000 + + upstream: and we go back to testing sftp-scp after the 8.9 + + release... + + OpenBSD-Commit-ID: a80440168258adca543a4607b871327a279c569c + commit 166456cedad3962b83b848b1e9caf80794831f0f Author: Damien Miller <djm@mindrot.org> Date: Wed Feb 23 22:31:11 2022 +1100 @@ -11386,594 +11887,3 @@ Date: Wed Apr 8 00:01:52 2020 +0000 ok markus@ OpenBSD-Commit-ID: 7de31d80fb9062aa01901ddf040c286b64ff904e - -commit 8461a5b3db34ed0b5a4a18d82f64fd5ac8693ea8 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Mon Apr 6 20:54:34 2020 +1000 - - Include openssl-compat.h before checking ifdefs. - - Fixes problem where unsuitable chacha20 code in libressl would be used - unintentionally. - -commit 931c50c5883a9910ea1ae9a371e4e815ec56b035 -Author: Damien Miller <djm@mindrot.org> -Date: Mon Apr 6 10:04:56 2020 +1000 - - fix inverted test for LibreSSL version - -commit d1d5f728511e2338b7c994968d301d8723012264 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Sat Apr 4 23:04:41 2020 +0000 - - upstream: Indicate if we're using a cached key in trace output. - - OpenBSD-Regress-ID: 409a7b0e59d1272890fda507651c0c3d2d3c0d89 - -commit a398251a4627367c78bc483c70c2ec973223f82c -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sun Apr 5 08:43:57 2020 +1000 - - Use /usr/bin/xp4g/id if necessary. - - Solaris' native "id" doesn't support the options we use but the one - in /usr/bin/xp4g does, so use that instead. - -commit db0fdd48335b5b01114f78c1a73a195235910f81 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Sat Apr 4 22:14:26 2020 +0000 - - upstream: Some platforms don't have "hostname -s", so use cut to trim - - short hostname instead. - - OpenBSD-Regress-ID: ebcf36a6fdf287c9336b0d4f6fc9f793c05307a7 - -commit e7e59a9cc8eb7fd5944ded28f4d7e3ae0a5fdecd -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Apr 3 07:53:10 2020 +0000 - - upstream: Compute hash locally and re-enable %C tests. - - OpenBSD-Regress-ID: 94d1366e8105274858b88a1f9ad2e62801e49770 - -commit abe2b245b3ac6c4801e99bc0f13289cd28211e22 -Author: Damien Miller <djm@mindrot.org> -Date: Fri Apr 3 17:25:46 2020 +1100 - - prefer libcrypto chacha20-poly1305 where possible - -commit bc5c5d01ad668981f9e554e62195383bc12e8528 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Apr 3 05:43:11 2020 +0000 - - upstream: Temporarily remove tests for '%C' since the hash contains the - - local hostname and it doesn't work on any machine except mine... spotted by - djm@ - - OpenBSD-Regress-ID: 2d4c3585b9fcbbff14f4a5a5fde51dbd0d690401 - -commit 81624026989654955a657ebf2a1fe8b9994f3c87 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Apr 3 06:07:57 2020 +0000 - - upstream: r1.522 deleted one too many lines; repair - - OpenBSD-Commit-ID: 1af8851fd7a99e4a887b19aa8f4c41a6b3d25477 - -commit 668cb3585ce829bd6e34d4a962c489bda1d16370 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Fri Apr 3 05:53:52 2020 +0000 - - upstream: sort -N and add it to usage(); - - OpenBSD-Commit-ID: 5b00e8db37c2b0a54c7831fed9e5f4db53ada332 - -commit 338ccee1e7fefa47f3d128c2541e94c5270abe0c -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Apr 3 05:48:57 2020 +0000 - - upstream: avoid another compiler warning spotted in -portable - - OpenBSD-Commit-ID: 1d29c51ac844b287c4c8bcaf04c63c7d9ba3b8c7 - -commit 9f8a42340bd9af86a99cf554dc39ecdf89287544 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Apr 3 04:07:48 2020 +0000 - - upstream: this needs utf8.c too - - OpenBSD-Regress-ID: 445040036cec714d28069a20da25553a04a28451 - -commit 92115ea7c3a834374720c350841fc729e7d5c8b2 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Apr 3 03:14:03 2020 +0000 - - upstream: Add percent_expand test for 'Match Exec'. - - OpenBSD-Regress-ID: a41c14fd6a0b54d66aa1e9eebfb9ec962b41232f - -commit de34a440276ae855c38deb20f926d46752c62c9d -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Apr 3 04:43:24 2020 +0000 - - upstream: fix format string (use %llu for uint64, not %lld). spotted by - - Darren and his tinderbox tests - - OpenBSD-Commit-ID: 3b4587c3d9d46a7be9bdf028704201943fba96c2 - -commit 9cd40b829a5295cc81fbea8c7d632b2478db6274 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Apr 3 04:34:15 2020 +0000 - - upstream: Add a flag to re-enable verbose output when in batch - - mode; requested in bz3135; ok dtucker - - OpenBSD-Commit-ID: 5ad2ed0e6440562ba9c84b666a5bbddc1afe2e2b - -commit 6ce51a5da5d333a44e7c74c027f3571f70c39b24 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Apr 3 04:32:21 2020 +0000 - - upstream: chacha20-poly1305 AEAD using libcrypto EVP_chacha20 - - Based on patch from Yuriy M. Kaminskiy. ok + lots of assistance along the - way at a2k20 tb@ - - OpenBSD-Commit-ID: 5e08754c13d31258bae6c5e318cc96219d6b10f0 - -commit eba523f0a130f1cce829e6aecdcefa841f526a1a -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Apr 3 04:27:03 2020 +0000 - - upstream: make Chacha20-POLY1305 context struct opaque; ok tb@ as - - part of a larger diff at a2k20 - - OpenBSD-Commit-ID: a4609b7263284f95c9417ef60ed7cdbb7bf52cfd - -commit ebd29e90129cf18fedfcfe1de86e324228669295 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Apr 3 04:06:26 2020 +0000 - - upstream: fix debug statement - - OpenBSD-Commit-ID: 42c6edeeda5ce88b51a20d88c93be3729ce6b916 - -commit 7b4d8999f2e1a0cb7b065e3efa83e6edccfc7d82 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Apr 3 04:03:51 2020 +0000 - - upstream: the tunnel-forwarding vs ExitOnForwardFailure fix that I - - committed earlier had an off-by-one. Fix this and add some debugging that - would have made it apparent sooner. - - OpenBSD-Commit-ID: 082f8f72b1423bd81bbdad750925b906e5ac6910 - -commit eece243666d44ceb710d004624c5c7bdc05454bc -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Apr 3 03:12:11 2020 +0000 - - upstream: %C expansion just added to Match Exec should include - - remote user not local user. - - OpenBSD-Commit-ID: 80f1d976938f2a55ee350c11d8b796836c8397e2 - -commit d5318a784d016478fc8da90a38d9062c51c10432 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Apr 3 02:33:31 2020 +0000 - - upstream: Add regression test for percent expansions where possible. - - OpenBSD-Regress-ID: 7283be8b2733ac1cbefea3048a23d02594485288 - -commit 663e84bb53de2a60e56a44d538d25b8152b5c1cc -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Apr 3 02:40:32 2020 +0000 - - upstream: make failures when establishing "Tunnel" forwarding terminate - - the connection when ExitOnForwardFailure is enabled; bz3116; ok dtucker - - OpenBSD-Commit-ID: ef4b4808de0a419c17579b1081da768625c1d735 - -commit ed833da176611a39d3376d62154eb88eb440d31c -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Apr 3 02:27:12 2020 +0000 - - upstream: Make with config keywords support which - - percent_expansions more consistent. - %C is moved into its own function and - added to Match Exec. - move the common (global) options into a macro. This - is ugly but it's the least-ugly way I could come up with. - move - IdentityAgent and ForwardAgent percent expansion to before the config dump - to make it regression-testable. - document all of the above - - ok jmc@ for man page bits, "makes things less terrible" djm@ for the rest. - - OpenBSD-Commit-ID: 4b65664bd6d8ae2a9afaf1a2438ddd1b614b1d75 - -commit 6ec7457171468da2bbd908b8cd63d298b0e049ea -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Apr 3 02:26:56 2020 +0000 - - upstream: give ssh-keygen the ability to dump the contents of a - - binary key revocation list: ssh-keygen -lQf /path bz#3132; ok dtucker - - OpenBSD-Commit-ID: b76afc4e3b74ab735dbde4e5f0cfa1f02356033b - -commit af628b8a6c3ef403644d83d205c80ff188c97f0c -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Apr 3 02:25:21 2020 +0000 - - upstream: add allocating variant of the safe utf8 printer; ok - - dtucker as part of a larger diff - - OpenBSD-Commit-ID: 037e2965bd50eacc2ffb49889ecae41552744fa0 - -commit d8ac9af645f5519ac5211e9e1e4dc1ed00e9cced -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Mon Mar 16 02:17:02 2020 +0000 - - upstream: Cast lifetime to u_long for comparison to prevent unsigned - - comparison warning on 32bit arches. Spotted by deraadt, ok djm. - - OpenBSD-Commit-ID: 7a75b2540bff5ab4fa00b4d595db1df13bb0515a - -commit 0eaca933ae08b0a515edfccd5cc4a6b667034813 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sat Mar 14 20:58:46 2020 +1100 - - Include fido.h when checking for fido/credman.h. - - It's required for fido_dev_t, otherwise configure fails with - when given --with-security-key-builtin. - -commit c7c099060f82ffe6a36d8785ecf6052e12fd92f0 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Mar 13 03:18:45 2020 +0000 - - upstream: some more speeling mistakes from - - OpenBSD-Regress-ID: 02471c079805471c546b7a69d9ab1d34e9a57443 - -commit 1d89232a4aa97fe935cd60b8d24d75c2f70d56c5 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Mar 13 04:16:27 2020 +0000 - - upstream: improve error messages for some common PKCS#11 C_Login - - failure cases; based on patch from Jacob Hoffman-Andrews in bz3130; ok - dtucker - - OpenBSD-Commit-ID: b8b849621b4a98e468942efd0a1c519c12ce089e - -commit 5becbec023f2037394987f85ed7f74b9a28699e0 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Mar 13 04:01:56 2020 +0000 - - upstream: use sshpkt_fatal() for kex_exchange_identification() - - errors. This ensures that the logged errors are consistent with other - transport- layer errors and that the relevant IP addresses are logged. bz3129 - ok dtucker@ - - OpenBSD-Commit-ID: 2c22891f0b9e1a6cd46771cedbb26ac96ec2e6ab - -commit eef88418f9e5e51910af3c5b23b5606ebc17af55 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Mar 13 03:24:49 2020 +0000 - - upstream: Don't clear alarm timers in listening sshd. Previously - - these timers were used for regenerating the SSH1 ephemeral host keys but - those are now gone so there's no need to clear the timers either. ok - deraadt@ - - OpenBSD-Commit-ID: 280d2b885e4a1ce404632e8cc38fcb17be7dafc0 - -commit d081f017c20a3564255873ed99fd7d024cac540f -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Mar 13 03:17:07 2020 +0000 - - upstream: spelling errors in comments; no code change from - - OpenBSD-Commit-ID: 166ea64f6d84f7bac5636dbd38968592cb5eb924 - -commit c084a2d040f160bc2b83f13297e3e3ca3f5dbac6 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Mar 13 03:12:17 2020 +0000 - - upstream: when downloading FIDO2 resident keys from a token, don't - - prompt for a PIN until the token has told us that it needs one. Avoids - double-prompting on devices that implement on-device authentication (e.g. a - touchscreen PIN pad on the Trezor Model T). ok dtucker@ - - OpenBSD-Commit-ID: 38b78903dd4422d7d3204095a31692fb69130817 - -commit 955c4cf4c6a1417c28d4e1040702c4d9bf63645b -Author: Damien Miller <djm@mindrot.org> -Date: Fri Mar 13 14:30:16 2020 +1100 - - sync fnmatch.c with upstream to fix another typo - -commit 397f217e8640e75bb719a8e87111b4bd848fb3df -Author: Damien Miller <djm@mindrot.org> -Date: Fri Mar 13 14:24:23 2020 +1100 - - another spelling error in comment - -commit def31bc5427579ec3f7f2ce99f2da1338fdc0c9f -Author: Damien Miller <djm@mindrot.org> -Date: Fri Mar 13 14:23:07 2020 +1100 - - spelling mistakes - - from https://fossies.org/linux/misc/openssh-8.2p1.tar.gz/codespell.html - -commit 8bdc3bb7cf4c82c3344cfcb82495a43406e87e83 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Fri Mar 6 18:29:54 2020 +0000 - - upstream: fix relative includes in sshd_config; ok djm - - OpenBSD-Commit-ID: fa29b0da3c93cbc3a1d4c6bcd58af43c00ffeb5b - -commit e32ef97a56ae03febfe307688858badae3a70e5a -Author: markus@openbsd.org <markus@openbsd.org> -Date: Fri Mar 6 18:29:14 2020 +0000 - - upstream: fix use-after-free in do_download_sk; ok djm - - OpenBSD-Commit-ID: 96b49623d297797d4fc069f1f09e13c8811f8863 - -commit 5732d58020309364bf31fa125354e399361006db -Author: markus@openbsd.org <markus@openbsd.org> -Date: Fri Mar 6 18:28:50 2020 +0000 - - upstream: do not leak oprincipals; ok djm - - OpenBSD-Commit-ID: 4691d9387eab36f8fda48f5d8009756ed13a7c4c - -commit 8fae395f34c2c52cdaf9919aa261d1848b4bb00b -Author: markus@openbsd.org <markus@openbsd.org> -Date: Fri Mar 6 18:28:27 2020 +0000 - - upstream: initialize seconds for debug message; ok djm - - OpenBSD-Commit-ID: 293fbefe6d00b4812a180ba02e26170e4c855b81 - -commit 46e5c4c8ffcd1569bcd5d04803abaa2ecf3e4cff -Author: markus@openbsd.org <markus@openbsd.org> -Date: Fri Mar 6 18:27:50 2020 +0000 - - upstream: correct return code; ok djm - - OpenBSD-Commit-ID: 319d09e3b7f4b2bc920c67244d9ff6426b744810 - -commit 31c39e7840893f1bfdcbe4f813b20d1d7e69ec3e -Author: markus@openbsd.org <markus@openbsd.org> -Date: Fri Mar 6 18:27:15 2020 +0000 - - upstream: principalsp is optional, pubkey required; ok djm - - OpenBSD-Commit-ID: 2cc3ea5018c28ed97edaccd7f17d2cc796f01024 - -commit e26a31757c5df2f58687cb9a4853d1418f39728e -Author: markus@openbsd.org <markus@openbsd.org> -Date: Fri Mar 6 18:26:21 2020 +0000 - - upstream: remove unused variables in ssh-pkcs11-helper; ok djm - - OpenBSD-Commit-ID: 13e572846d0d1b28f1251ddd2165e9cf18135ae1 - -commit 1b378c0d982d6ab522eda634b0e88cf1fca5e352 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Fri Mar 6 18:25:48 2020 +0000 - - upstream: return correct error in sshsk_ed25519_sig; ok djm - - OpenBSD-Commit-ID: 52bf733df220303c260fee4f165ec64b4a977625 - -commit fbff605e637b068061ab6784ff03e3874890c092 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Fri Mar 6 18:25:12 2020 +0000 - - upstream: fix possible null-deref in check_key_not_revoked; ok - - djm - - OpenBSD-Commit-ID: 80855e9d7af42bb6fcc16c074ba69876bfe5e3bf - -commit bc30b446841fc16e50ed6e75c56ccfbd37b9f281 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Fri Mar 6 18:24:39 2020 +0000 - - upstream: ssh_fetch_identitylist() returns the return value from - - ssh_request_reply() so we should also check against != 0 ok djm - - OpenBSD-Commit-ID: 28d0028769d03e665688c61bb5fd943e18614952 - -commit 7b4f70ddeb59f35283d77d8d9c834ca58f8cf436 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Fri Mar 6 18:23:17 2020 +0000 - - upstream: sshkey_cert_check_authority requires reason to be set; - - ok djm - - OpenBSD-Commit-ID: 6f7a6f19540ed5749763c2f9530c0897c94aa552 - -commit 05efe270df1e925db0af56a806d18b5063db4b6d -Author: markus@openbsd.org <markus@openbsd.org> -Date: Fri Mar 6 18:21:28 2020 +0000 - - upstream: passphrase depends on kdfname, not ciphername (possible - - null-deref); ok djm - - OpenBSD-Commit-ID: 0d39668edf5e790b5837df4926ee1141cec5471c - -commit 1ddf5682f3992bdacd29164891abb71a19c2cf61 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Fri Mar 6 18:20:44 2020 +0000 - - upstream: consistently check packet_timeout_ms against 0; ok djm - - OpenBSD-Commit-ID: e8fb8cb2c96c980f075069302534eaf830929928 - -commit 31f1ee54968ad84eb32375e4412e0318766b586b -Author: markus@openbsd.org <markus@openbsd.org> -Date: Fri Mar 6 18:20:02 2020 +0000 - - upstream: initialize cname in case ai_canonname is NULL or too - - long; ok djm - - OpenBSD-Commit-ID: c27984636fdb1035d1642283664193e91aab6e37 - -commit a6134b02b5264b2611c8beae98bb392329452bba -Author: markus@openbsd.org <markus@openbsd.org> -Date: Fri Mar 6 18:19:21 2020 +0000 - - upstream: fix uninitialized pointers for forward_cancel; ok djm - - OpenBSD-Commit-ID: 612778e6d87ee865d0ba97d0a335f141cee1aa37 - -commit 16d4f9961c75680aab374dee762a5baa0ad507af -Author: markus@openbsd.org <markus@openbsd.org> -Date: Fri Mar 6 18:16:21 2020 +0000 - - upstream: exit on parse failures in input_service_request; ok djm - - OpenBSD-Commit-ID: 6a7e1bfded26051d5aa893c030229b1ee6a0d5d2 - -commit 5f25afe5216ba7f8921e04f79aa4ca0624eca820 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Fri Mar 6 18:15:38 2020 +0000 - - upstream: fix null-deref on calloc failure; ok djm - - OpenBSD-Commit-ID: a313519579b392076b7831ec022dfdefbec8724a - -commit ff2acca039aef16a15fce409163df404858f7aa5 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Fri Mar 6 18:15:04 2020 +0000 - - upstream: exit if ssh_krl_revoke_key_sha256 fails; ok djm - - OpenBSD-Commit-ID: 0864ad4fe8bf28ab21fd1df766e0365c11bbc0dc - -commit 31c860a0212af2d5b6a129e3e8fcead51392ee1d -Author: markus@openbsd.org <markus@openbsd.org> -Date: Fri Mar 6 18:14:13 2020 +0000 - - upstream: pkcs11_register_provider: return < 0 on error; ok djm - - OpenBSD-Commit-ID: cfc8321315b787e4d40da4bdb2cbabd4154b0d97 - -commit 15be29e1e3318737b0768ca37d5b4a3fbe868ef0 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Fri Mar 6 18:13:29 2020 +0000 - - upstream: sshsig: return correct error, fix null-deref; ok djm - - OpenBSD-Commit-ID: 1d1af7cd538b8b23e621cf7ab84f11e7a923edcd - -commit 6fb6f186cb62a6370fba476b6a03478a1e95c30d -Author: markus@openbsd.org <markus@openbsd.org> -Date: Fri Mar 6 18:12:55 2020 +0000 - - upstream: vasnmprintf allocates str and returns -1; ok djm - - OpenBSD-Commit-ID: dae4c9e83d88471bf3b3f89e3da7a107b44df11c - -commit 714e1cbca17daa13f4f98978cf9e0695d4b2e0a4 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Fri Mar 6 18:11:10 2020 +0000 - - upstream: sshpkt_fatal() does not return; ok djm - - OpenBSD-Commit-ID: 7dfe847e28bd78208eb227b37f29f4a2a0929929 - -commit 9b47bd7b09d191991ad9e0506bb66b74bbc93d34 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Feb 28 01:07:28 2020 +0000 - - upstream: no-touch-required certificate option should be an - - extension, not a critical option. - - OpenBSD-Commit-ID: 626b22c5feb7be8a645e4b9a9bef89893b88600d - -commit dd992520bed35387fc010239abe1bdc0c2665e38 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Feb 28 01:06:05 2020 +0000 - - upstream: better error message when trying to use a FIDO key - - function and SecurityKeyProvider is empty - - OpenBSD-Commit-ID: e56602c2ee8c82f835d30e4dc8ee2e4a7896be24 - -commit b81e66dbe0345aef4717911abcb4f589fff33a0a -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Thu Feb 27 02:32:37 2020 +0000 - - upstream: Drop leading space from line count that was confusing - - ssh-keygen's screen mode. - - OpenBSD-Commit-ID: 3bcae7a754db3fc5ad3cab63dd46774edb35b8ae - -commit d5ba1c03278eb079438bb038266d80d7477d49cb -Author: jsg@openbsd.org <jsg@openbsd.org> -Date: Wed Feb 26 13:40:09 2020 +0000 - - upstream: change explicit_bzero();free() to freezero() - - While freezero() returns early if the pointer is NULL the tests for - NULL in callers are left to avoid warnings about passing an - uninitialised size argument across a function boundry. - - ok deraadt@ djm@ - - OpenBSD-Commit-ID: 2660fa334fcc7cd05ec74dd99cb036f9ade6384a - -commit 9e3220b585c5be19a7431ea4ff8884c137b3a81c -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Wed Feb 26 11:46:51 2020 +0000 - - upstream: Have sftp reject "-1" in the same way as ssh(1) and - - scp(1) do instead of accepting and silently ignoring it since protocol 1 - support has been removed. Spotted by shivakumar2696 at gmail.com, ok - deraadt@ - - OpenBSD-Commit-ID: b79f95559a1c993214f4ec9ae3c34caa87e9d5de - -commit ade8e67bb0f07b12e5e47e7baeafbdc898de639f -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Wed Feb 26 01:31:47 2020 +0000 - - upstream: Remove obsolete XXX comment. ok deraadt@ - - OpenBSD-Commit-ID: bc462cc843947feea26a2e21c750b3a7469ff01b - -commit 7eb903f51eba051d7f65790bab92a28970ac1ccc -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Mon Feb 24 04:27:58 2020 +0000 - - upstream: Fix typo. Patch from itoama at live.jp via github PR#173. - - OpenBSD-Commit-ID: 5cdaafab38bbdea0d07e24777d00bfe6f972568a diff --git a/crypto/openssh/Makefile.in b/crypto/openssh/Makefile.in index 065bf91e3fcc..7250d3f315e1 100644 --- a/crypto/openssh/Makefile.in +++ b/crypto/openssh/Makefile.in @@ -1,5 +1,4 @@ -# uncomment if you run a non bourne compatible shell. Ie. csh -#SHELL = @SH@ +SHELL=@SH@ AUTORECONF=autoreconf @@ -688,7 +687,7 @@ SK_DUMMY_LIBRARY=@SK_DUMMY_LIBRARY@ $(CC) $(CFLAGS_NOPIE) $(PICFLAG) $(CPPFLAGS) -c $< -o $@ regress/misc/sk-dummy/sk-dummy.so: $(SK_DUMMY_OBJS) - $(CC) $(CFLAGS) $(CPPFLAGS) -fPIC -shared -o $@ $(SK_DUMMY_OBJS) \ + $(CC) $(CFLAGS) $(CPPFLAGS) $(PICFLAG) -shared -o $@ $(SK_DUMMY_OBJS) \ -L. -Lopenbsd-compat -lopenbsd-compat $(LDFLAGS_NOPIE) $(LIBS) regress-binaries: regress-prep $(LIBCOMPAT) \ diff --git a/crypto/openssh/PROTOCOL b/crypto/openssh/PROTOCOL index e6a7d60eef0b..2d50b5cb0528 100644 --- a/crypto/openssh/PROTOCOL +++ b/crypto/openssh/PROTOCOL @@ -492,7 +492,7 @@ This request asks the server to call fsync(2) on an open file handle. string "fsync@openssh.com" string handle -One receiving this request, a server will call fsync(handle_fd) and will +On receiving this request, a server will call fsync(handle_fd) and will respond with a SSH_FXP_STATUS message. This extension is advertised in the SSH_FXP_VERSION hello with version @@ -576,6 +576,43 @@ Its reply is the same format as that of SSH2_FXP_REALPATH. This extension is advertised in the SSH_FXP_VERSION hello with version "1". +4.10. sftp: Extension request "copy-data" + +This request asks the server to copy data from one open file handle and +write it to a different open file handle. This avoids needing to transfer +the data across the network twice (a download followed by an upload). + + byte SSH_FXP_EXTENDED + uint32 id + string "copy-data" + string read-from-handle + uint64 read-from-offset + uint64 read-data-length + string write-to-handle + uint64 write-to-offset + +The server will copy read-data-length bytes starting from +read-from-offset from the read-from-handle and write them to +write-to-handle starting from write-to-offset, and then respond with a +SSH_FXP_STATUS message. + +It's equivalent to issuing a series of SSH_FXP_READ requests on +read-from-handle and a series of requests of SSH_FXP_WRITE on +write-to-handle. + +If read-from-handle and write-to-handle are the same, the server will +fail the request and respond with a SSH_FX_INVALID_PARAMETER message. + +If read-data-length is 0, then the server will read data from the +read-from-handle until EOF is reached. + +This extension is advertised in the SSH_FXP_VERSION hello with version +"1". + +This request is identical to the "copy-data" request documented in: + +https://tools.ietf.org/html/draft-ietf-secsh-filexfer-extensions-00#section-7 + 5. Miscellaneous changes 5.1 Public key format @@ -612,4 +649,4 @@ master instance and later clients. OpenSSH extends the usual agent protocol. These changes are documented in the PROTOCOL.agent file. -$OpenBSD: PROTOCOL,v 1.43 2021/12/19 22:15:42 djm Exp $ +$OpenBSD: PROTOCOL,v 1.44 2022/03/31 03:05:49 djm Exp $ diff --git a/crypto/openssh/README b/crypto/openssh/README index a088ff8dca32..70a8f814caa9 100644 --- a/crypto/openssh/README +++ b/crypto/openssh/README @@ -1,4 +1,4 @@ -See https://www.openssh.com/releasenotes.html#8.9p1 for the release notes. +See https://www.openssh.com/releasenotes.html#9.0p1 for the release notes. Please read https://www.openssh.com/report.html for bug reporting instructions and note that we do not use Github for bug reporting or diff --git a/crypto/openssh/auth.c b/crypto/openssh/auth.c index faa1a4d3c666..ad5a14e05ae8 100644 --- a/crypto/openssh/auth.c +++ b/crypto/openssh/auth.c @@ -103,62 +103,18 @@ int allowed_user(struct ssh *ssh, struct passwd * pw) { struct stat st; - const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL; + const char *hostname = NULL, *ipaddr = NULL; u_int i; int r; -#ifdef USE_SHADOW - struct spwd *spw = NULL; -#endif /* Shouldn't be called if pw is NULL, but better safe than sorry... */ if (!pw || !pw->pw_name) return 0; -#ifdef USE_SHADOW - if (!options.use_pam) - spw = getspnam(pw->pw_name); -#ifdef HAS_SHADOW_EXPIRE - if (!options.use_pam && spw != NULL && auth_shadow_acctexpired(spw)) + if (!options.use_pam && platform_locked_account(pw)) { + logit("User %.100s not allowed because account is locked", + pw->pw_name); return 0; -#endif /* HAS_SHADOW_EXPIRE */ -#endif /* USE_SHADOW */ - - /* grab passwd field for locked account check */ - passwd = pw->pw_passwd; -#ifdef USE_SHADOW - if (spw != NULL) -#ifdef USE_LIBIAF - passwd = get_iaf_password(pw); -#else - passwd = spw->sp_pwdp; -#endif /* USE_LIBIAF */ -#endif - - /* check for locked account */ - if (!options.use_pam && passwd && *passwd) { - int locked = 0; - -#ifdef LOCKED_PASSWD_STRING - if (strcmp(passwd, LOCKED_PASSWD_STRING) == 0) - locked = 1; -#endif -#ifdef LOCKED_PASSWD_PREFIX - if (strncmp(passwd, LOCKED_PASSWD_PREFIX, - strlen(LOCKED_PASSWD_PREFIX)) == 0) - locked = 1; -#endif -#ifdef LOCKED_PASSWD_SUBSTR - if (strstr(passwd, LOCKED_PASSWD_SUBSTR)) - locked = 1; -#endif -#ifdef USE_LIBIAF - free((void *) passwd); -#endif /* USE_LIBIAF */ - if (locked) { - logit("User %.100s not allowed because account is locked", - pw->pw_name); - return 0; - } } /* diff --git a/crypto/openssh/auth2-pubkey.c b/crypto/openssh/auth2-pubkey.c index 9c2298fc887d..d297a5c3d975 100644 --- a/crypto/openssh/auth2-pubkey.c +++ b/crypto/openssh/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.112 2021/12/19 22:12:30 djm Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.113 2022/02/27 01:33:59 naddy Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -166,8 +166,8 @@ userauth_pubkey(struct ssh *ssh, const char *method) goto done; } if (match_pattern_list(pkalg, options.pubkey_accepted_algos, 0) != 1) { - logit_f("key type %s not in PubkeyAcceptedAlgorithms", - sshkey_ssh_name(key)); + logit_f("signature algorithm %s not in " + "PubkeyAcceptedAlgorithms", pkalg); goto done; } if ((r = sshkey_check_cert_sigtype(key, diff --git a/crypto/openssh/channels.c b/crypto/openssh/channels.c index 73e93c032765..ee3c787922fb 100644 --- a/crypto/openssh/channels.c +++ b/crypto/openssh/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.413 2022/02/17 10:58:27 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.415 2022/03/30 21:10:25 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -432,21 +432,25 @@ channel_close_fd(struct ssh *ssh, Channel *c, int *fdp) c->io_want &= ~SSH_CHAN_IO_RFD; c->io_ready &= ~SSH_CHAN_IO_RFD; c->rfd = -1; + c->pfds[0] = -1; } if (*fdp == c->wfd) { c->io_want &= ~SSH_CHAN_IO_WFD; c->io_ready &= ~SSH_CHAN_IO_WFD; c->wfd = -1; + c->pfds[1] = -1; } if (*fdp == c->efd) { c->io_want &= ~SSH_CHAN_IO_EFD; c->io_ready &= ~SSH_CHAN_IO_EFD; c->efd = -1; + c->pfds[2] = -1; } if (*fdp == c->sock) { c->io_want &= ~SSH_CHAN_IO_SOCK; c->io_ready &= ~SSH_CHAN_IO_SOCK; c->sock = -1; + c->pfds[3] = -1; } ret = close(fd); @@ -2475,10 +2479,13 @@ dump_channel_poll(const char *func, const char *what, Channel *c, u_int pollfd_offset, struct pollfd *pfd) { #ifdef DEBUG_CHANNEL_POLL - debug3_f("channel %d: rfd r%d w%d e%d s%d " - "pfd[%u].fd=%d want 0x%02x ev 0x%02x ready 0x%02x rev 0x%02x", - c->self, c->rfd, c->wfd, c->efd, c->sock, pollfd_offset, pfd->fd, - c->io_want, pfd->events, c->io_ready, pfd->revents); + debug3("%s: channel %d: %s r%d w%d e%d s%d c->pfds [ %d %d %d %d ] " + "io_want 0x%02x io_ready 0x%02x pfd[%u].fd=%d " + "pfd.ev 0x%02x pfd.rev 0x%02x", func, c->self, what, + c->rfd, c->wfd, c->efd, c->sock, + c->pfds[0], c->pfds[1], c->pfds[2], c->pfds[3], + c->io_want, c->io_ready, + pollfd_offset, pfd->fd, pfd->events, pfd->revents); #endif } @@ -2487,7 +2494,7 @@ static void channel_prepare_pollfd(Channel *c, u_int *next_pollfd, struct pollfd *pfd, u_int npfd) { - u_int p = *next_pollfd; + u_int ev, p = *next_pollfd; if (c == NULL) return; @@ -2496,7 +2503,7 @@ channel_prepare_pollfd(Channel *c, u_int *next_pollfd, fatal_f("channel %d: bad pfd offset %u (max %u)", c->self, p, npfd); } - c->pollfd_offset = -1; + c->pfds[0] = c->pfds[1] = c->pfds[2] = c->pfds[3] = -1; /* * prepare c->rfd * @@ -2505,69 +2512,82 @@ channel_prepare_pollfd(Channel *c, u_int *next_pollfd, * IO too. */ if (c->rfd != -1) { - if (c->pollfd_offset == -1) - c->pollfd_offset = p; - pfd[p].fd = c->rfd; - pfd[p].events = 0; + ev = 0; if ((c->io_want & SSH_CHAN_IO_RFD) != 0) - pfd[p].events |= POLLIN; + ev |= POLLIN; /* rfd == wfd */ - if (c->wfd == c->rfd && - (c->io_want & SSH_CHAN_IO_WFD) != 0) - pfd[p].events |= POLLOUT; + if (c->wfd == c->rfd) { + if ((c->io_want & SSH_CHAN_IO_WFD) != 0) + ev |= POLLOUT; + } /* rfd == efd */ - if (c->efd == c->rfd && - (c->io_want & SSH_CHAN_IO_EFD_R) != 0) - pfd[p].events |= POLLIN; - if (c->efd == c->rfd && - (c->io_want & SSH_CHAN_IO_EFD_W) != 0) - pfd[p].events |= POLLOUT; + if (c->efd == c->rfd) { + if ((c->io_want & SSH_CHAN_IO_EFD_R) != 0) + ev |= POLLIN; + if ((c->io_want & SSH_CHAN_IO_EFD_W) != 0) + ev |= POLLOUT; + } /* rfd == sock */ - if (c->sock == c->rfd && - (c->io_want & SSH_CHAN_IO_SOCK_R) != 0) - pfd[p].events |= POLLIN; - if (c->sock == c->rfd && - (c->io_want & SSH_CHAN_IO_SOCK_W) != 0) - pfd[p].events |= POLLOUT; - dump_channel_poll(__func__, "rfd", c, p, &pfd[p]); - p++; - } - /* prepare c->wfd (if not already handled above) */ + if (c->sock == c->rfd) { + if ((c->io_want & SSH_CHAN_IO_SOCK_R) != 0) + ev |= POLLIN; + if ((c->io_want & SSH_CHAN_IO_SOCK_W) != 0) + ev |= POLLOUT; + } + /* Pack a pfd entry if any event armed for this fd */ + if (ev != 0) { + c->pfds[0] = p; + pfd[p].fd = c->rfd; + pfd[p].events = ev; + dump_channel_poll(__func__, "rfd", c, p, &pfd[p]); + p++; + } + } + /* prepare c->wfd if wanting IO and not already handled above */ if (c->wfd != -1 && c->rfd != c->wfd) { - if (c->pollfd_offset == -1) - c->pollfd_offset = p; - pfd[p].fd = c->wfd; - pfd[p].events = 0; - if ((c->io_want & SSH_CHAN_IO_WFD) != 0) - pfd[p].events = POLLOUT; - dump_channel_poll(__func__, "wfd", c, p, &pfd[p]); - p++; - } - /* prepare c->efd (if not already handled above) */ + ev = 0; + if ((c->io_want & SSH_CHAN_IO_WFD)) + ev |= POLLOUT; + /* Pack a pfd entry if any event armed for this fd */ + if (ev != 0) { + c->pfds[1] = p; + pfd[p].fd = c->wfd; + pfd[p].events = ev; + dump_channel_poll(__func__, "wfd", c, p, &pfd[p]); + p++; + } + } + /* prepare c->efd if wanting IO and not already handled above */ if (c->efd != -1 && c->rfd != c->efd) { - if (c->pollfd_offset == -1) - c->pollfd_offset = p; - pfd[p].fd = c->efd; - pfd[p].events = 0; + ev = 0; if ((c->io_want & SSH_CHAN_IO_EFD_R) != 0) - pfd[p].events |= POLLIN; + ev |= POLLIN; if ((c->io_want & SSH_CHAN_IO_EFD_W) != 0) - pfd[p].events |= POLLOUT; - dump_channel_poll(__func__, "efd", c, p, &pfd[p]); - p++; + ev |= POLLOUT; + /* Pack a pfd entry if any event armed for this fd */ + if (ev != 0) { + c->pfds[2] = p; + pfd[p].fd = c->efd; + pfd[p].events = ev; + dump_channel_poll(__func__, "efd", c, p, &pfd[p]); + p++; + } } - /* prepare c->sock (if not already handled above) */ + /* prepare c->sock if wanting IO and not already handled above */ if (c->sock != -1 && c->rfd != c->sock) { - if (c->pollfd_offset == -1) - c->pollfd_offset = p; - pfd[p].fd = c->sock; - pfd[p].events = 0; + ev = 0; if ((c->io_want & SSH_CHAN_IO_SOCK_R) != 0) - pfd[p].events |= POLLIN; + ev |= POLLIN; if ((c->io_want & SSH_CHAN_IO_SOCK_W) != 0) - pfd[p].events |= POLLOUT; - dump_channel_poll(__func__, "sock", c, p, &pfd[p]); - p++; + ev |= POLLOUT; + /* Pack a pfd entry if any event armed for this fd */ + if (ev != 0) { + c->pfds[3] = p; + pfd[p].fd = c->sock; + pfd[p].events = 0; + dump_channel_poll(__func__, "sock", c, p, &pfd[p]); + p++; + } } *next_pollfd = p; } @@ -2614,13 +2634,15 @@ channel_prepare_poll(struct ssh *ssh, struct pollfd **pfdp, u_int *npfd_allocp, } static void -fd_ready(Channel *c, u_int p, struct pollfd *pfds, int fd, +fd_ready(Channel *c, int p, struct pollfd *pfds, u_int npfd, int fd, const char *what, u_int revents_mask, u_int ready) { struct pollfd *pfd = &pfds[p]; if (fd == -1) return; + if (p == -1 || (u_int)p >= npfd) + fatal_f("channel %d: bad pfd %d (max %u)", c->self, p, npfd); dump_channel_poll(__func__, what, c, p, pfd); if (pfd->fd != fd) { fatal("channel %d: inconsistent %s fd=%d pollfd[%u].fd %d " @@ -2643,11 +2665,12 @@ void channel_after_poll(struct ssh *ssh, struct pollfd *pfd, u_int npfd) { struct ssh_channels *sc = ssh->chanctxt; - u_int i, p; + u_int i; + int p; Channel *c; #ifdef DEBUG_CHANNEL_POLL - for (p = 0; p < npfd; p++) { + for (p = 0; p < (int)npfd; p++) { if (pfd[p].revents == 0) continue; debug_f("pfd[%u].fd %d rev 0x%04x", @@ -2658,13 +2681,8 @@ channel_after_poll(struct ssh *ssh, struct pollfd *pfd, u_int npfd) /* Convert pollfd into c->io_ready */ for (i = 0; i < sc->channels_alloc; i++) { c = sc->channels[i]; - if (c == NULL || c->pollfd_offset < 0) + if (c == NULL) continue; - if ((u_int)c->pollfd_offset >= npfd) { - /* shouldn't happen */ - fatal_f("channel %d: (before) bad pfd %u (max %u)", - c->self, c->pollfd_offset, npfd); - } /* if rfd is shared with efd/sock then wfd should be too */ if (c->rfd != -1 && c->wfd != -1 && c->rfd != c->wfd && (c->rfd == c->efd || c->rfd == c->sock)) { @@ -2673,56 +2691,52 @@ channel_after_poll(struct ssh *ssh, struct pollfd *pfd, u_int npfd) c->self, c->rfd, c->wfd, c->efd, c->sock); } c->io_ready = 0; - p = c->pollfd_offset; /* rfd, potentially shared with wfd, efd and sock */ - if (c->rfd != -1) { - fd_ready(c, p, pfd, c->rfd, "rfd", POLLIN, - SSH_CHAN_IO_RFD); + if (c->rfd != -1 && (p = c->pfds[0]) != -1) { + fd_ready(c, p, pfd, npfd, c->rfd, + "rfd", POLLIN, SSH_CHAN_IO_RFD); if (c->rfd == c->wfd) { - fd_ready(c, p, pfd, c->wfd, "wfd/r", POLLOUT, - SSH_CHAN_IO_WFD); + fd_ready(c, p, pfd, npfd, c->wfd, + "wfd/r", POLLOUT, SSH_CHAN_IO_WFD); } if (c->rfd == c->efd) { - fd_ready(c, p, pfd, c->efd, "efdr/r", POLLIN, - SSH_CHAN_IO_EFD_R); - fd_ready(c, p, pfd, c->efd, "efdw/r", POLLOUT, - SSH_CHAN_IO_EFD_W); + fd_ready(c, p, pfd, npfd, c->efd, + "efdr/r", POLLIN, SSH_CHAN_IO_EFD_R); + fd_ready(c, p, pfd, npfd, c->efd, + "efdw/r", POLLOUT, SSH_CHAN_IO_EFD_W); } if (c->rfd == c->sock) { - fd_ready(c, p, pfd, c->sock, "sockr/r", POLLIN, - SSH_CHAN_IO_SOCK_R); - fd_ready(c, p, pfd, c->sock, "sockw/r", POLLOUT, - SSH_CHAN_IO_SOCK_W); + fd_ready(c, p, pfd, npfd, c->sock, + "sockr/r", POLLIN, SSH_CHAN_IO_SOCK_R); + fd_ready(c, p, pfd, npfd, c->sock, + "sockw/r", POLLOUT, SSH_CHAN_IO_SOCK_W); } - p++; + dump_channel_poll(__func__, "rfd", c, p, pfd); } /* wfd */ - if (c->wfd != -1 && c->wfd != c->rfd) { - fd_ready(c, p, pfd, c->wfd, "wfd", POLLOUT, - SSH_CHAN_IO_WFD); - p++; + if (c->wfd != -1 && c->wfd != c->rfd && + (p = c->pfds[1]) != -1) { + fd_ready(c, p, pfd, npfd, c->wfd, + "wfd", POLLOUT, SSH_CHAN_IO_WFD); + dump_channel_poll(__func__, "wfd", c, p, pfd); } /* efd */ - if (c->efd != -1 && c->efd != c->rfd) { - fd_ready(c, p, pfd, c->efd, "efdr", POLLIN, - SSH_CHAN_IO_EFD_R); - fd_ready(c, p, pfd, c->efd, "efdw", POLLOUT, - SSH_CHAN_IO_EFD_W); - p++; + if (c->efd != -1 && c->efd != c->rfd && + (p = c->pfds[2]) != -1) { + fd_ready(c, p, pfd, npfd, c->efd, + "efdr", POLLIN, SSH_CHAN_IO_EFD_R); + fd_ready(c, p, pfd, npfd, c->efd, + "efdw", POLLOUT, SSH_CHAN_IO_EFD_W); + dump_channel_poll(__func__, "efd", c, p, pfd); } /* sock */ - if (c->sock != -1 && c->sock != c->rfd) { - fd_ready(c, p, pfd, c->sock, "sockr", POLLIN, - SSH_CHAN_IO_SOCK_R); - fd_ready(c, p, pfd, c->sock, "sockw", POLLOUT, - SSH_CHAN_IO_SOCK_W); - p++; - } - - if (p > npfd) { - /* shouldn't happen */ - fatal_f("channel %d: (after) bad pfd %u (max %u)", - c->self, c->pollfd_offset, npfd); + if (c->sock != -1 && c->sock != c->rfd && + (p = c->pfds[3]) != -1) { + fd_ready(c, p, pfd, npfd, c->sock, + "sockr", POLLIN, SSH_CHAN_IO_SOCK_R); + fd_ready(c, p, pfd, npfd, c->sock, + "sockw", POLLOUT, SSH_CHAN_IO_SOCK_W); + dump_channel_poll(__func__, "sock", c, p, pfd); } } channel_handler(ssh, CHAN_POST, NULL); diff --git a/crypto/openssh/channels.h b/crypto/openssh/channels.h index 82f33ba2ff14..dfb82f8ce262 100644 --- a/crypto/openssh/channels.h +++ b/crypto/openssh/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.141 2022/01/22 00:49:34 djm Exp $ */ +/* $OpenBSD: channels.h,v 1.142 2022/03/30 21:10:25 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -138,7 +138,7 @@ struct Channel { int sock; /* sock fd */ u_int io_want; /* bitmask of SSH_CHAN_IO_* */ u_int io_ready; /* bitmask of SSH_CHAN_IO_* */ - int pollfd_offset; /* base offset into pollfd array (or -1) */ + int pfds[4]; /* pollfd entries for rfd/wfd/efd/sock */ int ctl_chan; /* control channel (multiplexed connections) */ int isatty; /* rfd is a tty */ #ifdef _AIX diff --git a/crypto/openssh/config.h b/crypto/openssh/config.h index 6e32815c034e..943f8c6e4b6e 100644 --- a/crypto/openssh/config.h +++ b/crypto/openssh/config.h @@ -334,6 +334,10 @@ */ #define HAVE_DECL_BZERO 1 +/* Define to 1 if you have the declaration of `ftruncate', and to 0 if you + don't. */ +#define HAVE_DECL_FTRUNCATE 1 + /* Define to 1 if you have the declaration of `getpeereid', and to 0 if you don't. */ #define HAVE_DECL_GETPEEREID 1 @@ -847,6 +851,9 @@ /* Define if you have isblank(3C). */ #define HAVE_ISBLANK 1 +/* Define to 1 if you have the `killpg' function. */ +#define HAVE_KILLPG 1 + /* Define to 1 if you have the `krb5_cc_new_unique' function. */ /* #undef HAVE_KRB5_CC_NEW_UNIQUE */ diff --git a/crypto/openssh/configure.ac b/crypto/openssh/configure.ac index 5a66d99b80b1..d98ea1afce8d 100644 --- a/crypto/openssh/configure.ac +++ b/crypto/openssh/configure.ac @@ -48,6 +48,8 @@ AC_PATH_PROG([SED], [sed]) AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) +AC_PATH_PROG([SH], [bash]) +AC_PATH_PROG([SH], [ksh]) AC_PATH_PROG([SH], [sh]) AC_PATH_PROG([GROFF], [groff]) AC_PATH_PROG([NROFF], [nroff awf]) @@ -1933,6 +1935,7 @@ AC_CHECK_FUNCS([ \ inet_ntoa \ inet_ntop \ innetgr \ + killpg \ llabs \ localtime_r \ login_getcapbool \ @@ -2149,6 +2152,12 @@ AC_CHECK_DECLS([O_NONBLOCK], , , #endif ]) +AC_CHECK_DECLS([ftruncate], , , + [ +#include <sys/types.h> +#include <unistd.h> + ]) + AC_CHECK_DECLS([readv, writev], , , [ #include <sys/types.h> #include <sys/uio.h> @@ -3631,8 +3640,8 @@ AC_RUN_IFELSE( select_works_with_rlimit=yes], [AC_MSG_RESULT([no]) select_works_with_rlimit=no], - [AC_MSG_WARN([cross compiling: assuming yes]) - select_works_with_rlimit=yes] + [AC_MSG_WARN([cross compiling: assuming no]) + select_works_with_rlimit=no] ) AC_CHECK_MEMBERS([struct pollfd.fd], [], [], [[ diff --git a/crypto/openssh/contrib/redhat/openssh.spec b/crypto/openssh/contrib/redhat/openssh.spec index 95ab2199b269..b8ba8bae0469 100644 --- a/crypto/openssh/contrib/redhat/openssh.spec +++ b/crypto/openssh/contrib/redhat/openssh.spec @@ -1,4 +1,4 @@ -%global ver 8.9p1 +%global ver 9.0p1 %global rel 1%{?dist} # OpenSSH privilege separation requires a user & group ID diff --git a/crypto/openssh/contrib/suse/openssh.spec b/crypto/openssh/contrib/suse/openssh.spec index 8df0ae3b0b44..28b9086f4cab 100644 --- a/crypto/openssh/contrib/suse/openssh.spec +++ b/crypto/openssh/contrib/suse/openssh.spec @@ -13,7 +13,7 @@ Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation Name: openssh -Version: 8.9p1 +Version: 9.0p1 URL: https://www.openssh.com/ Release: 1 Source0: openssh-%{version}.tar.gz diff --git a/crypto/openssh/m4/openssh.m4 b/crypto/openssh/m4/openssh.m4 index 4f9c3792dc17..8c33c701b8b4 100644 --- a/crypto/openssh/m4/openssh.m4 +++ b/crypto/openssh/m4/openssh.m4 @@ -14,6 +14,8 @@ AC_DEFUN([OSSH_CHECK_CFLAG_COMPILE], [{ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ #include <stdlib.h> #include <stdio.h> +/* Trivial function to help test for -fzero-call-used-regs */ +void f(int n) {} int main(int argc, char **argv) { (void)argv; /* Some math to catch -ftrapv problems in the toolchain */ @@ -21,6 +23,7 @@ int main(int argc, char **argv) { float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + f(0); printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does diff --git a/crypto/openssh/misc.c b/crypto/openssh/misc.c index 417498deb7a2..85d22369505d 100644 --- a/crypto/openssh/misc.c +++ b/crypto/openssh/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.174 2022/02/11 00:43:56 dtucker Exp $ */ +/* $OpenBSD: misc.c,v 1.175 2022/03/20 08:51:21 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005-2020 Damien Miller. All rights reserved. @@ -1069,16 +1069,21 @@ addargs(arglist *args, char *fmt, ...) r = vasprintf(&cp, fmt, ap); va_end(ap); if (r == -1) - fatal("addargs: argument too long"); + fatal_f("argument too long"); nalloc = args->nalloc; if (args->list == NULL) { nalloc = 32; args->num = 0; - } else if (args->num+2 >= nalloc) + } else if (args->num > (256 * 1024)) + fatal_f("too many arguments"); + else if (args->num >= args->nalloc) + fatal_f("arglist corrupt"); + else if (args->num+2 >= nalloc) nalloc *= 2; - args->list = xrecallocarray(args->list, args->nalloc, nalloc, sizeof(char *)); + args->list = xrecallocarray(args->list, args->nalloc, + nalloc, sizeof(char *)); args->nalloc = nalloc; args->list[args->num++] = cp; args->list[args->num] = NULL; @@ -1095,10 +1100,12 @@ replacearg(arglist *args, u_int which, char *fmt, ...) r = vasprintf(&cp, fmt, ap); va_end(ap); if (r == -1) - fatal("replacearg: argument too long"); + fatal_f("argument too long"); + if (args->list == NULL || args->num >= args->nalloc) + fatal_f("arglist corrupt"); if (which >= args->num) - fatal("replacearg: tried to replace invalid arg %d >= %d", + fatal_f("tried to replace invalid arg %d >= %d", which, args->num); free(args->list[which]); args->list[which] = cp; @@ -1109,13 +1116,15 @@ freeargs(arglist *args) { u_int i; - if (args->list != NULL) { + if (args == NULL) + return; + if (args->list != NULL && args->num < args->nalloc) { for (i = 0; i < args->num; i++) free(args->list[i]); free(args->list); - args->nalloc = args->num = 0; - args->list = NULL; } + args->nalloc = args->num = 0; + args->list = NULL; } /* diff --git a/crypto/openssh/monitor.c b/crypto/openssh/monitor.c index c199cb9bc089..20b9f67b9349 100644 --- a/crypto/openssh/monitor.c +++ b/crypto/openssh/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.231 2022/01/28 06:18:42 guenther Exp $ */ +/* $OpenBSD: monitor.c,v 1.232 2022/02/25 02:09:27 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -709,7 +709,6 @@ mm_answer_sign(struct ssh *ssh, int sock, struct sshbuf *m) int mm_answer_pwnamallow(struct ssh *ssh, int sock, struct sshbuf *m) { - char *username; struct passwd *pwent; int r, allowed = 0; u_int i; @@ -719,14 +718,12 @@ mm_answer_pwnamallow(struct ssh *ssh, int sock, struct sshbuf *m) if (authctxt->attempt++ != 0) fatal_f("multiple attempts for getpwnam"); - if ((r = sshbuf_get_cstring(m, &username, NULL)) != 0) + if ((r = sshbuf_get_cstring(m, &authctxt->user, NULL)) != 0) fatal_fr(r, "parse"); - pwent = getpwnamallow(ssh, username); + pwent = getpwnamallow(ssh, authctxt->user); - authctxt->user = xstrdup(username); - setproctitle("%s [priv]", pwent ? username : "unknown"); - free(username); + setproctitle("%s [priv]", pwent ? authctxt->user : "unknown"); sshbuf_reset(m); diff --git a/crypto/openssh/myproposal.h b/crypto/openssh/myproposal.h index ee50d215be06..ee6e9f741526 100644 --- a/crypto/openssh/myproposal.h +++ b/crypto/openssh/myproposal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: myproposal.h,v 1.70 2021/11/10 06:29:25 djm Exp $ */ +/* $OpenBSD: myproposal.h,v 1.71 2022/03/30 21:13:23 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -25,12 +25,12 @@ */ #define KEX_SERVER_KEX \ + "sntrup761x25519-sha512@openssh.com," \ "curve25519-sha256," \ "curve25519-sha256@libssh.org," \ "ecdh-sha2-nistp256," \ "ecdh-sha2-nistp384," \ "ecdh-sha2-nistp521," \ - "sntrup761x25519-sha512@openssh.com," \ "diffie-hellman-group-exchange-sha256," \ "diffie-hellman-group16-sha512," \ "diffie-hellman-group18-sha512," \ diff --git a/crypto/openssh/openbsd-compat/arc4random.c b/crypto/openssh/openbsd-compat/arc4random.c index 80ff3c1801a1..ce5f054f1e23 100644 --- a/crypto/openssh/openbsd-compat/arc4random.c +++ b/crypto/openssh/openbsd-compat/arc4random.c @@ -79,7 +79,7 @@ _rs_init(u_char *buf, size_t n) { if (n < KEYSZ + IVSZ) return; - chacha_keysetup(&rs, buf, KEYSZ * 8, 0); + chacha_keysetup(&rs, buf, KEYSZ * 8); chacha_ivsetup(&rs, buf + KEYSZ); } diff --git a/crypto/openssh/openbsd-compat/bsd-misc.c b/crypto/openssh/openbsd-compat/bsd-misc.c index 059b6d3b3ec7..3b00ef6d240e 100644 --- a/crypto/openssh/openbsd-compat/bsd-misc.c +++ b/crypto/openssh/openbsd-compat/bsd-misc.c @@ -107,7 +107,7 @@ const char *strerror(int e) #endif #ifndef HAVE_UTIMES -int utimes(char *filename, struct timeval *tvp) +int utimes(const char *filename, struct timeval *tvp) { struct utimbuf ub; @@ -412,6 +412,14 @@ getsid(pid_t pid) } #endif +#ifndef HAVE_KILLPG +int +killpg(pid_t pgrp, int sig) +{ + return kill(pgrp, sig); +} +#endif + #ifdef FFLUSH_NULL_BUG #undef fflush int _ssh_compat_fflush(FILE *f) diff --git a/crypto/openssh/openbsd-compat/bsd-misc.h b/crypto/openssh/openbsd-compat/bsd-misc.h index 2206e1a82140..61ead1b7fad0 100644 --- a/crypto/openssh/openbsd-compat/bsd-misc.h +++ b/crypto/openssh/openbsd-compat/bsd-misc.h @@ -62,7 +62,7 @@ struct timeval { } #endif /* HAVE_STRUCT_TIMEVAL */ -int utimes(char *, struct timeval *); +int utimes(const char *, struct timeval *); #endif /* HAVE_UTIMES */ #ifndef AT_FDCWD diff --git a/crypto/openssh/openbsd-compat/bsd-poll.c b/crypto/openssh/openbsd-compat/bsd-poll.c index 781ee978a651..9a9794f5863b 100644 --- a/crypto/openssh/openbsd-compat/bsd-poll.c +++ b/crypto/openssh/openbsd-compat/bsd-poll.c @@ -91,11 +91,11 @@ ppoll(struct pollfd *fds, nfds_t nfds, const struct timespec *tmoutp, fds[i].revents = 0; if (fd == -1) continue; - if (FD_ISSET(fd, readfds)) + if ((fds[i].events & POLLIN) && FD_ISSET(fd, readfds)) fds[i].revents |= POLLIN; - if (FD_ISSET(fd, writefds)) + if ((fds[i].events & POLLOUT) && FD_ISSET(fd, writefds)) fds[i].revents |= POLLOUT; - if (FD_ISSET(fd, exceptfds)) + if ((fds[i].events & POLLPRI) && FD_ISSET(fd, exceptfds)) fds[i].revents |= POLLPRI; } diff --git a/crypto/openssh/openbsd-compat/chacha_private.h b/crypto/openssh/openbsd-compat/chacha_private.h index 7c3680fa6d64..cdcb78560825 100644 --- a/crypto/openssh/openbsd-compat/chacha_private.h +++ b/crypto/openssh/openbsd-compat/chacha_private.h @@ -1,10 +1,12 @@ +/* OPENBSD ORIGINAL: lib/libc/crypt/chacha_private.h */ + /* chacha-merged.c version 20080118 D. J. Bernstein Public domain. */ -/* $OpenBSD: chacha_private.h,v 1.2 2013/10/04 07:02:27 djm Exp $ */ +/* $OpenBSD: chacha_private.h,v 1.3 2022/02/28 21:56:29 dtucker Exp $ */ typedef unsigned char u8; typedef unsigned int u32; @@ -52,7 +54,7 @@ static const char sigma[16] = "expand 32-byte k"; static const char tau[16] = "expand 16-byte k"; static void -chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits,u32 ivbits) +chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits) { const char *constants; diff --git a/crypto/openssh/openbsd-compat/getrrsetbyname.c b/crypto/openssh/openbsd-compat/getrrsetbyname.c index dc6fe0533732..cc1f8ae519eb 100644 --- a/crypto/openssh/openbsd-compat/getrrsetbyname.c +++ b/crypto/openssh/openbsd-compat/getrrsetbyname.c @@ -89,7 +89,7 @@ struct __res_state _res; #ifndef GETSHORT #define GETSHORT(s, cp) { \ - register u_char *t_cp = (u_char *)(cp); \ + u_char *t_cp = (u_char *)(cp); \ (s) = ((u_int16_t)t_cp[0] << 8) \ | ((u_int16_t)t_cp[1]) \ ; \ @@ -99,7 +99,7 @@ struct __res_state _res; #ifndef GETLONG #define GETLONG(l, cp) { \ - register u_char *t_cp = (u_char *)(cp); \ + u_char *t_cp = (u_char *)(cp); \ (l) = ((u_int32_t)t_cp[0] << 24) \ | ((u_int32_t)t_cp[1] << 16) \ | ((u_int32_t)t_cp[2] << 8) \ @@ -110,35 +110,34 @@ struct __res_state _res; #endif /* + * If the system doesn't have _getshort/_getlong or that are not exactly what + * we need then use local replacements, avoiding name collisions. + */ +#if !defined(HAVE__GETSHORT) || !defined(HAVE__GETLONG) || \ + !defined(HAVE_DECL__GETSHORT) || HAVE_DECL__GETSHORT == 0 || \ + !defined(HAVE_DECL__GETLONG) || HAVE_DECL__GETLONG == 0 +#define _getshort(x) (_ssh_compat_getshort(x)) +#define _getlong(x) (_ssh_compat_getlong(x)) +/* * Routines to insert/extract short/long's. */ - -#ifndef HAVE__GETSHORT static u_int16_t -_getshort(msgp) - register const u_char *msgp; +_getshort(const u_char *msgp) { - register u_int16_t u; + u_int16_t u; GETSHORT(u, msgp); return (u); } -#elif defined(HAVE_DECL__GETSHORT) && (HAVE_DECL__GETSHORT == 0) -u_int16_t _getshort(register const u_char *); -#endif -#ifndef HAVE__GETLONG static u_int32_t -_getlong(msgp) - register const u_char *msgp; +_getlong(const u_char *msgp) { - register u_int32_t u; + u_int32_t u; GETLONG(u, msgp); return (u); } -#elif defined(HAVE_DECL__GETLONG) && (HAVE_DECL__GETLONG == 0) -u_int32_t _getlong(register const u_char *); #endif /* ************** */ diff --git a/crypto/openssh/openbsd-compat/openbsd-compat.h b/crypto/openssh/openbsd-compat/openbsd-compat.h index c202e1429245..4316ab84bf89 100644 --- a/crypto/openssh/openbsd-compat/openbsd-compat.h +++ b/crypto/openssh/openbsd-compat/openbsd-compat.h @@ -65,6 +65,10 @@ int bindresvport_sa(int sd, struct sockaddr *sa); void closefrom(int); #endif +#if defined(HAVE_DECL_FTRUNCATE) && HAVE_DECL_FTRUNCATE == 0 +int ftruncate(int filedes, off_t length); +#endif + #ifndef HAVE_GETLINE #include <stdio.h> ssize_t getline(char **, size_t *, FILE *); @@ -78,6 +82,10 @@ int getpagesize(void); char *getcwd(char *pt, size_t size); #endif +#ifndef HAVE_KILLPG +int killpg(pid_t, int); +#endif + #if defined(HAVE_DECL_MEMMEM) && HAVE_DECL_MEMMEM == 0 void *memmem(const void *, size_t, const void *, size_t); #endif diff --git a/crypto/openssh/platform.c b/crypto/openssh/platform.c index 44ba71dc5fcb..4fe8744ee887 100644 --- a/crypto/openssh/platform.c +++ b/crypto/openssh/platform.c @@ -18,6 +18,7 @@ #include <stdarg.h> #include <stdio.h> +#include <string.h> #include <unistd.h> #include "log.h" @@ -197,3 +198,53 @@ platform_krb5_get_principal_name(const char *pw_name) return NULL; #endif } + +/* returns 1 if account is locked */ +int +platform_locked_account(struct passwd *pw) +{ + int locked = 0; + char *passwd = pw->pw_passwd; +#ifdef USE_SHADOW + struct spwd *spw = NULL; +#ifdef USE_LIBIAF + char *iaf_passwd = NULL; +#endif + + spw = getspnam(pw->pw_name); +#ifdef HAS_SHADOW_EXPIRE + if (spw != NULL && auth_shadow_acctexpired(spw)) + return 1; +#endif /* HAS_SHADOW_EXPIRE */ + + if (spw != NULL) +#ifdef USE_LIBIAF + iaf_passwd = passwd = get_iaf_password(pw); +#else + passwd = spw->sp_pwdp; +#endif /* USE_LIBIAF */ +#endif + + /* check for locked account */ + if (passwd && *passwd) { +#ifdef LOCKED_PASSWD_STRING + if (strcmp(passwd, LOCKED_PASSWD_STRING) == 0) + locked = 1; +#endif +#ifdef LOCKED_PASSWD_PREFIX + if (strncmp(passwd, LOCKED_PASSWD_PREFIX, + strlen(LOCKED_PASSWD_PREFIX)) == 0) + locked = 1; +#endif +#ifdef LOCKED_PASSWD_SUBSTR + if (strstr(passwd, LOCKED_PASSWD_SUBSTR)) + locked = 1; +#endif + } +#ifdef USE_LIBIAF + if (iaf_passwd != NULL) + freezero(iaf_passwd, strlen(iaf_passwd)); +#endif /* USE_LIBIAF */ + + return locked; +} diff --git a/crypto/openssh/platform.h b/crypto/openssh/platform.h index ea4f9c584924..7fef8c983e5e 100644 --- a/crypto/openssh/platform.h +++ b/crypto/openssh/platform.h @@ -28,6 +28,7 @@ void platform_setusercontext(struct passwd *); void platform_setusercontext_post_groups(struct passwd *); char *platform_get_krb5_client(const char *); char *platform_krb5_get_principal_name(const char *); +int platform_locked_account(struct passwd *); int platform_sys_dir_uid(uid_t); void platform_disable_tracing(int); diff --git a/crypto/openssh/scp.c b/crypto/openssh/scp.c index 519bffa1be1e..7a3851c5fdd1 100644 --- a/crypto/openssh/scp.c +++ b/crypto/openssh/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.245 2022/02/10 04:12:38 djm Exp $ */ +/* $OpenBSD: scp.c,v 1.247 2022/03/20 08:52:17 djm Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -968,7 +968,7 @@ do_sftp_connect(char *host, char *user, int port, char *sftp_direct, return NULL; } else { - args.list = NULL; + freeargs(&args); addargs(&args, "sftp-server"); if (do_cmd(sftp_direct, host, NULL, -1, 0, "sftp", reminp, remoutp, pidp) < 0) diff --git a/crypto/openssh/servconf.c b/crypto/openssh/servconf.c index e3c43c8cb487..6ab8e66f09e2 100644 --- a/crypto/openssh/servconf.c +++ b/crypto/openssh/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.383 2022/02/08 08:59:12 dtucker Exp $ */ +/* $OpenBSD: servconf.c,v 1.384 2022/03/18 04:04:11 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -2542,7 +2542,7 @@ parse_server_match_config(ServerOptions *options, initialize_server_options(&mo); parse_server_config(&mo, "reprocess config", cfg, includes, - connectinfo); + connectinfo, 0); copy_set_server_options(options, &mo, 0); } @@ -2720,12 +2720,13 @@ parse_server_config_depth(ServerOptions *options, const char *filename, void parse_server_config(ServerOptions *options, const char *filename, struct sshbuf *conf, struct include_list *includes, - struct connection_info *connectinfo) + struct connection_info *connectinfo, int reexec) { int active = connectinfo ? 0 : 1; parse_server_config_depth(options, filename, conf, includes, connectinfo, (connectinfo ? SSHCFG_MATCH_ONLY : 0), &active, 0); - process_queued_listen_addrs(options); + if (!reexec) + process_queued_listen_addrs(options); } static const char * diff --git a/crypto/openssh/servconf.h b/crypto/openssh/servconf.h index 6094e85d99ca..6f87db44421a 100644 --- a/crypto/openssh/servconf.h +++ b/crypto/openssh/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.155 2021/07/02 05:11:21 dtucker Exp $ */ +/* $OpenBSD: servconf.h,v 1.156 2022/03/18 04:04:11 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -298,7 +298,7 @@ int process_server_config_line(ServerOptions *, char *, const char *, int, void process_permitopen(struct ssh *ssh, ServerOptions *options); void load_server_config(const char *, struct sshbuf *); void parse_server_config(ServerOptions *, const char *, struct sshbuf *, - struct include_list *includes, struct connection_info *); + struct include_list *includes, struct connection_info *, int); void parse_server_match_config(ServerOptions *, struct include_list *includes, struct connection_info *); int parse_server_match_testspec(struct connection_info *, char *); diff --git a/crypto/openssh/sftp-client.c b/crypto/openssh/sftp-client.c index c75657553790..1b8ce6d78826 100644 --- a/crypto/openssh/sftp-client.c +++ b/crypto/openssh/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.161 2022/01/17 21:41:04 djm Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.162 2022/03/31 03:07:03 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> * @@ -103,6 +103,7 @@ struct sftp_conn { #define SFTP_EXT_LSETSTAT 0x00000020 #define SFTP_EXT_LIMITS 0x00000040 #define SFTP_EXT_PATH_EXPAND 0x00000080 +#define SFTP_EXT_COPY_DATA 0x00000100 u_int exts; u_int64_t limit_kbps; struct bwlimit bwlimit_in, bwlimit_out; @@ -534,6 +535,10 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests, strcmp((char *)value, "1") == 0) { ret->exts |= SFTP_EXT_PATH_EXPAND; known = 1; + } else if (strcmp(name, "copy-data") == 0 && + strcmp((char *)value, "1") == 0) { + ret->exts |= SFTP_EXT_COPY_DATA; + known = 1; } if (known) { debug2("Server supports extension \"%s\" revision %s", @@ -1079,6 +1084,121 @@ do_expand_path(struct sftp_conn *conn, const char *path) } int +do_copy(struct sftp_conn *conn, const char *oldpath, const char *newpath) +{ + Attrib junk, *a; + struct sshbuf *msg; + u_char *old_handle, *new_handle; + u_int mode, status, id; + size_t old_handle_len, new_handle_len; + int r; + + /* Return if the extension is not supported */ + if ((conn->exts & SFTP_EXT_COPY_DATA) == 0) { + error("Server does not support copy-data extension"); + return -1; + } + + /* Make sure the file exists, and we can copy its perms */ + if ((a = do_stat(conn, oldpath, 0)) == NULL) + return -1; + + /* Do not preserve set[ug]id here, as we do not preserve ownership */ + if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) { + mode = a->perm & 0777; + + if (!S_ISREG(a->perm)) { + error("Cannot copy non-regular file: %s", oldpath); + return -1; + } + } else { + /* NB: The user's umask will apply to this */ + mode = 0666; + } + + /* Set up the new perms for the new file */ + attrib_clear(a); + a->perm = mode; + a->flags |= SSH2_FILEXFER_ATTR_PERMISSIONS; + + if ((msg = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + + attrib_clear(&junk); /* Send empty attributes */ + + /* Open the old file for reading */ + id = conn->msg_id++; + if ((r = sshbuf_put_u8(msg, SSH2_FXP_OPEN)) != 0 || + (r = sshbuf_put_u32(msg, id)) != 0 || + (r = sshbuf_put_cstring(msg, oldpath)) != 0 || + (r = sshbuf_put_u32(msg, SSH2_FXF_READ)) != 0 || + (r = encode_attrib(msg, &junk)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + send_msg(conn, msg); + debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, oldpath); + + sshbuf_reset(msg); + + old_handle = get_handle(conn, id, &old_handle_len, + "remote open(\"%s\")", oldpath); + if (old_handle == NULL) { + sshbuf_free(msg); + return -1; + } + + /* Open the new file for writing */ + id = conn->msg_id++; + if ((r = sshbuf_put_u8(msg, SSH2_FXP_OPEN)) != 0 || + (r = sshbuf_put_u32(msg, id)) != 0 || + (r = sshbuf_put_cstring(msg, newpath)) != 0 || + (r = sshbuf_put_u32(msg, SSH2_FXF_WRITE|SSH2_FXF_CREAT| + SSH2_FXF_TRUNC)) != 0 || + (r = encode_attrib(msg, a)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + send_msg(conn, msg); + debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, newpath); + + sshbuf_reset(msg); + + new_handle = get_handle(conn, id, &new_handle_len, + "remote open(\"%s\")", newpath); + if (new_handle == NULL) { + sshbuf_free(msg); + free(old_handle); + return -1; + } + + /* Copy the file data */ + id = conn->msg_id++; + if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 || + (r = sshbuf_put_u32(msg, id)) != 0 || + (r = sshbuf_put_cstring(msg, "copy-data")) != 0 || + (r = sshbuf_put_string(msg, old_handle, old_handle_len)) != 0 || + (r = sshbuf_put_u64(msg, 0)) != 0 || + (r = sshbuf_put_u64(msg, 0)) != 0 || + (r = sshbuf_put_string(msg, new_handle, new_handle_len)) != 0 || + (r = sshbuf_put_u64(msg, 0)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + send_msg(conn, msg); + debug3("Sent message copy-data \"%s\" 0 0 -> \"%s\" 0", + oldpath, newpath); + + status = get_status(conn, id); + if (status != SSH2_FX_OK) + error("Couldn't copy file \"%s\" to \"%s\": %s", oldpath, + newpath, fx2txt(status)); + + /* Clean up everything */ + sshbuf_free(msg); + do_close(conn, old_handle, old_handle_len); + do_close(conn, new_handle, new_handle_len); + free(old_handle); + free(new_handle); + + return status == SSH2_FX_OK ? 0 : -1; +} + +int do_rename(struct sftp_conn *conn, const char *oldpath, const char *newpath, int force_legacy) { diff --git a/crypto/openssh/sftp-client.h b/crypto/openssh/sftp-client.h index 8851b23b89b5..282a4c70037d 100644 --- a/crypto/openssh/sftp-client.h +++ b/crypto/openssh/sftp-client.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.h,v 1.35 2022/01/01 01:55:30 jsg Exp $ */ +/* $OpenBSD: sftp-client.h,v 1.36 2022/03/31 03:07:03 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> @@ -125,6 +125,9 @@ int do_statvfs(struct sftp_conn *, const char *, struct sftp_statvfs *, int); /* Rename 'oldpath' to 'newpath' */ int do_rename(struct sftp_conn *, const char *, const char *, int); +/* Copy 'oldpath' to 'newpath' */ +int do_copy(struct sftp_conn *, const char *, const char *); + /* Link 'oldpath' to 'newpath' */ int do_hardlink(struct sftp_conn *, const char *, const char *); diff --git a/crypto/openssh/sftp-glob.c b/crypto/openssh/sftp-glob.c index f573f98f01ec..764e99552d42 100644 --- a/crypto/openssh/sftp-glob.c +++ b/crypto/openssh/sftp-glob.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-glob.c,v 1.29 2019/11/13 04:47:52 deraadt Exp $ */ +/* $OpenBSD: sftp-glob.c,v 1.30 2022/02/25 09:46:24 dtucker Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> * @@ -51,7 +51,7 @@ fudge_opendir(const char *path) r = xcalloc(1, sizeof(*r)); - if (do_readdir(cur.conn, (char *)path, &r->dir)) { + if (do_readdir(cur.conn, path, &r->dir)) { free(r); return(NULL); } @@ -112,7 +112,7 @@ fudge_lstat(const char *path, struct stat *st) { Attrib *a; - if (!(a = do_lstat(cur.conn, (char *)path, 1))) + if (!(a = do_lstat(cur.conn, path, 1))) return(-1); attrib_to_stat(a, st); @@ -125,7 +125,7 @@ fudge_stat(const char *path, struct stat *st) { Attrib *a; - if (!(a = do_stat(cur.conn, (char *)path, 1))) + if (!(a = do_stat(cur.conn, path, 1))) return(-1); attrib_to_stat(a, st); diff --git a/crypto/openssh/sftp-server.c b/crypto/openssh/sftp-server.c index d4c6a3b4c39a..3dd19d4c81db 100644 --- a/crypto/openssh/sftp-server.c +++ b/crypto/openssh/sftp-server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server.c,v 1.139 2022/02/01 23:32:51 djm Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.140 2022/03/31 03:05:49 djm Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * @@ -44,6 +44,7 @@ #include <unistd.h> #include <stdarg.h> +#include "atomicio.h" #include "xmalloc.h" #include "sshbuf.h" #include "ssherr.h" @@ -119,6 +120,7 @@ static void process_extended_fsync(u_int32_t id); static void process_extended_lsetstat(u_int32_t id); static void process_extended_limits(u_int32_t id); static void process_extended_expand(u_int32_t id); +static void process_extended_copy_data(u_int32_t id); static void process_extended(u_int32_t id); struct sftp_handler { @@ -164,6 +166,7 @@ static const struct sftp_handler extended_handlers[] = { { "limits", "limits@openssh.com", 0, process_extended_limits, 0 }, { "expand-path", "expand-path@openssh.com", 0, process_extended_expand, 0 }, + { "copy-data", "copy-data", 0, process_extended_copy_data, 1 }, { NULL, NULL, 0, NULL, 0 } }; @@ -720,6 +723,7 @@ process_init(void) compose_extension(msg, "lsetstat@openssh.com", "1"); compose_extension(msg, "limits@openssh.com", "1"); compose_extension(msg, "expand-path@openssh.com", "1"); + compose_extension(msg, "copy-data", "1"); send_msg(msg); sshbuf_free(msg); @@ -1593,6 +1597,94 @@ process_extended_expand(u_int32_t id) } static void +process_extended_copy_data(u_int32_t id) +{ + u_char buf[64*1024]; + int read_handle, read_fd, write_handle, write_fd; + u_int64_t len, read_off, read_len, write_off; + int r, copy_until_eof, status = SSH2_FX_OP_UNSUPPORTED; + size_t ret; + + if ((r = get_handle(iqueue, &read_handle)) != 0 || + (r = sshbuf_get_u64(iqueue, &read_off)) != 0 || + (r = sshbuf_get_u64(iqueue, &read_len)) != 0 || + (r = get_handle(iqueue, &write_handle)) != 0 || + (r = sshbuf_get_u64(iqueue, &write_off)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + + debug("request %u: copy-data from \"%s\" (handle %d) off %llu len %llu " + "to \"%s\" (handle %d) off %llu", + id, handle_to_name(read_handle), read_handle, + (unsigned long long)read_off, (unsigned long long)read_len, + handle_to_name(write_handle), write_handle, + (unsigned long long)write_off); + + /* For read length of 0, we read until EOF. */ + if (read_len == 0) { + read_len = (u_int64_t)-1 - read_off; + copy_until_eof = 1; + } else + copy_until_eof = 0; + + read_fd = handle_to_fd(read_handle); + write_fd = handle_to_fd(write_handle); + + /* Disallow reading & writing to the same handle or same path or dirs */ + if (read_handle == write_handle || read_fd < 0 || write_fd < 0 || + !strcmp(handle_to_name(read_handle), handle_to_name(write_handle))) { + status = SSH2_FX_FAILURE; + goto out; + } + + if (lseek(read_fd, read_off, SEEK_SET) < 0) { + status = errno_to_portable(errno); + error("%s: read_seek failed", __func__); + goto out; + } + + if ((handle_to_flags(write_handle) & O_APPEND) == 0 && + lseek(write_fd, write_off, SEEK_SET) < 0) { + status = errno_to_portable(errno); + error("%s: write_seek failed", __func__); + goto out; + } + + /* Process the request in chunks. */ + while (read_len > 0 || copy_until_eof) { + len = MINIMUM(sizeof(buf), read_len); + read_len -= len; + + ret = atomicio(read, read_fd, buf, len); + if (ret == 0 && errno == EPIPE) { + status = copy_until_eof ? SSH2_FX_OK : SSH2_FX_EOF; + break; + } else if (ret == 0) { + status = errno_to_portable(errno); + error("%s: read failed: %s", __func__, strerror(errno)); + break; + } + len = ret; + handle_update_read(read_handle, len); + + ret = atomicio(vwrite, write_fd, buf, len); + if (ret != len) { + status = errno_to_portable(errno); + error("%s: write failed: %llu != %llu: %s", __func__, + (unsigned long long)ret, (unsigned long long)len, + strerror(errno)); + break; + } + handle_update_write(write_handle, len); + } + + if (read_len == 0) + status = SSH2_FX_OK; + + out: + send_status(id, status); +} + +static void process_extended(u_int32_t id) { char *request; diff --git a/crypto/openssh/sftp.1 b/crypto/openssh/sftp.1 index 7eebeeacbf3f..39e7d6ed68a8 100644 --- a/crypto/openssh/sftp.1 +++ b/crypto/openssh/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.138 2021/07/02 05:11:21 dtucker Exp $ +.\" $OpenBSD: sftp.1,v 1.140 2022/03/31 17:27:27 naddy Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 2 2021 $ +.Dd $Mdocdate: March 31 2022 $ .Dt SFTP 1 .Os .Sh NAME @@ -126,7 +126,7 @@ Batch mode reads a series of commands from an input .Ar batchfile instead of .Em stdin . -Since it lacks user interaction it should be used in conjunction with +Since it lacks user interaction, it should be used in conjunction with non-interactive authentication to obviate the need to enter a password at connection time (see .Xr sshd 8 @@ -144,7 +144,7 @@ will abort if any of the following commands fail: .Ic get , put , reget , reput , rename , ln , .Ic rm , mkdir , chdir , ls , -.Ic lchdir , chmod , chown , +.Ic lchdir , copy , cp , chmod , chown , .Ic chgrp , lpwd , df , symlink , and .Ic lmkdir . @@ -400,6 +400,18 @@ If the flag is specified, then symlinks will not be followed. Note that this is only supported by servers that implement the "lsetstat@openssh.com" extension. +.It Ic copy Ar oldpath Ar newpath +Copy remote file from +.Ar oldpath +to +.Ar newpath . +.Pp +Note that this is only supported by servers that implement the "copy-data" +extension. +.It Ic cp Ar oldpath Ar newpath +Alias to +.Ic copy +command. .It Xo Ic df .Op Fl hi .Op Ar path diff --git a/crypto/openssh/sftp.c b/crypto/openssh/sftp.c index 8cb5917a91f1..4efc025a504c 100644 --- a/crypto/openssh/sftp.c +++ b/crypto/openssh/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.212 2021/09/11 09:05:50 schwarze Exp $ */ +/* $OpenBSD: sftp.c,v 1.214 2022/03/31 03:07:03 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> * @@ -137,6 +137,7 @@ enum sftp_command { I_CHGRP, I_CHMOD, I_CHOWN, + I_COPY, I_DF, I_GET, I_HELP, @@ -180,6 +181,8 @@ static const struct CMD cmds[] = { { "chgrp", I_CHGRP, REMOTE }, { "chmod", I_CHMOD, REMOTE }, { "chown", I_CHOWN, REMOTE }, + { "copy", I_COPY, REMOTE }, + { "cp", I_COPY, REMOTE }, { "df", I_DF, REMOTE }, { "dir", I_LS, REMOTE }, { "exit", I_QUIT, NOARGS }, @@ -286,6 +289,8 @@ help(void) "chgrp [-h] grp path Change group of file 'path' to 'grp'\n" "chmod [-h] mode path Change permissions of file 'path' to 'mode'\n" "chown [-h] own path Change owner of file 'path' to 'own'\n" + "copy oldpath newpath Copy remote file\n" + "cp oldpath newpath Copy remote file\n" "df [-hi] [path] Display statistics for current directory or\n" " filesystem containing 'path'\n" "exit Quit sftp\n" @@ -1369,6 +1374,10 @@ parse_args(const char **cpp, int *ignore_errors, int *disable_echo, int *aflag, if ((optidx = parse_link_flags(cmd, argv, argc, sflag)) == -1) return -1; goto parse_two_paths; + case I_COPY: + if ((optidx = parse_no_flags(cmd, argv, argc)) == -1) + return -1; + goto parse_two_paths; case I_RENAME: if ((optidx = parse_rename_flags(cmd, argv, argc, lflag)) == -1) return -1; @@ -1536,6 +1545,11 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, err = process_put(conn, path1, path2, *pwd, pflag, rflag, aflag, fflag); break; + case I_COPY: + path1 = make_absolute(path1, *pwd); + path2 = make_absolute(path2, *pwd); + err = do_copy(conn, path1, path2); + break; case I_RENAME: path1 = make_absolute(path1, *pwd); path2 = make_absolute(path2, *pwd); @@ -2272,7 +2286,6 @@ static void connect_to_server(char *path, char **args, int *in, int *out) { int c_in, c_out; - #ifdef USE_PIPES int pin[2], pout[2]; diff --git a/crypto/openssh/ssh-agent.1 b/crypto/openssh/ssh-agent.1 index 0320a2b0ff58..6fc0acb0a608 100644 --- a/crypto/openssh/ssh-agent.1 +++ b/crypto/openssh/ssh-agent.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-agent.1,v 1.72 2020/06/22 05:52:05 djm Exp $ +.\" $OpenBSD: ssh-agent.1,v 1.73 2022/03/31 17:27:27 naddy Exp $ .\" $FreeBSD$ .\" .\" Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 22 2020 $ +.Dd $Mdocdate: March 31 2022 $ .Dt SSH-AGENT 1 .Os .Sh NAME @@ -83,12 +83,12 @@ This is the default if looks like it's a csh style of shell. .It Fl D Foreground mode. -When this option is specified +When this option is specified, .Nm will not fork. .It Fl d Debug mode. -When this option is specified +When this option is specified, .Nm will not fork and will write debug information to standard error. .It Fl E Ar fingerprint_hash diff --git a/crypto/openssh/ssh-keygen.c b/crypto/openssh/ssh-keygen.c index d4b7f4dcf800..d62fab3e818a 100644 --- a/crypto/openssh/ssh-keygen.c +++ b/crypto/openssh/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.448 2022/02/01 23:32:51 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.450 2022/03/18 02:32:22 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -3538,6 +3538,13 @@ main(int argc, char **argv) return sig_sign(identity_file, cert_principals, argc, argv, opts, nopts); } else if (strncmp(sign_op, "check-novalidate", 16) == 0) { + /* NB. cert_principals is actually namespace, via -n */ + if (cert_principals == NULL || + *cert_principals == '\0') { + error("Too few arguments for check-novalidate: " + "missing namespace"); + exit(1); + } if (ca_key_path == NULL) { error("Too few arguments for check-novalidate: " "missing signature file"); diff --git a/crypto/openssh/ssh-keysign.8 b/crypto/openssh/ssh-keysign.8 index 73b62397c10b..6b4b9b270ba9 100644 --- a/crypto/openssh/ssh-keysign.8 +++ b/crypto/openssh/ssh-keysign.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keysign.8,v 1.16 2019/11/30 07:07:59 jmc Exp $ +.\" $OpenBSD: ssh-keysign.8,v 1.17 2022/03/31 17:27:27 naddy Exp $ .\" .\" Copyright (c) 2002 Markus Friedl. All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 30 2019 $ +.Dd $Mdocdate: March 31 2022 $ .Dt SSH-KEYSIGN 8 .Os .Sh NAME @@ -77,7 +77,7 @@ must be set-uid root if host-based authentication is used. .It Pa /etc/ssh/ssh_host_ecdsa_key-cert.pub .It Pa /etc/ssh/ssh_host_ed25519_key-cert.pub .It Pa /etc/ssh/ssh_host_rsa_key-cert.pub -If these files exist they are assumed to contain public certificate +If these files exist, they are assumed to contain public certificate information corresponding with the private keys above. .El .Sh SEE ALSO diff --git a/crypto/openssh/ssh.1 b/crypto/openssh/ssh.1 index a6384460872d..9c6f5b798778 100644 --- a/crypto/openssh/ssh.1 +++ b/crypto/openssh/ssh.1 @@ -33,9 +33,9 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.429 2022/02/06 00:29:03 jsg Exp $ +.\" $OpenBSD: ssh.1,v 1.430 2022/03/31 17:27:27 naddy Exp $ .\" $FreeBSD$ -.Dd $Mdocdate: February 6 2022 $ +.Dd $Mdocdate: March 31 2022 $ .Dt SSH 1 .Os .Sh NAME @@ -707,7 +707,7 @@ argument is the listen port will be dynamically allocated on the server and reported to the client at run time. When used together with -.Ic -O forward +.Ic -O forward , the allocated port will be printed to the standard output. .Pp .It Fl S Ar ctl_path @@ -1047,7 +1047,7 @@ the user a normal shell as an interactive session. All communication with the remote command or shell will be automatically encrypted. .Pp -If an interactive session is requested +If an interactive session is requested, .Nm by default will only request a pseudo-terminal (pty) for interactive sessions when the client has one. @@ -1057,7 +1057,7 @@ and .Fl t can be used to override this behaviour. .Pp -If a pseudo-terminal has been allocated the +If a pseudo-terminal has been allocated, the user may use the escape characters noted below. .Pp If no pseudo-terminal has been allocated, diff --git a/crypto/openssh/ssh.c b/crypto/openssh/ssh.c index ed5735117839..8bad4da56e14 100644 --- a/crypto/openssh/ssh.c +++ b/crypto/openssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.573 2022/02/08 08:59:12 dtucker Exp $ */ +/* $OpenBSD: ssh.c,v 1.574 2022/03/30 04:33:09 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -697,7 +697,7 @@ main(int ac, char **av) again: while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" - "AB:CD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { + "AB:CD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { /* HUZdhjruz */ switch (opt) { case '1': fatal("SSH protocol v.1 is no longer supported"); diff --git a/crypto/openssh/ssh_config b/crypto/openssh/ssh_config index 02d72f367089..792a47f333ee 100644 --- a/crypto/openssh/ssh_config +++ b/crypto/openssh/ssh_config @@ -46,4 +46,4 @@ # RekeyLimit 1G 1h # UserKnownHostsFile ~/.ssh/known_hosts.d/%k # VerifyHostKeyDNS yes -# VersionAddendum FreeBSD-20220413 +# VersionAddendum FreeBSD-20220415 diff --git a/crypto/openssh/ssh_config.5 b/crypto/openssh/ssh_config.5 index d76e689c3c34..cb51f6aefe57 100644 --- a/crypto/openssh/ssh_config.5 +++ b/crypto/openssh/ssh_config.5 @@ -33,9 +33,9 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.369 2022/02/15 05:13:36 djm Exp $ +.\" $OpenBSD: ssh_config.5,v 1.371 2022/03/31 17:58:44 naddy Exp $ .\" $FreeBSD$ -.Dd $Mdocdate: February 15 2022 $ +.Dd $Mdocdate: March 31 2022 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -1168,9 +1168,9 @@ character, then the specified algorithms will be placed at the head of the default set. The default is: .Bd -literal -offset indent +sntrup761x25519-sha512@openssh.com, curve25519-sha256,curve25519-sha256@libssh.org, ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, -sntrup761x25519-sha512@openssh.com, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, @@ -1584,7 +1584,7 @@ If forwarding to a specific destination then the second argument must be or a Unix domain socket path, otherwise if no destination argument is specified then the remote forwarding will be established as a SOCKS proxy. -When acting as a SOCKS proxy the destination of the connection can be +When acting as a SOCKS proxy, the destination of the connection can be restricted by .Cm PermitRemoteOpen . .Pp @@ -1979,7 +1979,7 @@ in Specifies a string to append to the regular version string to identify OS- or site-specific modifications. The default is -.Dq FreeBSD-20220413 . +.Dq FreeBSD-20220415 . The value .Cm none may be used to disable this. diff --git a/crypto/openssh/sshd.8 b/crypto/openssh/sshd.8 index 877621b011a4..db4c35da847c 100644 --- a/crypto/openssh/sshd.8 +++ b/crypto/openssh/sshd.8 @@ -33,9 +33,9 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.317 2021/09/10 11:38:38 dtucker Exp $ +.\" $OpenBSD: sshd.8,v 1.318 2022/03/31 17:27:27 naddy Exp $ .\" $FreeBSD$ -.Dd $Mdocdate: September 10 2021 $ +.Dd $Mdocdate: March 31 2022 $ .Dt SSHD 8 .Os .Sh NAME @@ -652,7 +652,7 @@ Enable all restrictions, i.e. disable port, agent and X11 forwarding, as well as disabling PTY allocation and execution of .Pa ~/.ssh/rc . -If any future restriction capabilities are added to authorized_keys files +If any future restriction capabilities are added to authorized_keys files, they will be included in this set. .It Cm tunnel="n" Force a diff --git a/crypto/openssh/sshd.c b/crypto/openssh/sshd.c index d1492fa3fcd4..84d42ed0384a 100644 --- a/crypto/openssh/sshd.c +++ b/crypto/openssh/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.584 2022/03/01 01:59:19 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.585 2022/03/18 04:04:11 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1806,7 +1806,7 @@ main(int ac, char **av) load_server_config(config_file_name, cfg); parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name, - cfg, &includes, NULL); + cfg, &includes, NULL, rexeced_flag); #ifdef WITH_OPENSSL if (options.moduli_file != NULL) diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config index 4dd09265be61..9aa116b1792a 100644 --- a/crypto/openssh/sshd_config +++ b/crypto/openssh/sshd_config @@ -105,7 +105,7 @@ AuthorizedKeysFile .ssh/authorized_keys #PermitTunnel no #ChrootDirectory none #UseBlacklist no -#VersionAddendum FreeBSD-20220413 +#VersionAddendum FreeBSD-20220415 # no default banner path #Banner none diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5 index 0d468035d38a..a30975d0fc59 100644 --- a/crypto/openssh/sshd_config.5 +++ b/crypto/openssh/sshd_config.5 @@ -33,9 +33,9 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.339 2021/12/04 00:05:39 naddy Exp $ +.\" $OpenBSD: sshd_config.5,v 1.340 2022/03/31 17:58:44 naddy Exp $ .\" $FreeBSD$ -.Dd $Mdocdate: December 4 2021 $ +.Dd $Mdocdate: March 31 2022 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -962,9 +962,9 @@ sntrup761x25519-sha512@openssh.com .Pp The default is: .Bd -literal -offset indent +sntrup761x25519-sha512@openssh.com, curve25519-sha256,curve25519-sha256@libssh.org, ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, -sntrup761x25519-sha512@openssh.com, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512,diffie-hellman-group18-sha512, diffie-hellman-group14-sha256 @@ -1806,7 +1806,7 @@ The default is Optionally specifies additional text to append to the SSH protocol banner sent by the server upon connection. The default is -.Qq FreeBSD-20220413 . +.Qq FreeBSD-20220415 . The value .Cm none may be used to disable this. diff --git a/crypto/openssh/sshsig.c b/crypto/openssh/sshsig.c index 773613462758..1e3b63982ba8 100644 --- a/crypto/openssh/sshsig.c +++ b/crypto/openssh/sshsig.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshsig.c,v 1.28 2022/02/01 23:34:47 djm Exp $ */ +/* $OpenBSD: sshsig.c,v 1.29 2022/03/30 04:27:51 djm Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -739,7 +739,7 @@ parse_principals_key_and_options(const char *path, u_long linenum, char *line, return SSH_ERR_KEY_NOT_FOUND; /* blank or all-comment line */ /* format: identity[,identity...] [option[,option...]] key */ - if ((tmp = strdelimw(&cp)) == NULL) { + if ((tmp = strdelimw(&cp)) == NULL || cp == NULL) { error("%s:%lu: invalid line", path, linenum); r = SSH_ERR_INVALID_FORMAT; goto out; @@ -777,6 +777,11 @@ parse_principals_key_and_options(const char *path, u_long linenum, char *line, r = SSH_ERR_INVALID_FORMAT; goto out; } + if (cp == NULL || *cp == '\0') { + error("%s:%lu: missing key", path, linenum); + r = SSH_ERR_INVALID_FORMAT; + goto out; + } *cp++ = '\0'; skip_space(&cp); if (sshkey_read(key, &cp) != 0) { diff --git a/crypto/openssh/version.h b/crypto/openssh/version.h index 656382b17db9..193ca07938c6 100644 --- a/crypto/openssh/version.h +++ b/crypto/openssh/version.h @@ -6,7 +6,7 @@ #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE -#define SSH_VERSION_FREEBSD "FreeBSD-20220413" +#define SSH_VERSION_FREEBSD "FreeBSD-20220415" #ifdef WITH_OPENSSL #define OPENSSL_VERSION_STRING OpenSSL_version(OPENSSL_VERSION) diff --git a/crypto/openssh/xmalloc.c b/crypto/openssh/xmalloc.c index b48d33bbf68c..67191e3f214d 100644 --- a/crypto/openssh/xmalloc.c +++ b/crypto/openssh/xmalloc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xmalloc.c,v 1.36 2019/11/12 22:32:48 djm Exp $ */ +/* $OpenBSD: xmalloc.c,v 1.37 2022/03/13 23:27:54 cheloha Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -91,8 +91,7 @@ xstrdup(const char *str) len = strlen(str) + 1; cp = xmalloc(len); - strlcpy(cp, str, len); - return cp; + return memcpy(cp, str, len); } int |